head	1.2;
access;
symbols
	RELENG_9:1.2.0.2
	RELENG_5_5_0_RELEASE:1.1.1.1
	RELENG_5_5:1.1.1.1.0.8
	RELENG_5_5_BP:1.1.1.1
	RELENG_5_4_0_RELEASE:1.1.1.1
	RELENG_5_4:1.1.1.1.0.6
	RELENG_5_4_BP:1.1.1.1
	RELENG_5_3_0_RELEASE:1.1.1.1
	RELENG_5_3:1.1.1.1.0.4
	RELENG_5_3_BP:1.1.1.1
	RELENG_5:1.1.1.1.0.2
	RELENG_5_BP:1.1.1.1
	OpenSSH_3_8_1p1:1.1.1.1
	OPENSSH:1.1.1;
locks; strict;
comment	@# @;


1.2
date	2004.10.28.16.11.30;	author des;	state dead;
branches
	1.2.2.1;
next	1.1;

1.1
date	2004.04.20.09.35.03;	author des;	state Exp;
branches
	1.1.1.1;
next	;

1.2.2.1
date	2004.10.28.16.11.30;	author svnexp;	state dead;
branches;
next	1.2.2.2;

1.2.2.2
date	2014.03.31.15.01.51;	author svnexp;	state Exp;
branches;
next	;

1.1.1.1
date	2004.04.20.09.35.03;	author des;	state Exp;
branches;
next	1.1.1.2;

1.1.1.2
date	2006.10.02.13.29.39;	author des;	state dead;
branches;
next	;


desc
@@


1.2
log
@Resolve conflicts
@
text
@#!/bin/sh
#
# ssh-user-config, Copyright 2000, 2001, 2002, 2003, Red Hat Inc.
#
# This file is part of the Cygwin port of OpenSSH.

# Directory where the config files are stored
SYSCONFDIR=/etc

progname=$0
auto_answer=""
auto_passphrase="no"
passphrase=""

request()
{
  if [ "${auto_answer}" = "yes" ]
  then
    return 0
  elif [ "${auto_answer}" = "no" ]
  then
    return 1
  fi

  answer=""
  while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ]
  do
    echo -n "$1 (yes/no) "
    read answer
  done
  if [ "X${answer}" = "Xyes" ]
  then
    return 0
  else
    return 1
  fi
}

# Check if running on NT
_sys="`uname -a`"
_nt=`expr "$_sys" : "CYGWIN_NT"`
# If running on NT, check if running under 2003 Server or later
if [ $_nt -gt 0 ]
then
  _nt2003=`uname | awk -F- '{print ( $2 >= 5.2 ) ? 1 : 0;}'`
fi

# Check options

while :
do
  case $# in
  0)
    break
    ;;
  esac

  option=$1
  shift

  case "$option" in
  -d | --debug )
    set -x
    ;;

  -y | --yes )
    auto_answer=yes
    ;;

  -n | --no )
    auto_answer=no
    ;;

  -p | --passphrase )
    with_passphrase="yes"
    passphrase=$1
    shift
    ;;

  *)
    echo "usage: ${progname} [OPTION]..."
    echo
    echo "This script creates an OpenSSH user configuration."
    echo
    echo "Options:"
    echo "    --debug      -d        Enable shell's debug output."
    echo "    --yes        -y        Answer all questions with \"yes\" automatically."
    echo "    --no         -n        Answer all questions with \"no\" automatically."
    echo "    --passphrase -p word   Use \"word\" as passphrase automatically."
    echo
    exit 1
    ;;

  esac
done

# Ask user if user identity should be generated

if [ ! -f ${SYSCONFDIR}/passwd ]
then
  echo "${SYSCONFDIR}/passwd is nonexistant. Please generate an ${SYSCONFDIR}/passwd file"
  echo 'first using mkpasswd. Check if it contains an entry for you and'
  echo 'please care for the home directory in your entry as well.'
  exit 1
fi

uid=`id -u`
pwdhome=`awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < ${SYSCONFDIR}/passwd`

if [ "X${pwdhome}" = "X" ]
then
  echo "There is no home directory set for you in ${SYSCONFDIR}/passwd."
  echo 'Setting $HOME is not sufficient!'
  exit 1
fi

if [ ! -d "${pwdhome}" ]
then
  echo "${pwdhome} is set in ${SYSCONFDIR}/passwd as your home directory"
  echo 'but it is not a valid directory. Cannot create user identity files.'
  exit 1
fi

