Forum: Ruby DRb method access

5df2b834642c29e1c3be64e6508774f9?d=identicon&s=25 Pavlos Vin (pavlos_v)
on 2011-06-19 16:20
I am writing a simple distributed system in drb. I have all the peers,
and one server to do the bootstrapping. In that server, I have a few
methods like "suggest_peer", and "start_service" and "stop_service".

When a peer connects to the server, he is able to call all three
methods. I want him to be able to call only the first one.

Also,I have a file that initializes the server, and has a little cmd
line so I can start the service, debug, log and all that. I want that
cmd line to be able to call the second and third methods, as well as the
first one.

How can I do that? How can I prevent peers from stopping the service?
If I put the service methods as private, I can't call them from the cmd
line.

Thanks
54404bcac0f45bf1c8e8b827cd9bb709?d=identicon&s=25 7stud -- (7stud)
on 2011-06-20 02:20
Pavlos Vin wrote in post #1006186:
> I am writing a simple distributed system in drb. I have all the peers,
> and one server to do the bootstrapping. In that server, I have a few
> methods like "suggest_peer", and "start_service" and "stop_service".
>
> When a peer connects to the server, he is able to call all three
> methods. I want him to be able to call only the first one.
>
> Also,I have a file that initializes the server, and has a little cmd
> line

A file has a command line?  What does that mean?
5df2b834642c29e1c3be64e6508774f9?d=identicon&s=25 Pavlos Vin (pavlos_v)
on 2011-06-20 11:55
7stud -- wrote in post #1006249:
> Pavlos Vin wrote in post #1006186:
>> I am writing a simple distributed system in drb. I have all the peers,
>> and one server to do the bootstrapping. In that server, I have a few
>> methods like "suggest_peer", and "start_service" and "stop_service".
>>
>> When a peer connects to the server, he is able to call all three
>> methods. I want him to be able to call only the first one.
>>
>> Also,I have a file that initializes the server, and has a little cmd
>> line
>
> A file has a command line?  What does that mean?

sorry.. i meant i have a program.
I have server.rb which is the class, and a run-server.rb which provides
a nice front end, from where i can start and stop the server, save some
info etc.
I want to be able to start and stop the service of the server from that
front end, but I want the peers that connect to the server to not be
able to stop the service.

Can I somehow put restrictions on those methods?
54404bcac0f45bf1c8e8b827cd9bb709?d=identicon&s=25 7stud -- (7stud)
on 2011-06-20 21:22
Sure.


class Service
  def suggest_peer
    puts 'suggest_peer'
  end

  def start_service
    puts 'start_service'
  end

  def stop_service
    puts 'stop_service'
  end
end

class MethodAccessProxy
  def initialize(service)
    @service = service
  end

  def suggest_peer
    @service.suggest_peer
  end

  def start_service(password)
    check_access
    @service.start_service
  end

  def stop_service(password)
    check_access
    @service.stop_service
  end

  def check_access
    #identify client
    if <client doesn't have access>
      raise "Illegal Access: get lost."
    end
  end

end
753dcb78b3a3651127665da4bed3c782?d=identicon&s=25 Brian Candler (candlerb)
on 2011-06-20 21:56
7stud -- wrote in post #1006452:
> Sure.
...
>   def check_access
>     #identify client
>     if <client doesn't have access>
>       raise "Illegal Access: get lost."
>     end
>   end

7stud: that's not a helpful answer. He was asking for exactly how to
determine the client identity when receiving a DRb method call, which
you haven't shown. If you don't know, then better to say nothing.

Pavlos: one option is to start two different DRb services, implementing
different methods and listening on different ports, and then use a DRb
ACL to restrict access to one of them.

The ACL class is in /usr/lib/ruby/1.8/drb/acl.rb or wherever it is on
your system. To use it, instantiate this class and pass it as a :tcp_acl
parameter to DRbServer.new, or call DRbServer.default_acl(acl) first.
You can see this in drb/drb.rb.

Looking through the drb.rb code, I think it may also be possible to do
something like this in your DRb method:

Thread.current['DRb']['client'].peeraddr[3]

to determine who is talking to you. But this is untested, you'll need to
play with it.

HTH,

Brian.
Please log in before posting. Registration is free and takes only a minute.
Existing account

NEW: Do you have a Google/GoogleMail, Yahoo or Facebook account? No registration required!
Log in with Google account | Log in with Yahoo account | Log in with Facebook account
No account? Register here.