]>
Commit | Line | Data |
---|---|---|
20d3226a | 1 | # |
1eab725d | 2 | # setup-openssh.pl: |
3 | # Adapts the installed gsi-ssh environment to the current machine, | |
4 | # performing actions that originally occurred during the package's | |
5 | # 'make install' phase. | |
701aa556 | 6 | # |
1eab725d | 7 | # Large parts adapted from 'fixpath', a tool found in openssh-3.0.2p1. |
8 | # | |
9 | # Send comments/fixes/suggestions to: | |
10 | # Chase Phillips <cphillip@ncsa.uiuc.edu> | |
701aa556 | 11 | # |
20d3226a | 12 | |
4f276ad7 | 13 | $gpath = $ENV{GLOBUS_LOCATION}; |
ad71c979 | 14 | if (!defined($gpath)) |
15 | { | |
53a54c67 | 16 | die "GLOBUS_LOCATION needs to be set before running this script" |
ad71c979 | 17 | } |
18 | ||
19 | # | |
20 | # i'm including this because other perl scripts in the gpt setup directories | |
21 | # do so | |
22 | # | |
23 | ||
24 | @INC = (@INC, "$gpath/lib/perl"); | |
25 | ||
4f276ad7 | 26 | require Grid::GPT::Setup; |
27 | ||
ad71c979 | 28 | my $globusdir = $gpath; |
29 | my $setupdir = "$globusdir/setup/globus"; | |
30 | my $myname = "setup-openssh.pl"; | |
31 | ||
20d3226a | 32 | # |
33 | # Set up path prefixes for use in the path translations | |
34 | # | |
35 | ||
d0a1bda7 | 36 | $prefix = ${globusdir}; |
37 | $exec_prefix = "${prefix}"; | |
38 | $bindir = "${exec_prefix}/bin"; | |
7c25a6d7 | 39 | $sbindir = "${exec_prefix}/sbin"; |
d0a1bda7 | 40 | $mandir = "${prefix}/man"; |
41 | $mansubdir = "man"; | |
42 | $libexecdir = "${exec_prefix}/libexec"; | |
1a1f62a4 | 43 | $sysconfdir = "/etc/ssh"; |
20d3226a | 44 | $piddir = "/var/run"; |
45 | $xauth_path = "/usr/bin/X11/xauth"; | |
46 | ||
e9ec5455 | 47 | # |
48 | # Backup-related variables | |
49 | # | |
50 | ||
51 | $curr_time = time(); | |
823981ba | 52 | $backupdir = "/etc/ssh/globus_backup_${curr_time}"; |
53 | ||
54 | # | |
55 | # Check that we are running as root | |
56 | # | |
57 | ||
58 | $uid = $>; | |
59 | ||
60 | if ($uid != 0) | |
61 | { | |
62 | print "--> NOTE: You must be root to run this script! <--\n"; | |
63 | exit 0; | |
64 | } | |
e9ec5455 | 65 | |
1a1f62a4 | 66 | # |
ac083f7a | 67 | # We need to make sure it's okay to copy our setup files (if some files are already |
68 | # present). If we do copy any files, we backup the old files so the user can (possibly) | |
69 | # reverse any damage. | |
1a1f62a4 | 70 | # |
71 | ||
e9ec5455 | 72 | sub test_dirs |
73 | { | |
823981ba | 74 | print "\nPreparatory: Checking for existence of critical directories..\n"; |
e9ec5455 | 75 | |
76 | # | |
77 | # Remember to put in check for /etc | |
78 | # | |
79 | ||
80 | # | |
81 | # Test for /etc/ssh | |
82 | # | |
83 | ||
823981ba | 84 | if ( ! -d "$sysconfdir" ) |
e9ec5455 | 85 | { |
823981ba | 86 | print "Could not find directory: '${sysconfdir}'.. creating.\n"; |
87 | mkdir($sysconfdir, 16877); | |
e9ec5455 | 88 | # 16877 should be 755, or drwxr-xr-x |
89 | } | |
90 | ||
91 | # | |
92 | # Test for /etc/ssh/globus_backup_<curr> | |
93 | # | |
94 | ||
823981ba | 95 | if ( ! -d "${backupdir}" ) |
e9ec5455 | 96 | { |
823981ba | 97 | print "Could not find directory: '${backupdir}'.. creating.\n"; |
98 | mkdir($backupdir, 16877); | |
e9ec5455 | 99 | } |
100 | ||
101 | return 0; | |
102 | } | |
103 | ||
823981ba | 104 | sub backup_files |
1a1f62a4 | 105 | { |
823981ba | 106 | print "\nStage 1: Backing up configuration files to '${backupdir}/'..\n"; |
