1. 26 Aug, 2003 1 commit
  2. 25 Aug, 2003 1 commit
  3. 07 Aug, 2003 1 commit
  4. 29 Jul, 2003 1 commit
    • Leigh B. Stoller's avatar
      Some cleanup on the batch mode stuff. Make it more explicit in the · 29b820b1
      Leigh B. Stoller authored
      showexp page that its a batch experiment, by the menu options. Same
      deal in the swapexp output, plus some other minor cleanup. The only
      bug I found while trying to figure out the batchmode problem reported
      this morning by the FileMover people, is that the cancelflag is not
      cleared after swaping a running batch experiment out, so even after
      reinjecting it into the queue, it will not run. Still, that does seem
      to be what the FileMover people reported.
      29b820b1
  5. 24 Jul, 2003 1 commit
  6. 15 May, 2003 1 commit
  7. 11 Apr, 2003 1 commit
    • Chad Barb's avatar
      · a0248828
      Chad Barb authored
      Added site variables ('sitevars').
      These are stored in the sitevariables database table.
      Each one has a name, a description (NOT OPTIONAL!), a
      default value, and a current value.
      If the current value is NULL, the default value is used.
      
      Soon, a mechanism will be added to the install process to
      ensure all needed site variables exist before installing;
      more on that when it is committed.
      
       - Added 'editsitevars.php3' page, accessable to admins
         via the 'Edit Site Variables' menu option.
      
       - Added 'setsitevar' script,
         an interface for listing, viewing in detail, and setting
         site variables.
      
       - Web interface now uses 'web/nologins' and 'web/message'
         instead of one-off database tables.
      
      NOTE that setting a variable to the default value and
      setting a variable to a value which is string-identical
      are NOT the same thing.
      (This doesn't matter yet, but when we push default values out to
       remote sites as part of our install, it will.)
      a0248828
  8. 07 Apr, 2003 1 commit
  9. 28 Mar, 2003 1 commit
  10. 27 Mar, 2003 1 commit
    • Leigh B. Stoller's avatar
      Changes to permission checks for nodes, experiments, and images. · 09bec812
      Leigh B. Stoller authored
      In addition to the usual checks, project_root and group_root (in the
      project) get the same permission as if they were in the subgroups with
      group_root permission. This means they can swap/terminate/reboot etc
      in subgroups even though they are not members of the subgroups.
      There is still some copy problems with files, but leaving that till
      later to deal with.
      09bec812
  11. 26 Mar, 2003 3 commits
    • Mac Newbold's avatar
      Fix up the swap request message to use the new slothd info. Now it says · 3556ab99
      Mac Newbold authored
      how long they've been idle and what the time of last activity was on their
      nodes. And now do proper wordwrapping on the message instead of static
      apriori newline placement.
      
      Also add the ability to do some formatting on the idle time to those
      functions, and use it to make the swap request message a little better.
      ("H hours, M minutes" instead of "X.Y hours").
      3556ab99
    • Leigh B. Stoller's avatar
      Add "gid" slot to the images table for changing permission scheme from · 4c56daf6
      Leigh B. Stoller authored
      only pid, to pid/gid like most other things in the testbed. Also add a
      "global" slot to denote images that are globally available to all
      projects (system images). The older "shared" attribute is now used to
      denote images that are shared within a project (available to all
      subgroups in the project). The migration path for existing DBs is
      given in the migrate file. Be sure to run those commands on an
      existing testbed or things will break!
      
      www/newimageid, www/newimageid_ez: A bunch of changes for
      shared/global attributes. Added a group menu to the form so users can
      create images in subgroups. Beefed up the Java code that constructs
      the path name to use the gid, shared, and global attributes of the
      form to give the user the best possible path that we can. Improved the
      pathname checking code so that we do not allow just any old path in
      case the user elects to disregard the path we carefully constructed
      for them. Also check the proj/group membership, and setup defaults for
      users that have permission in just one pid/gid to create images.
      
      libdb.in: Changed permission check in TBImageIDAccessCheck() to
      reflect shared/global attribute changes.
      
      os_load: Get rid of test that checked path of the image. The path
      checking is done in the web interface anyway, so why duplicate in 4
      places. Other minor changes reflecting shared->global name change.
      Also note that images can come from the group directory now.
      
      create_image: Get rid of test that checked path of the image. The path
      checking is done in the web interface anyway, so why duplicate in 4
      places. Also note that images can come from the group directory now.
      
      www/dbdefs: Changed permission check in TBImageIDAccessCheck() to
      reflect shared/global attribute changes.
      
