[apple/network_cmds.git] / ypserv.tproj / ypserv.acl.5

.\"	$OpenBSD: ypserv.acl.5,v 1.6 1997/08/05 09:26:56 maja Exp $
.\" Copyright (c) 1994 Mats O Jansson <moj@stacken.kth.se>
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\" 3. All advertising materials mentioning features or use of this software
.\"    must display the following acknowledgement:
.\"	This product includes software developed by Mats O Jansson
.\" 4. The name of the author may not be used to endorse or promote products
.\"    derived from this software without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS
.\" OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
.\" DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.Dd July 2, 1994
.Dt YPSERV.ACL 5
.Os
.Sh NAME
.Nm ypserv.acl
.Nd 
.Xr ypserv 8
configuration file
.Sh DESCRIPTION
The 
.Nm ypserv.acl
file controls which hosts can connect to the
.Nm YP
server.
.Pp
The format is more complex than the format for
.Xr securenet 5 .
The first two verbs on each line controls if the line will
.Nm allow
or
.Nm deny
access for a
.Nm host ,
network
.Nm (net)
or
.Nm all
hosts.
.Pp
The
.Nm YP
server reads the configuration file and build a list in memory. This list
is processed from the beginning for every incomming request. As soon a
match is found in the list the search terminates and it returns success
or failure depending on 
.Nm allow
or 
.Nm deny .
If no match was found in the list success is returned.
.Pp
If access is denied every call will cause a 
.Nm no such domain
error for the caller.
.Pp
Don't forget to allow localhost access if you want the machine running
.Nm ypserv
access it too.
.Pp
There is no default name for this file. Start 
.Nm ypserv
with a
.Ar -a filename
to read a file with this format.
.Pp
The following different syntax can be used:
.Pp
<
.Nm allow|deny
>
.Nm host
<
.Nm hostname|ip-address
>
.Pp
If 
.Nm hostname
has more than one ip address then all will be added to the list.
.Pp
<
.Nm allow|deny
>
.Nm net
<
.Nm netname|netnumber
>
.Op Nm netmask <netname|netnumber>
.Pp
If
.Nm netmask
part of the command isn't given then the netmask will be assumed to be a
class A, B or C net depending on the net number.
.Pp
<
.Nm allow|deny 
>
.Nm all
.Pp
A line containing one of these commands will always match any host.
.Sh EXAMPLES
.Pp
A configuration file might appear as follows:
.Bd -literal
# This is an example of an access control file to be used by ypserv.
#
# This file is parsed line by line. First match will terminate the check
# of the caller.
#

###########################################################################
# This is the commands that will match a single host
#
#	allow host <hostname|ip-address>
#	deny host <hostname|ip-address>
#
# To process hostname gethostbyname is called. If the hostname has
# multiple ip-addresses all will be added (I hope). ip-address
# processed by inet_aton.
allow host localhost
deny host jodie

###########################################################################
# This is the commands that will match a network
#
#	allow net <netname|netnumber> [netmask <netname|netnumber>]
#	deny net <netname|netnumber> [netmask <netname|netnumber>]
#
# To process netname getnetbyname is called, and inet_aton is used for
# netnumber. inet_aton both access numbers as 255.255.255.0 and 0xffffff00.
#
# If netmask isn't given the parser will assume netmask from the first bits
# of the network number. So if the network is subneted the you have to add
# the netmask. In my case I've got the network 139.58.253.0 at home so too
# allow any of my computers to talk with the server I need the following
# line
#
allow net mojathome netmask 255.255.255.0

###########################################################################
# At last we have a command that will match any caller:
#
#	allow all 
#	deny all
#

