Re: #RE: About ASG usage

[<jun-ichi.odagiri@kek.jp>]

Dear Kim-san;

Thanks for your reply.

Actually, the .acf file you sent me is exactly what I'm now testing
nd it works fine.

The point, however, is that the .acf file resides on a file system
of embedded controllers (AMC cards) which are expected to be fully
stand alone.

It will take some effort to re-write the .asf file on each of the
controllers when I get to need to add a new remote host... But...
Is it... true? (I'm asking to myself.)

Best regards,

J. Odagiri


----- Original Message -----
> Dear Odagiri San;
> 
> Would you consider the followings?
> I am wondering, if the following can work for you.
> We can switch the local/remote mode with a PV: MODE_PV in this example.
> 
> Thank you.
> Best regards,
> Kukhee
> 
> 
> 
> HAG(remote) {host1, host2, host3, ...}
> HAG(local) {box1, box2, box3, ...}
> #
> #  Local mode: MODE_PV == 0
> #  Remote mode: MODE_PV == 1
> #
> ASG(loMode) {
> 	INPA("MODE_PV")
> 	RULE(1,READ)
> 	RULE(1,WRITE)
> 	{
> 		HAG(local)
> 		CLAC("A=0")
> 	}
> }
> ASG(reMode) {
> 	INPA("MODE_PV")
> 	RULE(1,READ)
> 	RULE(1,WRITE)
> 	{
> 		HAG(remote)
> 		CALC("A=1")
> 	}
> }
> 
> --------------------------------------------
> Kukhee Kim
> SLAC National Accelerator Laboratory
> 2575 Sand Hill Rd, MS 64
> Menlo Park, CA 94025
> Email: khkim@SLAC.Stanford.EDU
> Phone: (650)926-4912
>   
> 
> 
> -----Original Message-----
> From: tech-talk-bounces@aps.anl.gov [mailto:tech-talk-bounces@aps.anl.
gov] On Behalf Of jun-ichi.odagiri@kek.jp
> Sent: Thursday, April 21, 2011 5:47 PM
> To: Andrew Johnson
> Cc: tech-talk@aps.anl.gov
> Subject: Re: About ASG usage
> 
> Hi, Andrew;
> 
> Thanks for your answer and the deeply meaningful comment.
> 
> I should have explained a little about the backgraound of the
> question I brought up.
> 
> What I have in mind is not protecting a recod from "bad-hosts"
> or malicious users.
> 
> Now, I'm implementing a local control system that is fully
> embedded EPICS based. In that system, even local control on-
> site relies on EPICS clients.
> 
> Here, we need a way to switch beween "Local Mode" and "Remote
> Mode" so that operators on-site and those in the central
> control room does not play a tug-of-war.
> 
> I agree that the extension of ASG to involve exclusions of
> hosts and/or users makes ASG confusing. I would NOT want to
> read the modified documentation explaining how multiple HAGs
> involving exclusions like this intaract.
> 
> I'm now thinking of listing all the remonte hosts in:
> 
> HAG(remote) {host1, host2, host3, ...}
> 
> and listing local hosts in:
> 
> HAG(local) {box1, box2, box3, ...}
> 
> Thanks again for your comment.
> 
> Best regards,
> 
> Jun-ichi Odagiri, KEK
> 
> 
> ----- Original Message -----
> > Hi,
> > 
> > On Thursday 21 April 2011 05:04:42 jun-ichi.odagiri@kek.jp wrote:
> > > 
> > > I'm worndering if there is a way for a record on an IOC to
> > > allow all hosts except a specific host to access the record
> > > by using ASG.
> > > 
> > > Is there any way to achieve this in a simple fashion?
> > 
> > Not with the current access security code.  It might be an 
interesting 
> project 
> > to implement excluded hosts like that, but I am concerned that 
people 
> writing 
> > access security files might easily get confused as to what excluding 
a 
> list of 
> > hosts might mean.  Suppose we implemented the ability to exclude a 
> list of 
> > hosts and wrote a rule like this:
> > 
> > HAG(bad-hosts) {bad1, bad2}
> > ASG(DEFAULT) {
> >     RULE(1, READ) {
> >         HAG(!bad-hosts)
> >     }
> >     RULE(1, WRITE) {
> >         HAG(!bad-hosts)
> >     }
> > }
> > 
> > That seems straight-forward and should prevent the bad-hosts from 
> accessing 
> > those PVs.  However this extended version could be dangerous:
> > 
> > HAG(bad-hosts) {bad1, bad2}
> > HAG(ro-hosts) {ro1, ro1}
> > ASG(DEFAULT) {
> >     RULE(1, READ) {
> >         HAG(!bad-hosts)
> >     }
> >     RULE(1, WRITE) {
> >         HAG(!bad-hosts, !ro-hosts)
> >     }
> > }
> > 
> > The author's intention was to allow read-only access to the ro-hosts,
 
> but the 
> > write rule actually allows *any* host to write to the PVs (although 
> the bad-
> > hosts still can't read them).
> > 
> > I'm not saying that it would be impossible to fix, but I would want 
to 
> see the 
> > modified documentation explaining how multiple HAGs involving 
> exclusions like 
> > this interact and some test routines before the code was merged into 
> an 
> > official release of Base.
> > 
> > It is also important to remember though that the CA client's 
hostname 
> is sent 
> > over the network from the client program and can easily be spoofed, 
so 
> an 
> > exclusion rule like this would not provide any protection from a 
> malicious 
> > user who is allowed to run their own CA client programs on that 
> specific host 
> > (but an inclusion rule doesn't either if the user can set their own 
> hostname).
> > 
> > - Andrew
> > -- 
> > An error is only a mistake if you don't learn from it.
> > When you learn something from it, it becomes a lesson.
> > 
> 
> 
>