| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 2244.1 | sort of | TUXEDO::CHUBB | | Wed May 07 1997 12:27 | 11 |
| Yes the other vendors do have some methods to do this. I'd be
interested in which environment variables he uses on his other
platforms. At one time, I made a patch to support
RPC_UNSUPPORTED_NETIFS. It's use would be:
% setenv RPC_UNSUPPORTED_NETIFS dev1:dev2
..where dev1 and dev2 are interface names as listed by netstat -i. YOu
might try grabbing:
cell:~ftp/pub/dce/v2.0/patches/netifs_libdce.tar.Z
Unfortunately this is an unofficial/unsupported patch at this point.
-- brandon
|
| 2244.2 | thanks | FOUNDR::WOODRUFF | | Thu May 08 1997 13:43 | 20 |
|
Brandon, thanks for the pointer to the patch, I gave him the location so that
his local Digital tech rep can pull it down.
> Yes the other vendors do have some methods to do this. I'd be
> interested in which environment variables he uses on his other
> platforms. At one time, I made a patch to support
On the Sun platform:
RPC_UNSUPPORTED_IF or _INTERFACE - to limit a specific interface
RPC_UNSUPPORTED_ADDRESS - to limit a specific address
The customer also said it existed on AIX and SGI as well. (He didn't know if
HP supported.)
garry
|
| 2244.3 | thanks | TUXEDO::CHUBB | | Thu May 08 1997 14:29 | 11 |
| > On the Sun platform:
> RPC_UNSUPPORTED_IF or _INTERFACE - to limit a specific interface
> RPC_UNSUPPORTED_ADDRESS - to limit a specific address
This means everyone is truly different. I understand that IBM has:
RPC_UNSUPPORTED_NETIFS & RPC_SUPPORTED_NETADDRS and HP has just the
the first variable. The chances of standardizing look dim.
I will be looking to add RPC_SUPPORTED_NETADDRS as soon as possible.
-- brandon
|
| 2244.4 | some code to implement restricting the address | FOUNDR::WOODRUFF | | Tue May 13 1997 15:28 | 13 |
|
I thought that I'd post the code that can be used by clients to
limit the addresses for binding and by servers for registering into the
local end point mapper and name service.
One needs to set the environment variable: RPC_UNSUPPORTED_NETADDR to
include a list of addresses to be ignored.
the following two postings are: unsupported.h and unsupported.c
garry
|
| 2244.5 | unsupported.h | FOUNDR::WOODRUFF | | Tue May 13 1997 15:29 | 52 |
| /*
* *****************************************************************
* * *
* * Copyright (c) Digital Equipment Corporation, 1997 *
* * *
* * All Rights Reserved. Unpublished rights reserved under *
* * the copyright laws of the United States. *
* * *
* * The software contained on this media is proprietary to *
* * and embodies the confidential technology of Digital *
* * Equipment Corporation. Possession, use, duplication or *
* * dissemination of the software and media is authorized only *
* * pursuant to a valid written license from Digital Equipment *
* * Corporation. *
* * *
* * RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure *
* * by the U.S. Government is subject to restrictions as set *
* * forth in Subparagraph (c)(1)(ii) of DFARS 252.227-7013, *
* * or in FAR 52.227-19, as applicable. *
* * *
* *****************************************************************
*/
/*
// file: unsupported.h
//
// gww 12-may-1997 original
//
*/
#define RPC_UNSUPPORTED_NETADDR_ENV "RPC_UNSUPPORTED_NETADDR"
#ifndef TRUE
#define TRUE 1
#endif
#ifndef FALSE
#define FALSE 0
#endif
#ifndef NULL
#define NULL 0
#endif
/*
// routine prototypes
*/
void rpc_server_exclude_network_address(
rpc_binding_vector_p_t bVec,
error_status_t * status);
unsigned32 rpc_is_binding_acceptable(
rpc_binding_handle_t bindingHandle);
|
| 2244.6 | unsupported.c | FOUNDR::WOODRUFF | | Tue May 13 1997 15:30 | 157 |
| /*
* *****************************************************************
* * *
* * Copyright (c) Digital Equipment Corporation, 1997 *
* * *
* * All Rights Reserved. Unpublished rights reserved under *
* * the copyright laws of the United States. *
* * *
* * The software contained on this media is proprietary to *
* * and embodies the confidential technology of Digital *
* * Equipment Corporation. Possession, use, duplication or *
* * dissemination of the software and media is authorized only *
* * pursuant to a valid written license from Digital Equipment *
* * Corporation. *
* * *
* * RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure *
* * by the U.S. Government is subject to restrictions as set *
* * forth in Subparagraph (c)(1)(ii) of DFARS 252.227-7013, *
* * or in FAR 52.227-19, as applicable. *
* * *
* *****************************************************************
*/
/*
// file: unsupported.c
//
// These routines are used to exclude certain network addresses
// from usage during server registration and binding.
//
// Routines:
//
// rpc_server_exclude_network_address -- used by servers
//
// This routine is called after rpc_server_inq_bindings
// and before rpc_ep_register and rpc_ns_binding_export
//
// rpc_is_binding_acceptable -- used by clients
//
// This routine is called after a binding is obtained from the
// name service to determine if it should be considered.
//
//
// gww 12-may-1997 original
//
*/
#include <pthread.h>
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
#ifndef IDLBASE_H
#include <dce/idlbase.h>
#endif
#include <dce/rpc.h>
#include "unsupported.h"
/*
//
// r p c _ s e r v e r _ e x c l u d e _ n e t w o r k _ a d d r e s s
//
// The binding vector (bVec) is iterated for each of the binding handles.
//
// If a binding is not acceptable then the binding is freed and the pointer
// set to NULL
// If the binding cannot be freed, then the status value is returned and the
// pointer left alone
//
// gww 12-may-1997 original
//
*/
void rpc_server_exclude_network_address(
rpc_binding_vector_p_t bVec,
error_status_t * status)
{
char * netAddrEnv;
int i;
*status = rpc_s_ok;
netAddrEnv = getenv(RPC_UNSUPPORTED_NETADDR_ENV);
if (!netAddrEnv) return; /* if no environment var then return */
for (i=0;i<(int) bVec->count;i++)
{
if (rpc_is_binding_acceptable(bVec->binding_h[i])) continue;
/*
// binding is not acceptable so remove it from the binding vector
*/
rpc_binding_free(&(bVec->binding_h[i]), status);
if (*status != rpc_s_ok) return; /* exit on error */
bVec->binding_h[i] = (rpc_binding_handle_t) NULL;
}
}
/*
// r p c _ i s _ b i n d i n g _ a c c e p t a b l e
//
//
// Return value:
//
// TRUE
// - no environment variable defined
// - binding address IS NOT in environment string
//
// FALSE
// - binding is invalid (cannot be converted to a string binding)
// - binding address IS in environment string
//
// gww 12-may-1997 original
//
*/
unsigned32 rpc_is_binding_acceptable(
rpc_binding_handle_t bindingHandle)
{
unsigned32 acceptableBinding;
char * netAddrEnv;
unsigned_char_p_t bindingStr;
char * addressStr;
error_status_t status;
acceptableBinding = TRUE;
netAddrEnv = getenv(RPC_UNSUPPORTED_NETADDR_ENV);
if (!netAddrEnv) return (unsigned32) TRUE; /* if no environment var - RETURN TRUE */
rpc_binding_to_string_binding(bindingHandle,
&bindingStr,
&status);
if (status != rpc_s_ok) return (unsigned32) FALSE; /* if cannot convert - RETURN FALSE */
rpc_string_binding_parse(
bindingStr,
(unsigned_char_t **) 0, /* object UUID */
(unsigned_char_t **) 0, /* protocol */
(unsigned_char_t **) &addressStr, /* network address */
(unsigned_char_t **) 0, /* end point */
(unsigned_char_t **) 0, /* network options */
&status);
if (status != rpc_s_ok) {
rpc_string_free(&bindingStr,&status);
return (unsigned32) FALSE; /* if cannot parse - RETURN FALSE */
}
if (strstr(netAddrEnv,addressStr) != (char *) NULL)
acceptableBinding = FALSE; /* found address */
rpc_string_free((unsigned_char_t **) &addressStr,
&status);
return acceptableBinding;
}
|
| 2244.7 | | BHAJEE::AIGNER | | Wed May 14 1997 08:29 | 27 |
| > .4 - .6
This may help in conventional server registration,
for which the topic was entered.
