xref: /netbsd-src/lib/libwrap/tcpd.h (revision f5d3fbbc6ff4a77159fb268d247bd94cb7d7e332) 
1  /*
2   * @(#) tcpd.h 1.5 96/03/19 16:22:24
3   *
4   * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
5   */
6 
7 /* Structure to describe one communications endpoint. */
8 
9 #define STRING_LENGTH	128		/* hosts, users, processes */
10 
11 struct host_info {
12     char    name[STRING_LENGTH];	/* access via eval_hostname(host) */
13     char    addr[STRING_LENGTH];	/* access via eval_hostaddr(host) */
14     struct sockaddr_in *sin;		/* socket address or 0 */
15     struct t_unitdata *unit;		/* TLI transport address or 0 */
16     struct request_info *request;	/* for shared information */
17 };
18 
19 /* Structure to describe what we know about a service request. */
20 
21 struct request_info {
22     int     fd;				/* socket handle */
23     char    user[STRING_LENGTH];	/* access via eval_user(request) */
24     char    daemon[STRING_LENGTH];	/* access via eval_daemon(request) */
25     char    pid[10];			/* access via eval_pid(request) */
26     struct host_info client[1];		/* client endpoint info */
27     struct host_info server[1];		/* server endpoint info */
28     void  (*sink)			/* datagram sink function or 0 */
29 		__P((int));
30     void  (*hostname)			/* address to printable hostname */
31 		__P((struct host_info *));
32     void  (*hostaddr)			/* address to printable address */
33 		__P((struct host_info *));
34     void  (*cleanup)			/* cleanup function or 0 */
35 		__P((void));
36     struct netconfig *config;		/* netdir handle */
37 };
38 
39 /* Common string operations. Less clutter should be more readable. */
40 
41 #define STRN_CPY(d,s,l)	{ strncpy((d),(s),(l)); (d)[(l)-1] = 0; }
42 
43 #define STRN_EQ(x,y,l)	(strncasecmp((x),(y),(l)) == 0)
44 #define STRN_NE(x,y,l)	(strncasecmp((x),(y),(l)) != 0)
45 #define STR_EQ(x,y)	(strcasecmp((x),(y)) == 0)
46 #define STR_NE(x,y)	(strcasecmp((x),(y)) != 0)
47 
48  /*
49   * Initially, all above strings have the empty value. Information that
50   * cannot be determined at runtime is set to "unknown", so that we can
51   * distinguish between `unavailable' and `not yet looked up'. A hostname
52   * that we do not believe in is set to "paranoid".
53   */
54 
55 #define STRING_UNKNOWN	"unknown"	/* lookup failed */
56 #define STRING_PARANOID	"paranoid"	/* hostname conflict */
57 
58 extern char unknown[];
59 extern char paranoid[];
60 
61 #define HOSTNAME_KNOWN(s) (STR_NE((s),unknown) && STR_NE((s),paranoid))
62 
63 #define NOT_INADDR(s) (s[strspn(s,"01234567890./")] != 0)
64 
65 /* Global functions. */
66 
67 #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
68 extern void fromhost			/* get/validate client host info */
69 		__P((struct request_info *));
70 #else
71 #define fromhost sock_host		/* no TLI support needed */
72 #endif
73 
74 extern int hosts_access			/* access control */
75 		__P((struct request_info *));
76 extern int hosts_ctl			/* limited interface to hosts_access */
77 		__P((char *, char *, char *, char *));
78 extern void shell_cmd			/* execute shell command */
79 		__P((char *));
80 extern char *percent_x			/* do %<char> expansion */
81 		__P((char *, int, char *, struct request_info *));
82 extern void rfc931			/* client name from RFC 931 daemon */
83 		__P((struct sockaddr_in *, struct sockaddr_in *, char *));
84 extern void clean_exit			/* clean up and exit */
85 		__P((struct request_info *));
86 extern void refuse			/* clean up and exit */
87 		__P((struct request_info *));
88 extern char *xgets			/* fgets() on steroids */
89 		__P((char *, int, FILE *));
90 extern char *split_at			/* strchr() and split */
91 		__P((char *, int));
92 extern unsigned long dot_quad_addr	/* restricted inet_addr() */
93 		__P((char *));
94 
95 /* Global variables. */
96 
97 extern int allow_severity;		/* for connection logging */
98 extern int deny_severity;		/* for connection logging */
99 extern char *hosts_allow_table;		/* for verification mode redirection */
100 extern char *hosts_deny_table;		/* for verification mode redirection */
101 extern int hosts_access_verbose;	/* for verbose matching mode */
102 extern int rfc931_timeout;		/* user lookup timeout */
103 extern int resident;			/* > 0 if resident process */
104 
105  /*
106   * Routines for controlled initialization and update of request structure
107   * attributes. Each attribute has its own key.
