plexus-2.2.1 - Host level access control
"Christopher J. McRae" <Christopher.McRae@library.ucsf.edu>
Message-id: <199309092127.AA28788@library.ucsf.edu>
To: www-talk@library.ucsf.edu
Subject: plexus-2.2.1 - Host level access control
Date: Thu, 09 Sep 1993 14:32:54 PDT
From: "Christopher J. McRae" <Christopher.McRae@library.ucsf.edu>
Status: RO
I've added host-level access control to plexus-2.2.1. You can find
the patch under
ftp://austin.bsdi.com/plexus/2.2.1/contrib/host-level-access-control/
Below are checksums for the files, the .tar.Z file contains the other two.
64134 1 README.access-control
36197 19 plexus-2.2.1-host-level-access-control.patch
49361 11 plexus-2.2.1-host-level-access-control.tar.Z
This code uses a configuration file to permit/deny access to specific
hosts. The syntax of the config file is included below. I will be
extending this code to provide for resource-level access control and to
port it to plexus-3.0. If anyone has any comments/suggestions regarding
the config file format, now is the time.
Of course, the resource-level control will only be effective if we have
some secure means of authentication. I don't have any plans to work on
kerberos support yet, but we'll see...
Chris
-----------------------------------------------------------------------
Christopher McRae mail: mcrae@ckm.ucsf.edu
UCSF Center for Knowledge Management at&t: 415/476-3577
530 Parnassus Avenue, Box 0840 fax: 415/476-4653
San Francisco, California 94143
plexus-2.2.1 access control configuration file format:
# In the syntax below:
# 'x' denotes the character x, literally
# * denotes "repeat the previous pattern 0 or more times"
# + denotes "repeat the previous pattern 1 or more times"
# x|y denotes "select one of the terms x or y"
# {xyz} denotes "select one of x, y, or z"
# {x-y} denotes "select one from the range x to y, inclusive"
# [item] denotes item is optional
#
# Format:
# method_list host_spec_list
# where
# method_list --> method[','method]
# method --> one of the methods defined via %method in
# plexus.conf (get, textsearch, ...)
# host_spec_list --> host_spec[','host_spec_list]
# host_spec --> ['!']{host_name|host_address|partial_spec|ALL|NONE}
# host_name --> alpha[alphanum]*['.'host_ext]
# host_ext --> alphanum+['.'host_ext]
# host_address --> {0-9}+['.'host_address]
# partial_spec --> '.'alphanum+['.'partial_spec]
# alphanum --> {a-z}|{A-Z}|{0-9}|'-'
#
# ALL and NONE
# The special symbol "ALL" indicates that all hosts, by default,
# should have access to the corresponding methods. Special symbol
# "NONE" # disallows access for all hosts not explicitly matched.
# These settings override the %DEFAULT_ACCESS array which is set in
# plexus.conf and which otherwise has the same affect. Note that
# (!ALL == NONE) and (!NONE == ALL).
#
# Netgroups
# Note: it would be nice to add netgroups to this spec, but first we gotta
# get setnetgrent, getnetgrent, and endnetgrent into perl. This could be
# implemented via the "syscall" function perhaps. Proposed syntax for
# netgroups:
# host_spec --> host_name|host_address|partial_spec|netgroup
# netgroup --> '@'alphanum+
#