[gssapi-openssh.git] / setup / setup-openssh.pl

#!/usr/bin/perl
#
# setup-openssh.pl
#
# Adapts the installed gsi-openssh environment to the current machine,
# performing actions that originally occurred during the package's
# 'make install' phase.
#
# Send comments/fixes/suggestions to:
# Chase Phillips <cphillip@ncsa.uiuc.edu>
#

printf("setup-openssh.pl: Configuring gsi-openssh package\n");

#
# Get user's GPT_LOCATION since we may be installing this using a new(er)
# version of GPT.
#

$gptpath = $ENV{GPT_LOCATION};

#
# And the old standby..
#

$gpath = $ENV{GLOBUS_LOCATION};
if (!defined($gpath))
{
    die "GLOBUS_LOCATION needs to be set before running this script"
}

#
# i'm including this because other perl scripts in the gpt setup directories
# do so
#

if (defined($gptpath))
{
    @INC = (@INC, "$gptpath/lib/perl", "$gpath/lib/perl");
}
else
{
    @INC = (@INC, "$gpath/lib/perl");
}

require Grid::GPT::Setup;

my $globusdir = $gpath;
my $myname = "setup-openssh.pl";

#
# Set up path prefixes for use in the path translations
#

$prefix = ${globusdir};
$exec_prefix = "${prefix}";
$bindir = "${exec_prefix}/bin";
$sysconfdir = "$prefix/etc/ssh";
$localsshdir = "/etc/ssh";

my $keyfiles = {
                 "dsa" => "ssh_host_dsa_key",
                 "rsa" => "ssh_host_rsa_key",
                 "rsa1" => "ssh_host_key",
               };

#
# Check that we are running as root
#

$uid = $>;

if ($uid != 0)
{
    print "--> NOTE: You must be root to run this script! <--\n";
    exit 0;
}

sub copyKeyFiles
{
    my($copylist) = @_;
    my($regex, $basename);

    print "Copying ssh host keys...\n";

    for my $f (@$copylist)
    {
        $f =~ s:/+:/:g;

        if (length($f) > 0)
        {
            $keyfile = "$f";
            $pubkeyfile = "$f.pub";

            action("cp $localsshdir/$keyfile $sysconfdir/$keyfile");
            action("cp $localsshdir/$pubkeyfile $sysconfdir/$pubkeyfile");
        }
    }
}

sub isReadable
{
    my($file) = @_;

    if ( ( -e $file ) && ( -r $file ) )
    {
        return 1;
    }
    else
    {
        return 0;
    }
}

sub determineKeys
{
    my($keyhash, $keylist);
    my($count);

    $count = 0;

    $keyhash = {};
    $keyhash->{gen} = [];   # a list of keytypes to generate
    $keyhash->{copy} = [];  # a list of files to copy from the 
    $genlist = $keyhash->{gen};
    $copylist = $keyhash->{copy};

    for my $keytype (keys %$keyfiles)
    {
        $basekeyfile = $keyfiles->{$keytype};
        $keyfile = "$localsshdir/$basekeyfile";
        $pubkeyfile = "$keyfile.pub";

        if ( !isReadable($keyfile) || !isReadable($pubkeyfile) )
        {
            push(@$genlist, $keytype);
            $count++;
        }
    }

    for my $keytype (keys %$keyfiles)
    {
        if ( !grep(/^$keytype$/, @$genlist) )
        {
            $keyfile = $keyfiles->{$keytype};
            push(@$copylist, $keyfile);
            $count++;
        }
    }

    if ($count > 0)
    {
        if ( ! -d $sysconfdir )
        {
            print "Could not find ${sysconfdir} directory... creating\n";
            action("mkdir -p $sysconfdir");
        }
    }

    return $keyhash;
}

sub runKeyGen
{
    my($gen_keys) = @_;

    print "Generating ssh host keys...\n";

    for my $k (@$gen_keys)
    {
        $keyfile = $keyfiles->{$k};

        # if $sysconfdir/$keyfile doesn't exist..
        action("$bindir/ssh-keygen -t $k -f $sysconfdir/$keyfile -N \"\"");
    }

    return 0;
}

sub fixpaths
{
    my $g, $h;

    print "Fixing sftp-server path in sshd_config...\n";

