\documentclass{article}

\begin{document}

\section{Introduction}

QCMD is intended as an access control manager for the ABONE. At the
current time access control through a list in a file that are mirrored
over the network.

\section{Architecture}

QCMD uses a simple client-server architecture to mirror files located
at the server site onto client sites. The mirroring is accomplished
using one of two alternative protocols, push and pull.

\subsection{The Pull Protocol}

In this protocol, the client maintains a hash of the file being
mirrored. Periodically, it sends requests to the server, asking if the
file in question had changed (a change is established through a change
in the hash). The server reponds with either the new version of the
file, or a no change message. A nonce together with a timestamp are
used to prevent replay of messages.

\subsection{The Push Protocol}

In this protocol, the client registers with the server to receive
updates of the file being mirrored. The server then sends the latest
version of the file as soon as change happens. Again, a nonce and
timestamp are part of the message. 

After a period of time (the default is a week) the server stops
sending update messages to the client. The client must resend
a RegisterMe message again.

Note: the push protocol is currently being revised to work with
TCP connections.

\section{The distribution}

The distribution (consisting of binaries for each of the supported OS,
installed at SRI's code server) includes three binaries. The way to
start up the programs is to load the binaries onto an anetd through
the aload command; refer to the anetd documentation for instructions
on how to use the aload command.

\subsection{qcmdServer}

As the name implies, this binary implements the QCMD server. The
following options are supported:

\begin{itemize}
\item  -log  [file]  Write a log to [file].
\item  -logsize  [s]  The maximum size of the logfile (default=1048576).(This has no effect if no logfile is specified.)
\item  -port  [p]  Specify local port number (default=3322).
\item  -config  [file]  Specify configuration file (default=qcmdserver.config).
\item  -window  [seconds] acceptable message time window (default=600).
\item   -localaddr  [IP addr] local IP address (usually 
	this is found automatically). The server will try 
	to find the local IP address automatically. 
	This works in most cases. If it doesn't you will have to specify
	the IP address.
\item  -expirereg  [n] push clients must re-register after n seconds 
    (default=604800). The server ignores registered clients after 
    a time period has passed. This ensures that a server doesn't 
    keep sending to clients long after they have died. A client
    must re-register with a server once the old registration
    has expired.  
\item  -version  Prints the version and then exits.
\end{itemize}

The server program uses a 512 bit RSAREF keypair to communicate with
the clients. This key can be generated with any standard RSAREF key
generation program. The program expects to find the keypair in
HOME/qcmd/public\_key and HOME/qcmd/private\_key.

The server gets it's configuration info from a config file.
The config file that gets distributed (`qcmdserver.config') 
contains one line:

hosts = ACLfile "hosts.allow.txt"

The "hosts.allow.txt" is the name of the ACL file
that the server distributes. This can be changed if you want the 
server to distribute some other file.
For example:

hosts = ACLfile "my.allow.txt" 

would make the server mirror a file called "my.allow.txt".

\subsection{qcmdClient}

This binary implements the pull client. The following options are
supported:

\begin{itemize}
\item  -log  [file]  Write a log to [file].
\item  -logsize  [s]  The maximum size of the logfile (default=1048576).(This has no effect if no logfile is specified.)
\item  -notanetd Don't behave as a child of the Anetd process - the parent process won't be notified when the ACL changes. Usually the client sends a SIGHUP signal to the parent process when a new ACL is downloaded. 
This can be annoying if you are debugging and the parent process is a
terminal instead of an ANETD process. This option turns off the signal.
\item  -server  [hostname]  Use [hostname] as the server (default=saul.cis.upenn.edu).
\item  -serverkey  [key]  Specify public key of server (default=0XWNcYd8zkcfbWER+nHteWMlCPU9NtMYR8Uw3SL7EQRwF3GAEx2KpZjP6ynGohyB+D/pQytou9S1ydwg2eXzvQEAAQ==).
\item  -serverport  [p]  Specify port of server (default=3322).
\item  -window  [seconds] acceptable message time window (default=600).
\item  -refresh  [n] -  refresh ACL every [n] seconds (default=60).
\item  -localacl [filename] name of local copy of ACL (default=HOME/.anetd/hosts.allow)
\item  -version  Prints the version and then exits.
\end{itemize}

\subsection{pushClient}

This binary implements the push client. The following options are
supported:

\begin{itemize}
\item  -log  [file]  Write a log to [file].
\item  -logsize  [s]  The maximum size of the logfile (default=1048576).(This has no effect if no logfile is specified.)
\item  -anet  Switch between independent(default) and anetd attached operation.
\item  -anetdport  [p] Speicfy port number of attached anetd process (default=3322).
\item  -port  [p]  Specify local port number (default=3322).
\item  -server  [hostname]  Use [hostname] as the server (default=saul.cis.upenn.edu).
\item  -serverkey  [key]  Specify public key of server (default=0XWNcYd8zkcfbWER+nHteWMlCPU9NtMYR8Uw3SL7EQRwF3GAEx2KpZjP6ynGohyB+D/pQytou9S1ydwg2eXzvQEAAQ==).
\item  -serverport  [p]  Specify port of server (default=3322).
\item  -window  [seconds] acceptable 
    message time window (default=600). 
\item    -expirereg [seconds] Sets the time in seconds 
    between re-registering with 
    the server (default=604800). The server deletes registrations 
    periodically. The client must resend the RegisterMe message. 
    This option lets you specify how
    often the client resends this message.
\item   -localacl [filename] name of local copy of ACL 
    (default=HOME/.anetd/hosts.allow). The information sent by the 
    server will be stored in this file.
\item  -version  Prints the version and then exits.
\end{itemize}

\subsection{Common commmand line options}

This section explains some of the options which are common to
all three qcmd executables.

\begin{itemize}

\item -logsize [bytes] The maximum size of the logfile (default=1048576).(This has no effect if no logfile is specified.)

    The QCMD logs can get large pretty quickly. This option
    lets you limit the size of the logfile. When the log gets
    larger than the maximum size it gets copied into a file
    \emph{logfile}.old (deleting any previous \emph{logfile}.old file)
    and a new log is started. 

\item -window  [seconds] acceptable 
    message time window (default=600). 

    When qcmd processes 
    communicate each message gets stamped with the current time. 
    Qcmd processes refuse to respond to messages which are too old (this
    stops adversaries from corrupting the ACL by resending old messages).
    The \emph{window} option specifies the maximum age (positive or negative)
    a message can
    be and still be accepted by the qcmd process. 
\end{itemize}

\end{document}