geedge-jira/md/OMPUB-1041.md

# 基于HL Seats方式授权的OS过期时没有停止服务

| ID | Creation Date | Assignee | Status |
|----|----------------|----------|--------|
| OMPUB-1041 | 2023-10-22T16:39:49.000+0800 | 卢文朋 | 完成 |


---

P19 WMS现场采用的HL Seats授权OS的到期时间为2023/10/21 04：55。授权到期后，OS仍能正确从ACC获取认证并继续提供服务。

!image-2023-10-22-16-39-38-822.png!

ACC授权界面：

!image-2023-10-22-16-40-32-378.png!**luwenpeng** commented on *2023-10-22T17:02:56.180+0800*:

现场情况：HL硬锁插在宿主机上，宿主机中安装了KVM，KVM中安装了虚拟机，ACC Service部署在虚拟机中
h2. *ACC-LOG：*

*!https://docs.geedge.net/download/attachments/117312508/image-2023-10-22_1-52-25.png!*

ACC日志显示2023/10/21 17:59:48前更新了授权信息
h2. *OS-LOG：*

*!https://docs.geedge.net/download/attachments/117312508/image-2023-10-22_1-50-41.png!*

OS日志显示2023/10/21 18:22 hasp_monitor Encrypting failed
 * 暗示着hasp_monitor在2023/10/21 17:52是成功获取到授权信息的
 * hasp_monitor成功获取到授权后会Sleep 1800s
 * 2023/10/21 17:59:48 ACC更新了网络座席
 * 2023/10/21 18:22 hasp_monitor wake之后继续使用之前网络座席进行Encrypting， 由于网络座席更新，发生了Encryping failed
 * 2023/10/21 18:22 hasp_monitor重新获取新的网络座席

从hasp_monitor的执行流程看，2023/10/21 17:52之前网络座席还没有过期。
h2. *ACC显示的到期时间：*

*!https://docs.geedge.net/download/attachments/117312508/image-2023-10-22_1-43-16.png!*
*!https://docs.geedge.net/download/attachments/117312508/image-2023-10-22_1-43-49.png!*

ACC显示的到期时间是2023/10/21 04:55
h2. *ACC时钟：*

*!https://docs.geedge.net/download/attachments/117312508/image-2023-10-22_1-28-0.png!*
*!https://docs.geedge.net/download/attachments/117312508/image-2023-10-22_1-28-22.png!

于北京时间2023/10/22 00:45；巴基斯坦2023/10/21 21:45采集的截图

ACC 10.10.10.159 显示的时间是 2023/10/22 02:45:19 {color:#ff0000}*比当地时间快5小时*{color}

ACC 10.10.20.159 显示的时间是 2023/10/21 21:45:08 正常的
h2. *ACC虚拟机的时钟：*

*!https://docs.geedge.net/download/attachments/117312508/image-2023-10-22_1-34-31.png!*

于北京时间2023/10/22 00:32; 巴基斯坦2023/10/21 21:32采集的截图

虚拟机10.10.10.159 显示的时间是 2023/10/21 21:32:26 正常的

虚拟机10.10.20.159 显示的时间是 2023/10/21 21:32:29 正常的
h2. *ACC虚拟机所在宿主机的时钟：*

*!https://docs.geedge.net/download/attachments/117312508/image-2023-10-22_1-37-14.png!*

于北京时间2023/10/22 00:42; 巴基斯坦2023/10/21 21:42采集的截图

宿主机10.10.10.5显示的时间是2023/10/22 02:28:49 AM {color:#ff0000}*比当地时间快约4小时46分钟*{color}

宿主机10.10.20.169显示的时间是2023/10/21 09:24:52 PM {color:#ff0000}*比当地时间慢约18分钟*{color}
h2. *综上：*

（下面描述中的时间都是巴基斯坦当地时间）

*ACC Service的时钟信息*
 * ACC Service 显示2023/10/21 04:55授权过期，但是至少2023/10/21 17:52之前授权还有效
 ** 疑问：ACC Service更新授权前(2023/10/21 17:59:48)，ACC Service是否显示授权已过期？
 ** 疑问：ACC Service 显示的过期时间是如何计算的？

 * ACC Service 10.10.20.159 的时间正常

 * ACC Service 10.10.10.159 的时间{*}{color:#ff0000}比当地时间快5小时{color}{*} 
 ** 疑问：启动 ACC Service 后修改ACC虚拟机时钟了？

*ACC 虚拟机的时钟信息*
 * ACC虚拟机10.10.10.159的时间正常
 * ACC虚拟机10.10.20.159的时间正常

*ACC 虚拟机所在宿主机的时钟信息*
 * ACC虚拟机所在宿主机PCAP-PVE001: 10.10.10.5  *{color:#ff0000}比当地时间快4小时46分钟{color}*
 * {color:#172b4d}ACC虚拟机所在宿主机MSH-PVE001: 10.10.20.169 PM *比当地时间慢约18分钟*{color}

{color:#172b4d}*联系*{color}

ACC Service 10.10.10.159 的时间{*}{color:#ff0000}比当地时间快5小时{color}{*}，该 ACC Service 所在宿主机PCAP-PVE001 10.10.10.5 的时间{*}{color:#ff0000}比当地时间快4小时46分钟{color}{*}

[How Sentinel LDK Protects Time-based Licenses With V-Clock|https://docs.sentinel.thalesgroup.com/ldk/LDKdocs/SPNL/LDK_SLnP_Guide/Appendixes/HowProtects_TimeBased.htm?Highlight=vclock]
|V‑Clock does not provide the same level of control as the real-time clock in Sentinel HL Time keys and Sentinel HL NetTime keys. However, V‑Clock prevents the end user from setting the system time back to an earlier date and time, and thus tampering with time-based licenses. 
 
The expiration period or date for a time-based license is initially calculated according to the system clock of the end user's machine.|
 
文档中显示HL中的V-Clock只是确保系统时间不倒退，授权到期时间使用的是系统时间。



---

**luwenpeng** commented on *2023-10-23T14:31:59.685+0800*:

更新授权后10.10.10.159的授权信息
{code:java}
[root@pcap-kvm-nz001 ~]# ./hasp_rus s local
getinfo test         : 
 info as followed: 
<?xml version="1.0" encoding="UTF-8" ?>
<hasp_info>
  <hasp>
    <id>1468561840</id>
    <type>HASP-HL</type>
    <configuration>
      <sentinelhl />
      <driverless />
    </configuration>
    <clone_protected></clone_protected>
    <disabled>false</disabled>
    <version>4.60</version>
    <hw_version>7.2</hw_version>
    <updatecounter>29</updatecounter>
    <production_date>1663113600</production_date>
    <detachable>false</detachable>
    <attached>false</attached>
    <recipient>false</recipient>
    <rehost>
      <rehost_enduser_managed>false</rehost_enduser_managed>
    </rehost>
    <key_model>Max</key_model>
    <key_type>Max</key_type>
    <form_factor>Mini</form_factor>
    <response_time>1</response_time>
    <hw_platform>Sentinel</hw_platform>
    <driverless>true</driverless>
    <hasp_enabled>false</hasp_enabled>
    <fingerprint_change></fingerprint_change>
    <vclock_enabled>true</vclock_enabled>
    <product>
      <id>9</id>
      <name>TSG-OS</name>
      <feature id="100">
        <license>
          <license_type>expiration</license_type>
          <exp_date>1698796500</exp_date>
        </license>
      </feature>
    </product>
  </hasp>
  <hasp>
    <id>534101534133789070</id>
    <type>HASP-SL</type>
    <configuration>
      <haspsl-usermode />
    </configuration>
    <clone_protected>true</clone_protected>
    <disabled>false</disabled>
    <version>8.23</version>
    <hw_version></hw_version>
    <updatecounter>0</updatecounter>
    <production_date>1688827990</production_date>
    <detachable>false</detachable>
    <attached>false</attached>
    <recipient>false</recipient>
    <rehost>
      <rehost_enduser_managed>false</rehost_enduser_managed>
    </rehost>
    <key_model>Certificate</key_model>
    <key_type>SL-UserMode</key_type>
    <form_factor></form_factor>
    <response_time>0</response_time>
    <hw_platform></hw_platform>
    <driverless>false</driverless>
    <hasp_enabled>false</hasp_enabled>
    <fingerprint_change>accepted</fingerprint_change>
    <vclock_enabled>true</vclock_enabled>
    <product>
      <id>11</id>
      <name>Network Zodiac (Rehost Enabled)</name>
      <feature id="20001">
        <license>
          <license_type>expiration</license_type>
          <exp_date>1704067199</exp_date>
        </license>
      </feature>
    </product>
  </hasp>
</hasp_info>
 
