- fixed some small bugs
- added ticket check - added password restoration in case of an error
This commit is contained in:
parent
97edbb494d
commit
c68b9d1ec2
|
@ -97,7 +97,7 @@ Please choose a password with at least 2 character classes.")
|
||||||
(if (not systype)
|
(if (not systype)
|
||||||
(error "Cannot determine system type ($SYSTYPE not set)."))
|
(error "Cannot determine system type ($SYSTYPE not set)."))
|
||||||
(cond
|
(cond
|
||||||
((string=? systype "sun4x_58") 'sun)
|
((string=? systype "sun4x_59") 'solaris)
|
||||||
((string=? systype "i386_fbsd52") 'freebsd)
|
((string=? systype "i386_fbsd52") 'freebsd)
|
||||||
((string=? systype "i386_linux24") 'linux)
|
((string=? systype "i386_linux24") 'linux)
|
||||||
(else (raise-unsupported-machine)))))
|
(else (raise-unsupported-machine)))))
|
||||||
|
@ -209,13 +209,24 @@ Please choose a password with at least 2 character classes.")
|
||||||
"Verify failure"
|
"Verify failure"
|
||||||
"Success"))
|
"Success"))
|
||||||
((solaris) (define-passwd "/afs/wsi/sun4x_58/krb5-1.3.1/bin/kpasswd"
|
((solaris) (define-passwd "/afs/wsi/sun4x_58/krb5-1.3.1/bin/kpasswd"
|
||||||
;; TODO
|
(rx (: "Password for " (+ (- any #\:)) ": "))
|
||||||
))
|
"Enter new password: : "
|
||||||
|
"Enter it again: : "
|
||||||
|
"Password incorrect while getting initial ticket"
|
||||||
|
"Password mismatch while reading password"
|
||||||
|
"Password changed."))
|
||||||
;; ((linux) (define-passwd "/afs/wsi/i386_rh90/heimdal-0.6/bin/kpasswd"
|
;; ((linux) (define-passwd "/afs/wsi/i386_rh90/heimdal-0.6/bin/kpasswd"
|
||||||
;; ;; TODO
|
;; ;; TODO
|
||||||
;; ))
|
;; ))
|
||||||
))
|
))
|
||||||
|
|
||||||
|
(define kerbv-programs
|
||||||
|
(case system-type
|
||||||
|
((freebsd) (cons "/afs/wsi/i386_fbsd52/heimdal-1.6/bin/klist"
|
||||||
|
"/afs/wsi/i386_fbsd52/heimdal-1.6/bin/kinit"))
|
||||||
|
((solaris) (cons "/afs/wsi/sun4x_58/krb5-1.3.1/bin/klist"
|
||||||
|
"/afs/wsi/sun4x_58/krb5-1.3.1/bin/kinit"))))
|
||||||
|
|
||||||
(define (verify-kerbv-password password)
|
(define (verify-kerbv-password password)
|
||||||
(verify-password kerberos-v password))
|
(verify-password kerberos-v password))
|
||||||
|
|
||||||
|
@ -223,13 +234,20 @@ Please choose a password with at least 2 character classes.")
|
||||||
(change-password kerberos-v old-pw new-pw))
|
(change-password kerberos-v old-pw new-pw))
|
||||||
|
|
||||||
(define (valid-kerbv-ticket?)
|
(define (valid-kerbv-ticket?)
|
||||||
;; neither "No ticket file" nor ">>>Expired<<<" in klist output
|
(let* ((klist (car kerbv-programs))
|
||||||
#f ;; TODO
|
(output (run/string (,klist))))
|
||||||
)
|
(not (string-match (rx (| "No ticket file" ">>>Expired<<<")) output))))
|
||||||
|
|
||||||
(define (get-kerbv-ticket password)
|
(define (get-kerbv-ticket password)
|
||||||
;; TODO look at status result
|
;; TODO look at status result?
|
||||||
(run (kinit)))
|
(let ((kinit (cdr kerbv-programs)))
|
||||||
|
(let ((res (chat (spawn (,kinit))
|
||||||
|
(chat-timeout 3)
|
||||||
|
(look-for "Password") (sleep 0.1)
|
||||||
|
(send password)
|
||||||
|
(look-for "Password incorrect")
|
||||||
|
#f)))
|
||||||
|
res)))
|
||||||
|
|
||||||
(define (ensure-kerbv-ticket password)
|
(define (ensure-kerbv-ticket password)
|
||||||
(or (valid-kerbv-ticket?)
|
(or (valid-kerbv-ticket?)
|
||||||
|
@ -250,7 +268,7 @@ Please choose a password with at least 2 character classes.")
|
||||||
"Password changed."))
|
"Password changed."))
|
||||||
((solaris) (define-passwd "/afs/wsi/sun4x_58/openafs-1.2.11/bin/kpasswd"
|
((solaris) (define-passwd "/afs/wsi/sun4x_58/openafs-1.2.11/bin/kpasswd"
|
||||||
"Old password: "
|
"Old password: "
|
||||||
"New password (RETURN to abort): "
|
(rx "New password (RETURN to abort): ")
|
||||||
"Retype new password: "
|
"Retype new password: "
|
||||||
"kpasswd: Incorrect old password."
|
"kpasswd: Incorrect old password."
|
||||||
"Mismatch"
|
"Mismatch"
|
||||||
|
@ -269,18 +287,40 @@ Please choose a password with at least 2 character classes.")
|
||||||
(verify-yp-password pw))
|
(verify-yp-password pw))
|
||||||
|
|
||||||
(define (change-all-passwords old-pw new-pw)
|
(define (change-all-passwords old-pw new-pw)
|
||||||
;; TODO: maybe undo password changes if next changes fail - is
|
(if (change-yp-password old-pw new-pw)
|
||||||
;; difficult because Kerberos passwords need some minutes to become
|
(begin
|
||||||
;; effective
|
(display "NIS password changed successfully.\n")
|
||||||
(and (change-yp-password old-pw new-pw)
|
;; TODO: make sure we have a ticket
|
||||||
(begin
|
(if (change-kerbv-password old-pw new-pw)
|
||||||
(display "NIS password changed successfully.\n")
|
(begin
|
||||||
;; TODO: make sure we have a ticket
|
(display "Kerberos V password changed successfully.\n")
|
||||||
(and (change-kerbv-password old-pw new-pw)
|
(if (change-afs-password old-pw new-pw)
|
||||||
(begin
|
(display "AFS password changed successfully.\n")
|
||||||
(display "Kerberos V password changed successfully.\n")
|
(begin
|
||||||
(and (change-afs-password old-pw new-pw)
|
(display "AFS password could not be changed. Trying to restore old NIS and Kerberos V passwords.\n")
|
||||||
(display "AFS password changed successfully.\n")))))))
|
(if (change-yp-password new-pw old-pw)
|
||||||
|
(begin
|
||||||
|
(display "Old NIS password restored.\n")
|
||||||
|
;; because the Kerberos password needs some
|
||||||
|
;; minutes to become effective, we also try
|
||||||
|
;; it with the old password.
|
||||||
|
(if (or (change-kerbv-password old-pw old-pw)
|
||||||
|
(change-kerbv-password new-pw old-pw))
|
||||||
|
(display "Old Kerberos V password restored.\n")
|
||||||
|
(begin
|
||||||
|
(display "Old Kerberos V password could not be restored.\n")
|
||||||
|
#f)))
|
||||||
|
(begin
|
||||||
|
(display "Old NIS password could not be restored.\n")
|
||||||
|
#f)))))
|
||||||
|
(begin
|
||||||
|
(display "Kerberos V password could not be changed. Trying to restore old NIS password.\n")
|
||||||
|
(if (change-yp-password new-pw old-pw)
|
||||||
|
(display "Old NIS password restored.\n")
|
||||||
|
(begin
|
||||||
|
(display "Old NIS password could not be restored.\n")
|
||||||
|
#f)))))
|
||||||
|
(display "NIS password could not be changed. No passwords changed.\n")))
|
||||||
|
|
||||||
(define (ask/check-old-password)
|
(define (ask/check-old-password)
|
||||||
(let ((old-pw-prompt "Old password: "))
|
(let ((old-pw-prompt "Old password: "))
|
||||||
|
@ -332,9 +372,11 @@ Please choose a password with at least 2 character classes.")
|
||||||
((freebsd solaris)
|
((freebsd solaris)
|
||||||
(let ((old-pw (ask/check-old-password))
|
(let ((old-pw (ask/check-old-password))
|
||||||
(new-pw (ask-new-password)))
|
(new-pw (ask-new-password)))
|
||||||
(if (change-all-passwords old-pw new-pw)
|
(if (not (ensure-kerbv-ticket old-pw))
|
||||||
(display "Password changed.\n")
|
(display "Cannot get a Kerberos-V ticket, required to change the Kerberos-V password. Use a different machine, or contact your administrator.")
|
||||||
(display "Password could not be changed.\n"))))
|
(if (change-all-passwords old-pw new-pw)
|
||||||
|
(display "Passwords changed.\n")
|
||||||
|
(display "Warning: Your passwords are not consistent anymore. Contact your system administrator.\n")))))
|
||||||
(else
|
(else
|
||||||
(raise-unsupported-machine)))
|
(raise-unsupported-machine)))
|
||||||
(display-usage)))
|
(display-usage)))
|
||||||
|
|
Loading…
Reference in New Issue