ARCv2
view release on metacpan or search on metacpan
# http://module-build.sourceforge.net/META-spec.html
#XXXXXXX This is a prototype!!! It will change in the future!!! XXXXX#
name: ARCv2
version: 1.05
version_from: lib/Arc.pm
installdirs: site
requires:
Authen::SASL: 2.06
Authen::SASL::Cyrus: 0.10
Config::IniFiles: 0.0
IO::Pipe: 0.0
IO::Select: 0.0
IO::Socket::INET: 0.0
MIME::Base64: 0.0
Net::Server::PreFork: 0.85
Term::ReadKey: 0.0
Term::ReadLine: 0.0
@ISA = qw(Exporter);
@EXPORT_OK = qw(LOG_AUTH LOG_USER LOG_ERR LOG_CMD LOG_SIDE LOG_DEBUG);
$VERSION = '1.05';
$ConfigPath = "/etc/arcx";
$DefaultPort = 4242;
$DefaultHost = "arcdsrv";
$DefaultPIDFile = "/var/run/arcxd.pid";
$Copyright = "ARCv2 $VERSION (C) 2003-5 Patrick Boettcher and others. All right reserved.";
$Contact = "Patrick Boettcher <patrick.boettcher\@desy.de>, Wolfgang Friebel <wolfgang.friebel\@desy.de>";
my @syslog_arr = ('emerg','alert','crit','err','warning','notice','info','debug');
# package member vars
sub members
{
return {
# private:
# protected:
my $this = shift;
$this->Log(LOG_DEBUG,@_);
}
## Log function.
## Logs messages to 'logdestination' if 'loglevel' is is set appropriatly.
## loglevel behaviour has changed in the 1.0 release of ARCv2, the "Arc"-class can export
## LOG_AUTH (authentication information), LOG_USER (connection information), LOG_ERR (errors),
## LOG_CMD (ARCv2 addition internal command information), LOG_SIDE (verbose client/server-specific
## information), LOG_DEBUG (verbose debug information). It possible to combine the
## levels with or (resp. +) to allow a message to appear when not all loglevels are
## requested by the user.
## Commonly used for logging errors from application level.
##in> $facility, ... (message)
##out> always false
##eg> return $arc->Log(LOG_ERR,"Message");
sub Log
{
my $this = shift;
my $pr = shift;
my $ll = $this->{loglevel};
lib/Arc.pod view on Meta::CPAN
SASL-authenticated socket connection. The purpose is to convey
requests such as privileged commands (e.g. AFS, Crontab) to be executed on the
server under appropriate privileges. Given that all privileges are
confined to the server and the server can be programmed as to filter and
check the command to be executed, the client machine can be less trusted
than the server.
Because ARC-v1-Commands are written in perl anyway, implementing the client/server
in perl makes sense. Platform-independence and "easy-to-read" source code are welcome
too. This package provides two perl command line scripts (arcx, arcxd). They can
be used for working with the ARC server from the command line, resp. to start the
server.
=head1 SYNOPSIS
This is a abstract (known from c++) class.
This is the base class which defines the namespace for
the ARCv2 module suite.
=head1 Class VARIABLES
lib/Arc.pod view on Meta::CPAN
=item Log ( $facility, ... (message) )
B<Description>: Log function.
Logs messages to 'logdestination' if 'loglevel' is is set appropriatly.
loglevel behaviour has changed in the 1.0 release of ARCv2, the "Arc"-class can export
LOG_AUTH (authentication information), LOG_USER (connection information), LOG_ERR (errors),
LOG_CMD (ARCv2 addition internal command information), LOG_SIDE (verbose client/server-specific
information), LOG_DEBUG (verbose debug information). It possible to combine the
levels with or (resp. +) to allow a message to appear when not all loglevels are
requested by the user.
Commonly used for logging errors from application level.
B<Returns:> always false
B<Example:>
return $arc->Log(LOG_ERR,"Message");
lib/Arc.pod view on Meta::CPAN
L<arcx>, L<arcxd>, L<Authen::SASL>, L<Authen::SASL::Cyrus>
L<Net::Server::PreFork>
=head1 AUTHOR
Patrick Boettcher <patrick.boettcher@desy.de>
=head1 COPYRIGHT AND LICENSE
Copyright (c) 2003-5 Patrick Boettcher <patrick.boettcher@desy.de> and others.
