.\"	$OpenBSD: rfc1413.3,v 1.14 2007/05/31 19:19:39 jmc Exp $
.\"
.\" Copyright (c) 2001, Bob Beck.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS
.\" OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
.\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
.\" DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT,
.\" INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
.\" (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
.\" SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
.\" CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.Dd $Mdocdate: May 31 2007 $
.Dt RFC1413 3
.Os
.Sh NAME
.Nm rfc1413
.Nd libwrap client side ident implementation
.Sh SYNOPSIS
.Fd #include <tcpd.h>
.Ft int
.Fn rfc1413 "struct sockaddr *rmt_sin" "struct sockaddr *our_sin" "char *dest" "size_t dsize" "int ident_timeout_time"
.Sh DESCRIPTION
.Fn rfc1413
retrieves a user name from a remote system using the
.Nm ident
protocol described in RFC 1413.
It is implemented in the
.Nm libwrap.a
library.
.Pp
.Fn rfc1413
takes two sockaddr pointers as parameters:
.Nm rmt_sin
for the remote host end of a connected TCP socket, and
.Nm our_sin
for the local end.
.Nm dest
should be allocated by the caller to store the found username,
and must be of length at least
.Nm dsize .
.Nm ident_timeout_time
is a timeout in seconds on the entire ident query, used to ensure
that you don't wait forever for a slow or unresponsive remote host
to answer the ident query.
.Sh RETURN VALUES
When username lookup is successful,
.Fn rfc1413
strips the trailing CRLF from the returned value and stores up to
.Nm "dsize - 1"
bytes of the returned username into
.Nm dest ,
always terminating with a NUL byte.
In this case 0 is returned.
.Fn rfc1413
returns -1 if any failure occurs such that it was unable to
retrieve the remote username.
.Sh SEE ALSO
.Xr hosts_access 3
.Sh BUGS
The ident protocol only works on TCP sockets.
.Pp
Ident connections are made unencrypted, and nothing prevents the
remote server from lying about who the user is.
Consequently, ident should never be used to authenticate users.
ident is however, quite useful for logging users of connections
from multiuser machines that can be trusted not to lie about it.
.\" @(#) hosts_access.3 1.8 96/02/11 17:01:26