6.1.4 Netsync Permission Hooks

These hooks are used when running a netsync server, via mtn serve. They are evaluated by the server for each new connection, based on the certificate used for authentication by the client. Note that a long-running server will need to be restarted in order to reload the hook definitions if the montonerc file is changed.

get_netsync_read_permitted (branch, key_identity)

Returns true if a peer authenticated as key key_identity should be allowed to read from your database certs, revisions, manifests, and files associated with branch; otherwise false. The default definition of this hook reads a file read-permissions and all files in the subdirectory read-permissions.d in the configuration directory. All the files are treated as if they were one file, with read-permissions first followed by the files in read-permissions.d in alphanumerical order. The files look like

pattern "net.example.project.{private,security}*"
allow "joe@example.net"
allow "f3f62f86eba204a3ce15174083a53349201993d6"

comment "everyone can read these branches"
pattern "net.example.{public,project}*"
allow "*"

This example allows everyone access to branches net.example.project and net.example.public and their sub-branches, except for the branches in net.example.project.security and net.example.project.private, which are only readable by Joe and Jim.

The file is divided into stanzas of one pattern line followed by any number of allow and deny lines, and possibly a continue line. Anything from the unquoted word comment until the next unquoted word is ignored. A stanza is processed if the argument to pattern is a glob that matches branch. Any keys with a hash or local_name that matches an allow line are given access, and any keys which match a deny line are denied access. If there is a continue "true" line, then if the key is not granted or denied access in this stanza the next matching stanza will be processed. If there is not a continue "true" line, then any key which has not been given access will be denied access even if it doesn’t match any deny lines. Thus, deny lines are redundant unless there is also a continue "true" line.

If a client connects anonymously, this hook will be called with a key_identity of nil. An empty string value must be used in read-permissions to represent clients connecting anonymously. e.g. allow "".

get_netsync_write_permitted (key_identity)

Returns true if a peer authenticated as key key_identity should be allowed to write into your database certs, revisions, manifests, and files; otherwise false. The default definition of this hook reads a file write-permissions and all files in the subdirectory write-permissions.d in the configuration directory which contains a list of key hashes or local key names, one per line, which are allowed write access. The special value * means to allow access to anyone whose public key we already have.

If a client connects anonymously, it will be unconditionally denied write access; this hook will not be called with a key_identity of nil.

Note also that, unlike the equivalent read permission hook, the write permission hook does not take a branch name as an argument. There is presently no way to selectively grant write access to different branches via netsync, for a number of reasons. Contributions in the database from different authors can be selectively trusted using the Trust Evaluation Hooks instead.

get_remote_automate_permitted(key_identity, command, options)

Returns true if a peer authenticated as key key_identity should be allowed to execute the given command with the given options, as if through automate stdio.