From: Tim Potter <tpot@acsys.anu.edu.au> Subject: ANNOUNCE: Config::Access 0.01 Date: 23 Sep 1998 00:02:09 GMT Announcing Config::Access, a perl module for simple text-file based access control based on the TCP wrappers access control language. Available soon from a CPAN near you. Basically this module is a side-effect of a project I did at work. Hopefully someone else will find it useful. Tim. NAME Config::Access - Perform simple access control SYNOPSIS use strict; # not optional (-: use Config::Access; DESCRIPTION The Config::Access module provides a method of authenticating arbitrary client/service pairs in a way very similar to that provided by the TCP wrappers by Wietse Venema <wietse@wzv.win.tue.nl>. This module can be useful for restricting access to certain parts of a script to a certain domain. For example, a front end program to some device might deny certain users access to certain commands or only allow trusted users access to dangerous commands. The access control language is very similar to the access control language specified in hosts_access(5) for the TCP wrappers. Two configuration files specify access rules. A file ending in .allow specifies rules to allow access and a file ending in .deny specifies rules to deny access. The prefix of these files is specified when a Config::Access object is created. ACCESS CONTROL FILES As per the TCP wrappers, a request for authorisation consults the .allow and .deny files. The search stops at the first match. o Access is granted if a $client/$service matches a rule in the .allow file. o Access is denied if a $client/$service matches a rule in the .deny file. o Otherwise, if no match is made access is granted. ACCESS CONTROL RULES Access control rules appear in the configuration files in the following format. service_list : client_list Each item in a list is separated by a comma and optional whitespace. Newlines and lines beginning with a '#' character are ignored. A line may be continued if a backslash character is present as the end of the line. A service or client may be specified as the string 'ALL' which means it will be matched by anything. An optional parameter to the access_query method described below allows the caller to determine whether the request was granted (or denied) using a rule containing the ALL wildcard. Config::Access also supports IP address matching of clients and services using the network/netmask number format. The EXCEPT operator present in the TCP wrappers access control language is not supported.