- (bal) Updated contrib/cygwin/ patch by vinschen@redhat.com

2002-07-03 23:33:19 +00:00 · 2002-07-03 23:33:19 +00:00 · 6dbf3001ec
parent 23fe57c51c
commit 6dbf3001ec
3 changed files with 182 additions and 64 deletions
--- a/5
+++ b/5
@ -1,3 +1,6 @@
+20020703
+ - (bal) Updated contrib/cygwin/  patch by vinschen@redhat.com 
+
 20020702
 - (djm) Use PAM_MSG_MEMBER for PAM_TEXT_INFO messages, use xmalloc & 
   friends consistently. Spotted by Solar Designer <solar@openwall.com>
@ -1205,4 +1208,4 @@
 - (stevesk) entropy.c: typo in debug message
 - (djm) ssh-keygen -i needs seeded RNG; report from markus@

-$Id: ChangeLog,v 1.2313 2002/07/02 07:08:23 djm Exp $
+$Id: ChangeLog,v 1.2314 2002/07/03 23:33:19 mouring Exp $
--- a/contrib/cygwin/README
+++ b/contrib/cygwin/README
@ -1,5 +1,29 @@
 This package is the actual port of OpenSSH to Cygwin 1.3.

+===========================================================================
+Important change since 3.4p1-2:
+
+This version adds privilege separation as default setting, see
+/usr/doc/openssh/README.privsep.  According to that document the
+privsep feature requires a non-privileged account called 'sshd'.
+
+The new ssh-host-config file which is part of this version asks
+to create 'sshd' as local user if you want to use privilege
+separation.  If you confirm, it creates that NT user and adds
+the necessary entry to /etc/passwd.
+
+On 9x/Me systems the script just sets UsePrivilegeSeparation to "no"
+since that feature doesn't make any sense on a system which doesn't
+differ between privileged and unprivileged users.
+
+The new ssh-host-config script also adds the /var/empty directory
+needed by privilege separation.  When creating the /var/empty directory
+by yourself, please note that in contrast to the README.privsep document
+the owner sshould not be "root" but the user which is running sshd.  So,
+in the standard configuration this is SYSTEM.  The ssh-host-config script
+chowns /var/empty accordingly.
+===========================================================================
+
 ===========================================================================
 Important change since 3.0.1p1-2:

--- a/contrib/cygwin/ssh-host-config
+++ b/contrib/cygwin/ssh-host-config
@ -18,6 +18,11 @@ progname=$0
 auto_answer=""
 port_number=22

+privsep_configured=no
+privsep_used=yes
+sshd_in_passwd=no
+sshd_in_sam=no
+
 request()
 {
  if [ "${auto_answer}" = "yes" ]
@ -90,6 +95,10 @@ do
  esac
 done

+# Check if running on NT
+_sys="`uname -a`"
+_nt=`expr "$_sys" : "CYGWIN_NT"`
+
 # Check for running ssh/sshd processes first. Refuse to do anything while
 # some ssh processes are still running

@ -126,6 +135,38 @@ then
  fi
 fi

+# Create /var/log and /var/log/lastlog if not already existing
+
+if [ -f /var/log ]
+then
+  echo "Creating /var/log failed\!"
+else
+  if [ ! -d /var/log ]
+  then
+    mkdir -p /var/log
+  fi
+  if [ -d /var/log/lastlog ]
+  then
+    echo "Creating /var/log/lastlog failed\!"
+  elif [ ! -f /var/log/lastlog ]
+  then
+    cat /dev/null > /var/log/lastlog
+  fi
+fi
+
+# Create /var/empty file used as chroot jail for privilege separation
+if [ -f /var/empty ]
+then
+  echo "Creating /var/empty failed\!"
+else
+  mkdir -p /var/empty
+  # On NT change ownership of that dir to user "system"
+  if [ $_nt -gt 0 ]
+  then
+    chown system.system /var/empty
+  fi
+fi
+
 # Check for an old installation in ${OLDPREFIX} unless ${OLDPREFIX} isn't
 # the same as ${PREFIX}

@ -219,9 +260,10 @@ if [ ! -f "${SYSCONFDIR}/ssh_config" ]
 then
  echo "Generating ${SYSCONFDIR}/ssh_config file"
  cat > ${SYSCONFDIR}/ssh_config << EOF
-# This is ssh client systemwide configuration file.  This file provides 
-# defaults for users, and the values can be changed in per-user configuration
-# files or on the command line.
+# This is the ssh client system-wide configuration file.  See
+# ssh_config(5) for more information.  This file provides defaults for
+# users, and the values can be changed in per-user configuration files
+# or on the command line.

 # Configuration data is parsed as follows:
 #  1. command line options
@ -237,20 +279,19 @@ then
 #   ForwardAgent no
 #   ForwardX11 no
 #   RhostsAuthentication no
-#   RhostsRSAAuthentication yes
+#   RhostsRSAAuthentication no
 #   RSAAuthentication yes
 #   PasswordAuthentication yes
-#   FallBackToRsh no
-#   UseRsh no
 #   BatchMode no
 #   CheckHostIP yes
-#   StrictHostKeyChecking yes
+#   StrictHostKeyChecking ask
 #   IdentityFile ~/.ssh/identity
 #   IdentityFile ~/.ssh/id_dsa
 #   IdentityFile ~/.ssh/id_rsa
 #   Port 22
 #   Protocol 2,1
-#   Cipher blowfish
+#   Cipher 3des
+#   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
 #   EscapeChar ~
 EOF
  if [ "$port_number" != "22" ]
@ -271,17 +312,75 @@ then
    then
      echo "Can't overwrite. ${SYSCONFDIR}/sshd_config is write protected."
    fi
+  else
+    grep -q UsePrivilegeSeparation ${SYSCONFDIR}/sshd_config && privsep_configured=yes
  fi
 fi

-# Create default sshd_config from here script
+# Prior to creating or modifying sshd_config, care for privilege separation
+
+if [ "$privsep_configured" != "yes" ]
+then
+  if [ $_nt -gt 0 ]
+  then
+    echo "Privilege separation is set to yes by default since OpenSSH 3.3."
+    echo "However, this requires a non-privileged account called 'sshd'."
+    echo "For more info on privilege separation read /usr/doc/openssh/README.privsep."
+    echo
+    if request "Shall privilege separation be used?"
+    then
+      privsep_used=yes
+      grep -q '^sshd:' ${SYSCONFDIR}/passwd && sshd_in_passwd=yes
+      net user sshd >/dev/null 2>&1 && sshd_in_sam=yes
+      if [ "$sshd_in_passwd" != "yes" ]
+      then
+        if [ "$sshd_in_sam" != "yes" ]
+	then
+	  echo "Warning: The following function requires administrator privileges!"
+	  if request "Shall this script create a local user 'sshd' on this machine?"
+	  then
+	    dos_var_empty=`cygpath -w /var/empty`
+	    net user sshd /add /fullname:"sshd privsep" "/HOMEDIR:$dos_var_empty" > /dev/null 2>&1 && sshd_in_sam=yes
+	    if [ "$sshd_in_sam" != "yes" ]
+	    then
+	      echo "Warning: Creating the user 'sshd' failed!"
+	    fi
+	  fi
+	fi
+	if [ "$sshd_in_sam" != "yes" ]
+	then
+	  echo "Warning: Can't create user 'sshd' in ${SYSCONFDIR}/passwd!"
+	  echo "         Privilege separation set to 'no' again!"
+	  echo "         Check your ${SYSCONFDIR}/sshd_config file!"
+	  privsep_used=no
+	else
+	  mkpasswd -l -u sshd >> ${SYSCONFDIR}/passwd
+	fi
+      fi
+    else
+      privsep_used=no
+    fi
+  else
+    # On 9x don't use privilege separation.  Since security isn't
+    # available it just adds useless addtional processes.
+    privsep_used=no
+  fi
+fi
+
+# Create default sshd_config from here script or modify to add the
+# missing privsep configuration option

 if [ ! -f "${SYSCONFDIR}/sshd_config" ]
 then
  echo "Generating ${SYSCONFDIR}/sshd_config file"
  cat > ${SYSCONFDIR}/sshd_config << EOF
-# This is the sshd server system-wide configuration file.  See sshd(8)
-# for more information.
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options change a
+# default value.

