X-Git-Url: http://andersk.mit.edu/gitweb/gssapi-openssh.git/blobdiff_plain/d58b3a332b3c4dc360f9a1e7b63eeef6d18badc8..e3118504578e45e19efe81514d732dff14983f67:/setup/setup-openssh.pl diff --git a/setup/setup-openssh.pl b/setup/setup-openssh.pl index b589e67..42446a0 100644 --- a/setup/setup-openssh.pl +++ b/setup/setup-openssh.pl @@ -2,12 +2,10 @@ # # setup-openssh.pl # -# Adapts the installed gsi-ssh environment to the current machine, +# Adapts the installed gsi-openssh environment to the current machine, # performing actions that originally occurred during the package's # 'make install' phase. # -# Parts adapted from 'fixpath', a tool found in openssh-3.0.2p1. -# # Send comments/fixes/suggestions to: # Chase Phillips # @@ -31,6 +29,18 @@ if (!defined($gpath)) die "GLOBUS_LOCATION needs to be set before running this script" } +# +# modify the ld library path for when we call ssh executables +# + +$oldldpath = $ENV{LD_LIBRARY_PATH}; +$newldpath = "$gpath/lib"; +if (length($oldldpath) > 0) +{ + $newldpath .= ":$oldldpath"; +} +$ENV{LD_LIBRARY_PATH} = "$newldpath"; + # # i'm including this because other perl scripts in the gpt setup directories # do so @@ -48,7 +58,6 @@ else require Grid::GPT::Setup; my $globusdir = $gpath; -my $setupdir = "$globusdir/setup/globus"; my $myname = "setup-openssh.pl"; # @@ -58,153 +67,156 @@ my $myname = "setup-openssh.pl"; $prefix = ${globusdir}; $exec_prefix = "${prefix}"; $bindir = "${exec_prefix}/bin"; -$sbindir = "${exec_prefix}/sbin"; -$mandir = "${prefix}/man"; -$mansubdir = "man"; -$libexecdir = "${exec_prefix}/libexec"; -$sysconfdir = "/etc/ssh"; -$piddir = "/var/run"; -$xauth_path = "/usr/bin/X11/xauth"; - -# -# Backup-related variables -# - -$curr_time = time(); -$backupdir = "/etc/ssh/globus_backup_${curr_time}"; - -# -# Check that we are running as root -# +$sysconfdir = "$prefix/etc/ssh"; +$localsshdir = "/etc/ssh"; -$uid = $>; +my $keyfiles = { + "dsa" => "ssh_host_dsa_key", + "rsa" => "ssh_host_rsa_key", + "rsa1" => "ssh_host_key", + }; -if ($uid != 0) +sub copyKeyFiles { - print "--> NOTE: You must be root to run this script! <--\n"; - exit 0; -} + my($copylist) = @_; + my($regex, $basename); -# -# We need to make sure it's okay to copy our setup files (if some files are already -# present). If we do copy any files, we backup the old files so the user can (possibly) -# reverse any damage. -# - -sub test_dirs -{ - print "\nPreparatory: Checking for existence of critical directories..\n"; - - # - # Remember to put in check for /etc - # - - # - # Test for /etc/ssh - # - - if ( ! -d "$sysconfdir" ) + if (@$copylist) { - print "Could not find directory: '${sysconfdir}'.. creating.\n"; - mkdir($sysconfdir, 16877); - # 16877 should be 755, or drwxr-xr-x - } + print "Copying ssh host keys...\n"; - # - # Test for /etc/ssh/globus_backup_ - # + for my $f (@$copylist) + { + $f =~ s:/+:/:g; - if ( ! -d "${backupdir}" ) - { - print "Could not find directory: '${backupdir}'.. creating.\n"; - mkdir($backupdir, 16877); - } + if (length($f) > 0) + { + $keyfile = "$f"; + $pubkeyfile = "$f.pub"; - return 0; + action("cp $localsshdir/$keyfile $sysconfdir/$keyfile"); + action("cp $localsshdir/$pubkeyfile $sysconfdir/$pubkeyfile"); + } + } + } } -sub backup_files +sub isReadable { - print "\nStage 1: Backing up configuration files to '${backupdir}/'..\n"; + my($file) = @_; - if ( -e "${sysconfdir}/ssh_config" ) + if ( ( -e $file ) && ( -r $file ) ) { - action("cp ${sysconfdir}/ssh_config ${backupdir}/ssh_config"); + return 1; } else { - print "${sysconfdir}/ssh_config does not exist.\n"; + return 0; } +} - if ( -e "${sysconfdir}/sshd_config" ) - { - action("cp ${sysconfdir}/sshd_config ${backupdir}/sshd_config"); - } - else - { - print "${sysconfdir}/sshd_config does not exist.\n"; - } +sub isPresent +{ + my($file) = @_; - if ( -e "${sysconfdir}/moduli" ) + if ( -e $file ) { - action("cp ${sysconfdir}/moduli ${backupdir}/moduli"); + return 1; } else { - print "${sysconfdir}/moduli does not exist.\n"; + return 0; } } -sub copy_setup_files +sub determineKeys { - my $response; + my($keyhash, $keylist); + my($count); - print "\nStage 2: Copying configuration files into '${sysconfdir}'..\n"; + # + # initialize our variables + # - action("cp ${globusdir}/setup/globus/ssh_config ${sysconfdir}/ssh_config"); - action("cp ${globusdir}/setup/globus/sshd_config ${sysconfdir}/sshd_config"); - action("cp ${globusdir}/setup/globus/moduli ${sysconfdir}/moduli"); -} + $count = 0; -sub runkeygen -{ - print "\nStage 3: Generating ssh host keys..\n"; + $keyhash = {}; + $keyhash->{gen} = []; # a list of keytypes to generate + $keyhash->{copy} = []; # a list of files to copy from the - if ( ! -d "${sysconfdir}" ) - { - print "Could not find ${sysconfdir} directory... creating\n"; - mkdir($sysconfdir, 16877); - # 16877 should be 755, or drwxr-xr-x - } + $genlist = $keyhash->{gen}; + $copylist = $keyhash->{copy}; - if ( -e "${sysconfdir}/ssh_host_key" ) - { - print "${sysconfdir}/ssh_host_key already exists, skipping.\n"; - } - else - { - # if $sysconfdir/ssh_host_key doesn't exist.. - action("$bindir/ssh-keygen -t rsa1 -f $sysconfdir/ssh_host_key -N \"\""); - } + # + # loop over our keytypes and determine what we need to do for each of them + # - if ( -e "${sysconfdir}/ssh_host_dsa_key" ) + for my $keytype (keys %$keyfiles) { - print "${sysconfdir}/ssh_host_dsa_key already exists, skipping.\n"; - } - else - { - # if $sysconfdir/ssh_host_dsa_key doesn't exist.. - action("$bindir/ssh-keygen -t dsa -f $sysconfdir/ssh_host_dsa_key -N \"\""); + $basekeyfile = $keyfiles->{$keytype}; + + # + # if the key's are already present, we don't need to bother with this rigamarole + # + + $gkeyfile = "$sysconfdir/$basekeyfile"; + $gpubkeyfile = "$sysconfdir/$basekeyfile.pub"; + + if ( isPresent($gkeyfile) && isPresent($gpubkeyfile) ) + { + next; + } + + # + # if we can find a copy of the keys in /etc/ssh, we'll copy them to the user's + # globus location + # + + $mainkeyfile = "$localsshdir/$basekeyfile"; + $mainpubkeyfile = "$localsshdir/$basekeyfile.pub"; + + if ( isReadable($mainkeyfile) && isReadable($mainpubkeyfile) ) + { + push(@$copylist, $basekeyfile); + $count++; + next; + } + + # + # otherwise, we need to generate the key + # + + push(@$genlist, $keytype); + $count++; } - if ( -e "${sysconfdir}/ssh_host_rsa_key" ) + if ($count > 0) { - print "${sysconfdir}/ssh_host_rsa_key already exists, skipping.\n"; + if ( ! -d $sysconfdir ) + { + print "Could not find ${sysconfdir} directory... creating\n"; + action("mkdir -p $sysconfdir"); + } } - else + + return $keyhash; +} + +sub runKeyGen +{ + my($gen_keys) = @_; + + if (@$gen_keys) { - # if $sysconfdir/ssh_host_rsa_key doesn't exist.. - action("$bindir/ssh-keygen -t rsa -f $sysconfdir/ssh_host_rsa_key -N \"\""); + print "Generating ssh host keys...\n"; + + for my $k (@$gen_keys) + { + $keyfile = $keyfiles->{$k}; + + # if $sysconfdir/$keyfile doesn't exist.. + action("$bindir/ssh-keygen -t $k -f $sysconfdir/$keyfile -N \"\""); + } } return 0; @@ -214,119 +226,72 @@ sub fixpaths { my $g, $h; - print "\nStage 4: Translating strings in config and man files..\n"; + print "Fixing sftp-server path in sshd_config...