HOSTS_ACCESS
NAME
hosts_access, hosts_ctl, request_init, request_set - access control library
SYNOPSIS
#include <tcpd.h>
extern int allow_severity;
extern int deny_severity;
struct request_info *request_init(request, key, value, ..., 0)
struct request_info *request;
struct request_info *request_set(request, key, value, ..., 0)
struct request_info *request;
void fromhost(request)
struct request_info *request;
int hosts_access(request)
struct request_info *request;
int hosts_ctl(daemon, client_name, client_addr, client_user)
char *daemon;
char *client_name;
char *client_addr;
char *client_user;
DESCRIPTION
The routines described in this document are part of the libwrap.a
library. They implement a rule-based access control language with
optional shell commands that are executed when a rule fires.
request_init() initializes a structure with information about a client
request. request_set() updates an already initialized request
structure. Both functions take a variable-length list of key-value
pairs and return their first argument. The argument lists are
terminated with a zero key value. All string-valued arguments are
copied. The expected keys (and corresponding value types) are:
"RQ_FILE
The file descriptor associated with the request.
"RQ_CLIENT_NAME
The client host name.
"RQ_CLIENT_ADDR
A printable representation of the client network address.
"RQ_CLIENT_SIN
An internal representation of the client network address and port. The
contents of the structure are not copied.
"RQ_SERVER_NAME
The hostname associated with the server endpoint address.
"RQ_SERVER_ADDR
A printable representation of the server endpoint address.
"RQ_SERVER_SIN
An internal representation of the server endpoint address and port.
The contents of the structure are not copied.
"RQ_DAEMON
The name of the daemon process running on the server host.
"RQ_USER
The name of the user on whose behalf the client host makes the request.
hosts_access() consults the access control tables described in the
hosts_access(5) manual page. When internal endpoint information
is available, host names and client user names are looked up on demand,
using the request structure as a cache. hosts_access() returns zero if
access should be denied.
fromhost() must be called before hosts_access().
hosts_ctl() is a wrapper around the request_init() and hosts_access()
routines with a perhaps more convenient interface (though it does not
pass on enough information to support automated client username
lookups). The client host address, client host name and username
arguments should contain valid data or STRING_UNKNOWN. hosts_ctl()
returns zero if access should be denied.
The allow_severity and deny_severity variables determine
how accepted and rejected requests may be logged. They must be provided
by the caller and may be modified by rules in the access control
tables.
DIAGNOSTICS
Problems are reported via the syslog daemon.
SEE ALSO
hosts_access(5), format of the access control tables.
hosts_options(5), optional extensions to the base language.
FILES
/etc/hosts.allow, /etc/hosts.deny, access control tables.
BUGS
hosts_access() uses the strtok() library function. This may interfere
with other code that relies on strtok().
AUTHOR
Wietse Venema (wietse@wzv.win.tue.nl)
Department of Mathematics and Computing Science
Eindhoven University of Technology
Den Dolech 2, P.O. Box 513,
5600 MB Eindhoven, The Netherlands
\" @(#) hosts_access.3 1.8 96/02/11 17:01:26