home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
IRIX Installation Tools & Overlays 2002 May
/
SGI IRIX Installation Tools & Overlays 2002 May - Disc 3.iso
/
relnotes
/
license_dev
/
ch8.z
/
ch8
Wrap
Text File
|
2002-04-11
|
148KB
|
4,225 lines
- 1 -
8. _G_l_o_b_e_t_r_o_t_t_e_r__F_L_E_X_l_m__R_e_l_e_a_s_e__N_o_t_e_s
Flexible License Manager
Version 6.1g
RELEASE NOTES
July 1, 1999
These release notes describe the changes from FLEXlm v5.1.
Important note to companies using lc_init():
____________________________________________
As of v6.1, all companies that call lc_init() in product
shipped to customers should remove the LM_CODE macro, and
switch lc_init() to lc_new_job(), for security reasons. This
does not apply to license-generators, or any other internally
used executables, only to product shipped to customers. See
lc_new_job() below.
Overview
________
Version 6 is designed to make using FLEXlm-licensed products
easier for end-users. ISVs new to FLEXlm will find these
enhancement seamless and will find the product generally
easy-to-use.
v6.1 is functionally identical to v6.0, but has important
security enhancements.
The result of the combination v6.0 and v6.1 changes should be
reduced support, easier distribution of license files, greater
customer satisfaction, along with improved security.
Where v6 enhancements create compatibility issues for existing
ISVs, we've provided a simple resolution. In v6 you can
specify "v5" behavior, which turns off all enhancements that
have compatibility issues, thereby ensuring a smooth
transition. If you need a particular v6 enhancement that has
been turned off with "v5" behavior, you can turn on that
- 2 -
enhancement, and address the compatibility issues for that one
enhancement. All compatibility issues are fully documented.
License file enhancements:
o lmgrd can read multiple license files
o FLEXlm license path can specify a directory, which automatically
includes "*.lic" in that directory.
o License files require no editing for use at the end-user
site. Previously, the end-user had to edit the license
file to specify, at a minimum, the path to the vendor
daemon, but also the hostname, lmgrd TCP port number, and
path to the vendor-daemon options file. For most sites
none of these items need editing by end-users.
o The path to the daemon (on the DAEMON line) is now optional.
If unspecified, the $PATH is searched to start the vendor daemon.
o Licenses can now be shipped in a compressed, largely decimal
format, which is designed to be easy to type in for
customers that don't have access to email.
o lminstall (lmutil utility) provided to typing in decimal format
licenses.
o lc_convert() and lc_check_key() API functions for converting
to and from decimal, and verifying license-keys.
o Feature lines are shorter, easier to understand and type in.
o PACKAGE lines can be shipped in separate files that
never require user editing.
o The SERVER port number is now optional. If left unspecified,
FLEXlm default port numbers (27000-27009) are automatically used.
o End-user options file does not need to be specified in
the license file. A default file name is automatically used:
the vendor-daemon name, with ".opt" suffix, in the same
directory where licenses are stored.
o License information can now be stored in a buffer in the
program, instead of a file.
o Hostname on SERVER line can use the default "this_host", which
works fine when using LM_LICENSE_FILE set to port@host, or
if clients are on the same node as the server. Makes initial
installation easier.
o License path can be set with a different environment variable
for each vendor (in addition to LM_LICENSE_FILE):
vendor_LICENSE_FILE (e.g., "GSI_LICENSE_FILE").
o License path (via LM_LICENSE_FILE or vendor_LICENSE_FILE)
can be set to "@host", if the server uses a default port
number.
o Windows only: If client checkout fails because it can't
find the license file, the user is prompted for the license
file location, or the hostname of the license server, and
checkout is automatically retried.
o License files are case-insensitive.
o Optional START=... start-date in license file.
o lmdown and lmreread can affect a single vendor daemon with
- 3 -
new -vendor argument; this can also be used to stop and restart
a single vendor daemon
o New useful examples
Other Enhancements:
o Improved security
o Improved error message handling
o Alternative error message available: paragraph format with
- 1-3 line error message, describing error, and possible
workarounds
- feature name (if applicable)
- license path
- context-sensitive information (where applicable).
o API for verifying license key in FEATURE line
How to Upgrade From Previous FLEXlm versions
____________________________________________
1) lm_code.h and lsvendor.c both have new variables
required for v6.0. This means you should not use the
older copy of either of these files.
lsvendor.c:
If you don't have modifications to this file, then
there's nothing you need to do but use the v6.0
version of lsvendor.c.
If you've modified this file for previous versions,
you'll need to re-make those modifications to
v6.0. The only changes to this file in v6.0 (from
v5.x) are additional variables.
lm_code.h:
The only change in this file is the requirement
that there be a line defining LM_VER_BEHAVIOR, e.g.,
#define LM_VER_BEHAVIOR LM_BEHAVIOR_V6
This is fully discussed below in the Compatibility
Issues section.
2) V6.0 requires new FLEXlm Vendor Keys. You can obtain these
by requesting them from support@globes.com.
3) You can build the vendor daemon, license generators, and
everything else in the v6.0 kit. You'll need to make sure
that machind/lsvendor.c has any modifications you require,
- 4 -
and machind/lm_code.h has LM_VER_BEHAVIOR set to the right
value. Then simply type make in each binary kit, e.g.,
sun4_u5, hp700_u9, etc.
4) Read the note below about Compatibility Issues.
Compatibility Issues For Existing FLEXlm Companies
__________________________________________________
We have provided a 2 simple steps for compatibility
with earlier FLEXlm versions.
Step 1: Application and Server Behavior
Edit lm_code.h, and change
From: #define LM_VER_BEHAVIOR LM_BEHAVIOR_V6
To: #define LM_VER_BEHAVIOR LM_BEHAVIOR_V5_12
[ or V5, V4, V3, V2 ]
This one step sets all behaviors to be compatible with
previous versions.
Step 2: License file format
lmcrypt and makekey utilities accept the -verfmt
flag. With the new end-user 'lminstall' utility, this
flag is -overfmt. Set this to 2, 3, 4, 5, 5.1 or 6,
depending on the version that you need to keep
compatible with:
lmcrypt -verfmt 5 ...
lc_cryptstr() also understands LM_A_LICENSE_FMT_VER
attribute, set with lc_set_attr before calling
lc_cryptstr(), which has the same effect as -verfmt.
LM_A_LICENSE_FMT_VER takes the same args as
LM_VER_BEHAVIOR: LM_BEHAVIOR_Vx.
When you use the -verfmt flag or LM_A_LICENSE_FMT_VER,
the output license will be compatible with this
version. If this is not possible,
1) the error LM_LGEN_VER -94 will be
generated: "Attempt to generate license
with incompatible attributes".
2) With lmcrypt and makekey, the feature line
will be left as is, without replacing the
license-key with a correct one. lminstall
will only produce the error message, and
will not produce the feature line.
- 5 -
In the following sections, enhancements are discussed in
detail. Look for "Compatibility ==>" under each section for
compatibility issues.
Important Note:
For the most part, only compatibility issues for
applications are mentioned; it's presumed that the
lmgrd and vendor daemons will be v6 or higher, since
they are guaranteed to support older applications
correctly, unless the applications are using
port@host, thereby avoiding reading the license file.
Windows DLL change:
If you use the Trivial or Simple API, with Windows
DLL, you must now add /DFLEXLM_DLL to your
CL compiler command line. Note that for security
reasons, the static libraries are now preferred.
FLEXlm V6.0 Enhancements
_________________________
"VENDOR" is a synonym for "DAEMON"
__________________________________
A DAEMON line can now be a VENDOR line, a less confusing
keyword, especially for non-Unix users.
lmgrd supports multiple license files
_____________________________________
o lmgrd can now read multiple license files. The only
limitation is that you cannot mix 3-server files with
single server files -- you need 2 lmgrd processes for that.
o lmgrd reads all the files in the $LM_LICENSE_FILE list.
o -c can indicate multiple files using license
file separator (':' or Unix, ';' on Windows):
"-c file1:file2"
o If a path in $LM_LICENSE_FILE or -c is a directory, then
all files matching "*.lic" in that directory are presumed to
be license files, in alphabetical order.
o Duplicate SERVER and VENDOR lines are ignored. This means
that, if desired, license files can be simply concatenated.
- 6 -
o A single lmgrd process can now support more than one license
file, with different hostids which refer to the same host.
Common examples of this are:
On PC: C: serial number, and ethernet hostids
HP700: ethernet address, and uname -i hostid
Note that though a single lmgrd can support these files,
they *cannot* be combined into a single file, since this
still breaks the rule that only files with identical hostids
can be combined.
Compatibility ==>
o Sites with applications older than v6 will
still need all license information for a vendor combined
in a single file.
o Older applications will not understand a license
file path set to a directory.
o Older applications will fail on duplicate SERVER lines.
VENDOR path no longer needed
____________________________
In order to find the vendor daemon, lmgrd tries the following
in this order:
- the path on the VENDOR line
- the current directory
- the directory where lmgrd is located
- the contents of the current $PATH variable
The path actually used is printed in the debug log file. Note that
although the path is not needed, the VENDOR line is still required.
The new syntax for the VENDOR line is:
VENDOR name [daemon-path] [[options=]options-path] [[port=]port-num]
There is one new and notable ambiguity that arises with this
syntax:
VENDOR demo path
Is "path" the path to the vendor daemon, or is it the path to
the end-user options file, with an empty vendor daemon path?
This is resolved with the following rule,
where ambiguous, the "path" (as above) is always the
- 7 -
path to the vendor daemon.
If the path to the end-user options file is desired, it must
be prefixed with "options=":
VENDOR demo options=path
"options=" has been supported since FLEXlm v4. Customers that
are used to simply appending an options file path to the
DAEMON line will likely run into this problem, and the symptom
will be that lmgrd will fail to start the vendor daemon,
having erroneously used the options file as the vendor daemon.
Compatibility ==>
o Missing vendor daemon path does not work with
pre-v6 vendor daemons.
o options= is not supported by pre-v4 vendor daemons.
Decimal format license files
____________________________
FLEXlm now supports a decimal format for license files.
The purpose of this format is to make delivery and
installation of licenses easier for customers without
access to e-mail.
Decimal format can be created using the "-decimal" argument to
either lmcrypt or makekey. The API for generating decimal
format is to binary OR in LM_CRYPT_DECIMAL_FMT to the flag
argument of lc_cryptstr().
A new utility, lminstall, is provided for users to enter the
decimal format license. This utility converts the decimal
format to the normal, descriptive license format.
While this format is intended for typing into lminstall for
conversion to the descriptive format, all v6 FLEXlm components
will understand the decimal format without conversion.
Example decimal licenses:
Counted license:
_______________
SERVER this_host 12345678
VENDOR demo
FEATURE f0 demo 1.0 permanent 1 A7F6DFD8C65E
FEATURE f1 demo 1.0 permanent 1 AA8BD581EE63
- 8 -
Decimal:
demo-f0-49473-46846-62783-50738-57369-53593-728
demo-f1-02369-24236-07508-18291-8
Note that the first decimal line includes the SERVER/VENDOR
information, and the 2nd (and any subsequent lines) are
much shorter.
Demo license:
____________
FEATURE f2 demo 1.0 1-jun-98 uncounted 6E06CC47D2AB HOSTID=DEMO
Decimal:
demo-f2-02753-41313-52979-22534-1299
Format:
Since the decimal lines are automatically formatted,
the advantage in recognizing the format is only knowing
when a line "looks" correct.
The decimal format is fixed:
vendor-feature-#####-#####-[...]
where
vendor is the vendor daemon name
feature is the feature name
##### Groups of 5 decimal numbers
(0-9) followed by a hyphen.
The last group may be less than
5 digits.
The line includes a checksum, which can detect all
single-digit errors and most multi-digit errors in
lines that are typed in incorrectly.
