1. 23 Jan, 2008 1 commit
  2. 08 Nov, 2007 2 commits
  3. 07 Nov, 2007 1 commit
    • Leigh B. Stoller's avatar
      Just for kicks and cause I'm such a fan of "the wiki" I went ahead and · b15d5f78
      Leigh B. Stoller authored
      fully integrated Trac. I put a new installation in /usr/local/www/data/trac
      and I added all the hooks for adding users and doing the cross machine
      login. Only STUDLY() users will actually see the new option in the collab
      dropdown menu.
      
      I have not done anything to make the trac installation look like Emulab.
      b15d5f78
  4. 30 Oct, 2007 1 commit
    • Russ Fish's avatar
      Avoid a problem in newproject.php3. When the DB is locked for daily backup, · 2f373d5b
      Russ Fish authored
      NewNewUser()/newuser would block and then unblock and get done; meanwhile the PHP
      thread went away so we never returned to call NewNewProject/mkproj.  Move the call
      on the newuser script from PHP into the back-end Perl newproj script for atomicity.
      
          www/newproject.php3 - When the project leader is a new user, pass two xml
              files to the newproj backend script, one describing the project and the
              second one (an optional) file describing the newuser.
      
          www/user_defs.php - Factor the xml-making part of NewNewUser into NewNewUserXML.
      
          www/project_defs.php - Remove the required $leader arg of NewNewProject.
              newproj may call newuser, which may generate the leader uid.
      
          backend/newproj.in - Call newuser with an optional 'newuser_xml' XML file.
      
          sql/database-fill.sql - Add 'projects','newuser_xml'.
      2f373d5b
  5. 23 Oct, 2007 1 commit
  6. 19 Oct, 2007 1 commit
    • Russ Fish's avatar
      Change the showpubkeys page to call addpubkey via XML. · 3afc584e
      Russ Fish authored
            www/showpubkeys.php3 - Add a NewPubKey function to spit out XML to addpubkey.
            account/addpubkey.in - Add -X <xmlfile> in place of other command-line args.
            sql/database-fill.sql - Add 'user_pubkeys' entries for addpubkey's use.
      3afc584e
  7. 19 Sep, 2007 1 commit
    • Russ Fish's avatar
      Move moduserinfo page form logic to a backend Perl script and methods. · 8965aad8
      Russ Fish authored
       GNUmakefile.in configure configure.in  - Add the testbed/backend directory.
       www/moduserinfo.php3 - The reworked PHP page.
       www/user_defs.php - Add a ModUserInfo method bridging to the script via XML,
           and remove the ChangeProfile method that is being replaced.
       backend/{moduserinfo,GNUmakefile}.in - Add the Perl script.
       db/User.pm.in - Add a ModUserInfo worker class method for script arg checking.
           Also SetUserInterface, SetWindowsPassword, and AccessCheck methods,
           and a copy of the escapeshellarg fn.
       sql/database-fill.sql - Add some to the table_regex 'users' checking patterns.
      
      Support stuff:
       account/tbacct.in - Update the UpdateWindowsPassword() function.
       db/libdb.pm.in - Add TBDB_USER_INTERFACE_EMULAB and TBDB_USER_INTERFACE_PLAB().
       tbsetup/libtestbed.pm.in - Add TB*EMAIL, TBMAIL_* vars (OPS, WWW, AUDIT).
      8965aad8
  8. 13 Sep, 2007 1 commit
  9. 12 Jun, 2007 1 commit
  10. 25 Mar, 2007 1 commit
  11. 21 Mar, 2007 1 commit
  12. 20 Mar, 2007 1 commit
  13. 16 Mar, 2007 2 commits
    • Leigh B. Stoller's avatar
      Do not create initial public keys for elabman since they are · 3c2b27c2
      Leigh B. Stoller authored
      unencrypted, not to mention useless.
      3c2b27c2
    • Leigh B. Stoller's avatar
      Change to elabman handling, to setup an account that we can use for · d7f33445
      Leigh B. Stoller authored
      helping remote sites setup and update.
      
      * Added a V2 (DSA) key to the install directory that us inserted into
        the pubkeys table for the elabman. This key is encrypted and stored in
        /root/.ssh/elabman_dsa on Utah's boss.
      
      * elabman now starts out as webonly=0,status='active' with a real
        shell on both boss and ops.
      
      * freeze/thaw user now treat elabman as special, giving elabman a real
        account on boss and ops when thawed.
      
      * Addeda "notes" entry to the user profile that indicates the account
        can be frozen once the remote emulab is up and running.
      d7f33445
  14. 02 Mar, 2007 1 commit
  15. 23 Feb, 2007 1 commit
  16. 16 Feb, 2007 1 commit
  17. 15 Feb, 2007 1 commit
  18. 13 Feb, 2007 1 commit
  19. 19 Jan, 2007 1 commit
  20. 18 Jan, 2007 1 commit
  21. 16 Jan, 2007 4 commits
    • Leigh B. Stoller's avatar
      Make rule not quite clever enough. · 34d921d1
      Leigh B. Stoller authored
      34d921d1
    • Leigh B. Stoller's avatar
      Move the bulk (or guts) of newuser and newproject from the web · 16aaa101
      Leigh B. Stoller authored
      interface to the backend. There are new scripts that can be called
      from the command line:
      
      	newuser xmlfile
      	newproj xmlfile
      
      They both run from small xmlfiles that are generated by the web
      interface from the form data. I also moved user verification to the
      backend so that we do not have duplicated email functions, but that
      was a small change.
      
      Upon error, the xmlfile is saved and sent to tbops so that we can
      rerun the command by hand, rather then force user to fill out form
      again. I also do a better job of putting the form back up intact when
      there are internal errors.
      
      If the user provides an initial public key, that is put into the xml
      file as well and addpubkey is called from newuser instead of the web
      interface. A more general change to addpukey is that it is now
      *always* called as "nobody". This script was a morass of confusion
      cause of having to call it as nobody before the user actually
      exists. In fact, another of my ongoing projects is to reduce the
      number of scripts called as a particular user, but thats a story for
      another day. Anyway, the script is always called as nobody, but we
      pass along the implied user in the environment so that it can do
      permission checks.
      16aaa101
    • Leigh B. Stoller's avatar
    • Leigh B. Stoller's avatar
      Remove webxxx.in files since they are all the same. · dbd36e65
      Leigh B. Stoller authored
      * New rule:
      
      	web%: $(TESTBED_SRCDIR)/WEBtemplate.in
      		@echo "Generating $@"
      		cat $< | sed -e 's,@PROGTOINVOKE@,$(word 2,$^),' > $@
      
      * New target in the makefiles:
      
      	$(LIBEXEC_STUFF): web%: $(INSTALL_SBINDIR)/%
      
        the above rule is good in a makefile like account/GNUmakefile where all
        of the programs are installed to the same place. In the larger makefiles,
        might need to split the above rule up a bit:
      
              webnewuser: web%: $(INSTALL_SBINDIR)/%
              webfoobar: web%: $(INSTALL_BINDIR)/%
      
      * All of the webXXX.in files will be removed ...
      dbd36e65
  22. 15 Jan, 2007 1 commit
  23. 09 Jan, 2007 1 commit
  24. 03 Jan, 2007 3 commits
    • Leigh B. Stoller's avatar
      Fix minor bug. · 1197b0ff
      Leigh B. Stoller authored
      1197b0ff
    • Leigh B. Stoller's avatar
      Move most of the password changing code to the backend, as I just did · 32983db4
      Leigh B. Stoller authored
      for email changes. Currently, the hash is passed in on the command
      line from the web interface, and there is no method for invoking it on
      the command line and providing a text password, but that is an easy
      change now that the bulk of the code is in the backend instead of the
      web interface.
      
      Note that this change took longer cause we allow inactive,frozen, and
      wikionly users to change their password, but since they do not have
      accounts (yet) the operation is invoked as user "nobody" and tbacct
      about to me made aware of that possibility.
      
      Also add equivalent auditing email message that goes to the user when
      password is changed.
      
      Also more cleanup and conversion to objects.
      32983db4
    • Leigh B. Stoller's avatar
      Started out adding an email message to users whenever their email · 6d50ce56
      Leigh B. Stoller authored
      address is changed by an admin, but in the process I decided to
      implement the entire operation in the backend, since that is what we
      want to do anyway for all operations. Email is sent from the backend
      script as well.
      6d50ce56
  25. 01 Dec, 2006 1 commit
  26. 27 Nov, 2006 1 commit
    • Leigh B. Stoller's avatar
      Call this commit "Snow in Corvallis" ... · 4998b2d7
      Leigh B. Stoller authored
      The major functional change in this revision is converting from user
      selected UIDs to system selected UIDs. This is controlled by the
      variable $USERSELECTUIDS in defs/defs.php3.in which is now set to
      zero, so system selected UIDs is the default.
      
