tcpd.h revision 1.8
1 /* $NetBSD: tcpd.h,v 1.8 1999/08/31 13:58:58 itojun Exp $ */ 2 /* 3 * @(#) tcpd.h 1.5 96/03/19 16:22:24 4 * 5 * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. 6 */ 7 8 /* Structure to describe one communications endpoint. */ 9 10 #define STRING_LENGTH 128 /* hosts, users, processes */ 11 12 struct host_info { 13 char name[STRING_LENGTH]; /* access via eval_hostname(host) */ 14 char addr[STRING_LENGTH]; /* access via eval_hostaddr(host) */ 15 struct sockaddr *sin; /* socket address or 0 */ 16 struct t_unitdata *unit; /* TLI transport address or 0 */ 17 struct request_info *request; /* for shared information */ 18 }; 19 20 /* Structure to describe what we know about a service request. */ 21 22 struct request_info { 23 int fd; /* socket handle */ 24 char user[STRING_LENGTH]; /* access via eval_user(request) */ 25 char daemon[STRING_LENGTH]; /* access via eval_daemon(request) */ 26 char pid[10]; /* access via eval_pid(request) */ 27 struct host_info client[1]; /* client endpoint info */ 28 struct host_info server[1]; /* server endpoint info */ 29 void (*sink) /* datagram sink function or 0 */ 30 __P((int)); 31 void (*hostname) /* address to printable hostname */ 32 __P((struct host_info *)); 33 void (*hostaddr) /* address to printable address */ 34 __P((struct host_info *)); 35 void (*cleanup) /* cleanup function or 0 */ 36 __P((void)); 37 struct netconfig *config; /* netdir handle */ 38 }; 39 40 /* Common string operations. Less clutter should be more readable. */ 41 42 #define STRN_CPY(d,s,l) { strncpy((d),(s),(l)); (d)[(l)-1] = 0; } 43 44 #define STRN_EQ(x,y,l) (strncasecmp((x),(y),(l)) == 0) 45 #define STRN_NE(x,y,l) (strncasecmp((x),(y),(l)) != 0) 46 #define STR_EQ(x,y) (strcasecmp((x),(y)) == 0) 47 #define STR_NE(x,y) (strcasecmp((x),(y)) != 0) 48 49 /* 50 * Initially, all above strings have the empty value. Information that 51 * cannot be determined at runtime is set to "unknown", so that we can 52 * distinguish between `unavailable' and `not yet looked up'. A hostname 53 * that we do not believe in is set to "paranoid". 54 */ 55 56 #define STRING_UNKNOWN "unknown" /* lookup failed */ 57 #define STRING_PARANOID "paranoid" /* hostname conflict */ 58 59 extern char unknown[]; 60 extern char paranoid[]; 61 62 #define HOSTNAME_KNOWN(s) (STR_NE((s),unknown) && STR_NE((s),paranoid)) 63 64 #define NOT_INADDR(s) (s[strspn(s,"01234567890./")] != 0) 65 66 /* Global functions. */ 67 68 #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT) 69 extern void fromhost /* get/validate client host info */ 70 __P((struct request_info *)); 71 #else 72 #define fromhost sock_host /* no TLI support needed */ 73 #endif 74 75 extern int hosts_access /* access control */ 76 __P((struct request_info *)); 77 extern int hosts_ctl /* limited interface to hosts_access */ 78 __P((char *, char *, char *, char *)); 79 extern void shell_cmd /* execute shell command */ 80 __P((char *)); 81 extern char *percent_x /* do %<char> expansion */ 82 __P((char *, int, char *, struct request_info *)); 83 extern void rfc931 /* client name from RFC 931 daemon */ 84 __P((struct sockaddr *, struct sockaddr *, char *)); 85 extern void clean_exit /* clean up and exit */ 86 __P((struct request_info *)); 87 extern void refuse /* clean up and exit */ 88 __P((struct request_info *)); 89 extern char *xgets /* fgets() on steroids */ 90 __P((char *, int, FILE *)); 91 extern char *split_at /* strchr() and split */ 92 __P((char *, int)); 93 extern int dot_quad_addr /* restricted inet_aton() */ 94 __P((char *, unsigned long *)); 95 96 /* Global variables. */ 97 98 extern int allow_severity; /* for connection logging */ 99 extern int deny_severity; /* for connection logging */ 100 extern char *hosts_allow_table; /* for verification mode redirection */ 101 extern char *hosts_deny_table; /* for verification mode redirection */ 102 extern int hosts_access_verbose; /* for verbose matching mode */ 103 extern int rfc931_timeout; /* user lookup timeout */ 104 extern int resident; /* > 0 if resident process */ 105 106 /* 107 * Routines for controlled initialization and update of request structure 108 * attributes. Each attribute has its own key. 109 */ 110 111 extern struct request_info *request_init /* initialize request */ 112 __P((struct request_info *,...)); 113 extern struct request_info *request_set /* update request structure */ 114 __P((struct request_info *,...)); 115 116 #define RQ_FILE 1 /* file descriptor */ 117 #define RQ_DAEMON 2 /* server process (argv[0]) */ 118 #define RQ_USER 3 /* client user name */ 119 #define RQ_CLIENT_NAME 4 /* client host name */ 120 #define RQ_CLIENT_ADDR 5 /* client host address */ 121 #define RQ_CLIENT_SIN 6 /* client endpoint (internal) */ 122 #define RQ_SERVER_NAME 7 /* server host name */ 123 #define RQ_SERVER_ADDR 8 /* server host address */ 124 #define RQ_SERVER_SIN 9 /* server endpoint (internal) */ 125 126 /* 127 * Routines for delayed evaluation of request attributes. Each attribute 128 * type has its own access method. The trivial ones are implemented by 129 * macros. The other ones are wrappers around the transport-specific host 130 * name, address, and client user lookup methods. The request_info and 131 * host_info structures serve as caches for the lookup results. 