1 /* $NetBSD: tcpd.h,v 1.15 2015/10/14 15:54:21 christos Exp $ */ 2 /* 3 * @(#) tcpd.h 1.5 96/03/19 16:22:24 4 * 5 * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. 6 */ 7 8 #include <sys/cdefs.h> 9 #include <stdio.h> 10 11 /* Structure to describe one communications endpoint. */ 12 13 #define STRING_LENGTH 128 /* hosts, users, processes */ 14 15 struct host_info { 16 char name[STRING_LENGTH]; /* access via eval_hostname(host) */ 17 char addr[STRING_LENGTH]; /* access via eval_hostaddr(host) */ 18 struct sockaddr *sin; /* socket address or 0 */ 19 struct t_unitdata *unit; /* TLI transport address or 0 */ 20 struct request_info *request; /* for shared information */ 21 }; 22 23 /* Structure to describe what we know about a service request. */ 24 25 struct request_info { 26 int fd; /* socket handle */ 27 char user[STRING_LENGTH]; /* access via eval_user(request) */ 28 char daemon[STRING_LENGTH]; /* access via eval_daemon(request) */ 29 char pid[10]; /* access via eval_pid(request) */ 30 struct host_info client[1]; /* client endpoint info */ 31 struct host_info server[1]; /* server endpoint info */ 32 void (*sink)(int); /* datagram sink function or 0 */ 33 void (*hostname)(struct host_info *); /* address to printable hostname */ 34 void (*hostaddr)(struct host_info *); /* address to printable address */ 35 void (*cleanup)(void); /* cleanup function or 0 */ 36 struct netconfig *config; /* netdir handle */ 37 }; 38 39 /* Common string operations. Less clutter should be more readable. */ 40 41 #define STRN_CPY(d,s,l) { strncpy((d),(s),(l)); (d)[(l)-1] = 0; } 42 43 #define STRN_EQ(x,y,l) (strncasecmp((x),(y),(l)) == 0) 44 #define STRN_NE(x,y,l) (strncasecmp((x),(y),(l)) != 0) 45 #define STR_EQ(x,y) (strcasecmp((x),(y)) == 0) 46 #define STR_NE(x,y) (strcasecmp((x),(y)) != 0) 47 48 /* 49 * Initially, all above strings have the empty value. Information that 50 * cannot be determined at runtime is set to "unknown", so that we can 51 * distinguish between `unavailable' and `not yet looked up'. A hostname 52 * that we do not believe in is set to "paranoid". 53 */ 54 55 #define STRING_UNKNOWN "unknown" /* lookup failed */ 56 #define STRING_PARANOID "paranoid" /* hostname conflict */ 57 58 __BEGIN_DECLS 59 extern char unknown[]; 60 extern char paranoid[]; 61 __END_DECLS 62 63 #define HOSTNAME_KNOWN(s) (STR_NE((s),unknown) && STR_NE((s),paranoid)) 64 65 #define NOT_INADDR(s) (s[strspn(s,"01234567890./")] != 0) 66 67 /* Global functions. */ 68 69 __BEGIN_DECLS 70 #define fromhost sock_host /* no TLI support needed */ 71 72 extern int hosts_access /* access control */ 73 (struct request_info *); 74 extern int hosts_ctl /* limited interface to hosts_access */ 75 (char *, char *, char *, char *); 76 extern void shell_cmd /* execute shell command */ 77 (char *); 78 extern char *percent_x /* do %<char> expansion */ 79 (char *, int, char *, struct request_info *); 80 extern void rfc931 /* client name from RFC 931 daemon */ 81 (struct sockaddr *, struct sockaddr *, char *); 82 __dead extern void clean_exit /* clean up and exit */ 83 (struct request_info *); 84 __dead extern void refuse /* clean up and exit */ 85 (struct request_info *); 86 extern char *xgets /* fgets() on steroids */ 87 (char *, int, FILE *); 88 extern char *split_at /* strchr() and split */ 89 (char *, int); 90 extern int dot_quad_addr /* restricted inet_aton() */ 91 (char *, unsigned long *); 92 93 /* Global variables. */ 94 95 extern int allow_severity; /* for connection logging */ 96 extern int deny_severity; /* for connection logging */ 97 extern const char *hosts_allow_table; /* for verification mode redirection */ 98 extern const char *hosts_deny_table; /* for verification mode redirection */ 99 extern int hosts_access_verbose; /* for verbose matching mode */ 100 extern int rfc931_timeout; /* user lookup timeout */ 101 extern int resident; /* > 0 if resident process */ 102 103 /* 104 * Routines for controlled initialization and update of request structure 105 * attributes. Each attribute has