1. 01 Jul, 2003 1 commit
    • Leigh Stoller's avatar
      Commit SSH node menu option, and support. Heavily based/borrowed from · f4bf9b5c
      Leigh Stoller authored
      Chad's tiptunnel stuff. Requires ssh-mime.pl in the current directory,
      to be installed as a browser helper application on the users machine.
      Copied Chad's instructions for the tiptunnel from the FAQ, and stuck
      it into ssh-mime.html as a help file (not really FAQ material). The
      intent of this of course is to make ssh into jailed nodes easier, but
      not having to know port numbers, or directly log into ops first, when
      the jails are using control network IPs in our private IP space (not
      routable from outside).
      f4bf9b5c
  2. 10 Jun, 2003 1 commit
  3. 24 Apr, 2003 1 commit
  4. 23 Apr, 2003 1 commit
  5. 02 Apr, 2003 1 commit
    • Mac Newbold's avatar
      Massive reworking of our structure for defs files. · 09eb5852
      Mac Newbold authored
      Before:
      The main defs file (ie for configure) had an entry for WWWDEFS that
      pointed to a <@WWWDEFS@>-defs.php3 file in the www/ directory. The www
      defs file loaded some values about web pages, URLs, and some web
      configuration parameters.
      
      Problem:
      Anything that was only in the www defs file was not accessible in the rest
      of the universe (ie perl, C, and any other non-web-page scripts). For
      instance, you couldn't have a perl script send an email to a user with a
      link to the web site.
      
      Solution:
      Nuke all the www-defs files, move any important values into the main
      configure, and change the web defs infrastructure to respect that. This
      also meant adding about 3 lines each to all of the configure defs files.
      (There really are about 10 new values you can change in your defs file,
      but in almost all cases, the default values are the right thing.)
      
      Upgrading:
      External sites will need to move a few variables from their www-defs file
      into their configure defs file. The example file should make it pretty
      obvious. They may also want to customize some of the other vars that are
      mentioned in configure.in and www/defs.php3.in .
      09eb5852
  6. 25 Feb, 2003 1 commit
  7. 13 Feb, 2003 1 commit
  8. 24 Jan, 2003 1 commit
  9. 23 Jan, 2003 1 commit
  10. 10 Dec, 2002 1 commit
  11. 09 Dec, 2002 1 commit
    • Leigh Stoller's avatar
      Wrap up mkacct calls with a function call, like ADDPUBKEY. Checks to · 356a9fc0
      Leigh Stoller authored
      see if user actually has an account (by checking user status user
      table). Avoids trying to run suexec as a user that does not actuall
      exist on boss cause they do not have an account (since we allow users
      to edit personal info before being approved and getting an account).
      For addpubkey, we have to run the program as someone, so when the user
      does not have an account, run it as nobody.
      356a9fc0
  12. 01 Oct, 2002 2 commits
  13. 26 Aug, 2002 1 commit
    • Leigh Stoller's avatar
      Rework all of the ssh key handling. Moved the parsing and verification · ae77bdb6
      Leigh Stoller authored
      to an external perl script, and use ssh-keygen to attempt conversion
      off SSH2/SECSH key formats. This is actually a simplification of the
      php code, which is not generally very good at this kind of thing (or
      maybe I mean perl is just better at it). The parsing and error
      handling it also much improved.
      ae77bdb6
  14. 10 Jul, 2002 1 commit
  15. 16 Jun, 2002 1 commit
  16. 22 May, 2002 1 commit
    • Leigh Stoller's avatar
      A large set of authorization changes. · d2360b6d
      Leigh Stoller authored
      * Cleanup! A lot of the structure derived from the early frame days,
        which had a noticable (and bad) effect on how I wrote the stuff.  I
        cleaned up most of that yuckyness.
      
      * In process, optimize a little bit on the queries. The old code did
        about 9 queries just to write out the menu options, and then
        repeated most of those queries again in the page guts. I've
        consolidated the queries as much as possible (to 3) and cache all
        the results.
      
      * Fix up problem with users who forget their passwords before
        verification. Basically, I fixed the more general problem of not
        being able to update your user info before verification/approval;
        users now get that menu option no matter their status.
      
      * Fix up problem of users being able to access pages before
        verification (but after approval) by going around the menu options.
        The page level check (after the menu is drawn) now checks all
        conditions (password expired, unverified, unapproved, timedout, and
        also nologins()).
      
      * Minor change in approveuser; do not show the new account to the
        project leader until the new user has verified his account.
      
