1. 31 Oct, 2017 1 commit
  2. 26 Jul, 2016 1 commit
    • Leigh Stoller's avatar
      Add new status for users, "inactive". Mostly to support not having so · 68e019a5
      Leigh Stoller authored
      many ZFS mounts on ops. which on the Mothership is on the order of 8000
      or so. Deactivate/reactivate a user with:
      
      	boss> wap tbacct deactivate -u <user>
      	boss> wap tbacct reactivate -u <user>
      
      Deactivate will set the shell to nologin and set the ZFS mountpoint=none.
      Reactivate will undo that. Note that these do not HUP mountd.
      68e019a5
  3. 12 Sep, 2014 1 commit
  4. 24 Sep, 2012 1 commit
    • Eric Eide's avatar
      Replace license symbols with {{{ }}}-enclosed license blocks. · 6df609a9
      Eric Eide authored
      This commit is intended to makes the license status of Emulab and
      ProtoGENI source files more clear.  It replaces license symbols like
      "EMULAB-COPYRIGHT" and "GENIPUBLIC-COPYRIGHT" with {{{ }}}-delimited
      blocks that contain actual license statements.
      
      This change was driven by the fact that today, most people acquire and
      track Emulab and ProtoGENI sources via git.
      
      Before the Emulab source code was kept in git, the Flux Research Group
      at the University of Utah would roll distributions by making tar
      files.  As part of that process, the Flux Group would replace the
      license symbols in the source files with actual license statements.
      
      When the Flux Group moved to git, people outside of the group started
      to see the source files with the "unexpanded" symbols.  This meant
      that people acquired source files without actual license statements in
      them.  All the relevant files had Utah *copyright* statements in them,
      but without the expanded *license* statements, the licensing status of
      the source files was unclear.
      
      This commit is intended to clear up that confusion.
      
      Most Utah-copyrighted files in the Emulab source tree are distributed
      under the terms of the Affero GNU General Public License, version 3
      (AGPLv3).
      
      Most Utah-copyrighted files related to ProtoGENI are distributed under
      the terms of the GENI Public License, which is a BSD-like open-source
      license.
      
      Some Utah-copyrighted files in the Emulab source tree are distributed
      under the terms of the GNU Lesser General Public License, version 2.1
      (LGPL).
      6df609a9
  5. 29 Sep, 2010 1 commit
  6. 19 Feb, 2009 1 commit
    • Leigh Stoller's avatar
      Minor fixes. · 82aa4ea9
      Leigh Stoller authored
      * If a user is web frozen make sure they got logged out next access.
      
      * If a user is web frozen, do not let them change their password, put
        up a message to contact tbops.
      
      * If a user is frozen, say so when the login fails so that they do not
        keep trying!
      82aa4ea9
  7. 21 Oct, 2008 2 commits
    • Kevin Atkinson's avatar
    • Kevin Atkinson's avatar
      If a known user (based on stored cookies) is not logged in than · 846a98d6
      Kevin Atkinson authored
      redirect to the login page rather than printing a message with a link
      to the page.  Otherwise send a "403 Forbidden" to keep robots from
      indexing the page.  Also send appreciate HTTP responses on other
      precheck errors to keep a robot from indexing the page.  In order to
      do this the PAGEHEADER call needed to be moved to after
      CheckLoginOrDie and Required/OptionalPageArguments on many pages.  A
      warning will be printed if either CheckLoginOrDie or
      Required/OptionalPageArguments detects that PAGEHEADER was already
      called.
      
      Also change the redirect in kb-show to be a permanent redirect (301)
      rather than a temporary one (302) which is the default unless a status
      code is given.
      846a98d6
  8. 24 Jan, 2008 1 commit
  9. 12 Feb, 2007 1 commit
    • Leigh Stoller's avatar
      * Replace the argument processing code in all pages. Currently we rely on · 48acc8e3
      Leigh Stoller authored
        register_globals=1 to turn POST/GET/COOKIES arguments in local variables.
        This is known to be a terrible security risk, and we keep saying we are
        going to fix it, and now I am. In order to accomplish this on a
        transitional basis (since I don't want the entire web interface to stop
        working while I debug it), and because the code just needs the cleanup, I
        am doing it like this: Each page will sport new declarations at the top:
      
      	RequiredPageArguments("experiment", PAGEARG_EXPERIMENT,
                                    "template",   PAGEARG_TEMPLATE,
                                    "instance",   PAGEARG_INSTANCE,
                                    "metadata",   PAGEARG_METADATA,
                                    "osinfo",     PAGEARG_OSINFO,
                                    "image",      PAGEARG_IMAGE,
                                    "project",    PAGEARG_PROJECT,
                                    "group",      PAGEARG_GROUP,
                                    "user",       PAGEARG_USER,
      			      "node",       PAGEARG_NODE,
      			      "yesno",      PAGEARG_BOOLEAN,
      			      "message",    PAGEARG_STRING,
      			      "age",        PAGEARG_INTEGER,
                                    "cost",       PAGEARG_NUMERIC,
                                    "formfields", PAGEARG_ARRAY,
                                    "unknown",    PAGEARG_ANYTHING);
      
      	OptionalPageArguments("canceled", PAGEARG_BOOLEAN);
      
        The first token in each pair is the name of the global variable to
        set, and the second token is the type. So, for "experiment" we look at
        the URL for a pid/eid or exptidx, etc, sanity check them (safe for a
        DB query), and then try to find that experiment in the DB. If it maps
        to an experiment, set global variable $experiment to the object. Since
        its a required argument, produce an error if not supplied. Similar
        treatment for optional arguments, with the obvious difference.
      
