From: Paul RASCLE Date: Thu, 5 Sep 2019 08:56:08 +0000 (+0200) Subject: In progress: get ip address on default interface (for instance eth0) to limit listeni... X-Git-Tag: V9_4_0a1~1 X-Git-Url: http://git.salome-platform.org/gitweb/?a=commitdiff_plain;h=c8faacd4e9e8d4f253285a650b76c07182b54e20;p=modules%2Fkernel.git In progress: get ip address on default interface (for instance eth0) to limit listening on this interface. (Requested for cyber security improvement). This modification is difficult to test on all configurations, so please provide information on the not working configurations, to build something more robust if needed. --- diff --git a/bin/ORBConfigFile.py b/bin/ORBConfigFile.py index c51187d1d..ba06cebe1 100755 --- a/bin/ORBConfigFile.py +++ b/bin/ORBConfigFile.py @@ -56,6 +56,11 @@ def writeORBConfigFile(path, host, port, kwargs={}): from omniORB import CORBA prefix = "" if CORBA.ORB_ID == "omniORB4" else "ORB" + + from subprocess import check_output + ips = check_output(['hostname', '--all-ip-addresses']) + # get ip address on default interface (for instance eth0) to limit listening on this interface (cyber security request) + ipDefault = ips.split()[0].decode() GIOP_MaxMsgSize = 2097152000 # 2 GBytes @@ -65,6 +70,8 @@ def writeORBConfigFile(path, host, port, kwargs={}): orbdata.append("%straceLevel = 0 # critical errors only"%(prefix)) orbdata.append("%smaxGIOPConnectionPerServer = 500 # to allow containers parallel launch"%(prefix)) orbdata.append("%snativeCharCodeSet = UTF-8"%(prefix)) + orbdata.append("%sendPoint = giop:tcp:127.0.0.1:%s"%(prefix,'')) + orbdata.append("%sendPoint = giop:tcp:%s:%s"%(prefix, ipDefault,'')) orbdata.append("") with open(omniorb_config, "w") as f: diff --git a/bin/nameserver.py b/bin/nameserver.py index e20cd2f9c..257969892 100644 --- a/bin/nameserver.py +++ b/bin/nameserver.py @@ -87,9 +87,13 @@ class NamingServer(Server): self.CMD = ['omniNames', '-start' , aPort , '-nohostname', '-logdir' , os.path.realpath(upath), '-errlog', os.path.realpath(os.path.join(upath,'omniNameErrors.log'))] #os.system("start omniNames -start " + aPort + " -logdir " + upath) else: - #self.CMD=['omniNames -start ' , aPort , ' -logdir ' , upath , ' &'] - self.CMD = ['omniNames','-start' , aPort, '-logdir' , upath, '-errlog', upath+'/omniNameErrors.log'] - #os.system("omniNames -start " + aPort + " -logdir " + upath + " &") + # get ip address on default interface (for instance eth0) to limit listening on this interface (cyber security request) + from subprocess import check_output + ips = check_output(['hostname', '--all-ip-addresses']) + ipDefault = ips.split()[0].decode() + self.CMD = ['omniNames','-start' , aPort] + self.CMD += ['-logdir' , upath, '-errlog', upath+'/omniNameErrors.log'] + self.CMD += ['-ORBendPoint', 'giop:tcp:%s:%s'%(hname,aPort)] if verbose(): print("... ok") if verbose(): print("to list contexts and objects bound into the context with the specified name : showNS ")