11305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#!/bin/bash
21305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#
31305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# ssh-user-config, Copyright 2000-2008 Red Hat Inc.
41305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#
51305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# This file is part of the Cygwin port of OpenSSH.
61305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#
71305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# Permission to use, copy, modify, and distribute this software for any
81305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# purpose with or without fee is hereby granted, provided that the above
91305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# copyright notice and this permission notice appear in all copies.
101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#
111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS  
121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF               
131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.   
141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# IN NO EVENT SHALL THE ABOVE COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,   
151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR    
161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR    
171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# THE USE OR OTHER DEALINGS IN THE SOFTWARE.                               
181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# ======================================================================
201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# Initialization
211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# ======================================================================
221305e95ba6ff9fa202d0818caf10405df4b0f648Mike LockwoodPROGNAME=$(basename -- $0)
231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood_tdir=$(dirname -- $0)
241305e95ba6ff9fa202d0818caf10405df4b0f648Mike LockwoodPROGDIR=$(cd $_tdir && pwd)
251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
261305e95ba6ff9fa202d0818caf10405df4b0f648Mike LockwoodCSIH_SCRIPT=/usr/share/csih/cygwin-service-installation-helper.sh
271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# Subdirectory where the new package is being installed
291305e95ba6ff9fa202d0818caf10405df4b0f648Mike LockwoodPREFIX=/usr
301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# Directory where the config files are stored
321305e95ba6ff9fa202d0818caf10405df4b0f648Mike LockwoodSYSCONFDIR=/etc
331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodsource ${CSIH_SCRIPT}
351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodauto_passphrase="no"
371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodpassphrase=""
381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodpwdhome=
391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodwith_passphrase=
401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# ======================================================================
421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# Routine: create_identity
431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#   optionally create identity of type argument in ~/.ssh
441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#   optionally add result to ~/.ssh/authorized_keys
451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# ======================================================================
461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodcreate_identity() {
471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  local file="$1"
481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  local type="$2"
491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  local name="$3"
501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  if [ ! -f "${pwdhome}/.ssh/${file}" ]
511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  then
521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    if csih_request "Shall I create a ${name} identity file for you?"
531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    then
541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood      csih_inform "Generating ${pwdhome}/.ssh/${file}"
551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood      if [ "${with_passphrase}" = "yes" ]
561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood      then
571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood        ssh-keygen -t "${type}" -N "${passphrase}" -f "${pwdhome}/.ssh/${file}" > /dev/null
581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood      else
591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood        ssh-keygen -t "${type}" -f "${pwdhome}/.ssh/${file}" > /dev/null
601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood      fi
611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood      if csih_request "Do you want to use this identity to login to this machine?"
621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood      then
631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood        csih_inform "Adding to ${pwdhome}/.ssh/authorized_keys"
641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood        cat "${pwdhome}/.ssh/${file}.pub" >> "${pwdhome}/.ssh/authorized_keys"
651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood      fi
661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    fi
671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  fi
681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} # === End of create_ssh1_identity() === #
691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodreadonly -f create_identity
701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# ======================================================================
721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# Routine: check_user_homedir
731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#   Perform various checks on the user's home directory
741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# SETS GLOBAL VARIABLE:
751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#   pwdhome
761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# ======================================================================
771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodcheck_user_homedir() {
781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  local uid=$(id -u)
791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  pwdhome=$(awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < ${SYSCONFDIR}/passwd)
801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  if [ "X${pwdhome}" = "X" ]
811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  then
821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    csih_error_multi \
831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood      "There is no home directory set for you in ${SYSCONFDIR}/passwd." \
841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood      'Setting $HOME is not sufficient!'
851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  fi
861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  
871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  if [ ! -d "${pwdhome}" ]
881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  then
891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    csih_error_multi \
901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood      "${pwdhome} is set in ${SYSCONFDIR}/passwd as your home directory" \
911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood      'but it is not a valid directory. Cannot create user identity files.'
921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  fi
931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  
941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  # If home is the root dir, set home to empty string to avoid error messages
951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  # in subsequent parts of that script.
961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  if [ "X${pwdhome}" = "X/" ]
971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  then
981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    # But first raise a warning!
991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    csih_warning "Your home directory in ${SYSCONFDIR}/passwd is set to root (/). This is not recommended!"
1001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    if csih_request "Would you like to proceed anyway?"
1011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    then
1021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood      pwdhome=''
1031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    else
1041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood      csih_warning "Exiting. Configuration is not complete"
1051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood      exit 1
1061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    fi
1071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  fi
1081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  
1091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  if [ -d "${pwdhome}" -a csih_is_nt -a -n "`chmod -c g-w,o-w "${pwdhome}"`" ]
1101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  then
1111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    echo
1121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    csih_warning 'group and other have been revoked write permission to your home'
1131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    csih_warning "directory ${pwdhome}."
1141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    csih_warning 'This is required by OpenSSH to allow public key authentication using'
1151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    csih_warning 'the key files stored in your .ssh subdirectory.'
1161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    csih_warning 'Revert this change ONLY if you know what you are doing!'
1171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    echo
1181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  fi
1191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} # === End of check_user_homedir() === #
1201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodreadonly -f check_user_homedir
1211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
1221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# ======================================================================
1231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# Routine: check_user_dot_ssh_dir
1241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#   Perform various checks on the ~/.ssh directory
1251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# PREREQUISITE:
1261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#   pwdhome -- check_user_homedir()
1271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# ======================================================================
1281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodcheck_user_dot_ssh_dir() {
1291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ]
1301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  then
1311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    csih_error "${pwdhome}/.ssh is existant but not a directory. Cannot create user identity files."
