168 lines
4.9 KiB
Groff
168 lines
4.9 KiB
Groff
.\" $NetBSD: ypserv.acl.5,v 1.3 1997/11/08 15:03:47 lukem Exp $
|
|
.\"
|
|
.\" Copyright (c) 1994 Mats O Jansson <moj@stacken.kth.se>
|
|
.\" All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\" 3. All advertising materials mentioning features or use of this software
|
|
.\" must display the following acknowledgement:
|
|
.\" This product includes software developed by Mats O Jansson
|
|
.\" 4. The name of the author may not be used to endorse or promote products
|
|
.\" derived from this software without specific prior written permission.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS
|
|
.\" OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
|
.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
|
.\" DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
.\" SUCH DAMAGE.
|
|
.\"
|
|
.Dd July 2, 1994
|
|
.Dt YPSERV.ACL 5
|
|
.Os
|
|
.Sh NAME
|
|
.Nm ypserv.acl
|
|
.Nd
|
|
.Xr ypserv 8
|
|
configuration file
|
|
.Sh DESCRIPTION
|
|
The
|
|
.Nm
|
|
file controls which hosts can connect to the
|
|
.Tn YP
|
|
server.
|
|
.Pp
|
|
The format is more complex than the format for
|
|
.Xr securenet 5 .
|
|
The first two verbs on each line controls if the line will
|
|
.Em allow
|
|
or
|
|
.Em deny
|
|
access for a
|
|
.Em host ,
|
|
network
|
|
.Em (net)
|
|
or
|
|
.Em all
|
|
hosts.
|
|
.Pp
|
|
The
|
|
.Tn YP
|
|
server reads the configuration file and build a list in memory.
|
|
This list is processed from the beginning for every incomming request.
|
|
As soon a match is found in the list the search terminates and it
|
|
returns success or failure depending on
|
|
.Em allow
|
|
or
|
|
.Em deny .
|
|
If no match was found in the list success is returned.
|
|
.Pp
|
|
If access is denied every call will cause a
|
|
.Dq no such domain
|
|
error for the caller.
|
|
.Pp
|
|
There is no default name for this file. Start
|
|
.Nm ypserv
|
|
with a
|
|
.Fl a Ar filename
|
|
to read a file with this format.
|
|
.Pp
|
|
The following different syntax can be used:
|
|
.Pp
|
|
.Aq Em allow|deny
|
|
.Em host
|
|
.Aq Em hostname|ip-address
|
|
.Pp
|
|
If
|
|
.Em hostname
|
|
has more than one ip address then all will be added to the list.
|
|
.Pp
|
|
.Aq Em allow|deny
|
|
.Em net
|
|
.Aq Em netname|netnumber
|
|
.Op Em netmask Aq netname|netnumber
|
|
.Pp
|
|
If the
|
|
.Em netmask
|
|
part of the command isn't given then the netmask will be assumed to be a
|
|
class A, B or C net depending on the net number.
|
|
.Pp
|
|
.Aq Em allow|deny
|
|
.Em all
|
|
.Pp
|
|
A line containing one of these commands will always match any host.
|
|
.Sh EXAMPLES
|
|
.Pp
|
|
A configuration file might appear as follows:
|
|
.Bd -literal
|
|
# This is an example of an access control file to be used by ypserv.
|
|
#
|
|
# This file is parsed line by line. First match will terminate the check
|
|
# of the caller.
|
|
#
|
|
|
|
###########################################################################
|
|
# This is the commands that will match a single host
|
|
#
|
|
# allow host <hostname|ip-address>
|
|
# deny host <hostname|ip-address>
|
|
#
|
|
# To process hostname gethostbyname is called. If the hostname has
|
|
# multiple ip-addresses all will be added (I hope). ip-address
|
|
# processed by inet_aton.
|
|
deny host jodie
|
|
|
|
###########################################################################
|
|
# This is the commands that will match a network
|
|
#
|
|
# allow net <netname|netnumber> [netmask <netname|netnumber>]
|
|
# deny net <netname|netnumber> [netmask <netname|netnumber>]
|
|
#
|
|
# To process netname getnetbyname is called, and inet_aton is used for
|
|
# netnumber. inet_aton both access numbers as 255.255.255.0 and 0xffffff00.
|
|
#
|
|
# If netmask isn't given the parser will assume netmask from the first bits
|
|
# of the network number. So if the network is subneted the you have to add
|
|
# the netmask. In my case I've got the network 139.58.253.0 at home so too
|
|
# allow any of my computers to talk with the server I need the following
|
|
# line
|
|
#
|
|
allow net mojathome netmask 255.255.255.0
|
|
|
|
###########################################################################
|
|
# At last we have a command that will match any caller:
|
|
#
|
|
# allow all
|
|
# deny all
|
|
#
|
|
|
|
# reject all connections
|
|
deny all
|
|
|
|
.Ed
|
|
.Sh FILES
|
|
.Bl -tag -width /var/yp/ypserv.acl -compact
|
|
.It Pa /var/yp/ypserv.acl
|
|
A
|
|
.Xr ypserv 8
|
|
configuration file.
|
|
.El
|
|
.Sh SEE ALSO
|
|
.Xr securenet 5 ,
|
|
.Xr yp 8 ,
|
|
.Xr ypserv 8
|
|
.Sh AUTHOR
|
|
Mats O Jansson <moj@stacken.kth.se>
|