All rights reserved.
Zeuthen, Germany, (old) Europe
This program is free software; you can redistribute it and/or
modify it under the same terms as Perl itself.
Special thanks go to:
DESY Zeuthen, in particular:
- Wolfgang Friebel for bleeding edge testing and heavy bug reporting (and the idea of reimplementing ARC).
lib/Arc/Command.pm view on Meta::CPAN
{
my $this = shift;
return { %{$this->SUPER::members},
# private:
# protected:
_commands => {}, # the "available commands"-hash from the server,
_username => "", # user, who has authenticated against ARCv2 Server by using SASL
_realm => "", # the name of the realm, to which the user belongs (SASL)
_mech => undef, # user uses this authentication mechanism (e.g. GSSAPI)
_peeraddr => undef, # users ip address
_peername => undef, # users host address in sockaddr_in format
_peerport => undef, # users port
_cmd => undef, # user runs this command
# public:
logfileprefix => "command",
};
}
## execute this command.
## This function is called by the ARCv2 Server when the user wants
lib/Arc/Command.pod view on Meta::CPAN
SASL-authenticated socket connection. The purpose is to convey
requests such as privileged commands (e.g. AFS, Crontab) to be executed on the
server under appropriate privileges. Given that all privileges are
confined to the server and the server can be programmed as to filter and
check the command to be executed, the client machine can be less trusted
than the server.
Because ARC-v1-Commands are written in perl anyway, implementing the client/server
in perl makes sense. Platform-independence and "easy-to-read" source code are welcome
too. This package provides two perl command line scripts (arcx, arcxd). They can
be used for working with the ARC server from the command line, resp. to start the
server.
=head1 SYNOPSIS
This module is part of the module suite ARCv2.
This is the command module from ARCv2. If we would use C++, we would say
this is an abstract class of an ARC Command. All commands used by ARCv2 should
derive from this class.
lib/Arc/Command.pod view on Meta::CPAN
$arc = new Arc::Server (
[..] Arc::Server vars [..],
connection_vars => {
commands => {
'pv' => 'Arc::Command::Pv'
}
}
)
resp.
$arc->{connection_vars}->{commands}
This hash describes the assignment of B<Command Name> and B<Command Class>.
When a client has authenticated and wants to run a command, it will send
the B<Command Name> and suitable, optional parameters. The server will look into
the commands hash and creates an object of the B<Command Class>
associated with B<Command Name>.
my $perlcmd = $this->{commands}->{$cmd};
lib/Arc/Command.pod view on Meta::CPAN
sub Execute
{
while ($_ = <STDIN>) { # ends on EOF
s/a/b/g; print;
}
}
If you want to implement a new Command for ARCv2 you have to derive from
Arc::Command and override the sub C<Execute>. See existing Arc::Command::*
classes for examples. To get your Command recognised you have to assign a
B<Command Name> to your command class. ARCv2 ignores the return code of
B<Execute>. If your command runs into an error use the _SetError function
and return immediately. This is what ARCv2 will evaluate and send to the
client.
B<Example>:
sub Execute
{
my $this = shift;
my $pw = <>;
if ($pw ne "klaus") {
lib/Arc/Command.pod view on Meta::CPAN
B<Default value>: {}
=item _mech
B<Description>: user uses this authentication mechanism (e.g. GSSAPI)
B<Default value>: undef
=item _peeraddr
B<Description>: users ip address
B<Default value>: undef
=item _peername
B<Description>: users host address in sockaddr_in format
B<Default value>: undef
=item _peerport
B<Description>: users port
B<Default value>: undef
=item _realm
lib/Arc/Command.pod view on Meta::CPAN
=item Log ( $facility, ... (message) ) I<inherited from Arc>
B<Description>: Log function.
