]>
Commit | Line | Data |
---|---|---|
20d3226a | 1 | # |
1eab725d | 2 | # setup-openssh.pl: |
3 | # Adapts the installed gsi-ssh environment to the current machine, | |
4 | # performing actions that originally occurred during the package's | |
5 | # 'make install' phase. | |
701aa556 | 6 | # |
7e12c9a7 | 7 | # Parts adapted from 'fixpath', a tool found in openssh-3.0.2p1. |
1eab725d | 8 | # |
9 | # Send comments/fixes/suggestions to: | |
10 | # Chase Phillips <cphillip@ncsa.uiuc.edu> | |
701aa556 | 11 | # |
20d3226a | 12 | |
7e12c9a7 | 13 | # |
14 | # Get user's GPT_LOCATION since we may be installing this using a new(er) | |
15 | # version of GPT. | |
16 | # | |
17 | ||
18 | $gptpath = $ENV{GPT_LOCATION}; | |
19 | ||
20 | # | |
21 | # And the old standby.. | |
22 | # | |
23 | ||
4f276ad7 | 24 | $gpath = $ENV{GLOBUS_LOCATION}; |
ad71c979 | 25 | if (!defined($gpath)) |
26 | { | |
53a54c67 | 27 | die "GLOBUS_LOCATION needs to be set before running this script" |
ad71c979 | 28 | } |
29 | ||
30 | # | |
31 | # i'm including this because other perl scripts in the gpt setup directories | |
32 | # do so | |
33 | # | |
34 | ||
7e12c9a7 | 35 | if (defined($gptpath)) |
36 | { | |
37 | @INC = (@INC, "$gptpath/lib/perl", "$gpath/lib/perl"); | |
38 | } | |
39 | else | |
40 | { | |
41 | @INC = (@INC, "$gpath/lib/perl"); | |
42 | } | |
ad71c979 | 43 | |
4f276ad7 | 44 | require Grid::GPT::Setup; |
45 | ||
ad71c979 | 46 | my $globusdir = $gpath; |
47 | my $setupdir = "$globusdir/setup/globus"; | |
48 | my $myname = "setup-openssh.pl"; | |
49 | ||
20d3226a | 50 | # |
51 | # Set up path prefixes for use in the path translations | |
52 | # | |
53 | ||
d0a1bda7 | 54 | $prefix = ${globusdir}; |
55 | $exec_prefix = "${prefix}"; | |
56 | $bindir = "${exec_prefix}/bin"; | |
7c25a6d7 | 57 | $sbindir = "${exec_prefix}/sbin"; |
d0a1bda7 | 58 | $mandir = "${prefix}/man"; |
59 | $mansubdir = "man"; | |
60 | $libexecdir = "${exec_prefix}/libexec"; | |
1a1f62a4 | 61 | $sysconfdir = "/etc/ssh"; |
20d3226a | 62 | $piddir = "/var/run"; |
63 | $xauth_path = "/usr/bin/X11/xauth"; | |
64 | ||
e9ec5455 | 65 | # |
66 | # Backup-related variables | |
67 | # | |
68 | ||
69 | $curr_time = time(); | |
823981ba | 70 | $backupdir = "/etc/ssh/globus_backup_${curr_time}"; |
71 | ||
72 | # | |
73 | # Check that we are running as root | |
74 | # | |
75 | ||
76 | $uid = $>; | |
77 | ||
78 | if ($uid != 0) | |
79 | { | |
80 | print "--> NOTE: You must be root to run this script! <--\n"; | |
81 | exit 0; | |
82 | } | |
e9ec5455 | 83 | |
1a1f62a4 | 84 | # |
ac083f7a | 85 | # We need to make sure it's okay to copy our setup files (if some files are already |
86 | # present). If we do copy any files, we backup the old files so the user can (possibly) | |
87 | # reverse any damage. | |
1a1f62a4 | 88 | # |
89 | ||
e9ec5455 | 90 | sub test_dirs |
91 | { | |
823981ba | 92 | print "\nPreparatory: Checking for existence of critical directories..\n"; |
