NAME    [Toc]    [Back]

     hosts_access, hosts_ctl,  request_init,  request_set  -  tcp
wrapper access
     control library

SYNOPSIS    [Toc]    [Back]

     #include <tcpd.h>

     extern int allow_severity;
     extern int deny_severity;

     struct request_info *
     request_init(struct  request_info  *request, int key, value,
..., 0);

     struct request_info *
     request_set(struct request_info *request,  int  key,  value,
..., 0);

     int
     hosts_access(struct request_info *request);

     int
     hosts_ctl(char     *daemon,    char    *client_name,    char
*client_addr,
             char *client_user);

DESCRIPTION    [Toc]    [Back]

     The routines described in this  document  are  part  of  the
libwrap.a library.
   They implement a rule-based access control language
with optional
     shell commands that are executed when a rule fires.

     request_init()  initializes  a  structure  with  information
about a client
     request.   request_set()  updates an already initialized request structure.
     Both functions take  a  variable-length  list  of  key-value
pairs and return
     their  first  argument.   The  argument lists are terminated
with a zero key
     value.  All string-valued arguments are copied.  The expected keys (and
     corresponding value types) are:

     RQ_FILE  (int)              The  file  descriptor associated
with the request.


     RQ_CLIENT_NAME (char *)   The client host name.

     RQ_CLIENT_ADDR (char *)   A printable representation of  the
client network
 address.

     RQ_CLIENT_SIN (struct sockaddr_in *)
                               An  internal representation of the
client network
 address and port.   The  contents of the
                               structure are not copied.

     RQ_SERVER_NAME  (char  *)   The hostname associated with the
server endpoint
 address.

     RQ_SERVER_ADDR (char *)   A printable representation of  the
server endpoint
 address.

     RQ_SERVER_SIN (struct sockaddr_in *)
                               An  internal representation of the
server endpoint
 address and port.  The  contents of the
                               structure are not copied.

     RQ_DAEMON  (char  *)         The  name of the daemon process
running on the
                               server host.

     RQ_USER (char *)          The name of the user on whose  behalf the client
                               host makes the request.

     hosts_access()  consults the access control tables described
in the
     hosts_access(5) manual page.  When internal endpoint  information is
     available, host names and client user names are looked up on
demand, using
 the request structure as a  cache.   hosts_access()  returns zero if access
 should be denied.

     hosts_ctl()  is  a  wrapper  around  the  request_init() and
hosts_access()
     routines with a perhaps more convenient interface (though it
does not
     pass on enough information to support automated client username lookups).
     The client host address, client host name and username arguments should
     contain  valid  data or STRING_UNKNOWN.  hosts_ctl() returns
zero if access
     should be denied.

     The allow_severity and deny_severity variables determine how
accepted and
     rejected  requests  may be logged.  They must be provided by
the caller and
     may be modified by rules in the access control tables.

FILES    [Toc]    [Back]

     /etc/hosts.allow  Access control table (allow list)
     /etc/hosts.deny   Access control table (deny list)

DIAGNOSTICS    [Toc]    [Back]

     Problems are reported via the syslog daemon.

SEE ALSO    [Toc]    [Back]

     hosts_access(5), hosts_options(5)

AUTHORS    [Toc]    [Back]

           Wietse Venema ([email protected])
           Department of Mathematics and Computing Science
           Eindhoven University of Technology
           Den Dolech 2, P.O. Box 513,
           5600 MB Eindhoven, The Netherlands

OpenBSD     3.6                           June      23,      1997