1. 23 Jan, 2007 1 commit
  2. 20 Dec, 2006 1 commit
  3. 19 Sep, 2005 1 commit
    • Leigh B. Stoller's avatar
      Move all modification of the group_membership table to the backend, · cfba1ac7
      Leigh B. Stoller authored
      into a single new script call modgroups. Usage:
      
      	modgroups [-a pid:gid:trust[,pid:gid:trust]...]
                        [-m pid:gid:trust[,pid:gid:trust]...]
                        [-r pid:gid[,pid:gid]...] user
      
      So, -a to add groups, -r to remove groups, and -m to modify the trust
      value for a member of a group.
      
      The reason for doing this is that previously, we had no idea in the
      backend what group changes actually happened; we just knew what the
      current groups are. This make it hard to add and remove users from
      mailing lists, chat server buddy lists, etc. This is cleaner ...
      cfba1ac7
  4. 21 Jul, 2005 1 commit
  5. 09 Dec, 2003 1 commit
    • Leigh B. Stoller's avatar
      Add drop down menu to approve project form that allows admin person to · 9d882479
      Leigh B. Stoller authored
      select the default user interface for a project. The choice is current
      'emulab or 'plab', defaults to 'emulab'. New users that join emulab
      get the default user interface from the first project they join.
      
      Also generalize the plab_user bit as new "user_interface" slot of the
      users table, which is an enum of interface tokens, currently either
      'emulab' or 'plab', defaults to 'emulab'. The plab_user bit will be
      removed later.
      9d882479
  6. 12 May, 2003 1 commit
  7. 25 Mar, 2003 2 commits
    • Chad Barb's avatar
    • Chad Barb's avatar
      · f3d05157
      Chad Barb authored
         - Performing an approval action (postpone/approve/deny/nuke) on a
           user in a subgroup results in an implicit version of that same
           approval action on the user in the
           default group (for approve, $trust='user'.)
      
         - Tidied up a table in approveuser_form.php3,
           but form is otherwise unchanged.
      f3d05157
  8. 13 Mar, 2003 1 commit
    • Chad Barb's avatar
      · c6129ad7
      Chad Barb authored
      More rework on the groups system.
      
      * BESTOWGROUPROOT permission added to dbdefs.
      
      * Permissions criteria for group operations changed in dbdefs
        (consult code for full explanation.)
      
      * Approveuser and Editgroup now check for BESTOWGROUPROOT
        permissions before allowing changes to group_root.
      
      * approveuser_form and editgroup_form do not show "Group Root"
        as an option unless you are allowed to set it (or it is already set.)
      
      * editgroup does not UPDATE rows where trust has not been changed.
      
      * showgroup does a correct check to see whether to show the
        "group options" subpage.
      c6129ad7
  9. 12 Mar, 2003 2 commits
    • Chad Barb's avatar
      · 6052927b
      Chad Barb authored
      Approveuser now does not allow non-project-owners to approve people as
      group_root into the default group.
      
      Modified editgroup form to show only valid trust options for "add users"
      table.
      6052927b
    • Chad Barb's avatar
      · 24940013
      Chad Barb authored
      * Altered consistency checks to treat any root as equivalent
        (so, if you're project_root in the default group, but group_root in
         a group, that won't be a problem)
      
      * Moved consistency checks, which were done in two different places into
        dbdefs TBCheckGroupTrustConsistency()
      
      * Added preemptive checks, so if 'user' or '*_root' are not valid
        trusts, they aren't displayed as options in editgroup_form and
        approveuser_form (using above function)
      
      * In approveuser, a new approval may now be sent to group_root.
      24940013
  10. 13 Feb, 2003 1 commit
  11. 24 Jan, 2003 1 commit
  12. 09 Dec, 2002 1 commit
    • Leigh B. Stoller's avatar
      Wrap up mkacct calls with a function call, like ADDPUBKEY. Checks to · 356a9fc0
      Leigh B. Stoller authored
      see if user actually has an account (by checking user status user
      table). Avoids trying to run suexec as a user that does not actuall
      exist on boss cause they do not have an account (since we allow users
      to edit personal info before being approved and getting an account).
      For addpubkey, we have to run the program as someone, so when the user
      does not have an account, run it as nobody.
      356a9fc0
  13. 06 Dec, 2002 1 commit
  14. 16 Sep, 2002 1 commit
  15. 10 Jul, 2002 1 commit
  16. 07 Jul, 2002 1 commit
  17. 12 Jun, 2002 1 commit
    • Leigh B. Stoller's avatar
      The big key changes ... Deprecate the two pubkey slots in the users · 6c6f8baf
      Leigh B. Stoller authored
      table and create a new table to hold user_pubkeys, indexed by the
      comment field of the key. Change mkacct to insert newly created Emulab
      keys into that table, and to regen the users authorized_keys file
      from the DB. Users should no longer edit their own authorized_keys
      file or the changes will be lost (I put a comment in their files).
      
      Change the three pages that deal with keys. join/new project can now
      take a file of multiple keys; each is inserted. Moved the key stuff
      that was in the update user info page into a new pubkeys page that
      allows users to add/sub keys easily. New key additions are password
      protected.
      
      Unrelated change: Add an audit mode to mkacct to log its output and
      send it to the tblogs email. Previously, warnings and errors tended to
      get lost.
      6c6f8baf
  18. 12 Feb, 2002 1 commit
  19. 26 Dec, 2001 1 commit
    • Leigh B. Stoller's avatar
      A bunch o' account managment script schanges. I have reworked · 46068860
      Leigh B. Stoller authored
      mkprojdir, mkacct-cntrl, mkgroup, and group-update into a set of new
      scripts that are more specific to their intended operation, and strive
      to do less work.
      
