xref: /netbsd-src/lib/libwrap/tcpd.h (revision 5aefcfdc06931dd97e76246d2fe0302f7b3fe094) 
1 /*	$NetBSD: tcpd.h,v 1.10 2000/10/04 16:24:49 sommerfeld Exp $	*/
2  /*
3   * @(#) tcpd.h 1.5 96/03/19 16:22:24
4   *
5   * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
6   */
7 
8 #include <stdio.h>
9 
10 /* Structure to describe one communications endpoint. */
11 
12 #define STRING_LENGTH	128		/* hosts, users, processes */
13 
14 struct host_info {
15     char    name[STRING_LENGTH];	/* access via eval_hostname(host) */
16     char    addr[STRING_LENGTH];	/* access via eval_hostaddr(host) */
17     struct sockaddr *sin;		/* socket address or 0 */
18     struct t_unitdata *unit;		/* TLI transport address or 0 */
19     struct request_info *request;	/* for shared information */
20 };
21 
22 /* Structure to describe what we know about a service request. */
23 
24 struct request_info {
25     int     fd;				/* socket handle */
26     char    user[STRING_LENGTH];	/* access via eval_user(request) */
27     char    daemon[STRING_LENGTH];	/* access via eval_daemon(request) */
28     char    pid[10];			/* access via eval_pid(request) */
29     struct host_info client[1];		/* client endpoint info */
30     struct host_info server[1];		/* server endpoint info */
31     void  (*sink)			/* datagram sink function or 0 */
32 		__P((int));
33     void  (*hostname)			/* address to printable hostname */
34 		__P((struct host_info *));
35     void  (*hostaddr)			/* address to printable address */
36 		__P((struct host_info *));
37     void  (*cleanup)			/* cleanup function or 0 */
38 		__P((void));
39     struct netconfig *config;		/* netdir handle */
40 };
41 
42 /* Common string operations. Less clutter should be more readable. */
43 
44 #define STRN_CPY(d,s,l)	{ strncpy((d),(s),(l)); (d)[(l)-1] = 0; }
45 
46 #define STRN_EQ(x,y,l)	(strncasecmp((x),(y),(l)) == 0)
47 #define STRN_NE(x,y,l)	(strncasecmp((x),(y),(l)) != 0)
48 #define STR_EQ(x,y)	(strcasecmp((x),(y)) == 0)
49 #define STR_NE(x,y)	(strcasecmp((x),(y)) != 0)
50 
51  /*
52   * Initially, all above strings have the empty value. Information that
53   * cannot be determined at runtime is set to "unknown", so that we can
54   * distinguish between `unavailable' and `not yet looked up'. A hostname
55   * that we do not believe in is set to "paranoid".
56   */
57 
58 #define STRING_UNKNOWN	"unknown"	/* lookup failed */
59 #define STRING_PARANOID	"paranoid"	/* hostname conflict */
60 
61 extern char unknown[];
62 extern char paranoid[];
63 
64 #define HOSTNAME_KNOWN(s) (STR_NE((s),unknown) && STR_NE((s),paranoid))
65 
66 #define NOT_INADDR(s) (s[strspn(s,"01234567890./")] != 0)
67 
68 /* Global functions. */
69 
70 #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
71 extern void fromhost			/* get/validate client host info */
72 		__P((struct request_info *));
73 #else
74 #define fromhost sock_host		/* no TLI support needed */
75 #endif
76 
77 extern int hosts_access			/* access control */
78 		__P((struct request_info *));
79 extern int hosts_ctl			/* limited interface to hosts_access */
80 		__P((char *, char *, char *, char *));
81 extern void shell_cmd			/* execute shell command */
82 		__P((char *));
83 extern char *percent_x			/* do %<char> expansion */
84 		__P((char *, int, char *, struct request_info *));
85 extern void rfc931			/* client name from RFC 931 daemon */
86 		__P((struct sockaddr *, struct sockaddr *, char *));
87 extern void clean_exit			/* clean up and exit */
88 		__P((struct request_info *));
89 extern void refuse			/* clean up and exit */
90 		__P((struct request_info *));
91 extern char *xgets			/* fgets() on steroids */
92 		__P((char *, int, FILE *));
93 extern char *split_at			/* strchr() and split */
94 		__P((char *, int));
95 extern int dot_quad_addr	/* restricted inet_aton() */
96 		__P((char *, unsigned long *));
97 
98 /* Global variables. */
99 
100 extern int allow_severity;		/* for connection logging */
101 extern int deny_severity;		/* for connection logging */
102 extern char *hosts_allow_table;		/* for verification mode redirection */
103 extern char *hosts_deny_table;		/* for verification mode redirection */
104 extern int hosts_access_verbose;	/* for verbose matching mode */
105 extern int rfc931_timeout;		/* user lookup timeout */
106 extern int resident;			/* > 0 if resident process */
107 
108  /*
109   * Routines for controlled initialization and update of request structure
110   * attributes. Each attribute has its own key.
111   */
112 
113 extern struct request_info *request_init	/* initialize request */
114 		__P((struct request_info *,...));
115 extern struct request_info *request_set		/* update request structure */
116 		__P((struct request_info *,...));
117 
118 #define RQ_FILE		1		/* file descriptor */
119 #define RQ_DAEMON	2		/* server process (argv[0]) */
120 #define RQ_USER		3		/* client user name */
121 #define RQ_CLIENT_NAME	4		/* client host name */
122 #define RQ_CLIENT_ADDR	5		/* client host address */
123 #define RQ_CLIENT_SIN	6		/* client endpoint (internal) */
124 #define RQ_SERVER_NAME	7		/* server host name */
125 #define RQ_SERVER_ADDR	8		/* server host address */
126 #define RQ_SERVER_SIN	9		/* server endpoint (internal) */
127 
128  /*
129   * Routines for delayed evaluation of request attributes. Each attribute
130   * type has its own access method. The trivial ones are implemented by
131   * macros. The other ones are wrappers around the transport-specific host
132   * name, address, and client user lookup methods. The request_info and
133   * host_info structures serve as caches for the lookup results.
134   */
135 
136 extern char *eval_user			/* client user */
137 		__P((struct request_info *));
138 extern char *eval_hostname		/* printable hostname */
139 		__P((struct host_info *));
140 extern char *eval_hostaddr		/* printable host address */
141 		__P((struct host_info *));
142 extern char *eval_hostinfo		/* host name or address */
143 		__P((struct host_info *));
144 extern char *eval_client		/* whatever is available */
145 		__P((struct request_info *));
146 extern char *eval_server		/* whatever is available */
147 		__P((struct request_info *));
148 #define eval_daemon(r)	((r)->daemon)	/* daemon process name */
149 #define eval_pid(r)	((r)->pid)	/* process id */
150 
151 /* Socket-specific methods, including DNS hostname lookups. */
152 
153 extern void sock_host			/* look up endpoint addresses */
154 		__P((struct request_info *));
155 extern void sock_hostname		/* translate address to hostname */
156 		__P((struct host_info *));
157 extern void sock_hostaddr		/* address to printable address */
158 		__P((struct host_info *));
159 #define sock_methods(r) \
160 	{ (r)->hostname = sock_hostname; (r)->hostaddr = sock_hostaddr; }
161 
162 /* The System V Transport-Level Interface (TLI) interface. */
163 
164 #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
165 extern void tli_host			/* look up endpoint addresses etc. */
166 		__P((struct request_info *));
167 #endif
168 
169  /*
170   * Problem reporting interface. Additional file/line context is reported
171   * when available. The jump buffer (tcpd_buf) is not declared here, or
172   * everyone would have to include <setjmp.h>.
173   */
174 
175 extern void tcpd_warn			/* report problem and proceed */
176 		__P((char *, ...))
177 	__attribute__((__format__(__printf__, 1, 2)));
178 extern void tcpd_jump			/* report problem and jump */
179 		__P((char *, ...))
180 	__attribute__((__format__(__printf__, 1, 2)));
181 
182 struct tcpd_context {
183     char   *file;			/* current file */
184     int     line;			/* current line */
185 };
186 extern struct tcpd_context tcpd_context;
187 
188  /*
189   * While processing access control rules, error conditions are handled by
190   * jumping back into the hosts_access() routine. This is cleaner than
191   * checking the return value of each and every silly little function. The
192   * (-1) returns are here because zero is already taken by longjmp().
193   */
194 
195 #define AC_PERMIT	1		/* permit access */
196 #define AC_DENY		(-1)		/* deny_access */
197 #define AC_ERROR	AC_DENY		/* XXX */
198 
199  /*
200   * In verification mode an option function should just say what it would do,
201   * instead of really doing it. An option function that would not return
202   * should clear the dry_run flag to inform the caller of this unusual
203   * behavior.
204   */
205 
206 extern void process_options		/* execute options */
207 		__P((char *, struct request_info *));
208 extern int dry_run;			/* verification flag */
209 extern void fix_options			/* get rid of IP-level socket options */
210 		__P((struct request_info *));
211 /* Bug workarounds. */
212 
213 #ifdef INET_ADDR_BUG			/* inet_addr() returns struct */
214 #define inet_addr fix_inet_addr
215 extern long fix_inet_addr __P((char *));
216 #endif
217 
218 #ifdef BROKEN_FGETS			/* partial reads from sockets */
219 #define fgets fix_fgets
220 extern char *fix_fgets __P((char *, int, FILE *));
221 #endif
222 
223 #ifdef RECVFROM_BUG			/* no address family info */
224 #define recvfrom fix_recvfrom
225 extern int fix_recvfrom __P((int, char *, int, int, struct sockaddr *, int *));
226 #endif
227 
228 #ifdef GETPEERNAME_BUG			/* claims success with UDP */
229 #include <sys/socket.h>			/* XXX serious hack! */
230 #define getpeername fix_getpeername
231 extern int fix_getpeername __P((int, struct sockaddr *, int *));
232 #endif
233 
234 #ifdef SOLARIS_24_GETHOSTBYNAME_BUG	/* lists addresses as aliases */
235 #define gethostbyname fix_gethostbyname
236 extern struct hostent *fix_gethostbyname __P((char *));
237 #endif
238 
239 #ifdef USE_STRSEP			/* libc calls strtok() */
240 #define strtok	fix_strtok
241 extern char *fix_strtok __P((char *, char *));
242 #endif
243 
244 #ifdef LIBC_CALLS_STRTOK		/* libc calls strtok() */
245 #define strtok	my_strtok
246 extern char *my_strtok __P((char *, char *));
247 #endif
248