Jump to content


Cannot login to swarm unless host is * in Protect table (2017.1)

login protect 2017

  • Please log in to reply
3 replies to this topic

#1 amonge

amonge

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 24 May 2017 - 09:59 PM

Hi,

I have a problem with Swarm 2017.1. I just upgraded from Swarm 2016 and everything is working fine, except one very important detail: users cannot login unless I give them access to log in from anywhere. If I restrict them by host, even if the host is correct, they cannot login. I have to set host to * in the protects table for them to be able to login. This was working fine in Swarm 2016. So now I have my Perforce server open as it is the only way we can login to Swarm.

Here are the logs from Swarm and Perforce:

Helix Server log:
2017/05/24 12:09:34 pid 1840 amonge@~tmp.1495649374.12247.5925cc5e7a0933.43690043 10.0.1.91/10.0.0.201 [SWARM/2017.1/1514630] 'user-login -s'
Perforce server info:
2017/05/24 12:09:37 pid 3656 amonge@~tmp.1495649377.12247.5925cc611cfb53.09806925 10.0.1.91/10.0.0.201 [P4PHP/2016.2/LINUX26X86_64/1490102 (2016.2/1487173 API)] 'user-login -a -p'

Swarm log:
2017-05-24T18:09:34+00:00 DEBUG (7): P4 (000000006114d353000000003b027d49) start command: Authenticating 10.0.0.201 for user amonge
2017-05-24T18:09:34+00:00 DEBUG (7): P4 (000000006114d354000000003b027d49) start command: login -s
2017-05-24T18:09:34+00:00 DEBUG (7): P4 (000000006114d354000000003b027d49) command failed: Access for user 'amonge' has not been enabled by 'p4 protect'.

2017-05-24T18:09:37+00:00 DEBUG (7): P4 (000000005a1e3eca000000003fb3ec06) start command: info
2017-05-24T18:09:37+00:00 DEBUG (7): P4 (000000005a1e3eca000000003fb3ec06) start command: users -a amonge
2017-05-24T18:09:37+00:00 DEBUG (7): P4 (000000005a1e3eca000000003fb3ec06) start command: spec -o user
2017-05-24T18:09:37+00:00 DEBUG (7): P4 (000000005a1e3ed7000000003fb3ec06) start command: login -a -p
2017-05-24T18:09:37+00:00 DEBUG (7): P4 (000000005a1e3ed7000000003fb3ec06) command failed: Access for user 'amonge' has not been enabled by 'p4 protect'

This is the protect table for my user:

super user amonge 10.0.0.0/16 //...

The biggest difference I see with Swarm 2016 is the way the IP address is sent. Before, the IP address sent was always Swarm's IP address:

Perforce server info:
2017/05/21 11:41:24 pid 3976 amonge@~tmp.1495388484.849.5921d144ded5a6.31214597 10.0.1.130 [P4PHP/2015.2/LINUX26X86_64/1340214 (2015.2/1340214 API)] 'user-login -a -p'

Now, it sends two IP addresses, and I don't know if this is causing the problem:

Perforce server info:
2017/05/24 12:09:34 pid 1840 amonge@~tmp.1495649374.12247.5925cc5e7a0933.43690043 10.0.1.91/10.0.0.201 [SWARM/2017.1/1514630] 'user-login -s'

Thanks,

Arturo Monge
FinanzaPro

#2 p4rfong

p4rfong

    Advanced Member

  • Staff Moderators
  • 343 posts

Posted 29 June 2017 - 01:58 AM

Thanks for opening a support ticket on this.

A quick and dirty way would be to revert to the old behavior via the config.php ($SWARM/data/config.php).

See the new "proxy_mode" setting. You can change it to false.

'proxy_mode' => false


I think the 'emulate_ip_protections' setting is also relevant, but it's been around for a while.

https://www.perforce....ip_protections

Setting up protections for a proxy server might be another way to address it.

https://www.perforce....html#DB5-23637

Explicitly enabling protections through a proxy might help. It does not matter that Swarm is on the 10.0.1.* subnet.

write group developers-fp proxy-10.0.0.0/24 //unload/...
write group developers-fp proxy-10.0.0.0/24 //finanza_pro/...
write group developers-fp proxy-10.0.0.0/24 //depot/app_development_framework/...
write group developers-fp proxy-10.0.0.0/24 //depot/scripts_builder_tool/...
read group developers-fp proxy-10.0.0.0/24 //depot/nexusdb_tools/...


This behavior is dependent on the dm.proxy.protects setting on the server.

p4 configure show dm.proxy.protects


If you want to try to get protections to work with current configuration (not the quick and dirty fix), you might also turn the logging level up to 7. There is a debug line that should be helpful.

<?php
return array(
'p4' => array(
'port' => 'someip:someport',
'user' => 'someuser',
'password' => 'somepassword',
),
'log' => array(
'priority' => 7
)
);

#3 mcru

mcru

    Advanced Member

  • Members
  • PipPipPip
  • 67 posts

Posted 20 July 2017 - 01:38 PM

Arturo, you didn't have any problems with email notifications after upgrading to 2017.1, did you?

#4 amonge

amonge

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 20 July 2017 - 04:54 PM

Hi,

No, not at all. The only problem I have with email notifications is that we are receiving too many, :). But email notifications were not affected by the upgrade. In fact, the new version has been working quite well, except for the problem I reported about the protects settings.

Arturo.



Also tagged with one or more of these keywords: login, protect, 2017

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users