Using TCPwrappers

mungohill has asked for the wisdom of the Perl Monks concerning the following question:

I have a couple of daemons that listen on ssl sockets using IO::Socket::SSL. So they do their own listening and don't use (x)inetd. For this reason, they don't automatically inherit the benefits of tcpwrappers. I could do some filtering of my own fairly easily, but I wanted the transparency of doing it through hosts.deny and hosts.allow

I've read the page on Net::TCPwrappers and tried various things, most of which cause no errors, but none of which actually return a negative response from the call to hosts_access.

I suspect that the difficulty I am having is related to my lack of familiarity with the underlying TCPwrappers library and also trouble with marrying up the values from IO::Socket::SSL with the ones required by Net::TCPwrappers. For what it's worth, this is the code that currently isn't working:

 
my $sock;

    print "Starting to listen on $setup{CAPSportS}\n";
    if(!($sock = IO::Socket::SSL->new( Listen => 5,
                   LocalAddr => $setup{MYaddr},
                   LocalPort => $setup{CAPSportS},
                   Proto     => 'tcp',
                                   SSL_verify_mode => 0x01,
                                   SSL_cert_file => 'certs/capscert.pe
+m',
                                   SSL_key_file  => 'certs/capspk.pem'
+, 
                                   SSL_ca_file => 'certs/cacert.pem',
                   Reuse     => 1,
                 )) ) {
       print "unable to create socket: ", &IO::Socket::SSL::errstr, "\
+n";
       exit(0);

}

MAIN_LOOP:
while ( $TRUE ) {
    $nn = ''; 
    my $s;
     if ( ( $s = $sock->accept() ) ) {
        # check TCPWrappers to find out if we want to look at this
        my $req = request_init(RQ_DAEMON, $setup{CAPSport}, RQ_FILE, $
+sock->fileno());
        # I've tried supplying the progname instead of the
        # port there
        if ( ! defined($req) ) {
            die "Bad call to request_init\n";
        }
        fromhost($req);
        if ( hosts_access($req) ) {
           handle_one($s);
        }else {
        close($s);
        }
[download]

Looking around the interwebs I get the distinct feeling that I'm the only person standing in this particular room. Has anyone got some working perl that uses TCPwrappers that they could show me??

Comment on Using TCPwrappers Download Code

Replies are listed 'Best First'.
Re: Using TCPwrappers by zwon (Abbot) on Oct 19, 2009 at 18:28 UTC
I never used Net::TCPWrappers, but something tells me that you should replace `$sock->fileno` with `$s->fileno`	[reply] [d/l] [select]
Re^2: Using TCPwrappers by mungohill (Acolyte) on Oct 20, 2009 at 08:04 UTC
As ever with the Monks, I find myself humbled. Thanks	[reply]
Re^2: Using TCPwrappers by Bloodnok (Vicar) on Oct 20, 2009 at 14:51 UTC
...as strictures would have been only too keen to inform the OP. A user level that continues to overstate my experience :-))	[reply]