1. 21 Mar, 2005 1 commit
  2. 31 Jan, 2005 1 commit
  3. 18 Jan, 2005 1 commit
  4. 03 Dec, 2004 1 commit
  5. 26 Oct, 2004 1 commit
  6. 25 Oct, 2004 1 commit
  7. 17 Sep, 2004 3 commits
  8. 08 Sep, 2004 2 commits
    • Leigh B. Stoller's avatar
      Two changes. · 9992ae20
      Leigh B. Stoller authored
      * When generating the initial ssh ley, use -C option to keygen so that
        the comment field is rational. Now set to $user@$domain.
      
      * Add -f (force) option to use in conjunction with -i (inituser)
        option to regenerate the initial (unencrypted) ssh key. The user's
        auth_keys are files are regenerated as well.
      
        The bad thing about all this is that you have to go remove any old
        keys by hand via the web interface since we do not mark the key we
        generate in the DB.
      9992ae20
    • Leigh B. Stoller's avatar
      Fix shell quoting problem which I indirectly introduced just before · 9b8f4519
      Leigh B. Stoller authored
      the big power down when I changed sshtb to not invoke a subshell
      wrapper, but to exec ssh directly. Built into tbacct was an extra pair
      of \\ escapes to protect the outer double quotes from that extra
      subshell.  When I removed that subshell, the extra escapes wreaked
      havoc.
      
      Needless to say, I really want to change how accounts are built on ops
      to use tmcd like a regular experimental node. We can almost do that
      now, except for the little detail that sending over 800 users would be
      a lot of traffic for single updates. I've been meaning to extend the
      protocol to allow for single updates, but have not had time yet!
      9b8f4519
  9. 01 Sep, 2004 2 commits
    • Leigh B. Stoller's avatar
      23341ef7
    • Leigh B. Stoller's avatar
      SSL version of the XMLRPC server. · a9c1045e
      Leigh B. Stoller authored
      * SSL based server (sslxmlrpc_server.py) that wraps the existing Python
        classes (what we export via the existing ssh XMLRPC server). I also have a
        demo client that is analogous the ssh demo client (sslxmlrpc_client.py).
        This client looks for an ssl cert in the user's .ssl directory, or you can
        specify one on the command line. The demo client is installed on ops, and
        is in the downloads directory with the rest of the xmlrpc stuff we export
        to users. The server runs as root, forking a child for each connection and
        logs connections to /usr/testbed/log/sslxmlrpc.log via syslog.
      
      * New script (mkusercert) generates SSL certs for users. Two modes of
        operation; when called from the account creation path, generates a
        unencrypted private key and certificate for use on Emulab nodes (this is
        analagous to the unencrypted SSH key we generate for users). The other mode
        of operation is used to generate an encrypted private key so that the user
        can drag a certificate to their home/desktop machine.
      
      * New webpage (gensslcert.php3) linked in from the My Emulab page that
        allows users to create a certificate. The user is prompted for a pass
        phrase to encrypt the private key, as well as the user's current Emulab
        login password. mkusercert is called to generate the certificate, and the
        result is stored in the user's ~/.ssl directory, and spit back to the user
        as a text file that can be downloaded and placed in the users homedir on
        their local machine.
      
      * The server needs to associate a certificate with a user so that it can
        flip to that user in the child after it forks. To do that, I have stored
        the uid of the user in the certificate. When a connection comes in, I grab
        the uid out of the certificate and check it against the DB. If there is a
        match (see below) the child does the usual setgid,setgroups,setuid to the
        user, instantiates the Emulab server class, and dispatches the method. At
        the moment, only one request per connection is dispatched. I'm not sure
        how to do a persistant connection on the SSL path, but probably not a big
        deal right now.
      
      * New DB table user_sslcerts that stores the PEM formatted certificates and
        private keys, as well as the serial number of the certificate, for each
        user. I also mark if the private key is encrypted or not, although not
        making any use of this data. At the moment, each user is allowed to get
        one unencrypted cert/key pair and one encrypted cert/key pair. No real
        reason except that I do not want to spend too much time on this until we
        see how/if it gets used. Anyway, the serial number is used as a crude form
        of certificate revocation. When the connection is made, I suck the serial
        number and uid out of the certificate, and look for a match in the table.
        If cert serial number does not match, the connection is rejected. In other
        words, revoking a certificate just means removing its entry from the DB
        for that user. I could also compare the certificate itself, but I am not
        sure what purpose that would serve since that is what the SSL handshake is
        supposed to take of, right?
      
      * Updated the documentation for the XMLRPC server to mention the existence
        of the SSL server and client, with a pointer into the downloads directory
        where users can pick up the client.
      a9c1045e
  10. 09 Aug, 2004 1 commit
    • Leigh B. Stoller's avatar
      Some cleanups and performance improvements: · f604dc33
      Leigh B. Stoller authored
      * Be more selective about what lists are regenerated; we were generating
        way too many lists each time called. When calling from tbswap, use new
        -t option to generate just the active lists. When called from setgroups,
        use -p option to generate lists just for the project. Add update option
        for when user changes email address (and all lists really do need to be
        regenerated).
      