Logs messages to 'logdestination' if 'loglevel' is is set appropriatly.
loglevel behaviour has changed in the 1.0 release of ARCv2, the "Arc"-class can export
LOG_AUTH (authentication information), LOG_USER (connection information), LOG_ERR (errors),
LOG_CMD (ARCv2 addition internal command information), LOG_SIDE (verbose client/server-specific
information), LOG_DEBUG (verbose debug information). It possible to combine the
levels with or (resp. +) to allow a message to appear when not all loglevels are
requested by the user.
Commonly used for logging errors from application level.
B<Returns:> always false
B<Example:>
return $arc->Log(LOG_ERR,"Message");
lib/Arc/Command.pod view on Meta::CPAN
L<arcx>, L<arcxd>, L<Authen::SASL>, L<Authen::SASL::Cyrus>
L<Net::Server::PreFork>
=head1 AUTHOR
Patrick Boettcher <patrick.boettcher@desy.de>
=head1 COPYRIGHT AND LICENSE
Copyright (c) 2003-5 Patrick Boettcher <patrick.boettcher@desy.de> and others.
All rights reserved.
Zeuthen, Germany, (old) Europe
This program is free software; you can redistribute it and/or
modify it under the same terms as Perl itself.
Special thanks go to:
DESY Zeuthen, in particular:
- Wolfgang Friebel for bleeding edge testing and heavy bug reporting (and the idea of reimplementing ARC).
lib/Arc/Connection.pm view on Meta::CPAN
}
} else {
return $this->_SetError("No CommandConnection received (Client died?).");
}
}
## function for reading and writing on the command connection.
## This function is always used by the C<Arc::Connection::Server> to handle
## command data. When calling the C<ProcessCommand> from C<Arc::Connection::Client>
## this function is also used.
## Data is read from the local socket resp. pipe and is written encrypted
## to the network socket. The other side reads the data from network socket,
## decrypts it and writes it to its local socket. This function behaves differently on
## client and server sides, when the local or network socket is closed.
##in> *locfdin, *locfdout
##out> always true
##eg> $this->ReadWriteBinary(*STDIN,*STDOUT);
sub _ReadWriteBinary
{
my $this = shift;
my $locin = shift;
lib/Arc/Connection.pod view on Meta::CPAN
SASL-authenticated socket connection. The purpose is to convey
requests such as privileged commands (e.g. AFS, Crontab) to be executed on the
server under appropriate privileges. Given that all privileges are
confined to the server and the server can be programmed as to filter and
check the command to be executed, the client machine can be less trusted
than the server.
Because ARC-v1-Commands are written in perl anyway, implementing the client/server
in perl makes sense. Platform-independence and "easy-to-read" source code are welcome
too. This package provides two perl command line scripts (arcx, arcxd). They can
be used for working with the ARC server from the command line, resp. to start the
server.
=head1 SYNOPSIS
This module is part of the module suite ARCv2.
This is the connection module from ARCv2. If we would use C++, we would say
this is an abstract class of an ARCv2 Connection. This class provides common
methods to its derived classes. Such as for authentication and basic ARCv2
protocols.
lib/Arc/Connection.pod view on Meta::CPAN
=item Log ( $facility, ... (message) ) I<inherited from Arc>
B<Description>: Log function.
Logs messages to 'logdestination' if 'loglevel' is is set appropriatly.
loglevel behaviour has changed in the 1.0 release of ARCv2, the "Arc"-class can export
LOG_AUTH (authentication information), LOG_USER (connection information), LOG_ERR (errors),
LOG_CMD (ARCv2 addition internal command information), LOG_SIDE (verbose client/server-specific
information), LOG_DEBUG (verbose debug information). It possible to combine the
levels with or (resp. +) to allow a message to appear when not all loglevels are
requested by the user.
Commonly used for logging errors from application level.
B<Returns:> always false
B<Example:>
return $arc->Log(LOG_ERR,"Message");
lib/Arc/Connection.pod view on Meta::CPAN
while (my $cmd = $this->_RecvCommand() && $this->_ProcessLine($cmd)) {}
=item _ReadWriteBinary ( *locfdin, *locfdout )
B<Description>: function for reading and writing on the command connection.
This function is always used by the C<Arc::Connection::Server> to handle
command data. When calling the C<ProcessCommand> from C<Arc::Connection::Client>
this function is also used.
