1. 29 Mar, 2003 1 commit
    • Leigh Stoller's avatar
      Add target_pid,target_gid arguments to joinproject page so that · 26bccd9e
      Leigh Stoller authored
      we can send links that cause those fields to be filled in for people.
      Add those links to email generated by newproject and newgroup pages
      so that they can be saved by the leaders.
      
      Add a bit of referrer magic to login page. When clicked from the join
      or new project pages, tell login page to pass along the referrer page
      so that when login is complete, user is zapped back to the original
      page. This is especially nice when combined with the above change to
      joinproject, whereby we send along the target pid/gid, but the user
      has not yet logged in and remembers to do so via the link at the top
      of the page.
      26bccd9e
  2. 25 Mar, 2003 1 commit
  3. 06 Mar, 2003 3 commits
  4. 10 Dec, 2002 2 commits
  5. 09 Dec, 2002 2 commits
  6. 05 Dec, 2002 1 commit
    • Mac Newbold's avatar
      First set of changes for proj head and all group roots in the group to get · 0c8a345c
      Mac Newbold authored
      mail instead of just the proj head. So far, the only mail that really does
      it is the swap requests, but others are coming soon, especially new user
      application mail and the like.
      
      Also clarified some of the documentation about students starting projects.
      New project page says they can't, and that their advisor has to do it,
      then links to auth.html, which says they can with prior special
      permission. Hopefully we won't get too many more students making project
      apps and messing things up.
      0c8a345c
  7. 24 Oct, 2002 1 commit
  8. 01 Oct, 2002 1 commit
    • Robert Ricci's avatar
      Change user verification keys. Verification key is now an md5 hash · a4e8ca5b
      Robert Ricci authored
      of a random number, as suggested in the php manual. This number
      is stashed in the database, in the new verify_key column in the
      users table.
      
      Rename the functions that generate and get the keys, and move from
      defs.php3 to dbdefs.php3, since they're now DB operations.
      a4e8ca5b
  9. 20 Sep, 2002 1 commit
  10. 16 Sep, 2002 1 commit
  11. 10 Sep, 2002 2 commits
    • Chad Barb's avatar
      · 7b685a09
      Chad Barb authored
      Fixed this up a bit.. commented out "change default values"
      since there _are no_ default values.
      7b685a09
    • Chad Barb's avatar
      · 35a9c90c
      Chad Barb authored
      Improved error reporting style.. also added image for uky,
      though right now it is the same as the standard image
      (will edit it soon.)
      35a9c90c
  12. 26 Aug, 2002 2 commits
  13. 20 Aug, 2002 1 commit
  14. 29 Jul, 2002 1 commit
    • Leigh Stoller's avatar
      Widearea permission changes: · d3c6f9c8
      Leigh Stoller authored
      * Two new fields on the new project page that ask the project leader to
        specify how many ron and pcplab nodes they need. There is a link to a
        page that should describe these nodes, but thats blank.
      
      * The project approval page will add a couple of checkboxes for ron and
        pcplab nodes. This will allow the project to be approved independent of
        the ron/pcplab usage. So, you can approve the project but decline the
        request to use those nodes types (or just one of them).
      
      * The project table in the DB has a "list" of remote node types for which
        accounts should be built. Its implemented as a set and it can contain
        just two node types (pcron, pcplab) right now. The set is created in
        the approval page, and someday we can add a page to operate on that
        set directly if we need it.
      d3c6f9c8
  15. 07 Jul, 2002 1 commit
  16. 24 Jun, 2002 1 commit
  17. 18 Jun, 2002 1 commit
  18. 13 Jun, 2002 1 commit
  19. 12 Jun, 2002 1 commit
    • Leigh Stoller's avatar
      The big key changes ... Deprecate the two pubkey slots in the users · 6c6f8baf
      Leigh Stoller authored
      table and create a new table to hold user_pubkeys, indexed by the
      comment field of the key. Change mkacct to insert newly created Emulab
      keys into that table, and to regen the users authorized_keys file
      from the DB. Users should no longer edit their own authorized_keys
      file or the changes will be lost (I put a comment in their files).
      
      Change the three pages that deal with keys. join/new project can now
      take a file of multiple keys; each is inserted. Moved the key stuff
      that was in the update user info page into a new pubkeys page that
      allows users to add/sub keys easily. New key additions are password
      protected.
      
      Unrelated change: Add an audit mode to mkacct to log its output and
      send it to the tblogs email. Previously, warnings and errors tended to
      get lost.
      6c6f8baf
  20. 22 May, 2002 1 commit
    • Leigh Stoller's avatar
      A large set of authorization changes. · d2360b6d
      Leigh Stoller authored
      * Cleanup! A lot of the structure derived from the early frame days,
        which had a noticable (and bad) effect on how I wrote the stuff.  I
        cleaned up most of that yuckyness.
      
      * In process, optimize a little bit on the queries. The old code did
        about 9 queries just to write out the menu options, and then
        repeated most of those queries again in the page guts. I've
        consolidated the queries as much as possible (to 3) and cache all
        the results.
      
      * Fix up problem with users who forget their passwords before
        verification. Basically, I fixed the more general problem of not
        being able to update your user info before verification/approval;
        users now get that menu option no matter their status.
      
      * Fix up problem of users being able to access pages before
        verification (but after approval) by going around the menu options.
        The page level check (after the menu is drawn) now checks all
        conditions (password expired, unverified, unapproved, timedout, and
        also nologins()).
      
      * Minor change in approveuser; do not show the new account to the
        project leader until the new user has verified his account.
      
