11590Srgrimes /* 21590Srgrimes * @(#) tcpd.h 1.5 96/03/19 16:22:24 31590Srgrimes * 41590Srgrimes * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. 51590Srgrimes * 61590Srgrimes * $FreeBSD: stable/10/contrib/tcp_wrappers/tcpd.h 311814 2017-01-09 20:14:02Z dim $ 71590Srgrimes */ 81590Srgrimes 91590Srgrimes#ifdef INET6 101590Srgrimes#define TCPD_SOCKADDR struct sockaddr 111590Srgrimes#else 121590Srgrimes#define TCPD_SOCKADDR struct sockaddr_in 131590Srgrimes#endif 141590Srgrimes 151590Srgrimes#ifndef _STDFILE_DECLARED 161590Srgrimes#define _STDFILE_DECLARED 171590Srgrimestypedef struct __sFILE FILE; 181590Srgrimes#endif 191590Srgrimes 201590Srgrimes/* Structure to describe one communications endpoint. */ 211590Srgrimes 221590Srgrimes#define STRING_LENGTH 128 /* hosts, users, processes */ 231590Srgrimes 241590Srgrimesstruct host_info { 251590Srgrimes char name[STRING_LENGTH]; /* access via eval_hostname(host) */ 261590Srgrimes char addr[STRING_LENGTH]; /* access via eval_hostaddr(host) */ 271590Srgrimes TCPD_SOCKADDR *sin; /* socket address or 0 */ 281590Srgrimes struct t_unitdata *unit; /* TLI transport address or 0 */ 2950477Speter struct request_info *request; /* for shared information */ 301590Srgrimes}; 31132916Stjr 321590Srgrimes/* Structure to describe what we know about a service request. */ 3379535Sru 341590Srgrimesstruct request_info { 351590Srgrimes int fd; /* socket handle */ 361590Srgrimes char user[STRING_LENGTH]; /* access via eval_user(request) */ 371590Srgrimes char daemon[STRING_LENGTH]; /* access via eval_daemon(request) */ 3868963Sru char pid[10]; /* access via eval_pid(request) */ 391590Srgrimes struct host_info client[1]; /* client endpoint info */ 401590Srgrimes struct host_info server[1]; /* server endpoint info */ 411590Srgrimes void (*sink) (int); /* datagram sink function or 0 */ 421590Srgrimes void (*hostname) (struct host_info *); /* address to printable hostname */ 4395083Scharnier void (*hostaddr) (struct host_info *); /* address to printable address */ 4495083Scharnier void (*cleanup) (struct request_info *); /* cleanup function or 0 */ 4595083Scharnier struct netconfig *config; /* netdir handle */ 461590Srgrimes}; 471590Srgrimes 481590Srgrimes/* Common string operations. Less clutter should be more readable. */ 491590Srgrimes 501590Srgrimes#define STRN_CPY(d,s,l) { strncpy((d),(s),(l)); (d)[(l)-1] = 0; } 5163811Scharnier 5263811Scharnier#define STRN_EQ(x,y,l) (strncasecmp((x),(y),(l)) == 0) 531590Srgrimes#define STRN_NE(x,y,l) (strncasecmp((x),(y),(l)) != 0) 541590Srgrimes#define STR_EQ(x,y) (strcasecmp((x),(y)) == 0) 551590Srgrimes#define STR_NE(x,y) (strcasecmp((x),(y)) != 0) 561590Srgrimes 571590Srgrimes /* 581590Srgrimes * Initially, all above strings have the empty value. Information that 591590Srgrimes * cannot be determined at runtime is set to "unknown", so that we can 6063811Scharnier * distinguish between `unavailable' and `not yet looked up'. A hostname 611590Srgrimes * that we do not believe in is set to "paranoid". 621590Srgrimes */ 631590Srgrimes 641590Srgrimes#define STRING_UNKNOWN "unknown" /* lookup failed */ 651590Srgrimes#define STRING_PARANOID "paranoid" /* hostname conflict */ 661590Srgrimes 671590Srgrimesextern char unknown[]; 681590Srgrimesextern char paranoid[]; 69132916Stjr 70132916Stjr#define HOSTNAME_KNOWN(s) (STR_NE((s),unknown) && STR_NE((s),paranoid)) 71132916Stjr 72132916Stjr#define NOT_INADDR(s) (s[strspn(s,"01234567890./")] != 0) 73132916Stjr 74132916Stjr/* Global functions. */ 75132916Stjr 76132916Stjr#if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT) 77132916Stjrvoid fromhost(struct request_info *); /* get/validate client host info */ 78140420Sru#else 79140420Sru#define fromhost sock_host /* no TLI support needed */ 801590Srgrimes#endif 811590Srgrimes 8263811Scharnierint hosts_access(struct request_info *); /* access control */ 831590Srgrimesint hosts_ctl(char *, char *, char *, char *); /* wrapper around request_init() */ 841590Srgrimesvoid shell_cmd(char *); /* execute shell command */ 851590Srgrimeschar *percent_x(char *, int, char *, struct request_info *); /* do %<char> expansion */ 861590Srgrimesvoid rfc931(TCPD_SOCKADDR *, TCPD_SOCKADDR *, char *); /* client name from RFC 931 daemon */ 871590Srgrimesvoid clean_exit(struct request_info *); /* clean up and exit */ 8821748Swoschvoid refuse(struct request_info *); /* clean up and exit */ 8921748Swoschchar *xgets(char *, int, FILE *); /* fgets() on steroids */ 901590Srgrimes 911590Srgrimeschar *split_at(char *, int); /* strchr() and split */ 921590Srgrimesunsigned long dot_quad_addr(char *); /* restricted inet_addr() */ 93140420Sru 94140420Sru/* Global variables. */ 95140420Sru 96140420Sruextern int allow_severity; /* for connection logging */ 97140420Sruextern int deny_severity; /* for connection logging */ 981590Srgrimesextern char *hosts_allow_table; /* for verification mode redirection */ 991590Srgrimesextern char *hosts_deny_table; /* for verification mode redirection */ 100108221Sruextern int hosts_access_verbose; /* for verbose matching mode */ 1011590Srgrimesextern int rfc931_timeout; /* user lookup timeout */ 1021590Srgrimesextern int resident; /* > 0 if resident process */ 1031590Srgrimes 104141846Sru /* 1051590Srgrimes * Routines for controlled initialization and update of request structure 1061590Srgrimes * attributes. Each attribute has its own key. 1071590Srgrimes */ 1081590Srgrimes 1091590Srgrimesstruct request_info *request_init(struct request_info *,...); /* initialize request */ 1101590Srgrimesstruct request_info *request_set(struct request_info *,...); /* update request structure */ 1111590Srgrimes 1121590Srgrimes#define RQ_FILE 1 /* file descriptor */ 1131590Srgrimes#define RQ_DAEMON 2 /* server process (argv[0]) */ 1141590Srgrimes#define RQ_USER 3 /* client user name */ 1151590Srgrimes#define RQ_CLIENT_NAME 4 /* client host name */ 1161590Srgrimes#define RQ_CLIENT_ADDR 5 /* client host address */ 1171590Srgrimes#define RQ_CLIENT_SIN 6 /* client endpoint (internal) */ 118132190Stjr#define RQ_SERVER_NAME 7 /* server host name */ 119132916Stjr#define RQ_SERVER_ADDR 8 /* server host address */ 120132916Stjr#define RQ_SERVER_SIN 9 /* server endpoint (internal) */ 121 122 /* 123 * Routines for delayed evaluation of request attributes. Each attribute 124 * type has its own access method. The trivial ones are implemented by 125 * macros. The other ones are wrappers around the transport-specific host 126 * name, address, and client user lookup methods. The request_info and 127 * host_info structures serve as caches for the lookup results. 