e9ec5455 | 93 | |
94 | # | |
95 | # Remember to put in check for /etc | |
96 | # | |
97 | ||
98 | # | |
99 | # Test for /etc/ssh | |
100 | # | |
101 | ||
823981ba | 102 | if ( ! -d "$sysconfdir" ) |
e9ec5455 | 103 | { |
823981ba | 104 | print "Could not find directory: '${sysconfdir}'.. creating.\n"; |
105 | mkdir($sysconfdir, 16877); | |
e9ec5455 | 106 | # 16877 should be 755, or drwxr-xr-x |
107 | } | |
108 | ||
109 | # | |
110 | # Test for /etc/ssh/globus_backup_<curr> | |
111 | # | |
112 | ||
823981ba | 113 | if ( ! -d "${backupdir}" ) |
e9ec5455 | 114 | { |
823981ba | 115 | print "Could not find directory: '${backupdir}'.. creating.\n"; |
116 | mkdir($backupdir, 16877); | |
e9ec5455 | 117 | } |
118 | ||
119 | return 0; | |
120 | } | |
121 | ||
823981ba | 122 | sub backup_files |
1a1f62a4 | 123 | { |
823981ba | 124 | print "\nStage 1: Backing up configuration files to '${backupdir}/'..\n"; |
1a1f62a4 | 125 | |
1a1f62a4 | 126 | if ( -e "${sysconfdir}/ssh_config" ) |
127 | { | |
823981ba | 128 | action("cp ${sysconfdir}/ssh_config ${backupdir}/ssh_config"); |
1a1f62a4 | 129 | } |
823981ba | 130 | else |
1a1f62a4 | 131 | { |
823981ba | 132 | print "${sysconfdir}/ssh_config does not exist.\n"; |
1a1f62a4 | 133 | } |
134 | ||
135 | if ( -e "${sysconfdir}/sshd_config" ) | |
136 | { | |
823981ba | 137 | action("cp ${sysconfdir}/sshd_config ${backupdir}/sshd_config"); |
1a1f62a4 | 138 | } |
823981ba | 139 | else |
1a1f62a4 | 140 | { |
823981ba | 141 | print "${sysconfdir}/sshd_config does not exist.\n"; |
1a1f62a4 | 142 | } |
ac083f7a | 143 | |
ac083f7a | 144 | if ( -e "${sysconfdir}/moduli" ) |
145 | { | |
823981ba | 146 | action("cp ${sysconfdir}/moduli ${backupdir}/moduli"); |
ac083f7a | 147 | } |
823981ba | 148 | else |
ac083f7a | 149 | { |
823981ba | 150 | print "${sysconfdir}/moduli does not exist.\n"; |
ac083f7a | 151 | } |
1a1f62a4 | 152 | } |
153 | ||
823981ba | 154 | sub copy_setup_files |
155 | { | |
156 | my $response; | |
157 | ||
158 | print "\nStage 2: Copying configuration files into '${sysconfdir}'..\n"; | |
159 | ||
160 | action("cp ${globusdir}/setup/globus/ssh_config ${sysconfdir}/ssh_config"); | |
161 | action("cp ${globusdir}/setup/globus/sshd_config ${sysconfdir}/sshd_config"); | |
162 | action("cp ${globusdir}/setup/globus/moduli ${sysconfdir}/moduli"); | |
163 | } | |
164 | ||
1a1f62a4 | 165 | sub runkeygen |
166 | { | |
823981ba | 167 | print "\nStage 3: Generating ssh host keys..\n"; |
e9ec5455 | 168 | |
1a1f62a4 | 169 | if ( ! -d "${sysconfdir}" ) |
170 | { | |
171 | print "Could not find ${sysconfdir} directory... creating\n"; | |
27b0f197 | 172 | mkdir($sysconfdir, 16877); |
173 | # 16877 should be 755, or drwxr-xr-x | |
1a1f62a4 | 174 | } |
175 | ||
1a1f62a4 | 176 | if ( -e "${sysconfdir}/ssh_host_key" ) |
177 | { | |
178 | print "${sysconfdir}/ssh_host_key already exists, skipping.\n"; | |
179 | } | |
180 | else | |
181 | { | |
