All new accounts created on Gitlab now require administrator approval. If you invite any collaborators, please let Flux staff know so they can approve the accounts.

Commit 0eb8b6e8 authored by Leigh B Stoller's avatar Leigh B Stoller

Merge branch 'master' of git-public.flux.utah.edu:/flux/git/emulab-devel

parents 6973567a 852ddff5
......@@ -22,6 +22,10 @@ use lib '@prefix@/lib';
use GeniCMV2;
use GeniResponse;
# Disable UUID checks in GeniCredential.
use GeniCredential;
$GeniCredential::CHECK_UUID = 0;
my $API_VERSION = 1;
#
......@@ -160,9 +164,12 @@ sub DeleteSliver()
# XXX Open question: Call "DeleteSlice" or "DeleteSliver"?
$response = GeniCMV2::DeleteSlice($delete_args);
if (GeniResponse::IsError($response)) {
return $response
return $response;
} else {
# Return an XML-RPC boolean
my $coder = Frontier::RPC2->new();
return GeniResponse->Create(GENIRESPONSE_SUCCESS, $coder->boolean(1));
}
return GeniResponse->Create(GENIRESPONSE_SUCCESS);
}
# Get the status of the sliver associated with the given slice. This
......@@ -226,8 +233,7 @@ sub RenewSliver()
return $response
}
# Well this is ugly. We want to return True, so we must encode it
# as an XMLRPC Boolean via an encoder.
# Return an XML-RPC boolean
my $coder = Frontier::RPC2->new();
return GeniResponse->Create(GENIRESPONSE_SUCCESS, $coder->boolean(1));
}
......
......@@ -14,11 +14,12 @@ use Getopt::Std;
#
sub usage()
{
print "Usage: addauthority [-c] <certfile> <type>\n";
print "Usage: addauthority [-c] [-a] <certfile> <type>\n";
exit(1);
}
my $optlist = "c";
my $optlist = "ac";
my $asch = 0;
my $asam = 0;
#
# Check args.
......@@ -30,6 +31,9 @@ if (! getopts($optlist, \%options)) {
if (defined($options{"c"})) {
$asch = 1;
}
if (defined($options{"a"})) {
$asam = 1;
}
usage()
if (@ARGV != 2);
......@@ -40,6 +44,9 @@ use vars qw($GENI_DBNAME);
if ($asch) {
$GENI_DBNAME = "geni-ch";
}
elsif ($asam) {
$GENI_DBNAME = "geni-cm";
}
# Now we can load the libraries after setting the proper DB.
use lib '@prefix@/lib';
......
......@@ -34,12 +34,14 @@ my $TBOPS = "@TBOPSEMAIL@";
my $MODULE;
my $GENIURN;
my $AM_MODULE = "am";
# These are the modules we load for each service.
my %GENI_MODULES = ( "cm" => "@prefix@/lib/protogeni-cm.pm",
"am" => "@prefix@/lib/geni-am.pm",
"sa" => "@prefix@/lib/protogeni-sa.pm",
"ch" => "@prefix@/lib/protogeni-ch.pm",
"ses" => "@prefix@/lib/protogeni-ses.pm" );
my %GENI_MODULES = ( "cm" => "@prefix@/lib/protogeni-cm.pm",
$AM_MODULE => "@prefix@/lib/geni-am.pm",
"sa" => "@prefix@/lib/protogeni-sa.pm",
"ch" => "@prefix@/lib/protogeni-ch.pm",
"ses" => "@prefix@/lib/protogeni-ses.pm" );
# These variables are shared with the loaded module.
use vars qw($EMULAB_PEMFILE $GENI_METHODS $GENI_VERSION
......@@ -131,6 +133,24 @@ $EUID = $UID = $unix_uid;
$ENV{'USER'} = $user;
$ENV{'LOGNAME'} = $user;
if (exists($ENV{'PATH_INFO'}) && $ENV{'PATH_INFO'} ne "") {
my $pathinfo = $ENV{'PATH_INFO'};
$pathinfo =~ s/^\///;
my @parts = split(/\//, $pathinfo);
if (@parts) {
my $m = shift(@parts);
if ($m =~ /^[-\w]+$/) {
$MODULE = $m;
if (@parts) {
my $v = shift(@parts);
if ($v =~ /^[\d\.]+$/) {
$GENI_VERSION = "$v";
}
}
}
}
}
#
# The UUID of the client certificate is in the env var SSL_CLIENT_S_DN_CN.
# If it actually looks like a UUID, then this correponds to an actual user,
......@@ -143,6 +163,9 @@ if (exists($ENV{'SSL_CLIENT_S_DN_CN'}) &&
$ENV{'GENIUSER'} = $ENV{'SSL_CLIENT_S_DN_CN'};
$ENV{'GENIUUID'} = $ENV{'SSL_CLIENT_S_DN_CN'};
}
elsif (defined($MODULE) && ($MODULE eq $AM_MODULE)) {
# Do not expect a UUID if calling to the AM.
}
else {
XMLError(-1, "Invalid certificate; no UUID");
}
......@@ -182,24 +205,6 @@ if (!defined($request)) {
exit(0);
}
if (exists($ENV{'PATH_INFO'}) && $ENV{'PATH_INFO'} ne "") {
my $pathinfo = $ENV{'PATH_INFO'};
$pathinfo =~ s/^\///;
my @parts = split(/\//, $pathinfo);
if (@parts) {
my $m = shift(@parts);
if ($m =~ /^[-\w]+$/) {
$MODULE = $m;
if (@parts) {
my $v = shift(@parts);
if ($v =~ /^[\d\.]+$/) {
$GENI_VERSION = "$v";
}
}
}
}
}
if (!defined($MODULE) || !exists($GENI_MODULES{$MODULE})) {
XMLError(-1, "Invalid module specification")
}
......
......@@ -43,7 +43,8 @@ SBIN_STUFF = resetvlans console_setup.proxy sched_reload named_setup \
elabinelab snmpit.proxy panic node_attributes \
nfstrace plabinelab smbpasswd_setup smbpasswd_setup.proxy \
rmproj snmpit.proxynew snmpit.proxyv2 pool_daemon \
checknodes_daemon subboss_frisbeelauncher_wrapper
checknodes_daemon subboss_frisbeelauncher_wrapper \
subboss_wrapper
ifeq ($(ISMAINSITE),1)
SBIN_STUFF += repos_daemon
endif
......@@ -95,7 +96,8 @@ SETUID_BIN_SCRIPTS = node_reboot eventsys_control tarfiles_setup savelogs \
SETUID_SBIN_SCRIPTS = mkproj rmgroup mkgroup frisbeelauncher frisbeeimage \
rmuser idleswap named_setup exports_setup \
sfskey_update setgroups newnode_reboot vnode_setup \
elabinelab nfstrace rmproj subboss_frisbeelauncher_wrapper
elabinelab nfstrace rmproj subboss_frisbeelauncher_wrapper \
subboss_wrapper
SETUID_LIBX_SCRIPTS = console_setup spewlogfile
ifeq ($(SYSTEM),FreeBSD)
......@@ -233,6 +235,8 @@ endif
chmod u+s $(INSTALL_SBINDIR)/frisbeelauncher
chown root $(INSTALL_SBINDIR)/subboss_frisbeelauncher_wrapper
chmod u+s $(INSTALL_SBINDIR)/subboss_frisbeelauncher_wrapper
chown root $(INSTALL_SBINDIR)/subboss_wrapper
chmod u+s $(INSTALL_SBINDIR)/subboss_wrapper
chown root $(INSTALL_SBINDIR)/frisbeeimage
chmod u+s $(INSTALL_SBINDIR)/frisbeeimage
chown root $(INSTALL_SBINDIR)/rmuser
......
#!/usr/bin/perl -wT
#
# EMULAB-COPYRIGHT
# Copyright (c) 2009-2010 University of Utah and the Flux Group.
# All rights reserved.
#
use strict;
use English;
sub usage()
{
print "Usage: subboss_wrapper <command> [args]\n";
print "\n";
print "Valid commands:\n";
print " frisbeelauncher [args] Run frisbee_launcher with specified arugments\n";
print "\n";
exit(1);
}
sub fatal($) {
my($mesg) = $_[0];
die("*** $0:\n".
" $mesg\n");
}
my $TB = "@prefix@";
my $ELABMAN = "elabman";
my $FRISBEE_LAUNCHER = "$TB/sbin/frisbeelauncher";
use lib "@prefix@/lib";
use User;
# un-taint path
$ENV{'PATH'} = '/bin:/usr/bin:/usr/local/bin:/usr/site/bin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
#
# We do not want to run this script unless its the real version.
#
if ($EUID != 0) {
die("*** $0:\n".
" Must be setuid! Maybe its a development version?\n");
}
#
# We need this user for running below.
#
my $elabman = User->Lookup($ELABMAN);
if (!defined($elabman)) {
fatal("Could not lookup $ELABMAN user. Exiting ...");
}
if ($UID != $elabman->unix_uid()) {
die("Must be elabman to run this script\n");
}
# Switch to root
$UID = $EUID = 0;
usage() if (@ARGV == 0);
my $command = shift @ARGV;
if ($command eq 'frisbeelauncher') {
# Pass the argument list through as-is
my @args = map { /(.*)/; $1 } @ARGV;
exec $FRISBEE_LAUNCHER, @args;
} else {
fatal("Invalid command \"$command\"");
}
This diff is collapsed.
......@@ -4619,7 +4619,8 @@ class subboss:
# has permission to load the image in libosload so we don't need to
# check again in frisbeelauncher. Only a subboss can make this request
# anyway.
(exitval, output) = runcommand(TBDIR + "/sbin/wap " + TBDIR + "/sbin/frisbeelauncher " + argstr)
(exitval, output) = runcommand(TBDIR + "/sbin/subboss_wrapper frisbee_launcher " + argstr)
if exitval:
return EmulabResponse(RESPONSE_ERROR, exitval >> 8, output=output)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment