Author: jfthomps
Date: Fri May 26 20:49:55 2017
New Revision: 1796340
URL: http://svn.apache.org/viewvc?rev=1796340&view=rev
Log:
VCL-1045 - Method of encrypting sensitive database entries
addomain.php:
-modified AJsaveResource: $olddata['secretid'] should never be 0 so removed
check for it; will need to handle setting password from a new web server that
doesn't have an entry for $olddata['secretid'] in cryptsecret
-modified addResource: moved call to getSecretID and encryptDBdata to before
inserting entry in addomain so that there can be a foreign key constraint on
addomain.secretid
utils.php:
-modified encryptSecrets: changed to only encrypt $secret with cryptkeys for
web servers; cryptsecret entries will be created for management nodes when
reservations are made requiring access to them
-added updateSecrets: adds any entries to cryptsecret needed to process a given
requestid
-modified addRequest: added call to updateSecrets
-modified getVMProfiles: removed getting password in query and added pwdlength
and secretid; pwdlength can be checked to determine if a value is set or if it
is NULL; this prevents the web server from ever even reading the password
-modified getDojoHTML: (unrelated to this JIRA) removed addOnLoad to connect
hiding profileDlg to cancelVMprofileChange (never enabled modifying a vmhost's
profile from the virtual hosts part of the site)
vm.php:
-modified editVMInfo: removed commented out code for changing a vm host's
profile
-modified AJupdateVMprofileItem: encrypt password using new crypt code; older
method using rsapub is still in place but will probably get removed later
-modified AJnewProfile: modified insert query to include repositoryimagetypeid
and datastoreimagetypeid so that foreign key constraints are not violated
xmlrpcWrappers.php: modified XMLRPCupdateSecrets: updated to accept a
reservation id; only adds cryptsecret entries needed for the management node
processing the reservation id; this limits access to encrypted information to
only systems that need it
vm.js:
-removed changeVMprofile, cancelVMprofileChange, submitChangeProfile, and
submitChangeProfileCB: never enabled modifying a vmhost's profile from the
virtual hosts part of the site
-modified getVMprofileDataCB: instead of setting password fields to the actual
password, if pwdlength is not zero, fill them with placeholder data
-modified updateProfile: if field is password, check for original placeholder
data; if placeholder data there, notify user that password is unchanged
Modified:
vcl/trunk/web/.ht-inc/addomain.php
vcl/trunk/web/.ht-inc/utils.php
vcl/trunk/web/.ht-inc/vm.php
vcl/trunk/web/.ht-inc/xmlrpcWrappers.php
vcl/trunk/web/js/vm.js
Modified: vcl/trunk/web/.ht-inc/addomain.php
URL:
http://svn.apache.org/viewvc/vcl/trunk/web/.ht-inc/addomain.php?rev=1796340&r1=1796339&r2=1796340&view=diff
==============================================================================
--- vcl/trunk/web/.ht-inc/addomain.php (original)
+++ vcl/trunk/web/.ht-inc/addomain.php Fri May 26 20:49:55 2017
@@ -185,15 +185,7 @@ class ADdomain extends Resource {
$updates[] = "username = '{$data['username']}'";
# password
if(strlen($data['password'])) {
- if($olddata['secretid'] == 0) {
- $olddata['secretid'] =
getSecretID('addomain', 'secretid', $data['rscid']);
- if($olddata['secretid'] == NULL) {
- $ret = array('status' =>
'error', 'msg' => "Error encountered while updating password");
- sendJSON($ret);
- return;
- }
- $updates[] = "secretid =
'{$olddata['secretid']}'";
- }
