]>
Commit | Line | Data |
---|---|---|
20d3226a | 1 | # |
1eab725d | 2 | # setup-openssh.pl: |
3 | # Adapts the installed gsi-ssh environment to the current machine, | |
4 | # performing actions that originally occurred during the package's | |
5 | # 'make install' phase. | |
701aa556 | 6 | # |
1eab725d | 7 | # Large parts adapted from 'fixpath', a tool found in openssh-3.0.2p1. |
8 | # | |
9 | # Send comments/fixes/suggestions to: | |
10 | # Chase Phillips <cphillip@ncsa.uiuc.edu> | |
701aa556 | 11 | # |
20d3226a | 12 | |
4f276ad7 | 13 | $gpath = $ENV{GLOBUS_LOCATION}; |
ad71c979 | 14 | if (!defined($gpath)) |
15 | { | |
53a54c67 | 16 | die "GLOBUS_LOCATION needs to be set before running this script" |
ad71c979 | 17 | } |
18 | ||
19 | # | |
20 | # i'm including this because other perl scripts in the gpt setup directories | |
21 | # do so | |
22 | # | |
23 | ||
24 | @INC = (@INC, "$gpath/lib/perl"); | |
25 | ||
4f276ad7 | 26 | require Grid::GPT::Setup; |
27 | ||
ad71c979 | 28 | my $globusdir = $gpath; |
29 | my $setupdir = "$globusdir/setup/globus"; | |
30 | my $myname = "setup-openssh.pl"; | |
31 | ||
9ef2f439 | 32 | print "$myname: Configuring package 'gsi_openssh'...\n"; |
1a1f62a4 | 33 | print "Run this as root for the intended effect...\n"; |
ad71c979 | 34 | |
20d3226a | 35 | # |
36 | # Set up path prefixes for use in the path translations | |
37 | # | |
38 | ||
d0a1bda7 | 39 | $prefix = ${globusdir}; |
40 | $exec_prefix = "${prefix}"; | |
41 | $bindir = "${exec_prefix}/bin"; | |
7c25a6d7 | 42 | $sbindir = "${exec_prefix}/sbin"; |
d0a1bda7 | 43 | $mandir = "${prefix}/man"; |
44 | $mansubdir = "man"; | |
45 | $libexecdir = "${exec_prefix}/libexec"; | |
1a1f62a4 | 46 | $sysconfdir = "/etc/ssh"; |
20d3226a | 47 | $piddir = "/var/run"; |
48 | $xauth_path = "/usr/bin/X11/xauth"; | |
49 | ||
1a1f62a4 | 50 | # |
ac083f7a | 51 | # We need to make sure it's okay to copy our setup files (if some files are already |
52 | # present). If we do copy any files, we backup the old files so the user can (possibly) | |
53 | # reverse any damage. | |
1a1f62a4 | 54 | # |
55 | ||
ac083f7a | 56 | sub copy_setup_files |
1a1f62a4 | 57 | { |
ac083f7a | 58 | my $response, $curr_time; |
1a1f62a4 | 59 | |
ac083f7a | 60 | $curr_time = time(); |
1a1f62a4 | 61 | |
ac083f7a | 62 | $response = "y"; |
1a1f62a4 | 63 | if ( -e "${sysconfdir}/ssh_config" ) |
64 | { | |
ac083f7a | 65 | $response = query_boolean("${sysconfdir}/ssh_config already exists. Overwrite? ", "n"); |
7d881890 | 66 | if ($response eq "y") |
67 | { | |
68 | action("cp ${sysconfdir}/ssh_config ${sysconfdir}/ssh_config.bak_${curr_time}"); | |
69 | } | |
1a1f62a4 | 70 | } |
ac083f7a | 71 | |
72 | if ($response eq "y") | |
1a1f62a4 | 73 | { |
74 | action("cp ${globusdir}/setup/globus/ssh_config ${sysconfdir}/ssh_config"); | |
75 | } | |
76 | ||
ac083f7a | 77 | # |
78 | # Reset response for our new query | |
79 | # | |
80 | ||
81 | $response = "y"; | |
1a1f62a4 | 82 | if ( -e "${sysconfdir}/sshd_config" ) |
83 | { | |
ac083f7a | 84 | $response = query_boolean("${sysconfdir}/sshd_config already exists. Overwrite? ", "n"); |
7d881890 | 85 | if ($response eq "y") |
86 | { | |
87 | action("cp ${sysconfdir}/sshd_config ${sysconfdir}/sshd_config.bak_${curr_time}"); | |
88 | } | |
1a1f62a4 | 89 | } |
ac083f7a | 90 | |
91 | if ($response eq "y") | |
1a1f62a4 | 92 | { |
93 | action("cp ${globusdir}/setup/globus/sshd_config ${sysconfdir}/sshd_config"); | |
94 | } | |
ac083f7a | 95 | |
96 | # | |
97 | # Reset response for our new query | |
98 | # | |
99 | ||
100 | $response = "y"; | |
101 | if ( -e "${sysconfdir}/moduli" ) | |
