1. 13 May, 2014 1 commit
  2. 14 May, 2013 1 commit
  3. 29 Mar, 2013 1 commit
  4. 22 Mar, 2013 1 commit
  5. 14 Feb, 2013 1 commit
  6. 04 Oct, 2012 1 commit
  7. 24 Sep, 2012 1 commit
    • Eric Eide's avatar
      Replace license symbols with {{{ }}}-enclosed license blocks. · 6df609a9
      Eric Eide authored
      This commit is intended to makes the license status of Emulab and
      ProtoGENI source files more clear.  It replaces license symbols like
      "EMULAB-COPYRIGHT" and "GENIPUBLIC-COPYRIGHT" with {{{ }}}-delimited
      blocks that contain actual license statements.
      
      This change was driven by the fact that today, most people acquire and
      track Emulab and ProtoGENI sources via git.
      
      Before the Emulab source code was kept in git, the Flux Research Group
      at the University of Utah would roll distributions by making tar
      files.  As part of that process, the Flux Group would replace the
      license symbols in the source files with actual license statements.
      
      When the Flux Group moved to git, people outside of the group started
      to see the source files with the "unexpanded" symbols.  This meant
      that people acquired source files without actual license statements in
      them.  All the relevant files had Utah *copyright* statements in them,
      but without the expanded *license* statements, the licensing status of
      the source files was unclear.
      
      This commit is intended to clear up that confusion.
      
      Most Utah-copyrighted files in the Emulab source tree are distributed
      under the terms of the Affero GNU General Public License, version 3
      (AGPLv3).
      
      Most Utah-copyrighted files related to ProtoGENI are distributed under
      the terms of the GENI Public License, which is a BSD-like open-source
      license.
      
      Some Utah-copyrighted files in the Emulab source tree are distributed
      under the terms of the GNU Lesser General Public License, version 2.1
      (LGPL).
      6df609a9
  8. 04 Apr, 2012 1 commit
  9. 06 Mar, 2012 1 commit
  10. 17 Feb, 2012 1 commit
  11. 01 Feb, 2012 1 commit
  12. 30 Jan, 2012 1 commit
    • Leigh Stoller's avatar
      Changes to make it easier for ProtoGeni users! · 3dac3cb8
      Leigh Stoller authored
      * When generating an encrypted SSL certificate, derive an SSH public
        key from the private key and store in the pubkeys table for the
        user. Note that SSH version 2 RSA keys are actually just openssl RSA
        keys, and that ssh-keygen can extract an ssh compatible public key
        from it.
      
      * Change getsslcert.php3 to return the ssh private and public key when
        give the "ssh" boolean argument. This is mostly for the benefit of
        Flack; we probably need a better UI for the user to get this stuff. 
      
      * Remove the requirement that users must upload an SSH key to use
        protogeni, since we now create one for them when they create their
        encrypted SSL certificate.
      
      * Some cleanup; instead of looking at the comment field to determine
        what pubkeys are Emulab created (and should not be deleted), use new
        internal and nodelete flags.
      3dac3cb8
  13. 02 Dec, 2011 1 commit
    • Leigh Stoller's avatar
      Changes to allow new users to request their encrypted SSL certificate · 8def7e94
      Leigh Stoller authored
      on the join/start project pages. At the moment this is conditional
      under the PROTOGENI flag, since users on non-protogeni sites rarely
      need an encrypted SSL certificate. The initial passphrase has to be
      store someplace since we cannot built the certificate until the user
      is approved, so put it into the users table, and delete when the first
      certificate is built (at approval).
      8def7e94
  14. 07 Nov, 2011 1 commit
  15. 30 Aug, 2011 1 commit
  16. 13 Mar, 2010 2 commits
  17. 12 Mar, 2010 1 commit
  18. 23 Feb, 2009 1 commit
  19. 08 Jan, 2009 1 commit
  20. 25 Feb, 2008 1 commit
  21. 23 Jan, 2008 1 commit
  22. 07 Nov, 2007 1 commit
    • Leigh Stoller's avatar
      Just for kicks and cause I'm such a fan of "the wiki" I went ahead and · b15d5f78
      Leigh Stoller authored
      fully integrated Trac. I put a new installation in /usr/local/www/data/trac
      and I added all the hooks for adding users and doing the cross machine
      login. Only STUDLY() users will actually see the new option in the collab
      dropdown menu.
      