        The goal is to have ALL argument processing in one place, consistent,
        and correct. I've found numerous places where we leak unchecked
        arguments into queries. It also cuts out a lot of duplicated code.
      
      * To make the above easier to deal with, I've been replacing lots of
        hardcoded URLS in the code of the form:
      
      	foo.php3?pid=$pid&eid=$eid ...
      
        with
      
              CreateURL("foo", $experiment)
      
        which creates and returns the neccessary url string, by looking at
        the type of its arguments (experiment, template, instance, etc.)
      
        Eventually plan to replace them all so that URL handling throughout
        the code is all defined in one place (all the new URL code is in
        url_defs.php).
      
      * I have cranked up error reporting to tell me anytime a variable is
        used before it is initialized, plus a bunch of other stuff that PHP
        deems improper. Think of it like -Wall ... and boy we get a lot of
        warnings.  A very large percentage of the diffs are to fix all these
        warnings.
      
        The warnings are currently going to /usr/testbed/log/php-errors.log,
        and I'll be adding a script to capture them each night and mail them
        to tbops. This file also gets errors (this will be a change for
        developers; rather then seeing errors and warnings dumped in the
        middle of web pages, they will go to this file instead).
      
      * Major refactoring of the code. More objects (nodes, images, osids).
        Moving tons of queries into the objects in the hopes of someday
        getting to a point where we can split the web interface onto a
        different server.  Lots of general cleanup.
      48acc8e3
  10. 20 Dec, 2006 1 commit
  11. 27 Nov, 2006 1 commit
    • Leigh Stoller's avatar
      Call this commit "Snow in Corvallis" ... · 4998b2d7
      Leigh Stoller authored
      The major functional change in this revision is converting from user
      selected UIDs to system selected UIDs. This is controlled by the
      variable $USERSELECTUIDS in defs/defs.php3.in which is now set to
      zero, so system selected UIDs is the default.
      
      The algo for creating the uid is to take the email address, strip the
      @whatever from it, squeeze out dots and dashes and underlines, and
      make sure any +foo tokens are removed. Then make sure it is unique by
      taking the first 5 characters and then adding a 3 digit number,
      derived by checking the DB to see what exists.
      
      Since we will want to (more often) change the UID selected, there is a
      new admin only menu option on the Show User page. It calls the backend
      script to do the work (sbin/changeuid).
      
      The login page now defaults to storing and showing the email address
      for login, rather then the UID. It will still accept either one though
      (has for a long time).
      
      Along the way I also reorg'ed a number of pages to use the new user,
      group, and project classes and moved some common functionality into
      the class defs.
      
      Also changed the way addpubkey is called, to avoid some confusion.
      4998b2d7
  12. 10 Dec, 2003 1 commit
    • Leigh Stoller's avatar
      New pages to allow users to reset their forgotten passwords without · 315e11ab
      Leigh Stoller authored
      invovling testbed ops. Split into two parts:
      
      * password.php3 gives the user a form to specify their email address
        and their phone number. We look for a match in the DB, with the
        phone number stripped of all non-numeric characters and the email
        addresses lowercased. If we find a matching user in the database,
        generate a unique key and store that into the DB along with a
        timestamp that allows the key to be used for a short time period
        (currently 30 minutes). The key is split into two parts, with half
        stored in the users browser (secure mode), and the other half sent
        to the user in an email message that contains a URL that allows the
        user to reset their password.
      
      * chpasswd.php3 does the rest of the operation. It takes half the key
        from the URL, and sucks the other half from the user's browser,
        combining the two halves and matching it against the key that is
        stored in the DB. If the key matches and the timeout has not
        expired, the user is given a form to specify a new password. From
        this point on its just a standard change password operation.
      
      Both pages are audited with email sent to the user, tbops and the
      audit list.
      315e11ab
  13. 04 Dec, 2003 1 commit
  14. 01 Dec, 2003 1 commit
  15. 26 Nov, 2003 1 commit
  16. 18 Nov, 2003 1 commit
  17. 09 Nov, 2003 1 commit
    • Leigh Stoller's avatar
      More security hacking. · 754d8013
      Leigh Stoller authored
      * Add TBvalid_uid() function to regex uid's. To be used throughout the
        system. Eventually add routines for checking other things like pids
        and eids, etc.
      
