added plaintext password option

svn: r1823
2006-01-13 12:38:47 +00:00 · 2006-01-13 12:38:47 +00:00 · c311a402bc
commit c311a402bc
parent 55da91c556
2 changed files with 20 additions and 11 deletions
--- a/collects/handin-server/doc.txt
+++ b/collects/handin-server/doc.txt
@ -313,12 +313,12 @@ sub-directories:
    matches your 'extra-fields specification.  For example, given this
    system file:

-      foo:wRzN1u5q2SqRD:1203:1203:Foo Moo:/home/foo:/bin/tcsh
+      foo:wRzN1u5q2SqRD:1203:1203:L.E. Foo:/home/foo:/bin/tcsh
      bar:$1$dKlU0OkJ$t63NU/eTzKz:1205:1205:Bar Z. Lie:/home/bar:/bin/bash

-    you can create a "users.ss" file as
+    you can create this "users.ss" file:

-      ((foo ((unix "wRzN1u5q2SqRD") "Foo Moo" "?"))
+      ((foo ((unix "wRzN1u5q2SqRD") "L.E. Foo" "?"))
       (bar ((unix "$1$dKlU0OkJ$t63NU/eTzKz") "Bar Z. Lie" "?")))

    which can be combined with this setting for 'extra-fields in your
@ -333,6 +333,10 @@ sub-directories:
    and password, and use the "Manage ..." dialog to properly set
    their TA name.

+    Finally, a password value can be a list that begins with a
+    'plaintext symbol, which will be used without encryption.  This
+    may be useful for manually resetting a forgotten passwords.
+
  * "active/" --- sub-directory for active assignments. A list of
    active assignments is sent to a client tool when a student clicks
    "Handin", based on the contents of this directory. The student
--- a/collects/handin-server/handin-server.ss
+++ b/collects/handin-server/handin-server.ss
@ -459,16 +459,21 @@
          (lambda () (bytes->string/utf-8 (c passwd salt)))))))
  (define (has-password? raw md5 passwords)
    (define (good? passwd)
+      (define (bad-password msg)
+        (LOG "ERROR: ~a -- ~s" log-args passwd)
+        (error 'handin "bad password in user database"))
      (cond [(string? passwd) (equal? md5 passwd)]
            [(and (list? passwd) (= 2 (length passwd))
-                  (eq? 'unix (car passwd)) (string? (cadr passwd))
-                  ;; find the salt part
-                  (regexp-match #rx"^([$][^$]+[$][^$]+[$]|..)" (cadr passwd)))
-             => (lambda (m)
-                  (equal? (crypt raw (car m)) (cadr passwd)))]
-            [else (LOG "ERROR: bad password in user database: ~s" passwd)
-                  ;; do not show the bad password...
-                  (error 'handin "bad password in user database")]))
+                  (symbol? (car passwd)) (string? (cadr passwd)))
+             (case (car passwd)
+               [(plaintext) (equal? raw (cadr passwd))]
+               [(unix)
+                (let ([salt (regexp-match #rx"^([$][^$]+[$][^$]+[$]|..)"
+                                          (cadr passwd))])
+                  (unless salt (bad-password "badly formatted unix password"))
+                  (equal? (crypt raw (car salt)) (cadr passwd)))]
+               [else (bad-password "bad password type in user database")])]
+            [else (bad-password "bad password value in user database")]))
    (or (member md5 passwords) ; very cheap search first
        (ormap good? passwords)))