1 /*
2  * @(#) tcpd.h 1.5 96/03/19 16:22:24
3  *
4  * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
5  */
6 
7 #ifdef __cplusplus
8 extern "C" {
9 #endif
10 
11 /* Structure to describe one communications endpoint. */
12 
13 #define STRING_LENGTH 128 /* hosts, users, processes */
14 
15 struct host_info {
16   char name[STRING_LENGTH];     /* access via eval_hostname(host) */
17   char addr[STRING_LENGTH];     /* access via eval_hostaddr(host) */
18   struct sockaddr_in* sin;      /* socket address or 0 */
19   struct t_unitdata* unit;      /* TLI transport address or 0 */
20   struct request_info* request; /* for shared information */
21 };
22 
23 /* Structure to describe what we know about a service request. */
24 
25 struct request_info {
26   int fd;                     /* socket handle */
27   char user[STRING_LENGTH];   /* access via eval_user(request) */
28   char daemon[STRING_LENGTH]; /* access via eval_daemon(request) */
29   char pid[10];               /* access via eval_pid(request) */
30   struct host_info client[1]; /* client endpoint info */
31   struct host_info server[1]; /* server endpoint info */
32   void (*sink)();             /* datagram sink function or 0 */
33   void (*hostname)();         /* address to printable hostname */
34   void (*hostaddr)();         /* address to printable address */
35   void (*cleanup)();          /* cleanup function or 0 */
36   struct netconfig* config;   /* netdir handle */
37 };
38 
39 /* Common string operations. Less clutter should be more readable. */
40 
41 #define STRN_CPY(d, s, l)   \
42   {                         \
43     strncpy((d), (s), (l)); \
44     (d)[(l)-1] = 0;         \
45   }
46 
47 #define STRN_EQ(x, y, l) (strncasecmp((x), (y), (l)) == 0)
48 #define STRN_NE(x, y, l) (strncasecmp((x), (y), (l)) != 0)
49 #define STR_EQ(x, y) (strcasecmp((x), (y)) == 0)
50 #define STR_NE(x, y) (strcasecmp((x), (y)) != 0)
51 
52 /*
53  * Initially, all above strings have the empty value. Information that
54  * cannot be determined at runtime is set to "unknown", so that we can
55  * distinguish between `unavailable' and `not yet looked up'. A hostname
56  * that we do not believe in is set to "paranoid".
57  */
58 
59 #define STRING_UNKNOWN "unknown"   /* lookup failed */
60 #define STRING_PARANOID "paranoid" /* hostname conflict */
61 
62 extern char unknown[];
63 extern char paranoid[];
64 
65 #define HOSTNAME_KNOWN(s) (STR_NE((s), unknown) && STR_NE((s), paranoid))
66 
67 #define NOT_INADDR(s) (s[strspn(s, "01234567890./")] != 0)
68 
69 /* Global functions. */
70 
71 #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
72 extern void fromhost(); /* get/validate client host info */
73 #else
74 #define fromhost SockHost /* no TLI support needed */
75 #endif
76 
77 extern int HostsAccess(struct request_info*); /* access control */
78 extern void shell_cmd();                      /* execute shell command */
79 extern char* percent_x();                     /* do %<char> expansion */
80 extern void rfc931();                 /* client name from RFC 931 daemon */
81 extern void clean_exit();             /* clean up and exit */
82 extern void refuse();                 /* clean up and exit */
83 extern char* xgets();                 /* fgets() on steroids */
84 extern char* split_at();              /* strchr() and split */
85 extern unsigned long dot_quad_addr(); /* restricted InetAddr() */
86 
87 /* Global variables. */
88 
89 extern int allow_severity;       /* for connection logging */
90 extern int deny_severity;        /* for connection logging */
91 extern char* hosts_allow_table;  /* for verification mode redirection */
92 extern char* hosts_deny_table;   /* for verification mode redirection */
93 extern int hosts_access_verbose; /* for verbose matching mode */
94 extern int rfc931_timeout;       /* user lookup timeout */
95 extern int resident;             /* > 0 if resident process */
96 
97 /*
98  * Routines for controlled initialization and update of request structure
99  * attributes. Each attribute has its own key.
