1. 08 Sep, 2004 8 commits
  2. 07 Sep, 2004 2 commits
  3. 04 Sep, 2004 2 commits
  4. 02 Sep, 2004 2 commits
  5. 01 Sep, 2004 9 commits
    • Leigh B. Stoller's avatar
      Fix minor typo. · 46f7b3f2
      Leigh B. Stoller authored
      46f7b3f2
    • Mike Hibler's avatar
      bd278c57
    • Leigh B. Stoller's avatar
      e2f62c8e
    • Leigh B. Stoller's avatar
      Reorder syslog ststements slightly. · 37a19abb
      Leigh B. Stoller authored
      37a19abb
    • Leigh B. Stoller's avatar
      I'm a bozo. · 4f7a0efd
      Leigh B. Stoller authored
      4f7a0efd
    • Leigh B. Stoller's avatar
      23341ef7
    • Leigh B. Stoller's avatar
    • Leigh B. Stoller's avatar
      SSL version of the XMLRPC server. · a9c1045e
      Leigh B. Stoller authored
      * SSL based server (sslxmlrpc_server.py) that wraps the existing Python
        classes (what we export via the existing ssh XMLRPC server). I also have a
        demo client that is analogous the ssh demo client (sslxmlrpc_client.py).
        This client looks for an ssl cert in the user's .ssl directory, or you can
        specify one on the command line. The demo client is installed on ops, and
        is in the downloads directory with the rest of the xmlrpc stuff we export
        to users. The server runs as root, forking a child for each connection and
        logs connections to /usr/testbed/log/sslxmlrpc.log via syslog.
      
      * New script (mkusercert) generates SSL certs for users. Two modes of
        operation; when called from the account creation path, generates a
        unencrypted private key and certificate for use on Emulab nodes (this is
        analagous to the unencrypted SSH key we generate for users). The other mode
        of operation is used to generate an encrypted private key so that the user
        can drag a certificate to their home/desktop machine.
      
      * New webpage (gensslcert.php3) linked in from the My Emulab page that
        allows users to create a certificate. The user is prompted for a pass
        phrase to encrypt the private key, as well as the user's current Emulab
        login password. mkusercert is called to generate the certificate, and the
        result is stored in the user's ~/.ssl directory, and spit back to the user
        as a text file that can be downloaded and placed in the users homedir on
        their local machine.
      
      * The server needs to associate a certificate with a user so that it can
        flip to that user in the child after it forks. To do that, I have stored
        the uid of the user in the certificate. When a connection comes in, I grab
        the uid out of the certificate and check it against the DB. If there is a
        match (see below) the child does the usual setgid,setgroups,setuid to the
        user, instantiates the Emulab server class, and dispatches the method. At
        the moment, only one request per connection is dispatched. I'm not sure
        how to do a persistant connection on the SSL path, but probably not a big
        deal right now.
      
      * New DB table user_sslcerts that stores the PEM formatted certificates and
        private keys, as well as the serial number of the certificate, for each
        user. I also mark if the private key is encrypted or not, although not
        making any use of this data. At the moment, each user is allowed to get
        one unencrypted cert/key pair and one encrypted cert/key pair. No real
        reason except that I do not want to spend too much time on this until we
        see how/if it gets used. Anyway, the serial number is used as a crude form
        of certificate revocation. When the connection is made, I suck the serial
        number and uid out of the certificate, and look for a match in the table.
        If cert serial number does not match, the connection is rejected. In other
        words, revoking a certificate just means removing its entry from the DB
        for that user. I could also compare the certificate itself, but I am not
        sure what purpose that would serve since that is what the SSL handshake is
        supposed to take of, right?
      
      * Updated the documentation for the XMLRPC server to mention the existence
        of the SSL server and client, with a pointer into the downloads directory
        where users can pick up the client.
      a9c1045e
    • Leigh B. Stoller's avatar
      Turn off nologins check in state and statewait methods so that we can · 60c2a7ab
      Leigh B. Stoller authored
      use/test the event system while logins are turned off.
      60c2a7ab
  6. 30 Aug, 2004 7 commits
  7. 27 Aug, 2004 3 commits
    • Robert Ricci's avatar
      Make it possible to have ops check in with newnode. · 2a8a8f74
      Robert Ricci authored
      This starts with a new option to newnode, -o, that tells it it's
      running on ops. This reports some slightly different information
      to the checkin page.
      
      The checkin page and the backend newnode script then take this extra
      information into account, and deal with ops nodes slightly
      differently.
      2a8a8f74
    • Robert Ricci's avatar
      Export TBOPSPID . · 71d95c31
      Robert Ricci authored
      71d95c31
    • Leigh B. Stoller's avatar
      Guts of the new ssl server implemented. The server operates more or less · 5a025f36
      Leigh B. Stoller authored
      like this:
      
      * Listen for connections on port 3069. The server requires client
        authentication, and will fail if a certificate is not provided by
        the client.
      
      * Once the certificate is accepted, the server forks a new child.
      
      * The child looks inside the certificate to get the CN field of the
        Distinguished Name (subject). The CN field must hold the uid of the
        user, which is checked against the DB for a matching user. We get
        the groupslist from the DB, and do a setgid,setgroups,setuid to flip
        to the user in the child.
      
      * A instance of the emulabserver class is created, and the request is
        dispatched.
      
      I added an sslxmlrpc_client.py script that mirrors the ssh version of
      the client script. I could probably roll these into one, but decided
      not to to avoid confusing people who might download it.
      5a025f36
  8. 26 Aug, 2004 2 commits
  9. 25 Aug, 2004 5 commits
    • Mike Hibler's avatar
      Firewall support part III: client scripts. · b21e6942
      Mike Hibler authored
      Overview of simply firewall setup.
      
      Experimentor specifies in their ns file:
      
           set fw [new Firewall $ns]
           $fw style <open|closed|basic>
      
      to set up an "open" ("allow any"), "closed" ("deny any"), or "basic"
      (allow ICMP and ssh) firewall.  "basic is the default.  Additional rules
      can be added with:
      
           $fw add-rule <IPFW format rule>
           $fw add-numbered-rule <1-50000> <IPFW format rule>
      
      where the former implicitly numbers rules such that the firewall processes
      them in the order given in the NS file.  The latter allows explicit
      specification of the numbering.  Currently the rules are fixed strings,
      there is no variable substitution.  There is also no syntax checking done
      on the rules at parse time.
      
      We allocate an extra node to the experiment to serve as a firewall.
      Currently that node runs FreeBSD and uses IPFW.  In the initial configuration,
      all other nodes in the experiment will just be setup with a default route
      that points to the firewall node.  So all outbound traffic will pass through
      it.  Inbound traffic will still travel straight to the node.  This should
      prevent nodes from accidentally initiating attacks on the outside world.
      Long term we will of course enforce the firewall on all traffic, that should
      not have any effect on the NS syntax above.
      
      When a node boots, there will be an rc.firewall script that checks to see
      if there is a firewall for the experiment and if so, which node it is.
      This is done with the TMCD "firewallinfo" command which returns:
      
            TYPE=none
      
            TYPE=remote FWIP=N.N.N.N
      
            TYPE=<fwtype> STYLE=<fwstyle> IN_IF=<macaddr> OUT_IF=<macaddr>
            RULENO=<num> RULE="<ipfw command string>"
            RULENO=...
            ...
      
      In the case of no firewall we get back TYPE=none, and we continue as normal.
      Otherwise, there are two types of replies, one for a node that is being
      firewalled (TYPE=remote) and one for a node that is a firewall
      (TYPE=<fwtype> + RULES).
      
      In the TYPE=remote case, the firewall node indicated by FWIP.  This is
      the address we use for the default route.
      
      For TYPE=<fwtype>, we are the firewall, and we get STYLE and IN_IF/OUT_IF
      info.  Here TYPE indicates whether we should use ipfw or whatever.
      For now it is always ipfw.  IN_IF and OUT_IF may someday indicate the
      interfaces to use for the internal and external connections, right now
      both will indicate the control net interface.  So, after ensuring that
      the ipfw modules is loaded, we grab the provided RULE info, which includes
      both per-experiment and default rules, and setup ipfw.
      
      Issues to resolve:
             - synchronization: how to ensure firewall comes up first
             - how to better implement the firewalling
               (i.e., without the cooperation of the nodes)
             - support the equiv of linkdelays (on-node firewalling)?
             - allow firewalls within experiments?
               (ie., on experimental interfaces)
             - dynamic changing of firewall rules via events?
             - how to show firewall state in various web pages
      b21e6942
    • Mike Hibler's avatar
      1.271: Add new tables for experiment firewalls: firewalls, firewall_rules · fa3d2fa7
      Mike Hibler authored
             and default_firewall_rules.
      fa3d2fa7
    • Mike Hibler's avatar
    • Mike Hibler's avatar
      d17e32b2
    • Leigh B. Stoller's avatar
      Change the event routines (called by the event scheduler) to return a · 2026119d
      Leigh B. Stoller authored
      list of lists instead of a big long string to be parsed (which I did
      cause I had forgotten about Tim's C++ RPC library).
      2026119d