1 /* 2 * @(#) tcpd.h 1.5 96/03/19 16:22:24 3 * 4 * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. 5 */ 6 7 #ifdef __cplusplus 8 extern "C" { 9 #endif 10 11 /* Structure to describe one communications endpoint. */ 12 13 #define STRING_LENGTH 128 /* hosts, users, processes */ 14 15 struct host_info { 16 char name[STRING_LENGTH]; /* access via eval_hostname(host) */ 17 char addr[STRING_LENGTH]; /* access via eval_hostaddr(host) */ 18 struct sockaddr_in* sin; /* socket address or 0 */ 19 struct t_unitdata* unit; /* TLI transport address or 0 */ 20 struct request_info* request; /* for shared information */ 21 }; 22 23 /* Structure to describe what we know about a service request. */ 24 25 struct request_info { 26 int fd; /* socket handle */ 27 char user[STRING_LENGTH]; /* access via eval_user(request) */ 28 char daemon[STRING_LENGTH]; /* access via eval_daemon(request) */ 29 char pid[10]; /* access via eval_pid(request) */ 30 struct host_info client[1]; /* client endpoint info */ 31 struct host_info server[1]; /* server endpoint info */ 32 void (*sink)(); /* datagram sink function or 0 */ 33 void (*hostname)(); /* address to printable hostname */ 34 void (*hostaddr)(); /* address to printable address */ 35 void (*cleanup)(); /* cleanup function or 0 */ 36 struct netconfig* config; /* netdir handle */ 37 }; 38 39 /* Common string operations. Less clutter should be more readable. */ 40 41 #define STRN_CPY(d, s, l) \ 42 { \ 43 strncpy((d), (s), (l)); \ 44 (d)[(l)-1] = 0; \ 45 } 46 47 #define STRN_EQ(x, y, l) (strncasecmp((x), (y), (l)) == 0) 48 #define STRN_NE(x, y, l) (strncasecmp((x), (y), (l)) != 0) 49 #define STR_EQ(x, y) (strcasecmp((x), (y)) == 0) 50 #define STR_NE(x, y) (strcasecmp((x), (y)) != 0) 51 52 /* 53 * Initially, all above strings have the empty value. Information that 54 * cannot be determined at runtime is set to "unknown", so that we can 55 * distinguish between `unavailable' and `not yet looked up'. A hostname 56 * that we do not believe in is set to "paranoid". 57 */ 58 59 #define STRING_UNKNOWN "unknown" /* lookup failed */ 60 #define STRING_PARANOID "paranoid" /* hostname conflict */ 61 62 extern char unknown[]; 63 extern char paranoid[]; 64 65 #define HOSTNAME_KNOWN(s) (STR_NE((s), unknown) && STR_NE((s), paranoid)) 66 67 #define NOT_INADDR(s) (s[strspn(s, "01234567890./")] != 0) 68 69 /* Global functions. */ 70 71 #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT) 72 extern void fromhost(); /* get/validate client host info */ 73 #else 74 #define fromhost SockHost /* no TLI support needed */ 75 #endif 76 77 extern int HostsAccess(struct request_info*); /* access control */ 78 extern void shell_cmd(); /* execute shell command */ 79 extern char* percent_x(); /* do %<char> expansion */ 80 extern void rfc931(); /* client name from RFC 931 daemon */ 81 extern void clean_exit(); /* clean up and exit */ 82 extern void refuse(); /* clean up and exit */ 83 extern char* xgets(); /* fgets() on steroids */ 84 extern char* split_at(); /* strchr() and split */ 85 extern unsigned long dot_quad_addr(); /* restricted InetAddr() */ 86 87 /* Global variables. */ 88 89 extern int allow_severity; /* for connection logging */ 90 extern int deny_severity; /* for connection logging */ 91 extern char* hosts_allow_table; /* for verification mode redirection */ 92 extern char* hosts_deny_table; /* for verification mode redirection */ 93 extern int hosts_access_verbose; /* for verbose matching mode */ 94 extern int rfc931_timeout; /* user lookup timeout */ 95 extern int resident; /* > 0 if resident process */ 96 97 /* 98 * Routines for controlled initialization and update of request structure 99 * attributes. Each attribute has its own key. 100 */ 101 102 #ifdef __STDC__ 103 extern struct request_info* request_init(struct request_info*, ...); 104 extern struct request_info* request_set(struct request_info*, ...); 105 #else 106 extern struct request_info* request_init(); /* initialize request */ 107 extern struct request_info* request_set(); /* update request structure */ 108 #endif 109 110 #define RQ_FILE 1 /* file descriptor */ 111 #define RQ_DAEMON 2 /* server process (argv[0]) */ 112 #define RQ_USER 3 /* client user name */ 113 #define RQ_CLIENT_NAME 4 /* client host