28c28
< cygwin_value="ntsec"
---
> cygwin_value=""
40c40
<
---
>
46c46
<
---
>
78,80c78,80
<
< mount -t -f "${_win_etcdir}" "${_my_etcdir}"
<
---
>
> mount -o text -f "${_win_etcdir}" "${_my_etcdir}"
>
83c83
<
---
>
92c92
< csih_inform "Removing sshd from ${_wservices}"
---
> csih_inform "Removing sshd from ${_wservices}"
94c94
< csih_warning "Removing sshd from ${_wservices} failed!"
---
> csih_warning "Removing sshd from ${_wservices} failed!"
101c101
<
---
>
109c109
< csih_inform "Added ssh to ${_wservices}"
---
> csih_inform "Added ssh to ${_wservices}"
111c111
< csih_warning "Adding ssh to ${_wservices} failed!"
---
> csih_warning "Adding ssh to ${_wservices} failed!"
137,139c137,139
< privsep_used=yes
< if ! csih_create_unprivileged_user sshd
< then
---
> privsep_used=yes
> if ! csih_create_unprivileged_user sshd
> then
141,142c141,142
< csih_warning "Privilege separation set to 'no' again!"
< csih_warning "Check your ${SYSCONFDIR}/sshd_config file!"
---
> csih_warning "Privilege separation set to 'no' again!"
> csih_warning "Check your ${SYSCONFDIR}/sshd_config file!"
144c144
< fi
---
> fi
146c146
< privsep_used=no
---
> privsep_used=no
154c154
<
---
>
164,165c164,165
< < ${SYSCONFDIR}/sshd_config \
< > "${sshdconfig_tmp}"
---
> < ${SYSCONFDIR}/sshd_config \
> > "${sshdconfig_tmp}"
196,200c196,200
< grep -v '^[# \t]*ssh' "${_inetcnf}" >> "${_inetcnf_tmp}"
< if [ -f "${_inetcnf_tmp}" ]
< then
< if mv "${_inetcnf_tmp}" "${_inetcnf}"
< then
---
> grep -v '^[# \t]*ssh' "${_inetcnf}" >> "${_inetcnf_tmp}"
> if [ -f "${_inetcnf_tmp}" ]
> then
> if mv "${_inetcnf_tmp}" "${_inetcnf}"
> then
202c202
< else
---
> else
204,208c204,208
< fi
< rm -f "${_inetcnf_tmp}"
< else
< csih_warning "Removing ssh[d] from ${_inetcnf} failed!"
< fi
---
> fi
> rm -f "${_inetcnf_tmp}"
> else
> csih_warning "Removing ssh[d] from ${_inetcnf} failed!"
> fi
217c217
< sed -e 's/@COMMENT@[ \t]*//' < "${_sshd_inetd_conf}" > "${_sshd_inetd_conf_tmp}"
---
> sed -e 's/@COMMENT@[ \t]*//' < "${_sshd_inetd_conf}" > "${_sshd_inetd_conf_tmp}"
219c219
< sed -e 's/@COMMENT@[ \t]*/# /' < "${_sshd_inetd_conf}" > "${_sshd_inetd_conf_tmp}"
---
> sed -e 's/@COMMENT@[ \t]*/# /' < "${_sshd_inetd_conf}" > "${_sshd_inetd_conf_tmp}"
223c223
< fi
---
> fi
236,237c236,237
< if mv "${_inetcnf_tmp}" "${_inetcnf}"
< then
---
> if mv "${_inetcnf_tmp}" "${_inetcnf}"
> then
239c239
< else
---
> else
241,242c241,242
< fi
< rm -f "${_inetcnf_tmp}"
---
> fi
> rm -f "${_inetcnf_tmp}"
244c244
< csih_warning "Removing sshd from ${_inetcnf} failed!"
---
> csih_warning "Removing sshd from ${_inetcnf} failed!"
247c247
<
---
>
253c253
< echo 'ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
---
> echo 'ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
255c255
< echo '# ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
---
> echo '# ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
281,283c281
< csih_inform "Note that the CYGWIN variable must contain at least \"ntsec\""
< csih_inform "for sshd to be able to change user context without password."