+ // TODO handle this web server not having an
entry for this secret in cryptsecret
$encpass = encryptDBdata($data['password'],
$olddata['secretid']);
if($encpass == NULL) {
$ret = array('status' => 'error', 'msg'
=> "Error encountered while updating password");
@@ -294,25 +286,33 @@ class ADdomain extends Resource {
global $user;
$ownerid = getUserlistID($data['owner']);
+
+ $secretid = getSecretID('addomain', 'secretid', 0);
+ $encpass = encryptDBdata($data['password'], $secretid);
$query = "INSERT INTO addomain"
. "(name, "
. "ownerid, "
. "domainDNSName, "
. "username, "
+ . "password, "
. "secretid, "
. "dnsServers) "
. "VALUES ('{$data['name']}', "
. "$ownerid, "
. "'{$data['domaindnsname']}', "
. "'{$data['username']}', "
- . "0, "
+ . "'$encpass', "
+ . "$secretid, "
. "'{$data['dnsservers']}')";
doQuery($query);
$rscid = dbLastInsertID();
- if($rscid == 0)
+ if($rscid == 0) {
+ $query = "DELETE FROM cryptsecret WHERE secretid =
$secretid";
+ doQuery($query);
return 0;
+ }
// add entry in resource table
$query = "INSERT INTO resource "
@@ -322,15 +322,6 @@ class ADdomain extends Resource {
. "$rscid)";
doQuery($query);
- $secretid = getSecretID('addomain', 'secretid', $rscid);
- $encpass = encryptDBdata($data['password'], $secretid);
-
- $query = "UPDATE addomain "
- . "SET password = '$encpass', "
- . "secretid = $secretid "
- . "WHERE id = $rscid";
- doQuery($query);
-
return $rscid;
}
Modified: vcl/trunk/web/.ht-inc/utils.php
URL:
http://svn.apache.org/viewvc/vcl/trunk/web/.ht-inc/utils.php?rev=1796340&r1=1796339&r2=1796340&view=diff
==============================================================================
--- vcl/trunk/web/.ht-inc/utils.php (original)
+++ vcl/trunk/web/.ht-inc/utils.php Fri May 26 20:49:55 2017
@@ -2976,11 +2976,15 @@ function encryptSecret($secret, $cryptke
/// \param $skipkeyid - (optional, default=0) a cryptkey.id to skip (used if
/// calling from a function that just encrypted $secret for a given cryptkey)
///
-/// \brief encrypts $secret using any existing cryptkeys in database
+/// \brief encrypts $secret using any existing web server cryptkeys in database
///
////////////////////////////////////////////////////////////////////////////////
function encryptSecrets($secret, $secretid, $skipkeyid=0) {
- $query = "SELECT id, pubkey FROM cryptkey WHERE id != $skipkeyid";
+ $query = "SELECT id, "
+ . "pubkey "
+ . "FROM cryptkey "
+ . "WHERE id != $skipkeyid AND "
+ . "hosttype = 'web'";
$qh = doQuery($query);
$values = array();
while($row = mysql_fetch_assoc($qh)) {
@@ -3002,6 +3006,88 @@ function encryptSecrets($secret, $secret
////////////////////////////////////////////////////////////////////////////////
///
+/// \fn updateSecrets($requestid)
+///
+/// \param $requestid - id from request table
+///
+/// \brief ensures cryptsecret contains any needed entries for vcld to process
+/// $requestid
+///
+////////////////////////////////////////////////////////////////////////////////
+function updateSecrets($requestid) {
+ # determine any secretids needed from addomain
+ $secretids = array();
+ $query = "SELECT ad.secretid, "
+ . "rs.managementnodeid "
+ . "FROM reservation rs "
+ . "LEFT JOIN imageaddomain ia ON (rs.imageid = ia.imageid) "
+ . "LEFT JOIN addomain ad ON (ia.addomainid = ad.id) "
+ . "WHERE rs.requestid = $requestid AND "
+ . "ad.secretid IS NOT NULL";
+ $qh = doQuery($query);
+ while($row = mysql_fetch_assoc($qh))
+ $secretids[$row['managementnodeid']][$row['secretid']] = 1;
