diff options
| author | Yuri Pankov <yuri.pankov@nexenta.com> | 2011-08-10 22:43:54 -0700 |
|---|---|---|
| committer | Yuri Pankov <yuri.pankov@nexenta.com> | 2011-08-10 22:43:54 -0700 |
| commit | ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3 (patch) | |
| tree | f306764e7bb40f124eb0e13ffa9a669fd5a9ff57 /usr/src/man/man3 | |
| parent | f16a0f4cde3ff2f7a495def818cbdce2d570ea33 (diff) | |
| download | illumos-joyent-ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3.tar.gz | |
635 sed manual page needs significant updates
1188 Move pppdump and tcpd manpages to usr/src/man
1189 add stdin/stdout/stderr(3C) manpage symlinks
1190 Remove source-security-tcp-wrapper and SUNWtcpdS packages
1191 Remove source-network-pppdump and SUNWpppgS packages
1192 fd manpage should be in section 7
Reviewed by: Albert Lee <trisk@opensolaris.org>
Reviewed by: Gordon Ross <gordon.w.ross@gmail.com>
Approved by: Garrett D'Amore <garrett@nexenta.com>
Diffstat (limited to 'usr/src/man/man3')
| -rw-r--r-- | usr/src/man/man3/Makefile | 14 | ||||
| -rw-r--r-- | usr/src/man/man3/hosts_access.3 | 93 |
2 files changed, 103 insertions, 4 deletions
diff --git a/usr/src/man/man3/Makefile b/usr/src/man/man3/Makefile index 5d73a0b0e5..0ac3a03cd8 100644 --- a/usr/src/man/man3/Makefile +++ b/usr/src/man/man3/Makefile @@ -9,22 +9,28 @@ # at http://www.illumos.org/license/CDDL. # +# # Copyright 2011, Richard Lowe +# Copyright 2011 Nexenta Systems, Inc. All rights reserved. +# include ../../Makefile.master MANSECT = 3 -MANSOFILES = intro.3 +MANSOFILES = intro.3 \ + libwrap.3 + MANFILES = Intro.3 \ + hosts_access.3 \ $(MANSOFILES) -intro.3 := SOSRC = man3/Intro.3 +intro.3 := SOSRC = man3/Intro.3 + +libwrap.3 := SOSRC = man3/hosts_access.3 .KEEP_STATE: include ../Makefile.man install: $(ROOTMANFILES) - - diff --git a/usr/src/man/man3/hosts_access.3 b/usr/src/man/man3/hosts_access.3 new file mode 100644 index 0000000000..ba0a7c5a01 --- /dev/null +++ b/usr/src/man/man3/hosts_access.3 @@ -0,0 +1,93 @@ +.TH HOSTS_ACCESS 3 +.SH NAME +hosts_access, hosts_ctl, libwrap, request_init, request_set \- access control library +.SH SYNOPSIS +.nf +#include "tcpd.h" + +extern int allow_severity; +extern int deny_severity; + +struct request_info *request_init(request, key, value, ..., 0) +struct request_info *request; + +struct request_info *request_set(request, key, value, ..., 0) +struct request_info *request; + +int hosts_access(request) +struct request_info *request; + +int hosts_ctl(daemon, client_name, client_addr, client_user) +char *daemon; +char *client_name; +char *client_addr; +char *client_user; +.fi +.SH DESCRIPTION +The routines described in this document are part of the \fIlibwrap.a\fR +library. They implement a rule-based access control language with +optional shell commands that are executed when a rule fires. +.PP +request_init() initializes a structure with information about a client +request. request_set() updates an already initialized request +structure. Both functions take a variable-length list of key-value +pairs and return their first argument. The argument lists are +terminated with a zero key value. All string-valued arguments are +copied. The expected keys (and corresponding value types) are: +.IP "RQ_FILE (int)" +The file descriptor associated with the request. +.IP "RQ_CLIENT_NAME (char *)" +The client host name. +.IP "RQ_CLIENT_ADDR (char *)" +A printable representation of the client network address. +.IP "RQ_CLIENT_SIN (struct sockaddr_in *)" +An internal representation of the client network address and port. The +contents of the structure are not copied. +.IP "RQ_SERVER_NAME (char *)" +The hostname associated with the server endpoint address. +.IP "RQ_SERVER_ADDR (char *)" +A printable representation of the server endpoint address. +.IP "RQ_SERVER_SIN (struct sockaddr_in *)" +An internal representation of the server endpoint address and port. +The contents of the structure are not copied. +.IP "RQ_DAEMON (char *)" +The name of the daemon process running on the server host. +.IP "RQ_USER (char *)" +The name of the user on whose behalf the client host makes the request. +.PP +hosts_access() consults the access control tables described in the +\fIhosts_access(5)\fR manual page. When internal endpoint information +is available, host names and client user names are looked up on demand, +using the request structure as a cache. hosts_access() returns zero if +access should be denied. +.PP +hosts_ctl() is a wrapper around the request_init() and hosts_access() +routines with a perhaps more convenient interface (though it does not +pass on enough information to support automated client username +lookups). The client host address, client host name and username +arguments should contain valid data or STRING_UNKNOWN. hosts_ctl() +returns zero if access should be denied. +.PP +The \fIallow_severity\fR and \fIdeny_severity\fR variables determine +how accepted and rejected requests may be logged. They must be provided +by the caller and may be modified by rules in the access control +tables. +.SH DIAGNOSTICS +Problems are reported via the syslog daemon. +.SH SEE ALSO +hosts_access(5), format of the access control tables. +hosts_options(5), optional extensions to the base language. +.SH FILES +/etc/hosts.allow, /etc/hosts.deny, access control tables. +.SH BUGS +hosts_access() uses the strtok() library function. This may interfere +with other code that relies on strtok(). +.SH AUTHOR +.na +.nf +Wietse Venema (wietse@wzv.win.tue.nl) +Department of Mathematics and Computing Science +Eindhoven University of Technology +Den Dolech 2, P.O. Box 513, +5600 MB Eindhoven, The Netherlands +\" @(#) hosts_access.3 1.8 96/02/11 17:01:26 |