      www/showimageid_list, www/showstuff: Minor global/shared attribute
      changes.
      
      www/menu: Change osids/imageids pointer to point to the image list,
      not the osid list. This is more reasonable for mere users who have
      access to the EZ form, and thus never really need to concern
      themselves with osids.
      
      www/editimageid: Add proper pathname checking. There were no checks at
      all before!
      4c56daf6
    • Mac Newbold's avatar
      First big commit/checkpoint of web changes for new slothd. · 52396569
      Mac Newbold authored
       - Added a bunch of functions to get time of last activity, hours idle,
         and staleness for nodes and experiments.
       - Fixed the showexp_list page to use the new idle measures, including
         idle view. Idle view now runs in about 1.3 seconds instead of 13.
       - Changed all the "show" functions for nodes and expts to show idleness.
      
      More changes will be coming, but I wanted to commit this before I install
      it for real.
      52396569
  12. 13 Mar, 2003 1 commit
    • Chad Barb's avatar
      · c6129ad7
      Chad Barb authored
      More rework on the groups system.
      
      * BESTOWGROUPROOT permission added to dbdefs.
      
      * Permissions criteria for group operations changed in dbdefs
        (consult code for full explanation.)
      
      * Approveuser and Editgroup now check for BESTOWGROUPROOT
        permissions before allowing changes to group_root.
      
      * approveuser_form and editgroup_form do not show "Group Root"
        as an option unless you are allowed to set it (or it is already set.)
      
      * editgroup does not UPDATE rows where trust has not been changed.
      
      * showgroup does a correct check to see whether to show the
        "group options" subpage.
      c6129ad7
  13. 12 Mar, 2003 2 commits
    • Chad Barb's avatar
      · 24940013
      Chad Barb authored
      * Altered consistency checks to treat any root as equivalent
        (so, if you're project_root in the default group, but group_root in
         a group, that won't be a problem)
      
      * Moved consistency checks, which were done in two different places into
        dbdefs TBCheckGroupTrustConsistency()
      
      * Added preemptive checks, so if 'user' or '*_root' are not valid
        trusts, they aren't displayed as options in editgroup_form and
        approveuser_form (using above function)
      
      * In approveuser, a new approval may now be sent to group_root.
      24940013
    • Chad Barb's avatar
      · bb14f708
      Chad Barb authored
      Split notion of "EDITGROUP" permission into two:
      "EDITGROUP" and "GROUPGRABUSERS".
      
      "EDITGROUP" is easier to obtain;
                  it is now given to group_root for the group.
      "GROUPGRABUSERS" is how "EDITGROUP" _used_ to be:
                       only given to default-group_root or project_root.
      
      The ability to add users to a group who have not requested membership
      now requires "GROUPGRABUSERS".
      
      Removing or editing members still requires only EDITGROUP.
      
      So, the upshot is, now group_root users can edit and remove members from
      their own groups.
      But they still can't 'grab' users who haven't asked to join the group.
      (which would enable them to mount arbitrary users' home dirs as
       root, which would be a Bad Thing.)
      bb14f708
  14. 27 Feb, 2003 2 commits
    • Mac Newbold's avatar
      Fix broken leaders-email-list query. · a8aac60d
      Mac Newbold authored
      a8aac60d
    • Leigh B. Stoller's avatar
      * No longer put the project leader into every subgroup. If the project · 08770694
      Leigh B. Stoller authored
        leader wants to be in the subgroup, he has to do it via the editgroup
        page. This required minor changes in editgroup pages, since I was special
        casing the project leader to not allow removal/addition.
      
      * Allow mere users to be the head of a group. This was previously not
        allowed, and is totally wrong since the entire group trust mechanism
        is based on giving subgroup members *more* privs then they have in
        the default (project) group.
      
      * Change permission check in the showgroup page to allow non group members
        to look at the group if they have group_root or better in the default
        group. I noticed that once I took myself out of a group, I could no longer
        look at the group even though I had group_root in the project.
      
        Also change so that the edit/del menu does not appear unless the user
        has permission to do those things.
      
      * Change consistency check when adding a group member. New test is simpler
        and makes sure that the user does not have root privs in the project and
        user privs in the subgroup. The reverse is of course okay, and the expected
        manner in which groups should be used.
      