      * Add "diff" processing. Instead of blindly firing each new list over to
        ops with ssh, store a copy of all of the lists in
        /usr/testbed/lists. After we generate the new list, diff it against the
        stored copy. If the same, skip it. Otherwise stash new copy and fire it
        over. This should reduce the wait times by quite a bit since the lists
        rarely change (except for the activity lists of course).
      
      * Add -n (impotent) option for debugging; skips the ssh over to ops.
      
      * Reorg a lot of stuff; it was getting hard to follow.
      f604dc33
  11. 13 Apr, 2004 1 commit
  12. 17 Mar, 2004 1 commit
  13. 04 Mar, 2004 1 commit
  14. 09 Feb, 2004 1 commit
  15. 24 Oct, 2003 1 commit
  16. 13 Oct, 2003 2 commits
  17. 18 Aug, 2003 1 commit
  18. 06 Aug, 2003 1 commit
  19. 03 Jun, 2003 1 commit
  20. 10 Apr, 2003 1 commit
  21. 09 Apr, 2003 1 commit
    • Mac Newbold's avatar
      Add new script to notify users when they are over their quota. Runs from · 38310b4e
      Mac Newbold authored
      cron daily, on the fs node (ops) as root. Uses lots of configure variables
      so that it does the right thing in any installation, without any
      customization.
      
      One possible caveat regarding quotas: If FS_NODE != USERNODE, they don't
      have a login on the fs machine. So checking their quota won't work unless
      the rpc.rquotad(8) daemon is running on FS_NODE, which we currently don't
      do.
      
      In order to do this right, I had to add a new configure var,
      FS_WITH_QUOTAS, that has a space separated list of file systems that have
      quotas enabled. (Ie the default is 'FS_WITH_QUOTAS="/q /users"'.) It
      doesn't have any default, since I couldn't come up with a reasonable one.
      All the defs files have been updated appropriately to define this new
      variable.
      38310b4e
  22. 26 Mar, 2003 1 commit
  23. 25 Mar, 2003 1 commit
  24. 03 Mar, 2003 1 commit
  25. 13 Feb, 2003 1 commit
  26. 11 Feb, 2003 1 commit
    • Leigh B. Stoller's avatar
      Move addpubkey from the utils to account directory. Note that I copied · 2a534d88
      Leigh B. Stoller authored
      the RCS control file in the repository so the history is left intact.
      
      Two new modes, which used to be in the old mkacct. There is an init
      mode, which is used on new users to create the initial pub key. There
      is also a write mode, which is used regenerate the authkeys files for
      people after they add/delete keys via the web interface. Used to be
      that addpubkey wold add the key to the DB, but mkacct would deal with
      creating the authkeys files. All this functionality is now localized
      in this one script.
      2a534d88
  27. 10 Feb, 2003 1 commit
  28. 09 Feb, 2003 1 commit
    • Leigh B. Stoller's avatar
      Checkpoint (still neads testing and tweaking) vastly rewritten mkacct · b9ef7da1
      Leigh B. Stoller authored
      script, which is now called tbacct, and lives in the account directory
      instead of tbsetup (all account scripts are moving into this
      directory). The command line is different:
      
      	Usage: tbacct <add|del|mod|freeze|thaw|sfskey> <name>
      
      However, it is not really intended to be called from the command line,
      but if it is, it always does the right thing based on the DB. All of
      the ssh commands are localized here as well (mkproj and others will
      invoke this script instead of doing pw commands themselves on ops).
      
      My experience with this indicates a couple of things.
      
      * We should probably not invoke these backend scripts (which are
        setuid) as the user driving them from the web. This complicates
        things, especially in light of having to deal with users with no
        accounts (say, a new user, unapproved, who wants to change their
        password). Not sure what the right model is, but since the script
        always does the right thing, it really makes no difference who
        invokes it.
      
      * The actual pw commands should be driven from a script on the other
        side. This would make it easy to retarget to linux or whatever. I
        thought about doing that, but the shell quoting is a pain in the
        butt, and its not like I'm supposed to be doing this stuff.
      b9ef7da1
  29. 28 Jan, 2003 1 commit
  30. 06 Dec, 2002 1 commit
    • Leigh B. Stoller's avatar
      Allow this to be called as user nobody. This will happen in a couple · 888fd409
      Leigh B. Stoller authored
      of instances; when a user first joins, a pub key is entered before the
      user is approved and gets an account. The other case is for the new
      webonly accounts, which exist for people with access to specific
      widearea nodes. These people never have local accounts (for suxec),
      but still get to edit their personal info and public keys for
      distribution to those widearea nodes.
      888fd409
  31. 22 Oct, 2002 1 commit
  32. 04 Sep, 2002 1 commit
  33. 26 Aug, 2002 1 commit
    • Leigh B. Stoller's avatar
      Rework all of the ssh key handling. Moved the parsing and verification · ae77bdb6
      Leigh B. Stoller authored
      to an external perl script, and use ssh-keygen to attempt conversion
      off SSH2/SECSH key formats. This is actually a simplification of the
      php code, which is not generally very good at this kind of thing (or
      maybe I mean perl is just better at it). The parsing and error
      handling it also much improved.
      ae77bdb6