    $f = "$gpath/etc/ssh/sshd_config";
    $g = "$f.tmp";

    if ( ! -f "$f" )
    {
        die("Cannot find $f!");
    }

    #
    # Grab the current mode/uid/gid for use later
    #

    $mode = (stat($f))[2];
    $uid = (stat($f))[4];
    $gid = (stat($f))[5];

    #
    # Move $f into a .tmp file for the translation step
    #

    $result = system("mv $f $g 2>&1");
    if ($result or $?)
    {
        die "ERROR: Unable to execute command: $!\n";
    }

    open(IN, "<$g") || die ("$0: input file $g missing!\n");
    open(OUT, ">$f") || die ("$0: unable to open output file $f!\n");

    while (<IN>)
    {
        #
        # sorry for the whacky regex, but i need to verify a whole line
        #

        if ( /^\s*Subsystem\s+sftp\s+\S+\s*$/ )
        {
            $_ = "Subsystem\tsftp\t$gpath/libexec/sftp-server\n";
            $_ =~ s:/+:/:g;
        }
        print OUT "$_";
    } # while <IN>

    close(OUT);
    close(IN);

    #
    # Remove the old .tmp file
    #

    $result = system("rm $g 2>&1");

    if ($result or $?)
    {
        die "ERROR: Unable to execute command: $!\n";
    }

    #
    # An attempt to revert the new file back to the original file's
    # mode/uid/gid
    #

    chmod($mode, $f);
    chown($uid, $gid, $f);

    return 0;
}

sub alterFileGlobusLocation
{
    my ($file) = @_;

    $data = readFile($file);
    $data =~ s|\@GSI_OPENSSH_GLOBUS_LOCATION\@|$gpath|g;
    writeFile($file, $data);
}

sub alterFiles
{
    my (@files);

    @files = (
        "$gosharedir/contrib/caldera/sshd.init",
             );
}

### readFile( $filename )
#
# reads and returns $filename's contents
#

sub readFile
{
    my ($filename) = @_;
    my $data;

    open (IN, "$filename") || die "Can't open '$filename': $!";
    $/ = undef;
    $data = <IN>;
    $/ = "\n";
    close(IN);

    return $data;
}

### writeFile( $filename, $fileinput )
#
# create the inputs to the ssl program at $filename, appending the common name to the
# stream in the process
#

sub writeFile
{
    my ($filename, $fileinput) = @_;

    #
    # test for a valid $filename
    #

    if ( !defined($filename) || (length($filename) lt 1) )
    {
        die "Filename is undefined";
    }

    if ( ( -e "$filename" ) && ( ! -w "$filename" ) )
    {
        die "Cannot write to filename '$filename'";
    }

    #
    # write the output to $filename
    #

    open(OUT, ">$filename");
    print OUT "$fileinput";
    close(OUT);
}

print "---------------------------------------------------------------------\n";
print "Hi, I'm the setup script for the gsi_openssh package!  There\n";
print "are some last minute details that I've got to set straight\n";
print "in the sshd config file, along with generating the ssh keys\n";
print "for this machine (if it doesn't already have them).\n";
print "\n";
print "If I find a pair of host keys in /etc/ssh, I will copy them into\n";
print "\$GLOBUS_LOCATION/etc/ssh.  If they aren't present, I will generate\n";
print "them for you.\n";
print "\n";

$response = query_boolean("Do you wish to continue with the setup package?","y");

if ($response eq "n")
{
    print "\n";
    print "Okay.. exiting gsi_openssh setup.\n";

    exit 0;
}

$keyhash = determineKeys();
runKeyGen($keyhash->{gen});
copyKeyFiles($keyhash->{copy});
fixpaths();

my $metadata = new Grid::GPT::Setup(package_name => "gsi_openssh_setup");

$metadata->finish();

print "---------------------------------------------------------------------\n";
print "$myname: Finished configuring package 'gsi_openssh'.\n";
print "\n";
print "Additional Notes:\n";
print "\n";
print "  o I see that you have your GLOBUS_LOCATION environmental variable\n";
print "    set to:\n";
print "\n";
print "    \t\"$gpath\"\n";
print "\n";
print "    Remember to keep this variable set (correctly) when you want to\n";
print "    use the executables that came with this package.\n";
print "\n";
print "  o You may need to set LD_LIBRARY_PATH to point to the location in\n";
print "    which your globus libraries reside.  For example:\n";
print "\n";
print "    \t\$ LD_LIBRARY_PATH=\"$gpath/lib:\$LD_LIBRARY_PATH\"; \\\n";
print "    \t     export LD_LIBRARY_PATH\n";
print "\n";
print "---------------------------------------------------------------------\n";

