Segmentation Fault of ssh3.7.1 with cygwin1.5.5-1 in W95
Corinna Vinschen
corinna-cygwin@cygwin.com
Sat Nov 1 12:27:00 GMT 2003
On Fri, Oct 31, 2003 at 07:05:41PM -0500, Pierre A. Humblet wrote:
> At 11:52 AM 10/31/2003 +0100, Corinna Vinschen wrote:
> >I've just again tested it on 98 and it works fine. Could you please
> >figure out what happens on your machine?
>
> 2 things:
> - I had accidentally deleted the next (23) line in services, so awk
> didn't find the pattern.
Ok, so how do you suggest to react in the script if that happens?
Should the script just emit a warning or should it append the ssh lines
at the end of the services file? The new script will just emit a
warning for now.
> - ssh crashes even with the CR. I also had to shorten the line. It works
> with 18 spaces between {tcp,udp} and the #
Ouch. How many spaces do I emit currently... hmm, 27. This matches
the file layout on NT. A quick look on a 98 machine... yes, only
18 spaces. Oh boy...
> Please send the next version, just to be sure.
I've created a new script and attached it to this mail.
Changes:
- Emit a warning if ssh couldn't be added to services file.
- Accomodate different service file layout on 9x and NT.
- On NT: Only ask for installing sshd as service if it's not
already installed.
Please give it a try,
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:cygwin@cygwin.com
Red Hat, Inc.
-------------- next part --------------
#!/bin/sh
#
# ssh-host-config, Copyright 2000, 2001, 2002, 2003 Red Hat Inc.
#
# This file is part of the Cygwin port of OpenSSH.
# Subdirectory where the new package is being installed
PREFIX=/usr
# Directory where the config files are stored
SYSCONFDIR=/etc
LOCALSTATEDIR=/var
progname=$0
auto_answer=""
port_number=22
privsep_configured=no
privsep_used=yes
sshd_in_passwd=no
sshd_in_sam=no
request()
{
if [ "${auto_answer}" = "yes" ]
then
return 0
elif [ "${auto_answer}" = "no" ]
then
return 1
fi
answer=""
while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ]
do
echo -n "$1 (yes/no) "
read answer
done
if [ "X${answer}" = "Xyes" ]
then
return 0
else
return 1
fi
}
# Check options
while :
do
case $# in
0)
break
;;
esac
option=$1
shift
case "$option" in
-d | --debug )
set -x
;;
-y | --yes )
auto_answer=yes
;;
-n | --no )
auto_answer=no
;;
-p | --port )
port_number=$1
shift
;;
*)
echo "usage: ${progname} [OPTION]..."
echo
echo "This script creates an OpenSSH host configuration."
echo
echo "Options:"
echo " --debug -d Enable shell's debug output."
echo " --yes -y Answer all questions with \"yes\" automatically."
echo " --no -n Answer all questions with \"no\" automatically."
echo " --port -p <n> sshd listens on port n."
echo
exit 1
;;
esac
done
# Check if running on NT
_sys="`uname -a`"
_nt=`expr "$_sys" : "CYGWIN_NT"`
# Check for running ssh/sshd processes first. Refuse to do anything while
# some ssh processes are still running
if ps -ef | grep -v grep | grep -q ssh
then
echo
echo "There are still ssh processes running. Please shut them down first."
echo
exit 1
fi
# Check for ${SYSCONFDIR} directory
if [ -e "${SYSCONFDIR}" -a ! -d "${SYSCONFDIR}" ]
then
echo
echo "${SYSCONFDIR} is existant but not a directory."
echo "Cannot create global configuration files."
echo
exit 1
fi
# Create it if necessary
if [ ! -e "${SYSCONFDIR}" ]
then
mkdir "${SYSCONFDIR}"
if [ ! -e "${SYSCONFDIR}" ]
then
echo
echo "Creating ${SYSCONFDIR} directory failed"
echo
exit 1
fi
fi
# Create /var/log and /var/log/lastlog if not already existing
if [ -f ${LOCALSTATEDIR}/log ]
then
echo "Creating ${LOCALSTATEDIR}/log failed!"
else
if [ ! -d ${LOCALSTATEDIR}/log ]
then
mkdir -p ${LOCALSTATEDIR}/log
fi
if [ -d ${LOCALSTATEDIR}/log/lastlog ]
then
chmod 777 ${LOCALSTATEDIR}/log/lastlog
elif [ ! -f ${LOCALSTATEDIR}/log/lastlog ]
then
cat /dev/null > ${LOCALSTATEDIR}/log/lastlog
chmod 666 ${LOCALSTATEDIR}/log/lastlog
fi
fi
# Create /var/empty file used as chroot jail for privilege separation
if [ -f ${LOCALSTATEDIR}/empty ]
then
echo "Creating ${LOCALSTATEDIR}/empty failed!"
else
mkdir -p ${LOCALSTATEDIR}/empty
if [ $_nt -gt 0 ]
then
chmod 755 ${LOCALSTATEDIR}/empty
fi
fi
# First generate host keys if not already existing
if [ ! -f "${SYSCONFDIR}/ssh_host_key" ]
then
echo "Generating ${SYSCONFDIR}/ssh_host_key"
ssh-keygen -t rsa1 -f ${SYSCONFDIR}/ssh_host_key -N '' > /dev/null
fi
if [ ! -f "${SYSCONFDIR}/ssh_host_rsa_key" ]
then
echo "Generating ${SYSCONFDIR}/ssh_host_rsa_key"
ssh-keygen -t rsa -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' > /dev/null
fi
if [ ! -f "${SYSCONFDIR}/ssh_host_dsa_key" ]
then
echo "Generating ${SYSCONFDIR}/ssh_host_dsa_key"
ssh-keygen -t dsa -f ${SYSCONFDIR}/ssh_host_dsa_key -N '' > /dev/null
fi
# Check if ssh_config exists. If yes, ask for overwriting
if [ -f "${SYSCONFDIR}/ssh_config" ]
then
if request "Overwrite existing ${SYSCONFDIR}/ssh_config file?"
then
rm -f "${SYSCONFDIR}/ssh_config"
if [ -f "${SYSCONFDIR}/ssh_config" ]
then
echo "Can't overwrite. ${SYSCONFDIR}/ssh_config is write protected."
fi
fi
fi
# Create default ssh_config from skeleton file in /etc/defaults/etc
if [ ! -f "${SYSCONFDIR}/ssh_config" ]
then
echo "Generating ${SYSCONFDIR}/ssh_config file"
cp ${SYSCONFDIR}/defaults/etc/ssh_config ${SYSCONFDIR}/ssh_config
if [ "$port_number" != "22" ]
then
echo "Host localhost" >> ${SYSCONFDIR}/ssh_config
echo " Port $port_number" >> ${SYSCONFDIR}/ssh_config
fi
fi
# Check if sshd_config exists. If yes, ask for overwriting
if [ -f "${SYSCONFDIR}/sshd_config" ]
then
if request "Overwrite existing ${SYSCONFDIR}/sshd_config file?"
then
rm -f "${SYSCONFDIR}/sshd_config"
if [ -f "${SYSCONFDIR}/sshd_config" ]
then
echo "Can't overwrite. ${SYSCONFDIR}/sshd_config is write protected."
fi
else
grep -q UsePrivilegeSeparation ${SYSCONFDIR}/sshd_config && privsep_configured=yes
fi
fi
# Prior to creating or modifying sshd_config, care for privilege separation
if [ "$privsep_configured" != "yes" ]
then
if [ $_nt -gt 0 ]
then
echo "Privilege separation is set to yes by default since OpenSSH 3.3."
echo "However, this requires a non-privileged account called 'sshd'."
echo "For more info on privilege separation read /usr/doc/openssh/README.privsep."
echo
if request "Shall privilege separation be used?"
then
privsep_used=yes
grep -q '^sshd:' ${SYSCONFDIR}/passwd && sshd_in_passwd=yes
net user sshd >/dev/null 2>&1 && sshd_in_sam=yes
if [ "$sshd_in_passwd" != "yes" ]
then
if [ "$sshd_in_sam" != "yes" ]
then
echo "Warning: The following function requires administrator privileges!"
if request "Shall this script create a local user 'sshd' on this machine?"
then
dos_var_empty=`cygpath -w ${LOCALSTATEDIR}/empty`
net user sshd /add /fullname:"sshd privsep" "/homedir:$dos_var_empty" /active:no > /dev/null 2>&1 && sshd_in_sam=yes
if [ "$sshd_in_sam" != "yes" ]
then
echo "Warning: Creating the user 'sshd' failed!"
fi
fi
fi
if [ "$sshd_in_sam" != "yes" ]
then
echo "Warning: Can't create user 'sshd' in ${SYSCONFDIR}/passwd!"
echo " Privilege separation set to 'no' again!"
echo " Check your ${SYSCONFDIR}/sshd_config file!"
privsep_used=no
else
mkpasswd -l -u sshd | sed -e 's/bash$/false/' >> ${SYSCONFDIR}/passwd
fi
fi
else
privsep_used=no
fi
else
# On 9x don't use privilege separation. Since security isn't
# available it just adds useless additional processes.
privsep_used=no
fi
fi
# Create default sshd_config from skeleton files in /etc/defaults/etc or
# modify to add the missing privsep configuration option
if [ ! -f "${SYSCONFDIR}/sshd_config" ]
then
echo "Generating ${SYSCONFDIR}/sshd_config file"
sed -e "s/^#UsePrivilegeSeparation yes/UsePrivilegeSeparation $privsep_used/
s/^#Port 22/Port $port_number/
s/^#StrictModes yes/StrictModes no/" \
< ${SYSCONFDIR}/defaults/etc/sshd_config \
> ${SYSCONFDIR}/sshd_config
elif [ "$privsep_configured" != "yes" ]
then
echo >> ${SYSCONFDIR}/sshd_config
echo "UsePrivilegeSeparation $privsep_used" >> ${SYSCONFDIR}/sshd_config
fi
# Care for services file
_my_etcdir="/ssh-host-config.$$"
if [ $_nt -gt 0 ]
then
_win_etcdir="${SYSTEMROOT}\\system32\\drivers\\etc"
_services="${_my_etcdir}/services"
# On NT, 27 spaces, no space after the hash
_spaces=" #"
else
_win_etcdir="${WINDIR}"
_services="${_my_etcdir}/SERVICES"
# On 9x, 18 spaces (95 is very touchy), a space after the hash
_spaces=" # "
fi
_serv_tmp="${_my_etcdir}/srv.out.$$"
mount -t -f "${_win_etcdir}" "${_my_etcdir}"
# Depends on the above mount
_wservices=`cygpath -w "${_services}"`
# Remove sshd 22/port from services
if [ `grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -eq 0 ]
then
grep -v 'sshd[ \t][ \t]*22' "${_services}" > "${_serv_tmp}"
if [ -f "${_serv_tmp}" ]
then
if mv "${_serv_tmp}" "${_services}"
then
echo "Removing sshd from ${_wservices}"
else
echo "Removing sshd from ${_wservices} failed!"
fi
rm -f "${_serv_tmp}"
else
echo "Removing sshd from ${_wservices} failed!"
fi
fi
# Add ssh 22/tcp and ssh 22/udp to services
if [ `grep -q 'ssh[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ]
then
if awk '{ if ( $2 ~ /^23\/tcp/ ) print "ssh 22/tcp'"${_spaces}"'SSH Remote Login Protocol\nssh 22/udp'"${_spaces}"'SSH Remote Login Protocol"; print $0; }' < "${_services}" > "${_serv_tmp}"
then
if mv "${_serv_tmp}" "${_services}"
then
echo "Added ssh to ${_wservices}"
else
echo "Adding ssh to ${_wservices} failed!"
fi
rm -f "${_serv_tmp}"
else
echo "WARNING: Adding ssh to ${_wservices} failed!"
fi
fi
umount "${_my_etcdir}"
# Care for inetd.conf file
_inetcnf="${SYSCONFDIR}/inetd.conf"
_inetcnf_tmp="${SYSCONFDIR}/inetd.conf.$$"
if [ -f "${_inetcnf}" ]
then
# Check if ssh service is already in use as sshd
with_comment=1
grep -q '^[ \t]*sshd' "${_inetcnf}" && with_comment=0
# Remove sshd line from inetd.conf
if [ `grep -q '^[# \t]*sshd' "${_inetcnf}"; echo $?` -eq 0 ]
then
grep -v '^[# \t]*sshd' "${_inetcnf}" >> "${_inetcnf_tmp}"
if [ -f "${_inetcnf_tmp}" ]
then
if mv "${_inetcnf_tmp}" "${_inetcnf}"
then
echo "Removed sshd from ${_inetcnf}"
else
echo "Removing sshd from ${_inetcnf} failed!"
fi
rm -f "${_inetcnf_tmp}"
else
echo "Removing sshd from ${_inetcnf} failed!"
fi
fi
# Add ssh line to inetd.conf
if [ `grep -q '^[# \t]*ssh' "${_inetcnf}"; echo $?` -ne 0 ]
then
if [ "${with_comment}" -eq 0 ]
then
echo 'ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
else
echo '# ssh stream tcp nowait root /usr/sbin/sshd sshd -i' >> "${_inetcnf}"
fi
echo "Added ssh to ${_inetcnf}"
fi
fi
# On NT ask if sshd should be installed as service
if [ $_nt -gt 0 ]
then
# But only if it is not already installed
if ! cygrunsrv -Q sshd > /dev/null 2>&1
then
echo
echo "Do you want to install sshd as service?"
if request "(Say \"no\" if it's already installed as service)"
then
echo
echo "Which value should the environment variable CYGWIN have when"
echo "sshd starts? It's recommended to set at least \"ntsec\" to be"
echo "able to change user context without password."
echo -n "Default is \"ntsec\". CYGWIN="
read _cygwin
[ -z "${_cygwin}" ] && _cygwin="ntsec"
if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd -a -D -e "CYGWIN=${_cygwin}"
then
echo
echo "The service has been installed under LocalSystem account."
fi
fi
# Now check if sshd has been successfully installed. This allows to
# set the ownership of the affected files correctly.
#
# NOTE: This doesn't work flawlessly so far on Windows 2003 Server.
# The SYSTEM account on 2003 has not the appropriate privileges to allow
# passwordless logon (pubkey authentication). This requires to run the
# service under a special account, which has administrator privileges
# plus (at least, AFAIK) the SeCreateTokenPrivilege.
# The next step will be, to extend this script to create an approriate
# account for that, using the new editrights tool.
if cygrunsrv -Q sshd > /dev/null 2>&1
then
chown system ${SYSCONFDIR}/ssh*
chown system.system ${LOCALSTATEDIR}/empty
if [ -f ${LOCALSTATEDIR}/log/sshd.log ]
then
chown system.system ${LOCALSTATEDIR}/log/sshd.log
fi
fi
fi
fi
echo
echo "Host configuration finished. Have fun!"
-------------- next part --------------
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
More information about the Cygwin
mailing list