+ # determine any secretids needed from vmprofile
+ $query = "SELECT vp.secretid, "
+ . "rs.managementnodeid "
+ . "FROM reservation rs "
+ . "JOIN computer c ON (rs.computerid = c.id) "
+ . "LEFT JOIN vmhost vh ON (c.vmhostid = vh.id) "
+ . "LEFT JOIN vmprofile vp ON (vh.vmprofileid = vp.id) "
+ . "WHERE rs.requestid = $requestid AND "
+ . "vp.secretid IS NOT NULL";
+ $qh = doQuery($query);
+ while($row = mysql_fetch_assoc($qh))
+ $secretids[$row['managementnodeid']][$row['secretid']] = 1;
+
+ $mycryptkeyid = getCryptKeyID();
+ if($mycryptkeyid === NULL && count($secretids)) {
+ # corner case, have no way to decrypt existing secrets,
silently fail
+ # mn will call API to attempt to have secrets generated, may
have success
+ // if hit another web server or may return error at which point
mn
+ # can fail reservation
+ return;
+ }
+
+ # find any missing secrets for management nodes
+ $values = array();
+ foreach($secretids as $mnid => $secretids) {
+ $secretids = array_keys($secretids);
+ $allsecretids = implode(',', $secretids);
+ $query = "SELECT ck.id as cryptkeyid, "
+ . "ck.pubkey as cryptkey, "
+ . "s.id as secretid, "
+ . "mycs.cryptsecret AS mycryptsecret "
+ . "FROM cryptkey ck "
+ . "JOIN (SELECT DISTINCT secretid AS id FROM
cryptsecret) AS s "
+ . "JOIN (SELECT cryptsecret, secretid FROM cryptsecret
WHERE cryptkeyid = $mycryptkeyid) AS mycs "
+ . "LEFT JOIN cryptsecret cs ON (s.id = cs.secretid AND
ck.id = cs.cryptkeyid) "
+ . "WHERE mycs.secretid = s.id AND "
+ . "ck.hostid = $mnid AND "
+ . "ck.hosttype = 'managementnode' AND "
+ . "s.id in ($allsecretids) AND "
+ . "cs.id IS NULL";
+ $qh = doQuery($query);
+ while($row = mysql_fetch_assoc($qh)) {
+ $secret = decryptSecret($row['mycryptsecret']);
+ $encsecret = encryptSecret($secret, $row['cryptkey']);
+ $values[] = "({$row['cryptkeyid']}, {$row['secretid']},
'$encsecret')";
+ }
+ }
+ # add secrets
+ if(! empty($values)) {
+ $allvalues = implode(',', $values);
+ $query = "INSERT INTO cryptsecret "
+ . "(cryptkeyid, "
+ . "secretid, "
+ . "cryptsecret) "
+ . "VALUES $allvalues";
+ doQuery($query);
+ }
+}
+
+////////////////////////////////////////////////////////////////////////////////
+///
/// \fn getParentNodes($node)
///
/// \param $node - a privnode id
@@ -5697,6 +5783,8 @@ function addRequest($forimaging=0, $revi
// release semaphore lock
cleanSemaphore();
+ updateSecrets($requestid);
+
return $requestid;
}
@@ -11805,7 +11893,8 @@ function generateString($length=8) {
/// \b vmdisk - "dedicated" or "shared" - whether or not vm files are
/// stored on local disk or network attached storage\n
/// \b username - username associated with this profile\n
-/// \b password - password associated with this profile\n
+/// \b pwdlength - length of password field\n
+/// \b secretid - cryptsecret.secretid for key used to encrypt password\n
/// \b eth0generated - boolean telling if the MAC address for eth0 should be
/// autogenerated\n
/// \b eth1generated - boolean telling if the MAC address for eth1 should be
@@ -11835,7 +11924,8 @@ function getVMProfiles($id="") {
. "vp.virtualswitch3, "
. "vp.vmdisk, "
. "vp.username, "
- . "vp.password, "
+ . "CHAR_LENGTH(vp.password) as pwdlength, "
+ . "vp.secretid, "
. "vp.rsakey, "
. "vp.rsapub, "
. "vp.eth0generated, "
@@ -12834,7 +12924,7 @@ function sendJSON($arr, $identifier='',
if($REST)
print json_encode($arr);
elseif(! empty($identifier))
- print "{} && {identifier: '$identifier', 'items':" .
json_encode($arr) . '}';
+ print "{} && {identifier: '$identifier', 'items':" .
json_encode($arr) . '}'; # TODO
else
print '{} && {"items":' . json_encode($arr) . '}';
}
@@ -13907,9 +13997,6 @@ function getDojoHTML($refresh) {
foreach($dojoRequires as $req)
$rt .= " dojo.require(\"$req\");\n";
$rt .= " });\n";
- $rt .= "dojo.addOnLoad(function() {";
- $rt .= "var dialog =
dijit.byId('profileDlg'); ";
- $rt .= "dojo.connect(dialog, 'hide',
cancelVMprofileChange);});";
$rt .= "</script>\n";
return $rt;
Modified: vcl/trunk/web/.ht-inc/vm.php
URL:
http://svn.apache.org/viewvc/vcl/trunk/web/.ht-inc/vm.php?rev=1796340&r1=1796339&r2=1796340&view=diff
==============================================================================
--- vcl/trunk/web/.ht-inc/vm.php (original)
+++ vcl/trunk/web/.ht-inc/vm.php Fri May 26 20:49:55 2017
@@ -71,11 +71,9 @@ function editVMInfo() {
print "</button><br><br>\n";
print "<div id=vmhostdata class=hidden>\n";
print "<table summary=\"\">\n";
- #$cont = addContinuationsEntry('changeVMprofile');
print " <tr>\n";
print " <th align=right>VM Profile:</th>\n";
print " <td>\n";
- #printSelectInput("vmprofileid", $profiles, -1, 0, 0,
'vmprofileid', "onchange=changeVMprofile('$cont')");
print " <div dojoType=\"dijit.TitlePane\"
id=vmprofile></div>\n";
print " </td>\n";
print " </tr>\n";
@@ -138,19 +136,6 @@ function editVMInfo() {
print "</td>\n";
print "</tr><tbody/></table>\n";
print "</div><br><br>\n";
-
- /*print "<div dojoType=\"dijit.Dialog\"\n";
- print " id=\"profileDlg\"\n";
- print " title=\"Change Profile\">\n";
- print "You have selected to change the VM Profile for this
host.<br>\n";
- print "Doing this will attempt to move any future reservations
on the<br>\n";
- print "host's VMs to other VMs and will submit a reload
reservation for this<br>\n";
- print "host after any active reservations on its
VMs.<br><br>\n";
- print "Are you sure you want to do this?<br><br>\n";
- print "<button onclick=\"submitChangeProfile()\">Update VM
Profile</button>\n";
- print "<button
onclick=\"dijit.byId('profileDlg').hide()\">Cancel</button>\n";
- print "<input type=hidden id=changevmcont>\n";
- print "</div>\n";*/
}
print "</div>\n";
@@ -881,27 +866,60 @@ function AJupdateVMprofileItem() {
$item = mysql_real_escape_string($item);
$profile = getVMProfiles($profileid);
- if($item == 'password' && $profile[$profileid]['rsapub']) {
- $encrypted = encryptDataAsymmetric($newvalue,
$profile[$profileid]['rsapub']);
- $escaped = mysql_real_escape_string($encrypted);
- $query = "UPDATE vmprofile "
- . "SET `encryptedpasswd` = '$escaped' "
- . "WHERE id = $profileid";
- doQuery($query, 101);
- # don't store the unencrypted password
- $newvalue2 = 'NULL';
- $newvalue = '';
+ if($item == 'password') {
+ if($profile[$profileid]['rsapub']) {
+ $encrypted = encryptDataAsymmetric($newvalue,
$profile[$profileid]['rsapub']);
+ $escaped = mysql_real_escape_string($encrypted);
+ $query = "UPDATE vmprofile "
+ . "SET `encryptedpasswd` = '$escaped', "
+ . "`password` = NULL "
+ . "WHERE id = $profileid";
+ doQuery($query);
+ }
+ else {
+ $pwdlen = strlen($newvalue);
+ if($pwdlen == 0) {
+ if($profile[$profileid]['pwdlength'] != 0) {
+ $secretid = getSecretID('vmprofile',
'secretid', $profileid);
+ if($secretid === NULL) {
+ print
"dojo.byId('savestatus').innerHTML = '';";
+ print "alert('Error saving