# If home is the root dir, set home to empty string to avoid error messages
# in subsequent parts of that script.
if [ "X${pwdhome}" = "X/" ]
then
  # But first raise a warning!
  echo "Your home directory in ${SYSCONFDIR}/passwd is set to root (/). This is not recommended!"
  if request "Would you like to proceed anyway?"
  then
    pwdhome=''
  else
    exit 1
  fi
fi

if [ -d "${pwdhome}" -a $_nt -gt 0 -a -n "`chmod -c g-w,o-w "${pwdhome}"`" ]
then
  echo
  echo 'WARNING: group and other have been revoked write permission to your home'
  echo "         directory ${pwdhome}."
  echo '         This is required by OpenSSH to allow public key authentication using'
  echo '         the key files stored in your .ssh subdirectory.'
  echo '         Revert this change ONLY if you know what you are doing!'
  echo
fi

if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ]
then
  echo "${pwdhome}/.ssh is existant but not a directory. Cannot create user identity files."
  exit 1
fi

if [ ! -e "${pwdhome}/.ssh" ]
then
  mkdir "${pwdhome}/.ssh"
  if [ ! -e "${pwdhome}/.ssh" ]
  then
    echo "Creating users ${pwdhome}/.ssh directory failed"
    exit 1
  fi
fi

if [ $_nt -gt 0 ]
then
  _user="system"
  if [ $_nt2003 -gt 0 ]
  then
    grep -q '^sshd_server:' ${SYSCONFDIR}/passwd && _user="sshd_server"
  fi
  if ! setfacl -m "u::rwx,u:${_user}:r--,g::---,o::---" "${pwdhome}/.ssh"
  then
    echo "${pwdhome}/.ssh couldn't be given the correct permissions."
    echo "Please try to solve this problem first."
    exit 1
  fi
fi

if [ ! -f "${pwdhome}/.ssh/identity" ]
then
  if request "Shall I create an SSH1 RSA identity file for you?"
  then
    echo "Generating ${pwdhome}/.ssh/identity"
    if [ "${with_passphrase}" = "yes" ]
    then
      ssh-keygen -t rsa1 -N "${passphrase}" -f "${pwdhome}/.ssh/identity" > /dev/null
    else
      ssh-keygen -t rsa1 -f "${pwdhome}/.ssh/identity" > /dev/null
    fi
    if request "Do you want to use this identity to login to this machine?"
    then
      echo "Adding to ${pwdhome}/.ssh/authorized_keys"
      cat "${pwdhome}/.ssh/identity.pub" >> "${pwdhome}/.ssh/authorized_keys"
    fi
  fi
fi

if [ ! -f "${pwdhome}/.ssh/id_rsa" ]
then
  if request "Shall I create an SSH2 RSA identity file for you? (yes/no) "
  then
    echo "Generating ${pwdhome}/.ssh/id_rsa"
    if [ "${with_passphrase}" = "yes" ]
    then
      ssh-keygen -t rsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_rsa" > /dev/null
    else
      ssh-keygen -t rsa -f "${pwdhome}/.ssh/id_rsa" > /dev/null
    fi
    if request "Do you want to use this identity to login to this machine?"
    then
      echo "Adding to ${pwdhome}/.ssh/authorized_keys"
      cat "${pwdhome}/.ssh/id_rsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
    fi
  fi
fi

if [ ! -f "${pwdhome}/.ssh/id_dsa" ]
then
  if request "Shall I create an SSH2 DSA identity file for you? (yes/no) "
  then
    echo "Generating ${pwdhome}/.ssh/id_dsa"
    if [ "${with_passphrase}" = "yes" ]
    then
      ssh-keygen -t dsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_dsa" > /dev/null
    else
      ssh-keygen -t dsa -f "${pwdhome}/.ssh/id_dsa" > /dev/null
    fi
    if request "Do you want to use this identity to login to this machine?"
    then
      echo "Adding to ${pwdhome}/.ssh/authorized_keys"
      cat "${pwdhome}/.ssh/id_dsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
    fi
  fi
fi

if [ $_nt -gt 0 -a -e "${pwdhome}/.ssh/authorized_keys" ]
then
  if ! setfacl -m "u::rw-,u:${_user}:r--,g::---,o::---" "${pwdhome}/.ssh/authorized_keys"
  then
    echo
    echo "WARNING: Setting correct permissions to ${pwdhome}/.ssh/authorized_keys"
    echo "failed.  Please care for the correct permissions.  The minimum requirement"
    echo "is, the owner and ${_user} both need read permissions."
    echo
  fi
fi

echo
echo "Configuration finished. Have fun!"
@


1.2.2.1
log
@file ssh-user-config was added on branch RELENG_9 on 2014-03-31 15:01:51 +0000
@
text
@d1 250
@