      I have not done anything to make the trac installation look like Emulab.
      b15d5f78
  23. 19 Sep, 2007 1 commit
    • Russ Fish's avatar
      Move moduserinfo page form logic to a backend Perl script and methods. · 8965aad8
      Russ Fish authored
       GNUmakefile.in configure configure.in  - Add the testbed/backend directory.
       www/moduserinfo.php3 - The reworked PHP page.
       www/user_defs.php - Add a ModUserInfo method bridging to the script via XML,
           and remove the ChangeProfile method that is being replaced.
       backend/{moduserinfo,GNUmakefile}.in - Add the Perl script.
       db/User.pm.in - Add a ModUserInfo worker class method for script arg checking.
           Also SetUserInterface, SetWindowsPassword, and AccessCheck methods,
           and a copy of the escapeshellarg fn.
       sql/database-fill.sql - Add some to the table_regex 'users' checking patterns.
      
      Support stuff:
       account/tbacct.in - Update the UpdateWindowsPassword() function.
       db/libdb.pm.in - Add TBDB_USER_INTERFACE_EMULAB and TBDB_USER_INTERFACE_PLAB().
       tbsetup/libtestbed.pm.in - Add TB*EMAIL, TBMAIL_* vars (OPS, WWW, AUDIT).
      8965aad8
  24. 16 Mar, 2007 2 commits
    • Leigh Stoller's avatar
      Do not create initial public keys for elabman since they are · 3c2b27c2
      Leigh Stoller authored
      unencrypted, not to mention useless.
      3c2b27c2
    • Leigh Stoller's avatar
      Change to elabman handling, to setup an account that we can use for · d7f33445
      Leigh Stoller authored
      helping remote sites setup and update.
      
      * Added a V2 (DSA) key to the install directory that us inserted into
        the pubkeys table for the elabman. This key is encrypted and stored in
        /root/.ssh/elabman_dsa on Utah's boss.
      
      * elabman now starts out as webonly=0,status='active' with a real
        shell on both boss and ops.
      
      * freeze/thaw user now treat elabman as special, giving elabman a real
        account on boss and ops when thawed.
      
      * Addeda "notes" entry to the user profile that indicates the account
        can be frozen once the remote emulab is up and running.
      d7f33445
  25. 16 Jan, 2007 1 commit
    • Leigh Stoller's avatar
      Move the bulk (or guts) of newuser and newproject from the web · 16aaa101
      Leigh Stoller authored
      interface to the backend. There are new scripts that can be called
      from the command line:
      
      	newuser xmlfile
      	newproj xmlfile
      
      They both run from small xmlfiles that are generated by the web
      interface from the form data. I also moved user verification to the
      backend so that we do not have duplicated email functions, but that
      was a small change.
      
      Upon error, the xmlfile is saved and sent to tbops so that we can
      rerun the command by hand, rather then force user to fill out form
      again. I also do a better job of putting the form back up intact when
      there are internal errors.
      
      If the user provides an initial public key, that is put into the xml
      file as well and addpubkey is called from newuser instead of the web
      interface. A more general change to addpukey is that it is now
      *always* called as "nobody". This script was a morass of confusion
      cause of having to call it as nobody before the user actually
      exists. In fact, another of my ongoing projects is to reduce the
      number of scripts called as a particular user, but thats a story for
      another day. Anyway, the script is always called as nobody, but we
      pass along the implied user in the environment so that it can do
      permission checks.
      16aaa101
  26. 09 Jan, 2007 1 commit
  27. 03 Jan, 2007 3 commits
    • Leigh Stoller's avatar
      Fix minor bug. · 1197b0ff
      Leigh Stoller authored
      1197b0ff
    • Leigh Stoller's avatar
      Move most of the password changing code to the backend, as I just did · 32983db4
      Leigh Stoller authored
      for email changes. Currently, the hash is passed in on the command
      line from the web interface, and there is no method for invoking it on
      the command line and providing a text password, but that is an easy
      change now that the bulk of the code is in the backend instead of the
      web interface.
      
