1. 21 Dec, 2004 1 commit
    • Leigh Stoller's avatar
      Rework old XMLRPC code that I stuck into defs.php3 a long time ago, · 98d2ab5f
      Leigh Stoller authored
      but never made use of. Moved to its own file (www/xmlrpc.php3.in)
      and made to be more like the perl library I did a couple of months ago,
      that presents an interface to an sslxmlrpc server, via the sslxmlrpc
      client program operating in "raw" mode (takes raw xml on stdin, and
      returns raw xml on stdout).
      
      Added ELABINELAB code to nodetipacl.php3 so that you can click on
      console icon on an inner emulab web page, and it will ask the outer
      emulab sslxmlrpc server for the stuff it needs, and return that to the
      user.
      98d2ab5f
  2. 09 Nov, 2004 1 commit
  3. 13 Apr, 2004 1 commit
    • Leigh Stoller's avatar
      Do not allow images that are marked global to be created via the · 95b185bd
      Leigh Stoller authored
      create_image script. Also check path; filename must translate to a path
      on /proj, /users, or /groups since the image is actually written from
      the node, and those are the only places it makes sense to write them to.
      
      Minor change to web interface; email error messages to user *and* to
      tbops; was going only to tbops.
      95b185bd
  4. 22 Mar, 2004 1 commit
    • Leigh Stoller's avatar
      Add XMLRPC() routine to demonstrate how to use the xmlrpc backend from · 78195614
      Leigh Stoller authored
      the webserver. This is not being used anyplace, except to test that it
      does indeed work. At some point we may want to change how we talk to
      the backend, going through the xmlrpc server instead of direct to
      scripts. The reason for doing this would be to eventually split the
      webserver off from the DB node, but that will take a lot more work
      (basically have to xmlrpc the entire backend, and at present the web
      interface uses a lot of scripts)!
      
      Note that mysql 4.0 has builtin support for ssl based connections. We
      could use that for access to the DB if/when we want to split off the
      web server.
      78195614
  5. 17 Mar, 2004 1 commit
  6. 15 Dec, 2003 1 commit
    • Leigh Stoller's avatar
      Commit functioning XML interface. At present, only isadmin people will · 51310e62
      Leigh Stoller authored
      see this new page. That allows me to inflict pain on testbed
      developers while we work out any kinks. These new pages implement an
      XML interface to experiment creation.
      
      Some new files:
      
      beginexp_html.php3: A wrapper for the actual beginexp form. This page
      includes the form, and then invokes the XMLRPC backend page.
      
      beginexp_form.html: The original form code, split out from beginexp
      and turned into a module that can be included into another file.  It
      is slightly reorganized to make it easier to include as a module.  The
      idea is that the plab_ez form will be recast in this model, reducing
      some redundant complexity.
      
      beginexp_xml.php3: The XML backend. The idea is that the html page
      packages up the form arguments as an XMLRPC message, and invokes this
      page with the XML goo encoded in the URL. It also passes along the
      uid/cookie so that the authentication happens properly (https of
      course). The page decodes the URL into PHP datatypes, and does much of
      the same argument checking that beginexp used to do. Errors are stored
      up in the same manner, but instead of spitting back html, it now spits
      back a "structure", encoded in XML so that the _html page can put up a
      new form. Basically, all output is sent back via an XML encoded
      structure and displayed in a form that the invoking script deems
      appropriate.
      
      This gives us a pure XMLRPC interface, which we wrap with a form interface
      so that it looks just like it did before.
      
      The next step is to provide an alternate front end, but that will require
      some certificate stuff that I have not worked out yet.
      
      Oh, one more item. The syntax check stuff has been altered a bit.
      Instead of invoking the beginexp page, which meant a zillion special
      tests, I now invoke nscheck.php3 directly from the button. Took a few
      extra lines of Javascript to do this, so watch out for problems there
      too.
      51310e62
  7. 10 Dec, 2003 1 commit
  8. 01 Dec, 2003 2 commits
    • Leigh Stoller's avatar
      Allow user to specify email address when logging in. Some minor reorg · 41d37ee8
      Leigh Stoller authored
      of the CHECKEMAIL function as a result.
      41d37ee8
    • Leigh Stoller's avatar
      Fix glitch with switching between browsers. Stems from the goal of not · 0efa7677
      Leigh Stoller authored
      switching the menu when user switches between http and https (since
      the secret cookie is not transferred in http, we have no way of
      actually knowing the user is logged in from the browser). So, add
      another cookie that is a crc32 hash of the real cookie, and trasnfer
      that in http mode. A valid crc32 hash simply indicates that the user
      is almost certainly logged in from the browser (but does not impart
      any privs until we get the real cookie), while the absence of the
      crc32 or a mismatch indicates that user is almost certainly *not*
      logged in from the browser, and so we draw the usual "not logged in"
      page.
      0efa7677
  9. 10 Nov, 2003 1 commit
    • Leigh Stoller's avatar
      More security hacking: · 5c50efb9
      Leigh Stoller authored
      * Use superglobals for page/form arguments.
      
      * Add regex functions for email and phone number.
      
      * Remove stripslashes calls; not needed and actually incorrect for
        data returned from the DB.
      5c50efb9
  10. 07 Nov, 2003 2 commits
  11. 30 Sep, 2003 1 commit
    • Leigh Stoller's avatar
      Up to now we have had two state variables associated with an experiment, · 4269dad1
      Leigh Stoller authored
      plus a lock field. The lock field was a simple "experiment locked, go away"
      slot that is easy to use when you do not care about the actual state that
      an experiment is in, just that it is in "transition" and should not be
      messed with.
      
      The other two state variables are "state" and "batchstate". The former
      (state) is the original variable that Chris added, and was used by the tb*
      scripts to make sure that the experiment was in the state each particular
      script wanted them to be in. But over time (and with the addition of so
      much wrapper goo around them), "state" has leaked out all over the place to
      determine what operations on an experiment are allowed, and if/when it
      should be displayed in various web pages. There are a set of transition
      states in addition to the usual "active", "swapped", etc like "swapping"
      that make testing state a pain in the butt.
      
      I added the other state variable ("batchstate") when I did the batch
      system, obviously! It was intended as a wrapper state to control access to
      the batch queue, and to prevent batch experiments from being messed with
      except when it was really okay (for example, its okay to terminate a
      swapped out batch experiment, but not a swapped in batch experiment since
      that would confuse the batch daemon). There are fewer of these states, plus
      one additional state for "modifying" experiments.
      
      So what I have done is change the system to use "batchstate" for all
      experiments to control entry into the swap system, from the web interface,
      from the command line, and from the batch daemon. The other state variable
      still exists, and will be brutally pushed back under the surface until its
      just a vague memory, used only by the original tb* scripts. This will
      happen over time, and the "batchstate" variable will be renamed once I am
      convinced that this was the right thing to do and that my changes actually
      work as intended.
      
      Only people who have bothered to read this far will know that I also added
      the ability to cancel experiment swapin in progress. For that I am using
      the "canceled" flag (ah, this one was named properly from the start!), and
      I test that at various times in assign_wrapper and tbswap. A minor downside
      right now is that a canceled swapin looks too much like a failed swapin,
      and so tbops gets email about it. I'll fix that at some point (sometime
      after the boss complains).
      
      I also cleaned up various bits of code, replacing direct calls to exec
      with calls to the recently improved SUEXEC interface. This removes
      some cruft from each script that calls an external script.
      
      Cleaned up modifyexp.ph3 quite a bit, reformatting and indenting.
      Also fixed to not run the parser directly! This was very wrong; should
      call nscheck instead. Changed to use "nobody" group instead of group
      flux (made the same change in nscheck).
      
      There is a script in the sql directory called newstates.pl. It needs
      to be run to initialize the batchstate slot of the experiments table
      for all existing experiments.
      4269dad1
  12. 01 Jul, 2003 1 commit
    • Leigh Stoller's avatar
      Commit SSH node menu option, and support. Heavily based/borrowed from · f4bf9b5c
      Leigh Stoller authored
      Chad's tiptunnel stuff. Requires ssh-mime.pl in the current directory,
      to be installed as a browser helper application on the users machine.
      Copied Chad's instructions for the tiptunnel from the FAQ, and stuck
      it into ssh-mime.html as a help file (not really FAQ material). The
      intent of this of course is to make ssh into jailed nodes easier, but
      not having to know port numbers, or directly log into ops first, when
      the jails are using control network IPs in our private IP space (not
      routable from outside).
      f4bf9b5c
  13. 10 Jun, 2003 1 commit
  14. 24 Apr, 2003 1 commit
  15. 23 Apr, 2003 1 commit
  16. 02 Apr, 2003 1 commit
    • Mac Newbold's avatar
      Massive reworking of our structure for defs files. · 09eb5852
      Mac Newbold authored
      Before:
      The main defs file (ie for configure) had an entry for WWWDEFS that
      pointed to a <@WWWDEFS@>-defs.php3 file in the www/ directory. The www
      defs file loaded some values about web pages, URLs, and some web
      configuration parameters.
      
      Problem:
      Anything that was only in the www defs file was not accessible in the rest
      of the universe (ie perl, C, and any other non-web-page scripts). For
      instance, you couldn't have a perl script send an email to a user with a
      link to the web site.
      
      Solution:
      Nuke all the www-defs files, move any important values into the main
      configure, and change the web defs infrastructure to respect that. This
      also meant adding about 3 lines each to all of the configure defs files.
      (There really are about 10 new values you can change in your defs file,
      but in almost all cases, the default values are the right thing.)
      
