ARCv2
13 results

 view release on metacpan or  search on metacpan

lib/Arc/Connection/Client.pod  view on Meta::CPAN 

=head1 NAME

Arc::Connection::Client - Client class for ARCv2

=head1 DESCRIPTION

ARC allows non-privileged users to run privileged commands on the server.
The server decides if the user is allowed to run this command through ACL.

This file is a part of the Perl ARCv2 module suite. ARCv2 is a 
rewrite of ARC by R.Toebbicke, CERN, Switzerland in Perl. 

=head1 ABSTRACT

From ARC by R. Toebbicke, modified by me:
User requests are shipped from a client machine to a server using a
SASL-authenticated socket connection. The purpose is to convey
requests such as privileged commands (e.g. AFS, Crontab) to be executed on the
server under appropriate privileges. Given that all privileges are
confined to the server and the server can be programmed as to filter and
check the command to be executed, the client machine can be less trusted
than the server.

Because ARC-v1-Commands are written in perl anyway, implementing the client/server
in perl makes sense. Platform-independence and "easy-to-read" source code are welcome
too. This package provides two perl command line scripts (arcx, arcxd). They can
be used for working with the ARC server from the command line, resp. to start the
server.

=head1 SYNOPSIS

Arc::Connection::Client - Client class for ARCv2

 my $arc = new Arc::Connection::Client(
  server => "hyade11",
  port => 4242,
  timeout => 30,
  loglevel=> 7,
  logdestination => 'stderr',
  service => 'arc',
  sasl_mechanism => undef,
  sasl_cb_user => \&username,
  sasl_cb_auth => \&username,
  sasl_cb_pass => \&password,
 );

 if (my $m = $arc->IsError()) {
  die $m;
 }

 if ($arc->StartSession) {
  $arc->CommandStart("test");
  $arc->CommandWrite("hallo\n");
  if (my $t = $arc->CommandRead()) {
   print $t,"\n"; # should give 'all'
  }
  $arc->CommandEnd();
 }

 sub username
 {
  return $ENV{'USER'};
 }

 sub password
 {
  return <>;
 }


=head1 Class VARIABLES

=head3 PUBLIC MEMBERS

=over 2

=item logdestination I<reimplemented from Arc>

B<Default value>: "stderr"

=item logfileprefix I<reimplemented from Arc>

B<Default value>: "client"

=item port 

B<Description>: Port to connect to

B<Default value>: undef

=item protocol I<reimplemented from Arc::Connection>

B<Description>: Which protocol type the shall use.

B<Default value>: 1

=item sasl_cb_auth 

B<Description>: SASL Callback for authname (PLAIN and some other mechs only)

B<Default value>: $ENV{'USER'}

=item sasl_cb_pass 

B<Description>: SASL Callback for password (PLAIN and some other mechs only)

B<Default value>: ""

=item sasl_cb_user 

B<Description>: SASL Callback for username (PLAIN and some other mechs only)

lib/Arc/Connection/Client.pod  view on Meta::CPAN 

while (my $cmd = $this->_RecvCommand()) { ... }


=item _RecvLine (  ) I<inherited from Arc::Connection>

B<Description>: receive a line (command). (protocol)
This function receives data from the ARCv2 connection and
fills the internal C<__linequeue> and C<__partial>. It returns 
a line from the internal buffer if there is any. It also handles
timeouts and "connection closed by foreign host"'s.


B<Returns:> true (and the line) if everything worked fine, otherwise false (undef)


B<Example:>

if (my $line = $this->_RecvLine()) { ... }


=item _Sasl ( $saslstr ) I<inherited from Arc::Connection>

B<Description>: send the ARCv2 SASL command. (protocol)
This function encodes the output from sasl_*_start and sasl_*_step with Base-64 and sends
it to the other side


B<Returns:> true if successful, otherwise false


B<Example:>

$this->_Sasl($sasl->client_start());


=item _SendCommand ( $cmd, $parameter ) I<inherited from Arc::Connection>

B<Description>: send a command. (protocol)  
Send a command to the ARCv2 socket.


B<Returns:> true if successful, otherwise false


B<Example:>

$this->_SendCommand("CMDPASV",$consock->sockhost.':'.$consock->sockport);


=item _SendLine ( ... (line) ) I<inherited from Arc::Connection>

B<Description>: send a line. (protocol)
This function sends a command line to the ARCv2 socket.


B<Returns:> true if writing has succeeded, otherwise false.


B<Example:>

$this->_SendLine($cmd,"test"); 


=back 

=over 2

=item _Debug ( ... (message) ) I<inherited from Arc>

B<Description>: Debug function.
Logs messages with "DEBUG" 


B<Returns:> always false


B<Example:>

$this->_Debug("hello","world"); # message will be "hello world"


=item _SetError ( ... (message)  ) I<inherited from Arc>

B<Description>: SetError function.
This function prepends the error message (@_) to an existing error message (if any) and
logs the message with LOG_ERR facility.
Use this function for setting an error from class level. Users should use IsError 
to get the message if a function failed.


B<Returns:> always false


B<Example:>

return $this->_SetError("User is not allowed to do this."); # breaks when an error occured


=back 

=over 2

=back 

=head3 PRIVATE METHODS

=head1 SEE ALSO

L<Arc>, L<Arc::Command>, L<Arc::Connection>, 
L<Arc::Connection::Server>, L<Arc::Connection::Client>,
L<arcx>, L<arcxd>, L<Authen::SASL>, L<Authen::SASL::Cyrus>
L<Net::Server::PreFork>

=head1 AUTHOR

 Patrick Boettcher <patrick.boettcher@desy.de>

=head1 COPYRIGHT AND LICENSE

Copyright (c) 2003-5 Patrick Boettcher <patrick.boettcher@desy.de> and others.
All rights reserved.
Zeuthen, Germany, (old) Europe

 This program is free software; you can redistribute it and/or
modify it under the same terms as Perl itself.

 Special thanks go to:
DESY Zeuthen, in particular:

- Wolfgang Friebel for bleeding edge testing and heavy bug reporting (and the idea of reimplementing ARC).

- Waltraut Niepraschk and Andreas Haupt for their help and support during the development. 

=cut



( run in 1.631 second using v1.01-cache-2.11-cpan-39bf76dae61 )