144743Smarkm /*
244743Smarkm  * @(#) tcpd.h 1.5 96/03/19 16:22:24
344743Smarkm  *
444743Smarkm  * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
556977Sshin  *
656977Sshin  * $FreeBSD: stable/11/contrib/tcp_wrappers/tcpd.h 311813 2017-01-09 20:13:50Z dim $
744743Smarkm  */
844743Smarkm
9311813Sdim#ifdef INET6
10311813Sdim#define	TCPD_SOCKADDR struct sockaddr
11311813Sdim#else
12311813Sdim#define	TCPD_SOCKADDR struct sockaddr_in
13311813Sdim#endif
14311813Sdim
15311813Sdim#ifndef _STDFILE_DECLARED
16311813Sdim#define _STDFILE_DECLARED
17311813Sdimtypedef struct __sFILE FILE;
18311813Sdim#endif
19311813Sdim
2044743Smarkm/* Structure to describe one communications endpoint. */
2144743Smarkm
22272949Spfg#define	STRING_LENGTH	128		/* hosts, users, processes */
2344743Smarkm
2444743Smarkmstruct host_info {
2544743Smarkm    char    name[STRING_LENGTH];	/* access via eval_hostname(host) */
2644743Smarkm    char    addr[STRING_LENGTH];	/* access via eval_hostaddr(host) */
27311813Sdim    TCPD_SOCKADDR *sin;			/* socket address or 0 */
2844743Smarkm    struct t_unitdata *unit;		/* TLI transport address or 0 */
2944743Smarkm    struct request_info *request;	/* for shared information */
3044743Smarkm};
3144743Smarkm
3244743Smarkm/* Structure to describe what we know about a service request. */
3344743Smarkm
3444743Smarkmstruct request_info {
3544743Smarkm    int     fd;				/* socket handle */
3644743Smarkm    char    user[STRING_LENGTH];	/* access via eval_user(request) */
3744743Smarkm    char    daemon[STRING_LENGTH];	/* access via eval_daemon(request) */
3844743Smarkm    char    pid[10];			/* access via eval_pid(request) */
3944743Smarkm    struct host_info client[1];		/* client endpoint info */
4044743Smarkm    struct host_info server[1];		/* server endpoint info */
41272949Spfg    void  (*sink) (int);		/* datagram sink function or 0 */
42272949Spfg    void  (*hostname) (struct host_info *); /* address to printable hostname */
43272949Spfg    void  (*hostaddr) (struct host_info *); /* address to printable address */
44272949Spfg    void  (*cleanup) (struct request_info *); /* cleanup function or 0 */
4544743Smarkm    struct netconfig *config;		/* netdir handle */
4644743Smarkm};
4744743Smarkm
4844743Smarkm/* Common string operations. Less clutter should be more readable. */
4944743Smarkm
50272949Spfg#define	STRN_CPY(d,s,l)	{ strncpy((d),(s),(l)); (d)[(l)-1] = 0; }
5144743Smarkm
52272949Spfg#define	STRN_EQ(x,y,l)	(strncasecmp((x),(y),(l)) == 0)
53272949Spfg#define	STRN_NE(x,y,l)	(strncasecmp((x),(y),(l)) != 0)
54272949Spfg#define	STR_EQ(x,y)	(strcasecmp((x),(y)) == 0)
55272949Spfg#define	STR_NE(x,y)	(strcasecmp((x),(y)) != 0)
5644743Smarkm
5744743Smarkm /*
5844743Smarkm  * Initially, all above strings have the empty value. Information that
5944743Smarkm  * cannot be determined at runtime is set to "unknown", so that we can
6044743Smarkm  * distinguish between `unavailable' and `not yet looked up'. A hostname
6144743Smarkm  * that we do not believe in is set to "paranoid".
6244743Smarkm  */
6344743Smarkm
64272949Spfg#define	STRING_UNKNOWN	"unknown"	/* lookup failed */
65272949Spfg#define	STRING_PARANOID	"paranoid"	/* hostname conflict */
6644743Smarkm
6744743Smarkmextern char unknown[];
6844743Smarkmextern char paranoid[];
6944743Smarkm
70272949Spfg#define	HOSTNAME_KNOWN(s) (STR_NE((s),unknown) && STR_NE((s),paranoid))
7144743Smarkm
72272949Spfg#define	NOT_INADDR(s) (s[strspn(s,"01234567890./")] != 0)
7344743Smarkm
7444743Smarkm/* Global functions. */
7544743Smarkm
7644743Smarkm#if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
77311813Sdimvoid fromhost(struct request_info *);	/* get/validate client host info */
7844743Smarkm#else
79272949Spfg#define	fromhost sock_host		/* no TLI support needed */
8044743Smarkm#endif
8144743Smarkm
82311813Sdimint hosts_access(struct request_info *);			/* access control */
83311813Sdimint hosts_ctl(char *, char *, char *, char *);			/* wrapper around request_init() */
84311813Sdimvoid shell_cmd(char *);						/* execute shell command */
85311813Sdimchar *percent_x(char *, int, char *, struct request_info *);	/* do %<char> expansion */
86311813Sdimvoid rfc931(TCPD_SOCKADDR *, TCPD_SOCKADDR *, char *);		/* client name from RFC 931 daemon */
87311813Sdimvoid clean_exit(struct request_info *);				/* clean up and exit */
88311813Sdimvoid refuse(struct request_info *);				/* clean up and exit */
89311813Sdimchar *xgets(char *, int, FILE *);				/* fgets() on steroids */
9044743Smarkm
91311813Sdimchar *split_at(char *, int);					/* strchr() and split */
92311813Sdimunsigned long dot_quad_addr(char *);				/* restricted inet_addr() */
93311813Sdim
9444743Smarkm/* Global variables. */
9544743Smarkm
9644743Smarkmextern int allow_severity;		/* for connection logging */
9744743Smarkmextern int deny_severity;		/* for connection logging */
9844743Smarkmextern char *hosts_allow_table;		/* for verification mode redirection */
9944743Smarkmextern char *hosts_deny_table;		/* for verification mode redirection */
10044743Smarkmextern int hosts_access_verbose;	/* for verbose matching mode */
10144743Smarkmextern int rfc931_timeout;		/* user lookup timeout */
10244743Smarkmextern int resident;			/* > 0 if resident process */
10344743Smarkm
10444743Smarkm /*
10544743Smarkm  * Routines for controlled initialization and update of request structure
10644743Smarkm  * attributes. Each attribute has its own key.
10744743Smarkm  */
10844743Smarkm
109311813Sdimstruct request_info *request_init(struct request_info *,...);	/* initialize request */
110311813Sdimstruct request_info *request_set(struct request_info *,...);	/* update request structure */
11144743Smarkm
112272949Spfg#define	RQ_FILE		1		/* file descriptor */
113272949Spfg#define	RQ_DAEMON	2		/* server process (argv[0]) */
114272949Spfg#define	RQ_USER		3		/* client user name */
115272949Spfg#define	RQ_CLIENT_NAME	4		/* client host name */
116272949Spfg#define	RQ_CLIENT_ADDR	5		/* client host address */
117272949Spfg#define	RQ_CLIENT_SIN	6		/* client endpoint (internal) */
118272949Spfg#define	RQ_SERVER_NAME	7		/* server host name */
119272949Spfg#define	RQ_SERVER_ADDR	8		/* server host address */
120272949Spfg#define	RQ_SERVER_SIN	9		/* server endpoint (internal) */
12144743Smarkm
12244743Smarkm /*
12344743Smarkm  * Routines for delayed evaluation of request attributes. Each attribute
12444743Smarkm  * type has its own access method. The trivial ones are implemented by
12544743Smarkm  * macros. The other ones are wrappers around the transport-specific host
12644743Smarkm  * name, address, and client user lookup methods. The request_info and
12744743Smarkm  * host_info structures serve as caches for the lookup results.
12844743Smarkm  */
12944743Smarkm
130311813Sdimchar *eval_user(struct request_info *);		/* client user */
131311813Sdimchar *eval_hostname(struct host_info *);	/* printable hostname */
132311813Sdimchar *eval_hostaddr(struct host_info *);	/* printable host address */
133311813Sdimchar *eval_hostinfo(struct host_info *);	/* host name or address */
134311813Sdimchar *eval_client(struct request_info *);	/* whatever is available */
135311813Sdimchar *eval_server(struct request_info *);	/* whatever is available */
136272949Spfg#define	eval_daemon(r)	((r)->daemon)	/* daemon process name */
137272949Spfg#define	eval_pid(r)	((r)->pid)	/* process id */
13844743Smarkm
13944743Smarkm/* Socket-specific methods, including DNS hostname lookups. */
14044743Smarkm
141311813Sdimvoid sock_host(struct request_info *);		/* look up endpoint addresses */
142311813Sdimvoid sock_hostname(struct host_info *);		/* translate address to hostname */
143311813Sdimvoid sock_hostaddr(struct host_info *);		/* address to printable address */
144272949Spfg#define	sock_methods(r) \
14544743Smarkm	{ (r)->hostname = sock_hostname; (r)->hostaddr = sock_hostaddr; }
14644743Smarkm
14744743Smarkm/* The System V Transport-Level Interface (TLI) interface. */
14844743Smarkm
14944743Smarkm#if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
150311813Sdimvoid tli_host(struct request_info *);		/* look up endpoint addresses etc. */
15144743Smarkm#endif
15244743Smarkm
15344743Smarkm /*
15444743Smarkm  * Problem reporting interface. Additional file/line context is reported
15544743Smarkm  * when available. The jump buffer (tcpd_buf) is not declared here, or
15644743Smarkm  * everyone would have to include <setjmp.h>.
