openssh unix dev - Nov 2014 - [patch/cygwin] Update ssh-user-config for the account db changes in the upcoming Cygwin

Hi,

below is a patch which makes the Cygwin-specific ssh-user-config script
independent of the existence of /etc/passwd.  The next Cygwin release
will allow to generate passwd and group entries from the Windows account
DBs, so the scripts have to adapt.  Please apply.


Thanks,
Corinna


diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config
index a7ea3e0..301d5eb 100644
--- a/contrib/cygwin/ssh-host-config
+++ b/contrib/cygwin/ssh-host-config
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# ssh-host-config, Copyright 2000-2011 Red Hat Inc.
+# ssh-host-config, Copyright 2000-2014 Red Hat Inc.
 #
 # This file is part of the Cygwin port of OpenSSH.
 #
@@ -353,11 +353,9 @@ check_service_files_ownership() {
     fi
     if [ -z "${run_service_as}" ]
     then
-      csih_warning "Couldn't determine name of user running sshd
service from /etc/passwd!"
+      csih_warning "Couldn't determine name of user running sshd
service from account database!"
       csih_warning "As a result, this script cannot make sure that the
files used"
       csih_warning "by the sshd service belong to the user running the
service."
-      csih_warning "Please re-run the mkpasswd tool to make sure the
/etc/passwd"
-      csih_warning "file is in a good shape."
       return 1
     fi
   fi
diff --git a/contrib/cygwin/ssh-user-config b/contrib/cygwin/ssh-user-config
index 8708b7a..33dc0cb 100644
--- a/contrib/cygwin/ssh-user-config
+++ b/contrib/cygwin/ssh-user-config
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# ssh-user-config, Copyright 2000-2008 Red Hat Inc.
+# ssh-user-config, Copyright 2000-2014 Red Hat Inc.
 #
 # This file is part of the Cygwin port of OpenSSH.
 #
@@ -75,19 +75,18 @@ readonly -f create_identity
 #   pwdhome
 # =====================================================================
check_user_homedir() {
-  local uid=$(id -u)
-  pwdhome=$(awk -F: '{ if ( $3 == '${uid}' ) print $6; }' <
${SYSCONFDIR}/passwd)
+  pwdhome=$(getent passwd $UID | awk -F: '{ print $6; }')
   if [ "X${pwdhome}" = "X" ]
   then
     csih_error_multi \
-      "There is no home directory set for you in
${SYSCONFDIR}/passwd." \
+      "There is no home directory set for you in the account
database." \
       'Setting $HOME is not sufficient!'
   fi
   
   if [ ! -d "${pwdhome}" ]
   then
     csih_error_multi \
-      "${pwdhome} is set in ${SYSCONFDIR}/passwd as your home
directory" \
+      "${pwdhome} is set in the account database as your home
directory" \
       'but it is not a valid directory. Cannot create user identity
files.'
   fi
   
@@ -96,7 +95,7 @@ check_user_homedir() {
   if [ "X${pwdhome}" = "X/" ]
   then
     # But first raise a warning!
-    csih_warning "Your home directory in ${SYSCONFDIR}/passwd is set to
root (/). This is not recommended!"
+    csih_warning "Your home directory in the account database is set to
root (/). This is not recommended!"
     if csih_request "Would you like to proceed anyway?"
     then
       pwdhome=''
@@ -106,7 +105,7 @@ check_user_homedir() {
     fi
   fi
   
-  if [ -d "${pwdhome}" -a csih_is_nt -a -n "`chmod -c g-w,o-w
"${pwdhome}"`" ]
+  if [ -d "${pwdhome}" -a -n "`chmod -c g-w,o-w
"${pwdhome}"`" ]
   then
     echo
     csih_warning 'group and other have been revoked write permission to
your home'
@@ -149,9 +148,10 @@ readonly -f check_user_dot_ssh_dir
 #   pwdhome   -- check_user_homedir()
 # =====================================================================
fix_authorized_keys_perms() {
-  if [ csih_is_nt -a -e "${pwdhome}/.ssh/authorized_keys" ]
+  if [ -e "${pwdhome}/.ssh/authorized_keys" ]
   then
-    if ! setfacl -m "u::rw-,g::---,o::---"
"${pwdhome}/.ssh/authorized_keys"
+    setfacl -b "${pwdhome}/.ssh/authorized_keys" 2>/dev/null ||
echo -n
+    if ! chmod u-x,g-wx,o-wx "${pwdhome}/.ssh/authorized_keys"
     then
       csih_warning "Setting correct permissions to
${pwdhome}/.ssh/authorized_keys"
       csih_warning "failed.  Please care for the correct permissions.  The
minimum requirement"
@@ -243,15 +243,6 @@ done
 # Action!
 # ===================================================================== 
-# Check passwd file
-if [ ! -f ${SYSCONFDIR}/passwd ]
-then
-  csih_error_multi \
-    "${SYSCONFDIR}/passwd is nonexistant. Please generate an
${SYSCONFDIR}/passwd file" \
-    'first using mkpasswd. Check if it contains an entry for you and' \
-    'please care for the home directory in your entry as well.'
-fi
-
 check_user_homedir
 check_user_dot_ssh_dir
 create_identity id_rsa rsa "SSH2 RSA"


-- 
Corinna Vinschen
Cygwin Maintainer
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL:
<http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20141103/eb9142e4/attachment-0001.bin>

done - thanks again

On Mon, 3 Nov 2014, Corinna Vinschen wrote:
> Hi,
> 
> below is a patch which makes the Cygwin-specific ssh-user-config script
> independent of the existence of /etc/passwd.  The next Cygwin release
> will allow to generate passwd and group entries from the Windows account
> DBs, so the scripts have to adapt.  Please apply.
> 
> 
> Thanks,
> Corinna
> 
> 
> diff --git a/contrib/cygwin/ssh-host-config
b/contrib/cygwin/ssh-host-config
> index a7ea3e0..301d5eb 100644
> --- a/contrib/cygwin/ssh-host-config
> +++ b/contrib/cygwin/ssh-host-config
> @@ -1,6 +1,6 @@
>  #!/bin/bash
>  #
> -# ssh-host-config, Copyright 2000-2011 Red Hat Inc.
> +# ssh-host-config, Copyright 2000-2014 Red Hat Inc.
>  #
>  # This file is part of the Cygwin port of OpenSSH.
>  #
> @@ -353,11 +353,9 @@ check_service_files_ownership() {
>      fi
>      if [ -z "${run_service_as}" ]
>      then
> -      csih_warning "Couldn't determine name of user running sshd
service from /etc/passwd!"
> +      csih_warning "Couldn't determine name of user running sshd
service from account database!"
>        csih_warning "As a result, this script cannot make sure that
the files used"
>        csih_warning "by the sshd service belong to the user running
the service."
> -      csih_warning "Please re-run the mkpasswd tool to make sure the
/etc/passwd"
> -      csih_warning "file is in a good shape."
>        return 1
>      fi
>    fi
> diff --git a/contrib/cygwin/ssh-user-config
b/contrib/cygwin/ssh-user-config
> index 8708b7a..33dc0cb 100644
> --- a/contrib/cygwin/ssh-user-config
> +++ b/contrib/cygwin/ssh-user-config
> @@ -1,6 +1,6 @@
>  #!/bin/bash
>  #
> -# ssh-user-config, Copyright 2000-2008 Red Hat Inc.
> +# ssh-user-config, Copyright 2000-2014 Red Hat Inc.
>  #
>  # This file is part of the Cygwin port of OpenSSH.
>  #
> @@ -75,19 +75,18 @@ readonly -f create_identity
>  #   pwdhome
>  #
=====================================================================> 
check_user_homedir() {
> -  local uid=$(id -u)
> -  pwdhome=$(awk -F: '{ if ( $3 == '${uid}' ) print $6; }'
< ${SYSCONFDIR}/passwd)
> +  pwdhome=$(getent passwd $UID | awk -F: '{ print $6; }')
>    if [ "X${pwdhome}" = "X" ]
>    then
>      csih_error_multi \
> -      "There is no home directory set for you in
${SYSCONFDIR}/passwd." \
> +      "There is no home directory set for you in the account
database." \
>        'Setting $HOME is not sufficient!'
>    fi
>    
>    if [ ! -d "${pwdhome}" ]
>    then
>      csih_error_multi \
> -      "${pwdhome} is set in ${SYSCONFDIR}/passwd as your home
directory" \
> +      "${pwdhome} is set in the account database as your home
directory" \
>        'but it is not a valid directory. Cannot create user identity
files.'
>    fi
>    
> @@ -96,7 +95,7 @@ check_user_homedir() {
>    if [ "X${pwdhome}" = "X/" ]
>    then
>      # But first raise a warning!
> -    csih_warning "Your home directory in ${SYSCONFDIR}/passwd is set
to root (/). This is not recommended!"
> +    csih_warning "Your home directory in the account database is set
to root (/). This is not recommended!"
>      if csih_request "Would you like to proceed anyway?"
>      then
>        pwdhome=''
> @@ -106,7 +105,7 @@ check_user_homedir() {
>      fi
>    fi
>    
> -  if [ -d "${pwdhome}" -a csih_is_nt -a -n "`chmod -c
g-w,o-w "${pwdhome}"`" ]
> +  if [ -d "${pwdhome}" -a -n "`chmod -c g-w,o-w
"${pwdhome}"`" ]
>    then
>      echo
>      csih_warning 'group and other have been revoked write permission
to your home'
> @@ -149,9 +148,10 @@ readonly -f check_user_dot_ssh_dir
>  #   pwdhome   -- check_user_homedir()
>  #
=====================================================================> 
fix_authorized_keys_perms() {
> -  if [ csih_is_nt -a -e "${pwdhome}/.ssh/authorized_keys" ]
> +  if [ -e "${pwdhome}/.ssh/authorized_keys" ]
>    then
> -    if ! setfacl -m "u::rw-,g::---,o::---"
"${pwdhome}/.ssh/authorized_keys"
> +    setfacl -b "${pwdhome}/.ssh/authorized_keys" 2>/dev/null
|| echo -n
> +    if ! chmod u-x,g-wx,o-wx "${pwdhome}/.ssh/authorized_keys"
>      then
>        csih_warning "Setting correct permissions to
${pwdhome}/.ssh/authorized_keys"
>        csih_warning "failed.  Please care for the correct permissions.
The minimum requirement"
> @@ -243,15 +243,6 @@ done
>  # Action!
>  #
=====================================================================>
> -# Check passwd file
> -if [ ! -f ${SYSCONFDIR}/passwd ]
> -then
> -  csih_error_multi \
> -    "${SYSCONFDIR}/passwd is nonexistant. Please generate an
${SYSCONFDIR}/passwd file" \
> -    'first using mkpasswd. Check if it contains an entry for you
and' \
> -    'please care for the home directory in your entry as well.'
> -fi
> -
>  check_user_homedir
>  check_user_dot_ssh_dir
>  create_identity id_rsa rsa "SSH2 RSA"
> 
> 
> -- 
> Corinna Vinschen
> Cygwin Maintainer
> Red Hat
>