QuantumATK Forum

QuantumATK => Installation and License Questions => Topic started by: marcindulak on November 4, 2013, 15:57

Title: How to use glob (*) in DENY_USER_ALL?
Post by: marcindulak on November 4, 2013, 15:57

Hi,

i have a problem with lmx-serv accepting users despite

Code

DENY_USER_ALL = *

being present in lmx-serv.cfg.

The server is running:

Code

/home/opt/common/QuantumWise/lmxtools-4.4.2/servertools/lmx-serv -b -c /home/opt/common/QuantumWise/lmxtools-4.4.2/servertools/lmx-serv.cfg -l /home/opt/common/QuantumWise/license.lic -lf /home/opt/common/QuantumWise/lmxtools-4.4.2/servertools/lmx-serv.log -port port

with lmx-serv.cfg, containing the right order accordingly to
http://quantumwise.com/component/content/article/20-licensing/207-restricting-access-to-a-license-server :

Code

ALLOW_USER_ALL = user1
DENY_USER_ALL = *

I run, as user2:

Code

QUANTUM_AUTOMATIC_SERVER_DISCOVERY=false QUANTUM_EXTENDEDLOG=license.log atkpython

license.log reads:

Code

[2013-11-04 15:33:13] Feature requested:
[2013-11-04 15:33:13]   ATKPython (v13.8)
[2013-11-04 15:33:13]
[2013-11-04 15:33:13] Feature Checkout status:
[2013-11-04 15:33:13] Validating input...
[2013-11-04 15:33:13] Trying to checkout feature as a borrowed license...
[2013-11-04 15:33:13] WARNING: Checkout error: (Err: 9) Feature not found!
[2013-11-04 15:33:13] Trying to checkout feature using local license from string...
[2013-11-04 15:33:13] WARNING: Checkout error: (Err: 9) Feature not found!
[2013-11-04 15:33:13] Trying to checkout feature using license from local path(s)...
[2013-11-04 15:33:13] Trying to checkout feature using license from existing license server...
[2013-11-04 15:33:13] Trying to checkout feature using license from network path(s)...
...
[2013-11-04 14:39:51] Checkout of 1 license(s) using license from existing license server [email protected].
[2013-11-04 14:39:51] Checkout of 1 license(s) using license from network path(s) server.domain.com.

and the /home/opt/common/QuantumWise/lmxtools-4.4.2/servertools/lmx-serv.log contains:

Code

[[2013-11-04 14:39:51]] CHECKOUT by [email protected] [AAA.AAA.AAA.AAA]: atkpython
[[2013-11-04 14:40:05]] CHECKIN by [email protected] [AAA.AAA.AAA.AAA]: atkpython

If i explicitly disable a user

Code

DENY_USER_ALL = user2 

it gets rejected as expected:

Code

[2013-11-04 15:50:35] WARNING: Checkout error: (Err: 16) Rejected actively from license server!
[2013-11-04 15:50:35] WARNING: Checkout error: (Err: 16) Rejected actively from license server!
[2013-11-04 15:50:35] Trying to checkout feature as a grace license...
[2013-11-04 15:50:35] WARNING: Checkout error: (Err: 22) Unable to save file!
[2013-11-04 15:50:35] Trying to checkout feature using trial license...
[2013-11-04 15:50:35] Checkout of 1 license(s) using trial license.

Code

[2013-11-04 15:50:35] CHECKOUT by [email protected] [AAA.AAA.AAA.AAA]: FAIL: Checkout disabled by administrator

Title: Re: How to use glob (*) in DENY_USER_ALL?
Post by: Anders Blom on November 4, 2013, 23:56

* is not a valid option for user names, only IP addresses (and it has to be of the form 1.2.3.4, so 1.2.3.*, or 1.2.*.* or *.*.*.*, etc).

However, the ALLOW/DENY statements are parsed in a simple "first match" fashion, so you can obtain your desired configuration using

ALLOW_USER_ALL = user1
DENY_IPADDR_ALL = *.*.*.*

"user1" will be allowed by the first rule - and then the rule matching stops. Other users will hit the DENY line and no matter what they will be denied.

Title: Re: How to use glob (*) in DENY_USER_ALL?
Post by: marcindulak on November 5, 2013, 10:47

Thanks, works for me