EPICS Controls Argonne National Laboratory

Experimental Physics and
Industrial Control System

1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  <20112012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024  Index 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  <20112012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024 
<== Date ==> <== Thread ==>

Subject: #RE: About ASG usage
From: "Kim, Kukhee" <[email protected]>
To: "[email protected]" <[email protected]>, Andrew Johnson <[email protected]>
Cc: "[email protected]" <[email protected]>
Date: Thu, 21 Apr 2011 17:59:41 -0700
Dear Odagiri San;

Would you consider the followings?
I am wondering, if the following can work for you.
We can switch the local/remote mode with a PV: MODE_PV in this example.

Thank you.
Best regards,
Kukhee



HAG(remote) {host1, host2, host3, ...}
HAG(local) {box1, box2, box3, ...}
#
#  Local mode: MODE_PV == 0
#  Remote mode: MODE_PV == 1
#
ASG(loMode) {
	INPA("MODE_PV")
	RULE(1,READ)
	RULE(1,WRITE)
	{
		HAG(local)
		CLAC("A=0")
	}
}
ASG(reMode) {
	INPA("MODE_PV")
	RULE(1,READ)
	RULE(1,WRITE)
	{
		HAG(remote)
		CALC("A=1")
	}
}

--------------------------------------------
Kukhee Kim
SLAC National Accelerator Laboratory
2575 Sand Hill Rd, MS 64
Menlo Park, CA 94025
Email: [email protected]
Phone: (650)926-4912
  


-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf Of [email protected]
Sent: Thursday, April 21, 2011 5:47 PM
To: Andrew Johnson
Cc: [email protected]
Subject: Re: About ASG usage

Hi, Andrew;

Thanks for your answer and the deeply meaningful comment.

I should have explained a little about the backgraound of the
question I brought up.

What I have in mind is not protecting a recod from "bad-hosts"
or malicious users.

Now, I'm implementing a local control system that is fully
embedded EPICS based. In that system, even local control on-
site relies on EPICS clients.

Here, we need a way to switch beween "Local Mode" and "Remote
Mode" so that operators on-site and those in the central
control room does not play a tug-of-war.

I agree that the extension of ASG to involve exclusions of
hosts and/or users makes ASG confusing. I would NOT want to
read the modified documentation explaining how multiple HAGs
involving exclusions like this intaract.

I'm now thinking of listing all the remonte hosts in:

HAG(remote) {host1, host2, host3, ...}

and listing local hosts in:

HAG(local) {box1, box2, box3, ...}

Thanks again for your comment.

Best regards,

Jun-ichi Odagiri, KEK


----- Original Message -----
> Hi,
> 
> On Thursday 21 April 2011 05:04:42 [email protected] wrote:
> > 
> > I'm worndering if there is a way for a record on an IOC to
> > allow all hosts except a specific host to access the record
> > by using ASG.
> > 
> > Is there any way to achieve this in a simple fashion?
> 
> Not with the current access security code.  It might be an interesting 
project 
> to implement excluded hosts like that, but I am concerned that people 
writing 
> access security files might easily get confused as to what excluding a 
list of 
> hosts might mean.  Suppose we implemented the ability to exclude a 
list of 
> hosts and wrote a rule like this:
> 
> HAG(bad-hosts) {bad1, bad2}
> ASG(DEFAULT) {
>     RULE(1, READ) {
>         HAG(!bad-hosts)
>     }
>     RULE(1, WRITE) {
>         HAG(!bad-hosts)
>     }
> }
> 
> That seems straight-forward and should prevent the bad-hosts from 
accessing 
> those PVs.  However this extended version could be dangerous:
> 
> HAG(bad-hosts) {bad1, bad2}
> HAG(ro-hosts) {ro1, ro1}
> ASG(DEFAULT) {
>     RULE(1, READ) {
>         HAG(!bad-hosts)
>     }
>     RULE(1, WRITE) {
>         HAG(!bad-hosts, !ro-hosts)
>     }
> }
> 
> The author's intention was to allow read-only access to the ro-hosts, 
but the 
> write rule actually allows *any* host to write to the PVs (although 
the bad-
> hosts still can't read them).
> 
> I'm not saying that it would be impossible to fix, but I would want to 
see the 
> modified documentation explaining how multiple HAGs involving 
exclusions like 
> this interact and some test routines before the code was merged into 
an 
> official release of Base.
> 
> It is also important to remember though that the CA client's hostname 
is sent 
> over the network from the client program and can easily be spoofed, so 
an 
> exclusion rule like this would not provide any protection from a 
malicious 
> user who is allowed to run their own CA client programs on that 
specific host 
> (but an inclusion rule doesn't either if the user can set their own 
hostname).
> 
> - Andrew
> -- 
> An error is only a mistake if you don't learn from it.
> When you learn something from it, it becomes a lesson.
> 




Replies:
Re: #RE: About ASG usage jun-ichi.odagiri
References:
About ASG usage jun-ichi.odagiri
Re: About ASG usage Andrew Johnson
Re: About ASG usage jun-ichi.odagiri

Navigate by Date:
Prev: Re: About ASG usage jun-ichi.odagiri
Next: Re: #RE: About ASG usage jun-ichi.odagiri
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  <20112012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024 
Navigate by Thread:
Prev: Re: About ASG usage jun-ichi.odagiri
Next: Re: #RE: About ASG usage jun-ichi.odagiri
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  <20112012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024 
ANJ, 18 Nov 2013 Valid HTML 4.01! · Home · News · About · Base · Modules · Extensions · Distributions · Download ·
· Search · EPICS V4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·