128 */ 129 130char *eval_user(struct request_info *); /* client user */ 131char *eval_hostname(struct host_info *); /* printable hostname */ 132char *eval_hostaddr(struct host_info *); /* printable host address */ 133char *eval_hostinfo(struct host_info *); /* host name or address */ 134char *eval_client(struct request_info *); /* whatever is available */ 135char *eval_server(struct request_info *); /* whatever is available */ 136#define eval_daemon(r) ((r)->daemon) /* daemon process name */ 137#define eval_pid(r) ((r)->pid) /* process id */ 138 139/* Socket-specific methods, including DNS hostname lookups. */ 140 141void sock_host(struct request_info *); /* look up endpoint addresses */ 142void sock_hostname(struct host_info *); /* translate address to hostname */ 143void sock_hostaddr(struct host_info *); /* address to printable address */ 144#define sock_methods(r) \ 145 { (r)->hostname = sock_hostname; (r)->hostaddr = sock_hostaddr; } 146 147/* The System V Transport-Level Interface (TLI) interface. */ 148 149#if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT) 150void tli_host(struct request_info *); /* look up endpoint addresses etc. */ 151#endif 152 153 /* 154 * Problem reporting interface. Additional file/line context is reported 155 * when available. The jump buffer (tcpd_buf) is not declared here, or 156 * everyone would have to include <setjmp.h>. 157 */ 158 159void tcpd_warn(char *, ...); /* report problem and proceed */ 160void tcpd_jump(char *, ...); /* report problem and jump */ 161 162struct tcpd_context { 163 char *file; /* current file */ 164 int line; /* current line */ 165}; 166extern struct tcpd_context tcpd_context; 167 168 /* 169 * While processing access control rules, error conditions are handled by 170 * jumping back into the hosts_access() routine. This is cleaner than 171 * checking the return value of each and every silly little function. The 172 * (-1) returns are here because zero is already taken by longjmp(). 173 */ 174 175#define AC_PERMIT 1 /* permit access */ 176#define AC_DENY (-1) /* deny_access */ 177#define AC_ERROR AC_DENY /* XXX */ 178 179 /* 180 * In verification mode an option function should just say what it would do, 181 * instead of really doing it. An option function that would not return 182 * should clear the dry_run flag to inform the caller of this unusual 183 * behavior. 184 */ 185 186void process_options(char *, struct request_info *); /* execute options */ 187extern int dry_run; /* verification flag */ 188 189/* Bug workarounds. */ 190 191#ifdef INET_ADDR_BUG /* inet_addr() returns struct */ 192#define inet_addr fix_inet_addr 193long fix_inet_addr(char *); 194#endif 195 196#ifdef BROKEN_FGETS /* partial reads from sockets */ 197#define fgets fix_fgets 198char *fix_fgets(char *, int, FILE *); 199#endif 200 201#ifdef RECVFROM_BUG /* no address family info */ 202#define recvfrom fix_recvfrom 203int fix_recvfrom(int, char *, int, int, struct sockaddr *, int *); 204#endif 205 206#ifdef GETPEERNAME_BUG /* claims success with UDP */ 207#define getpeername fix_getpeername 208int fix_getpeername(int, struct sockaddr *, int *); 209#endif 210 211#ifdef SOLARIS_24_GETHOSTBYNAME_BUG /* lists addresses as aliases */ 212#define gethostbyname fix_gethostbyname 213struct hostent *fix_gethostbyname(char *); 214#endif 215 216#ifdef USE_STRSEP /* libc calls strtok() */ 217#define strtok fix_strtok 218char *fix_strtok(char *, char *); 219#endif 220 221#ifdef LIBC_CALLS_STRTOK /* libc calls strtok() */ 222#define strtok my_strtok 223char *my_strtok(char *, char *); 224#endif 225