hosts_access, hosts_ctl, request_init, request_set - tcp
wrapper access
control library
#include <tcpd.h>
extern int allow_severity;
extern int deny_severity;
struct request_info *
request_init(struct request_info *request, int key, value,
..., 0);
struct request_info *
request_set(struct request_info *request, int key, value,
..., 0);
int
hosts_access(struct request_info *request);
int
hosts_ctl(char *daemon, char *client_name, char
*client_addr,
char *client_user);
The routines described in this document are part of the
libwrap.a library.
They implement a rule-based access control language
with optional
shell commands that are executed when a rule fires.
request_init() initializes a structure with information
about a client
request. request_set() updates an already initialized request structure.
Both functions take a variable-length list of key-value
pairs and return
their first argument. The argument lists are terminated
with a zero key
value. All string-valued arguments are copied. The expected keys (and
corresponding value types) are:
RQ_FILE (int) The file descriptor associated
with the request.
RQ_CLIENT_NAME (char *) The client host name.
RQ_CLIENT_ADDR (char *) A printable representation of the
client network
address.
RQ_CLIENT_SIN (struct sockaddr_in *)
An internal representation of the
client network
address and port. The contents of the
structure are not copied.
RQ_SERVER_NAME (char *) The hostname associated with the
server endpoint
address.
RQ_SERVER_ADDR (char *) A printable representation of the
server endpoint
address.
RQ_SERVER_SIN (struct sockaddr_in *)
An internal representation of the
server endpoint
address and port. The contents of the
structure are not copied.
RQ_DAEMON (char *) The name of the daemon process
running on the
server host.
RQ_USER (char *) The name of the user on whose behalf the client
host makes the request.
hosts_access() consults the access control tables described
in the
hosts_access(5) manual page. When internal endpoint information is
available, host names and client user names are looked up on
demand, using
the request structure as a cache. hosts_access() returns zero if access
should be denied.
hosts_ctl() is a wrapper around the request_init() and
hosts_access()
routines with a perhaps more convenient interface (though it
does not
pass on enough information to support automated client username lookups).
The client host address, client host name and username arguments should
contain valid data or STRING_UNKNOWN. hosts_ctl() returns
zero if access
should be denied.
The allow_severity and deny_severity variables determine how
accepted and
rejected requests may be logged. They must be provided by
the caller and
may be modified by rules in the access control tables.
/etc/hosts.allow Access control table (allow list)
/etc/hosts.deny Access control table (deny list)
Problems are reported via the syslog daemon.
hosts_access(5), hosts_options(5)
Wietse Venema (wietse@wzv.win.tue.nl)
Department of Mathematics and Computing Science
Eindhoven University of Technology
Den Dolech 2, P.O. Box 513,
5600 MB Eindhoven, The Netherlands
OpenBSD 3.6 June 23, 1997
[ Back ] |