[root@pcap-kvm-nz001 ~]# {code}
更新授权后10.10.20.159的授权信息
{code:java}
[root@msh-kvm-nz001 ~]# ./hasp_rus s local
getinfo test         : 
 info as followed: 
<?xml version="1.0" encoding="UTF-8" ?>
<hasp_info>
  <hasp>
    <id>1897549354</id>
    <type>HASP-HL</type>
    <configuration>
      <sentinelhl />
      <driverless />
    </configuration>
    <clone_protected></clone_protected>
    <disabled>false</disabled>
    <version>4.60</version>
    <hw_version>7.2</hw_version>
    <updatecounter>29</updatecounter>
    <production_date>1663113600</production_date>
    <detachable>false</detachable>
    <attached>false</attached>
    <recipient>false</recipient>
    <rehost>
      <rehost_enduser_managed>false</rehost_enduser_managed>
    </rehost>
    <key_model>Max</key_model>
    <key_type>Max</key_type>
    <form_factor>Mini</form_factor>
    <response_time>0</response_time>
    <hw_platform>Sentinel</hw_platform>
    <driverless>true</driverless>
    <hasp_enabled>false</hasp_enabled>
    <fingerprint_change></fingerprint_change>
    <vclock_enabled>true</vclock_enabled>
    <product>
      <id>9</id>
      <name>TSG-OS</name>
      <feature id="100">
        <license>
          <license_type>expiration</license_type>
          <exp_date>1698796500</exp_date>
        </license>
      </feature>
    </product>
  </hasp>
  <hasp>
    <id>813914921556795374</id>
    <type>HASP-SL</type>
    <configuration>
      <haspsl-usermode />
    </configuration>
    <clone_protected>true</clone_protected>
    <disabled>false</disabled>
    <version>8.23</version>
    <hw_version></hw_version>
    <updatecounter>0</updatecounter>
    <production_date>1688809981</production_date>
    <detachable>false</detachable>
    <attached>false</attached>
    <recipient>false</recipient>
    <rehost>
      <rehost_enduser_managed>false</rehost_enduser_managed>
    </rehost>
    <key_model>Certificate</key_model>
    <key_type>SL-UserMode</key_type>
    <form_factor></form_factor>
    <response_time>0</response_time>
    <hw_platform></hw_platform>
    <driverless>false</driverless>
    <hasp_enabled>false</hasp_enabled>
    <fingerprint_change>accepted</fingerprint_change>
    <vclock_enabled>true</vclock_enabled>
    <product>
      <id>11</id>
      <name>Network Zodiac (Rehost Enabled)</name>
      <feature id="20001">
        <license>
          <license_type>expiration</license_type>
          <exp_date>1704067199</exp_date>
        </license>
      </feature>
    </product>
  </hasp>
</hasp_info>
 
