MQSeries::Config::Authority - Interface to parse authority files

MQSeries documentation  | view source Contained in the MQSeries distribution.

Index

NAME

Top

MQSeries::Config::Authority -- Interface to parse authority files

SYNOPSIS

Top

  use MQSeries::Config::Authority;

  my $authobj = new MQSeries::Config::Authority('QMgrName'   => 'TEST',
                                                'ObjectType' => 'queue',
                                                'ObjectName' => 'FOO.BAR');
  print "All entities for queue: ", join(', ', $authobj->entities()), "\n";
  print "Entity 'mqm' has authorities: ",
      join(', ', $authobj->authorities('mqm')), "\n";

  if ($authobj->has_authority('allcmd', 'mqops')) {
      print "Entity 'mqops' has 'allcmd' authority\n";
  }

  print "The command to recreate authority for user 'nobody' is:\n\t",
      "setmqaut -m TEST -t queue -n FOO.BAR -g nobody ",
      $authobj->authority_command(), "\n";

DESCRIPTION

Top

The MQSeries::Config::Authority class is an interface to the authority files in /var/mqm/qmgrs/XYZ/auth/, for MQSeries versions 5.0 and 5.1 on Unix. It will not work with MQSeries 5.2 and higher, as those store the authority information in a queue.

This class will parse authority files for specific objects and take into account the @aclass and @class files. Objects created then provide access to the entities (Unix groups or principals) that have access to the object, allow you to query whether an entity has specific access levels, or to create command input that will allow you to recreate the access settings at a later date.

The MQSeries::Config::Authority class will cache the parsed @aclass and @class authority files across multiple authority files for efficiency, but will check the timestamp of these files at every lookup. Should the files change, they will be re-parsed, so that up-to-date information is always returned.

METHODS

Top

new

Create a new MQSeries::Config::Authority object. The constructor takes named parameters, of which two are required and three are optional, depending on the type and your environment:

QMgrName

The name of the queue manager containing the object. The Authority class will query the mqs.ini file for the queue-manager directory name, using the MQseries::Config::Machine class.

ObjectType

This must be either 'qmgr', 'queue', 'process' or 'namelist'. The aliases 'QMgr', 'QueueManager', 'Queue', 'Process' and 'Namelist' or also supported.

ObjectName

The name of the object to be read, if the object type is not 'qmgr'.

BaseDir

An optional parameter specifying the base directory, if not /var/mqm.

Carp

A reference to a routine used to issue warnings. Will default to carp.

entities

Returns an array with all entities (Unix groups or principals). These can then be used in further method calls. As the authority file has a flat namespace, it is not indicated whether an entity name is that of a Unix group of that of a principal.

numeric_authority

This method requires one parameter, an entity name, and will return the numeric authority value for that entity. The numeric authority is normally not of interest, but can be used when generating authority files directly.

authorities

This method has one parameter, an entity name, and one optional parameter, the format ('setmqaut' or 'PCF'). It returns a list of all authority names for this entity.

If the format parameter is 'setmquat' or is not specified, the authority names returned correspond to the values as specified in setmqaut, e.g. 'connect', 'inq', 'get', etc. If a user has all authorities, the full list of names is returned, not 'all'.

If the format parameter is 'PCF', the PCF macros as defined by the MQSeries::Command module are returned.

has_authority

This method requires two parameters: an entity name and an authority name. It returns a boolean value indicating whether the user has the indicated authority or not. Apart from the indidivual authority names, this method also supports the combined authority names 'all', 'allcmd' and 'allmqi'.

authority_command

This method requires one parameter, an entity name, and returns a string with authorities suitable for use in a setmqaut command. If the entity holds 'connect' authority, the string includes '+connect', otherwise it will include '-connect'. In order to keep the string short, the combined authority values 'all', 'allcmd' and 'allmqi' will be used when appropriate.

BUGS

Top

This module only works with MQSeries versions 5.0 and 5.1 on Unix. Version 5.2 is not supported.

SEE ALSO

Top

MQSeries(3), MQSeries::Config::Authority(3)

MQSeries documentation  | view source Contained in the MQSeries distribution.