But if you use the XIDL extension of DCE 2.0a,
all the necessary actions for entry point and
name service registration is done by one member function
of the defined RPC Class, register_named_object(), which
calls registerObject() of class rpc_object_reference.
In this case no user intervenience is possible.
And RPC_UNSUPPORTED_NETADDR will have no effect on the
DCE services itself.
> .3
Brandon, do it. We need it as soon as possible.
I know, there's almost no time.
The implementation of RPC_SUPPORTED_NETADDRS will solve
the problems at all, especially in ASE environments.
Let us hear, when there is a patch available.
Thanks in advance
Helmut
|
| 2244.8 | small point | TUXEDO::CHUBB | | Thu May 15 1997 17:29 | 12 |
| Another note on this topic:
By default, calling register_named_object() causes a call to
rpc_server_use_all_protseqs() to occur. But before calling the
'use_all' function, first a call to rpc_server_inq_bindings() is made
to see if any bindings already exist -- if they do, then they are used
and no call to rpc_server_use_all_protseqs() is made.
This means that the application code can customize the available
bindings before calling register_named_object() if so desired.
-- brandon
|
| 2244.9 | some good news | BHAJEE::AIGNER | | Fri May 16 1997 06:18 | 13 |
| Thanks a lot for this helpful information, Brandon.
It will make it possible to restrict the bindings
for our own application servers (named objects).
We'll test it out in our ASE/DCE environment.
In some poetic words...
It would be a partial victory against the ASE/DCE dragon.
If this will be possible for the DCE services as well,
the dragon's reign of terror will end.
Thanks
Helmut
|
| 2244.10 | re .8 - doesn't work :-( | BHAJEE::KONRAD | pour des nouvelles aventures | Mon May 26 1997 05:24 | 46 |
| re .8
Brandon,
Your small point first sounded like a real easy-to-implement workaround.
However, when I went into the details, I couldn't see how it would solve our
problem of restricting the use of *network addresses*. Maybe I miunderstood
something - So let me explain what I found out:
- I assume that register_named_object() will do an rpc_server_inq_bindings call
to get the bind handles to be used.
- rpc_server_inq_bindings will get *all* the bind handles
aquired with any previous rpc_server_use_...protseq(s).
- rpc_server_use_protseq allows me to select the protocol sequence(s) to be
used. This doesn't help me since I need to select *network addresses* and not
*protocols*.
- I tried an rpc_server_inq_binding and a subsequent rpc_binding_free on the
binding handles I didn't want to use. If I now issue an rpc_ns_binding_export
and rpc_ep_register, all's ok. since I'm using my self-taylored
binding vector.
- However register_named_object() will do it's own rpc_server_inq_bindings call
(I didn't test that, but I assume it does) and therefore again will get
the *whole* bunch of bind handles including those containing the nasty
cluster alias addresses.
So your proposal works fine to select the *protocol sequences* to be
used in a subsequent register_named_object() call.
I found no way to select the *network addresses* for a subsequent
register_named_object() call - and that's the critical point (remember we're
talking about ASE cluster alias addresses).
Maybe there's another workaround or perhaps I misunderstood something in your
explanation. Please let me know if there's another solution - even if it
requires some fiddeling around in the stub source code - I have to do that
anyway.
Thanks for you help
Hermann
|