diff options
| author | Niko Tyni <ntyni@iki.fi> | 2005-02-13 20:23:04 +0100 |
|---|---|---|
| committer | Niko Tyni <ntyni@iki.fi> | 2005-02-13 20:23:04 +0100 |
| commit | 6d76521656e91daa160bc8019828f1b68d7aa5dc (patch) | |
| tree | aaa27615a0702942fa1606d9a5c89f0a3547467c /lib/Smokeping/probes/passwordchecker.pm | |
| parent | 6dba1afbe4b475a7d34f5ef867b7b37291cd1484 (diff) | |
| download | smokeping-6d76521656e91daa160bc8019828f1b68d7aa5dc.tar.gz smokeping-6d76521656e91daa160bc8019828f1b68d7aa5dc.tar.xz | |
Moved probes, matchers and ciscoRttMonMIB modules to lib/Smokeping.
Diffstat (limited to 'lib/Smokeping/probes/passwordchecker.pm')
| -rw-r--r-- | lib/Smokeping/probes/passwordchecker.pm | 148 |
1 files changed, 148 insertions, 0 deletions
diff --git a/lib/Smokeping/probes/passwordchecker.pm b/lib/Smokeping/probes/passwordchecker.pm new file mode 100644 index 0000000..cc4f59f --- /dev/null +++ b/lib/Smokeping/probes/passwordchecker.pm @@ -0,0 +1,148 @@ +package Smokeping::probes::passwordchecker; + +=head1 301 Moved Permanently + +This is a Smokeping probe module. Please use the command + +C<smokeping -man Smokeping::probes::passwordchecker> + +to view the documentation or the command + +C<smokeping -makepod Smokeping::probes::passwordchecker> + +to generate the POD document. + +=cut + +use strict; +use Smokeping::probes::basefork; +use base qw(Smokeping::probes::basefork); +use Carp; + +my $e = "="; +sub pod_hash { + return { + name => <<DOC, +Smokeping::probes::passwordchecker - A Base Class for implementing SmokePing Probes +DOC + overview => <<DOC, +Like Smokeping::probes::basefork, but supports a probe-specific configuration file +for storing passwords and a method for accessing them. +DOC + + description => <<DOC, +${e}head2 synopsys with more detail + +SmokePing main configuration file: + + *** Probes *** + + MyPasswordChecker + # location of the file containing usernames and passwords + passwordfile = /usr/share/smokeping/etc/passwords + +The specified password file: + + # host:username:password + host1:joe:hardlyasecret + # comments and whitespace lines are allowed + + host2:sue:notasecreteither + +${e}head2 Actual description + +In implementing authentication probes, it might not be desirable to store +the necessary cleartext passwords in the SmokePing main configuration +file, since the latter must be readable both by the SmokePing daemon +performing the probes and the CGI that displays the results. If the +passwords are stored in a different file, this file can be made readable +by only the user the daemon runs as. This way we can be sure that nobody +can trick the CGI into displaying the passwords on the Web. + +This module reads the passwords in at startup from the file specified +in the probe-specific variable `passwordfile'. The passwords can later +be accessed and modified by the B<password> method, that needs the corresponding +host and username as arguments. + +${e}head2 Password file format + +The password file format is simply one line for each triplet of host, +username and password, separated from each other by colons (:). + +Comment lines, starting with the `#' sign, are ignored, as well as +empty lines. +DOC + authors => <<'DOC', +Niko Tyni <ntyni@iki.fi> +DOC + + bugs => <<DOC, +The need for storing cleartext passwords can be considered a bug in itself. +DOC + + see_also => <<DOC, +Smokeping::probes::basefork(3pm), Smokeping::probes::Radius(3pm), Smokeping::probes::LDAP(3pm) +DOC + } +} + +sub ProbeDesc { + return "probe that can fork, knows about passwords and doesn't override the ProbeDesc method"; +} + +sub probevars { + my $class = shift; + return $class->_makevars($class->SUPER::probevars, { + passwordfile => { + _doc => "Location of the file containing usernames and passwords.", + _example => '/some/place/secret', + _sub => sub { + my $val = shift; + -r $val or return "ERROR: password file $val is not readable."; + return undef; + }, + }, + }); +} + +sub new { + my $proto = shift; + my $class = ref($proto) || $proto; + my $self = $class->SUPER::new(@_); + + # no need for this if we run as a cgi + unless ($ENV{SERVER_SOFTWARE}) { + + if (defined $self->{properties}{passwordfile}) { + my @stat = stat($self->{properties}{passwordfile}); + my $mode = $stat[2]; + carp("Warning: password file $self->{properties}{passwordfile} is world-readable\n") + if defined $mode and $mode & 04; + + open(P, "<$self->{properties}{passwordfile}") + or croak("Error opening specified password file $self->{properties}{passwordfile}: $!"); + while (<P>) { + chomp; + next unless /\S/; + next if /^\s*#/; + my ($host, $username, $password) = split(/:/); + carp("Line $. in $self->{properties}{passwordfile} is invalid"), next unless defined $host and defined $username and defined $password; + $self->password($host, $username, $password); + } + close P; + } + } + + + return $self; +} + +sub password { + my $self = shift; + my $host = shift; + my $username = shift; + my $newval = shift; + $self->{password}{$host}{$username} = $newval if defined $newval; + return $self->{password}{$host}{$username}; +} + +1; |