Commit 0c36a60c authored by Wim Van de Meerssche's avatar Wim Van de Meerssche

Merge branch 'master-gitlab' into amv3-sliver-status-bugfix

parents 034e4efc e2e04dda
#
# Copyright (c) 2000-2015 University of Utah and the Flux Group.
# Copyright (c) 2000-2016 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -32,6 +32,7 @@ PELABSUPPORT = @PELABSUPPORT@
PGENISUPPORT = @PROTOGENI_SUPPORT@
ISMAINSITE = @TBMAINSITE@
SPEWFROMOPS = @SPEWFROMOPS@
MOBILESUPPORT = @MOBILESUPPORT@
SYSTEM := $(shell uname -s)
include Makeconf
......@@ -53,7 +54,7 @@ SUBDIRS = \
db assign www @optional_subdirs@ clientside ipod security sensors \
pxe tbsetup account tmcd utils backend tip ipod vis \
sensors os xmlrpc autofs install/newnode_sshkeys \
tools/svn wiki collab/exp-vis node_usage install
tools/svn collab/exp-vis node_usage install
ifeq ($(ISMAINSITE),1)
SUBDIRS += tools/rmanage tools/whol
endif
......@@ -107,7 +108,8 @@ boss-install-noupdatecheck: install-schemacheck \
install-setbuildinfo
# Only the checks:
install-checks: install-updatecheck \
install-checks: \
install-updatecheck \
install-schemacheck \
install-sitevarscheck \
install-dbfillcheck install-genischemacheck
......@@ -126,9 +128,11 @@ post-install:
@$(MAKE) -C www post-install
ifeq ($(EVENTSYS),1)
@$(MAKE) -C event post-install
endif
ifeq ($(MOBILESUPPORT),1)
@$(MAKE) -C mobile
endif
@$(MAKE) -C tools post-install
@$(MAKE) -C wiki post-install
@$(MAKE) -C collab post-install
@$(MAKE) -C utils post-install
ifeq ($(NODE_USAGE_SUPPORT),1)
......@@ -430,6 +434,19 @@ ifeq ($(PGENISUPPORT),1)
endif
@echo "Done"
BRANCHCHECK=
BRANCHECHO= @echo "Skipping branch check since not the Mothership"
ifeq ($(ISMAINSITE),1)
ifeq ($(TBROOT),/usr/testbed)
BRANCHCHECK= cd $(SRCDIR) && \
git status --porcelain -s -b | head -1 | grep -q -s current
BRANCHECHO= @echo "Checking to make sure you are on the mothership branch"
endif
endif
install-branchcheck:
$(BRANCHECHO)
$(BRANCHCHECK)
# We use separate src and obj trees in Emulab, so the traditional distclean to
# clean "made" files from a mingled source-and-obj tree is unnecessary.
# However, this may be useful if you mistakenly configure and make a src tree.
......
#
# Copyright (c) 2000-2012 University of Utah and the Flux Group.
# Copyright (c) 2000-2012, 2016 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -108,6 +108,21 @@ distclean: default-clean
default-clean:
rm -f GNUmakefile
# This is to avoid warnings about duplicate targets.
default-install-notusing:
ifeq ($(ISMAINSITE),1)
ifeq ($(TBROOT),/usr/testbed/devel/stoller)
(cd $(SRCDIR) ; \
git status --porcelain -s -b | head -1 | grep -q -s current)
else
/usr/bin/true
endif
else
/usr/bin/true
endif
#install: default-install
#
# Where to find source files.
# Using specific patterns instead of the catch-all VPATH variable
......
#
# Copyright (c) 2000-2014 University of Utah and the Flux Group.
# Copyright (c) 2000-2016 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -44,6 +44,7 @@ export JAR = @JAR@
prefix = @prefix@
exec_prefix = @exec_prefix@
ISMAINSITE = @TBMAINSITE@
TBROOT = @prefix@
TBDEFS = @TBDEFS@
TBDBNAME = @TBDBNAME@
......
#!/usr/bin/perl -w
#
# Copyright (c) 2010-2015 University of Utah and the Flux Group.
# Copyright (c) 2010-2016 University of Utah and the Flux Group.
#
# {{{GENIPUBLIC-LICENSE
#
......@@ -572,7 +572,7 @@ sub DropFile()
# We want the file to have the proper mode before we try to write it,
# to avoid a race that allows someone to see the contents.
#
if (-e $file && mysystem("$MV $file ${file}.save")) {
if (-e $file && mysystem("$MV -f $file ${file}.save")) {
fatal("Could not rename $file to ${file}.save");
}
sysopen(HANDLE, $file, O_WRONLY|O_CREAT|O_EXCL, 0600)
......