< csih_get_cygenv "${cygwin_value}"
---
> csih_get_cygenv "${cygwin_value}"
285,297c283,295
< if ( csih_is_nt2003 || [ "$csih_FORCE_PRIVILEGED_USER" = "yes" ] )
< then
< csih_inform "On Windows Server 2003, Windows Vista, and above, the"
< csih_inform "SYSTEM account cannot setuid to other users -- a capability"
< csih_inform "sshd requires. You need to have or to create a privileged"
< csih_inform "account. This script will help you do so."
< echo
< if ! csih_create_privileged_user "${password_value}"
< then
< csih_error_recoverable "There was a serious problem creating a privileged user."
< csih_request "Do you want to proceed anyway?" || exit 1
< fi
< fi
---
> if ( csih_is_nt2003 || [ "$csih_FORCE_PRIVILEGED_USER" = "yes" ] )
> then
> csih_inform "On Windows Server 2003, Windows Vista, and above, the"
> csih_inform "SYSTEM account cannot setuid to other users -- a capability"
> csih_inform "sshd requires. You need to have or to create a privileged"
> csih_inform "account. This script will help you do so."
> echo
> if ! csih_create_privileged_user "${password_value}"
> then
> csih_error_recoverable "There was a serious problem creating a privileged user."
> csih_request "Do you want to proceed anyway?" || exit 1
> fi
> fi
299,300c297,298
< # never returns empty if NT or above
< run_service_as=$(csih_service_should_run_as)
---
> # never returns empty if NT or above
> run_service_as=$(csih_service_should_run_as)
302,310c300,308
< if [ "${run_service_as}" = "${csih_PRIVILEGED_USERNAME}" ]
< then
< password="${csih_PRIVILEGED_PASSWORD}"
< if [ -z "${password}" ]
< then
< csih_get_value "Please enter the password for user '${run_service_as}':" "-s"
< password="${csih_value}"
< fi
< fi
---
> if [ "${run_service_as}" = "${csih_PRIVILEGED_USERNAME}" ]
> then
> password="${csih_PRIVILEGED_PASSWORD}"
> if [ -z "${password}" ]
> then
> csih_get_value "Please enter the password for user '${run_service_as}':" "-s"
> password="${csih_value}"
> fi
> fi
312,315c310,313
< # at this point, we either have $run_service_as = "system" and $password is empty,
< # or $run_service_as is some privileged user and (hopefully) $password contains
< # the correct password. So, from here out, we use '-z "${password}"' to discriminate
< # the two cases.
---
> # at this point, we either have $run_service_as = "system" and $password is empty,
> # or $run_service_as is some privileged user and (hopefully) $password contains
> # the correct password. So, from here out, we use '-z "${password}"' to discriminate
> # the two cases.
317c315
< csih_check_user "${run_service_as}"
---
> csih_check_user "${run_service_as}"
319,333c317,325
< if [ -z "${password}" ]
< then
< if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a "-D" -y tcpip \
< -e CYGWIN="${csih_cygenv}"
< then
< echo
< csih_inform "The sshd service has been installed under the LocalSystem"
< csih_inform "account (also known as SYSTEM). To start the service now, call"
< csih_inform "\`net start sshd' or \`cygrunsrv -S sshd'. Otherwise, it"
< csih_inform "will start automatically after the next reboot."
< fi
< else
< if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a "-D" -y tcpip \
< -e CYGWIN="${csih_cygenv}" -u "${run_service_as}" -w "${password}"
< then
---
> if [ -n "${csih_cygenv}" ]
> then
> cygwin_env="-e CYGWIN=\"${csih_cygenv}\""
> fi
> if [ -z "${password}" ]
> then
> if eval cygrunsrv -I sshd -d \"CYGWIN sshd\" -p /usr/sbin/sshd \
> -a "-D" -y tcpip ${cygwin_env}
> then
334a327,337
> csih_inform "The sshd service has been installed under the LocalSystem"
> csih_inform "account (also known as SYSTEM). To start the service now, call"
> csih_inform "\`net start sshd' or \`cygrunsrv -S sshd'. Otherwise, it"
> csih_inform "will start automatically after the next reboot."