Data is read from the local socket resp. pipe and is written encrypted
to the network socket. The other side reads the data from network socket,
decrypts it and writes it to its local socket. This function behaves differently on
client and server sides, when the local or network socket is closed.
B<Returns:> always true
B<Example:>
lib/Arc/Connection.pod view on Meta::CPAN
L<arcx>, L<arcxd>, L<Authen::SASL>, L<Authen::SASL::Cyrus>
L<Net::Server::PreFork>
=head1 AUTHOR
Patrick Boettcher <patrick.boettcher@desy.de>
=head1 COPYRIGHT AND LICENSE
Copyright (c) 2003-5 Patrick Boettcher <patrick.boettcher@desy.de> and others.
All rights reserved.
Zeuthen, Germany, (old) Europe
This program is free software; you can redistribute it and/or
modify it under the same terms as Perl itself.
Special thanks go to:
DESY Zeuthen, in particular:
- Wolfgang Friebel for bleeding edge testing and heavy bug reporting (and the idea of reimplementing ARC).
lib/Arc/Connection/Client.pm view on Meta::CPAN
sub _Cmd
{
my $this = shift;
my $str = join " ",@_;
$str =~ s/[\r\n]//g;
return $this->_SetError("Empty command won't be sent.") unless length $str;
@{$this->{_expectedcmds}} = qw(ERR CMDPASV DONE);
return $this->_SendCommand("CMD",$str);
}
# The _R subs are processing a server response, call resp. subs and set the expectedcmds array approp.
## parses the AUTH <list of SASL mech>\r\n, sent by the server
sub _RAUTH
{
my $this = shift;
@{$this->{server_sasl_mechanisms}} = split(',',$this->{_cmdparameter});
return $this->_Authenticate();
}
## parses the AUTHTYPE <SASL mech>\r\n, sent by the server.
## Which SASL mech the server will use.
sub _RAUTHTYPE
{
my $this = shift;
$this->{_saslmech} = $this->{_cmdparameter};
return $this->_StartAuthentication();
}
## parses the SASL <base64 encoded SASL string>\r\n, sent by the server.
## Sasl response from the server
sub _RSASL
{
my $this = shift;
return $this->_SetError("SASL Negotiation failed.") unless ($this->_StepAuthentication(0));
return 1;
}
## parses the ERR <msg>\r\n, sent by the server.
## Server command, which reports an server-side error
sub _RERR
lib/Arc/Connection/Client.pod view on Meta::CPAN
SASL-authenticated socket connection. The purpose is to convey
requests such as privileged commands (e.g. AFS, Crontab) to be executed on the
server under appropriate privileges. Given that all privileges are
confined to the server and the server can be programmed as to filter and
check the command to be executed, the client machine can be less trusted
than the server.
Because ARC-v1-Commands are written in perl anyway, implementing the client/server
in perl makes sense. Platform-independence and "easy-to-read" source code are welcome
too. This package provides two perl command line scripts (arcx, arcxd). They can
be used for working with the ARC server from the command line, resp. to start the
server.
=head1 SYNOPSIS
Arc::Connection::Client - Client class for ARCv2
my $arc = new Arc::Connection::Client(
server => "hyade11",
port => 4242,
timeout => 30,
lib/Arc/Connection/Client.pod view on Meta::CPAN
=item Log ( $facility, ... (message) ) I<inherited from Arc>
B<Description>: Log function.
Logs messages to 'logdestination' if 'loglevel' is is set appropriatly.
loglevel behaviour has changed in the 1.0 release of ARCv2, the "Arc"-class can export
LOG_AUTH (authentication information), LOG_USER (connection information), LOG_ERR (errors),
LOG_CMD (ARCv2 addition internal command information), LOG_SIDE (verbose client/server-specific
information), LOG_DEBUG (verbose debug information). It possible to combine the
levels with or (resp. +) to allow a message to appear when not all loglevels are
requested by the user.
Commonly used for logging errors from application level.
B<Returns:> always false
B<Example:>
return $arc->Log(LOG_ERR,"Message");
lib/Arc/Connection/Client.pod view on Meta::CPAN
=item _RERR ( )
B<Description>: parses the ERR <msg>\r\n, sent by the server.