      * Change verification method, as reqwuested by Dave.  In addition to
        providing the key, also provide a web link to take the user straight
        to verification. I actually take them direct to the login page, and
        pass the key in as an argument. If the user is already logged in,
        bypass and go directly to the verify page (not the form page of
        course).  If the user is not logged in, let him log in, and then
        forward the key onward to the verify page. Basically, bypass the
        form all the time, and just do the verification.
      
      * Minor change in showuser; Do not show pid/groups not approved in,
        and if the count is zero, do not draw the table headings.
      d2360b6d
  17. 17 Apr, 2002 1 commit
  18. 15 Apr, 2002 1 commit
  19. 27 Feb, 2002 1 commit
  20. 12 Feb, 2002 1 commit
  21. 08 Feb, 2002 1 commit
    • Leigh Stoller's avatar
      Add $TBMAINSITE=0 default. · d720a46b
      Leigh Stoller authored
      Fix up SUEXEC and TBERROR error handling so that <XMP> tags are not
      included in the email message!
      Add CHECKURL() function (which will eventually replace VERIFYURL())
      which returns error strings instead of calling USERERROR. This is
      in support of new forms code.
      Add CHECKPASSWORD() function; same code was in three different places.
      This version returns the error string from checkpass.
      d720a46b
  22. 11 Jan, 2002 1 commit
  23. 09 Jan, 2002 1 commit
  24. 20 Dec, 2001 1 commit
  25. 05 Dec, 2001 1 commit
    • Leigh Stoller's avatar
      More inventive ways to avoid real work; add password expiration · 3e2bb386
      Leigh Stoller authored
      capability. New DB field in the users table (pswd_expires) which is a
      date field that initially gets set to one year after the user account
      is created. When the password is changed via the web form, it gets
      bumped 1 more year into the future *unless* the current uid is
      different from the target_uid (ie: you are changing a password for
      someone else). In that case, the expiration is set to the current
      date, which forces the target user to change his password next time he
      logs in. I've changed the menu/auth code to look for password
      expiration, and when expired the menu options contain just a single
      option to change the password. All other https pages will fail with a
      password expired message. Normal text pages will work of course.
      3e2bb386
  26. 29 Oct, 2001 1 commit
    • Leigh Stoller's avatar
      A bunch of lastlogin changes! The user and experiment information · 4658545e
      Leigh Stoller authored
      pages now show the lastlogin info that is gathered from sshd syslog
      reporting to users. That info is parsed by security/genlastlog.c, and
      entered into the DB in the nodeuidlastlogin and uidnodelastlogin
      tables. If not obvious from the names, for each user we want the last time
      they logged in anyplace, and for each node we want the last time anyone
      logged into it. The latter is obviously more useful for scheduling
      purposes. All of the various images have new /etc/syslog.conf files,
      and the 6.2 got new sshd_configs (all cvsup'ed with kill -HUP). There
      is an entry in boss:/etc/crontab and users:/etc/syslog.conf. All of
      this is decribed in greater detail in security/genlastlog.c.
      4658545e
  27. 16 Oct, 2001 1 commit
  28. 01 Oct, 2001 2 commits
  29. 19 Sep, 2001 1 commit
  30. 30 Aug, 2001 1 commit
  31. 10 May, 2001 1 commit
    • Leigh Stoller's avatar
      Lots of little changes for sending email to the right places, with · 3285bc3e
      Leigh Stoller authored
      proper headers. Split out some of the mail into testbed-logs,
      testbed-ops, and testbed-approval. Added a library for including from
      our perl scripts. Contains a couple of mail helper functions, but will
      hopefully contain more as time goes by.
      
      Fixed a bug in the web interface that was causing breakage for people
      with multiple accounts. Mac and Jay have noticed this, when logging
      out and trying to join or create a project under a new or different
      name.
      3285bc3e
  32. 08 May, 2001 2 commits
  33. 04 May, 2001 1 commit
  34. 18 Apr, 2001 1 commit
  35. 10 Apr, 2001 1 commit
  36. 23 Mar, 2001 1 commit
  37. 15 Mar, 2001 1 commit
    • Leigh Stoller's avatar
      1) <basefont size=4> to all the pages before I go blind reading 8pt · af4a6ad7
      Leigh Stoller authored
         font. Don't like? Set you font prefs in netscape.
      2) Add link to Flux Utah Network Testbed page along bottom of all the
         pages.
      3) For the above, put in <base target=_top> tag just prior to the row
         of links along the bottom so that when you leave the testbed pages,
         you get a full window view instead of a framed view.
      af4a6ad7