[root@msh-kvm-nz001 ~]# {code}
 



---

**luwenpeng** commented on *2023-10-23T14:32:20.177+0800*:

10.10.10.159的错误日志显示{color:#FF0000}“Unexpected time move to the past by 17993 seconds”{color}
{code:java}
[root@pcap-kvm-nz001 ~]#  cat /var/hasplm/error.log
2023-07-10 22:27:38 [1069] Unrecognized configuration command '({statuscode}) {newline}' in file '/etc/hasplm/hasplm.ini'
2023-07-10 17:27:53 [1069] Unexpected time move to the past by 17993 seconds
2023-07-25 14:36:08 [1069] Failed to logout not existing session 104649063
2023-07-25 14:38:35 [1069] Failed to logout not existing session 97365897
2023-07-25 14:40:33 [1069] Failed to logout not existing session 170182860
2023-07-25 14:48:23 [1069] Failed to logout not existing session 60936620
2023-07-25 14:48:27 [1069] Failed to logout not existing session 146651492
2023-07-25 14:48:54 [1069] Failed to logout not existing session 170107269
2023-07-25 14:48:55 [1069] Failed to logout not existing session 46064631
2023-07-25 14:48:56 [1069] Failed to logout not existing session 230881559
2023-07-25 14:48:57 [1069] Failed to logout not existing session 215222965
2023-07-25 14:49:01 [1069] Failed to logout not existing session 256339667
2023-07-25 14:49:04 [1069] Failed to logout not existing session 159716494
2023-07-25 14:49:05 [1069] Failed to logout not existing session 215750551
2023-07-25 14:51:37 [1069] Failed to logout not existing session 122639995
2023-07-25 14:51:37 [1069] Failed to logout not existing session 251624379
2023-07-25 14:52:19 [1069] Failed to logout not existing session 240463490
2023-07-25 14:58:34 [1069] Failed to logout not existing session 3874594
2023-07-25 14:58:58 [1069] Failed to logout not existing session 23068935
2023-07-25 15:03:56 [1069] Failed to logout not existing session 147103624
2023-08-16 15:59:49 [1069] Failed to logout not existing session 9413842
2023-08-16 16:21:05 [1069] Failed to logout not existing session 123816039
2023-08-16 16:21:14 [1069] Failed to logout not existing session 175484872
2023-08-16 16:21:15 [1069] Failed to logout not existing session 144181234
2023-08-16 16:21:18 [1069] Failed to logout not existing session 82158414
2023-08-16 16:21:21 [1069] Failed to logout not existing session 125417785
2023-08-16 16:21:21 [1069] Failed to logout not existing session 153795180
2023-09-21 16:00:21 [1069] Failed to logout not existing session 170550098
2023-09-21 16:02:28 [1069] Failed to logout not existing session 149914386
2023-09-21 16:02:28 [1069] Failed to logout not existing session 123072468
2023-09-21 16:02:28 [1069] Failed to logout not existing session 152813400
2023-09-21 16:06:06 [1069] Failed to logout not existing session 236621699
2023-09-21 16:06:52 [1069] Failed to logout not existing session 36329370
2023-09-21 16:07:00 [1069] Failed to logout not existing session 134586752
2023-09-21 16:07:00 [1069] Failed to logout not existing session 245208374
2023-09-21 16:07:00 [1069] Failed to logout not existing session 252208405
2023-09-21 16:07:02 [1069] Failed to logout not existing session 40608153
2023-09-21 16:07:02 [1069] Failed to logout not existing session 210514153
2023-09-21 16:13:50 [1069] Failed to logout not existing session 73804376
2023-09-21 16:13:58 [1069] Failed to logout not existing session 191294591
2023-09-21 16:14:05 [1069] Failed to logout not existing session 171892951
2023-09-21 16:21:37 [1069] Failed to logout not existing session 263395403
2023-09-21 16:21:50 [1069] Failed to logout not existing session 43447029
2023-09-21 16:21:53 [1069] Failed to logout not existing session 242579109
2023-09-21 16:21:53 [1069] Failed to logout not existing session 167630486
2023-10-10 17:52:09 [1069] Failed to logout not existing session 72907780
2023-10-10 17:52:11 [1069] Failed to logout not existing session 91877893
2023-10-10 17:55:29 [1069] Failed to logout not existing session 14426740
2023-10-10 17:59:40 [1069] Failed to logout not existing session 261872345
2023-10-10 18:00:40 [1069] Failed to logout not existing session 91166461
2023-10-21 18:02:34 [1069] Failed to logout not existing session 215870962
2023-10-21 18:02:37 [1069] Failed to logout not existing session 267647807
2023-10-21 18:02:57 [1069] Failed to logout not existing session 208318992
2023-10-21 18:02:57 [1069] Failed to logout not existing session 188685595
2023-10-21 18:02:57 [1069] Failed to logout not existing session 134996703
2023-10-21 18:02:57 [1069] Failed to logout not existing session 265950763
2023-10-21 18:02:57 [1069] Failed to logout not existing session 127810735
2023-10-21 18:06:43 [1069] Failed to logout not existing session 159947985
2023-10-21 18:06:51 [1069] Failed to logout not existing session 229517899
2023-10-21 18:06:56 [1069] Failed to logout not existing session 247692719
2023-10-21 18:07:48 [1069] Failed to logout not existing session 118313814
2023-10-21 18:14:10 [1069] Failed to logout not existing session 29193593
2023-10-21 18:14:16 [1069] Failed to logout not existing session 76860867
2023-10-21 18:14:22 [1069] Failed to logout not existing session 207354560
2023-10-21 18:22:06 [1069] Failed to logout not existing session 129045899
2023-10-21 18:22:20 [1069] Failed to logout not existing session 183848723
2023-10-21 18:22:21 [1069] Failed to logout not existing session 202211014
2023-10-21 18:22:21 [1069] Failed to logout not existing session 59924530
2023-10-21 18:32:21 [1069] Failed to logout not existing session 106994471
2023-10-21 18:32:30 [1069] Failed to logout not existing session 266102557
2023-10-21 19:00:31 [1069] Failed ACC authentication attempt from 10.10.50.61
[root@pcap-kvm-nz001 ~]#  {code}
10.10.20.159的错误日志显示{color:#FF0000}“Unexpected time move to the past by 2591965 seconds“{color}
{code:java}
[root@msh-kvm-nz001 ~]# cat /var/hasplm/error.log
2023-07-09 12:00:37 [16787] Unrecognized configuration command '({statuscode}) {newline}' in file '/etc/hasplm/hasplm.ini'
2023-07-10 11:36:29 [1068] Unrecognized configuration command '({statuscode}) {newline}' in file '/etc/hasplm/hasplm.ini'
2023-06-10 11:44:36 [1068] Unexpected time move to the past by 2591965 seconds
2023-06-10 12:07:03 [3296] Unrecognized configuration command '({statuscode}) {newline}' in file '/etc/hasplm/hasplm.ini'
2023-06-10 12:07:14 [3376] Unrecognized configuration command '({statuscode}) {newline}' in file '/etc/hasplm/hasplm.ini'
2023-07-10 12:19:31 [1066] Unrecognized configuration command '({statuscode}) {newline}' in file '/etc/hasplm/hasplm.ini'
2023-06-10 12:20:14 [1066] Unexpected time move to the past by 2591965 seconds
2023-07-10 12:30:03 [1077] Unrecognized configuration command '({statuscode}) {newline}' in file '/etc/hasplm/hasplm.ini'
2023-07-12 18:26:23 [1077] Authorization failed for unknown session 'd58459c6af41ea92c6e5b9d58e430985'(previous message repeated 91 times)
2023-07-18 10:24:27 [1077] Failed to logout not existing session 17984098
2023-07-18 11:09:54 [1077] Failed to logout not existing session 242382455
2023-07-18 13:02:02 [1077] Failed to logout not existing session 159377111
2023-07-18 13:32:04 [1077] Failed to logout not existing session 108095744
2023-07-18 14:35:38 [1077] Failed to logout not existing session 215240589
2023-07-18 15:17:51 [1077] Failed to logout not existing session 165500527
2023-07-18 16:18:11 [1077] Failed to logout not existing session 101709924
2023-07-18 16:48:12 [1077] Failed to logout not existing session 46445734
2023-07-18 17:18:56 [1077] Failed to logout not existing session 177377743
2023-07-18 17:48:58 [1077] Failed to logout not existing session 47503139
2023-07-25 14:36:41 [1077] Failed to logout not existing session 147600726
2023-07-25 14:41:27 [1077] Failed to logout not existing session 86405912
2023-07-25 14:43:30 [1077] Failed to logout not existing session 188989340
2023-07-25 14:46:15 [1077] Failed to logout not existing session 85189072
2023-07-25 14:46:24 [1077] Failed to logout not existing session 191872388
2023-07-25 14:46:38 [1077] Failed to logout not existing session 6995764
2023-07-25 14:48:37 [1077] Failed to logout not existing session 211352138
2023-07-25 14:52:43 [1077] Failed to logout not existing session 126610938
2023-07-25 14:54:16 [1077] Failed to logout not existing session 136614155
2023-07-25 14:54:16 [1077] Failed to logout not existing session 14136481
2023-07-25 14:57:53 [1077] Failed to logout not existing session 101652931
2023-07-25 14:57:58 [1077] Failed to logout not existing session 176381377
2023-07-25 14:58:09 [1077] Failed to logout not existing session 77974538
2023-07-25 15:03:44 [1077] Failed to logout not existing session 3205907
2023-07-25 15:03:44 [1077] Failed to logout not existing session 163898373
2023-07-25 15:03:44 [1077] Failed to logout not existing session 266588020
2023-07-25 15:03:45 [1077] Failed to logout not existing session 111507703
2023-07-25 15:04:59 [1077] Failed to logout not existing session 775132
2023-08-16 16:13:26 [1077] Failed to logout not existing session 219026001
2023-08-16 16:13:36 [1077] Failed to logout not existing session 197789042
2023-08-16 16:13:43 [1077] Failed to logout not existing session 235628080
2023-09-21 15:51:06 [1077] Failed to logout not existing session 218752495
2023-09-21 15:51:18 [1077] Failed to logout not existing session 174909371
2023-09-21 15:51:20 [1077] Failed to logout not existing session 145800791
2023-09-21 15:51:27 [1077] Failed to logout not existing session 52931749
2023-09-21 15:51:41 [1077] Failed to logout not existing session 203442571
2023-09-21 15:51:41 [1077] Failed to logout not existing session 42284294
2023-09-21 15:55:09 [1077] Failed to logout not existing session 158861790
2023-09-21 15:59:23 [1077] Failed to logout not existing session 127089501
2023-09-21 16:02:01 [1077] Failed to logout not existing session 211173538
2023-09-21 16:02:11 [1077] Failed to logout not existing session 250019030
2023-09-21 16:02:15 [1077] Failed to logout not existing session 32721663
2023-09-21 16:02:18 [1077] Failed to logout not existing session 241932556
2023-09-21 16:02:29 [1077] Failed to logout not existing session 141907594
2023-09-21 16:02:29 [1077] Failed to logout not existing session 141249032
2023-09-21 16:06:21 [1077] Failed to logout not existing session 1878453
2023-09-21 16:06:26 [1077] Failed to logout not existing session 143203327
2023-09-21 16:06:31 [1077] Failed to logout not existing session 208587720
2023-09-21 16:13:19 [1077] Failed to logout not existing session 53491167
2023-10-10 18:02:48 [1077] Failed to logout not existing session 50642496
2023-10-10 18:02:48 [1077] Failed to logout not existing session 254305863
2023-10-10 18:02:48 [1077] Failed to logout not existing session 228338295
2023-10-10 18:02:48 [1077] Failed to logout not existing session 254877968
2023-10-10 18:02:48 [1077] Failed to logout not existing session 267350814
2023-10-21 17:59:48 [1077] Failed to logout not existing session 53139327
2023-10-21 18:00:48 [1077] Failed to logout not existing session 144821944
2023-10-21 18:07:20 [1077] Failed to logout not existing session 170056255
2023-10-21 18:07:29 [1077] Failed to logout not existing session 1004799
2023-10-21 18:07:29 [1077] Failed to logout not existing session 241794193
2023-10-21 18:07:29 [1077] Failed to logout not existing session 29880603
2023-10-21 18:07:29 [1077] Failed to logout not existing session 232483800
2023-10-21 18:07:29 [1077] Failed to logout not existing session 167582215
2023-10-21 18:14:22 [1077] Failed to logout not existing session 173226639
2023-10-21 18:21:27 [1077] Failed to logout not existing session 52797931
2023-10-21 18:21:37 [1077] Failed to logout not existing session 116201127
2023-10-21 18:21:40 [1077] Failed to logout not existing session 254472269
2023-10-21 18:21:45 [1077] Failed to logout not existing session 153354551
2023-10-21 18:22:04 [1077] Failed to logout not existing session 30706447
2023-10-21 18:22:04 [1077] Failed to logout not existing session 42129790
2023-10-21 18:25:40 [1077] Failed to logout not existing session 143046705
[root@msh-kvm-nz001 ~]#  {code}



---

**luwenpeng** commented on *2023-10-23T14:40:23.993+0800*:

10.10.10.159 ACC的配置
{code:java}
[root@pcap-kvm-nz001 ~]# cat /etc/hasplm/hasplm.ini
;*************************************************************************
;*
;* Sentinel License Manager configuration file
;*
;*************************************************************************
[SERVER]
adminusername = admin
adminpassword = WYdBWQdWRJOr278f4lNPsA==:fA10BqULFHclRiz6qnryXw==:100000
certificate =
privatekey =
identity_storage_encrypt = no
pagerefresh = 3
linesperpage = 12
accremote = 1
adminremote = 1
enablehaspc2v = 0
old_files_delete_days = 90
enabledetach = 0
enableautodetach = 0
autodetachhours = 2
reservedseats = 0
reservedpercent = 0
detachmaxdays = 14
commuter_delete_days = 7
disable_um = 0
idle_session_timeout_mins = 720
requestlog = 0
loglocal = 0
logremote = 0
logadmin = 0
errorlog = 1
rotatelogs = 0
access_log_maxsize = 0
error_log_maxsize = 0
zip_logs_days = 0
delete_logs_days = 0
pidfile = 0
passacc = 0
accessfromremote = anyone
accesstoremote = 1
bind_local_only = 0
id_public_addr =
proxy = 0
proxy_host =
proxy_port = 8080
proxy_username =
proxy_password =
[REMOTE]
broadcastsearch = 1
serversearchinterval = 30
[ACCESS]
[USERS]
[VENDORS]
[EMS]
[TRUST]
[LOGPARAMETERS]
text = {timestamp} {clientaddr}:{clientport} {clientid} {method} {url} {function}({functionparams}) result
({statuscode}) {newline}
[root@pcap-kvm-nz001 ~]# 
 {code}
10.10.20.159 ACC的配置
{code:java}
[root@msh-kvm-nz001 ~]# cat /etc/hasplm/hasplm.ini
;*************************************************************************
;;*
;;* Sentinel License Manager configuration file
;;*
;;*************************************************************************
[SERVER]
adminusername = admin
adminpassword = WYdBWQdWRJOr278f4lNPsA==:fA10BqULFHclRiz6qnryXw==:100000
certificate =
privatekey =
identity_storage_encrypt = no
pagerefresh = 3
linesperpage = 12
accremote = 1
adminremote = 1
enablehaspc2v = 0
old_files_delete_days = 90
enabledetach = 0
enableautodetach = 0
autodetachhours = 2
reservedseats = 0
reservedpercent = 0
detachmaxdays = 14
commuter_delete_days = 7
disable_um = 0
idle_session_timeout_mins = 720
requestlog = 0
loglocal = 0
logremote = 0
logadmin = 0
errorlog = 1
rotatelogs = 0
access_log_maxsize = 0
error_log_maxsize = 0
zip_logs_days = 0
delete_logs_days = 0
pidfile = 0
passacc = 0
accessfromremote = anyone
accesstoremote = 1
bind_local_only = 0
id_public_addr =
proxy = 0
proxy_host =
proxy_port = 8080
proxy_username =
proxy_password =
[REMOTE]
broadcastsearch = 1
serversearchinterval = 30
[ACCESS]
[USERS]
[VENDORS]
[EMS]
[TRUST]
[LOGPARAMETERS]
text = {timestamp} {clientaddr}:{clientport} {clientid} {method} {url} {function}({functionparams}) result
({statuscode}) {newline}
[root@msh-kvm-nz001 ~]# 
 {code}