108   */
109 
110 extern struct request_info *request_init	/* initialize request */
111 		__P((struct request_info *,...));
112 extern struct request_info *request_set		/* update request structure */
113 		__P((struct request_info *,...));
114 
115 #define RQ_FILE		1		/* file descriptor */
116 #define RQ_DAEMON	2		/* server process (argv[0]) */
117 #define RQ_USER		3		/* client user name */
118 #define RQ_CLIENT_NAME	4		/* client host name */
119 #define RQ_CLIENT_ADDR	5		/* client host address */
120 #define RQ_CLIENT_SIN	6		/* client endpoint (internal) */
121 #define RQ_SERVER_NAME	7		/* server host name */
122 #define RQ_SERVER_ADDR	8		/* server host address */
123 #define RQ_SERVER_SIN	9		/* server endpoint (internal) */
124 
125  /*
126   * Routines for delayed evaluation of request attributes. Each attribute
127   * type has its own access method. The trivial ones are implemented by
128   * macros. The other ones are wrappers around the transport-specific host
129   * name, address, and client user lookup methods. The request_info and
130   * host_info structures serve as caches for the lookup results.
131   */
132 
133 extern char *eval_user			/* client user */
134 		__P((struct request_info *));
135 extern char *eval_hostname		/* printable hostname */
136 		__P((struct host_info *));
137 extern char *eval_hostaddr		/* printable host address */
138 		__P((struct host_info *));
139 extern char *eval_hostinfo		/* host name or address */
140 		__P((struct host_info *));
141 extern char *eval_client		/* whatever is available */
142 		__P((struct request_info *));
143 extern char *eval_server		/* whatever is available */
144 		__P((struct request_info *));
145 #define eval_daemon(r)	((r)->daemon)	/* daemon process name */
146 #define eval_pid(r)	((r)->pid)	/* process id */
147 
148 /* Socket-specific methods, including DNS hostname lookups. */
149 
150 extern void sock_host			/* look up endpoint addresses */
151 		__P((struct request_info *));
152 extern void sock_hostname		/* translate address to hostname */
153 		__P((struct host_info *));
154 extern void sock_hostaddr		/* address to printable address */
155 		__P((struct host_info *));
156 #define sock_methods(r) \
157 	{ (r)->hostname = sock_hostname; (r)->hostaddr = sock_hostaddr; }
158 
159 /* The System V Transport-Level Interface (TLI) interface. */
160 
161 #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
162 extern void tli_host			/* look up endpoint addresses etc. */
163 		__P((struct request_info *));
164 #endif
165 
166  /*
167   * Problem reporting interface. Additional file/line context is reported
168   * when available. The jump buffer (tcpd_buf) is not declared here, or
169   * everyone would have to include <setjmp.h>.
170   */
171 
172 extern void tcpd_warn			/* report problem and proceed */
173 		__P((char *, ...));
174 extern void tcpd_jump			/* report problem and jump */
175 		__P((char *, ...));
176 
177 struct tcpd_context {
178     char   *file;			/* current file */
179     int     line;			/* current line */
180 };
181 extern struct tcpd_context tcpd_context;
182 
183  /*
184   * While processing access control rules, error conditions are handled by
185   * jumping back into the hosts_access() routine. This is cleaner than
186   * checking the return value of each and every silly little function. The
187   * (-1) returns are here because zero is already taken by longjmp().
188   */
189 
190 #define AC_PERMIT	1		/* permit access */
191 #define AC_DENY		(-1)		/* deny_access */
192 #define AC_ERROR	AC_DENY		/* XXX */
193 
194  /*
195   * In verification mode an option function should just say what it would do,
196   * instead of really doing it. An option function that would not return
197   * should clear the dry_run flag to inform the caller of this unusual
198   * behavior.
199   */
200 
201 extern void process_options		/* execute options */
202 		__P((char *, struct request_info *));
203 extern int dry_run;			/* verification flag */
204 extern void fix_options			/* get rid of IP-level socket options */
205 		__P((struct request_info *));
206 /* Bug workarounds. */
207 
208 #ifdef INET_ADDR_BUG			/* inet_addr() returns struct */
209 #define inet_addr fix_inet_addr
210 extern long fix_inet_addr __P((char *));
211 #endif
212 
213 #ifdef BROKEN_FGETS			/* partial reads from sockets */
214 #define fgets fix_fgets
215 extern char *fix_fgets __P((char *, int, FILE *));
216 #endif
217 
218 #ifdef RECVFROM_BUG			/* no address family info */
219 #define recvfrom fix_recvfrom
220 extern int fix_recvfrom __P((int, char *, int, int, struct sockaddr *, int *));
221 #endif
222 
223 #ifdef GETPEERNAME_BUG			/* claims success with UDP */
224 #define getpeername fix_getpeername
225 extern int fix_getpeername __P((int, struct sockaddr *, int *));
226 #endif
227 
228 #ifdef SOLARIS_24_GETHOSTBYNAME_BUG	/* lists addresses as aliases */
229 #define gethostbyname fix_gethostbyname
230 extern struct hostent *fix_gethostbyname __P((char *));
231 #endif
232 
233 #ifdef USE_STRSEP			/* libc calls strtok() */
234 #define strtok	fix_strtok
235 extern char *fix_strtok __P((char *, char *));
236 #endif
237 
238 #ifdef LIBC_CALLS_STRTOK		/* libc calls strtok() */
239 #define strtok	my_strtok
240 extern char *my_strtok __P((char *, char *));
241 #endif
242