HOSTS_ACCESS(3)                                   HOSTS_ACCESS(3)

NAME
       hosts_access,   hosts_ctl,   request_init,  request_set  -
       access control library

SYNOPSIS
       #include "tcpd.h"

       extern int allow_severity;
       extern int deny_severity;

       struct request_info *request_init(request, key, value, ..., 0)
       struct request_info *request;

       struct request_info *request_set(request, key, value, ..., 0)
       struct request_info *request;

       int hosts_access(request)
       struct request_info *request;

       int hosts_ctl(daemon, client_name, client_addr, client_user)
       char *daemon;
       char *client_name;
       char *client_addr;
       char *client_user;

DESCRIPTION
       The routines described in this document are  part  of  the
       libwrap.a library. They implement a rule-based access con-
       trol language with optional shell commands that  are  exe-
       cuted when a rule fires.

       request_init()  initializes  a  structure with information
       about a client request. request_set() updates  an  already
       initialized request structure. Both functions take a vari-
       able-length list of key-value pairs and return their first
       argument.   The  argument lists are terminated with a zero
       key value. All string-valued  arguments  are  copied.  The
       expected keys (and corresponding value types) are:

       RQ_FILE (int)
              The file descriptor associated with the request.

       RQ_CLIENT_NAME (char *)
              The client host name.

       RQ_CLIENT_ADDR (char *)
              A  printable  representation  of the client network
              address.

       RQ_CLIENT_SIN (struct sockaddr_in *)
              An internal representation of  the  client  network
              address  and  port.   The contents of the structure
              are not copied.

       RQ_SERVER_NAME (char *)
              The hostname associated with  the  server  endpoint
              address.

       RQ_SERVER_ADDR (char *)
              A  printable  representation of the server endpoint
              address.

       RQ_SERVER_SIN (struct sockaddr_in *)
              An internal representation of the  server  endpoint
              address  and  port.   The contents of the structure
              are not copied.

       RQ_DAEMON (char *)
              The name of  the  daemon  process  running  on  the
              server host.

       RQ_USER (char *)
              The  name  of  the  user on whose behalf the client
              host makes the request.

       hosts_access()  consults   the   access   control   tables
       described in the hosts_access(5) manual page.  When inter-
       nal endpoint information  is  available,  host  names  and
       client  user  names  are  looked  up  on demand, using the
       request structure as a cache.  hosts_access() returns zero
       if access should be denied.

       hosts_ctl()  is  a  wrapper  around the request_init() and
       hosts_access() routines with  a  perhaps  more  convenient
       interface  (though  it does not pass on enough information
       to support automated client username lookups).  The client
       host  address,  client  host  name  and username arguments
       should contain valid data or STRING_UNKNOWN.   hosts_ctl()
       returns zero if access should be denied.

       The  allow_severity  and deny_severity variables determine
       how accepted and rejected requests  may  be  logged.  They
       must  be  provided  by  the  caller and may be modified by
       rules in the access control tables.

DIAGNOSTICS
       Problems are reported via the syslog daemon.

SEE ALSO
       hosts_access(5), format  of  the  access  control  tables.
       hosts_options(5),  optional  extensions  to  the base lan-
       guage.

FILES
       /etc/hosts.allow, /etc/hosts.deny, access control  tables.

BUGS
       hosts_access()  uses  the  strtok() library function. This
       may interfere with other code that relies on strtok().

AUTHOR
       Wietse Venema (wietse@wzv.win.tue.nl)
       Department of Mathematics and Computing Science
       Eindhoven University of Technology
       Den Dolech 2, P.O. Box 513,
       5600 MB Eindhoven, The Netherlands

                                                                1