[gssapi-openssh.git] / setup / setup-openssh.pl

#
# setup-openssh.pl:
#   Adapts the installed gsi-ssh environment to the current machine,
#   performing actions that originally occurred during the package's
#   'make install' phase.
#
# Large parts adapted from 'fixpath', a tool found in openssh-3.0.2p1.
#
# Send comments/fixes/suggestions to:
# Chase Phillips <cphillip@ncsa.uiuc.edu>
#

$gpath = $ENV{GLOBUS_LOCATION};
if (!defined($gpath))
{
    die "GLOBUS_LOCATION needs to be set before running this script"
}

#
# i'm including this because other perl scripts in the gpt setup directories
# do so
#

@INC = (@INC, "$gpath/lib/perl");

require Grid::GPT::Setup;

my $globusdir = $gpath;
my $setupdir = "$globusdir/setup/globus";
my $myname = "setup-openssh.pl";

print "$myname: Configuring package 'gsi_openssh'...\n";
print "Run this as root for the intended effect...\n";

#
# Set up path prefixes for use in the path translations
#

$prefix = ${globusdir};
$exec_prefix = "${prefix}";
$bindir = "${exec_prefix}/bin";
$sbindir = "${exec_prefix}/sbin";
$mandir = "${prefix}/man";
$mansubdir = "man";
$libexecdir = "${exec_prefix}/libexec";
$sysconfdir = "/etc/ssh";
$piddir = "/var/run";
$xauth_path = "/usr/bin/X11/xauth";

#
# We need to make sure it's okay to copy our setup files (if some files are already
# present).  If we do copy any files, we backup the old files so the user can (possibly)
# reverse any damage.
#

sub copy_setup_files
{
    my $response, $curr_time;

    $curr_time = time();

    $response = "y";
    if ( -e "${sysconfdir}/ssh_config" )
    {
        $response = query_boolean("${sysconfdir}/ssh_config already exists.  Overwrite? ", "n");
        if ($response eq "y")
        {
            action("cp ${sysconfdir}/ssh_config ${sysconfdir}/ssh_config.bak_${curr_time}");
        }
    }

    if ($response eq "y")
    {
        action("cp ${globusdir}/setup/globus/ssh_config ${sysconfdir}/ssh_config");
    }

    #
    # Reset response for our new query
    #

    $response = "y";
    if ( -e "${sysconfdir}/sshd_config" )
    {
        $response = query_boolean("${sysconfdir}/sshd_config already exists.  Overwrite? ", "n");
        if ($response eq "y")
        {
            action("cp ${sysconfdir}/sshd_config ${sysconfdir}/sshd_config.bak_${curr_time}");
        }
    }

    if ($response eq "y")
    {
        action("cp ${globusdir}/setup/globus/sshd_config ${sysconfdir}/sshd_config");
    }

    #
    # Reset response for our new query
    #

    $response = "y";
    if ( -e "${sysconfdir}/moduli" )
    {
        $response = query_boolean("${sysconfdir}/moduli already exists.  Overwrite? ", "n");
        if ($response eq "y")
        {
            action("cp ${sysconfdir}/moduli ${sysconfdir}/moduli.bak_${curr_time}");
        }
    }

    if ($response eq "y")
    {
        action("cp ${globusdir}/setup/globus/moduli ${sysconfdir}/moduli");
    }
}

sub runkeygen
{
    if ( ! -d "${sysconfdir}" )
    {
        print "Could not find ${sysconfdir} directory... creating\n";
        mkdir($sysconfdir, 16877);
        # 16877 should be 755, or drwxr-xr-x
    }

    print "Generating ssh keys (if necessary)...\n";
    if ( -e "${sysconfdir}/ssh_host_key" )
    {
        print "${sysconfdir}/ssh_host_key already exists, skipping.\n";
    }
    else
    {
        # if $sysconfdir/ssh_host_key doesn't exist..
        action("$bindir/ssh-keygen -t rsa1 -f $sysconfdir/ssh_host_key -N \"\"");
    }

    if ( -e "${sysconfdir}/ssh_host_dsa_key" )
    {
        print "${sysconfdir}/ssh_host_dsa_key already exists, skipping.\n";
    }
    else
    {
        # if $sysconfdir/ssh_host_dsa_key doesn't exist..
        action("$bindir/ssh-keygen -t dsa -f $sysconfdir/ssh_host_dsa_key -N \"\"");
    }

    if ( -e "${sysconfdir}/ssh_host_rsa_key" )
    {
        print "${sysconfdir}/ssh_host_rsa_key already exists, skipping.\n";
    }
    else
    {
        # if $sysconfdir/ssh_host_rsa_key doesn't exist..
        action("$bindir/ssh-keygen -t rsa -f $sysconfdir/ssh_host_rsa_key -N \"\"");
    }

    return 0;
}

sub fixpaths
{
    #
    # Set up path translations for the installation files
    #

