5 # Adapts the installed gsi-openssh environment to the current machine,
6 # performing actions that originally occurred during the package's
7 # 'make install' phase.
9 # Send comments/fixes/suggestions to:
10 # Chase Phillips <cphillip@ncsa.uiuc.edu>
13 printf("setup-openssh.pl: Configuring gsi-openssh package\n");
16 # Get user's GPT_LOCATION since we may be installing this using a new(er)
20 $gptpath = $ENV{GPT_LOCATION};
23 # And the old standby..
26 $gpath = $ENV{GLOBUS_LOCATION};
29 die "GLOBUS_LOCATION needs to be set before running this script"
33 # modify the ld library path for when we call ssh executables
36 $oldldpath = $ENV{LD_LIBRARY_PATH};
37 $newldpath = "$gpath/lib";
38 if (length($oldldpath) > 0)
40 $newldpath .= ":$oldldpath";
42 $ENV{LD_LIBRARY_PATH} = "$newldpath";
45 # i'm including this because other perl scripts in the gpt setup directories
49 if (defined($gptpath))
51 @INC = (@INC, "$gptpath/lib/perl", "$gpath/lib/perl");
55 @INC = (@INC, "$gpath/lib/perl");
58 require Grid::GPT::Setup;
60 my $globusdir = $gpath;
61 my $myname = "setup-openssh.pl";
64 # Set up path prefixes for use in the path translations
67 $prefix = ${globusdir};
68 $exec_prefix = "${prefix}";
69 $bindir = "${exec_prefix}/bin";
70 $sbindir = "${exec_prefix}/sbin";
71 $sysconfdir = "$prefix/etc/ssh";
72 $localsshdir = "/etc/ssh";
73 $setupdir = "$prefix/setup/gsi_openssh_setup";
76 "dsa" => "ssh_host_dsa_key",
77 "rsa" => "ssh_host_rsa_key",
78 "rsa1" => "ssh_host_key",
84 my($regex, $basename);
88 print "Copying ssh host keys...\n";
90 for my $f (@$copylist)
97 $pubkeyfile = "$f.pub";
99 action("cp $localsshdir/$keyfile $sysconfdir/$keyfile");
100 action("cp $localsshdir/$pubkeyfile $sysconfdir/$pubkeyfile");
110 if ( ( -e $file ) && ( -r $file ) )
136 my($keyhash, $keylist);
140 # initialize our variables
146 $keyhash->{gen} = []; # a list of keytypes to generate
147 $keyhash->{copy} = []; # a list of files to copy from the
149 $genlist = $keyhash->{gen};
150 $copylist = $keyhash->{copy};
153 # loop over our keytypes and determine what we need to do for each of them
156 for my $keytype (keys %$keyfiles)
158 $basekeyfile = $keyfiles->{$keytype};
161 # if the key's are already present, we don't need to bother with this rigamarole
164 $gkeyfile = "$sysconfdir/$basekeyfile";
165 $gpubkeyfile = "$sysconfdir/$basekeyfile.pub";
167 if ( isPresent($gkeyfile) && isPresent($gpubkeyfile) )
173 # if we can find a copy of the keys in /etc/ssh, we'll copy them to the user's
177 $mainkeyfile = "$localsshdir/$basekeyfile";
178 $mainpubkeyfile = "$localsshdir/$basekeyfile.pub";
180 if ( isReadable($mainkeyfile) && isReadable($mainpubkeyfile) )
182 push(@$copylist, $basekeyfile);
188 # otherwise, we need to generate the key
191 push(@$genlist, $keytype);
197 if ( ! -d $sysconfdir )
199 print "Could not find ${sysconfdir} directory... creating\n";
200 action("mkdir -p $sysconfdir");
210 my $keygen = "$bindir/ssh-keygen";
212 if (@$gen_keys && -x $keygen)
214 print "Generating ssh host keys...\n";
216 for my $k (@$gen_keys)
218 $keyfile = $keyfiles->{$k};
220 # if $sysconfdir/$keyfile doesn't exist..
221 action("$bindir/ssh-keygen -t $k -f $sysconfdir/$keyfile -N \"\"");
230 # this subroutine 'edits' the paths in sshd_config to suit them to the current environment
231 # in which the setup script is being run.
236 my($fileInput, $fileOutput);
237 my($mode, $uid, $gid);
240 print "Fixing paths in sshd_config...\n";
242 $fileInput = "$setupdir/sshd_config.in";
243 $fileOutput = "$sysconfdir/sshd_config";
245 if ( ! -f "$fileInput" )
247 printf("Cannot find $fileInput!\n");
251 if ( -e "$fileOutput" )
253 printf("$fileOutput already exists!\n");
258 # Grab the current mode/uid/gid for use later
261 $mode = (stat($fileInput))[2];
262 $uid = (stat($fileInput))[4];
263 $gid = (stat($fileInput))[5];
266 # Open the files for reading and writing, and loop over the input's contents
269 open(IN, "<$fileInput") || die ("$0: input file $fileInput missing!\n");
270 open(OUT, ">$fileOutput") || die ("$0: unable to open output file $fileOutput!\n");
275 # sorry for the whacky regex, but i need to verify a whole line
279 if ( $line =~ /^\s*Subsystem\s+sftp\s+\S+\s*$/ )
281 $newline = "Subsystem\tsftp\t$gpath/libexec/sftp-server\n";
282 $newline =~ s:/+:/:g;
284 elsif ( $line =~ /^\s*PidFile.*$/ )
286 $newline = "PidFile\t$gpath/var/sshd.pid\n";
287 $newline =~ s:/+:/:g;
294 print OUT "$newline";
301 # An attempt to revert the new file back to the original file's
305 chmod($mode, $fileOutput);
306 chown($uid, $gid, $fileOutput);
311 ### copyConfigFiles( )
313 # subroutine that copies some extra config files to their proper location in
314 # $GLOBUS_LOCATION/etc/ssh.
319 print "Copying ssh_config and moduli to their proper location...\n";
321 action("cp $setupdir/ssh_config $sysconfdir/ssh_config");
322 action("cp $setupdir/moduli $sysconfdir/moduli");
325 sub alterFileGlobusLocation
331 if ( ( -w $out ) || ( ! -e $out ) )
333 $data = readFile($in);
334 $data =~ s|\@GLOBUS_LOCATION\@|$gpath|g;
335 writeFile($out, $data);
336 action("chmod 755 $out");
343 alterFileGlobusLocation("$setupdir/SXXsshd.in", "$sbindir/SXXsshd");
346 ### readFile( $filename )
348 # reads and returns $filename's contents
356 open (IN, "$filename") || die "Can't open '$filename': $!";
365 ### writeFile( $filename, $fileinput )
367 # create the inputs to the ssl program at $filename, appending the common name to the
368 # stream in the process
373 my ($filename, $fileinput) = @_;
376 # test for a valid $filename
379 if ( !defined($filename) || (length($filename) lt 1) )
381 die "Filename is undefined";
384 if ( ( -e "$filename" ) && ( ! -w "$filename" ) )
386 die "Cannot write to filename '$filename'";
390 # write the output to $filename
393 open(OUT, ">$filename");
394 print OUT "$fileinput";
398 print "---------------------------------------------------------------------\n";
399 print "Hi, I'm the setup script for the gsi_openssh package! There\n";
400 print "are some last minute details that I've got to set straight\n";
401 print "in the sshd config file, along with generating the ssh keys\n";
402 print "for this machine (if it doesn't already have them).\n";
404 print "If I find a pair of host keys in /etc/ssh, I will copy them into\n";
405 print "\$GLOBUS_LOCATION/etc/ssh. If they aren't present, I will generate\n";
406 print "them for you.\n";
409 $response = query_boolean("Do you wish to continue with the setup package?","y");
410 if ($response eq "n")
413 print "Okay.. exiting gsi_openssh setup.\n";
420 $keyhash = determineKeys();
421 runKeyGen($keyhash->{gen});
422 copyKeyFiles($keyhash->{copy});
427 my $metadata = new Grid::GPT::Setup(package_name => "gsi_openssh_setup");
432 print "Additional Notes:\n";
434 print " o I see that you have your GLOBUS_LOCATION environmental variable\n";
437 print " \t\"$gpath\"\n";
439 print " Remember to keep this variable set (correctly) when you want to\n";
440 print " use the executables that came with this package.\n";
442 print " After that you may run, e.g.:\n";
444 print " \t\$ . \$GLOBUS_LOCATION/etc/globus-user-env.sh\n";
446 print " to prepare your environment for running the gsi_openssh\n";
447 print " executables.\n";
449 print "---------------------------------------------------------------------\n";
450 print "$myname: Finished configuring package 'gsi_openssh'.\n";
453 # Just need a minimal action() subroutine for now..
462 my $result = system("LD_LIBRARY_PATH=\"$gpath/lib:\$LD_LIBRARY_PATH\"; $command 2>&1");
464 if (($result or $?) and $command !~ m!patch!)
466 die "ERROR: Unable to execute command: $!\n";
472 my ($query_text, $default) = @_;
473 my $nondefault, $foo, $bar;
476 # Set $nondefault to the boolean opposite of $default.
488 print "${query_text} ";
492 ($bar) = split //, $foo;
494 if ( grep(/\s/, $bar) )
496 # this is debatable. all whitespace means 'default'
500 elsif ($bar ne $default)
502 # everything else means 'nondefault'.
508 # extraneous step. to get here, $bar should be eq to $default anyway.