1. 01 Feb, 2012 1 commit
  2. 30 Jan, 2012 1 commit
    • Leigh B Stoller's avatar
      Changes to make it easier for ProtoGeni users! · 3dac3cb8
      Leigh B Stoller authored
      * When generating an encrypted SSL certificate, derive an SSH public
        key from the private key and store in the pubkeys table for the
        user. Note that SSH version 2 RSA keys are actually just openssl RSA
        keys, and that ssh-keygen can extract an ssh compatible public key
        from it.
      
      * Change getsslcert.php3 to return the ssh private and public key when
        give the "ssh" boolean argument. This is mostly for the benefit of
        Flack; we probably need a better UI for the user to get this stuff. 
      
      * Remove the requirement that users must upload an SSH key to use
        protogeni, since we now create one for them when they create their
        encrypted SSL certificate.
      
      * Some cleanup; instead of looking at the comment field to determine
        what pubkeys are Emulab created (and should not be deleted), use new
        internal and nodelete flags.
      3dac3cb8
  3. 02 Dec, 2011 1 commit
    • Leigh B Stoller's avatar
      Changes to allow new users to request their encrypted SSL certificate · 8def7e94
      Leigh B Stoller authored
      on the join/start project pages. At the moment this is conditional
      under the PROTOGENI flag, since users on non-protogeni sites rarely
      need an encrypted SSL certificate. The initial passphrase has to be
      store someplace since we cannot built the certificate until the user
      is approved, so put it into the users table, and delete when the first
      certificate is built (at approval).
      8def7e94
  4. 07 Nov, 2011 1 commit
  5. 30 Aug, 2011 1 commit
  6. 13 Mar, 2010 2 commits
  7. 12 Mar, 2010 1 commit
  8. 23 Feb, 2009 1 commit
  9. 08 Jan, 2009 1 commit
  10. 25 Feb, 2008 1 commit
  11. 23 Jan, 2008 1 commit
  12. 07 Nov, 2007 1 commit
    • Leigh B. Stoller's avatar
      Just for kicks and cause I'm such a fan of "the wiki" I went ahead and · b15d5f78
      Leigh B. Stoller authored
      fully integrated Trac. I put a new installation in /usr/local/www/data/trac
      and I added all the hooks for adding users and doing the cross machine
      login. Only STUDLY() users will actually see the new option in the collab
      dropdown menu.
      
      I have not done anything to make the trac installation look like Emulab.
      b15d5f78
  13. 19 Sep, 2007 1 commit
    • Russ Fish's avatar
      Move moduserinfo page form logic to a backend Perl script and methods. · 8965aad8
      Russ Fish authored
       GNUmakefile.in configure configure.in  - Add the testbed/backend directory.
       www/moduserinfo.php3 - The reworked PHP page.
       www/user_defs.php - Add a ModUserInfo method bridging to the script via XML,
           and remove the ChangeProfile method that is being replaced.
       backend/{moduserinfo,GNUmakefile}.in - Add the Perl script.
       db/User.pm.in - Add a ModUserInfo worker class method for script arg checking.
           Also SetUserInterface, SetWindowsPassword, and AccessCheck methods,
           and a copy of the escapeshellarg fn.
       sql/database-fill.sql - Add some to the table_regex 'users' checking patterns.
      
      Support stuff:
       account/tbacct.in - Update the UpdateWindowsPassword() function.
       db/libdb.pm.in - Add TBDB_USER_INTERFACE_EMULAB and TBDB_USER_INTERFACE_PLAB().
       tbsetup/libtestbed.pm.in - Add TB*EMAIL, TBMAIL_* vars (OPS, WWW, AUDIT).
      8965aad8
  14. 16 Mar, 2007 2 commits
    • Leigh B. Stoller's avatar
      Do not create initial public keys for elabman since they are · 3c2b27c2
      Leigh B. Stoller authored
      unencrypted, not to mention useless.
      3c2b27c2
    • Leigh B. Stoller's avatar
      Change to elabman handling, to setup an account that we can use for · d7f33445
      Leigh B. Stoller authored
      helping remote sites setup and update.
      
      * Added a V2 (DSA) key to the install directory that us inserted into
        the pubkeys table for the elabman. This key is encrypted and stored in
        /root/.ssh/elabman_dsa on Utah's boss.
      
      * elabman now starts out as webonly=0,status='active' with a real
        shell on both boss and ops.
      
      * freeze/thaw user now treat elabman as special, giving elabman a real
        account on boss and ops when thawed.
      
