hosts_access.3 (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

hosts_access(3) hosts_access(3)

NAME

hosts_access(), hosts_ctl(), request_init(), request_set() - access control library

SYNOPSIS

#include <tcpd.h>

extern int allow_severity;

extern int deny_severity;

extern int rfc931_timeout;

struct request_info *request_init(request, key, value, ..., 0)

struct request_info *request;

struct request_info *request_set(request, key, value, ..., 0)

struct request_info *request;

int hosts_access(request)

struct request_info *request;

int hosts_ctl(daemon, client_name, client_addr, client_user)

char *daemon;

char *client_name;

char *client_addr;

char *client_user;

DESCRIPTION

The routines described here are a part of the libwrap.sl/libwrap.so

library. They implement a

rule-based access control language with optional shell commands that are executed when a rule ﬁres.

request_init() initializes a structure with information about a client request.

request_set()

updates an already initialized request structure. Both functions take a variable-length list of key-value

pairs and return their ﬁrst argument. The argument lists are terminated with a zero key value. All

string-valued arguments are copied. The expected keys (and corresponding value types) are:

RQ_FILE (int)

The ﬁle descriptor associated with the request.

RQ_CLIENT_NAME (char *)

The client host name.

RQ_CLIENT_ADDR (char *)

A printable representation of the client network address.

RQ_CLIENT_SIN (struct sockaddr_in *)

An internal representation of the client network address and port. The contents of the structure are

not copied.

RQ_SERVER_NAME (char *)

The hostname associated with the server endpoint address.

RQ_SERVER_ADDR (char *)

A printable representation of the server endpoint address.

RQ_SERVER_SIN (struct sockaddr_in *)

An internal representation of the server endpoint address and port. The contents of the structure

are not copied.

RQ_DAEMON (char *)

The name of the daemon process running on the server host.

RQ_USER (char *)

The name of the user on whose behalf the client host makes the request.

hosts_access() consults the access control tables described in the hosts_access (5) manual page.

When internal endpoint information is available, host names and client user names are looked up on

demand, using the request structure as a cache. hosts_access() returns zero if access should be

denied.

hosts_ctl() is a wrapper around the request_init() and hosts_access() routines with a

perhaps more convenient interface (though it does not pass on enough information to support automated

client username lookups). The client host address, client host name and username arguments should

HP-UX 11i Version 3: September 2010 − 1 − Hewlett-Packard Company 1

Summary of content (2 pages)

PAGE 1
hosts_access(3) hosts_access(3) NAME hosts_access(), hosts_ctl(), request_init(), request_set() - access control library SYNOPSIS #include extern int allow_severity; extern int deny_severity; extern int rfc931_timeout; struct request_info *request_init(request, key, value, ..., 0) struct request_info *request; struct request_info *request_set(request, key, value, ...
PAGE 2
hosts_access(3) hosts_access(3) contain valid data or STRING_UNKNOWN. hosts_ctl() returns zero if access should be denied. The allow_severity and deny_severity variables determine how accepted and rejected requests may be logged. They must be provided by the caller and may be modified by rules in the access control tables. The rfc931_timeout variable determines the timeout value for the client’s username lookup. It must be set with a positive value and a value of 0 disables the username lookup.