Commit d8b17f2c authored by Leigh Stoller's avatar Leigh Stoller

Another little hack for Mike; Add a "lockdown" bit to the experiments

table that will prevent an experiment from being swapped/modified. The
toggle is on the showexp page, and the toggle is *not* admin
over-ridable; you must turn the toggle off (and of course, you must be
an admin to do that).
parent 78350a54
......@@ -378,6 +378,7 @@ CREATE TABLE experiments (
security_level tinyint(1) NOT NULL default '0',
paniced tinyint(1) NOT NULL default '0',
panic_date datetime default NULL,
lockdown tinyint(1) NOT NULL default '0',
PRIMARY KEY (eid,pid),
KEY idx (idx),
KEY batchmode (batchmode)
......
......@@ -2333,3 +2333,8 @@ last_net_act,last_cpu_act,last_ext_act);
KEY node_id (node_id)
) TYPE=MyISAM;
1.301: Add a "lockdown" bit to the experiments table to prevent
accidental swaps, even by admin people.
alter table experiments add lockdown tinyint(1) NOT NULL \
default '0' after security_level;
......@@ -2,7 +2,7 @@
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2004 University of Utah and the Flux Group.
# Copyright (c) 2000-2005 University of Utah and the Flux Group.
# All rights reserved.
#
......@@ -333,6 +333,7 @@ my $idleswaptime= $hashrow{'idleswap_timeout'} / 60.0;
my $autoswaptime= $hashrow{'autoswap_timeout'} / 60.0;
my $rendering = $hashrow{'prerender_pid'};
my $elabinelab = $hashrow{'elab_in_elab'};
my $lockdown = $hashrow{'lockdown'};
if ($inout ne "out") {
# I'm going to update this below, so fix the value before I use it.
......@@ -369,6 +370,10 @@ if ($batch) {
if (!defined($expt_locked) ||
$batchstate ne BATCHSTATE_LOCKED());
die("*** $0:\n".
" Batch experiment $pid/$eid is locked down; cannot be swapped!\n")
if ($lockdown);
if ($inout eq "in") {
die("*** $0:\n".
" Batch experiment $pid/$eid is not in the proper state!\n".
......@@ -400,6 +405,9 @@ else {
ExitWithStatus(1, "Batch experiment $pid/$eid is still canceling!")
if ($canceled);
ExitWithStatus(1, "Batch experiment $pid/$eid is locked down!")
if ($lockdown);
if ($inout eq "in") {
ExitWithStatus(1,
"Batch experiment $pid/$eid must be SWAPPED to\n".
......@@ -479,10 +487,13 @@ else {
"Experiment $pid/$eid is an active ElabInElab.\n".
"You cannot modify this type of experiment while it\n".
"is swapped in. We hope to support this soon.\n")
if ($inout eq "modify" &&
($elabinelab || defined($elabinelab_eid)) &&
if ($inout eq "modify" && $elabinelab &&
$estate ne EXPTSTATE_SWAPPED());
ExitWithStatus(1,
"Experiment $pid/$eid is locked down; cannot swap!\n")
if ($lockdown);
#
# Check the state for the various operations.
#
......
......@@ -1917,6 +1917,22 @@ function TBWebCamAllowed($uid) {
return mysql_num_rows($query_result);
}
#
# Return lockeddown bit
#
function TBExptLockedDown($pid, $eid)
{
$query_result =
DBQueryFatal("select lockdown from experiments ".
"where pid='$pid' and eid='$eid'");
if (!$query_result || !mysql_num_rows($query_result))
return 0;
$row = mysql_fetch_array($query_result);
return $row[0];
}
#
# DB Interface.
#
......
<?php
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2004 University of Utah and the Flux Group.
# Copyright (c) 2000-2005 University of Utah and the Flux Group.
# All rights reserved.
#
include("defs.php3");
......@@ -49,6 +49,12 @@ if (! TBExptGroup($exp_pid, $exp_eid, $exp_gid)) {
"in project $exp_pid.", 1);
}
$query_result =
DBQueryFatal("select lockdown FROM experiments WHERE ".
