1  /*
2   * @(#) tcpd.h 1.5 96/03/19 16:22:24
3   *
4   * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
5   */
6 
7 /*
8  * This version of the file has been hacked over by
9  *   Kern Sibbald to make it compatible with C++ for
10  *   the few functions that Bacula uses.  19 April 2002
11  *  It now compiles with C++ but remains untested.
12  *  A correct fix would require significantly more work.
13  */
14 
15 #ifdef __cplusplus
16 extern "C" {
17 #endif
18 
19 /* Structure to describe one communications endpoint. */
20 
21 #define STRING_LENGTH   128             /* hosts, users, processes */
22 
23 struct host_info {
24     char    name[STRING_LENGTH];        /* access via eval_hostname(host) */
25     char    addr[STRING_LENGTH];        /* access via eval_hostaddr(host) */
26     struct sockaddr_in *sin;            /* socket address or 0 */
27     struct t_unitdata *unit;            /* TLI transport address or 0 */
28     struct request_info *request;       /* for shared information */
29 };
30 
31 /* Structure to describe what we know about a service request. */
32 
33 struct request_info {
34     int     fd;                         /* socket handle */
35     char    user[STRING_LENGTH];        /* access via eval_user(request) */
36     char    daemon[STRING_LENGTH];      /* access via eval_daemon(request) */
37     char    pid[10];                    /* access via eval_pid(request) */
38     struct host_info client[1];         /* client endpoint info */
39     struct host_info server[1];         /* server endpoint info */
40     void  (*sink) (void);               /* datagram sink function or 0 */
41     void  (*hostname) (void);           /* address to printable hostname */
42     void  (*hostaddr) (void);           /* address to printable address */
43     void  (*cleanup) (void);            /* cleanup function or 0 */
44     struct netconfig *config;           /* netdir handle */
45 };
46 
47 /* Common string operations. Less clutter should be more readable. */
48 
49 #define STRN_CPY(d,s,l) { strncpy((d),(s),(l)); (d)[(l)-1] = 0; }
50 
51 #define STRN_EQ(x,y,l)  (strncasecmp((x),(y),(l)) == 0)
52 #define STRN_NE(x,y,l)  (strncasecmp((x),(y),(l)) != 0)
53 #define STR_EQ(x,y)     (strcasecmp((x),(y)) == 0)
54 #define STR_NE(x,y)     (strcasecmp((x),(y)) != 0)
55 
56  /*
57   * Initially, all above strings have the empty value. Information that
58   * cannot be determined at runtime is set to "unknown", so that we can
59   * distinguish between `unavailable' and `not yet looked up'. A hostname
60   * that we do not believe in is set to "paranoid".
61   */
62 
63 #define STRING_UNKNOWN  "unknown"       /* lookup failed */
64 #define STRING_PARANOID "paranoid"      /* hostname conflict */
65 
66 extern char unknown[];
67 extern char paranoid[];
68 
69 #define HOSTNAME_KNOWN(s) (STR_NE((s),unknown) && STR_NE((s),paranoid))
70 
71 #define NOT_INADDR(s) (s[strspn(s,"01234567890./")] != 0)
72 
73 /* Global functions. */
74 
75 #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
76 extern void fromhost();                 /* get/validate client host info */
77 #else
78 #define fromhost sock_host              /* no TLI support needed */
79 #endif
80 
81 extern int hosts_access(struct request_info *); /* access control */
82 extern void shell_cmd(void);            /* execute shell command */
83 extern char *percent_x(void);               /* do %<char> expansion */
84 extern void rfc931(void);                   /* client name from RFC 931 daemon */
85 extern void clean_exit(void);               /* clean up and exit */
86 extern void refuse(void);                   /* clean up and exit */
87 extern char *xgets(void);                   /* fgets() on steroids */
88 extern char *split_at(void);                /* strchr() and split */
89 extern unsigned long dot_quad_addr(void);   /* restricted inet_addr() */
90 
91 /* Global variables. */
92 
93 extern int allow_severity;              /* for connection logging */
94 extern int deny_severity;               /* for connection logging */
95 extern char *hosts_allow_table;         /* for verification mode redirection */
96 extern char *hosts_deny_table;          /* for verification mode redirection */
97 extern int hosts_access_verbose;        /* for verbose matching mode */
98 extern int rfc931_timeout;              /* user lookup timeout */
99 extern int resident;                    /* > 0 if resident process */
100 
101  /*
102   * Routines for controlled initialization and update of request structure
103   * attributes. Each attribute has its own key.
