1/* $NetBSD: tcpd.h,v 1.12.56.1 2012/04/23 16:48:56 riz Exp $ */ 2 /* 3 * @(#) tcpd.h 1.5 96/03/19 16:22:24 4 * 5 * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. 6 */ 7 8#include <sys/cdefs.h> 9#include <stdio.h> 10 11/* Structure to describe one communications endpoint. */ 12 13#define STRING_LENGTH 128 /* hosts, users, processes */ 14 15struct host_info { 16 char name[STRING_LENGTH]; /* access via eval_hostname(host) */ 17 char addr[STRING_LENGTH]; /* access via eval_hostaddr(host) */ 18 struct sockaddr *sin; /* socket address or 0 */ 19 struct t_unitdata *unit; /* TLI transport address or 0 */ 20 struct request_info *request; /* for shared information */ 21}; 22 23/* Structure to describe what we know about a service request. */ 24 25struct request_info { 26 int fd; /* socket handle */ 27 char user[STRING_LENGTH]; /* access via eval_user(request) */ 28 char daemon[STRING_LENGTH]; /* access via eval_daemon(request) */ 29 char pid[10]; /* access via eval_pid(request) */ 30 struct host_info client[1]; /* client endpoint info */ 31 struct host_info server[1]; /* server endpoint info */ 32 void (*sink) /* datagram sink function or 0 */ 33 __P((int)); 34 void (*hostname) /* address to printable hostname */ 35 __P((struct host_info *)); 36 void (*hostaddr) /* address to printable address */ 37 __P((struct host_info *)); 38 void (*cleanup) /* cleanup function or 0 */ 39 __P((void)); 40 struct netconfig *config; /* netdir handle */ 41}; 42 43/* Common string operations. Less clutter should be more readable. */ 44 45#define STRN_CPY(d,s,l) { strncpy((d),(s),(l)); (d)[(l)-1] = 0; } 46 47#define STRN_EQ(x,y,l) (strncasecmp((x),(y),(l)) == 0) 48#define STRN_NE(x,y,l) (strncasecmp((x),(y),(l)) != 0) 49#define STR_EQ(x,y) (strcasecmp((x),(y)) == 0) 50#define STR_NE(x,y) (strcasecmp((x),(y)) != 0) 51 52 /* 53 * Initially, all above strings have the empty value. Information that 54 * cannot be determined at runtime is set to "unknown", so that we can 55 * distinguish between `unavailable' and `not yet looked up'. A hostname 56 * that we do not believe in is set to "paranoid". 57 */ 58 59#define STRING_UNKNOWN "unknown" /* lookup failed */ 60#define STRING_PARANOID "paranoid" /* hostname conflict */ 61 62__BEGIN_DECLS 63extern char unknown[]; 64extern char paranoid[]; 65__END_DECLS 66 67#define HOSTNAME_KNOWN(s) (STR_NE((s),unknown) && STR_NE((s),paranoid)) 68 69#define NOT_INADDR(s) (s[strspn(s,"01234567890./")] != 0) 70 71/* Global functions. */ 72 73__BEGIN_DECLS 74#define fromhost sock_host /* no TLI support needed */ 75 76extern int hosts_access /* access control */ 77 __P((struct request_info *)); 78extern int hosts_ctl /* limited interface to hosts_access */ 79 __P((char *, char *, char *, char *)); 80extern void shell_cmd /* execute shell command */ 81 __P((char *)); 82extern char *percent_x /* do %<char> expansion */ 83 __P((char *, int, char *, struct request_info *)); 84extern void rfc931 /* client name from RFC 931 daemon */ 85 __P((struct sockaddr *, struct sockaddr *, char *)); 86extern void clean_exit /* clean up and exit */ 87 __P((struct request_info *)); 88extern void refuse /* clean up and exit */ 89 __P((struct request_info *)); 90extern char *xgets /* fgets() on steroids */ 91 __P((char *, int, FILE *)); 92extern char *split_at /* strchr() and split */ 93 __P((char *, int)); 94extern int dot_quad_addr /* restricted inet_aton() */ 95 __P((char *, unsigned long *)); 96 97/* Global variables. */ 98 99extern int allow_severity; /* for connection logging */ 100extern int deny_severity; /* for connection logging */ 101extern char *hosts_allow_table; /* for verification mode redirection */ 102extern char *hosts_deny_table; /* for verification mode redirection */ 103extern int hosts_access_verbose; /* for verbose matching mode */ 104extern int rfc931_timeout; /* user lookup timeout */ 105extern int resident; /* > 0 if resident process */ 106 107 /* 108 * Routines for controlled initialization and update of request structure 109 * attributes. Each attribute has its own key. 110 */ 111 112extern struct request_info *request_init /* initialize request */ 113 __P((struct request_info *,...)); 114extern struct request_info *request_set /* update request structure */ 115 __P((struct request_info *,...)); 116 117#define RQ_FILE 1 /* file descriptor */ 118#define RQ_DAEMON 2 /* server process (argv[0]) */ 119#define RQ_USER 3 /* client user name */ 120#define RQ_CLIENT_NAME 4 /* client host name */ 121#define RQ_CLIENT_ADDR 5 /* client host address */ 122#define RQ_CLIENT_SIN 6 /* client endpoint (internal) */ 123#define RQ_SERVER_NAME 7 /* server host name */ 124#define RQ_SERVER_ADDR 8 /* server host address */ 125#define RQ_SERVER_SIN 9 /* server endpoint (internal) */ 126 127 /* 128 * Routines for delayed evaluation of request attributes. Each attribute 129 * type has its own access method. The trivial ones are implemented by 130 * macros. The other ones are wrappers around the transport-specific host 131 * name, address, and client user lookup methods. The request_info and 132 * host_info structures serve as caches for the lookup results. 133 */ 134 135extern char *eval_user /* client user */ 136 __P((struct request_info *)); 137extern char *eval_hostname /* printable hostname */ 138 __P((struct host_info *)); 139extern char *eval_hostaddr /* printable host address */ 140 __P((struct host_info *)); 141extern char *eval_hostinfo /* host name or address */ 142 __P((struct host_info *)); 143extern char *eval_client /* whatever is available */ 144 __P((struct request_info *)); 145extern char *eval_server /* whatever is available */ 146 __P((struct request_info *)); 147#define eval_daemon(r) ((r)->daemon) /* daemon process name */ 148#define eval_pid(r) ((r)->pid) /* process id */ 149 150/* Socket-specific methods, including DNS hostname lookups. */ 151 152extern void sock_host /* look up endpoint addresses */ 153 __P((struct request_info *)); 154extern void sock_hostname /* translate address to hostname */ 155 __P((struct host_info *)); 156extern void sock_hostaddr /* address to printable address */ 157 __P((struct host_info *)); 158#define sock_methods(r) \ 159 { (r)->hostname = sock_hostname; (r)->hostaddr = sock_hostaddr; } 160 161/* The System V Transport-Level Interface (TLI) interface. */ 162 163#if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT) 164extern void tli_host /* look up endpoint addresses etc. */ 165 __P((struct request_info *)); 166#endif 167 168 /* 169 * Problem reporting interface. Additional file/line context is reported 170 * when available. The jump buffer (tcpd_buf) is not declared here, or 171 * everyone would have to include <setjmp.h>. 172 */ 173 174extern void tcpd_warn /* report problem and proceed */ 175 __P((char *, ...)) 176 __attribute__((__format__(__printf__, 1, 2))); 177extern void tcpd_jump /* report problem and jump */ 178 __P((char *, ...)) 179 __attribute__((__format__(__printf__, 1, 2))); 180__END_DECLS 181 182struct tcpd_context { 183 char *file; /* current file */ 184 int line; /* current line */ 185}; 186__BEGIN_DECLS 187extern struct tcpd_context tcpd_context; 188__END_DECLS 189 190 /* 191 * While processing access control rules, error conditions are handled by 192 * jumping back into the hosts_access() routine. This is cleaner than 193 * checking the return value of each and every silly little function. The 194 * (-1) returns are here because zero is already taken by longjmp(). 195 */ 196 197#define AC_PERMIT 1 /* permit access */ 198#define AC_DENY (-1) /* deny_access */ 199#define AC_ERROR AC_DENY /* XXX */ 200 201 /* 202 * In verification mode an option function should just say what it would do, 203 * instead of really doing it. An option function that would not return 204 * should clear the dry_run flag to inform the caller of this unusual 205 * behavior. 206 */ 207 208__BEGIN_DECLS 209extern void process_options /* execute options */ 210 __P((char *, struct request_info *)); 211extern int dry_run; /* verification flag */ 212extern void fix_options /* get rid of IP-level socket options */ 213 __P((struct request_info *)); 214__END_DECLS 215