JANUS CLSOCK

From m204wiki
Revision as of 18:15, 28 February 2011 by Admin (talk | contribs)
Jump to navigation Jump to search

<section begin="desc" />Defines rules for a Janus socket client<section end="desc" />

The JANUS CLSOCK command defines the rules for a Janus Sockets client (CLSOCK) or DEBUGGERCLIENT port. These rules control access to the port. System administrators always have access to a client port, so no CLSOCK rules are required to provide socket access to these users.

JANUS CLSOCK portname rule_type [optional parameters]

JANUS CLSOCK command syntax</p? The JANUS CLSOCK command is slightly different from most Janus commands in that it usually takes a set of commands to fully specify the rules for a port. For instance, it may take a number of commands to specify the various users and applications that may use a port on the socket-connection $function ($SOCK_CONN) or object method (New). The order in which JANUS CLSOCK commands are specified also affects how they are processed. The first two parameters are positional and are required:

th>portnameth>rule_type
A 1 - 30 character name of the port, or a pattern specifying a set of ports, for which the rule is being defined. Wildcards are allowed.
The type of rule being specified for the port or ports. Valid rule_types are:
  • DISALLOW Removes access permission.
  • ALLOW Assigns access permission.

The ALLOW and DISALLOW rules are processed together, from most recent to oldest. The optional parameters allowed for the JANUS CLSOCK command depend on the rule_type value. The rule types are shown below, followed by a section giving examples and showing the interaction of JANUS CLSOCK commands.

Note that the JANUS CLSOCK and JANUS SRVSOCK commands differ from the corresponding rules available with the JANUS WEB command in the following ways:

  • JANUS WEB does not allow any optional parameters (for example, USGROUP) on the DISALLOW rule.
  • The default access for WEBSERV non-SSL ports and SRVSOCK ports is ALLOW. The default access for WEBSERV SSL ports and CLSOCK ports is DISALLOW.
  • ALLOW and DISALLOW are the only rule types for JANUS CLSOCK and JANUS SRVSOCK. There are a number of other rule types for JANUS WEB.

JANUS CLSOCK ALLOW

JANUS CLSOCK portname ALLOW - [NONE] | [USER userID | USGROUP usgroup] - [FILE procfile] - [PROC procname] - [SUBSYS subsysname] - [REMOTE rmt_host rmt_portnum]

JANUS CLSOCK ALLOW command syntax

The JANUS CLSOCK ALLOW command indicates a combination of conditions which, if all specified, allow a socket-connection $function ($SOCK_CONN) or object method invocation to access a CLSOCK port that matches pattern portname.

The default access for all CLSOCK and DEBUGGERCLIENT ports is to disallow all access — except system administrators can access any CLSOCK port, regardless of rules (since a system administrator can always issue JANUS CLSOCK to grant access to herself). For a non-system administrator, access to a CLSOCK port on a $SOCK_CONN or New method invocation depends on the most recent rule for that port that matches the conditions of the $SOCK_CONN or New method call:

  • If the conditions match all clauses on a JANUS CLSOCK ALLOW rule, access to the port is allowed.
  • If the conditions match all clauses on a JANUS CLSOCK DISALLOW rule, access to the port is disallowed.
  • If the conditions match neither an ALLOW nor DISALLOW rule, access to the port is disallowed.

If the JANUS CLSOCK ALLOW command is specified with no optional parameters, any $SOCK_CONN or New method invocation can access the CLSOCK ports that match the pattern in portname.


See: Janus command list