#!/usr/bin/perl -w # Version: 2003 07 09 - 17h45 # TODO: # . utiliser start-stop-daemon use strict; use File::Basename; ## CONFIGURATION my $nfs_server = "prisme"; # the nfs server to connect to my $nfs_server_user = "root"; # a valid username on the nfs server my $use_version = "2"; # nfs-user-server uses 2, otherwise 3 # would be better. Check output of # 'rpcinfo -p <servername>' my $pid_file = "/var/run/nfs-ssh-fw"; # fichier pid my $serv_rep = "/home/nfs"; # répertoire exporté sur le serveur my $client_rep = "/home/nfs"; # répertoire où monter le fs, sur le client my $nfsd_client_port = "2818"; # we will port forward nfsd here my $mountd_client_port = "3045"; # we will port forward mountd here my $sleep_length = "86400"; # how long to sleep before restarting # 86400 secs is one day. Note # this is overridden if a command is # specified in the server's # authorized_keys2 file # need to keep '-f', can also specify encryption algorithm, the ssh version # and the id key my $ssh_opts = "-f -c blowfish -2 -i /root/.ssh/id_dsa_nfs"; my %rpcinfo_col = ( # change as per output of rpcinfo -p 'program' => '0', 'version' => '1', 'protocol' => '2', 'port' => '3', 'daemon' => '4' ); ## END CONFIGURATION # start if ($ARGV[0] eq "start") { # Quitter si le démon tourne déjà if (-s $pid_file) { print ("nfs-ssh-fw est déjà lancé.\n"); exit 1; } my $prog_name = basename($0); my $nfsd_server_port = ""; my $mountd_server_port = ""; # for signals $SIG{INT} = sub { die "$0 interrupted and dying (does not kill ssh)\n" }; print "$prog_name: Starting ssh/nfs forwarding \n"; # first, get the rpcinfo

my @rpcinfo = `rpcinfo -p $nfs_server`; print "My rpcinfo =\n @rpcinfo"; # now get the nfsd and mountd port numbers foreach (@rpcinfo) { my @line = split; if ($line[$rpcinfo_col{"version"}] eq $use_version && $line[$rpcinfo_col{"daemon"}] eq "nfs" && $line[$rpcinfo_col{"protocol"}] eq "tcp") { $nfsd_server_port = $line[$rpcinfo_col{"port"}]; print (" nfsd port = $nfsd_server_port"); } elsif ($line[$rpcinfo_col{"version"}] eq $use_version && $line[$rpcinfo_col{"daemon"}] eq "mountd" && $line[$rpcinfo_col{"protocol"}] eq "tcp") { $mountd_server_port = $line[$rpcinfo_col{"port"}]; print (", mountd port = $mountd_server_port\n"); } } # on met en place le ssh-forwarding system("/usr/bin/ssh $ssh_opts -L \\ $nfsd_client_port:$nfs_server:$nfsd_server_port -L \\ $mountd_client_port:$nfs_server:$mountd_server_port -l \\ $nfs_server_user $nfs_server /bin/sleep $sleep_length"); # attendre que le ssh-forwarding se mette en place, # puis monter le répertoire print ("Pause de 5 secondes...\n"); system("/bin/sleep 5 && /bin/mount -t nfs -o tcp,port=$nfsd_client_port,mountport=$mountd_client_port,rsize=8192,wsize=8192,intr,rw,bg,nosuid localhost:$serv_rep $client_rep"); `ps aux | grep "[/]usr/bin/ssh -f -c blowfish -2 -i /root/.ssh/id_dsa_nfs" | awk '{print \$2}' > $pid_file`; print ("nfs-ssh-fw lancé; pid = "); print (`cat $pid_file`); exit 0; } elsif ($ARGV[0] eq "stop") { # Quitter si le démon ne tourne pas if (! -s $pid_file) { print ("nfs-ssh-fw ne tourne pas.\n"); exit 1; } print ("Arrêt de nfs-ssh-fw...\n"); # démonter /home/nfs si et seulement si il est monté my $mounted=`mount | grep "rw,nosuid,tcp,port=$nfsd_client_port,mountport=$mountd_client_port" | awk '{print \$3}'`; if ($mounted ne "") { print (" - démontage de $client_rep\n"); `/bin/umount $client_rep`; } # killer le ssh-forwarding print (" - arrêt du ssh\n"); my $pid=`cat $pid_file`; kill 15, $pid; unlink $pid_file; print ("nfs-ssh-fw arrêté.\n"); exit 0; } elsif ($ARGV[0] eq "restart") { system("/etc/init.d/nfs-ssh-fw.pl stop"); system("/etc/init.d/nfs-ssh-fw.pl start"); exit 0; } # autre else { print ("Usage: /etc/init.d/nfs-ssh-fw.pl {start|stop|restart}"); exit 1; }