Commit d8b17f2c authored by Leigh B. Stoller's avatar Leigh B. Stoller

Another little hack for Mike; Add a "lockdown" bit to the experiments

table that will prevent an experiment from being swapped/modified. The
toggle is on the showexp page, and the toggle is *not* admin
over-ridable; you must turn the toggle off (and of course, you must be
an admin to do that).
parent 78350a54
...@@ -378,6 +378,7 @@ CREATE TABLE experiments ( ...@@ -378,6 +378,7 @@ CREATE TABLE experiments (
security_level tinyint(1) NOT NULL default '0', security_level tinyint(1) NOT NULL default '0',
paniced tinyint(1) NOT NULL default '0', paniced tinyint(1) NOT NULL default '0',
panic_date datetime default NULL, panic_date datetime default NULL,
lockdown tinyint(1) NOT NULL default '0',
PRIMARY KEY (eid,pid), PRIMARY KEY (eid,pid),
KEY idx (idx), KEY idx (idx),
KEY batchmode (batchmode) KEY batchmode (batchmode)
......
...@@ -2333,3 +2333,8 @@ last_net_act,last_cpu_act,last_ext_act); ...@@ -2333,3 +2333,8 @@ last_net_act,last_cpu_act,last_ext_act);
KEY node_id (node_id) KEY node_id (node_id)
) TYPE=MyISAM; ) TYPE=MyISAM;
1.301: Add a "lockdown" bit to the experiments table to prevent
accidental swaps, even by admin people.
alter table experiments add lockdown tinyint(1) NOT NULL \
default '0' after security_level;
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
# #
# EMULAB-COPYRIGHT # EMULAB-COPYRIGHT
# Copyright (c) 2000-2004 University of Utah and the Flux Group. # Copyright (c) 2000-2005 University of Utah and the Flux Group.
# All rights reserved. # All rights reserved.
# #
...@@ -333,6 +333,7 @@ my $idleswaptime= $hashrow{'idleswap_timeout'} / 60.0; ...@@ -333,6 +333,7 @@ my $idleswaptime= $hashrow{'idleswap_timeout'} / 60.0;
my $autoswaptime= $hashrow{'autoswap_timeout'} / 60.0; my $autoswaptime= $hashrow{'autoswap_timeout'} / 60.0;
my $rendering = $hashrow{'prerender_pid'}; my $rendering = $hashrow{'prerender_pid'};
my $elabinelab = $hashrow{'elab_in_elab'}; my $elabinelab = $hashrow{'elab_in_elab'};
my $lockdown = $hashrow{'lockdown'};
if ($inout ne "out") { if ($inout ne "out") {
# I'm going to update this below, so fix the value before I use it. # I'm going to update this below, so fix the value before I use it.
...@@ -369,6 +370,10 @@ if ($batch) { ...@@ -369,6 +370,10 @@ if ($batch) {
if (!defined($expt_locked) || if (!defined($expt_locked) ||
$batchstate ne BATCHSTATE_LOCKED()); $batchstate ne BATCHSTATE_LOCKED());
die("*** $0:\n".
" Batch experiment $pid/$eid is locked down; cannot be swapped!\n")
if ($lockdown);
if ($inout eq "in") { if ($inout eq "in") {
die("*** $0:\n". die("*** $0:\n".
" Batch experiment $pid/$eid is not in the proper state!\n". " Batch experiment $pid/$eid is not in the proper state!\n".
...@@ -400,6 +405,9 @@ else { ...@@ -400,6 +405,9 @@ else {
ExitWithStatus(1, "Batch experiment $pid/$eid is still canceling!") ExitWithStatus(1, "Batch experiment $pid/$eid is still canceling!")
if ($canceled); if ($canceled);
ExitWithStatus(1, "Batch experiment $pid/$eid is locked down!")
if ($lockdown);
if ($inout eq "in") { if ($inout eq "in") {
ExitWithStatus(1, ExitWithStatus(1,
"Batch experiment $pid/$eid must be SWAPPED to\n". "Batch experiment $pid/$eid must be SWAPPED to\n".
...@@ -479,10 +487,13 @@ else { ...@@ -479,10 +487,13 @@ else {
"Experiment $pid/$eid is an active ElabInElab.\n". "Experiment $pid/$eid is an active ElabInElab.\n".
"You cannot modify this type of experiment while it\n". "You cannot modify this type of experiment while it\n".
