1. 01 Dec, 2003 1 commit
    • Leigh B. Stoller's avatar
      Fix glitch with switching between browsers. Stems from the goal of not · 0efa7677
      Leigh B. Stoller authored
      switching the menu when user switches between http and https (since
      the secret cookie is not transferred in http, we have no way of
      actually knowing the user is logged in from the browser). So, add
      another cookie that is a crc32 hash of the real cookie, and trasnfer
      that in http mode. A valid crc32 hash simply indicates that the user
      is almost certainly logged in from the browser (but does not impart
      any privs until we get the real cookie), while the absence of the
      crc32 or a mismatch indicates that user is almost certainly *not*
      logged in from the browser, and so we draw the usual "not logged in"
      page.
      0efa7677
  2. 26 Nov, 2003 1 commit
  3. 18 Nov, 2003 1 commit
  4. 17 Nov, 2003 1 commit
    • Leigh B. Stoller's avatar
      Add web login attack detection/prevention. Two changes: · b1de9fb2
      Leigh B. Stoller authored
      * Add slots to users table to track number of failures in the last N
        seconds. If a threshold is passed (currently 4 failures in the last
        minute), the web login is disabled. Note that I do not disable the
        ops shell login at this time. Aging is passive; the values are cleared
        when login is successful, or when more then one minute has passed
        since the last failure. In other words, a burst of failures will
        disable the login, but failures over time are okay.
      
      * Add login_failures table to do exactly the same as above, except it
        is on an IP basis (REMOTE_ADDR in the server). Currently the
        threshold is 8 failures in the last two minutes, at which time all
        logins from that IP are disabled.
      
      In both cases email is sent to tbops (and the user).
      
      The constants are defined at the top of www/tbauth.in, rather then as
      site variables, to avoid pounding the DB when an attack is being
      launched.
      
      To clear a user freeze, go to the user profile page and use the
      "toggle" near the bottom.
      
      To clear an IP freeze: delete from login_failures were IP='1.1.1.1'
      b1de9fb2
  5. 10 Nov, 2003 1 commit
  6. 09 Nov, 2003 1 commit
    • Leigh B. Stoller's avatar
      More security hacking. · 754d8013
      Leigh B. Stoller authored
      * Add TBvalid_uid() function to regex uid's. To be used throughout the
        system. Eventually add routines for checking other things like pids
        and eids, etc.
      
      * Regex the uid value we get from the cookie, and switch to $_COOKIE
        superglobal.
      
      * Strict regex checking in DOLOGIN() of uid.
      
      * Change login.php to use superglobals, and general tightening of
        parameter checking.
      754d8013
  7. 06 Jun, 2003 1 commit
    • Chad Barb's avatar
      · 2fad09a4
      Chad Barb authored
      NetBuild modify. Woot.
      
      Available only to admins for now.
      
      Link is available off "modify experiment page" in admin mode.
      2fad09a4
  8. 04 Jun, 2003 1 commit
  9. 15 May, 2003 1 commit
    • Mac Newbold's avatar
      Fix the relogin stuff according to a couple of requests: · 37db313e
      Mac Newbold authored
       - Don't use the image, just use a text link. (Note: the text link in the
         middle is different than the button link on the left, since the button
         doesn't set refer=1.) (From Rob/Chad)
       - Don't jump back into admin mode just because I was before. Let it dump
         me back to green dot when I log back in. (From Leigh)
      37db313e
  10. 05 May, 2003 1 commit
    • Mac Newbold's avatar
      Fix a nit and a long-standing bug. · 668287a2
      Mac Newbold authored
      If I was red dot when my login timed out (or whatever) the login link
      should go back to admin mode after I log in.
      
      The bug was that by the time I get into loggedinordie, if my login isn't
      valid, getuid fails, and uid is "", instead of what the cookie said. This
      caused it always just to say "You do not appear to be logged in!" instead
      of the real error (ie timed out, etc). So if uid=="", grab the uid from
      the cookie instead of checking things for nobody.
      668287a2
  11. 01 May, 2003 2 commits
  12. 28 Apr, 2003 1 commit
    • Leigh B. Stoller's avatar
      Add support for new {user,group,project,experiment}_stats tables. · 5e5508bf
      Leigh B. Stoller authored
      The first three are aggregate tables, while the experiment stats table
      gets a record for each new experiment, and is updated when an
      experiment is swapped in/out/modify or terminated. Look at the table
      to see what is tracked. Once the experiment_stats record is updated,
      the aggregate tables are updated as necessary. There are a bunch of
      ugly changes to assign_wrapper to get the stats. Note that pnodes is
      not incremented until an experiment sucessfully swaps in. This is in
      leu of getting status codes; I'm not tracking failed operations yet,
      nor creating the log file that Jay wants. I'll do that in the next
      round of changes when we see how useful these numbers are.
      
      Most of the changes are to create/delete table entries where
      appropriate, and to display the records. Display is only under admin
      mode, and the display is raw; just a dump of the assoc tables in php.
      The last 100 experiment stats records are available via the Experiment
      List page, using the "Stats" show option at the top. Bad place, but
      will do for now.
      5e5508bf
  13. 25 Apr, 2003 3 commits
  14. 14 Apr, 2003 1 commit
  15. 11 Apr, 2003 3 commits
    • Mac Newbold's avatar
      s/admininstrator/administrator/gi · e9dc17ac
      Mac Newbold authored
      e9dc17ac
    • Chad Barb's avatar
      · a0248828
      Chad Barb authored
      Added site variables ('sitevars').
      These are stored in the sitevariables database table.
      Each one has a name, a description (NOT OPTIONAL!), a
      default value, and a current value.
      If the current value is NULL, the default value is used.
      
      Soon, a mechanism will be added to the install process to
      ensure all needed site variables exist before installing;
      more on that when it is committed.
      
       - Added 'editsitevars.php3' page, accessable to admins
         via the 'Edit Site Variables' menu option.
      
       - Added 'setsitevar' script,
         an interface for listing, viewing in detail, and setting
         site variables.
      
       - Web interface now uses 'web/nologins' and 'web/message'
         instead of one-off database tables.
      
      NOTE that setting a variable to the default value and
      setting a variable to a value which is string-identical
      are NOT the same thing.
      (This doesn't matter yet, but when we push default values out to
       remote sites as part of our install, it will.)
      a0248828
    • Mac Newbold's avatar
      Make a global ADMINMODE var, for use when you don't have a uid handy · ca0afe8a
      Mac Newbold authored
      to call ISADMIN(uid) with.
      ca0afe8a
  16. 13 Feb, 2003 1 commit
    • Leigh B. Stoller's avatar
      Move construction of defaults array up so that it can be used to · a84849f0
      Leigh B. Stoller authored
      determine if the user actually changed anything that requires a
      callout to the scripts, and to determine if email needs to be sent.
      Remove change password indicator since the audit list sees that anyway
      via new "tbacct passwd" command. Change BCC/CC on the email. The
      informative email goes to the user only now (audit list gets the
      script mail), but CC audit whenever the email address is changed.
      a84849f0
  17. 09 Dec, 2002 2 commits
  18. 15 Aug, 2002 1 commit
  19. 26 Jul, 2002 1 commit
  20. 07 Jul, 2002 1 commit
  21. 13 Jun, 2002 1 commit
  22. 12 Jun, 2002 1 commit
  23. 07 Jun, 2002 1 commit
  24. 04 Jun, 2002 1 commit
  25. 29 May, 2002 1 commit
    • Leigh B. Stoller's avatar
      A couple of small changes to prevent the "No Data" errors that · 86c0ffa5
      Leigh B. Stoller authored
      netscape gives when logged in using another browser. Most of the
      problems stems from the desire to allow users to refer to the main
      page in http mode even when logged in. I want to draw the menu as if
      logged in, but have the actual pages demand https mode. I'm also
      trying to catch the case where users have turned off cookies. I think
      Mac's idea is the way to go, but I don't want to mess with it right
      now. These changes will avoid the worst problem.
      86c0ffa5
  26. 22 May, 2002 1 commit
    • Leigh B. Stoller's avatar
      A large set of authorization changes. · d2360b6d
      Leigh B. Stoller authored
      * Cleanup! A lot of the structure derived from the early frame days,
        which had a noticable (and bad) effect on how I wrote the stuff.  I
        cleaned up most of that yuckyness.
      
      * In process, optimize a little bit on the queries. The old code did
        about 9 queries just to write out the menu options, and then
        repeated most of those queries again in the page guts. I've
        consolidated the queries as much as possible (to 3) and cache all
        the results.
      
      * Fix up problem with users who forget their passwords before
        verification. Basically, I fixed the more general problem of not
        being able to update your user info before verification/approval;
        users now get that menu option no matter their status.
      
      * Fix up problem of users being able to access pages before
        verification (but after approval) by going around the menu options.
        The page level check (after the menu is drawn) now checks all
        conditions (password expired, unverified, unapproved, timedout, and
        also nologins()).
      
      * Minor change in approveuser; do not show the new account to the
        project leader until the new user has verified his account.
      
      * Change verification method, as reqwuested by Dave.  In addition to
        providing the key, also provide a web link to take the user straight
        to verification. I actually take them direct to the login page, and
        pass the key in as an argument. If the user is already logged in,
        bypass and go directly to the verify page (not the form page of
        course).  If the user is not logged in, let him log in, and then
        forward the key onward to the verify page. Basically, bypass the
        form all the time, and just do the verification.
      
      * Minor change in showuser; Do not show pid/groups not approved in,
        and if the count is zero, do not draw the table headings.
      d2360b6d
  27. 14 Feb, 2002 1 commit
    • Leigh B. Stoller's avatar
      A morass of form changes. The main goals are to avoid the loss of info · 9ac3d870
      Leigh B. Stoller authored
      when backing up (cause of an error that needs to be fixed) since not
      all browsers handle this the same. Instead, redraw the form with all
      of the original info and a list of error messages at the top.
      Conceptually simple change, but it turns out to be a pain to implement
      since you need to combine the form and processing code in one page
      (well, its just a lot easier to do that), and then change all of the
      forms to deal with a "default" value. That is, each different kind of
      input tag (text, radio, select, checkbox, etc.) requires slightly
      different changes to do that. Lots of forms, lots of entries on the
      forms, and its a long slow tedious process. Much nicer though, although
      the code is a bit harder to grok. At the same time, I added a lot more
      sanity checks of the information being passed in.
      
      The other change is to deal with how browsers handle the back button
      on a form thats been properly submitted. Not all browsers use
      the cache directives the same, and I was often typing back, only to
      have some form get reposted. Thats a major pain in the butt. The way
      to deal with that is to have the processor send out a Location header,
      which modifies the browser history so that the post is no longer in
      the history. You back up straight to the unposted form (if its in the
      cache). I've done this to only some forms, since its a bit of a pain
      to rework things so that you can jump ahead to a page that spits out
      the requisite warm fuzzies for the specific operation just completed.
      
      I've done newproject, joinproject, update user info, newimageid, and
      newimaged_dz forms.
      9ac3d870
  28. 08 Feb, 2002 1 commit
  29. 05 Dec, 2001 1 commit
    • Leigh B. Stoller's avatar
      More inventive ways to avoid real work; add password expiration · 3e2bb386
      Leigh B. Stoller authored
      capability. New DB field in the users table (pswd_expires) which is a
      date field that initially gets set to one year after the user account
      is created. When the password is changed via the web form, it gets
      bumped 1 more year into the future *unless* the current uid is
      different from the target_uid (ie: you are changing a password for
      someone else). In that case, the expiration is set to the current
      date, which forces the target user to change his password next time he
      logs in. I've changed the menu/auth code to look for password
      expiration, and when expired the menu options contain just a single
      option to change the password. All other https pages will fail with a
      password expired message. Normal text pages will work of course.
      3e2bb386
  30. 01 Oct, 2001 1 commit
  31. 15 May, 2001 1 commit
  32. 03 May, 2001 1 commit
    • Leigh B. Stoller's avatar
      A slew of changes for new images/os_info tables. disk_images is gone, · 23a230e8
      Leigh B. Stoller authored
      replaced by the "images" table. New os_info table is added. New web
      pages to add and delete OSIDs to/from the os_info table, for use in
      the NS file. tb-create-os is gone. handle_os no longer operates on the
      tbcmds file, and no longer writes anything into the ir file. Moved the
      setting up of os state (nodes table) from os_setup to handle_os, where
      it should be. os_load and sched_reload now take a single argument, the
      name of the imageid from the images table.
      23a230e8
  33. 02 May, 2001 1 commit
  34. 18 Apr, 2001 1 commit