view release on metacpan or  search on metacpan

lib/Arc/Connection/Server.pod  view on Meta::CPAN

=head1 NAME

Arc::Connection::Server - Class to handle one connection on the server side 

=head1 DESCRIPTION

ARC allows non-privileged users to run privileged commands on the server.
The server decides if the user is allowed to run this command through ACL.

This file is a part of the Perl ARCv2 module suite. ARCv2 is a 
rewrite of ARC by R.Toebbicke, CERN, Switzerland in Perl. 

=head1 ABSTRACT

From ARC by R. Toebbicke, modified by me:
User requests are shipped from a client machine to a server using a
SASL-authenticated socket connection. The purpose is to convey
requests such as privileged commands (e.g. AFS, Crontab) to be executed on the
server under appropriate privileges. Given that all privileges are
confined to the server and the server can be programmed as to filter and
check the command to be executed, the client machine can be less trusted
than the server.

Because ARC-v1-Commands are written in perl anyway, implementing the client/server
in perl makes sense. Platform-independence and "easy-to-read" source code are welcome
too. This package provides two perl command line scripts (arcx, arcxd). They can
be used for working with the ARC server from the command line, resp. to start the
server.

=head1 SYNOPSIS

Arc::Connection::Server - Server handle for ARCv2.
This class is called by Arc::Server for each incoming connection.


=head1 Class VARIABLES

=head3 PUBLIC MEMBERS

=over 2

=item commands 

B<Description>: hash of assignment between B<Command Name> and B<Command Class>. See L<Arc::Command>

B<Default value>: undef

=item logfileprefix I<reimplemented from Arc>

B<Default value>: "server"

=item sasl_cb_checkpass 

B<Description>: Callback for SASL (if PLAIN (or equal) mechanisms are used). See Authen::SASL(::Cyrus).

=item sasl_cb_getsecret 

B<Description>: Callback for SASL (if PLAIN (or equal) mechanisms are used). See Authen::SASL(::Cyrus).

B<Default value>: ""

=item sasl_mechanisms 

B<Description>: array of allowed SASL mechanisms

B<Default value>: undef

=back 

=over 2

=item protocol I<inherited from Arc::Connection>

B<Description>: Which protocol is used (0 = ARC/2.0, 1 = ARC/2.1)

B<Default value>: undef

=item service I<inherited from Arc::Connection>

B<Description>: name of the server (for SASL)

B<Default value>: undef

=item timeout I<inherited from Arc::Connection>

B<Description>: timeout for all connections (ARCv2 and command) in seconds

B<Default value>: undef

=back 

=over 2

=item logdestination I<inherited from Arc>

B<Description>: Where should all the log output go to ('stderr','syslog')

B<Default value>: 'syslog'

=item loglevel I<inherited from Arc>

B<Description>: loglevel is combination of bits (1=AUTH,2=USER,4=ERR,8=CMDDEBUG,16=VERBSIDE,32=DEBUG) see _Log method

B<Default value>: 7

=back 

=over 2

=back 

=head3 PROTECTED MEMBERS

=over 2

=item _realm 

B<Description>: Name of the SASL realm, if the user is from the default realm, this is empty

B<Default value>: ""

=back 

=over 2

=item _authenticated I<inherited from Arc::Connection>

B<Description>: Are we authenticated

=item _cmdclientsock I<inherited from Arc::Connection>

B<Description>: IO::Socket for the command connection (encrypted)

B<Default value>: undef

=item _cmdparameter I<inherited from Arc::Connection>

B<Description>: parameter after the command

B<Default value>: undef

=item _connected I<inherited from Arc::Connection>

B<Description>: are we connected

=item _connection I<inherited from Arc::Connection>