GitLab

.forward files. Change addpubkeys to use dropfile for the auth keys
file, and add createsshkey method to generate the key on ops, and
send the public key back via stdout.

the APT/Cloudlab instantiate page.

This commit is intended to makes the license status of Emulab and
ProtoGENI source files more clear.  It replaces license symbols like
"EMULAB-COPYRIGHT" and "GENIPUBLIC-COPYRIGHT" with {{{ }}}-delimited
blocks that contain actual license statements.

This change was driven by the fact that today, most people acquire and
track Emulab and ProtoGENI sources via git.

Before the Emulab source code was kept in git, the Flux Research Group
at the University of Utah would roll distributions by making tar
files.  As part of that process, the Flux Group would replace the
license symbols in the source files with actual license statements.

When the Flux Group moved to git, people outside of the group started
to see the source files with the "unexpanded" symbols.  This meant
that people acquired source files without actual license statements in
them.  All the relevant files had Utah *copyright* statements in them,
but without the expanded *license* statements, the licensing status of
the source files was unclear.

This commit is intended to clear up that confusion.

Most Utah-copyrighted files in the Emulab source tree are distributed
under the terms of the Affero GNU General Public License, version 3
(AGPLv3).

Most Utah-copyrighted files related to ProtoGENI are distributed under
the terms of the GENI Public License, which is a BSD-like open-source
license.

Some Utah-copyrighted files in the Emulab source tree are distributed
under the terms of the GNU Lesser General Public License, version 2.1
(LGPL).

from tbacct, which happens in the context of the project/group root,
not as the user.

* When generating an encrypted SSL certificate, derive an SSH public
  key from the private key and store in the pubkeys table for the
  user. Note that SSH version 2 RSA keys are actually just openssl RSA
  keys, and that ssh-keygen can extract an ssh compatible public key
  from it.

* Change getsslcert.php3 to return the ssh private and public key when
  give the "ssh" boolean argument. This is mostly for the benefit of
  Flack; we probably need a better UI for the user to get this stuff. 

* Remove the requirement that users must upload an SSH key to use
  protogeni, since we now create one for them when they create their
  encrypted SSL certificate.

* Some cleanup; instead of looking at the comment field to determine
  what pubkeys are Emulab created (and should not be deleted), use new
  internal and nodelete flags.

      www/showpubkeys.php3 - Add a NewPubKey function to spit out XML to addpubkey.
      account/addpubkey.in - Add -X <xmlfile> in place of other command-line args.
      sql/database-fill.sql - Add 'user_pubkeys' entries for addpubkey's use.

keys from windoze boxes.

interface to the backend. There are new scripts that can be called
from the command line:

	newuser xmlfile
	newproj xmlfile

They both run from small xmlfiles that are generated by the web
interface from the form data. I also moved user verification to the
backend so that we do not have duplicated email functions, but that
was a small change.

Upon error, the xmlfile is saved and sent to tbops so that we can
rerun the command by hand, rather then force user to fill out form
again. I also do a better job of putting the form back up intact when
there are internal errors.

If the user provides an initial public key, that is put into the xml
file as well and addpubkey is called from newuser instead of the web
interface. A more general change to addpukey is that it is now
*always* called as "nobody". This script was a morass of confusion
cause of having to call it as nobody before the user actually
exists. In fact, another of my ongoing projects is to reduce the
number of scripts called as a particular user, but thats a story for
another day. Anyway, the script is always called as nobody, but we
pass along the implied user in the environment so that it can do
permission checks.

most of the rest of the tables in the system (still a few exceptions).
Bound to be some bugs ...

The major functional change in this revision is converting from user
selected UIDs to system selected UIDs. This is controlled by the
variable $USERSELECTUIDS in defs/defs.php3.in which is now set to
zero, so system selected UIDs is the default.

The algo for creating the uid is to take the email address, strip the
@whatever from it, squeeze out dots and dashes and underlines, and
make sure any +foo tokens are removed. Then make sure it is unique by
taking the first 5 characters and then adding a 3 digit number,
derived by checking the DB to see what exists.

Since we will want to (more often) change the UID selected, there is a
new admin only menu option on the Show User page. It calls the backend
script to do the work (sbin/changeuid).

The login page now defaults to storing and showing the email address
for login, rather then the UID. It will still accept either one though
(has for a long time).

Along the way I also reorg'ed a number of pages to use the new user,
group, and project classes and moved some common functionality into
the class defs.

Also changed the way addpubkey is called, to avoid some confusion.

Two-day boondoggle to support "/scratch", an optional large, shared filesystem
for users.  To do this, I needed to find all the instances where /proj is used
and behave accordingly.  The boondoggle part was the decision to gather up all
the hardwired instances of shared directory names ("/proj", "/users", etc.)
so that they are set in a common place (via unexposed configure variables).
This is a boondoggle because:

1. I didn't change the client-side scripts.  They need a different mechanism
   (e.g., tmcd) to get the info, configure is the wrong way.

2. Even if I had done #1 it is likely--no, certain--that something would
   fail if you tried to rename "/proj" to be "/mike".  These names are just
   too ingrained.

3. We may not even use "/scratch" as it turns out.

Note, I also didn't fix any of the .html documentation.  Anyway, it is done.
To maintain my illusion in the future you should:

1. Have perl scripts include "use libtestbed" and use the defined PROJRO...

* Add creation of no-passphrase Protocol 2 RSA key in addition to
  Protocol 1 key. Currently Protocol 1 will continue to be generated,
  until we figure out an acceptable way to conditionalize this for old
  and new sites.

* No longer generate authorized_keys2 file. All keys go in the main
  file, and the authorized_keys2 file is deleted if it exists, after
  successful creation of the main file.

* When regenerating the Emulab keys, read the current .pub file in and
  delete the existing keys from the DB.

I fixed a couple of minor problems, but mostly this worked fine. Note that
I have tested this with the installed perl, *NOT* perl 5.8. I am just
making sure this stuff gets committed before too much more bitrot sets in.

* When generating the initial ssh ley, use -C option to keygen so that
  the comment field is rational. Now set to $user@$domain.

* Add -f (force) option to use in conjunction with -i (inituser)
  option to regenerate the initial (unencrypted) ssh key. The user's
  auth_keys are files are regenerated as well.

  The bad thing about all this is that you have to go remove any old
  keys by hand via the web interface since we do not mark the key we
  generate in the DB.

Add a little bit more output to help in determining why keys get
rejected.

the web interface, so better allow it here.

Bad idea. Use an auto_incrementing idx field instead.

the RCS control file in the repository so the history is left intact.

Two new modes, which used to be in the old mkacct. There is an init
mode, which is used on new users to create the initial pub key. There
is also a write mode, which is used regenerate the authkeys files for
people after they add/delete keys via the web interface. Used to be
that addpubkey wold add the key to the DB, but mkacct would deal with
creating the authkeys files. All this functionality is now localized
in this one script.

of instances; when a user first joins, a pub key is entered before the
user is approved and gets an account. The other case is for the new
webonly accounts, which exist for people with access to specific
widearea nodes. These people never have local accounts (for suxec),
but still get to edit their personal info and public keys for
distribution to those widearea nodes.

perl script that does this.

to an external perl script, and use ssh-keygen to attempt conversion
off SSH2/SECSH key formats. This is actually a simplification of the
php code, which is not generally very good at this kind of thing (or
maybe I mean perl is just better at it). The parsing and error
handling it also much improved.