#
#   @(#)$Id: access.hdr,v 1.4 1996/12/13 23:35:22 steve Exp steve $
#
#   cddbd - CD Database Protocol Server
#
#   Copyright (C) 1996  Steve Scherf
#   Email: steve@moonsoft.com
#   Moondog Software Productions - makers of fine public domain software.
#
#   This program is free software; you can redistribute it and/or modify
#   it under the terms of the GNU General Public License as published by
#   the Free Software Foundation; either version 2 of the License, or
#   (at your option) any later version.
#
#   This program is distributed in the hope that it will be useful,
#   but WITHOUT ANY WARRANTY; without even the implied warranty of
#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#   GNU General Public License for more details.
#
#   You should have received a copy of the GNU General Public License
#   along with this program; if not, write to the Free Software
#   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#

#
#  CDDBD access file
#
#  All parameters should each appear on a separate line. Numerical options
#  should be a positive decimal value. Pathname arguments should always specify
#  absolute paths.
#
#
#  motdfile:
#       Absolute pathname to a file containing the "message of the day".
#       This should probably reside in the same directory as the access file,
#       but doesn't necessarily have to. The contents of this file will
#       be displayed to the client when the "motd" server command is executed.
#
#  sitefile:
#       Absolute pathname to a file containing information on remote sites.
#       This information is used when transmitting database entries,
#       and as data for the "sites" command.
#
#  workdir:
#       Absolute pathname to the root server directory. This path is
#       where all the server files and directories reside.
#
#  cddbdir:
#       Absolute pathname to the directory where the CD database is located.
#       This is the only required field in the access file.
#
#  postdir:
#       Absolute pathname to the directory for posting new entries.
#       This should be the same as cddbdir if you are running a slave site.
#       Since by enabling posting you are allowing others to write
#       to your system, you might want to make this a directory somewhere
#       in your spool directory hierarchy in order to avoid having a
#       malicious user clog up your filesystem. Be sure to set up your
#       posting permissions correctly in any case.
#
#       Note that no clients to date support the posting of new entries to
#       the server. Currently, the preferred way to do this is to send
#       new entries via email to xmcd-cddb@amb.org. This feature is
#       primarily for the purpose of updating the database via a remote
#       cddbd master site.
#
#  dupdir:
#       Absolute pathname to the directory for putting duplicate entries.
#       This directory is important if you are maintaining a master copy
#       of the database. Files in the post directory that are duplicates
#       of entries in the database will end up here when an update is run.
#       Duplicates must be dealt with by hand; whether that means deletion
#       or hand-inspection is up to the database administrator. If no
#       path is specified, duplicates will be deleted automatically.
#
#  input_time:
#       Input timeout value in seconds. User is disconnected if idle
#       longer than the timeout. A zero value disables this feature.
#
#       Should be less than or equal to "connect_time".
#
#  access_time:
#       Access timeout value in seconds. User is disconnected if
#       a database access attempt is not performed within the allotted
#       time. A zero value disables this feature.
#
#       This keeps users from connecting via telnet and staying connected
#       without actually using the server.
#
#       Should be greater than or equal to "input_time" and less than or
#       equal to "connect_time".
#
#  connect_time:
#       Connect timeout value in seconds. User is disconnected after
#       being connected for the allotted time. A zero value disables
#       this feature.
#
#       This keeps the user from hogging the server for too long, regardless
#       of how he uses it.
#
#       Should be greater than or equal to "access_time".
#
#  xmit_time:
#       Input timeout value in seconds. Connections to remote sites
#       are terminated if transmissions stall for longer than the
#       timeout. A zero value disables this feature.
#
#  elapse_time:
#       The time in milliseconds used when checking if too much time has
#       been spent processing. If set to zero, there is no processing time
#       limit.
#
#  delay_time:
#       The time in milliseconds used when delaying if too much time has
#       been spent processing. If set to zero, no delay will be performed.
#
#  email_time:
#       The time in milliseconds to delay between each email when transmitting
#       via smtp. When set to 0, it can literally flood the smtp host.
#
#  lock_time:
#       The time in milliseconds to delay between lock acquisition retries.
#
#  lock_wait:
#       The number of seconds to attempt to acquire a lock before giving up.
#
#  fuzzy_factor:
#       The frame count factor used in comparing track offsets for
#       fuzzy matching. This is the number of frames that any one track
#       can be off by. Frames are 1/75 of a second.
#
#       This should probably be left alone. Tuning this upward makes for
#       a more liberal matching algorithm that is prone to find incorrect
#       matches, and tuning it downward makes for a stricter matching
#       algorithm that is more likely to miss legitimate matches.
#
#  fuzzy_div:
#       When divided into "fuzzy factor", this is the average number of
#       frames track offsets can differ by for fuzzy matching.
