3000 hardware pricing a classy affair
Redmond reader exaggerates 3000 greatly

Get specific about access from IPs

Is there a way to force a particular user ID to use a specific IP address? In other words, I want to give a machine a static IP and only allow this person to access the HP 3000 from that PC with the static IP.

Tracy Johnson replies:

A simple logon UDC should suffice:

IF HPREMIPADDR = "aaa.bbb.ccc.ddd" then
  ECHO Welcome.
ELSE
  ECHO Evil message here.
BYE
ENDIF

Bob Schlosser of the Support Group inc adds:

You can set up a logon UDC that checks that the var HPLOCIPADDR is equal to the device (PC) that you want them to use. Something like this:

LOGON
OPTION NOBREAK,LOGON
IF "!HPLOCIPADDR" <> "123.456.789.321"        change "123.456.789.321" to
your IP address
  BYE
ENDIF

Using this we verify that the user is on the correct (assigned) IP address, and log them off if not.

Chris Bartram, who's created e-mail solutions for the 3000 and hosted Web servers since early in the 1990s, adds:

The following is an excerpt from system UDCs I use on my HP 3000s that might give you some ideas.

The "VALIDATEIPADDR" call in the UDC calls another command file that actually does a validation of the logging-on user based on data in a control file to determine if he/she is allowed to log onto the system from the specific host/IP address they are coming from.

The variables the UDC sets will work whether the logging on user is coming in via Telnet or NSVT (or hardwired or modem).

The TELLOPs also leave a nice log on the system console (and log file) of the login, including where they came from and what protocol was used to access the system.

***
LOGON
OPTION LOGON,NOBREAK,NOHELP

setvar _network_node ''
if bound(hpstdin_network_node) then
  setvar _network_node '!hpstdin_network_node'
endif

setvar _na ''
setvar _at 'HARDWIRED'
if bound(hpstdin_network_addr) then
  setvar _na '!hpstdin_network_addr'
elseif bound(hpremipaddr) then
  setvar _na '!hpremipaddr'
endif

if bound(hplocport) then
  if !hplocport=23 then
    setvar _at 'TELNET'
  endif
endif
  IF BOUND(HPSTDIN_ACCESS_TYPE) THEN
    SETVAR _AT "!HPSTDIN_ACCESS_TYPE"
  ENDIF

IF BOUND(HPSTDIN_TRANSPORT_TYPE) THEN
  SETVAR _TP "!HPSTDIN_TRANSPORT_TYPE"
ELSE
  IF "!_AT"="TELNET" THEN
    SETVAR _TP "TCP/IP"
   ELSE
    SETVAR _TP "SERIAL"
  ENDIF
ENDIF

IF BOUND(HPVT_CLIENT_VENDOR) THEN
  SETVAR _VND " (!HPVT_CLIENT_VENDOR)"
ELSE
  SETVAR _VND " "
ENDIF

TELLOP LOGON VIA !_AT USING !_TP !_VND

setvar _node ups(ltrim(rtrim("!_network_node")))
setvar _addr ups(ltrim(rtrim("!_na")))
if '!_node'<>'' then
  tellop !_at, IP: "!_addr" Node: "!_node"
else
  tellop !_at, IP: "!_addr"
endif

setjcw cierror=0
continue
VALIDATEIPADDR
if !cierror<>0 then
  echo
  echo ************************************
  echo **  NODE/IP CONTROL FILE CORRUPT  **
  echo ************************************
  echo
  bye
endif

Comments