### ### Copyright 2000-2007 University of Illinois Board of Trustees ### All rights reserved. ### ### TCPWrappers.pm - TCPWrappers module for psgconf ### ### Campus Information Technologies and Educational Services ### University of Illinois at Urbana-Champaign ### package PSGConf::Control::TCPWrappers; use strict; use PSGConf::Action::GenerateFile::hosts_allow; use PSGConf::Action::GenerateFile::Literal; use PSGConf::Data::Boolean; use PSGConf::Data::List; use PSGConf::Data::String; use PSGConf::Data::Table; use PSGConf::Control::Packages qw(_add_pkgs); ############################################################################### ### policy methods ############################################################################### sub _policy_modify_inetd { my ($self, $psgconf) = @_; my ($label, $entry, $inetd, $svc, $proto, @args, $tcpd_path); return if ($psgconf->data_obj('use_xinetd')->equals('true')); $tcpd_path = $psgconf->data_obj('tcpd_path')->get(); $inetd = $psgconf->data_obj('inetd')->get(); foreach $label (keys %$inetd) { $entry = $inetd->{$label}; ($svc, $proto) = split(/\//, $label); next if ($proto ne 'tcp' || $entry->{server} eq 'internal' || exists($entry->{flags}->{NOLIBWRAP})); @args = split(/\s+/, $entry->{server_args}); shift(@args) if (exists($entry->{flags}->{NAMEINARGS})); unshift(@args, $entry->{server}); $entry->{server_args} = join(' ', @args); $entry->{server} = $tcpd_path; $entry->{flags}->{NAMEINARGS} = undef; } } sub _policy_add_rfc931_token { my ($self, $psgconf) = @_; my ($entry); return if ( $psgconf->data_obj('tcp_rfc931_enable')->equals('false') ); foreach $entry (@{$psgconf->data_obj('tcp_wrappers')->get()}) { # If this is the localhost entry, do not # bother with rfc931. if ( $entry->[1] !~ /localhost/o ) { $entry->[3] = $entry->[2]; $entry->[2] = 'rfc931'; } } } sub _policy_expand_hostname_token { my ($self, $psgconf) = @_; my ($entry, $hostname); $hostname = $psgconf->data_obj('hostname')->get(); foreach $entry (@{$psgconf->data_obj('tcp_wrappers')->get()}) { ### replace "%h" with hostname in host list $entry->[1] =~ s/%h/$hostname/; } } ############################################################################### ### decide() method ############################################################################### sub decide { my ($self, $psgconf) = @_; return if ($psgconf->data_obj('tcp_enable')->equals('false') || ! $psgconf->data_obj('tcp_wrappers')->count()); $psgconf->register_actions( PSGConf::Action::GenerateFile::hosts_allow->new( 'name' => '/etc/hosts.allow', 'description' => 'TCP Wrapper configuration file', entries => $psgconf->data_obj('tcp_wrappers')->get() ), PSGConf::Action::GenerateFile::Literal->new( 'name' => '/etc/hosts.deny', 'description' => 'TCP Wrapper configuration file', content => '' ) ); } ############################################################################### ### Constructor ############################################################################### sub new { my ($class, $psgconf) = @_; my ($self); $self = {}; bless($self, $class); ### So that _add_pkgs knows which directives to look at $self->{name} = 'tcp'; $self->{enable} = $self->{name} . '_enable'; $self->{packages} = $self->{name} . '_packages'; $psgconf->register_data( tcpd_path => PSGConf::Data::String->new( 'value_abspath' => 1, value => '/usr/local/sbin/tcpd' ), tcp_enable => PSGConf::Data::Boolean->new( value => 'true' ), tcp_rfc931_enable => PSGConf::Data::Boolean->new( value => 'false' ), tcp_packages => PSGConf::Data::List->new(), tcp_wrappers => PSGConf::Data::Table->new() ); $psgconf->register_policy($self, tcpd_expand_hostname_token => '_policy_expand_hostname_token', tcpd_modify_inetd => '_policy_modify_inetd', tcpd_add_rfc931 => '_policy_add_rfc931_token', tcpd_add_packages => '_add_pkgs' ); return $self; } ############################################################################### ### documentation ############################################################################### 1; __END__ =head1 NAME PSGConf::Control::TCPWrappers - psgconf control class for TCP wrappers =head1 SYNOPSIS In F: Control PSGConf::Control::TCPWrappers =head1 DESCRIPTION The B module provides a B control object for configuring TCP wrappers. It supports the following methods: =over 4 =item new() The constructor. Its parameter is a reference to the B object. It registers the following data objects: =over 4 =item I A B object that indicates whether C should be configured. =item I A B object that lists all packages to install. =item I A B object containing the absolute path to the C binary. The default is F. =item I A B object that indicates whether the F should be used in F. =item I A B object that contains entries for F. Each row consists of the following fields: a space-delimited list of daemons, a space-delimited list of hosts, and one or more options. =back The constructor also registers the following policy methods: =over 4 =item I For each entry in the I data object, in the host field, the token C<%h> will be replaced with the value of the I data object, which is provided by the B module. =item I If I is disabled, then modify the entries in the I data object (provided by the B module) to use C. Entries will only be modified if they specify the C protocol, do not have the I attribute set to C, and do not have the I flag set. =item I If I is set, then add the token I to all entries to the I table. =back =item decide() If the I data object is defined, it registers a B action object to create F. Also registers a B action object to create the F file (which will be an empty file). =back =head1 SEE ALSO L hosts_options(5) L L L L L L L L L L L =cut