1a1f62a4 | 107 | |
1a1f62a4 | 108 | if ( -e "${sysconfdir}/ssh_config" ) |
109 | { | |
823981ba | 110 | action("cp ${sysconfdir}/ssh_config ${backupdir}/ssh_config"); |
1a1f62a4 | 111 | } |
823981ba | 112 | else |
1a1f62a4 | 113 | { |
823981ba | 114 | print "${sysconfdir}/ssh_config does not exist.\n"; |
1a1f62a4 | 115 | } |
116 | ||
117 | if ( -e "${sysconfdir}/sshd_config" ) | |
118 | { | |
823981ba | 119 | action("cp ${sysconfdir}/sshd_config ${backupdir}/sshd_config"); |
1a1f62a4 | 120 | } |
823981ba | 121 | else |
1a1f62a4 | 122 | { |
823981ba | 123 | print "${sysconfdir}/sshd_config does not exist.\n"; |
1a1f62a4 | 124 | } |
ac083f7a | 125 | |
ac083f7a | 126 | if ( -e "${sysconfdir}/moduli" ) |
127 | { | |
823981ba | 128 | action("cp ${sysconfdir}/moduli ${backupdir}/moduli"); |
ac083f7a | 129 | } |
823981ba | 130 | else |
ac083f7a | 131 | { |
823981ba | 132 | print "${sysconfdir}/moduli does not exist.\n"; |
ac083f7a | 133 | } |
1a1f62a4 | 134 | } |
135 | ||
823981ba | 136 | sub copy_setup_files |
137 | { | |
138 | my $response; | |
139 | ||
140 | print "\nStage 2: Copying configuration files into '${sysconfdir}'..\n"; | |
141 | ||
142 | action("cp ${globusdir}/setup/globus/ssh_config ${sysconfdir}/ssh_config"); | |
143 | action("cp ${globusdir}/setup/globus/sshd_config ${sysconfdir}/sshd_config"); | |
144 | action("cp ${globusdir}/setup/globus/moduli ${sysconfdir}/moduli"); | |
145 | } | |
146 | ||
1a1f62a4 | 147 | sub runkeygen |
148 | { | |
823981ba | 149 | print "\nStage 3: Generating ssh host keys..\n"; |
e9ec5455 | 150 | |
1a1f62a4 | 151 | if ( ! -d "${sysconfdir}" ) |
152 | { | |
153 | print "Could not find ${sysconfdir} directory... creating\n"; | |
27b0f197 | 154 | mkdir($sysconfdir, 16877); |
155 | # 16877 should be 755, or drwxr-xr-x | |
1a1f62a4 | 156 | } |
157 | ||
1a1f62a4 | 158 | if ( -e "${sysconfdir}/ssh_host_key" ) |
159 | { | |
160 | print "${sysconfdir}/ssh_host_key already exists, skipping.\n"; | |
161 | } | |
162 | else | |
163 | { | |
164 | # if $sysconfdir/ssh_host_key doesn't exist.. | |
11b9a41c | 165 | action("$bindir/ssh-keygen -t rsa1 -f $sysconfdir/ssh_host_key -N \"\""); |
1a1f62a4 | 166 | } |
167 | ||
168 | if ( -e "${sysconfdir}/ssh_host_dsa_key" ) | |
169 | { | |
170 | print "${sysconfdir}/ssh_host_dsa_key already exists, skipping.\n"; | |
171 | } | |
172 | else | |
173 | { | |
174 | # if $sysconfdir/ssh_host_dsa_key doesn't exist.. | |
11b9a41c | 175 | action("$bindir/ssh-keygen -t dsa -f $sysconfdir/ssh_host_dsa_key -N \"\""); |
1a1f62a4 | 176 | } |
177 | ||
178 | if ( -e "${sysconfdir}/ssh_host_rsa_key" ) | |
179 | { | |
180 | print "${sysconfdir}/ssh_host_rsa_key already exists, skipping.\n"; | |
181 | } | |
182 | else | |
183 | { | |
184 | # if $sysconfdir/ssh_host_rsa_key doesn't exist.. | |
11b9a41c | 185 | action("$bindir/ssh-keygen -t rsa -f $sysconfdir/ssh_host_rsa_key -N \"\""); |
1a1f62a4 | 186 | } |
187 | ||
188 | return 0; | |
189 | } | |
190 | ||
20d3226a | 191 | sub fixpaths |
192 | { | |
823981ba | 193 | my $g; |
194 | ||
195 | print "\nStage 4: Translating strings in config and man files..\n"; | |
e9ec5455 | 196 | |
20d3226a | 197 | # |
198 | # Set up path translations for the installation files | |
199 | # | |
200 | ||
201 | %def = ( | |
202 | "/etc/ssh_config" => "${sysconfdir}/ssh_config", | |