      Upgrading:
      External sites will need to move a few variables from their www-defs file
      into their configure defs file. The example file should make it pretty
      obvious. They may also want to customize some of the other vars that are
      mentioned in configure.in and www/defs.php3.in .
      09eb5852
  17. 25 Feb, 2003 1 commit
  18. 13 Feb, 2003 1 commit
  19. 24 Jan, 2003 1 commit
  20. 23 Jan, 2003 1 commit
  21. 10 Dec, 2002 1 commit
  22. 09 Dec, 2002 1 commit
    • Leigh Stoller's avatar
      Wrap up mkacct calls with a function call, like ADDPUBKEY. Checks to · 356a9fc0
      Leigh Stoller authored
      see if user actually has an account (by checking user status user
      table). Avoids trying to run suexec as a user that does not actuall
      exist on boss cause they do not have an account (since we allow users
      to edit personal info before being approved and getting an account).
      For addpubkey, we have to run the program as someone, so when the user
      does not have an account, run it as nobody.
      356a9fc0
  23. 01 Oct, 2002 2 commits
  24. 26 Aug, 2002 1 commit
    • Leigh Stoller's avatar
      Rework all of the ssh key handling. Moved the parsing and verification · ae77bdb6
      Leigh Stoller authored
      to an external perl script, and use ssh-keygen to attempt conversion
      off SSH2/SECSH key formats. This is actually a simplification of the
      php code, which is not generally very good at this kind of thing (or
      maybe I mean perl is just better at it). The parsing and error
      handling it also much improved.
      ae77bdb6
  25. 10 Jul, 2002 1 commit
  26. 16 Jun, 2002 1 commit
  27. 22 May, 2002 1 commit
    • Leigh Stoller's avatar
      A large set of authorization changes. · d2360b6d
      Leigh Stoller authored
      * Cleanup! A lot of the structure derived from the early frame days,
        which had a noticable (and bad) effect on how I wrote the stuff.  I
        cleaned up most of that yuckyness.
      
      * In process, optimize a little bit on the queries. The old code did
        about 9 queries just to write out the menu options, and then
        repeated most of those queries again in the page guts. I've
        consolidated the queries as much as possible (to 3) and cache all
        the results.
      
      * Fix up problem with users who forget their passwords before
        verification. Basically, I fixed the more general problem of not
        being able to update your user info before verification/approval;
        users now get that menu option no matter their status.
      
      * Fix up problem of users being able to access pages before
        verification (but after approval) by going around the menu options.
        The page level check (after the menu is drawn) now checks all
        conditions (password expired, unverified, unapproved, timedout, and
        also nologins()).
      
      * Minor change in approveuser; do not show the new account to the
        project leader until the new user has verified his account.
      
      * Change verification method, as reqwuested by Dave.  In addition to
        providing the key, also provide a web link to take the user straight
        to verification. I actually take them direct to the login page, and
        pass the key in as an argument. If the user is already logged in,
        bypass and go directly to the verify page (not the form page of
        course).  If the user is not logged in, let him log in, and then
        forward the key onward to the verify page. Basically, bypass the
        form all the time, and just do the verification.
      
      * Minor change in showuser; Do not show pid/groups not approved in,
        and if the count is zero, do not draw the table headings.
      d2360b6d
  28. 17 Apr, 2002 1 commit
  29. 15 Apr, 2002 1 commit
  30. 27 Feb, 2002 1 commit
  31. 12 Feb, 2002 1 commit
  32. 08 Feb, 2002 1 commit
    • Leigh Stoller's avatar
      Add $TBMAINSITE=0 default. · d720a46b
      Leigh Stoller authored
      Fix up SUEXEC and TBERROR error handling so that <XMP> tags are not
      included in the email message!
      Add CHECKURL() function (which will eventually replace VERIFYURL())
      which returns error strings instead of calling USERERROR. This is
      in support of new forms code.
      Add CHECKPASSWORD() function; same code was in three different places.
      This version returns the error string from checkpass.
      d720a46b
  33. 11 Jan, 2002 1 commit
  34. 09 Jan, 2002 1 commit
  35. 20 Dec, 2001 1 commit
  36. 05 Dec, 2001 1 commit
    • Leigh Stoller's avatar
      More inventive ways to avoid real work; add password expiration · 3e2bb386
      Leigh Stoller authored
      capability. New DB field in the users table (pswd_expires) which is a
      date field that initially gets set to one year after the user account
      is created. When the password is changed via the web form, it gets
      bumped 1 more year into the future *unless* the current uid is
      different from the target_uid (ie: you are changing a password for
      someone else). In that case, the expiration is set to the current
      date, which forces the target user to change his password next time he
      logs in. I've changed the menu/auth code to look for password
      expiration, and when expired the menu options contain just a single
      option to change the password. All other https pages will fail with a
      password expired message. Normal text pages will work of course.
      3e2bb386
  37. 29 Oct, 2001 1 commit
    • Leigh Stoller's avatar
      A bunch of lastlogin changes! The user and experiment information · 4658545e
      Leigh Stoller authored
      pages now show the lastlogin info that is gathered from sshd syslog
      reporting to users. That info is parsed by security/genlastlog.c, and
      entered into the DB in the nodeuidlastlogin and uidnodelastlogin
      tables. If not obvious from the names, for each user we want the last time
      they logged in anyplace, and for each node we want the last time anyone
      logged into it. The latter is obviously more useful for scheduling
      purposes. All of the various images have new /etc/syslog.conf files,
      and the 6.2 got new sshd_configs (all cvsup'ed with kill -HUP). There
      is an entry in boss:/etc/crontab and users:/etc/syslog.conf. All of
      this is decribed in greater detail in security/genlastlog.c.
      4658545e