5 # Adapts the installed gsi-openssh environment to the current machine,
6 # performing actions that originally occurred during the package's
7 # 'make install' phase.
9 # Send comments/fixes/suggestions to:
10 # Chase Phillips <cphillip@ncsa.uiuc.edu>
13 printf("setup-openssh.pl: Configuring gsi-openssh package\n");
16 # Get user's GPT_LOCATION since we may be installing this using a new(er)
20 $gptpath = $ENV{GPT_LOCATION};
23 # And the old standby..
26 $gpath = $ENV{GLOBUS_LOCATION};
29 die "GLOBUS_LOCATION needs to be set before running this script"
33 # modify the ld library path for when we call ssh executables
36 $oldldpath = $ENV{LD_LIBRARY_PATH};
37 $newldpath = "$gpath/lib";
38 if (length($oldldpath) > 0)
40 $newldpath .= ":$oldldpath";
42 $ENV{LD_LIBRARY_PATH} = "$newldpath";
45 # i'm including this because other perl scripts in the gpt setup directories
49 if (defined($gptpath))
51 @INC = (@INC, "$gptpath/lib/perl", "$gpath/lib/perl");
55 @INC = (@INC, "$gpath/lib/perl");
58 require Grid::GPT::Setup;
60 my $globusdir = $gpath;
61 my $myname = "setup-openssh.pl";
64 # Set up path prefixes for use in the path translations
67 $prefix = ${globusdir};
68 $exec_prefix = "${prefix}";
69 $bindir = "${exec_prefix}/bin";
70 $sbindir = "${exec_prefix}/sbin";
71 $sysconfdir = "$prefix/etc/ssh";
72 $localsshdir = "/etc/ssh";
73 $setupdir = "$prefix/setup/gsi_openssh_setup";
76 "dsa" => "ssh_host_dsa_key",
77 "rsa" => "ssh_host_rsa_key",
78 "rsa1" => "ssh_host_key",
84 my($regex, $basename);
88 print "Copying ssh host keys...\n";
90 for my $f (@$copylist)
97 $pubkeyfile = "$f.pub";
99 action("cp $localsshdir/$keyfile $sysconfdir/$keyfile");
100 action("cp $localsshdir/$pubkeyfile $sysconfdir/$pubkeyfile");
110 if ( ( -e $file ) && ( -r $file ) )
136 # make the gsi-openssh configuration directory if it doesn't already exist.
141 if ( isPresent($sysconfdir) )
143 if ( -d $sysconfdir )
148 die("${sysconfdir} already exists and is not a directory!\n");
151 print "Could not find ${sysconfdir} directory... creating.\n";
152 action("mkdir -p $sysconfdir");
159 my($keyhash, $keylist);
163 # initialize our variables
169 $keyhash->{gen} = []; # a list of keytypes to generate
170 $keyhash->{copy} = []; # a list of files to copy from the
172 $genlist = $keyhash->{gen};
173 $copylist = $keyhash->{copy};
176 # loop over our keytypes and determine what we need to do for each of them
179 for my $keytype (keys %$keyfiles)
181 $basekeyfile = $keyfiles->{$keytype};
184 # if the key's are already present, we don't need to bother with this rigamarole
187 $gkeyfile = "$sysconfdir/$basekeyfile";
188 $gpubkeyfile = "$sysconfdir/$basekeyfile.pub";
190 if ( isPresent($gkeyfile) && isPresent($gpubkeyfile) )
196 # if we can find a copy of the keys in /etc/ssh, we'll copy them to the user's
200 $mainkeyfile = "$localsshdir/$basekeyfile";
201 $mainpubkeyfile = "$localsshdir/$basekeyfile.pub";
203 if ( isReadable($mainkeyfile) && isReadable($mainpubkeyfile) )
205 push(@$copylist, $basekeyfile);
211 # otherwise, we need to generate the key
214 push(@$genlist, $keytype);
220 if ( ! -d $sysconfdir )
222 print "Could not find ${sysconfdir} directory... creating\n";
223 action("mkdir -p $sysconfdir");
233 my $keygen = "$bindir/ssh-keygen";
235 if (@$gen_keys && -x $keygen)
237 print "Generating ssh host keys...\n";
239 for my $k (@$gen_keys)
241 $keyfile = $keyfiles->{$k};
243 # if $sysconfdir/$keyfile doesn't exist..
244 action("$bindir/ssh-keygen -t $k -f $sysconfdir/$keyfile -N \"\"");
253 # this subroutine 'edits' the paths in sshd_config to suit them to the current environment
254 # in which the setup script is being run.
