1. 16 Sep, 2004 1 commit
  2. 15 Sep, 2004 1 commit
  3. 13 Sep, 2004 8 commits
  4. 11 Sep, 2004 3 commits
  5. 10 Sep, 2004 4 commits
    • Russ Fish's avatar
      Add MapQuest-style pan and zoom controls to the floormap.php3 page, and · aa7d57a9
      Russ Fish authored
      generally improve the clarity and appearance of the maps.  The scale factor
      buttons numbered 1-5 actually correspond to scale factors of 1, 1.5, 2, 2.5,
      and 3.
      Notice that the floorimages table in the database now has an integer "scale"
      column to distinguish the cached zoomed-in images with a suffix "-[1-5].jpg" .
      I use jpeg files instead of the png files that were used before.  They look as
      good or better, and are a third the size.  Panning around at a given zoom
      factor just involves cropping out a different rectangle of the scaled-up
      The 0311X064_[1-4]fl.pdf floor map files we got from Michael Kay started
      out life in Adobe Illustrator.  Although GhostScript/gv crash while
      trying to draw the pdf files, extracting them into PostScript files in
      Acrobat on Coke allows GhostScript to render them flawlessly.
      I started out using gs to render jpeg files in the shell, and then
      found that ImageMagick uses the same GhostScript renderer, and nicely
      handles cropping, drawing and annotations, and format conversion as well.
      The PostScript rendering gets slow at higher zoom factors.  So I cache the
      zoomed floor images, scaled up by rendering the PostScript files at a finer
      dot-pitch (density) in GhostScript, and then cropping out the right rectangle
      to register them properly.
      For readability, and to avoid having the thin lines and bitmap fonts used in
      some parts of the PostScript map from falling between the pixel cracks, I
      actually render at twice the pixel density and filter down to the final image
      with a gaussian -sharpen option to keep it from looking blurry.
      ImageMagick is callable from both the shell and as the Image::Magick package
      in Perl.  I converted the Perl logic in floormap.in to use Image::Magick
      instead of the GD graphics library, resulting in anti-aliased (smoothed)
      drawing of the wireless node dots and labels on floor maps for a better
      appearance.  Then I added optional scaling and centering arguments which
      select the proper cached zoomed-in image, and drive the logic for cropping and
      I modified the floormap.php3 file to wrap an input form around a set of zoom
      control buttons and the floormap image.  The zoom buttons set the scale
      argument to the Perl floormap script called on the server.  The floor map
      image itself is wrapped in a graphical submit button, so clicking on it
      returns the mouse coordinates within the image, which are then sent to the
      centering argument of the Perl script.
    • Leigh B. Stoller's avatar
    • Leigh B. Stoller's avatar
      Add cost total field, and since a Total field needs to be updated when · 6a117ef2
      Leigh B. Stoller authored
      the user changes the quantities, add the usual mess of javascript to
      make that happen.
    • Leigh B. Stoller's avatar
      Small change to suexec code. This change has the potential for creating · 7e731fba
      Leigh B. Stoller authored
      unanticipated breakage. If that happens, just need to back out the
      changes under the "suexec-stuff" tag. However, the better solution will
      probably be to fix the PHP scripts that break by adding the proper
      groups in the call to suexec (in the web page, see below) or by fixing
      the backend Perl script that breaks.
      This fix is primarily to address the problem of some users being in more
      groups (cause of subgroups) then the max number of groups allowed
      (NGROUPS).  The groups that really mattered (say, for creating an
      experiment in a subgroup) could be left out cause they were at the end
      of the list.
      * suexec.c: Change how groups are handled. Instead of taking a single
        gid argument (the gid to setgid as), now takes a comma separated list
        of groups. Further, instead of doing a setgroups to the user's entire
        group list as specified in the groups file (getgroups), setgroups to
        just the groups listed on the command line, plus the user's primary
        group from the password file (this is to prevent potential breakage
        with accessing files from the users homedir, although might not really
        be necessary).
        This change is somewhat rational in the sense that in our case, suexec
        is not being used to run arbitrary user code (CGIs), but only to run
        specific scripts that we say should be run. The environment for
        running those scripts can be more tightly controlled then it would
        otherwise need to be if running some random CGI the user has in his
        public html directory.
      * www: Change the gid argument to SUEXEC() in a number of scripts so
        that the project and subgroup are explicitly given to suexec, as
        described above. For example, in beginexp:
      	SUEXEC(gid, "$pid,$unix_gid", ....);
        Aside: note that project names (pid) are always one to one with their
        unix group name, but subgroup names are not, and *always* have to be
        looked up in the DB, hence the "unix_gid" argument.
        Script breakage should require nothing more then adding the proper
        group to the list as above.
