1. 21 Jul, 2011 1 commit
  2. 17 Jun, 2011 1 commit
  3. 15 Jun, 2011 1 commit
  4. 09 Jun, 2011 1 commit
    • Leigh B Stoller's avatar
      Bug Fix: a bunch of fixes to make sure that holders of SFA credentials · ac287e02
      Leigh B Stoller authored
      can create slices, and be notified of expiring slices and slivers. The
      problem is the PL credentials do not inclide an email address, so we
      have to get it from the user's registry. This required a bunch of goo
      top find the proper place to do a resolve, since PL credentials do not
      include a URL either.
      ac287e02
  5. 05 Apr, 2011 1 commit
  6. 30 Mar, 2011 1 commit
    • Leigh B Stoller's avatar
      Assorted changes to make sure that the uid we grab from the user URN · 56fef67b
      Leigh B Stoller authored
      is a valid Emulab user id (as for creating accounts on nodes) and for
      inserting into the Emulab DB.
      
      If the uid is not valid for us, make up a new one from a hash of the
      certificate. This will give us a (typically) unique but always
      consistent uid to use.
      
      Also add the uid to the services/login section of the manifest so that
      the client always knows what uid to use when logging in.
      56fef67b
  7. 20 Oct, 2010 1 commit
  8. 05 Oct, 2010 1 commit
  9. 04 Oct, 2010 1 commit
    • Leigh B Stoller's avatar
      More purging of UUIDs. Reminder, we still use them all over the place · b3c8e72e
      Leigh B Stoller authored
      internally, as the primary key in the tables, but the CM/SA APIs no
      longer use them. The CH still accepts them for now. We can probably
      stop putting them into manifests and advertisements at this point as
      well. 
      
      For slivers, stop using the uuid of the node as the uuid of the sliver
      itself; generate a new one. As above, this is cause the uuid is the
      primary key in the table, but the URN is what we use for lookups,
      etc.
      b3c8e72e
  10. 30 Sep, 2010 3 commits
  11. 29 Sep, 2010 1 commit
  12. 28 Sep, 2010 2 commits
    • Tom Mitchell's avatar
      Fix urn->hrn conversion of PlanetLab certs. · 553bf11b
      Tom Mitchell authored
      The old urn->hrn translation only took the leading part of the colon
      separated planetlab site, but that would result in database
      collisions. This fix converts colons to dots to capture the entire
      planetlab site in the hrn.
      553bf11b
    • Tom Mitchell's avatar
      Avoid erroneous urns in PlanetLab certs. · 9c95e4ec
      Tom Mitchell authored
      PlanetLab has two URIs in the Subject Alternative name. The old regex
      would match both, which might result in the UUID URI instead of the
      URN URI. The regex was changed to look for the prefix
      "URI:urn:publicid:" instead of just "URI:".
      9c95e4ec
  13. 03 Jun, 2010 1 commit
    • Tom Mitchell's avatar
      Add compatibility with PlanetLab style certificates. · c1ad1734
      Tom Mitchell authored
      PlanetLab certs have a URN but no UUID or HRN. If an HRN is not
      encoded in the DN, make one out of the URN. If the UUID is not in the
      CN, invent a new one so that the user and cert records in the database
      can be linked.
      c1ad1734
  14. 28 May, 2010 1 commit
  15. 21 May, 2010 2 commits
    • Tom Mitchell's avatar
      Ignore URIs that are not publicids in SubjAltName. · 83653e10
      Tom Mitchell authored
      If a certificate has more than one URI in the Subject Alt Name
      extension field the last URI was chosen as the URN for the
      certificate. This choice was made regardless of the prefix of the
      URN. The regex was modified to look for URIs that begin with
      "urn:publicid:" to increase the chance that the right one is chosen.
      
      If a certificate has more than one URI that begins with
      "urn:publicid:", the last one is chosen. This is an improvement over
      the previous state wherein the last URI was chosen regardless of prefix.
      83653e10
    • Tom Mitchell's avatar
      Be selective when wrapping certificate in temp file. · d3391655
      Tom Mitchell authored
      In LoadFromString if a certificate string starts with the BEGIN header
      just print the certificate. Otherwise add the BEGIN and END lines
      around it.
      d3391655
  16. 06 Jan, 2010 1 commit
    • Leigh B. Stoller's avatar
      Slice expiration changes. The crux of these changes: · 5c63cf86
      Leigh B. Stoller authored
      1. You cannot unregister a slice at the SA before it has expired. This
         will be annoying at times, but the alphanumeric namespace for slice
         ames is probably big enough for us.
      
      2. To renew a slice, the easiest approach is to call the Renew method
         at the SA, get a new credential for the slice, and then pass that
         to renew on the CMs where you have slivers.
      
      The changes address the problem of slice expiration.  Before this
      change, when registering a slice at the Slice Authority, there was no
      way to give it an expiration time. The SA just assigns a default
      (currently one hour). Then when asking for a ticket at a CM, you can
      specify a "valid_until" field in the rspec, which becomes the sliver
      expiration time at that CM. You can later (before it expires) "renew"
      the sliver, extending the time. Both the sliver and the slice will
      expire from the CM at that time.
      
      Further complicating things is that credentials also have an
      expiration time in them so that credentials are not valid forever. A
      slice credential picks up the expiration time that the SA assigned to
      the slice (mentioned in the first paragraph).
      
      A problem is that this arrangement allows you to extend the expiration
      of a sliver past the expiration of the slice that is recorded at the
      SA. This makes it impossible to expire slice records at the SA since
      if we did, and there were outstanding slivers, you could get into a
      situation where you would have no ability to access those slivers. (an
      admin person can always kill off the sliver).
      
      Remember, the SA cannot know for sure if there are any slivers out
      there, especially if they can exist past the expiration of the slice.
      
      The solution:
      
      * Provide a Renew call at the SA to update the slice expiration time.
        Also allow for an expiration time in the Register() call.
      
        The SA will need to abide by these three rules:
        1. Never issue slice credentials which expire later than the
           corresponding slice
        2. Never allow the slice expiration time to be moved earlier
        3. Never deregister slices before they expire [*].
      
      * Change the CM to not set the expiration of a sliver past the
        expiration of the slice credential; the credential expiration is an
        upper bound on the valid_until field of the rspec. Instead, one must
        first extend the slice at the SA, get a new slice credential, and
        use that to extend the sliver at the CM.
      
      * For consistency with the SA, the CM API will changed so that
        RenewSliver() becomes RenewSlice(), and it will require the
        slice credential.
      5c63cf86
  17. 03 Dec, 2009 1 commit
  18. 02 Dec, 2009 1 commit
  19. 19 Nov, 2009 1 commit
  20. 10 Nov, 2009 1 commit
  21. 06 Nov, 2009 1 commit
  22. 30 Oct, 2009 1 commit
  23. 22 Oct, 2009 1 commit
  24. 13 Aug, 2009 1 commit
  25. 18 Jul, 2009 1 commit
  26. 15 Jul, 2009 1 commit
  27. 05 Jun, 2009 1 commit
  28. 15 May, 2009 1 commit
  29. 04 Mar, 2009 1 commit
    • Leigh B. Stoller's avatar
      Change EMULAB-COPYRIGHT to GENIPUBLIC-COPYRIGHT, for future expansions · 6c8d30fc
      Leigh B. Stoller authored
      to the Geni Public License at http://www.geni.net/docs/GENIPubLic.pdf,
      whose expansion at this time is:
      
      -----
      Permission is hereby granted, free of charge, to any person obtaining
      a copy of this software and/or hardware specification (the "Work") to
      deal in the Work without restriction, including without limitation the
      rights to use, copy, modify, merge, publish, distribute, sublicense,
      and/or sell copies of the Work, and to permit persons to whom the Work
      is furnished to do so, subject to the following conditions:
      
      The above copyright notice and this permission notice shall be
      included in all copies or substantial portions of the Work.
      
      THE WORK IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
      OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
      MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
      NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
      HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
      WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
      OUT OF OR IN CONNECTION WITH THE WORK OR THE USE OR OTHER DEALINGS
      IN THE WORK.
      6c8d30fc
  30. 02 Mar, 2009 1 commit
    • Leigh B. Stoller's avatar
      A bunch of changes for a "standalone" clearinghouse. Presently this · 60f04310
      Leigh B. Stoller authored
      its really a hugely stripped down Emulab boss install, using a very
      short version of install/boss-install to get a few things into place.
      
      I refactored a few things in both the protogeni code and the Emulab
      code, and whacked a bunch of makefiles and configure stuff. The result
      is that we only need to install about 10-12 files from the Emulab
      code, plus the protogeni code. Quite manageable, if you don't mind
      that it requires FreeBSD 6.X ... Still, I think it satisfies the
      requirement that we have a packaged clearinghouse that can be run
      standalone from a running Emulab site.
      60f04310
  31. 28 Jan, 2009 1 commit
  32. 23 Jan, 2009 1 commit
  33. 09 Jan, 2009 1 commit
  34. 18 Nov, 2008 1 commit
  35. 11 Nov, 2008 1 commit
  36. 03 Nov, 2008 1 commit