From ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3 Mon Sep 17 00:00:00 2001
From: Yuri Pankov <yuri.pankov@nexenta.com>
Date: Wed, 10 Aug 2011 22:43:54 -0700
Subject: 635 sed manual page needs significant updates 1188 Move pppdump and
 tcpd manpages to usr/src/man 1189 add stdin/stdout/stderr(3C) manpage
 symlinks 1190 Remove source-security-tcp-wrapper and SUNWtcpdS packages 1191
 Remove source-network-pppdump and SUNWpppgS packages 1192 fd manpage should
 be in section 7 Reviewed by: Albert Lee <trisk@opensolaris.org> Reviewed by:
 Gordon Ross <gordon.w.ross@gmail.com> Approved by: Garrett D'Amore
 <garrett@nexenta.com>

---
 usr/src/man/man3/Makefile       | 14 +++++--
 usr/src/man/man3/hosts_access.3 | 93 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 103 insertions(+), 4 deletions(-)
 create mode 100644 usr/src/man/man3/hosts_access.3

(limited to 'usr/src/man/man3')

diff --git a/usr/src/man/man3/Makefile b/usr/src/man/man3/Makefile
index 5d73a0b0e5..0ac3a03cd8 100644
--- a/usr/src/man/man3/Makefile
+++ b/usr/src/man/man3/Makefile
@@ -9,22 +9,28 @@
 # at http://www.illumos.org/license/CDDL.
 #
 
+#
 # Copyright 2011, Richard Lowe
+# Copyright 2011 Nexenta Systems, Inc. All rights reserved.
+#
 
 include ../../Makefile.master
 
 MANSECT = 	3
 
-MANSOFILES =	intro.3
+MANSOFILES =	intro.3 \
+		libwrap.3
+
 MANFILES = 	Intro.3 \
+		hosts_access.3 \
 		$(MANSOFILES)
 
-intro.3 := SOSRC = man3/Intro.3
+intro.3		:= SOSRC = man3/Intro.3
+
+libwrap.3	:= SOSRC = man3/hosts_access.3
 
 .KEEP_STATE:
 
 include ../Makefile.man
 
 install: $(ROOTMANFILES)
-
-
diff --git a/usr/src/man/man3/hosts_access.3 b/usr/src/man/man3/hosts_access.3
new file mode 100644
index 0000000000..ba0a7c5a01
--- /dev/null
+++ b/usr/src/man/man3/hosts_access.3
@@ -0,0 +1,93 @@
+.TH HOSTS_ACCESS 3
+.SH NAME
+hosts_access, hosts_ctl, libwrap, request_init, request_set \- access control library
+.SH SYNOPSIS
+.nf
+#include "tcpd.h"
+
+extern int allow_severity;
+extern int deny_severity;
+
+struct request_info *request_init(request, key, value, ..., 0)
+struct request_info *request;
+
+struct request_info *request_set(request, key, value, ..., 0)
+struct request_info *request;
+
+int hosts_access(request)
+struct request_info *request;
+
+int hosts_ctl(daemon, client_name, client_addr, client_user)
+char *daemon;
+char *client_name;
+char *client_addr;
+char *client_user;
+.fi
+.SH DESCRIPTION
+The routines described in this document are part of the \fIlibwrap.a\fR
+library. They implement a rule-based access control language with
+optional shell commands that are executed when a rule fires.
+.PP
+request_init() initializes a structure with information about a client
+request. request_set() updates an already initialized request
+structure. Both functions take a variable-length list of key-value
+pairs and return their first argument.  The argument lists are
+terminated with a zero key value. All string-valued arguments are
+copied. The expected keys (and corresponding value types) are:
+.IP "RQ_FILE (int)"
+The file descriptor associated with the request.
+.IP "RQ_CLIENT_NAME (char *)"
+The client host name.
+.IP "RQ_CLIENT_ADDR (char *)"
+A printable representation of the client network address.
+.IP "RQ_CLIENT_SIN (struct sockaddr_in *)"
+An internal representation of the client network address and port.  The
+contents of the structure are not copied.
+.IP "RQ_SERVER_NAME (char *)"
+The hostname associated with the server endpoint address.
+.IP "RQ_SERVER_ADDR (char *)"
+A printable representation of the server endpoint address.
+.IP "RQ_SERVER_SIN (struct sockaddr_in *)"
+An internal representation of the server endpoint address and port.
+The contents of the structure are not copied.
+.IP "RQ_DAEMON (char *)"
+The name of the daemon process running on the server host.
+.IP "RQ_USER (char *)"
+The name of the user on whose behalf the client host makes the request.
+.PP
+hosts_access() consults the access control tables described in the
+\fIhosts_access(5)\fR manual page.  When internal endpoint information
+is available, host names and client user names are looked up on demand,
+using the request structure as a cache.  hosts_access() returns zero if
+access should be denied.
+.PP
+hosts_ctl() is a wrapper around the request_init() and hosts_access()
+routines with a perhaps more convenient interface (though it does not
+pass on enough information to support automated client username
+lookups).  The client host address, client host name and username
+arguments should contain valid data or STRING_UNKNOWN.  hosts_ctl()
+returns zero if access should be denied.
+.PP
+The \fIallow_severity\fR and \fIdeny_severity\fR variables determine
+how accepted and rejected requests may be logged. They must be provided
+by the caller and may be modified by rules in the access control
+tables.
+.SH DIAGNOSTICS
+Problems are reported via the syslog daemon.
+.SH SEE ALSO
+hosts_access(5), format of the access control tables.
+hosts_options(5), optional extensions to the base language.
+.SH FILES
+/etc/hosts.allow, /etc/hosts.deny, access control tables.
+.SH BUGS
+hosts_access() uses the strtok() library function. This may interfere
+with other code that relies on strtok().
+.SH AUTHOR
+.na
+.nf
+Wietse Venema (wietse@wzv.win.tue.nl)
+Department of Mathematics and Computing Science
+Eindhoven University of Technology
+Den Dolech 2, P.O. Box 513, 
+5600 MB Eindhoven, The Netherlands
+\" @(#) hosts_access.3 1.8 96/02/11 17:01:26
-- 
cgit v1.2.3