Skip site navigation (1)Skip section navigation (2)

FreeBSD Man Pages

Man Page or Keyword Search:
Man Architecture
Apropos Keyword Search (all sections) Output format
home | help
HOSTS_ACCESS(3)						       HOSTS_ACCESS(3)

NAME
       hosts_access,  hosts_ctl,  request_init,	 request_set  -	access control
       library

SYNOPSIS
       #include	"tcpd.h"

       extern int allow_severity;
       extern int deny_severity;

       struct request_info *request_init(request, key, value, ..., 0)
       struct request_info *request;

       struct request_info *request_set(request, key, value, ..., 0)
       struct request_info *request;

       int hosts_access(request)
       struct request_info *request;

       int hosts_ctl(daemon, client_name, client_addr, client_user)
       char *daemon;
       char *client_name;
       char *client_addr;
       char *client_user;

DESCRIPTION
       The routines described in this  document	 are  part  of	the  libwrap.a
       library.	 They  implement  a  rule-based	 access	 control language with
       optional	shell commands that are	executed when a	rule fires.

       request_init() initializes a structure with information about a	client
       request.	 request_set()	updates	 an already initialized	request	struc-
       ture. Both functions take a variable-length list	of key-value pairs and
       return  their first argument.  The argument lists are terminated	with a
       zero key	value. All string-valued arguments are	copied.	 The  expected
       keys (and corresponding value types) are:

       RQ_FILE (int)
	      The file descriptor associated with the request.

       RQ_CLIENT_NAME (char *)
	      The client host name.

       RQ_CLIENT_ADDR (char *)
	      A	printable representation of the	client network address.

       RQ_CLIENT_SIN (struct sockaddr_in *)
	      An  internal  representation  of	the client network address and
	      port.  The contents of the structure are not copied.

       RQ_SERVER_NAME (char *)
	      The hostname associated with the server endpoint address.

       RQ_SERVER_ADDR (char *)
	      A	printable representation of the	server endpoint	address.

       RQ_SERVER_SIN (struct sockaddr_in *)
	      An internal representation of the	server	endpoint  address  and
	      port.  The contents of the structure are not copied.

       RQ_DAEMON (char *)
	      The name of the daemon process running on	the server host.

       RQ_USER (char *)
	      The  name	 of the	user on	whose behalf the client	host makes the
	      request.

       hosts_access() consults the access  control  tables  described  in  the
       hosts_access(5)	manual	page.	When  internal endpoint	information is
       available, host names and client	user names are looked  up  on  demand,
       using the request structure as a	cache.	hosts_access() returns zero if
       access should be	denied.

       hosts_ctl() is a	wrapper	around the request_init()  and	hosts_access()
       routines	 with  a perhaps more convenient interface (though it does not
       pass  on	 enough	 information  to  support  automated  client  username
       lookups).  The client host address, client host name and	username argu-
       ments should contain valid data or STRING_UNKNOWN.  hosts_ctl() returns
       zero if access should be	denied.

       The  allow_severity  and	deny_severity variables	determine how accepted
       and rejected requests may be logged.  They  must	 be  provided  by  the
       caller and may be modified by rules in the access control tables.

DIAGNOSTICS
       Problems	are reported via the syslog daemon.

SEE ALSO
       hosts_access(5),	   format    of	   the	  access    control    tables.
       hosts_options(5), optional extensions to	the base language.

FILES
       /etc/hosts.allow, /etc/hosts.deny, access control tables.

BUGS
       hosts_access() uses the strtok()	library	function. This	may  interfere
       with other code that relies on strtok().

AUTHOR
       Wietse Venema (wietse@wzv.win.tue.nl)
       Department of Mathematics and Computing Science
       Eindhoven University of Technology
       Den Dolech 2, P.O. Box 513,
       5600 MB Eindhoven, The Netherlands

							       HOSTS_ACCESS(3)

NAME | SYNOPSIS | DESCRIPTION | DIAGNOSTICS | SEE ALSO | FILES | BUGS | AUTHOR

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=hosts_access&manpath=FreeBSD+9.2-RELEASE>

home | help