      * Change verification method, as reqwuested by Dave.  In addition to
        providing the key, also provide a web link to take the user straight
        to verification. I actually take them direct to the login page, and
        pass the key in as an argument. If the user is already logged in,
        bypass and go directly to the verify page (not the form page of
        course).  If the user is not logged in, let him log in, and then
        forward the key onward to the verify page. Basically, bypass the
        form all the time, and just do the verification.
      
      * Minor change in showuser; Do not show pid/groups not approved in,
        and if the count is zero, do not draw the table headings.
      d2360b6d
  21. 08 May, 2002 2 commits
  22. 01 Apr, 2002 2 commits
    • Leigh Stoller's avatar
      Minor fixes and cleanups. · 9253e03b
      Leigh Stoller authored
      9253e03b
    • Leigh Stoller's avatar
      First cut at supporting RON (or more generally, remote nodes). · bd587829
      Leigh Stoller authored
      * tmcd/ron: A new directory of client code, based on the freebsd
        client code, but scaled back to the bare minimum. Does only account
        and group file maintenance. I redid the account stuff so that only
        emulab accounts are operated on. Does not require a stub file, but
        instead keeps a couple of local dbm files recording what groups and
        accounts were added by Emulab. There is a ton of paranoia checking
        to make sure that local accounts are not touched.
      
        The update script that runs on the client node detaches so that the
        ssh from boss returns immediately. update can also be run from the
        node periodically and at boottime. The script is installed setuid
        root, but checks to make sure that *only* root or "emulabman" has
        invoked it.
      
      * utils/sshremote: New file. For remote nodes, instead of using sshtb,
        use sshremote, which ssh's in as "emulabman", which needs to be a
        local non-root user, but with an authorized_keys file containing
        boss' public key.
      
      * web interface changes: Allow user to specify his own public key in
        addition to the emulab key.
      
        Add option in showexp page to update accounts on nodes in the
        experiment. I was originally intending to do this from approveuser,
        but this was easier and faster. I will add an option to do it on the
        approveuser page later.
      
      * libdb.pm: Add a TBIsNodeRemote() query to see if a node is in the
        local testbed or a pcRemote node. Currently, this test is hardwired
        to a check for class=pcRemote, but this will need to change to a
        node_types property at some point.
      
      * node_update: Reorg so that there is a maximum number of children
        created. Previously, a child was forked for each node, but that
        could chew up too many processes, especially for remote nodes which
        might hang up. For the same reason, we need to "lock" the experiment
        so that it cannot be terminated while a node_update is in progress.
        Might be to relax that, but this was easy for now. Also add
        distinction between local and remote, since for remote we use
        sshremote insted of sshtb. Various cleanup stuff
      
      * mkacct; When generating a new account, include user supplied pub key
        in the authorized keys file, in addition to the eumlab generated
        key. Both keys are stored in the DB in the users table. Anytime we
        update an account, get a fresh copy of the emulab pub key, in case
        user changes it.
      bd587829
  23. 14 Feb, 2002 1 commit
    • Leigh Stoller's avatar
      A morass of form changes. The main goals are to avoid the loss of info · 9ac3d870
      Leigh Stoller authored
      when backing up (cause of an error that needs to be fixed) since not
      all browsers handle this the same. Instead, redraw the form with all
      of the original info and a list of error messages at the top.
      Conceptually simple change, but it turns out to be a pain to implement
      since you need to combine the form and processing code in one page
      (well, its just a lot easier to do that), and then change all of the
      forms to deal with a "default" value. That is, each different kind of
      input tag (text, radio, select, checkbox, etc.) requires slightly
      different changes to do that. Lots of forms, lots of entries on the
      forms, and its a long slow tedious process. Much nicer though, although
      the code is a bit harder to grok. At the same time, I added a lot more
      sanity checks of the information being passed in.
      
      The other change is to deal with how browsers handle the back button
      on a form thats been properly submitted. Not all browsers use
      the cache directives the same, and I was often typing back, only to
      have some form get reposted. Thats a major pain in the butt. The way
      to deal with that is to have the processor send out a Location header,
      which modifies the browser history so that the post is no longer in
      the history. You back up straight to the unposted form (if its in the
      cache). I've done this to only some forms, since its a bit of a pain
      to rework things so that you can jump ahead to a page that spits out
      the requisite warm fuzzies for the specific operation just completed.
      
      I've done newproject, joinproject, update user info, newimageid, and
      newimaged_dz forms.
      9ac3d870
  24. 12 Feb, 2002 1 commit
  25. 17 Dec, 2001 1 commit
  26. 05 Dec, 2001 1 commit
    • Leigh Stoller's avatar
      More inventive ways to avoid real work; add password expiration · 3e2bb386
      Leigh Stoller authored
      capability. New DB field in the users table (pswd_expires) which is a
      date field that initially gets set to one year after the user account
      is created. When the password is changed via the web form, it gets
      bumped 1 more year into the future *unless* the current uid is
      different from the target_uid (ie: you are changing a password for
      someone else). In that case, the expiration is set to the current
      date, which forces the target user to change his password next time he
      logs in. I've changed the menu/auth code to look for password
      expiration, and when expired the menu options contain just a single
      option to change the password. All other https pages will fail with a
      password expired message. Normal text pages will work of course.
      3e2bb386
  27. 03 Dec, 2001 1 commit
  28. 28 Nov, 2001 1 commit
  29. 29 Oct, 2001 1 commit
  30. 16 Oct, 2001 2 commits
  31. 19 Sep, 2001 1 commit