password');";
+ return;
+ }
+ deleteSecrets($secretid);
+ $query = "UPDATE vmprofile "
+ . "SET password = NULL, "
+ . "secretid = NULL "
+ . "WHERE id = $profileid";
+ doQuery($query);
+ }
+ }
+ else {
+ $secretid = getSecretID('vmprofile',
'secretid', $profileid);
+ if($secretid === NULL) {
+ print
"dojo.byId('savestatus').innerHTML = '';";
+ print "alert('Error saving password');";
+ return;
+ }
+ $encpass = encryptDBdata($newvalue, $secretid);
+ $query = "UPDATE vmprofile "
+ . "SET password = '$encpass', "
+ . "secretid = '$secretid' "
+ . "WHERE id = $profileid";
+ doQuery($query);
+ }
+ }
+ print "dojo.byId('savestatus').innerHTML = 'Saved'; ";
+ print "setTimeout(function() {dojo.byId('savestatus').innerHTML
= '';}, 3000); ";
+ print "curprofile.pwdlength = $pwdlen;";
+ return;
}
- else if($profile[$profileid][$item] == $newvalue)
+ elseif($profile[$profileid][$item] == $newvalue)
return;
$query = "UPDATE vmprofile "
. "SET `$item` = $newvalue2 "
. "WHERE id = $profileid";
doQuery($query, 101);
- if($item == 'password') {
- print "document.getElementById('savestatus').innerHTML =
'Saved'; ";
- print "setTimeout(function()
{document.getElementById('savestatus').innerHTML = '';}, 3000); ";
- }
$newvalue = preg_replace("/'/", "\\'", $newvalue);
print "curprofile.$item = '$newvalue';";
}
@@ -927,11 +945,18 @@ function AJnewProfile() {
return;
}
$imageid = getImageId('noimage');
- $query = "INSERT INTO vmprofile (profilename, imageid) VALUES
('$newprofile', $imageid)";
+ $query = "INSERT INTO vmprofile "
+ . "(profilename, "
+ . "imageid, "
+ . "repositoryimagetypeid, "
+ . "datastoreimagetypeid) "
+ . "VALUES "
+ . "('$newprofile', "
+ . "$imageid, "
+ . "(SELECT id FROM imagetype WHERE name = 'vmdk'), "
+ . "(SELECT id FROM imagetype WHERE name = 'vmdk'))";
doQuery($query, 101);
- $qh = doQuery("SELECT LAST_INSERT_ID() FROM vmprofile", 101);
- $row = mysql_fetch_row($qh);
- $newid = $row[0];
+ $newid = dbLastInsertID();
AJprofileData($newid);
}
Modified: vcl/trunk/web/.ht-inc/xmlrpcWrappers.php
URL:
http://svn.apache.org/viewvc/vcl/trunk/web/.ht-inc/xmlrpcWrappers.php?rev=1796340&r1=1796339&r2=1796340&view=diff
==============================================================================
--- vcl/trunk/web/.ht-inc/xmlrpcWrappers.php (original)
+++ vcl/trunk/web/.ht-inc/xmlrpcWrappers.php Fri May 26 20:49:55 2017
@@ -3739,7 +3739,9 @@ function XMLRPCfinishBaseImageCapture($o
////////////////////////////////////////////////////////////////////////////////
///
-/// \fn XMLRPCupdateSecrets()
+/// \fn XMLRPCupdateSecrets($reservationid)
+///
+/// \param $reservationid - id from reservation table
///
/// \return an array with at least one index named 'status' which will have
/// one of these values:\n
@@ -3751,11 +3753,11 @@ function XMLRPCfinishBaseImageCapture($o
/// \b noupdate - indicates no missing values were found to be added to
/// cryptsecret table
///
-/// \brief checks for any entries in cryptkey that don't have corresponding
-/// entries in cryptsecret and adds them to cryptsecret
+/// \brief generates any missing entries in cryptsecret for calling management
+/// node to be able to process $reservationid
///
////////////////////////////////////////////////////////////////////////////////