102 | { | |
103 | $response = query_boolean("${sysconfdir}/moduli already exists. Overwrite? ", "n"); | |
7d881890 | 104 | if ($response eq "y") |
105 | { | |
106 | action("cp ${sysconfdir}/moduli ${sysconfdir}/moduli.bak_${curr_time}"); | |
107 | } | |
ac083f7a | 108 | } |
109 | ||
110 | if ($response eq "y") | |
111 | { | |
ac083f7a | 112 | action("cp ${globusdir}/setup/globus/moduli ${sysconfdir}/moduli"); |
113 | } | |
1a1f62a4 | 114 | } |
115 | ||
116 | sub runkeygen | |
117 | { | |
118 | if ( ! -d "${sysconfdir}" ) | |
119 | { | |
120 | print "Could not find ${sysconfdir} directory... creating\n"; | |
27b0f197 | 121 | mkdir($sysconfdir, 16877); |
122 | # 16877 should be 755, or drwxr-xr-x | |
1a1f62a4 | 123 | } |
124 | ||
125 | print "Generating ssh keys (if necessary)...\n"; | |
126 | if ( -e "${sysconfdir}/ssh_host_key" ) | |
127 | { | |
128 | print "${sysconfdir}/ssh_host_key already exists, skipping.\n"; | |
129 | } | |
130 | else | |
131 | { | |
132 | # if $sysconfdir/ssh_host_key doesn't exist.. | |
11b9a41c | 133 | action("$bindir/ssh-keygen -t rsa1 -f $sysconfdir/ssh_host_key -N \"\""); |
1a1f62a4 | 134 | } |
135 | ||
136 | if ( -e "${sysconfdir}/ssh_host_dsa_key" ) | |
137 | { | |
138 | print "${sysconfdir}/ssh_host_dsa_key already exists, skipping.\n"; | |
139 | } | |
140 | else | |
141 | { | |
142 | # if $sysconfdir/ssh_host_dsa_key doesn't exist.. | |
11b9a41c | 143 | action("$bindir/ssh-keygen -t dsa -f $sysconfdir/ssh_host_dsa_key -N \"\""); |
1a1f62a4 | 144 | } |
145 | ||
146 | if ( -e "${sysconfdir}/ssh_host_rsa_key" ) | |
147 | { | |
148 | print "${sysconfdir}/ssh_host_rsa_key already exists, skipping.\n"; | |
149 | } | |
150 | else | |
151 | { | |
152 | # if $sysconfdir/ssh_host_rsa_key doesn't exist.. | |
11b9a41c | 153 | action("$bindir/ssh-keygen -t rsa -f $sysconfdir/ssh_host_rsa_key -N \"\""); |
1a1f62a4 | 154 | } |
155 | ||
156 | return 0; | |
157 | } | |
158 | ||
20d3226a | 159 | sub fixpaths |
160 | { | |
161 | # | |
162 | # Set up path translations for the installation files | |
163 | # | |
164 | ||
165 | %def = ( | |
166 | "/etc/ssh_config" => "${sysconfdir}/ssh_config", | |
167 | "/etc/ssh_known_hosts" => "${sysconfdir}/ssh_known_hosts", | |
168 | "/etc/sshd_config" => "${sysconfdir}/sshd_config", | |
169 | "/usr/libexec" => "${libexecdir}", | |
170 | "/etc/shosts.equiv" => "${sysconfdir}/shosts.equiv", | |
171 | "/etc/ssh_host_key" => "${sysconfdir}/ssh_host_key", | |
172 | "/etc/ssh_host_dsa_key" => "${sysconfdir}/ssh_host_dsa_key", | |
173 | "/etc/ssh_host_rsa_key" => "${sysconfdir}/ssh_host_rsa_key", | |
174 | "/var/run/sshd.pid" => "${piddir}/sshd.pid", | |
175 | "/etc/moduli" => "${sysconfdir}/moduli", | |
176 | "/etc/sshrc" => "${sysconfdir}/sshrc", | |
177 | "/usr/X11R6/bin/xauth" => "${xauth_path}", | |
178 | "/usr/bin:/bin:/usr/sbin:/sbin" => "/usr/bin:/bin:/usr/sbin:/sbin:${bindir}", | |
44c96d90 | 179 | "(/path/to/scp.real)" => "${bindir}/scp.real", |
180 | "(/path/to/ssh)" => "${bindir}/ssh", | |
181 | "(/path/to/sftp.real)" => "${bindir}/sftp.real", | |
182 | "(/path/to/sshd.real)" => "${sbindir}/sshd.real", | |
183 | "(/path/to/ssh_config)" => "${sysconfdir}/ssh_config", | |
184 | "(/path/to/sshd_config)" => "${sysconfdir}/sshd_config", | |
20d3226a | 185 | ); |
186 | ||
20d3226a | 187 | # |
188 | # Files on which to perform path translations | |
189 | # | |
190 | ||
1a1f62a4 | 191 | %files = ( |
11b9a41c | 192 | "${bindir}/scp" => 0, |
193 | "${bindir}/sftp" => 0, | |
194 | "${sbindir}/sshd" => 0, | |
195 | "${sysconfdir}/ssh_config" => 1, | |
196 | "${sysconfdir}/sshd_config" => 1, | |
197 | "${sysconfdir}/moduli" => 1, | |
