tcpd.h revision 1.4.2.1
1 1.4.2.1 he /* $NetBSD: tcpd.h,v 1.4.2.1 2002/03/07 21:15:23 he Exp $ */ 2 1.1 mrg /* 3 1.1 mrg * @(#) tcpd.h 1.5 96/03/19 16:22:24 4 1.1 mrg * 5 1.1 mrg * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. 6 1.1 mrg */ 7 1.1 mrg 8 1.4.2.1 he #include <sys/cdefs.h> 9 1.4.2.1 he #include <stdio.h> 10 1.4.2.1 he 11 1.1 mrg /* Structure to describe one communications endpoint. */ 12 1.1 mrg 13 1.1 mrg #define STRING_LENGTH 128 /* hosts, users, processes */ 14 1.1 mrg 15 1.1 mrg struct host_info { 16 1.1 mrg char name[STRING_LENGTH]; /* access via eval_hostname(host) */ 17 1.1 mrg char addr[STRING_LENGTH]; /* access via eval_hostaddr(host) */ 18 1.1 mrg struct sockaddr_in *sin; /* socket address or 0 */ 19 1.1 mrg struct t_unitdata *unit; /* TLI transport address or 0 */ 20 1.1 mrg struct request_info *request; /* for shared information */ 21 1.1 mrg }; 22 1.1 mrg 23 1.1 mrg /* Structure to describe what we know about a service request. */ 24 1.1 mrg 25 1.1 mrg struct request_info { 26 1.1 mrg int fd; /* socket handle */ 27 1.1 mrg char user[STRING_LENGTH]; /* access via eval_user(request) */ 28 1.1 mrg char daemon[STRING_LENGTH]; /* access via eval_daemon(request) */ 29 1.1 mrg char pid[10]; /* access via eval_pid(request) */ 30 1.1 mrg struct host_info client[1]; /* client endpoint info */ 31 1.1 mrg struct host_info server[1]; /* server endpoint info */ 32 1.2 christos void (*sink) /* datagram sink function or 0 */ 33 1.2 christos __P((int)); 34 1.2 christos void (*hostname) /* address to printable hostname */ 35 1.2 christos __P((struct host_info *)); 36 1.2 christos void (*hostaddr) /* address to printable address */ 37 1.2 christos __P((struct host_info *)); 38 1.2 christos void (*cleanup) /* cleanup function or 0 */ 39 1.2 christos __P((void)); 40 1.1 mrg struct netconfig *config; /* netdir handle */ 41 1.1 mrg }; 42 1.1 mrg 43 1.1 mrg /* Common string operations. Less clutter should be more readable. */ 44 1.1 mrg 45 1.1 mrg #define STRN_CPY(d,s,l) { strncpy((d),(s),(l)); (d)[(l)-1] = 0; } 46 1.1 mrg 47 1.1 mrg #define STRN_EQ(x,y,l) (strncasecmp((x),(y),(l)) == 0) 48 1.1 mrg #define STRN_NE(x,y,l) (strncasecmp((x),(y),(l)) != 0) 49 1.1 mrg #define STR_EQ(x,y) (strcasecmp((x),(y)) == 0) 50 1.1 mrg #define STR_NE(x,y) (strcasecmp((x),(y)) != 0) 51 1.1 mrg 52 1.1 mrg /* 53 1.1 mrg * Initially, all above strings have the empty value. Information that 54 1.1 mrg * cannot be determined at runtime is set to "unknown", so that we can 55 1.1 mrg * distinguish between `unavailable' and `not yet looked up'. A hostname 56 1.1 mrg * that we do not believe in is set to "paranoid". 57 1.1 mrg */ 58 1.1 mrg 59 1.1 mrg #define STRING_UNKNOWN "unknown" /* lookup failed */ 60 1.1 mrg #define STRING_PARANOID "paranoid" /* hostname conflict */ 61 1.1 mrg 62 1.4.2.1 he __BEGIN_DECLS 63 1.1 mrg extern char unknown[]; 64 1.1 mrg extern char paranoid[]; 65 1.4.2.1 he __END_DECLS 66 1.1 mrg 67 1.1 mrg #define HOSTNAME_KNOWN(s) (STR_NE((s),unknown) && STR_NE((s),paranoid)) 68 1.1 mrg 69 1.1 mrg #define NOT_INADDR(s) (s[strspn(s,"01234567890./")] != 0) 70 1.1 mrg 71 1.1 mrg /* Global functions. */ 72 1.1 mrg 73 1.4.2.1 he __BEGIN_DECLS 74 1.1 mrg #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT) 75 1.2 christos extern void fromhost /* get/validate client host info */ 76 1.2 christos __P((struct request_info *)); 77 1.1 mrg #else 78 1.1 mrg #define fromhost sock_host /* no TLI support needed */ 79 1.1 mrg #endif 80 1.1 mrg 81 1.2 christos extern int hosts_access /* access control */ 82 1.2 christos __P((struct request_info *)); 83 1.2 christos extern int hosts_ctl /* limited interface to hosts_access */ 84 1.2 christos __P((char *, char *, char *, char *)); 85 1.2 christos extern void shell_cmd /* execute shell command */ 86 1.2 christos __P((char *)); 87 1.2 christos extern char *percent_x /* do %<char> expansion */ 88 1.2 christos __P((char *, int, char *, struct request_info *)); 89 1.2 christos extern void rfc931 /* client