    %def = (
        "/etc/ssh_config" => "${sysconfdir}/ssh_config",
        "/etc/ssh_known_hosts" => "${sysconfdir}/ssh_known_hosts",
        "/etc/sshd_config" => "${sysconfdir}/sshd_config",
        "/usr/libexec" => "${libexecdir}",
        "/etc/shosts.equiv" => "${sysconfdir}/shosts.equiv",
        "/etc/ssh_host_key" => "${sysconfdir}/ssh_host_key",
        "/etc/ssh_host_dsa_key" => "${sysconfdir}/ssh_host_dsa_key",
        "/etc/ssh_host_rsa_key" => "${sysconfdir}/ssh_host_rsa_key",
        "/var/run/sshd.pid" => "${piddir}/sshd.pid",
        "/etc/moduli" => "${sysconfdir}/moduli",
        "/etc/sshrc" => "${sysconfdir}/sshrc",
        "/usr/X11R6/bin/xauth" => "${xauth_path}",
        "/usr/bin:/bin:/usr/sbin:/sbin" => "/usr/bin:/bin:/usr/sbin:/sbin:${bindir}",
        "(/path/to/scp.real)" => "${bindir}/scp.real",
        "(/path/to/ssh)" => "${bindir}/ssh",
        "(/path/to/sftp.real)" => "${bindir}/sftp.real",
        "(/path/to/sshd.real)" => "${sbindir}/sshd.real",
        "(/path/to/ssh_config)" => "${sysconfdir}/ssh_config",
        "(/path/to/sshd_config)" => "${sysconfdir}/sshd_config",
        );

    #
    # Files on which to perform path translations
    #

    %files = (
        "${bindir}/scp" => 0,
        "${bindir}/sftp" => 0,
        "${sbindir}/sshd" => 0,
        "${sysconfdir}/ssh_config" => 1,
        "${sysconfdir}/sshd_config" => 1,
        "${sysconfdir}/moduli" => 1,
        "${mandir}/${mansubdir}1/scp.1" => 0,
        "${mandir}/${mansubdir}1/ssh-add.1" => 0,
        "${mandir}/${mansubdir}1/ssh-agent.1" => 0,
        "${mandir}/${mansubdir}1/ssh-keygen.1" => 0,
        "${mandir}/${mansubdir}1/ssh-keyscan.1" => 0,
        "${mandir}/${mansubdir}1/ssh.1" => 0,
        "${mandir}/${mansubdir}8/sshd.8" => 0,
        "${mandir}/${mansubdir}8/sftp-server.8" => 0,
        "${mandir}/${mansubdir}1/sftp.1" => 0,
        );

    print "Translating strings in config/man files...\n";
    for my $f (keys %files)
    {
        $f =~ /(.*\/)*(.*)$/;

        #
        # we really should create a random filename and make sure that it
        # doesn't already exist (based off current time_t or something)
        #

        $g = "$f.tmp";

        #
        # Grab the current mode/uid/gid for use later
        #

        $mode = (stat($f))[2];
        $uid = (stat($f))[4];
        $gid = (stat($f))[5];

        action("mv $f $g");

        open(IN, "<$g") || die ("$0: input file $g missing!\n");
        open(OUT, ">$f") || die ("$0: unable to open output file $f!\n");

        while (<IN>)
        {
            for $s (keys(%def))
            {
                s#$s#$def{$s}#;
            } # for $s
            print OUT "$_";
        } # while <IN>

        close(OUT);
        close(IN);

        if ($file{$f} eq 0)
        {
            action("rm $g");
        }
        else
        {
            print "Left backup config file '$g'\n";
        }

        #
        # An attempt to revert the new file back to the original file's
        # mode/uid/gid
        #

        chmod($mode, $f);
        chown($uid, $gid, $f);
    } # for $f

    return 0;
}

copy_setup_files();
runkeygen();
fixpaths();

my $metadata = new Grid::GPT::Setup(package_name => "gsi_openssh_setup");

$metadata->finish();

print "$myname: Finished configuring package 'gsi_openssh'.\n";

#
# Just need a minimal action() subroutine for now..
#

sub action
{
    my ($command) = @_;

    printf "$command\n";

    my $result = system("$command 2>&1");

    if (($result or $?) and $command !~ m!patch!)
    {
        die "ERROR: Unable to execute command: $!\n";
    }
}

sub query_boolean
{
    my ($query_text, $default) = @_;
    my $nondefault, $foo, $bar;

