From 27ec9dda80f8bed788bc90c7c559c40418fd4fd1 Mon Sep 17 00:00:00 2001 From: basney Date: Thu, 10 Apr 2008 15:57:34 +0000 Subject: [PATCH] These files live in gssapi-openssh/openssh/gpt/setup. There shouldn't be copies here. --- openssh/gpt/setup/SXXsshd.in | 93 -- openssh/gpt/setup/setup-openssh | 8 - openssh/gpt/setup/setup-openssh.pl | 1270 ---------------------------- 3 files changed, 1371 deletions(-) delete mode 100644 openssh/gpt/setup/SXXsshd.in delete mode 100755 openssh/gpt/setup/setup-openssh delete mode 100644 openssh/gpt/setup/setup-openssh.pl diff --git a/openssh/gpt/setup/SXXsshd.in b/openssh/gpt/setup/SXXsshd.in deleted file mode 100644 index c015f23..0000000 --- a/openssh/gpt/setup/SXXsshd.in +++ /dev/null @@ -1,93 +0,0 @@ -#!/bin/sh -# -# Init file for GSI-OpenSSH server daemon -# -# chkconfig: 2345 55 25 -# description: GSI-OpenSSH server daemon -# - -### BEGIN INIT INFO -# Provides: sshd -# Required-Start: $network -# Required-Stop: $network -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Description: Start the sshd daemon -### END INIT INFO - -GLOBUS_LOCATION="@GLOBUS_LOCATION@" -export GLOBUS_LOCATION - -. ${GLOBUS_LOCATION}/libexec/globus-script-initializer -. ${libexecdir}/globus-sh-tools.sh - -PID_FILE=${localstatedir}/sshd.pid - -# -# SSHD arguments can be added here within the following -# set of double quotes. -# - -SSHD_ARGS="" - -do_start() -{ - if [ ! -d $localstatedir ]; then - mkdir -p $localstatedir - fi - echo -n "Starting up GSI-OpenSSH sshd server... " - ${sbindir}/sshd $SSHD_ARGS > /dev/null 2>&1 & - if [ $? -eq 0 ]; then - echo "done." - else - echo "failed to start GSI-OpenSSH sshd server!" - fi -} - -do_stop() -{ - echo -n "Stopping the GSI-OpenSSH sshd server... " - pid=`cat $PID_FILE` - kill -TERM $pid - sleep 2 - kill -TERM $pid 2> /dev/null - rm -f $PID_FILE - echo "done." -} - -case "$1" in - start) - if [ ! -f $PID_FILE ]; then - do_start - else - pid=`cat $PID_FILE` - psout=`ps -A | grep $pid | grep -v grep | awk "{if (\\\$1 == $pid) print}"` - if [ "x$psout" = "x" ]; then - echo "Found stale sshd pid file... removing it." - rm -f $PID_FILE - do_start - else - echo "GSI-OpenSSH sshd server is already running!" - fi - fi - ;; - - stop) - if [ -f $PID_FILE ] ; then - do_stop - else - echo "The server's pid file does not exist! Are you sure the server is running?" - fi - ;; - - restart) - $0 stop - $0 start - ;; - - *) - echo "Usage: $0 (start|stop|restart)" - exit 1 -esac - -exit 0 diff --git a/openssh/gpt/setup/setup-openssh b/openssh/gpt/setup/setup-openssh deleted file mode 100755 index 8895ae8..0000000 --- a/openssh/gpt/setup/setup-openssh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh - -if [ "$GLOBUS_LOCATION" = "" ]; then - echo "Set GLOBUS_LOCATION before running this script" - exit 1 -fi - -perl $GLOBUS_LOCATION/setup/gsi_openssh_setup/setup-openssh.pl $* diff --git a/openssh/gpt/setup/setup-openssh.pl b/openssh/gpt/setup/setup-openssh.pl deleted file mode 100644 index f9c543b..0000000 --- a/openssh/gpt/setup/setup-openssh.pl +++ /dev/null @@ -1,1270 +0,0 @@ -#!