> fi
> else
> if eval cygrunsrv -I sshd -d \"CYGWIN sshd\" -p /usr/sbin/sshd \
> -a "-D" -y tcpip ${cygwin_env} \
> -u "${run_service_as}" -w "${password}"
> then
> echo
337,340c340,343
< csih_inform "\`cygrunsrv -S sshd'. Otherwise, it will start automatically"
< csih_inform "after the next reboot."
< fi
< fi
---
> csih_inform "\`cygrunsrv -S sshd'. Otherwise, it will start automatically"
> csih_inform "after the next reboot."
> fi
> fi
342,349c345,352
< # now, if successfully installed, set ownership of the affected files
< if cygrunsrv -Q sshd >/dev/null 2>&1
< then
< chown "${run_service_as}" ${SYSCONFDIR}/ssh*
< chown "${run_service_as}".544 ${LOCALSTATEDIR}/empty
< chown "${run_service_as}".544 ${LOCALSTATEDIR}/log/lastlog
< if [ -f ${LOCALSTATEDIR}/log/sshd.log ]
< then
---
> # now, if successfully installed, set ownership of the affected files
> if cygrunsrv -Q sshd >/dev/null 2>&1
> then
> chown "${run_service_as}" ${SYSCONFDIR}/ssh*
> chown "${run_service_as}".544 ${LOCALSTATEDIR}/empty
> chown "${run_service_as}".544 ${LOCALSTATEDIR}/log/lastlog
> if [ -f ${LOCALSTATEDIR}/log/sshd.log ]
> then
351,354c354,357
< fi
< else
< csih_warning "Something went wrong installing the sshd service."
< fi
---
> fi
> else
> csih_warning "Something went wrong installing the sshd service."
> fi
459c462
< if ps -ef | grep -v grep | grep -q ssh
---
> if ps -ef | grep -q '/sshd\?$'
478c481
< echo
---
> echo
480c483
< "Cannot create ssh host configuration."
---
> "Cannot create ssh host configuration."
523c526
< update_services_file
---
> update_services_file
< cygwin_value="ntsec"
---
> cygwin_value=""
40c40
<
---
>
46c46
<
---
>
78,80c78,80
<
< mount -t -f "${_win_etcdir}" "${_my_etcdir}"
<
---
>
> mount -o text -f "${_win_etcdir}" "${_my_etcdir}"
>
83c83
<
---
>
92c92
< csih_inform "Removing sshd from ${_wservices}"
---
> csih_inform "Removing sshd from ${_wservices}"
94c94
< csih_warning "Removing sshd from ${_wservices} failed!"
---
> csih_warning "Removing sshd from ${_wservices} failed!"
101c101
<
---
>
109c109
< csih_inform "Added ssh to ${_wservices}"
---
> csih_inform "Added ssh to ${_wservices}"
111c111
< csih_warning "Adding ssh to ${_wservices} failed!"
---
> csih_warning "Adding ssh to ${_wservices} failed!"
137,139c137,139
< privsep_used=yes
< if ! csih_create_unprivileged_user sshd
< then
---
> privsep_used=yes
> if ! csih_create_unprivileged_user sshd
> then
141,142c141,142
< csih_warning "Privilege separation set to 'no' again!"
< csih_warning "Check your ${SYSCONFDIR}/sshd_config file!"
---
> csih_warning "Privilege separation set to 'no' again!"
> csih_warning "Check your ${SYSCONFDIR}/sshd_config file!"
144c144
< fi
---
> fi
146c146
< privsep_used=no
---
> privsep_used=no
154c154
<
---
>
164,165c164,165
< < ${SYSCONFDIR}/sshd_config \
< > "${sshdconfig_tmp}"
---
> < ${SYSCONFDIR}/sshd_config \
> > "${sshdconfig_tmp}"
196,200c196,200
< grep -v '^[# \t]*ssh' "${_inetcnf}" >> "${_inetcnf_tmp}"
< if [ -f "${_inetcnf_tmp}" ]
< then
< if mv "${_inetcnf_tmp}" "${_inetcnf}"
< then
---
> grep -v '^[# \t]*ssh' "${_inetcnf}" >> "${_inetcnf_tmp}"
> if [ -f "${_inetcnf_tmp}" ]
> then
> if mv "${_inetcnf_tmp}" "${_inetcnf}"
> then
202c202
< else
---
> else
204,208c204,208
< fi
< rm -f "${_inetcnf_tmp}"
< else
< csih_warning "Removing ssh[d] from ${_inetcnf} failed!"
