servxcheck - Internet service access check

     #define _MINIX_SOURCE 1
     #include </net/gen/netdb.h>

     int servxcheck(int fd, const char *service,
             void (*logf)(int pass, const char *name));
     char *servxfile(const char *file);

     Servxcheck() is used by programs like inetd to perform an access check on
     the host connected to the other end of the TCP channel referenced by file
     descriptor fd.

     Servxcheck() determines the IP address of the remote host, translates  it
     to  the  associated  host  name  if  necessary, and checks if the host is
     granted  access  as  guided   by   the   file   /etc/serv.access.    (See
     serv.access(5).)   The  service  name  used  to search the access file is
     passed by the caller as service.  These names should be the same  as  the
     service names in /etc/services.

     An attempt to connect to a service is logged if  the  access  is  denied.
     You can use the special checkword "log" to also log if access is granted.
     Logging will be done to /usr/adm/log.  One may do one's  own  logging  by
     supplying  a logf function that will be called by servxcheck with a first
     argument that is true if access is granted, false if denied, and a second
     argument  that  is  the  name  of  the  remote host whose access has been

     The default is to fail the check unless the access file  says  otherwise.
     Strange  errors  make the check succeed.  We do not want remote access to
     fail because of some system error.  Note that this function is not  meant
     to  check  access  to the system, that's what passwords and such are for,
     but only to limit access to those who are allowed to use the services the
     system offers.

     Connections from a  machine  to  itself  are  accepted  immediately.   No
     further checks, no logging.

     Servxfile() may be  used  to  specify  a  file  other  than  the  default
     /etc/serv.access.   This  is  useful for programs started from inetd that
     want to handle the access check themselves, using a private access  file.
     The  return  value of servxfile() is the pathname of the old access file.
     Only a pointer to the new path is saved, the caller must keep the  string
     it points to intact.


     /etc/serv.access         Default access check file.

     serv.access(5), services(5), inetd(8).

     Servxcheck() returns 0 if the access is denied, 1 if granted.

     Typical log message:

          Apr 10 13:27:59 service 'shell' granted to

     IP and DNS based access checks will  stop  most  crackers,  but  not  the
     really  determined ones.  Luckily Minix is sufficiently strange to thwart
     the well known cracking schemes.  But don't ever allow yourself  to  feel

     Kees J. Bot <>