==============================================================================
README for netpermd 0.1                                             2000-04-17
==============================================================================

Copyright 2000 by Eberhard Mattes <em-gw@windhager.de>
Donated to the public domain.  No warranty.


Introduction
============

NOTE: netpermd is work in progress.  This is a pre-release.  Features,
usage, and configuration will change.

netpermd allows authorized operators to modify netperm-table without
requiring a shell account.  At this stage of development, "connect"
rules can be added for squid-gw.


Installation
============

1. After installing the TIS Firewall Toolkit, unpack netpermd.tar.gz
   or em-gw.tar.gz into the main directory of the TIS Firewall Toolkit:

        cd /sources/fwtk
        gunzip </dist/em-gw.tar.gz | tar xf -

2. If your `make' tool requires `.include' instead of `include',
   replace `include' with `.include' in netpermd/Makefile and
   libem/Makefile.  (This can also be done by running `fixmake' of the
   TIS Firewall Toolkit.)

3. Configure the pathnames defined at the start of netpermd.c, in
   particular PID_FNAME.

4. Compile the libraries and the program:

        cd libem
        make
        cd ../netpermd
        make

5. Copy netpermd to the target directory:

        cp netpermd /usr/local/etc

   (see the definition of DEST in Makefile.config for the target
   directory).

6. Configure netpermd by editing netperm-table and netpermd.cfg, see
   below.

7. Add netpermd to /etc/inetd.conf using a free port of your choice.

8. Send SIGHUP to inetd.


Compilation problems
====================

If your system does not have vsnprintf(), add

  #define DONT_HAVE_VSNPRINTF

to firewall.h and retry.  netpermd requires an ANSI/ISO C compiler and
a POSIX.1 operating system.  If you don't have these, you have to port
netpermd to your system yourself.


Configuration
=============

Currently, netpermd is not configured by rules in netperm-table and
does not use authsrv.

PID_FNAME (defined in netpermd.c) is the name of the pid file (-pf
option) of squid-gw.

netpermd reads /usr/local/etc/netpermd.cfg (USER_FNAME).  That file is
organized in lines.  Empty lines and lines starting with "#" are
ignored.  All other lines are expected to contain three words,
separated by TAB: user, password, and "connect".  Example:

    cfg17   zU%x#2  connect

"connect" means that "connect" rules for squid-gw can be added by that
user.

netpermd adds the new "connect" rules in netperm-table before the line
containing

    # netpermd: squid-gw end

For clarity, you might want to add these two lines:

    # netpermd: squid-gw start
    # netpermd: squid-gw end

netpermd will insert the new lines between those lines.


Running netpermd
================

netpermd is started like a telnet daemon by inetd.

To edit netperm-table manually while netpermd is running, either
temporarily disable netpermd (e.g., in inetd.conf) or create
/usr/local/etc/netperm-table.lock (see LOCK_FILE in netpermd.c) before
editing and delete that file after editing.


Using netpermd
==============

Just telnet to the port configured in inetd.conf.


Version 0.1 2000-04-17
----------------------

- First pre-release

==============================================================================
                                THE END
==============================================================================
