link on the showuser page for local admins (Mike) to get some
old pages.

This commit is intended to makes the license status of Emulab and
ProtoGENI source files more clear.  It replaces license symbols like
"EMULAB-COPYRIGHT" and "GENIPUBLIC-COPYRIGHT" with {{{ }}}-delimited
blocks that contain actual license statements.

This change was driven by the fact that today, most people acquire and
track Emulab and ProtoGENI sources via git.

Before the Emulab source code was kept in git, the Flux Research Group
at the University of Utah would roll distributions by making tar
files.  As part of that process, the Flux Group would replace the
license symbols in the source files with actual license statements.

When the Flux Group moved to git, people outside of the group started
to see the source files with the "unexpanded" symbols.  This meant
that people acquired source files without actual license statements in
them.  All the relevant files had Utah *copyright* statements in them,
but without the expanded *license* statements, the licensing status of
the source files was unclear.

This commit is intended to clear up that confusion.

Most Utah-copyrighted files in the Emulab source tree are distributed
under the terms of the Affero GNU General Public License, version 3
(AGPLv3).

Most Utah-copyrighted files related to ProtoGENI are distributed under
the terms of the GENI Public License, which is a BSD-like open-source
license.

Some Utah-copyrighted files in the Emulab source tree are distributed
under the terms of the GNU Lesser General Public License, version 2.1
(LGPL).

deleted, they still remain in the user table with a status of
"archived", but since all the queries in the system now use uid_idx
instead of uid, it is safe to reuse a uid since they are no longer
ambiguous. 

The reason for not deleting users from the users table is so that the
stats records can refer to the original record (who was that person
named "mike"). This is very handy and worth the additional effort it
has taken.

There is no way to ressurect a user, but it would not be hard to add.

being world viewable. Also some changes to let me go back and fix up
existing projects.

methods.

Change a bunch of queries that join on the users table to use the idx
instead of the uid. This will need to be completed before we can really
archive users away, but close at this point.

between when something is installed and when post-install runs. Short
of a global lock (which we probably need anyway someday), my solution
is this. In your makefiles, add these variables before the line that
has the include of $(TESTBED_SRCDIR)/GNUmakerules:

	SETUID_BIN_SCRIPTS   =
	SETUID_SBIN_SCRIPTS  =

I have added three new rules to GNUmakerules that look like this:

	$(addprefix $(SBINDIR)/, $(SETUID_SBIN_SCRIPTS)): $(SBINDIR)/%: %
		echo "Installing (setuid) $<"
		-mkdir -p $(INSTALL_SBINDIR)
		$(SUDO) $(INSTALL) -o root -m 4755 $< $@

Yep, your eyes ain't lying to you; use sudo to run the target so that
install does the right thing (which is that the old file is not
replaced until the new one has the proper attributes on it).

Note that post-install is still needed for the initial install, but
should no longer be needed for day to day installs since all that other
stuff post-install does is mkdir/chmod on directories.

on /tmp which is now on /q.

browser login stuff. The new TWiki code made this much easier to
add!

version of TWiki, which will not run on ops until it is updated.

project only. This avoids leaking out group member names.

There is also some unrelated fixup code in this revision. Ignore it.

No big deal ...

into the Wiki when clicking on the My Wiki's link. Works like this:

* The My Wiki's link points to new page, gotowiki.php3, on boss.

* The gotowiki page looks for a new cookie in the user's browser
  which holds a key (the usual random data run through md5).

* If the key does not exist, generate it and store it in the user
  browser (expires when browser is closed or emulab login times out).
  Also invoke backend script wikixlogin, which will send the key over
  to the wiki server (via ssh), which will write the key into a file
  named by the user account.

* The user's browser is redirected to the wiki server's login script
  (twiki/bin/newlogon), but instead of username and password, we send
  over username and key (as well as redurl= parameter which is the
  page on the wiki server to redirect to later).

* The new login script looks for this case, and opens the file named
  by the user and compares the key it gets with what is in the file.
  If they match, the user login succeeds and the browser is once again
  redirected, but this time to the page it wants on the wiki server.
  If the key does not match, the browser is redirected to the login
  page (so user can enter username password normally). The redurl
  parameter is passed along as well.

* Subsequent clicks on My Wiki's will not need to invoke the backend
  script, since the cookie will be in the browser.

logon script, so that we do not have to use stinky HTPP basic auth.

for the near future. Two big changes:

* Add WikiOnly accounts. An external user can register for an account on
  the wiki. Rather then use the registration stuff that comes with TWiki,
  redirect to new Emulab web page so we can manage all of the wiki accounts
  from one place. I modified the joinproject page to spit out a subset of
  the required fields so that its simple to get a wiki only account (just a
  few things to fill in).

  In keeping with current security practices, we still generate a
  verification email message to ensure the email address works. However,
  when the user completes the verification, the wiki account is created right
  away, rather then waiting for someone to approve it (since that would
  defeat the entire point of the wiki).

  Aside: I have not thought much about the conversion from a wiki-only
  account to a real account. That is going to happen, and it would be nice
  if that step did not require one of use to go in and hack the DB. Will
  cross that moat later.

  Aside: Rather beat up on the modify user info page too much, I continue
  to spit out the same form, but mark most of the fields as not required,
  and allow wiki-only people to not specify them.

* Both the joinproject and newproject pages sport a new WikiName field so
  that users can select their own WikiName. I added some JavaScript to
  both pages that generate a suitable wikiname from the FullName field, so
  that as soon as the user clicks out of the FullName, a default wikiname is
  inserted in the field.

  Both pages verify the wikinames by checking to make sure it is not
  already in use, and that it meets the WikiRules for WikiTopic names.
  (someone please shoot me if I continue to use WikiNotation).

wiki pages for projects and users on an existing testbed. This
assumes I can easily partition the actual twiki code into a
distribution that we can give people. I haven't really thought much
about that, but I assume its not too hard.

do not replicate the notes into 1200 files (and of course, so we
easily change the notes later).

send the password hash over in the ssh, instead of getting it from the
local password file.

them. Also a few other helpful details and links.

The main change is that I now add an .htpasswd entry for the user's
emulab ID (stoller) in addition to the wikiname (LeighStoller). I also
create a mapping file (with perl dbmopen) to map from the Emulab ID to
the WikiName. This lets people log in using their Emulab ID, which is
pretty much required since we cannot pass the token to http basic auth
when it puts up the dialog box. Without this, we will forever be
answering questions from confused users.

TWiki already had something of a mapping mechanism, but it was broken
and horribly inefficient, so I ended up whacking the twiki code to
make it work with the above mentioned dbm file.

the .htpasswd file on ops. Note that I have disabled registration and
password changes from the twiki interface on ops for now. I'll think
about this as needed.

the rest of the code that ties it into emulab is still scattered around
my devel tree and under test.