]>
Commit | Line | Data |
---|---|---|
20d3226a | 1 | # |
1eab725d | 2 | # setup-openssh.pl: |
3 | # Adapts the installed gsi-ssh environment to the current machine, | |
4 | # performing actions that originally occurred during the package's | |
5 | # 'make install' phase. | |
701aa556 | 6 | # |
1eab725d | 7 | # Large parts adapted from 'fixpath', a tool found in openssh-3.0.2p1. |
8 | # | |
9 | # Send comments/fixes/suggestions to: | |
10 | # Chase Phillips <cphillip@ncsa.uiuc.edu> | |
701aa556 | 11 | # |
20d3226a | 12 | |
4f276ad7 | 13 | $gpath = $ENV{GLOBUS_LOCATION}; |
ad71c979 | 14 | if (!defined($gpath)) |
15 | { | |
53a54c67 | 16 | die "GLOBUS_LOCATION needs to be set before running this script" |
ad71c979 | 17 | } |
18 | ||
19 | # | |
20 | # i'm including this because other perl scripts in the gpt setup directories | |
21 | # do so | |
22 | # | |
23 | ||
24 | @INC = (@INC, "$gpath/lib/perl"); | |
25 | ||
4f276ad7 | 26 | require Grid::GPT::Setup; |
27 | ||
ad71c979 | 28 | my $globusdir = $gpath; |
29 | my $setupdir = "$globusdir/setup/globus"; | |
30 | my $myname = "setup-openssh.pl"; | |
31 | ||
20d3226a | 32 | # |
33 | # Set up path prefixes for use in the path translations | |
34 | # | |
35 | ||
d0a1bda7 | 36 | $prefix = ${globusdir}; |
37 | $exec_prefix = "${prefix}"; | |
38 | $bindir = "${exec_prefix}/bin"; | |
7c25a6d7 | 39 | $sbindir = "${exec_prefix}/sbin"; |
d0a1bda7 | 40 | $mandir = "${prefix}/man"; |
41 | $mansubdir = "man"; | |
42 | $libexecdir = "${exec_prefix}/libexec"; | |
1a1f62a4 | 43 | $sysconfdir = "/etc/ssh"; |
20d3226a | 44 | $piddir = "/var/run"; |
45 | $xauth_path = "/usr/bin/X11/xauth"; | |
46 | ||
e9ec5455 | 47 | # |
48 | # Backup-related variables | |
49 | # | |
50 | ||
51 | $curr_time = time(); | |
52 | $backupdir = "globus_backup_${curr_time}"; | |
53 | $confbackupdir = "$backupdir/s1_conf"; | |
905d2356 | 54 | $transbackupdir = "$backupdir/s3_trans"; |
e9ec5455 | 55 | |
1a1f62a4 | 56 | # |
ac083f7a | 57 | # We need to make sure it's okay to copy our setup files (if some files are already |
58 | # present). If we do copy any files, we backup the old files so the user can (possibly) | |
59 | # reverse any damage. | |
1a1f62a4 | 60 | # |
61 | ||
e9ec5455 | 62 | sub test_dirs |
63 | { | |
64 | my $composite; | |
65 | ||
66 | print "\nPreparatory: checking for existence of critical directories\n"; | |
67 | ||
68 | # | |
69 | # Remember to put in check for /etc | |
70 | # | |
71 | ||
72 | # | |
73 | # Test for /etc/ssh | |
74 | # | |
75 | ||
76 | $composite = $sysconfdir; | |
77 | if ( ! -d "$composite" ) | |
78 | { | |
79 | print "Could not find directory: '${composite}'.. creating.\n"; | |
80 | mkdir($composite, 16877); | |
81 | # 16877 should be 755, or drwxr-xr-x | |
82 | } | |
83 | ||
84 | # | |
85 | # Test for /etc/ssh/globus_backup_<curr> | |
86 | # | |
87 | ||
