hosts_access(3)hosts_access(3)NAMEhosts_access(), hosts_ctl(), request_init(), request_set() - access
control library
SYNOPSISDESCRIPTION
The routines described here are a part of the library. They implement
a rule-based access control language with optional shell commands that
are executed when a rule fires.
initializes a structure with information about a client request.
updates an already initialized request structure. Both functions take
a variable-length list of key-value pairs and return their first argu‐
ment. The argument lists are terminated with a zero key value. All
string-valued arguments are copied. The expected keys (and correspond‐
ing value types) are:
The file descriptor associated with the request.
The client host name.
A printable representation of the client network address.
An internal representation of the client network address and port. The
contents of the structure are not copied.
The hostname associated with the server endpoint address.
A printable representation of the server endpoint address.
An internal representation of the server endpoint address and port.
The
contents of the structure are not copied.
The name of the daemon process running on the server host.
The name of the user on whose behalf the client host makes the request.
consults the access control tables described in the hosts_access(5)
manual page. When internal endpoint information is available, host
names and client user names are looked up on demand, using the request
structure as a cache. returns zero if access should be denied.
is a wrapper around the and routines with a perhaps more convenient
interface (though it does not pass on enough information to support
automated client username lookups). The client host address, client
host name and username arguments should contain valid data or returns
zero if access should be denied.
The allow_severity and deny_severity variables determine how accepted
and rejected requests may be logged. They must be provided by the
caller and may be modified by rules in the access control tables.
The rfc931_timeout variable determines the timeout value for the
client's username lookup. It must be set with a positive value and a
value of 0 disables the username lookup.
RETURN VALUE
The and functions return a pointer to the structure. The members of
the returned structure are initialized and updated with the values
passed to the respective functions, and
The and functions return if the access is granted and if the access is
denied, for the requested service.
DIAGNOSTICS
Problems are reported via the daemon, at and levels.
WARNINGS
uses the library function. This may interfere with other code that
relies on
AUTHOR
These routines were developed by
Wietse Venema (wietse@wzv.win.tue.nl)
Department of Mathematics and Computing Science
Eindhoven University of Technology
Den Dolech 2, P.O. Box 513,
5600 MB Eindhoven, The Netherlands
FILES
access control tables.
access control tables.
SEE ALSOhosts_access(5) format of the access control tables.
hosts_options(5) optional extensions to the base language.
hosts_access(3)