      The algo for creating the uid is to take the email address, strip the
      @whatever from it, squeeze out dots and dashes and underlines, and
      make sure any +foo tokens are removed. Then make sure it is unique by
      taking the first 5 characters and then adding a 3 digit number,
      derived by checking the DB to see what exists.
      
      Since we will want to (more often) change the UID selected, there is a
      new admin only menu option on the Show User page. It calls the backend
      script to do the work (sbin/changeuid).
      
      The login page now defaults to storing and showing the email address
      for login, rather then the UID. It will still accept either one though
      (has for a long time).
      
      Along the way I also reorg'ed a number of pages to use the new user,
      group, and project classes and moved some common functionality into
      the class defs.
      
      Also changed the way addpubkey is called, to avoid some confusion.
      4998b2d7
  27. 25 Oct, 2006 1 commit
    • Leigh B. Stoller's avatar
      Makefile Whacking! Try to deal with the problem caused by the delay · 7590f9c5
      Leigh B. Stoller authored
      between when something is installed and when post-install runs. Short
      of a global lock (which we probably need anyway someday), my solution
      is this. In your makefiles, add these variables before the line that
      has the include of $(TESTBED_SRCDIR)/GNUmakerules:
      
      	SETUID_BIN_SCRIPTS   =
      	SETUID_SBIN_SCRIPTS  =
      
      I have added three new rules to GNUmakerules that look like this:
      
      	$(addprefix $(SBINDIR)/, $(SETUID_SBIN_SCRIPTS)): $(SBINDIR)/%: %
      		echo "Installing (setuid) $<"
      		-mkdir -p $(INSTALL_SBINDIR)
      		$(SUDO) $(INSTALL) -o root -m 4755 $< $@
      
      Yep, your eyes ain't lying to you; use sudo to run the target so that
      install does the right thing (which is that the old file is not
      replaced until the new one has the proper attributes on it).
      
      Note that post-install is still needed for the initial install, but
      should no longer be needed for day to day installs since all that other
      stuff post-install does is mkdir/chmod on directories.
      7590f9c5
  28. 20 Oct, 2006 1 commit
    • Mike Hibler's avatar
      Wow, this should make me look important! · afa5e919
      Mike Hibler authored
      Two-day boondoggle to support "/scratch", an optional large, shared filesystem
      for users.  To do this, I needed to find all the instances where /proj is used
      and behave accordingly.  The boondoggle part was the decision to gather up all
      the hardwired instances of shared directory names ("/proj", "/users", etc.)
      so that they are set in a common place (via unexposed configure variables).
      This is a boondoggle because:
      
      1. I didn't change the client-side scripts.  They need a different mechanism
         (e.g., tmcd) to get the info, configure is the wrong way.
      
      2. Even if I had done #1 it is likely--no, certain--that something would
         fail if you tried to rename "/proj" to be "/mike".  These names are just
         too ingrained.
      
      3. We may not even use "/scratch" as it turns out.
      
      Note, I also didn't fix any of the .html documentation.  Anyway, it is done.
      To maintain my illusion in the future you should:
      
      1. Have perl scripts include "use libtestbed" and use the defined PROJROOT(),
         et.al. functions where possible.  If not possible, make sure they run
         through configure and use @PROJROOT_DIR@, etc.
      
      2. Use the configure method for python, C, php and other languages.
      
      3. There are perl (TBValidUserDir) and php (VALIDUSERPATH) functions which
         you should call to determine if an NS, template parameter, tarball or
         other file are in "an acceptable location."  Use these functions where
         possible.  They know about the optional "scratch" filesystem.  Note that
         the perl function is over-engineered to handles cases that don't occur
         in nature.
      afa5e919
  29. 18 Oct, 2006 1 commit
  30. 16 Jun, 2006 1 commit
  31. 01 Jun, 2006 1 commit
    • Leigh B. Stoller's avatar
      Add suport for building per project, group, experiment DBs on ops. At · adbcfd47
      Leigh B. Stoller authored
      present the per-experiment stuff is not hooked in, but will be for
      templates later. Anyway, each user gets a mysql account on ops, with
      password set to the same as their mailman password (which is also
      their jabber password, etc). Each project gets a DB named by the
      project, and each group gets a DB named by pid,gid. Users are placed
      on the access lists for the DBs as you would expect.
      
      There is a little bit of complexity to make sure that we can create
      DBs on ops outside the Emulab path and grant access to them, without
      Emulab getting confused or mucking things up.
      
      I'll get a news item done ...
      adbcfd47
  32. 02 Mar, 2006 1 commit
  33. 13 Dec, 2005 1 commit