Decimal format suggestions:
There are some "tricks" that are used internally
to make decimal lines short. Knowledge of these
can be useful when designing feature lines.
Text in optional attributes
___________________________
Text in the optional feature attributes are normally
three times longer in the decimal format than in the
- 9 -
"normal" format. For example: VENDOR_STRING="limit
3" would require about 21 characters in the decimal
version. There's a trick to making this shorter: If
the text portion is a decimal or hex number, then it's
stored compressed in the decimal version, and the
conversion is about 1:1 instead of 1:3.
Example: VENDOR_STRING=12345
This consumes about 5 characters in the decimal
format. VENDOR_STRING=abcd (valid hex characters)
will also consume about 5 characters in the decimal
format.
Knowing this, you might choose to "encode" information
in the VENDOR_STRING in a numeric format.
This enhancement only applies to numbers <= 0xffffffff.
For example, VENDOR_STRING=12345678901234 will require
about 14*3 = 42 characters in the decimal format.
Note: Mixed case hex characters will not be stored
efficiently. VENDOR_STRING=abcD will take about 12
decimal characters, instead of 5.
Feature names
_____________
Avoid underscore '_' in feature names; it's hard
to distinguish from a hypen '-'. For example:
demo-prod_1a-10449-31786-63556-56877-09398-10373-137
This is hard to read, and if the user mixes the '-'
and '_' up, the license will fail.
Since you also can't use '-' in a feature name, this
means that feature names won't have any kind of
separator. Therefore, in the example, we
suggest simply "prod1a".
ck=
___
Leave this optional attribute off. The decimal
format has its own built-in checksum. This attribute
will only make the decimal format longer.
Expiration dates
____________________
- 10 -
For non-expiring licenses, use "permanent" or 1-jan-0
as the expiration date. Some older format, but still
valid expiration dates are not supported in the
decimal format. For example: 3-mar-0 is
functionally identical to permanent, but since the
decimal format supports only "permanent" or "1-jan-0",
3-mar-0 is unsupported.
Dates farther in the future require many decimals to
represent. Therefore 1-jan-9999 takes about 14
characters while permanent requires about 1.
Decimal format limitations:
The following items, which are legal in the
"normal" license format, cannot be converted to decimal
format:
o Very long FEATURE lines. If a license is very long
in the normal format (say > 100 characters), it
would be much longer (up to three times longer) in
the decimal format, defeating the purpose of a
decimal format, which is to make licenses easier to
type in.
o PACKAGE lines. Normally, PACKAGE lines should
be shipped as part of the product, so that the
user doesn't have to enter these.
o FEATURE names including '-'. These are technically
unsupported characters, although some companies
have used them.
o FEATURESET
o Vendor-defined hostids. Only
hostids <= (HOSTID_VENDOR + 29)
can be converted to decimal
Compatibility ==>
o It is possible to deliver a decimal format license to
a customer with an application using pre-v6:
1) The customer must have a copy of lminstall (which
is part of the new lmutil utilities).
2) They should run "lminstall -overfmt version", where
version is the FLEXlm version of the application.
- 11 -
3) The license must contain only attributes supported
in that older version of FLEXlm.
lminstall will convert the decimal format to the
correct format.
o Older applications will fail on decimal format licenses
that have not been converted to the descriptive format.
lminstall
_________
This new lmutil utility is designed primarily for typing
in decimal format licenses to generate a readable format
license file.
Usage: lminstall [-i {infile | -}] [-o outfile] [-overfmt {2, 3, 4, 5, 5.1, or 6}] [-odecimal]
Normally, users will simply type lminstall. The user is
first prompted for the name of the output license file.
The default name is today's date in yyyyddmm.lic format.
The file should be moved to your application's default
license file directory, if specified. Otherwise, the user
can use xx_LICENSE_FILE to specify the directory where the
*.lic files are located.
Decimal format input is verified by checksummed up entry of
each line.
To finish entering, type Q on a line by itself, or enter
2 blank lines.
If "infile" is a dash '-', it takes input from stdin.
When '-i' is used, default output is stdout; otherwise
if -o is not specified, lminstall prompts the user for
an output file name.
lminstall As Conversion Tool:
lminstall can alternatively be used to convert
licenses between decimal and readable format,
and between different versions of FLEXlm license
formats.
To convert from readable to decimal:
% lminstall -i infile -o outfile -odecimal
To convert to FLEXlm Version 2 format:
% lminstall -i infile -o outfile -verfmt 2
- 12 -
Conversion errors are reported as necessary.
lminstall has a limit of 400 lines of input.
lminstall also changes "SERVER this_host" to the real
hostname, on either decimal or readable licenses. It only
does this if lc_convert is run on the same hostid as appears
on the SERVER line, and does not do this for hostids of DEMO
or ANY.
lc_convert() to convert decimal format licenses
_______________________________________________
This is an API for companies that want to provide their own
front-end for installing license files. lc_convert() can be
used in combination with lc_check_key() to provide a
user-friendly front-end.
lc_convert also changes "SERVER this_host" to the real
hostname, on either decimal or readable licenses. It only
does this if lc_convert is run on the same hostid as appears
on the SERVER line, and does not do this for hostids of DEMO
or ANY.
int lc_convert(
LM_HANDLE *job,
char *str,
char **return_str,
char **errors,
int flag;
The arguments are similar to lc_cryptstr():
job: From lc_init()
str: Input file in a character buffer. Normally
this would be a decimal format license.
return_str: Pointer to a char *. If successful,
upon return it points to a buffer that has the
file in the desired format.
Free this memory after use. On PCs, we recommend
using lc_free_mem().
errors: Pointer to a char *. If lc_convert returns -1, this
is set to an explanatory message.
If set, free this memory after use. On PCs,
we recommend using lc_free_mem().
flag: LC_CONVERT_TO_READABLE or LC_CONVERT_TO_DECIMAL
If any other value, lc_convert returns LM_BADPARAM.
return values: 0 == success,
LM_BADPARAM means a bad flag argument
- 13 -
-1, there's a problem with input text, and error
is set to an explanatory message.
Shorter license-keys (Optional)
_______________________________
The license-key is the set of hex digits which appear on every
FEATURE/INCREMENT/UPGRADE/PACKAGE line and makes the line secure.
For example:
FEATURE f2 demo 1.0 1-jan-0 0 6E06CC47D2AB HOSTID=12345678
^^^^^^^^^^^^
License-key
Historically, license-keys were always 20 characters.
The license key is now 12 characters instead of 20, by
default, but 20-character keys can still be optionally
required. 20-characters license-keys are always accepted
while shorter license-keys are only accepted where allowed.
This impacts licensing in 2 ways:
1) Instead of a 64-bit security key on each feature
line, there's a 48-bit security key. We believe
that 48-bit security is sufficient for the vast
majority of our customers.
2) The 20-character license-key included 4 characters
for the license "start-date". This is now
optional, and is turned off by default in v6. We
believe that a start-date has little practical
application for most companies and was rarely used.
However, those desiring a start-date can now get
one in 2 ways:
o There is now an optional "START=" attribute
for FEATURE/INCREMENT/UPGRADE lines. This
is the preferred method for a start date.
o You can continue to use a start-date in the
license key. However, we have imposed the
requirement that a start-date in the license-key
*must* be accompanied by a 64-bit license-key.
(This is to remove any ambiguity about what
the key contains.)
Here's how to turn on long license keys and/or license-key
start-dates in applications, license-generators and
vendor daemons:
Application and license generators:
- 14 -
long license keys:
lc_set_attr(job, LM_A_LKEY_LONG, (LM_A_VAL_TYPE) 1);
hidden start-dates:
lc_set_attr(job, LM_A_LKEY_START_DATE, (LM_A_VAL_TYPE) 1);
For lmcrypt and makekey, modify the source in machind.
Vendor daemon (in machind/lsvendor.c):
ls_a_lkey_long = 1; /* long license keys */
ls_a_lkey_start_date = 1; /* hidden start-dates */
Compatibility ==>
o V6 applications (even those accepting short license-keys)
will accept licenses with long license keys.
o Pre-v6 applications will not accept licenses with
short license-keys.
o License generators (lmcrypt, makekey) will issue long
license-keys when -verfmt is set to a version less than
6.
o LM_BEHAVIOR_V5 (or older) in lm_code.h will set license-keys
to be long and start-dates in the license-keys. However,
this can be overridden in the code with
lc_set_attr(job, LM_A_LKEY_LONG, 0) and similarly
for LM_A_LKEY_START_DATE, which must be set in the
application, license-generator and vendor-daemon.
Existing companies can successfully use short license
keys (and may very well want to), but must obey the
following rules:
o If a site wants to use older products, then
you must use "-verfmt ..." to create a license
with long keys. Both old and new products
will accept these licenses.
o If a site is completely converting to products
using FLEXlm v6, licenses with short keys can
be shipped.
o New customers can receive licenses with short
keys.
New keywords: "permanent" and "uncounted"
__________________________________________
- 15 -
permanent: synonymous with an expiration date of "1-jan-0".
uncounted: synonymous with a user count of '0' which means
that the license is uncounted by a server, and
usually a demo license, or otherwise node-locked.
Example:
Old: FEATURE f2 demo 1.0 1-jan-0 0 6E06CC47D2AB HOSTID=12345678
New: FEATURE f2 demo 1.0 permanent uncounted 6E06CC47D2AB HOSTID=12345678
These new keywords are optional, but are generated automatically
by lmcrypt and makekey (unless -verfmt specifies an older format).
Compatibility ==>
o These keywords will fail with older FLEXlm clients.
o The older syntax is accepted by new clients.
o lmcrypt and makekey with -verfmt older than v6 will
not use these keywords.
Licenses are optionally case-insensitive
________________________________________
The default behavior in v6 is that 100% of the license file
is case-insensitive, at least in FLEXlm's use of the file.
Vendors that want case-insensitivity will have to make sure
their own use of any strings in optional license fields
(like VENDOR_STRING="...") is also case-insensitive.
Companies that want case sensitivity can turn it on with
lc_set_attr(job, LM_A_LICENSE_CASE_SENSITIVE, (LM_A_VAL_TYPE)1);
For the vendor daemon, in lsvendor.c, set
ls_a_license_case_sensitive = 1;
Compatibility:
o LM_BEHAVIOR_V5 (in lm_code.h) will turn on case sensitivity.
This can be overridden with
lc_set_attr(job, LM_A_LICENSE_CASE_SENSITIVE, 0);
which must be set in the application, license-generator
and vendor-daemon.
o v6 applications will accept old, case-sensitive license
files.
- 16 -
o Pre-v6 applications will fail with licenses issued
with case-insensitivity.
o Set -verfmt to a version older than 6 when issuing
licenses that must be used by older applications.
Improved PACKAGE support
________________________
PACKAGE lines can now be shipped in separate files that users
do not edit. Your checkout call can specify a license-file
list, where one file has the PACKAGE lines. Note that the
server needs to be started with both files also.
Compatibility ==>
o Older applications will fail with separate PACKAGE
files. They must be combined with license in previous
versions.
Server port numbers are no longer needed (single-server only)
________________________________________
NOTE: This does not apply to 3-server redundant servers, which
still require explicit port numbers on the SERVER line.
The port number on the SERVER line is no longer required
by FLEXlm. A new SERVER line can look like this:
SERVER hostname 12345678
How it works:
FLEXlm uses reserved port numbers 27000 through
27009. The lmgrd, upon starting up, finds the
first available port number in this range, and
uses it.
Applications, connecting to a server, try all port
numbers in the range 27000-27009.
Compatibility ==>
Older applications will require a port number on the
SERVER line. However, using a number between 27000
and 27009 has the important advantage that new clients
do not need to know the server's port number
to successfully checkout a license. (More about this
later in the next item).
- 17 -
@hostname
_________
If a server is using a port number in the range 27000-27009,
v6 clients can set their $LM_LICENSE_FILE variable to, simply,
"@hostname".