Server command, which reports an server-side error
=item _RSASL ( )
B<Description>: parses the SASL <base64 encoded SASL string>\r\n, sent by the server.
Sasl response from the server
=item _StartAuthentication ( )
B<Description>: initiate the authentication (sasl)
Creates the sasl object (client_new).
Client begins always and sends the first SASL challenge
Protocol command: SASL <base64 encoded SASL output>\r\n
lib/Arc/Connection/Client.pod view on Meta::CPAN
while (my $cmd = $this->_RecvCommand() && $this->_ProcessLine($cmd)) {}
=item _ReadWriteBinary ( *locfdin, *locfdout ) I<inherited from Arc::Connection>
B<Description>: function for reading and writing on the command connection.
This function is always used by the C<Arc::Connection::Server> to handle
command data. When calling the C<ProcessCommand> from C<Arc::Connection::Client>
this function is also used.
Data is read from the local socket resp. pipe and is written encrypted
to the network socket. The other side reads the data from network socket,
decrypts it and writes it to its local socket. This function behaves differently on
client and server sides, when the local or network socket is closed.
B<Returns:> always true
B<Example:>
lib/Arc/Connection/Client.pod view on Meta::CPAN
L<arcx>, L<arcxd>, L<Authen::SASL>, L<Authen::SASL::Cyrus>
L<Net::Server::PreFork>
=head1 AUTHOR
Patrick Boettcher <patrick.boettcher@desy.de>
=head1 COPYRIGHT AND LICENSE
Copyright (c) 2003-5 Patrick Boettcher <patrick.boettcher@desy.de> and others.
All rights reserved.
Zeuthen, Germany, (old) Europe
This program is free software; you can redistribute it and/or
modify it under the same terms as Perl itself.
Special thanks go to:
DESY Zeuthen, in particular:
- Wolfgang Friebel for bleeding edge testing and heavy bug reporting (and the idea of reimplementing ARC).
lib/Arc/Connection/Server.pm view on Meta::CPAN
##out> true when succesful, otherwise false
##eg> $this->_Authtype();
sub _Authtype
{
my $this = shift;
@{$this->{_expectedcmds}} = qw(QUIT SASL);
return $this->_SendCommand("AUTHTYPE",$this->{_saslmech});
}
## Creates the sasl object (server_new)
## and sends the first sasl challenge/response.
## Protocol command: SASL <base64 encoded SASL output>\r\n
##out> true when succesful, otherwise false
##eg> $this->_StartAuthentication();
sub _StartAuthentication
{
my $this = shift;
$this->_PrepareAuthentication() || return;
# Setting the Callback for getting the username
lib/Arc/Connection/Server.pm view on Meta::CPAN
my $first = shift;
my $sasl = $this->{_sasl};
my $ret = 0;
my $str;
if ($first) {
if ($this->{_cmdparameter} =~ /^\s+$/) {
$this->_Debug("No cmdparameter, plain server start.");
$str = $sasl->server_start();
} else {
$this->_Debug("SASL parameter is present.");
$str = $sasl->server_start(decode_base64($this->{_cmdparameter}));
}
} else {
$str = $sasl->server_step(decode_base64($this->{_cmdparameter}));
}
$str = "" unless defined $str;
if ($sasl->need_step || $sasl->code == 0) {
if ($sasl->code == 0) {
lib/Arc/Connection/Server.pm view on Meta::CPAN
} else {
$this->_Debug("Default Sasl: ",@{$this->{sasl_mechanisms}}[0]);
$this->{_saslmech} = @{$this->{sasl_mechanisms}}[0];
}
return $this->_Authtype();
}
## parses the SASL <base64 encoded SASL string>\r\n, sent by the client.
## Sasl challenge/response from the client
sub _RSASL
{
my $this = shift;
my $ret;
if (!defined $this->{_sasl}) {
$ret = $this->_StartAuthentication() || die "Sasl StartAuthentication failed.";
} else {
$ret = $this->_StepAuthentication() || die "Sasl StepAuthentication failed.";
}
return $ret;