< fi
---
> fi
> rm -f "${_inetcnf_tmp}"
> else
> csih_warning "Removing ssh[d] from ${_inetcnf} failed!"
> fi
217c217
< sed -e 's/@COMMENT@[ \t]*//' < "${_sshd_inetd_conf}" > "${_sshd_inetd_conf_tmp}"
---
> sed -e 's/@COMMENT@[ \t]*//' < "${_sshd_inetd_conf}" > "${_sshd_inetd_conf_tmp}"
219c219
< sed -e 's/@COMMENT@[ \t]*/# /' < "${_sshd_inetd_conf}" > "${_sshd_inetd_conf_tmp}"
---
> sed -e 's/@COMMENT@[ \t]*/# /' < "${_sshd_inetd_conf}" > "${_sshd_inetd_conf_tmp}"
223c223
< fi
---
> fi
236,237c236,237
< if mv "${_inetcnf_tmp}" "${_inetcnf}"
< then
---
> if mv "${_inetcnf_tmp}" "${_inetcnf}"
> then
239c239
< else
---
> else
241,242c241,242
< fi
< rm -f "${_inetcnf_tmp}"
---
> fi
> rm -f "${_inetcnf_tmp}"
244c244
< csih_warning "Removing sshd from ${_inetcnf} failed!"
---
> csih_warning "Removing sshd from ${_inetcnf} failed!"
247c247
<
---
>
253c253
< echo 'ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
---
> echo 'ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
255c255
< echo '# ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
---
> echo '# ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
281,283c281
< csih_inform "Note that the CYGWIN variable must contain at least \"ntsec\""
< csih_inform "for sshd to be able to change user context without password."
< csih_get_cygenv "${cygwin_value}"
---
> csih_get_cygenv "${cygwin_value}"
285,297c283,295
< if ( csih_is_nt2003 || [ "$csih_FORCE_PRIVILEGED_USER" = "yes" ] )
< then
< csih_inform "On Windows Server 2003, Windows Vista, and above, the"
< csih_inform "SYSTEM account cannot setuid to other users -- a capability"
< csih_inform "sshd requires. You need to have or to create a privileged"
< csih_inform "account. This script will help you do so."
< echo
< if ! csih_create_privileged_user "${password_value}"
< then
< csih_error_recoverable "There was a serious problem creating a privileged user."
< csih_request "Do you want to proceed anyway?" || exit 1
< fi
< fi
---
> if ( csih_is_nt2003 || [ "$csih_FORCE_PRIVILEGED_USER" = "yes" ] )
> then
> csih_inform "On Windows Server 2003, Windows Vista, and above, the"
> csih_inform "SYSTEM account cannot setuid to other users -- a capability"
> csih_inform "sshd requires. You need to have or to create a privileged"
> csih_inform "account. This script will help you do so."
> echo
> if ! csih_create_privileged_user "${password_value}"
> then
> csih_error_recoverable "There was a serious problem creating a privileged user."
> csih_request "Do you want to proceed anyway?" || exit 1
> fi
> fi
299,300c297,298
< # never returns empty if NT or above
< run_service_as=$(csih_service_should_run_as)
---
> # never returns empty if NT or above
> run_service_as=$(csih_service_should_run_as)
302,310c300,308
< if [ "${run_service_as}" = "${csih_PRIVILEGED_USERNAME}" ]
< then
< password="${csih_PRIVILEGED_PASSWORD}"
< if [ -z "${password}" ]
< then
< csih_get_value "Please enter the password for user '${run_service_as}':" "-s"
< password="${csih_value}"
< fi
< fi
---
> if [ "${run_service_as}" = "${csih_PRIVILEGED_USERNAME}" ]
> then
> password="${csih_PRIVILEGED_PASSWORD}"
> if [ -z "${password}" ]
> then
> csih_get_value "Please enter the password for user '${run_service_as}':" "-s"
> password="${csih_value}"
> fi
> fi
312,315c310,313
< # at this point, we either have $run_service_as = "system" and $password is empty,
< # or $run_service_as is some privileged user and (hopefully) $password contains
< # the correct password. So, from here out, we use '-z "${password}"' to discriminate
< # the two cases.
---
> # at this point, we either have $run_service_as = "system" and $password is empty,
> # or $run_service_as is some privileged user and (hopefully) $password contains
> # the correct password. So, from here out, we use '-z "${password}"' to discriminate
> # the two cases.
317c315
< csih_check_user "${run_service_as}"
---
> csih_check_user "${run_service_as}"
319,333c317,325
< if [ -z "${password}" ]
< then
< if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a "-D" -y tcpip \
< -e CYGWIN="${csih_cygenv}"
< then
< echo
< csih_inform "The sshd service has been installed under the LocalSystem"
< csih_inform "account (also known as SYSTEM). To start the service now, call"
< csih_inform "\`net start sshd' or \`cygrunsrv -S sshd'. Otherwise, it"
< csih_inform "will start automatically after the next reboot."
< fi
< else
< if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a "-D" -y tcpip \
< -e CYGWIN="${csih_cygenv}" -u "${run_service_as}" -w "${password}"
< then
---
> if [ -n "${csih_cygenv}" ]
> then
> cygwin_env="-e CYGWIN=\"${csih_cygenv}\""
> fi
> if [ -z "${password}" ]
> then
> if eval cygrunsrv -I sshd -d \"CYGWIN sshd\" -p /usr/sbin/sshd \
> -a "-D" -y tcpip ${cygwin_env}
> then
334a327,337
> csih_inform "The sshd service has been installed under the LocalSystem"
> csih_inform "account (also known as SYSTEM). To start the service now, call"
> csih_inform "\`net start sshd' or \`cygrunsrv -S sshd'. Otherwise, it"
> csih_inform "will start automatically after the next reboot."
> fi
> else
> if eval cygrunsrv -I sshd -d \"CYGWIN sshd\" -p /usr/sbin/sshd \
> -a "-D" -y tcpip ${cygwin_env} \
> -u "${run_service_as}" -w "${password}"
> then
> echo
337,340c340,343
< csih_inform "\`cygrunsrv -S sshd'. Otherwise, it will start automatically"
< csih_inform "after the next reboot."
< fi
< fi
---
> csih_inform "\`cygrunsrv -S sshd'. Otherwise, it will start automatically"
> csih_inform "after the next reboot."
> fi
> fi
342,349c345,352
< # now, if successfully installed, set ownership of the affected files
< if cygrunsrv -Q sshd >/dev/null 2>&1
< then
< chown "${run_service_as}" ${SYSCONFDIR}/ssh*
< chown "${run_service_as}".544 ${LOCALSTATEDIR}/empty
< chown "${run_service_as}".544 ${LOCALSTATEDIR}/log/lastlog
< if [ -f ${LOCALSTATEDIR}/log/sshd.log ]
< then
---
> # now, if successfully installed, set ownership of the affected files
> if cygrunsrv -Q sshd >/dev/null 2>&1
> then
> chown "${run_service_as}" ${SYSCONFDIR}/ssh*
> chown "${run_service_as}".544 ${LOCALSTATEDIR}/empty
> chown "${run_service_as}".544 ${LOCALSTATEDIR}/log/lastlog
> if [ -f ${LOCALSTATEDIR}/log/sshd.log ]
> then
351,354c354,357
< fi
< else
< csih_warning "Something went wrong installing the sshd service."
< fi
---
> fi
> else
> csih_warning "Something went wrong installing the sshd service."
> fi
459c462
< if ps -ef | grep -v grep | grep -q ssh
---
> if ps -ef | grep -q '/sshd\?$'
478c481
< echo
---
> echo
480c483
< "Cannot create ssh host configuration."
---
> "Cannot create ssh host configuration."
523c526
< update_services_file
---
> update_services_file