xref: /dflybsd-src/contrib/tcp_wrappers/tcpd.h (revision f9fe93f03de041eedefb44d56c0b849ed1413129) 
1  /*
2   * @(#) tcpd.h 1.5 96/03/19 16:22:24
3   *
4   * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
5   *
6   * $FreeBSD: src/contrib/tcp_wrappers/tcpd.h,v 1.2 2000/02/03 10:26:59 shin Exp $
7   * $DragonFly: src/contrib/tcp_wrappers/tcpd.h,v 1.3 2005/09/04 01:53:07 sephe Exp $
8   */
9 
10 #ifndef _LIBWRAP_TCPD_H
11 #define _LIBWRAP_TCPD_H
12 
13 #include <sys/cdefs.h>
14 
15 /* Structure to describe one communications endpoint. */
16 
17 #define STRING_LENGTH	128		/* hosts, users, processes */
18 
19 struct host_info {
20     char    name[STRING_LENGTH];	/* access via eval_hostname(host) */
21     char    addr[STRING_LENGTH];	/* access via eval_hostaddr(host) */
22 #ifdef INET6
23     struct sockaddr *sin;		/* socket address or 0 */
24 #else
25     struct sockaddr_in *sin;		/* socket address or 0 */
26 #endif
27     struct t_unitdata *unit;		/* TLI transport address or 0 */
28     struct request_info *request;	/* for shared information */
29 };
30 
31 /* Structure to describe what we know about a service request. */
32 
33 struct request_info {
34     int     fd;				/* socket handle */
35     char    user[STRING_LENGTH];	/* access via eval_user(request) */
36     char    daemon[STRING_LENGTH];	/* access via eval_daemon(request) */
37     char    pid[10];			/* access via eval_pid(request) */
38     struct host_info client[1];		/* client endpoint info */
39     struct host_info server[1];		/* server endpoint info */
40     void  (*sink) (int);		/* datagram sink function or 0 */
41     void  (*hostname)			/* address to printable hostname */
42 	  (struct host_info *);
43     void  (*hostaddr)			/* address to printable address */
44 	  (struct host_info *);
45     void  (*cleanup) (void);		/* cleanup function or 0 */
46     struct netconfig *config;		/* netdir handle */
47 };
48 
49 /* Common string operations. Less clutter should be more readable. */
50 
51 #define STRN_CPY(d,s,l)	{ strncpy((d),(s),(l)); (d)[(l)-1] = 0; }
52 
53 #define STRN_EQ(x,y,l)	(strncasecmp((x),(y),(l)) == 0)
54 #define STRN_NE(x,y,l)	(strncasecmp((x),(y),(l)) != 0)
55 #define STR_EQ(x,y)	(strcasecmp((x),(y)) == 0)
56 #define STR_NE(x,y)	(strcasecmp((x),(y)) != 0)
57 
58  /*
59   * Initially, all above strings have the empty value. Information that
60   * cannot be determined at runtime is set to "unknown", so that we can
61   * distinguish between `unavailable' and `not yet looked up'. A hostname
62   * that we do not believe in is set to "paranoid".
63   */
64 
65 #define STRING_UNKNOWN	"unknown"	/* lookup failed */
66 #define STRING_PARANOID	"paranoid"	/* hostname conflict */
67 
68 __BEGIN_DECLS
69 extern char unknown[];
70 extern char paranoid[];
71 __END_DECLS
72 
73 #define HOSTNAME_KNOWN(s) (STR_NE((s),unknown) && STR_NE((s),paranoid))
74 
75 #define NOT_INADDR(s) (s[strspn(s,"01234567890./")] != 0)
76 
77 /* Global functions. */
78 
79 __BEGIN_DECLS
80 #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
81 extern void fromhost();			/* get/validate client host info */
82 #else
83 #define fromhost sock_host		/* no TLI support needed */
84 #endif
85 
86 int		hosts_access(struct request_info *);/* access control */
87 void		shell_cmd(char *);		/* execute shell command */
88 char		*percent_x(char *, int, char *, struct request_info *);/* do %<char> expansion */
89 void		rfc931(struct sockaddr *, struct sockaddr *, char *);/* client name from RFC 931 daemon */
90 void		clean_exit(struct request_info *);/* clean up and exit */
91 void		refuse(struct request_info *);	/* clean up and exit */
92 char		*xgets(char *, int, FILE *);	/* fgets() on steroids */
93 char		*split_at(char *, int);		/* strchr() and split */
94 unsigned long	dot_quad_addr(char *);		/* restricted inet_addr() */
95 
96 /* Global variables. */
97 
98 extern int allow_severity;		/* for connection logging */
99 extern int deny_severity;		/* for connection logging */
100 extern char *hosts_allow_table;		/* for verification mode redirection */
101 extern char *hosts_deny_table;		/* for verification mode redirection */
102 extern int hosts_access_verbose;	/* for verbose matching mode */
103 extern int rfc931_timeout;		/* user lookup timeout */
104 extern int resident;			/* > 0 if resident process */
105 
106  /*
107   * Routines for controlled initialization and update of request structure
108   * attributes. Each attribute has its own key.
109   */
110 
111 struct request_info	*request_init(struct request_info *,...);/* initialize request */
112 struct request_info	*request_set(struct request_info *,...);/* update request structure */
113 
114 #define RQ_FILE		1		/* file descriptor */
115 #define RQ_DAEMON	2		/* server process (argv[0]) */
116 #define RQ_USER		3		/* client user name */
117 #define RQ_CLIENT_NAME	4		/* client host name */
118 #define RQ_CLIENT_ADDR	5		/* client host address */
119 #define RQ_CLIENT_SIN	6		/* client endpoint (internal) */
120 #define RQ_SERVER_NAME	7		/* server host name */
121 #define RQ_SERVER_ADDR	8		/* server host address */
122 #define RQ_SERVER_SIN	9		/* server endpoint (internal) */
123 
124  /*
125   * Routines for delayed evaluation of request attributes. Each attribute
126   * type has its own access method. The trivial ones are implemented by
127   * macros. The other ones are wrappers around the transport-specific host
128   * name, address, and client user lookup methods. The request_info and
129   * host_info structures serve as caches for the lookup results.
130   */
131 
132 char	*eval_user(struct request_info *);	/* client user */
133 char	*eval_hostname(struct host_info *);	/* printable hostname */
134 char	*eval_hostaddr(struct host_info *);	/* printable host address */
135 char	*eval_hostinfo(struct host_info *);	/* host name or address */
136 char	*eval_client(struct request_info *);	/* whatever is available */
137 char	*eval_server(struct request_info *);	/* whatever is available */
138 #define eval_daemon(r)	((r)->daemon)	/* daemon process name */
139 #define eval_pid(r)	((r)->pid)	/* process id */
140 
141 /* Socket-specific methods, including DNS hostname lookups. */
142 
143 void	sock_host(struct request_info *);	/* look up endpoint addresses */
144 void	sock_hostname(struct host_info *);	/* translate address to hostname */
145 void	sock_hostaddr(struct host_info *);	/* address to printable address */
146 #define sock_methods(r) \
147 	{ (r)->hostname = sock_hostname; (r)->hostaddr = sock_hostaddr; }
148 
149 /* The System V Transport-Level Interface (TLI) interface. */
150 
151 #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
152 extern void tli_host();			/* look up endpoint addresses etc. */
153 #endif
154 
155  /*
156   * Problem reporting interface. Additional file/line context is reported
157   * when available. The jump buffer (tcpd_buf) is not declared here, or
158   * everyone would have to include <setjmp.h>.
159   */
160 
161 void	tcpd_warn(char *, ...) __printflike(1, 2);	/* report problem and proceed */
162 void	tcpd_jump(char *, ...) __printflike(1, 2);	/* report problem and jump */
163 __END_DECLS
164 
165 struct tcpd_context {
166     char   *file;			/* current file */
167     int     line;			/* current line */
168 };
169 __BEGIN_DECLS
170 extern struct tcpd_context tcpd_context;
171 __END_DECLS
172 
173  /*
174   * While processing access control rules, error conditions are handled by
175   * jumping back into the hosts_access() routine. This is cleaner than
176   * checking the return value of each and every silly little function. The
177   * (-1) returns are here because zero is already taken by longjmp().
178   */
179 
180 #define AC_PERMIT	1		/* permit access */
181 #define AC_DENY		(-1)		/* deny_access */
182 #define AC_ERROR	AC_DENY		/* XXX */
183 
184  /*
185   * In verification mode an option function should just say what it would do,
186   * instead of really doing it. An option function that would not return
187   * should clear the dry_run flag to inform the caller of this unusual
188   * behavior.
189   */
190 
191 __BEGIN_DECLS
192 void	process_options(char *, struct request_info *);	/* execute options */
193 extern int dry_run;			/* verification flag */
194 
195 /* Bug workarounds. */
196 
197 #ifdef INET_ADDR_BUG			/* inet_addr() returns struct */
198 #define inet_addr fix_inet_addr
199 extern long fix_inet_addr();
200 #endif
201 
202 #ifdef BROKEN_FGETS			/* partial reads from sockets */
203 #define fgets fix_fgets
204 extern char *fix_fgets();
205 #endif
206 
207 #ifdef RECVFROM_BUG			/* no address family info */
208 #define recvfrom fix_recvfrom
209 extern int fix_recvfrom();
210 #endif
211 
212 #ifdef GETPEERNAME_BUG			/* claims success with UDP */
213 #define getpeername fix_getpeername
214 extern int fix_getpeername();
215 #endif
216 
217 #ifdef SOLARIS_24_GETHOSTBYNAME_BUG	/* lists addresses as aliases */
218 #define gethostbyname fix_gethostbyname
219 extern struct hostent *fix_gethostbyname();
220 #endif
221 
222 #ifdef USE_STRSEP			/* libc calls strtok() */
223 #define strtok	fix_strtok
224 extern char *fix_strtok();
225 #endif
226 
227 #ifdef LIBC_CALLS_STRTOK		/* libc calls strtok() */
228 #define strtok	my_strtok
229 extern char *my_strtok();
230 #endif
231 __END_DECLS
232 
233 #endif	/* !_LIBWRAP_TCPD_H */
234