#RE: About ASG usage

["Kim, Kukhee" <khkim@slac.stanford.edu>]

Dear Odagiri San;

Would you consider the followings?
I am wondering, if the following can work for you.
We can switch the local/remote mode with a PV: MODE_PV in this example.

Thank you.
Best regards,
Kukhee



HAG(remote) {host1, host2, host3, ...}
HAG(local) {box1, box2, box3, ...}
#
#  Local mode: MODE_PV == 0
#  Remote mode: MODE_PV == 1
#
ASG(loMode) {
	INPA("MODE_PV")
	RULE(1,READ)
	RULE(1,WRITE)
	{
		HAG(local)
		CLAC("A=0")
	}
}
ASG(reMode) {
	INPA("MODE_PV")
	RULE(1,READ)
	RULE(1,WRITE)
	{
		HAG(remote)
		CALC("A=1")
	}
}

--------------------------------------------
Kukhee Kim
SLAC National Accelerator Laboratory
2575 Sand Hill Rd, MS 64
Menlo Park, CA 94025
Email: khkim@SLAC.Stanford.EDU
Phone: (650)926-4912
  


-----Original Message-----
From: tech-talk-bounces@aps.anl.gov [mailto:tech-talk-bounces@aps.anl.gov] On Behalf Of jun-ichi.odagiri@kek.jp
Sent: Thursday, April 21, 2011 5:47 PM
To: Andrew Johnson
Cc: tech-talk@aps.anl.gov
Subject: Re: About ASG usage

Hi, Andrew;

Thanks for your answer and the deeply meaningful comment.

I should have explained a little about the backgraound of the
question I brought up.

What I have in mind is not protecting a recod from "bad-hosts"
or malicious users.

Now, I'm implementing a local control system that is fully
embedded EPICS based. In that system, even local control on-
site relies on EPICS clients.

Here, we need a way to switch beween "Local Mode" and "Remote
Mode" so that operators on-site and those in the central
control room does not play a tug-of-war.

I agree that the extension of ASG to involve exclusions of
hosts and/or users makes ASG confusing. I would NOT want to
read the modified documentation explaining how multiple HAGs
involving exclusions like this intaract.

I'm now thinking of listing all the remonte hosts in:

HAG(remote) {host1, host2, host3, ...}

and listing local hosts in:

HAG(local) {box1, box2, box3, ...}

Thanks again for your comment.

Best regards,

Jun-ichi Odagiri, KEK


----- Original Message -----
> Hi,
> 
> On Thursday 21 April 2011 05:04:42 jun-ichi.odagiri@kek.jp wrote:
> > 
> > I'm worndering if there is a way for a record on an IOC to
> > allow all hosts except a specific host to access the record
> > by using ASG.
> > 
> > Is there any way to achieve this in a simple fashion?
> 
> Not with the current access security code.  It might be an interesting 
project 
> to implement excluded hosts like that, but I am concerned that people 
writing 
> access security files might easily get confused as to what excluding a 
list of 
> hosts might mean.  Suppose we implemented the ability to exclude a 
list of 
> hosts and wrote a rule like this:
> 
> HAG(bad-hosts) {bad1, bad2}
> ASG(DEFAULT) {
>     RULE(1, READ) {
>         HAG(!bad-hosts)
>     }
>     RULE(1, WRITE) {
>         HAG(!bad-hosts)
>     }
> }
> 
> That seems straight-forward and should prevent the bad-hosts from 
accessing 
> those PVs.  However this extended version could be dangerous:
> 
> HAG(bad-hosts) {bad1, bad2}
> HAG(ro-hosts) {ro1, ro1}
> ASG(DEFAULT) {
>     RULE(1, READ) {
>         HAG(!bad-hosts)
>     }
>     RULE(1, WRITE) {
>         HAG(!bad-hosts, !ro-hosts)
>     }
> }
> 
> The author's intention was to allow read-only access to the ro-hosts, 
but the 
> write rule actually allows *any* host to write to the PVs (although 
the bad-
> hosts still can't read them).
> 
> I'm not saying that it would be impossible to fix, but I would want to 
see the 
> modified documentation explaining how multiple HAGs involving 
exclusions like 
> this interact and some test routines before the code was merged into 
an 
> official release of Base.
> 
> It is also important to remember though that the CA client's hostname 
is sent 
> over the network from the client program and can easily be spoofed, so 
an 
> exclusion rule like this would not provide any protection from a 
malicious 
> user who is allowed to run their own CA client programs on that 
specific host 
> (but an inclusion rule doesn't either if the user can set their own 
hostname).
> 
> - Andrew
> -- 
> An error is only a mistake if you don't learn from it.
> When you learn something from it, it becomes a lesson.
>