#
# Just need a minimal action() subroutine for now..
#

sub action
{
    my ($command) = @_;

    printf "$command\n";

    my $result = system("$command 2>&1");

    if (($result or $?) and $command !~ m!patch!)
    {
        die "ERROR: Unable to execute command: $!\n";
    }
}

sub query_boolean
{
    my ($query_text, $default) = @_;
    my $nondefault, $foo, $bar;

    #
    # Set $nondefault to the boolean opposite of $default.
    #

    if ($default eq "n")
    {
        $nondefault = "y";
    }
    else
    {
        $nondefault = "n";
    }

    print "${query_text} ";
    print "[$default] ";

    $foo = <STDIN>;
    ($bar) = split //, $foo;

    if ( grep(/\s/, $bar) )
    {
        # this is debatable.  all whitespace means 'default'

        $bar = $default;
    }
    elsif ($bar ne $default)
    {
        # everything else means 'nondefault'.

        $bar = $nondefault;
    }
    else
    {
        # extraneous step.  to get here, $bar should be eq to $default anyway.

        $bar = $default;
    }

    return $bar;
}
Commit	Line	Data
5002372c	1	#!/usr/bin/perl
20d3226a	2	#
5002372c	3	# setup-openssh.pl
5002372c	4	#
95f536ac	5	# Adapts the installed gsi-openssh environment to the current machine,
5002372c	6	# performing actions that originally occurred during the package's
5002372c	7	# 'make install' phase.
701aa556	8	#
1eab725d	9	# Send comments/fixes/suggestions to:
1eab725d	10	# Chase Phillips <cphillip@ncsa.uiuc.edu>
701aa556	11	#
20d3226a	12
1b936a7a	13	printf("setup-openssh.pl: Configuring gsi-openssh package\n");
1b936a7a	14
7e12c9a7	15	#
	16	# Get user's GPT_LOCATION since we may be installing this using a new(er)
	17	# version of GPT.
	18	#
	19
	20	$gptpath = $ENV{GPT_LOCATION};
	21
	22	#
	23	# And the old standby..
	24	#
	25
4f276ad7	26	$gpath = $ENV{GLOBUS_LOCATION};
ad71c979	27	if (!defined($gpath))
ad71c979	28	{
53a54c67	29	die "GLOBUS_LOCATION needs to be set before running this script"
ad71c979	30	}
	31
	32	#
	33	# i'm including this because other perl scripts in the gpt setup directories
	34	# do so
	35	#
	36
7e12c9a7	37	if (defined($gptpath))
	38	{
	39	@INC = (@INC, "$gptpath/lib/perl", "$gpath/lib/perl");
	40	}
	41	else
	42	{
	43	@INC = (@INC, "$gpath/lib/perl");
	44	}
ad71c979	45
4f276ad7	46	require Grid::GPT::Setup;
4f276ad7	47
ad71c979	48	my $globusdir = $gpath;
ad71c979	49	my $myname = "setup-openssh.pl";
ad71c979	50
20d3226a	51	#
	52	# Set up path prefixes for use in the path translations
	53	#
	54
d0a1bda7	55	$prefix = ${globusdir};
	56	$exec_prefix = "${prefix}";
	57	$bindir = "${exec_prefix}/bin";
95f536ac	58	$sysconfdir = "$prefix/etc/ssh";
95f536ac	59	$localsshdir = "/etc/ssh";
e9ec5455	60
95f536ac	61	my $keyfiles = {
	62	"dsa" => "ssh_host_dsa_key",
	63	"rsa" => "ssh_host_rsa_key",
	64	"rsa1" => "ssh_host_key",
	65	};
823981ba	66
	67	#
	68	# Check that we are running as root
	69	#
	70
	71	$uid = $>;
	72
	73	if ($uid != 0)
	74	{
	75	print "--> NOTE: You must be root to run this script! <--\n";
	76	exit 0;
	77	}
e9ec5455	78
95f536ac	79	sub copyKeyFiles
e9ec5455	80	{