203 | "/etc/ssh_known_hosts" => "${sysconfdir}/ssh_known_hosts", | |
204 | "/etc/sshd_config" => "${sysconfdir}/sshd_config", | |
205 | "/usr/libexec" => "${libexecdir}", | |
206 | "/etc/shosts.equiv" => "${sysconfdir}/shosts.equiv", | |
207 | "/etc/ssh_host_key" => "${sysconfdir}/ssh_host_key", | |
208 | "/etc/ssh_host_dsa_key" => "${sysconfdir}/ssh_host_dsa_key", | |
209 | "/etc/ssh_host_rsa_key" => "${sysconfdir}/ssh_host_rsa_key", | |
210 | "/var/run/sshd.pid" => "${piddir}/sshd.pid", | |
211 | "/etc/moduli" => "${sysconfdir}/moduli", | |
212 | "/etc/sshrc" => "${sysconfdir}/sshrc", | |
213 | "/usr/X11R6/bin/xauth" => "${xauth_path}", | |
214 | "/usr/bin:/bin:/usr/sbin:/sbin" => "/usr/bin:/bin:/usr/sbin:/sbin:${bindir}", | |
215 | ); | |
216 | ||
20d3226a | 217 | # |
218 | # Files on which to perform path translations | |
219 | # | |
220 | ||
bc2fc8e1 | 221 | @files = ( |
823981ba | 222 | "${sysconfdir}/ssh_config" => 0, |
223 | "${sysconfdir}/sshd_config" => 0, | |
224 | "${sysconfdir}/moduli" => 0, | |
11b9a41c | 225 | "${mandir}/${mansubdir}1/scp.1" => 0, |
226 | "${mandir}/${mansubdir}1/ssh-add.1" => 0, | |
227 | "${mandir}/${mansubdir}1/ssh-agent.1" => 0, | |
228 | "${mandir}/${mansubdir}1/ssh-keygen.1" => 0, | |
229 | "${mandir}/${mansubdir}1/ssh-keyscan.1" => 0, | |
230 | "${mandir}/${mansubdir}1/ssh.1" => 0, | |
231 | "${mandir}/${mansubdir}8/sshd.8" => 0, | |
232 | "${mandir}/${mansubdir}8/sftp-server.8" => 0, | |
233 | "${mandir}/${mansubdir}1/sftp.1" => 0, | |
20d3226a | 234 | ); |
235 | ||
bc2fc8e1 | 236 | for my $f (@files) |
20d3226a | 237 | { |
238 | $f =~ /(.*\/)*(.*)$/; | |
7536fc6f | 239 | |
240 | # | |
241 | # we really should create a random filename and make sure that it | |
242 | # doesn't already exist (based off current time_t or something) | |
243 | # | |
244 | ||
d0a1bda7 | 245 | $g = "$f.tmp"; |
20d3226a | 246 | |
7536fc6f | 247 | # |
248 | # Grab the current mode/uid/gid for use later | |
249 | # | |
250 | ||
251 | $mode = (stat($f))[2]; | |
252 | $uid = (stat($f))[4]; | |
253 | $gid = (stat($f))[5]; | |
254 | ||
7c96a399 | 255 | # |
256 | # Move $f into a .tmp file for the translation step | |
257 | # | |
20d3226a | 258 | |
7c96a399 | 259 | $result = system("mv $f $g 2>&1"); |
260 | if ($result or $?) | |
e9ec5455 | 261 | { |
7c96a399 | 262 | die "ERROR: Unable to execute command: $!\n"; |
263 | } | |
264 | ||
d0a1bda7 | 265 | open(IN, "<$g") || die ("$0: input file $g missing!\n"); |
266 | open(OUT, ">$f") || die ("$0: unable to open output file $f!\n"); | |
267 | ||
268 | while (<IN>) | |
269 | { | |
270 | for $s (keys(%def)) | |
20d3226a | 271 | { |
d0a1bda7 | 272 | s#$s#$def{$s}#; |
273 | } # for $s | |
274 | print OUT "$_"; | |
275 | } # while <IN> | |
20d3226a | 276 | |
d0a1bda7 | 277 | close(OUT); |
20d3226a | 278 | close(IN); |
d0a1bda7 | 279 | |
7c96a399 | 280 | # |
281 | # Remove the old .tmp file | |
282 | # | |
283 | ||
284 | $result = system("rm $g 2>&1"); | |
285 | ||
286 | if ($result or $?) | |
287 | { | |
288 | die "ERROR: Unable to execute command: $!\n"; | |
289 | } | |
7536fc6f | 290 | |
291 | # | |
292 | # An attempt to revert the new file back to the original file's | |
293 | # mode/uid/gid | |
294 | # | |
295 | ||
296 | chmod($mode, $f); | |
297 | chown($uid, $gid, $f); | |
20d3226a | 298 | } # for $f |
299 | ||
300 | return 0; | |
301 | } | |
302 | ||
7d7b4cd9 | 303 | print "---------------------------------------------------------------\n"; |
823981ba | 304 | print "$myname: Configuring package gsi_openssh..\n"; |
8570e631 | 305 | print "\n"; |
823981ba | 306 | print "Hi, I'm the setup script for the gsi_openssh package! There\n"; |
307 | print "are some last minute details that I've got to set straight\n"; | |
308 | print "in the config and man files, along with generating the ssh keys\n"; | |
309 | print "for this machine (if it doesn't already have them).\n"; | |
310 | print "\n"; | |
99d7609c | 311 | print "I like to install my config-related files in:\n"; |
823981ba | 312 | print " ${sysconfdir}\n"; |
313 | print "and, if you choose to continue, you will find a backup of the\n"; | |
314 | print "original files in:\n"; | |
315 | print " ${backupdir}/\n"; | |
316 | print "\n"; | |
317 | print "Your host keys will remain untouched if they are already present.\n"; | |
318 | print "If they aren't present, this script will generate them for you.\n"; | |
319 | print "\n"; | |
320 | ||
321 | $response = query_boolean("Do you wish to continue with the setup package?","y"); | |
322 | ||
323 | if ($response eq "n") | |
324 | { | |
325 | print "\n"; | |
326 | print "Okay.. exiting gsi_openssh setup.\n"; | |
327 | ||
328 | exit 0; | |
329 | } | |
e9ec5455 | 330 | |
331 | test_dirs(); | |
823981ba | 332 | backup_files(); |
11b9a41c | 333 | copy_setup_files(); |
1a1f62a4 | 334 | runkeygen(); |
11b9a41c | 335 | fixpaths(); |
ad71c979 | 336 | |
472ec086 | 337 | my $metadata = new Grid::GPT::Setup(package_name => "gsi_openssh_setup"); |
4f276ad7 | 338 | |
53a54c67 | 339 | $metadata->finish(); |
9ef2f439 | 340 | |
8570e631 | 341 | print "\n"; |
9ef2f439 | 342 | print "$myname: Finished configuring package 'gsi_openssh'.\n"; |
b0441584 | 343 | print "\n"; |
344 | print "I see that you have your GLOBUS_LOCATION environmental variable\n"; | |
345 | print "set to:\n"; | |
346 | print " $gpath\n"; | |
347 | print "\n"; | |
348 | print "Remember to keep this variable set (correctly) when you want\n"; | |
349 | print "to use the executables that came with this package.\n"; | |
7d7b4cd9 | 350 | print "---------------------------------------------------------------\n"; |
ac083f7a | 351 | |
352 | # | |
353 | # Just need a minimal action() subroutine for now.. | |
354 | # | |
355 | ||
356 | sub action | |
357 | { | |
358 | my ($command) = @_; | |
359 | ||
360 | printf "$command\n"; | |
361 | ||
362 | my $result = system("$command 2>&1"); | |
363 | ||
364 | if (($result or $?) and $command !~ m!patch!) | |
365 | { | |
366 | die "ERROR: Unable to execute command: $!\n"; | |
367 | } | |
368 | } | |
369 | ||
370 | sub query_boolean | |
371 | { | |
372 | my ($query_text, $default) = @_; | |
373 | my $nondefault, $foo, $bar; | |
374 | ||
375 | # | |
376 | # Set $nondefault to the boolean opposite of $default. | |
377 | # | |
378 | ||
379 | if ($default eq "n") | |
380 | { | |
381 | $nondefault = "y"; | |
382 | } | |
383 | else | |
384 | { | |
385 | $nondefault = "n"; | |
386 | } | |
387 | ||
388 | print "${query_text} "; | |
389 | print "[$default] "; | |
390 | ||
e9ec5455 | 391 | $foo = <STDIN>; |
392 | ($bar) = split //, $foo; | |
393 | ||
e9ec5455 | 394 | if ($bar ne $nondefault) |
ac083f7a | 395 | { |
e9ec5455 | 396 | $bar = $default; |
ac083f7a | 397 | } |
398 | ||
e9ec5455 | 399 | return $bar; |
ac083f7a | 400 | } |
401 |