@localhost will always work if the server is running
on the same system as the client.
Compatibility:
Older applications will fail with @hostname.
End-User Options File -- new default file
_________________________________________
In previous versions, the options file had to be specified
on the VENDOR line in the license file. Now the file
can be called "vendor.opt", where "vendor" is the name of the
vendor daemon, in any directory where a license is located.
For example, assume the vendor name is "gsi" (Globetrotter's
vendor daemon name). if lmgrd is started thus:
lmgrd -c /path/to/licenses/
Then, the options file can be simply placed in
/path/to/licenses/gsi.opt
And the license file does need to specify this, the
gsi daemon will automatically find it upon startup.
Compatibility ==>
Older vendor daemons will only find options files
specified in the license file.
License in a buffer
___________________
Normally a license path is a string that is a path to a
file or directory. It can also be a license. For example
CHECKOUT(LM_RESTRICTIVE, "f1", "1.0", "path/to/license");
FLEXlm will understand this string as a license if the
string starts with "START_LICENSE0..", and ends with
"0ND_LICENSE":
CHECKOUT(LM_RESTRICTIVE, "f1", "1.0",
- 18 -
"START_LICENSE0EATURE f1 demo 1.0 permanent uncounted 50A35101C0F3 HOSTID=ANY VENDOR_STRING="Acme Inc"0ND_LICENSE");
(This can be done with any mechanism for setting the license
path, including LM_A_LICENSE_DEFAULT.)
This can be used for a variety of purposes, however, a common
use is licensing a library to a particular company. In this
case, it's common to use the VENDOR_STRING to include
information that allows the library only to be used by that
one company.
For example, a company's libraries may be used to read a
particular format file. If the file included the name of the
company that generated the files, the library could guarantee
that the name in the file match the name in the
VENDOR_STRING="" (by using lc_auth_data(), or
LM_A_CHECKOUTFILTER).
VENDOR_LICENSE_FILE
___________________
Each ISV now has a unique environment variable that
can be used to set the license-file path:
XXX_LICENSE_FILE
where "XXX" is VENDOR_NAME in lm_code.h, all uppercase.
For example, where Globetrotter's VENDOR_NAME is "gsi",
GSI_LICENSE_FILE is the environment variable which would
specify the license file path.
The precedence rules for license path are:
1) the default locations are:
Unix: /usr/local/flexlm/licenses/license.dat
Windows: c:exlm
2) If $LM_LICENSE_FILE or $VENDOR_LICENSE_FILE is set
the default location is ignored.
3) If application sets LM_A_DISABLE_ENV, then environment
variables are ignored. (Not recommended except in
special circumstances).
4) The license location(s) can be set in the application with
LM_A_LICENSE_FILE or LM_A_LICENSE_FILE_PTR or
LM_LICENSE_DEFAULT. If any of these are set, the default
location is ignored. LM_A_LICENSE_DEFAULT is normally
recommended, since it automatically recognizes the
environment variables plus the indicated license path(s).
- 19 -
LM_A_LICENSE_FILE and LM_A_LICENSE_FILE_PTR will set the
path if the environment variable is either not set or is
disabled.
5) If both $VENDOR_LICENSE_FILE and $LM_LICENSE_FILE are set,
both are used, with $VENDOR_LICENSE_FILE used first.
6) In the FLEXible API, the license file location cannot
be changed once the license file is read. The license
file is not read until one of the following functions is
called:
lc_checkout
lc_get_config
lc_next_conf
lc_userlist
The only way to effectively change the license file
once it has been read, is to start a new job (with
lc_init(). That new job will read the new license
when required to.
7) Finally, calling any of LM_A_LICENSE_* more than once overrides
the previous setting. For example,
lc_set_attr(..., LM_A_LICENSE_DEFAULT, licensepath1);
lc_set_attr(..., LM_A_LICENSE_DEFAULT, licensepath2);
Only "licensepath2" is used.
lc_set_attr(..., LM_A_LICENSE_FILE, licensepath1);
lc_set_attr(..., LM_A_LICENSE_DEFAULT, licensepath2);
Again, only "licensepath2" is used.
8) For the Simple and Trivial APIs, the rules are the
same, with the caveat that the license-path argument
behaves like LM_A_LICENSE_DEFAULT.
Applications prompt for license file or server (Windows only)
______________________________________________
If, during checkout, the application can find no features for
this vendor, either in a file, or from a server, the user is
automatically asked for a license file, path to a license
file, or the hostname that's running the license server.
Then the checkout is automatically retried with this new
information.
Applications, mostly batch, which cannot have a dialog box
like this appear, can turn this off with:
- 20 -
lc_set_attr(job, LM_A_PC_PROMPT_FOR_FILE, (LM_A_VAL_TYPE) 0);
Optional START=... start-date in license file
_____________________________________________
This new optional field can be used as a visible start-date.
We do not normally recommend using start-dates, since they
are of little practical use to most companies. But for companies
that want a start-date, it's preferable to have a visible
start-date.
LM_A_BEHAVIOR_VER
_________________
The overall behavior for all FLEXlm components can easily
be set in lm_code.h. In addition, there is an API for
this.
In the application:
lc_set_attr(job, LM_A_BEHAVIOR_VER,
(LM_A_VAL_TYPE)LM_BEHAVIOR_VX);
where 'X' is 5_1, 5, 4, 3, or 2.
For the vendor daemon, in lsvendor.c, set:
char *ls_a_behavior_ver = LM_BEHAVIOR_VX;
Other Minor v6.0 Changes
________________________
lc_init() and lp_checkout() checks for default ENCRYPTION_SEEDs
_______________________________________________________________
If the (non-"demo") ENCRYPTION_SEEDs are unchanged from the
default numbers, or all the 8 hex digits are not filled in,
LM_DEFAULT_SEEDS error is returned. While not recommended,
this error can be ignored.
lc_feat_list() -- 'floating' arg changed to 'flags'
______________________________
The 'floating' argument has been renamed flags. We recommend
setting the flags argument to LM_FLIST_ALL_FILES, to get all
features from all license files in the license path.
- 21 -
We do not recommend using the floating-only feature from this
function, as this may be discontinued in future versions.
To list only floating features use: LM_FLIST_ONLY_FLOATING.
For both arguments, OR them together:
LM_FLIST_ONLY_FLOATING | LM_FLIST_ALL_FILES
lmutil takes -verbose argument
_________________________________
If set, all error messages print in long format. This can
make the output harder to read, but can be useful at times.
New License File Attributes
___________________________
START=...
This is a visible start-date. This functions the same as the
old start-date, but the old start-date was hidden in the
license-key.
Globetrotter does not normally recommend the use of
start-dates, since they provide little or no extra security.
this_host
_________
Hostname on the SERVER line can now be this_host. this_host
will successfully allow checkouts in all conditions except
one: where the application is reading the license file, and is
running on a different system than the server.
If the application is using port@host, or @host, or is running
on the same system as the license server, checkouts work
correctly.
This is useful for delivering licenses. lminstall
automatically updates this_host to the real hostname upon
installation.
Improved security
_________________
Our policy is to give no description of security enhancements.
Please don't ask.
- 22 -
Improved error message handling
_______________________________
Many new errors conditions have been added to improve
the clarity of error messages, including:
LM_DEFAULT_SEEDS "ENCRYPTION_SEEDs are non-unique"
Occurs when default encryption seeds are
used in lm_code.h
LM_LGEN_VER "Attempt to generate license with
incompatible attributes"
Occurs with -verfmt, when a license
illegal in the specified version is
generated.
LM_NOT_THIS_HOST "Network connect to THIS_HOST failed"
"The license file indicates THIS_HOST, and
the server is not running on this host.
If it's running on a different host,
THIS_HOST should be changed to the correct
host."
LM_HOSTDOWN "Server node is down or not responding"
This new error condition indicates the
server node is not running, or not responding.
LM_VENDOR_DOWN "The desired vendor daemon is down"
New error condition indicating that lmgrd
is running, but not the vendor daemon.
LM_CANT_DECIMAL "This FEATURE line can't be converted to
decimal format"
LM_BADDECFILE "The decimal format license is typed
incorrectly"
This is detected via the decimal format
checksum.
lc_err_info
___________
LM_ERR_INFO *lc_err_info(LM_HANDLE *job);
lc_err_info returns a struct that has the following public
elements describing the current error in the job:
int maj_errno;
This the flexlm error number, which is
a negative number between -1 and LM_LAST_ERRNO.
int min_errno;
The is the minor error number. This allows
a support person with access to the FLEXlm
source code to pinpoint the location where
the error occurred, and thereby provide
improved support.
int sys_errno;
- 23 -
This is the most recent system "errno".
LM_CHAR_PTR feature;
This is the name of the feature that the
error applies to.
LM_CHAR_PTR_PTR lic_files;
This is a null terminated list of char pointers
of the license files used when the error occurred.
LM_CHAR_PTR context;
This is a string which gives additional
information about the error. Its contents
depends on the type of error. Refer to
machind/lcontext.h for more information.
This information allows applications to present error messages
in any language and in any desired format, since there is
no English-specific text in this struct.
Alternative paragraph format error messages
___________________________________________
Error messages can now optionally be presented in a long, more
descriptive format. The new format contains embedded newline
characters, which some applications may not be able to handle,
or may need special handling.
Example:
Invalid host
The hostid of this system does not match the hostid
specified in the license file
Hostid: 12345678
License path: ./file1.lic:./file2.lic:./file3.lic
FLEXlm error: -9,9
The format is:
short-error-description
optional-long-explanation [1-3 lines]
optional-context-information
License path: path1:...:pathn
FLEXlm error: major, minor
The default is now long error messages. Applications
will often find it useful to present the short error message
first, and then long error message upon user request. This
can be done in the FLEXible API:
lc_set_attr(job, LM_A_LONG_ERRMSG, (LM_A_VAL_TYPE)0);
....
/*error occurs*/
lc_perror(job);
- 24 -
/* user requests long error message */
lc_set_attr(job, LM_A_LONG_ERRMSG, (LM_A_VAL_TYPE)1);
lc_perror(job);
Note that this only works if another FLEXlm error doesn't
occur in between, which would change the error condition and
message.
Not all error conditions have long explanations or
context-sensitive information.
Compatibility ==>
LM_BEHAVIOR_V5 sets error messages to short. This
can be overridden with LM_A_LONG_ERRMSG.
lc_check_key()
______________
int lc_check_key(LM_HANDLE *job, CONFIG *conf, VENDORCODE *code)
Return: 0 == success, <>0 = FLEXlm error number.
This function is used to verify if the license-key in the
CONFIG * 'conf' is valid.
The 'conf' pointer comes from a call to lc_next_conf().
'code' comes from lc_new_job() or the LM_CODE macro.
$FLEXLM_DIAGNOSTICS
__________________
This was added in FLEXlm v4, although not documented until
recently in the FLEXlm End-User Manual.
Output is to stderr on Unix, and flexnnn.log on Windows, where
"nnn" is the applications process ID (or flex_err.log in v5.0 for
Windows).
If set to '1', the FLEXlm error message is printed when
a checkout fails.
If set to '2', the feature name, number requested, queueing and
dup-group masks are also printed.
And, new in v6, if set to '3', diagnostic information is
printed upon successful checkout, including the license
file location and the server name and port if applicable.
Vendor daemon and lmgrd log large volume statistics
- 25 -
___________________________________________________
If the server processes detect a large volume of messages, the
volume is logged to the debug log, including the number of
messages in the previous 6 hours, and the maximum number of
messages per minute in those 6 hours. This may be useful
for detecting when end-user systems are approaching a practical
limit for licensing activity. When this limit is exceeded,
users should split their licenses between more servers, and
use license-file for clients to access are servers, thereby
distributing the licensing load.
v6.0 Changes from Previous versions
___________________________________
lsvendor.c
__________
As is true with each version, lsvendor.c has changes. If you
have a modified lsvendor.c, you'll need to re-make those changes
to the new lsvendor.c. The compilation will fail with an older
lsvendor.c
l_extract_date takes a job handle
_________________________________
Applications and license generators should not require
this function anymore, since lc_cryptstr() is now the
preferred license generation function. However, if your
application calls l_extract_date(), the new prototype is
char * l_extract_date (LM_HANDLE_*, char * );
The job is needed to determine if start-dates are
hidden in the license-key.