132 */ 133 134 extern char *eval_user /* client user */ 135 __P((struct request_info *)); 136 extern char *eval_hostname /* printable hostname */ 137 __P((struct host_info *)); 138 extern char *eval_hostaddr /* printable host address */ 139 __P((struct host_info *)); 140 extern char *eval_hostinfo /* host name or address */ 141 __P((struct host_info *)); 142 extern char *eval_client /* whatever is available */ 143 __P((struct request_info *)); 144 extern char *eval_server /* whatever is available */ 145 __P((struct request_info *)); 146 #define eval_daemon(r) ((r)->daemon) /* daemon process name */ 147 #define eval_pid(r) ((r)->pid) /* process id */ 148 149 /* Socket-specific methods, including DNS hostname lookups. */ 150 151 extern void sock_host /* look up endpoint addresses */ 152 __P((struct request_info *)); 153 extern void sock_hostname /* translate address to hostname */ 154 __P((struct host_info *)); 155 extern void sock_hostaddr /* address to printable address */ 156 __P((struct host_info *)); 157 #define sock_methods(r) \ 158 { (r)->hostname = sock_hostname; (r)->hostaddr = sock_hostaddr; } 159 160 /* The System V Transport-Level Interface (TLI) interface. */ 161 162 #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT) 163 extern void tli_host /* look up endpoint addresses etc. */ 164 __P((struct request_info *)); 165 #endif 166 167 /* 168 * Problem reporting interface. Additional file/line context is reported 169 * when available. The jump buffer (tcpd_buf) is not declared here, or 170 * everyone would have to include <setjmp.h>. 171 */ 172 173 extern void tcpd_warn /* report problem and proceed */ 174 __P((char *, ...)); 175 extern void tcpd_jump /* report problem and jump */ 176 __P((char *, ...)); 177 178 struct tcpd_context { 179 char *file; /* current file */ 180 int line; /* current line */ 181 }; 182 extern struct tcpd_context tcpd_context; 183 184 /* 185 * While processing access control rules, error conditions are handled by 186 * jumping back into the hosts_access() routine. This is cleaner than 187 * checking the return value of each and every silly little function. The 188 * (-1) returns are here because zero is already taken by longjmp(). 189 */ 190 191 #define AC_PERMIT 1 /* permit access */ 192 #define AC_DENY (-1) /* deny_access */ 193 #define AC_ERROR AC_DENY /* XXX */ 194 195 /* 196 * In verification mode an option function should just say what it would do, 197 * instead of really doing it. An option function that would not return 198 * should clear the dry_run flag to inform the caller of this unusual 199 * behavior. 200 */ 201 202 extern void process_options /* execute options */ 203 __P((char *, struct request_info *)); 204 extern int dry_run; /* verification flag */ 205 extern void fix_options /* get rid of IP-level socket options */ 206 __P((struct request_info *)); 207 /* Bug workarounds. */ 208 209 #ifdef INET_ADDR_BUG /* inet_addr() returns struct */ 210 #define inet_addr fix_inet_addr 211 extern long fix_inet_addr __P((char *)); 212 #endif 213 214 #ifdef BROKEN_FGETS /* partial reads from sockets */ 215 #define fgets fix_fgets 216 extern char *fix_fgets __P((char *, int, FILE *)); 217 #endif 218 219 #ifdef RECVFROM_BUG /* no address family info */ 220 #define recvfrom fix_recvfrom 221 extern int fix_recvfrom __P((int, char *, int, int, struct sockaddr *, int *)); 222 #endif 223 224 #ifdef GETPEERNAME_BUG /* claims success with UDP */ 225 #include <sys/socket.h> /* XXX serious hack! */ 226 #define getpeername fix_getpeername 227 extern int fix_getpeername __P((int, struct sockaddr *, int *)); 228 #endif 229 230 #ifdef SOLARIS_24_GETHOSTBYNAME_BUG /* lists addresses as aliases */ 231 #define gethostbyname fix_gethostbyname 232 extern struct hostent *fix_gethostbyname __P((char *)); 233 #endif 234 235 #ifdef USE_STRSEP /* libc calls strtok() */ 236 #define strtok fix_strtok 237 extern char *fix_strtok __P((char *, char *)); 238 #endif 239 240 #ifdef LIBC_CALLS_STRTOK /* libc calls strtok() */ 241 #define strtok my_strtok 242 extern char *my_strtok __P((char *, char *)); 243 #endif 244
Indexes created Sun Sep 21 20:09:37 GMT 2025