oracular (3) Wallet::ACL::NetDB.3pm.gz

Provided by: krb5-wallet-server_1.5-1.1_all bug

NAME
       Wallet::ACL::NetDB - Wallet ACL verifier for NetDB roles


SYNOPSIS
           my $verifier = Wallet::ACL::NetDB->new;
           my $status = $verifier->check ($principal, $node);
           if (not defined $status) {
               die "Something failed: ", $verifier->error, "\n";
           } elsif ($status) {
               print "Access granted\n";
           } else {
               print "Access denied\n";
           }


DESCRIPTION
       Wallet::ACL::NetDB checks a principal against the NetDB roles for a given host.  It is used to verify ACL
       lines of type "netdb".  The value of such an ACL is a node, and the ACL grants access to a given
       principal if and only if that principal has one of the roles user, admin, or team for that node.

       To use this object, several configuration parameters must be set.  See Wallet::Config for details on
       those configuration parameters and information about how to set wallet configuration.


METHODS
       new()
           Creates a new ACL verifier.  Opens the remctl connection to the NetDB server and authenticates.

       check(PRINCIPAL, ACL)
           Returns true if PRINCIPAL is granted access according to ACL, false if not, and undef on an error
           (see "DIAGNOSTICS" below).  ACL is a node, and PRINCIPAL will be granted access if it (with the realm
           stripped off if configured) has the user, admin, or team role for that node.

       error()
           Returns the error if check() returned undef.


DIAGNOSTICS
       The new() method may fail with one of the following exceptions:

       NetDB ACL support not available: %s
           The Net::Remctl Perl module, required for NetDB ACL support, could not be loaded.

       NetDB ACL support not configured
           The required configuration parameters were not set.  See Wallet::Config(3) for the required
           configuration parameters and how to set them.

       cannot connect to NetDB remctl interface: %s
           Connecting to the NetDB remctl interface failed with the given error message.

       Verifying a NetDB ACL may fail with the following errors (returned by the error() method):

       cannot check NetDB ACL: %s
           Issuing the remctl command to get the roles for the given principal failed or returned an error.

       error checking NetDB ACL: %s
           The NetDB remctl interface that returns the roles for a user returned an error message or otherwise
           returned failure.

       malformed netdb ACL
           The ACL parameter to check() was malformed.  Currently, this error is only given if ACL is undefined
           or the empty string.

       malformed NetDB remctl token: %s
           The Net::Remctl Perl library returned a malformed token.  This should never happen and indicates a
           bug in Net::Remctl.

       no principal specified
           The PRINCIPAL parameter to check() was undefined or the empty string.


CAVEATS
       The list of possible NetDB roles that should be considered sufficient to grant access is not currently
       configurable.


SEE ALSO
       Net::Remctl(3), Wallet::ACL(3), Wallet::ACL::Base(3), Wallet::Config(3), wallet-backend(8)

       NetDB is a free software system for managing DNS, DHCP, and related machine information for large
       organizations.  For more information on NetDB, see <https://web.stanford.edu/group/networking/netdb/>.

       This module is part of the wallet system.  The current version is available from
       <https://www.eyrie.org/~eagle/software/wallet/>.


AUTHOR
       Russ Allbery <eagle@eyrie.org>