Experimental Physics and
Industrial Control System

Dear Kim-san;

Thanks for your reply.

Actually, the .acf file you sent me is exactly what I'm now testing
nd it works fine.

The point, however, is that the .acf file resides on a file system
of embedded controllers (AMC cards) which are expected to be fully
stand alone.

It will take some effort to re-write the .asf file on each of the
controllers when I get to need to add a new remote host... But...
Is it... true? (I'm asking to myself.)

Best regards,

J. Odagiri


----- Original Message -----
> Dear Odagiri San;
> 
> Would you consider the followings?
> I am wondering, if the following can work for you.
> We can switch the local/remote mode with a PV: MODE_PV in this example.
> 
> Thank you.
> Best regards,
> Kukhee
> 
> 
> 
> HAG(remote) {host1, host2, host3, ...}
> HAG(local) {box1, box2, box3, ...}
> #
> #  Local mode: MODE_PV == 0
> #  Remote mode: MODE_PV == 1
> #
> ASG(loMode) {
> 	INPA("MODE_PV")
> 	RULE(1,READ)
> 	RULE(1,WRITE)
> 	{
> 		HAG(local)
> 		CLAC("A=0")
> 	}
> }
> ASG(reMode) {
> 	INPA("MODE_PV")
> 	RULE(1,READ)
> 	RULE(1,WRITE)
> 	{
> 		HAG(remote)
> 		CALC("A=1")
> 	}
> }
> 
> --------------------------------------------
> Kukhee Kim
> SLAC National Accelerator Laboratory
> 2575 Sand Hill Rd, MS 64
> Menlo Park, CA 94025
> Email: [email protected]
> Phone: (650)926-4912
>   
> 
> 
> -----Original Message-----
> From: [email protected] [mailto:[email protected].
gov] On Behalf Of [email protected]
> Sent: Thursday, April 21, 2011 5:47 PM
> To: Andrew Johnson
> Cc: [email protected]
> Subject: Re: About ASG usage
> 
> Hi, Andrew;
> 
> Thanks for your answer and the deeply meaningful comment.
> 
> I should have explained a little about the backgraound of the
> question I brought up.
> 
> What I have in mind is not protecting a recod from "bad-hosts"
> or malicious users.
> 
> Now, I'm implementing a local control system that is fully
> embedded EPICS based. In that system, even local control on-
> site relies on EPICS clients.
> 
> Here, we need a way to switch beween "Local Mode" and "Remote
> Mode" so that operators on-site and those in the central
> control room does not play a tug-of-war.
> 
> I agree that the extension of ASG to involve exclusions of
> hosts and/or users makes ASG confusing. I would NOT want to
> read the modified documentation explaining how multiple HAGs
> involving exclusions like this intaract.
> 
> I'm now thinking of listing all the remonte hosts in:
> 
> HAG(remote) {host1, host2, host3, ...}
> 
> and listing local hosts in:
> 
> HAG(local) {box1, box2, box3, ...}
> 
> Thanks again for your comment.
> 
> Best regards,
> 
> Jun-ichi Odagiri, KEK
> 
> 
> ----- Original Message -----
> > Hi,
> > 
> > On Thursday 21 April 2011 05:04:42 [email protected] wrote:
> > > 
> > > I'm worndering if there is a way for a record on an IOC to
> > > allow all hosts except a specific host to access the record
> > > by using ASG.
> > > 
> > > Is there any way to achieve this in a simple fashion?
> > 
> > Not with the current access security code.  It might be an 
interesting 
> project 
> > to implement excluded hosts like that, but I am concerned that 
people 
> writing 
> > access security files might easily get confused as to what excluding 
a 
> list of 
> > hosts might mean.  Suppose we implemented the ability to exclude a 
> list of 
> > hosts and wrote a rule like this:
> > 
> > HAG(bad-hosts) {bad1, bad2}
> > ASG(DEFAULT) {
> >     RULE(1, READ) {
> >         HAG(!bad-hosts)
> >     }
> >     RULE(1, WRITE) {
> >         HAG(!bad-hosts)
> >     }
> > }
> > 
> > That seems straight-forward and should prevent the bad-hosts from 
> accessing 
> > those PVs.  However this extended version could be dangerous:
> > 
> > HAG(bad-hosts) {bad1, bad2}
> > HAG(ro-hosts) {ro1, ro1}
> > ASG(DEFAULT) {
> >     RULE(1, READ) {
> >         HAG(!bad-hosts)
> >     }
> >     RULE(1, WRITE) {
> >         HAG(!bad-hosts, !ro-hosts)
> >     }
> > }
> > 
> > The author's intention was to allow read-only access to the ro-hosts,
 
> but the 
> > write rule actually allows *any* host to write to the PVs (although 
> the bad-
> > hosts still can't read them).
> > 
> > I'm not saying that it would be impossible to fix, but I would want 
to 
> see the 
> > modified documentation explaining how multiple HAGs involving 
> exclusions like 
> > this interact and some test routines before the code was merged into 
> an 
> > official release of Base.
> > 
> > It is also important to remember though that the CA client's 
hostname 
> is sent 
> > over the network from the client program and can easily be spoofed, 
so 
> an 
> > exclusion rule like this would not provide any protection from a 
> malicious 
> > user who is allowed to run their own CA client programs on that 
> specific host 
> > (but an inclusion rule doesn't either if the user can set their own 
> hostname).
> > 
> > - Andrew
> > -- 
> > An error is only a mistake if you don't learn from it.
> > When you learn something from it, it becomes a lesson.
> > 
> 
> 
> 

References:

About ASG usage jun-ichi.odagiri

Re: About ASG usage Andrew Johnson

Re: About ASG usage jun-ichi.odagiri

#RE: About ASG usage Kim, Kukhee

Navigate by Date:

Prev: #RE: About ASG usage Kim, Kukhee

Next: Re: PyEpics and Python threads Andrew Johnson

Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  <2011>  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024 

Navigate by Thread:

Prev: #RE: About ASG usage Kim, Kukhee

Next: Handling of String Array in CaChannel library Ritesh Sugandhi

Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  <2011>  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024