servxcheck - Internet service access check
#define _MINIX_SOURCE 1
int servxcheck(int fd, const char *service,
void (*logf)(int pass, const char *name));
char *servxfile(const char *file);
Servxcheck() is used by programs like inetd to perform an access check on
the host connected to the other end of the TCP channel referenced by file
Servxcheck() determines the IP address of the remote host, translates it
to the associated host name if necessary, and checks if the host is
granted access as guided by the file /etc/serv.access. (See
serv.access(5).) The service name used to search the access file is
passed by the caller as service. These names should be the same as the
service names in /etc/services.
An attempt to connect to a service is logged if the access is denied.
You can use the special checkword "log" to also log if access is granted.
Logging will be done to /usr/adm/log. One may do one's own logging by
supplying a logf function that will be called by servxcheck with a first
argument that is true if access is granted, false if denied, and a second
argument that is the name of the remote host whose access has been
The default is to fail the check unless the access file says otherwise.
Strange errors make the check succeed. We do not want remote access to
fail because of some system error. Note that this function is not meant
to check access to the system, that's what passwords and such are for,
but only to limit access to those who are allowed to use the services the
Connections from a machine to itself are accepted immediately. No
further checks, no logging.
Servxfile() may be used to specify a file other than the default
/etc/serv.access. This is useful for programs started from inetd that
want to handle the access check themselves, using a private access file.
The return value of servxfile() is the pathname of the old access file.
Only a pointer to the new path is saved, the caller must keep the string
it points to intact.
/etc/serv.access Default access check file.
serv.access(5), services(5), inetd(8).
Servxcheck() returns 0 if the access is denied, 1 if granted.
Typical log message:
Apr 10 13:27:59 service 'shell' granted to jetsam.cs.vu.nl
IP and DNS based access checks will stop most crackers, but not the
really determined ones. Luckily Minix is sufficiently strange to thwart
the well known cracking schemes. But don't ever allow yourself to feel
Kees J. Bot <firstname.lastname@example.org>