1321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  fi
1331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  
1341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  if [ ! -e "${pwdhome}/.ssh" ]
1351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  then
1361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    mkdir "${pwdhome}/.ssh"
1371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    if [ ! -e "${pwdhome}/.ssh" ]
1381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    then
1391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood      csih_error "Creating users ${pwdhome}/.ssh directory failed"
1401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    fi
1411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  fi
1421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} # === End of check_user_dot_ssh_dir() === #
1431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodreadonly -f check_user_dot_ssh_dir
1441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
1451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# ======================================================================
1461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# Routine: fix_authorized_keys_perms
1471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#   Corrects the permissions of ~/.ssh/authorized_keys
1481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# PREREQUISITE:
1491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#   pwdhome   -- check_user_homedir()
1501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# ======================================================================
1511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodfix_authorized_keys_perms() {
1521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  if [ csih_is_nt -a -e "${pwdhome}/.ssh/authorized_keys" ]
1531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  then
1541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    if ! setfacl -m "u::rw-,g::---,o::---" "${pwdhome}/.ssh/authorized_keys"
1551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    then
1561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood      csih_warning "Setting correct permissions to ${pwdhome}/.ssh/authorized_keys"
1571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood      csih_warning "failed.  Please care for the correct permissions.  The minimum requirement"
1581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood      csih_warning "is, the owner needs read permissions."
1591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood      echo
1601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    fi
1611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  fi
1621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} # === End of fix_authorized_keys_perms() === #
1631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodreadonly -f fix_authorized_keys_perms
1641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
1651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
1661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# ======================================================================
1671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# Main Entry Point
1681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# ======================================================================
1691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
1701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# Check how the script has been started.  If
1711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#   (1) it has been started by giving the full path and
1721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#       that path is /etc/postinstall, OR
1731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#   (2) Otherwise, if the environment variable
1741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#       SSH_USER_CONFIG_AUTO_ANSWER_NO is set
1751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# then set auto_answer to "no".  This allows automatic
1761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# creation of the config files in /etc w/o overwriting
1771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# them if they already exist.  In both cases, color
1781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# escape sequences are suppressed, so as to prevent
1791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# cluttering setup's logfiles.
1801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodif [ "$PROGDIR" = "/etc/postinstall" ]
1811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodthen
1821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  csih_auto_answer="no"
1831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  csih_disable_color
1841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodfi
1851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodif [ -n "${SSH_USER_CONFIG_AUTO_ANSWER_NO}" ]
1861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodthen
1871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  csih_auto_answer="no"
1881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  csih_disable_color
1891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodfi
1901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
1911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# ======================================================================
1921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# Parse options
1931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# ======================================================================
1941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodwhile :
1951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwooddo
1961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  case $# in
1971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  0)
1981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    break
1991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    ;;
2001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  esac
2011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
2021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  option=$1
2031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  shift
2041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
2051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  case "$option" in
2061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  -d | --debug )
2071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    set -x
2081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    csih_trace_on
2091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    ;;
2101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
2111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  -y | --yes )
2121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    csih_auto_answer=yes
2131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    ;;
2141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
2151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  -n | --no )
2161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    csih_auto_answer=no
2171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    ;;
2181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
2191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  -p | --passphrase )
2201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    with_passphrase="yes"
2211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    passphrase=$1
2221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    shift
2231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    ;;
2241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
2251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  --privileged )
2261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    csih_FORCE_PRIVILEGED_USER=yes
2271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    ;;
2281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
2291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  *)
2301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    echo "usage: ${PROGNAME} [OPTION]..."
2311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    echo
2321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    echo "This script creates an OpenSSH user configuration."
2331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    echo
2341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    echo "Options:"
2351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    echo "    --debug      -d        Enable shell's debug output."
2361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    echo "    --yes        -y        Answer all questions with \"yes\" automatically."
2371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    echo "    --no         -n        Answer all questions with \"no\" automatically."
2381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    echo "    --passphrase -p word   Use \"word\" as passphrase automatically."
2391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    echo "    --privileged           On Windows NT/2k/XP, assume privileged user"
2401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    echo "                           instead of LocalSystem for sshd service."
2411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    echo
2421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    exit 1
2431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    ;;
2441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
2451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  esac
2461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwooddone
2471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
2481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# ======================================================================
2491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# Action!
2501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# ======================================================================
2511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
2521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# Check passwd file
2531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodif [ ! -f ${SYSCONFDIR}/passwd ]
2541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodthen
2551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood  csih_error_multi \
2561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    "${SYSCONFDIR}/passwd is nonexistant. Please generate an ${SYSCONFDIR}/passwd file" \
2571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    'first using mkpasswd. Check if it contains an entry for you and' \
2581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood    'please care for the home directory in your entry as well.'
2591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodfi
2601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
2611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodcheck_user_homedir
2621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodcheck_user_dot_ssh_dir
2631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodcreate_identity id_rsa rsa "SSH2 RSA"
2641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodcreate_identity id_dsa dsa "SSH2 DSA"
2651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodcreate_identity id_ecdsa ecdsa "SSH2 ECDSA"
2661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodcreate_identity identity rsa1 "(deprecated) SSH1 RSA"
2671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodfix_authorized_keys_perms
2681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
2691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodecho
2701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodcsih_inform "Configuration finished. Have fun!"
2711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
2721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood
273