-function XMLRPCupdateSecrets() {
+function XMLRPCupdateSecrets($reservationid) {
global $user, $xmlrpcBlockAPIUsers;
if(! in_array($user['id'], $xmlrpcBlockAPIUsers)) {
return array('status' => 'error',
@@ -3763,45 +3765,76 @@ function XMLRPCupdateSecrets() {
'errormsg' => 'access denied for call to
XMLRPCupdateSecrets');
}
# query to find any cryptkeys that don't have values in cryptsecret
- $self = "{$_SERVER['SERVER_ADDR']}::{$_SERVER['SERVER_NAME']}";
- $mycryptkeyid = getCryptKeyID($self, 'web');
+ $mycryptkeyid = getCryptKeyID();
if($mycryptkeyid === NULL) {
return array('status' => 'error',
'errorcode' => 100,
'errormsg' => 'Encryption key missing for this web
server');
}
+ # determine any secretids needed from addomain
+ $secretids = array();
+ $mnid = 0;
+ $query = "SELECT ad.secretid, "
+ . "rs.managementnodeid "
+ . "FROM reservation rs "
+ . "LEFT JOIN imageaddomain ia ON (rs.imageid = ia.imageid) "
+ . "LEFT JOIN addomain ad ON (ia.addomainid = ad.id) "
+ . "WHERE rs.id = $reservationid AND "
+ . "ad.secretid IS NOT NULL";
+ $qh = doQuery($query);
+ while($row = mysql_fetch_assoc($qh)) {
+ $secretids[] = $row['secretid'];
+ $mnid = $row['managementnodeid'];
+ }
+ # determine any secretids needed from vmprofile
+ $query = "SELECT vp.secretid, "
+ . "rs.managementnodeid "
+ . "FROM reservation rs "
+ . "JOIN computer c ON (rs.computerid = c.id) "
+ . "LEFT JOIN vmhost vh ON (c.vmhostid = vh.id) "
+ . "LEFT JOIN vmprofile vp ON (vh.vmprofileid = vp.id) "
+ . "WHERE rs.id = $reservationid AND "
+ . "vp.secretid IS NOT NULL";
+ $qh = doQuery($query);
+ while($row = mysql_fetch_assoc($qh)) {
+ $secretids[] = $row['secretid'];
+ $mnid = $row['managementnodeid'];
+ }
+
+ # find any missing secrets for management nodes
+ $values = array();
+ $allsecretids = implode(',', $secretids);
$query = "SELECT ck.id as cryptkeyid, "
. "ck.pubkey as cryptkey, "
. "s.id as secretid, "
- . "cs.cryptsecret, "
. "mycs.cryptsecret AS mycryptsecret "
. "FROM cryptkey ck "
. "JOIN (SELECT DISTINCT secretid AS id FROM cryptsecret) AS s "
. "JOIN (SELECT cryptsecret, secretid FROM cryptsecret WHERE
cryptkeyid = $mycryptkeyid) AS mycs "
. "LEFT JOIN cryptsecret cs ON (s.id = cs.secretid AND ck.id =
cs.cryptkeyid) "
. "WHERE mycs.secretid = s.id AND "
+ . "ck.hostid = $mnid AND "
+ . "ck.hosttype = 'managementnode' AND "
+ . "s.id in ($allsecretids) AND "
. "cs.id IS NULL";
$qh = doQuery($query);
- $values = array();
while($row = mysql_fetch_assoc($qh)) {
- # decrypt secret
$secret = decryptSecret($row['mycryptsecret']);
- # encrypt secret with any missing cryptkeys
$encsecret = encryptSecret($secret, $row['cryptkey']);
- # save to cryptsecret
+ $encsecret = mysql_real_escape_string($encsecret);
$values[] = "({$row['cryptkeyid']}, {$row['secretid']},
'$encsecret')";
}
- if(! empty($values)) {
- $allvalues = implode(',', $values);
- $query = "INSERT INTO cryptsecret "
- . "(cryptkeyid, "
- . "secretid, "
- . "cryptsecret) "
- . "VALUES $allvalues";
- doQuery($query);
- return array('status' => 'success');
- }
- return array('status' => 'noupdate');
+ if(empty($values))
+ return array('status' => 'noupdate');
+
+ $allvalues = implode(',', $values);
+ $query = "INSERT INTO cryptsecret "
+ . "(cryptkeyid, "