"eid='$exp_eid' and pid='$exp_pid'");
$row = mysql_fetch_array($query_result);
$lockdown = $row["lockdown"];
#
# Verify permissions.
#
......@@ -60,7 +66,13 @@ echo "<font size=+2>Experiment <b>".
"<a href='showproject.php3?pid=$exp_pid'>$exp_pid</a>/".
"<a href='showexp.php3?pid=$exp_pid&eid=$exp_eid'>$exp_eid</a>".
"</b></font>\n";
# A locked down experiment means just that!
if ($lockdown) {
echo "<br><br>\n";
USERERROR("Cannot proceed; the experiment is locked down!", 1);
}
#
# We run this twice. The first time we are checking for a confirmation
# by putting up a form. The next time through the confirmation will be
......
<?php
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2004 University of Utah and the Flux Group.
# Copyright (c) 2000-2005 University of Utah and the Flux Group.
# All rights reserved.
#
include("defs.php3");
......@@ -77,6 +77,12 @@ if (! TBExptAccessCheck($uid, $pid, $eid, $TB_EXPT_MODIFY)) {
USERERROR("You do not have permission to modify this experiment.", 1);
}
if (TBExptLockedDown($pid, $eid)) {
# Netbuild requires the following line.
echo "\n\n<!-- NetBuild! No permission to modify -->\n\n";
USERERROR("Cannot proceed; experiment is locked down!", 1);
}
$expstate = TBExptState($pid, $eid);
if (strcmp($expstate, $TB_EXPTSTATE_ACTIVE) &&
......
<?php
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2004 University of Utah and the Flux Group.
# Copyright (c) 2000-2005 University of Utah and the Flux Group.
# All rights reserved.
#
include("defs.php3");
......@@ -60,7 +60,8 @@ if (! TBExptAccessCheck($uid, $exp_pid, $exp_eid, $TB_EXPT_READINFO)) {
#
$query_result =
DBQueryFatal("select e.idx,e.state,e.batchmode,e.linktest_pid,".
" e.paniced,e.panic_date,s.rsrcidx,r.wirelesslans ".
" e.paniced,e.panic_date,s.rsrcidx,r.wirelesslans, ".
" e.lockdown ".
" from experiments as e ".
"left join experiment_stats as s on s.exptidx=e.idx ".
"left join experiment_resources as r on s.rsrcidx=r.idx ".
......@@ -74,6 +75,7 @@ $wireless = $row["wirelesslans"];
$linktest_running = $row["linktest_pid"];
$paniced = $row["paniced"];
$panic_date = $row["panic_date"];
$lockdown = $row["lockdown"];
#
# Get a list of node types and classes in this experiment
......@@ -114,48 +116,51 @@ if ($expstate) {
WRITESUBMENUBUTTON("Download NS File",
"spitnsdata.php3?pid=$exp_pid&eid=$exp_eid");
# Swap option.
if ($isbatch) {
if ($expstate == $TB_EXPTSTATE_SWAPPED) {
WRITESUBMENUBUTTON("Queue Batch Experiment",
"swapexp.php3?inout=in&pid=$exp_pid&eid=$exp_eid");
