Project

General

Profile

Bug #3152 » ssh.patch

Darren Reed, 2012-09-06 11:21 AM

View differences:

new/usr/src/cmd/ssh/etc/ssh.xml Thu Sep 6 12:25:54 2012
21 21
	CDDL HEADER END
22 22

  
23 23
	Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
24
	Copyright 2012 Darren Reed.  All rights reserved.
24 25
	Use is subject to license terms.
25 26

  
26 27
	NOTE:  This service manifest is not editable; its contents will
......
38 39

  
39 40
	<create_default_instance enabled='false' />
40 41

  
41
	<single_instance />
42

  
43 42
	<dependency name='fs-local'
44 43
		grouping='require_all'
45 44
		restart_on='none'
......
121 120
	<exec_method
122 121
		type='method'
123 122
		name='refresh'
124
		exec='/lib/svc/method/sshd restart'
123
		exec=':kill -HUP'
125 124
		timeout_seconds='60' />
126 125

  
127 126
	<property_group name='startd'
......
151 150
			value='solaris.smf.value.firewall.config' />
152 151
	</property_group>
153 152

  
153
	<property_group name='config' type='application'>
154
		<propval name='options'
155
			type='astring' value='' />
156
		<propval name='config_file'
157
			type='astring' value='' />
158
        </property_group>
159

  
154 160
	<stability value='Unstable' />
155 161

  
156 162
	<template>
157
-- old/usr/src/cmd/ssh/etc/sshd	Thu Sep  6 12:25:55 2012
163
++ new/usr/src/cmd/ssh/etc/sshd	Thu Sep  6 12:25:55 2012
......
1 1
#!/sbin/sh
2 2
#
3 3
# Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
4
# Copyright 2012 Darren Reed. All rights reserved.
4 5
# Use is subject to license terms.
5 6
#
6 7

  
7 8
. /lib/svc/share/ipf_include.sh
8 9
. /lib/svc/share/smf_include.sh
9 10

  
10
SSHDIR=/etc/ssh
11
if [ -n "$SMF_FMRI" ] ; then
12
	instance=`expr "${SMF_FMRI}" : '.*:\([^:/]*\)'`
13
	_config=`svcprop -c -p config/config_file ${SMF_FMRI} 2>/dev/null`
14
	_options=`svcprop -c -p config/options "${SMF_FMRI}" 2>/dev/null`
15
else
16
	instance=default
17
	_config=""
18
	_options=""
19
fi
20
method="$1"
21

  
11 22
KEYGEN="/usr/bin/ssh-keygen -q"
12
PIDFILE=/var/run/sshd.pid
23
#
24
# svcprop returns "" to represent an empty string which is incompatible
25
# with how shells scripts usually test for an empty string (with -n/-z).
26
#
27
if [ "$_options" = \"\" ] ; then
28
	options=""
29
else
30
	options=$_options
31
fi
32
if [ "$_config" = \"\" ] ; then
33
	config=""
34
else
35
	config=$_config
36
fi
37
if [ -n "$config" ] ; then
38
	#
39
	# The returned string will typically be a URI that starts with
40
	# "file://localhost/", meaning that it is not immediately suitable
41
	# for use as a path so remove the URI header section of the string.
42
	#
43
	sshdconfig=`expr "$config" : '[^/]*/[^/]*/[^/]*\(.*\)'`
44
	options="-f $sshdconfig $options"
45
else
46
	sshdconfig=/etc/ssh/sshd_config
47
fi
48
SSHDIR=`dirname "$sshdconfig"`
49
PIDFILE=`awk '/^PidFile/ { print $2; } ' $sshdconfig 2>/dev/null`
50
if [ -z "$PIDFILE" ] ; then
51
	if [ "$instance" != "default" ] ; then
52
		PIDFILE=/var/run/sshd-${instance}.pid
53
		PIDOPTION="PidFile $PIDFILE"
54
	else
55
		PIDFILE=/var/run/sshd.pid
56
	fi
57
else
58
	PIDOPTION="PidFile $PIDFILE"
59
fi
13 60

  
14 61
# Checks to see if RSA, and DSA host keys are available
15 62
# if any of these keys are not present, the respective keys are created.
......
32 79
		# space and one literal tab.
33 80
		#
34 81
		grep -i "^[ 	]*HostKey[ 	]*=\{0,1\}[ 	]*$keypath" \
35
		    $SSHDIR/sshd_config | grep "$keypath" > /dev/null 2>&1
82
		    "$sshdconfig" | grep "$keypath" > /dev/null 2>&1
36 83

  
37 84
		if [ $? -eq 0 ]; then
38 85
			echo Creating new $keytype public/private host key pair
......
54 101
	#
55 102
	# Get port from /etc/ssh/sshd_config
56 103
	#
57
	tports=`grep "^Port" /etc/ssh/sshd_config 2>/dev/null | \
104
	tports=`grep "^Port" $sshdconfig 2>/dev/null | \
58 105
	    awk '{print $2}'`
59 106

  
60 107
	echo "# $FMRI" >$ipf_file
......
63 110
	done
64 111
}
65 112

  
113
check_keys()
114
{
115
	for keyfile in `awk '/^HostKey/ { print $2; } ' "$sshdconfig"`; do
116
		type=`expr "$keyfile" : '.*_\([rd]sa\)_.*'`
117
		create_key "$keyfile" "$type"
118
	done
119
}
120

  
66 121
# This script is being used for two purposes: as part of an SMF
67 122
# start/stop/refresh method, and as a sysidconfig(1M)/sys-unconfig(1M)
68 123
# application.
......
70 125
# Both, the SMF methods and sysidconfig/sys-unconfig use different
71 126
# arguments..
72 127

  
73
case $1 in 
128
case $method in 
74 129
	# sysidconfig/sys-unconfig arguments (-c and -u)
75 130
'-c')
76
	create_key $SSHDIR/ssh_host_rsa_key rsa
77
	create_key $SSHDIR/ssh_host_dsa_key dsa
131
	check_keys
78 132
	;;
79 133

  
80 134
'-u')
......
94 148
	# If host keys don't exist when the service is started, create
95 149
	# them; sysidconfig is not run in every situation (such as on
96 150
	# the install media).
97
	# 
98
	create_key $SSHDIR/ssh_host_rsa_key rsa
99
	create_key $SSHDIR/ssh_host_dsa_key dsa
151
	#
152
	check_keys
100 153

  
101
	/usr/lib/ssh/sshd
154
	#
155
	# This check for the presence of $sshdconfig is not required for
156
	# the default instance as there is an explicit dependency
157
	#
158
	if [ ! -f "$sshdconfig" ] ; then
159
		echo "sshd configuration file missing: $sshdconfig" >&2
160
		exit $SMF_EXIT_ERR_CONFIG
161
	fi
162
	#
163
	# With multiple instances supported, it is necessary to always check
164
	# to see if the ssh host keys need to be created for non-default
165
	# instances.
166
	#
167
	if [ "$instance" != "default" ] ; then
168
		check_keys
169
	fi
170
	if [ -n "$PIDOPTION" ] ; then
171
		/usr/lib/ssh/sshd ${options} -o "$PIDOPTION"
172
	else
173
		/usr/lib/ssh/sshd ${options}
174
	fi
102 175
	;;
103 176

  
104 177
'restart')
105 178
	if [ -f "$PIDFILE" ]; then
106
		/usr/bin/kill -HUP `/usr/bin/cat $PIDFILE`
179
		/usr/bin/kill -HUP `/usr/bin/cat "$PIDFILE"`
107 180
	fi
108 181
	;;
109 182

  
(2-2/2)