}
## See source code for this method. /dev/null for unwanted output.
sub tonne {
}
## parses the CMD <cmd>\r\n, sent by the client.
## check if the command exists, prepares the command connection, executes the command and
## does cleanups after execution.
sub _RCMD
{
my $this = shift;
my ($cmd,$para) = split(/\s+/,$this->{_cmdparameter},2);
$this->_Error("Command not found.") unless defined $cmd;
my $perlcmd = $this->{commands}->{$cmd};
my $reason = $this->_CheckCmd($cmd, $perlcmd);
lib/Arc/Connection/Server.pod view on Meta::CPAN
SASL-authenticated socket connection. The purpose is to convey
requests such as privileged commands (e.g. AFS, Crontab) to be executed on the
server under appropriate privileges. Given that all privileges are
confined to the server and the server can be programmed as to filter and
check the command to be executed, the client machine can be less trusted
than the server.
Because ARC-v1-Commands are written in perl anyway, implementing the client/server
in perl makes sense. Platform-independence and "easy-to-read" source code are welcome
too. This package provides two perl command line scripts (arcx, arcxd). They can
be used for working with the ARC server from the command line, resp. to start the
server.
=head1 SYNOPSIS
Arc::Connection::Server - Server handle for ARCv2.
This class is called by Arc::Server for each incoming connection.
=head1 Class VARIABLES
lib/Arc/Connection/Server.pod view on Meta::CPAN
=item Log ( $facility, ... (message) ) I<inherited from Arc>
B<Description>: Log function.
Logs messages to 'logdestination' if 'loglevel' is is set appropriatly.
loglevel behaviour has changed in the 1.0 release of ARCv2, the "Arc"-class can export
LOG_AUTH (authentication information), LOG_USER (connection information), LOG_ERR (errors),
LOG_CMD (ARCv2 addition internal command information), LOG_SIDE (verbose client/server-specific
information), LOG_DEBUG (verbose debug information). It possible to combine the
levels with or (resp. +) to allow a message to appear when not all loglevels are
requested by the user.
Commonly used for logging errors from application level.
B<Returns:> always false
B<Example:>
return $arc->Log(LOG_ERR,"Message");
lib/Arc/Connection/Server.pod view on Meta::CPAN
=item _RAUTHENTICATE ( )
B<Description>: parses the AUTHENTICATE[ <SASL mech>]\r\n, sent by the client.
Checks if the demanded SASL mechanism is allowed and returns the
selected mechanism.
=item _RCMD ( )
B<Description>: parses the CMD <cmd>\r\n, sent by the client.
check if the command exists, prepares the command connection, executes the command and
does cleanups after execution.
=item _RQUIT ( )
B<Description>: does nothing, placeholder for QUIT\r\n command, sent by the client.
=item _RSASL ( )
B<Description>: parses the SASL <base64 encoded SASL string>\r\n, sent by the client.
Sasl challenge/response from the client
=item _RunCmd ( )
=item _SplitCmdArgs ( )
=item _StartAuthentication ( )
B<Description>: Creates the sasl object (server_new)
and sends the first sasl challenge/response.
Protocol command: SASL <base64 encoded SASL output>\r\n
B<Returns:> true when succesful, otherwise false
B<Example:>
$this->_StartAuthentication();
lib/Arc/Connection/Server.pod view on Meta::CPAN
while (my $cmd = $this->_RecvCommand() && $this->_ProcessLine($cmd)) {}
=item _ReadWriteBinary ( *locfdin, *locfdout ) I<inherited from Arc::Connection>
B<Description>: function for reading and writing on the command connection.
This function is always used by the C<Arc::Connection::Server> to handle
command data. When calling the C<ProcessCommand> from C<Arc::Connection::Client>
this function is also used.
Data is read from the local socket resp. pipe and is written encrypted
to the network socket. The other side reads the data from network socket,
decrypts it and writes it to its local socket. This function behaves differently on
client and server sides, when the local or network socket is closed.