182 | # if $sysconfdir/ssh_host_key doesn't exist.. | |
11b9a41c | 183 | action("$bindir/ssh-keygen -t rsa1 -f $sysconfdir/ssh_host_key -N \"\""); |
1a1f62a4 | 184 | } |
185 | ||
186 | if ( -e "${sysconfdir}/ssh_host_dsa_key" ) | |
187 | { | |
188 | print "${sysconfdir}/ssh_host_dsa_key already exists, skipping.\n"; | |
189 | } | |
190 | else | |
191 | { | |
192 | # if $sysconfdir/ssh_host_dsa_key doesn't exist.. | |
11b9a41c | 193 | action("$bindir/ssh-keygen -t dsa -f $sysconfdir/ssh_host_dsa_key -N \"\""); |
1a1f62a4 | 194 | } |
195 | ||
196 | if ( -e "${sysconfdir}/ssh_host_rsa_key" ) | |
197 | { | |
198 | print "${sysconfdir}/ssh_host_rsa_key already exists, skipping.\n"; | |
199 | } | |
200 | else | |
201 | { | |
202 | # if $sysconfdir/ssh_host_rsa_key doesn't exist.. | |
11b9a41c | 203 | action("$bindir/ssh-keygen -t rsa -f $sysconfdir/ssh_host_rsa_key -N \"\""); |
1a1f62a4 | 204 | } |
205 | ||
206 | return 0; | |
207 | } | |
208 | ||
20d3226a | 209 | sub fixpaths |
210 | { | |
7e12c9a7 | 211 | my $g, $h; |
823981ba | 212 | |
213 | print "\nStage 4: Translating strings in config and man files..\n"; | |
e9ec5455 | 214 | |
20d3226a | 215 | # |
216 | # Set up path translations for the installation files | |
217 | # | |
218 | ||
219 | %def = ( | |
220 | "/etc/ssh_config" => "${sysconfdir}/ssh_config", | |
221 | "/etc/ssh_known_hosts" => "${sysconfdir}/ssh_known_hosts", | |
222 | "/etc/sshd_config" => "${sysconfdir}/sshd_config", | |
223 | "/usr/libexec" => "${libexecdir}", | |
224 | "/etc/shosts.equiv" => "${sysconfdir}/shosts.equiv", | |
225 | "/etc/ssh_host_key" => "${sysconfdir}/ssh_host_key", | |
226 | "/etc/ssh_host_dsa_key" => "${sysconfdir}/ssh_host_dsa_key", | |
227 | "/etc/ssh_host_rsa_key" => "${sysconfdir}/ssh_host_rsa_key", | |
228 | "/var/run/sshd.pid" => "${piddir}/sshd.pid", | |
229 | "/etc/moduli" => "${sysconfdir}/moduli", | |
230 | "/etc/sshrc" => "${sysconfdir}/sshrc", | |
231 | "/usr/X11R6/bin/xauth" => "${xauth_path}", | |
232 | "/usr/bin:/bin:/usr/sbin:/sbin" => "/usr/bin:/bin:/usr/sbin:/sbin:${bindir}", | |
233 | ); | |
234 | ||
20d3226a | 235 | # |
236 | # Files on which to perform path translations | |
237 | # | |
238 | ||
bc2fc8e1 | 239 | @files = ( |
de6311a1 | 240 | "${sysconfdir}/ssh_config", |
241 | "${sysconfdir}/sshd_config", | |
242 | "${sysconfdir}/moduli", | |
243 | "${mandir}/${mansubdir}1/scp.1", | |
244 | "${mandir}/${mansubdir}1/ssh-add.1", | |
245 | "${mandir}/${mansubdir}1/ssh-agent.1", | |
246 | "${mandir}/${mansubdir}1/ssh-keygen.1", | |
247 | "${mandir}/${mansubdir}1/ssh-keyscan.1", | |
248 | "${mandir}/${mansubdir}1/ssh.1", | |
249 | "${mandir}/${mansubdir}8/sshd.8", | |
250 | "${mandir}/${mansubdir}8/sftp-server.8", | |
251 | "${mandir}/${mansubdir}1/sftp.1", | |
20d3226a | 252 | ); |
253 | ||
bc2fc8e1 | 254 | for my $f (@files) |
20d3226a | 255 | { |
256 | $f =~ /(.*\/)*(.*)$/; | |
7536fc6f | 257 | |
258 | # | |
