Start of Content Area

Procedure documentation Defining the reginfo File

Use

With the reginfo file you can control the registration of external programs in the gateway.

Certain programs can be allowed to register from an external computer by specifying the relevant information. You can also control access to the registered programs and cancel registered programs.

Prerequisites

You have set parameter gw/reg_info (see Security Parameters).

Procedure

Create file reginfo in your chosen location in the file system (path defined by gw/reg_info)

Entries in the file must satisfy the following syntax:

Syntax documentation

TP=<tp> [HOST=<host name>,...] [NO=<n>] [ACCESS=<host name,...>] [CANCEL=<host name,...>] 

Comment lines begin with '#'

The individual options can have the following values:

      TP Name (TP=): Maximum 64 characters, blank spaces not allowed The wild card character * stands for any number of characters; the entry * therefore means no limitation, fo* stands for all names beginning with fo; foo stands precisely for the name foo.

      Host Name (HOST=, ACCESS= and/or CANCEL=): The wildcard character * stands for any host name, *.sap.com for a domain, sapprod for host sapprod. If the option is missing, this is equivalent to HOST=*.

      IP Address (HOST=, ACCESS= and/or CANCEL=): You can use IP addresses instead of host names. Examples of valid addresses are:

       All address strings 1.2.3.4

       A:B:C:D:E:F:1:2

       A:B:C:D:E:F:1.2.3.4

       A:B

       Standard address prefixes 192.1.1.3/12

       A:B:C:D:E:1:2/60

       Old SAProuter wild cards 192.1.1.*

       192.1.1.101xxxxx

      Number (NO=): Number between 0 and 65535. If the TP name has been specified without wild cards, you can specify the number of registrations allowed here.

Example

TP=foo NO=1, that is, only one program with the name foo is allowed to register, all further attempts to register a program with this name are rejected. If this addition is missing, any number of servers with the same ID are allowed to log on.

Explicit Registration Permission or Forbiddance

The syntax described here does not enable programs to be explicitly forbidden from being registered. For this reason, as an option you can work with a syntax that complies with the route permission table of the SAProuter. If you want to use this syntax, the whole file must be structured accordingly and the first line must contain the entry #VERSION=2 (written precisely in this case).

Syntax 

P|D TP=<tp> [HOST=<host name>,...] [NO=<n>] [ACCESS=<host name,...>] [CANCEL=<host name,...>] 

Here the line starting with P or D, followed by a space or a TAB, has the following meaning:

      P means that the program is permitted to be registered (the same as a line with the old syntax)

      D prevents this program from being registered on the gateway.

Below you can find an example.

ACCESS List

To control access from the client side too, you can define an access list for each entry. This is a list of host names that must comply with the rules above. Though the '*' is not permitted. If no access list is specified, the program can be used from any client. The local gateway where the program is registered always has access.

What is important here is that the check is made on the basis of hosts and not at user level.

Example

TP=foo ACCESS=*.sap.com   

Program foo is only allowed to be used by hosts from domain *.sap.com. Access attempts coming from a different domain will be rejected. Of course the local Web AS is allowed access.

To permit use by registered servers from the local Web AS only, the following entry must be made in the file.

TP=* ACCESS=local [CANCEL=local]

CANCEL List

To control the cancellation of registered programs, a cancel list can be defined for each entry (same as for the ACCESS list). If no cancel list is specified, any client can cancel the program. The local gateway where the program is registered can always cancel the program.

In the gateway monitor (transaction SMGW) choose Logged on Clients, use the cursor to select the registered program, and choose Goto Delete Client.

Note

The RFC library provides functions for closing programs. If this client does not match the criteria in the CANCEL list, then it is not able to cancel a registered program. No error is returned, but the number of cancelled programs is zero.

Example

Examples of valid entries

Entry

Meaning

TP=* HOST=* 

All registrations allowed

TP=foo* HOST=*

Registrations beginning with foo and not f or fo are allowed

TP=foo*

All registrations beginning with foo but not f or fo are allowed (missing HOST rated as '*')

TP=* HOST=*.sap.com

All registrations from domain *.sap.com are allowed

TP=* ACCESS=*.sap.com

Only clients from domain *.sap.com are allowed to communicate with this registered program (and the local Web AS is always allowed to). 

TP=* ACCESS=local

Only clients from the local Web AS are allowed to communicate with this registered program.

Example of a reginfo file in new syntax

#VERSION=2

P TP=cpict4 HOST=10.18.210.140

D TP=* HOST=10.18.210.140

P TP=cpict2 ACCESS=ld8060,localhost CANCEL=ld8060,localhost

P TP=cpict4

This file means:

      Program cpict4 is allowed to be registered if it arrives from the host with address 10.18.210.140.

      All other programs from host 10.18.210.140 are not allowed to be registered.

      Program cpict2 is allowed to be registered, but can only be run and stopped on the local host or host ld8060.

      Program cpict4 is allowed to be registered by any host.

Additional Information

Registration Authorizations for Starting External Programs

Making Security Settings for External Programs

Checking Security Configuration

 

End of Content Area