"is swapped in. We hope to support this soon.\n") "is swapped in. We hope to support this soon.\n")
if ($inout eq "modify" && if ($inout eq "modify" && $elabinelab &&
($elabinelab || defined($elabinelab_eid)) &&
$estate ne EXPTSTATE_SWAPPED()); $estate ne EXPTSTATE_SWAPPED());
ExitWithStatus(1,
"Experiment $pid/$eid is locked down; cannot swap!\n")
if ($lockdown);
# #
# Check the state for the various operations. # Check the state for the various operations.
# #
......
...@@ -1917,6 +1917,22 @@ function TBWebCamAllowed($uid) { ...@@ -1917,6 +1917,22 @@ function TBWebCamAllowed($uid) {
return mysql_num_rows($query_result); return mysql_num_rows($query_result);
} }
#
# Return lockeddown bit
#
function TBExptLockedDown($pid, $eid)
{
$query_result =
DBQueryFatal("select lockdown from experiments ".
"where pid='$pid' and eid='$eid'");
if (!$query_result || !mysql_num_rows($query_result))
return 0;
$row = mysql_fetch_array($query_result);
return $row[0];
}
# #
# DB Interface. # DB Interface.
# #
......
<?php <?php
# #
# EMULAB-COPYRIGHT # EMULAB-COPYRIGHT
# Copyright (c) 2000-2004 University of Utah and the Flux Group. # Copyright (c) 2000-2005 University of Utah and the Flux Group.
# All rights reserved. # All rights reserved.
# #
include("defs.php3"); include("defs.php3");
...@@ -49,6 +49,12 @@ if (! TBExptGroup($exp_pid, $exp_eid, $exp_gid)) { ...@@ -49,6 +49,12 @@ if (! TBExptGroup($exp_pid, $exp_eid, $exp_gid)) {
"in project $exp_pid.", 1); "in project $exp_pid.", 1);
} }
$query_result =
DBQueryFatal("select lockdown FROM experiments WHERE ".
"eid='$exp_eid' and pid='$exp_pid'");
$row = mysql_fetch_array($query_result);
$lockdown = $row["lockdown"];
# #
# Verify permissions. # Verify permissions.
# #
...@@ -60,7 +66,13 @@ echo "<font size=+2>Experiment <b>". ...@@ -60,7 +66,13 @@ echo "<font size=+2>Experiment <b>".
"<a href='showproject.php3?pid=$exp_pid'>$exp_pid</a>/". "<a href='showproject.php3?pid=$exp_pid'>$exp_pid</a>/".
"<a href='showexp.php3?pid=$exp_pid&eid=$exp_eid'>$exp_eid</a>". "<a href='showexp.php3?pid=$exp_pid&eid=$exp_eid'>$exp_eid</a>".
"</b></font>\n"; "</b></font>\n";
# A locked down experiment means just that!
if ($lockdown) {
echo "<br><br>\n";
USERERROR("Cannot proceed; the experiment is locked down!", 1);
}
# #
# We run this twice. The first time we are checking for a confirmation # We run this twice. The first time we are checking for a confirmation
# by putting up a form. The next time through the confirmation will be # by putting up a form. The next time through the confirmation will be
......
<?php <?php
# #
# EMULAB-COPYRIGHT # EMULAB-COPYRIGHT
# Copyright (c) 2000-2004 University of Utah and the Flux Group. # Copyright (c) 2000-2005 University of Utah and the Flux Group.
# All rights reserved. # All rights reserved.
# #
include("defs.php3"); include("defs.php3");
...@@ -77,6 +77,12 @@ if (! TBExptAccessCheck($uid, $pid, $eid, $TB_EXPT_MODIFY)) { ...@@ -77,6 +77,12 @@ if (! TBExptAccessCheck($uid, $pid, $eid, $TB_EXPT_MODIFY)) {
USERERROR("You do not have permission to modify this experiment.", 1); USERERROR("You do not have permission to modify this experiment.", 1);
} }
if (TBExptLockedDown($pid, $eid)) {
# Netbuild requires the following line.
echo "\n\n<!-- NetBuild! No permission to modify -->\n\n";
USERERROR("Cannot proceed; experiment is locked down!", 1);
}
$expstate = TBExptState($pid, $eid); $expstate = TBExptState($pid, $eid);
if (strcmp($expstate, $TB_EXPTSTATE_ACTIVE) && if (strcmp($expstate, $TB_EXPTSTATE_ACTIVE) &&
......
<?php <?php
# #
# EMULAB-COPYRIGHT # EMULAB-COPYRIGHT
# Copyright (c) 2000-2004 University of Utah and the Flux Group. # Copyright (c) 2000-2005 University of Utah and the Flux Group.
