Commit 9ce3dc56 authored by Russ Fish's avatar Russ Fish

Windows password support.

parent ec51614c
......@@ -111,8 +111,8 @@ sub doboot()
my %GRPDB;
print STDOUT "Checking Testbed user accounts configuration ... \n";
if (tmcc(TMCCCMD_ACCT, undef, \@tmccresults) < 0) {
my $arg = WINDOWS() ? "windows" : undef;
if (tmcc(TMCCCMD_ACCT, $arg, \@tmccresults) < 0) {
fatal("Could not get account info from server!");
}
# Important; if no results then do nothing. We do not want to remove
......
......@@ -539,7 +539,7 @@ sub tmccgetconfig()
}
# XXX Can't "use libsetup" in libtmcc to reference the WINDOWS() function.
my $arg = (-e "$ETCDIR/iscygwin") ? "pubkeys" : undef;
my $arg = (-e "$ETCDIR/iscygwin") ? "windows" : undef;
if (runtmcc("fullconfig", $arg, \@tmccresults) < 0 ||
!scalar(@tmccresults)) {
warn("*** WARNING: Could not get fullconfig from tmcd!\n");
......
......@@ -34,7 +34,7 @@ user=`id -un`
if [ $user == root ]; then
user=`tmcc creator | sed 's|.*SWAPPER=\([^ ]*\).*|\1|'`
fi
pswd=`tmcc accounts | awk '/^ADDUSER LOGIN='$user' /{print substr($0,index($0," PSWD=")+9,8)}'`
pswd=`tmcc accounts windows | awk '/^ADDUSER LOGIN='$user' /{print substr($0,index($0," PSWD=")+9,8)}'`
if [ -z "$pswd" ]; then
echo "No account for user $user, so no remote file access."
sleep 5
......
......@@ -1643,14 +1643,15 @@ COMMAND_PROTOTYPE(doaccounts)
" u.emulab_pubkey,u.home_pubkey, "
" UNIX_TIMESTAMP(u.usr_modified), "
" u.usr_email,u.usr_shell, "
" u.widearearoot,u.wideareajailroot "
" u.widearearoot,u.wideareajailroot, "
" u.usr_w_pswd "
"from group_membership as p "
"left join users as u on p.uid=u.uid "
"left join groups as g on "
" p.pid=g.pid and p.gid=g.gid "
"where ((p.pid='%s')) and p.trust!='none' "
" and u.status='active' order by u.uid",
16, reqp->pid);
17, reqp->pid);
}
else if (reqp->jailflag) {
/*
......@@ -1663,7 +1664,8 @@ COMMAND_PROTOTYPE(doaccounts)
" u.emulab_pubkey,u.home_pubkey, "
" UNIX_TIMESTAMP(u.usr_modified), "
" u.usr_email,u.usr_shell, "
" u.widearearoot,u.wideareajailroot "
" u.widearearoot,u.wideareajailroot, "
" u.usr_w_pswd "
"from group_membership as p "
"left join users as u on p.uid=u.uid "
"left join groups as g on "
......@@ -1671,7 +1673,7 @@ COMMAND_PROTOTYPE(doaccounts)
"where (p.pid='%s') and p.trust!='none' "
" and u.status='active' and u.admin=1 "
" order by u.uid",
16, RELOADPID);
17, RELOADPID);
}
else {
/*
......@@ -1690,7 +1692,8 @@ COMMAND_PROTOTYPE(doaccounts)
"u.emulab_pubkey,u.home_pubkey, "
"UNIX_TIMESTAMP(u.usr_modified), "
"u.usr_email,u.usr_shell, "
"u.widearearoot,u.wideareajailroot "
"u.widearearoot,u.wideareajailroot, "
"u.usr_w_pswd "
"from projects as p "
"left join group_membership as m "
" on m.pid=p.pid "
......@@ -1702,7 +1705,7 @@ COMMAND_PROTOTYPE(doaccounts)
" and m.trust!='none' "
" and u.status='active' "
"order by u.uid",
16, reqp->type);
17, reqp->type);
}
if (!res) {
......@@ -1726,6 +1729,7 @@ COMMAND_PROTOTYPE(doaccounts)
int auxgids[128], gcount = 0;
char glist[BUFSIZ];
char *bufp = buf, *ebufp = &buf[sizeof(buf)];
char *pswd, *wpswd, wpswd_buf[9];
gidint = -1;
tbadmin = root = atoi(row[8]);
......@@ -1780,6 +1784,7 @@ COMMAND_PROTOTYPE(doaccounts)
break;
row = nextrow;
}
/*
* widearearoot and wideareajailroot override trust values
* from the project (above). Of course, tbadmin overrides
......@@ -1794,6 +1799,30 @@ COMMAND_PROTOTYPE(doaccounts)
if (tbadmin)
root = 1;
}
/* There is an optional Windows password column. */
pswd = row[1];
wpswd = row[16];
if (strncmp(rdata, "windows", 7) == 0) {
if (wpswd != NULL && strlen(wpswd) > 0) {
row[1] = wpswd;
}
else {
/* The initial random default for the Windows Password
* is based on the Unix encrypted password hash, in
* particular the random salt when it's an MD5 crypt.