License File List
_________________
Various utilities and functions behave somewhat differently
now that a license server can support multiple files.
lc_ck_feats, lc_feat_set and lc_get_feats
_________________________________________
NOTE: The use of FEATURESET is strongly discouraged. The new v5
SUPERSEDE license attribute is recommended.
- 26 -
These function only operates on one file at a time.
To ensure that you're operating on the correct
file, you can do the following before a call
to any of these functions (probably in a separate
job from the one used for lc_checkout()):
lc_set_attr(job, LM_A_DISABLE_ENV, 1);
lc_set_attr(job, LM_A_LICENSE_FILE_PTR, filepath);
CHECKIN, lp_checkin and lc_checkin are now void functions
_________________________________________________________
No status is returned from these functions in v6.
Unix: Default heartbeats improved
_________________________________
In previous versions, FLEXlm's use of SIGALRM
interrupted I/O calls like read() and write(). In v6
this is not the case, making FLEXlm integration easier.
Internally, this is accomplished by using sigaction()
with the SA_RESTART flag.
lc_expire_days()
________________
Previously, lc_expire_days did not presume "local time"
and so the return value could be confusing.
Now it presumes local time, and the return values
are more precisely what the manual indicates.
lc_shutdown()
_____________
Only shuts down the lmgrd if it's running the vendor daemon
name in lc_init() call.
LM_A_NO_DEMO not supported
__________________________
This attribute is being removed. It had no real functionality
in the past anyway.
lc_lic_where()
______________
We recommend replacing this call with
char **cpp;
- 27 -
lc_get_attr(job, LM_A_LF_LIST, &cpp)
This gives the complete list of files. Since v6 supports
multiple files in a more thorough way than the past,
lc_lic_where is no longer a reliable way of finding the
license file. The logic would need changing if this
call is used, since it's a null-terminated array of
strings, rather than just one string.
lmcksum -pre_v6
_______________
lmcksum gives different checksums than older versions of
lmcksum. This is because the new lmcksum, by default,
assumes that licenses are case-insensitive. To get the same
result as an older lmcksum, use 'lmcksum -pre_v6'.
LM_A_ANY_ENABLED and LM_A_NO_DEMO removed
_________________________________________
These lc_set_attr() attributes were removed in this version.
These attributes are 100% equivalent to simply not issuing
this type of license.
New Error Codes
_______________
LM_DEFAULT_SEEDS -91 ENCRYPTION_SEEDs are non-unique
LM_SERVER_REMOVED -92 Feature removed during lmreread,
or wrong SERVER line hostid
LM_POOL -93 This feature is available in a different
license pool
This is a possible response to LM_A_VD_FEATURE_INFO request,
indicating that this INCREMENT line can be ignored, as it
has been pooled with another line.
LM_LGEN_VER -94 Attempt to generate license with incompatible
attributes
Occurs with -verfmt arguments to lmcrypt or makekey, or
-overfmt with lminstall.
LM_NOT_THIS_HOST -95 Network connect to THIS_HOST failed
When "this_host" is used as a hostname. Replace this_host with
a real hostname to resolve this error.
LM_HOSTDOWN -96 Server node is down or not responding
Indicates the whole system is not up, not just the lmgrd process.
LM_VENDOR_DOWN -97 The desired vendor daemon is down
Indicates lmgrd is running, but not the vendor daemon.
LM_CANT_DECIMAL -98 The FEATURE line can't be converted to
decimal format
LM_BADDECFILE -99 The decimal format license is typed
incorrectly
- 28 -
LM_REMOVE_LINGER -100 Cannot remove a lingering license
LM_RESVFOROTHERS -101 All licenses are reserved for others
v6.0 Minor enhancements
_______________________
REPORTLOG updates
_________________
Report logs are now "flushed" once a minute. In versions 5.0
and v5.1x, report logs were only updated after a large
number of transactions, so reporting on running vendor daemons
would often not contain current information.
UPGRADE of uncounted FEATURE/INCREMENT supported
________________________________________________
If the UPGRADE line appears, it will have no effect unless
there's a corresponding FEATURE/INCREMENT line prior to the
UPGRADE line. This is useful when you want to sell a product
"Upgrade" and want to require that the user already own the
basic product at the older version level.
VENDOR line supports embedded spaces for paths
______________________________________________
The VENDOR line optionally specifies paths to the vendor
daemon and the end-user options file. If surrounded by
quotes ("), these paths can now contain embedded spaces.
Example: VENDOR demo "C:PROGRAM FILES
Note that older vendor daemons and/or lmgrds will not work
with paths with quotes.
lmutil output format changes
____________________________
As with all new FLEXlm versions, the output format
of the FLEXlm utilities have been modified and
enhanced from previous versions.
lmdown and lmreread take new "-vendor name" arg
_______________________________________________
lmdown [-vendor name]
lmreread [-vendor name]
If "-vendor name" appears (where name is the vendor daemon
- 29 -
name), the function only applies to that one vendor daemon.
You can also stop and restart a single vendor daemon:
% lmdown -vendor gsi
[perhaps you would edit the end-user options file here...]
% lmreread -vendor gsi
The lmreread command restarts the gsi vendor daemon.
lmdown -vendor name will not shutdown the lmgrd process, even
if there are no vendor daemons left.
With these 2 changes, it is now much easier to run a single
lmgrd for many license files from many vendors.
lc_cryptstr()/LM_A_MAX_LICENSE_LEN
makekey, lmcrypt and lminstall take -maxlen arg
_______________________________________________
You can now control the length of license file output lines.
This is to improve email of license files.
makekey lmcrypt and lminstall all take -maxlen 'n'
The default is 70 characters, which is used when -maxlen
is not specified, or is set to 0.
If maxlen is -1, then lines are never wrapped with line-continuation
characters.
You can also set this in C with the FLEXible API, with
lc_set_attr(job, LM_A_MAX_LICENSE_LEN, (LM_A_VAL_TYPE)n);
New v6.0 Examples
_________________
flexlm/v6.0/examples/advanced/exinstal.c:
This is a sample license installer. It checks syntax
and license-keys, and creates a license file in the
indicated directory. In converts decimal to readable
format, if necessary, and formats the license.
flexlm/v6.0/examples/advanced/get_dir.c:
Can be used to locate the license file.
It finds the directory where the program resides.
flexlm/v6.0/examples/advanced/licstring.c:
Example using license in a buffer, and converting
- 30 -
single FEATURE lines to CONFIG structs.
Version V6.1 Enhancements
_________________________
Phase 1 of the v6.1 security enhancements is recommend for all
ISVs. Trivial and Simple API customers get this
automatically. For the FLEXible API there's one API change
added for this: lc_new_job().
In addition, there's an optional security enhancement, Phase 2,
available for ISVs that want the highest level of security.
Phase 2 is not needed or necessarily recommended for most
ISVs. Unfortunately, licenses generated with the Phase 2
enhancement are incompatible with all previous licenses, making
this a dramatic change, and suitable only for companies new to
FLEXlm, or those willing to undergo this change for the
additional security.
Phase 1: lm_new.o and lc_new_job()
__________________________________
lm_new.o/lm_new.obj:
________________________________
lm_new.o adds additional security to FLEXlm applications. It's
used by all Simple and Trivial API applications, as well as
Flexible API applications that use lc_new_job(). lm_new.o is
built automatically during installation or comes pre-built with
evaluation kits. See machind/makefile (Unix) or
flex_sdki86_n3makefile (Windows) to see how lm_new.o
(lm_new.obj) is built. lm_new.o must be rebuilt when anything
in lm_code.h changes.
NOTE: If your application link fails with an error about "l_n36_buf",
the problem is that you need to add lm_new.o (or lm_new.obj)
to your link line.
lc_new_job
__________
lc_new_job() replaces lc_init() for executables shipped to
customers. Continue using lc_init() for license-generators,
such as lmcrypt and makekey, and any other internally used
applications.
To use lc_new_job():
1) Replace the LM_CODE macro, with a VENDORCODE declaration:
- 31 -
VENDORCODE code;
2) Replace lc_init() with lc_new_job. Except for the
2nd argument, the arguments are the same. The 2nd
argument is currently unused, but we recommend using a
0 for security reasons (instead of VENDOR_NAME).
3) The new makefile builds an object file called lm_new.o
on Unix, and lm_new.obj on Windows. You must add this
file when linking your applications. Evaluation
kits come with a pre-built lm_new.o, which cannot
be rebuilt.
For the Windows platforms (i86_n3 and alpha_n3) it is now necessary
to build your vendor daemons linked statically to the lmgr326s.lib.
The vendor daemon is built automatically in i86_n3 or alpha_n3
directories. Please refer to the included makefile for further
information about how the vendor daemon is built.
Also for the Windows platforms, the lc_new_job() function is not
implemented in the DLL version, lmgr326a.dll. We recommend using
the static library whenever possible to increase the security.
If this is not possible, the benefits of lc_new_job() can be
achieved by
1) Remove the LM_CODE macro.
2) Build the VENDORCODE argument to lc_init() and
lc_checkout() at runtime.
Following is an example of code that can be used for step
#2:
VENDORCODE *code;
unsigned long seed1 = 0x11111111 ^ VENDOR_KEY5;
unsigned long seed2 = 0x22222222 ^ VENDOR_KEY5;
unsigned long vkey1 = 0xaaaaaaaa;
unsigned long vkey2 = 0xbbbbbbbb;
unsigned long vkey3 = 0xcccccccc;
unsigned long vkey4 = 0xdddddddd;
/*...*/
code = (VENDORCODE *)malloc(sizeof(VENDORCODE));
code->type = VENDORCODE_5
code->data[0] = seed1;
code->data[1] = seed2;
code->keys[0] = key1;
code->keys[1] = key2;
code->keys[2] = key3;
code->keys[3] = key4;
- 32 -
You may also want to take additional steps to keep these
numbers obscure in your binary, by declaring in different
locations, changing order, etc.
If you are using the Trivial or Simple FLEXlm api's and linking
to the DLL (lmgr326a.dll), you will need to add the compiler flag
"FLEXLM_DLL":
cl ... /DFLEXLM_DLL ...
Phase 2
_______
Phase 2 is for companies new to FLEXlm, or those willing
to redistribute licenses and products to all customers.
Phase 2 is not needed or necessarily recommended for most
companies.
For security reasons, instructions for implementing Phase 2 are
available only upon request by supported ISVs, by email from
support@globes.com.
Other v6.1 Changes
__________________
Windows: The static libraries are now called lmgr.lib (with /MT
switch) and lmgr_md.lib (with /MD switch).
Most companies will use lmgr.lib.
Java Security Note
__________________
There are special security considerations for companies using
FLEXlm for Java, since Java applications can be relatively
easily decompiled.
For this reason we recommend that licenses and license
servers for Java applications be different than non-Java
applications. Otherwise, a hacker that is able to compromise
security through a Java application would have similar
access to non-Java applications.
In particular, we recommend that Java applications should use a
different vendor-daemon name, and different ENCRYPTION_SEEDs.
Linux Gnu-Libc (RedHat Linux)
_____________________________
Linux has introduced serious compatibility problems with each
new release. We now have the following Linux directories:
- 33 -
i86_l1
i86_g2
i86_r6
Here are the known rules to date regarding these releases:
i86_l1 can be used with "libc" on Caldera Linux v1 and v2, and
Redhat Linux v4. Binaries and objects for these OSs will *not*
run or link correctly on any later versions of these OSs.
i86_g2 should be used with glibc 2.0, which is used on Redhat v5.
The binaries linked on Redhat v5 will run correctly on Redhat v6, and
we have been told should continue to run correctly on all future
Redhat releases.
i86_r6 is required to for products linked on Redhat v6, which will
not run on Redhat v5, and should run on all future versions of
Redhat. i86_r6 *may* work correctly on other Linux GLibc 2.1
OSs.
Platform Specific Changes
_________________________
SGI
___
There are now 3 sgi directories:
sgi32_u5
sgi32_u6
sgi64_u6
These correspond more correctly to the Globetrotter platform
naming conventions than previous versions.
To build on Irix 6, please use the following chart:
-n32 -mips3: sgi32_u6 default
-n32 -mips4: sgi32_u6, use liblmgr_n32mips4.a
to link applications.
-64 -mips3: sgi64_u6 default
-64 -mips4: sgi64_u6, use liblmgr_64mips4.a
to link applications.
-o32: Use sgi32_u5 with 'make o32'.
Unix: liblmgrd.a and liblmutil.a are no longer shipped
_______________________________________________________
This change is in effect with v6.0i. These libraries were
used to build lmgrd and lmutil. Since the latest lmgrd and
- 34 -
lmutil can always be downloaded from our ftp site, these
libraries are no longer needed. This also reduces the download
time.
Platform Specific Notes:
________________________
UNIX
____
alpha_u3
________
uname -a: OSF1 zippy V3.2 17 alpha
CC: cc -std1
NOTE: alpha_u1 is discontinued. This only means that
we no longer support v1 and v2 of the OS, and
virtually no one uses those OS versions. Alpha_u3
fully supports Alpha DEC Unix 3 and 4.
decs_u4
_______
uname -a: ULTRIX newport 4.2 0 RISC
CC: /bin/cc -DPMAX -DULTRIX -DMIPS
hp300_u8
________
uname -a: HP-UX agent86 B.08.00 A 9000/375 080009060992
CC: /bin/cc
link flags: -lBSD
hp700_u9
________
uname -a: HP-UX oglobes A.09.01 A 9000/715 2005771344
CC: /bin/cc -DHP -DHP700 -Aa -D_HIUX_SOURCE -D_HPUX_SOURCE +DA1.0 +DS1.0
(replace HIUX with HPUX on an HP system)
Hostid note: we no longer recommend using ethernet address
as a hostid.
hp64_u11
________
uname -a: HP-UX hp9000k B.11.00 A 9000/889 81601311
CC: /usr/bin/cc -DHP -DHP700 -DHP64 -Aa -D_HIUX_SOURCE -D_HPUX_SOURCE +DA2.0W +DS2.0W
- 35 -
i86_b2
______
uname -a: BSD/OS bsdi.globes.com 2.1 BSDI BSD/OS 2.1 Kernel #1:
Mon Jun 10 15:58:19 MDT 1996
polk@demiurge.BSDI.COM:/usr/src/sys/compile/GENERIC
i386
CC: /usr/ucb/cc
NOTE: The hostid is the ethernet address.
i86_d4
______
uname -a: dgux dgbig R4.11 generic AViiON Pentium
CC: /bin/cc, actually, /usr/opt/sdk/sde/ix86dgux/usr/bin
NOTE: hostid comes from /dev/net/*. By default these files
are only readable by root. We recommend changing the
perms to:
# chmod 644 /dev/net/*
i86_g2
______
uname -a: Linux redhat.globes.com 2.0.34 #1 Fri May 8 16:05:57
EDT 1998 i586 unknown
CC: /usr/bin/cc
Note: This is Linux with Gnu-libc, and runs on redhat v5.x
and any other Linux using Gnu-libc.
To obtain ethernet hostid (same as Linux, i86_l1):
/sbin/ifconfig eth0
Convert the hardward address as follows:
From: HWaddr 00:40:05:16:E5:25
To: 00400516E525
i86_l1
______
uname -a: Linux skyline.globes.com 1.2.13 #1 Mon Jan 15 12:33:32 MST 1996 i586
CC: /usr/bin/cc
cc -v: Reading specs from /usr/lib/gcc-lib/i486-linux/2.7.0/specs
gcc version 2.7.0
- 36 -
IMPORTANT NOTE: v5+ uses ethernet address as a hostid,
which is relatively secure. v4 used the 'hostid' command,
which was not secure. To obtain the ethernet address, type:
/sbin/ifconfig eth0
Convert the hardward address as follows:
From: HWaddr 00:40:05:16:E5:25
To: 00400516E525
V5+ lmhostid will report ethernet address by default. v4
will report 'hostid'. Both types of hostid are acceptable
to version 5 clients and servers.
lmhostid, or lmhostid -ether
-- obtains the ethernet address (secure)
lmhostid -long
-- obtains the output from the 'hostid' command
(not secure)
i86_u2
______
uname -a: UNIX_SV rolm 4.2MP 2.1 i386 x86at
CC: /usr/ccs/bin/cc
i86_x5 (Solaris on Intel)
______
uname -a: SunOS sunpc 5.4 generic i86pc i386
CC: /opt/SUNWspro/bin (version 3.0)
i86_rl2 (Lynx realtime OS)
_______
uname -a: LynxOS lynx 2.5.0 012797-G i386
CC: /bin/cc
The server is limited to serving 60 clients by default. If a
a server is being run on Lynx, we strongly recommend compiling
the kernel for a larger number of file descriptors per process
to avoid this small limit of clients.
To reconfigure the number of file descriptors:
1) root:
2) cd /sys/lynx.os
3) vi uparam.h
4) USR_NFDS -- change to 256 (or higher if necessary).
5) make install
- 37 -
moto_u4
_______
uname -a: UNIX_System_V motosvr4 4.0 R40V4.2 m88k mc88100
CC: /bin/cc
link flags: -lsocket -lnsl
nec_u2
______
uname -a: UNIX_System_V nec 4.0 2 R3000 r3000
CC: /bin/cc
link flags: -lsocket -lnsl
/usr/necbin/uversion: Release6.2 Rev01 - EWS4800/220 - WS
ppc_u4 (Power PC AIX v4)
______
uname -a: AIX aixv4 1 4 00FFFFFF4D00
CC: /bin/cc with -D_BSD -D_BSD_INCLUDES
link flags: -lbsd
Hostid is the same as rs6000.
rs6000_u3
_________
uname -a: AIX rs6000 1 3 000276513100
CC: /bin/cc -D_BSD -D_BSD_INCLUDES
link flags: -lbsd
sco_u3
______
uname -a: SCO_SV sco 3.2 2 i386
uname -X:
System = sco
Node = sco
Release = 3.2v4.2
KernelID = 94/02/14
Machine = i80486
BusType = ISA
Serial = 2BK004210
Users = 2-user
OEM# = 0
Origin# = 1
NumCPU = 1
The important thing here is 3.2v4.2. FLEXlm v6.0
will fail on earlier versions of SCO.
CC: /bin/cc -Dsco
- 38 -
link flags: scoinfo.o -lsocket
IMPORTANT NOTE: v4.1 FLEXlm was built on an older OS:
Release = 3.2v2.0
KernelID = 90/10/01
sgi32_u5
______
uname -a: IRIX indy 5.2 02282013 IP12 mips
CC: /bin/cc
sgi64_u6
________
uname -a: IRIX64 challenger 6.1 07121831 IP26 mips
CC: /bin/cc -64 -mips3
This was called sgir8_u6 in previous versions. It's been
renamed to reflect the fact that it's 64-bit.
sgi64_u6
________
uname -a: IRIX64 challenger 6.1 07121831 IP26 mips
CC: /bin/cc -n64 -mips3
sun4_u4
_______
uname -a: SunOS ss 4.1.2 2 sun4c
CC: /bin/cc
sun4_u4 is now built on a 4.1.2 system. This means that it
will no longer work with 4.0.3 systems.
sun4_u5
_______
uname -a: SunOS backstage 5.1 Generic sun4m sparc
CC: /opt/SUNWspro/bin/cc
Bugs fixed in v6.1g
___________________
Bug Platform Description [Module]
___________________________
P4211 All Security enhancement. [Vendor daemon]
P4225 All Client core dumps when COMPONENT is removed via
SUPERSEDE [Client]
- 39 -
P4255 All vendor daemon with PLATFORMS= in license can
core dump with lmreread.
P4258 All Security issue addressed. [Vendor daemon]
P4130 All ls_outfilter doesn't allow filtering different pools.
If you use ls_outfilter, the behavior may change, and
we recommend contacting Globetrotter support for
further information.
[Vendor daemon]
Bugs fixed in v6.1f
___________________
Bug Platform Description [Module]
___________________________
P4067 All If you UPGRADE more than the INCREMENT count,
unlimited licenses become available [Vendor daemon]
P4069 HP HP Failed with redundant servers [Vendor daemon]
Bugs fixed in v6.1e
___________________
Bug Platform Description [Module]
___________________________
P4000 All port@host, v6 vendor daemon, pre-v6 client can fail
[vendor daemon]
Bugs fixed in v6.1d
___________________
Bug Platform Description [Module]
___________________________
P3631 All Using USE_SERVER, failed checkout can get BADFILE error
instead of the real error. [Client library]
P3788 All USER/HOST_BASED not checked on lmreread [Vendor daemon]
P3869 All MAX_OVERDRAFT didn't work. [Vendor daemon]
P3876 All Package with PLATFORMS= or SUPERSEDE=, lc_free_job can
core dump. [Client library]
P3947 Windows CANTWRITE returned instead of CANTCONNECT
[Client library]
P3948 All SUPERSEDE a PACKAGE can core dump. [Vendor daemon]
P3949 All Server doesn't verify START= [Vendor daemon]
P3998 Windows lmdiag can erroneously complain about license
syntax errors. [lmutil]
P4038 Unix Client can core dump if linked with a version of X
that uses signal() instead of sigaction().
[Client library]
Bugs fixed in v6.1c
- 40 -
___________________
Bug Platform Description
___________________________
P3371 All makekey.c won't compile with strict ANSI C compiler.
P3496 Unix lmstrip.c corrupts a C++ binary with munged
names longer than 2k.
P3513 sun4_u5 replaced sys_errlist[] and getdomainname() for
Solaris compliance.
P3537 i86_n3 genlic32.exe doesn't save all advanced settings.
P3538 i86_n3 genlic32.exe won't allow use of hostids longer
than the screen field.
P3551 i86_z3 Windows95 bug obtaining SPX low-level address.
P3567 All Decimal format fails with exp-date at end of
month.
P3586 All lmreread can (rarely) result in vdaemon core dump.
P3645 All Memleak when checkout(f1, 1) then checkout(f1, 2).
P3699 All Decimal format failed with ints between 2^31 and 2^32.
Windows lmver now works on a .exe file.
P3730 All Core dump possible when $VENDOR_LICENSE_FILE
and $LM_LICENSE_FILE set.
P3731 i86_z3 Networking error gave incorrect error message.
Bugs fixed in v6.1b
___________________
Bug Platform Description
___________________________
sun4_u5 Vendor daemon won't run when process allows > 1024
file descriptors.
Bugs fixed in v6.1a
___________________
Bug Platform Description
___________________________
P3280 All Queued users will dequeue after 2 1/2 hours.
P3281 Unix Baddate checking is not thorough
P3289 Windows Error message box appears behind all other windows
P3306 Windows Client can crash when using Netware server
P3307 All lmdiag gives misleading error with vendor-defined id
P3315 All lc_vsend connects to daemon for first feature in
license -- can be wrong daemon
P3316 All REPORTLOG includes incorrect, large cpu times for
Pre-v5 clients -- also makes reportlogs larger
P3322 All checkout can fail when server stopped and restarted
(very rare).
