Re: [Monotone-devel] new default get_netsync_*_permitted hooks

[Daniel Carosone]

On Sun, Oct 23, 2005 at 02:02:43PM -0500, Timothy Brownawell wrote:
> The get_netsync_*_permitted hooks now have default definitions, which
> read $confdir/{read,write}-permissions .

Great!  Inspired by the .mt-ignore implementation, I was thinking of
doing something like this as an exercise in teaching myself lua.  

In general, there are a number of other hooks that could follow a
similar pattern. Often I want to add one or two more things to a
default list (after ignore, matching binary/text files is the example
that next springs to mind). It worries me that I have to find and copy
a default hook implementation, and then have it go out of date when
the default is updated.

> write-permissions is a list of allowed keys, one per line, with
> "--all--" meaning to allow access to everyone whose pubkey we have,
> including anonymous readers.

As an aside, it still annoys me (I understand why it's the case) that
you can't give write permissions selective per branch.  However, this
argues that the semi-equivalent certificate trust hooks should take a
similar form to the permissions.. and crosses over the key trust
discussion in general.

Anyway..

> read-permissions looks like
> 
> [net.example.project.security*]
> [net.example.project.private*]
> ! --all--
> address@hidden
> address@hidden
> [net.example.public*]
> [net.example.project*]
> --all--
> 
> where [something] is a wildcard that's matched against the branch.

Sorry, but.. yuck :)

> "! key" means deny access, "--all--" means allow everyone access, and
> "! --all--" means to stop looking if the key isn't mentioned in the
> current section. More specific branch patterns should be at the top, if
> there's a "[*]" it should be the last entry.

This confuses me :-)

> Thoughts in general, or for a better format for read-permissions?

A simple table would be fine, in my view.  I can edit the file to
duplicate parts if needed:

net.example.project.security*   DENY    *               
net.example.project.private*    READ    address@hidden  
net.example.project.private*    READ    address@hidden  
net.example.project*            READ    *               

The first match for both branch and key applies the listed permission.
Keys are listed last to allow for spaces in the names.

There are a couple of reasons I was thinking along these lines.
Firstly, I'd like to see read and write permissions in the same
file/format, and perhaps others (as above). That means adding new PERM
keywords (and possibly listing that keyword first to allow the
'parameters' to vary for different perm types?)

Secondly, and more immediately for implementation purposes, I'd like
to see these kinds of hooks split into two parts: an initialisation
hook which reads these files into a lua table, and the current hook
which simply evaluates the already-loaded table (rather than rereading
the file on every evaluation). 

Just like the ignore case, I can then easily keep the default list,
and just add some entries in a config file.  I could even have some in
~/.monotone/foo, and add some more checkout-specific ones in
MT/foo. Eventually, key trusts and other permissions embodied in
certificates in the database could also be part of populating this
table at initialisation.

--
Dan.

pgpo7Jku5KsSx.pgp
Description: PGP signature