      * Regex the uid value we get from the cookie, and switch to $_COOKIE
        superglobal.
      
      * Strict regex checking in DOLOGIN() of uid.
      
      * Change login.php to use superglobals, and general tightening of
        parameter checking.
      754d8013
  18. 25 Apr, 2003 1 commit
    • Leigh Stoller's avatar
      Add mechanism to allow admins to log in even when web interface is · ce479a08
      Leigh Stoller authored
      turned off. Use this link directly:
      
      	https://www.emulab.net/login.php3?adminmode=1
      
      This is passed into DOLOGIN(), and if the user is a real admin (of
      course) the login is created with the adminmode set to on instead of
      off (the default). This essentially causes the NOLOGINS checks later
      on to be bypassed (as is the case when its an admin that is logged
      in).
      
      I prefer this approach cause it hides the entire admin thing, rather
      than putting up a checkbox that might leak out to a mere user (remote
      chance, but I feel better this way).
      
      There is also some new stats code that is turned off until its
      finished.
      ce479a08
  19. 29 Mar, 2003 1 commit
    • Leigh Stoller's avatar
      Add target_pid,target_gid arguments to joinproject page so that · 26bccd9e
      Leigh Stoller authored
      we can send links that cause those fields to be filled in for people.
      Add those links to email generated by newproject and newgroup pages
      so that they can be saved by the leaders.
      
      Add a bit of referrer magic to login page. When clicked from the join
      or new project pages, tell login page to pass along the referrer page
      so that when login is complete, user is zapped back to the original
      page. This is especially nice when combined with the above change to
      joinproject, whereby we send along the target pid/gid, but the user
      has not yet logged in and remembers to do so via the link at the top
      of the page.
      26bccd9e
  20. 07 Jul, 2002 1 commit
  21. 04 Jun, 2002 1 commit
  22. 22 May, 2002 1 commit
    • Leigh Stoller's avatar
      A large set of authorization changes. · d2360b6d
      Leigh Stoller authored
      * Cleanup! A lot of the structure derived from the early frame days,
        which had a noticable (and bad) effect on how I wrote the stuff.  I
        cleaned up most of that yuckyness.
      
      * In process, optimize a little bit on the queries. The old code did
        about 9 queries just to write out the menu options, and then
        repeated most of those queries again in the page guts. I've
        consolidated the queries as much as possible (to 3) and cache all
        the results.
      
      * Fix up problem with users who forget their passwords before
        verification. Basically, I fixed the more general problem of not
        being able to update your user info before verification/approval;
        users now get that menu option no matter their status.
      
      * Fix up problem of users being able to access pages before
        verification (but after approval) by going around the menu options.
        The page level check (after the menu is drawn) now checks all
        conditions (password expired, unverified, unapproved, timedout, and
        also nologins()).
      
      * Minor change in approveuser; do not show the new account to the
        project leader until the new user has verified his account.
      
      * Change verification method, as reqwuested by Dave.  In addition to
        providing the key, also provide a web link to take the user straight
        to verification. I actually take them direct to the login page, and
        pass the key in as an argument. If the user is already logged in,
        bypass and go directly to the verify page (not the form page of
        course).  If the user is not logged in, let him log in, and then
        forward the key onward to the verify page. Basically, bypass the
        form all the time, and just do the verification.
      
      * Minor change in showuser; Do not show pid/groups not approved in,
        and if the count is zero, do not draw the table headings.
      d2360b6d
  23. 14 Feb, 2002 1 commit
    • Leigh Stoller's avatar
      A morass of form changes. The main goals are to avoid the loss of info · 9ac3d870
      Leigh Stoller authored
      when backing up (cause of an error that needs to be fixed) since not
      all browsers handle this the same. Instead, redraw the form with all
      of the original info and a list of error messages at the top.
      Conceptually simple change, but it turns out to be a pain to implement
      since you need to combine the form and processing code in one page
      (well, its just a lot easier to do that), and then change all of the
      forms to deal with a "default" value. That is, each different kind of
      input tag (text, radio, select, checkbox, etc.) requires slightly
      different changes to do that. Lots of forms, lots of entries on the
      forms, and its a long slow tedious process. Much nicer though, although
      the code is a bit harder to grok. At the same time, I added a lot more
      sanity checks of the information being passed in.
      
      The other change is to deal with how browsers handle the back button
      on a form thats been properly submitted. Not all browsers use
      the cache directives the same, and I was often typing back, only to
      have some form get reposted. Thats a major pain in the butt. The way
      to deal with that is to have the processor send out a Location header,
      which modifies the browser history so that the post is no longer in
      the history. You back up straight to the unposted form (if its in the
      cache). I've done this to only some forms, since its a bit of a pain
      to rework things so that you can jump ahead to a page that spits out
      the requisite warm fuzzies for the specific operation just completed.
      
      I've done newproject, joinproject, update user info, newimageid, and
      newimaged_dz forms.
      9ac3d870
  24. 10 Dec, 2001 1 commit
  25. 15 May, 2001 1 commit