Manualshelf

HP-UX Internet Services Administrator's Guide (August 2003)

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 ONC and NFS Software
41424344454647484950
TCP Wrappers
TCP Wrappers Files
Chapter 3 49
To enforce the host access control in an independent daemon, a service
must include the tcpd.h header file and link with the libwrap.a library
APIs. The libwrap.a library contains the following APIs:
request_init()
Initializes the request_info structure with the client request
information.
request_set()
Updates an initialized request_info structure.
Both the APIs request_init() and request_set() accept the
request_info structure and a variable length list of key-value pairs as
input parameters; and, they return the request_info structure defined
in the tcpd.h header file. The argument lists are terminated with a zero
key value.
hosts_access()
Reads the ACLs and returns either 1 or 0 indicating the access
granted or denied, respectively.
hosts_ctl()
This API is a wrapper to the functions request_init() and
hosts_access(). It accepts the daemon name, client host name,
client address, and user name as input parameters. The client host
name, address, and user name arguments must contain valid data or
STRING_UNKNOWN defined in the tcpd.h file. If the access is
denied the hosts_ctl() API returns a value 0.
The following are the methods to implement access control checks in a
daemon program:
1. Fill the variable elements in the structure request_info using the
routines request_init() and request_set(), and call the
hosts_access() routine to verify these elements with the ACLs.
2. Call the function hosts_ctl() with appropriate input parameters to
check with the ACLs.
For more information on these APIs, type man 3 hosts_access at the
HP-UX prompt.