1. 07 Nov, 2003 3 commits
  2. 06 Nov, 2003 7 commits
  3. 05 Nov, 2003 17 commits
    • Shashi Guruprasad's avatar
    • Shashi Guruprasad's avatar
      Added -lcrypto · 0ea7ea09
      Shashi Guruprasad authored
      0ea7ea09
    • Shashi Guruprasad's avatar
      Changing the OSID FBSD45-NSE to FBSD-NSE . The latter OSID will always · d40e065a
      Shashi Guruprasad authored
      contain the latest image suitable for running nse as opposed to being
      tied to an old FBSD 4.5 image.
      d40e065a
    • Shashi Guruprasad's avatar
      Committing version 1.10 on top of 1.11 . 1.11 has distributed nse changes · 3dc6f951
      Shashi Guruprasad authored
      but since it is not integrated in the backend and we are giving the
      source to others, I'm backing out to 1.10
      3dc6f951
    • Robert Ricci's avatar
      Add wget - a few scripts need this. · 01381a95
      Robert Ricci authored
      Fix the directory for SWIG, it seems to have moved. For now, we'll
      stay with version 1.1, since we haven't tested the new version (1.3)
      yet.
      
      Bump revision.
      01381a95
    • Leigh Stoller's avatar
      Add -lcrypto for new event libs. · 1a998c87
      Leigh Stoller authored
      1a998c87
    • Robert Ricci's avatar
      Make the 're-number' section of the page look better. · db1bd5cd
      Robert Ricci authored
      Also, add more interfaces to be re-numbered for Rayford from aero.
      db1bd5cd
    • Mike Hibler's avatar
      8a2ebb65
    • Kirk Webb's avatar
    • Kirk Webb's avatar
      f8295864
    • Leigh Stoller's avatar
      Add the recent event sys changes. · 0d1ca1cf
      Leigh Stoller authored
      0d1ca1cf
    • Leigh Stoller's avatar
      Client side of the event system changes. · 70246c91
      Leigh Stoller authored
      * Download the eventkey with new tmcd call.
      
      * Pass -k option to various agents so that they can verify the HMACs
        in the incoming notifications.
      
      * Change program agent; The list of agents from tmcd now includes the
        command, which is written to a config file for the program-agent to
        read in. The command string in the event is now ignored.
      
      * Build the local proxy for linux, and add the goo to start the local
        elvind and use the proxy. It has been this way on FreeBSD for a
        while, but I never got it installed for Linux before now.
      70246c91
    • Leigh Stoller's avatar
      Middle part of the event system changes. The main part of this change · 54bc15c4
      Leigh Stoller authored
      is to add HMACs to events to ensure they that events cannot be
      injected into an experiment by an unauthorized client.
      
      * The frontend now generates a secret key for each experiment and
        stores that into a file and in the DB.
      
      * Each of the event clients, as well as the event producers
        (scheduler, tevc) have a new -k option to specify the name of the
        file. Two new event library functions were added for clients to give
        the key:
      
          event_handle_t
          event_register_withkeyfile(char *name, int threaded, char *keyfile);
      
          event_handle_t
          event_register_withkeydata(char *name, int threaded,
      	   		       unsigned char *keydata, int keylen);
      
      * When the library is in possesion of a key, it will generate an HMAC
        and attach it to outgoing notifications. A client receiving a
        notification will compute an HMAC and compare it against the HMAC in
        the notification. If they do not compare, the notification is
        dropped with a warning message printed (the client callback never
        gets the notification). If the client has not provided a key, then
        the HMAC in the incoming notification is ignored.
      
      * The scheduler also takes a -k option, and will compute HMACs for all
        of the static events ahead of time. That keeps it off the critical
        path.
      
      * The tevc client also takes a -k option. However, tevc will always
        try to find the keyfile (default path) so that it can attach the
        HMAC to dynamic events before sending them to the scheduler (which
        will check to make sure it matches). The scheduler will not accept
        dynamic events without unless the HMAC is present and matches.
      
      * I have rebuilt the elvin librarys, removing all of the X goop and
        the SSL goop. Smaller binaries. So, I had to add -lcrypto to all of
        the client makefiles to that programs link.
      
      * The program-agent got a few more changes. The command string is no
        longer passed inside the event; it comes in when the program agent
        is started, via a config file generated from tmcd data. This gets
        rid of our mostly insecure remote execution facility.
      54bc15c4
    • Robert Ricci's avatar
      Fix minor visual bug. · bf5b43d3
      Robert Ricci authored
      bf5b43d3
    • Leigh Stoller's avatar
      Frontend and parser portion of two event system changes: · 091a0b62
      Leigh Stoller authored
      * Generate a shared secret key for the event system. This key is
        stored into the DB, and passed to the node via tmcd. It is also
        stashed into a file in the experiment directory (can be accessed
        only by the project/group members). The key is used to attach a
        HMAC (hashed message authentication) to each event, which is checked
        by the receivers to ensure that the event is not bogus. More details
        on this later when I commit the event library/client changes.
      
      * Added "virt_programs" table to store info about each program object
        defined by the user. The intent is to no longer send the command
        string in the event, but to fix it in the DB, and transfer it via
        tmcd. This removes our "remote execution facility" which was always
        a bad idea (we have ssh for that, and that is a lot more secure then
        the event system!).
      
        Note that for the time being we need to continue send the command in
        the event because of old images, but the new images will now ignore
        that part of the event.
      091a0b62
    • Leigh Stoller's avatar
      c21683ef
    • Leigh Stoller's avatar
      Bring back the Alternative PHP cache. The apc.so module is installed · d117955a
      Leigh Stoller authored
      in the php extensions directory, and the following two lines were
      added to /usr/local/etc/php.ini:
      
      	extension_dir = /usr/local/lib/php/20020429/
      	extension="apc.so"
      
      The new version is a little odd in that it is more difficult to clear
      the cache, which we must do when we install new pages. Rather then
      jump through too many hoops, I added a simple clearapc.php page, which
      does nothing but make the call from within the webserver. I have
      hooked this into the make install target using wget. If you care to
      see what is currently in the cache, you can load this page:
      
      	https://www.emulab.net/apc.php
      
      which gives a non-pretty print dump of the cache. To clear the cache
      from your web browser:
      
      	https://www.emulab.net/clearapc.php
      d117955a
  4. 04 Nov, 2003 2 commits
  5. 03 Nov, 2003 1 commit
  6. 01 Nov, 2003 1 commit
    • Kirk Webb's avatar
      Couple important, but small fixes: · 92eb1d5e
      Kirk Webb authored
      1) properly disable alarm before exiting ForkCmd
         - this was causing SIGALRM to get sent when it shouldn't have, and
           probably caused the renewal failures.
         - was introduced accidentally yesterday when I unwittingly committed
           some beta libplab code along with the rootball version string fix.
      
      2) Changed semantics of the renew daemon s.t. it only sends a single message
         for each invocation of the renewal loop - summarizes the ones that failed.
      
      The rest of the code I committed accidentally yesterday seems to be working
      just fine.  It all looks sane on perusal.
      92eb1d5e
  7. 31 Oct, 2003 9 commits