Commit 1f1a835a authored by Russ Fish's avatar Russ Fish

Add a script to set the Windows passwords into Samba for all active login users.

parent 9237c34b
......@@ -34,12 +34,12 @@ SBIN_STUFF = resetvlans console_setup.proxy sched_reload named_setup \
sfskey_update sfskey_update.proxy rmuser idleswap \
newnode_reboot savelogs.proxy eventsys.proxy \
elabinelab snmpit.proxy panic repos_daemon node_attributes \
nfstrace plabinelab
nfstrace plabinelab smbpasswd_setup smbpasswd_setup.proxy
CTRLBIN_STUFF = console_setup.proxy sfskey_update.proxy \
savelogs.proxy eventsys.proxy
FSBIN_STUFF = exports_setup.proxy
FSBIN_STUFF = exports_setup.proxy smbpasswd_setup.proxy
LIBEXEC_STUFF = rmproj wanlinksolve wanlinkinfo \
os_setup mkexpdir console_setup webnscheck webreport \
......
#!/usr/bin/perl -wT
#
# EMULAB-COPYRIGHT
# Copyright (c) 2006 University of Utah and the Flux Group.
# All rights reserved.
#
use English;
#
# smbpasswd_setup - Run this on Boss as root.
#
# For each active user in the Emulab database, it sets their Samba password on
# Fs to their Windows password, using the smbpasswd_setup.proxy .
#
# usage: smbpasswd_setup [debug_level]
#
my $dbg = 0;
if ($#ARGV+1 > 0) {
# 0 = no debug, 1 = remote dbg, 2 = local dbg.
$dbg = $ARGV[0];
}
if ($dbg =~ /^([-\w]+)$/i) {
$dbg = $1;
}
else {
die("Tainted argument: $dbg\n");
}
#
# Configure variables.
#
my $TB = "@prefix@";
my $FSNODE = "@FSNODE@";
my $WINSUPPORT = @WINSUPPORT@;
# Note no -n option to ssh. We pipe stdin below.
my $SSH = "$TB/bin/sshtb -l root -host $FSNODE";
my $PROG = "$TB/sbin/smbpasswd_setup.proxy";
#
# We don't want to run this script unless its the real version or local debug.
#
if ($EUID != 0 and $dbg < 2) {
die("*** $0:\n".
" Must be root! Maybe its a development version?\n");
}
die("*** $0:\n".
" Nothing to do if no Windows support in this copy of Emulab.\n")
if (!$WINSUPPORT);
# un-taint path
$ENV{'PATH'} = '/bin:/usr/bin:/usr/sbin:/usr/local/bin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
#
# Turn off line buffering on output
#
$| = 1;
#
# Testbed Support libraries
#
use lib "@prefix@/lib";
use libdb;
use libtestbed;
my $USERROOT = USERROOT();
# Just do active, login accounts with real (unstarred) passwords.
# (The unix_pwd is set to "frozen" on frozen accounts.)
my $users_result =
DBQueryFatal("select uid, usr_w_pswd, usr_pswd from users " .
"where status = '" . USERSTATUS_ACTIVE() . "'" .
" and wikionly = '0' and webonly = '0'" .
" and usr_pswd != '*'");
{
local $SIG{PIPE} = sub { die "$PROG pipe broke" };
# Open a pipe to a proxy on Ops.
(open(PROXY, "| $SSH $PROG $dbg")
|| fatal("Failed: '| $SSH $PROG $dbg' $! $?"))
if ($dbg < 2);
while (my @usersrow = $users_result->fetchrow_array) {
my $uid = $usersrow[0];
my $w_pwd = $usersrow[1];
my $unix_pwd = $usersrow[2];
# If there's no user Windows password set, use the initial random default
# for the Windows Password. This based on the Unix encrypted password, in
# particular the random salt if it's an MD5 crypt, consisting of the 8
# characters after an initial "$1$" and followed by a "$".
if (! defined($w_pwd)) {
# When there's no $ at the beginning, its not an MD5 hash.
if ($unix_pwd !~ m/\$1\$/) {
$w_pwd = substr($unix_pwd,0,8);
}
else {
$w_pwd = substr($unix_pwd,3,8); # The MD5 salt string.
}
}
if (-d "$USERROOT/$uid") {
if ($dbg >= 2) {
print "$uid, $w_pwd, $unix_pwd\n";
}
else {
print PROXY "$uid $w_pwd\n";
}
}
else {
print STDERR "*** smbpasswd_setup: ".
"$USERROOT/$uid does not exist!\n";
}
}
(close(PROXY)
|| fatal("Failed, closing: '| $SSH $PROG $dbg' $! $?"))
if ($dbg < 2);
}
exit(0);
#!/usr/bin/perl -wT
#
# EMULAB-COPYRIGHT
# Copyright (c) 2006 University of Utah and the Flux Group.
# All rights reserved.
#
use English;
#
# smbpasswd_setup.proxy - This is run remotely on Fs as root, with stdin piped
# from smbpasswd_setup on Boss.
#
# It sets the Samba password on Fs for each active user to specified (Emulab
# Windows) password.
#
# usage: smbpasswd_setup.proxy [debug_level]
#
my $dbg = 0;
if ($#ARGV+1 > 0) {
$dbg = $ARGV[0];
}
if ($dbg =~ /^([-\w]+)$/i) {
$dbg = $1;
}
else {
die("Tainted argument: $dbg\n");
}
#
# Configure variables.
#
my $WINSUPPORT = @WINSUPPORT@;
my $SMBPASSWD = "/usr/local/bin/smbpasswd";
#
# We don't want to run this script unless its the real version (or debugging.)
#
if ($EUID != 0 and !$dbg) {
die("*** $0:\n".
" Must be root! Maybe its a development version?\n");
}
die("*** $0:\n".
" Nothing to do if no Windows support in this copy of Emulab.\n")
if (!$WINSUPPORT);
# un-taint path
$ENV{'PATH'} = '/bin:/usr/bin:/usr/sbin:/usr/local/bin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
my $log = "/tmp/smbpasswd_setup_proxy.log";
open(LOG, "> $log")
|| fatal("Couldn't open $log.\n");
{
local $SIG{PIPE} = sub { die "$SMBPASSWD pipe broke" };
# Each line on stdin is "uid w_pswd".
my ($uid, $w_pwd);
while (<STDIN>) {
if (! (($uid, $w_pswd) = m/^(\S+) (.+)/)) {
print LOG "BAD LINE: $_\n";
}
else {
print LOG "$uid, '$w_pswd'\n";
}
if (! $dbg) {
# Tell smbpasswd the password, and again to confirm.
# -s == Silent: no prompts, read from stdin.
# -a == Add the uid if necessary.
my $cmd = "| $SMBPASSWD -s -a $uid";
open(PWD, $cmd );
print PWD "$w_pswd\n$w_pswd\n";
my $stat = close PWD;
if (0 && $stat) { # XXX it's succeeding, but returning 1.
print LOG "FAILED, closing: '$cmd', $stat\n";
exit($stat);
}
}
}
}
close(LOG);
exit(0);
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment