1 /* 2 * @(#) tcpd.h 1.5 96/03/19 16:22:24 3 * 4 * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. 5 * 6 * $FreeBSD: src/contrib/tcp_wrappers/tcpd.h,v 1.2 2000/02/03 10:26:59 shin Exp $ 7 */ 8 9 #ifndef _LIBWRAP_TCPD_H 10 #define _LIBWRAP_TCPD_H 11 12 #include <sys/cdefs.h> 13 #include <sys/socket.h> 14 #include <stdio.h> 15 16 /* Structure to describe one communications endpoint. */ 17 18 #define STRING_LENGTH 128 /* hosts, users, processes */ 19 20 struct host_info { 21 char name[STRING_LENGTH]; /* access via eval_hostname(host) */ 22 char addr[STRING_LENGTH]; /* access via eval_hostaddr(host) */ 23 #ifdef INET6 24 struct sockaddr *sin; /* socket address or 0 */ 25 #else 26 struct sockaddr_in *sin; /* socket address or 0 */ 27 #endif 28 struct t_unitdata *unit; /* TLI transport address or 0 */ 29 struct request_info *request; /* for shared information */ 30 }; 31 32 /* Structure to describe what we know about a service request. */ 33 34 struct request_info { 35 int fd; /* socket handle */ 36 char user[STRING_LENGTH]; /* access via eval_user(request) */ 37 char daemon[STRING_LENGTH]; /* access via eval_daemon(request) */ 38 char pid[10]; /* access via eval_pid(request) */ 39 struct host_info client[1]; /* client endpoint info */ 40 struct host_info server[1]; /* server endpoint info */ 41 void (*sink) (int); /* datagram sink function or 0 */ 42 void (*hostname) /* address to printable hostname */ 43 (struct host_info *); 44 void (*hostaddr) /* address to printable address */ 45 (struct host_info *); 46 void (*cleanup) (void); /* cleanup function or 0 */ 47 struct netconfig *config; /* netdir handle */ 48 }; 49 50 /* Common string operations. Less clutter should be more readable. */ 51 52 #define STRN_CPY(d,s,l) { strncpy((d),(s),(l)); (d)[(l)-1] = 0; } 53 54 #define STRN_EQ(x,y,l) (strncasecmp((x),(y),(l)) == 0) 55 #define STRN_NE(x,y,l) (strncasecmp((x),(y),(l)) != 0) 56 #define STR_EQ(x,y) (strcasecmp((x),(y)) == 0) 57 #define STR_NE(x,y) (strcasecmp((x),(y)) != 0) 58 59 /* 60 * Initially, all above strings have the empty value. Information that 61 * cannot be determined at runtime is set to "unknown", so that we can 62 * distinguish between `unavailable' and `not yet looked up'. A hostname 63 * that we do not believe in is set to "paranoid". 64 */ 65 66 #define STRING_UNKNOWN "unknown" /* lookup failed */ 67 #define STRING_PARANOID "paranoid" /* hostname conflict */ 68 69 __BEGIN_DECLS 70 extern char unknown[]; 71 extern char paranoid[]; 72 __END_DECLS 73 74 #define HOSTNAME_KNOWN(s) (STR_NE((s),unknown) && STR_NE((s),paranoid)) 75 76 #define NOT_INADDR(s) (s[strspn(s,"01234567890./")] != 0) 77 78 /* Global functions. */ 79 80 __BEGIN_DECLS 81 #define fromhost sock_host 82 83 int hosts_access(struct request_info *);/* access control */ 84 int hosts_ctl(char *, char *, char *, char *);/* limited interface to the hosts_access() routine */ 85 void shell_cmd(char *); /* execute shell command */ 86 char *percent_x(char *, int, char *, struct request_info *);/* do %<char> expansion */ 87 void rfc931(struct sockaddr *, struct sockaddr *, char *);/* client name from RFC 931 daemon */ 88 void clean_exit(struct request_info *);/* clean up and exit */ 89 void refuse(struct request_info *); /* clean up and exit */ 90 char *xgets(char *, int, FILE *); /* fgets() on steroids */ 91 char *split_at(char *, int); /* strchr() and split */ 92 unsigned long dot_quad_addr(char *); /* restricted inet_addr() */ 93 94 /* Global variables. */ 95 96 extern int allow_severity; /* for connection logging */ 97 extern int deny_severity; /* for connection logging */ 98 extern char *hosts_allow_table; /* for verification mode redirection */ 99 extern char *hosts_deny_table; /* for verification mode redirection */ 100 extern int hosts_access_verbose; /* for verbose matching mode */ 101 extern int rfc931_timeout; /* user lookup timeout */ 102 extern int resident; /* > 0 if resident process */ 103 104 /* 105 * Routines for controlled initialization and update of request structure 106 * attributes. Each attribute has its own key. 107 */ 108 109 struct request_info *request_init(struct request_info *,...);/* initialize request */ 110 struct request_info *request_set(struct request_info *,...);/* update request structure */ 111 112 #define RQ_FILE 1 /* file descriptor */ 113 #define RQ_DAEMON 2 /* server process (argv[0]) */ 114 #define RQ_USER 3 /* client user name */ 115 #define RQ_CLIENT_NAME 4 /* client host name */ 116 #define RQ_CLIENT_ADDR 5 /* client host address */ 117 #define RQ_CLIENT_SIN 6 /* client endpoint (internal) */ 118 #define RQ_SERVER_NAME 7 /* server host name */ 119 #define RQ_SERVER_ADDR 8 /* server host address */ 120 #define RQ_SERVER_SIN 9 /* server endpoint (internal) */ 121 122 /* 123 * Routines for delayed evaluation of request attributes. Each attribute 124 * type has its own access method. The trivial ones are implemented by 125 * macros. The other ones are wrappers around the transport-specific host 126 * name, address, and client user lookup methods. The request_info and 127 * host_info structures serve as caches for the lookup results. 128 */ 129 130 char *eval_user(struct request_info *); /* client user */ 131 char *eval_hostname(struct host_info *); /* printable hostname */ 132 char *eval_hostaddr(struct host_info *); /* printable host address */ 133 char *eval_hostinfo(struct host_info *); /* host name or address */ 134 char *eval_client(struct request_info *); /* whatever is available */ 135 char *eval_server(struct request_info *); /* whatever is available */ 136 #define eval_daemon(r) ((r)->daemon) /* daemon process name */ 137 #define eval_pid(r) ((r)->pid) /* process id */ 138 139 /* Socket-specific methods, including DNS hostname lookups. */ 140 141 void sock_host(struct request_info *); /* look up endpoint addresses */ 142 void sock_hostname(struct host_info *); /* translate address to hostname */ 143 void sock_hostaddr(struct host_info *); /* address to printable address */ 144 #define sock_methods(r) \ 145 { (r)->hostname = sock_hostname; (r)->hostaddr = sock_hostaddr; } 146 147 /* 148 * Problem reporting interface. Additional file/line context is reported 149 * when available. The jump buffer (tcpd_buf) is not declared here, or 150 * everyone would have to include <setjmp.h>. 151 */ 152 153 void tcpd_warn(const char *, ...) __printflike(1, 2);/* report problem and proceed */ 154 void tcpd_jump(const char *, ...) __printflike(1, 2) __dead2;/* report problem and jump */ 155 __END_DECLS 156 157 struct tcpd_context { 158 char *file; /* current file */ 159 int line; /* current line */ 160 }; 161 __BEGIN_DECLS 162 extern struct tcpd_context tcpd_context; 163 __END_DECLS 164 165 /* 166 * While processing access control rules, error conditions are handled by 167 * jumping back into the hosts_access() routine. This is cleaner than 168 * checking the return value of each and every silly little function. The 169 * (-1) returns are here because zero is already taken by longjmp(). 170 */ 171 172 #define AC_PERMIT 1 /* permit access */ 173 #define AC_DENY (-1) /* deny_access */ 174 #define AC_ERROR AC_DENY /* XXX */ 175 176 __BEGIN_DECLS 177 /* 178 * In verification mode an option function should just say what it would do, 179 * instead of really doing it. An option function that would not return 180 * should clear the dry_run flag to inform the caller of this unusual 181 * behavior. 182 */ 183 184 void process_options(char *, struct request_info *); /* execute options */ 185 void fix_options(struct request_info *); /* get rid of IP-level socket options */ 186 187 extern int dry_run; /* verification flag */ 188 __END_DECLS 189 190 #endif /* !_LIBWRAP_TCPD_H */ 191