15744743Smarkm  */
15844743Smarkm
159311813Sdimvoid tcpd_warn(char *, ...);		/* report problem and proceed */
160311813Sdimvoid tcpd_jump(char *, ...);		/* report problem and jump */
16144743Smarkm
16244743Smarkmstruct tcpd_context {
16344743Smarkm    char   *file;			/* current file */
16444743Smarkm    int     line;			/* current line */
16544743Smarkm};
16644743Smarkmextern struct tcpd_context tcpd_context;
16744743Smarkm
16844743Smarkm /*
16944743Smarkm  * While processing access control rules, error conditions are handled by
17044743Smarkm  * jumping back into the hosts_access() routine. This is cleaner than
17144743Smarkm  * checking the return value of each and every silly little function. The
17244743Smarkm  * (-1) returns are here because zero is already taken by longjmp().
17344743Smarkm  */
17444743Smarkm
175272949Spfg#define	AC_PERMIT	1		/* permit access */
176272949Spfg#define	AC_DENY		(-1)		/* deny_access */
177272949Spfg#define	AC_ERROR	AC_DENY		/* XXX */
17844743Smarkm
17944743Smarkm /*
18044743Smarkm  * In verification mode an option function should just say what it would do,
18144743Smarkm  * instead of really doing it. An option function that would not return
18244743Smarkm  * should clear the dry_run flag to inform the caller of this unusual
18344743Smarkm  * behavior.
18444743Smarkm  */
18544743Smarkm
186311813Sdimvoid process_options(char *, struct request_info *);	/* execute options */
187311813Sdimextern int dry_run;					/* verification flag */
18844743Smarkm
18944743Smarkm/* Bug workarounds. */
19044743Smarkm
19144743Smarkm#ifdef INET_ADDR_BUG			/* inet_addr() returns struct */
192272949Spfg#define	inet_addr fix_inet_addr
193311813Sdimlong fix_inet_addr(char *);
19444743Smarkm#endif
19544743Smarkm
19644743Smarkm#ifdef BROKEN_FGETS			/* partial reads from sockets */
197272949Spfg#define	fgets fix_fgets
198311813Sdimchar *fix_fgets(char *, int, FILE *);
19944743Smarkm#endif
20044743Smarkm
20144743Smarkm#ifdef RECVFROM_BUG			/* no address family info */
202272949Spfg#define	recvfrom fix_recvfrom
203311813Sdimint fix_recvfrom(int, char *, int, int, struct sockaddr *, int *);
20444743Smarkm#endif
20544743Smarkm
20644743Smarkm#ifdef GETPEERNAME_BUG			/* claims success with UDP */
207272949Spfg#define	getpeername fix_getpeername
208311813Sdimint fix_getpeername(int, struct sockaddr *, int *);
20944743Smarkm#endif
21044743Smarkm
21144743Smarkm#ifdef SOLARIS_24_GETHOSTBYNAME_BUG	/* lists addresses as aliases */
212272949Spfg#define	gethostbyname fix_gethostbyname
213311813Sdimstruct hostent *fix_gethostbyname(char *);
21444743Smarkm#endif
21544743Smarkm
21644743Smarkm#ifdef USE_STRSEP			/* libc calls strtok() */
217272949Spfg#define	strtok	fix_strtok
218311813Sdimchar *fix_strtok(char *, char *);
21944743Smarkm#endif
22044743Smarkm
22144743Smarkm#ifdef LIBC_CALLS_STRTOK		/* libc calls strtok() */
222272949Spfg#define	strtok	my_strtok
223311813Sdimchar *my_strtok(char *, char *);
22444743Smarkm#endif
225