smeserver/smeserver-openssh
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* Sun Sep 22 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-9.sme

Browse Source 
- remove reference to deprecated rssh [SME: 12670]
- template /etc/pam.d/sshd to remove motd [SME: 12740]
This commit is contained in:
Jean-Philippe Pialasse 2024-09-22 22:43:22 -04:00
parent beb0afe727
commit 84bf8e5c22
11 changed files with 80 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
createlinks
View File

@ -6,7 +6,8 @@ use esmith::Build::CreateLinks qw(:all);
foreach (qw(
/etc/ssh/sshd_config
/etc/ssh/ssh_config
))
/etc/pam.d/sshd
))
{
templates2events("$_", qw(
console-save
@ -16,22 +17,6 @@ foreach (qw(
));
}
foreach (qw(
/etc/rssh.conf
))
{
templates2events("$_", qw(
bootstrap-console-save
password-modify
remoteaccess-update
user-lock
user-create
user-delete
user-modify
smeserver-openssh-update
));
}
foreach my $event (
"console-save",
"bootstrap-console-save",

15
root/etc/e-smith/db/accounts/migrate/50rsshRemoval Normal file
View File

@ -0,0 +1,15 @@
{
# Remove AllowRSSH propertie
# Reset Shell property if /usr/bin/rssh
foreach my $account ($DB->get_all)
{
if (defined $account->prop('Shell') && ($account->prop('Shell') eq "/usr/bin/rssh") )
{
$account->delete_prop('Shell');
}
next unless (defined $account->prop('AllowRSSH'));
$account->delete_prop('AllowRSSH');
}
}

3
root/etc/e-smith/templates/etc/pam.d/sshd/20auth Normal file
View File

@ -0,0 +1,3 @@
#%PAM-1.0
auth substack password-auth
auth include postlogin

3
root/etc/e-smith/templates/etc/pam.d/sshd/30account Normal file
View File

@ -0,0 +1,3 @@
account required pam_sepermit.so
account required pam_nologin.so
account include password-auth

1
root/etc/e-smith/templates/etc/pam.d/sshd/40password Normal file
View File

@ -0,0 +1 @@
password include password-auth

11
root/etc/e-smith/templates/etc/pam.d/sshd/50session Normal file
View File

@ -0,0 +1,11 @@
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session required pam_namespace.so
session optional pam_keyinit.so force revoke
#we use the sshd_config file to call motd
#session optional pam_motd.so
session include password-auth
session include postlogin

0
root/etc/e-smith/templates/etc/pam.d/sshd/template-begin Normal file
View File

1
root/etc/e-smith/templates/etc/rssh.conf/10logfacility
View File

@ -1 +0,0 @@
logfacility = LOG_USER

1
root/etc/e-smith/templates/etc/rssh.conf/10umask
View File

@ -1 +0,0 @@
umask = 022

22
root/etc/e-smith/templates/etc/rssh.conf/40users
View File

@ -1,22 +0,0 @@
{
use esmith::AccountsDB;
my $adb = esmith::AccountsDB->open_ro or die "Couldn't open AccountsDB\n";
$OUT = '';
for my $user ( $adb->users )
{
my %props = $user->props;
$props{AllowRSSH} ||= 'unknown';
next unless ($props{PasswordSet} eq 'yes');
next if ($props{AllowRSSH} eq 'no');
next unless ($props{AllowRSSH} eq 'yes' or
$props{VPNClientAccess} eq 'yes');
$OUT .= "user = " . $user->key . ":022:11111:" . "\n";
}
}

85
smeserver-openssh.spec
View File

@ -4,7 +4,7 @@ Summary: smeserver module to configure and enable ssh
%define name smeserver-openssh
Name: %{name}
%define version 11.0.0
%define release 8
%define release 9
Version: %{version}
Release: %{release}%{?dist}
License: GPL
@ -23,7 +23,51 @@ Requires: runit
Provides: e-smith-openssh
AutoReqProv: no
%description
smeserver server enhancement to configure and enable openssh
%prep
%setup
rm -rf root/var/service root/service
%build
perl createlinks
# build the test suite from embedded tests
/sbin/e-smith/buildtests e-smith-openssh
%install
rm -rf $RPM_BUILD_ROOT
( cd root ; find . -depth -print | cpio -dump $RPM_BUILD_ROOT )
rm -f %{name}-%{version}-%{release}-filelist
/sbin/e-smith/genfilelist \
--file '/sbin/e-smith/systemd/sshd-prepare' 'attr(0554,root,root)' \
--dir '/var/log/sshd' 'attr(2750,root,root)' \
--dir '/var/empty/sshd' 'attr(0711,root,root)' \
$RPM_BUILD_ROOT \
> %{name}-%{version}-%{release}-filelist
echo "%doc COPYING" >> %{name}-%{version}-%{release}-filelist
%clean
rm -rf $RPM_BUILD_ROOT
%files -f %{name}-%{version}-%{release}-filelist
%defattr(-,root,root)
%pre
if [ $1 -gt 1 ] ; then
if [ -e /var/service/sshd/run ] ; then
/usr/bin/sv d sshd
/usr/bin/sv d sshd/log
fi
fi
%changelog
* Sun Sep 22 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-9.sme
- remove reference to deprecated rssh [SME: 12670]
- template /etc/pam.d/sshd to remove motd [SME: 12740]
* Tue Aug 13 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-8.sme
- fix new log does not fill after log rotate [SME: 12690]
@ -668,42 +712,3 @@ AutoReqProv: no
* Thu May 11 2000 Charlie Brady <charlieb@e-smith.net>
- Change rc?.d directory from 3 to 7.
%description
smeserver server enhancement to configure and enable openssh
%prep
%setup
rm -rf root/var/service root/service
%build
perl createlinks
# build the test suite from embedded tests
/sbin/e-smith/buildtests e-smith-openssh
%install
rm -rf $RPM_BUILD_ROOT
( cd root ; find . -depth -print | cpio -dump $RPM_BUILD_ROOT )
rm -f %{name}-%{version}-%{release}-filelist
/sbin/e-smith/genfilelist \
--file '/sbin/e-smith/systemd/sshd-prepare' 'attr(0554,root,root)' \
--dir '/var/log/sshd' 'attr(2750,root,root)' \
--dir '/var/empty/sshd' 'attr(0711,root,root)' \
$RPM_BUILD_ROOT \
> %{name}-%{version}-%{release}-filelist
echo "%doc COPYING" >> %{name}-%{version}-%{release}-filelist
%clean
rm -rf $RPM_BUILD_ROOT
%files -f %{name}-%{version}-%{release}-filelist
%defattr(-,root,root)
%pre
if [ $1 -gt 1 ] ; then
if [ -e /var/service/sshd/run ] ; then
/usr/bin/sv d sshd
/usr/bin/sv d sshd/log
fi
fi