 Port $port_number
 #Protocol 2,1
@ -289,66 +388,77 @@ Port $port_number
 #ListenAddress ::

 # HostKey for protocol version 1
-HostKey /etc/ssh_host_key
+#HostKey ${SYSCONFDIR}/ssh_host_key
 # HostKeys for protocol version 2
-HostKey /etc/ssh_host_rsa_key
-HostKey /etc/ssh_host_dsa_key
+#HostKey ${SYSCONFDIR}/ssh_host_rsa_key
+#HostKey ${SYSCONFDIR}/ssh_host_dsa_key

 # Lifetime and size of ephemeral version 1 server ke
-KeyRegenerationInterval 3600
-ServerKeyBits 768
+#KeyRegenerationInterval 3600
+#ServerKeyBits 768

 # Logging
-SyslogFacility AUTH
-LogLevel INFO
 #obsoletes QuietMode and FascistLogging
+#SyslogFacility AUTH
+#LogLevel INFO

 # Authentication:

-LoginGraceTime 600
-PermitRootLogin yes
+#LoginGraceTime 600
+#PermitRootLogin yes
 # The following setting overrides permission checks on host key files
 # and directories. For security reasons set this to "yes" when running
 # NT/W2K, NTFS and CYGWIN=ntsec.
 StrictModes no

-RSAAuthentication yes
-PubkeyAuthentication yes
+#RSAAuthentication yes
+#PubkeyAuthentication yes
 #AuthorizedKeysFile     %h/.ssh/authorized_keys

 # rhosts authentication should not be used
-RhostsAuthentication no
+#RhostsAuthentication no
 # Don't read ~/.rhosts and ~/.shosts files
-IgnoreRhosts yes
-# For this to work you will also need host keys in /etc/ssh_known_hosts
-RhostsRSAAuthentication no
+#IgnoreRhosts yes
+# For this to work you will also need host keys in ${SYSCONFDIR}/ssh_known_hosts
+#RhostsRSAAuthentication no
 # similar for protocol version 2
-HostbasedAuthentication no
-# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
-#IgnoreUserKnownHosts yes
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# RhostsRSAAuthentication and HostbasedAuthentication
+#IgnoreUserKnownHosts no

 # To disable tunneled clear text passwords, change to no here!
-PasswordAuthentication yes
-PermitEmptyPasswords no
+#PasswordAuthentication yes
+#PermitEmptyPasswords no

-X11Forwarding no
-X11DisplayOffset 10
-PrintMotd yes
-#PrintLastLog no
-KeepAlive yes
+# Change to no to disable s/key passwords
+#ChallengeResponseAuthentication yes
+
+#X11Forwarding no
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PrintMotd yes
+#PrintLastLog yes
+#KeepAlive yes
 #UseLogin no
+UsePrivilegeSeparation $privsep_used
+#Compression yes

-#MaxStartups 10:30:60
-#Banner /etc/issue.net
-#ReverseMappingCheck yes
+#MaxStartups 10
+# no default banner path
+#Banner /some/path
+#VerifyReverseMapping no

+# override default of no subsystems
 Subsystem      sftp    /usr/sbin/sftp-server
 EOF
+elif [ "$privsep_configured" != "yes" ]
+then
+  echo >> ${SYSCONFDIR}/sshd_config
+  echo "UsePrivilegeSeparation $privsep_used" >> ${SYSCONFDIR}/sshd_config
 fi

 # Care for services file
-_sys="`uname -a`"
-_nt=`expr "$_sys" : "CYGWIN_NT"`
 if [ $_nt -gt 0 ]
 then
  _wservices="${SYSTEMROOT}\\system32\\drivers\\etc\\services"
@ -403,8 +513,8 @@ umount "${_services}"
 umount "${_serv_tmp}"

 # Care for inetd.conf file
-_inetcnf="/etc/inetd.conf"
-_inetcnf_tmp="/etc/inetd.conf.$$"
+_inetcnf="${SYSCONFDIR}/inetd.conf"
+_inetcnf_tmp="${SYSCONFDIR}/inetd.conf.$$"

 if [ -f "${_inetcnf}" ]
 then
@ -442,25 +552,6 @@ then
  fi
 fi

-# Create /var/log and /var/log/lastlog if not already existing
-
-if [ -f /var/log ]
-then
-  echo "Creating /var/log failed\!"
-else
-  if [ ! -d /var/log ]
-  then
-    mkdir /var/log
-  fi
-  if [ -d /var/log/lastlog ]
-  then
-    echo "Creating /var/log/lastlog failed\!"
-  elif [ ! -f /var/log/lastlog ]
-  then
-    cat /dev/null > /var/log/lastlog
-  fi
-fi
-
 # On NT ask if sshd should be installed as service
 if [ $_nt -gt 0 ]
 then
@ -477,7 +568,7 @@ then
    [ -z "${_cygwin}" ] && _cygwin="binmode ntsec tty"
    if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -e "CYGWIN=${_cygwin}"
    then
-      chown system /etc/ssh*
+      chown system /${SYSCONFDIR}/ssh*
      echo
      echo "The service has been installed under LocalSystem account."
    fi