EPICS Home EPICS Controls Argonne National Laboratory

Experimental Physics and
Industrial Control System

Format page
for printing


Search Tech-talk
2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  <20152016  2017  2018  2019  2020  2021  2022  2023  2024  Index 2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  <20152016  2017  2018  2019  2020  2021  2022  2023  2024 
<== Date ==> <== Thread ==>
Subject: Re: pCAS username change API
From: Andrew Johnson <[email protected]>
To: Matej Sekoranja <[email protected]>, EPICS core-talk <[email protected]>
Date: Mon, 29 Jun 2015 10:55:43 -0500 
Hi Matej,

On 06/29/2015 04:55 AM, Matej Sekoranja wrote:
> Hi Andrew,
> 
> I started looking into this.
> … and I’ve found out that the API is already there:
> 
> 
> class epicsShareClass casChannel {
> public:
>     casChannel ( const casCtx & ctx );
>     virtual ~casChannel ();
> 
>     //
>     // Called when the user name and the host name are changed
>     // for a live connection.
>     //
>     virtual void setOwner ( const char * const pUserName,
>         const char * const pHostName );
> 
> The casChannel::setOwner method.
> I think this is what you wanted, right?
> (It just needs to be called when username is changed.)

That looks like the right method. Most existing CAS applications
probably don't implement it though; this is from the PV Gateway's
gateVc.cc file:

> #ifdef SUPPORT_OWNER_CHANGE
> // Virtual function from casChannel, not called from Gateway.  It is a
> // security hole to support this, and it is no longer implemented in
> // base.
> void gateChan::setOwner(const char* const u, const char* const h)
> {
> 	asclient->changeInfo(u,h);
> }
> #endif

The SUPPORT_OWNER_CHANGE macro is not defined in the gateway build, and
that method is similarly #ifdef'd out in the related header file. The
routine it calls is defined inline in gateAs.h:

> #ifdef SUPPORT_OWNER_CHANGE
>     // Used in virtual function setOwner from casChannel, not called
>     // from Gateway.  It is a security hole to support this, and it is
>     // no longer implemented in base.
> 	long changeInfo(const char* user, const char* host)
> 	  { return asChangeClient(asclientpvt,asentry->level,(char*)user,(char*)host);}
> #endif

Re-enabling this functionality in the gateway will obviously need
careful testing, but I guess the RBAC implementation will be making more
changes to the gateway anyhow.

- Andrew

-- 
Light thinks it travels faster than anything but it is wrong.
No matter how fast light travels, it finds the darkness has
always got there first, and is waiting for it.
    -- Terry Pratchett, Reaper Man
Navigate by Date:
Prev: Re: Base development meetings Michael Davidsaver
Next: Build failed in Jenkins: epics-base-3.16-win32 #25 APS Jenkins
Index: 2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  <20152016  2017  2018  2019  2020  2021  2022  2023  2024 
Navigate by Thread:
Prev: Jenkins build is back to stable : epics-base-3.16-mac #27 APS Jenkins
Next: STATIC_ASSERT and -Wunused-local-typedefs Michael Davidsaver
Index: 2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  <20152016  2017  2018  2019  2020  2021  2022  2023  2024 
ANJ, 16 Dec 2015 Valid HTML 4.01! · Home · News · About · Base · Modules · Extensions · Distributions · Download ·
· Search · EPICS V4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·