Provided by: libwrap0-dev_7.6.q-31build2_amd64 bug

NAME

       hosts_access, hosts_ctl, request_init, request_set - access control library

SYNOPSIS

       #include <tcpd.h>

       extern int allow_severity;
       extern int deny_severity;

       struct request_info *request_init(request, key, value, ..., 0)
       struct request_info *request;

       struct request_info *request_set(request, key, value, ..., 0)
       struct request_info *request;

       void fromhost(request)
       struct request_info *request;

       int hosts_access(request)
       struct request_info *request;

       int hosts_ctl(daemon, client_name, client_addr, client_user)
       char *daemon;
       char *client_name;
       char *client_addr;
       char *client_user;

DESCRIPTION

       The  routines described in this document are part of the libwrap.a library. They implement
       a rule-based access control language with optional shell commands that are executed when a
       rule fires.

       request_init()   initializes   a  structure  with  information  about  a  client  request.
       request_set() updates an already initialized request  structure.  Both  functions  take  a
       variable-length  list  of  key-value  pairs and return their first argument.  The argument
       lists are terminated with a zero key value. All string-valued arguments  are  copied.  The
       expected keys (and corresponding value types) are:

       RQ_FILE (int)
              The file descriptor associated with the request.

       RQ_CLIENT_NAME (char *)
              The client host name.

       RQ_CLIENT_ADDR (char *)
              A printable representation of the client network address.

       RQ_CLIENT_SIN (struct sockaddr_in *)
              An internal representation of the client network address and port.  The contents of
              the structure are not copied.

       RQ_SERVER_NAME (char *)
              The hostname associated with the server endpoint address.

       RQ_SERVER_ADDR (char *)
              A printable representation of the server endpoint address.

       RQ_SERVER_SIN (struct sockaddr_in *)
              An internal representation of the server endpoint address and port.   The  contents
              of the structure are not copied.

       RQ_DAEMON (char *)
              The name of the daemon process running on the server host.

       RQ_USER (char *)
              The name of the user on whose behalf the client host makes the request.

       hosts_access()  consults the access control tables described in the hosts_access(5) manual
       page.  When internal endpoint information is available, host names and client  user  names
       are  looked  up on demand, using the request structure as a cache.  hosts_access() returns
       zero if access should be denied.  fromhost() must be called before hosts_access().

       hosts_ctl() is a wrapper around the request_init()  and  hosts_access()  routines  with  a
       perhaps  more  convenient  interface  (though  it  does  not pass on enough information to
       support automated client username lookups).  The client host address, client host name and
       username  arguments should contain valid data or STRING_UNKNOWN.  hosts_ctl() returns zero
       if access should be denied.

       The allow_severity  and  deny_severity  variables  determine  how  accepted  and  rejected
       requests  may  be logged. They must be provided by the caller and may be modified by rules
       in the access control tables.

DIAGNOSTICS

       Problems are reported via the syslog daemon.

SEE ALSO

       hosts_access(5),  format  of  the  access  control  tables.   hosts_options(5),   optional
       extensions to the base language.

FILES

       /etc/hosts.allow, /etc/hosts.deny, access control tables.

BUGS

       hosts_access() uses the strtok() library function. This may interfere with other code that
       relies on strtok().

AUTHOR

       Wietse Venema (wietse@wzv.win.tue.nl)
       Department of Mathematics and Computing Science
       Eindhoven University of Technology
       Den Dolech 2, P.O. Box 513,
       5600 MB Eindhoven, The Netherlands

                                                                                  HOSTS_ACCESS(3)