![[LWN Logo]](/images/lwn.banner.gif)
From: Tim Potter <tpot@acsys.anu.edu.au>
Subject: ANNOUNCE: Config::Access 0.01
Date: 23 Sep 1998 00:02:09 GMT
Announcing Config::Access, a perl module for simple text-file based
access control based on the TCP wrappers access control language.
Available soon from a CPAN near you.
Basically this module is a side-effect of a project I did at work.
Hopefully someone else will find it useful.
Tim.
NAME
Config::Access - Perform simple access control
SYNOPSIS
use strict; # not optional (-:
use Config::Access;
DESCRIPTION
The Config::Access module provides a method of
authenticating arbitrary client/service pairs in a way
very similar to that provided by the TCP wrappers by
Wietse Venema <wietse@wzv.win.tue.nl>.
This module can be useful for restricting access to
certain parts of a script to a certain domain. For
example, a front end program to some device might deny
certain users access to certain commands or only allow
trusted users access to dangerous commands.
The access control language is very similar to the access
control language specified in hosts_access(5) for the TCP
wrappers. Two configuration files specify access rules.
A file ending in .allow specifies rules to allow access
and a file ending in .deny specifies rules to deny access.
The prefix of these files is specified when a
Config::Access object is created.
ACCESS CONTROL FILES
As per the TCP wrappers, a request for authorisation
consults the .allow and .deny files. The search stops at
the first match.
o Access is granted if a $client/$service matches a rule
in the .allow file.
o Access is denied if a $client/$service matches a rule in
the .deny file.
o Otherwise, if no match is made access is granted.
ACCESS CONTROL RULES
Access control rules appear in the configuration files in
the following format.
service_list : client_list
Each item in a list is separated by a comma and optional
whitespace. Newlines and lines beginning with a '#'
character are ignored. A line may be continued if a
backslash character is present as the end of the line.
A service or client may be specified as the string 'ALL'
which means it will be matched by anything. An optional
parameter to the access_query method described below
allows the caller to determine whether the request was
granted (or denied) using a rule containing the ALL
wildcard.
Config::Access also supports IP address matching of
clients and services using the network/netmask number
format.
The EXCEPT operator present in the TCP wrappers access
control language is not supported.