* THis is the 8 characters after an initial "$1$" and
* followed by a "$". Just use the first 8 chars if
* the hash is not an MD5 crypt.
*/
strncpy(wpswd_buf,
(strncmp(pswd,"$1$",3)==0) ? pswd + 3 : pswd,
8);
wpswd_buf[8]='\0';
row[1] = wpswd_buf;
}
}
/*
* Okay, process the UID. If there is no primary gid,
......@@ -1871,7 +1900,8 @@ COMMAND_PROTOTYPE(doaccounts)
* sending back pubkey stuff; it's never used except on CygWin.
* Add an argument of "pubkeys" to get the PUBKEY data on CygWin.
*/
if (reqp->islocal && strncmp(rdata, "pubkeys", 7) != 0)
if (reqp->islocal && (strncmp(rdata, "pubkeys", 7) != 0
|| strncmp(rdata, "windows", 7) != 0))
goto skipsshkeys;
/*
......
......@@ -254,6 +254,32 @@ function SPITFORM($formfields, $errors)
size=8></td>
</tr>\n";
# Windows Password. Initial random default is based on the Unix
# password hash.
#
# A separate password is kept for experiment nodes running Windows.
# It is presented behind-the-scenes to rdesktop and Samba by our Web
# interface, but you may still need to type it. The default password
# is randomly generated. You may change it to something easier to
# remember.
#
echo "<tr>
<td colspan=2>Windows Password[<b>1,4</b>]:</td>
<td class=left>
<input type=text
name=\"formfields[w_password1]\"
value=\"" . $formfields[w_password1] . "\"
size=8></td>
</tr>\n";
echo "<tr>
<td colspan=2>Retype Windows Password:</td>
<td class=left>
<input type=text
name=\"formfields[w_password2]\"
size=8></td>
</tr>\n";
#
# Planetlab bit. This should really be a drop down menu of the choices.
#
......@@ -312,6 +338,11 @@ function SPITFORM($formfields, $errors)
were added later, so
some early users will be forced to adjust their addresses
before they can proceed. Sorry for the inconvenience.
<li> A separate password is kept for experiment nodes running
Windows. It is presented behind-the-scenes to rdesktop and
Samba by our Web interface, but you may still need to type
it. The default password is randomly generated. You may
change it to something easier to remember.
</ol>
</blockquote></blockquote>
</h4>\n";
......@@ -392,6 +423,22 @@ $defaults[usr_shell] = $row[usr_shell];
$defaults[notes] = $row[notes];
$defaults[user_interface] = $row[user_interface];
# Show and keep the Windows password if user-set, otherwise fill in the random one.
if (strcmp($row[usr_w_pswd],""))
$defaults[w_password1] = $defaults[w_password2] = $row[usr_w_pswd];
else {
# The initial random default for the Windows Password is based on the Unix
# encrypted password, in particular the random salt if it's an MD5 crypt,
# consisting of the 8 characters after an initial "$1$" and followed by a "$".
$unixpwd = explode('$', $row[usr_pswd]);
if (strlen($unixpwd[0]) > 0)
# When there's no $ at the beginning, it's not an MD5 hash.
$randpwd = substr($unixpwd[0],0,8);
else
$randpwd = substr($unixpwd[2],0,8); # The MD5 salt string.
$defaults[w_password1] = $defaults[w_password2] = $randpwd;
}
#
# On first load, display a form consisting of current user values, and exit.
#
......@@ -519,6 +566,22 @@ if (isset($formfields[password1]) &&
$errors["Password"] = "$checkerror";
}
}
if (isset($formfields[w_password1]) &&
strcmp($formfields[w_password1], "")) {
if (!isset($formfields[w_password2]) ||
strcmp($formfields[w_password2], "") == 0) {
$errors["Retype Windows Password"] = "Missing Field";
}
elseif (strcmp($formfields[w_password1], $formfields[w_password2])) {
$errors["Retype Windows Password"] = "Two Windows Passwords Do Not Match";
}
elseif (! CHECKPASSWORD($formfields[target_uid],
$formfields[w_password1],
$formfields[usr_name],
$formfields[usr_email], $checkerror)) {
$errors["Windows Password"] = "$checkerror";
}
}
if (count($errors)) {
SPITFORM($formfields, $errors);
PAGEFOOTER();
......@@ -538,6 +601,8 @@ $usr_phone = $formfields[usr_phone];
$usr_shell = $formfields[usr_shell];
$password1 = $formfields[password1];
$password2 = $formfields[password2];
$w_password1 = $formfields[w_password1];
$w_password2 = $formfields[w_password2];
if (! isset($formfields[usr_URL]) ||
strcmp($formfields[usr_URL], "") == 0 ||
......@@ -623,6 +688,20 @@ if ((isset($password1) && strcmp($password1, "")) &&
}
}
#
# See if the user is requesting to change the Windows password. We checked
# them above when the form was submitted.
#
if ((isset($w_password1) && strcmp($w_password1, "")) &&
(isset($w_password2) && strcmp($w_password2, ""))) {
#
# Insert into database.
$insert_result =
DBQueryFatal("UPDATE users SET usr_w_pswd='$w_password1' ".
"WHERE uid='$target_uid'");
}
#
# Only admins can change the notes field. We do not bother to generate
# any email or external updates for this.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment