Commit d5992ace authored by Matt Strum's avatar Matt Strum
Browse files

Merge remote-tracking branch 'central/master' into flack3

parents 097b56c3 ab399ca7
#
# Copyright (c) 2000-2012 University of Utah and the Flux Group.
# Copyright (c) 2000-2013 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -146,6 +146,8 @@ ops-install:
-chmod 770 $(INSTALL_TOPDIR)/log/mysql
-chown mysql $(INSTALL_TOPDIR)/log/mysql
-chgrp mysql $(INSTALL_TOPDIR)/log/mysql
-mkdir -p $(INSTALL_TOPDIR)/log/logfiles
-chmod 777 $(INSTALL_TOPDIR)/log/logfiles
@$(MAKE) -C rc.d control-install
@$(MAKE) -C tbsetup control-install
@$(MAKE) -C security control-install
......@@ -468,11 +470,11 @@ undo-configure:
# They are copied over to the embryonic boss and ops during setup.
#
elabinelab-scripts:
cp $(SRCDIR)/clientside/tmcc/freebsd/mkextrafs.pl $(INSTALL_TOPDIR)/etc/
cp $(SRCDIR)/clientside/tmcc/common/config/rc.mkelab $(INSTALL_TOPDIR)/etc/
cp -f $(SRCDIR)/clientside/tmcc/freebsd/mkextrafs.pl $(INSTALL_TOPDIR)/etc/
cp -f $(SRCDIR)/clientside/tmcc/common/config/rc.mkelab $(INSTALL_TOPDIR)/etc/
ifeq ($(SPEWFROMOPS),1)
elabinelab: elabinelab-scripts
elabinelab-nogit: elabinelab-scripts
-mkdir -p /share/emulab
rm -f /share/emulab/emulab-src.tar.gz
tar czf /share/emulab/emulab-src.tar.gz -C $(SRCDIR) --exclude=.git .
......@@ -480,9 +482,13 @@ elabinelab: elabinelab-scripts
elabinelab-git: elabinelab-scripts
-mkdir -p /share/emulab
rm -f /share/emulab/emulab-src.tar.gz
git archive --prefix=testbed/ | gzip -c >/share/emulab/emulab-src.tar.gz
(cd $(SRCDIR); \
git archive HEAD > /share/emulab/emulab-src.tar)
tar rf /share/emulab/emulab-src.tar -C $(SRCDIR) \
--exclude=.git protogeni/rspec-geni
gzip /share/emulab/emulab-src.tar
else
elabinelab: elabinelab-scripts
elabinelab-nogit: elabinelab-scripts
-mkdir -p $(INSTALL_TOPDIR)/src
rm -f $(INSTALL_TOPDIR)/src/emulab-src.tar.gz
tar czf $(INSTALL_TOPDIR)/src/emulab-src.tar.gz -C $(SRCDIR) --exclude=.git .
......@@ -490,7 +496,11 @@ elabinelab: elabinelab-scripts
elabinelab-git: elabinelab-scripts
-mkdir -p $(INSTALL_TOPDIR)/src
rm -f $(INSTALL_TOPDIR)/src/emulab-src.tar.gz
git archive --prefix=testbed/ | gzip -c > $(INSTALL_TOPDIR)/src/emulab-src.tar.gz
(cd $(SRCDIR); \
git archive HEAD > $(INSTALL_TOPDIR)/src/emulab-src.tar)
tar rf $(INSTALL_TOPDIR)/src/emulab-src.tar -C $(SRCDIR) \
--exclude=.git protogeni/rspec-geni
gzip $(INSTALL_TOPDIR)/src/emulab-src.tar
endif
# How to recursively descend into subdirectories to make general
......
#!/usr/bin/perl -w
#
# Copyright (c) 2010-2011 University of Utah and the Flux Group.
# Copyright (c) 2010-2013 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -121,7 +121,7 @@ sub DumpUser($)
"optional" => 0 },
"email" => {"tag" => "email",
"optional" => 0 },
"pswd" => {"tag" => "password",
"pswd" => {"tag" => "passhash",
"optional" => 0 },
"uid" => {"tag" => "uid",
"optional" => 0 },
......
#!/usr/bin/perl -w
#
# Copyright (c) 2010-2011 University of Utah and the Flux Group.
# Copyright (c) 2010-2011, 2013 University of Utah and the Flux Group.
#
# {{{GENIPUBLIC-LICENSE
#
......@@ -49,10 +49,12 @@ sub usage()
print " manageremote addgroup <remote> <gid>\n";
exit(1);
}
my $optlist = "dnf";
my $optlist = "dnfp";
my $debug = 0;
my $force = 0;
my $impotent = 0;
my $locked = 0;
my $fromdaemon = 0;
#
# Function prototypes
......@@ -62,7 +64,7 @@ sub AddUser(;$);
sub AddPeer();
sub DeleteUser();
sub ModifyUser();
sub SetGroups();
sub SetGroups(;$);
sub CrossLogin();
sub AddProject();
sub AddGroup();
......@@ -121,8 +123,11 @@ if (defined($options{"f"})) {
if (defined($options{"n"})) {
$impotent = 1;
}
if (defined($options{"p"})) {
$fromdaemon = 1;
}
usage()
if (@ARGV < 2 || @ARGV > 4);
if (@ARGV < 2 || @ARGV > 5);
my $cmd = shift(@ARGV);
my $peername = shift(@ARGV);
......@@ -170,26 +175,36 @@ my $credential = GeniCredential->GetSelfCredential($me);
if (!defined($credential)) {
fatal("Could not create self credential for $me");
}
my $authority;
#
# All operations other then AddPeer require that the peer be
# in the DB.
#
if ($cmd eq "addpeer") {
AddPeer();
exit(0);
}
else {
if ($cmd ne "addpeer") {
my $query_result =
DBQueryFatal("select name,urn from emulab_peers ".
"where name='$peername' or urn='$peername'");
fatal("Unknown peer")
if (!$query_result->numrows);
($peername,$peerurn) = $query_result->fetchrow_array();
$authority = GeniAuthority->CreateFromRegistry("sa", $peerurn);
if (!defined($authority)) {
fatal("Could not locate authority for $peername");
}
}
my $authority = GeniAuthority->CreateFromRegistry("sa", $peerurn);
if (!defined($authority)) {
fatal("Could not locate authority for $peername");
#
# All operations other then xlogin require locking to avoid a
# race with the portal_daemon.
#
if ($cmd ne "xlogin" && !$fromdaemon) {
while (TBScriptLock("portal_op", 0, 5) != TBSCRIPTLOCK_OKAY()) {
print "Could not get the lock; trying again ... ^C to stop trying.\n";
next;
}
$locked = 1;
}
#
......@@ -204,6 +219,10 @@ SWITCH: for ($cmd) {
AddUser();
last SWITCH;
};
/^addpeer$/ && do {
AddPeer();
last SWITCH;
};
/^deluser$/ && do {
DeleteUser();
last SWITCH;
......@@ -230,8 +249,12 @@ SWITCH: for ($cmd) {
};
# Default
TBScriptUnlock()
if ($locked);
usage();
}
TBScriptUnlock()
if ($locked);
exit(0);
#
......@@ -315,7 +338,7 @@ sub AddUser(;$)
}
my $urn = GeniHRN::Generate($OURDOMAIN, "user", $user->uid());
my $xmlgoo = emutil::ExecQuiet("$DUMPUSER -p $uid");
my $xmlgoo = emutil::ExecQuiet("$DUMPUSER $uid");
if ($?) {
fatal("$DUMPUSER failed");
}
......@@ -393,7 +416,7 @@ sub ModifyUser()
}
my $urn = GeniHRN::Generate($OURDOMAIN, "user", $user->uid());
my $xmlgoo = emutil::ExecQuiet("$DUMPUSER -p $uid");
my $xmlgoo = emutil::ExecQuiet("$DUMPUSER $uid");
if ($?) {
fatal("$DUMPUSER failed");
}
......@@ -568,9 +591,7 @@ sub AddProject()
" exported=now(), updated=now(), ".
" peer='$peername'");
if (!$leader_result->numrows) {
SetGroups($leader_idx);
}
SetGroups($leader_idx);
return 0;
}
......
#!/usr/bin/perl -w
#
# Copyright (c) 2000-2011 University of Utah and the Flux Group.
# Copyright (c) 2000-2012 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -287,7 +287,8 @@ if( defined( $oldkeyfile ) ) {
($encrypted ? " -passout 'pass:${sh_password}' " : " -nodes ") .
" -out syscert_req.pem $outline") == 0
or fatal("Could not create certificate request");
system("cp $oldkeyfile syscert_key.pem");
system("$OPENSSL rsa -in $oldkeyfile -out syscert_key.pem $outline") == 0
or fatal("Could not suck key out of old keyfile");
} else {
#
# Create a client side private key and certificate request.
......
#!/usr/bin/perl -w
#
# Copyright (c) 2000-2012 University of Utah and the Flux Group.
# Copyright (c) 2000-2013 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -35,11 +35,12 @@ sub usage()
print("Usage: newuser [-s] -t <type> <xmlfile>\n");
exit(-1);
}
my $optlist = "dt:ns";
my $optlist = "dt:nsp";
my $debug = 0;
my $impotent= 0;
my $type = "";
my $silent = 0;
my $portal = 0;
my @keyfiles = ();
#
......@@ -213,6 +214,11 @@ foreach my $key (keys(%required)) {
fatal("Missing required attribute '$key'")
if (! exists($xmlparse->{'attribute'}->{"$key"}));
}
#
# Always delete this. Used by the portal code but we ignore it.
#
delete($xmlparse->{'attribute'}->{"passhash"})
if (exists($xmlparse->{'attribute'}->{"passhash"}));
#
# We build up an array of arguments to pass to User->Create() as we check
......
#!/usr/bin/perl -wT
#
# Copyright (c) 2000-2012 University of Utah and the Flux Group.
# Copyright (c) 2000-2013 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -43,7 +43,7 @@ use Getopt::Std;
sub usage()
{
print("Usage: tbacct [-f] [-b] [-u] ".
"<add|del|mod|passwd|wpasswd|email|freeze|thaw|verify> ".
"<add|del|mod|passwd|wpasswd|email|freeze|thaw|verify|revoke> ".
"<user> [args]\n");
exit(-1);
}
......@@ -71,6 +71,7 @@ my $MAILMANSUPPORT= @MAILMANSUPPORT@;
my $THISHOMEBASE= "@THISHOMEBASE@";
my $PROTOUSER = 'elabman';
my $ELABINELAB = @ELABINELAB@;
my $PGENISUPPORT= @PROTOGENI_SUPPORT@;
my $GENIRACK = @PROTOGENI_GENIRACK@;
my $SAMBANODE = "fs"; # DNS makes this do the right thing in E-in-E.
......@@ -103,6 +104,7 @@ my $OPSDBCONTROL= "$TB/sbin/opsdb_control";
my $ADDHOOK = "$TB/sbin/adduserhook";
my $SETGROUPS = "$TB/sbin/setgroups";
my $NOLOGIN = "/sbin/nologin";
my $POSTCRL = "$TB/sbin/protogeni/postcrl";
my $SSH = "$TB/bin/sshtb";
my $SAVEUID = $UID;
my $NOSUCHUSER = 67;
......@@ -169,6 +171,7 @@ sub VerifyUser();
sub UpdateEmail();
sub CheckDotFiles();
sub GenerateSFSKey();
sub RevokeUser();
sub fatal($);
my $HOMEDIR = USERROOT();
......@@ -215,7 +218,7 @@ if ($user =~ /^([-\w]+)$/i) {
else {
die("Tainted argument: $user\n");
}
if ($cmd =~ /^(add|del|mod|freeze|passwd|wpasswd|thaw|email|verify)$/) {
if ($cmd =~ /^(add|del|mod|freeze|passwd|wpasswd|thaw|email|verify|revoke)$/) {
$cmd = $1;
}
else {
......@@ -338,6 +341,10 @@ SWITCH: for ($cmd) {
ThawUser();
last SWITCH;
};
/^revoke$/ && do {
RevokeUser();
last SWITCH;
};
/^verify$/ && do {
VerifyUser();
last SWITCH;
......@@ -728,6 +735,9 @@ sub UpdatePassword()
#
return 0
if (getpwuid($UID) eq "nobody");
return 0
if ($isnonlocal || $nocollabtools);
$EUID = $UID;
# And the wiki if enabled.
......@@ -760,7 +770,8 @@ sub UpdateWindowsPassword()
my $new_wpswd = shift(@ARGV);
# Lets not do this if no changes.
if ($new_wpswd eq $target_user->w_pswd()) {
if (defined($target_user->w_pswd()) &&
$new_wpswd eq $target_user->w_pswd()) {
print "Password has not changed ...\n";
return 0;
}
......@@ -875,6 +886,9 @@ sub UpdateUser(;$)
}
$UID = $SAVEUID;
return 0
if ($isnonlocal || $nocollabtools);
$EUID = $UID;
# Update elists in case email changed.
system("$MMMODIFYUSER $user")
......@@ -1056,7 +1070,7 @@ sub VerifyUser()
}
if ($target_user->status() ne USERSTATUS_NEWUSER) {
fatal("$user is not a newuser! Cannot verify the account!");
fatal("$target_user is not a newuser! Cannot verify the account!");
}
my $newstatus = ($target_user->wikionly() ?
......@@ -1071,6 +1085,31 @@ sub VerifyUser()
return 0;
}
#
# Revoke user ssl certs
#
sub RevokeUser()
{
#
# Only admin people can do this.
#
if (! TBAdmin($UID)) {
fatal("You do not have permission to thaw user $user.");
}
$target_user->RevokeSSLCerts();
if ($PGENISUPPORT) {
$UID = 0;
system("$POSTCRL");
if ($? >> 8 < 0) {
fatal("Could not post updated CRL");
}
$UID = $SAVEUID;
}
return 0;
}
#
# Check dot files. We do this over and over ...
#
......
#!/usr/bin/perl -wT
#
# Copyright (c) 2000-2012 University of Utah and the Flux Group.
# Copyright (c) 2000-2013 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -32,12 +32,13 @@ use Data::Dumper;
#
sub usage()
{
print("Usage: editnodetype [-v] <xmlfile>\n");
print("Usage: editnodetype [-v] [-p] <xmlfile>\n");
exit(-1);
}
my $optlist = "dv";
my $debug = 0;
my $verify = 0; # Check data and return status only.
my $optlist = "dvp";
my $restrict = 0;
my $debug = 0;
my $verify = 0; # Check data and return status only.
#
# Configure variables
......@@ -45,6 +46,7 @@ my $verify = 0; # Check data and return status only.
my $TB = "@prefix@";
my $TBOPS = "@TBOPSEMAIL@";
my $TBAUDIT = "@TBAUDITEMAIL@";
my $UPDATEPERMS = "$TB/sbin/update_permissions";
#
# Untaint the path
......@@ -86,6 +88,9 @@ if (defined($options{"d"})) {
if (defined($options{"v"})) {
$verify = 1;
}
if (defined($options{"p"})) {
$restrict = 1;
}
if (@ARGV != 1) {
usage();
}
......@@ -587,10 +592,17 @@ if ($new_type) {
" attrvalue='$value' ");
}
# And a group policy that prevents new type from being used.
DBQueryFatal("replace into group_policies ".
"(pid_idx, gid_idx, pid, gid, policy, auxdata, count) ".
"values (0, 0, '-', '-', 'type', '$node_type', 0)");
if ($restrict) {
# And a group policy that prevents new type from being used.
DBQueryFatal("replace into group_policies ".
"(pid_idx, gid_idx, pid, gid, policy, auxdata, count) ".
"values (0, 0, '-', '-', 'type', '$node_type', 0)");
#
# Now update the permissions table.
#
system($UPDATEPERMS);
}
}
else {
DBQueryFatal("update node_types set ".
......
#!/usr/bin/perl -wT
#
# Copyright (c) 2000-2012 University of Utah and the Flux Group.
# Copyright (c) 2000-2013 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -183,6 +183,8 @@ my %xmlfields =
"user_interface" => ["user_interface", $SLOT_OPTIONAL],
"pubkeys" => ["pubkeys", $SLOT_SKIP],
"wikiname" => ["pubkeys", $SLOT_SKIP],
# The portal code sets this, we ignore it here.
"passhash" => ["passhash", $SLOT_SKIP],
# These are alternates.
"name" => ["usr_name", $SLOT_OPTIONAL],
"title" => ["usr_title", $SLOT_OPTIONAL],
......
#!/usr/bin/perl -wT
#
# Copyright (c) 2011 University of Utah and the Flux Group.
# Copyright (c) 2011-2013 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -176,6 +176,7 @@ my %nodefields =
"node_id" => ["node_id", $SLOT_OPTIONAL, undef],
"type" => ["type", $SLOT_OPTIONAL, undef],
"IP" => ["IP", $SLOT_OPTIONAL, undef],
"role" => ["role", $SLOT_OPTIONAL, undef],
"identifier" => ["identifier", $SLOT_OPTIONAL, undef]);
my %ifacefields =
......
......@@ -4935,6 +4935,7 @@ outfiles="Makeconf GNUmakefile setversion \
tmcc/freebsd/init/7/GNUmakefile \
tmcc/freebsd/init/8/GNUmakefile \
tmcc/freebsd/init/9/GNUmakefile \
tmcc/freebsd/init/10/GNUmakefile \
tmcc/freebsd/supfile tmcc/freebsd/sethostname \
tmcc/linux/GNUmakefile tmcc/linux/supfile \
tmcc/linux/sethostname.dhclient \
......
#
# Copyright (c) 2000-2012 University of Utah and the Flux Group.
# Copyright (c) 2000-2013 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -260,6 +260,7 @@ outfiles="Makeconf GNUmakefile setversion \
tmcc/freebsd/init/7/GNUmakefile \
tmcc/freebsd/init/8/GNUmakefile \
tmcc/freebsd/init/9/GNUmakefile \
tmcc/freebsd/init/10/GNUmakefile \
tmcc/freebsd/supfile tmcc/freebsd/sethostname \
tmcc/linux/GNUmakefile tmcc/linux/supfile \
tmcc/linux/sethostname.dhclient \
......
#!/usr/bin/perl -w -T
#
# Copyright (c) 2000-2012 University of Utah and the Flux Group.
# Copyright (c) 2000-2013 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -1091,8 +1091,9 @@ sub loss_test {
&get_loss_sample_size($edge) .
", time=" .
