...
 
Commits (3318)

Too many changes to show.

To preserve performance only 1000 of 1000+ files are displayed.

#
# Copyright (c) 2000-2016 University of Utah and the Flux Group.
# Copyright (c) 2000-2017 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -52,7 +52,7 @@ ifeq ($(STANDALONE_CLEARINGHOUSE),0)
SUBDIRS = \
clientside/lib \
db assign www @optional_subdirs@ clientside ipod security sensors \
pxe tbsetup account tmcd utils backend tip ipod vis \
pxe tbsetup account tmcd utils backend ipod vis \
sensors os xmlrpc autofs install/newnode_sshkeys \
tools/svn collab/exp-vis node_usage install
ifeq ($(ISMAINSITE),1)
......@@ -153,14 +153,12 @@ ops-install:
@$(MAKE) -C rc.d control-install
@$(MAKE) -C tbsetup control-install
@$(MAKE) -C security control-install
@$(MAKE) -C tip control-install
@$(MAKE) -C db control-install
@$(MAKE) -C utils control-install
@$(MAKE) -C clientside control-install
ifeq ($(EVENTSYS),1)
@$(MAKE) -C event control-install
endif
@$(MAKE) -C xmlrpc control-install
@$(MAKE) -C account control-install
ifeq ($(PELABSUPPORT),1)
@$(MAKE) -C pelab control-install
......@@ -211,7 +209,7 @@ just-builddirs:
tipserv-install:
-mkdir -p $(INSTALL_TOPDIR)/log/tiplogs
-mkdir -p $(INSTALL_TOPDIR)/etc
@$(MAKE) -C tip tipserv-install
@$(MAKE) -C clientside/tip tipserv-install
@$(MAKE) -C clientside/os/capture tipserv-install
@$(MAKE) -C tbsetup tipserv-install
......@@ -222,31 +220,22 @@ client-mkdirs:
client:
@$(MAKE) -C clientside client
@$(MAKE) -C os client
ifneq ($(SYSTEM),CYGWIN_NT-5.1)
@$(MAKE) -C tip client
endif
client-install: client client-mkdirs
@$(MAKE) -C clientside client-install
@$(MAKE) -C os client-install
ifneq ($(SYSTEM),CYGWIN_NT-5.1)
@$(MAKE) -C tip client-install
endif
subboss:
@$(MAKE) -C clientside subboss
@$(MAKE) -C tbsetup subboss
@$(MAKE) -C db subboss
@$(MAKE) -C os subboss
ifneq ($(SYSTEM),CYGWIN_NT-5.1)
@$(MAKE) -C tip client
endif
@$(MAKE) -C utils subboss
subboss-install: subboss
@$(MAKE) -C clientside subboss-install
@$(MAKE) -C tbsetup subboss-install
@$(MAKE) -C os subboss-install
ifneq ($(SYSTEM),CYGWIN_NT-5.1)
@$(MAKE) -C tip client-install
endif
@$(MAKE) -C utils subboss-install
@$(MAKE) -C db subboss-install
@$(MAKE) -C rc.d subboss-install
......@@ -289,39 +278,27 @@ mfsoscheck:
fi
mfs: mfsoscheck
@$(MAKE) -C os mfs
@$(MAKE) -C clientside mfs
mfs-nostatic: mfsoscheck
@NOSTATIC=1 $(MAKE) -C os mfs
@NOSTATIC=1 $(MAKE) -C clientside mfs
mfs-install: destdircheck mfs client-mkdirs
@$(MAKE) -C os mfs-install
@$(MAKE) -C clientside mfs-install
mfs-nostatic-install: destdircheck mfs-nostatic client-mkdirs
@$(MAKE) -C os mfs-install
@$(MAKE) -C clientside mfs-install
frisbee-mfs: mfsoscheck
@$(MAKE) -C cdrom/groklilo client
@$(MAKE) -C os frisbee-mfs
@$(MAKE) -C clientside frisbee-mfs
frisbee-mfs-nostatic: mfsoscheck
@NOSTATIC=1 $(MAKE) -C cdrom/groklilo client
@NOSTATIC=1 $(MAKE) -C os frisbee-mfs
@NOSTATIC=1 $(MAKE) -C clientside frisbee-mfs
frisbee-mfs-install: destdircheck frisbee-mfs
@CLIENT_BINDIR=/etc/testbed $(MAKE) -e -C cdrom/groklilo client-install
@$(MAKE) -C os frisbee-mfs-install
@$(MAKE) -C clientside frisbee-mfs-install
frisbee-mfs-nostatic-install: destdircheck frisbee-mfs-nostatic
@CLIENT_BINDIR=/etc/testbed $(MAKE) -e -C cdrom/groklilo client-install
@$(MAKE) -C os frisbee-mfs-install
@$(MAKE) -C clientside frisbee-mfs-install
newnode-mfs: mfsoscheck
......
