[Eug-lug] Wrapping for Access Control
Neil Parker
nparker at LLX.COM
Sat Jan 22 21:59:04 PST 2005
Horst wrote,
>Expanding on the python part.
>The exception indicates the port is already 'taken' (LISTEN).
>I don't understand TCP wrappers, but from Bob's comment I'd guess the
>wrapper is listening to port:70(?)
Actually, TCP wrappers doesn't listen on ANY port.
Understanding TCP wrappers requires understanding how inetd works.
Inetd reads a configuration file (/etc/inetd.conf) that tells it what
ports to listen on, and what client programs to invoke when something tries
to connect to those ports. Inetd handles all the socket programming itself,
and when it launches a client program to handle an incoming request, it
connects the program's standard input and output to the socket. So all the
client program has to do is read from its standard input and write to its
standard output.
TCP wrappers includes a special client program called "tcpd". The idea is
that you tell inetd (via /etc/inetd.conf) to launch tcpd instead of the
real client program. Tcpd checks the origin of the connection using its
hosts.allow and hosts.deny files, and if the tests pass, it launches the
real client program.
Programs that don't expect to run under inetd have to do all their socket
handling all by themselves. Fixing a standalone program to work under
inetd generally means ripping out all that socket handling code and
replacing it code that just reads from standard input and writes to standard
output.
- Neil Parker
More information about the EUGLUG
mailing list