95f536ac	81	my($copylist) = @_;
95f536ac	82	my($regex, $basename);
e9ec5455	83
95f536ac	84	print "Copying ssh host keys...\n";
e9ec5455	85
95f536ac	86	for my $f (@$copylist)
e9ec5455	87	{
95f536ac	88	$f =~ s:/+:/:g;
e9ec5455	89
95f536ac	90	if (length($f) > 0)
	91	{
	92	$keyfile = "$f";
	93	$pubkeyfile = "$f.pub";
	94
95f536ac	95	action("cp $localsshdir/$keyfile $sysconfdir/$keyfile");
	96	action("cp $localsshdir/$pubkeyfile $sysconfdir/$pubkeyfile");
	97	}
e9ec5455	98	}
e9ec5455	99	}
e9ec5455	100
95f536ac	101	sub isReadable
1a1f62a4	102	{
95f536ac	103	my($file) = @_;
1a1f62a4	104
95f536ac	105	if ( ( -e $file ) && ( -r $file ) )
1a1f62a4	106	{
95f536ac	107	return 1;
1a1f62a4	108	}
823981ba	109	else
1a1f62a4	110	{
95f536ac	111	return 0;
ac083f7a	112	}
1a1f62a4	113	}
1a1f62a4	114
95f536ac	115	sub determineKeys
823981ba	116	{
95f536ac	117	my($keyhash, $keylist);
95f536ac	118	my($count);
823981ba	119
95f536ac	120	$count = 0;
823981ba	121
95f536ac	122	$keyhash = {};
	123	$keyhash->{gen} = []; # a list of keytypes to generate
	124	$keyhash->{copy} = []; # a list of files to copy from the
	125	$genlist = $keyhash->{gen};
	126	$copylist = $keyhash->{copy};
e9ec5455	127
95f536ac	128	for my $keytype (keys %$keyfiles)
1a1f62a4	129	{
95f536ac	130	$basekeyfile = $keyfiles->{$keytype};
	131	$keyfile = "$localsshdir/$basekeyfile";
	132	$pubkeyfile = "$keyfile.pub";
1a1f62a4	133
95f536ac	134	if ( !isReadable($keyfile) \|\| !isReadable($pubkeyfile) )
	135	{
	136	push(@$genlist, $keytype);
	137	$count++;
	138	}
1a1f62a4	139	}
1a1f62a4	140
95f536ac	141	for my $keytype (keys %$keyfiles)
1a1f62a4	142	{
95f536ac	143	if ( !grep(/^$keytype$/, @$genlist) )
	144	{
	145	$keyfile = $keyfiles->{$keytype};
	146	push(@$copylist, $keyfile);
	147	$count++;
	148	}
1a1f62a4	149	}
1a1f62a4	150
95f536ac	151	if ($count > 0)
1a1f62a4	152	{
95f536ac	153	if ( ! -d $sysconfdir )
	154	{
	155	print "Could not find ${sysconfdir} directory... creating\n";
	156	action("mkdir -p $sysconfdir");
	157	}
1a1f62a4	158	}
95f536ac	159
	160	return $keyhash;
	161	}
	162
	163	sub runKeyGen
	164	{
	165	my($gen_keys) = @_;
	166
	167	print "Generating ssh host keys...\n";
	168
	169	for my $k (@$gen_keys)
1a1f62a4	170	{
95f536ac	171	$keyfile = $keyfiles->{$k};
95f536ac	172
9b2e814c	173	# if $sysconfdir/$keyfile doesn't exist..
95f536ac	174	action("$bindir/ssh-keygen -t $k -f $sysconfdir/$keyfile -N \"\"");
1a1f62a4	175	}
	176
	177	return 0;
	178	}
	179
20d3226a	180	sub fixpaths
20d3226a	181	{
7e12c9a7	182	my $g, $h;
823981ba	183
95f536ac	184	print "Fixing sftp-server path in sshd_config...\n";
	185
	186	$f = "$gpath/etc/ssh/sshd_config";
	187	$g = "$f.tmp";
	188
	189	if ( ! -f "$f" )
	190	{
	191	die("Cannot find $f!");
	192	}
e9ec5455	193
20d3226a	194	#
95f536ac	195	# Grab the current mode/uid/gid for use later
20d3226a	196	#
20d3226a	197
95f536ac	198	$mode = (stat($f))[2];
	199	$uid = (stat($f))[4];
	200	$gid = (stat($f))[5];
20d3226a	201
20d3226a	202	#
95f536ac	203	# Move $f into a .tmp file for the translation step
20d3226a	204	#
20d3226a	205
95f536ac	206	$result = system("mv $f $g 2>&1");
