nis/linux-lib.pl

   1 # Common NIS server functions for Linux
   2
   3 # show_server_security()
   4 # Show NIS server security-related options
   5 sub show_server_security
   6 {
   7 local ($opts, $hosts) = &parse_ypserv_conf();
   8
   9 # Show port checking option
  10 local $port = $opts->{'xfr_check_port'} ? $opts->{'xfr_check_port'}->{'value'}
  11                                         : 1;
  12 print "<tr> <td><b>$text{'security_port'}</b></td>\n";
  13 printf "<td><input type=radio name=port value=1 %s> %s\n",
  14         $port ? 'checked' : '', $text{'yes'};
  15 printf "<input type=radio name=port value=0 %s> %s</td> </tr>\n",
  16         $port ? '' : 'checked', $text{'no'};
  17
  18 # Work out if the new (with domains) or old format is in use
  19 local ($newfmt) = grep { $_->{'domain'} } @$hosts;
  20 print &ui_hidden("format", $newfmt ? 1 : 0),"\n";
  21 local $table;
  22 if ($newfmt) {
  23         # Generate new format table
  24         $table .= &ui_columns_start([ $text{'security_hosts'},
  25                                       $text{'security_domain'},
  26                                       $text{'security_map'},
  27                                       $text{'security_sec'},
  28                                       $text{'security_mangle'} ]);
  29         local $i = 0;
  30         foreach $h (@$hosts, { 'map' => '*' }) {
  31                 local @cols;
  32                 push(@cols, &ui_radio("host_def_$i", $h->{'host'} eq '*' ? 2 :
  33                                                      $h->{'host'} ? 0 : 1,
  34                         [ [ 1, $text{'security_none'} ],
  35                           [ 2, $text{'security_any'} ],
  36                           [ 0, &ui_textbox("host_$i",
  37                         $h->{'host'} eq '*' ? undef : $h->{'host'}, 20) ] ]));
  38                 push(@cols, &ui_opt_textbox("domain_$i",
  39                                 $h->{'domain'} eq '*' ? undef : $h->{'domain'},
  40                                 20, $text{'security_tall'}));
  41                 push(@cols, &ui_radio("map_def_$i", $h->{'map'} eq '*' ? 1 : 0,
  42                       [ [ 1, $text{'security_tall'} ],
  43                         [ 0, &ui_textbox("map_$i", $h->{'map'} eq '*' ? undef :
  44                                                         $h->{'map'}, 20) ] ]));
  45                 push(@cols, &ui_select("sec_$i", $h->{'sec'},
  46                         [ [ "none", $text{'security_sec_none'} ],
  47                           [ "port", $text{'security_sec_port'} ],
  48                           [ "deny", $text{'security_sec_deny'} ] ]));
  49                 push(@cols, &ui_opt_textbox("mangle_$i",
  50                                 !$h->{'mangle'} ? undef :
  51                                   $h->{'field'} ? $h->{'field'} : 2,
  52                                 5, $text{'security_none'}));
  53                 $table .= &ui_columns_row(\@cols);
  54                 $i++;
  55                 }
  56         }
  57 else {
  58         # Generate old format table
  59         $table .= &ui_columns_start([ $text{'security_hosts'},
  60                                       $text{'security_map'},
  61                                       $text{'security_sec'},
  62                                       $text{'security_mangle'} ]);
  63         local $i = 0;
  64         foreach $h (@$hosts, { 'map' => '*' }) {
  65                 local @cols;
  66                 push(@cols, &ui_radio("host_def_$i", $h->{'host'} eq '*' ? 2 :
  67                                                      $h->{'host'} ? 0 : 1,
  68                         [ [ 1, $text{'security_none'} ],
  69                           [ 2, $text{'security_any'} ],
  70                           [ 0, &ui_textbox("host_$i",
  71                         $h->{'host'} eq '*' ? undef : $h->{'host'}, 20) ] ]));
  72                 push(@cols, &ui_radio("map_def_$i", $h->{'map'} eq '*' ? 1 : 0,
  73                       [ [ 1, $text{'security_tall'} ],
  74                         [ 0, &ui_textbox("map_$i", $h->{'map'} eq '*' ? undef :
  75                                                         $h->{'map'}, 20) ] ]));
  76                 push(@cols, &ui_select("sec_$i", $h->{'sec'},
  77                         [ [ "none", $text{'security_sec_none'} ],
  78                           [ "port", $text{'security_sec_port'} ],
  79                           [ "deny", $text{'security_sec_deny'} ],
  80                           [ "des", $text{'security_sec_des'} ] ]));
  81                 push(@cols, &ui_radio("mangle_$i", $h->{'mangle'} ? 1 : 0,
  82                         [ [ 0, $text{'security_none'} ],
  83                           [ 1, &ui_textbox("field_$i", $h->{'field'}, 4) ] ]));
  84                 $table .= &ui_columns_row(\@cols);
  85                 $i++;
  86                 }
  87         $table .= &ui_columns_end();
  88         }
  89
  90 print "<tr> <td colspan=2><b>$text{'security_maps'}</b><br>\n";
  91 print "$table</td> </tr>\n";
  92
  93 print "</table></td> </tr>\n";
  94 }
  95
  96 # parse_server_security()
  97 # Save and apply server security options
  98 sub parse_server_security
  99 {
 100 # Save security settings
 101 local ($opts, $hosts) = &parse_ypserv_conf();
 102 local $lref = &read_file_lines($ypserv_conf);
 103 local $xfr = $opts->{'xfr_check_port'};
 104 local $line = $in{'port'} ? 'xfr_check_port: yes' : 'xfr_check_port: no';
 105 if ($xfr) {
 106         $lref->[$xfr->{'line'}] = $line;
 107         }
 108 else {
 109         push(@$lref, $line);
 110         }
 111
 112 # Save host restrictions
 113 local ($i, $j, $offset);
 114 for($i=0; defined($in{"host_$i"}); $i++) {
 115         local @line;
 116         next if ($in{"host_def_$i"} == 1);
 117         $in{"host_def_$i"} == 2 || $in{"host_$i"} =~ /^[^:\s]+$/ ||
 118                  &error(&text('security_ehost', $in{"host_$i"}));
 119         $in{"map_def_$i"} || $in{"map_$i"} =~ /^[^:\s]+$/ ||
 120                 &error(&text('security_emap', $in{"map_$i"}));
 121         if ($in{'format'} == 1) {
 122                 # New format, including domain
 123                 $in{"domain_${i}_def"} || $in{"domain_$i"} =~ /^[^:\s]+$/ ||
 124                         &error(&text('security_edomain', $in{"domain_$i"}));
 125                 $in{"mangle_${i}_def"} || $in{"mangle_$i"} =~ /^\d+$/ ||
 126                         &error(&text('security_efield', $in{"mangle_$i"}));
 127                 @line = ( $in{"host_def_$i"} == 2 ? "*" : $in{"host_$i"},
 128                           $in{"domain_${i}_def"} ? "*" : $in{"domain_$i"},
 129                           $in{"map_def_$i"} ? "*" : $in{"map_$i"},
 130                           $in{"sec_$i"}.
 131                             ($in{"mangle_${i}_def"} ? "" :
 132                              "/mangle:".$in{"mangle_$i"}) );
 133                 }
 134         else {
 135                 # Old format
 136                 $in{"field_$i"} =~ /^\d*$/ ||
 137                         &error(&text('security_efield', $in{"field_$i"}));
 138                 @line = ( $in{"host_def_$i"} == 2 ? "*" : $in{"host_$i"},
 139                           $in{"map_def_$i"} ? "*" : $in{"map_$i"},
 140                           $in{"sec_$i"},
 141                           $in{"mangle_$i"} ? "yes" : "no" );
 142                 push(@line, $in{"field_$i"})
 143                         if ($in{"field_$i"} && $in{"field_$i"} != 2);
 144                 }
 145         local $old = $hosts->[$j++];
 146         if ($old) {
 147                 $lref->[$old->{'line'}] = join(":", @line);
 148                 }
 149         else {
 150                 push(@$lref, join(":", @line));
 151                 }
 152         }
 153 while($hosts->[$j]) {
 154         splice(@$lref, $hosts->[$j]->{'line'}-$offset, 1);
 155         $j++; $offset++;
 156         }
 157 &flush_file_lines();
 158
 159 # Apply the changes
 160 local $pid = &check_pid_file($pid_file);
 161 &kill_logged('HUP', $pid) if ($pid);
 162 }
 163
 164