3 hosts_access, hosts_ctl, request_init, request_set \- access control library
8 extern int allow_severity;
9 extern int deny_severity;
11 struct request_info *request_init(request, key, value, ..., 0)
12 struct request_info *request;
14 struct request_info *request_set(request, key, value, ..., 0)
15 struct request_info *request;
17 int hosts_access(request)
18 struct request_info *request;
20 int hosts_ctl(daemon, client_name, client_addr, client_user)
27 The routines described in this document are part of the \fIlibwrap.a\fR
28 library. They implement a rule-based access control language with
29 optional shell commands that are executed when a rule fires.
31 request_init() initializes a structure with information about a client
32 request. request_set() updates an already initialized request
33 structure. Both functions take a variable-length list of key-value
34 pairs and return their first argument. The argument lists are
35 terminated with a zero key value. All string-valued arguments are
36 copied. The expected keys (and corresponding value types) are:
38 The file descriptor associated with the request.
39 .IP "RQ_CLIENT_NAME (char *)"
41 .IP "RQ_CLIENT_ADDR (char *)"
42 A printable representation of the client network address.
43 .IP "RQ_CLIENT_SIN (struct sockaddr_in *)"
44 An internal representation of the client network address and port. The
45 contents of the structure are not copied.
46 .IP "RQ_SERVER_NAME (char *)"
47 The hostname associated with the server endpoint address.
48 .IP "RQ_SERVER_ADDR (char *)"
49 A printable representation of the server endpoint address.
50 .IP "RQ_SERVER_SIN (struct sockaddr_in *)"
51 An internal representation of the server endpoint address and port.
52 The contents of the structure are not copied.
53 .IP "RQ_DAEMON (char *)"
54 The name of the daemon process running on the server host.
55 .IP "RQ_USER (char *)"
56 The name of the user on whose behalf the client host makes the request.
58 hosts_access() consults the access control tables described in the
59 \fIhosts_access(5)\fR manual page. When internal endpoint information
60 is available, host names and client user names are looked up on demand,
61 using the request structure as a cache. hosts_access() returns zero if
62 access should be denied.
64 hosts_ctl() is a wrapper around the request_init() and hosts_access()
65 routines with a perhaps more convenient interface (though it does not
66 pass on enough information to support automated client username
67 lookups). The client host address, client host name and username
68 arguments should contain valid data or STRING_UNKNOWN. hosts_ctl()
69 returns zero if access should be denied.
71 The \fIallow_severity\fR and \fIdeny_severity\fR variables determine
72 how accepted and rejected requests may be logged. They must be provided
73 by the caller and may be modified by rules in the access control
76 Problems are reported via the syslog daemon.
78 hosts_access(5), format of the access control tables.
79 hosts_options(5), optional extensions to the base language.
81 /etc/hosts.allow, /etc/hosts.deny, access control tables.
83 hosts_access() uses the strtok() library function. This may interfere
84 with other code that relies on strtok().
88 Wietse Venema (wietse@wzv.win.tue.nl)
89 Department of Mathematics and Computing Science
90 Eindhoven University of Technology
91 Den Dolech 2, P.O. Box 513,
92 5600 MB Eindhoven, The Netherlands
93 \" @(#) hosts_access.3 1.8 96/02/11 17:01:26