LOSS_TEST_DURATION . "s, psize=20)");
} elsif ($platform eq LINUX &&
$hostmap{$hostname}->isvnode) {
} elsif (!$high_priority ||
($platform eq LINUX &&
$hostmap{$hostname}->isvnode)) {
&my_system($PATH_RUDE,"-s", RUDE_CFG, $rude_arg);
} else {
&my_system($PATH_RUDE,"-s", RUDE_CFG, "-P", RUDE_PRI,
......@@ -1485,7 +1486,7 @@ sub link_rtt {
} else {
$bwthresh = 10000000;
}
if ($edge->bw < $bwthresh) {
if ($edge->bw > 0 && $edge->bw < $bwthresh) {
$u += (1000 * $bits_per_packet / $edge->bw);
}
......@@ -1495,7 +1496,7 @@ sub link_rtt {
} else {
$bwthresh = 10000000;
}
if ($other_edge->bw < $bwthresh) {
if ($other_edge->bw > 0 && $other_edge->bw < $bwthresh) {
$u += (1000 * $bits_per_packet / $other_edge->bw);
}
......@@ -1571,7 +1572,8 @@ sub latency_test {
# call ping_node with ttl=1
my ($result_cnt, $sample_avg, $sample_dev) =
&ping_node($edge->dst . "-" . $edge->name,
1, undef, $ptimo);
$edge->mpxstyle eq "gre" ? 2 : 1,
undef, $ptimo);
if ($reportonly) {
my $u = &link_rtt($edge, $other_edge);
......@@ -1694,7 +1696,7 @@ sub bw_test {
# add 10 percent.
my $bw = 0;
if (defined($edge) && defined($redge)) {
if (defined($edge) && defined($redge) && $edge->mpxstyle ne "gre") {
if($hostname eq $edge->dst) {
#
# iperf does a twoway test.
......@@ -1809,7 +1811,9 @@ sub bw_test {
# how long til we hit the wire and add that to the RTT.
#
my $psize = (&header_size($edge) + IPERF_PKTSIZE) * 8;
$minacktime += (($psize * 50/2) / $edge->bw) * 1000;
if ($edge->bw > 0) {
$minacktime += (($psize * 50/2) / $edge->bw) * 1000;
}
$minacktime = int($minacktime);
# must not be less than RTT or clock resolution
......@@ -1873,6 +1877,7 @@ sub bw_test {
$trun++;
}
&barrier();
sleep(5);
}
# read the log file.
......
/*
* Copyright (c) 2000-2011 University of Utah and the Flux Group.
* Copyright (c) 2000-2013 University of Utah and the Flux Group.
*
* {{{EMULAB-LICENSE
*
......@@ -611,7 +611,7 @@ main(int argc, char **argv)
sp.sched_priority = sched_get_priority_max(SCHED_FIFO);
if (sched_setscheduler(0, SCHED_FIFO, &sp) < 0) {
pwarning("main: cannot set real-time priority\n");
pwarning("main: cannot set real-time priority");
}
}
#endif
......
/*
* Copyright (c) 2000-2011 University of Utah and the Flux Group.
* Copyright (c) 2000-2013 University of Utah and the Flux Group.
*
* {{{EMULAB-LICENSE
*
......@@ -78,7 +78,7 @@ char emulab_event_library_buildinfo[] =
static int event_notification_check_hmac(event_handle_t handle,
event_notification_t notification);
static char hostname[MAXHOSTNAMELEN];
static char hostname[MAXHOSTNAMELEN+1];
static char ipaddr[32];
/*
......@@ -180,25 +180,42 @@ event_register_withkeydata_withretry(char *name, int threaded,
char *sstr = 0, *pstr = 0, *cp;
int port = PUBSUB_SERVER_PORTNUM;
if (gethostname(hostname, MAXHOSTNAMELEN) == -1) {
/*
* So, this might fail if the hostame is too long, but lets not
* give up; we can still get our IP on experimental nodes.
*/
if (gethostname(hostname, sizeof(hostname)) == -1) {
ERROR("could not get hostname: %s\n", strerror(errno));
return 0;
bzero(hostname, sizeof(hostname));
}
/*
* Make sure hostname is qualified, else we could get the
* IP of an experimental interface. Just clear the hostname
* so that we use the fallback method below. This should never