100  */
101 
102 #ifdef __STDC__
103 extern struct request_info* request_init(struct request_info*, ...);
104 extern struct request_info* request_set(struct request_info*, ...);
105 #else
106 extern struct request_info* request_init(); /* initialize request */
107 extern struct request_info* request_set();  /* update request structure */
108 #endif
109 
110 #define RQ_FILE 1        /* file descriptor */
111 #define RQ_DAEMON 2      /* server process (argv[0]) */
112 #define RQ_USER 3        /* client user name */
113 #define RQ_CLIENT_NAME 4 /* client host name */
114 #define RQ_CLIENT_ADDR 5 /* client host address */
115 #define RQ_CLIENT_SIN 6  /* client endpoint (internal) */
116 #define RQ_SERVER_NAME 7 /* server host name */
117 #define RQ_SERVER_ADDR 8 /* server host address */
118 #define RQ_SERVER_SIN 9  /* server endpoint (internal) */
119 
120 /*
121  * Routines for delayed evaluation of request attributes. Each attribute
122  * type has its own access method. The trivial ones are implemented by
123  * macros. The other ones are wrappers around the transport-specific host
124  * name, address, and client user lookup methods. The request_info and
125  * host_info structures serve as caches for the lookup results.
126  */
127 
128 extern char* eval_user();                       /* client user */
129 extern char* eval_hostname();                   /* printable hostname */
130 extern char* eval_hostaddr();                   /* printable host address */
131 extern char* eval_hostinfo();                   /* host name or address */
132 extern char* eval_client(struct request_info*); /* whatever is available */
133 extern char* eval_server();                     /* whatever is available */
134 #define eval_daemon(r) ((r)->daemon)            /* daemon process name */
135 #define eval_pid(r) ((r)->pid)                  /* process id */
136 
137 /* Socket-specific methods, including DNS hostname lookups. */
138 
139 extern void SockHost(struct request_info*);
140 extern void sock_hostname(); /* translate address to hostname */
141 extern void sock_hostaddr(); /* address to printable address */
142 #define sock_methods(r)            \
143   {                                \
144     (r)->hostname = sock_hostname; \
145     (r)->hostaddr = sock_hostaddr; \
146   }
147 
148 /* The System V Transport-Level Interface (TLI) interface. */
149 
150 #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
151 extern void tli_host(); /* look up endpoint addresses etc. */
152 #endif
153 
154 /*
155  * Problem reporting interface. Additional file/line context is reported
156  * when available. The jump buffer (tcpd_buf) is not declared here, or
157  * everyone would have to include <setjmp.h>.
158  */
159 
160 #ifdef __STDC__
161 extern void TcpdWarn(char*, ...); /* report problem and proceed */
162 extern void TcpdJump(char*, ...); /* report problem and jump */
163 #else
164 extern void TcpdWarn();
165 extern void TcpdJump();
166 #endif
167 
168 struct tcpd_context {
169   char* file; /* current file */
170   int line;   /* current line */
171 };
172 extern struct tcpd_context tcpd_context;
173 
174 /*
175  * While processing access control rules, error conditions are handled by
176  * jumping back into the HostsAccess() routine. This is cleaner than
177  * checking the return value of each and every silly little function. The
178  * (-1) returns are here because zero is already taken by longjmp().
179  */
180 
181 #define AC_PERMIT 1      /* permit access */
182 #define AC_DENY (-1)     /* deny_access */
183 #define AC_ERROR AC_DENY /* XXX */
184 
185 /*
186  * In verification mode an option function should just say what it would do,
187  * instead of really doing it. An option function that would not return
188  * should clear the dry_run flag to inform the caller of this unusual
189  * behavior.
190  */
191 
192 extern void process_options(); /* execute options */
193 extern int dry_run;            /* verification flag */
194 
195 /* Bug workarounds. */
196 
197 #ifdef INET_ADDR_BUG /* InetAddr() returns struct */
198 #define InetAddr fix_inet_addr
199 extern long fix_inet_addr();
200 #endif
201 
202 #ifdef BROKEN_FGETS /* partial reads from sockets */
203 #define fgets fix_fgets
204 extern char* fix_fgets();
205 #endif
206 
207 #ifdef RECVFROM_BUG /* no address family info */
208 #define recvfrom fix_recvfrom
209 extern int fix_recvfrom();
210 #endif
211 
212 #ifdef GETPEERNAME_BUG /* claims success with UDP */
213 #define getpeername fix_getpeername
214 extern int fix_getpeername();
215 #endif
216 
217 #ifdef SOLARIS_24_GETHOSTBYNAME_BUG /* lists addresses as aliases */
218 #define gethostbyname fix_gethostbyname
219 extern struct hostent* fix_gethostbyname();
220 #endif
221 
222 #ifdef USE_STRSEP /* libc calls strtok() */
223 #define strtok fix_strtok
224 extern char* fix_strtok();
225 #endif
226 
227 #ifdef LIBC_CALLS_STRTOK /* libc calls strtok() */
228 #define strtok my_strtok
229 extern char* my_strtok();
230 #endif
231 
232 #ifdef __cplusplus
233 }
234 #endif
235