95f536ac	207	if ($result or $?)
20d3226a	208	{
95f536ac	209	die "ERROR: Unable to execute command: $!\n";
95f536ac	210	}
7536fc6f	211
95f536ac	212	open(IN, "<$g") \|\| die ("$0: input file $g missing!\n");
95f536ac	213	open(OUT, ">$f") \|\| die ("$0: unable to open output file $f!\n");
20d3226a	214
95f536ac	215	while (<IN>)
95f536ac	216	{
6193a4af	217	#
	218	# sorry for the whacky regex, but i need to verify a whole line
	219	#
	220
	221	if ( /^\sSubsystem\s+sftp\s+\S+\s$/ )
e9ec5455	222	{
95f536ac	223	$_ = "Subsystem\tsftp\t$gpath/libexec/sftp-server\n";
95f536ac	224	$_ =~ s:/+:/:g;
7c96a399	225	}
95f536ac	226	print OUT "$_";
95f536ac	227	} # while <IN>
7c96a399	228
95f536ac	229	close(OUT);
95f536ac	230	close(IN);
7c96a399	231
95f536ac	232	#
	233	# Remove the old .tmp file
	234	#
7c96a399	235
95f536ac	236	$result = system("rm $g 2>&1");
7536fc6f	237
95f536ac	238	if ($result or $?)
	239	{
	240	die "ERROR: Unable to execute command: $!\n";
	241	}
7536fc6f	242
95f536ac	243	#
	244	# An attempt to revert the new file back to the original file's
	245	# mode/uid/gid
	246	#
7e12c9a7	247
95f536ac	248	chmod($mode, $f);
95f536ac	249	chown($uid, $gid, $f);
20d3226a	250
	251	return 0;
	252	}
	253
d58b3a33	254	sub alterFileGlobusLocation
a26c150d	255	{
d58b3a33	256	my ($file) = @_;
	257
	258	$data = readFile($file);
95f536ac	259	$data =~ s\|\@GSI_OPENSSH_GLOBUS_LOCATION\@\|$gpath\|g;
d58b3a33	260	writeFile($file, $data);
	261	}
	262
	263	sub alterFiles
	264	{
	265	my (@files);
	266
	267	@files = (
	268	"$gosharedir/contrib/caldera/sshd.init",
	269	);
a26c150d	270	}
	271
	272	### readFile( $filename )
	273	#
	274	# reads and returns $filename's contents
	275	#
	276
	277	sub readFile
	278	{
	279	my ($filename) = @_;
	280	my $data;
	281
	282	open (IN, "$filename") \|\| die "Can't open '$filename': $!";
	283	$/ = undef;
	284	$data = <IN>;
	285	$/ = "\n";
	286	close(IN);
	287
	288	return $data;
	289	}
	290
	291	### writeFile( $filename, $fileinput )
	292	#
	293	# create the inputs to the ssl program at $filename, appending the common name to the
	294	# stream in the process
	295	#
	296
	297	sub writeFile
	298	{
	299	my ($filename, $fileinput) = @_;
	300
	301	#
	302	# test for a valid $filename
	303	#
	304
	305	if ( !defined($filename) \|\| (length($filename) lt 1) )
	306	{
	307	die "Filename is undefined";
	308	}
	309
	310	if ( ( -e "$filename" ) && ( ! -w "$filename" ) )
	311	{
	312	die "Cannot write to filename '$filename'";
	313	}
	314
	315	#
	316	# write the output to $filename
	317	#
	318
	319	open(OUT, ">$filename");
	320	print OUT "$fileinput";
	321	close(OUT);
	322	}
	323
6e9c7232	324	print "---------------------------------------------------------------------\n";
823981ba	325	print "Hi, I'm the setup script for the gsi_openssh package! There\n";
823981ba	326	print "are some last minute details that I've got to set straight\n";
95f536ac	327	print "in the sshd config file, along with generating the ssh keys\n";
823981ba	328	print "for this machine (if it doesn't already have them).\n";
823981ba	329	print "\n";
