1. 12 Feb, 2007 1 commit
    • Leigh B. Stoller's avatar
      * Replace the argument processing code in all pages. Currently we rely on · 48acc8e3
      Leigh B. Stoller authored
        register_globals=1 to turn POST/GET/COOKIES arguments in local variables.
        This is known to be a terrible security risk, and we keep saying we are
        going to fix it, and now I am. In order to accomplish this on a
        transitional basis (since I don't want the entire web interface to stop
        working while I debug it), and because the code just needs the cleanup, I
        am doing it like this: Each page will sport new declarations at the top:
      
      	RequiredPageArguments("experiment", PAGEARG_EXPERIMENT,
                                    "template",   PAGEARG_TEMPLATE,
                                    "instance",   PAGEARG_INSTANCE,
                                    "metadata",   PAGEARG_METADATA,
                                    "osinfo",     PAGEARG_OSINFO,
                                    "image",      PAGEARG_IMAGE,
                                    "project",    PAGEARG_PROJECT,
                                    "group",      PAGEARG_GROUP,
                                    "user",       PAGEARG_USER,
      			      "node",       PAGEARG_NODE,
      			      "yesno",      PAGEARG_BOOLEAN,
      			      "message",    PAGEARG_STRING,
      			      "age",        PAGEARG_INTEGER,
                                    "cost",       PAGEARG_NUMERIC,
                                    "formfields", PAGEARG_ARRAY,
                                    "unknown",    PAGEARG_ANYTHING);
      
      	OptionalPageArguments("canceled", PAGEARG_BOOLEAN);
      
        The first token in each pair is the name of the global variable to
        set, and the second token is the type. So, for "experiment" we look at
        the URL for a pid/eid or exptidx, etc, sanity check them (safe for a
        DB query), and then try to find that experiment in the DB. If it maps
        to an experiment, set global variable $experiment to the object. Since
        its a required argument, produce an error if not supplied. Similar
        treatment for optional arguments, with the obvious difference.
      
        The goal is to have ALL argument processing in one place, consistent,
        and correct. I've found numerous places where we leak unchecked
        arguments into queries. It also cuts out a lot of duplicated code.
      
      * To make the above easier to deal with, I've been replacing lots of
        hardcoded URLS in the code of the form:
      
      	foo.php3?pid=$pid&eid=$eid ...
      
        with
      
              CreateURL("foo", $experiment)
      
        which creates and returns the neccessary url string, by looking at
        the type of its arguments (experiment, template, instance, etc.)
      
        Eventually plan to replace them all so that URL handling throughout
        the code is all defined in one place (all the new URL code is in
        url_defs.php).
      
      * I have cranked up error reporting to tell me anytime a variable is
        used before it is initialized, plus a bunch of other stuff that PHP
        deems improper. Think of it like -Wall ... and boy we get a lot of
        warnings.  A very large percentage of the diffs are to fix all these
        warnings.
      
        The warnings are currently going to /usr/testbed/log/php-errors.log,
        and I'll be adding a script to capture them each night and mail them
        to tbops. This file also gets errors (this will be a change for
        developers; rather then seeing errors and warnings dumped in the
        middle of web pages, they will go to this file instead).
      
      * Major refactoring of the code. More objects (nodes, images, osids).
        Moving tons of queries into the objects in the hopes of someday
        getting to a point where we can split the web interface onto a
        different server.  Lots of general cleanup.
      48acc8e3
  2. 09 Jan, 2007 1 commit
  3. 20 Dec, 2006 1 commit
  4. 10 Nov, 2003 1 commit
  5. 13 Feb, 2003 1 commit
  6. 24 Jan, 2003 1 commit
  7. 09 Dec, 2002 2 commits
  8. 24 Oct, 2002 1 commit
    • Leigh B. Stoller's avatar
      Add stuff to update the SFS keys on the fileserver after someone uses · cc1c4e54
      Leigh B. Stoller authored
      the web page to add/delete a key! Nodes were getting updated, but
      the SFS server was not cause there was no program to fire the new keys
      over there.
      
      The operation is currently simple. sfskey_update on boss constructs a
      new sfs_users file. Then it runs sfskey_update.proxy on ops (vis ssh
      of course), and gives it the new file via stdin. The proxy creates the
      .pub version from that file, and then moves the two new files into
      place in /etc/sfs. I employ the same locking stuff that Rob did in
      exports_setup and named_setup to prevent multiple updates from
      stacking up. Not likely, but might as well. Also note that the entire
      file is regenerated. When we get 5000 users this might have to change
      a little bit!
      
      Also changed mkacct slightly. Instead of doing a "sfskey register" on
      ops after generating the new key, just add it to the DB. Then fire off
      an sfskey_update to push the new keys over. Also add a -f flag to
      mkacct for use from the web page to indicate that the user has changed
      his SFS keys. Note that mkacct should probably take a series of flags
      since we have it as a wrapper for several things. Or maybe split all
      this stuff up.
      cc1c4e54
  9. 16 Sep, 2002 1 commit
  10. 10 Sep, 2002 1 commit
  11. 20 Aug, 2002 1 commit
  12. 10 Jul, 2002 1 commit
  13. 07 Jul, 2002 1 commit
  14. 16 Jun, 2002 1 commit
  15. 12 Jun, 2002 1 commit
    • Leigh B. Stoller's avatar
      The big key changes ... Deprecate the two pubkey slots in the users · 6c6f8baf
      Leigh B. Stoller authored
      table and create a new table to hold user_pubkeys, indexed by the
      comment field of the key. Change mkacct to insert newly created Emulab
      keys into that table, and to regen the users authorized_keys file
      from the DB. Users should no longer edit their own authorized_keys
      file or the changes will be lost (I put a comment in their files).
      
      Change the three pages that deal with keys. join/new project can now
      take a file of multiple keys; each is inserted. Moved the key stuff
      that was in the update user info page into a new pubkeys page that
      allows users to add/sub keys easily. New key additions are password
      protected.
      
      Unrelated change: Add an audit mode to mkacct to log its output and
      send it to the tblogs email. Previously, warnings and errors tended to
      get lost.
      6c6f8baf