P3323 Windows Client can fail with redundant servers
P3324 All lc_auth_data fails with certain long feature lines
P3353 All Decimal format doesn't work with vdefined hostid
P3364 Windows License file dialog doesn't work
- 41 -
Bugs fixed in v6.1
___________________
Bug Platform Description
___________________________
P3175 All LM_CO_WAIT, if it queues, returns erroneously with
LM_MAXUSERS error.
P3177 All Simple/Trivial API, returns LM_NOFEATURE when it
should return LM_BADHOST
P3186 All The combination of checkout/port@host/
LM_A_CHECKOUTFILTER/LM_CO_LOCALTEST fails.
P3188 All The combination of port@host with
LM_CO_QUEUE and lc_auth_data fails.
P3203 Unix lmgrd v6 with pre-v6 vendor daemon, lmremove and
lmdown require admin permissions, as if lmgrd -p
were used.
P3206 All No system error numbers in error messages.
P3209 Windows Lmgrd startup is now displayed in debug log
P3210 Windows Enhanced Control Panel to add more diagnostics
P3226 Windows Fixed problem with Alpha-NT and vendor codes
P3227 Windows Fixed Firewall operation, now uses port on Daemon line
P3237 Windows Fixed export of access function in static library
P3250 Windows Pressing stop in Control Panel could freeze lmgrd.
P3251 Windows Status button in Control Panel could erroneously
say server was running.
- 42 -
Flexible License Manager
Version 8.1a
RELEASE NOTES
These release notes describe the changes from FLEXlm v7.2.
Summary of v8 Enhancements from v7.2
______________________________________
Mobile Licensing. 2 new methods are supported:
o BORROW-attribute: The client specifies the borrow
duration, and the server keeps the license checked out
via linger. The client uses a local file to do checkouts
during the borrow period. Significant enhancements were made
throughout the product to make this relatively secure
(although less so than without borrowing) and easy-to-use.
o FLEXid FLOAT_OK: Licenses issued node-locked to FLEXids
can now float on a network, if the license has the FLOAT_OK
attribute. Supported where client and server are Windows.
If the dongle is attached to a license server, then the
license floats on the network. To take home, user moves the
dongle from the server to a standalone Windows system.
License then only runs on standalone system, and is removed
from network.
8-bit character support:
o 8-bit characters (supporting Latin-based languages)
is now fully supported, including license files, client
environments, and log files.
lmutil/lmtools Improvements:
o lmreread now rereads all relevant information in the license
and options file.
o lmborrow command to support linger-based borrowing.
o lmswitch command to control debug log file location and
size, on a per vendor-daemon basis.
o lmdown can be forced to run only on the license-server node,
via 'lmgrd -local'.
o lmpath: Allows users improved direct control over the license file
settings.
Unix heartbeat multi-thread support on popular platforms:
o Previously, on Unix the only safe way to use heartbeats was
for the application to call heartbeats manually. This
version supports multi-threaded heartbeats which are safe and
considerably enhance security. This is not supported on
platforms that do not have reliable pthreads support, but it
- 43 -
is supported on all popular platforms.
Windows, faster response when server is down, and faster lmtools:
o Windows has a known bug in the networking 'connect()' that
has caused 15 to 45-second delays when the server node is
down, and general slow response when lmtools/lmutil
communicates with a license server. This has been worked
around in this version. The response is now about the same
as Unix.
DUP_GROUP enhancement:
o Previously, only one DUP_GROUP setting was allowed per
feature. This made it difficult for companies to change
the DUP_GROUP policy. This limitation has been removed.
End-user Options file:
o IP-Addresses are supported wherever hostnames are
supported.
o DEBUGLOG can set location on a per vendor daemon basis.
Improved Dongle Support
o Dongles now supported on USB devices.
SIGN2=
o CRO customers upgrading to v8.1 will use SIGN2= licenses
Upgrading to v8.1 -- changes to lm_code.h
_________________________________________
The new lm_code.h file no longer comes with ENCRYPTION_SEEDs, but
instead has LM_SEED1-3. To upgrade simply:
1) Copy all your existing ENCRYPTION_SEEDs from your
old lm_code.h into the new lm_code.h
2) Make up new unique 32-bit numbers for LM_SEED1-3 for
your company. These must be different than the
ENCRYPTION_SEED. For your convenience we now have
a command-line utility, lmrand1 -seeds, that can be
optionally used to generate your LM_SEEDs.
In short, you need both your existing ENCRYPTION_SEEDs and new
LM_SEEDs in the new lm_code.h file.
Borrowing -- Linger-based
_________________________
This form of borrowing is portable, easy-to-use, reliable, but
potentially less secure than a regular FLEXlm checkout.
Therefore, by default it is disabled. It requires no extra
- 44 -
coding by developers though we have provided an API so that
developers can customize it if desired (however, please see the
note about lmnewgen below).
Outline
_______
The basic mechanism is this: The user indicates through one of
a variety of options that they want to borrow licenses, and
then the applications are used (possibly just started and
stopped to initiate the borrow), which use causes the licenses
to be borrowed. If the app is run twice in this mode, the
second checkout does not borrow another copy. The license
remains checked out ("lingers") at the license server, and a
local encrypted file is stored on the end-user's system.
Subsequent checkouts are done against the local file, until the
borrow period expires, at which time the local encrypted file
no longer allows checkouts, and the server returns the
borrowed/lingered license to the available pool.
No clock synchronization is required between client and server.
Security
________
There are two security issues, which we've taken steps to
minimize as best as possible while maintaining an easy-to-use
and reliable system:
RISK 1) Should the server be stopped and restarted,
the licenses will be served again, which means
that extra uses may occur. Note that most
honest end-users are already reluctant to ever
shutdown license servers, which inherently
minimizes this risk.
lmremove does not return linger licenses, so
lmremove is not a risk.
RISK 2) The local borrow file is itself a point of
attack for counterfeiters. If this borrow file
can be counterfeited, then the product can be
used without a valid license. This is not as
secure a CRO licenses, and unfortunately cannot
be. We believe this to be "reasonably" secure
except for products that are particularly
attractive to determined hackers.
More details about how we minimize these risks follow.
How to Enable
_____________
- 45 -
By default, linger-based borrowing is disabled.
Linger-based borrowing is enabled by:
1) Set LM_BORROW_OK to 1 in machind/lm_code.h and
then build the flexlm kit.
LM_BORROW_OK must be set in lm_code.h to use borrowing.
2) The individual FEATURE/INCREMENT line must also have
borrowing enabled, by adding the optional attribute
BORROW[=n]
where 'n' is the maximum number of hours that the
license can be borrowed for. RISK 1 is reduced
by reducing the number of hours. The default
is one week, or 168 hours. The maximum is
limited by the size of 32-bit integer: 2 billion
hours.
How to Borrow a license
_______________________
There are 3 methods:
o lmborrow
o LM_BORROW environment variable
o LM_A_BORROW_EXPIRE
For lmborrow and LM_BORROW, after the setup is done, the desired
features must be checked out on the same day which then borrows
the license.
lmborrow: This is one of the lmutil utilities,
and there is also a tab in lmtools for this. After
lmborrow is run, all the desired applications must be
run to checkout the desired features. Note that this
only applies to the user running lmborrow on the node
where lmborrow is run.
lmborrow {vendor|all} date [time]
For example:
lmborrow gsi 20-aug-2001 13:00
where date is the date the license is to be returned
- 46 -
in dd-mmm-yyyy format. The time is optional and is
24 hour clock in the client's local time. If
unspecified, the checkout lasts until the end of the
given day. The vendor is the vendor daemon name for
the products to be borrowed, or "all" for all
vendors.
LM_BORROW: Environment variable. The format is:
today:vendor:enddate[:time]
where is
_____ __
today: Today's date in dd-mmm-yyyy format
Any checkouts done on this date
will create local borrow info.
If the environment variable still
exists on other dates, it will
have no effect.
enddate: The date the license is to be
returned in dd-mmm-yyyy format
time: 24-hour format. Optional. If
unspecified, the time is at the
end of the date on enddate.
vendor: The vendor name of the products
to be borrowed, or 'all' for
all vendors.
For example,
LM_BORROW="15-aug-2001:gsi:20-aug-2001:13:00"
The license is being borrowed on 15-aug-2001, and
will be returned at 1p.m. on August 20.
Note that lmborrow actually sets the LM_BORROW
variable in the registry (Windows) or in the .flexlmrc
(Unix), so the lmborrow utility is effectively a user
interface for this variable.
LM_A_BORROW_EXPIRE:
This is for the application that wants to provide
an interface for borrowing themselves.
Before lc_checkout, call
lc_set_attr(job, LM_A_BORROW_EXPIRE,
(LM_A_VAL_TYPE)datestring);
- 47 -
where datestring is the date and optionally time
when the borrowed license expires. Presumably
the ISV will provide a user interface
where the user specifies when the license
should be returned. This then would be used as
as 'datestring' above.
Any subsequent checkouts in this job will create
the local borrow info.
After using lmborrow or setting $LM_BORROW, all the desired
applications must be run and their licenses checked out at
least once on the same day that lmborrow is run or $LM_BORROW
is set, and while connected to the network where the license
server is running. If they are run more than once, that's
okay, only one license is borrowed. This effect lasts until
the end of the day, in client local time. So, once lmborrow is
used or $LM_BORROW set, all checkouts done on the same day, and
while connected, will borrow licenses. If a connected checkout
occurs any day following the setup, it will not borrow a
license.
Errors
______
Checkout fails if borrowing is requested under the following
conditions:
o LM_BORROW_TOOLONG:
Borrow period requested is longer than the
license allows
o LM_NOBORROWSUPP:
The license doesn't support borrowing, or
the application doesn't support borrowing.
Other changes for Borrowing
___________________________
A number of enhancements were made to make borrowing more
convenient and secure. Many of these changes were made
so that servers should rarely need to be shutdown, which
minimizes RISK 1 outlined above.
o The end-user options file is now reread with the
lmreread command.
o The lmswitch and DEBUGLOG end-user option allows
end-users to control the size of debug log files
and redirect them as necessary.
o The hostname on the SERVER line of the license is
- 48 -
reread with a lmreread command.
o If licenses are borrowed, lmdown will only work
from the same host where the license server is
running, and only if the user types
lmdown -force [...]
or selects force from the lmtools GUI.
Otherwise, an error is presented saying there
are outstanding borrowed licenses. The debuglog
also prints the names of users with borrowed
licenses.
o lmstat user feature output includes borrow information
where applicable.
o lmborrow -status will print information
about features borrowed to the client node, that is,
the node where lmborrow is being run. This is useful
for finding out which features have been borrowed
while disconnected from the network.
o The same information available from lmborrow -status
can be obtained with
LM_BORROW_STAT *s;
lc_get_attr(job, LM_A_BORROW_STAT, &s);
for (; s; s = s->next)
{
/* s contains local borrow status */
}
o lmborrow -clear will clear the borrow setting, so
no checkouts will attempt to borrow a license.
o 'lmgrd -local' only allows the lmdown command to be
run from the same node where the lmgrd command is
running.
End-user options support
________________________
BORROW_LOWWATER feature n
where "feature" is the feature name and "n" is the number of
licenses which cannot be borrowed. For example if
the feature line says:
FEATURE f1 ... 10 ... BORROW
and the options file has
BORROW_LOWWATER f1 3
then only 7 licenses can be borrowed.
- 49 -
INCLUDE_BORROW feature type name
See the INCLUDE syntax. If set, only users
or hosts listed can borrow "feature".
EXCLUDE_BORROW feature type name
See the EXCLUDE syntax. If set, only users
not excluded can borrow "feature".
Minimizing 'RISK 2'
___________________
This is the risk of someone counterfeiting a local borrow
file.
IMPORTANT NOTE: Borrowing security will only function fully if
you regenerate lm_new.o every time you relink your
application. This is illustrated in our sample makefiles.
RISK 2 is minimized:
o The borrow file encrypted string includes the
FEATURE line that was used to borrow against.
