Hi again,
Chuck and Corinna, can you please take a look at this?
On Fri, Mar 20, 2009 at 20:12, Julio Emanuel wrote:
[snip]
>
> Chuck, if this is the old 'time compression' problem :) I could try to
> help and see if I send a patch to your evaluation.
> I just don't want to take something in hands that someone else has
> already started to work on, or simply does not agree with my view.
>
> Standing by...
>
Timeout! :)
Now, contradicting myself... there you have: a -f (force) option to
the csih_select_privileged_username function!
This way nothing breaks regarding current clients of csih.
And it only takes a minor change in new/upgraded clients to make use of this.
Here is the patch to csih:
~/cygsetup/addons/usr/bin $ cygcheck -c csih
Cygwin Package Information
Package Version Status
csih 0.1.8-1 OK
~/cygsetup/addons/usr/share/csih $ diff -u
/usr/src/csih-0.1.8-1/origsrc/csih-0.1.8/cygwin-service-installation-helper.sh
cygwin-service-installation-helper.sh
========= [Cut here] ===================
---
/usr/src/csih-0.1.8-1/origsrc/csih-0.1.8/cygwin-service-installation-helper.sh
2008-08-20 19:35:38.000000000 +0100
+++ cygwin-service-installation-helper.sh 2009-03-24
14:47:39.346570600 +0000
@@ -2071,7 +2071,7 @@
# ======================================================================
-# Routine: csih_select_privileged_username [-q] [service_name]
+# Routine: csih_select_privileged_username [-q] [-f] [service_name]
# On NT and above, get the desired privileged account name.
#
# If the optional argument '-q' is specified, then this function will
@@ -2079,6 +2079,10 @@
# scripts that need information ABOUT a service, but do not
# themselves install the service.
#
+# If the optional argument '-f' is specified, then no confirmation
+# questions will be asked about the selected username. This is
+# useful mainly in unattended installations.
+#
# If the optional [service_name] argument is present, then that value
# may be used in some of the messages. Also, this function will
# then check to see if [service_name] is already installed. If so,
@@ -2087,6 +2091,7 @@
# etc)
#
# Usually [service_name] and [-q] should be specified together.
+# [-f] can be set regardless of others options.
#
# SETS GLOBAL VARIABLE:
# csih_PRIVILEGED_USERNAME
@@ -2116,6 +2121,7 @@
$_csih_trace
local username
local opt_query=0
+ local opt_force=0
local opt_servicename=""
local options
@@ -2123,9 +2129,10 @@
# always parse "command line"
OPTIND=0
- while getopts ":q" options; do
+ while getopts ":qf" options; do
case $options in
q ) opt_query=1 ;;
+ f ) opt_force=1 ;;
\? ) csih_warning "${FUNCNAME[0]} ignoring invalid option: $OPTARG" ;;
\: ) csih_warning "${FUNCNAME[0]} ignoring option missing
required argument: $OPTARG" ;;
esac
@@ -2264,27 +2271,23 @@
echo ""
csih_inform "This script plans to use '${username}'."
csih_inform "'${username}' will only be used by registered services."
- if csih_request "Do you want to use a different name?"
+ if [ $opt_force -eq 0 ]
then
- csih_get_value "Enter the new user name:"
- username="${csih_value}"
- fi
- else
- if [ -z "${opt_servicename}" ]
- then
- csih_inform "This script will assume that the service will
run under the"
- csih_inform "'${username}' account."
- if csih_request "Will the service run under a different account?"
+ if csih_request "Do you want to use a different name?"
then
- csih_get_value "Enter the user name used by the service:"
+ csih_get_value "Enter the new user name:"
username="${csih_value}"
fi
- else
- csih_inform "This script will assume that ${opt_servicename}
will run under the"
- csih_inform "'${username}' account."
- if csih_request "Will ${opt_servicename} run under a
different account?"
+ fi
+ else
+ theservice=${opt_servicename:-the service}
+ csih_inform "This script will assume that ${theservice} will
run under the"
+ csih_inform "'${username}' account."
+ if [ $opt_force -eq 0 ]
+ then
+ if csih_request "Will ${theservice} run under a different account?"
then
- csih_get_value "Enter the user name used by ${opt_servicename}:"
+ csih_get_value "Enter the user name used by ${theservice}:"
username="${csih_value}"
fi
fi
@@ -2332,6 +2335,12 @@
# create a new privileged user.
# $1 (optional) will be used as the password if non-empty
#
+# NOTE: For using special behaviours triggered by optional parameters
+# to the csih_select_privileged_username function, you should first
+# call that function with all required parameters, and then call this
+# function. The selected username will already be stored in
+# $csih_PRIVILEGED_USERNAME.
+#
# Exits on catastrophic error (or if user enters empty password)
# Returns 0 on total success
# Returns 1 on partial success (created user, but could not add
========= [Cut here] ===================
And as and example of client usage, my patch to ssh-host-config to
make it really unattended (also has a minor typo correction):
~/cygsetup/addons/usr/bin $ cygcheck -c openssh
Cygwin Package Information
Package Version Status
openssh 5.2p1-1 OK
~/cygsetup/addons/usr/bin $ diff -u
/usr/src/openssh-5.2p1-1/contrib/cygwin/ssh-host-config
ssh-host-config
========= [Cut here] ===================
--- /usr/src/openssh-5.2p1-1/contrib/cygwin/ssh-host-config
2009-01-29 20:40:30.001000000 +0000
+++ ssh-host-config 2009-03-24 15:09:30.000000000 +0000
@@ -287,6 +287,9 @@
csih_inform "sshd requires. You need to have or to create a
privileged"
csih_inform "account. This script will help you do so."
echo
+
+ # Try to discover a privileged user, if possible the one
already used by sshd
+ csih_select_privileged_username ${with_force} sshd
if ! csih_create_privileged_user "${password_value}"
then
csih_error_recoverable "There was a serious problem
creating a privileged user."
@@ -432,6 +435,10 @@
csih_FORCE_PRIVILEGED_USER=yes
;;
+ -f | --force )
+ with_force=-f
+ ;;
+
*)
echo "usage: ${progname} [OPTION]..."
echo
@@ -441,6 +448,7 @@
echo " --debug -d Enable shell's debug output."
echo " --yes -y Answer all questions with \"yes\"
automatically."
echo " --no -n Answer all questions with \"no\"
automatically."
+ echo " --force -f Don't ask confirmation for sshd
account name."
echo " --cygwin -c <options> Use \"options\" as value for
CYGWIN environment var."
echo " --port -p <n> sshd listens on port n."
echo " --pwd -w <passwd> Use \"pwd\" as password for
privileged user."
@@ -489,7 +497,7 @@
fi
# Create /var/empty file used as chroot jail for privilege separation
-csih_make_dir "${LOCALSTATEDIR}/empty" "Cannot create log directory."
+csih_make_dir "${LOCALSTATEDIR}/empty" "Cannot create chroot jail
base directory."
chmod 755 "${LOCALSTATEDIR}/empty"
setfacl -m u:system:rwx "${LOCALSTATEDIR}/empty"
========= [Cut here] ===================
With those patches, you can configure ssh in a snap:
ssh-host-config --yes --force --privileged --pwd "$PASS" --cygwin ''
ssh-user-config --yes --privileged --passphrase "$MYPHRASE"
Hope you can make something useful from these patches, because I think
this helps cygwin getting more 'smooth' in configuration activities.
Have fun!
___________
Julio Costa
George Burns - "Don't stay in bed, unless you can make money in bed."
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
