1. 19 Oct, 2015 2 commits
  2. 28 Oct, 2014 1 commit
  3. 15 Oct, 2014 1 commit
  4. 17 Sep, 2014 1 commit
  5. 19 Aug, 2014 1 commit
  6. 08 Jul, 2013 1 commit
  7. 28 May, 2013 1 commit
    • Leigh B Stoller's avatar
      Reorg the credential checking code, and add Geni chain checks. · dd5c6601
      Leigh B Stoller authored
      From: Leigh Stoller <lbstoller@gmail.com>
      Date: Wed, 22 May 2013 13:49:33 -0700
      Cc: instageni-design@geni.net
      So far we have been pretty loose about checking to make sure the
      certificate chains obey the Geni rules. These rules include checking to
      make sure that only approved entities can sign particular kinds of
      credentials. For example; only something known to be a Slice Authority
      should be allowed to create a slice and return a slice credential.
      The other check we have been lax about, is verifying that the URN namespace
      is consistent along the chain from CA to the target. For example, a chain
      that starts in Utah:
      should not be able to sign anything outside its namespace. That is, Utah
      should not be able to sign a user or slice credential like:
      This is made more complicated when we introduce subsa certs along the way,
      where Utah signs its SA cert and that signs a project slice. In this case
      the chain would look something like:
      There are also scoping rules; A subsa like:
      should not be able to sign:
      The entire cert chain is require to verify this. The CA roots are in the
      bundle, and the intermediate certs should be enclosed in the signature
      section of the XML document.
      We have to make the same check against the user certificate after apache
      verifies the chain. For apache (or any SSL server) you have to load the
      chain, and as I mentioned in earlier email, this is easy with perl and
      python based clients.
      With all that said, we do not plan to start rigorous enforcement of the
      first check above, and for the second class of checks, we just want to
      enforce a simple prefix check until we get our subsa house in order (since
      we don't even conform properly yet!).
  8. 03 May, 2013 1 commit
  9. 02 May, 2013 2 commits
  10. 28 Jan, 2013 1 commit
  11. 24 Sep, 2012 1 commit
    • Eric Eide's avatar
      Replace license symbols with {{{ }}}-enclosed license blocks. · 6df609a9
      Eric Eide authored
      This commit is intended to makes the license status of Emulab and
      ProtoGENI source files more clear.  It replaces license symbols like
      "EMULAB-COPYRIGHT" and "GENIPUBLIC-COPYRIGHT" with {{{ }}}-delimited
      blocks that contain actual license statements.
      This change was driven by the fact that today, most people acquire and
      track Emulab and ProtoGENI sources via git.
      Before the Emulab source code was kept in git, the Flux Research Group
      at the University of Utah would roll distributions by making tar
      files.  As part of that process, the Flux Group would replace the
      license symbols in the source files with actual license statements.
      When the Flux Group moved to git, people outside of the group started
      to see the source files with the "unexpanded" symbols.  This meant
      that people acquired source files without actual license statements in
      them.  All the relevant files had Utah *copyright* statements in them,
      but without the expanded *license* state...
  12. 02 Aug, 2012 1 commit
  13. 12 Jun, 2012 1 commit
    • Leigh B Stoller's avatar
      Minor change to credential verification and load. · f3310749
      Leigh B Stoller authored
      Move the expiration test into verifygenicred. Change the invocation to
      capture the output so that we can say something useful in the error
      response, instead of what we do now which is just tell the user there
      is an error.
  14. 30 Jan, 2012 1 commit
  15. 12 Oct, 2011 1 commit
  16. 05 Oct, 2011 1 commit
  17. 29 Sep, 2011 1 commit
  18. 21 Sep, 2011 1 commit
    • Gary Wong's avatar
      Add support for sub-authorities. · 75f89a35
      Gary Wong authored
      Generate authority certificates for local sub-authorities (i.e. authorities
      corresponding to a local project) on demand.
      Map per-project URLs to the same XMLRPC server handled in the context of
      the authority for the specified project.
      Make the SA give out per-project credentials when it's asked for a
      GetCredential in a sub-authority.
  19. 12 Sep, 2011 2 commits
  20. 22 Aug, 2011 1 commit
  21. 02 Jun, 2011 1 commit
  22. 20 Apr, 2011 1 commit
    • Leigh B Stoller's avatar
      Changes our ssh key/account handling in RedeemTicket() and · 03c2107c
      Leigh B Stoller authored
      CreateSliver(), to handle multiple accounts.  This somewhat reflects
      the Geni AM API for keys, which allows the client to specify multiple
      users, each with a set of ssh keys.
      The keys argument to the CM now looks like the following (note that
      the old format is still accepted and will be for a while).
      [{'urn'   => 'urn:blabla'
        'login' => 'dopey',
        'keys'  => [ list of keys like before ]},
       {'login' => "leebee",
        'keys'  => [ list of keys ... ]}];
      Key Points:
      1. You can supply a urn or a login or both. Typically, it is going to
         be the result of getkeys() at the PG SA, and so it will include
      2. If a login is provided, use that. Otherwise use the id from the urn.
      3. No matter what, verify that the token is valid for Emulab an uid
         (standard 8 char unix login that is good on just about any unix
         variant), and transform it if not.
      4. For now, getkeys() at the SA will continue to return the old format
         (unless you supply version=2 argument) since we do not want to
         default to a keylist that most CMs will barf on.
      5. I have modified the AM code to transform the Geni AM version of the
         "users" argument into the above structure. Bottom line here, is
         that users of the AM interface will not actually need to do
         anything, although now multiple users are actually supported
         instead of ignored.
      Still to be done are the changes to the login services structure in
      the manifest. We have yet to settle on what these changes will look
      like, but since people generally supply valid login ids, you probably
      will not need this, since no transformation will take place.
  23. 16 Feb, 2011 2 commits
  24. 06 Jan, 2011 1 commit
  25. 29 Oct, 2010 1 commit
  26. 20 Oct, 2010 1 commit
    • Leigh B Stoller's avatar
      Do not register slices at the CH immediately; let the sa_daemon do · b4640223
      Leigh B Stoller authored
      that offline a couple of minutes later. Reduces the load on the CH
      when doing parallel registratons.
      Add caching of user and slice credentials, to avoid regenerating the
      same credentials over and over for the test scripts. Stored in the
      geni_credentials table, they are checked for expiration before handing
      them out. Also check to make sure that the user certificate has not
      changed, and regen/cache if it has.
  27. 11 Oct, 2010 1 commit
    • Leigh B Stoller's avatar
      Work on an optimization to the perl code. Maybe you have noticed, but · 92f83e48
      Leigh B Stoller authored
      starting any one of our scripts can take a second or two. That time is
      spent including and compiling 10000s of thousands of lines of perl
      code, both from our libraries and from the perl libraries.
      Mostly this is just a maintenance thing; we just never thought about
      it much and we have a lot more code these days.
      So I have done two things.
      1) I have used SelfLoader() on some of our biggest perl modules.
         SelfLoader delays compilation until code is used. This is not as
         good as AutoLoader() though, and so I did it with just a few 
         modules (the biggest ones).
      2) Mostly I reorganized things:
        a) Split libdb into an EmulabConstants module and all the rest of
           the code, which is slowly getting phased out.
        b) Move little things around to avoid including libdb or Experiment
           (the biggest files).
        c) Change "use foo" in many places to a "require foo" in the
           function that actually uses that module. This was really a big
           win cause we have dozens of cases where we would include a
           module, but use it in only one place and typically not all.
      Most things are now starting up in 1/3 the time. I am hoping this will
      help to reduce the load spiking we see on boss, and also help with the
      upcoming Geni tutorial (which kill boss last time).
  28. 05 Oct, 2010 1 commit
  29. 04 Oct, 2010 1 commit
    • Leigh B Stoller's avatar
      More purging of UUIDs. Reminder, we still use them all over the place · b3c8e72e
      Leigh B Stoller authored
      internally, as the primary key in the tables, but the CM/SA APIs no
      longer use them. The CH still accepts them for now. We can probably
      stop putting them into manifests and advertisements at this point as
      For slivers, stop using the uuid of the node as the uuid of the sliver
      itself; generate a new one. As above, this is cause the uuid is the
      primary key in the table, but the URN is what we use for lookups,
  30. 01 Oct, 2010 1 commit
    • Leigh B Stoller's avatar
      Change to previous revision wrt sliver registration. Need to be · 734bfd2a
      Leigh B Stoller authored
      backwards compatible with old SAs and CMs until new code makes it
      out to everyone. So the CM now does a version check at the target SA,
      and if an old version 1, use the bogus self signed cred. If the SA is
      version 1.01, send a proper sliver credential.
      In the SA, accept older bogus credential for now, but start accepting
      the new sliver credential, and apply more stringent checks.
  31. 29 Sep, 2010 2 commits
  32. 02 Aug, 2010 1 commit
  33. 26 Apr, 2010 1 commit
  34. 08 Apr, 2010 1 commit
  35. 06 Apr, 2010 1 commit