104   */
105 
106 #ifdef __STDC__
107 extern struct request_info *request_init(struct request_info *,...);
108 extern struct request_info *request_set(struct request_info *,...);
109 #else
110 extern struct request_info *request_init();     /* initialize request */
111 extern struct request_info *request_set();      /* update request structure */
112 #endif
113 
114 #define RQ_FILE         1               /* file descriptor */
115 #define RQ_DAEMON       2               /* server process (argv[0]) */
116 #define RQ_USER         3               /* client user name */
117 #define RQ_CLIENT_NAME  4               /* client host name */
118 #define RQ_CLIENT_ADDR  5               /* client host address */
119 #define RQ_CLIENT_SIN   6               /* client endpoint (internal) */
120 #define RQ_SERVER_NAME  7               /* server host name */
121 #define RQ_SERVER_ADDR  8               /* server host address */
122 #define RQ_SERVER_SIN   9               /* server endpoint (internal) */
123 
124  /*
125   * Routines for delayed evaluation of request attributes. Each attribute
126   * type has its own access method. The trivial ones are implemented by
127   * macros. The other ones are wrappers around the transport-specific host
128   * name, address, and client user lookup methods. The request_info and
129   * host_info structures serve as caches for the lookup results.
130   */
131 
132 extern char *eval_user(void);               /* client user */
133 extern char *eval_hostname(void);           /* printable hostname */
134 extern char *eval_hostaddr(void);           /* printable host address */
135 extern char *eval_hostinfo(void);           /* host name or address */
136 extern char *eval_client(struct request_info *); /* whatever is available */
137 extern char *eval_server(void);             /* whatever is available */
138 #define eval_daemon(r)  ((r)->daemon)   /* daemon process name */
139 #define eval_pid(r)     ((r)->pid)      /* process id */
140 
141 /* Socket-specific methods, including DNS hostname lookups. */
142 
143 extern void sock_host(struct request_info *);
144 extern void sock_hostname(void);            /* translate address to hostname */
145 extern void sock_hostaddr(void);            /* address to printable address */
146 #define sock_methods(r) \
147         { (r)->hostname = sock_hostname; (r)->hostaddr = sock_hostaddr; }
148 
149 /* The System V Transport-Level Interface (TLI) interface. */
150 
151 #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
152 extern void tli_host();                 /* look up endpoint addresses etc. */
153 #endif
154 
155  /*
156   * Problem reporting interface. Additional file/line context is reported
157   * when available. The jump buffer (tcpd_buf) is not declared here, or
158   * everyone would have to include <setjmp.h>.
159   */
160 
161 #ifdef __STDC__
162 extern void tcpd_warn(char *, ...);     /* report problem and proceed */
163 extern void tcpd_jump(char *, ...);     /* report problem and jump */
164 #else
165 extern void tcpd_warn();
166 extern void tcpd_jump();
167 #endif
168 
169 struct tcpd_context {
170     char   *file;                       /* current file */
171     int     line;                       /* current line */
172 };
173 extern struct tcpd_context tcpd_context;
174 
175  /*
176   * While processing access control rules, error conditions are handled by
177   * jumping back into the hosts_access() routine. This is cleaner than
178   * checking the return value of each and every silly little function. The
179   * (-1) returns are here because zero is already taken by longjmp().
180   */
181 
182 #define AC_PERMIT       1               /* permit access */
183 #define AC_DENY         (-1)            /* deny_access */
184 #define AC_ERROR        AC_DENY         /* XXX */
185 
186  /*
187   * In verification mode an option function should just say what it would do,
188   * instead of really doing it. An option function that would not return
189   * should clear the dry_run flag to inform the caller of this unusual
190   * behavior.
191   */
192 
193 extern void process_options(void);          /* execute options */
194 extern int dry_run;                     /* verification flag */
195 
196 /* Bug workarounds. */
197 
198 #ifdef INET_ADDR_BUG                    /* inet_addr() returns struct */
199 #define inet_addr fix_inet_addr
200 extern long fix_inet_addr(void);
201 #endif
202 
203 #ifdef BROKEN_FGETS                     /* partial reads from sockets */
204 #define fgets fix_fgets
205 extern char *fix_fgets(void);
206 #endif
207 
208 #ifdef RECVFROM_BUG                     /* no address family info */
209 #define recvfrom fix_recvfrom
210 extern int fix_recvfrom(void);
211 #endif
212 
213 #ifdef GETPEERNAME_BUG                  /* claims success with UDP */
214 #define getpeername fix_getpeername
215 extern int fix_getpeername(void);
216 #endif
217 
218 #ifdef SOLARIS_24_GETHOSTBYNAME_BUG     /* lists addresses as aliases */
219 #define gethostbyname fix_gethostbyname
220 extern struct hostent *fix_gethostbyname(void);
221 #endif
222 
223 #ifdef USE_STRSEP                       /* libc calls strtok(void) */
224 #define strtok  fix_strtok
225 extern char *fix_strtok(void);
226 #endif
227 
228 #ifdef LIBC_CALLS_STRTOK                /* libc calls strtok() */
229 #define strtok  my_strtok
230 extern char *my_strtok(void);
231 #endif
232 
233 #ifdef __cplusplus
234 }
235 #endif
236