259 | # we really should create a random filename and make sure that it | |
260 | # doesn't already exist (based off current time_t or something) | |
261 | # | |
262 | ||
d0a1bda7 | 263 | $g = "$f.tmp"; |
20d3226a | 264 | |
7e12c9a7 | 265 | # |
266 | # What is $f's filename? (taken from the qualified path) | |
267 | # | |
268 | ||
269 | $h = $f; | |
270 | $h =~ s#^.*/##; | |
271 | ||
7536fc6f | 272 | # |
273 | # Grab the current mode/uid/gid for use later | |
274 | # | |
275 | ||
276 | $mode = (stat($f))[2]; | |
277 | $uid = (stat($f))[4]; | |
278 | $gid = (stat($f))[5]; | |
279 | ||
7c96a399 | 280 | # |
281 | # Move $f into a .tmp file for the translation step | |
282 | # | |
20d3226a | 283 | |
7c96a399 | 284 | $result = system("mv $f $g 2>&1"); |
285 | if ($result or $?) | |
e9ec5455 | 286 | { |
7c96a399 | 287 | die "ERROR: Unable to execute command: $!\n"; |
288 | } | |
289 | ||
d0a1bda7 | 290 | open(IN, "<$g") || die ("$0: input file $g missing!\n"); |
291 | open(OUT, ">$f") || die ("$0: unable to open output file $f!\n"); | |
292 | ||
293 | while (<IN>) | |
294 | { | |
295 | for $s (keys(%def)) | |
20d3226a | 296 | { |
d0a1bda7 | 297 | s#$s#$def{$s}#; |
298 | } # for $s | |
299 | print OUT "$_"; | |
300 | } # while <IN> | |
20d3226a | 301 | |
d0a1bda7 | 302 | close(OUT); |
20d3226a | 303 | close(IN); |
d0a1bda7 | 304 | |
7c96a399 | 305 | # |
306 | # Remove the old .tmp file | |
307 | # | |
308 | ||
309 | $result = system("rm $g 2>&1"); | |
310 | ||
311 | if ($result or $?) | |
312 | { | |
313 | die "ERROR: Unable to execute command: $!\n"; | |
314 | } | |
7536fc6f | 315 | |
316 | # | |
317 | # An attempt to revert the new file back to the original file's | |
318 | # mode/uid/gid | |
319 | # | |
320 | ||
321 | chmod($mode, $f); | |
322 | chown($uid, $gid, $f); | |
7e12c9a7 | 323 | |
324 | print "$h\n"; | |
20d3226a | 325 | } # for $f |
326 | ||
327 | return 0; | |
328 | } | |
329 | ||
7d7b4cd9 | 330 | print "---------------------------------------------------------------\n"; |
823981ba | 331 | print "$myname: Configuring package gsi_openssh..\n"; |
8570e631 | 332 | print "\n"; |
823981ba | 333 | print "Hi, I'm the setup script for the gsi_openssh package! There\n"; |
334 | print "are some last minute details that I've got to set straight\n"; | |
335 | print "in the config and man files, along with generating the ssh keys\n"; | |
336 | print "for this machine (if it doesn't already have them).\n"; | |
337 | print "\n"; | |
99d7609c | 338 | print "I like to install my config-related files in:\n"; |
4a314dfa | 339 | print " ${sysconfdir}/\n"; |
7e12c9a7 | 340 | print "\n"; |
341 | print "These files may overwrite your previously existing configuration\n"; | |
342 | print "files. If you choose to continue, you will find a backup of\n"; | |
343 | print "those original files in:\n"; | |
823981ba | 344 | print " ${backupdir}/\n"; |
345 | print "\n"; | |
