Securing by Hostname or Domain Name
When a client connects to your server, you will recall that the server receives the socket address of the client from the function call to accept(2).
/*
* Example
*/
struct sockaddr_in adr_clnt;/* AF_INET */
int len_inet; /* length */
int c; /* Client socket */
. . .
len_inet = sizeof adr_clnt;
c = accept(s,
(struct sockaddr *)&adr_clnt,
&len_inet);
Datagram servers obtain the client's address from the recvfrom(2) function.
/*
* Example
*/
int z;
struct sockaddr_in adr_clnt; /* AF_INET */
int len_inet; /* length */
int s; /* Socket */
char dgram[512]; /* Recv buffer */
len_inet = sizeof adr_clnt;
z = recvfrom(s, /* Socket */
dgram, /* Receiving buffer */
sizeof dgram, /* Max recv buf size */
0, /* Flags: no options */
(struct sockaddr *)&adr_clnt,/* Addr */
&len_inet); /* Addr len, in & out */
After the client's address has been obtained in either type of server, you then apply the techniques from my previous post, "Hostname and Network Name Lookups," using the gethostbyaddr(3) function. Here is another code excerpt from Listing 9.8 to review how a client's IP number is resolved to a hostname:
/*
* Example
*/
struct sockaddr_in adr_clnt;/* AF_INET */
struct hostent *hp; /* Host entry ptr */
hp = gethostbyaddr((char *)&adr_clnt.sin_addr,
sizeof adr_clnt.sin_addr, adr_clnt.sin_family);
if ( !hp ) {
fprintf(logf," Error: %s\n", hstrerror(h_errno));
}
else {
fprintf(logf," %s\n", hp->h_name);
}
After the server has the fully qualified hostname in hp->h_name, it is able to apply any grant or deny policy that the program designer wants.
No comments:
Post a Comment