Problem using (net-eval)

Started by ale870, July 30, 2009, 11:22:53 AM

Previous topic - Next topic

ale870

Hello,

I'm working on Linux, and I don't know if that is a problem even in WIndows.



Well, I'm creating a network (now on my PC for testing...) in this way:

SERVER:


(command-event (fn (c)
  (println (string "COMMAND IS: " c) )))


I execute server with this command:

newlisp check-port.lsp -c -d 4702



CLIENT:



alessandro@alessandro1 ~ $ newlisp
newLISP v.10.1.1 on Linux IPv4, execute 'newlisp -h' for more info.

> (net-eval "127.0.0.1" 4702 {(+ 3 4)})
"COMMAND IS: [cmd]nnnilnnilnCOMMAND IS: (+ 3 4)(exit)nnnilnnERR: symbol expected : " IS: (+ 3 4)(exit)\n"n"
> (net-eval "127.0.0.1" 4702 {(+ 3 4)})
"COMMAND IS: [cmd]nnnilnnilnCOMMAND IS: (+ 3 4)(exit)nnnilnnERR: symbol expected : " IS: (+ 3 4)(exit)\n"n"
> (net-eval "127.0.0.1" 4702 {(setq a 1)})
"COMMAND IS: [cmd]nnnilnnilnCOMMAND IS: (setq a 1)(exit)nnnilnnERR: symbol expected : " IS: (setq a 1)(exit)\n"n"
>


I'm becoming mad!

* Sometimes the client hangs: lock prompt as if the server is "sleeping" (in this case if I stop the server then the client comes live again).

* Sometimes I simply get, as result, the string "[cmd]" (6 chars). Nothing else. Even if I insert many input commands.

* Sometimes I get the result you can see above.



What is happening? I think I'm doing something wrong, but where?

NOTE: If I eliminate the function (command-event) then everything is correct.



I need to use that function since I'm creating a centralized job scheduler. I have several PC, and I use a central unique server to schedule some activities. In the "client" computers I have newLisp as server (wait for "net-eval").

When in the central server an event happen, then it send the proper job to the client. I implemented some security features, but I need to use (command-event) to check the command that reach the PC clients, to avoid PC abuse.



Can you help me?



Thank you!
--

newdep

#1
(command-event)  has a limit of input characters..

I Have this used inside my newlisp prompt and with ansi enabled and

long onliner I get different behaviours on different linux versions...





Are you able to shorten the commands in shunks? just for the test...
-- (define? (Cornflakes))

Lutz

#2
'command-event' in newLISP server mode should only be used for preprocessing HTTP requests, not for 'net-eval' requests.



'command-event' works on the input line by line, but 'net-eval' sends multi-line commands transforming a single line like "(+ 3 4)" into [cmd]n(+ 3 4)n[/cmd] a 3-line sequence.



Just start your server without it:


newlisp -c -d 4702 &

if you preload code, as you did, you can preload function definitions for functions which you are calling from 'net-eval' later, or you can send function definitions using 'net-eval' too, or you could send (load ....) commands using 'net-eval'.



see also here:



http://www.newlisp.org/downloads/CodePatterns.html#toc-22">http://www.newlisp.org/downloads/CodePa ... tml#toc-22">http://www.newlisp.org/downloads/CodePatterns.html#toc-22



and here:



http://www.newlisp.org/downloads/newlisp_manual.html#command-event">http://www.newlisp.org/downloads/newlis ... mand-event">http://www.newlisp.org/downloads/newlisp_manual.html#command-event



and here for  more complex 'net-eval' application.



http://www.newlisp.org/syntax.cgi?code/mapreduce.txt">http://www.newlisp.org/syntax.cgi?code/mapreduce.txt

ale870

#3
Thank you, but for distributed computing, about security checks, I need a function that I'm sure it is recalled for first, like (command-event) for http. I can use it to check data input and eliminate malicious code.

I think a function like (command-event), but fully working with net-eval, should be really VERY useful. In fact, this is the only way I have to be sure that nobody tries to send some data (even using another newLisp version) to a remote PC.



I think that function could supply a high level of control. Please!

Thank you!
--

Lutz

#4
If you are concerned about security you should not use 'net-eval' on an open network, or use 'net-eval' over an encrypted channel using SSH tunnels.



If you work on an open network use HTTP and CGI processing. That gives you more control and you can uses pre-processing with 'command-event'. On the downsize it is also slower. 'net-eval' has been designed for max speed on closed private network clusters.



To log traffic for either 'net-eval' or HTTP start the server with -L or -l for this to create a logfile of all requests:


~> newlisp -L/Users/lutzmueller/logfile.txt -c -d 4702 &

Create logfile.txt first before starting the server (use the touch command).



after: (net-eval "localhost" 4702 {(+ 3 4)})



you have this in logfile.txt


~> cat logfile.txt
newLISP v.10102 listening on 4702
Connected to 127.0.0.1 on Thu Jul 30 18:04:23 2009
[cmd]
(+ 3 4)(exit)
[/cmd]
7


See also here:



http://www.newlisp.org/downloads/newlisp_manual.html#logging">http://www.newlisp.org/downloads/newlis ... ml#logging">http://www.newlisp.org/downloads/newlisp_manual.html#logging

ale870

#5
Thank you,  but I'm not afraid about "transport", since my messages (from the central server to the client PC) are already encrypted.

I'm inside a private network. My concern is the computer clients have "newLisp -c -d ..." with the port "..." open and ready to receive commands. It means I can send commands via net-eval, but even another guy in the same network can do that. So if one discover this background service, he/she could, for example, send commands like (exec "delete *.*"). So I need to check a kind of certificate (I already generated a long unique key) to verify that the command received from a client PC was not sent by an impostor, but from the real central server..



CENTRAL_SERVER ------->  PC_CLIENT

IMPOSTOR --------------->



If I cannot check the message (in the PC client) I cannot verify if the command was sent from the "official" computer (and not from the impostor).
--