- 14 Jun, 2005 1 commit
-
-
Russ Fish authored
-
- 04 Mar, 2005 1 commit
-
-
Russ Fish authored
-
- 18 Feb, 2005 6 commits
-
-
Mike Hibler authored
-
Mike Hibler authored
-
Mike Hibler authored
Zap gated setup.
-
Russ Fish authored
-
Russ Fish authored
-
Russ Fish authored
-
- 11 Feb, 2005 1 commit
-
-
Russ Fish authored
-
- 04 Feb, 2005 1 commit
-
-
Russ Fish authored
-
- 24 Jan, 2005 1 commit
-
-
Russ Fish authored
-
- 20 Jan, 2005 1 commit
-
-
Russ Fish authored
-
- 14 Jan, 2005 1 commit
-
-
Russ Fish authored
Use cygrunsrv -i on sshd to "allow the service to interact with the desktop." Now that the sshd daemon has a desktop session context that is inherited by the client shell, remote home directories can work. They start with a blank Windows mount context, but once a single Samba connection is made during login, it enables all UNC //machine/path mounts to work. Hence the home directories are now CygWin mount points (no longer symlinks) to UNC paths, set up by rc.mounts and then shared through CygWin to all of the user logins. Get rid of the previous horrible (and fragile) hack to set up an auto-login by the swapin user which then automatically started a user sshd on port 2222. tmcd.c - Arrange for tmcd to provide the public key data when a special argument is given as "tmcc accounts pubkeys". rc.accounts - Due to permissions problems with remote-mounted authorized_keys files, sshd_config now uses "AuthorizedKeysFile /sshkeys/%u/authorized_keys", which is where rc.accounts puts the public key data. Since root, Administrator, and even SYSTEM can be locked out by permissions on NT, WINDOWS() variant logic to set ownership and modes on authorized_keys files had to be added to rc.accounts. There is also a bug in the sshd "privilege separation" setreuid() dance that requires the authorized_keys files to be owned by SYSTEM (or be mode 644, which is slightly worse.) cygwinxp/liblocsetup.pm - Pay attention to the users' shell preferences in generating /etc/passwd. Make warnings more uniform.
-
- 07 Dec, 2004 1 commit
-
-
Russ Fish authored
-
- 02 Dec, 2004 1 commit
-
-
Russ Fish authored
-
- 22 Nov, 2004 1 commit
-
-
Russ Fish authored
autologin of the swap-in user, and a user sshd on port 2222.
-
- 25 Oct, 2004 1 commit
-
-
Russ Fish authored
-
- 25 Aug, 2004 1 commit
-
-
Mike Hibler authored
Overview of simply firewall setup. Experimentor specifies in their ns file: set fw [new Firewall $ns] $fw style <open|closed|basic> to set up an "open" ("allow any"), "closed" ("deny any"), or "basic" (allow ICMP and ssh) firewall. "basic is the default. Additional rules can be added with: $fw add-rule <IPFW format rule> $fw add-numbered-rule <1-50000> <IPFW format rule> where the former implicitly numbers rules such that the firewall processes them in the order given in the NS file. The latter allows explicit specification of the numbering. Currently the rules are fixed strings, there is no variable substitution. There is also no syntax checking done on the rules at parse time. We allocate an extra node to the experiment to serve as a firewall. Currently that node runs FreeBSD and uses IPFW. In the initial configuration, all other nodes in the experiment will just be setup with a default route that points to the firewall node. So all outbound traffic will pass through it. Inbound traffic will still travel straight to the node. This should prevent nodes from accidentally initiating attacks on the outside world. Long term we will of course enforce the firewall on all traffic, that should not have any effect on the NS syntax above. When a node boots, there will be an rc.firewall script that checks to see if there is a firewall for the experiment and if so, which node it is. This is done with the TMCD "firewallinfo" command which returns: TYPE=none TYPE=remote FWIP=N.N.N.N TYPE=<fwtype> STYLE=<fwstyle> IN_IF=<macaddr> OUT_IF=<macaddr> RULENO=<num> RULE="<ipfw command string>" RULENO=... ... In the case of no firewall we get back TYPE=none, and we continue as normal. Otherwise, there are two types of replies, one for a node that is being firewalled (TYPE=remote) and one for a node that is a firewall (TYPE=<fwtype> + RULES). In the TYPE=remote case, the firewall node indicated by FWIP. This is the address we use for the default route. For TYPE=<fwtype>, we are the firewall, and we get STYLE and IN_IF/OUT_IF info. Here TYPE indicates whether we should use ipfw or whatever. For now it is always ipfw. IN_IF and OUT_IF may someday indicate the interfaces to use for the internal and external connections, right now both will indicate the control net interface. So, after ensuring that the ipfw modules is loaded, we grab the provided RULE info, which includes both per-experiment and default rules, and setup ipfw. Issues to resolve: - synchronization: how to ensure firewall comes up first - how to better implement the firewalling (i.e., without the cooperation of the nodes) - support the equiv of linkdelays (on-node firewalling)? - allow firewalls within experiments? (ie., on experimental interfaces) - dynamic changing of firewall rules via events? - how to show firewall state in various web pages
-
- 21 Aug, 2004 1 commit
-
-
Eric Eide authored
(recently changed) FreeBSD version of the function.
-
- 26 Jun, 2004 1 commit
-
-
Mike Hibler authored
-
- 21 Jun, 2004 1 commit
-
-
Leigh B. Stoller authored
nodes, rather then hardwiring the speed/duplex in delaysetup. We already started doing this for phys interfaces underlying veth interfaces, but Mike requested we do this for delay nodes as well so that we do not hardwire 100Mb into the script.
-
- 12 May, 2004 1 commit
-
-
Leigh B. Stoller authored
or undotted notation.
-
- 09 Apr, 2004 1 commit
-
-
Leigh B. Stoller authored
no freebsd support. The primary change is that tmcd now sends down a list of setting to apply to each interface, and that list is turned into a hash table, and provided to rc.config, which passes them along to the machine dependent routine in liblocsetup. Then in the linux version of liblocsetup there is a bunch of new code to configure wireless links using iwconfig and iwpriv, using the settings array. All of this is bound to change once we get more experience with it.
-
- 17 Feb, 2004 1 commit
-
-
Leigh B. Stoller authored
this was to add soft reconfig support so that nodes could be reconfigured without having to reboot them. This appears to work, and has been tested with jails getting moved around. I've also tested the new code on the MFS, but still no testing has been done on PLAB nodes. The main change is that most of the code moved out of libsetup.pm, and was split into constituent rc scripts, each of which does its own thing, including cleaning up and preparing for making an image. Most of that central knowledge has been moved out into the scripts. Still more to do but this was a good start.
-
- 29 Jan, 2004 1 commit
-
-
Mike Hibler authored
tmcd passes back an encapsulation flag to inform this. NOTE: new version (15) for tmcd!
-
- 21 Nov, 2003 1 commit
-
-
Mike Hibler authored
Need to use ethtool instead of mii-tool to do this. My comment: # # Linux is apparently changing from mii-tool to ethtool but some drivers # don't support the new interface (3c59x), some don't support the old # interface (e1000), and some (eepro100) support the new interface just # enough that they can report success but not actually do anything. Sweet! # This requires that we load ethfind on the nodes, though the script will continue to work if it isn't (though will not work for e1000 cards).
-
- 17 Sep, 2003 1 commit
-
-
Mike Hibler authored
We now use a script to install RPMs. (The only OS dependent thing was the path anyway)
-
- 15 Aug, 2003 1 commit
-
-
Mike Hibler authored
-
- 24 Jul, 2003 1 commit
-
-
Leigh B. Stoller authored
-
- 06 Jun, 2003 1 commit
-
-
Leigh B. Stoller authored
course; its an optional argument. Add group stuff; we get a group (csh, tsch) and a routine maps that into a valid path to use in the pw commands.
-
- 14 Mar, 2003 1 commit
-
-
Leigh B. Stoller authored
stuff (for jails) after all, but leave the functionality there just in case.
-
- 15 Jan, 2003 1 commit
-
-
Leigh B. Stoller authored
passwords now have $ signs in them!
-
- 18 Dec, 2002 1 commit
-
-
Leigh B. Stoller authored
-
- 27 Aug, 2002 1 commit
-
-
Leigh B. Stoller authored
on the RON nodes and in the new widearea image.
-
- 20 Aug, 2002 1 commit
-
-
Austin Clements authored
-
- 14 Aug, 2002 1 commit
-
-
Mike Hibler authored
-
- 10 Jul, 2002 1 commit
-
-
Leigh B. Stoller authored
-
- 07 Jul, 2002 1 commit
-
-
Leigh B. Stoller authored
-
- 19 Jun, 2002 1 commit
-
-
Leigh B. Stoller authored
actually doing that on local nodes before. I guess I'm very ssh centric (I never type passwords) but that appears not to be the case for most people!
-
- 17 May, 2002 1 commit
-
-
Leigh B. Stoller authored
"prepared", so it was trying to delete the testbed groups/accounts.
-