# reject all connections
deny all

.Ed
.Sh FILES
.Bl -tag -width /var/yp/ypserv.acl -compact
.It Pa /var/yp/ypserv.acl
A
.Xr ypserv 8
configuration file.
.El
.Sh SEE ALSO
.Xr yp 8 ,
.Xr ypserv 8 ,
.Xr securenet 5
.Sh AUTHOR
Mats O Jansson <moj@stacken.kth.se>
Commit	Line	Data
b7080c8e A	1	.\" $OpenBSD: ypserv.acl.5,v 1.6 1997/08/05 09:26:56 maja Exp $
	2	.\" Copyright (c) 1994 Mats O Jansson <moj@stacken.kth.se>
	3	.\" All rights reserved.
	4	.\"
	5	.\" Redistribution and use in source and binary forms, with or without
	6	.\" modification, are permitted provided that the following conditions
	7	.\" are met:
	8	.\" 1. Redistributions of source code must retain the above copyright
	9	.\" notice, this list of conditions and the following disclaimer.
	10	.\" 2. Redistributions in binary form must reproduce the above copyright
	11	.\" notice, this list of conditions and the following disclaimer in the
	12	.\" documentation and/or other materials provided with the distribution.
	13	.\" 3. All advertising materials mentioning features or use of this software
	14	.\" must display the following acknowledgement:
	15	.\" This product includes software developed by Mats O Jansson
	16	.\" 4. The name of the author may not be used to endorse or promote products
	17	.\" derived from this software without specific prior written permission.
	18	.\"
	19	.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS
	20	.\" OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
	21	.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	22	.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
	23	.\" DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	24	.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	25	.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	26	.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	27	.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	28	.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	29	.\" SUCH DAMAGE.
	30	.\"
	31	.Dd July 2, 1994
	32	.Dt YPSERV.ACL 5
	33	.Os
	34	.Sh NAME
	35	.Nm ypserv.acl
	36	.Nd
	37	.Xr ypserv 8
	38	configuration file
	39	.Sh DESCRIPTION
	40	The
	41	.Nm ypserv.acl
	42	file controls which hosts can connect to the
	43	.Nm YP
	44	server.
	45	.Pp
	46	The format is more complex than the format for
	47	.Xr securenet 5 .
	48	The first two verbs on each line controls if the line will
	49	.Nm allow
	50	or
	51	.Nm deny
	52	access for a
	53	.Nm host ,
	54	network
	55	.Nm (net)
	56	or
	57	.Nm all
	58	hosts.
	59	.Pp
	60	The
	61	.Nm YP
	62	server reads the configuration file and build a list in memory. This list
	63	is processed from the beginning for every incomming request. As soon a
	64	match is found in the list the search terminates and it returns success
65	or failure depending on
66	.Nm allow
67	or
68	.Nm deny .
69	If no match was found in the list success is returned.
70	.Pp
71	If access is denied every call will cause a
72	.Nm no such domain
73	error for the caller.
74	.Pp
75	Don't forget to allow localhost access if you want the machine running
76	.Nm ypserv
77	access it too.
78	.Pp
79	There is no default name for this file. Start
80	.Nm ypserv
81	with a
82	.Ar -a filename
83	to read a file with this format.
84	.Pp
85	The following different syntax can be used:
86	.Pp
87	<
88	.Nm allow\|deny
89	>
90	.Nm host
91	<
92	.Nm hostname\|ip-address
93	>
94	.Pp
95	If
96	.Nm hostname
97	has more than one ip address then all will be added to the list.
98	.Pp
99	<
100	.Nm allow\|deny
101	>
102	.Nm net
103	<
104	.Nm netname\|netnumber
105	>
106	.Op Nm netmask <netname\|netnumber>
107	.Pp
108	If
109	.Nm netmask
110	part of the command isn't given then the netmask will be assumed to be a
111	class A, B or C net depending on the net number.
112	.Pp
113	<
114	.Nm allow\|deny
115	>
116	.Nm all
117	.Pp
118	A line containing one of these commands will always match any host.
119	.Sh EXAMPLES
120	.Pp
121	A configuration file might appear as follows:
122	.Bd -literal
123	# This is an example of an access control file to be used by ypserv.
124	#
125	# This file is parsed line by line. First match will terminate the check
126	# of the caller.
127	#
128
129	###########################################################################
130	# This is the commands that will match a single host
131	#
132	# allow host <hostname\|ip-address>
133	# deny host <hostname\|ip-address>
134	#
135	# To process hostname gethostbyname is called. If the hostname has
136	# multiple ip-addresses all will be added (I hope). ip-address
137	# processed by inet_aton.
138	allow host localhost
139	deny host jodie
140
141	###########################################################################
142	# This is the commands that will match a network
143	#
144	# allow net <netname\|netnumber> [netmask <netname\|netnumber>]
145	# deny net <netname\|netnumber> [netmask <netname\|netnumber>]
146	#
147	# To process netname getnetbyname is called, and inet_aton is used for
148	# netnumber. inet_aton both access numbers as 255.255.255.0 and 0xffffff00.
149	#
150	# If netmask isn't given the parser will assume netmask from the first bits
151	# of the network number. So if the network is subneted the you have to add
152	# the netmask. In my case I've got the network 139.58.253.0 at home so too
153	# allow any of my computers to talk with the server I need the following
154	# line
155	#
156	allow net mojathome netmask 255.255.255.0
157
158	###########################################################################
159	# At last we have a command that will match any caller:
160	#
161	# allow all
162	# deny all
163	#
164
165	# reject all connections
166	deny all
167
168	.Ed
169	.Sh FILES
170	.Bl -tag -width /var/yp/ypserv.acl -compact
171	.It Pa /var/yp/ypserv.acl
172	A
173	.Xr ypserv 8
174	configuration file.
175	.El
176	.Sh SEE ALSO
177	.Xr yp 8 ,
178	.Xr ypserv 8 ,
179	.Xr securenet 5
180	.Sh AUTHOR
181	Mats O Jansson <moj@stacken.kth.se>
182