5 # Adapts the installed gsi-openssh environment to the current machine,
6 # performing actions that originally occurred during the package's
7 # 'make install' phase.
9 # Send comments/fixes/suggestions to:
10 # Chase Phillips <cphillip@ncsa.uiuc.edu>
13 printf("setup-openssh.pl: Configuring gsi-openssh package\n");
16 # Get user's GPT_LOCATION since we may be installing this using a new(er)
20 $gptpath = $ENV{GPT_LOCATION};
23 # And the old standby..
26 $gpath = $ENV{GLOBUS_LOCATION};
29 die "GLOBUS_LOCATION needs to be set before running this script"
33 # modify the ld library path for when we call ssh executables
36 $oldldpath = $ENV{LD_LIBRARY_PATH};
37 $newldpath = "$gpath/lib";
38 if (length($oldldpath) > 0)
40 $newldpath .= ":$oldldpath";
42 $ENV{LD_LIBRARY_PATH} = "$newldpath";
45 # i'm including this because other perl scripts in the gpt setup directories
49 if (defined($gptpath))
51 @INC = (@INC, "$gptpath/lib/perl", "$gpath/lib/perl");
55 @INC = (@INC, "$gpath/lib/perl");
58 require Grid::GPT::Setup;
60 my $globusdir = $gpath;
61 my $myname = "setup-openssh.pl";
64 # Set up path prefixes for use in the path translations
67 $prefix = ${globusdir};
68 $exec_prefix = "${prefix}";
69 $bindir = "${exec_prefix}/bin";
70 $sbindir = "${exec_prefix}/sbin";
71 $sysconfdir = "$prefix/etc/ssh";
72 $localsshdir = "/etc/ssh";
73 $setupdir = "$prefix/setup/gsi_openssh_setup";
76 "dsa" => "ssh_host_dsa_key",
77 "rsa" => "ssh_host_rsa_key",
78 "rsa1" => "ssh_host_key",
84 my($regex, $basename);
88 print "Copying ssh host keys...\n";
90 for my $f (@$copylist)
97 $pubkeyfile = "$f.pub";
99 action("cp $localsshdir/$keyfile $sysconfdir/$keyfile");
100 action("cp $localsshdir/$pubkeyfile $sysconfdir/$pubkeyfile");
110 if ( ( -e $file ) && ( -r $file ) )
136 my($keyhash, $keylist);
140 # initialize our variables
146 $keyhash->{gen} = []; # a list of keytypes to generate
147 $keyhash->{copy} = []; # a list of files to copy from the
149 $genlist = $keyhash->{gen};
150 $copylist = $keyhash->{copy};
153 # loop over our keytypes and determine what we need to do for each of them
156 for my $keytype (keys %$keyfiles)
158 $basekeyfile = $keyfiles->{$keytype};
161 # if the key's are already present, we don't need to bother with this rigamarole
164 $gkeyfile = "$sysconfdir/$basekeyfile";
165 $gpubkeyfile = "$sysconfdir/$basekeyfile.pub";
167 if ( isPresent($gkeyfile) && isPresent($gpubkeyfile) )
173 # if we can find a copy of the keys in /etc/ssh, we'll copy them to the user's
177 $mainkeyfile = "$localsshdir/$basekeyfile";
178 $mainpubkeyfile = "$localsshdir/$basekeyfile.pub";
180 if ( isReadable($mainkeyfile) && isReadable($mainpubkeyfile) )
182 push(@$copylist, $basekeyfile);
188 # otherwise, we need to generate the key
191 push(@$genlist, $keytype);
197 if ( ! -d $sysconfdir )
199 print "Could not find ${sysconfdir} directory... creating\n";
200 action("mkdir -p $sysconfdir");
210 my $keygen = "$bindir/ssh-keygen";
212 if (@$gen_keys && -x $keygen)
214 print "Generating ssh host keys...\n";
216 for my $k (@$gen_keys)
218 $keyfile = $keyfiles->{$k};
220 # if $sysconfdir/$keyfile doesn't exist..
221 action("$bindir/ssh-keygen -t $k -f $sysconfdir/$keyfile -N \"\"");
232 print "Fixing sftp-server path in sshd_config...\n";
234 $f = "$gpath/etc/ssh/sshd_config";
239 printf("Cannot find $f!\n");
244 # Grab the current mode/uid/gid for use later
247 $mode = (stat($f))[2];
248 $uid = (stat($f))[4];
249 $gid = (stat($f))[5];
252 # Move $f into a .tmp file for the translation step
255 $result = system("mv $f $g 2>&1");
258 die "ERROR: Unable to execute command: $!\n";
261 open(IN, "<$g") || die ("$0: input file $g missing!\n");
262 open(OUT, ">$f") || die ("$0: unable to open output file $f!\n");
267 # sorry for the whacky regex, but i need to verify a whole line
271 if ( $line =~ /^\s*Subsystem\s+sftp\s+\S+\s*$/ )
273 $newline = "Subsystem\tsftp\t$gpath/libexec/sftp-server\n";
274 $newline =~ s:/+:/:g;
276 elsif ( $line =~ /^\s*PidFile.*$/ )
278 $newline = "PidFile\t$gpath/var/sshd.pid\n";
279 $newline =~ s:/+:/:g;
286 print OUT "$newline";
293 # Remove the old .tmp file
296 $result = system("rm $g 2>&1");
300 die "ERROR: Unable to execute command: $!\n";
304 # An attempt to revert the new file back to the original file's
309 chown($uid, $gid, $f);
314 sub alterFileGlobusLocation
320 if ( ( -w $out ) || ( ! -e $out ) )
322 $data = readFile($in);
323 $data =~ s|\@GLOBUS_LOCATION\@|$gpath|g;
324 writeFile($out, $data);
325 action("chmod 755 $out");
332 alterFileGlobusLocation("$setupdir/SXXsshd.in", "$sbindir/SXXsshd");
335 ### readFile( $filename )
337 # reads and returns $filename's contents
345 open (IN, "$filename") || die "Can't open '$filename': $!";
354 ### writeFile( $filename, $fileinput )
356 # create the inputs to the ssl program at $filename, appending the common name to the
357 # stream in the process
362 my ($filename, $fileinput) = @_;
365 # test for a valid $filename
368 if ( !defined($filename) || (length($filename) lt 1) )
370 die "Filename is undefined";
373 if ( ( -e "$filename" ) && ( ! -w "$filename" ) )
375 die "Cannot write to filename '$filename'";
379 # write the output to $filename
382 open(OUT, ">$filename");
383 print OUT "$fileinput";
387 print "---------------------------------------------------------------------\n";
388 print "Hi, I'm the setup script for the gsi_openssh package! There\n";
389 print "are some last minute details that I've got to set straight\n";
390 print "in the sshd config file, along with generating the ssh keys\n";
391 print "for this machine (if it doesn't already have them).\n";
393 print "If I find a pair of host keys in /etc/ssh, I will copy them into\n";
394 print "\$GLOBUS_LOCATION/etc/ssh. If they aren't present, I will generate\n";
395 print "them for you.\n";
398 $response = query_boolean("Do you wish to continue with the setup package?","y");
399 if ($response eq "n")
402 print "Okay.. exiting gsi_openssh setup.\n";
409 $keyhash = determineKeys();
410 runKeyGen($keyhash->{gen});
411 copyKeyFiles($keyhash->{copy});
415 my $metadata = new Grid::GPT::Setup(package_name => "gsi_openssh_setup");
420 print "Additional Notes:\n";
422 print " o I see that you have your GLOBUS_LOCATION environmental variable\n";
425 print " \t\"$gpath\"\n";
427 print " Remember to keep this variable set (correctly) when you want to\n";
428 print " use the executables that came with this package.\n";
430 print " o You may need to set LD_LIBRARY_PATH to point to the location in\n";
431 print " which your globus libraries reside. For example:\n";
433 print " \t\$ LD_LIBRARY_PATH=\"$gpath/lib:\$LD_LIBRARY_PATH\"; \\\n";
434 print " \t export LD_LIBRARY_PATH\n";
436 print " If you wish, you may run, e.g.:\n";
438 print " \t\$ . \$GLOBUS_LOCATION/etc/globus-user-env.sh\n";
440 print " to prepare your environment for running the gsi_openssh\n";
441 print " executables.\n";
443 print "---------------------------------------------------------------------\n";
444 print "$myname: Finished configuring package 'gsi_openssh'.\n";
447 # Just need a minimal action() subroutine for now..
456 my $result = system("LD_LIBRARY_PATH=\"$gpath/lib:\$LD_LIBRARY_PATH\"; $command 2>&1");
458 if (($result or $?) and $command !~ m!patch!)
460 die "ERROR: Unable to execute command: $!\n";
466 my ($query_text, $default) = @_;
467 my $nondefault, $foo, $bar;
470 # Set $nondefault to the boolean opposite of $default.
482 print "${query_text} ";
486 ($bar) = split //, $foo;
488 if ( grep(/\s/, $bar) )
490 # this is debatable. all whitespace means 'default'
494 elsif ($bar ne $default)
496 # everything else means 'nondefault'.
502 # extraneous step. to get here, $bar should be eq to $default anyway.