The license is checked out against this FEATURE line
as usual, with the only exception being the
count. Therefore, using CRO is an advantage with
borrowing, since CRO licenses are presumed to
be uncounterfeitable.
o The borrow encrypted string includes a hostid. On
Windows this hostid is the disk-serial number, since
ethernet hostid is often unavailable when Windows is
unconnected to a network. This hostid is validated.
o The borrow encrypted string contains the borrow
start- and end-time, and the difference between the
start and end time must be no longer than the license
allows for. Therefore the borrow files would have to
be recreated every few days. That is, even if
someone could counterfeit a borrow file, they would
have to do regularly for each feature.
o The cryptography used for borrowing is, by default,
contained in lm_new.o (lm_new.obj on windows). This
file should be generated anew for every version of
every program. If so, then counterfeiting borrow
files will be different for every version of every
program. A fresh lm_new.c is generated by the
lmnewgen program. (Note that lmnewgen is built
by the makefile during product installation, and is
not part of the kit. It's unique to your company.)
o By default, local borrow information is stored in
- 50 -
Unix: $HOME/.flexlmborrow Windows: MY
ComputerY_LOCAL_MACHINETWARE FLEXlm License ManagerBorrow
The data is encrypted and not intended to be read.
However, if you remove or alter the data, borrowing
will naturally fail.
lmborrow utility
________________
This will borrow the licenses, and tell you what features
you already have borrowed, then when they will expire.
lmborrow {vendor|all} date [time]
where date is the date the license is to be returned
in dd-mmm-yyyy format. The time is optional and is
24 hour clock in local time.
For example: lmborrow gsi 20-aug-2001 13:00
lmborrow -status
Prints a list of local borrow information so the
end-user can see what they've already borrowed.
Borrowing -- Dongle-based
_________________________
Borrowing can currently be implemented with dongles on Windows.
Both the server and client must be Windows.
To implement borrowing using dongles:
1) Issue a license node-locked to a dongle with the new
FLOAT_OK attribute, along with a dongle. One dongle and
one FEATURE line are required per license that will be
borrowable.
FEATURE f1 gsi 1.0 permanent uncounted FLOAT_OK HOSTID=FLEXID=7-b28520b9 SIGN=123456789012
2) The end-user attaches all of the dongles to the license server.
These licenses then float, with a count of 1 per
FLOAT_OK license.
3) To borrow, the end-user must have a copy of the FEATURE
line on their system in a location where the application
expects to find it. The dongle is then moved from the
server to the disconnected client node. The floating usage
- 51 -
is disabled, the license works on the node with the
dongle, even when disconnected from the network.
4) By default, it is possible to get one extra use from FLOAT_OK
licenses by running a node-locked license on the license server
since the license can also float while on the license server.
This can be disabled using a hostid modifier on the FLOAT_OK
attribute, explained below.
Example:
SERVER myhost 009027319bbb
VENDOR gsi
FEATURE f1 gsi 1.0 uncounted permanent FLOAT_OK HOSTID=FLEXID=7-b28520b9 SIGN=123456789012
FEATURE f1 gsi 1.0 uncounted permanent FLOAT_OK HOSTID=FLEXID=7-b2857678 SIGN=ABCDEF123456
To begin with, both dongles are on the server.
When attached to the license server, each FLOAT_OK license
becomes a single floating use. Therefore, up to 2 users can use
f1 on the customers network, except on the server node,
where, the license use is disallowed.
If Sue wants to work at home, she installs the license file on
her system (this only needs to be done once), and transfers the
dongle from the server to her PC. The server now allows the
remaining 1 license to float.
After returning the dongle to the server, Sue (or the sysadmin)
will need to run lmreread for the 2nd license to float again.
Note that this borrowing method is unrelated to Linger-based
borrowing. None of the following have any impact on
dongle-based borrowing:
LM_BORROW_OK
lmborrow utility
FLOAT_OK=serverhostid
_____________________
By default, it is possible to get one extra use from FLOAT_OK
licenses by running a node-locked license on the license server
node while the license is floating.
This can be disabled using a hostid modifier on the FLOAT_OK
attribute:
1) The serverhostid is the same hostid that appears on
the SERVER line.
2) The license server can only be run on the node
- 52 -
with lmhostid equal to the serverhostid specified
with FLOAT_OK.
3) The client can run on the server node, but
they can only use the license being served by the
license-server, not the node-locked license.
Otherwise an extra use for each FLOAT_OK license
could occur.
Example:
SERVER myhost 009027319bbb
VENDOR gsi
FEATURE f1 gsi 1.0 uncounted permanent FLOAT_OK=009027319bbb HOSTID=FLEXID=7-b28520b9 SIGN=123456789012
This places some extra burden on the user and the license issuer,
since the server's hostid (not the dongle flexid) must be
specified in the license.
HOSTID lists are not allowed with FLOAT_OK
__________________________________________
The hostid on the FLOAT_OK feature line must be only one hostid.
For multiple dongles, use individual FEATURE lines for each
dongle.
8-bit character support
_______________________
With this version, all "8-bit" characters are now supported.
These are the characters required for most latin-based
languages, including all accented vowels. FLEXlm now fully
supports characters from 40 (space) through 255 (y-umlaut in
ISO-latin encoding), along with the normal "spacing"
characters: tab (9), newline(10), and CR(13).
Note that an 8-bit editor with standard ISO-latin support is
required to view these characters correctly in this document.
Unix vi is often not correctly 8-bit, and MS-DOS command line
is not. Windows editors usually correctly support ISO-Latin
8-bit.
These 8-bit characters can now be used in all parts of FLEXlm
including, but not limited to:
o All components of the license file
o All components of the options file
o User names, hostnames
Unix heartbeat multi-thread support on popular platforms
________________________________________________________
- 53 -
On Unix, heartbeats are now performed via multi-threading
by default on most platforms. Previously, the default behavior
was to use SIGALRM, which was not recommended and was
susceptible to core dumps.
Applications on platforms that support pthreads must now link
in the pthreads library.
On all platforms except AIX, this is done by appending
-lpthread
to the link line. On AIX, it's
-lpthreads
If an application cannot use this library, then
link in lm_nomt.o before liblmgr.a, thereby disabling
multi-threaded heartbeats.
cc ... lm_nomt.o ... liblmgr.a ...
Alternatively the old SIGALRM can be used by setting
LM_A_MT_HEARTBEAT to 0:
lc_set_attr(job, LM_A_MT_HEARTBEAT, (LM_A_VAL_TYPE)0);
Although this is not recommended. Instead, it's better to
use manual heartbeats.
All platforms support multi-threaded heartbeats, EXCEPT:
alpha_r6
alpha_u3
hp700_u10 (Use hp700_u11 instead)
i86_b2
i86_g2
i86_l1
i86_x5
i86_u7
ppc_u4
rm400_u5
rs6000_u3
rs64_u4
sco_u3
CRO ISVs upgrading to v8.1
__________________________
CRO customers will use SIGN2= licenses with v8.1. When
- 54 -
generating licenses for v8.1, add SIGN2=0 before using
lmcrypt on the license. The older clients will use the
SIGN= for authenticating and newer clients will use
SIGN2=.
SIGN2= provides necessary additional CRO security.
Other enhancements
__________________
UNIX: lockfile now in /var/tmp.
________________________________
Historically, the flexlm lockfile is in /usr/tmp. We're
migrating to /var/tmp since /usr/tmp is no longer part of
the standard Unix file system. We still check for /usr/tmp
lockfiles, however, so that this system is still secure.
Locale independence.
____________________
FLEXlm is guaranteed work identically regardless of the
"current locale".
lmpath
______
This lmutil/lmtools utility allows direct control over
FLEXlm license paths. It has 2 modes: get and set. To get
the current paths, simply use lmpath with no arguments, e.g.,
% lmpath
lmpath - Copyright (C) 1989-2001 Globetrotter Software, Inc.
Known Vendors:
_____________
demo: ./floating.lic:./locked.lic
_____________
Other Vendors:
______________
/usr/local/flexlm/licenses/license.dat
Note that where the path is set to a directory, all the *.lic files
are separately listed.
- 55 -
To set the path, use:
% lmpath vendor path
where <vendor> is the vendor daemon name, or "all" for all vendors, and
<path> is a colon (semi-colon on Windows) separated list.
Note that this CANNOT set or override the environment.
It only sets the FLEXlm registry on Windows and $HOME/.flexlmrc
on Unix.
lmswitch
________
This lmutil and lmtools.exe command causes a vendor daemon to
write its debug log information to a specified file. The
syntax is:
[ lmutil ] lmswitch [-c license-path] vendor filename
where "vendor" is the vendor daemon name. The debug log information
is then only for that one vendor daemon, where the default is to
put all vendor daemons and lmgrd debug log info into the same file.
This, for the first, allows companies to control the size of
their debug log file, as well as keep separate log files for
different vendors (see DEBUGLOG below).
DEBUGLOG in options file
________________________
The syntax is:
DEBUGLOG file
where file is the filename/path of where the debug log should go.
Note that this only affects this particular vendor. The rest
of the debuglog information is unaffected.
See also "lmswitch" above.
Windows: faster response when the server is down
________________________________________________
Windows has a bug (which Microsoft has said the plan to fix
at some unspecified future date) that causes the connect()
function call to have a delay when the license server is down.
- 56 -
When using a "default port" (the port number is not on the
SERVER line, or using @host), the delay was 15 seconds.
This is now reduced to 1.5 seconds in version 8, by an internal
workaround which used multi-threading.
Options File
______________________
IP-Address can be used instead of hostnames:
Wherever a hostname can be used in the options file,
an ip-address can be used instead, in the format
#.#.#.#, eg., 123.456.123.456.
In particular, this is supported in a HOST_GROUP.
Options pool selection:
When there are multiple pools for a single feature
(this happens with certain INCREMENT lines, when, for example
they are for different versions), and you want to
refer to these in the options file, you have to "select" the
pool. Historically this was done like this:
feature:key=value
However, since colon is now a valid featurename character,
this syntax can be optionally specified:
"feature key=value"
The colon is replaced with a space and the whole thing
is put in quote marks.
lmnewgen
________
lmnewgen is an executable that is built during product install
by the makefile, and is based upon information in lm_code.h.
It is unique to your company, and contains all the private
security information unique to your company. It cannot be
used to counterfeit licenses, but nevertheless shouldn't be
released to untrusted sites.
lmnewgen creates the lm_new.o (lm_new.obj) file which must
be linked with your application and vendor daemon. (Note that
this was called lmrand2 in previous versions, but has been
significantly enhanced for borrowing).
IMPORTANT NOTE FOR BORROWING: If you are using borrowing,
your product will be more secure if you regenerate lm_new.o
- 57 -
every time you relink your application.
.flexlmrc and .flexlmborrow on Unix
___________________________________
The $HOME/.flexlmrc is where all FLEXlm environment variables can
be stored, in addition to the Unix environment. It behaves
like a registry location on Windows where FLEXlm variables
can also be stored. For example, <VENDOR>_LICENSE_FILE can
be stored there (where <VENDOR> is the name a company's vendor
name).
Similarly, borrowing information is stored by default in
$HOME/.flexlmborrow.
The location of these 2 files can be changed by setting
the $FLEXLM_BORROWFILE and $FLEXLM_RC environment variables.
Naturally, these should be set in the real environment, not in
$HOME/.flexlmrc.
These variables may be useful for developers when testing.
lmreread
________
lmreread now rereads:
o options file
o hostnames on the SERVER
o path to options file on the VENDOR line
Effect on USER_BASED and HOST_BASED:
Rereading the options file has a security impact on
USER_BASED and HOST_BASED. If it's too easy to change
the INCLUDE list for USER_BASED and HOST_BASED, then
these attributes stop having the desired effect.
Therefore, there is a *delay* in effecting changes
to INCLUDE lines that impact USER_BASED or HOST_BASED
features.