259 my($fileInput, $fileOutput);
260 my($mode, $uid, $gid);
263 print "Fixing paths in sshd_config...\n";
265 $fileInput = "$setupdir/sshd_config.in";
266 $fileOutput = "$sysconfdir/sshd_config";
268 if ( ! -f "$fileInput" )
270 printf("Cannot find $fileInput!\n");
274 if ( -e "$fileOutput" )
276 printf("$fileOutput already exists!\n");
281 # Grab the current mode/uid/gid for use later
284 $mode = (stat($fileInput))[2];
285 $uid = (stat($fileInput))[4];
286 $gid = (stat($fileInput))[5];
289 # Open the files for reading and writing, and loop over the input's contents
292 open(IN, "<$fileInput") || die ("$0: input file $fileInput missing!\n");
293 open(OUT, ">$fileOutput") || die ("$0: unable to open output file $fileOutput!\n");
298 # sorry for the whacky regex, but i need to verify a whole line
302 if ( $line =~ /^\s*Subsystem\s+sftp\s+\S+\s*$/ )
304 $newline = "Subsystem\tsftp\t$gpath/libexec/sftp-server\n";
305 $newline =~ s:/+:/:g;
307 elsif ( $line =~ /^\s*PidFile.*$/ )
309 $newline = "PidFile\t$gpath/var/sshd.pid\n";
310 $newline =~ s:/+:/:g;
317 print OUT "$newline";
324 # An attempt to revert the new file back to the original file's
328 chmod($mode, $fileOutput);
329 chown($uid, $gid, $fileOutput);
334 ### copyConfigFiles( )
336 # subroutine that copies some extra config files to their proper location in
337 # $GLOBUS_LOCATION/etc/ssh.
342 print "Copying ssh_config and moduli to their proper location...\n";
344 action("cp $setupdir/ssh_config $sysconfdir/ssh_config");
345 action("cp $setupdir/moduli $sysconfdir/moduli");
348 sub alterFileGlobusLocation
354 if ( ( -w $out ) || ( ! -e $out ) )
356 $data = readFile($in);
357 $data =~ s|\@GLOBUS_LOCATION\@|$gpath|g;
358 writeFile($out, $data);
359 action("chmod 755 $out");
366 alterFileGlobusLocation("$setupdir/SXXsshd.in", "$sbindir/SXXsshd");
369 ### readFile( $filename )
371 # reads and returns $filename's contents
379 open (IN, "$filename") || die "Can't open '$filename': $!";
388 ### writeFile( $filename, $fileinput )
390 # create the inputs to the ssl program at $filename, appending the common name to the
391 # stream in the process
396 my ($filename, $fileinput) = @_;
399 # test for a valid $filename
402 if ( !defined($filename) || (length($filename) lt 1) )
404 die "Filename is undefined";
407 if ( ( -e "$filename" ) && ( ! -w "$filename" ) )
409 die "Cannot write to filename '$filename'";
413 # write the output to $filename
416 open(OUT, ">$filename");
417 print OUT "$fileinput";
421 print "---------------------------------------------------------------------\n";
422 print "Hi, I'm the setup script for the gsi_openssh package! There\n";
423 print "are some last minute details that I've got to set straight\n";
424 print "in the sshd config file, along with generating the ssh keys\n";
425 print "for this machine (if it doesn't already have them).\n";
427 print "If I find a pair of host keys in /etc/ssh, I will copy them into\n";
428 print "\$GLOBUS_LOCATION/etc/ssh. If they aren't present, I will generate\n";
429 print "them for you.\n";
432 $response = query_boolean("Do you wish to continue with the setup package?","y");
433 if ($response eq "n")
436 print "Exiting gsi_openssh setup.\n";
444 $keyhash = determineKeys();
445 runKeyGen($keyhash->{gen});
446 copyKeyFiles($keyhash->{copy});
451 my $metadata = new Grid::GPT::Setup(package_name => "gsi_openssh_setup");
456 print "Additional Notes:\n";
458 print " o I see that you have your GLOBUS_LOCATION environmental variable\n";
461 print " \t\"$gpath\"\n";
463 print " Remember to keep this variable set (correctly) when you want to\n";
464 print " use the executables that came with this package.\n";
466 print " After that you may run, e.g.:\n";
468 print " \t\$ . \$GLOBUS_LOCATION/etc/globus-user-env.sh\n";
470 print " to prepare your environment for running the gsi_openssh\n";
471 print " executables.\n";
473 print "---------------------------------------------------------------------\n";
474 print "$myname: Finished configuring package 'gsi_openssh'.\n";
477 # Just need a minimal action() subroutine for now..
486 my $result = system("LD_LIBRARY_PATH=\"$gpath/lib:\$LD_LIBRARY_PATH\"; $command 2>&1");
488 if (($result or $?) and $command !~ m!patch!)
490 die "ERROR: Unable to execute command: $!\n";
496 my ($query_text, $default) = @_;
497 my $nondefault, $foo, $bar;
500 # Set $nondefault to the boolean opposite of $default.
512 print "${query_text} ";
516 ($bar) = split //, $foo;
518 if ( grep(/\s/, $bar) )
520 # this is debatable. all whitespace means 'default'
524 elsif ($bar ne $default)
526 # everything else means 'nondefault'.
532 # extraneous step. to get here, $bar should be eq to $default anyway.
540 ### absolutePath( $file )
542 # converts a given pathname into a canonical path using the abs_path function.
548 my $home = $ENV{'HOME'};
551 $file =~ s!^\./!$startd/!;
552 $file = "$startd/$file" if $file !~ m!^\s*/!;
553 $file = abs_path($file);