*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->NetBSD man pages -> hosts_ctl (3)              
Title
Content
Arch
Section
 

HOSTS_ACCESS(3)

Contents


NAME    [Toc]    [Back]

       hosts_access,   hosts_ctl,   request_init,  request_set  -
       access control library

SYNOPSIS    [Toc]    [Back]

       #include "tcpd.h"

       extern int allow_severity;
       extern int deny_severity;

       struct request_info *request_init(request, key, value, ..., 0)
       struct request_info *request;

       struct request_info *request_set(request, key, value, ..., 0)
       struct request_info *request;

       int hosts_access(request)
       struct request_info *request;

       int hosts_ctl(daemon, client_name, client_addr, client_user)
       char *daemon;
       char *client_name;
       char *client_addr;
       char *client_user;

DESCRIPTION    [Toc]    [Back]

       The routines described in this document are  part  of  the
       libwrap.a library. They implement a rule-based access control
 language with optional shell commands that  are  executed
 when a rule fires.

       request_init()  initializes  a  structure with information
       about a client request. request_set() updates  an  already
       initialized request structure. Both functions take a variable-length
 list of key-value pairs and return their first
       argument.   The  argument lists are terminated with a zero
       key value. All string-valued  arguments  are  copied.  The
       expected keys (and corresponding value types) are:

       RQ_FILE (int)
              The file descriptor associated with the request.

       RQ_CLIENT_NAME (char *)
              The client host name.

       RQ_CLIENT_ADDR (char *)
              A  printable  representation  of the client network
              address.

       RQ_CLIENT_SIN (struct sockaddr_in *)
              An internal representation of  the  client  network
              address  and  port.   The contents of the structure
              are not copied.

       RQ_SERVER_NAME (char *)
              The hostname associated with  the  server  endpoint
              address.

       RQ_SERVER_ADDR (char *)
              A  printable  representation of the server endpoint
              address.

       RQ_SERVER_SIN (struct sockaddr_in *)
              An internal representation of the  server  endpoint
              address  and  port.   The contents of the structure
              are not copied.

       RQ_DAEMON (char *)
              The name of  the  daemon  process  running  on  the
              server host.

       RQ_USER (char *)
              The  name  of  the  user on whose behalf the client
              host makes the request.

       hosts_access()  consults   the   access   control   tables
       described in the hosts_access(5) manual page.  When internal
 endpoint information  is  available,  host  names  and
       client  user  names  are  looked  up  on demand, using the
       request structure as a cache.  hosts_access() returns zero
       if access should be denied.

       hosts_ctl()  is  a  wrapper  around the request_init() and
       hosts_access() routines with  a  perhaps  more  convenient
       interface  (though  it does not pass on enough information
       to support automated client username lookups).  The client
       host  address,  client  host  name  and username arguments
       should contain valid data or STRING_UNKNOWN.   hosts_ctl()
       returns zero if access should be denied.

       The  allow_severity  and deny_severity variables determine
       how accepted and rejected requests  may  be  logged.  They
       must  be  provided  by  the  caller and may be modified by
       rules in the access control tables.

DIAGNOSTICS    [Toc]    [Back]

       Problems are reported via the syslog daemon.

SEE ALSO    [Toc]    [Back]

      
      
       hosts_access(5), format  of  the  access  control  tables.
       hosts_options(5),  optional  extensions  to  the base language.

FILES    [Toc]    [Back]

       /etc/hosts.allow, /etc/hosts.deny, access control  tables.

BUGS    [Toc]    [Back]

       hosts_access()  uses  the  strtok() library function. This
       may interfere with other code that relies on strtok().

AUTHOR    [Toc]    [Back]

       Wietse Venema (wietse@wzv.win.tue.nl)
       Department of Mathematics and Computing Science
       Eindhoven University of Technology
       Den Dolech 2, P.O. Box 513,
       5600 MB Eindhoven, The Netherlands




                                                  HOSTS_ACCESS(3)
[ Back ]
 Similar pages
Name OS Title
hosts_ctl OpenBSD tcp wrapper access control library
request_set OpenBSD tcp wrapper access control library
request_init OpenBSD tcp wrapper access control library
hosts_access OpenBSD tcp wrapper access control library
mac FreeBSD Mandatory Access Control
acl IRIX Access Control Lists
acl Tru64 Access control list
XSecurity Tru64 X display access control
Xsecurity Tru64 X display access control
Xsecurity IRIX X display access control
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service