view release on metacpan or  search on metacpan

lib/Arc/Connection/Client.pod  view on Meta::CPAN

=head1 NAME

Arc::Connection::Client - Client class for ARCv2

=head1 DESCRIPTION

ARC allows non-privileged users to run privileged commands on the server.
The server decides if the user is allowed to run this command through ACL.

This file is a part of the Perl ARCv2 module suite. ARCv2 is a 
rewrite of ARC by R.Toebbicke, CERN, Switzerland in Perl. 

=head1 ABSTRACT

From ARC by R. Toebbicke, modified by me:
User requests are shipped from a client machine to a server using a
SASL-authenticated socket connection. The purpose is to convey
requests such as privileged commands (e.g. AFS, Crontab) to be executed on the
server under appropriate privileges. Given that all privileges are
confined to the server and the server can be programmed as to filter and
check the command to be executed, the client machine can be less trusted
than the server.

Because ARC-v1-Commands are written in perl anyway, implementing the client/server
in perl makes sense. Platform-independence and "easy-to-read" source code are welcome
too. This package provides two perl command line scripts (arcx, arcxd). They can
be used for working with the ARC server from the command line, resp. to start the
server.

=head1 SYNOPSIS

Arc::Connection::Client - Client class for ARCv2

 my $arc = new Arc::Connection::Client(
  server => "hyade11",
  port => 4242,
  timeout => 30,
  loglevel=> 7,
  logdestination => 'stderr',
  service => 'arc',
  sasl_mechanism => undef,
  sasl_cb_user => \&username,
  sasl_cb_auth => \&username,
  sasl_cb_pass => \&password,
 );

 if (my $m = $arc->IsError()) {
  die $m;
 }

 if ($arc->StartSession) {
  $arc->CommandStart("test");
  $arc->CommandWrite("hallo\n");
  if (my $t = $arc->CommandRead()) {
   print $t,"\n"; # should give 'all'
  }
  $arc->CommandEnd();
 }

 sub username
 {
  return $ENV{'USER'};
 }

 sub password
 {
  return <>;
 }


=head1 Class VARIABLES

=head3 PUBLIC MEMBERS

=over 2

=item logdestination I<reimplemented from Arc>

B<Default value>: "stderr"

=item logfileprefix I<reimplemented from Arc>

B<Default value>: "client"

=item port 

B<Description>: Port to connect to

B<Default value>: undef

=item protocol I<reimplemented from Arc::Connection>

B<Description>: Which protocol type the shall use.

B<Default value>: 1

=item sasl_cb_auth 

B<Description>: SASL Callback for authname (PLAIN and some other mechs only)

B<Default value>: $ENV{'USER'}

=item sasl_cb_pass 

B<Description>: SASL Callback for password (PLAIN and some other mechs only)

B<Default value>: ""

=item sasl_cb_user 

B<Description>: SASL Callback for username (PLAIN and some other mechs only)

B<Default value>: $ENV{'USER'}

=item sasl_mechanism 

B<Description>: use this mechanism for authentication

B<Default value>: undef

=item server 

B<Description>: Server to connect to

B<Default value>: undef

=item server_sasl_mechanisms 

B<Description>: filled by the sasl mechanisms

B<Default value>: []

=back 

=over 2

=item service I<inherited from Arc::Connection>

B<Description>: name of the server (for SASL)

B<Default value>: undef

=item timeout I<inherited from Arc::Connection>

B<Description>: timeout for all connections (ARCv2 and command) in seconds

B<Default value>: undef

=back 

=over 2

=item loglevel I<inherited from Arc>

B<Description>: loglevel is combination of bits (1=AUTH,2=USER,4=ERR,8=CMDDEBUG,16=VERBSIDE,32=DEBUG) see _Log method

B<Default value>: 7

=back 

=over 2

=back 

=head3 PROTECTED MEMBERS