[Eug-lug] Wrapping for Access Control
Jeff_W
beaker at freeshell.org
Fri Jan 21 18:49:25 PST 2005
I'm trying to figure out how I can use TCP Wrappers to provide
rudimentary access control for a python-based network service
(PYGopherd). I've read a bunch of man pages and How-Tos on the web
and have concluded that in order to get TCP Wrappers to provide
access control there needs to be a wrapper for it and/or it needs
to run out of inetd (this is a BSD system w/ tcpd's functions
integrated into inetd). I've yet to come across some simple
instructions for creating such a wrapper; tests done with simply
adding PYG to /etc/services & /etc/inetd.conf and restarting have
been unsuccessful - PYG starts & stops OK but connections produce
this:
# Traceback (most recent call last): File "/usr/pkg/bin/pygopherd", line 30, in
# ?
# s = initialization.initeverything(conffile)
# File "/usr/pkg/lib/python2.3/site-packages/pygopherd/initialization.py", line
# 187, in initeverything
# s = getserverobject(config)
# File "/usr/pkg/lib/python2.3/site-packages/pygopherd/initialization.py", line
# 120, in getserverobject
# GopherRequestHandler)
# File "/usr/pkg/lib/python2.3/SocketServer.py", line 330, in __init__
# self.server_bind()
# File "/usr/pkg/lib/python2.3/site-packages/pygopherd/initialization.py", line
# 100, in server_bind
# servertype.server_bind(self)
# File "/usr/pkg/lib/python2.3/SocketServer.py", line 341, in server_bind
# self.socket.bind(self.server_address)
# File "<string>", line 1, in bind
# socket.error: (48, 'Address already in use')
Having forgotten anything I might have learned about python, I really
can't make much of this except that it appears the socket/port is
not available to the application (maybe because inetd is listening
on it?).
Anyways, is there some easy way of "wrapping" PYG for use w/ TCP
Wrappers or do I need to look at something else like IP Filter,
etc. ?
-Jeff
More information about the EUGLUG
mailing list