[9] | 1 | .TH SERVXCHECK 3
|
---|
| 2 | .SH NAME
|
---|
| 3 | servxcheck \- Internet service access check
|
---|
| 4 | .SH SYNOPSIS
|
---|
| 5 | .ft B
|
---|
| 6 | .nf
|
---|
| 7 | #define _MINIX_SOURCE 1
|
---|
| 8 | #include </net/gen/netdb.h>
|
---|
| 9 |
|
---|
| 10 | int servxcheck(ipaddr_t \fIpeer\fP, const char *\fIservice\fP,
|
---|
| 11 | void (*\fIlogf\fP)(int \fIpass\fP, const char *\fIname\fP));
|
---|
| 12 | char *servxfile(const char *\fIfile\fP);
|
---|
| 13 | .fi
|
---|
| 14 | .ft R
|
---|
| 15 | .SH DESCRIPTION
|
---|
| 16 | .B Servxcheck()
|
---|
| 17 | is used by programs like
|
---|
| 18 | .B inetd
|
---|
| 19 | to perform an access check on the host connected to the other end of the TCP
|
---|
| 20 | channel that has IP address
|
---|
| 21 | .IR peer .
|
---|
| 22 | .PP
|
---|
| 23 | .B Servxcheck()
|
---|
| 24 | translates the IP address to the
|
---|
| 25 | associated host name if necessary, and checks if the host is granted access
|
---|
| 26 | as guided by the file
|
---|
| 27 | .BR /etc/serv.access .
|
---|
| 28 | (See
|
---|
| 29 | .BR serv.access (5).)
|
---|
| 30 | The service name used to search the access file is passed by the caller as
|
---|
| 31 | .IR service .
|
---|
| 32 | These names should be the same as the service names in
|
---|
| 33 | .BR /etc/services .
|
---|
| 34 | .PP
|
---|
| 35 | The caller should use the NWIOGTCPCONF ioctl() call to find out what the
|
---|
| 36 | IP address of the remote end is. It is wise to bypass the
|
---|
| 37 | .B servxcheck()
|
---|
| 38 | call if the remote end happens to be the local machine (remaddr == locaddr),
|
---|
| 39 | so that local connections aren't impeded by slow checks.
|
---|
| 40 | .B Servxcheck()
|
---|
| 41 | will itself allow connections from 127.0.0.1/8 immediately, so you
|
---|
| 42 | don't have to check for that. Example of use:
|
---|
| 43 | .PP
|
---|
| 44 | .RS
|
---|
| 45 | .nf
|
---|
| 46 | .ta +4n +4n +4n
|
---|
| 47 | if (ioctl(fd, NWIOGTCPCONF, &tcpconf) < 0
|
---|
| 48 | || tcpconf.nwtc_remaddr == tcpconf.nwtc_locaddr
|
---|
| 49 | || servxcheck(tcpconf.nwtc_remaddr, service_name, NULL)
|
---|
| 50 | ) {
|
---|
| 51 | serve();
|
---|
| 52 | }
|
---|
| 53 | .fi
|
---|
| 54 | .RE
|
---|
| 55 | .PP
|
---|
| 56 | An attempt to connect to a service is logged if the access is denied. You
|
---|
| 57 | can use the special checkword "\fBlog\fP" to also log if access is granted.
|
---|
| 58 | Logging will be done with
|
---|
| 59 | .B syslog()
|
---|
| 60 | at the
|
---|
| 61 | .B warning
|
---|
| 62 | level.
|
---|
| 63 | A syntax error in the access file may be logged under the
|
---|
| 64 | .B err
|
---|
| 65 | level.
|
---|
| 66 | The caller must use
|
---|
| 67 | .B openlog()
|
---|
| 68 | to set the appropriate logging facility. One may do one's own logging by
|
---|
| 69 | supplying a
|
---|
| 70 | .I logf
|
---|
| 71 | function that will be called by
|
---|
| 72 | .B servxcheck
|
---|
| 73 | with a first argument that is true if access is granted, false if
|
---|
| 74 | denied, and a second argument that is the name of the remote host whose
|
---|
| 75 | access has been checked.
|
---|
| 76 | .PP
|
---|
| 77 | The default is to fail the check unless the access file says otherwise.
|
---|
| 78 | Strange errors make the check succeed. (We do not want
|
---|
| 79 | remote access to fail because of some system error.) Note that this
|
---|
| 80 | function is not meant to check access to the system, that's what
|
---|
| 81 | passwords and such are for, but only to limit access to those who are
|
---|
| 82 | allowed to use the services the system offers.
|
---|
| 83 | .PP
|
---|
| 84 | Connections from a machine to itself are accepted immediately. No further
|
---|
| 85 | checks, no logging.
|
---|
| 86 | .PP
|
---|
| 87 | .B Servxfile()
|
---|
| 88 | may be used to specify a file other than the default
|
---|
| 89 | .BR /etc/serv.access .
|
---|
| 90 | This is useful for programs started from
|
---|
| 91 | .B inetd
|
---|
| 92 | that want to handle the access check themselves, using a private access file.
|
---|
| 93 | The return value of
|
---|
| 94 | .B servxfile()
|
---|
| 95 | is the pathname of the old access file. Only a pointer to the new path is
|
---|
| 96 | saved, the caller must keep the string it points to intact.
|
---|
| 97 | .SH FILES
|
---|
| 98 | .TP 25n
|
---|
| 99 | .B /etc/serv.access
|
---|
| 100 | Default access check file.
|
---|
| 101 | .SH "SEE ALSO"
|
---|
| 102 | .BR syslog (3),
|
---|
| 103 | .BR serv.access (5),
|
---|
| 104 | .BR services (5),
|
---|
| 105 | .BR inetd (8).
|
---|
| 106 | .SH DIAGNOSTICS
|
---|
| 107 | .B Servxcheck()
|
---|
| 108 | returns 0 if the access is denied, 1 if granted.
|
---|
| 109 | .PP
|
---|
| 110 | Typical syslog message:
|
---|
| 111 | .PP
|
---|
| 112 | .RS
|
---|
| 113 | Jan 10 20:27:20 flotsam inetd[174]: service 'shell' granted to jetsam.cs.vu.nl
|
---|
| 114 | .RE
|
---|
| 115 | .SH BUGS
|
---|
| 116 | IP and DNS based access checks will stop most crackers, but not the really
|
---|
| 117 | determined ones. Luckily MINIX 3 is sufficiently strange to thwart the well
|
---|
| 118 | known cracking schemes. But don't ever allow yourself to feel secure.
|
---|
| 119 | .SH AUTHOR
|
---|
| 120 | Kees J. Bot <kjb@cs.vu.nl>
|
---|