+ . "secretid, "
+ . "cryptsecret) "
+ . "VALUES $allvalues";
+ doQuery($query);
+ return array('status' => 'success');
}
////////////////////////////////////////////////////////////////////////////////
Modified: vcl/trunk/web/js/vm.js
URL:
http://svn.apache.org/viewvc/vcl/trunk/web/js/vm.js?rev=1796340&r1=1796339&r2=1796340&view=diff
==============================================================================
--- vcl/trunk/web/js/vm.js (original)
+++ vcl/trunk/web/js/vm.js Fri May 26 20:49:55 2017
@@ -150,56 +150,6 @@ function showVMstate() {
dojo.byId('vmstate').innerHTML = '';
}
-function changeVMprofile() {
- var hostid = dojo.byId('vmhostid').value;
- var selobj = dojo.byId('vmprofileid');
- var newid = selobj.options[selobj.selectedIndex].value;
- dijit.byId('profileDlg').show();
-}
-
-function cancelVMprofileChange() {
- if(fromok) {
- fromok = 0;
- }
- else {
- var selobj = dojo.byId('vmprofileid');
- for(var i = 0; i < selobj.options.length; i++) {
- if(selobj.options[i].value == curprofileid) {
- selobj.selectedIndex = i;
- break;
- }
- }
- }
-}
-
-function submitChangeProfile() {
- fromok = 1;
- var hostid = dojo.byId('vmhostid').value;
- var cont = dojo.byId('changevmcont').value;
- var selobj = dojo.byId('vmprofileid');
- var oldid = curprofileid;
- var newid = selobj.options[selobj.selectedIndex].value;
- dijit.byId('profileDlg').hide();
- dojo.xhrPost({
- url: 'index.php',
- load: submitChangeProfileCB,
- handleAs: "json",
- error: errorHandler,
- content: {continuation: cont,
- vmhostid: hostid,
- oldprofileid: oldid,
- newprofileid: newid},
- timeout: 15000
- });
-}
-
-function submitChangeProfileCB(data, ioArgs) {
- var selobj = dojo.byId('vmprofileid');
- curprofileid = selobj.options[selobj.selectedIndex].value;
- dojo.byId('changevmcont').value = data.items.continuation;
- alert(data.items.msg);
-}
-
function vmToHost(cont) {
document.body.style.cursor = 'wait';
var hostid = dojo.byId('vmhostid').value;
@@ -589,9 +539,15 @@ function getVMprofileDataCB(data, ioArgs
dijit.byId('pgenmac1').setValue(curprofile.eth1generated);
dijit.byId('prsapub').setValue(curprofile.rsapub);
dijit.byId('prsakey').setValue(curprofile.rsakey);
- dojo.byId('ppassword').value = curprofile.password;
- dojo.byId('ppwdconfirm').value = curprofile.password;
- checkProfilePassword();
+ if(curprofile.pwdlength == 0) {
+ dojo.byId('ppassword').value = '';
+ dojo.byId('ppwdconfirm').value = '';
+ }
+ else {
+ dojo.byId('ppassword').value = '********';
+ dojo.byId('ppwdconfirm').value = 'xxxxxxxx';
+ }
+ dojo.byId('ppwdmatch').innerHTML = '';
dojo.byId('vmprofiledata').className = 'shown';
document.body.style.cursor = 'default';
}
@@ -763,8 +719,15 @@ function updateProfile(id, field) {
var newvalue = dojo.byId(id).value;
if(curprofile[field] == newvalue && field != 'password')
return;
- if(field == 'password')
+ if(field == 'password') {
+ if(dojo.byId('ppassword').value == '********' &&
+ dojo.byId('ppwdconfirm').value == 'xxxxxxxx') {
+ dojo.byId('savestatus').innerHTML = '(No change)';
+ setTimeout(function()
{dojo.byId('savestatus').innerHTML = '';}, 3000);
+ return;
+ }
dojo.byId('savestatus').innerHTML = 'Saving...';
+ }
document.body.style.cursor = 'wait';
var profileid = dojo.byId('profileid').value;