\n"; + + $f = "$gpath/etc/ssh/sshd_config"; + $g = "$f.tmp"; + + if ( ! -f "$f" ) + { + die("Cannot find $f!"); + } # - # Set up path translations for the installation files + # Grab the current mode/uid/gid for use later # - %def = ( - "/etc/ssh_config" => "${sysconfdir}/ssh_config", - "/etc/ssh_known_hosts" => "${sysconfdir}/ssh_known_hosts", - "/etc/sshd_config" => "${sysconfdir}/sshd_config", - "/usr/libexec" => "${libexecdir}", - "/etc/shosts.equiv" => "${sysconfdir}/shosts.equiv", - "/etc/ssh_host_key" => "${sysconfdir}/ssh_host_key", - "/etc/ssh_host_dsa_key" => "${sysconfdir}/ssh_host_dsa_key", - "/etc/ssh_host_rsa_key" => "${sysconfdir}/ssh_host_rsa_key", - "/var/run/sshd.pid" => "${piddir}/sshd.pid", - "/etc/moduli" => "${sysconfdir}/moduli", - "/etc/sshrc" => "${sysconfdir}/sshrc", - "/usr/X11R6/bin/xauth" => "${xauth_path}", - "/usr/bin:/bin:/usr/sbin:/sbin" => "/usr/bin:/bin:/usr/sbin:/sbin:${bindir}", - ); + $mode = (stat($f))[2]; + $uid = (stat($f))[4]; + $gid = (stat($f))[5]; # - # Files on which to perform path translations + # Move $f into a .tmp file for the translation step # - @files = ( - "${sysconfdir}/ssh_config", - "${sysconfdir}/sshd_config", - "${sysconfdir}/moduli", - "${mandir}/${mansubdir}1/scp.1", - "${mandir}/${mansubdir}1/ssh-add.1", - "${mandir}/${mansubdir}1/ssh-agent.1", - "${mandir}/${mansubdir}1/ssh-keygen.1", - "${mandir}/${mansubdir}1/ssh-keyscan.1", - "${mandir}/${mansubdir}1/ssh.1", - "${mandir}/${mansubdir}8/sshd.8", - "${mandir}/${mansubdir}8/sftp-server.8", - "${mandir}/${mansubdir}1/sftp.1", - ); - - for my $f (@files) + $result = system("mv $f $g 2>&1"); + if ($result or $?) { - $f =~ /(.*\/)*(.*)$/; - - # - # we really should create a random filename and make sure that it - # doesn't already exist (based off current time_t or something) - # - - $g = "$f.tmp"; - - # - # What is $f's filename? (taken from the qualified path) - # - - $h = $f; - $h =~ s#^.*/##; - - # - # Grab the current mode/uid/gid for use later - # + die "ERROR: Unable to execute command: $!\n"; + } - $mode = (stat($f))[2]; - $uid = (stat($f))[4]; - $gid = (stat($f))[5]; + open(IN, "<$g") || die ("$0: input file $g missing!\n"); + open(OUT, ">$f") || die ("$0: unable to open output file $f!\n"); + while () + { # - # Move $f into a .tmp file for the translation step + # sorry for the whacky regex, but i need to verify a whole line # - $result = system("mv $f $g 2>&1"); - if ($result or $?) + if ( /^\s*Subsystem\s+sftp\s+\S+\s*$/ ) { - die "ERROR: Unable to execute command: $!\n"; + $_ = "Subsystem\tsftp\t$gpath/libexec/sftp-server\n"; + $_ =~ s:/+:/:g; } + print OUT "$_"; + } # while - open(IN, "<$g") || die ("$0: input file $g missing!\n"); - open(OUT, ">$f") || die ("$0: unable to open output file $f!\n"); - - while () - { - for $s (keys(%def)) - { - s#$s#$def{$s}#; - } # for $s - print OUT "$_"; - } # while - - close(OUT); - close(IN); - - # - # Remove the old .tmp file - # + close(OUT); + close(IN); - $result = system("rm $g 2>&1"); + # + # Remove the old .tmp file + # - if ($result or $?) - { - die "ERROR: Unable to execute command: $!\n"; - } + $result = system("rm $g 2>&1"); - # - # An attempt to revert the new file back to the original file's - # mode/uid/gid - # + if ($result or $?) + { + die "ERROR: Unable to execute command: $!