Argonne National Laboratory

Experimental Physics and
Industrial Control System

2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  <20192020  Index 2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  <20192020 
<== Date ==> <== Thread ==>

Subject: Re: [Merge] ~epics-core/epics-base/+git/asLib:as-hostname into epics-base:7.0
From: Andrew Johnson via Core-talk <core-talk@aps.anl.gov>
To: mdavidsaver <mdavidsaver@gmail.com>
Date: Thu, 28 Mar 2019 22:47:01 -0000
Calls for a parallel change to PCAS, once this has been merged.

Keep with a variable for now, consider adding an environment variable for default setting once we've had some experience with using this.

Test what happens if you switch it on/off at runtime.

Documentation – update the chapter of the AppDevGuide, as well as a Release Notes entry ("experimental"?).

Diff comments:

> diff --git a/modules/database/src/ioc/rsrv/camessage.c b/modules/database/src/ioc/rsrv/camessage.c
> index 72a4b17..40448d0 100644
> --- a/modules/database/src/ioc/rsrv/camessage.c
> +++ b/modules/database/src/ioc/rsrv/camessage.c
> @@ -861,6 +861,14 @@ static int host_name_action ( caHdrLargeArray *mp, void *pPayload,
>          return RSRV_ERROR;
>      }
>  
> +    /* after all validation */
> +    if(asUseIP) {
> +
> +        DLOG (2, ( "CAS: host_name_action for \"%s\" ignores clist provided host name\n",

clist => client

> +            client->pHostName ) );
> +        return RSRV_OK;
> +    }
> +
>      /*
>       * user name will not change if there isnt enough memory
>       */
> diff --git a/modules/libcom/src/as/asLib.h b/modules/libcom/src/as/asLib.h
> index 261e5ed..b4e5139 100644
> --- a/modules/libcom/src/as/asLib.h
> +++ b/modules/libcom/src/as/asLib.h
> @@ -21,6 +21,11 @@
>  extern "C" {
>  #endif
>  
> +/* 0 - Use (unverified) client provided host name string.
> + * 1 - Use actual client IP address.  HAG() are resolved to IPs at ACF load time.
> + */
> +epicsShareExtern int asUseIP;

asCheckClientIP

> +
>  typedef struct asgMember *ASMEMBERPVT;
>  typedef struct asgClient *ASCLIENTPVT;
>  typedef int (*ASINPUTFUNCPTR)(char *buf,int max_size);
> diff --git a/modules/libcom/src/as/asLibRoutines.c b/modules/libcom/src/as/asLibRoutines.c
> index 3f5713e..ceade03 100644
> --- a/modules/libcom/src/as/asLibRoutines.c
> +++ b/modules/libcom/src/as/asLibRoutines.c
> @@ -1206,11 +1210,29 @@ static long asHagAddHost(HAG *phag,const char *host)
>      int     len, i;
>  
>      if (!phag) return 0;
> -    len = strlen(host);
> -    phagname = asCalloc(1, sizeof(HAGNAME) + len + 1);
> -    phagname->host = (char *)(phagname + 1);
> -    for (i = 0; i < len; i++) {
> -        phagname->host[i] = (char)tolower((int)host[i]);
> +    if(!asUseIP) {
> +        len = strlen(host);
> +        phagname = asCalloc(1, sizeof(HAGNAME) + len + 1);
> +        phagname->host = (char *)(phagname + 1);
> +        for (i = 0; i < len; i++) {
> +            phagname->host[i] = (char)tolower((int)host[i]);
> +        }
> +    } else {
> +        struct sockaddr_in addr;
> +        epicsUInt32 ip;
> +        if(aToIPAddr(host, 0, &addr)) {

Synchronous call, need a note in doc to explain that loading ASCF's will be slow if DNS is slow.

> +            errlogPrintf("Unable to resolve host '%s'\n", host);
> +            return S_asLib_noHag;
> +        }
> +        ip = ntohl(addr.sin_addr.s_addr);
> +        phagname = asCalloc(1, sizeof(HAGNAME) + 24);
> +        phagname->host = (char *)(phagname + 1);
> +        epicsSnprintf(phagname->host, 24,
> +                      "%u.%u.%u.%u",
> +                      (ip>>24)&0xff,
> +                      (ip>>16)&0xff,
> +                      (ip>>8)&0xff,
> +                      (ip>>0)&0xff);
>      }
>      ellAdd(&phag->list, &phagname->node);
>      return 0;
> diff --git a/modules/libcom/test/aslibtest.c b/modules/libcom/test/aslibtest.c
> index 875aa56..367a124 100644
> --- a/modules/libcom/test/aslibtest.c
> +++ b/modules/libcom/test/aslibtest.c
> @@ -109,11 +109,46 @@ static void testHostNames(void)
>      testAccess("ro", 0);
>      testAccess("rw", 0);
>  }
> +
> +static void testUseIP(void)
> +{
> +    testDiag("testUseIP()");
> +    asUseIP = 1;
> +
> +    /* still host names in .acf */
> +    testOk1(asInitMem(hostname_config, NULL)==0);
> +    /* now resolved to IPs */
> +
> +    setUser("testing");
> +    setHost("localhost"); /* will not match against resolved IP */
> +    asAsl = 0;
> +
> +    testAccess("invalid", 0);
> +    testAccess("DEFAULT", 0);
> +    testAccess("ro", 0);
> +    testAccess("rw", 0);
> +
> +    setHost("127.0.0.1");
> +
> +    testAccess("invalid", 0);
> +    testAccess("DEFAULT", 0);
> +    testAccess("ro", 1);
> +    testAccess("rw", 3);
> +
> +    setHost("nosuchhost");

See IETF doc (http://example.com) use an approved "no such host" name.
"guaranteed.invalid."

> +
> +    testAccess("invalid", 0);
> +    testAccess("DEFAULT", 0);
> +    testAccess("ro", 0);
> +    testAccess("rw", 0);
> +}
> +
>  MAIN(aslibtest)
>  {
> -    testPlan(14);
> +    testPlan(27);
>      testSyntaxErrors();
>      testHostNames();
> +    testUseIP();
>      errlogFlush();
>      return testDone();
>  }


-- 
https://code.launchpad.net/~epics-core/epics-base/+git/asLib/+merge/358822
Your team EPICS Core Developers is requested to review the proposed merge of ~epics-core/epics-base/+git/asLib:as-hostname into epics-base:7.0.

Navigate by Date:
Prev: IETF note on invalid IP names White, Greg via Core-talk
Next: Re: [Merge] ~epics-core/epics-base/+git/Com:make-simple into epics-base:7.0 Andrew Johnson via Core-talk
Index: 2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  <20192020 
Navigate by Thread:
Prev: IETF note on invalid IP names White, Greg via Core-talk
Next: Re: [Merge] ~epics-core/epics-base/+git/asLib:as-hostname into epics-base:7.0 mdavidsaver via Core-talk
Index: 2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  <20192020 
ANJ, 12 May 2019 Valid HTML 4.01! · Home · News · About · Base · Modules · Extensions · Distributions · Download ·
· Search · EPICS V4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·