farm manager support

svn path=/trunk/boinc/; revision=9192
2025-02-26 20:45:07 +00:00 · 2006-01-06 23:13:21 +00:00 · 2006-01-06 23:13:21 +00:00 · 0fd523b0af
commit 0fd523b0af
parent fa9d97a1f3
4 changed files with 137 additions and 7 deletions
--- a/13
+++ b/13
@ -135,3 +135,16 @@ David  6 Jan 2006

    sched/
        feeder.C
+
+David  6 Jan 2006
+    - Tweak the account manager system to support "farm managers"
+        that use GUI RPC to control clients.
+        The farm manager needs the GUI RPC port and password of each client.
+        Add an optional <send_gui_rpc_info/> element to the
+        acct_mgr_url.xml file,
+        which causes the GUI RPC port and password to be included
+        in account manager RPC requests.
+        (From James Drews)
+
+    client/
+        acct_mgr.C,h
--- a/client/acct_mgr.C
+++ b/client/acct_mgr.C
@ -44,7 +44,8 @@ int ACCT_MGR_OP::do_rpc(
 ) {
    int retval;
    unsigned int i;
-    char buf[256];
+    char buf[256], password[256];
+    FILE *pwdf;

    strcpy(buf, url.c_str());

@ -85,6 +86,29 @@ int ACCT_MGR_OP::do_rpc(
        gstate.core_client_release,
        run_mode_name[gstate.user_run_request]
    );
+    if (gstate.acct_mgr_info.send_gui_rpc_info) {
+        // send GUI RPC port and password hash.
+        // User must enable this by hand
+        // this is for the "farm" account manager so it
+        // can know where to send gui rpc requests to
+        // without having to configure each host
+        //
+        if (gstate.cmdline_gui_rpc_port) {
+            fprintf(f,"   <gui_rpc_port>%d</gui_rpc_port>\n", gstate.cmdline_gui_rpc_port);
+        } else {
+            fprintf(f,"   <gui_rpc_port>%d</gui_rpc_port>\n", GUI_RPC_PORT);
+        }
+        if (boinc_file_exists(GUI_RPC_PASSWD_FILE)) {
+            strcpy(password, "");
+            pwdf = fopen(GUI_RPC_PASSWD_FILE, "r");
+            if (pwdf) {
+                fgets(password, 256, pwdf);
+                strip_whitespace(password);
+                fclose(pwdf);
+            }
+            fprintf(f,"   <gui_rpc_password>%s</gui_rpc_password>\n", password);
+        }
+    }
    for (i=0; i<gstate.projects.size(); i++) {
        PROJECT* p = gstate.projects[i];
        if (p->attached_via_acct_mgr) {
@ -278,6 +302,7 @@ int ACCT_MGR_INFO::write_info() {
                acct_mgr_name,
                acct_mgr_url
            );
+            if (send_gui_rpc_info) fprintf(p,"   <send_gui_rpc_info/>\n");
            if (strlen(signing_key)) {
                fprintf(p, 
                    "    <signing_key>\n%s</signing_key>\n",
@ -318,6 +343,7 @@ void ACCT_MGR_INFO::clear() {
    strcpy(password_hash, "");
    strcpy(signing_key, "");
    next_rpc_time = 0;
+    send_gui_rpc_info = false;
 }

 ACCT_MGR_INFO::ACCT_MGR_INFO() {
@ -338,6 +364,9 @@ int ACCT_MGR_INFO::init() {
        if (match_tag(buf, "</acct_mgr>")) break;
        else if (parse_str(buf, "<name>", acct_mgr_name, 256)) continue;
        else if (parse_str(buf, "<url>", acct_mgr_url, 256)) continue;
+        else if (match_tag(buf, "<send_gui_rpc_info/>")) {
+            send_gui_rpc_info = true;
+        }
        else if (match_tag(buf, "<signing_key>")) {
            retval = copy_element_contents(
                p,
--- a/client/acct_mgr.h
+++ b/client/acct_mgr.h
@ -40,6 +40,9 @@ struct ACCT_MGR_INFO {
        // md5 of password.lowercase(login_name)
    char signing_key[MAX_KEY_LEN];
    double next_rpc_time;
+    bool send_gui_rpc_info;
+        // whether to include GUI RPC port and password hash
+        // in AM RPCs (used for "farm management")

    ACCT_MGR_INFO();
    int parse_url(MIOFILE&);
--- a/doc/acct_mgt.php
+++ b/doc/acct_mgt.php
@ -54,7 +54,7 @@ The install package includes a file
 containing the URL of the account manager.
 <li> The BOINC client runs, and asks the participant to enter
 the name and password of his meta-account.
-<li> The BOINC client does a <b>query accounts</b> RPC
+<li> The BOINC client does an RPC
 to the account manager, obtaining a list of accounts.
 It then attaches to these accounts and proceeds.
 </ol>
@ -62,6 +62,58 @@ It then attaches to these accounts and proceeds.
 RPCs to create, look up, and modify accounts
 are described <a href=web_rpc.php>here</a>.

+<h2>Security</h2>
+<p>
+If hackers break into an account manager server,
+they could potentially cause the account manager
+to instruct all its clients to attach to malicious a BOINC project
+that runs a malicious application.
+
+<p>
+To prevent this type of attack, the URLs distributed by
+an account manager are digitally signed.
+Each AM has its own <b>signing key</b> pair.
+The public key is distributed with the AM's configuration file
+and in all RPC replies.
+The private key should be stored only on a physically secure,
+non-connected host that is used to sign URLs.
+
+<p>
+To sign URLs, download the BOINC software on a Linux machine,
+and compile the program that generates keys and signs things (lib/crypt_prog).
+Then generate a key pair and generate signatures for your URLs.
+At some point you'll need to commit to a permanent key pair,
+at which point you should move the private key to
+the signing machine (disconnected) and make sure there are
+no copies of it elsewhere.
+Make a copy or two on CD-ROM also, or just print it out on paper.
+
+<p>
+Instructions for downloading/compiling code are <a href=compile.php>here</a>.
+<p>
+Instructions for using the crypto program are <a href=key_setup.php>here</a>
+
+<h2>Farm managers</h2>
+<p>
+The AM mechanism can also be used to implement systems for
+configuring and controlling BOINC on large clusters.
+We call such systems <b>farm managers</b>.
+Farm managers may want to provide fine-grained control over clients,
+e.g. the ability to suspend/resume results.
+This can be done using GUI RPCs (assuming that the farm manager able
+to contact clients via HTTP on the GUI RPC port).
+However, the farm manager must learn the GUI RPC port and password
+for each client.
+To support this, the AM configuration file (see below) can specify
+that the GUI RPC port and password are to be included in each AM RPC request.
+<p>
+If a farm manager uses GUI RPC to attach/detach projects,
+it should not use the AM mechanism for this purpose.
+I.e., its AM RPC replies should not list any projects.
+The function of the AM mechanism, in this case,
+is to allow sysadmins to set up new clients by copying files.
+The AM mechanism takes care of registering new clients centrally.
+
 <h2>Core client functionality</h2>
 <p>
 The BOINC core client uses the following files to
@ -78,11 +130,29 @@ Its format is:
 <acct_mgr>
    <name>Name of BOINC account management system</name>
    <url>http://acctmgr.com/</url>
+    [ <send_gui_rpc_info/> ]
+    <signing_key>
+1024
+ae843acebd4c7250b0fa575d14971b17a56a386a6bb1733d98f4b00460c26159
+c8b3217e6cdff938ec0454330c70553fbe3d1f0d0184d8c628db2e093121ee98
+8ddbda6e8991879317afccab41f84e9de4903a656f4d3f3e4e7dbc0af9362a05
+6ece5ff401a380f3a1d1254d477f7bc84fdcebcca6cb035e776452d3d6d21471
+0000000000000000000000000000000000000000000000000000000000000000
+0000000000000000000000000000000000000000000000000000000000000000
+0000000000000000000000000000000000000000000000000000000000000000
+0000000000000000000000000000000000000000000000000000000000010001
+.
+    </signing_key>
 </acct_mgr>
 ")."

 <p>
-Note: the URL is that of the account manager's web site.
+The URL is that of the account manager's web site.
+<p>
+If the &lt;send_gui_rpc_info/&gt; tag is present,
+account manager RPCs will include
+the client's GUI RPC port and password hash (see below).
+

 <dt>
 <b>acct_mgr_login.xml</b>
@ -106,10 +176,15 @@ and makes an account manager RPC.
 The core client offers menu items for making an account manager RPC,
 and for changing the name/password.

-<h2>Account manager RPC</h2>
-
-The core client contacts the account manager
-using an HTTP POST request.
+<h2>Account manager RPCs</h2>
+<p>
+An account manager must provide a
+<a href=project_config.php>get_project_config.php</a> file
+containing its name and minimum password length,
+and containing a <code> &lt;account_manager/&gt;</code> tag.
+<p>
+In addition, an account manager must provide the following RPC,
+which uses an HTTP POST request.
 ";

 list_start();
@ -127,6 +202,8 @@ list_item("input", html_text("
       <project_name>SETI@home</project_name>
       <suspended_via_gui>0</suspended_via_gui>
    </project>
+    [ <gui_rpc_port>N</gui_rpc_port> ]
+    [ <gui_rpc_password>xxxx</gui_rpc_password> ]
    ...
 </acct_mgr_request>
 ")
@ -177,7 +254,15 @@ list_item("action",
    Identifies the host.
    To make it comparable with the host CPID in stats files,
    the value MD5(host_cpid+email_addr) is passed.
+    <dt> run mode
+    <dd> The current mode (always/auto/never).
+    <dt> gui_rpc_port, gui_rpc_password
+    <dd> GUI RPC information.
+        Included only if the &lt;send_gui_rpc_info&gt; element
+        is included in the AM URL file (see above).
    </dl>
+    In addition, a list of projects and their suspended flags is included.
+    <p>
    The return values are:
    <dl>
    <dt>repeat_sec