      * newgroup page now spits out a redirect to showgroup page, rather then
        printing the group info itself. Avoids duplication and gets rid of the
        form post from the history. Ditto for editgroup page.
      08770694
  15. 30 Jan, 2003 1 commit
  16. 24 Jan, 2003 1 commit
  17. 06 Dec, 2002 1 commit
  18. 05 Dec, 2002 1 commit
    • Mac Newbold's avatar
      First set of changes for proj head and all group roots in the group to get · 0c8a345c
      Mac Newbold authored
      mail instead of just the proj head. So far, the only mail that really does
      it is the swap requests, but others are coming soon, especially new user
      application mail and the like.
      
      Also clarified some of the documentation about students starting projects.
      New project page says they can't, and that their advisor has to do it,
      then links to auth.html, which says they can with prior special
      permission. Hopefully we won't get too many more students making project
      apps and messing things up.
      0c8a345c
  19. 14 Nov, 2002 1 commit
  20. 14 Oct, 2002 1 commit
  21. 01 Oct, 2002 1 commit
    • Robert Ricci's avatar
      Change user verification keys. Verification key is now an md5 hash · a4e8ca5b
      Robert Ricci authored
      of a random number, as suggested in the php manual. This number
      is stashed in the database, in the new verify_key column in the
      users table.
      
      Rename the functions that generate and get the keys, and move from
      defs.php3 to dbdefs.php3, since they're now DB operations.
      a4e8ca5b
  22. 14 Sep, 2002 1 commit
  23. 09 Jul, 2002 1 commit
  24. 21 Jun, 2002 2 commits
  25. 12 Jun, 2002 1 commit
    • Leigh B. Stoller's avatar
      The big key changes ... Deprecate the two pubkey slots in the users · 6c6f8baf
      Leigh B. Stoller authored
      table and create a new table to hold user_pubkeys, indexed by the
      comment field of the key. Change mkacct to insert newly created Emulab
      keys into that table, and to regen the users authorized_keys file
      from the DB. Users should no longer edit their own authorized_keys
      file or the changes will be lost (I put a comment in their files).
      
      Change the three pages that deal with keys. join/new project can now
      take a file of multiple keys; each is inserted. Moved the key stuff
      that was in the update user info page into a new pubkeys page that
      allows users to add/sub keys easily. New key additions are password
      protected.
      
      Unrelated change: Add an audit mode to mkacct to log its output and
      send it to the tblogs email. Previously, warnings and errors tended to
      get lost.
      6c6f8baf
  26. 22 May, 2002 1 commit
    • Leigh B. Stoller's avatar
      A large set of authorization changes. · d2360b6d
      Leigh B. Stoller authored
      * Cleanup! A lot of the structure derived from the early frame days,
        which had a noticable (and bad) effect on how I wrote the stuff.  I
        cleaned up most of that yuckyness.
      
      * In process, optimize a little bit on the queries. The old code did
        about 9 queries just to write out the menu options, and then
        repeated most of those queries again in the page guts. I've
        consolidated the queries as much as possible (to 3) and cache all
        the results.
      
      * Fix up problem with users who forget their passwords before
        verification. Basically, I fixed the more general problem of not
        being able to update your user info before verification/approval;
        users now get that menu option no matter their status.
      
      * Fix up problem of users being able to access pages before
        verification (but after approval) by going around the menu options.
        The page level check (after the menu is drawn) now checks all
        conditions (password expired, unverified, unapproved, timedout, and
        also nologins()).
      
      * Minor change in approveuser; do not show the new account to the
        project leader until the new user has verified his account.
      
      * Change verification method, as reqwuested by Dave.  In addition to
        providing the key, also provide a web link to take the user straight
        to verification. I actually take them direct to the login page, and
        pass the key in as an argument. If the user is already logged in,
        bypass and go directly to the verify page (not the form page of
        course).  If the user is not logged in, let him log in, and then
        forward the key onward to the verify page. Basically, bypass the
        form all the time, and just do the verification.
      
      * Minor change in showuser; Do not show pid/groups not approved in,
        and if the count is zero, do not draw the table headings.
      d2360b6d
  27. 16 May, 2002 1 commit
  28. 01 May, 2002 1 commit
    • Mac Newbold's avatar
      Add idle expts view to experiment list page. Filters based on days idle... · ae32a110
      Mac Newbold authored
      Add idle expts view to experiment list page. Filters based on days idle (default is 2), and adds a column with a button that takes you directly to the confirmation page for sending a swap/terminate request. Very cool, and handy dandy for the Idle Daemon to use. Still doesn't do sorting by last login, because that would require either a monster 15-line SQL query or saving everything into an array, sorting, and then printing, instead of our current 'print in the order you get it from the db' method. Maybe later. Changed TBExpUidLastLogins to return a daysidle value as well.
      ae32a110
  29. 15 Apr, 2002 1 commit
  30. 05 Apr, 2002 1 commit
  31. 01 Apr, 2002 1 commit
    • Leigh B. Stoller's avatar
      First cut at supporting RON (or more generally, remote nodes). · bd587829
      Leigh B. Stoller authored
      * tmcd/ron: A new directory of client code, based on the freebsd
        client code, but scaled back to the bare minimum. Does only account
        and group file maintenance. I redid the account stuff so that only
        emulab accounts are operated on. Does not require a stub file, but
        instead keeps a couple of local dbm files recording what groups and
        accounts were added by Emulab. There is a ton of paranoia checking
        to make sure that local accounts are not touched.
      
        The update script that runs on the client node detaches so that the
        ssh from boss returns immediately. update can also be run from the
        node periodically and at boottime. The script is installed setuid
        root, but checks to make sure that *only* root or "emulabman" has
        invoked it.
      
      * utils/sshremote: New file. For remote nodes, instead of using sshtb,
        use sshremote, which ssh's in as "emulabman", which needs to be a
        local non-root user, but with an authorized_keys file containing
        boss' public key.
      
      * web interface changes: Allow user to specify his own public key in
        addition to the emulab key.
      
        Add option in showexp page to update accounts on nodes in the
        experiment. I was originally intending to do this from approveuser,
        but this was easier and faster. I will add an option to do it on the
        approveuser page later.
      
      * libdb.pm: Add a TBIsNodeRemote() query to see if a node is in the
        local testbed or a pcRemote node. Currently, this test is hardwired
        to a check for class=pcRemote, but this will need to change to a
        node_types property at some point.
      
      * node_update: Reorg so that there is a maximum number of children
        created. Previously, a child was forked for each node, but that
        could chew up too many processes, especially for remote nodes which
        might hang up. For the same reason, we need to "lock" the experiment
        so that it cannot be terminated while a node_update is in progress.
        Might be to relax that, but this was easy for now. Also add
        distinction between local and remote, since for remote we use
        sshremote insted of sshtb. Various cleanup stuff
      
      * mkacct; When generating a new account, include user supplied pub key
        in the authorized keys file, in addition to the eumlab generated
        key. Both keys are stored in the DB in the users table. Anytime we
        update an account, get a fresh copy of the emulab pub key, in case
        user changes it.
      bd587829
  32. 25 Mar, 2002 1 commit
  33. 01 Mar, 2002 1 commit
  34. 08 Feb, 2002 1 commit
    • Leigh B. Stoller's avatar
      Big round of image/osid changes. This is the first cut (final cut?) at · a73e627e
      Leigh B. Stoller authored
      supporting autocreating and autoloading images. The imageid form now
      sports a field to specify a nodeid to create the image from; If set,
      the backend create_image script is invoked. Thats the easy part.
      Slightly harder is autoloading images based on the osid specified in
      the NS file. To support this, I have added a new DB table called
      osidtoimageid, which holds the mapping from osid/pctype to imageid.
      When users create images, they must specify what node types that image
      is good for. Obviously, the mappings have to be unique or it would be
      impossible to figure it out! Anyway, once that image mapping is
      in place and the image created, the user can specify that ID in the NS
      file. I've changed os_setup to to look for IDs that are not loaded,
      and to try and find one in the osidtoimageid. If found, it invokes
      os_load. To keep things running in parallel as much as possible,
      os_setup issues all the loads/reboots (could be more than a single set
      of loads is multiple IDs are in the NS file) at once, and waits for
      all the children to exit. I've hacked up os_load a bit to try and be
      more robust in the face of PXE failures, which still happen and are
      rather troublsesome. Need an event system!
      
      Contained in this revision are unrelated changed to make the OS and
      Image IDs per-project unique instead of globally unique, since thats a
      pain for the users. This turns out to be very messy, since underneath
      we do not want to pass around pid/ID in all the various places its
      used. Rather, I create a globally unique name and extened the OS and
      Image tables to include pid/name/ID. The user selects pid/name, and I
      create the globally unique ID. For the most part this is invisible
      throughout the system, except where we interface with the user, say in
      the web pages; the user should see his chosen name where possible, and
      the should invoke scripts (os_load, create_image, etc) using his/her
      name not the internal ID. Also, in the front end the NS file should
      use the user name not the ID. All in all, this accounted for a number
      of annoying changes and some special cases that are unavoidable.
      a73e627e
  35. 17 Jan, 2002 1 commit