346 | print "Your host keys will remain untouched if they are already present.\n"; | |
347 | print "If they aren't present, this script will generate them for you.\n"; | |
348 | print "\n"; | |
349 | ||
350 | $response = query_boolean("Do you wish to continue with the setup package?","y"); | |
351 | ||
e9d69a89 | 352 | if ($response eq "n") |
823981ba | 353 | { |
354 | print "\n"; | |
355 | print "Okay.. exiting gsi_openssh setup.\n"; | |
356 | ||
357 | exit 0; | |
358 | } | |
e9ec5455 | 359 | |
360 | test_dirs(); | |
823981ba | 361 | backup_files(); |
11b9a41c | 362 | copy_setup_files(); |
1a1f62a4 | 363 | runkeygen(); |
11b9a41c | 364 | fixpaths(); |
ad71c979 | 365 | |
472ec086 | 366 | my $metadata = new Grid::GPT::Setup(package_name => "gsi_openssh_setup"); |
4f276ad7 | 367 | |
53a54c67 | 368 | $metadata->finish(); |
9ef2f439 | 369 | |
8570e631 | 370 | print "\n"; |
9ef2f439 | 371 | print "$myname: Finished configuring package 'gsi_openssh'.\n"; |
b0441584 | 372 | print "\n"; |
373 | print "I see that you have your GLOBUS_LOCATION environmental variable\n"; | |
374 | print "set to:\n"; | |
375 | print " $gpath\n"; | |
376 | print "\n"; | |
377 | print "Remember to keep this variable set (correctly) when you want\n"; | |
378 | print "to use the executables that came with this package.\n"; | |
7d7b4cd9 | 379 | print "---------------------------------------------------------------\n"; |
ac083f7a | 380 | |
381 | # | |
382 | # Just need a minimal action() subroutine for now.. | |
383 | # | |
384 | ||
385 | sub action | |
386 | { | |
387 | my ($command) = @_; | |
388 | ||
389 | printf "$command\n"; | |
390 | ||
391 | my $result = system("$command 2>&1"); | |
392 | ||
393 | if (($result or $?) and $command !~ m!patch!) | |
394 | { | |
395 | die "ERROR: Unable to execute command: $!\n"; | |
396 | } | |
397 | } | |
398 | ||
399 | sub query_boolean | |
400 | { | |
401 | my ($query_text, $default) = @_; | |
402 | my $nondefault, $foo, $bar; | |
403 | ||
404 | # | |
405 | # Set $nondefault to the boolean opposite of $default. | |
406 | # | |
407 | ||
408 | if ($default eq "n") | |
409 | { | |
410 | $nondefault = "y"; | |
411 | } | |
412 | else | |
413 | { | |
414 | $nondefault = "n"; | |
415 | } | |
416 | ||
417 | print "${query_text} "; | |
418 | print "[$default] "; | |
419 | ||
e9ec5455 | 420 | $foo = <STDIN>; |
421 | ($bar) = split //, $foo; | |
422 | ||
e9d69a89 | 423 | if ( grep(/\s/, $bar) ) |
ac083f7a | 424 | { |
e9d69a89 | 425 | # this is debatable. all whitespace means 'default' |
426 | ||
427 | $bar = $default; | |
428 | } | |
429 | elsif ($bar ne $default) | |
430 | { | |
431 | # everything else means 'nondefault'. | |
432 | ||
433 | $bar = $nondefault; | |
434 | } | |
435 | else | |
436 | { | |
437 | # extraneous step. to get here, $bar should be eq to $default anyway. | |
438 | ||
e9ec5455 | 439 | $bar = $default; |
ac083f7a | 440 | } |
441 | ||
e9ec5455 | 442 | return $bar; |
ac083f7a | 443 | } |