---

**luwenpeng** commented on *2023-10-24T17:29:53.316+0800*:

*工作原理*

TSG-OS用于检测授权的hasp_monitor的工作原理如下
 # 调用LDK的API执行login获取授权信息
 # 调用LDK的API执行{{{}encrypt和{}}}{{{}decrypt操作，如果返回异常则执行logout然后执行第1步{}}}
 # {{执行sleep 30分钟}}
 # {{循环执行第2步和第3步}}

*直接原因*

现场部署环境的配置与研发测试环境的配置不同导致。
 * 研发测试环境的[idle_session_timeout_mins为10分钟|https://docs.geedge.net/pages/viewpage.action?pageId=104765516]， ACC版本为aksusbd-8.31-1.x86_64.rpm
 * 现场部署环境的idle_session_timeout_mins为720分钟，ACC版本为aksusbd-9.13-1.x86_64.rpm

当idle_session_timeout_mins为10分钟时
 * 当hasp_monitor执行sleep 30分钟时就会触发ACC的idle timeout造成hasp_monitor的session被淘汰。
 * hasp_monitor再次执行{{{}encrypt/{}}}{{{}decrypt{}}}操作时会返回异常，然后重新login获取新的授权信息。

当idle_session_timeout_mins为720分钟时
 * 当hasp_monitor执行sleep 30分钟时不就会触发ACC的session timeout
 * 即使授权过期了hasp_monitor获取的session仍然有效，仍然可以正常执行{{{}encrypt/{}}}{{{}decrypt操作{}}}

*根本原因*

对于授权过期后仍然可以正常执行{{{}encrypt/{}}}{{{}decrypt操作这种现象，厂商给出的建议如下：{}}}
 * 建议一：定期执行login/logout重新获取新的授权信息(当idle_session_timeout_mins为10时执行的流程)
 * 建议二：更新login的API使用hasp_login_scope指定die_at_expiration=1参数，当授权过期后执行{{{}encrypt和{}}}{{{}decrypt操作时返回异常{}}}

 

{*}临时解决方案：{*}使用厂商的建议一
 * 将现场ACC的idle_session_timeout_mins从720分钟调整到10分钟
 * 重启ACC或者disconnect现有的session以使配置生效

{*}最终解决方案：{*}使用厂商的建议一和建议二
 * 将现场ACC的idle_session_timeout_mins从720分钟调整到30分钟
 * 更新hasp_monitor使用支持die_at_expiration=1参数的API
 * 将hasp_monitor的探测间隔设置从30分钟调整为15分钟，当共享内存中的授权信息超过为15*2分钟未更新Firewall就退出

 

*更新时钟*

对于系统时钟不对的问题，建议按照以下流程执行更新：
 # 更新宿主机的时钟
 # 更新虚拟机的时钟
 # 重启ACC: systemctl restart hasplmd
 # 更新V2C授权

Under certain circumstances, you may want to re-enable a blocked application by changing the V‑Clock time. This can be accomplished by receiving a C2V file for the protection key from the customer and then returning a V2C file that provides an update to the V‑Clock time.