#
#       This should probably be left alone. Tuning this downward makes for
#       a more liberal matching algorithm that is prone to find incorrect
#       matches, and tuning it upward makes for a stricter matching
#       algorithm that is more likely to miss legitimate matches.
#
#  logging:
#       Logging verbosity flags. If logfile is not specified, logging
#       is always disabled, regardless of this setting. One or more of the
#       following should be specified separated by white space:
#
#       none:	Logging disabled. This nullifies all other log flags.
#       hello:	Logs "hello" data. Useful for keeping track of database "hits".
#       access:	Logs database accesses.
#       post:	Logs database postings.
#       info:	Logs general info.
#       input:	Logs all user input.
#       errors:	Logs program errors.
#       all:	Enables all logging flags.
#
#  dup_policy:
#       The value of this variable dictates wheter duplicate entries are to
#       be copied over existing database entries. This variable may be
#       specified with one of the following options:
#
#       never:   Never copy over an existing database entry with a duplicate.
#       compare: Compare duplicates with existing entries before copying over.
#       always:  Always copy duplicate entries over existing entries.
#
#       Duplicates that are rejected for copying are put into "dupdir" if
#       it exists, otherwise they are deleted. It is suggested that
#       slave sites set this to "always" and master sites set this to
#       "compare". If not specified, the default setting is "compare".
#
#  transmits:
#       The value of this variable specifies how many sites can be
#       transmitted to simultaneously. Since transmitting is inexpensive,
#       it is safe to set this number high.
#
#  smtphost:
#       The hostname of the system to contact when sending mail via SMTP.
#       The most likely host is "localhost", but someone may want to
#       set this to another address.
#
#  admin_email:
#       The full email address of the daemon administrator. This is used
#       as the return address when the server sends email.
#
#  bounce_email:
#       The full email address to which copies of bounced email submissions
#       should go (in addition to the original sender). This should
#       generally be set to those who are interested in debugging problems
#       with submissions from client applications. If this parameter is
#       empty or missing, only the originator is mailed when a submission
#       is rejected.
#
#  test_email:
#       The full email address to which copies of test email submissions
#       should go (in addition to the original sender). This should
#       generally be set to those who are interested in debugging problems
#       with test submissions from client applications. If this parameter is
#       empty or missing, only the originator is mailed when a test submission
#       is received. Responses to test submissions are sent regardless of
#       whether the submission is accepted or rejected.
#
#  strip_ext:
#       A boolean value which may be either ("1", "true", "yes") to indicate
#       true or ("0", "false", "no") to indicate false. If true, extended
#       track data is purged when checking the database and when entries
#       are read by users.
#
#  log_hiwat:
#       The maximum size in bytes the log file is allowed to be. If the log
#       file should increase in size so that it exceeds the high water mark,
#       it is truncated.
#
#  log_lowat:
#       The size the log file is truncated to when it grows to log_hiwat
#       bytes in size.
#
#  put_size:
#       The max allowable amount of data transferable through a put.
#
#  post_lines:
#       The max number of allowable lines a posted database entry
#       may be. A line is currently limited to 256 bytes.
#
#  users:
#       The max number of users that can access the database at once.
#       If set to zero, no limit is placed on the number of
#       simultaneous users. Accesses to the database tend to be
#       very quick and efficient, so very little additional load is
#       placed on even a slow system by the server. You might want to
#       consider disabling this feature or setting it to a very high value,
#       unless your system is an extremely busy one.
#
#  user:
#       The user name of the user that owns the daemon files. This may
#       also be a numeric user ID. If the word "default" is specified,
#       the user name of the invoking user will be used.
#
#  group:
#       The group name of the user that owns the daemon files. This may
#       be the name of any group that the user belongs to. This may
#       also be a numeric group ID. If the word "default" is specified,
#       the group name of the invoking user will be used.
#
#  file_mode:
#       The file permissions, in octal, that server files should be set to.
#
#  dir_mode:
#       The file permissions, in octal, that server directories should be
#       set to.
#
#  db_user:
#       The user name of the user that owns the database files. This may
#       also be a numeric user ID. If the word "default" is specified,
#       the user name of the invoking user will be used.
#
#  db_group:
#       The group name of the user that owns the database files. This may
#       be the name of any group that the user belongs to. This may
#       also be a numeric group ID. If the word "default" is specified,
#       the group name of the invoking user will be used.
#
#  db_file_mode:
#       The file permissions, in octal, that database files should be set to.
#
#  db_dir_mode:
#       The file permissions, in octal, that database directories should be
#       set to.
#
#  host_perms:
#       Whether to allow/disallow connections, posting entries to "postdir"
#       via "cddb write", whether to allow remotely initiated database
#       updates via "update", whether to allow the user to get the log
#       and other files, and whether to allow the user to update the motd and
#       sites files. There may be multiple of these lines in the file
#       in order to specify different permissions for various hosts.