      Note that this change took longer cause we allow inactive,frozen, and
      wikionly users to change their password, but since they do not have
      accounts (yet) the operation is invoked as user "nobody" and tbacct
      about to me made aware of that possibility.
      
      Also add equivalent auditing email message that goes to the user when
      password is changed.
      
      Also more cleanup and conversion to objects.
      32983db4
    • Leigh Stoller's avatar
      Started out adding an email message to users whenever their email · 6d50ce56
      Leigh Stoller authored
      address is changed by an admin, but in the process I decided to
      implement the entire operation in the backend, since that is what we
      want to do anyway for all operations. Email is sent from the backend
      script as well.
      6d50ce56
  28. 20 Oct, 2006 1 commit
    • Mike Hibler's avatar
      Wow, this should make me look important! · afa5e919
      Mike Hibler authored
      Two-day boondoggle to support "/scratch", an optional large, shared filesystem
      for users.  To do this, I needed to find all the instances where /proj is used
      and behave accordingly.  The boondoggle part was the decision to gather up all
      the hardwired instances of shared directory names ("/proj", "/users", etc.)
      so that they are set in a common place (via unexposed configure variables).
      This is a boondoggle because:
      
      1. I didn't change the client-side scripts.  They need a different mechanism
         (e.g., tmcd) to get the info, configure is the wrong way.
      
      2. Even if I had done #1 it is likely--no, certain--that something would
         fail if you tried to rename "/proj" to be "/mike".  These names are just
         too ingrained.
      
      3. We may not even use "/scratch" as it turns out.
      
      Note, I also didn't fix any of the .html documentation.  Anyway, it is done.
      To maintain my illusion in the future you should:
      
      1. Have perl scripts include "use libtestbed" and use the defined PROJROOT(),
         et.al. functions where possible.  If not possible, make sure they run
         through configure and use @PROJROOT_DIR@, etc.
      
      2. Use the configure method for python, C, php and other languages.
      
      3. There are perl (TBValidUserDir) and php (VALIDUSERPATH) functions which
         you should call to determine if an NS, template parameter, tarball or
         other file are in "an acceptable location."  Use these functions where
         possible.  They know about the optional "scratch" filesystem.  Note that
         the perl function is over-engineered to handles cases that don't occur
         in nature.
      afa5e919
  29. 01 Jun, 2006 1 commit
    • Leigh Stoller's avatar
      Add suport for building per project, group, experiment DBs on ops. At · adbcfd47
      Leigh Stoller authored
      present the per-experiment stuff is not hooked in, but will be for
      templates later. Anyway, each user gets a mysql account on ops, with
      password set to the same as their mailman password (which is also
      their jabber password, etc). Each project gets a DB named by the
      project, and each group gets a DB named by pid,gid. Users are placed
      on the access lists for the DBs as you would expect.
      
      There is a little bit of complexity to make sure that we can create
      DBs on ops outside the Emulab path and grant access to them, without
      Emulab getting confused or mucking things up.
      
      I'll get a news item done ...
      adbcfd47
  30. 02 Mar, 2006 1 commit
  31. 10 Nov, 2005 1 commit
  32. 14 Oct, 2005 2 commits
  33. 04 Oct, 2005 1 commit
  34. 20 Sep, 2005 1 commit
    • Leigh Stoller's avatar
      Checkpoint Chat Support stuff; mostly working but still needs work. · 90cdfb60
      Leigh Stoller authored
      Ready for local people to play with.
      
      The current implementation is that we munge the mysql DB on ops directly,
      underneath jabberd. We add/del users from the authreg table, and set up
      buddy lists in the roster-items and roster-groups tables. modgroups will
      invoke the modjabberbuddies whenever a user is added or removed from a
      group, although currently I am building buddy lists for just the top level
      projects.
      
      The "My IM" link in the collaboration menu will tell the user their
      jabber ID on the Emulab chat server (jabber.emulab.net) and also give
      them their plain text password to plug into their chat client.
      
      I also installed a java applet (Jeti) that is a simple chat client that
      I found off the jabberware page. Like all applets, it exhibits a degree
      of flakiness, but I really do not expect too many people to use it.
      90cdfb60
  35. 20 Jul, 2005 1 commit