95f536ac	330	print "If I find a pair of host keys in /etc/ssh, I will copy them into\n";
6e9c7232	331	print "\$GLOBUS_LOCATION/etc/ssh. If they aren't present, I will generate\n";
6e9c7232	332	print "them for you.\n";
823981ba	333	print "\n";
	334
	335	$response = query_boolean("Do you wish to continue with the setup package?","y");
	336
e9d69a89	337	if ($response eq "n")
823981ba	338	{
	339	print "\n";
	340	print "Okay.. exiting gsi_openssh setup.\n";
	341
	342	exit 0;
	343	}
e9ec5455	344
95f536ac	345	$keyhash = determineKeys();
	346	runKeyGen($keyhash->{gen});
	347	copyKeyFiles($keyhash->{copy});
11b9a41c	348	fixpaths();
ad71c979	349
472ec086	350	my $metadata = new Grid::GPT::Setup(package_name => "gsi_openssh_setup");
4f276ad7	351
53a54c67	352	$metadata->finish();
9ef2f439	353
6e9c7232	354	print "---------------------------------------------------------------------\n";
9ef2f439	355	print "$myname: Finished configuring package 'gsi_openssh'.\n";
b0441584	356	print "\n";
6e9c7232	357	print "Additional Notes:\n";
	358	print "\n";
	359	print " o I see that you have your GLOBUS_LOCATION environmental variable\n";
	360	print " set to:\n";
	361	print "\n";
	362	print " \t\"$gpath\"\n";
b0441584	363	print "\n";
6e9c7232	364	print " Remember to keep this variable set (correctly) when you want to\n";
6e9c7232	365	print " use the executables that came with this package.\n";
5002372c	366	print "\n";
6e9c7232	367	print " o You may need to set LD_LIBRARY_PATH to point to the location in\n";
6e9c7232	368	print " which your globus libraries reside. For example:\n";
5002372c	369	print "\n";
6e9c7232	370	print " \t\$ LD_LIBRARY_PATH=\"$gpath/lib:\$LD_LIBRARY_PATH\"; \\\n";
6e9c7232	371	print " \t export LD_LIBRARY_PATH\n";
5002372c	372	print "\n";
6e9c7232	373	print "---------------------------------------------------------------------\n";
ac083f7a	374
	375	#
	376	# Just need a minimal action() subroutine for now..
	377	#
	378
	379	sub action
	380	{
	381	my ($command) = @_;
	382
	383	printf "$command\n";
	384
	385	my $result = system("$command 2>&1");
	386
	387	if (($result or $?) and $command !~ m!patch!)
	388	{
	389	die "ERROR: Unable to execute command: $!\n";
	390	}
	391	}
	392
	393	sub query_boolean
	394	{
	395	my ($query_text, $default) = @_;
	396	my $nondefault, $foo, $bar;
	397
	398	#
	399	# Set $nondefault to the boolean opposite of $default.
	400	#
	401
	402	if ($default eq "n")
	403	{
	404	$nondefault = "y";
	405	}
	406	else
	407	{
	408	$nondefault = "n";
	409	}
	410
	411	print "${query_text} ";
	412	print "[$default] ";
	413
e9ec5455	414	$foo = <STDIN>;
	415	($bar) = split //, $foo;
	416
e9d69a89	417	if ( grep(/\s/, $bar) )
ac083f7a	418	{
e9d69a89	419	# this is debatable. all whitespace means 'default'
	420
	421	$bar = $default;
	422	}
	423	elsif ($bar ne $default)
	424	{
	425	# everything else means 'nondefault'.
	426
	427	$bar = $nondefault;
	428	}
	429	else
	430	{
	431	# extraneous step. to get here, $bar should be eq to $default anyway.
	432
e9ec5455	433	$bar = $default;
ac083f7a	434	}
ac083f7a	435
e9ec5455	436	return $bar;
ac083f7a	437	}