88 | $composite = "$sysconfdir/$backupdir"; | |
89 | if ( ! -d "${composite}" ) | |
90 | { | |
91 | print "Could not find directory: '${composite}'.. creating.\n"; | |
92 | mkdir($composite, 16877); | |
93 | } | |
94 | ||
95 | # | |
96 | # Test for /etc/ssh/globus_backup_<curr>/s1_conf | |
97 | # | |
98 | ||
99 | $composite = "$sysconfdir/$confbackupdir"; | |
100 | if ( ! -d "${composite}" ) | |
101 | { | |
102 | print "Could not find directory: '${composite}'.. creating.\n"; | |
103 | mkdir($composite, 16877); | |
104 | } | |
105 | ||
106 | # | |
107 | # Test for /etc/ssh/globus_backup_<curr>/s2_trans | |
108 | # | |
109 | ||
110 | $composite = "$sysconfdir/$transbackupdir"; | |
111 | if ( ! -d "${composite}" ) | |
112 | { | |
113 | print "Could not find directory: '${composite}'.. creating.\n"; | |
114 | mkdir($composite, 16877); | |
115 | } | |
116 | ||
117 | return 0; | |
118 | } | |
119 | ||
ac083f7a | 120 | sub copy_setup_files |
1a1f62a4 | 121 | { |
e9ec5455 | 122 | my $response; |
1a1f62a4 | 123 | |
7c96a399 | 124 | print "\nStage 1: Copying configuration files into '${sysconfdir}'..\n"; |
1a1f62a4 | 125 | |
ac083f7a | 126 | $response = "y"; |
1a1f62a4 | 127 | if ( -e "${sysconfdir}/ssh_config" ) |
128 | { | |
7c96a399 | 129 | $response = query_boolean("${sysconfdir}/ssh_config already exists. Overwrite?", "n"); |
7d881890 | 130 | if ($response eq "y") |
131 | { | |
e9ec5455 | 132 | action("cp ${sysconfdir}/ssh_config ${sysconfdir}/${confbackupdir}/ssh_config"); |
7d881890 | 133 | } |
1a1f62a4 | 134 | } |
ac083f7a | 135 | |
136 | if ($response eq "y") | |
1a1f62a4 | 137 | { |
138 | action("cp ${globusdir}/setup/globus/ssh_config ${sysconfdir}/ssh_config"); | |
139 | } | |
140 | ||
ac083f7a | 141 | # |
142 | # Reset response for our new query | |
143 | # | |
144 | ||
145 | $response = "y"; | |
1a1f62a4 | 146 | if ( -e "${sysconfdir}/sshd_config" ) |
147 | { | |
7c96a399 | 148 | $response = query_boolean("${sysconfdir}/sshd_config already exists. Overwrite?", "n"); |
7d881890 | 149 | if ($response eq "y") |
150 | { | |
e9ec5455 | 151 | action("cp ${sysconfdir}/sshd_config ${sysconfdir}/${confbackupdir}/sshd_config"); |
7d881890 | 152 | } |
1a1f62a4 | 153 | } |
ac083f7a | 154 | |
155 | if ($response eq "y") | |
1a1f62a4 | 156 | { |
157 | action("cp ${globusdir}/setup/globus/sshd_config ${sysconfdir}/sshd_config"); | |
158 | } | |
ac083f7a | 159 | |
160 | # | |
161 | # Reset response for our new query | |
162 | # | |
163 | ||
164 | $response = "y"; | |
165 | if ( -e "${sysconfdir}/moduli" ) | |
166 | { | |
7c96a399 | 167 | $response = query_boolean("${sysconfdir}/moduli already exists. Overwrite?", "n"); |
7d881890 | 168 | if ($response eq "y") |
169 | { | |
e9ec5455 | 170 | action("cp ${sysconfdir}/moduli ${sysconfdir}/${confbackupdir}/moduli"); |
7d881890 | 171 | } |
ac083f7a | 172 | } |
173 | ||
174 | if ($response eq "y") | |
175 | { | |
ac083f7a | 176 | action("cp ${globusdir}/setup/globus/moduli ${sysconfdir}/moduli"); |
177 | } | |
1a1f62a4 | 178 | } |
179 | ||
180 | sub runkeygen | |
181 | { | |
7c96a399 | 182 | print "\nStage 2: Generating ssh host keys..\n"; |
e9ec5455 | 183 | |
1a1f62a4 | 184 | if ( ! -d "${sysconfdir}" ) |
185 | { | |
186 | print "Could not find ${sysconfdir} directory... creating\n"; | |
27b0f197 | 187 | mkdir($sysconfdir, 16877); |
188 | # 16877 should be 755, or drwxr-xr-x | |
1a1f62a4 | 189 | } |
190 | ||
1a1f62a4 | 191 | if ( -e "${sysconfdir}/ssh_host_key" ) |
192 | { | |
193 | print "${sysconfdir}/ssh_host_key already exists, skipping.\n"; | |
194 | } | |
195 | else | |
196 | { | |
197 | # if $sysconfdir/ssh_host_key doesn't exist.. | |
11b9a41c | 198 | action("$bindir/ssh-keygen -t rsa1 -f $sysconfdir/ssh_host_key -N \"\""); |
1a1f62a4 | 199 | } |
200 | ||
201 | if ( -e "${sysconfdir}/ssh_host_dsa_key" ) | |
202 | { | |
203 | print "${sysconfdir}/ssh_host_dsa_key already exists, skipping.\n"; | |
204 | } | |
205 | else | |
206 | { | |
207 | # if $sysconfdir/ssh_host_dsa_key doesn't exist.. | |
11b9a41c | 208 | action("$bindir/ssh-keygen -t dsa -f $sysconfdir/ssh_host_dsa_key -N \"\""); |
1a1f62a4 | 209 | } |
210 | ||
211 | if ( -e "${sysconfdir}/ssh_host_rsa_key" ) | |
212 | { | |
213 | print "${sysconfdir}/ssh_host_rsa_key already exists, skipping.\n"; | |
214 | } | |
215 | else | |
216 | { | |
217 | # if $sysconfdir/ssh_host_rsa_key doesn't exist.. | |
11b9a41c | 218 | action("$bindir/ssh-keygen -t rsa -f $sysconfdir/ssh_host_rsa_key -N \"\""); |
1a1f62a4 | 219 | } |
220 | ||
221 | return 0; | |
222 | } | |
223 | ||
20d3226a | 224 | sub fixpaths |
225 | { | |
e9ec5455 | 226 | my $g, $h; |
227 | ||
20d3226a | 228 | # |
229 | # Set up path translations for the installation files | |
230 | # | |
231 | ||
232 | %def = ( | |
233 | "/etc/ssh_config" => "${sysconfdir}/ssh_config", | |
234 | "/etc/ssh_known_hosts" => "${sysconfdir}/ssh_known_hosts", | |
235 | "/etc/sshd_config" => "${sysconfdir}/sshd_config", | |
236 | "/usr/libexec" => "${libexecdir}", | |
237 | "/etc/shosts.equiv" => "${sysconfdir}/shosts.equiv", | |
238 | "/etc/ssh_host_key" => "${sysconfdir}/ssh_host_key", | |
239 | "/etc/ssh_host_dsa_key" => "${sysconfdir}/ssh_host_dsa_key", | |
240 | "/etc/ssh_host_rsa_key" => "${sysconfdir}/ssh_host_rsa_key", | |
241 | "/var/run/sshd.pid" => "${piddir}/sshd.pid", | |
242 | "/etc/moduli" => "${sysconfdir}/moduli", | |
243 | "/etc/sshrc" => "${sysconfdir}/sshrc", | |
244 | "/usr/X11R6/bin/xauth" => "${xauth_path}", | |
245 | "/usr/bin:/bin:/usr/sbin:/sbin" => "/usr/bin:/bin:/usr/sbin:/sbin:${bindir}", | |
246 | ); | |
247 | ||
20d3226a | 248 | # |
249 | # Files on which to perform path translations | |
250 | # | |
251 | ||
1a1f62a4 | 252 | %files = ( |
11b9a41c | 253 | "${sysconfdir}/ssh_config" => 1, |
254 | "${sysconfdir}/sshd_config" => 1, | |
255 | "${sysconfdir}/moduli" => 1, | |
256 | "${mandir}/${mansubdir}1/scp.1" => 0, | |
257 | "${mandir}/${mansubdir}1/ssh-add.1" => 0, | |
258 | "${mandir}/${mansubdir}1/ssh-agent.1" => 0, | |
259 | "${mandir}/${mansubdir}1/ssh-keygen.1" => 0, | |
260 | "${mandir}/${mansubdir}1/ssh-keyscan.1" => 0, | |
261 | "${mandir}/${mansubdir}1/ssh.1" => 0, | |
262 | "${mandir}/${mansubdir}8/sshd.8" => 0, | |
263 | "${mandir}/${mansubdir}8/sftp-server.8" => 0, | |
264 | "${mandir}/${mansubdir}1/sftp.1" => 0, | |
20d3226a | 265 | ); |
266 | ||
e9ec5455 | 267 | print "\nStage 3: Translating strings in config and man files...\n"; |
268 | ||
1a1f62a4 | 269 | for my $f (keys %files) |
20d3226a | 270 | { |
271 | $f =~ /(.*\/)*(.*)$/; | |
7536fc6f | 272 | |
273 | # | |
274 | # we really should create a random filename and make sure that it | |
275 | # doesn't already exist (based off current time_t or something) | |
276 | # | |
277 | ||
d0a1bda7 | 278 | $g = "$f.tmp"; |
20d3226a | 279 | |
e9ec5455 | 280 | # |
281 | # get the filename for $f and place it in $h. | |
282 | # | |
283 | ||
284 | $h = $f; | |
285 | $h =~ s#^.*/##; | |
286 | ||
7536fc6f | 287 | # |
288 | # Grab the current mode/uid/gid for use later | |
289 | # | |
290 | ||
291 | $mode = (stat($f))[2]; | |
292 | $uid = (stat($f))[4]; | |
293 | $gid = (stat($f))[5]; | |
294 | ||
7c96a399 | 295 | # |
296 | # Move $f into a .tmp file for the translation step | |
297 | # | |
20d3226a | 298 | |
7c96a399 | 299 | $result = system("mv $f $g 2>&1"); |
300 | if ($result or $?) | |
e9ec5455 | 301 | { |
7c96a399 | 302 | die "ERROR: Unable to execute command: $!\n"; |
303 | } | |
304 | ||
305 | # | |
306 | # Create a backup of this file if it's flagged | |
307 | # | |
308 | ||
309 | if ($files{$f} == 1) | |
310 | { | |
905d2356 | 311 | $result = system("cp $g ${sysconfdir}/${transbackupdir}/$h 2>&1"); |
7c96a399 | 312 | |
313 | if ($result or $?) | |
314 | { | |
315 | die "ERROR: Unable to execute command: $!\n"; | |
316 | } | |
e9ec5455 | 317 | } |
318 | ||
d0a1bda7 | 319 | open(IN, "<$g") || die ("$0: input file $g missing!\n"); |
320 | open(OUT, ">$f") || die ("$0: unable to open output file $f!\n"); | |
321 | ||
322 | while (<IN>) | |
323 | { | |
324 | for $s (keys(%def)) | |
20d3226a | 325 | { |
d0a1bda7 | 326 | s#$s#$def{$s}#; |
327 | } # for $s | |
328 | print OUT "$_"; | |
329 | } # while <IN> | |
20d3226a | 330 | |
d0a1bda7 | 331 | close(OUT); |
20d3226a | 332 | close(IN); |
d0a1bda7 | 333 | |
7c96a399 | 334 | # |
335 | # Remove the old .tmp file | |
336 | # | |
337 | ||
338 | $result = system("rm $g 2>&1"); | |
339 | ||
340 | if ($result or $?) | |
341 | { | |
342 | die "ERROR: Unable to execute command: $!\n"; | |
343 | } | |
7536fc6f | 344 | |
345 | # | |
346 | # An attempt to revert the new file back to the original file's | |