name from RFC 931 daemon */ 90 1.2 christos __P((struct sockaddr_in *, struct sockaddr_in *, char *)); 91 1.2 christos extern void clean_exit /* clean up and exit */ 92 1.2 christos __P((struct request_info *)); 93 1.2 christos extern void refuse /* clean up and exit */ 94 1.2 christos __P((struct request_info *)); 95 1.2 christos extern char *xgets /* fgets() on steroids */ 96 1.2 christos __P((char *, int, FILE *)); 97 1.2 christos extern char *split_at /* strchr() and split */ 98 1.2 christos __P((char *, int)); 99 1.2 christos extern unsigned long dot_quad_addr /* restricted inet_addr() */ 100 1.2 christos __P((char *)); 101 1.1 mrg 102 1.1 mrg /* Global variables. */ 103 1.1 mrg 104 1.1 mrg extern int allow_severity; /* for connection logging */ 105 1.1 mrg extern int deny_severity; /* for connection logging */ 106 1.1 mrg extern char *hosts_allow_table; /* for verification mode redirection */ 107 1.1 mrg extern char *hosts_deny_table; /* for verification mode redirection */ 108 1.1 mrg extern int hosts_access_verbose; /* for verbose matching mode */ 109 1.1 mrg extern int rfc931_timeout; /* user lookup timeout */ 110 1.1 mrg extern int resident; /* > 0 if resident process */ 111 1.1 mrg 112 1.1 mrg /* 113 1.1 mrg * Routines for controlled initialization and update of request structure 114 1.1 mrg * attributes. Each attribute has its own key. 115 1.1 mrg */ 116 1.1 mrg 117 1.2 christos extern struct request_info *request_init /* initialize request */ 118 1.2 christos __P((struct request_info *,...)); 119 1.2 christos extern struct request_info *request_set /* update request structure */ 120 1.2 christos __P((struct request_info *,...)); 121 1.1 mrg 122 1.1 mrg #define RQ_FILE 1 /* file descriptor */ 123 1.1 mrg #define RQ_DAEMON 2 /* server process (argv[0]) */ 124 1.1 mrg #define RQ_USER 3 /* client user name */ 125 1.1 mrg #define RQ_CLIENT_NAME 4 /* client host name */ 126 1.1 mrg #define RQ_CLIENT_ADDR 5 /* client host address */ 127 1.1 mrg #define RQ_CLIENT_SIN 6 /* client endpoint (internal) */ 128 1.1 mrg #define RQ_SERVER_NAME 7 /* server host name */ 129 1.1 mrg #define RQ_SERVER_ADDR 8 /* server host address */ 130 1.1 mrg #define RQ_SERVER_SIN 9 /* server endpoint (internal) */ 131 1.1 mrg 132 1.1 mrg /* 133 1.1 mrg * Routines for delayed evaluation of request attributes. Each attribute 134 1.1 mrg * type has its own access method. The trivial ones are implemented by 135 1.1 mrg * macros. The other ones are wrappers around the transport-specific host 136 1.1 mrg * name, address, and client user lookup methods. The request_info and 137 1.1 mrg * host_info structures serve as caches for the lookup results. 138 1.1 mrg */ 139 1.1 mrg 140 1.2 christos extern char *eval_user /* client user */ 141 1.2 christos __P((struct request_info *)); 142 1.2 christos extern char *eval_hostname /* printable hostname */ 143 1.2 christos __P((struct host_info *)); 144 1.2 christos extern char *eval_hostaddr /* printable host address */ 145 1.2 christos __P((struct host_info *)); 146 1.2 christos extern char *eval_hostinfo /* host name or address */ 147 1.2 christos __P((struct host_info *)); 148 1.2 christos extern char *eval_client /* whatever is available */ 149 1.2 christos __P((struct request_info *)); 150 1.2 christos extern char *eval_server /* whatever is available */ 151 1.2 christos __P((struct request_info *)); 152 1.1 mrg #define eval_daemon(r) ((r)->daemon) /* daemon process name */ 153 1.1 mrg #define eval_pid(r) ((r)->pid) /* process id */ 154 1.1 mrg 155 1.1 mrg /* Socket-specific methods, including DNS hostname lookups. */ 156 1.1 mrg 157 1.2 christos extern void sock_host /* look up endpoint addresses */ 158 1.2 christos __P((struct request_info *)); 159 1.2 christos extern void sock_hostname /* translate address to hostname */ 160 1.2 christos __P((struct host_info *)); 161 1.2 christos extern void sock_hostaddr /* address to printable address */ 162 1.2 christos __P((struct host_info *)); 163 1.1 mrg #define sock_methods(r) \ 