1. 02 Dec, 2014 14 commits
  2. 26 Nov, 2014 1 commit
    • Kirk Webb's avatar
      Fix account listing for vnodes on shared hosts. · 2b2c7bd3
      Kirk Webb authored
      In my cleanup of the "doaccounts" code, it looks like I was a bit
      overzealous. The logic for detecting when a node is a shared vnode
      host was incomplete, and so matched for the vnodes themselves too.
      2b2c7bd3
  3. 23 Nov, 2014 1 commit
    • Mike Hibler's avatar
      Be consistent with the newnode script. · ab7da9fd
      Mike Hibler authored
      Apparently at some point in the past, wire info for new nodes moved into
      its own table rather than using the switch_* fields of new_interfaces.
      For Geniracks or if a certain feature is set, then this new style is used.
      
      However, newscript unconditionally assumed the new format and generated
      incomplete entries for non-Geniracks. Newscript now makes the same checks
      as newnode.
      ab7da9fd
  4. 21 Nov, 2014 1 commit
  5. 19 Nov, 2014 2 commits
    • Kirk Webb's avatar
      Clear taint states from nodes in the proper place (on 'reloading' exit). · 721bb6bc
      Kirk Webb authored
      Move the taint clearing action so that it happens as the node exits
      the "reloading" experiment (vs. when it goes into reloading).
      721bb6bc
    • Kirk Webb's avatar
      Sprinkle taint checks throughout tmcd to avert privilege escalation. · d9c27fac
      Kirk Webb authored
      Also add utility function to allow the node to get the exact details of
      the image it is running ('imageinfo').
      
      Some of the taint checks are rather heavy-handed presently.  Pretty much
      any vector that could be used by the user to do something as root has
      been severed right at the top of the relevant tmcd calls.
      
      Calls affected:
      
      manifest ('blackbox' and 'useronly' taintstates)
      rpms ('blackbox' and 'useronly' taintstates)
      tarballs ('blackbox' and 'useronly' taintstates)
      blobs ('blackbox' and 'useronly' taintstates)
      startupcmd ('blackbox' taintstate)
      mounts ('blackbox' taintstate)
      programs ('blackbox' taintstate)
      
      Taint handling for the 'accounts' call was dealt with in a prior commit.
      d9c27fac
  6. 18 Nov, 2014 2 commits
  7. 17 Nov, 2014 1 commit
  8. 16 Nov, 2014 2 commits
  9. 15 Nov, 2014 1 commit
  10. 14 Nov, 2014 6 commits
  11. 13 Nov, 2014 1 commit
  12. 12 Nov, 2014 8 commits
    • Kirk Webb's avatar
      Add global permissions support for leases. · 00b57bf4
      Kirk Webb authored
      Two types of global permissions are supported:
      
      * Anonymous read-only (to support users without local accounts).
      * Read-only for users with local accounts.
      
      Global permissions are added to leases by way of entries of type "global"
      in the lease_permissions table.  The lease mod tool still needs to be
      updated to make use of the updated library support here.
      
      The new GetAllowedLeases() method in Lease.pm was reworked - it became
      clear that this was needed as I did the global RO permissions stuff.
      00b57bf4
    • Kirk Webb's avatar
      Add method to list all leases a user or project has access to. · b162d8de
      Kirk Webb authored
      Also adjust some of the existing lease enumeration functions to take
      a lease type selector argument.  Here is the comment above the
      new GetAllowedLeases() method:
      
       Return a list of leases for which a user OR entire project has access.
      
       Permissions are determined as follows:
       * The owner of a lease always has full (RW) access
       * Users in a project with group_root or above trust always have full (RW)
         access to leases associated with that project.
       * Explicitly granted per-user and per-project permissions are extracted
         from the lease_permissions tables.
      
       Arguments:
       * upid - User OR Project object to lookup lease access for.
       * type - Optional lease type selector.  Restrict results to this type
                of lease.
      
       Returns: Array of lease objects the given principal (user or project) has
                access to.  To each of these lease objects, an "allow_modify"
                boolean is set, accessible via $leaseobj->allow_modify().
      b162d8de
    • Leigh B Stoller's avatar
      Minor fix to previous revision. · 9fdf7a43
      Leigh B Stoller authored
      9fdf7a43
    • Mike Hibler's avatar
      Fix a query typo. · 2a09101d
      Mike Hibler authored
      2a09101d
    • Leigh B Stoller's avatar
      Lots of dataset changes. · 0adc340f
      Leigh B Stoller authored
      Project leases are now per-group, so we build a sub authority certificate
      for a remote dataset so that on the remote side, it is created inside the
      group named by the project on the local side.
      
      Many bug fixes.
      0adc340f
    • Leigh B Stoller's avatar
      0002fc0f
    • Leigh B Stoller's avatar
      c9b4d551
    • Leigh B Stoller's avatar
      122fd04e