File Coverage

blib/lib/Authen/Tcpdmatch/TcpdmatchRD.pm

Criterion	Covered	Total	%
statement	25	25	100.0
branch	3	4	75.0
condition	5	7	71.4
subroutine	9	9	100.0
pod	1	3	33.3
total	43	48	89.5

line	stmt	bran	cond	sub	pod	time	code
1							# Copyright (c) 2003 Ioannis Tambouras <ioannis@earthlink.net> .
2							# All rights reserved.
3
4							package Authen::Tcpdmatch::TcpdmatchRD;
5
6	11			11		9040	use 5.006;
	11					43
	11					531
7	11			11		58	use strict;
	11					19
	11					418
8	11			11		58	use warnings;
	11					20
	11					312
9	11			11		95	use base 'Exporter';
	11					40
	11					1365
10	11			11		13215	use Attribute::Handlers;
	11					66147
	11					76
11	11			11		6949	use Authen::Tcpdmatch::Grammar;
	11					36
	11					3403
12
13
14							our $VERSION = '0.03';
15							our @EXPORT = qw( tcpdmatch check );
16
17
18							my Authen::Tcpdmatch::Grammar $p : TcpdParser ;
19
20							sub check {
21	83			83	0	570367	my ( $input, $service, $remote ) = @_ ;
22	83					809	$p->Start( $input, 0 , $service, $remote );
23							}
24
25
26
27							sub check_file {
28	9			9	0	66162	my ($service, $remote, $file) = @_;
29	9	50				1567	local undef $/ , open (my $fh , $file) or return ;
30	9					1194	$p->Start( scalar <$fh> , 0 , $service , $remote );
31							}
32
33							sub tcpdmatch ($$;$) {
34	6			6	1	52	my ( $service, $remote, $dir) = @_ ;
35	6	100	50			51	(check_file $service, $remote, ($dir \|\|'/etc') . "/hosts.allow" ) or
			50
			100
36							! (check_file $service, $remote, ($dir \|\|'/etc') . "/hosts.deny") or undef;
37							}
38
39
40							1;
41							__END__
42							=head1 NAME
43
44							Authen::Tcpdmatch::TcpdmatchRD - Tcpdmatch Parser based on Parse::RecDescent
45
46							=head1 SYNOPSIS
47
48							use Authen::Tcpdmatch::TcpdmatchRD;
49							tcpdmatch( 'ftp', 'red.haw.org' )
50							tcpdmatch( 'ftp', '192.168.0.1' )
51							tcpdmatch( 'ftp', 'red.haw.org' , /etc )
52
53							=head1 DESCRIPTION
54
55							This module implements the core functionality of tcpdmatch using a P::RD parser;
56							it consults hosts.allow and hosts.deny to decide if service should be granted.
57
58							Due to its tiny size (2k bytes), this module is best suited for embedded environments,
59							or to modules that need this type of authentication.
60							Although this is not a full-feature implementation of tcpdmatch(1),
61							it supports the following capabilities:
62
63							A. ALL and LOCAL wildcards.
64							B. Recursive EXCEPT modifier
65							C. Leading and trailing dot patterns
66							D. Netmasks
67							E. Skipping lines with faulty syntax, comments, or blanks
68
69							=over
70
71							=item tcpdmatch()
72
73							The first and second arguments
74							are the requested service and the name of remote host, respectively. The third
75							(optional) argument indicates the directory of the hosts.* files. (Default is /etc .)
76
77							=back
78
79							=head2 LIMITATIONS
80
81							It does not support shell commands, client lookups, endpoint patterns, spoofing attacks,
82							and expansions. If these features are important to you,
83							perhaps you should be using libwarp.so with Authen::Libwrap .
84
85							It is not re-entrant.
86
87							=head2 EXPORT
88
89							tcpdmatch
90
91							=head1 AUTHOR
92
93							Ioannis Tambouras, E<lt>ioannis@earthlink.netE<gt>
94
95							=head1 SEE ALSO
96
97							L<Authen::libwrap>.
98							L<hosts.allow(1)>.
99
100							=cut
101