  6. 09 Sep, 2004 1 commit
  7. 08 Sep, 2004 4 commits
  8. 07 Sep, 2004 1 commit
  9. 04 Sep, 2004 2 commits
  10. 02 Sep, 2004 1 commit
  11. 01 Sep, 2004 1 commit
    • Leigh B. Stoller's avatar
      SSL version of the XMLRPC server. · a9c1045e
      Leigh B. Stoller authored
      * SSL based server (sslxmlrpc_server.py) that wraps the existing Python
        classes (what we export via the existing ssh XMLRPC server). I also have a
        demo client that is analogous the ssh demo client (sslxmlrpc_client.py).
        This client looks for an ssl cert in the user's .ssl directory, or you can
        specify one on the command line. The demo client is installed on ops, and
        is in the downloads directory with the rest of the xmlrpc stuff we export
        to users. The server runs as root, forking a child for each connection and
        logs connections to /usr/testbed/log/sslxmlrpc.log via syslog.
      * New script (mkusercert) generates SSL certs for users. Two modes of
        operation; when called from the account creation path, generates a
        unencrypted private key and certificate for use on Emulab nodes (this is
        analagous to the unencrypted SSH key we generate for users). The other mode
        of operation is used to generate an encrypted private key so that the user
        can drag a certificate to their home/desktop machine.
      * New webpage (gensslcert.php3) linked in from the My Emulab page that
        allows users to create a certificate. The user is prompted for a pass
        phrase to encrypt the private key, as well as the user's current Emulab
        login password. mkusercert is called to generate the certificate, and the
        result is stored in the user's ~/.ssl directory, and spit back to the user
        as a text file that can be downloaded and placed in the users homedir on
        their local machine.
      * The server needs to associate a certificate with a user so that it can
        flip to that user in the child after it forks. To do that, I have stored
        the uid of the user in the certificate. When a connection comes in, I grab
        the uid out of the certificate and check it against the DB. If there is a
        match (see below) the child does the usual setgid,setgroups,setuid to the
        user, instantiates the Emulab server class, and dispatches the method. At
        the moment, only one request per connection is dispatched. I'm not sure
        how to do a persistant connection on the SSL path, but probably not a big
        deal right now.
      * New DB table user_sslcerts that stores the PEM formatted certificates and
        private keys, as well as the serial number of the certificate, for each
        user. I also mark if the private key is encrypted or not, although not
        making any use of this data. At the moment, each user is allowed to get
        one unencrypted cert/key pair and one encrypted cert/key pair. No real
        reason except that I do not want to spend too much time on this until we
        see how/if it gets used. Anyway, the serial number is used as a crude form
        of certificate revocation. When the connection is made, I suck the serial
        number and uid out of the certificate, and look for a match in the table.
        If cert serial number does not match, the connection is rejected. In other
        words, revoking a certificate just means removing its entry from the DB
        for that user. I could also compare the certificate itself, but I am not
        sure what purpose that would serve since that is what the SSL handshake is
        supposed to take of, right?
      * Updated the documentation for the XMLRPC server to mention the existence
        of the SSL server and client, with a pointer into the downloads directory
        where users can pick up the client.
  12. 27 Aug, 2004 1 commit
    • Robert Ricci's avatar
      Make it possible to have ops check in with newnode. · 2a8a8f74
      Robert Ricci authored
      This starts with a new option to newnode, -o, that tells it it's
      running on ops. This reports some slightly different information
      to the checkin page.
      The checkin page and the backend newnode script then take this extra
      information into account, and deal with ops nodes slightly
  13. 26 Aug, 2004 1 commit
  14. 20 Aug, 2004 2 commits
  15. 18 Aug, 2004 1 commit
  16. 11 Aug, 2004 1 commit
  17. 09 Aug, 2004 2 commits
    • Russ Fish's avatar
      Remove outdated bug notes. · 3905bfe2
      Russ Fish authored
      Add more description of "non-tree links" and the "show"/"hide" controls.
      Add some more cross-linking and improve readability.
    • Leigh B. Stoller's avatar
      Clean up the DirectoryIndex mess. · 30c0cff3
      Leigh B. Stoller authored
      * Remove DirectoryIndex from the .htaccess file. This file set the
        index for every directory to start.php3, which was wrong.
      * Change index.html to redirect to index.php3.
      * Change start.php3 to redirect to index.php3. I left the start.php3
        script in place (one line script) so that existing bookmarks work.
      * Move the code that used to be in start.php3 to the top of
        index.php3; this is the code that would zap to the My Emulab page
        when the user was logged in (and in https mode). Much simpler now.
  18. 05 Aug, 2004 1 commit
  19. 28 Jul, 2004 1 commit
  20. 27 Jul, 2004 1 commit
  21. 26 Jul, 2004 2 commits