plexus-2.2.1 - Host level access control

"Christopher J. McRae" <Christopher.McRae@library.ucsf.edu>
Message-id: <199309092127.AA28788@library.ucsf.edu>
To: www-talk@library.ucsf.edu
Subject: plexus-2.2.1 - Host level access control
Date: Thu, 09 Sep 1993 14:32:54 PDT
From: "Christopher J. McRae" <Christopher.McRae@library.ucsf.edu>
Status: RO
  I've added host-level access control to plexus-2.2.1.  You can find
the patch under

ftp://austin.bsdi.com/plexus/2.2.1/contrib/host-level-access-control/

Below are checksums for the files, the .tar.Z file contains the other two.
64134     1 README.access-control
36197    19 plexus-2.2.1-host-level-access-control.patch
49361    11 plexus-2.2.1-host-level-access-control.tar.Z

This code uses a configuration file to permit/deny access to specific
hosts.  The syntax of the config file is included below.  I will be
extending this code to provide for resource-level access control and to
port it to plexus-3.0.  If anyone has any comments/suggestions regarding
the config file format, now is the time.
  Of course, the resource-level control will only be effective if we have
some secure means of authentication.  I don't have any plans to work on
kerberos support yet, but we'll see...

Chris
-----------------------------------------------------------------------
Christopher McRae			mail: mcrae@ckm.ucsf.edu
UCSF Center for Knowledge Management	at&t: 415/476-3577
530 Parnassus Avenue, Box 0840	 	fax: 415/476-4653
San Francisco, California 94143


plexus-2.2.1 access control configuration file format:

# In the syntax below:
#     'x'	denotes the character x, literally
#     *		denotes "repeat the previous pattern 0 or more times"
#     +		denotes "repeat the previous pattern 1 or more times"
#     x|y       denotes "select one of the terms x or y"
#     {xyz}	denotes "select one of x, y, or z"
#     {x-y}	denotes "select one from the range x to y, inclusive"
#     [item]	denotes item is optional
#     
# Format:
#     method_list host_spec_list
# where 
#     method_list --> method[','method]
#         method --> one of the methods defined via %method in
#                    plexus.conf (get, textsearch, ...)
#     host_spec_list --> host_spec[','host_spec_list]
#         host_spec --> ['!']{host_name|host_address|partial_spec|ALL|NONE}
#             host_name --> alpha[alphanum]*['.'host_ext]
#                 host_ext --> alphanum+['.'host_ext]
#             host_address --> {0-9}+['.'host_address]
#             partial_spec --> '.'alphanum+['.'partial_spec]
#                     alphanum --> {a-z}|{A-Z}|{0-9}|'-'
#
# ALL and NONE
#   The special symbol "ALL" indicates that all hosts, by default,
# should have access to the corresponding methods.  Special symbol
# "NONE" # disallows access for all hosts not explicitly matched. 
# These settings override the %DEFAULT_ACCESS array which is set in
# plexus.conf and which otherwise has the same affect.  Note that
# (!ALL == NONE) and (!NONE == ALL).
#
# Netgroups
# Note: it would be nice to add netgroups to this spec, but first we gotta
# get setnetgrent, getnetgrent, and endnetgrent into perl.  This could be
# implemented via the "syscall" function perhaps.  Proposed syntax for
# netgroups:
#         host_spec --> host_name|host_address|partial_spec|netgroup
#             netgroup --> '@'alphanum+
#