      1. mkacct - Replaces mkacct-cntrl. This script no longer does any
         group stuff. All it does is create new accounts, or update the
         password and gecos fields of existing accounts. Usage is the same
         as it was: "mkacct <userid>", and is typically invoked from the web
         interface via the approveuser form.
      
      2. mkgroup - Replaces group-update. This script creates new groups,
         either for the main project when it is approved, or for subgroup
         creation. This script does not alter the group membership. Usage
         is typically from the web interface, but mkgroup can be invoked
         from the command line: "mkgroup [-b | -a] <pid> <gid>" where -b
         puts it in the background and sends email later, while -a just
         captures the log and emails. This "audit" feature is going to find
         its way into more scripts as soon as I figure out a neat and clean
         perl mechanism to make it easy.
      
      3. setgroups - Replaces group-update. This script modifies the group
         membership of either specific users, or all the users in a
         project. It is typically invoked from the web interface when a
         project leader edits the subgroup membership or when a user is
         first approved to a project or subgroup. Command line usage is:
      
      	setgroups [-b | -a] -p <pid> [user ...]
              setgroups [-b | -a] [user ...]\n
      
         The first form is mostly a means to speed things up. The web
         interfaces knows exactly what users have need to be changed, but a
         global project update is nice too.
      
      4. mkproj - Replaces mkprojdir. Actually, mkproj still has all that
         directory code, but it also handles creating the groups and the
         account for the project leader. Part of my policy to move as much
         random code out of the web interface and into the PERL backend
         where it belongs.
      46068860
  20. 20 Dec, 2001 1 commit
    • Leigh B. Stoller's avatar
      And finally, all those groups changes I've been whining and yammering · c13d27c3
      Leigh B. Stoller authored
      and complaining about this week.
      
      1. editgroup: You can now edit the trust levels for existing group
         members (default group too), and you can specify trust levels when
         adding users to subgroups.
      
      2. approveusers: When approving users in the approval page, you can
         specify different levels of trust. Before, I invisibly set all the
         trust values the same. I also added some ordering to the DB query
         to group users together.
      
      3. I added a great deal of error checking to the processing pages for
         both forms. I split things up into a pre/post pass. The prepass
         goes through all of the form args and checks them for consistency
         and correctness. Nothing is changed in the DB unless all checks
         pass for all args. Then I do a second pass and make the changes.
         Both scripts set the ignore_user_abort() flag to prevent the user
         from stopping the script and causing a DB inconsistency.
      
      4. Added trust consistency checks as well. Rather than allow the
         project or group leader to set inconsistent trust levels, I look
         for those and just plain disallow them. You may not give different
         trust levels in different subgroups of the *same* project, and you
         may not give a user a higher trust level in the default group than
         in the subgroups. Both edit and approve make these checks, and the
         code is absolutely awful.
      c13d27c3
  21. 28 Nov, 2001 1 commit
  22. 16 Oct, 2001 1 commit
  23. 05 Sep, 2001 1 commit
  24. 19 Jul, 2001 1 commit
    • Leigh B. Stoller's avatar
      Address Pats comments in email to testbed-ops: · 1728fe2b
      Leigh B. Stoller authored
          From: "Patrick Tullmann 'tullmann'" <tullmann@cs.utah.edu>
          Subject: Re: TESTBED: aclement janos Project Join Request
      
          First the reply-to: address for approval mails should be
          testbed-ops@fast (right?).
      
          Second, Austin isn't listed on my testbed user approval page.  I
          assume Mike or a testbed person approved him (which is good because
          who knows when I'd get around to it. :)
      
          An option like "remove" or "ignore" or something like that for just
          nuking requests without a reply would be useful (I've got some guy
          from yahoo.com who wants to join Janos).
      
          Also, the date of the join request would be nice to know (e.g., for
          the above, I think he tried joining 4 or 5 months ago).
      
          he documentation above the table is out of synch with the pull-down
          boxes.
      1728fe2b
  25. 10 May, 2001 1 commit
    • Leigh B. Stoller's avatar
      Lots of little changes for sending email to the right places, with · 3285bc3e
      Leigh B. Stoller authored
      proper headers. Split out some of the mail into testbed-logs,
      testbed-ops, and testbed-approval. Added a library for including from
      our perl scripts. Contains a couple of mail helper functions, but will
      hopefully contain more as time goes by.
      
      Fixed a bug in the web interface that was causing breakage for people
      with multiple accounts. Mac and Jay have noticed this, when logging
      out and trying to join or create a project under a new or different
      name.
      3285bc3e
  26. 18 Apr, 2001 1 commit
  27. 01 Feb, 2001 1 commit
    • Mac Newbold's avatar
      Changes to mkacct-ctrl for membership in multiple groups. Now it only takes... · bd32aec3
      Mac Newbold authored
      Changes to mkacct-ctrl for membership in multiple groups. Now it only takes user as a param and does the rest from the db. Special note: You can now run it to correct any incorrect password/group entries. Like if someone gets removed from one of the groups they belong to (but we don't want to kill their acct yet). Also, special note for accts on paper: It doesn't change your shell. So if you had an acct with a real shell (admins/developers only) it will leave it. If your a testbed admin, it will also make sure you're in group wheel and group flux.
      bd32aec3
  28. 03 Jan, 2001 2 commits
  29. 08 Dec, 2000 2 commits
  30. 05 Dec, 2000 2 commits
  31. 15 Nov, 2000 1 commit
  32. 06 Nov, 2000 1 commit