- (bal) Privsep user creation support in Solaris buildpkg.sh by

   dtucker@zip.com.au

1 files changed, 40 insertions, 0 deletions

diff --git a/contrib/solaris/buildpkg.sh b/contrib/solaris/buildpkg.sh
index 426db1f6a..def325b87 100755
--- a/contrib/solaris/buildpkg.sh
+++ b/contrib/solaris/buildpkg.sh
@@ -98,6 +98,19 @@ do
         eval $confvar=`grep "^$confvar=" Makefile | cut -d = -f 2`
 done
 
+
+## Collect value of privsep user
+for confvar in SSH_PRIVSEP_USER
+do
+        eval $confvar=`awk '/#define[ \t]'$confvar'/{print $3}' config.h`
+done
+
+## Set privsep defaults if not defined
+if [ -z "$SSH_PRIVSEP_USER" ]
+then
+        SSH_PRIVSEP_USER=sshd
+fi
+
 ## Extract common info requires for the 'info' part of the package.
 VERSION=`./ssh -V 2>&1 | sed -e 's/,.*//'`
 
@@ -214,6 +227,33 @@ fi
 
 installf -f ${PKGNAME}
 
+if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' $sysconfdir/sshd_config >/dev/null
+then
+        echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user"
+        echo "or group."
+else
+        echo "UsePrivilegeSeparation enabled in config (or defaulting to on)."
+
+        # create group if required
+        if cut -f1 -d: /etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
+        then
+                echo "PrivSep group $SSH_PRIVSEP_USER already exists."
+        else
+                echo "Creating PrivSep group $SSH_PRIVSEP_USER."
+                groupadd $SSH_PRIVSEP_USER
+        fi
+
+        # Create user if required
+        if cut -f1 -d: /etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
+        then
+                echo "PrivSep user $SSH_PRIVSEP_USER already exists."
+        else
+                echo "Creating PrivSep user $SSH_PRIVSEP_USER."
+                useradd -c 'SSHD PrivSep User' -s /bin/false -g $SSH_PRIVSEP_USER $SSH_PRIVSEP_USER
+		passwd -l $SSH_PRIVSEP_USER
+        fi
+fi
+
 [ "\${POST_INS_START}" = "yes" ]  &&  ${TEST_DIR}/etc/init.d/${SYSVINIT_NAME} start
 exit 0
 _EOF