1. 26 Jun, 2006 1 commit
  2. 20 Sep, 2004 1 commit
    • Leigh Stoller's avatar
      More brutal hacks for elab-in-elab, although this one is actually · 3e34ba5f
      Leigh Stoller authored
      handy by itself; add -i option to tmcc (C and perl version) to turn
      off SSL mode. So instead of a separate nossl binary, the SSL binary
      can now operate in nossl mode. Like the previous revision, this is
      also controlled by an environment variable so that rc.inelab can make
      sure that all children use the nossl mode. Why? Cause the inner elab
      will have its own set of certificates, and the outer elab tmcd will
      reject the connections. Simpler to just speak nossl to the outer elab,
      rather than try to mess with two sets of certs.
      3e34ba5f
  3. 24 Jun, 2003 1 commit
  4. 07 Jul, 2002 1 commit
  5. 10 Apr, 2002 1 commit
    • Leigh Stoller's avatar
      A fair amount of cleanup, both of the ssl stuff and of tmcd in general. · 40d072cf
      Leigh Stoller authored
      Deal with ssl/nossl clients; at Chad's suggestion add a small handshake
      tag to ssl enabled tmcc/tmcd which tells tmcd that it needs to enter
      full SSL mode. This allows old tmcc to connect to an ssl enabled tmcd,
      and still work okay.
      
      I've also ironed out the verification stuff. At the client, we make sure
      that the CommonName field of the peer cert maps to the same address that
      we connected to (bossnode).
      
      At the server, we check the OU field of the cert (we create the client
      certs with the OU field set to the node type; a convention I made up!).
      It must match the type of the node, as we get it from the nodes table.
      Also check the CommonName to make sure it matches our hostname. This is
      by no means bulletproof, but perfection is costly, and we don't have the
      money!
      
      Also cleaned up the REDIRECT testmode stuff. Instead of ifdef'ed under
      TESTMODE, leave it compiled in all the time, but only allow it from the
      local node (where tmcd is running). Mere users will not be able to
      access it, but testbed people can use it since they have accounts on the
      boss node.
      40d072cf
  6. 04 Apr, 2002 1 commit
    • Leigh Stoller's avatar
      First round of ssl'ification of tmcd/tmcc. This needs to be looked at · ffe40d2e
      Leigh Stoller authored
      by smarter brains by me (I have asked Dave to look it over). Anyway ...
      
      I added a top level ssl directory which has a bunch of goo for
      creating certificates and keys.  I currently create a Certificate
      Authority, a server certificate, and a client certificate. The private
      keys for all three are unencrypted, so no password is required. All
      key/cert combos can be installed on boss. The client side needs the
      key/cert pair (in one file), and the CA cert (no key!). There are
      install targets to do this. NOTE, you do not want to create/install
      these without being careful, since you could instantly invalidate all
      the clients!
      
      I have added the necessary SSL routines to tmcd/tmcc. See the ssl.c
      and ssl.h file. I have set it up so that with all you need to do is
      uncomment three lines in the makefile, and accept,connect,read,write,
      and close are redirected to SSL'ified versions in ssl.c. The current
      security model is that the client and server both "demand" certificate
      verification from the other side (as opposed to just server side
      verification). tmcd reads in server.pem, while tmcc reads in
      client.pem. Both read in the emulab.pem (CA cert with no private
      key).
      
      Initial testing indicates I have done this at least partially
      correctly. Whoever invented this stuff has a really twisted mind
      though. There are some questions at the top of ssl.c that need to be
      answered.
      
      Oh, also redid all the syslog stuff throughout tmcd.
      ffe40d2e