/usr/bin/perl -# -# setup-openssh.pl -# -# Adapts the installed gsi-openssh environment to the current machine, -# performing actions that originally occurred during the package's -# 'make install' phase. -# -# Send comments/fixes/suggestions to: -# Chase Phillips -# - -# -# Get user's GPT_LOCATION since we may be installing this using a new(er) -# version of GPT. -# - -$gptpath = $ENV{GPT_LOCATION}; - -# -# And the old standby.. -# - -$gpath = $ENV{GLOBUS_LOCATION}; -if (!defined($gpath)) -{ - die "GLOBUS_LOCATION needs to be set before running this script" -} - -# -# Include standard modules -# - -use Getopt::Long; -use Cwd; -use Cwd 'abs_path'; - -# -# modify the ld library path for when we call ssh executables -# - -$oldldpath = $ENV{LD_LIBRARY_PATH}; -$newldpath = "$gpath/lib"; -if (length($oldldpath) > 0) -{ - $newldpath .= ":$oldldpath"; -} -$ENV{LD_LIBRARY_PATH} = "$newldpath"; - -# -# i'm including this because other perl scripts in the gpt setup directories -# do so -# - -if (defined($gptpath)) -{ - @INC = (@INC, "$gptpath/lib/perl", "$gpath/lib/perl"); -} -else -{ - @INC = (@INC, "$gpath/lib/perl"); -} - -require Grid::GPT::Setup; - -# -# script-centred variable initialization -# - -my $globusdir = $gpath; -my $myname = "setup-openssh.pl"; - -# -# Set up path prefixes for use in the path translations -# - -$prefix = ${globusdir}; -$exec_prefix = "${prefix}"; -$bindir = "${exec_prefix}/bin"; -$sbindir = "${exec_prefix}/sbin"; -$sysconfdir = "$prefix/etc/ssh"; -$localsshdir = "/etc/ssh"; -$setupdir = "$prefix/setup/gsi_openssh_setup"; - -# -# standard key types and their root file name mappings -# - -my $keyfiles = { - "dsa" => "ssh_host_dsa_key", - "rsa" => "ssh_host_rsa_key", - "rsa1" => "ssh_host_key", - }; - -# -# argument specification. we offload some processing work from later functions -# to verify correct args by using anon subs in various places. -# - -my($prompt, $force, $verbose); - -$prompt = 1; - -GetOptions( - 'prompt!' => \$prompt, - 'force' => \$force, - 'verbose' => \$verbose, - ) or pod2usage(2); - -# -# miscellaneous initialization functions -# - -setPrivilegeSeparation(0); - -# -# main execution. This should find its way into a subroutine at some future -# point. -# - -print "$myname: Configuring package 'gsi_openssh'...\n"; -print "---------------------------------------------------------------------\n"; -print "Hi, I'm the setup script for the gsi_openssh package! I will create\n"; -print "a number of configuration files based on your local system setup. I\n"; -print "will also attempt to copy or create a number of SSH key pairs for\n"; -print "this machine. (Loosely, if I find a pair of host keys in /etc/ssh,\n"; -print "I will copy them into \$GLOBUS_LOCATION/etc/ssh. Otherwise, I will\n"; -print "generate them for you.)\n"; -print "\n"; - -if ( isForced() ) -{ - print "WARNING:\n"; - print "\n"; - print " Using the '-force' flag will cause all gsi_openssh_setup files to\n"; - print " be removed and replaced by new versions! Backup any critical\n"; - print " SSH configuration files before you choose to continue!\n"; - print "\n"; -} - -$response = query_boolean("Do you wish to continue with the setup package?","y"); -if ($response eq "n") -{ - print "\n"; - print "Exiting gsi_openssh setup.\n"; - - exit 0; -} - -print "\n"; - -makeConfDir(); -copyPRNGFile(); -$keyhash = determineKeys(); -runKeyGen($keyhash->{gen}); -copyKeyFiles($keyhash->{copy}); -copyConfigFiles(); - -my $metadata = new Grid::GPT::Setup(package_name => "gsi_openssh"); - -$metadata->finish(); - -print "\n"; -print "Additional Notes:\n"; -print "\n"; -print " o I see that you have your GLOBUS_LOCATION environmental variable\n"; -print " set to:\n"; -print "\n"; -print " \"$gpath\"\n"; -print "\n"; -print " Remember to keep this variable set (correctly) when you want to\n"; -print " use the executables that came with this package.