#
#       The format is:
#
#       permissions: interface remote_host connect post update get put
#
#       The arguments are:
#
#       interface: Valid values are: c, h, e and s, which correspond to CDDBP,
#           HTTP, email and submissions. You may put any or all of these
#           values in a single argument, with no separating spaces. If a
#           single '-' character appears before these values, then all
#           interfaces not listed after the '-' are specified; a '-' by
#           itself specifies all interfaces.
#       remote_host: An Internet hostname, network name, domain name,
#           IP address or the word "default" for all hosts. Any
#           host matching this field is given privileges as specified
#           by the following fields. Only one default line may
#           appear in the file. If a host matches more than one
#           specified permission, the most specific match is used.
#       connect:
#           Valid values are either "connect" or "noconnect" to
#           either allow or disallow connections. The value "hang" is also
#           allowed for connection-based interfaces; this causes the connection
#           to be held open without allowing the client perform any operations.
#           This is useful for stopping clients which reconnect rapidly upon
#           rejection. For interfaces which are not connection-based, "hang"
#           implies "noconnect".
#       post:
#           Valid values are either "post" or "nopost" to either
#           allow or disallow posting.
#       update:
#           Valid values are either "update" or "noupdate" to either
#           allow or disallow remotely initiated updates.
#       get:
#           Valid values are either "get" or "noget" to either
#           allow or disallow remote acquisition of server files.
#       put:
#           Valid values are either "put" or "noput" to either
#           allow or disallow remote replacement of server files (limited).
#
#  client_perms:
#       Whether to allow/disallow DB entries/handshakes from a particular
#       client/client revision. By default, they are allowed from
#       any client, unless prohibited by a perms rule. There may be
#       multiple of these lines in the file in order to specify different
#       permissions for various clients. If a client/revision matches
#       more than one rule, the last match is used.
#
#       The format is:
#
#       client_perms: interface permission client low_revision high_revision
#
#       The arguments are:
#
#       interface: Valid values are: c, h, e and s, which correspond to CDDBP,
#           HTTP, email and submissions. You may put any or all of these
#           values in a single argument, with no separating spaces. If a
#           single '-' character appears before these values, then all
#           interfaces not listed after the '-' are specified; a '-' by
#           itself specifies all interfaces.
#       permission: Valid values are either "allow" or "disallow" to
#           either allow or disallow submissions/connections from the
#           client/revision. The value "hang" is also allowed for connection-
#           based interfaces; this causes the connection to be held open
#           without allowing the client perform any operations. This is
#           useful for stopping clients which reconnect rapidly upon rejection.
#           For interfaces which are not connection-based, "hang" implies
#           "noconnect".
#       client: A string with no white space which must exactly match the
#           client name being compared. The string "-" is a wildcard which
#           matches all clients; the client revision is ignored in this case.
#       low_revision:
#       high_revision:
#           Both are strings with no white space representing the range of
#           client revisions to be matched. The server parses the revision
#           for rev level numbers and alpha, beta and patch level strings
#           when comparing ranges. The string "-" is a wildcard which matches
#           all revisions.
#
#       Example:
#
#       For the following perms rule, submissions from xmcd versions 1.4
#       through 1.7 would be rejected:
#
#       client_perms: s disallow xmcd 1.4 1.7
#
#       For the following perms rule, CDDBP and HTTP connections from xmcd
#       version 2.0PL1 and on would be accepted:
#
#       client_perms: ch allow xmcd 2.0PL1 -
#
#       For the following perms rule, all submissions from DiscPlay would
#       would be rejected:
#
#       client_perms: -che disallow DiscPlay - -
#
#       For the following perms rule, all connections and submissions from
#       EasyCD versions up to and including 2.3.1 would be accepted:
#
#       client_perms: - allow EasyCD - 2.3.1
#

motdfile:     /cddb/motd
sitefile:     /cddb/sites
pwdfile:      /cddb/passwd
workdir:      /cddb
cddbdir:      ./cddb
postdir:      ./cddb
dup_policy:   always
logging:      errors hello access info
post_lines:   1024
put_size:     102400
users:        100
fuzzy_factor: 900
fuzzy_div:    4
xmit_time:    600
input_time:   300
access_time:  600
connect_time: 3600
elapse_time:  500
delay_time:   250
email_time:   500
lock_time:    250
lock_wait:    60
hang_time:    60
max_hangs:    10
log_hiwat:    1024000
log_lowat:    768000
strip_ext:    no
user:         root
group:        root
file_mode:    644
dir_mode:     755
db_user:      root
db_group:     root
db_file_mode: 644
db_dir_mode:  755

# Beginning of permissions.

host_perms: che default connect nopost noupdate noget noput nopasswd
host_perms: s default noconnect nopost noupdate noget noput nopasswd