#!/usr/bin/perl -wT
#
# Copyright (c) 2000-2015 University of Utah and the Flux Group.
# Copyright (c) 2000-2016 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -101,6 +101,9 @@ use libaudit;
use libdb;
use libtestbed;
use User;
if (@PROTOGENI_SUPPORT@) {
require APT_Utility;
}
#
# Function prototypes
......@@ -471,7 +474,9 @@ sub ParseKey($) {
# Mark user record as modified so nodes are updated.
#
TBNodeUpdateAccountsByUID($user_uid);
if (@PROTOGENI_SUPPORT@) {
APT_Utility::UpdateInstancesByUser($target_user);
}
my $chunked = "";
while (length($key)) {
......
#!/usr/bin/perl -wT
#
# Copyright (c) 2000-2015 University of Utah and the Flux Group.
# Copyright (c) 2000-2016 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -207,21 +207,21 @@ if (defined($options{"c"}) || defined($options{"C"})) {
if (defined($options{"c"})) {
$old_password = $options{"c"};
}
else {
$target_user->SSLPassPhrase(1, \$old_password) == 0
or fatal("No password for encrypted SSL key");
elsif ($target_user->SSLPassPhrase(1, \$old_password)) {
$old_password = undef;
}
#
# Make sure its all escaped since any printable char is allowed.
#
if ($old_password =~ /^([\040-\176]*)$/) {
$old_password = $1;
}
else {
die("Tainted argument: $old_password\n");
if (defined($old_password)) {
#
# Make sure its all escaped since any printable char is allowed.
#
if ($old_password =~ /^([\040-\176]*)$/) {
$old_password = $1;
}
else {
fatal("Tainted password: $old_password");
}
$old_password =~ s/\'/\'\\\'\'/g;
}
$old_password =~ s/\'/\'\\\'\'/g;
}
......
#!/usr/bin/perl -wT
#
# Copyright (c) 2000-2015 University of Utah and the Flux Group.
# Copyright (c) 2000-2016 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -42,15 +42,16 @@ use Getopt::Std;
#
sub usage()
{
print("Usage: tbacct [-f] [-b] [-u] ".
print("Usage: tbacct [-f] [-b] [-u] [-v] ".
"<add|del|mod|passwd|wpasswd|email|freeze|thaw|verify|revoke|dots> ".
"<user> [args]\n");
exit(-1);
}
my $optlist = "fbu";
my $optlist = "fbuv";
my $force = 0;
my $batch = 0;
my $update = 0;
my $verified= 0;
#
# Configure variables
......@@ -69,6 +70,7 @@ my $BUGDBSUPPORT= @BUGDBSUPPORT@;
my $OPSDBSUPPORT= @OPSDBSUPPORT@;
my $CHATSUPPORT = @CHATSUPPORT@;
my $MAILMANSUPPORT= @MAILMANSUPPORT@;
my $EXPIRE_PASSWORDS = @EXPIRE_PASSWORDS@;
my $THISHOMEBASE= "@THISHOMEBASE@";
my $PROTOUSER = 'elabman';
my $ELABINELAB = @ELABINELAB@;
......@@ -203,6 +205,9 @@ if (defined($options{"b"})) {
if (defined($options{"u"})) {
$update = 1;
}
if (defined($options{"v"})) {
$verified = 1;
}
if (@ARGV < 2) {
usage();
}
......@@ -678,7 +683,7 @@ sub UpdatePassword()
if (! $target_user->SameUser($this_user)) {
$expires = "now()";
}
else {
elsif ($EXPIRE_PASSWORDS) {
$expires = "date_add(now(), interval 1 year)";
}
......@@ -926,7 +931,7 @@ sub UpdateEmail()
#
# Only admin people can do this.
#
if (! TBAdmin($UID)) {
if (!TBAdmin($UID) && !$verified) {
fatal("You do not have permission to update email for user $user.");
}
......
#!/usr/bin/perl -wT
#
# Copyright (c) 2007-2015 University of Utah and the Flux Group.
# Copyright (c) 2007-2016 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -34,16 +34,8 @@ use vars qw(@ISA @EXPORT $AUTOLOAD);
@EXPORT = qw ( );
# Must come after package declaration!
use EmulabConstants;
use emdb;
use emutil;
use libtestbed;
use GeniHRN;
use Genixmlrpc;
use GeniResponse;
use GeniCertificate;
use GeniAuthority;
use GeniCredential;
use overload ('""' => 'Stringify');
# Configure variables
......
#!/usr/bin/perl -wT
#
# Copyright (c) 2007-2015 University of Utah and the Flux Group.
# Copyright (c) 2007-2016 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -56,10 +56,10 @@ my $USEABACCREDS = 0;
#
# Generate the credentials we need.
#
sub GenCredentials($$;$)
sub GenCredentials($$;$$)
{
my ($target, $geniuser, $privs) = @_;
my ($speaksfor, $credential);
my ($target, $geniuser, $privs, $allowexpiredspeaksfor) = @_;
my ($speaksfor, $credential, $oldexpires);
# If the caller does not want a speaksfor, do not generate.
my $wantspeaksfor = wantarray;
......@@ -72,11 +72,21 @@ sub GenCredentials($$;$)
if (!$geniuser->IsLocal() && $MAINSITE) {
$speaker_signer = "/usr/testbed/etc/utah-apt.sa";
}
my $cachetag = $target->urn() . "::" . $geniuser->urn();
#
# If the target is a slice, and expired, change the expiration so
# that the credential we generate is not also expired (and invalid).
#
if (ref($target) eq "GeniSlice" && $target->IsExpired()) {
$oldexpires = $target->expires();
$target->SetExpiration(time() + (24 * 3600));
delete($credcache{$cachetag})
if (exists($credcache{$cachetag}));
}
#
# Check cache.
#
my $cachetag = $target->urn() . "::" . $geniuser->urn();
if (exists($credcache{$cachetag})) {
($credential,$speaksfor) = @{ $credcache{$cachetag} };
goto cached;
......@@ -96,12 +106,34 @@ sub GenCredentials($$;$)
goto bad;
}
if ($wantspeaksfor) {
$speaksfor = GeniCredential->CreateFromSigned($speaksfor_string);
$speaksfor = GeniCredential->CreateFromSigned($speaksfor_string, 1);
if (!defined($speaksfor)) {
print STDERR "Could not create speaksfor credential\n";
goto bad;
}
}
#
# Ick, if the speaks for credential has expired, we cannot
# operate as the user. We have no choice but to throw away
# these credentials and generate a new one issued to the local
# SA instead of the user and not bother with a speaksfor.
#
if ($speaksfor->IsExpired()) {
print STDERR "speaksfor credential for $geniuser has expired\n";
goto bad
if (!$allowexpiredspeaksfor);
# Be careful not to return this.
$speaksfor = undef;
print STDERR "-> Generating an SA credential instead\n";
$credential = APT_Geni::GenAuthCredential($target, $privs);
if (!defined($credential)) {
print STDERR "-> Could not generate SA credential!\n";
goto bad;
}
goto cached;
}
my $certificate =
GeniCertificate->LoadFromString($certificate_string);
if (!defined($certificate)) {
......@@ -167,11 +199,15 @@ sub GenCredentials($$;$)
$credcache{$cachetag} = [$credential, $speaksfor];
}
cached:
$target->SetExpiration($oldexpires)
if (defined($oldexpires));
if (wantarray) {
return ($credential, $speaksfor);
}
return $credential;
bad:
$target->SetExpiration($oldexpires)
if (defined($oldexpires));
return ();
}
......@@ -212,16 +248,25 @@ sub GeniContext()
sub GenAuthCredential($;$)
{
my ($target, $privs) = @_;
my $certificate = GeniCertificate->LoadFromFile($SACERT);
if (!defined($certificate)) {
my $oldexpires;
my $owner = GeniCertificate->LoadFromFile($SACERT);
if (!defined($owner)) {
print STDERR "Could not load certificate from $SACERT\n";
return undef;
}
my $credential = GeniCredential->Create($target, $certificate);
#
# If the target is a slice, and expired, change the expiration so
# that the credential we generate is not also expired (and invalid).
#
if (ref($target) eq "GeniSlice" && $target->IsExpired()) {
$oldexpires = $target->expires();
$target->SetExpiration(time() + 600);
}
my $credential = GeniCredential->Create($target, $owner);
if (!defined($credential)) {
print STDERR "Could not create credential for $target\n";
return undef;
goto bad;
}
# Add optional privs.
if (defined($privs)) {
......@@ -233,9 +278,15 @@ sub GenAuthCredential($;$)
if ($credential->Sign($GeniCredential::LOCALSA_FLAG) != 0) {
$credential->Delete();
print STDERR "Could not sign $target credential\n";
return undef
goto bad;
}
$target->SetExpiration($oldexpires)
if (defined($oldexpires));
return $credential;
bad:
$target->SetExpiration($oldexpires)
if (defined($oldexpires));
return undef;
}
#
......
This diff is collapsed.
#!/usr/bin/perl -wT
#
# Copyright (c) 2007-2015 University of Utah and the Flux Group.
# Copyright (c) 2007-2016 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -463,6 +463,27 @@ sub UpdateVersion($$)
return Refresh($self);
}
sub UpdateAll($$)
{
my ($self, $argref) = @_;
# Must be a real reference.
return -1
if (! ref($self));
my $profileid = $self->profileid();
my $query = "update apt_profile_versions set ".
join(",", map("$_=" . DBQuoteSpecial($argref->{$_}), keys(%{$argref})));
$query .= " where profileid='$profileid'";
return -1
if (! DBQueryWarn($query));
return Refresh($self);
}
#
# Perform some updates ...
#
......
#!/usr/bin/perl -wT
#
# Copyright (c) 2007-2016 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
# This file is part of the Emulab network testbed software.
#
# This file is free software: you can redistribute it and/or modify it
# under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at
# your option) any later version.
#
# This file is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public
# License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this file. If not, see <http://www.gnu.org/licenses/>.
#
# }}}
#
#
# Stuff that has no where else to go.
#
package APT_Utility;
use strict;
use English;
use Data::Dumper;
use Carp;
use Exporter;
use vars qw(@ISA @EXPORT);
@ISA = "Exporter";
@EXPORT = qw ( );
# Must come after package declaration!
use emdb;
use libtestbed;
use APT_Instance;
use Project;
use Group;
# Configure variables
my $TB = "@prefix@";
my $MAINSITE = @TBMAINSITE@;
my $TBOPS = "@TBOPSEMAIL@";
#
# Find all of the instances a user has (should have) an account on, and
# mark those instances for update.
#
sub UpdateInstancesByUser($)
{
my ($user) = @_;
my @projects = ();
my %instances = ();
if ($user->ProjectMembershipList(\@projects)) {
return -1;
}
return 0
if (!@projects);
foreach my $project (@projects) {
my $pid_idx = $project->pid_idx();
my $query_result =
DBQueryWarn("select uuid from apt_instances ".
"where pid_idx='$pid_idx'");
return -1
if (!$query_result);
while (my ($uuid) = $query_result->fetchrow_array()) {
my $instance = APT_Instance->Lookup($uuid);
next
if (!defined($instance));
$instances{$uuid} = $instance;
}
}
# Update each instance only once.
foreach my $instance (values(%instances)) {
$instance->Update({"needupdate" => 1});
}
return 0;
}
#
# Copyright (c) 2000-2015 University of Utah and the Flux Group.
# Copyright (c) 2000-2016 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -32,12 +32,12 @@ SUBDIRS =
BIN_SCRIPTS = manage_profile manage_instance manage_dataset \
create_instance rungenilib
SBIN_SCRIPTS = apt_daemon
SBIN_SCRIPTS = apt_daemon aptevent_daemon portal_xmlrpc
LIB_SCRIPTS = APT_Profile.pm APT_Instance.pm APT_Dataset.pm APT_Geni.pm \
APT_Aggregate.pm
APT_Aggregate.pm APT_Utility.pm
WEB_BIN_SCRIPTS = webmanage_profile webmanage_instance webmanage_dataset \
webcreate_instance webrungenilib
WEB_SBIN_SCRIPTS=
webcreate_instance webrungenilib
WEB_SBIN_SCRIPTS= webportal_xmlrpc
LIBEXEC_SCRIPTS = $(WEB_BIN_SCRIPTS) $(WEB_SBIN_SCRIPTS)
USERLIBEXEC = rungenilib.proxy genilib-jail genilib-iocage
......
#!/usr/bin/perl -w
#
# Copyright (c) 2008-2015 University of Utah and the Flux Group.
# Copyright (c) 2008-2016 University of Utah and the Flux Group.
#
# {{{GENIPUBLIC-LICENSE
#
......@@ -234,7 +234,8 @@ sub FixFailedImaging()
}
$genislice->UnLock();
skip:
$genislice->Flush();
$genislice->Flush()
if (defined($genislice));
next;
}
}
......@@ -391,8 +392,11 @@ sub UpdateAggregateGraphs()
foreach my $file ($NOFED, $FEDONLY) {
if (-e $file) {
my $data = `/bin/cat $file`;
my $obj = decode_json($data);
if (!defined($obj)) {
my $obj = eval { decode_json($data); };
if ($@ || !defined($obj)) {
if ($@) {
print STDERR $@;
}
print STDERR "Could not decide json in $file\n";
next;
}
......@@ -448,6 +452,67 @@ sub UpdateAggregateGraphs()
return 0;