\n"; -print "\n"; -print " After that you may execute, for example:\n"; -print "\n"; -print " \$ . \$GLOBUS_LOCATION/etc/globus-user-env.sh\n"; -print "\n"; -print " to prepare your environment for running the gsi_openssh\n"; -print " executables.\n"; -print "\n"; -print " o I recommend you review and customize to your liking the contents of\n"; -print "\n"; -print " \$GLOBUS_LOCATION/etc/ssh\n"; -print "\n"; -print " \"I can only show you the door. You have to walk through it.\"\n"; - -if ( !getPrivilegeSeparation() ) -{ - print "\n"; - print " o For System Administrators:\n"; - print "\n"; - print " If you are going to run the GSI-OpenSSH server, we recommend\n"; - print " enabling privilege separation. Although this package supports\n"; - print " this feature, your system appears to require some additional\n"; - print " configuration.\n"; - print "\n"; - print " From the file README.privsep, included as a part of the OpenSSH\n"; - print " distribution:\n"; - print "\n"; - print " When privsep is enabled, during the pre-authentication\n"; - print " phase sshd will chroot(2) to \"/var/empty\" and change its\n"; - print " privileges to the \"sshd\" user and its primary group. sshd\n"; - print " is a pseudo-account that should not be used by other\n"; - print " daemons, and must be locked and should contain a \"nologin\"\n"; - print " or invalid shell.\n"; - print "\n"; - print " You should do something like the following to prepare the\n"; - print " privsep preauth environment:\n"; - print "\n"; - print " \# mkdir /var/empty\n"; - print " \# chown root:sys /var/empty\n"; - print " \# chmod 755 /var/empty\n"; - print " \# groupadd sshd\n"; - print " \# useradd -g sshd -c 'sshd privsep' -d /var/empty \\\n"; - print " -s /bin/false sshd\n"; - print "\n"; - print " /var/empty should not contain any files.\n"; -} - -print "\n"; -print " o For more information about GSI-Enabled OpenSSH, visit:\n"; -print " \n"; - -# -# give the user a chance to read all of this output -# - -if ( $prompt ) -{ - print "\n"; - print "Press to continue... "; - $trash = ; -} - -print "---------------------------------------------------------------------\n"; -print "$myname: Finished configuring package 'gsi_openssh'.\n"; - -exit; - -# -# subroutines -# - -### initPRNGHash( ) -# -# initialize the PRNG pathname hash -# - -sub initPRNGHash( ) -{ - # - # standard prng to executable conversion names - # - - addPRNGCommand("\@PROG_LS\@", "ls"); - addPRNGCommand("\@PROG_NETSTAT\@", "netstat"); - addPRNGCommand("\@PROG_ARP\@", "arp"); - addPRNGCommand("\@PROG_IFCONFIG\@", "ifconfig"); - addPRNGCommand("\@PROG_PS\@", "ps"); - addPRNGCommand("\@PROG_JSTAT\@", "jstat"); - addPRNGCommand("\@PROG_W\@", "w"); - addPRNGCommand("\@PROG_WHO\@", "who"); - addPRNGCommand("\@PROG_LAST\@", "last"); - addPRNGCommand("\@PROG_LASTLOG\@", "lastlog"); - addPRNGCommand("\@PROG_DF\@", "df"); - addPRNGCommand("\@PROG_SAR\@", "sar"); - addPRNGCommand("\@PROG_VMSTAT\@", "vmstat"); - addPRNGCommand("\@PROG_UPTIME\@", "uptime"); - addPRNGCommand("\@PROG_IPCS\@", "ipcs"); - addPRNGCommand("\@PROG_TAIL\@", "tail"); - - print "Determining paths for PRNG commands...\n"; - - $paths = determinePRNGPaths(); - - return; -} - -### getDirectoryPaths( ) -# -# return an array ref containing all of the directories in which we should search -# for our listing of executable names. -# - -sub getDirectoryPaths( ) -{ - # - # read in the PATH environmental variable and prepend a set of 'safe' - # directories from which to test PRNG commands. - # - - $path = $ENV{PATH}; - $path = "/bin:/usr/bin:/sbin:/usr/sbin:/etc:" . $path; - @dirs = split(/:/, $path); - - # - # sanitize each directory listed in the array. - # - - @dirs = map { - $tmp = $_; - $tmp =~ s:/+:/:g; - $tmp =~ s:^\s+|\s+$::g; - $tmp; - } @dirs; - - return \@dirs; -} - -### addPRNGCommand( $prng_name, $exec_name ) -# -# given a PRNG name and a corresponding executable name, add it to our list of -# PRNG commands for which to find on the system. -# - -sub addPRNGCommand -{ - my($prng_name, $exec_name) = @_; - - prngAddNode($prng_name, $exec_name); -} - -### copyPRNGFile( ) -# -# read in ssh_prng_cmds.in, translate the program listings to the paths we have -# found on the local system, and then write the output to ssh_prng_cmds. -# - -sub copyPRNGFile -{ - my($fileInput, $fileOutput); - my($mode, $uid, $gid); - my($data); - - if ( isPresent("$sysconfdir/ssh_prng_cmds") && !isForced() ) - { - printf("ssh_prng_cmds found and not forced. Not installing ssh_prng_cmds...\n"); - return; - } - - initPRNGHash(); - - print "Fixing paths in ssh_prng_cmds...\n"; - - $fileInput = "$setupdir/ssh_prng_cmds.in"; - $fileOutput = "$sysconfdir/ssh_prng_cmds"; - - # - # verify that we are prepared to work with $fileInput - # - - if ( !isReadable($fileInput) ) - { - printf("Cannot read $fileInput... skipping.\n"); - return; - } - - # - # verify that we are prepared to work with $fileOuput - # - - if ( !prepareFileWrite($fileOutput) ) - { - return; - } - - # - # Grab the current mode/uid/gid for use later - # - - $mode = (stat($fileInput))[2]; - $uid = (stat($fileInput))[4]; - $gid = (stat($fileInput))[5]; - - # - # Open the files for reading and writing, and loop over the input's contents - # - - $data = readFile($fileInput); - for my $k (keys %$prngcmds) - { - $sub = prngGetExecPath($k); - $data =~ s:$k:$sub:g; - } - writeFile($fileOutput, $data); - - # - # An attempt to revert the new file back to the original file's - # mode/uid/gid - # - - chmod($mode, $fileOutput); - chown($uid, $gid, $fileOutput); - - return 0; -} - -### determinePRNGPaths( ) -# -# for every entry in the PRNG hash, seek out and find the path for the -# corresponding executable name. -# - -sub determinePRNGPaths -{ - my(@paths, @dirs); - my($exec_name, $exec_path); - - $dirs = getDirectoryPaths(); - - for my $k (keys %$prngcmds) - { - $exec_name = prngGetExecName($k); - $exec_path = findExecutable($exec_name, $dirs); - prngSetExecPath($k, $exec_path); - } - - return; -} - -### prngAddNode( $prng_name, $exec_name ) -# -# add a new node to the PRNG hash -# - -sub prngAddNode -{ - my($prng_name, $exec_name) = @_; - my($node); - - if (!defined($prngcmds)) - { - $prngcmds = {}; - } - - $node = {}; - $node->{prng} = $prng_name; - $node->{exec} = $exec_name; - - $prngcmds->{$prng_name} = $node; -} - -### prngGetExecName( $key ) -# -# get the executable name from the prng commands hash named by $key -# - -sub prngGetExecName -{ - my($key) = @_; - - return $prngcmds->{$key}->{exec}; -} - -### prngGetExecPath( $key ) -# -# get the executable path from the prng commands hash named