......@@ -111,7 +111,7 @@ default-clean:
# This is to avoid warnings about duplicate targets.
default-install-notusing:
ifeq ($(ISMAINSITE),1)
ifeq ($(TBROOT),/usr/testbed/devel/stoller)
ifeq ($(TBROOT),/usr/testbed)
(cd $(SRCDIR) ; \
git status --porcelain -s -b | head -1 | grep -q -s current)
else
......
#!/usr/bin/perl -w
#
# Copyright (c) 2010-2016 University of Utah and the Flux Group.
# Copyright (c) 2010-2018 University of Utah and the Flux Group.
#
# {{{GENIPUBLIC-LICENSE
#
......@@ -70,11 +70,15 @@ my $TB = "@prefix@";
my $USERPATH = "$TB/bin";
my $WITHZFS = @WITHZFS@;
my $ZFS_NOEXPORT = @ZFS_NOEXPORT@;
my $OPSVM_ENABLE = @OPSVM_ENABLE@;
my $OURDOMAIN = "@OURDOMAIN@";
my $ZFS_ROOT = "@ZFS_ROOT@";
my $ZFS_QUOTA_USER = "@ZFS_QUOTA_USER@";
my $ZFS_QUOTA_PROJECT = "@ZFS_QUOTA_PROJECT@";
my $ZFS_QUOTA_GROUP = "@ZFS_QUOTA_GROUP@";
my $ZFS_QUOTA_USER_X = "@ZFS_QUOTA_USER_X@";
my $ZFS_QUOTA_PROJECT_X = "@ZFS_QUOTA_PROJECT_X@";
my $ZFS_QUOTA_GROUP_X = "@ZFS_QUOTA_GROUP_X@";
my $PW = "/usr/sbin/pw";
my $USERADD = "/usr/sbin/pw useradd";
my $USERDEL = "/usr/sbin/pw userdel";
......@@ -85,6 +89,7 @@ my $CHPASS = "/usr/bin/chpass";
my $CHOWN = "/usr/sbin/chown";
my $CHMOD = "/bin/chmod";
my $MKDIR = "/bin/mkdir";
my $CHFLAGS = "/bin/chflags";
my $NOLOGIN = "/sbin/nologin";
my $MV = "/bin/mv";
my $ZFS = "/sbin/zfs";
......@@ -92,11 +97,23 @@ my $KEYGEN = "/usr/bin/ssh-keygen";
my $SKEL = "/usr/share/skel";
my $PIDFILE = "/var/run/mountd.pid";
my $TSFILE = "/var/run/mountd.ts";
my $USEFLAGS = 0;
# XXX
my $NOSUCHUSER = 67;
my $USEREXISTS = 65;
# We use flags to prevent deletion of certain dirs, on FreeBSD 10 or greater.
# Note that when OPSVM_ENABLE=1, the file systems are actually back over
# on boss, so cannot do the chflags here. Hmm.
if (!$OPSVM_ENABLE) {
if (`uname -r` =~ /^(\d+)\.(\d+)/) {
if ($1 >= 10) {
$USEFLAGS = 1;
}
}
}
#
# Testbed Support libraries
#
......@@ -115,6 +132,7 @@ my $FSPROJROOT = "@FSDIR_PROJ@";
my $FSGROUPROOT = "@FSDIR_GROUPS@";
my $FSSCRATCHROOT = "@FSDIR_SCRATCH@";
# These are duplicated in db/Project.pm.in ...
# Project subdir list
my @DIRLIST = ("exp", "images", "logs", "deltas", "tarfiles", "rpms",
"groups", "tiplogs", "images/sigs", "templates");
......@@ -145,6 +163,8 @@ sub MakeDir($$);
sub WhackDir($$);
sub mysystem($);
sub runBusyLoop($);
sub SetNoDelete($);
sub ClearNoDelete($);
#
# Check args.
......@@ -459,7 +479,7 @@ sub AddProject()
my $unix_uid = shift(@ARGV);
# Create the project unix group
if (mysystem("egrep -q -s '^${unix_name}:' /etc/group")) {
if (system("egrep -q -s '^${unix_name}:' /etc/group")) {
print "Adding group $unix_name ...\n";
if (runBusyLoop("$GROUPADD $unix_name -g $unix_gid")) {
......@@ -478,6 +498,9 @@ sub AddProject()
if (! chown($unix_uid, $unix_gid, "$path")) {
fatal("Could not chown '$path' to $unix_uid/$unix_gid: $!");
}
if (SetNoDelete($path)) {
fatal("Could not set no delete on '$path'!\n");
}
# Create required /proj subdirs
foreach my $dir (@DIRLIST) {
......@@ -491,6 +514,9 @@ sub AddProject()
if (! chown($unix_uid, $unix_gid, "$path")) {
fatal("Could not chown '$path' to $unix_uid/$unix_gid: $!");
}
if (SetNoDelete($path)) {
fatal("Could not set no delete on '$path'!\n");
}
}
# Create the /groups directory
......@@ -504,6 +530,9 @@ sub AddProject()
if (! chown($unix_uid, $unix_gid, "$path")) {
fatal("Could not chown '$path' to $unix_uid/$unix_gid: $!");
}
if (SetNoDelete($path)) {
fatal("Could not set no delete on '$path'!\n");
}
# Create a symlink for the default group
$path = "$GROUPROOT/$name/$name";
......@@ -512,6 +541,9 @@ sub AddProject()
fatal("Could not symlink $PROJROOT/$name to $path");
}
}
if (SetNoDelete($path)) {
fatal("Could not set no delete on '$path'!\n");
}
# Finally, create /scratch dir if supported
if ($SCRATCHROOT) {
......@@ -525,6 +557,9 @@ sub AddProject()
if (! chown($unix_uid, $unix_gid, "$path")) {
fatal("Could not chown '$path' to $unix_uid/$unix_gid: $!");
}
if (SetNoDelete($path)) {
fatal("Could not set no delete on '$path'!\n");
}
}
return 0;
......@@ -545,7 +580,7 @@ sub AddGroup()
my $projname = shift(@ARGV);
# Create the group unix group
if (mysystem("egrep -q -s '^${unix_name}:' /etc/group")) {
if (system("egrep -q -s '^${unix_name}:' /etc/group")) {
print "Adding group $unix_name ...\n";
if (runBusyLoop("$GROUPADD $unix_name -g $unix_gid")) {
......@@ -565,6 +600,9 @@ sub AddGroup()
if (! chown($unix_uid, $unix_gid, "$path")) {