198 | "${mandir}/${mansubdir}1/scp.1" => 0, | |
199 | "${mandir}/${mansubdir}1/ssh-add.1" => 0, | |
200 | "${mandir}/${mansubdir}1/ssh-agent.1" => 0, | |
201 | "${mandir}/${mansubdir}1/ssh-keygen.1" => 0, | |
202 | "${mandir}/${mansubdir}1/ssh-keyscan.1" => 0, | |
203 | "${mandir}/${mansubdir}1/ssh.1" => 0, | |
204 | "${mandir}/${mansubdir}8/sshd.8" => 0, | |
205 | "${mandir}/${mansubdir}8/sftp-server.8" => 0, | |
206 | "${mandir}/${mansubdir}1/sftp.1" => 0, | |
20d3226a | 207 | ); |
208 | ||
4f276ad7 | 209 | print "Translating strings in config/man files...\n"; |
1a1f62a4 | 210 | for my $f (keys %files) |
20d3226a | 211 | { |
212 | $f =~ /(.*\/)*(.*)$/; | |
7536fc6f | 213 | |
214 | # | |
215 | # we really should create a random filename and make sure that it | |
216 | # doesn't already exist (based off current time_t or something) | |
217 | # | |
218 | ||
d0a1bda7 | 219 | $g = "$f.tmp"; |
20d3226a | 220 | |
7536fc6f | 221 | # |
222 | # Grab the current mode/uid/gid for use later | |
223 | # | |
224 | ||
225 | $mode = (stat($f))[2]; | |
226 | $uid = (stat($f))[4]; | |
227 | $gid = (stat($f))[5]; | |
228 | ||
1a1f62a4 | 229 | action("mv $f $g"); |
20d3226a | 230 | |
d0a1bda7 | 231 | open(IN, "<$g") || die ("$0: input file $g missing!\n"); |
232 | open(OUT, ">$f") || die ("$0: unable to open output file $f!\n"); | |
233 | ||
234 | while (<IN>) | |
235 | { | |
236 | for $s (keys(%def)) | |
20d3226a | 237 | { |
d0a1bda7 | 238 | s#$s#$def{$s}#; |
239 | } # for $s | |
240 | print OUT "$_"; | |
241 | } # while <IN> | |
20d3226a | 242 | |
d0a1bda7 | 243 | close(OUT); |
20d3226a | 244 | close(IN); |
d0a1bda7 | 245 | |
1a1f62a4 | 246 | if ($file{$f} eq 0) |
247 | { | |
248 | action("rm $g"); | |
249 | } | |
250 | else | |
d0a1bda7 | 251 | { |
1a1f62a4 | 252 | print "Left backup config file '$g'\n"; |
d0a1bda7 | 253 | } |
7536fc6f | 254 | |
255 | # | |
256 | # An attempt to revert the new file back to the original file's | |
257 | # mode/uid/gid | |
258 | # | |
259 | ||
260 | chmod($mode, $f); | |
261 | chown($uid, $gid, $f); | |
20d3226a | 262 | } # for $f |
263 | ||
264 | return 0; | |
265 | } | |
266 | ||
11b9a41c | 267 | copy_setup_files(); |
1a1f62a4 | 268 | runkeygen(); |
11b9a41c | 269 | fixpaths(); |
ad71c979 | 270 | |
472ec086 | 271 | my $metadata = new Grid::GPT::Setup(package_name => "gsi_openssh_setup"); |
4f276ad7 | 272 | |
53a54c67 | 273 | $metadata->finish(); |
9ef2f439 | 274 | |
275 | print "$myname: Finished configuring package 'gsi_openssh'.\n"; | |
ac083f7a | 276 | |
277 | # | |
278 | # Just need a minimal action() subroutine for now.. | |
279 | # | |
280 | ||
281 | sub action | |
282 | { | |
283 | my ($command) = @_; | |
284 | ||
285 | printf "$command\n"; | |
286 | ||
287 | my $result = system("$command 2>&1"); | |
288 | ||
289 | if (($result or $?) and $command !~ m!patch!) | |
290 | { | |
291 | die "ERROR: Unable to execute command: $!\n"; | |
292 | } | |
293 | } | |
294 | ||
295 | sub query_boolean | |
296 | { | |
297 | my ($query_text, $default) = @_; | |
298 | my $nondefault, $foo, $bar; | |
299 | ||
300 | # | |
301 | # Set $nondefault to the boolean opposite of $default. | |
302 | # | |
303 | ||
304 | if ($default eq "n") | |
305 | { | |
306 | $nondefault = "y"; | |
307 | } | |
308 | else | |
309 | { | |
310 | $nondefault = "n"; | |
311 | } | |
312 | ||
313 | print "${query_text} "; | |
314 | print "[$default] "; | |
315 | ||
316 | $foo = getc(STDIN); | |
317 | $bar = <STDIN>; | |
318 | ||
319 | if ($foo ne $nondefault) | |
320 | { | |
321 | $foo = $default; | |
322 | } | |
323 | ||
324 | return $foo; | |
325 | } | |
326 |