wcpu is a plan9 cpu server for windows. right now its
a expensive telnet server and doesnt do anything
9nish besides redirecting stdin/stdout to a windows
console program.

it has to run as a system service to create processes
as other users.

wcpu introduces a new auth method called "tlspass" to
the plan9 cpu command. its basicly just username/password
send over SSL/TLS.

for TLS, the server needs a x509 certificate:

you have to store the certificate in the local machine
cert store and configure wcpu to use it. if you dont
have a certificate for your windows server, you can
generate a self signed x509 with the microsoft tool
selfssl from the IIS resouce toolkit:

http://support.microsoft.com/kb/840671/en-us

just download the IIS and install selfssl and run it with:

C:\Program Files\IIS Resources\SelfSSL>selfssl /N:CN=myserver /K:1024 /V:300
Microsoft (R) SelfSSL Version 1.0
Copyright (C) 2003 Microsoft Corporation. All rights reserved.

Do you want to replace the SSL settings for site 1 (Y/N)?y
Error opening metabase: 0x80040154
C:\Program Files\IIS Resources\SelfSSL>

ignore the "Error opening metabase" message.

after having the certificate, you can install the wcpu service:

> wcpu -c myserver -i

(note the -c argument has to match the CN from your x509 certificate)

and start it up:

> net start wcpu

the service will create a logfile in the directory where the wcpu.exe is located
called wcpu.log. check with netstat if wcpu is listening on tcp port 17010.

to uninstall:

> net stop wcpu
> wcpu -u

now, on plan9, you compile and install plan9/cpu.c. you may also have to
check for changes in plan9's libsec as at the time of development it missed some
bits to successfully negotiate with windows TLS implementation.

then connect to the server:

% cpu -a tlspass -h myserver -u user
cpu: can't authenticate: myserver: server certificate XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX not recognized

add the server certificate thumbprint to the system:

% touch /sys/lib/tls/cpu
% echo 'x509 sha1=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' >>/sys/lib/tls/cpu

now you should be able to cpu into your windows machine.

you can write me when you encounter problems or have feature or bug reports:

cinap_lenrek AT gmx DOT de

check for updates / new releases at:

http://9hal.ath.cx/usr/cinap_lenrek

--
cinap
