1. 07 Nov, 2013 1 commit
  2. 06 Nov, 2013 1 commit
  3. 24 Sep, 2012 1 commit
    • Eric Eide's avatar
      Replace license symbols with {{{ }}}-enclosed license blocks. · 6df609a9
      Eric Eide authored
      This commit is intended to makes the license status of Emulab and
      ProtoGENI source files more clear.  It replaces license symbols like
      "EMULAB-COPYRIGHT" and "GENIPUBLIC-COPYRIGHT" with {{{ }}}-delimited
      blocks that contain actual license statements.
      
      This change was driven by the fact that today, most people acquire and
      track Emulab and ProtoGENI sources via git.
      
      Before the Emulab source code was kept in git, the Flux Research Group
      at the University of Utah would roll distributions by making tar
      files.  As part of that process, the Flux Group would replace the
      license symbols in the source files with actual license statements.
      
      When the Flux Group moved to git, people outside of the group started
      to see the source files with the "unexpanded" symbols.  This meant
      that people acquired source files without actual license statements in
      them.  All the relevant files had Utah *copyright* statements in them,
      but without the expanded *license* statements, the licensing status of
      the source files was unclear.
      
      This commit is intended to clear up that confusion.
      
      Most Utah-copyrighted files in the Emulab source tree are distributed
      under the terms of the Affero GNU General Public License, version 3
      (AGPLv3).
      
      Most Utah-copyrighted files related to ProtoGENI are distributed under
      the terms of the GENI Public License, which is a BSD-like open-source
      license.
      
      Some Utah-copyrighted files in the Emulab source tree are distributed
      under the terms of the GNU Lesser General Public License, version 2.1
      (LGPL).
      6df609a9
  4. 11 Jul, 2012 1 commit
    • Leigh Stoller's avatar
      Cleanup in the web interface to prevent XSS attacks. · 6cf701f9
      Leigh Stoller authored
      We had a couple of different problems actually.
      
      * We allow users to insert html into many DB fields (say, a project or
        experiment description).
      
      * We did not sanitize that output when displaying back.
      
      * We did not sanitize initial page arguments that were reflected in the
        output (say, in a form).
      
      Since no one has the time to analyze every line of code, I took a couple of
      shortcuts. The first is that I changed the regex table to not allow any <>
      chars to go from the user into the DB. Brutal, but in fact there are only a
      couple of places where a user legitimately needs them. For example, a
      startup command that includes redirection. I handle those as special
      cases. As more come up, we can fix them.
      
      I did a quick pass through all of the forms, and made sure that we run
      htmlspecialchars on everything including initial form args. This was not
      too bad cause of the way all of the forms are structured, with a
      "formfields" array.
      
      I also removed a bunch of obsolete code and added an update script to
      actually remove them from the www directory.
      
      Lastly, I purged some XMLRPC code I did a long time ago in the Begin
      Experiment path. Less complexity, easier to grok and fix.
      
      	modified:   sql/database-fill.sql
      	modified:   sql/dbfill-update.sql
      6cf701f9
  5. 21 Oct, 2008 1 commit
    • Kevin Atkinson's avatar
      If a known user (based on stored cookies) is not logged in than · 846a98d6
      Kevin Atkinson authored
      redirect to the login page rather than printing a message with a link
      to the page.  Otherwise send a "403 Forbidden" to keep robots from
      indexing the page.  Also send appreciate HTTP responses on other
      precheck errors to keep a robot from indexing the page.  In order to
      do this the PAGEHEADER call needed to be moved to after
      CheckLoginOrDie and Required/OptionalPageArguments on many pages.  A
      warning will be printed if either CheckLoginOrDie or
      Required/OptionalPageArguments detects that PAGEHEADER was already
      called.
      
      Also change the redirect in kb-show to be a permanent redirect (301)
      rather than a temporary one (302) which is the default unless a status
      code is given.
      846a98d6
  6. 13 Feb, 2007 1 commit
  7. 12 Feb, 2007 1 commit
    • Leigh Stoller's avatar
      * Replace the argument processing code in all pages. Currently we rely on · 48acc8e3
      Leigh Stoller authored
        register_globals=1 to turn POST/GET/COOKIES arguments in local variables.
        This is known to be a terrible security risk, and we keep saying we are
        going to fix it, and now I am. In order to accomplish this on a
        transitional basis (since I don't want the entire web interface to stop
        working while I debug it), and because the code just needs the cleanup, I
        am doing it like this: Each page will sport new declarations at the top:
      
      	RequiredPageArguments("experiment", PAGEARG_EXPERIMENT,
                                    "template",   PAGEARG_TEMPLATE,
                                    "instance",   PAGEARG_INSTANCE,
                                    "metadata",   PAGEARG_METADATA,
                                    "osinfo",     PAGEARG_OSINFO,
                                    "image",      PAGEARG_IMAGE,
                                    "project",    PAGEARG_PROJECT,
                                    "group",      PAGEARG_GROUP,
                                    "user",       PAGEARG_USER,
      			      "node",       PAGEARG_NODE,
      			      "yesno",      PAGEARG_BOOLEAN,
      			      "message",    PAGEARG_STRING,
      			      "age",        PAGEARG_INTEGER,
                                    "cost",       PAGEARG_NUMERIC,
                                    "formfields", PAGEARG_ARRAY,
                                    "unknown",    PAGEARG_ANYTHING);
      
      	OptionalPageArguments("canceled", PAGEARG_BOOLEAN);
      
        The first token in each pair is the name of the global variable to
        set, and the second token is the type. So, for "experiment" we look at
        the URL for a pid/eid or exptidx, etc, sanity check them (safe for a
        DB query), and then try to find that experiment in the DB. If it maps
        to an experiment, set global variable $experiment to the object. Since
        its a required argument, produce an error if not supplied. Similar
        treatment for optional arguments, with the obvious difference.
      
        The goal is to have ALL argument processing in one place, consistent,
        and correct. I've found numerous places where we leak unchecked
        arguments into queries. It also cuts out a lot of duplicated code.
      
      * To make the above easier to deal with, I've been replacing lots of
        hardcoded URLS in the code of the form:
      
      	foo.php3?pid=$pid&eid=$eid ...
      
        with
      
              CreateURL("foo", $experiment)
      
        which creates and returns the neccessary url string, by looking at
        the type of its arguments (experiment, template, instance, etc.)
      
        Eventually plan to replace them all so that URL handling throughout
        the code is all defined in one place (all the new URL code is in
        url_defs.php).
      
      * I have cranked up error reporting to tell me anytime a variable is
        used before it is initialized, plus a bunch of other stuff that PHP
        deems improper. Think of it like -Wall ... and boy we get a lot of
        warnings.  A very large percentage of the diffs are to fix all these
        warnings.
      
        The warnings are currently going to /usr/testbed/log/php-errors.log,
        and I'll be adding a script to capture them each night and mail them
        to tbops. This file also gets errors (this will be a change for
        developers; rather then seeing errors and warnings dumped in the
        middle of web pages, they will go to this file instead).
      
      * Major refactoring of the code. More objects (nodes, images, osids).
        Moving tons of queries into the objects in the hopes of someday
        getting to a point where we can split the web interface onto a
        different server.  Lots of general cleanup.
      48acc8e3
  8. 20 Dec, 2006 1 commit
  9. 19 Jun, 2006 1 commit
  10. 27 Sep, 2005 2 commits
  11. 15 Sep, 2005 1 commit
    • Leigh Stoller's avatar
      Minor interface changes for Jay. · 93fc47db
      Leigh Stoller authored
      Major interface change; the default mode in the map is that click
      on a node now *adds* to a highlight (used to be shift-click), and that
      click over the floor area deselects everything.
      
      Add a "Distances between highlighted node" menu item, that uses the
      x,y,z coords of nodes to determine the distance between them. Okay
      so there might be a small constant in there, say 14 feet, that just
      happens to be the distance between floors in MEB.
      93fc47db
  12. 12 Sep, 2005 1 commit
  13. 11 Sep, 2005 1 commit
  14. 31 Aug, 2005 1 commit
  15. 31 May, 2005 2 commits
    • Timothy Stack's avatar
      When checking if the context menu should be shown, use · 0efbd929
      Timothy Stack authored
      "isPopupTrigger" instead of checking the button number.  Certain
      people with only one mouse button need this.
      0efbd929
    • Leigh Stoller's avatar
      Pass around pid,eid (through the applet) so that the backend knows · 30667bc5
      Leigh Stoller authored
      what locpiper to connect to. Locpiper now binds a dynamic port, and
      stores that into the DB, and the php script expects to get that pid,eid
      back.
      
      Changed the showexp page so that pid,eid are passed to the robotrack
      top level page.
      
      Changed the robotrack page so that if it does not get a pid,eid, it looks
      for an experiment running (a locpiper). If none is running, let the applet
      start of course, but there will be an error dialog when it starts. You can
      still play with the applet of course. If there is more then one experiment
      running, then just pick first one. At some point I might add a page to ask
      which experiment, but its low priority.
      30667bc5
  16. 25 May, 2005 1 commit
  17. 24 May, 2005 4 commits
  18. 20 May, 2005 2 commits
    • Leigh Stoller's avatar
      Checkpoint some robot changes. · 5f67fe09
      Leigh Stoller authored
      * New robot event listener:
      
          * It is intended to be started and stopped from the experiment
            swapin path instead of as a global daemon. It takes the pid/eid
            of the experiment, and will deal with events only for those
            nodes that are allocated to the experiment. We have some long
            range plans of time sharing the robot lab, so I figured we might
            as get a little bit of a start on that.
      
          * Once it fires up, it subscribes to the usual assortment of
            events, just like the loclistener does.
      
          * It then binds a socket on which to listen for connections from
            the web server.
      
          * Then it loops, looking for events and for connections from the
            web server. Connections from the web server are for forwarding
            the event stream in real time to whatever applets are currently
            viewing the robot lab.
      
          * As each event comes in, it is parsed, entered into the DB (nodes
            and location_info table), and fired out (in a textual form) to
            all the applet listeners. The web interface just acts as pipe in
            this case for the data.
      
          * The event stream is also duplicated to a file in the experiment
            directory (the same stuff that is piped to the applet), named by
            the current resource record ID. I hope to use this stream to
            playback the motion in the applet (coupled with webcam images
            once I figure out how to sync them).
      
      * tbswap: Start and stop the new listener.
      
      * Robotrack: I changed the interface for how we actually communicate
        the event data. Much more reasonable then it was (a comma separated
        string of numbers!).
      
      * new database fields in the experiments table to hold the process ID
        of the listener and the port it is listening on. The port is not
        used yet, as the robot lab is still not shared. Will need to revist
        this later. Currently uses a fixed port number.
      
      * www/robotrack/robopipe.php3: Killed most of the old code and replace
        with simple socket connect to the listener.
      5f67fe09
    • Leigh Stoller's avatar
      Build new jar file for Tim. · 29759ea3
      Leigh Stoller authored
      29759ea3
  19. 17 May, 2005 1 commit
    • Leigh Stoller's avatar
      A couple of changes: · f5e06601
      Leigh Stoller authored
      * Allow nodes that currently moving to be dragged to an alternate
        location (thereby interrupting current motion, and giving it a new one).
      
      * Fix some check collision problems.
      f5e06601
  20. 13 May, 2005 1 commit
  21. 12 May, 2005 1 commit
  22. 11 May, 2005 2 commits
    • Leigh Stoller's avatar
    • Leigh Stoller's avatar
      Add a "withwebcams" option to the tracker applet. When turned on, the · 179cf519
      Leigh Stoller authored
      mini images from the webcams (240x180) are displayed in the mechanical
      area in the lower right of the floormap. The frame rate is 2fps to
      avoid pummeling the node, as its all done with Java, including the
      jpeg conversion and display (I grabbed most of this code from my
      tools/webcamapplet that I wrote a while back).
      
      My first attempt at this performed really bad cause I was redrawing
      the entire display whenever a new frame came into any camera. Ack,
      this was chewing 98% of the CPU.
      
      So, I restructured things so that each camera is in its own JPanel and
      has its own paint callback. However, in order to have overlapped
      JPanels (since the base image is also a JPanel) I needed to shift to
      using the LayeredPane instead of the ContentPane of the applet. This
      meant creating a wrapper JPanel to hold the base image, and then
      combining everything together on the layered pane. The result is that
      the repainting system paints only what needs to be painted, and
      everything runs much much faster (about 15% CPU on my desktop).
      
      Also got rid of my inline double buffering; JPanels do that by default
      for you. I did not realize that at the time I wrote the applet cause I
      missed the tiny footnote in the Graphics2D tutorial that says Swing
      components do that for you!
      179cf519
  23. 22 Apr, 2005 1 commit
  24. 06 Apr, 2005 1 commit
  25. 01 Apr, 2005 1 commit
  26. 31 Mar, 2005 1 commit
  27. 07 Mar, 2005 1 commit
    • Leigh Stoller's avatar
      Change to the UI. Add a right click context menu (right click over a · b369447e
      Leigh Stoller authored
      node) brings up a context menu that allows you to 1) Cancel the
      current drag operation for that robot, 2) bring up the Emulab shownode
      page in another window, and 3) set the orientation for the robot using
      a popup dialog input box. This allowed me to clean up some of the
      table handling code, and fix a glitch whereby a value left inside a
      cell being edited caused the a cancel drag operation to immediately
      start a new one.
      b369447e
  28. 04 Mar, 2005 3 commits
    • Leigh Stoller's avatar
      This started out as a cleanup pass ... · 4e1cc382
      Leigh Stoller authored
      * Add nodeinfo backend page for the tracker applet to query for info about
        the nodes, including what type, what size, fixed/mobile, allocated etc.
        This is so we can draw the dots in the right scale, and make sure that
        fixed motes cannot be dragged around in the applet.
      
      * Clean up a bunch of hardwired constants, mostly related to the size
        of the dots, and the font size (which determines where labels get
        drawn.
      
      * And then I noticed the oddity resulting from having a robot that is 10.5
        inches long, but sweeps a diameter of 14 inches. The dot we draw is in
        scale (10.5in), but when I changed it to draw a 14in scale dot, that
        looked all wrong. So, there are actually two sizes now; the size of
        the robot, and the radius of the circle it sweeps (which is critical
        for determining obstacle avoidance). Still, this is confusing cause the
        user will place a robot near an obstacle (not overlapping) but will be
        told there is overlap cause the bubble around the robot is bigger then
        the dot. Not sure what to do about that. I could draw a large bubble
        around the robots but that is going to increase the clutter quite a bit.
      4e1cc382
    • Leigh Stoller's avatar
      Add checks to make sure that a robot destination does not overlap a · 84c4f96b
      Leigh Stoller authored
      current robot location (or its destination if the other robot is
      moving or being dragged to a new location).
      
      Oh, I should mention that to make the calculation easier, I am
      treating robots as rectangles not circles. This is not ideal, but I
      was not sure how to calculate overlap of two circles in a reasonably
      efficient manner. I'm sure a high school student can tell me though.
      84c4f96b
    • Leigh Stoller's avatar
      As per Tim's comments, just the center point of a robot needs to be · be6ded17
      Leigh Stoller authored
      fully contained within at least one camera (not the entire robot).
      be6ded17
  29. 03 Mar, 2005 3 commits