die "GLOBUS_LOCATION needs to be set before running this script"
}
+#
+# modify the ld library path for when we call ssh executables
+#
+
+$oldldpath = $ENV{LD_LIBRARY_PATH};
+$newldpath = "$gpath/lib";
+if (length($oldldpath) > 0)
+{
+ $newldpath .= ":$oldldpath";
+}
+$ENV{LD_LIBRARY_PATH} = "$newldpath";
+
#
# i'm including this because other perl scripts in the gpt setup directories
# do so
$prefix = ${globusdir};
$exec_prefix = "${prefix}";
$bindir = "${exec_prefix}/bin";
+$sbindir = "${exec_prefix}/sbin";
$sysconfdir = "$prefix/etc/ssh";
$localsshdir = "/etc/ssh";
+$setupdir = "$prefix/setup/gsi_openssh_setup";
my $keyfiles = {
"dsa" => "ssh_host_dsa_key",
"rsa1" => "ssh_host_key",
};
-#
-# Check that we are running as root
-#
-
-$uid = $>;
-
-if ($uid != 0)
-{
- print "--> NOTE: You must be root to run this script! <--\n";
- exit 0;
-}
-
sub copyKeyFiles
{
my($copylist) = @_;
my($regex, $basename);
- print "Copying ssh host keys...\n";
-
- for my $f (@$copylist)
+ if (@$copylist)
{
- $f =~ s:/+:/:g;
+ print "Copying ssh host keys...\n";
- if (length($f) > 0)
+ for my $f (@$copylist)
{
- $keyfile = "$f";
- $pubkeyfile = "$f.pub";
+ $f =~ s:/+:/:g;
- action("cp $localsshdir/$keyfile $sysconfdir/$keyfile");
- action("cp $localsshdir/$pubkeyfile $sysconfdir/$pubkeyfile");
+ if (length($f) > 0)
+ {
+ $keyfile = "$f";
+ $pubkeyfile = "$f.pub";
+
+ action("cp $localsshdir/$keyfile $sysconfdir/$keyfile");
+ action("cp $localsshdir/$pubkeyfile $sysconfdir/$pubkeyfile");
+ }
}
}
}
}
}
+sub isPresent
+{
+ my($file) = @_;
+
+ if ( -e $file )
+ {
+ return 1;
+ }
+ else
+ {
+ return 0;
+ }
+}
+
+### makeConfDir( )
+#
+# make the gsi-openssh configuration directory if it doesn't already exist.
+#
+
+sub makeConfDir
+{
+ if ( isPresent($sysconfdir) )
+ {
+ if ( -d $sysconfdir )
+ {
+ return;
+ }
+
+ die("${sysconfdir} already exists and is not a directory!\n");
+ }
+
+ print "Could not find ${sysconfdir} directory... creating.\n";
+ action("mkdir -p $sysconfdir");
+
+ return;
+}
+
sub determineKeys
{
my($keyhash, $keylist);
my($count);
+ #
+ # initialize our variables
+ #
+
$count = 0;
$keyhash = {};
$keyhash->{gen} = []; # a list of keytypes to generate
$keyhash->{copy} = []; # a list of files to copy from the
+
$genlist = $keyhash->{gen};
$copylist = $keyhash->{copy};
+ #
+ # loop over our keytypes and determine what we need to do for each of them
+ #
+
for my $keytype (keys %$keyfiles)
{
$basekeyfile = $keyfiles->{$keytype};
- $keyfile = "$localsshdir/$basekeyfile";
- $pubkeyfile = "$keyfile.pub";
- if ( !isReadable($keyfile) || !isReadable($pubkeyfile) )
+ #
+ # if the key's are already present, we don't need to bother with this rigamarole
+ #
+
+ $gkeyfile = "$sysconfdir/$basekeyfile";
+ $gpubkeyfile = "$sysconfdir/$basekeyfile.pub";
+
+ if ( isPresent($gkeyfile) && isPresent($gpubkeyfile) )
{
- push(@$genlist, $keytype);
- $count++;
+ next;
}
- }
- for my $keytype (keys %$keyfiles)
- {
- if ( !grep(/^$keytype$/, @$genlist) )
+ #
+ # if we can find a copy of the keys in /etc/ssh, we'll copy them to the user's
+ # globus location
+ #
+
+ $mainkeyfile = "$localsshdir/$basekeyfile";
+ $mainpubkeyfile = "$localsshdir/$basekeyfile.pub";
+
+ if ( isReadable($mainkeyfile) && isReadable($mainpubkeyfile) )
{
- $keyfile = $keyfiles->{$keytype};
- push(@$copylist, $keyfile);
+ push(@$copylist, $basekeyfile);
$count++;
+ next;
}
+
+ #
+ # otherwise, we need to generate the key
+ #
+
+ push(@$genlist, $keytype);
+ $count++;
}
if ($count > 0)
sub runKeyGen
{
my($gen_keys) = @_;
+ my $keygen = "$bindir/ssh-keygen";
- print "Generating ssh host keys...\n";
-
- for my $k (@$gen_keys)
+ if (@$gen_keys && -x $keygen)
{
- $keyfile = $keyfiles->{$k};
+ print "Generating ssh host keys...\n";
+
+ for my $k (@$gen_keys)
+ {
+ $keyfile = $keyfiles->{$k};
- # if $sysconfdir/$keyfile doesn't exist..
- action("$bindir/ssh-keygen -t $k -f $sysconfdir/$keyfile -N \"\"");
+ # if $sysconfdir/$keyfile doesn't exist..
+ action("$bindir/ssh-keygen -t $k -f $sysconfdir/$keyfile -N \"\"");
+ }
}
return 0;
}
+### fixpaths( )
+#
+# this subroutine 'edits' the paths in sshd_config to suit them to the current environment
+# in which the setup script is being run.
+#
+
sub fixpaths
{
- my $g, $h;
+ my($fileInput, $fileOutput);
+ my($mode, $uid, $gid);
+ my($line, $newline);
- print "Fixing sftp-server path in sshd_config...\n";
+ print "Fixing paths in sshd_config...\n";
- $f = "$gpath/etc/ssh/sshd_config";
- $g = "$f.tmp";
+ $fileInput = "$setupdir/sshd_config.in";
+ $fileOutput = "$sysconfdir/sshd_config";
+
+ if ( ! -f "$fileInput" )
+ {
+ printf("Cannot find $fileInput!\n");
+ die();
+ }
- if ( ! -f "$f" )
+ if ( -e "$fileOutput" )
{
- die("Cannot find $f!");
+ printf("$fileOutput already exists!\n");
+ die();
}
#
# Grab the current mode/uid/gid for use later
#
- $mode = (stat($f))[2];
- $uid = (stat($f))[4];
- $gid = (stat($f))[5];
+ $mode = (stat($fileInput))[2];
+ $uid = (stat($fileInput))[4];
+ $gid = (stat($fileInput))[5];
#
- # Move $f into a .tmp file for the translation step
+ # Open the files for reading and writing, and loop over the input's contents
#
- $result = system("mv $f $g 2>&1");
- if ($result or $?)
- {
- die "ERROR: Unable to execute command: $!\n";
- }
-
- open(IN, "<$g") || die ("$0: input file $g missing!\n");
- open(OUT, ">$f") || die ("$0: unable to open output file $f!\n");
+ open(IN, "<$fileInput") || die ("$0: input file $fileInput missing!\n");
+ open(OUT, ">$fileOutput") || die ("$0: unable to open output file $fileOutput!\n");
while (<IN>)
{
# sorry for the whacky regex, but i need to verify a whole line
#
- if ( /^\s*Subsystem\s+sftp\s+\S+\s*$/ )
+ $line = $_;
+ if ( $line =~ /^\s*Subsystem\s+sftp\s+\S+\s*$/ )
+ {
+ $newline = "Subsystem\tsftp\t$gpath/libexec/sftp-server\n";
+ $newline =~ s:/+:/:g;
+ }
+ elsif ( $line =~ /^\s*PidFile.*$/ )
+ {
+ $newline = "PidFile\t$gpath/var/sshd.pid\n";
+ $newline =~ s:/+:/:g;
+ }
+ else
{
- $_ = "Subsystem\tsftp\t$gpath/libexec/sftp-server\n";
- $_ =~ s:/+:/:g;
+ $newline = $line;
}
- print OUT "$_";
+
+ print OUT "$newline";
} # while <IN>
close(OUT);
close(IN);
- #
- # Remove the old .tmp file
- #
-
- $result = system("rm $g 2>&1");
-
- if ($result or $?)
