Hosts_Access

Parses /etc/hosts.{allow,deny}

Author: Raphael Pinson rap.nosp@m.hink@gmai.nosp@m.l.com

Summary
Hosts_AccessParses /etc/hosts.{allow,deny}
ReferenceThis lens tries to keep as close as possible to `man 5 hosts_access` and `man 5 hosts_options` where possible.
LicenseThis file is licenced under the LGPL v2+, like the rest of Augeas.
Lens UsageTo be documented
Configuration filesThis lens applies to /etc/hosts.{allow,deny}.
USEFUL PRIMITIVES
colon
comma_sep
ws_sep
list_sep
list_item
client_host_itemAllows @ for netgroups, supports [ipv6] syntax
client_file_item
option_kwSince either an option or a shell command can be given, use an explicit list of known options to avoid misinterpreting a command as an option
shell_command_rx
sto_to_colonAllows escaped colon sequences
exceptThe except operator makes it possible to write very compact rules.
ENTRY TYPES
daemon
daemon_listA list of daemons
client
client_file
client_listA list of clients
optionOptional extensions defined in hosts_options(5)
shell_command
entry
LENS AND FILTER
lns
filter

Reference

This lens tries to keep as close as possible to `man 5 hosts_access` and `man 5 hosts_options` where possible.

License

This file is licenced under the LGPL v2+, like the rest of Augeas.

Lens Usage

To be documented

Configuration files

This lens applies to /etc/hosts.{allow,deny}.  See filter.

USEFUL PRIMITIVES

colon

let colon = del /[ \t]*(\\\\[ \t]*\n[ \t]+)?:[ \t]*(\\\\[ \t]*\n[ \t]+)?/ ": "

comma_sep

let comma_sep = /([ \t]|(\\\\\n))*,([ \t]|(\\\\\n))*/

ws_sep

let ws_sep = / +/

list_sep

let list_sep = del ( comma_sep | ws_sep ) ", "

list_item

let list_item = store ( Rx.word - /EXCEPT/i )

client_host_item

let client_host_item = let client_hostname_rx = /[A-Za-z0-9_.@?*-][A-Za-z0-9_.?*-]*/ in let client_ipv6_rx = "[" . /[A-Za-z0-9:?*%]+/ . "]" in let client_host_rx = client_hostname_rx | client_ipv6_rx in let netmask = [ Util.del_str "/" . label "netmask" . store Rx.word ] in store ( client_host_rx - /EXCEPT/i ) . netmask?

Allows @ for netgroups, supports [ipv6] syntax

client_file_item

let client_file_item = let client_file_rx = /\/[^ \t\n,:]+/ in store ( client_file_rx - /EXCEPT/i )

option_kw

let option_kw = "severity" | "spawn" | "twist" | "keepalive" | "linger" | "rfc931" | "banners" | "nice" | "setenv" | "umask" | "user" | /allow/i | /deny/i

Since either an option or a shell command can be given, use an explicit list of known options to avoid misinterpreting a command as an option

shell_command_rx

let shell_command_rx = /[^ \t\n:][^\n]*[^ \t\n]|[^ \t\n:\\\\]/ - ( option_kw . /.*/ )

sto_to_colon

let sto_to_colon = store /[^ \t\n:=][^\n:]*((\\\\:|\\\\[ \t]*\n[ \t]+)[^\n:]*)*[^ \\\t\n:]|[^ \t\n:\\\\]/

Allows escaped colon sequences

except

let except (lns:lens) = [ label "except" . Sep.space . del /except/i "EXCEPT" . Sep.space . lns ]

The except operator makes it possible to write very compact rules.

ENTRY TYPES

daemon

let daemon = let host = [ label "host" . Util.del_str "@" . list_item ] in [ label "process" . list_item . host? ]

daemon_list

let daemon_list = Build.opt_list daemon list_sep

A list of daemons

client

let client = let user = [ label "user" . list_item . Util.del_str "@" ] in [ label "client" . user? . client_host_item ]

client_file

let client_file = [ label "file" . client_file_item ]

client_list

let client_list = Build.opt_list ( client | client_file ) list_sep

A list of clients

option

let option = [ key option_kw . ( del /([ \t]*=[ \t]*|[ \t]+)/ " " . sto_to_colon )? ]

Optional extensions defined in hosts_options(5)

shell_command

let shell_command = [ label "shell_command" . store shell_command_rx ]

entry

let entry = [ seq "line" . daemon_list . (except daemon_list)? . colon . client_list . (except client_list)? . ( (colon . option)+ | (colon . shell_command)? ) . Util.eol ]

LENS AND FILTER

lns

let lns = (Util.empty | Util.comment | entry)*

filter

let colon = del /[ \t]*(\\\\[ \t]*\n[ \t]+)?:[ \t]*(\\\\[ \t]*\n[ \t]+)?/ ": "
let comma_sep = /([ \t]|(\\\\\n))*,([ \t]|(\\\\\n))*/
let ws_sep = / +/
let list_sep = del ( comma_sep | ws_sep ) ", "
let list_item = store ( Rx.word - /EXCEPT/i )
let client_host_item = let client_hostname_rx = /[A-Za-z0-9_.@?*-][A-Za-z0-9_.?*-]*/ in let client_ipv6_rx = "[" . /[A-Za-z0-9:?*%]+/ . "]" in let client_host_rx = client_hostname_rx | client_ipv6_rx in let netmask = [ Util.del_str "/" . label "netmask" . store Rx.word ] in store ( client_host_rx - /EXCEPT/i ) . netmask?
Allows @ for netgroups, supports [ipv6] syntax
let client_file_item = let client_file_rx = /\/[^ \t\n,:]+/ in store ( client_file_rx - /EXCEPT/i )
let option_kw = "severity" | "spawn" | "twist" | "keepalive" | "linger" | "rfc931" | "banners" | "nice" | "setenv" | "umask" | "user" | /allow/i | /deny/i
Since either an option or a shell command can be given, use an explicit list of known options to avoid misinterpreting a command as an option
let shell_command_rx = /[^ \t\n:][^\n]*[^ \t\n]|[^ \t\n:\\\\]/ - ( option_kw . /.*/ )
let sto_to_colon = store /[^ \t\n:=][^\n:]*((\\\\:|\\\\[ \t]*\n[ \t]+)[^\n:]*)*[^ \\\t\n:]|[^ \t\n:\\\\]/
Allows escaped colon sequences
let except (lns:lens) = [ label "except" . Sep.space . del /except/i "EXCEPT" . Sep.space . lns ]
The except operator makes it possible to write very compact rules.
let daemon = let host = [ label "host" . Util.del_str "@" . list_item ] in [ label "process" . list_item . host? ]
let daemon_list = Build.opt_list daemon list_sep
A list of daemons
let client = let user = [ label "user" . list_item . Util.del_str "@" ] in [ label "client" . user? . client_host_item ]
let client_file = [ label "file" . client_file_item ]
let client_list = Build.opt_list ( client | client_file ) list_sep
A list of clients
let option = [ key option_kw . ( del /([ \t]*=[ \t]*|[ \t]+)/ " " . sto_to_colon )? ]
Optional extensions defined in hosts_options(5)
let shell_command = [ label "shell_command" . store shell_command_rx ]
let entry = [ seq "line" . daemon_list . (except daemon_list)? . colon . client_list . (except client_list)? . ( (colon . option)+ | (colon . shell_command)? ) . Util.eol ]
let lns = (Util.empty | Util.comment | entry)*
Close