\n"; + } - chmod($mode, $f); - chown($uid, $gid, $f); + # + # An attempt to revert the new file back to the original file's + # mode/uid/gid + # - print "$h\n"; - } # for $f + chmod($mode, $f); + chown($uid, $gid, $f); return 0; } @@ -336,7 +301,7 @@ sub alterFileGlobusLocation my ($file) = @_; $data = readFile($file); - $data =~ s|@GSI_OPENSSH_GLOBUS_LOCATION@|$gpath|g; + $data =~ s|\@GSI_OPENSSH_GLOBUS_LOCATION\@|$gpath|g; writeFile($file, $data); } @@ -401,26 +366,18 @@ sub writeFile close(OUT); } -print "---------------------------------------------------------------\n"; +print "---------------------------------------------------------------------\n"; print "Hi, I'm the setup script for the gsi_openssh package! There\n"; print "are some last minute details that I've got to set straight\n"; -print "in the config and man files, along with generating the ssh keys\n"; +print "in the sshd config file, along with generating the ssh keys\n"; print "for this machine (if it doesn't already have them).\n"; print "\n"; -print "I like to install my config-related files in:\n"; -print " ${sysconfdir}/\n"; -print "\n"; -print "These files may overwrite your previously existing configuration\n"; -print "files. If you choose to continue, you will find a backup of\n"; -print "those original files in:\n"; -print " ${backupdir}/\n"; -print "\n"; -print "Your host keys will remain untouched if they are already present.\n"; -print "If they aren't present, this script will generate them for you.\n"; +print "If I find a pair of host keys in /etc/ssh, I will copy them into\n"; +print "\$GLOBUS_LOCATION/etc/ssh. If they aren't present, I will generate\n"; +print "them for you.\n"; print "\n"; $response = query_boolean("Do you wish to continue with the setup package?","y"); - if ($response eq "n") { print "\n"; @@ -429,10 +386,11 @@ if ($response eq "n") exit 0; } -test_dirs(); -backup_files(); -copy_setup_files(); -runkeygen(); +print "\n"; + +$keyhash = determineKeys(); +runKeyGen($keyhash->{gen}); +copyKeyFiles($keyhash->{copy}); fixpaths(); my $metadata = new Grid::GPT::Setup(package_name => "gsi_openssh_setup"); @@ -440,21 +398,24 @@ my $metadata = new Grid::GPT::Setup(package_name => "gsi_openssh_setup"); $metadata->finish(); print "\n"; -print "$myname: Finished configuring package 'gsi_openssh'.\n"; +print "Additional Notes:\n"; print "\n"; -print "I see that you have your GLOBUS_LOCATION environmental variable\n"; -print "set to:\n"; -print " $gpath\n"; +print " o I see that you have your GLOBUS_LOCATION environmental variable\n"; +print " set to:\n"; print "\n"; -print "Remember to keep this variable set (correctly) when you want\n"; -print "to use the executables that came with this package.\n"; +print " \t\"$gpath\"\n"; print "\n"; -print "Additionally, you may need to set LD_LIBRARY_PATH to point to\n"; -print "the location in which your globus libraries reside. For example:\n"; +print " Remember to keep this variable set (correctly) when you want to\n"; +print " use the executables that came with this package.\n"; print "\n"; -print " export LD_LIBRARY_PATH=\"$gpath/lib\"\n"; +print " o You may need to set LD_LIBRARY_PATH to point to the location in\n"; +print " which your globus libraries reside. For example:\n"; print "\n"; -print "---------------------------------------------------------------\n"; +print " \t\$ LD_LIBRARY_PATH=\"$gpath/lib:\$LD_LIBRARY_PATH\"; \\\n"; +print " \t export LD_LIBRARY_PATH\n"; +print "\n"; +print "---------------------------------------------------------------------\n"; +print "$myname: Finished configuring package 'gsi_openssh'.\n"; # # Just need a minimal action() subroutine for now.. @@ -466,7 +427,7 @@ sub action printf "$command\n"; - my $result = system("$command 2>&1"); + my $result = system("LD_LIBRARY_PATH=\"$gpath/lib:\$LD_LIBRARY_PATH\"; $command 2>&1"); if (($result or $?) and $command !~ m!patch!) {