B<Returns:> always true
B<Example:>
lib/Arc/Connection/Server.pod view on Meta::CPAN
L<arcx>, L<arcxd>, L<Authen::SASL>, L<Authen::SASL::Cyrus>
L<Net::Server::PreFork>
=head1 AUTHOR
Patrick Boettcher <patrick.boettcher@desy.de>
=head1 COPYRIGHT AND LICENSE
Copyright (c) 2003-5 Patrick Boettcher <patrick.boettcher@desy.de> and others.
All rights reserved.
Zeuthen, Germany, (old) Europe
This program is free software; you can redistribute it and/or
modify it under the same terms as Perl itself.
Special thanks go to:
DESY Zeuthen, in particular:
- Wolfgang Friebel for bleeding edge testing and heavy bug reporting (and the idea of reimplementing ARC).
lib/Arc/Server.pm view on Meta::CPAN
use IO::Socket;
use Arc qw(LOG_AUTH LOG_USER LOG_ERR LOG_CMD LOG_SIDE LOG_DEBUG);
@Arc::Server::ISA = qw(Arc Net::Server::PreFork);
sub members
{
my $this = shift;
return { %{$this->SUPER::members},
# private:
__arc => undef, # stores the Arc::Connection::Server object for optimal PreFork
# protected:
# public:
connection_type => 'Arc::Connection::Server', # Class to use for connections
connection_vars => undef, # variables passed directly to every connection handle See C<Arc::Connection::Server>
logfileprefix => "mainserver", # Logfileprefix
# net::server
server => undef, # attributes for Net::Server::PreFork
lib/Arc/Server.pm view on Meta::CPAN
sub _Init
{
my $this = shift;
return unless $this->SUPER::_Init(@_);
return $this->_SetError("You have to specify at least the SASL mechs and the commands you want to run, to start the ARCv2 Server.")
unless $this->{connection_vars};
unless (defined $this->{server}->{host}) {
$this->Log(LOG_SIDE,"No host (listenaddress) specified, falling back to all addresses (0).");
$this->{server}->{host} = 0;
}
unless (defined $this->{server}->{port}) {
$this->Log(LOG_SIDE,"No port specified, falling back to standard port $Arc::DefaultPort.");
$this->{server}->{port} = [$Arc::DefaultPort];
}
# net::server::* initilizations
$this->{server}->{proto} = 'tcp';
lib/Arc/Server.pod view on Meta::CPAN
SASL-authenticated socket connection. The purpose is to convey
requests such as privileged commands (e.g. AFS, Crontab) to be executed on the
server under appropriate privileges. Given that all privileges are
confined to the server and the server can be programmed as to filter and
check the command to be executed, the client machine can be less trusted
than the server.
Because ARC-v1-Commands are written in perl anyway, implementing the client/server
in perl makes sense. Platform-independence and "easy-to-read" source code are welcome
too. This package provides two perl command line scripts (arcx, arcxd). They can
be used for working with the ARC server from the command line, resp. to start the
server.
=head1 SYNOPSIS
Arc::Server - Class for the standalone server for ARCv2
my $arc = new Arc::Server(
port => [4242],
loglevel => 7,
logdestination => "stderr",
lib/Arc/Server.pod view on Meta::CPAN
=over 2
=back
=head3 PRIVATE MEMBERS
=over 2
=item __arc
B<Description>: stores the Arc::Connection::Server object for optimal PreFork
B<Default value>: undef
=back
=head1 Class METHODS
=head3 PUBLIC METHODS
=over 2
lib/Arc/Server.pod view on Meta::CPAN
=item Log ( $facility, ... (message) ) I<inherited from Arc>
B<Description>: Log function.
Logs messages to 'logdestination' if 'loglevel' is is set appropriatly.
loglevel behaviour has changed in the 1.0 release of ARCv2, the "Arc"-class can export
LOG_AUTH (authentication information), LOG_USER (connection information), LOG_ERR (errors),
LOG_CMD (ARCv2 addition internal command information), LOG_SIDE (verbose client/server-specific
information), LOG_DEBUG (verbose debug information). It possible to combine the
levels with or (resp. +) to allow a message to appear when not all loglevels are
requested by the user.
Commonly used for logging errors from application level.
