From d2f401fe245e202271cb008ad626bb765bde784a Mon Sep 17 00:00:00 2001
From: dtucker <dtucker>
Date: Sat, 9 Sep 2006 10:34:15 +0000
Subject: [PATCH]  - (dtucker) [contrib/aix/buildbff.sh] Always create privsep
 user.

---
 ChangeLog               |  1 +
 contrib/aix/buildbff.sh | 42 +++++++++++++++++++----------------------
 2 files changed, 20 insertions(+), 23 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 6bc4f09c..c06b75b9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,6 @@
 20060909
  - (dtucker) [openbsd-compat/bsd-snprintf.c] Add stdarg.h.
+ - (dtucker) [contrib/aix/buildbff.sh] Always create privsep user.
 
 20060908
  - (dtucker) [auth-sia.c] Add includes required for build on Tru64.  Patch
diff --git a/contrib/aix/buildbff.sh b/contrib/aix/buildbff.sh
index 5410fea0..3e091f56 100755
--- a/contrib/aix/buildbff.sh
+++ b/contrib/aix/buildbff.sh
@@ -200,33 +200,29 @@ do
 done
 echo
 
-# Create PrivSep user if PrivSep not disabled in config
-echo Creating PrivSep prereqs if required.
-if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' $sysconfdir/sshd_config >/dev/null
+# Create PrivilegeSeparation user and group if not present
+echo Checking for PrivilegeSeparation user and group.
+if cut -f1 -d: /etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
 then
-	echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user,"
-	echo "group or chroot directory."
+	echo "PrivSep group $SSH_PRIVSEP_USER already exists."
 else
-	echo "UsePrivilegeSeparation enabled in config (or defaulting to on)."
-
-	# create group if required
-	if cut -f1 -d: /etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
-	then
-		echo "PrivSep group $SSH_PRIVSEP_USER already exists."
-	else
-		echo "Creating PrivSep group $SSH_PRIVSEP_USER."
-		mkgroup -A $SSH_PRIVSEP_USER
-	fi
+	echo "Creating PrivSep group $SSH_PRIVSEP_USER."
+	mkgroup -A $SSH_PRIVSEP_USER
+fi
 
-	# Create user if required
-	if lsuser "$SSH_PRIVSEP_USER" >/dev/null
-	then
-		echo "PrivSep user $SSH_PRIVSEP_USER already exists."
-	else
-		echo "Creating PrivSep user $SSH_PRIVSEP_USER."
-		mkuser gecos='SSHD PrivSep User' login=false rlogin=false account_locked=true pgrp=$SSH_PRIVSEP_USER $SSH_PRIVSEP_USER
-	fi
+# Create user if required
+if lsuser "$SSH_PRIVSEP_USER" >/dev/null
+then
+	echo "PrivSep user $SSH_PRIVSEP_USER already exists."
+else
+	echo "Creating PrivSep user $SSH_PRIVSEP_USER."
+	mkuser gecos='SSHD PrivSep User' login=false rlogin=false account_locked=true pgrp=$SSH_PRIVSEP_USER $SSH_PRIVSEP_USER
+fi
 
+if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' $sysconfdir/sshd_config >/dev/null
+then
+	echo UsePrivilegeSeparation not enabled, privsep directory not required.
+else
 	# create chroot directory if required
 	if [ -d $PRIVSEP_PATH ]
 	then
-- 
2.45.2