fatal("Could not chown '$path' to $unix_uid/$unix_gid: $!");
}
if (SetNoDelete($path)) {
fatal("Could not set no delete on '$path'!\n");
}
# Create required /groups/gid subdirs
foreach my $dir (@GDIRLIST) {
......@@ -578,6 +616,9 @@ sub AddGroup()
if (! chown($unix_uid, $unix_gid, "$path")) {
fatal("Could not chown '$path' to $unix_uid/$unix_gid: $!");
}
if (SetNoDelete($path)) {
fatal("Could not set no delete on '$path'!\n");
}
}
return 0;
......@@ -832,12 +873,22 @@ sub MakeDir($$)
$path = "${ZFS_ROOT}${fs}/$dir";
# XXX quotas
my ($refquota,$mult);
if ($fs eq $USERROOT) {
$cmdarg = "-o quota=$ZFS_QUOTA_USER";
$refquota = $ZFS_QUOTA_USER;
$mult = $ZFS_QUOTA_USER_X;
} elsif ($fs eq $PROJROOT) {
$cmdarg = "-o quota=$ZFS_QUOTA_PROJECT";
$refquota = $ZFS_QUOTA_PROJECT;
$mult = $ZFS_QUOTA_PROJECT_X;
} elsif ($fs eq $GROUPROOT) {
$cmdarg = "-o quota=$ZFS_QUOTA_GROUP";
$refquota = $ZFS_QUOTA_GROUP;
$mult = $ZFS_QUOTA_GROUP_X;
}
if (defined($refquota) && $refquota =~ /^(\d+(?:\.\d+)?)([MGT]?)$/) {
my ($num,$unit) = ($1,$2);
$unit = "" if (!defined($unit));
$num = sprintf "%.1f", $num * $mult;
$cmdarg = "-o refquota=$refquota -o quota=$num$unit";
} else {
$cmdarg = "";
}
......@@ -918,6 +969,10 @@ sub WhackDir($$)
my ($fs,$dir) = @_;
my $zfsfs = "";
if (ClearNoDelete("$fs/$dir")) {
fatal("Could not clear no delete on '$fs/$dir'!\n");
}
if ($WITHZFS) {
my $path = "${ZFS_ROOT}${fs}/$dir";
$zfsfs = $path
......@@ -1022,12 +1077,13 @@ sub mysystem($)
sub runBusyLoop($)
{
my $command = shift;
my $maxtries = 10;
my $maxtries = 20;
my $stime = time();
print STDERR "accountsetup: '$command'\n";
if (open(FD, ">>/usr/testbed/log/accountsetup.log")) {
my $tstamp = POSIX::strftime("%b %e %H:%M:%S", localtime());
my $tstamp = POSIX::strftime("%b %e %H:%M:%S", localtime($stime));
print FD "$tstamp: $command\n";
close(FD);
}
......@@ -1052,8 +1108,19 @@ sub runBusyLoop($)
}
close(PIPE);
print $output;
return 0
if (!$?);
if (!$?) {
if ($command =~ /^$PW .*/) {
if (open(FD, ">>/usr/testbed/log/accountsetup.log")) {
my $etime = time();
my $tstamp = POSIX::strftime("%b %e %H:%M:%S",
localtime($etime));
$etime -= $stime;
print FD "$tstamp: $PW done in $etime seconds\n";
close(FD);
}
}
return 0
}
if ($output =~ /(group|db) file is busy/m) {
print "runBusyLoop; waiting a few seconds before trying again\n";
sleep(3);
......@@ -1073,3 +1140,30 @@ sub fatal($) {
print STDERR "$msg\n";
exit(-1);
}
#
# Use chflags on certain directories to prevent users from deleting things.
# Just a bandaid on the real problem.
#
sub SetNoDelete($)
{
my ($filename) = @_;
return 0
if (!$USEFLAGS);
system("$CHFLAGS sunlink $filename");
return ($? ? -1 : 0);
}
sub ClearNoDelete($)
{
my ($filename) = @_;
return 0
if (!$USEFLAGS);
# Do a recursive change here since we tend to do deletions on the
# top level directories.
system("$CHFLAGS -R nosunlink $filename");
return ($? ? -1 : 0);