# All rights reserved. # All rights reserved.
# #
include("defs.php3"); include("defs.php3");
...@@ -60,7 +60,8 @@ if (! TBExptAccessCheck($uid, $exp_pid, $exp_eid, $TB_EXPT_READINFO)) { ...@@ -60,7 +60,8 @@ if (! TBExptAccessCheck($uid, $exp_pid, $exp_eid, $TB_EXPT_READINFO)) {
# #
$query_result = $query_result =
DBQueryFatal("select e.idx,e.state,e.batchmode,e.linktest_pid,". DBQueryFatal("select e.idx,e.state,e.batchmode,e.linktest_pid,".
" e.paniced,e.panic_date,s.rsrcidx,r.wirelesslans ". " e.paniced,e.panic_date,s.rsrcidx,r.wirelesslans, ".
" e.lockdown ".
" from experiments as e ". " from experiments as e ".
"left join experiment_stats as s on s.exptidx=e.idx ". "left join experiment_stats as s on s.exptidx=e.idx ".
"left join experiment_resources as r on s.rsrcidx=r.idx ". "left join experiment_resources as r on s.rsrcidx=r.idx ".
...@@ -74,6 +75,7 @@ $wireless = $row["wirelesslans"]; ...@@ -74,6 +75,7 @@ $wireless = $row["wirelesslans"];
$linktest_running = $row["linktest_pid"]; $linktest_running = $row["linktest_pid"];
$paniced = $row["paniced"]; $paniced = $row["paniced"];
$panic_date = $row["panic_date"]; $panic_date = $row["panic_date"];
$lockdown = $row["lockdown"];
# #
# Get a list of node types and classes in this experiment # Get a list of node types and classes in this experiment
...@@ -114,48 +116,51 @@ if ($expstate) { ...@@ -114,48 +116,51 @@ if ($expstate) {
WRITESUBMENUBUTTON("Download NS File", WRITESUBMENUBUTTON("Download NS File",
"spitnsdata.php3?pid=$exp_pid&eid=$exp_eid"); "spitnsdata.php3?pid=$exp_pid&eid=$exp_eid");
# Swap option. if (!$lockdown) {
if ($isbatch) { # Swap option.
if ($expstate == $TB_EXPTSTATE_SWAPPED) { if ($isbatch) {
WRITESUBMENUBUTTON("Queue Batch Experiment", if ($expstate == $TB_EXPTSTATE_SWAPPED) {
"swapexp.php3?inout=in&pid=$exp_pid&eid=$exp_eid"); WRITESUBMENUBUTTON("Queue Batch Experiment",
"swapexp.php3?inout=in&pid=$exp_pid&eid=$exp_eid");
}
elseif ($expstate == $TB_EXPTSTATE_ACTIVE ||
$expstate == $TB_EXPTSTATE_ACTIVATING) {
WRITESUBMENUBUTTON("Stop Batch Experiment",
"swapexp.php3?inout=out&pid=$exp_pid&eid=$exp_eid");
}
elseif ($expstate == $TB_EXPTSTATE_QUEUED) {
WRITESUBMENUBUTTON("Dequeue Batch Experiment",
"swapexp.php3?inout=pause&pid=$exp_pid&eid=$exp_eid");
}
} }
elseif ($expstate == $TB_EXPTSTATE_ACTIVE || else {
$expstate == $TB_EXPTSTATE_ACTIVATING) { if ($expstate == $TB_EXPTSTATE_SWAPPED) {
WRITESUBMENUBUTTON("Stop Batch Experiment", WRITESUBMENUBUTTON("Swap Experiment In",
"swapexp.php3?inout=out&pid=$exp_pid&eid=$exp_eid"); "swapexp.php3?inout=in&pid=$exp_pid&eid=$exp_eid");
}
elseif ($expstate == $TB_EXPTSTATE_ACTIVE ||
($expstate == $TB_EXPTSTATE_PANICED && $isadmin)) {
WRITESUBMENUBUTTON("Swap Experiment Out",
"swapexp.php3?inout=out&pid=$exp_pid&eid=$exp_eid");
}
elseif ($expstate == $TB_EXPTSTATE_ACTIVATING) {
WRITESUBMENUBUTTON("Cancel Experiment Swapin",
"swapexp.php3?inout=out".
"&pid=$exp_pid&eid=$exp_eid");
}
} }
elseif ($expstate == $TB_EXPTSTATE_QUEUED) {
WRITESUBMENUBUTTON("Dequeue Batch Experiment", if ($expstate != $TB_EXPTSTATE_PANICED) {
"swapexp.php3?inout=pause&pid=$exp_pid&eid=$exp_eid"); WRITESUBMENUBUTTON("Terminate Experiment",
} "endexp.php3?pid=$exp_pid&eid=$exp_eid");
}
else {
if ($expstate == $TB_EXPTSTATE_SWAPPED) {
WRITESUBMENUBUTTON("Swap Experiment In",
"swapexp.php3?inout=in&pid=$exp_pid&eid=$exp_eid");
}
elseif ($expstate == $TB_EXPTSTATE_ACTIVE ||
($expstate == $TB_EXPTSTATE_PANICED && $isadmin)) {
WRITESUBMENUBUTTON("Swap Experiment Out",
"swapexp.php3?inout=out&pid=$exp_pid&eid=$exp_eid");
}
elseif ($expstate == $TB_EXPTSTATE_ACTIVATING) {
WRITESUBMENUBUTTON("Cancel Experiment Swapin",
"swapexp.php3?inout=out".
"&pid=$exp_pid&eid=$exp_eid");
} }
}
if ($expstate != $TB_EXPTSTATE_PANICED) {
WRITESUBMENUBUTTON("Terminate Experiment",
"endexp.php3?pid=$exp_pid&eid=$exp_eid");
}
# Batch experiments can be modifed only when paused. # Batch experiments can be modifed only when paused.
if ($expstate == $TB_EXPTSTATE_SWAPPED || if ($expstate == $TB_EXPTSTATE_SWAPPED ||
(!$isbatch && $expstate == $TB_EXPTSTATE_ACTIVE)) { (!$isbatch && $expstate == $TB_EXPTSTATE_ACTIVE)) {
WRITESUBMENUBUTTON("Modify Experiment", WRITESUBMENUBUTTON("Modify Experiment",
"modifyexp.php3?pid=$exp_pid&eid=$exp_eid"); "modifyexp.php3?pid=$exp_pid&eid=$exp_eid");
}
} }
if ($expstate == $TB_EXPTSTATE_ACTIVE) { if ($expstate == $TB_EXPTSTATE_ACTIVE) {
......
<?php <?php
# #
# EMULAB-COPYRIGHT # EMULAB-COPYRIGHT
# Copyright (c) 2000-2004 University of Utah and the Flux Group. # Copyright (c) 2000-2005 University of Utah and the Flux Group.
# All rights reserved. # All rights reserved.
# #
# #
...@@ -633,6 +633,7 @@ function SHOWEXP($pid, $eid, $short = 0, $sortby = "") { ...@@ -633,6 +633,7 @@ function SHOWEXP($pid, $eid, $short = 0, $sortby = "") {
$usemodelnet = $exprow["usemodelnet"]; $usemodelnet = $exprow["usemodelnet"];
$mnet_cores = $exprow["modelnet_cores"]; $mnet_cores = $exprow["modelnet_cores"];
$mnet_edges = $exprow["modelnet_edges"]; $mnet_edges = $exprow["modelnet_edges"];
$lockdown = $exprow["lockdown"];
$autoswap_hrs= ($autoswap_timeout/60.0); $autoswap_hrs= ($autoswap_timeout/60.0);
$idleswap_hrs= ($idleswap_timeout/60.0); $idleswap_hrs= ($idleswap_timeout/60.0);
...@@ -827,8 +828,17 @@ function SHOWEXP($pid, $eid, $short = 0, $sortby = "") { ...@@ -827,8 +828,17 @@ function SHOWEXP($pid, $eid, $short = 0, $sortby = "") {
<td class=\"left\">$lastswapreq</td> <td class=\"left\">$lastswapreq</td>
</tr>\n"; </tr>\n";
} }
$lockflip = ($lockdown ? 0 : 1);
$lockval = ($lockdown ? "Yes" : "No");
echo "<tr>
<td>Locked Down:</td>
<td>$lockval (<a href=toggle.php?pid=$pid&eid=$eid".
"&type=lockdown&value=$lockflip>Toggle</a>)
</td>
</tr>\n";
} }
if ($batchmode) { if ($batchmode) {
echo "<tr> echo "<tr>
<td>Batch Mode: </td> <td>Batch Mode: </td>
......
<?php <?php
# #
# EMULAB-COPYRIGHT # EMULAB-COPYRIGHT
# Copyright (c) 2000-2004 University of Utah and the Flux Group. # Copyright (c) 2000-2005 University of Utah and the Flux Group.
# All rights reserved. # All rights reserved.
# #
include("defs.php3"); include("defs.php3");
...@@ -85,6 +85,7 @@ $swappable = $row[swappable]; ...@@ -85,6 +85,7 @@ $swappable = $row[swappable];
$idleswap_bit = $row[idleswap]; $idleswap_bit = $row[idleswap];
$idleswap_time = $row[idleswap_timeout]; $idleswap_time = $row[idleswap_timeout];
$idlethresh = min($idleswap_time/60.0,TBGetSiteVar("idle/threshold")); $idlethresh = min($idleswap_time/60.0,TBGetSiteVar("idle/threshold"));
$lockdown = $row["lockdown"];
# #
# Verify permissions. # Verify permissions.
...@@ -125,6 +126,12 @@ echo "<font size=+2>Experiment <b>". ...@@ -125,6 +126,12 @@ echo "<font size=+2>Experiment <b>".
"<a href='showproject.php3?pid=$pid'>$pid</a>/". "<a href='showproject.php3?pid=$pid'>$pid</a>/".
"<a href='showexp.php3?pid=$pid&eid=$eid'>$eid</a></b></font>\n"; "<a href='showexp.php3?pid=$pid&eid=$eid'>$eid</a></b></font>\n";
# A locked down experiment means just that!
if ($lockdown) {
echo "<br><br>\n";
USERERROR("Cannot proceed; the experiment is locked down!", 1);
}
# #
# We run this twice. The first time we are checking for a confirmation # We run this twice. The first time we are checking for a confirmation
# by putting up a form. The next time through the confirmation will be # by putting up a form. The next time through the confirmation will be
......
<?php <?php
# #
# EMULAB-COPYRIGHT # EMULAB-COPYRIGHT
# Copyright (c) 2000-2003 University of Utah and the Flux Group. # Copyright (c) 2000-2003, 2005 University of Utah and the Flux Group.
# All rights reserved. # All rights reserved.
# #
include("defs.php3"); include("defs.php3");
...@@ -20,17 +20,20 @@ include("defs.php3"); ...@@ -20,17 +20,20 @@ include("defs.php3");
# #
$uid = GETLOGIN(); $uid = GETLOGIN();
LOGGEDINORDIE($uid, CHECKLOGIN_USERSTATUS|CHECKLOGIN_WEBONLY); LOGGEDINORDIE($uid, CHECKLOGIN_USERSTATUS|CHECKLOGIN_WEBONLY);
$isadmin = ISADMIN($uid);
# List of valid toggles # List of valid toggles
$toggles = array("adminoff", "webfreeze"); $toggles = array("adminoff", "webfreeze", "lockdown");
# list of valid values for each toggle # list of valid values for each toggle
$values = array("adminoff" => array(0,1), $values = array("adminoff" => array(0,1),
"webfreeze" => array(0,1)); "webfreeze" => array(0,1),
"lockdown" => array(0,1));
# list of valid extra variables for the each toggle, and mandatory flag. # list of valid extra variables for the each toggle, and mandatory flag.
$optargs = array("adminoff" => array("target_uid" => 0), $optargs = array("adminoff" => array("target_uid" => 0),
"webfreeze" => array("target_uid" => 1)); "webfreeze" => array("target_uid" => 1),
"lockdown" => array("pid" => 1, "eid" => 1));
# Mandatory page arguments. # Mandatory page arguments.
$type = $_GET['type']; $type = $_GET['type'];
...@@ -92,6 +95,17 @@ elseif ($type == "webfreeze") { ...@@ -92,6 +95,17 @@ elseif ($type == "webfreeze") {
DBQueryFatal("update users set weblogin_frozen='$value' ". DBQueryFatal("update users set weblogin_frozen='$value' ".
"where uid='$target_uid'"); "where uid='$target_uid'");
} }
elseif ($type == "lockdown") {
# must be admin
if (! $isadmin) {
USERERROR("You do not have permission to toggle $type!", 1);
}
if (!TBValidExperiment($pid, $eid)) {
PAGEARGERROR("Experiment $pid/$eid is not a valid experiment!");
}
DBQueryFatal("update experiments set lockdown='$value' ".
"where pid='$pid' and eid='$eid'");
}
else { else {
USERERROR("Nobody has permission to toggle $type!", 1); USERERROR("Nobody has permission to toggle $type!", 1);
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment