1 | .TH HOSTS_ACCESS 3 |
---|
2 | .SH NAME |
---|
3 | hosts_access, hosts_ctl, request_init, request_set \- access control library |
---|
4 | .SH SYNOPSIS |
---|
5 | .nf |
---|
6 | #include "tcpd.h" |
---|
7 | |
---|
8 | extern int allow_severity; |
---|
9 | extern int deny_severity; |
---|
10 | |
---|
11 | struct request_info *request_init(request, key, value, ..., 0) |
---|
12 | struct request_info *request; |
---|
13 | |
---|
14 | struct request_info *request_set(request, key, value, ..., 0) |
---|
15 | struct request_info *request; |
---|
16 | |
---|
17 | int hosts_access(request) |
---|
18 | struct request_info *request; |
---|
19 | |
---|
20 | int hosts_ctl(daemon, client_name, client_addr, client_user) |
---|
21 | char *daemon; |
---|
22 | char *client_name; |
---|
23 | char *client_addr; |
---|
24 | char *client_user; |
---|
25 | .fi |
---|
26 | .SH DESCRIPTION |
---|
27 | The routines described in this document are part of the \fIlibwrap.a\fR |
---|
28 | library. They implement a rule-based access control language with |
---|
29 | optional shell commands that are executed when a rule fires. |
---|
30 | .PP |
---|
31 | request_init() initializes a structure with information about a client |
---|
32 | request. request_set() updates an already initialized request |
---|
33 | structure. Both functions take a variable-length list of key-value |
---|
34 | pairs and return their first argument. The argument lists are |
---|
35 | terminated with a zero key value. All string-valued arguments are |
---|
36 | copied. The expected keys (and corresponding value types) are: |
---|
37 | .IP "RQ_FILE (int)" |
---|
38 | The file descriptor associated with the request. |
---|
39 | .IP "RQ_CLIENT_NAME (char *)" |
---|
40 | The client host name. |
---|
41 | .IP "RQ_CLIENT_ADDR (char *)" |
---|
42 | A printable representation of the client network address. |
---|
43 | .IP "RQ_CLIENT_SIN (struct sockaddr_in *)" |
---|
44 | An internal representation of the client network address and port. The |
---|
45 | contents of the structure are not copied. |
---|
46 | .IP "RQ_SERVER_NAME (char *)" |
---|
47 | The hostname associated with the server endpoint address. |
---|
48 | .IP "RQ_SERVER_ADDR (char *)" |
---|
49 | A printable representation of the server endpoint address. |
---|
50 | .IP "RQ_SERVER_SIN (struct sockaddr_in *)" |
---|
51 | An internal representation of the server endpoint address and port. |
---|
52 | The contents of the structure are not copied. |
---|
53 | .IP "RQ_DAEMON (char *)" |
---|
54 | The name of the daemon process running on the server host. |
---|
55 | .IP "RQ_USER (char *)" |
---|
56 | The name of the user on whose behalf the client host makes the request. |
---|
57 | .PP |
---|
58 | hosts_access() consults the access control tables described in the |
---|
59 | \fIhosts_access(5)\fR manual page. When internal endpoint information |
---|
60 | is available, host names and client user names are looked up on demand, |
---|
61 | using the request structure as a cache. hosts_access() returns zero if |
---|
62 | access should be denied. |
---|
63 | .PP |
---|
64 | hosts_ctl() is a wrapper around the request_init() and hosts_access() |
---|
65 | routines with a perhaps more convenient interface (though it does not |
---|
66 | pass on enough information to support automated client username |
---|
67 | lookups). The client host address, client host name and username |
---|
68 | arguments should contain valid data or STRING_UNKNOWN. hosts_ctl() |
---|
69 | returns zero if access should be denied. |
---|
70 | .PP |
---|
71 | The \fIallow_severity\fR and \fIdeny_severity\fR variables determine |
---|
72 | how accepted and rejected requests may be logged. They must be provided |
---|
73 | by the caller and may be modified by rules in the access control |
---|
74 | tables. |
---|
75 | .SH DIAGNOSTICS |
---|
76 | Problems are reported via the syslog daemon. |
---|
77 | .SH SEE ALSO |
---|
78 | hosts_access(5), format of the access control tables. |
---|
79 | hosts_options(5), optional extensions to the base language. |
---|
80 | .SH FILES |
---|
81 | /etc/hosts.allow, /etc/hosts.deny, access control tables. |
---|
82 | .SH BUGS |
---|
83 | hosts_access() uses the strtok() library function. This may interfere |
---|
84 | with other code that relies on strtok(). |
---|
85 | .SH AUTHOR |
---|
86 | .na |
---|
87 | .nf |
---|
88 | Wietse Venema (wietse@wzv.win.tue.nl) |
---|
89 | Department of Mathematics and Computing Science |
---|
90 | Eindhoven University of Technology |
---|
91 | Den Dolech 2, P.O. Box 513, |
---|
92 | 5600 MB Eindhoven, The Netherlands |
---|
93 | \" @(#) hosts_access.3 1.8 96/02/11 17:01:26 |
---|