}
#!/usr/bin/perl -wT
#
# Copyright (c) 2000-2016 University of Utah and the Flux Group.
# Copyright (c) 2000-2017 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -422,13 +422,13 @@ sub ParseKey($) {
$key = $1;
}
elsif ($keyline =~
/^(ssh-rsa|ssh-dss) ([-\w\.\@\+\/\=]*) ([-\w\@\.:\ ]*)$/) {
/^(ssh-rsa|ssh-dss|ssh-ed25519) ([-\w\.\@\+\/\=]*) ([-\w\@\.:\ ]*)$/) {
# Protocol 2
$type = $1;
$key = "$1 $2";
$comment = $3;
}
elsif ($keyline =~ /^(ssh-rsa|ssh-dss) ([-\w\.\@\+\/\=:]*)$/) {
elsif ($keyline =~ /^(ssh-rsa|ssh-dss|ssh-ed25519) ([-\w\.\@\+\/\=:]*)$/) {
# Protocol 2 but no comment field
$type = $1;
$key = "$1 $2";
......@@ -499,7 +499,7 @@ sub ParseKey($) {
"SSH Public Key for '$user_uid' added:\n".
"\n".
"$chunked\n",
"$TBOPS");
"$TBOPS", "Bcc: $TBAUDIT");
}
return 1;
}
......@@ -524,33 +524,6 @@ sub InitUser()
my $outfile = tmpnam();
my $command = "$ACCOUNTPROXY createsshkey $user_uid $user_gid ";
$UID = 0;
open ERR, "$SSH -host $CONTROL '$command rsa1' 2>&1 > $outfile |";
$UID = $SAVEUID;
my $errs = "";
while (<ERR>) {
$errs .= $_;
}
close(ERR);
print STDERR $errs;
if ($?) {
unlink($outfile);
fatal("Could not create rsa1 key");
}
my $pubkey = `cat $outfile`;
chomp($pubkey);
my $safe_pubkey = DBQuoteSpecial($pubkey);
my $comment = "rsa\@${OURDOMAIN}";
if (! DBQueryWarn("replace into user_pubkeys set ".
" uid='$user_uid', uid_idx='$user_dbid', ".
" internal='1', nodelete='1', idx=NULL, stamp=now(), ".
" pubkey=$safe_pubkey, comment='$comment'")) {
unlink($outfile);
fatal("Could not add rsa1 key to database");
}
$UID = 0;
open ERR, "$SSH -host $CONTROL '$command rsa' 2>&1 > $outfile |";
$UID = $SAVEUID;
......@@ -569,7 +542,7 @@ sub InitUser()
$pubkey = `cat $outfile`;
chomp($pubkey);
$safe_pubkey = DBQuoteSpecial($pubkey);
$comment = "rsa1\@${OURDOMAIN}";
$comment = "rsa\@${OURDOMAIN}";
if (! DBQueryWarn("replace into user_pubkeys set ".
" uid='$user_uid', uid_idx='$user_dbid', ".
......
#!/usr/bin/perl -w
#
# Copyright (c) 2010-2013 University of Utah and the Flux Group.
# Copyright (c) 2010-2013, 2018 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -128,7 +128,7 @@ sub DumpUser($)
"URL" => {"tag" => "URL",
"optional" => 1 },
"addr" => {"tag" => "address",
"optional" => 0 },
"optional" => 1 },
"addr2" => {"tag" => "address2",
"optional" => 1 },
"city" => {"tag" => "city",
......@@ -136,13 +136,13 @@ sub DumpUser($)
"state" => {"tag" => "state",
"optional" => 0 },
"zip" => {"tag" => "zip",
"optional" => 0 },
"optional" => 1 },
"country" => {"tag" => "country",
"optional" => 0 },
"phone" => {"tag" => "phone",
"optional" => 0 },
"optional" => 1 },
"title" => {"tag" => "title",
"optional" => 0 },
"optional" => 1 },
"affil" => {"tag" => "affiliation",
"optional" => 0 },