United States-English |
|
|
HP-UX Reference > Hhosts_access(3)HP-UX 11i Version 3: February 2007 |
|
NAMEhosts_access(), hosts_ctl(), request_init(), request_set() — access control library SYNOPSIS#include <tcpd.h> extern int allow_severity; extern int deny_severity; extern int rfc931_timeout; struct request_info *request_init(request, key, value, ..., 0) struct request_info *request; struct request_info *request_set(request, key, value, ..., 0) struct request_info *request; int hosts_access(request) struct request_info *request; int hosts_ctl(daemon, client_name, client_addr, client_user) char *daemon; char *client_name; char *client_addr; char *client_user; DESCRIPTIONThe routines described here are a part of the libwrap.a library. They implement a rule-based access control language with optional shell commands that are executed when a rule fires. request_init() initializes a structure with information about a client request. request_set() updates an already initialized request structure. Both functions take a variable-length list of key-value pairs and return their first argument. The argument lists are terminated with a zero key value. All string-valued arguments are copied. The expected keys (and corresponding value types) are:
hosts_access() consults the access control tables described in the hosts_access(5) manual page. When internal endpoint information is available, host names and client user names are looked up on demand, using the request structure as a cache. hosts_access() returns zero if access should be denied. hosts_ctl() is a wrapper around the request_init() and hosts_access() routines with a perhaps more convenient interface (though it does not pass on enough information to support automated client username lookups). The client host address, client host name and username arguments should contain valid data or STRING_UNKNOWN. hosts_ctl() returns zero if access should be denied. The allow_severity and deny_severity variables determine how accepted and rejected requests may be logged. They must be provided by the caller and may be modified by rules in the access control tables. The rfc931_timeout variable determines the timeout value for the client's username lookup. It must be set with a positive value and a value of 0 disables the username lookup. RETURN VALUEThe request_init() and request_set() functions return a pointer to the request_info structure. The members of the returned structure are initialized and updated with the values passed to the respective functions, request_init() and request_set(). The hosts_access() and hosts_ctl() functions return 1 if the access is granted and 0 if the access is denied, for the requested service. DIAGNOSTICSProblems are reported via syslogd, the syslog daemon, at info, notice, warning and err levels. WARNINGShosts_access() uses the strtok() library function. This may interfere with other code that relies on strtok(). AUTHORThese routines were developed by Wietse Venema (wietse@wzv.win.tue.nl) Department of Mathematics and Computing Science Eindhoven University of Technology Den Dolech 2, P.O. Box 513, 5600 MB Eindhoven, The Netherlands SEE ALSOhosts_access(5) format of the access control tables. hosts_options(5) optional extensions to the base language. |
Printable version | ||
|