monotone-doc 1.1-9 / usr / share / doc / monotone / html / Netsync-Permission-Hooks.html

This file is indexed.

/usr/share/doc/monotone/html/Netsync-Permission-Hooks.html is in monotone-doc 1.1-9.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<!-- Created by GNU Texinfo 6.1, http://www.gnu.org/software/texinfo/ -->
<head>
<title>monotone documentation: Netsync Permission Hooks</title>

<meta name="description" content="monotone documentation: Netsync Permission Hooks">
<meta name="keywords" content="monotone documentation: Netsync Permission Hooks">
<meta name="resource-type" content="document">
<meta name="distribution" content="global">
<meta name="Generator" content="makeinfo">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link href="index.html#Top" rel="start" title="Top">
<link href="General-Index.html#General-Index" rel="index" title="General Index">
<link href="index.html#SEC_Contents" rel="contents" title="Table of Contents">
<link href="Hooks.html#Hooks" rel="up" title="Hooks">
<link href="Netsync-Transport-Hooks.html#Netsync-Transport-Hooks" rel="next" title="Netsync Transport Hooks">
<link href="User-Defaults.html#User-Defaults" rel="prev" title="User Defaults">
<style type="text/css">
<!--
a.summary-letter {text-decoration: none}
blockquote.indentedblock {margin-right: 0em}
blockquote.smallindentedblock {margin-right: 0em; font-size: smaller}
blockquote.smallquotation {font-size: smaller}
div.display {margin-left: 3.2em}
div.example {margin-left: 3.2em}
div.lisp {margin-left: 3.2em}
div.smalldisplay {margin-left: 3.2em}
div.smallexample {margin-left: 3.2em}
div.smalllisp {margin-left: 3.2em}
kbd {font-style: oblique}
pre.display {font-family: inherit}
pre.format {font-family: inherit}
pre.menu-comment {font-family: serif}
pre.menu-preformatted {font-family: serif}
pre.smalldisplay {font-family: inherit; font-size: smaller}
pre.smallexample {font-size: smaller}
pre.smallformat {font-family: inherit; font-size: smaller}
pre.smalllisp {font-size: smaller}
span.nolinebreak {white-space: nowrap}
span.roman {font-family: initial; font-weight: normal}
span.sansserif {font-family: sans-serif; font-weight: normal}
ul.no-bullet {list-style: none}
-->
</style>
<link rel="stylesheet" type="text/css" href="texinfo.css">


</head>

<body lang="en">
<a name="Netsync-Permission-Hooks"></a>
<div class="header">
<p>
Next: <a href="Netsync-Transport-Hooks.html#Netsync-Transport-Hooks" accesskey="n" rel="next">Netsync Transport Hooks</a>, Previous: <a href="User-Defaults.html#User-Defaults" accesskey="p" rel="prev">User Defaults</a>, Up: <a href="Hooks.html#Hooks" accesskey="u" rel="up">Hooks</a> &nbsp; [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="General-Index.html#General-Index" title="Index" rel="index">Index</a>]</p>
</div>
<hr>
<a name="Netsync-Permission-Hooks-1"></a>
<h4 class="subsection">6.1.4 Netsync Permission Hooks</h4>

<p>These hooks are used when running a netsync server, via
<code>mtn serve</code>. They are evaluated by the server for each new
connection, based on the certificate used for authentication by the
client.  Note that a long-running server will need to be restarted in
order to reload the hook definitions if the <samp>montonerc</samp> file is
changed.
</p>
<dl compact="compact">
<dd><a name="get_005fnetsync_005fread_005fpermitted"></a></dd>
<dt><code>get_netsync_read_permitted (<var>branch</var>, <var>key_identity</var>)</code>
<a name="index-get_005fnetsync_005fread_005fpermitted-_0028branch_002c-key_005fidentity_0029"></a>
</dt>
<dd>
<p>Returns <code>true</code> if a peer authenticated as key <var>key_identity</var>
should be allowed to read from your database certs, revisions,
manifests, and files associated with <var>branch</var>; otherwise <code>false</code>.
The default definition of this hook reads a file <samp>read-permissions</samp>
and all files in the subdirectory <samp>read-permissions.d</samp> in the
configuration directory. All the files are treated as if they were one
file, with <samp>read-permissions</samp> first followed by the files in
<samp>read-permissions.d</samp> in alphanumerical order. The files look like
</p><div class="smallexample">
<pre class="smallexample">pattern &quot;net.example.project.{private,security}*&quot;
allow &quot;joe@example.net&quot;
allow &quot;f3f62f86eba204a3ce15174083a53349201993d6&quot;

comment &quot;everyone can read these branches&quot;
pattern &quot;net.example.{public,project}*&quot;
allow &quot;*&quot;
</pre></div>
<p>This example allows everyone access to branches <code>net.example.project</code> and
<code>net.example.public</code> and their sub-branches, except for the branches in
<code>net.example.project.security</code> and <code>net.example.project.private</code>,
which are only readable by Joe and Jim.
</p>
<p>The file is divided into stanzas of one <code>pattern</code> line followed by any
number of <code>allow</code> and <code>deny</code> lines, and possibly a <code>continue</code>
line. Anything from the unquoted word <code>comment</code> until the next unquoted
word is ignored. A stanza is processed if the argument to
<code>pattern</code> is a glob that matches <var>branch</var>. Any keys with a hash or
local_name that matches an
<code>allow</code> line are given access, and any keys which match a <code>deny</code> line
are denied access. If there is a <code>continue &quot;true&quot;</code> line, then if the key
is not granted or denied access in this stanza the next matching stanza will be
processed. If there is not a <code>continue &quot;true&quot;</code> line, then any key which
has not been given access will be denied access even if it doesn&rsquo;t match any
<code>deny</code> lines. Thus, deny lines are redundant unless there is also a
<code>continue &quot;true&quot;</code> line.
</p>

<p>If a client connects anonymously, this hook will be called with a
<var>key_identity</var> of <code>nil</code>. An empty string value must be used
in <samp>read-permissions</samp> to represent clients connecting anonymously. e.g.
<code>allow &quot;&quot;</code>.
</p>
<a name="get_005fnetsync_005fwrite_005fpermitted"></a></dd>
<dt><code>get_netsync_write_permitted (<var>key_identity</var>)</code>
<a name="index-get_005fnetsync_005fwrite_005fpermitted-_0028key_005fidentity_0029"></a>
</dt>
<dd>
<p>Returns <code>true</code> if a peer authenticated as key <var>key_identity</var>
should be allowed to write into your database certs, revisions,
manifests, and files; otherwise <code>false</code>. The default definition of
this hook reads a file <samp>write-permissions</samp> and all files in the
subdirectory <samp>write-permissions.d</samp> in the configuration directory
which contains a list of key hashes or local key names, one per line,
which are allowed write access.
The special value
<code>*</code> means to allow access to anyone whose public key we already have.
</p>
<p>If a client connects anonymously, it will be unconditionally denied
write access; this hook will <em>not</em> be called with a <var>key_identity</var>
of <code>nil</code>.
</p>
<p>Note also that, unlike the equivalent read permission hook, the write
permission hook does not take a <var>branch</var> name as an argument.  There
is presently no way to selectively grant write access to different
branches via netsync, for a number of reasons. Contributions in the
database from different authors can be selectively trusted using the
<a href="Trust-Evaluation-Hooks.html#Trust-Evaluation-Hooks">Trust Evaluation Hooks</a> instead.
</p>
</dd>
<dt><code>get_remote_automate_permitted(<var>key_identity</var>, <var>command</var>, <var>options</var>)</code>
<a name="index-get_005fremote_005fautomate_005fpermitted_0028key_005fidentity_002c-command_002c-options_0029"></a>
</dt>
<dd>
<p>Returns true if a peer authenticated as key <var>key_identity</var> should be
allowed to execute the given <var>command</var> with the given <var>options</var>, as
if through <code>automate stdio</code>.
</p>
</dd>
</dl>

<hr>
<div class="header">
<p>
Next: <a href="Netsync-Transport-Hooks.html#Netsync-Transport-Hooks" accesskey="n" rel="next">Netsync Transport Hooks</a>, Previous: <a href="User-Defaults.html#User-Defaults" accesskey="p" rel="prev">User Defaults</a>, Up: <a href="Hooks.html#Hooks" accesskey="u" rel="up">Hooks</a> &nbsp; [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="General-Index.html#General-Index" title="Index" rel="index">Index</a>]</p>
</div>



</body>
</html>

APT Browse - Built by Thomas Orozco.