1HOSTS_ACCESS(3)            Library Functions Manual            HOSTS_ACCESS(3)
2
3
4

NAME

6       hosts_access,  hosts_ctl,  request_init,  request_set  - access control
7       library
8

SYNOPSIS

10       #include "tcpd.h"
11
12       extern int allow_severity;
13       extern int deny_severity;
14
15       struct request_info *request_init(request, key, value, ..., 0)
16       struct request_info *request;
17
18       struct request_info *request_set(request, key, value, ..., 0)
19       struct request_info *request;
20
21       int hosts_access(request)
22       struct request_info *request;
23
24       int hosts_ctl(daemon, client_name, client_addr, client_user)
25       char *daemon;
26       char *client_name;
27       char *client_addr;
28       char *client_user;
29

DESCRIPTION

31       The routines described in this  document  are  part  of  the  libwrap.a
32       library.  They  implement  a  rule-based  access  control language with
33       optional shell commands that are executed when a rule fires.
34
35       request_init() initializes a structure with information about a  client
36       request.  request_set()  updates  an already initialized request struc‐
37       ture. Both functions take a variable-length list of key-value pairs and
38       return  their first argument.  The argument lists are terminated with a
39       zero key value. All string-valued arguments are  copied.  The  expected
40       keys (and corresponding value types) are:
41
42       RQ_FILE (int)
43              The file descriptor associated with the request.
44
45       RQ_CLIENT_NAME (char *)
46              The client host name.
47
48       RQ_CLIENT_ADDR (char *)
49              A printable representation of the client network address.
50
51       RQ_CLIENT_SIN (struct sockaddr_in *)
52              An  internal  representation  of  the client network address and
53              port.  The contents of the structure are not copied.
54
55       RQ_SERVER_NAME (char *)
56              The hostname associated with the server endpoint address.
57
58       RQ_SERVER_ADDR (char *)
59              A printable representation of the server endpoint address.
60
61       RQ_SERVER_SIN (struct sockaddr_in *)
62              An internal representation of the server  endpoint  address  and
63              port.  The contents of the structure are not copied.
64
65       RQ_DAEMON (char *)
66              The name of the daemon process running on the server host.
67
68       RQ_USER (char *)
69              The  name  of the user on whose behalf the client host makes the
70              request.
71
72       hosts_access() consults the access  control  tables  described  in  the
73       hosts_access(5)  manual  page.   When  internal endpoint information is
74       available, host names and client user names are looked  up  on  demand,
75       using the request structure as a cache.  hosts_access() returns zero if
76       access should be denied.
77
78       hosts_ctl() is a wrapper around the request_init()  and  hosts_access()
79       routines  with  a perhaps more convenient interface (though it does not
80       pass  on  enough  information  to  support  automated  client  username
81       lookups).  The client host address, client host name and username argu‐
82       ments should contain valid data or STRING_UNKNOWN.  hosts_ctl() returns
83       zero if access should be denied.
84
85       The  allow_severity  and deny_severity variables determine how accepted
86       and rejected requests may be logged. They must be provided by the call‐
87       er and may be modified by rules in the access control tables.
88

DIAGNOSTICS

90       Problems are reported via the syslog daemon.
91

SEE ALSO

93       hosts_access(5),    format    of    the    access    control    tables.
94       hosts_options(5), optional extensions to the base language.
95

FILES

97       /etc/hosts.allow, /etc/hosts.deny, access control tables.
98

BUGS

100       hosts_access() uses the strtok() library function. This  may  interfere
101       with other code that relies on strtok().
102

AUTHOR

104       Wietse Venema (wietse@wzv.win.tue.nl)
105       Department of Mathematics and Computing Science
106       Eindhoven University of Technology
107       Den Dolech 2, P.O. Box 513,
108       5600 MB Eindhoven, The Netherlands
109
110
111
112
113                                                               HOSTS_ACCESS(3)
Impressum