name */ 114 #define RQ_CLIENT_ADDR 5 /* client host address */ 115 #define RQ_CLIENT_SIN 6 /* client endpoint (internal) */ 116 #define RQ_SERVER_NAME 7 /* server host name */ 117 #define RQ_SERVER_ADDR 8 /* server host address */ 118 #define RQ_SERVER_SIN 9 /* server endpoint (internal) */ 119 120 /* 121 * Routines for delayed evaluation of request attributes. Each attribute 122 * type has its own access method. The trivial ones are implemented by 123 * macros. The other ones are wrappers around the transport-specific host 124 * name, address, and client user lookup methods. The request_info and 125 * host_info structures serve as caches for the lookup results. 126 */ 127 128 extern char* eval_user(); /* client user */ 129 extern char* eval_hostname(); /* printable hostname */ 130 extern char* eval_hostaddr(); /* printable host address */ 131 extern char* eval_hostinfo(); /* host name or address */ 132 extern char* eval_client(struct request_info*); /* whatever is available */ 133 extern char* eval_server(); /* whatever is available */ 134 #define eval_daemon(r) ((r)->daemon) /* daemon process name */ 135 #define eval_pid(r) ((r)->pid) /* process id */ 136 137 /* Socket-specific methods, including DNS hostname lookups. */ 138 139 extern void SockHost(struct request_info*); 140 extern void sock_hostname(); /* translate address to hostname */ 141 extern void sock_hostaddr(); /* address to printable address */ 142 #define sock_methods(r) \ 143 { \ 144 (r)->hostname = sock_hostname; \ 145 (r)->hostaddr = sock_hostaddr; \ 146 } 147 148 /* The System V Transport-Level Interface (TLI) interface. */ 149 150 #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT) 151 extern void tli_host(); /* look up endpoint addresses etc. */ 152 #endif 153 154 /* 155 * Problem reporting interface. Additional file/line context is reported 156 * when available. The jump buffer (tcpd_buf) is not declared here, or 157 * everyone would have to include <setjmp.h>. 158 */ 159 160 #ifdef __STDC__ 161 extern void TcpdWarn(char*, ...); /* report problem and proceed */ 162 extern void TcpdJump(char*, ...); /* report problem and jump */ 163 #else 164 extern void TcpdWarn(); 165 extern void TcpdJump(); 166 #endif 167 168 struct tcpd_context { 169 char* file; /* current file */ 170 int line; /* current line */ 171 }; 172 extern struct tcpd_context tcpd_context; 173 174 /* 175 * While processing access control rules, error conditions are handled by 176 * jumping back into the HostsAccess() routine. This is cleaner than 177 * checking the return value of each and every silly little function. The 178 * (-1) returns are here because zero is already taken by longjmp(). 179 */ 180 181 #define AC_PERMIT 1 /* permit access */ 182 #define AC_DENY (-1) /* deny_access */ 183 #define AC_ERROR AC_DENY /* XXX */ 184 185 /* 186 * In verification mode an option function should just say what it would do, 187 * instead of really doing it. An option function that would not return 188 * should clear the dry_run flag to inform the caller of this unusual 189 * behavior. 190 */ 191 192 extern void process_options(); /* execute options */ 193 extern int dry_run; /* verification flag */ 194 195 /* Bug workarounds. */ 196 197 #ifdef INET_ADDR_BUG /* InetAddr() returns struct */ 198 #define InetAddr fix_inet_addr 199 extern long fix_inet_addr(); 200 #endif 201 202 #ifdef BROKEN_FGETS /* partial reads from sockets */ 203 #define fgets fix_fgets 204 extern char* fix_fgets(); 205 #endif 206 207 #ifdef RECVFROM_BUG /* no address family info */ 208 #define recvfrom fix_recvfrom 209 extern int fix_recvfrom(); 210 #endif 211 212 #ifdef GETPEERNAME_BUG /* claims success with UDP */ 213 #define getpeername fix_getpeername 214 extern int fix_getpeername(); 215 #endif 216 217 #ifdef SOLARIS_24_GETHOSTBYNAME_BUG /* lists addresses as aliases */ 218 #define gethostbyname fix_gethostbyname 219 extern struct hostent* fix_gethostbyname(); 220 #endif 221 222 #ifdef USE_STRSEP /* libc calls strtok() */ 223 #define strtok fix_strtok 224 extern char* fix_strtok(); 225 #endif 226 227 #ifdef LIBC_CALLS_STRTOK /* libc calls strtok() */ 228 #define strtok my_strtok 229 extern char* my_strtok(); 230 #endif 231 232 #ifdef __cplusplus 233 } 234 #endif 235