*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->HP-UX 11i man pages -> hosts_ctl (3)              
Title
Content
Arch
Section
 

Contents


 hosts_access(3)                                             hosts_access(3)




 NAME    [Toc]    [Back]
      hosts_access(), hosts_ctl(), request_init(), request_set() - access
      control library

 SYNOPSIS    [Toc]    [Back]
      #include <tcpd.h>

      extern int allow_severity;
      extern int deny_severity;
      extern int rfc931_timeout;

      struct request_info *request_init(request, key, value, ..., 0)
      struct request_info *request;

      struct request_info *request_set(request, key, value, ..., 0)
      struct request_info *request;

      int hosts_access(request)
      struct request_info *request;

      int hosts_ctl(daemon, client_name, client_addr, client_user)
      char *daemon;
      char *client_name;
      char *client_addr;
      char *client_user;

 DESCRIPTION    [Toc]    [Back]
      The routines described here are a part of the libwrap.a library.  They
      implement a rule-based access control language with optional shell
      commands that are executed when a rule fires.

      request_init() initializes a structure with information about a client
      request.  request_set() updates an already initialized request
      structure.  Both functions take a variable-length list of key-value
      pairs and return their first argument.  The argument lists are
      terminated with a zero key value.  All string-valued arguments are
      copied.  The expected keys (and corresponding value types) are:

      RQ_FILE (int)    [Toc]    [Back]
           The file descriptor associated with the request.

      RQ_CLIENT_NAME (char *)
           The client host name.

      RQ_CLIENT_ADDR (char *)
           A printable representation of the client network address.

      RQ_CLIENT_SIN (struct sockaddr_in *)
           An internal representation of the client network address and
           port.  The contents of the structure are not copied.




 Hewlett-Packard Company            - 1 -   HP-UX 11i Version 2: August 2003






 hosts_access(3)                                             hosts_access(3)




      RQ_SERVER_NAME (char *)
           The hostname associated with the server endpoint address.

      RQ_SERVER_ADDR (char *)
           A printable representation of the server endpoint address.

      RQ_SERVER_SIN (struct sockaddr_in *)
           An internal representation of the server endpoint address and
           port.  The contents of the structure are not copied.

      RQ_DAEMON (char *)
           The name of the daemon process running on the server host.

      RQ_USER (char *)
           The name of the user on whose behalf the client host makes the
           request.

      hosts_access() consults the access control tables described in the
      hosts_access(5) manual page.  When internal endpoint information is
      available, host names and client user names are looked up on demand,
      using the request structure as a cache.  hosts_access() returns zero
      if access should be denied.

      hosts_ctl() is a wrapper around the request_init() and hosts_access()
      routines with a perhaps more convenient interface (though it does not
      pass on enough information to support automated client username
      lookups).  The client host address, client host name and username
      arguments should contain valid data or STRING_UNKNOWN.  hosts_ctl()
      returns zero if access should be denied.

      The allow_severity and deny_severity variables determine how accepted
      and rejected requests may be logged.  They must be provided by the
      caller and may be modified by rules in the access control tables.

      The rfc931_timeout variable determines the timeout value for the
      client's username lookup.  It must be set with a positive value and a
      value of 0 disables the username lookup.

 RETURN VALUE    [Toc]    [Back]
      The request_init() and request_set() functions return a pointer to the
      request_info structure.  The members of the returned structure are
      initialized and updated with the values passed to the respective
      functions, request_init() and request_set().

      The hosts_access() and hosts_ctl() functions return 1 if the access is
      granted and 0 if the access is denied, for the requested service.

 DIAGNOSTICS    [Toc]    [Back]
      Problems are reported via syslogd, the syslog daemon, at info, notice,
      warning and err levels.




 Hewlett-Packard Company            - 2 -   HP-UX 11i Version 2: August 2003






 hosts_access(3)                                             hosts_access(3)




 WARNINGS    [Toc]    [Back]
      hosts_access() uses the strtok() library function.  This may interfere
      with other code that relies on strtok().

 AUTHOR    [Toc]    [Back]
      These routines were developed by

      Wietse Venema (wietse@wzv.win.tue.nl)
      Department of Mathematics and Computing Science
      Eindhoven University of Technology
      Den Dolech 2, P.O. Box 513,
      5600 MB Eindhoven, The Netherlands

 FILES    [Toc]    [Back]
      /etc/hosts.allow         access control tables.

      /etc/hosts.deny          access control tables.

 SEE ALSO    [Toc]    [Back]
      hosts_access(5) format of the access control tables.

      hosts_options(5) optional extensions to the base language.


 Hewlett-Packard Company            - 3 -   HP-UX 11i Version 2: August 2003
[ Back ]
      
      
 Similar pages
Name OS Title
hosts_ctl OpenBSD tcp wrapper access control library
request_set OpenBSD tcp wrapper access control library
request_init OpenBSD tcp wrapper access control library
hosts_access OpenBSD tcp wrapper access control library
mac FreeBSD Mandatory Access Control
acl IRIX Access Control Lists
acl Tru64 Access control list
XSecurity Tru64 X display access control
Xsecurity Tru64 X display access control
Xsecurity IRIX X display access control
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service