| < Wallet::ACL::Nested API | Russ Allbery > Software > wallet | Wallet::ACL::NetDB::Root API > |
(Wallet ACL verifier for NetDB roles)
my $verifier = Wallet::ACL::NetDB->new;
my $status = $verifier->check ($principal, $node);
if (not defined $status) {
die "Something failed: ", $verifier->error, "\n";
} elsif ($status) {
print "Access granted\n";
} else {
print "Access denied\n";
}
Wallet::ACL::NetDB checks a principal against the NetDB roles for a given
host. It is used to verify ACL lines of type netdb. The value of such
an ACL is a node, and the ACL grants access to a given principal if and
only if that principal has one of the roles user, admin, or team for that
node.
To use this object, several configuration parameters must be set. See Wallet::Config for details on those configuration parameters and information about how to set wallet configuration.
Creates a new ACL verifier. Opens the remctl connection to the NetDB server and authenticates.
Returns true if PRINCIPAL is granted access according to ACL, false if not, and undef on an error (see DIAGNOSTICS below). ACL is a node, and PRINCIPAL will be granted access if it (with the realm stripped off if configured) has the user, admin, or team role for that node.
Returns the error if check() returned undef.
The new() method may fail with one of the following exceptions:
The Net::Remctl Perl module, required for NetDB ACL support, could not be loaded.
The required configuration parameters were not set. See Wallet::Config(3) for the required configuration parameters and how to set them.
Connecting to the NetDB remctl interface failed with the given error message.
Verifying a NetDB ACL may fail with the following errors (returned by the error() method):
Issuing the remctl command to get the roles for the given principal failed or returned an error.
The NetDB remctl interface that returns the roles for a user returned an error message or otherwise returned failure.
The ACL parameter to check() was malformed. Currently, this error is only given if ACL is undefined or the empty string.
The Net::Remctl Perl library returned a malformed token. This should never happen and indicates a bug in Net::Remctl.
The PRINCIPAL parameter to check() was undefined or the empty string.
The list of possible NetDB roles that should be considered sufficient to grant access is not currently configurable.
Net::Remctl(3), Wallet::ACL(3), Wallet::ACL::Base(3), Wallet::Config(3), wallet-backend(8)
NetDB is a free software system for managing DNS, DHCP, and related machine information for large organizations. For more information on NetDB, see <https://web.stanford.edu/group/networking/netdb/>.
This module is part of the wallet system. The current version is available from <https://www.eyrie.org/~eagle/software/wallet/>.
Russ Allbery <eagle@eyrie.org>
| < Wallet::ACL::Nested API | Russ Allbery > Software > wallet | Wallet::ACL::NetDB::Root API > |