# # patch "ChangeLog" # from [9fe2d45790d4f9b1c612ef5ddddddc02f08e8f8d] # to [074a757e880cb857b6283d600a6f7fe93bca95f6] # # patch "lua.cc" # from [aefdfc576d205a78a8e47444788a9f1bc2bfc5b1] # to [77f81c504baafa54e376a9eba1ae9d6257d398e7] # # patch "lua.hh" # from [90a3a380420c5118c36413d90ce7be1836eb5a46] # to [38945dd7ac35f3f1ef7d4027ad1874f8b3716e26] # # patch "monotone.texi" # from [c11e30926fcaf2097e4c6274a159284d786855ea] # to [5cfe07d5483a24d398fb7766bfebeb6702308f6a] # # patch "netsync.cc" # from [c06bdb859643097701b81ebcf9a704e573e9063f] # to [45b48cc344050acadbbf0bcdfb9b62a3d262857d] # # patch "tests/t_netsync_permissions.at" # from [fb766246587fa8cf19f1b2952ec63be65ad82b63] # to [887e4062ab6faa6283d46f0b8dba342f898a23d0] # =============================================== --- ChangeLog 9fe2d45790d4f9b1c612ef5ddddddc02f08e8f8d +++ ChangeLog 074a757e880cb857b6283d600a6f7fe93bca95f6 @@ -1,3 +1,14 @@ +2005-08-07 Nathaniel Smith + + * monotone.texi (Network Service, Hooks): Document + get_netsync_read_permitted as getting a nil value on anonymous + connects. + * lua.{cc.hh} (hook_get_netsync_anonymous_read_permitted): + Remove. Replace with 1-argument version of + hook_get_netsync_write_permitted. + * netsync.cc (process_anonymous_cmd): Update. + * tests/t_netsync_permissions.at: Likewise. + 2005-08-07 Matthew Gregan * botan/{data_snk,es_file}.cpp: Open fstreams in binary mode. =============================================== --- lua.cc aefdfc576d205a78a8e47444788a9f1bc2bfc5b1 +++ lua.cc 77f81c504baafa54e376a9eba1ae9d6257d398e7 @@ -1089,15 +1089,17 @@ return exec_ok && permitted; } +// Anonymous no-key version bool -lua_hooks::hook_get_netsync_anonymous_read_permitted(std::string const & branch) +lua_hooks::hook_get_netsync_read_permitted(std::string const & branch) { bool permitted = false, exec_ok = false; exec_ok = Lua(st) - .func("get_netsync_anonymous_read_permitted") + .func("get_netsync_read_permitted") .push_str(branch) - .call(1,1) + .push_nil() + .call(2,1) .extract_bool(permitted) .ok(); =============================================== --- lua.hh 90a3a380420c5118c36413d90ce7be1836eb5a46 +++ lua.hh 38945dd7ac35f3f1ef7d4027ad1874f8b3716e26 @@ -64,7 +64,8 @@ // network hooks bool hook_get_netsync_read_permitted(std::string const & branch, rsa_keypair_id const & identity); - bool hook_get_netsync_anonymous_read_permitted(std::string const & branch); + // anonymous no-key version + bool hook_get_netsync_read_permitted(std::string const & branch); bool hook_get_netsync_write_permitted(rsa_keypair_id const & identity); // local repo hooks =============================================== --- monotone.texi c11e30926fcaf2097e4c6274a159284d786855ea +++ monotone.texi 5cfe07d5483a24d398fb7766bfebeb6702308f6a @@ -1625,10 +1625,6 @@ if (identity == "beth@@juicebot.co.jp") then return true end return false end - -function get_netsync_anonymous_read_permitted (branch) - return false -end ^D @end group @end smallexample @@ -3712,9 +3708,8 @@ make the new default. In the server, different permissions can be applied to each branch; see -the hooks @code{get_netsync_read_permitted}, address@hidden, and address@hidden (see @ref{Hook Reference}). +the hooks @code{get_netsync_read_permitted} and address@hidden (see @ref{Hook Reference}). If a @option{--pid-file} option is specified, the command @command{serve} will create the specified file and record the process @@ -5514,6 +5509,9 @@ This hook has no default definition, therefore the default behavior is to deny all reads. +If a client connects anonymously, this hook will be called with a address@hidden of @code{nil}. + Note that the @var{identity} value is a key ID (such as address@hidden@@pobox.com}'') but will correspond to a @emph{unique} key fingerprint (hash) in your database. Monotone will not permit two @@ -5521,14 +5519,6 @@ key fingerprints of each key in your database, as key ID strings are ``convenience names'', not security tokens. address@hidden get_netsync_anonymous_read_permitted (@var{branch}) - -This hook has identical semantics to @code{get_netsync_read_permitted} -except that it is called when a connecting client requests anonymous -read access. There is no corresponding anonymous write -access hook. This hook has no default definition, therefore the -default behavior is to deny all anonymous reads. - @item get_netsync_write_permitted (@var{identity}) Returns @code{true} if a peer authenticated as key @var{identity} should @@ -5536,6 +5526,10 @@ files; otherwise @code{false}. This hook has no default definition, therefore the default behavior is to deny all writes. +If a client connects anonymously, it will be unconditionally denied +write access; this hook will @emph{not} be called with a @var{identity} +of @code{nil}. + Note that the @var{identity} value is a key ID (such as address@hidden@@pobox.com}'') but will correspond to a @emph{unique} key fingerprint (hash) in your database. Monotone will not permit two =============================================== --- netsync.cc c06bdb859643097701b81ebcf9a704e573e9063f +++ netsync.cc 45b48cc344050acadbbf0bcdfb9b62a3d262857d @@ -1845,7 +1845,7 @@ i != branchnames.end(); i++) { if (their_matcher(*i)) - if (our_matcher(*i) && app.lua.hook_get_netsync_anonymous_read_permitted(*i)) + if (our_matcher(*i) && app.lua.hook_get_netsync_read_permitted(*i)) ok_branches.insert(utf8(*i)); else { =============================================== --- tests/t_netsync_permissions.at fb766246587fa8cf19f1b2952ec63be65ad82b63 +++ tests/t_netsync_permissions.at 887e4062ab6faa6283d46f0b8dba342f898a23d0 @@ -21,10 +21,6 @@ function get_netsync_write_permitted(identity) return true end - -function get_netsync_anonymous_read_permitted(pattern) - return true -end ]) AT_CHECK(cp test.db clean.db) @@ -110,10 +106,6 @@ if (identity == "address@hidden") then return true end return false end - -function get_netsync_anonymous_read_permitted(pattern) - return false -end ]) AT_CHECK(cp clean.db test.db)