GitLab

Add better timeout handling code to tmcc, which watches for progress
instead of just dumping after the timeout. This lets really slow
connections proceed okay, but still timeout out if nothing happens at
all.

This new tmcc has been installed into the sup trees for WIDE and RON.

a :portnum argument. Makes it easier to arrange for testing my own
version of tmcd on boss by forcing all tmcc requests to a specific
port.

for BSD of course. First is a "proxy" mode that is used outside of a
jail, to forward tmcc requests from inside the jail to boss over the
normal ssl channel (when a remote node). We remove the pem files from
inside the jail so it has no way to form a secure connection to tmcd
on its own, and tmcd rejects non-ssl connections from remote nodes (it
should probably reject them from local jails too). Second change is a
"unix socket" mode that is the compliment to the proxy; tmcc inside of
a jail connects to the tmcc proxy outside the jail via a unix domain
socket that can be shared between the two because the outer
environment can see inside the jailed filesystems (the jail sees a
chroot environment). When the jail is started, the initial root shell
gets an environment variable called TMCCUNIXPATH which holds the path
to the socket. This makes it easy for anything started from that shell
of course, but its still a minor pain when invoking tmcc from
elsehwere, but that does not really happen, except when running it by
hand. Anyway, tmcc forms a unix socket to the proxy and does its
thing. The proxy filters out VNODE= and PRIVKEY= arguments, and
inserts its own into the command string.  This prevents a jail from
trying to impersonate another vnode.

on the RON nodes and in the new widearea image.

take the key and verify it, but do not require that it be sent.
We can make it required later.

there now a list of ports to try instead of the one. The server
side is not done yet though.

client software to widearea nodes. Most of these changes were to
reduce the embarrassment factor. At some point we need a proper
autoconf and such, but for now there is a makefile in the src dir for
creating the distribution.

I've tested it on a local linux node and mostly on a freebsd node, but
I've moved things around and so updating the RON nodes will require
some hand intervention by me at some point.

mode.

waiting for a reply. I'm using this as part of the (30 minute hack)
widearea node keepalive support.

that the caller can establish his virtual identity on the phys node.
Eventually need per-vnodeid keys, but not necessary now since only
trusted people get to use vrons.

by smarter brains by me (I have asked Dave to look it over). Anyway ...

I added a top level ssl directory which has a bunch of goo for
creating certificates and keys.  I currently create a Certificate
Authority, a server certificate, and a client certificate. The private
keys for all three are unencrypted, so no password is required. All
key/cert combos can be installed on boss. The client side needs the
key/cert pair (in one file), and the CA cert (no key!). There are
install targets to do this. NOTE, you do not want to create/install
these without being careful, since you could instantly invalidate all
the clients!

I have added the necessary SSL routines to tmcd/tmcc. See the ssl.c
and ssl.h file. I have set it up so that with all you need to do is
uncomment three lines in the makefile, and accept,connect,read,write,
and close are redirected to SSL'ified versions in ssl.c. The current
security model is that the client and server both "demand" certificate
verification from the other side (as opposed to just server side
verification). tmcd reads in server.pem, while tmcc reads in
client.pem. Both read in the emulab.pem (CA cert with no private
key).

Initial testing indicates I have done this at least partially
correctly. Whoever invented this stuff has a really twisted mind
though. There are some questions at the top of ssl.c that need to be
answered.

Oh, also redid all the syslog stuff throughout tmcd.

the boss. The resolver goo is not going to work on RON nodes.

be a worse problem with remote nodes, where we will not be able to
keep everyone up to date like we can in the local testbed case. I ran
into this yesterday with the key distribution stuff for RON nodes,
which require incompatable changes to the accounts info that is
returned. So, tmcc now takes a [-v version] argument, which is passed
through to tmcd in the request field. tmcd passes that version number
(assumed to be an int) down, and the routines should look at that. We
will need to make some structural changes in tmcd as we get more
version skew, but for now this is fine. Anyway, tmcd/tmcc have a
compiled in DEFAULT_VERSION (see decls.h). If no version is supplied,
assume DEFAULT_VERSION (2), which covers all of the old images and yet
to be updated current images. As the new tmcc makes it out, versions
will be sent through. VERY IMPORTANT: The current version is placed in
libsetup.pm. When you make incompatible changes, bump the version
number is decls.h and libsetup.pm, recompile and install a new tmcc
and the new libsetup.pm on the clients (and of course, tmcd on the
server).

Fixes to termination; Add signal handlers for HUP,INT,TERM, and make
sure all the children get killed off before exiting. We still have
some problems though; I think the children should wait until the
current request is completed before exiting. I'll give that some more
thought though since it easy to mess that stuff up (leave zombies).

Add build_info[] to startup message to syslog. Good for debugging.
Some minor cleanup and restructuring. Mike is gonna hate it.

debugging. Make sure it gets passed through to udp case (-u), although
the udp case is going to get killed when we ssl'ize tmcd.

defines.

stuff. Use -p option to use UDP instead of TCP connection.

NOTE: -p not yet implemented ifdef UDPTEST

Add a "log" message which allows a client to send some text to TMCD which
in turns appends it to a project/experiment specific log file.  Adds all new
DoS routes to TMCD, and should perhaps be split off into its own daemon,
but for now it gives a way for console-less sharks to report what they did.

Also change status command to return the nickname.

        tmcd listens on port 7777 for both UDP and TCP.
        UDP replies are buffered and sent as a single (up to 8k) packet.

        tmcc can be compiled to make UDP queries as well as TCP
        Not defined by default, used for debugging

Cleaned up some lint.

Not really needed, so no big deal.

files to support cvsup. Some cleanup of the password and group files.

on paper. tmcc runs on the testbed nodes. The linux and freebsd directories
have the scripts and skeleton passwd/group file stuff. There are makefiles
in those directories for installing on the testbed node (typically before
you cut an image!).