- {
- die "ERROR: Unable to execute command: $!\n";
- }
-
#
# An attempt to revert the new file back to the original file's
# mode/uid/gid
#
- chmod($mode, $f);
- chown($uid, $gid, $f);
+ chmod($mode, $fileOutput);
+ chown($uid, $gid, $fileOutput);
return 0;
}
+### copyConfigFiles( )
+#
+# subroutine that copies some extra config files to their proper location in
+# $GLOBUS_LOCATION/etc/ssh.
+#
+
+sub copyConfigFiles
+{
+ print "Copying ssh_config and moduli to their proper location...\n";
+
+ action("cp $setupdir/ssh_config $sysconfdir/ssh_config");
+ action("cp $setupdir/moduli $sysconfdir/moduli");
+}
+
sub alterFileGlobusLocation
{
- my ($file) = @_;
+ my ($in, $out) = @_;
- $data = readFile($file);
- $data =~ s|\@GSI_OPENSSH_GLOBUS_LOCATION\@|$gpath|g;
- writeFile($file, $data);
+ if ( -r $in )
+ {
+ if ( ( -w $out ) || ( ! -e $out ) )
+ {
+ $data = readFile($in);
+ $data =~ s|\@GLOBUS_LOCATION\@|$gpath|g;
+ writeFile($out, $data);
+ action("chmod 755 $out");
+ }
+ }
}
sub alterFiles
{
- my (@files);
-
- @files = (
- "$gosharedir/contrib/caldera/sshd.init",
- );
+ alterFileGlobusLocation("$setupdir/SXXsshd.in", "$sbindir/SXXsshd");
}
### readFile( $filename )
print "\n";
$response = query_boolean("Do you wish to continue with the setup package?","y");
-
if ($response eq "n")
{
print "\n";
- print "Okay.. exiting gsi_openssh setup.\n";
+ print "Exiting gsi_openssh setup.\n";
exit 0;
}
+print "\n";
+
+makeConfDir();
$keyhash = determineKeys();
runKeyGen($keyhash->{gen});
copyKeyFiles($keyhash->{copy});
fixpaths();
+copyConfigFiles();
+alterFiles();
my $metadata = new Grid::GPT::Setup(package_name => "gsi_openssh_setup");
$metadata->finish();
-print "---------------------------------------------------------------------\n";
-print "$myname: Finished configuring package 'gsi_openssh'.\n";
print "\n";
print "Additional Notes:\n";
print "\n";
print " Remember to keep this variable set (correctly) when you want to\n";
print " use the executables that came with this package.\n";
print "\n";
-print " o You may need to set LD_LIBRARY_PATH to point to the location in\n";
-print " which your globus libraries reside. For example:\n";
+print " After that you may run, e.g.:\n";
+print "\n";
+print " \t\$ . \$GLOBUS_LOCATION/etc/globus-user-env.sh\n";
print "\n";
-print " \t\$ LD_LIBRARY_PATH=\"$gpath/lib:\$LD_LIBRARY_PATH\"; \\\n";
-print " \t export LD_LIBRARY_PATH\n";
+print " to prepare your environment for running the gsi_openssh\n";
+print " executables.\n";
print "\n";
print "---------------------------------------------------------------------\n";
+print "$myname: Finished configuring package 'gsi_openssh'.\n";
#
# Just need a minimal action() subroutine for now..
printf "$command\n";
- my $result = system("$command 2>&1");
+ my $result = system("LD_LIBRARY_PATH=\"$gpath/lib:\$LD_LIBRARY_PATH\"; $command 2>&1");
if (($result or $?) and $command !~ m!patch!)
{
return $bar;
}
+
+### absolutePath( $file )
+#
+# converts a given pathname into a canonical path using the abs_path function.
+#
+
+sub absolutePath
+{
+ my($file) = @_;
+ my $home = $ENV{'HOME'};
+ $file =~ s!~!$home!;
+ my $startd = cwd();
+ $file =~ s!^\./!$startd/!;
+ $file = "$startd/$file" if $file !~ m!^\s*/!;
+ $file = abs_path($file);
+ return $file;
+}