By default, the delay is 12 hours. This can be changed
with the ls_user_based_reread_delay setting in the
lsvendor.c file. It can only be changed there
and affects all USER_BASED/HOST_BASED features.
Windows Terminal Server support
_______________________________
- 58 -
FLEXlm now detects when a node-locked uncounted license
is running under Windows Terminal Server. If it's running on
a "remote" node, then the checkout will be denied with
LM_TSOK_ERR. If you want to allow users to run on Terminal
Server remote nodes, then the new TS_OK attribute must be
added to the license.
lmrand1 -seed
_____________
This is an optional program to generate the seeds necessary for
lm_code.h. That is, lm_code.h in v8.1 will require LM_SEED1-3
and these must be random numbers the ISV makes up. So, they
can use 'lmrand1 -seed' to make up these numbers if they want
to.
The output appears on the screen and in a file called lmseed.dat.
Here's a sample session:
> lmrand1 -seed
The machind/lm_code.h file requires LM_SEED1-3 be set to random
numbers. Once made up these numbers must *never* change. This program
will automatically generate these for you, or you can make them up in
some other fashion if you prefer.
The output appears on the screen, and in "lmseed.dat"
Press RETURN to generate the seeds... <CR>
Please wait...................................................
Once set, the values for LM_SEED1-3 must *never* change.
#define LM_SEED1 0x186f24f0
#define LM_SEED2 0x11cd5b60
#define LM_SEED3 0x9f6cc8c3
Note the <CR> is where the user presses Return/Enter.
LM_A_KEY_LEVEL renamed to LM_A_SIGN_LEVEL
_________________________________________
This attribute is only used when migration to CRO from
non-CRO. If you've used this attribute, you'll need to rename
it to LM_A_SIGN_LEVEL.
Features planned to be obsoleted in Version 9
_____________________________________________
o lmcksum will be removed from the license generator,
lmutil and lmtools
- 59 -
o UDP support will be discontinued.
Platform Specific Notes:
________________________
WINDOWS
_______
i86_n3 -- Microsoft Windows 32-bit
______
Currently, the GENLIC license generation utility is not
available in this release. To encrypt licenses, use lmcrypt
or makekey utilities.
FLEXlock changes have occurred in this release of FLEXlm.
Please see Programmers Guide documentation for additional
information.
Itanium
_______
it64_n -- Microsoft Windows XP for Itanium 64-bit
______
Built with:
__________
- Microsoft Platform SDK PreRelease 64-bit (2416.2)
- Microsoft C/C++ compiler version 13.00.9076.3 for IA-64
- Microsoft Incremental Linker version 7.00.9076.3
- Microsoft Program Maintenance Utility version 7.00.8827
- Microsoft Whistler Advanced Server for Itanium Build 5.1.2410
Build 2410
Hardware Requirements:
_____________________
- Itanium CPU B3 Stepping or greater
- BIOS Firmware revision 89 or greater
- RAM, 500 MB or greater
- Hard Disk, 25 MB space free or greater
In This Build:
_____________
- All command-line application tools are 64-bit native.
- All necessary libraries and header files are included to
build a FLEXlm enabled application.
- 60 -
- Support for CRO. See standard FLEXlm RELEASE_NOTES
in ./machind for further information about CRO support.
Known Issues:
____________
- LCM and FLEXlock support not available.
- Parallel Dongle (FLEXid) support not available.
- CPU Serial number support (Pentium III) not available on Itanium Chip.
- The following situation can occur while building a vendor
daemon in it64_n:
if exist lm_new.c del lm_new.c
lmrand2.exe demo.exe -o lm_new.c
Verify failed, 0xc6f8 != 0x30f8NMAKE : fatal error U1077:
'lmrand2.exe' : return
code '0xffffffff'
Stop.
The workaround for this error is to run the NMAKE again.
This error may occur many times before a successful
build. This problem will be resolved in the final release.
UNIX
____
alpha_r6 -- Alpha Redhat 6
________
uname -a: Linux chumley.globes.com 2.2.14-6.0 #1
Tue Mar 28 16:56:56 EST 2000 alpha unknow
cc: /usr/bin/cc
alpha_u3 -- Compaq Tru64 Dec Unix Alpha OSF1 OS3+
________
Compatible with OS3 and higher
Note that lmstrip should be avoided on this OS, due to
outstanding bugs. However, lmstrip doesn't provide
any additional security on this OS, so it shouldn't be needed.
uname -a: OSF1 zippy.globes.com V3.2 17 alpha
cc: /usr/ccs/bin/cc -std
hp700_u10 -- HPUX 10.x through 11.x 32-bit
________
- 61 -
uname -a: HP-UX oglobes B.10.20 A 9000/715 2005771344
cc: /bin/cc -Aa -D_HIUX_SOURCE -D_HPUX_SOURCE +DA1.0 +DS1.0
Hostid note: we no longer recommend using ethernet address
as a hostid. It may fail on some HPUX 11.x systems.
No MT-heartbeat support (use hp700_u11 if needed)
hp700_u11 -- HPUX 11.x 32-bit
________
uname -a: HP-UX hpc180 B.11.00 A 9000/780 2013810305 two-user
cc: /bin/cc -Aa -D_HIUX_SOURCE -D_HPUX_SOURCE +DA1.0 +DS1.0
Hostid note: we no longer recommend using ethernet address
as a hostid. It may fail on some HPUX 11.x systems.
hp64_u11 -- 64-bit HP PA-RISC
_____________________________
uname -a: HP-UX hpc180 B.11.00 A 9000/780 2013810305 two-user
cc: /bin/cc -D_HIUX_SOURCE -D_HPUX_SOURCE +DA2.0W +DS2.0W
i86_b2
______
uname -a: BSD/OS bsdi.globes.com 2.1 BSDI BSD/OS 2.1
Kernel #1: Mon Jun 10 15:58:19 MDT 1996
polk@demiurge.BSDI.COM:/usr/src/sys/compile/GENERIC
i386
cc: /usr/bin/cc
Multi-threaded heartbeats are not supported.
i86_f3
______
This is the freebsd platform. We no longer support i86_f2, which
is incompatible with i86_f3. i86_f3 however, is completely
compatible with i86_f4 (freebsd 4.x)
uname -a: FreeBSD homegrown.globes.com 3.4-RELEASE FreeBSD
3.4-RELEASE #0: Mon Dec 20 06:54:39 GMT 1999
jkh@time.cdrom.com:/usr/src/sys/compile/GENERIC i386
cc: /usr/bin/cc
Link: -pthread
i86_l1, i86_g2, i86_r6 Linux
______________________
i86_l1: Caldera linux, Redhat 4
i86_g2: Linux with GLibc, Redhat 5
i86_r6: Redhat 6
- 62 -
i86_g2 binaries will run fine on Redhat 6, but
when mixing objects and libraries between redhat 5 and 6,
when linked and run, will not behave correctly.
i86_l1 binaries will *appear* to run on Redhat 5, but
will fail with wierd errors.
Only i86_r6 supports multi-threaded heartbeats.
i86_u7 -- Unixware 7
______
uname -a: UnixWare unixware7 5 7 i386 x86at SCO UNIX_SVR5
cc: /usr/ccs/bin/cc
i86_n3 -- 32-bit windows 95, 98, NT, 2000, ME
______
cl: Microsoft Visual C++ v5 and higher
rs6000_u3 AIX 3.x through 4.x, Power PC and RS6000, 32-bit
_________
uname -a: AIX rs6000 1 3 000276513100
cc: /bin/cc -D_BSD -D_BSD_INCLUDES
link flags: -lbsd
Multi-threaded heartbeats not supported.
rs64_u4 64-bit AIX
_______
uname -a: AIX rs64 3 4 000687724C00
cc: /usr/ibmcxx/bin/cc -DRS64 -DRS6000 -D_BSD -D_BSD_INCLUDES -q64
link flags: -lbsd -q64 -lpthreads
You have to use "ar -X64" and "strip -X64" on this platform also.
Older 32-bit binaries run fine on this OS.
Multi-threaded heartbeats not supported.
sco_u3 -- SC0 3.2 and higher
______
NOTE: If CRO is used, you will get lots of warnings during
link. These are harmless and should be ignored.
uname -a: SCO_SV sco 3.2 2 i386
cc: /bin/cc
Multi-threaded heartbeats not supported.
- 63 -
sgi32_u6
________
uname -a: IRIX64 challenger 6.1 07121831 IP26 mips
cc: /bin/cc -n32 -mips3
link: /bin/cc -n32 -mips3 -lpthread
Note that o32 format is in liblmgr_o32.a in this directory.
sgi64_u6
________
uname -a: IRIX64 challenger 6.1 07121831 IP26 mips
cc: /bin/cc -n64 -mips3
link: /bin/cc -n64 -mips3 -lpthread
sun4_u5
_______
uname -a: SunOS wheel.globes.com 5.5 Generic_103093-27
sun4m sparc SUNW,SPARCstation-4
cc: /opt/SUNWspro/bin/cc
link: /bin/cc -lsocket -lnsl -lintl -lpthread
sun64_u5
_______
uname -a: SunOS ultra5 5.7 Generic_106541-02 sun4u sparc
SUNW,Ultra-5_10
cc: /bin/cc -xarch=v9
link: /bin/cc -lsocket -lnsl -lintl -xarch=v9 -xildoff
-lpthread
Older, 32-bit binaries run fine on this OS.
Bugs fixed in v8.1
___________________
Bug Severity Description
___________________________
P5881 3 node-locked counted should be sorted before versioning
P6009 4 lminstalls.exe still referred to lmgrd95.exe (windows)
P6175 3 Debug log missing BADCODE error messages
P6176 4 (Linux only) compile warnings from lmclient.h
P6189 3 CHECK_BADDATE set, but borrowing ignores baddate
P6200 2 v8 lmgrd not shutting down older vendor daemons
P6213 2 Heartbeats can fail
P6220 3 ls_use_all_feature lines set, INCREMENT lines fail
P6241 2 lc_auth_data + LM_CO_WAIT + port@host, failed
P6259 4 lminstall didn't prompt for input (windows only)
- 64 -
P6265 3 lmgrd -local and lmreread failed
Bugs fixed in v8.0
___________________
Bug Severity Description
___________________________
P4943 3 FLEXlm removes root path from license list (windows)
P5035 3 Lmgrd in loop spawning vendor daemons (windows)
P5206 4 Vdaemon in directory named same as vdaemon fails
(windows)
P5311 5 Debug log on Windows uses Unix terminology
P5312 3 Server doesn't detect ethercard hostid removed (windows)
P5413 5 Compile warnings on some compilers
P5424 4 lmcrypt reports -9 BADHOST error incorrectly
P5446 5 Typo in license finder window (windows)
P5447 4 Options file pool selection fails with KEY=
P5530 4 SUPERSEDE can generate incorrect error message in
debug log
P5546 3 Lmtools can't shutdown 3-server system (windows)
P5551 3 Failure if 2 licenses in path with same name
P5586 3 MAX_OVERDRAFT lost after a server reread
P5588 4 Link warnings (32-bit SGI)
P5608 4 Error message sometimes doesn't include feature name
P5611 4 Service fails if options file path has space (windows)
P5654 4 LM_CO_LOCALTEST sometimes generated errors in debuglog
P5659 4 Lmcrypt ignores syntax errors
P5671 3 Lmswitchr doesn't report errors
P5672 3 Lmstat -a incorrect, dup INCREMENT, line different case.
P5761 3 Lmdiag won't work with older vendor daemon (-83)
P5803 3 Lmdiag errors can show up in debuglog
P5814 4 lmcrypt adds a lowercase L to some hostids (windows)
P5821 4 Memory leak
P5899 3 MAC doesn't read unix format licenses
P5985 3 Lc_userlist not multi-thread safe
[$Id: RELEASE_NOTES,v 1.112 2002/01/23 15:52:06 daniel Exp $]