B<Returns:> always false
B<Example:>
return $arc->Log(LOG_ERR,"Message");
lib/Arc/Server.pod view on Meta::CPAN
L<arcx>, L<arcxd>, L<Authen::SASL>, L<Authen::SASL::Cyrus>
L<Net::Server::PreFork>
=head1 AUTHOR
Patrick Boettcher <patrick.boettcher@desy.de>
=head1 COPYRIGHT AND LICENSE
Copyright (c) 2003-5 Patrick Boettcher <patrick.boettcher@desy.de> and others.
All rights reserved.
Zeuthen, Germany, (old) Europe
This program is free software; you can redistribute it and/or
modify it under the same terms as Perl itself.
Special thanks go to:
DESY Zeuthen, in particular:
- Wolfgang Friebel for bleeding edge testing and heavy bug reporting (and the idea of reimplementing ARC).
lib/arcx.pod view on Meta::CPAN
=item -t <timeout>
Timeout in seconds to wait for data in control and command connection.
=item -r <string>
<string> is going to be written to the established command connection, when command is used. (Do not wait for user input on STDIN).
eg.: arcx -r "data" test
results in "at".
=item command
Run this ARCv2 command. Run "help" to see, which commands are available.
=item command-arguments
Some ARCv2 command can handle arguments. They should go here.
=back
lib/arcx.pod view on Meta::CPAN
L<arcx>, L<arcxd>, L<Authen::SASL>, L<Authen::SASL::Cyrus>
L<Net::Server::PreFork>
=head1 AUTHOR
Patrick Boettcher <patrick.boettcher@desy.de>
=head1 COPYRIGHT AND LICENSE
Copyright (c) 2003-5 Patrick Boettcher <patrick.boettcher@desy.de> and others.
All rights reserved.
Zeuthen, Germany, (old) Europe
This program is free software; you can redistribute it and/or
modify it under the same terms as Perl itself.
Special thanks go to:
DESY Zeuthen, in particular:
- Wolfgang Friebel for bleeding edge testing and heavy bug reporting (and the idea of reimplementing ARC).
lib/arcxd.pod view on Meta::CPAN
This file is the scripts, which can be used, to start the ARCv2 server from the command line.
=head1 SYNOPSIS
This are some examples how to run the ARCv2 server.
=over 4
=item arcxd
Start the ARCv2 server. The server will listen on the DefaultPort and all local addresses.
It will read the configuration file, located in the ConfigPath. After successful listening,
it will fork into the background.
=item arcxd -p 1234
Same as L<arcxd> but listens on port 1234.
=item arcxd -d 5
Stay in foreground and log messages to stderr.
lib/arcxd.pod view on Meta::CPAN
Timeout in seconds to wait for data in control and command connection.
=back
=head2 arcd
=over 4
=item host
Here you can specify the address the server shall wait for connections. 0 lets the server listen on all interface on the host.
=item port
On which port the server shall listen on, can be overridden by the mentioned -p option.
=item max_requests
=item min_servers
=item max_servers
lib/arcxd.pod view on Meta::CPAN
L<arcx>, L<arcxd>, L<Authen::SASL>, L<Authen::SASL::Cyrus>
L<Net::Server::PreFork>
=head1 AUTHOR
Patrick Boettcher <patrick.boettcher@desy.de>
=head1 COPYRIGHT AND LICENSE
Copyright (c) 2003-5 Patrick Boettcher <patrick.boettcher@desy.de> and others.
All rights reserved.
Zeuthen, Germany, (old) Europe
This program is free software; you can redistribute it and/or
modify it under the same terms as Perl itself.
Special thanks go to:
DESY Zeuthen, in particular:
- Wolfgang Friebel for bleeding edge testing and heavy bug reporting (and the idea of reimplementing ARC).
scripts/arcxd.init.d.solaris view on Meta::CPAN
echo "Starting arcx service ..."
$ARCXD_PATH/arcxd
# for batch jobs
$ARCXD_PATH/arcxd -p 4243
fi
;;
'stop')
killproc arcxd
;;
'restart')
$0 stop && sleep 3 && $0 start;;
*)
echo "Usage: /etc/init.d/init.arcxd { start | restart | stop }"
;;
esac
( run in 1.498 second using v1.01-cache-2.11-cpan-49f99fa48dc )