RE: About PCAS Access Control

["Jeff Hill" <johill@lanl.gov>]

Hi,

 

Sorry about the delay responding , I took some âvacationâ time to set some tile in the basement of my house.

 

à Here is my question. I want to add  access control to my PCAS,

à but I do not  know what the pUserName and pHostName in the

à following function refer to clearly.

à virtual casChannel *createChannel ( const casCtx &ctx,const

à char * const pUserName,const char * const pHostName);

à  

 

In the createChannel virtual member function the pUserName argument is a constant nill terminated string which is the user name of the user account the ca clientâs application is running under. In the createChannel virtual member function the pHostName argument is a constant nill terminated string which is the name (typically the dns name) of the host the ca clientâs application is running on.

 

à In "Channel Access Protable Server API Tutorial" it said

à that points to a string representing the user's name and  pHostName 

à points to a string representing the server tool's host.

 

There might be a documentation issue here. It should say that it is the host name (typically the dns name) of the _clientâs_, and not the serverâs, host. I created bug entry 692664 at the epics launchpad site.

 

à  

à For example, I have

à two EDM clients application run on the same linux PC, does the user's name

à refer to the PC name or something else.

 

The user name of the user account the client application runs on.

 

à William Lu wrote:

à Channel access security is better achieved by usnig the

à EPICS access security API. If you follow that path, at

à some point in your pcas code you will call

à asAddClient(&client, member, asl, pUserName, pHostName),

à to which you pass the pUserName and pHostName, as illustrated bellow:

 

Yes, this is the typical approach - which causes access security configuration of your service to be similar to, for example, an IOC or the ca gateway.

 

Jeff
______________________________________________________
Jeffrey O. Hill           Email    ÂÂÂ johill@lanl.gov
LANL MS H820              Voice        505 665 1831
Los Alamos NM 87545 USA   FAX          505 665 5107

 

Message content: TSPA

 

With sufficient thrust, pigs fly just fine. However, this is

not necessarily a good idea. It is hard to be sure where they

are going to land, and it could be dangerous sitting under them

as they fly overhead. -- RFC 1925

 

From: tech-talk-bounces@aps.anl.gov [mailto:tech-talk-bounces@aps.anl.gov] On Behalf Of ???
Sent: Monday, December 13, 2010 7:54 PM
To: tech-talk
Subject: About PCAS Access Control

 

Hi all,

 

Here is my question. I want to add  access control to my PCAS, but I do not  know what the pUserName and pHostName in the following function refer to clearly.

virtual casChannel *createChannel ( const casCtx &ctx,const char * const pUserName,const char * const pHostName);

In "Channel Access Protable Server API Tutorial" it said that points to a string representing the user's name and  pHostName points to a string representing the server tool's host. For example, I have two EDM clients application run on the same linux PC, does the user's name refer to the PC name or something else.

 

I have implemented the createChannel function and  writeAccess function like this:

 

casChannel *exPV::createChannel ( const casCtx &ctx,

        const char * const  /*pUserName*/, 

        const char * const  /*pHostName*/)

{

    return new exChannel ( ctx,"zhangyul","Administrator");

}

///////////////////////////////////////////////////////////////////

bool exChannel::writeAccess () const

{

      if (strcmp(User.string(), "zhangyul") == 0)

return aitFalse;

      else

return aitTrue;

}

 

However, I found that any client could not write the PCAS's PV, I think my understanding is totally wrong about user's name and the host name!!

 

Thank you!

 

Zhang Yuliang