source: trunk/third/tcp_wrappers/hosts_access.3 @ 11717

Revision 11717, 3.5 KB checked in by danw, 26 years ago (diff)
This commit was generated by cvs2svn to compensate for changes in r11716, which included commits to RCS files with non-trunk default branches.
Line 
1.TH HOSTS_ACCESS 3
2.SH NAME
3hosts_access, hosts_ctl, request_init, request_set \- access control library
4.SH SYNOPSIS
5.nf
6#include "tcpd.h"
7
8extern int allow_severity;
9extern int deny_severity;
10
11struct request_info *request_init(request, key, value, ..., 0)
12struct request_info *request;
13
14struct request_info *request_set(request, key, value, ..., 0)
15struct request_info *request;
16
17int hosts_access(request)
18struct request_info *request;
19
20int hosts_ctl(daemon, client_name, client_addr, client_user)
21char *daemon;
22char *client_name;
23char *client_addr;
24char *client_user;
25.fi
26.SH DESCRIPTION
27The routines described in this document are part of the \fIlibwrap.a\fR
28library. They implement a rule-based access control language with
29optional shell commands that are executed when a rule fires.
30.PP
31request_init() initializes a structure with information about a client
32request. request_set() updates an already initialized request
33structure. Both functions take a variable-length list of key-value
34pairs and return their first argument.  The argument lists are
35terminated with a zero key value. All string-valued arguments are
36copied. The expected keys (and corresponding value types) are:
37.IP "RQ_FILE (int)"
38The file descriptor associated with the request.
39.IP "RQ_CLIENT_NAME (char *)"
40The client host name.
41.IP "RQ_CLIENT_ADDR (char *)"
42A printable representation of the client network address.
43.IP "RQ_CLIENT_SIN (struct sockaddr_in *)"
44An internal representation of the client network address and port.  The
45contents of the structure are not copied.
46.IP "RQ_SERVER_NAME (char *)"
47The hostname associated with the server endpoint address.
48.IP "RQ_SERVER_ADDR (char *)"
49A printable representation of the server endpoint address.
50.IP "RQ_SERVER_SIN (struct sockaddr_in *)"
51An internal representation of the server endpoint address and port.
52The contents of the structure are not copied.
53.IP "RQ_DAEMON (char *)"
54The name of the daemon process running on the server host.
55.IP "RQ_USER (char *)"
56The name of the user on whose behalf the client host makes the request.
57.PP
58hosts_access() consults the access control tables described in the
59\fIhosts_access(5)\fR manual page.  When internal endpoint information
60is available, host names and client user names are looked up on demand,
61using the request structure as a cache.  hosts_access() returns zero if
62access should be denied.
63.PP
64hosts_ctl() is a wrapper around the request_init() and hosts_access()
65routines with a perhaps more convenient interface (though it does not
66pass on enough information to support automated client username
67lookups).  The client host address, client host name and username
68arguments should contain valid data or STRING_UNKNOWN.  hosts_ctl()
69returns zero if access should be denied.
70.PP
71The \fIallow_severity\fR and \fIdeny_severity\fR variables determine
72how accepted and rejected requests may be logged. They must be provided
73by the caller and may be modified by rules in the access control
74tables.
75.SH DIAGNOSTICS
76Problems are reported via the syslog daemon.
77.SH SEE ALSO
78hosts_access(5), format of the access control tables.
79hosts_options(5), optional extensions to the base language.
80.SH FILES
81/etc/hosts.allow, /etc/hosts.deny, access control tables.
82.SH BUGS
83hosts_access() uses the strtok() library function. This may interfere
84with other code that relies on strtok().
85.SH AUTHOR
86.na
87.nf
88Wietse Venema (wietse@wzv.win.tue.nl)
89Department of Mathematics and Computing Science
90Eindhoven University of Technology
91Den Dolech 2, P.O. Box 513,
925600 MB Eindhoven, The Netherlands
93\" @(#) hosts_access.3 1.8 96/02/11 17:01:26
Note: See TracBrowser for help on using the repository browser.