if (!$lockdown) {
# Swap option.
if ($isbatch) {
if ($expstate == $TB_EXPTSTATE_SWAPPED) {
WRITESUBMENUBUTTON("Queue Batch Experiment",
"swapexp.php3?inout=in&pid=$exp_pid&eid=$exp_eid");
}
elseif ($expstate == $TB_EXPTSTATE_ACTIVE ||
$expstate == $TB_EXPTSTATE_ACTIVATING) {
WRITESUBMENUBUTTON("Stop Batch Experiment",
"swapexp.php3?inout=out&pid=$exp_pid&eid=$exp_eid");
}
elseif ($expstate == $TB_EXPTSTATE_QUEUED) {
WRITESUBMENUBUTTON("Dequeue Batch Experiment",
"swapexp.php3?inout=pause&pid=$exp_pid&eid=$exp_eid");
}
}
elseif ($expstate == $TB_EXPTSTATE_ACTIVE ||
$expstate == $TB_EXPTSTATE_ACTIVATING) {
WRITESUBMENUBUTTON("Stop Batch Experiment",
"swapexp.php3?inout=out&pid=$exp_pid&eid=$exp_eid");
else {
if ($expstate == $TB_EXPTSTATE_SWAPPED) {
WRITESUBMENUBUTTON("Swap Experiment In",
"swapexp.php3?inout=in&pid=$exp_pid&eid=$exp_eid");
}
elseif ($expstate == $TB_EXPTSTATE_ACTIVE ||
($expstate == $TB_EXPTSTATE_PANICED && $isadmin)) {
WRITESUBMENUBUTTON("Swap Experiment Out",
"swapexp.php3?inout=out&pid=$exp_pid&eid=$exp_eid");
}
elseif ($expstate == $TB_EXPTSTATE_ACTIVATING) {
WRITESUBMENUBUTTON("Cancel Experiment Swapin",
"swapexp.php3?inout=out".
"&pid=$exp_pid&eid=$exp_eid");
}
}
elseif ($expstate == $TB_EXPTSTATE_QUEUED) {
WRITESUBMENUBUTTON("Dequeue Batch Experiment",
"swapexp.php3?inout=pause&pid=$exp_pid&eid=$exp_eid");
}
}
else {
if ($expstate == $TB_EXPTSTATE_SWAPPED) {
WRITESUBMENUBUTTON("Swap Experiment In",
"swapexp.php3?inout=in&pid=$exp_pid&eid=$exp_eid");
}
elseif ($expstate == $TB_EXPTSTATE_ACTIVE ||
($expstate == $TB_EXPTSTATE_PANICED && $isadmin)) {
WRITESUBMENUBUTTON("Swap Experiment Out",
"swapexp.php3?inout=out&pid=$exp_pid&eid=$exp_eid");
}
elseif ($expstate == $TB_EXPTSTATE_ACTIVATING) {
WRITESUBMENUBUTTON("Cancel Experiment Swapin",
"swapexp.php3?inout=out".
"&pid=$exp_pid&eid=$exp_eid");
if ($expstate != $TB_EXPTSTATE_PANICED) {
WRITESUBMENUBUTTON("Terminate Experiment",
"endexp.php3?pid=$exp_pid&eid=$exp_eid");
}
}
if ($expstate != $TB_EXPTSTATE_PANICED) {
WRITESUBMENUBUTTON("Terminate Experiment",
"endexp.php3?pid=$exp_pid&eid=$exp_eid");
}
# Batch experiments can be modifed only when paused.
if ($expstate == $TB_EXPTSTATE_SWAPPED ||
(!$isbatch && $expstate == $TB_EXPTSTATE_ACTIVE)) {
WRITESUBMENUBUTTON("Modify Experiment",
"modifyexp.php3?pid=$exp_pid&eid=$exp_eid");
# Batch experiments can be modifed only when paused.
if ($expstate == $TB_EXPTSTATE_SWAPPED ||
(!$isbatch && $expstate == $TB_EXPTSTATE_ACTIVE)) {
WRITESUBMENUBUTTON("Modify Experiment",
"modifyexp.php3?pid=$exp_pid&eid=$exp_eid");
}
}
if ($expstate == $TB_EXPTSTATE_ACTIVE) {
......
<?php
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2004 University of Utah and the Flux Group.
# Copyright (c) 2000-2005 University of Utah and the Flux Group.
# All rights reserved.
#
#
......@@ -633,6 +633,7 @@ function SHOWEXP($pid, $eid, $short = 0, $sortby = "") {
$usemodelnet = $exprow["usemodelnet"];
$mnet_cores = $exprow["modelnet_cores"];
$mnet_edges = $exprow["modelnet_edges"];
$lockdown = $exprow["lockdown"];
$autoswap_hrs= ($autoswap_timeout/60.0);
$idleswap_hrs= ($idleswap_timeout/60.0);
......@@ -827,8 +828,17 @@ function SHOWEXP($pid, $eid, $short = 0, $sortby = "") {
<td class=\"left\">$lastswapreq</td>
</tr>\n";
}
$lockflip = ($lockdown ? 0 : 1);
$lockval = ($lockdown ? "Yes" : "No");
echo "<tr>
<td>Locked Down:</td>
<td>$lockval (<a href=toggle.php?pid=$pid&eid=$eid".
"&type=lockdown&value=$lockflip>Toggle</a>)
</td>
</tr>\n";
}
if ($batchmode) {
echo "<tr>
<td>Batch Mode: </td>
......
<?php
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2004 University of Utah and the Flux Group.
# Copyright (c) 2000-2005 University of Utah and the Flux Group.
# All rights reserved.
#
include("defs.php3");
......@@ -85,6 +85,7 @@ $swappable = $row[swappable];
$idleswap_bit = $row[idleswap];
$idleswap_time = $row[idleswap_timeout];
$idlethresh = min($idleswap_time/60.0,TBGetSiteVar("idle/threshold"));
$lockdown = $row["lockdown"];
#
# Verify permissions.
......@@ -125,6 +126,12 @@ echo "<font size=+2>Experiment <b>".
"<a href='showproject.php3?pid=$pid'>$pid</a>/".
"<a href='showexp.php3?pid=$pid&eid=$eid'>$eid</a></b></font>\n";
# A locked down experiment means just that!
if ($lockdown) {
echo "<br><br>\n";
USERERROR("Cannot proceed; the experiment is locked down!", 1);
}
#
# We run this twice. The first time we are checking for a confirmation
# by putting up a form. The next time through the confirmation will be
......
<?php
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2003 University of Utah and the Flux Group.
# Copyright (c) 2000-2003, 2005 University of Utah and the Flux Group.
# All rights reserved.
#
include("defs.php3");
......@@ -20,17 +20,20 @@ include("defs.php3");
#
$uid = GETLOGIN();
LOGGEDINORDIE($uid, CHECKLOGIN_USERSTATUS|CHECKLOGIN_WEBONLY);
$isadmin = ISADMIN($uid);
# List of valid toggles
$toggles = array("adminoff", "webfreeze");
$toggles = array("adminoff", "webfreeze", "lockdown");
# list of valid values for each toggle
$values = array("adminoff" => array(0,1),
"webfreeze" => array(0,1));
"webfreeze" => array(0,1),
"lockdown" => array(0,1));
# list of valid extra variables for the each toggle, and mandatory flag.
$optargs = array("adminoff" => array("target_uid" => 0),
"webfreeze" => array("target_uid" => 1));
"webfreeze" => array("target_uid" => 1),
"lockdown" => array("pid" => 1, "eid" => 1));
# Mandatory page arguments.
$type = $_GET['type'];
......@@ -92,6 +95,17 @@ elseif ($type == "webfreeze") {
DBQueryFatal("update users set weblogin_frozen='$value' ".
"where uid='$target_uid'");
}
elseif ($type == "lockdown") {
# must be admin
if (! $isadmin) {
USERERROR("You do not have permission to toggle $type!", 1);
}
if (!TBValidExperiment($pid, $eid)) {
PAGEARGERROR("Experiment $pid/$eid is not a valid experiment!");
}
DBQueryFatal("update experiments set lockdown='$value' ".
"where pid='$pid' and eid='$eid'");
}
else {
USERERROR("Nobody has permission to toggle $type!", 1);
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment