Commit ce479a08 authored by Leigh Stoller's avatar Leigh Stoller

Add mechanism to allow admins to log in even when web interface is

turned off. Use this link directly:

	https://www.emulab.net/login.php3?adminmode=1

This is passed into DOLOGIN(), and if the user is a real admin (of
course) the login is created with the adminmode set to on instead of
off (the default). This essentially causes the NOLOGINS checks later
on to be bypassed (as is the case when its an admin that is logged
in).

I prefer this approach cause it hides the entire admin thing, rather
than putting up a checkbox that might leak out to a mere user (remote
chance, but I feel better this way).

There is also some new stats code that is turned off until its
finished.
parent 4ba3b913
......@@ -15,6 +15,10 @@ if (!isset($key) || !strcmp($key, "")) {
if (!isset($vuid) || !strcmp($vuid, "")) {
$vuid = 0;
}
# Allow adminmode to be passed along.
if (!isset($adminmode)) {
$adminmode = 0;
}
# Allow referrer to be passed along.
if (!isset($referrer) || !strcmp($referrer, "")) {
$referrer = 0;
......@@ -54,7 +58,7 @@ if (($known_uid = GETUID()) != FALSE) {
#
# Spit out the form.
#
function SPITFORM($uid, $key, $referrer, $failed)
function SPITFORM($uid, $key, $referrer, $failed, $adminmode)
{
global $TBDB_UIDLEN, $TBBASE;
......@@ -99,6 +103,9 @@ function SPITFORM($uid, $key, $referrer, $failed)
if ($referrer) {
echo "<input type=hidden name=referrer value=$referrer>\n";
}
if ($adminmode) {
echo "<input type=hidden name=adminmode value=1>\n";
}
echo "</form>
</table>\n";
......@@ -130,7 +137,7 @@ if (0 && NOLOGINS()) {
if (! isset($login)) {
if ($vuid)
$known_uid = $vuid;
SPITFORM($known_uid, $key, $referrer, 0);
SPITFORM($known_uid, $key, $referrer, 0, $adminmode);
PAGEFOOTER();
return;
}
......@@ -147,7 +154,7 @@ if (!isset($uid) ||
$login_status = $STATUS_LOGINFAIL;
}
else {
if (DOLOGIN($uid, $password)) {
if (DOLOGIN($uid, $password, $adminmode)) {
$login_status = $STATUS_LOGINFAIL;
}
else {
......@@ -159,7 +166,7 @@ else {
# Failed, then try again with an error message.
#
if ($login_status == $STATUS_LOGINFAIL) {
SPITFORM($uid, $key, $referrer, 1);
SPITFORM($uid, $key, $referrer, 1, $adminmode);
PAGEFOOTER();
return;
}
......
......@@ -332,7 +332,7 @@ function ISADMINISTRATOR() {
#
# Attempt a login.
#
function DOLOGIN($uid, $password) {
function DOLOGIN($uid, $password, $adminmode) {
global $TBDBNAME, $TBAUTHCOOKIE, $TBAUTHDOMAIN, $TBAUTHTIMEOUT;
global $TBNAMECOOKIE, $TBSECURECOOKIES;
......@@ -342,13 +342,14 @@ function DOLOGIN($uid, $password) {
}
$query_result =
DBQueryFatal("SELECT usr_pswd FROM users WHERE uid='$uid'");
DBQueryFatal("SELECT usr_pswd,admin FROM users WHERE uid='$uid'");
#
# Check password in the database against provided.
#
if ($row = mysql_fetch_row($query_result)) {
$db_encoding = $row[0];
$isadmin = $row[1];
$encoding = crypt("$password", $db_encoding);
if (strcmp($encoding, $db_encoding)) {
return -1;
......@@ -376,9 +377,17 @@ function DOLOGIN($uid, $password) {
#
# Create a last login record.
#
DBQueryFatal("REPLACE into lastlogin (uid, time) ".
DBQueryFatal("REPLACE into lastlogin (uid, time) ".
" VALUES ('$uid', NOW())");
#
# Usage stats. I think lastlogin can go now.
#
#DBQueryFatal("update user_stats set ".
# " weblogin_count=weblogin_count+1, ".
# " weblogin_last=now() ".
# "where uid='$uid'");
#
# Issue the cookie requests so that subsequent pages come back
# with the hash value and auth usr embedded.
......@@ -406,9 +415,17 @@ function DOLOGIN($uid, $password) {
setcookie($TBNAMECOOKIE, $uid, $timeout, "/", $TBAUTHDOMAIN, 0);
#
# Set adminoff on new logins.
# Set adminoff on new logins, unless user requested to be
# logged in as admin (and is an admin of course!). This is
# primarily to bypass the nologins directive which makes it
# impossible for an admin to login when the web interface is
# turned off.
#
DBQueryFatal("update users set adminoff=1 where uid='$uid'");
$adminoff = 1;
if ($adminmode && $isadmin) {
$adminoff = 0;
}
DBQueryFatal("update users set adminoff=$adminoff where uid='$uid'");
return 0;
}
......@@ -492,7 +509,7 @@ function LASTWEBLOGIN($uid) {
global $TBDBNAME;
$query_result =
DBQueryFatal("SELECT time from lastlogin where uid='$uid'");
DBQueryFatal("SELECT time from lastlogin where uid='$uid'");
if (mysql_num_rows($query_result)) {
$lastrow = mysql_fetch_array($query_result);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment