Repository access policy handling proposal

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Please comment.

@node Repository access policy
@section Repository access policy

In most cases you simply set up single repository on a machine, and
there is only access policy: either the repository is online, or it is
offline.  When the repository is put offline, the cvs server entry is
simply commented out of the @file{/etc/inetd.conf}, and that's all.

@cindex access policy
@cindex repository, access policies
@cindex policy
However, sometimes you manage lots of repositories on a single machine,
and you need to easily and conveniently manage access policy on for each
particular repository.  Moreover, there is more than two simplest
policies.  CVS-Nserver allows the following access policies:

@table @dfn
@item disabled
@cindex disabled repository
The repository is not available for logins.  When login is attempted,
the generic "Access denied" message is returned, as if the repository
does not exist.

@item offline
@cindex offline repository
The repository is available for logins, but is not available for any
activity inside the repository.  The explanation message is provided to
client after successful login.

@item read-only
@cindex read-only repository
The repository is available for logins, but only actions that do not
change the repository state are allowed.

@item online
@cindex online repository
The repository is fully functional.  This is the default access policy
for the simplest case.

@end table

@cindex @samp{cvs-pserverx}
Repository access policies are managed by a special protocol front-end,
called @samp{cvs-pserverx}.

@quotation
@emph{Note: }Currently only the @samp{:pserver:} protocol allows policy
management.
@end quotation

@cindex @file{/etc/repositories}
@samp{cvs-pserverx} uses a special configuration file, usually called
@file{/etc/repositories}.  This file contains human-readable description
of each repository, together with its status, and, probably, many other
parameters.  Probably, there could be an indexed version of this file
lying near.

When the connection request arrives, @samp{inetd} accepts it and passes
control to the @samp{cvs-pserverx}, which reads the
@file{/etc/repositories}, receives repository access request from the
client, and decides what to do with this request, as described above.

@node Format of /etc/repositories
@section Format of @file{/etc/repositories}

@cindex @file{/etc/repositories}
The @file{/etc/repositories} is a human-readable text file.  Its format
somewhat resembles the RFC822 format of Internet mail messages.

Below we'll show example entries for each type of repository.

Online repository is specified simply like this:

@example
Repository: /repos
Status: online
@end example

Read-only repository is specified together with the warning, that is
emitted to client before other messages:

@example
Repository: /repos
Status: read-only
Warning: This repository is temporarily in read-only mode.
@end example

Offline repository is specified together with explanation message, which
is emitted after the successful login:

@example
Repository: /repos
Status: offline
Message: This repository is temporarily put offline for maintenance.
         Please contact the administrator at (555) 123-4567 if you have
         any questions concerning this.
@end example

Disabled repository is specified simply:

@example
Repository: /repos
Status: disabled
@end example

There could be many more various fields in the description of each
repository.  Obvious example that first comes to mind is the
@samp{Description} field.

--alexm