Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
HOSTS_ACCESS(3)		   Library Functions Manual	       HOSTS_ACCESS(3)

NAME
       hosts_access,  hosts_ctl,  request_init,	 request_set  -	access control
       library

SYNOPSIS
       #include	"tcpd.h"

       extern int allow_severity;
       extern int deny_severity;

       struct request_info *request_init(request, key, value, ..., 0)
       struct request_info *request;

       struct request_info *request_set(request, key, value, ..., 0)
       struct request_info *request;

       int hosts_access(request)
       struct request_info *request;

       int hosts_ctl(daemon, client_name, client_addr, client_user)
       char *daemon;
       char *client_name;
       char *client_addr;
       char *client_user;

DESCRIPTION
       The routines described in this  document	 are  part  of	the  libwrap.a
       library.	 They  implement  a  rule-based	 access	 control language with
       optional	shell commands that are	executed when a	rule fires.

       request_init() initializes a structure with information about a	client
       request.	 request_set()	updates	 an already initialized	request	struc-
       ture. Both functions take a variable-length list	of key-value pairs and
       return  their first argument.  The argument lists are terminated	with a
       zero key	value. All string-valued arguments are	copied.	 The  expected
       keys (and corresponding value types) are:

       RQ_FILE (int)
	      The file descriptor associated with the request.

       RQ_CLIENT_NAME (char *)
	      The client host name.

       RQ_CLIENT_ADDR (char *)
	      A	printable representation of the	client network address.

       RQ_CLIENT_SIN (struct sockaddr_in *)
	      An  internal  representation  of	the client network address and
	      port.  The contents of the structure are not copied.

       RQ_SERVER_NAME (char *)
	      The hostname associated with the server endpoint address.

       RQ_SERVER_ADDR (char *)
	      A	printable representation of the	server endpoint	address.

       RQ_SERVER_SIN (struct sockaddr_in *)
	      An internal representation of the	server	endpoint  address  and
	      port.  The contents of the structure are not copied.

       RQ_DAEMON (char *)
	      The name of the daemon process running on	the server host.

       RQ_USER (char *)
	      The  name	 of the	user on	whose behalf the client	host makes the
	      request.

       hosts_access() consults the access  control  tables  described  in  the
       hosts_access(5)	manual	page.	When  internal endpoint	information is
       available, host names and client	user names are looked  up  on  demand,
       using the request structure as a	cache.	hosts_access() returns zero if
       access should be	denied.

       hosts_ctl() is a	wrapper	around the request_init()  and	hosts_access()
       routines	 with  a perhaps more convenient interface (though it does not
       pass  on	 enough	 information  to  support  automated  client  username
       lookups).  The client host address, client host name and	username argu-
       ments should contain valid data or STRING_UNKNOWN.  hosts_ctl() returns
       zero if access should be	denied.

       The  allow_severity  and	deny_severity variables	determine how accepted
       and rejected requests may be logged. They must be provided by the call-
       er and may be modified by rules in the access control tables.

DIAGNOSTICS
       Problems	are reported via the syslog daemon.

SEE ALSO
       hosts_access(5),	   format    of	   the	  access    control    tables.
       hosts_options(5), optional extensions to	the base language.

FILES
       /etc/hosts.allow, /etc/hosts.deny, access control tables.

BUGS
       hosts_access() uses the strtok()	library	function. This	may  interfere
       with other code that relies on strtok().

AUTHOR
       Wietse Venema (wietse@wzv.win.tue.nl)
       Department of Mathematics and Computing Science
       Eindhoven University of Technology
       Den Dolech 2, P.O. Box 513,
       5600 MB Eindhoven, The Netherlands

							       HOSTS_ACCESS(3)

NAME | SYNOPSIS | DESCRIPTION | DIAGNOSTICS | SEE ALSO | FILES | BUGS | AUTHOR

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=hosts_access&sektion=3&manpath=FreeBSD+12.0-RELEASE>

home | help