TCP Wrappers Release Notes

What’s in This Version

TCP Wrapper Features

Chapter 1 11

This API initializes the request_info structure with information

about the client request.

— request_set()

This API updates an initialized request_info structure.

Both request_init() and request_set() APIs take the

request_info structure and a variable-length list of key-value

pairs as input parameters and return the ﬁrst argument which is

the request_info structure deﬁned in the tcpd.h header ﬁle. The

argument lists are terminated with a zero key value.

— hosts_access()

This API reads the ACLs and returns either ‘1’ or ‘0’ indicating

the access granted or denied respectively.

— hosts_ctl()

This API is a wrapper around request_init() and hosts_access()

routines. It takes the daemon name, client’s hostname, client’s

address and username as input parameters. The client

hostname, address and username arguments should contain

valid data or STRING_UNKNOWN deﬁned in the tcpd.h ﬁle.

The hosts_ctl() API returns zero if access should be denied.

The following are the methods to implement access control checks in

a daemon program:

1. Fill the request_info structure’s variable elements using

request_init ( ) and request_set ( ) routines and call the

hosts_access( ) routine to verify these elements with ACLs.

2. Call hosts_ctl ( ) function with appropriate input parameters

to check with ACLs.

NOTE Refer to hosts_access(3) man page for more information on these

APIs.

• tcpdchk

tcpdchk is a tool that can be used to examine the validity of entries in

the /etc/inetd.conf ﬁle and ACLs.