Introduction to Library Functions HOSTSACES(3)
NAME
hostsaccess, hostsctl, requestinit, requestset - access
control library
SYNOPSIS
#include
cc [ flag ... ] file ... [ library ... ] -lwrap
extern int allowseverity;
extern int denyseverity;
struct requestinfo *requestinit(request, key, value, ..., 0)
struct requestinfo *request;
struct requestinfo *requestset(request, key, value, ..., 0)
struct requestinfo *request;
int hostsaccess(request)
struct requestinfo *request;
int hostsctl(daemon, clientname, clientaddr, clientuser)
char *daemon;
char *clientname;
char *clientaddr;
char *clientuser;
DESCRIPTION
The routines described in this document are part of the
libwrap.so library. They implement a rule-based access con-
trol language with optional shell commands that are executed
when a rule fires.
requestinit() initializes a structure with information
about a client request. requestset() updates an already
initialized request structure. Both functions take a
variable-length list of key-value pairs and return their
first argument. The argument lists are terminated with a
zero key value. All string-valued arguments are copied. The
expected keys (and corresponding value types) are:
RQFILE (int)
The file descriptor associated with the request.
RQCLIENTNAME (char *)
The client host name.
RQCLIENTADR (char *)
A printable representation of the client network
address.
RQCLIENTSIN (struct sockaddrin *)
SunOS 5.10 Last change: 1
Introduction to Library Functions HOSTSACES(3)
An internal representation of the client network
address and port. The contents of the structure are
not copied.
RQSERVERNAME (char *)
The hostname associated with the server endpoint
address.
RQSERVERADR (char *)
A printable representation of the server endpoint
address.
RQSERVERSIN (struct sockaddrin *)
An internal representation of the server endpoint
address and port. The contents of the structure are
not copied.
RQDAEMON (char *)
The name of the daemon process running on the server
host.
RQUSER (char *)
The name of the user on whose behalf the client host
makes the request.
hostsaccess() consults the access control tables described
in the hostsaccess(4) manual page. When internal endpoint
information is available, host names and client user names
are looked up on demand, using the request structure as a
cache. hostsaccess() returns zero if access should be
denied.
hostsctl() is a wrapper around the requestinit() and
hostsaccess() routines with a perhaps more convenient
interface (though it does not pass on enough information to
support automated client username lookups). The client host
address, client host name and username arguments should con-
tain valid data or STRINGUNKNOWN. hostsctl() returns zero
if access should be denied.
The allowseverity and denyseverity variables determine how
accepted and rejected requests may be logged. They must be
provided by the caller and may be modified by rules in the
access control tables.
DIAGNOSTICS
Problems are reported via the syslog daemon.
SEE ALSO
hostsaccess(4), format of the access control tables.
hostsoptions(4), optional extensions to the base language.
SunOS 5.10 Last change: 2
Introduction to Library Functions HOSTSACES(3)
FILES
/etc/hosts.allow, /etc/hosts.deny, access control tables.
BUGS
hostsaccess() uses the strtok() library function. This may
interfere with other code that relies on strtok().
AUTHOR
Wietse Venema (wietse@wzv.win.tue.nl)
Department of Mathematics and Computing Science
Eindhoven University of Technology
Den Dolech 2, P.O. Box 513,
5600 MB Eindhoven, The Netherlands
ATRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
ATRIBUTE TYPE ATRIBUTE VALUE
Availability SUNWtcpd
Interface Stability Committed
NOTES
Source for tcpwrappers is available in the SUNWtcpdS pack-
age.
SunOS 5.10 Last change: 3
|
