mdsip: Allow customization of timeouts when establishing connection

[merlea]

Affiliation SPC/EPFL

Description The do_login method called when establishing an mdsip connection has a fixed 10s timeout (see ConnectToMds.c) It would be useful to be able to change this value at runtime.

Example

  long timeout = 10000;
  const char *sto = getenv("MDSIP_LOGIN_TIMEOUT");
  if (sto)
    timeout = strtol(sto, NULL, 0);
  Message *mrecv = GetMdsMsgTOC(c, &status, (int) timeout);

Additional context An example use case of this is when the MDSplus server is behind a gateway using 2FA authentication. The 10s timeout is impossible to beat. We would prefer not to use port forwarding due to the lack of security on a shared machine (i.e. the port is open and accessible to all users).

[zack-vii]

this would be possible but towards your issue it seems to be possible to forward port to a file instead (under linux-like os').

[source chatGPT]
Yes, it is possible to restrict a locally forwarded port to the current user on a Unix-like operating system (such as Linux or macOS) by utilizing the file system's permissions and network configuration. This can help prevent other users on the same machine from accessing a tunnel port set up by another user.

Here's a step-by-step guide on how to achieve this:

    Choose a Port: Decide on a port number that will be used for your local port forwarding. Let's assume you want to forward port 8080.

    Create a Specific Directory: Create a directory to store configuration files and sockets related to your port forwarding. For example:

    bash

mkdir ~/.local_forwarding

Set Permissions: Ensure that only your user has access to this directory. You can do this by changing the directory's permissions:

bash

chmod 700 ~/.local_forwarding

Forward the Port: When forwarding the port, specify a Unix socket in your specific directory:

bash

ssh -L ~/.local_forwarding/forwarded_socket:/localhost:8080 user@remote_host

This command forwards port 8080 on the remote host to the Unix socket ~/.local_forwarding/forwarded_socket on your local machine.

Restrict Access: To prevent other users from accessing the Unix socket, you should make sure that your user is the only one with read and write permissions to the socket file:

bash

    chmod 600 ~/.local_forwarding/forwarded_socket

    Inform the Application: If you are using an application that connects to the forwarded port (e.g., a web browser), configure it to use the Unix socket path instead of the traditional host and port. For example, in a web browser, you might enter unix:~/.local_forwarding/forwarded_socket as the proxy server.

By using Unix sockets and setting strict file permissions, you can restrict access to the locally forwarded port to your user only. Other users on the same machine should not have access to this socket, thereby preventing them from accessing the tunnel port set up by another user.

It should be possible to use the tunnel protocol to gain access to that port. we could provide a default tunnel for this kind of forwarding.