      * Addeda "notes" entry to the user profile that indicates the account
        can be frozen once the remote emulab is up and running.
      d7f33445
  15. 16 Jan, 2007 1 commit
    • Leigh B. Stoller's avatar
      Move the bulk (or guts) of newuser and newproject from the web · 16aaa101
      Leigh B. Stoller authored
      interface to the backend. There are new scripts that can be called
      from the command line:
      
      	newuser xmlfile
      	newproj xmlfile
      
      They both run from small xmlfiles that are generated by the web
      interface from the form data. I also moved user verification to the
      backend so that we do not have duplicated email functions, but that
      was a small change.
      
      Upon error, the xmlfile is saved and sent to tbops so that we can
      rerun the command by hand, rather then force user to fill out form
      again. I also do a better job of putting the form back up intact when
      there are internal errors.
      
      If the user provides an initial public key, that is put into the xml
      file as well and addpubkey is called from newuser instead of the web
      interface. A more general change to addpukey is that it is now
      *always* called as "nobody". This script was a morass of confusion
      cause of having to call it as nobody before the user actually
      exists. In fact, another of my ongoing projects is to reduce the
      number of scripts called as a particular user, but thats a story for
      another day. Anyway, the script is always called as nobody, but we
      pass along the implied user in the environment so that it can do
      permission checks.
      16aaa101
  16. 09 Jan, 2007 1 commit
  17. 03 Jan, 2007 3 commits
    • Leigh B. Stoller's avatar
      Fix minor bug. · 1197b0ff
      Leigh B. Stoller authored
      1197b0ff
    • Leigh B. Stoller's avatar
      Move most of the password changing code to the backend, as I just did · 32983db4
      Leigh B. Stoller authored
      for email changes. Currently, the hash is passed in on the command
      line from the web interface, and there is no method for invoking it on
      the command line and providing a text password, but that is an easy
      change now that the bulk of the code is in the backend instead of the
      web interface.
      
      Note that this change took longer cause we allow inactive,frozen, and
      wikionly users to change their password, but since they do not have
      accounts (yet) the operation is invoked as user "nobody" and tbacct
      about to me made aware of that possibility.
      
      Also add equivalent auditing email message that goes to the user when
      password is changed.
      
      Also more cleanup and conversion to objects.
      32983db4
    • Leigh B. Stoller's avatar
      Started out adding an email message to users whenever their email · 6d50ce56
      Leigh B. Stoller authored
      address is changed by an admin, but in the process I decided to
      implement the entire operation in the backend, since that is what we
      want to do anyway for all operations. Email is sent from the backend
      script as well.
      6d50ce56
  18. 20 Oct, 2006 1 commit
    • Mike Hibler's avatar
      Wow, this should make me look important! · afa5e919
      Mike Hibler authored
      Two-day boondoggle to support "/scratch", an optional large, shared filesystem
      for users.  To do this, I needed to find all the instances where /proj is used
      and behave accordingly.  The boondoggle part was the decision to gather up all
      the hardwired instances of shared directory names ("/proj", "/users", etc.)
      so that they are set in a common place (via unexposed configure variables).
      This is a boondoggle because:
      
      1. I didn't change the client-side scripts.  They need a different mechanism
         (e.g., tmcd) to get the info, configure is the wrong way.
      
      2. Even if I had done #1 it is likely--no, certain--that something would
         fail if you tried to rename "/proj" to be "/mike".  These names are just
         too ingrained.
      
      3. We may not even use "/scratch" as it turns out.
      
      Note, I also didn't fix any of the .html documentation.  Anyway, it is done.
      To maintain my illusion in the future you should:
      
      1. Have perl scripts include "use libtestbed" and use the defined PROJROOT(),
         et.al. functions where possible.  If not possible, make sure they run
         through configure and use @PROJROOT_DIR@, etc.
      
      2. Use the configure method for python, C, php and other languages.
      
      3. There are perl (TBValidUserDir) and php (VALIDUSERPATH) functions which
         you should call to determine if an NS, template parameter, tarball or
         other file are in "an acceptable location."  Use these functions where
         possible.  They know about the optional "scratch" filesystem.  Note that
         the perl function is over-engineered to handles cases that don't occur
         in nature.
      afa5e919
  19. 01 Jun, 2006 1 commit
    • Leigh B. Stoller's avatar
      Add suport for building per project, group, experiment DBs on ops. At · adbcfd47
      Leigh B. Stoller authored
      present the per-experiment stuff is not hooked in, but will be for
      templates later. Anyway, each user gets a mysql account on ops, with
      password set to the same as their mailman password (which is also
      their jabber password, etc). Each project gets a DB named by the
      project, and each group gets a DB named by pid,gid. Users are placed
      on the access lists for the DBs as you would expect.
      
      There is a little bit of complexity to make sure that we can create
      DBs on ops outside the Emulab path and grant access to them, without
      Emulab getting confused or mucking things up.
      
      I'll get a news item done ...
      adbcfd47
  20. 02 Mar, 2006 1 commit
  21. 10 Nov, 2005 1 commit
  22. 14 Oct, 2005 2 commits
  23. 04 Oct, 2005 1 commit
  24. 20 Sep, 2005 1 commit
    • Leigh B. Stoller's avatar
      Checkpoint Chat Support stuff; mostly working but still needs work. · 90cdfb60
      Leigh B. Stoller authored
      Ready for local people to play with.
      
      The current implementation is that we munge the mysql DB on ops directly,
      underneath jabberd. We add/del users from the authreg table, and set up
      buddy lists in the roster-items and roster-groups tables. modgroups will
      invoke the modjabberbuddies whenever a user is added or removed from a
      group, although currently I am building buddy lists for just the top level
      projects.
      
      The "My IM" link in the collaboration menu will tell the user their
      jabber ID on the Emulab chat server (jabber.emulab.net) and also give
      them their plain text password to plug into their chat client.
      
      I also installed a java applet (Jeti) that is a simple chat client that
      I found off the jabberware page. Like all applets, it exhibits a degree
      of flakiness, but I really do not expect too many people to use it.
      90cdfb60
  25. 20 Jul, 2005 1 commit
  26. 24 Jun, 2005 1 commit
  27. 14 Jun, 2005 1 commit
  28. 31 May, 2005 1 commit
  29. 25 Mar, 2005 1 commit
    • Leigh B. Stoller's avatar
      Okay, I think I am finally done with WikiWhacking (or WhackingTheWiki?) · 90dcbbe2
      Leigh B. Stoller authored
      for the near future. Two big changes:
      
      * Add WikiOnly accounts. An external user can register for an account on
        the wiki. Rather then use the registration stuff that comes with TWiki,
        redirect to new Emulab web page so we can manage all of the wiki accounts
        from one place. I modified the joinproject page to spit out a subset of
        the required fields so that its simple to get a wiki only account (just a
        few things to fill in).
      
        In keeping with current security practices, we still generate a
        verification email message to ensure the email address works. However,
        when the user completes the verification, the wiki account is created right
        away, rather then waiting for someone to approve it (since that would
        defeat the entire point of the wiki).
      
        Aside: I have not thought much about the conversion from a wiki-only
        account to a real account. That is going to happen, and it would be nice
        if that step did not require one of use to go in and hack the DB. Will
        cross that moat later.
      
        Aside: Rather beat up on the modify user info page too much, I continue
        to spit out the same form, but mark most of the fields as not required,
        and allow wiki-only people to not specify them.
      
      * Both the joinproject and newproject pages sport a new WikiName field so
        that users can select their own WikiName. I added some JavaScript to
        both pages that generate a suitable wikiname from the FullName field, so
        that as soon as the user clicks out of the FullName, a default wikiname is
        inserted in the field.
      
        Both pages verify the wikinames by checking to make sure it is not
        already in use, and that it meets the WikiRules for WikiTopic names.
        (someone please shoot me if I continue to use WikiNotation).
      90dcbbe2
  30. 21 Mar, 2005 1 commit
  31. 31 Jan, 2005 1 commit
  32. 03 Dec, 2004 1 commit
  33. 17 Sep, 2004 2 commits
  34. 08 Sep, 2004 1 commit
    • Leigh B. Stoller's avatar
      Fix shell quoting problem which I indirectly introduced just before · 9b8f4519
      Leigh B. Stoller authored
      the big power down when I changed sshtb to not invoke a subshell
      wrapper, but to exec ssh directly. Built into tbacct was an extra pair
      of \\ escapes to protect the outer double quotes from that extra
      subshell.  When I removed that subshell, the extra escapes wreaked
      havoc.
      
      Needless to say, I really want to change how accounts are built on ops
      to use tmcd like a regular experimental node. We can almost do that
      now, except for the little detail that sending over 800 users would be
      a lot of traffic for single updates. I've been meaning to extend the
      protocol to allow for single updates, but have not had time yet!
      9b8f4519