Commit 1092fadb authored by Kirk Webb's avatar Kirk Webb

Setup EDSL can now add users and make them admin. Tweak actions.

The Win7 setup EDSL can now add users and make them members of the
Administrators group.  Tweaked the action files to create local root
account, and introduced more constant definitions.
parent 6628ade3
......@@ -3,6 +3,12 @@
# Phase 1.
#
# hostname of ntp server
defvar ntpserver ;; ntp1
# grab root password
readvar rootpass ;; Type password for root user
log Disabling User Access Controls
addreg HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System ;; EnableLUA ;; Dword ;; 0
......@@ -60,4 +66,7 @@ runcmd w32tm.exe ;; /register
runcmd sc.exe ;; config w32time start= auto ;; 0
runcmd tzutil.exe ;; /s "Mountain Standard Time" ;; 0
#runcmd net.exe ;; start w32time ;; 0
runcmd w32tm.exe ;; /config /manualpeerlist:ntp1 /syncfromflags:manual /update ;; 0
runcmd w32tm.exe ;; /config /manualpeerlist:%ntpserver% /syncfromflags:manual /update ;; 0
log Creating local root user
adduser root ;; %rootpass% ;; makeadmin
# Where to put the Cygwin source bits.
defvar swdir ;; C:\Software\Cygwin
# Cygwin installation path
defvar cyg ;; C:\Cygwin
# Where to fetch the Cygwin sources
defvar cyg_mirror ;; http://mirror.emulab.net/cygwin
# The name of the Cygwin setup executable.
......@@ -13,27 +15,27 @@ defvar setup_loc ;; %swdir%\%setup_exec%
defvar cyg_pkgs ;; boost-devel,bison,byacc,cygrunsrv,flex,gawk,gcc4,g++4,inetutils,make,openssh,openssl-devel,perl,psmisc,python,shutdown,swig,sysvinit,tcsh,util-linux,w32api,bc,cvs,ed,emacs,file,gdb,git,nano,nc,patch,rcs,rpm,rsync,rxvt,subversion,vim,wget,unzip,zip
# Get cygwin user password
readvar sshpass
readvar sshpass ;; Please supply a password for the Cygwin SSH user
log Downloading Cygwin setup executable.
mkdir %swdir%
getfile %setup_remote% ;; %setup_loc%
log Running Cygwin installer.
runcmd %swdir%\setup.exe ;; -l %swdir% -s %cyg_mirror% -O -R C:\Cygwin -q -P %cyg_pkgs%
modenvpath %cyg%\bin ;; append
runcmd %swdir%\setup.exe ;; -l %swdir% -s %cyg_mirror% -O -R %cyg% -q -P %cyg_pkgs%
modpathenv %cyg%\bin ;; append
log Cygwin Setup Complete.
log Setting up syslogd
runcyg syslogd-config -y ;; 0
log Setting up sshd
mkdir C:\Cygwin\etc\sshkeys
mkdir %cyg%\etc\sshkeys
runcyg ssh-host-config -y -u cyg_sshd -w %sshpass% -c '' --privileged ;; 0
runcyg sed -e 's|^AuthorizedKeysFile.*$|AuthorizedKeysFile /sshkeys/%u/authorized_keys|' /etc/sshd_config > /etc/sshd_config.new ;; 0
runcyg mv -f /etc/sshd_config.new /etc/sshd_config ;; 0
mkdir C:\Cygwin\etc\ssh
runcyg ln -s /etc/ssh?* /etc/ssh ;; 0
mkdir %cyg%\etc\ssh
runcyg ln -f -s /etc/ssh?* /etc/ssh ;; 0
log Setting up agetty
runcmd bcdedit.exe ;; /ems off ;; 0
......
......@@ -18,9 +18,10 @@ $BASH = "C:\Cygwin\bin\bash.exe"
$BASHARGS = "-l -c"
$CMDTMP = "C:\Windows\Temp\_tmpout-basesetup"
$VAR_RE = '[a-zA-Z]\w{1,30}'
$REGENVPATHKEY = "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment"
$REGENVPATHKEY = "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Environment"
$REGENVPATHVAL = "Path"
$REGENVPATHTYPE = "String"
$REGENVPATHTYPE = "ExpandString"
$MAXPASSLEN = 32
#
# Global Variables
......@@ -322,6 +323,7 @@ Function getfile_func($cmdarr) {
} catch {
log("Error Trying to download file: $filename: $_")
$retcode = $FAIL
continue
}
return $retcode
......@@ -436,6 +438,48 @@ Function appendfile_func($cmdarr) {
return $SUCCESS
}
Function adduser_func($cmdarr) {
debug("adduser called with $cmdarr")
if ($cmdarr.count -lt 2) {
log("Must pass in username and password.")
return $FAIL
}
$user, $pass, $admin = $cmdarr
if ($user -notmatch "^\w{4,30}$") {
log("ERROR: Bad username: $user")
return $FAIL
}
if ($pass.length -gt $MAXPASSLEN) {
log("ERROR: Password is too long")
return $FAIL
}
# This stuff is just weird.
try {
$objUser = [ADSI]"WinNT://$env:computername/$user,user"
$objUser.refreshcache() # throws exception if no user.
log("WARNING: User already exists on local machine: $user")
return $SUCCESS
}
catch {
continue
}
$objOU = [ADSI]"WinNT://$env:computername"
$objUser = $objOU.Create("User", $user)
$objUser.setpassword($pass)
$objUser.SetInfo()
if ($admin) {
$objGrp = [ADSI]"WinNT://$env:computername/Administrators,group"
$objGrp.add($objUser.Path)
}
return $SUCCESS
}
# Main starts here
if ($logfile) {
if (Test-Path -IsValid -Path $logfile) {
......@@ -510,6 +554,9 @@ foreach ($cmdline in (Get-Content -Path $actionfile)) {
"modpathenv" {
$result = modpathenv_func($cmdarr)
}
"adduser" {
$result = adduser_func($cmdarr)
}
default {
log("WARNING: Skipping unknown action: $cmd")
$result = $SUCCESS
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment