[7e50f69] | 1 | #!/usr/bin/perl |
---|
| 2 | |
---|
| 3 | use strict; |
---|
| 4 | |
---|
| 5 | use gateway_lib; |
---|
| 6 | |
---|
| 7 | use IO::File; |
---|
| 8 | |
---|
| 9 | use Getopt::Long; |
---|
| 10 | |
---|
| 11 | my $ssh_pubkey; |
---|
| 12 | my $ssh_privkey; |
---|
| 13 | my $tunnelip; |
---|
| 14 | my $peer; |
---|
| 15 | my @ports; |
---|
| 16 | my $fedkit_dir= "/usr/local/federation"; |
---|
| 17 | my $perl = "/usr/bin/perl"; |
---|
| 18 | my $iface_file; |
---|
| 19 | my $ssh = "/usr/bin/ssh"; |
---|
| 20 | my $use_file; |
---|
| 21 | my $ssh_port=22; |
---|
| 22 | my %opts = ( |
---|
| 23 | 'ssh_pubkey=s' => \$ssh_pubkey, |
---|
| 24 | 'ssh_privkey=s' => \$ssh_privkey, |
---|
| 25 | 'tunnelip' => \$tunnelip, |
---|
| 26 | 'peer=s' => \$peer, |
---|
| 27 | 'port=s', \@ports, |
---|
| 28 | 'fedkit=s' => \$fedkit_dir, |
---|
| 29 | 'perl=s' => \$perl, |
---|
| 30 | 'ssh=s' => \$ssh, |
---|
| 31 | 'ssh_port=s' => \$ssh_port, |
---|
| 32 | 'use_file' => \$use_file, |
---|
| 33 | ); |
---|
| 34 | |
---|
| 35 | exit(20) unless GetOptions(%opts); |
---|
| 36 | |
---|
[97edf0d] | 37 | gateway_lib::read_config(gateway_lib::config_filename(), \%opts) |
---|
[7e50f69] | 38 | if $use_file; |
---|
| 39 | |
---|
| 40 | my $tunnelparam = $tunnelip ? '--tunnelip' : ''; |
---|
| 41 | |
---|
| 42 | system("$perl -I$fedkit_dir/lib $fedkit_dir/bin/prep_gateway.pl --peer=$peer " . |
---|
| 43 | "--ssh_pubkey=$ssh_pubkey $tunnelparam"); |
---|
| 44 | exit(20) if $?; |
---|
| 45 | |
---|
[479a7d9] | 46 | # Remove dupes from ports |
---|
| 47 | my %mark; |
---|
| 48 | @ports = grep($mark{$_}++, @ports); |
---|
| 49 | |
---|
[7e50f69] | 50 | foreach my $p (@ports) { |
---|
| 51 | my ($type, $port, $host, $eport) = split(":", $p); |
---|
| 52 | $eport = $port unless $eport; |
---|
[479a7d9] | 53 | if ($type ne "local") { |
---|
| 54 | # We will need to resolve this host name. Make sure we can. |
---|
| 55 | if (!gateway_lib::get_ip($host)) { |
---|
| 56 | # the short form isn't resovable. Try the full domain that the |
---|
| 57 | # portal is in. If that doesn't work assume the user knows better |
---|
| 58 | # and leave $host untouched. |
---|
| 59 | chomp (my $hn = `hostname`); |
---|
| 60 | (my $try = $hn) =~ s/^[^\.]+/$host/; |
---|
| 61 | |
---|
| 62 | $host = $try if gateway_lib::get_ip($try); |
---|
| 63 | } |
---|
| 64 | } |
---|
[7e50f69] | 65 | my $fopt = ($type eq 'local' ? "-L" : "-R") . " :$port:$host:$eport"; |
---|
| 66 | my $cmd = "$ssh -N $fopt -p $ssh_port -o \"StrictHostKeyChecking no\" " . |
---|
| 67 | "-i $ssh_privkey $peer &"; |
---|
| 68 | system($cmd); |
---|
| 69 | die if $?; |
---|
| 70 | } |
---|
| 71 | |
---|
| 72 | exit(0); |
---|
| 73 | |
---|
| 74 | =pod |
---|
| 75 | |
---|
| 76 | =head1 NAME |
---|
| 77 | |
---|
| 78 | B<port_forward.pl> - Do ssh service port forwarding. |
---|
| 79 | |
---|
| 80 | =head1 OPTIONS |
---|
| 81 | |
---|
| 82 | =over 8 |
---|
| 83 | |
---|
| 84 | =item B<fedkit=>I<install_dir> |
---|
| 85 | |
---|
| 86 | Directory in which this software is installed. Generally not needed. |
---|
| 87 | |
---|
| 88 | =item B<peer=>I<hostname> |
---|
| 89 | |
---|
| 90 | The other gateway providing forwarding. |
---|
| 91 | |
---|
| 92 | =item B<perl=>I<perl_binary> |
---|
| 93 | |
---|
| 94 | Location of the perl binary. Usually unneeded. |
---|
| 95 | |
---|
| 96 | =item B<port=>I<port_spec> |
---|
| 97 | |
---|
| 98 | Forward the given port. Each port is given as type:lport:host:rport where |
---|
| 99 | type can be "local" or "remote". These correspont to B<-L> and B<-R> ssh |
---|
| 100 | port forwarding, respectively. The remaining parameters are exactly as for |
---|
| 101 | those parameters to ssh. |
---|
| 102 | |
---|
| 103 | =item B<ssh=>I<ssh_binary> |
---|
| 104 | |
---|
| 105 | The pathname of the ssh binary. Unusally unnecessary. |
---|
| 106 | |
---|
| 107 | =item B<ssh_pubkey=>I<keyfile> |
---|
| 108 | |
---|
| 109 | A public to install as authorized. |
---|
| 110 | |
---|
| 111 | =item B<ssh_privkey=>I<identity_file> |
---|
| 112 | |
---|
| 113 | The identity to use for remote access |
---|
| 114 | |
---|
| 115 | =item B<tunnelip> |
---|
| 116 | |
---|
| 117 | True if the testbed uses the DETER tunnelip extension to provide external |
---|
| 118 | connectivity information |
---|
| 119 | |
---|
| 120 | =item B<use_file> |
---|
| 121 | |
---|
| 122 | If given read additional parameters from the file in |
---|
| 123 | /proj/I<project>/exp/I<experiment/tmp/I<hostname>.gw/conf where those are the |
---|
| 124 | current testbed project and experiment and the hostname is before the first |
---|
| 125 | dot. The file is option: value. |
---|
| 126 | |
---|
| 127 | |
---|
| 128 | =back |
---|
| 129 | |
---|
| 130 | =head1 SYNOPSIS |
---|
| 131 | |
---|
| 132 | In addition to providing the key initialization and DETER routing setup for a |
---|
| 133 | gateway without external access as B<active_config.pl> does, B<forward_port.pl> |
---|
| 134 | forwards the given ports using ssh. B<forward_port.pl> does not establish low |
---|
| 135 | level connectivity tunnels. |
---|
| 136 | |
---|
| 137 | |
---|
| 138 | =head1 AUTHORS |
---|
| 139 | |
---|
| 140 | Ted Faber <faber@isi.edu> |
---|
| 141 | |
---|
| 142 | =cut |
---|