144743Smarkm /* 244743Smarkm * @(#) tcpd.h 1.5 96/03/19 16:22:24 344743Smarkm * 444743Smarkm * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. 556977Sshin * 656977Sshin * $FreeBSD: stable/11/contrib/tcp_wrappers/tcpd.h 311813 2017-01-09 20:13:50Z dim $ 744743Smarkm */ 844743Smarkm 9311813Sdim#ifdef INET6 10311813Sdim#define TCPD_SOCKADDR struct sockaddr 11311813Sdim#else 12311813Sdim#define TCPD_SOCKADDR struct sockaddr_in 13311813Sdim#endif 14311813Sdim 15311813Sdim#ifndef _STDFILE_DECLARED 16311813Sdim#define _STDFILE_DECLARED 17311813Sdimtypedef struct __sFILE FILE; 18311813Sdim#endif 19311813Sdim 2044743Smarkm/* Structure to describe one communications endpoint. */ 2144743Smarkm 22272949Spfg#define STRING_LENGTH 128 /* hosts, users, processes */ 2344743Smarkm 2444743Smarkmstruct host_info { 2544743Smarkm char name[STRING_LENGTH]; /* access via eval_hostname(host) */ 2644743Smarkm char addr[STRING_LENGTH]; /* access via eval_hostaddr(host) */ 27311813Sdim TCPD_SOCKADDR *sin; /* socket address or 0 */ 2844743Smarkm struct t_unitdata *unit; /* TLI transport address or 0 */ 2944743Smarkm struct request_info *request; /* for shared information */ 3044743Smarkm}; 3144743Smarkm 3244743Smarkm/* Structure to describe what we know about a service request. */ 3344743Smarkm 3444743Smarkmstruct request_info { 3544743Smarkm int fd; /* socket handle */ 3644743Smarkm char user[STRING_LENGTH]; /* access via eval_user(request) */ 3744743Smarkm char daemon[STRING_LENGTH]; /* access via eval_daemon(request) */ 3844743Smarkm char pid[10]; /* access via eval_pid(request) */ 3944743Smarkm struct host_info client[1]; /* client endpoint info */ 4044743Smarkm struct host_info server[1]; /* server endpoint info */ 41272949Spfg void (*sink) (int); /* datagram sink function or 0 */ 42272949Spfg void (*hostname) (struct host_info *); /* address to printable hostname */ 43272949Spfg void (*hostaddr) (struct host_info *); /* address to printable address */ 44272949Spfg void (*cleanup) (struct request_info *); /* cleanup function or 0 */ 4544743Smarkm struct netconfig *config; /* netdir handle */ 4644743Smarkm}; 4744743Smarkm 4844743Smarkm/* Common string operations. Less clutter should be more readable. */ 4944743Smarkm 50272949Spfg#define STRN_CPY(d,s,l) { strncpy((d),(s),(l)); (d)[(l)-1] = 0; } 5144743Smarkm 52272949Spfg#define STRN_EQ(x,y,l) (strncasecmp((x),(y),(l)) == 0) 53272949Spfg#define STRN_NE(x,y,l) (strncasecmp((x),(y),(l)) != 0) 54272949Spfg#define STR_EQ(x,y) (strcasecmp((x),(y)) == 0) 55272949Spfg#define STR_NE(x,y) (strcasecmp((x),(y)) != 0) 5644743Smarkm 5744743Smarkm /* 5844743Smarkm * Initially, all above strings have the empty value. Information that 5944743Smarkm * cannot be determined at runtime is set to "unknown", so that we can 6044743Smarkm * distinguish between `unavailable' and `not yet looked up'. A hostname 6144743Smarkm * that we do not believe in is set to "paranoid". 6244743Smarkm */ 6344743Smarkm 64272949Spfg#define STRING_UNKNOWN "unknown" /* lookup failed */ 65272949Spfg#define STRING_PARANOID "paranoid" /* hostname conflict */ 6644743Smarkm 6744743Smarkmextern char unknown[]; 6844743Smarkmextern char paranoid[]; 6944743Smarkm 70272949Spfg#define HOSTNAME_KNOWN(s) (STR_NE((s),unknown) && STR_NE((s),paranoid)) 7144743Smarkm 72272949Spfg#define NOT_INADDR(s) (s[strspn(s,"01234567890./")] != 0) 7344743Smarkm 7444743Smarkm/* Global functions. */ 7544743Smarkm 7644743Smarkm#if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT) 77311813Sdimvoid fromhost(struct request_info *); /* get/validate client host info */ 7844743Smarkm#else 79272949Spfg#define fromhost sock_host /* no TLI support needed */ 8044743Smarkm#endif 8144743Smarkm 82311813Sdimint