its own key. 106 */ 107 108 extern struct request_info *request_init /* initialize request */ 109 (struct request_info *,...); 110 extern struct request_info *request_set /* update request structure */ 111 (struct request_info *,...); 112 113 #define RQ_FILE 1 /* file descriptor */ 114 #define RQ_DAEMON 2 /* server process (argv[0]) */ 115 #define RQ_USER 3 /* client user name */ 116 #define RQ_CLIENT_NAME 4 /* client host name */ 117 #define RQ_CLIENT_ADDR 5 /* client host address */ 118 #define RQ_CLIENT_SIN 6 /* client endpoint (internal) */ 119 #define RQ_SERVER_NAME 7 /* server host name */ 120 #define RQ_SERVER_ADDR 8 /* server host address */ 121 #define RQ_SERVER_SIN 9 /* server endpoint (internal) */ 122 123 /* 124 * Routines for delayed evaluation of request attributes. Each attribute 125 * type has its own access method. The trivial ones are implemented by 126 * macros. The other ones are wrappers around the transport-specific host 127 * name, address, and client user lookup methods. The request_info and 128 * host_info structures serve as caches for the lookup results. 129 */ 130 131 extern char *eval_user /* client user */ 132 (struct request_info *); 133 extern char *eval_hostname /* printable hostname */ 134 (struct host_info *); 135 extern char *eval_hostaddr /* printable host address */ 136 (struct host_info *); 137 extern char *eval_hostinfo /* host name or address */ 138 (struct host_info *); 139 extern char *eval_client /* whatever is available */ 140 (struct request_info *); 141 extern char *eval_server /* whatever is available */ 142 (struct request_info *); 143 #define eval_daemon(r) ((r)->daemon) /* daemon process name */ 144 #define eval_pid(r) ((r)->pid) /* process id */ 145 146 /* Socket-specific methods, including DNS hostname lookups. */ 147 148 extern void sock_host /* look up endpoint addresses */ 149 (struct request_info *); 150 extern void sock_hostname /* translate address to hostname */ 151 (struct host_info *); 152 extern void sock_hostaddr /* address to printable address */ 153 (struct host_info *); 154 #define sock_methods(r) \ 155 { (r)->hostname = sock_hostname; (r)->hostaddr = sock_hostaddr; } 156 157 /* The System V Transport-Level Interface (TLI) interface. */ 158 159 #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT) 160 extern void tli_host /* look up endpoint addresses etc. */ 161 (struct request_info *); 162 #endif 163 164 /* 165 * Problem reporting interface. Additional file/line context is reported 166 * when available. The jump buffer (tcpd_buf) is not declared here, or 167 * everyone would have to include <setjmp.h>. 168 */ 169 170 /* Report problem and proceed */ 171 void tcpd_warn(const char *, ...) __sysloglike(1, 2); 172 173 /* Report problem and jump */ 174 void tcpd_jump(const char *, ...) __dead __sysloglike(1, 2); 175 __END_DECLS 176 177 struct tcpd_context { 178 const char *file; /* current file */ 179 int line; /* current line */ 180 }; 181 __BEGIN_DECLS 182 extern struct tcpd_context tcpd_context; 183 __END_DECLS 184 185 /* 186 * While processing access control rules, error conditions are handled by 187 * jumping back into the hosts_access() routine. This is cleaner than 188 * checking the return value of each and every silly little function. The 189 * (-1) returns are here because zero is already taken by longjmp(). 190 */ 191 192 #define AC_PERMIT 1 /* permit access */ 193 #define AC_DENY (-1) /* deny_access */ 194 #define AC_ERROR AC_DENY /* XXX */ 195 196 /* 197 * In verification mode an option function should just say what it would do, 198 * instead of really doing it. An option function that would not return 199 * should clear the dry_run flag to inform the caller of this unusual 200 * behavior. 201 */ 202 203 __BEGIN_DECLS 204 extern void process_options /* execute options */ 205 (char *, struct request_info *); 206 extern int dry_run; /* verification flag */ 207 extern void fix_options /* get rid of IP-level socket options */ 208 (struct request_info *); 209 __END_DECLS 210