debian/ssh-krb5.postinst

   1 #!/bin/sh
   2
   3 set -e
   4
   5 action="$1"
   6 oldversion="$2"
   7
   8 if [ "$action" = configure ] ; then
   9     if dpkg --compare-versions "$oldversion" lt-nl 1:4.3p2-7; then
  10         # Replaced by /etc/init.d/ssh.
  11         if [ -f /etc/init.d/ssh-krb5 ]; then
  12             mv /etc/init.d/ssh-krb5 /etc/init.d/ssh-krb5.dpkg-old
  13             update-rc.d ssh-krb5 remove || true
  14         fi
  15     fi
  16
  17     # Make sure that GSSAPI is enabled.  If there is no uncommented GSSAPI
  18     # configuration, uncomment any commented-out configuration if present
  19     # (this will catch the case of a fresh install of openssh-server).
  20     # Otherwise, add configuration turning on GSSAPIAuthentication and
  21     # GSSAPIKeyExchange.
  22     #
  23     # If there is some configuration, we may be upgrading from ssh-krb5.  It
  24     # enabled GSSAPIKeyExchange without any configuration option.  Therefore,
  25     # if it isn't explicitly set, always enable it for compatible behavior
  26     # with ssh-krb5.
  27     if dpkg --compare-versions "$oldversion" ge 1:4.3p2-9; then
  28         :
  29     else
  30         changed=
  31         if grep -qi '^[         ]*GSSAPI' /etc/ssh/sshd_config ; then
  32             if grep -qi '^[     ]*GSSAPIKeyExchange' /etc/ssh/sshd_config ; then
  33                 :
  34             else
  35                 changed=true
  36                 cat >> /etc/ssh/sshd_config <<EOF
  37
  38 # GSSAPI key exchange (added by ssh-krb5 transitional package)
  39 GSSAPIKeyExchange yes
  40 EOF
  41             fi
  42         else
  43             changed=true
  44             if grep -qi '^#GSSAPI' /etc/ssh/sshd_config ; then
  45                 perl -pe 's/^\#(GSSAPI(Authentication|KeyExchange))\b.*/$1 yes/i' \
  46                     < /etc/ssh/sshd_config > /etc/ssh/sshd_config.dpkg-new
  47                 chown --reference /etc/ssh/sshd_config \
  48                     /etc/ssh/sshd_config.dpkg-new
  49                 chmod --reference /etc/ssh/sshd_config \
  50                     /etc/ssh/sshd_config.dpkg-new
  51                 mv /etc/ssh/sshd_config.dpkg-new /etc/ssh/sshd_config
  52             else
  53                 cat >> /etc/ssh/sshd_config <<EOF
  54
  55 # GSSAPI authentication (added by ssh-krb5 transitional package)
  56 GSSAPIAuthentication yes
  57 GSSAPIKeyExchange yes
  58 EOF
  59             fi
  60         fi
  61         if [ -n "$changed" ] && [ -x /etc/init.d/ssh ] ; then
  62             if [ -x /usr/sbin/invoke-rc.d ] ; then
  63                 invoke-rc.d ssh restart
  64             else
  65                 /etc/init.d/ssh restart
  66             fi
  67         fi
  68     fi
  69 fi
  70
  71 #DEBHELPER#
  72
  73 exit 0