1.2.2.2
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/263970
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@a0 266
#!/bin/bash
#
# ssh-user-config, Copyright 2000-2008 Red Hat Inc.
#
# This file is part of the Cygwin port of OpenSSH.
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS  
# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF               
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.   
# IN NO EVENT SHALL THE ABOVE COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,   
# DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR    
# OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR    
# THE USE OR OTHER DEALINGS IN THE SOFTWARE.                               

# ======================================================================
# Initialization
# ======================================================================
PROGNAME=$(basename -- $0)
_tdir=$(dirname -- $0)
PROGDIR=$(cd $_tdir && pwd)

CSIH_SCRIPT=/usr/share/csih/cygwin-service-installation-helper.sh

# Subdirectory where the new package is being installed
PREFIX=/usr

# Directory where the config files are stored
SYSCONFDIR=/etc

source ${CSIH_SCRIPT}

auto_passphrase="no"
passphrase=""
pwdhome=
with_passphrase=

# ======================================================================
# Routine: create_identity
#   optionally create identity of type argument in ~/.ssh
#   optionally add result to ~/.ssh/authorized_keys
# ======================================================================
create_identity() {
  local file="$1"
  local type="$2"
  local name="$3"
  if [ ! -f "${pwdhome}/.ssh/${file}" ]
  then
    if csih_request "Shall I create a ${name} identity file for you?"
    then
      csih_inform "Generating ${pwdhome}/.ssh/${file}"
      if [ "${with_passphrase}" = "yes" ]
      then
        ssh-keygen -t "${type}" -N "${passphrase}" -f "${pwdhome}/.ssh/${file}" > /dev/null
      else
        ssh-keygen -t "${type}" -f "${pwdhome}/.ssh/${file}" > /dev/null
      fi
      if csih_request "Do you want to use this identity to login to this machine?"
      then
        csih_inform "Adding to ${pwdhome}/.ssh/authorized_keys"
        cat "${pwdhome}/.ssh/${file}.pub" >> "${pwdhome}/.ssh/authorized_keys"
      fi
    fi
  fi
} # === End of create_ssh1_identity() === #
readonly -f create_identity

# ======================================================================
# Routine: check_user_homedir
#   Perform various checks on the user's home directory
# SETS GLOBAL VARIABLE:
#   pwdhome
# ======================================================================
check_user_homedir() {
  local uid=$(id -u)
  pwdhome=$(awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < ${SYSCONFDIR}/passwd)
  if [ "X${pwdhome}" = "X" ]
  then
    csih_error_multi \
      "There is no home directory set for you in ${SYSCONFDIR}/passwd." \
      'Setting $HOME is not sufficient!'
  fi
  
  if [ ! -d "${pwdhome}" ]
  then
    csih_error_multi \
      "${pwdhome} is set in ${SYSCONFDIR}/passwd as your home directory" \
      'but it is not a valid directory. Cannot create user identity files.'
  fi
  
  # If home is the root dir, set home to empty string to avoid error messages
  # in subsequent parts of that script.
  if [ "X${pwdhome}" = "X/" ]
  then
    # But first raise a warning!
    csih_warning "Your home directory in ${SYSCONFDIR}/passwd is set to root (/). This is not recommended!"
    if csih_request "Would you like to proceed anyway?"
    then
      pwdhome=''
    else
      csih_warning "Exiting. Configuration is not complete"
      exit 1
    fi
  fi
  
  if [ -d "${pwdhome}" -a csih_is_nt -a -n "`chmod -c g-w,o-w "${pwdhome}"`" ]
  then
    echo
    csih_warning 'group and other have been revoked write permission to your home'
    csih_warning "directory ${pwdhome}."
    csih_warning 'This is required by OpenSSH to allow public key authentication using'
    csih_warning 'the key files stored in your .ssh subdirectory.'
    csih_warning 'Revert this change ONLY if you know what you are doing!'
    echo
  fi
} # === End of check_user_homedir() === #
readonly -f check_user_homedir

# ======================================================================
# Routine: check_user_dot_ssh_dir
#   Perform various checks on the ~/.ssh directory
# PREREQUISITE:
#   pwdhome -- check_user_homedir()
# ======================================================================
check_user_dot_ssh_dir() {
  if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ]
  then
    csih_error "${pwdhome}/.ssh is existant but not a directory. Cannot create user identity files."
  fi
  
  if [ ! -e "${pwdhome}/.ssh" ]
  then
    mkdir "${pwdhome}/.ssh"
    if [ ! -e "${pwdhome}/.ssh" ]
    then
      csih_error "Creating users ${pwdhome}/.ssh directory failed"
    fi
  fi
} # === End of check_user_dot_ssh_dir() === #
readonly -f check_user_dot_ssh_dir

# ======================================================================
# Routine: fix_authorized_keys_perms
#   Corrects the permissions of ~/.ssh/authorized_keys
# PREREQUISITE:
#   pwdhome   -- check_user_homedir()
# ======================================================================
fix_authorized_keys_perms() {
  if [ csih_is_nt -a -e "${pwdhome}/.ssh/authorized_keys" ]
  then
    if ! setfacl -m "u::rw-,g::---,o::---" "${pwdhome}/.ssh/authorized_keys"
    then
      csih_warning "Setting correct permissions to ${pwdhome}/.ssh/authorized_keys"
      csih_warning "failed.  Please care for the correct permissions.  The minimum requirement"
      csih_warning "is, the owner needs read permissions."
      echo
    fi
  fi
} # === End of fix_authorized_keys_perms() === #
readonly -f fix_authorized_keys_perms


# ======================================================================
# Main Entry Point
# ======================================================================

# Check how the script has been started.  If
#   (1) it has been started by giving the full path and
#       that path is /etc/postinstall, OR
#   (2) Otherwise, if the environment variable
#       SSH_USER_CONFIG_AUTO_ANSWER_NO is set
# then set auto_answer to "no".  This allows automatic
# creation of the config files in /etc w/o overwriting
# them if they already exist.  In both cases, color
# escape sequences are suppressed, so as to prevent
# cluttering setup's logfiles.
if [ "$PROGDIR" = "/etc/postinstall" ]
then
  csih_auto_answer="no"
  csih_disable_color
fi
if [ -n "${SSH_USER_CONFIG_AUTO_ANSWER_NO}" ]
then
  csih_auto_answer="no"
  csih_disable_color
fi

# ======================================================================
# Parse options
# ======================================================================
while :
do
  case $# in
  0)
    break
    ;;
  esac

  option=$1
  shift

  case "$option" in
  -d | --debug )
    set -x
    csih_trace_on
    ;;

  -y | --yes )
    csih_auto_answer=yes
    ;;

  -n | --no )
    csih_auto_answer=no
    ;;

  -p | --passphrase )
    with_passphrase="yes"
    passphrase=$1
    shift
    ;;

  *)
    echo "usage: ${PROGNAME} [OPTION]..."
    echo
    echo "This script creates an OpenSSH user configuration."
    echo
    echo "Options:"
    echo "    --debug      -d        Enable shell's debug output."
    echo "    --yes        -y        Answer all questions with \"yes\" automatically."
    echo "    --no         -n        Answer all questions with \"no\" automatically."
    echo "    --passphrase -p word   Use \"word\" as passphrase automatically."
    echo
    exit 1
    ;;

  esac
done

# ======================================================================
# Action!
# ======================================================================

# Check passwd file
if [ ! -f ${SYSCONFDIR}/passwd ]
then
  csih_error_multi \
    "${SYSCONFDIR}/passwd is nonexistant. Please generate an ${SYSCONFDIR}/passwd file" \
    'first using mkpasswd. Check if it contains an entry for you and' \
    'please care for the home directory in your entry as well.'
fi

check_user_homedir
check_user_dot_ssh_dir
create_identity id_rsa rsa "SSH2 RSA"
create_identity id_dsa dsa "SSH2 DSA"
create_identity id_ecdsa ecdsa "SSH2 ECDSA"
create_identity identity rsa1 "(deprecated) SSH1 RSA"
fix_authorized_keys_perms

echo
csih_inform "Configuration finished. Have fun!"


@


1.1
log
@Initial revision
@
text
@@


1.1.1.1
log
@Vendor import of OpenSSH 3.8.1p1.
@
text
@@


1.1.1.2
log
@Dead files.
@
text
@@

