from small one page howto to huge articles all in one place
 

search text in:





Poll
Which kernel version do you use?





poll results

Last additions:
using iotop to find disk usage hogs

using iotop to find disk usage hogs

words:

887

views:

185936

userrating:

average rating: 1.7 (102 votes) (1=very good 6=terrible)


May 25th. 2007:
Words

486

Views

250337

why adblockers are bad


Workaround and fixes for the current Core Dump Handling vulnerability affected kernels

Workaround and fixes for the current Core Dump Handling vulnerability affected kernels

words:

161

views:

137481

userrating:

average rating: 1.4 (42 votes) (1=very good 6=terrible)


April, 26th. 2006:

Druckversion
You are here: manpages





HOSTS_ACCESS

Section: C Library Functions (3)
Index Return to Main Contents
 

NAME

hosts_access, hosts_ctl, request_init, request_set - access control library  

SYNOPSIS

#include <tcpd.h>

extern int allow_severity;
extern int deny_severity;

struct request_info *request_init(request, key, value, ..., 0)
struct request_info *request;

struct request_info *request_set(request, key, value, ..., 0)
struct request_info *request;

void fromhost(request)
struct request_info *request;

int hosts_access(request)
struct request_info *request;

int hosts_ctl(daemon, client_name, client_addr, client_user)
char *daemon;
char *client_name;
char *client_addr;
char *client_user;
 

DESCRIPTION

The routines described in this document are part of the libwrap.a library. They implement a rule-based access control language with optional shell commands that are executed when a rule fires.

request_init() initializes a structure with information about a client request. request_set() updates an already initialized request structure. Both functions take a variable-length list of key-value pairs and return their first argument. The argument lists are terminated with a zero key value. All string-valued arguments are copied. The expected keys (and corresponding value types) are:

RQ_FILE (int)
The file descriptor associated with the request.
RQ_CLIENT_NAME (char *)
The client host name.
RQ_CLIENT_ADDR (char *)
A printable representation of the client network address.
RQ_CLIENT_SIN (struct sockaddr_in *)
An internal representation of the client network address and port. The contents of the structure are not copied.
RQ_SERVER_NAME (char *)
The hostname associated with the server endpoint address.
RQ_SERVER_ADDR (char *)
A printable representation of the server endpoint address.
RQ_SERVER_SIN (struct sockaddr_in *)
An internal representation of the server endpoint address and port. The contents of the structure are not copied.
RQ_DAEMON (char *)
The name of the daemon process running on the server host.
RQ_USER (char *)
The name of the user on whose behalf the client host makes the request.

hosts_access() consults the access control tables described in the hosts_access(5) manual page. When internal endpoint information is available, host names and client user names are looked up on demand, using the request structure as a cache. hosts_access() returns zero if access should be denied. fromhost() must be called before hosts_access().

hosts_ctl() is a wrapper around the request_init() and hosts_access() routines with a perhaps more convenient interface (though it does not pass on enough information to support automated client username lookups). The client host address, client host name and username arguments should contain valid data or STRING_UNKNOWN. hosts_ctl() returns zero if access should be denied.

The allow_severity and deny_severity variables determine how accepted and rejected requests may be logged. They must be provided by the caller and may be modified by rules in the access control tables.  

DIAGNOSTICS

Problems are reported via the syslog daemon.  

SEE ALSO

hosts_access(5), format of the access control tables. hosts_options(5), optional extensions to the base language.  

FILES

/etc/hosts.allow, /etc/hosts.deny, access control tables.  

BUGS

hosts_access() uses the strtok() library function. This may interfere with other code that relies on strtok().  

AUTHOR

Wietse Venema (wietse@wzv.win.tue.nl)
Department of Mathematics and Computing Science
Eindhoven University of Technology
Den Dolech 2, P.O. Box 513, 
5600 MB Eindhoven, The Netherlands


 

Index

NAME
SYNOPSIS
DESCRIPTION
DIAGNOSTICS
SEE ALSO
FILES
BUGS
AUTHOR





Support us on Content Nation
rdf newsfeed | rss newsfeed | Atom newsfeed
- Powered by LeopardCMS - Running on Gentoo -
Copyright 2004-2020 Sascha Nitsch Unternehmensberatung GmbH
Valid XHTML1.1 : Valid CSS : buttonmaker
- Level Triple-A Conformance to Web Content Accessibility Guidelines 1.0 -
- Copyright and legal notices -
Time to create this page: 10.9 ms