347 | # mode/uid/gid | |
348 | # | |
349 | ||
350 | chmod($mode, $f); | |
351 | chown($uid, $gid, $f); | |
20d3226a | 352 | } # for $f |
353 | ||
7c96a399 | 354 | print "complete.\n"; |
355 | ||
20d3226a | 356 | return 0; |
357 | } | |
358 | ||
7d7b4cd9 | 359 | print "---------------------------------------------------------------\n"; |
8570e631 | 360 | print "$myname: Configuring package 'gsi_openssh'..\n"; |
361 | print "\n"; | |
362 | print "--> NOTE: Run this as root for the intended effect. <--\n"; | |
e9ec5455 | 363 | |
364 | test_dirs(); | |
11b9a41c | 365 | copy_setup_files(); |
1a1f62a4 | 366 | runkeygen(); |
11b9a41c | 367 | fixpaths(); |
ad71c979 | 368 | |
472ec086 | 369 | my $metadata = new Grid::GPT::Setup(package_name => "gsi_openssh_setup"); |
4f276ad7 | 370 | |
53a54c67 | 371 | $metadata->finish(); |
9ef2f439 | 372 | |
8570e631 | 373 | print "\n"; |
9ef2f439 | 374 | print "$myname: Finished configuring package 'gsi_openssh'.\n"; |
5327d922 | 375 | print "\n"; |
376 | print "You are required to set the following variables in your environment\n"; | |
377 | print "to ensure that the gsi_ssh package works correctly:\n"; | |
378 | print "\n"; | |
79d118e5 | 379 | print "\GSI_SCP_LOC=\"${bindir}/scp.real\"\n"; |
380 | print "\GSI_SFTP_LOC=\"${bindir}/sftp.real\"\n"; | |
381 | print "\GSI_SSH_LOC=\"${bindir}/ssh\"\n"; | |
382 | print "\GSI_SSHD_LOC=\"${sbindir}/sshd.real\"\n"; | |
383 | print "\GSI_SSH_CONFIG_LOC=\"${sysconfdir}/ssh_config\"\n"; | |
384 | print "\GSI_SSHD_CONFIG_LOC=\"${sysconfdir}/sshd_config\"\n"; | |
7d7b4cd9 | 385 | print "---------------------------------------------------------------\n"; |
ac083f7a | 386 | |
387 | # | |
388 | # Just need a minimal action() subroutine for now.. | |
389 | # | |
390 | ||
391 | sub action | |
392 | { | |
393 | my ($command) = @_; | |
394 | ||
395 | printf "$command\n"; | |
396 | ||
397 | my $result = system("$command 2>&1"); | |
398 | ||
399 | if (($result or $?) and $command !~ m!patch!) | |
400 | { | |
401 | die "ERROR: Unable to execute command: $!\n"; | |
402 | } | |
403 | } | |
404 | ||
405 | sub query_boolean | |
406 | { | |
407 | my ($query_text, $default) = @_; | |
408 | my $nondefault, $foo, $bar; | |
409 | ||
410 | # | |
411 | # Set $nondefault to the boolean opposite of $default. | |
412 | # | |
413 | ||
414 | if ($default eq "n") | |
415 | { | |
416 | $nondefault = "y"; | |
417 | } | |
418 | else | |
419 | { | |
420 | $nondefault = "n"; | |
421 | } | |
422 | ||
423 | print "${query_text} "; | |
424 | print "[$default] "; | |
425 | ||
e9ec5455 | 426 | $foo = <STDIN>; |
427 | ($bar) = split //, $foo; | |
428 | ||
e9ec5455 | 429 | if ($bar ne $nondefault) |
ac083f7a | 430 | { |
e9ec5455 | 431 | $bar = $default; |
ac083f7a | 432 | } |
433 | ||
e9ec5455 | 434 | return $bar; |
ac083f7a | 435 | } |
436 |