*NOTE*    Before applying a V2C file to reset the V-Clock using the system clock, the user should ensure that the system clock is set to the current date and time.


厂商文档显示：在系统时间设置正确的前提下，只有在再次更新V2C授权时才会更新硬锁的V-Clock

 

*更新授权注意事项*

建议更新授权{color:#FF0000}前/后{color}分别采集以下信息
 # ACC->Features->Restrictions的值是否显示Expire
 # ACC->Sessions页面中各Session信息
 # hasp_monitor的日志

特别注意：更新授权后查看ACC->Sessions页面中各Session的Login Time确保所有OS的hasp_monitor重新login成功(通过需要30分钟) 



---

**luwenpeng** commented on *2023-10-25T15:09:33.677+0800*:

推荐的ACC配置文件[^hasplm.ini]
 # 关闭ACC的broadcastsearch，ACC上只显示当前设备上硬锁的信息，不显示局域网内其他硬锁的信息
 # 调整日志的格式
 # *将idle_session_timeout_mins从720分钟调整为10分钟*
 # 调整日志配置项目
 ** 将日志文件保存时间从90天改为30天
 ** 开启requestlog/loglocal/logremote记录OS获取授权的状态
 ** 开启rotatelogs/zip_logs_days，并将access_log_maxsize/error_log_maxsize调整到64000bytes
 ** 开启访问日志后，评估产生的日志量
 *** 授权有效时：OS至多每15分钟/30分钟访问一次
 *** 授权过期时：OS每秒请求一次授权信息，每条授权信息在日志中占有173字节，假设授权到期后30天内都没有授权，则36台OS请求产生的日志量为16G
{panel:title=在不考虑日志压缩的情况下，需要部署 ACC 的机器有 16G 的磁盘空间可以记录日志}
173 * 36 * 3600 * 24 * 30 / 1000 / 1000 / 1000 = 16G 
{panel}

!image-2023-10-25-14-48-28-797.png!



---

**gitlab** commented on *2023-10-28T21:29:21.349+0800*:

[卢文朋|https://git.mesalab.cn/luwenpeng] mentioned this issue in [a commit|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/commit/1e7f7a967c608f8531e424afa972a4a439b79478] of [TSG / tsg-os-buildimage|https://git.mesalab.cn/tsg/tsg-os-buildimage] on branch [update-hasp-tools|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/tree/update-hasp-tools]:{quote}bugfix: OMPUB-1041 基于HL Seats方式授权的OS过期时没有停止服务{quote}



---

**gitlab** commented on *2023-10-28T21:32:01.294+0800*:

[卢文朋|https://git.mesalab.cn/luwenpeng] mentioned this issue in [a merge request|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/merge_requests/1871] of [TSG / tsg-os-buildimage|https://git.mesalab.cn/tsg/tsg-os-buildimage] on branch [update-hasp-tools|https://git.mesalab.cn/tsg/tsg-os-buildimage/-/tree/update-hasp-tools]:{quote}bugfix: OMPUB-1041 基于HL Seats方式授权的OS过期时没有停止服务{quote}



---

**luwenpeng** commented on *2023-10-30T18:44:38.123+0800*:

更新到现场的配置文件[^P19-hasplm.ini]



---



# Attachments

Attachment: hasplm.ini

[hasplm.ini](https://gfwleak.exec.li/admin/geedge-jira/raw/branch/master/attachment/46332/hasplm.ini)



Attachment: image-2023-10-22-16-39-38-822.png

![image-2023-10-22-16-39-38-822.png](https://gfwleak.exec.li/admin/geedge-jira/raw/branch/master/attachment/46246/image-2023-10-22-16-39-38-822.png)



Attachment: image-2023-10-22-16-40-32-378.png

![image-2023-10-22-16-40-32-378.png](https://gfwleak.exec.li/admin/geedge-jira/raw/branch/master/attachment/46247/image-2023-10-22-16-40-32-378.png)



Attachment: image-2023-10-25-14-48-28-797.png

![image-2023-10-25-14-48-28-797.png](https://gfwleak.exec.li/admin/geedge-jira/raw/branch/master/attachment/46331/image-2023-10-25-14-48-28-797.png)



Attachment: P19-hasplm.ini

[P19-hasplm.ini](https://gfwleak.exec.li/admin/geedge-jira/raw/branch/master/attachment/46547/P19-hasplm.ini)