    #
    # Set $nondefault to the boolean opposite of $default.
    #

    if ($default eq "n")
    {
        $nondefault = "y";
    }
    else
    {
        $nondefault = "n";
    }

    print "${query_text} ";
    print "[$default] ";

    $foo = getc(STDIN);
    $bar = <STDIN>;

    if ($foo ne $nondefault)
    {
        $foo = $default;
    }

    return $foo;
}
Commit	Line	Data
20d3226a	1	#
1eab725d	2	# setup-openssh.pl:
	3	# Adapts the installed gsi-ssh environment to the current machine,
	4	# performing actions that originally occurred during the package's
	5	# 'make install' phase.
701aa556	6	#
1eab725d	7	# Large parts adapted from 'fixpath', a tool found in openssh-3.0.2p1.
	8	#
	9	# Send comments/fixes/suggestions to:
	10	# Chase Phillips <cphillip@ncsa.uiuc.edu>
701aa556	11	#
20d3226a	12
4f276ad7	13	$gpath = $ENV{GLOBUS_LOCATION};
ad71c979	14	if (!defined($gpath))
ad71c979	15	{
53a54c67	16	die "GLOBUS_LOCATION needs to be set before running this script"
ad71c979	17	}
	18
	19	#
	20	# i'm including this because other perl scripts in the gpt setup directories
	21	# do so
	22	#
	23
	24	@INC = (@INC, "$gpath/lib/perl");
	25
4f276ad7	26	require Grid::GPT::Setup;
4f276ad7	27
ad71c979	28	my $globusdir = $gpath;
	29	my $setupdir = "$globusdir/setup/globus";
	30	my $myname = "setup-openssh.pl";
	31
9ef2f439	32	print "$myname: Configuring package 'gsi_openssh'...\n";
1a1f62a4	33	print "Run this as root for the intended effect...\n";
ad71c979	34
20d3226a	35	#
	36	# Set up path prefixes for use in the path translations
	37	#
	38
d0a1bda7	39	$prefix = ${globusdir};
	40	$exec_prefix = "${prefix}";
	41	$bindir = "${exec_prefix}/bin";
7c25a6d7	42	$sbindir = "${exec_prefix}/sbin";
d0a1bda7	43	$mandir = "${prefix}/man";
	44	$mansubdir = "man";
	45	$libexecdir = "${exec_prefix}/libexec";
1a1f62a4	46	$sysconfdir = "/etc/ssh";
20d3226a	47	$piddir = "/var/run";
	48	$xauth_path = "/usr/bin/X11/xauth";
	49
1a1f62a4	50	#
ac083f7a	51	# We need to make sure it's okay to copy our setup files (if some files are already
	52	# present). If we do copy any files, we backup the old files so the user can (possibly)
	53	# reverse any damage.
1a1f62a4	54	#
1a1f62a4	55
ac083f7a	56	sub copy_setup_files
1a1f62a4	57	{
ac083f7a	58	my $response, $curr_time;
1a1f62a4	59
ac083f7a	60	$curr_time = time();
1a1f62a4	61
ac083f7a	62	$response = "y";
1a1f62a4	63	if ( -e "${sysconfdir}/ssh_config" )
1a1f62a4	64	{
ac083f7a	65	$response = query_boolean("${sysconfdir}/ssh_config already exists. Overwrite? ", "n");
7d881890	66	if ($response eq "y")
	67	{
	68	action("cp ${sysconfdir}/ssh_config ${sysconfdir}/ssh_config.bak_${curr_time}");
	69	}
1a1f62a4	70	}
ac083f7a	71
ac083f7a	72	if ($response eq "y")
1a1f62a4	73	{
	74	action("cp ${globusdir}/setup/globus/ssh_config ${sysconfdir}/ssh_config");
	75	}
	76
ac083f7a	77	#
	78	# Reset response for our new query
	79	#
	80
	81	$response = "y";
1a1f62a4	82	if ( -e "${sysconfdir}/sshd_config" )
1a1f62a4	83	{
ac083f7a	84	$response = query_boolean("${sysconfdir}/sshd_config already exists. Overwrite? ", "n");
7d881890	85	if ($response eq "y")
	86	{
	87	action("cp ${sysconfdir}/sshd_config ${sysconfdir}/sshd_config.bak_${curr_time}");
	88	}
1a1f62a4	89	}
ac083f7a	90
ac083f7a	91	if ($response eq "y")
1a1f62a4	92	{
	93	action("cp ${globusdir}/setup/globus/sshd_config ${sysconfdir}/sshd_config");
	94	}
ac083f7a	95
	96	#
	97	# Reset response for our new query
	98	#
	99
	100	$response = "y";
	101	if ( -e "${sysconfdir}/moduli" )
	102	{
	103	$response = query_boolean("${sysconfdir}/moduli already exists. Overwrite? ", "n");
7d881890	104	if ($response eq "y")
	105	{
	106	action("cp ${sysconfdir}/moduli ${sysconfdir}/moduli.bak_${curr_time}");
	107	}
ac083f7a	108	}
	109
	110	if ($response eq "y")
	111	{
ac083f7a	112	action("cp ${globusdir}/setup/globus/moduli ${sysconfdir}/moduli");
ac083f7a	113	}
1a1f62a4	114	}
	115
	116	sub runkeygen
	117	{
	118	if ( ! -d "${sysconfdir}" )
	119	{
	120	print "Could not find ${sysconfdir} directory... creating\n";
27b0f197	121	mkdir($sysconfdir, 16877);
27b0f197	122	# 16877 should be 755, or drwxr-xr-x
1a1f62a4	123	}
	124
	125	print "Generating ssh keys (if necessary)...\n";
	126	if ( -e "${sysconfdir}/ssh_host_key" )
	127	{
	128	print "${sysconfdir}/ssh_host_key already exists, skipping.\n";
	129	}
	130	else
	131	{
	132	# if $sysconfdir/ssh_host_key doesn't exist..
11b9a41c	133	action("$bindir/ssh-keygen -t rsa1 -f $sysconfdir/ssh_host_key -N \"\"");
1a1f62a4	134	}
	135
	136	if ( -e "${sysconfdir}/ssh_host_dsa_key" )
	137	{
	138	print "${sysconfdir}/ssh_host_dsa_key already exists, skipping.\n";
	139	}
	140	else
	141	{
	142	# if $sysconfdir/ssh_host_dsa_key doesn't exist..
11b9a41c	143	action("$bindir/ssh-keygen -t dsa -f $sysconfdir/ssh_host_dsa_key -N \"\"");
1a1f62a4	144	}
	145
	146	if ( -e "${sysconfdir}/ssh_host_rsa_key" )
	147	{
	148	print "${sysconfdir}/ssh_host_rsa_key already exists, skipping.\n";
	149	}
	150	else
	151	{
	152	# if $sysconfdir/ssh_host_rsa_key doesn't exist..
11b9a41c	153	action("$bindir/ssh-keygen -t rsa -f $sysconfdir/ssh_host_rsa_key -N \"\"");
1a1f62a4	154	}
	155
	156	return 0;
	157	}
	158
20d3226a	159	sub fixpaths
	160	{
	161	#
	162	# Set up path translations for the installation files
	163	#
	164
	165	%def = (
	166	"/etc/ssh_config" => "${sysconfdir}/ssh_config",
	167	"/etc/ssh_known_hosts" => "${sysconfdir}/ssh_known_hosts",
	168	"/etc/sshd_config" => "${sysconfdir}/sshd_config",
	169	"/usr/libexec" => "${libexecdir}",
	170	"/etc/shosts.equiv" => "${sysconfdir}/shosts.equiv",
	171	"/etc/ssh_host_key" => "${sysconfdir}/ssh_host_key",
	172	"/etc/ssh_host_dsa_key" => "${sysconfdir}/ssh_host_dsa_key",
	173	"/etc/ssh_host_rsa_key" => "${sysconfdir}/ssh_host_rsa_key",
	174	"/var/run/sshd.pid" => "${piddir}/sshd.pid",
	175	"/etc/moduli" => "${sysconfdir}/moduli",
	176	"/etc/sshrc" => "${sysconfdir}/sshrc",
	177	"/usr/X11R6/bin/xauth" => "${xauth_path}",
	178	"/usr/bin:/bin:/usr/sbin:/sbin" => "/usr/bin:/bin:/usr/sbin:/sbin:${bindir}",
44c96d90	179	"(/path/to/scp.real)" => "${bindir}/scp.real",
	180	"(/path/to/ssh)" => "${bindir}/ssh",
	181	"(/path/to/sftp.real)" => "${bindir}/sftp.real",
	182	"(/path/to/sshd.real)" => "${sbindir}/sshd.real",
	183	"(/path/to/ssh_config)" => "${sysconfdir}/ssh_config",
	184	"(/path/to/sshd_config)" => "${sysconfdir}/sshd_config",
20d3226a	185	);
20d3226a	186
20d3226a	187	#
	188	# Files on which to perform path translations
	189	#
	190
1a1f62a4	191	%files = (
11b9a41c	192	"${bindir}/scp" => 0,
	193	"${bindir}/sftp" => 0,
	194	"${sbindir}/sshd" => 0,
	195	"${sysconfdir}/ssh_config" => 1,
	196	"${sysconfdir}/sshd_config" => 1,
	197	"${sysconfdir}/moduli" => 1,
	198	"${mandir}/${mansubdir}1/scp.1" => 0,
	199	"${mandir}/${mansubdir}1/ssh-add.1" => 0,
	200	"${mandir}/${mansubdir}1/ssh-agent.1" => 0,
	201	"${mandir}/${mansubdir}1/ssh-keygen.1" => 0,
	202	"${mandir}/${mansubdir}1/ssh-keyscan.1" => 0,
	203	"${mandir}/${mansubdir}1/ssh.1" => 0,
	204	"${mandir}/${mansubdir}8/sshd.8" => 0,
	205	"${mandir}/${mansubdir}8/sftp-server.8" => 0,
	206	"${mandir}/${mansubdir}1/sftp.1" => 0,
20d3226a	207	);
20d3226a	208
4f276ad7	209	print "Translating strings in config/man files...\n";
1a1f62a4	210	for my $f (keys %files)
20d3226a	211	{
20d3226a	212	$f =~ /(.\/)(.*)$/;
7536fc6f	213
	214	#
	215	# we really should create a random filename and make sure that it
	216	# doesn't already exist (based off current time_t or something)
	217	#
	218
d0a1bda7	219	$g = "$f.tmp";
20d3226a	220
7536fc6f	221	#
	222	# Grab the current mode/uid/gid for use later
	223	#
	224
	225	$mode = (stat($f))[2];
	226	$uid = (stat($f))[4];
	227	$gid = (stat($f))[5];
	228
1a1f62a4	229	action("mv $f $g");
20d3226a	230
d0a1bda7	231	open(IN, "<$g") \|\| die ("$0: input file $g missing!\n");
	232	open(OUT, ">$f") \|\| die ("$0: unable to open output file $f!\n");
	233
	234	while (<IN>)
	235	{
	236	for $s (keys(%def))
20d3226a	237	{
d0a1bda7	238	s#$s#$def{$s}#;
	239	} # for $s
	240	print OUT "$_";
	241	} # while <IN>
20d3226a	242
d0a1bda7	243	close(OUT);
20d3226a	244	close(IN);
d0a1bda7	245
1a1f62a4	246	if ($file{$f} eq 0)
	247	{
	248	action("rm $g");
	249	}
	250	else
d0a1bda7	251	{
1a1f62a4	252	print "Left backup config file '$g'\n";
d0a1bda7	253	}
7536fc6f	254
	255	#
	256	# An attempt to revert the new file back to the original file's
	257	# mode/uid/gid
	258	#
	259
	260	chmod($mode, $f);
	261	chown($uid, $gid, $f);
20d3226a	262	} # for $f
	263
	264	return 0;
	265	}
	266
11b9a41c	267	copy_setup_files();
1a1f62a4	268	runkeygen();
11b9a41c	269	fixpaths();
ad71c979	270
472ec086	271	my $metadata = new Grid::GPT::Setup(package_name => "gsi_openssh_setup");
4f276ad7	272
53a54c67	273	$metadata->finish();
9ef2f439	274
9ef2f439	275	print "$myname: Finished configuring package 'gsi_openssh'.\n";
ac083f7a	276
	277	#
	278	# Just need a minimal action() subroutine for now..
	279	#
	280
	281	sub action
	282	{
	283	my ($command) = @_;
	284
	285	printf "$command\n";
	286
	287	my $result = system("$command 2>&1");
	288
	289	if (($result or $?) and $command !~ m!patch!)
	290	{
	291	die "ERROR: Unable to execute command: $!\n";
	292	}
	293	}
	294
	295	sub query_boolean
	296	{
	297	my ($query_text, $default) = @_;
	298	my $nondefault, $foo, $bar;
	299
	300	#
	301	# Set $nondefault to the boolean opposite of $default.
	302	#
	303
	304	if ($default eq "n")
	305	{
	306	$nondefault = "y";
	307	}
	308	else
	309	{
	310	$nondefault = "n";
	311	}
	312
	313	print "${query_text} ";
	314	print "[$default] ";
	315
	316	$foo = getc(STDIN);
	317	$bar = <STDIN>;
	318
	319	if ($foo ne $nondefault)
	320	{
	321	$foo = $default;
	322	}
	323
	324	return $foo;
	325	}
	326