by $key -# - -sub prngGetExecPath -{ - my($key) = @_; - - return $prngcmds->{$key}->{exec_path}; -} - -### prngGetNode( $key ) -# -# return a reference to the node named by $key -# - -sub prngGetNode -{ - my($key) = @_; - - return ${$prngcmds}{$key}; -} - -### prngSetExecPath( $key, $path ) -# -# given a key, set the executable path in that node to $path -# - -sub prngSetExecPath -{ - my($key, $path) = @_; - - $prngcmds->{$key}->{exec_path} = $path; -} - -### findExecutable( $exec_name, $dirs ) -# -# given an executable name, test each possible path in $dirs to see if such -# an executable exists. -# - -sub findExecutable -{ - my($exec_name, $dirs) = @_; - - for my $d (@$dirs) - { - $test = "$d/$exec_name"; - - if ( isExecutable($test) ) - { - return $test; - } - } - - return "undef"; -} - -### copyKeyFiles( $copylist ) -# -# given an array of keys to copy, copy both the key and its public variant into -# the gsi-openssh configuration directory. -# - -sub copyKeyFiles -{ - my($copylist) = @_; - my($regex, $basename); - - if (@$copylist) - { - print "Copying ssh host keys...\n"; - - for my $f (@$copylist) - { - $f =~ s:/+:/:g; - - if (length($f) > 0) - { - $keyfile = "$f"; - $pubkeyfile = "$f.pub"; - - copyFile("$localsshdir/$keyfile", "$sysconfdir/$keyfile"); - copyFile("$localsshdir/$pubkeyfile", "$sysconfdir/$pubkeyfile"); - } - } - } -} - -### isForced( ) -# -# return true if the user passed in the force flag. return false otherwise. -# - -sub isForced -{ - if ( defined($force) && $force ) - { - return 1; - } - else - { - return 0; - } -} - -### isReadable( $file ) -# -# given a file, return true if that file both exists and is readable by the -# effective user id. return false otherwise. -# - -sub isReadable -{ - my($file) = @_; - - if ( ( -e $file ) && ( -r $file ) ) - { - return 1; - } - else - { - return 0; - } -} - -### isExecutable( $file ) -# -# return true if $file is executable. return false otherwise. -# - -sub isExecutable -{ - my($file) = @_; - - if ( -x $file ) - { - return 1; - } - else - { - return 0; - } -} - -### isWritable( $file ) -# -# given a file, return true if that file does not exist or is writable by the -# effective user id. return false otherwise. -# - -sub isWritable -{ - my($file) = @_; - - if ( ( ! -e $file ) || ( -w $file ) ) - { - return 1; - } - else - { - return 0; - } -} - -### isPresent( $file ) -# -# given a file, return true if that file exists. return false otherwise. -# - -sub isPresent -{ - my($file) = @_; - - if ( -e $file ) - { - return 1; - } - else - { - return 0; - } -} - -### makeConfDir( ) -# -# make the gsi-openssh configuration directory if it doesn't already exist. -# - -sub makeConfDir -{ - if ( isPresent($sysconfdir) ) - { - if ( -d $sysconfdir ) - { - return; - } - - die("${sysconfdir} already exists and is not a directory!\n"); - } - - print "Could not find ${sysconfdir} directory... creating.\n"; - action("mkdir -p $sysconfdir"); - - return; -} - -### determineKeys( ) -# -# based on a set of key types, triage them to determine if for each key type, that -# key type should be copied from the main ssh configuration directory, or if it -# should be generated using ssh-keygen. -# - -sub determineKeys -{ - my($keyhash, $keylist); - my($count); - - # - # initialize our variables - # - - $count = 0; - - $keyhash = {}; - $keyhash->{gen} = []; # a list of keytypes to generate - $keyhash->{copy} = []; # a list of files to copy from the - - $genlist = $keyhash->{gen}; - $copylist = $keyhash->{copy}; - - # - # loop over our keytypes and determine what we need to do for each of them - # - - for my $keytype (keys %$keyfiles) - { - $basekeyfile = $keyfiles->{$keytype}; - - # - # if the key's are already present, we don't need to bother with this rigamarole - # - - $gkeyfile = "$sysconfdir/$basekeyfile"; - $gpubkeyfile = "$sysconfdir/$basekeyfile.pub"; - - if ( isPresent($gkeyfile) && isPresent($gpubkeyfile) ) - { - if ( isForced() ) - { - if ( isWritable("$sysconfdir/$basekeyfile") && isWritable("$sysconfdir/$basekeyfile.pub") ) - { - action("rm $sysconfdir/$basekeyfile"); - action("rm $sysconfdir/$basekeyfile.pub"); - } - else - { - next; - } - } - } - - # - # if we can find a copy of the keys in /etc/ssh, we'll copy them to the user's - # globus location - # - - $mainkeyfile = "$localsshdir/$basekeyfile"; - $mainpubkeyfile = "$localsshdir/$basekeyfile.pub"; - - if ( isReadable($mainkeyfile) && isReadable($mainpubkeyfile) ) - { - push(@$copylist, $basekeyfile); - $count++; - next; - } - - # - # otherwise, we need to generate the key - # - - push(@$genlist, $keytype); - $count++; - } - - return $keyhash; -} - -### runKeyGen( $gen_keys ) -# -# given a set of key types, generate private and public keys for that key type and -# place them in the gsi-openssh configuration directory. -# - -sub runKeyGen -{ - my($gen_keys) = @_; - my $keygen = "$bindir/ssh-keygen"; - - if (@$gen_keys && -x $keygen) - { - print "Generating ssh host keys...\n"; - - for my $k (@$gen_keys) - { - $keyfile = $keyfiles->{$k}; - - if ( !isPresent("$sysconfdir/$keyfile") ) - { - action("$bindir/ssh-keygen -t $k -f $sysconfdir/$keyfile -N \"\""); - } - } - } - - return 0; -} - -### copySSHDConfigFile( ) -# -# this subroutine 'edits' the paths in sshd_config to suit them to the current environment -# in which the setup script is being run. -# - -sub copySSHDConfigFile -{ - my($fileInput, $fileOutput); - my($mode, $uid, $gid); - my($line, $newline); - my($privsep_enabled); - - print "Fixing paths in sshd_config...\n"; - - $fileInput = "$setupdir/sshd_config.in"; - $fileOutput = "$sysconfdir/sshd_config"; - - # - # verify that we are prepared to work with $fileInput - # - - if ( !isReadable($fileInput) ) - { - printf("Cannot read $fileInput... skipping.\n"); - return; - } - - # - # verify that we are prepared to work with $fileOuput - # - - if ( !prepareFileWrite($fileOutput) ) - { - return; - } - - # - # check to see whether we should enable privilege separation - # - - if ( userExists("sshd") && ( -d "/var/empty" ) && ( getOwnerID("/var/empty") eq 0 ) ) - { - setPrivilegeSeparation(1); - } - else - { - setPrivilegeSeparation(0); - } - - if ( getPrivilegeSeparation() ) - { - $privsep_enabled = "yes"; - } - else - { - $privsep_enabled = "no"; - } - - # - # Grab the current mode/uid/gid for use later - # - - $mode = (stat($fileInput))[2]; - $uid = (stat($fileInput))[4]; - $gid = (stat($fileInput))[5]; - - # - # Open the files for reading and writing, and loop over the input's contents - # - - $data = readFile($fileInput); - - # - # alter the PidFile config - # - - $text = "PidFile\t$gpath/var/sshd.pid"; - $data =~ s:^[\s|#]*PidFile.*$:$text:gm; - - # - # set the sftp directive - # - - $text = "Subsystem\tsftp\t$gpath/libexec/sftp-server"; - $data =~ s:^[\s|#]*Subsystem\s+sftp\s+.*$:$text:gm; - - # - # set the privilege separation directive - # - - $text = "UsePrivilegeSeparation\t${privsep_enabled}"; - $data =~ s:^[\s|#]*UsePrivilegeSeparation.*$:$text:gm; - - # - # dump the modified output to the config file - # - - writeFile($fileOutput, $data); - - # - # An attempt to revert the new file back to the original file's - # mode/uid/gid - # - - chmod($mode, $fileOutput); - chown($uid, $gid, $fileOutput); - - return 0; -} - -### setPrivilegeSeparation( $value ) -# -# set the privilege separation variable to $value -# - -sub setPrivilegeSeparation -{ - my($value) = @_; - - $privsep = $value; -} - -### getPrivilegeSeparation( ) -# -# return the value of the privilege separation variable -# - -sub getPrivilegeSeparation -{ - return $privsep; -} - -### prepareFileWrite( $file ) -# -# test $file to prepare for writing to it. -# - -sub prepareFileWrite -{ - my($file) = @_; - - if ( isPresent($file) ) - { - printf("$file already exists... "); - - if ( isForced() ) - { - if ( isWritable($file) ) - { - printf("removing.\n"); - action("rm $file"); - return 1; - } - else - { - printf("not writable -- skipping.\n"); - return 0; - } - } - else - { - printf("skipping.\n"); - return 0; - } - } - - return 1; -} - -### copyConfigFiles( ) -# -# subroutine that copies some extra config files to their proper location in -# $GLOBUS_LOCATION/etc/ssh. -# - -sub copyConfigFiles -{ - # - # copy the sshd_config file into the ssh configuration directory and alter - # the paths in the file. - # - - copySSHDConfigFile(); - - # - # do straight copies of the ssh_config and moduli files. - # - - printf("Copying ssh_config and moduli to their proper location...\n"); - - copyFile("$setupdir/ssh_config", "$sysconfdir/ssh_config"); - copyFile("$setupdir/moduli", "$sysconfdir/moduli"); - - # - # copy and alter the SXXsshd script. - # - - copySXXScript("$setupdir/SXXsshd.in", "$sbindir/SXXsshd"); -} - -### copyFile( $src, $dest ) -# -# copy the file pointed to by $src to the location specified by $dest. in the -# process observe the rules regarding when the '-force' flag was passed to us. -# - -sub copyFile -{ - my($src, $dest) = @_; - - if ( !isReadable($src) ) - { - printf("$src is not readable... not creating $dest.\n"); - return; - } - - if ( !prepareFileWrite($dest) ) - { - return; - } - - action("cp $src $dest"); -} - -### copySXXScript( $in, $out ) -# -# parse the input file, substituting in place the value of GLOBUS_LOCATION, and -# write the result to the output file. -# - -sub copySXXScript -{ - my($in, $out) = @_; - my($tmpgpath); - - if ( !isReadable($in) ) - { - printf("$in is not readable... not creating $out.\n"); - return; - } - - if ( !prepareFileWrite($out) ) - { - return; - } - - # - # clean up any junk in the globus path variable - # - - $tmpgpath = $gpath; - $tmpgpath =~ s:/+:/:g; - $tmpgpath =~ s:([^/]+)/$:\1:g; - - # - # read in the script, substitute globus location, then write it back out - # - - $data = readFile($in); - $data =~ s|\@GLOBUS_LOCATION\@|$tmpgpath|g; - writeFile($out, $data); - action("chmod 755 $out"); -} - -### readFile( $filename ) -# -# reads and returns $filename's contents -# - -sub readFile -{ - my($filename) = @_; - my($data); - - open(IN, "$filename") || die "Can't open '$filename': $!"; - $/ = undef; - $data = ; - $/ = "\n"; - close(IN); - - return $data; -} - -### writeFile( $filename, $fileinput ) -# -# create the inputs to the ssl program at $filename, appending the common name to the -# stream in the process -# - -sub writeFile -{ - my($filename, $fileinput) = @_; - - # - # test for a valid $filename - # - - if ( !defined($filename) || (length($filename) lt 1) ) - { - die "Filename is undefined"; - } - - # - # verify that we are prepared to work with $filename - # - - if ( !prepareFileWrite($filename) ) - { - return; - } - - # - # write the output to $filename - # - - open(OUT, ">$filename"); - print OUT "$fileinput"; - close(OUT); -} - -### action( $command ) -# -# run $command within a proper system() command. -# - -sub action -{ - my($command) = @_; - - printf "$command\n"; - - my $result = system("LD_LIBRARY_PATH=\"$gpath/lib:\$LD_LIBRARY_PATH\"; $command 2>&1"); - - if (($result or $?) and $command !~ m!patch!) - { - die "ERROR: Unable to execute command: $!\n"; - } -} - -### query_boolean( $query_text, $default ) -# -# query the user with a string, and expect a response. If the user hits -# 'enter' instead of entering an input, then accept the default response. -# - -sub query_boolean -{ - my($query_text, $default) = @_; - my($nondefault, $foo, $bar); - - if ( !$prompt ) - { - print "Prompt suppressed. Continuing...\n"; - return "y"; - } - - # - # Set $nondefault to the boolean opposite of $default. - # - - if ($default eq "n") - { - $nondefault = "y"; - } - else - { - $nondefault = "n"; - } - - print "${query_text} "; - print "[$default] "; - - $foo = ; - ($bar) = split //, $foo; - - if ( grep(/\s/, $bar) ) - { - # this is debatable. all whitespace means 'default' - - $bar = $default; - } - elsif ($bar eq '') - { - $bar = $default; - } - elsif ($bar ne $default) - { - # everything else means 'nondefault'. - - $bar = $nondefault; - } - else - { - # extraneous step. to get here, $bar should be eq to $default anyway. - - $bar = $default; - } - - return $bar; -} - -### absolutePath( $file ) -# -# converts a given pathname into a canonical path using the abs_path function. -# - -sub absolutePath -{ - my($file) = @_; - my $home = $ENV{'HOME'}; - $file =~ s!~!$home!; - my $startd = cwd(); - $file =~ s!^\./!$startd/!; - $file = "$startd/$file" if $file !~ m!^\s*/!; - $file = abs_path($file); - return $file; -} - -### getOwnerID( $file ) -# -# return the uid containing the owner ID of the given file. -# - -sub getOwnerID -{ - my($file) = @_; - my($uid); - - # - # call stat() to get the mode of the file - # - - $uid = (stat($file))[4]; - - return $uid; -} - -### getMode( $file ) -# -# return a string containing the mode of the given file. -# - -sub getMode -{ - my($file) = @_; - my($tempmode, $mode); - - # - # call stat() to get the mode of the file - # - - $tempmode = (stat($file))[2]; - if (length($tempmode) < 1) - { - return ""; - } - - # - # call sprintf to format the mode into a UNIX-like string - # - - $mode = sprintf("%04o", $tempmode & 07777); - - return $mode; -} - -### userExists( $username ) -# -# given a username, return true if the user exists on the system. return false -# otherwise. -# - -sub userExists -{ - my($username) = @_; - my($uid); - - # - # retrieve the userid of the user with the given username - # - - $uid = getpwnam($username); - - # - # return true if $uid is defined and has a length greater than 0 - # - - if ( defined($uid) and (length($uid) > 0) ) - { - return 1; - } - else - { - return 0; - } -} -- 2.45.1