164 1.1 mrg { (r)->hostname = sock_hostname; (r)->hostaddr = sock_hostaddr; } 165 1.1 mrg 166 1.1 mrg /* The System V Transport-Level Interface (TLI) interface. */ 167 1.1 mrg 168 1.1 mrg #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT) 169 1.2 christos extern void tli_host /* look up endpoint addresses etc. */ 170 1.2 christos __P((struct request_info *)); 171 1.1 mrg #endif 172 1.1 mrg 173 1.1 mrg /* 174 1.1 mrg * Problem reporting interface. Additional file/line context is reported 175 1.1 mrg * when available. The jump buffer (tcpd_buf) is not declared here, or 176 1.1 mrg * everyone would have to include <setjmp.h>. 177 1.1 mrg */ 178 1.1 mrg 179 1.2 christos extern void tcpd_warn /* report problem and proceed */ 180 1.2 christos __P((char *, ...)); 181 1.2 christos extern void tcpd_jump /* report problem and jump */ 182 1.2 christos __P((char *, ...)); 183 1.4.2.1 he __END_DECLS 184 1.1 mrg 185 1.1 mrg struct tcpd_context { 186 1.1 mrg char *file; /* current file */ 187 1.1 mrg int line; /* current line */ 188 1.1 mrg }; 189 1.4.2.1 he __BEGIN_DECLS 190 1.1 mrg extern struct tcpd_context tcpd_context; 191 1.4.2.1 he __END_DECLS 192 1.1 mrg 193 1.1 mrg /* 194 1.1 mrg * While processing access control rules, error conditions are handled by 195 1.1 mrg * jumping back into the hosts_access() routine. This is cleaner than 196 1.1 mrg * checking the return value of each and every silly little function. The 197 1.1 mrg * (-1) returns are here because zero is already taken by longjmp(). 198 1.1 mrg */ 199 1.1 mrg 200 1.1 mrg #define AC_PERMIT 1 /* permit access */ 201 1.1 mrg #define AC_DENY (-1) /* deny_access */ 202 1.1 mrg #define AC_ERROR AC_DENY /* XXX */ 203 1.1 mrg 204 1.1 mrg /* 205 1.1 mrg * In verification mode an option function should just say what it would do, 206 1.1 mrg * instead of really doing it. An option function that would not return 207 1.1 mrg * should clear the dry_run flag to inform the caller of this unusual 208 1.1 mrg * behavior. 209 1.1 mrg */ 210 1.1 mrg 211 1.4.2.1 he __BEGIN_DECLS 212 1.2 christos extern void process_options /* execute options */ 213 1.2 christos __P((char *, struct request_info *)); 214 1.1 mrg extern int dry_run; /* verification flag */ 215 1.2 christos extern void fix_options /* get rid of IP-level socket options */ 216 1.2 christos __P((struct request_info *)); 217 1.1 mrg /* Bug workarounds. */ 218 1.1 mrg 219 1.1 mrg #ifdef INET_ADDR_BUG /* inet_addr() returns struct */ 220 1.1 mrg #define inet_addr fix_inet_addr 221 1.2 christos extern long fix_inet_addr __P((char *)); 222 1.1 mrg #endif 223 1.1 mrg 224 1.1 mrg #ifdef BROKEN_FGETS /* partial reads from sockets */ 225 1.1 mrg #define fgets fix_fgets 226 1.2 christos extern char *fix_fgets __P((char *, int, FILE *)); 227 1.1 mrg #endif 228 1.1 mrg 229 1.1 mrg #ifdef RECVFROM_BUG /* no address family info */ 230 1.1 mrg #define recvfrom fix_recvfrom 231 1.2 christos extern int fix_recvfrom __P((int, char *, int, int, struct sockaddr *, int *)); 232 1.1 mrg #endif 233 1.1 mrg 234 1.1 mrg #ifdef GETPEERNAME_BUG /* claims success with UDP */ 235 1.4 christos #include <sys/socket.h> /* XXX serious hack! */ 236 1.1 mrg #define getpeername fix_getpeername 237 1.2 christos extern int fix_getpeername __P((int, struct sockaddr *, int *)); 238 1.1 mrg #endif 239 1.1 mrg 240 1.1 mrg #ifdef SOLARIS_24_GETHOSTBYNAME_BUG /* lists addresses as aliases */ 241 1.1 mrg #define gethostbyname fix_gethostbyname 242 1.2 christos extern struct hostent *fix_gethostbyname __P((char *)); 243 1.1 mrg #endif 244 1.1 mrg 245 1.1 mrg #ifdef USE_STRSEP /* libc calls strtok() */ 246 1.1 mrg #define strtok fix_strtok 247 1.2 christos extern char *fix_strtok __P((char *, char *)); 248 1.1 mrg #endif 249 1.1 mrg 250 1.1 mrg #ifdef LIBC_CALLS_STRTOK /* libc calls strtok() */ 251 1.1 mrg #define strtok my_strtok 252 1.2 christos extern char *my_strtok __P((char *, char *)); 253 1.1 mrg #endif 254 1.4.2.1 he __END_DECLS 255
Indexes created Fri Sep 26 08:10:20 GMT 2025