hosts_access(struct request_info *); /* access control */ 83311813Sdimint hosts_ctl(char *, char *, char *, char *); /* wrapper around request_init() */ 84311813Sdimvoid shell_cmd(char *); /* execute shell command */ 85311813Sdimchar *percent_x(char *, int, char *, struct request_info *); /* do %<char> expansion */ 86311813Sdimvoid rfc931(TCPD_SOCKADDR *, TCPD_SOCKADDR *, char *); /* client name from RFC 931 daemon */ 87311813Sdimvoid clean_exit(struct request_info *); /* clean up and exit */ 88311813Sdimvoid refuse(struct request_info *); /* clean up and exit */ 89311813Sdimchar *xgets(char *, int, FILE *); /* fgets() on steroids */ 9044743Smarkm 91311813Sdimchar *split_at(char *, int); /* strchr() and split */ 92311813Sdimunsigned long dot_quad_addr(char *); /* restricted inet_addr() */ 93311813Sdim 9444743Smarkm/* Global variables. */ 9544743Smarkm 9644743Smarkmextern int allow_severity; /* for connection logging */ 9744743Smarkmextern int deny_severity; /* for connection logging */ 9844743Smarkmextern char *hosts_allow_table; /* for verification mode redirection */ 9944743Smarkmextern char *hosts_deny_table; /* for verification mode redirection */ 10044743Smarkmextern int hosts_access_verbose; /* for verbose matching mode */ 10144743Smarkmextern int rfc931_timeout; /* user lookup timeout */ 10244743Smarkmextern int resident; /* > 0 if resident process */ 10344743Smarkm 10444743Smarkm /* 10544743Smarkm * Routines for controlled initialization and update of request structure 10644743Smarkm * attributes. Each attribute has its own key. 10744743Smarkm */ 10844743Smarkm 109311813Sdimstruct request_info *request_init(struct request_info *,...); /* initialize request */ 110311813Sdimstruct request_info *request_set(struct request_info *,...); /* update request structure */ 11144743Smarkm 112272949Spfg#define RQ_FILE 1 /* file descriptor */ 113272949Spfg#define RQ_DAEMON 2 /* server process (argv[0]) */ 114272949Spfg#define RQ_USER 3 /* client user name */ 115272949Spfg#define RQ_CLIENT_NAME 4 /* client host name */ 116272949Spfg#define RQ_CLIENT_ADDR 5 /* client host address */ 117272949Spfg#define RQ_CLIENT_SIN 6 /* client endpoint (internal) */ 118272949Spfg#define RQ_SERVER_NAME 7 /* server host name */ 119272949Spfg#define RQ_SERVER_ADDR 8 /* server host address */ 120272949Spfg#define RQ_SERVER_SIN 9 /* server endpoint (internal) */ 12144743Smarkm 12244743Smarkm /* 12344743Smarkm * Routines for delayed evaluation of request attributes. Each attribute 12444743Smarkm * type has its own access method. The trivial ones are implemented by 12544743Smarkm * macros. The other ones are wrappers around the transport-specific host 12644743Smarkm * name, address, and client user lookup methods. The request_info and 12744743Smarkm * host_info structures serve as caches for the lookup results. 12844743Smarkm */ 12944743Smarkm 130311813Sdimchar *eval_user(struct request_info *); /* client user */ 131311813Sdimchar *eval_hostname(struct host_info *); /* printable hostname */ 132311813Sdimchar *eval_hostaddr(struct host_info *); /* printable host address */ 133311813Sdimchar *eval_hostinfo(struct host_info *); /* host name or address */ 134311813Sdimchar *eval_client(struct request_info *); /* whatever is available */ 135311813Sdimchar *eval_server(struct request_info *); /* whatever is available */ 136272949Spfg#define eval_daemon(r) ((r)->daemon) /* daemon process name */ 137272949Spfg#define eval_pid(r) ((r)->pid) /* process id */ 13844743Smarkm 13944743Smarkm/* Socket-specific methods, including DNS hostname lookups. */ 14044743Smarkm 141311813Sdimvoid sock_host(struct request_info *); /* look up endpoint addresses */ 142311813Sdimvoid sock_hostname(struct host_info *); /* translate address to hostname */ 143311813Sdimvoid sock_hostaddr(struct host_info *); /* address to printable address */ 144272949Spfg#define sock_methods(r) \ 14544743Smarkm { (r)->hostname = sock_hostname; (r)->hostaddr = sock_hostaddr; } 14644743Smarkm 14744743Smarkm/* The System V Transport-Level Interface (TLI) interface. */ 14844743Smarkm 14944743Smarkm#if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT) 150311813Sdimvoid tli_host(struct request_info *); /* look up endpoint addresses etc. */ 15144743Smarkm#endif 15244743Smarkm 15344743Smarkm /* 15444743Smarkm * Problem reporting interface. Additional file/line context is reported 15544743Smarkm * when available. The jump buffer (tcpd_buf) is not declared here, or 15644743Smarkm * everyone would have to include <setjmp.h>. 15744743Smarkm */ 15844743Smarkm 159311813Sdimvoid tcpd_warn(char *, ...); /* report problem and proceed */ 160311813Sdimvoid tcpd_jump(char *, ...); /* report problem and jump */ 16144743Smarkm 16244743Smarkmstruct tcpd_context { 16344743Smarkm char *file; /* current file */ 16444743Smarkm int line; /* current line */ 16544743Smarkm}; 16644743Smarkmextern struct tcpd_context tcpd_context; 16744743Smarkm 16844743Smarkm /* 16944743Smarkm * While processing access control rules, error conditions are handled by 17044743Smarkm * jumping back into the hosts_access() routine. This is cleaner than 17144743Smarkm * checking the return value of each and every silly little function. The 17244743Smarkm * (-1) returns are here because zero is already taken by longjmp(). 17344743Smarkm */ 17444743Smarkm 175272949Spfg#define AC_PERMIT 1 /* permit access */ 176272949Spfg#define AC_DENY (-1) /* deny_access */ 177272949Spfg#define AC_ERROR AC_DENY /* XXX */ 17844743Smarkm 17944743Smarkm /* 18044743Smarkm * In verification mode an option function should just say what it would do, 18144743Smarkm * instead of really doing it. An option function that would not return 18244743Smarkm * should clear the dry_run flag to inform the caller of this unusual 18344743Smarkm * behavior. 18444743Smarkm */ 18544743Smarkm 186311813Sdimvoid process_options(char *, struct request_info *); /* execute options */ 187311813Sdimextern int dry_run; /* verification flag */ 18844743Smarkm 18944743Smarkm/* Bug workarounds. */ 19044743Smarkm 19144743Smarkm#ifdef INET_ADDR_BUG /* inet_addr() returns struct */ 192272949Spfg#define inet_addr fix_inet_addr 193311813Sdimlong fix_inet_addr(char *); 19444743Smarkm#endif 19544743Smarkm 19644743Smarkm#ifdef BROKEN_FGETS /* partial reads from sockets */ 197272949Spfg#define fgets fix_fgets 198311813Sdimchar *fix_fgets(char *, int, FILE *); 19944743Smarkm#endif 20044743Smarkm 20144743Smarkm#ifdef RECVFROM_BUG /* no address family info */ 202272949Spfg#define recvfrom fix_recvfrom 203311813Sdimint fix_recvfrom(int, char *, int, int, struct sockaddr *, int *); 20444743Smarkm#endif 20544743Smarkm 20644743Smarkm#ifdef GETPEERNAME_BUG /* claims success with UDP */ 207272949Spfg#define getpeername fix_getpeername 208311813Sdimint fix_getpeername(int, struct sockaddr *, int *); 20944743Smarkm#endif 21044743Smarkm 21144743Smarkm#ifdef SOLARIS_24_GETHOSTBYNAME_BUG /* lists addresses as aliases */ 212272949Spfg#define gethostbyname fix_gethostbyname 213311813Sdimstruct hostent *fix_gethostbyname(char *); 21444743Smarkm#endif 21544743Smarkm 21644743Smarkm#ifdef USE_STRSEP /* libc calls strtok() */ 217272949Spfg#define strtok fix_strtok 218311813Sdimchar *fix_strtok(char *, char *); 21944743Smarkm#endif 22044743Smarkm 22144743Smarkm#ifdef LIBC_CALLS_STRTOK /* libc calls strtok() */ 222272949Spfg#define strtok my_strtok 223311813Sdimchar *my_strtok(char *, char *); 22444743Smarkm#endif 225