tcpd.h revision 1.9
1 /* $NetBSD: tcpd.h,v 1.9 2000/02/05 19:14:57 danw Exp $ */ 2 /* 3 * @(#) tcpd.h 1.5 96/03/19 16:22:24 4 * 5 * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. 6 */ 7 8 #include <stdio.h> 9 10 /* Structure to describe one communications endpoint. */ 11 12 #define STRING_LENGTH 128 /* hosts, users, processes */ 13 14 struct host_info { 15 char name[STRING_LENGTH]; /* access via eval_hostname(host) */ 16 char addr[STRING_LENGTH]; /* access via eval_hostaddr(host) */ 17 struct sockaddr *sin; /* socket address or 0 */ 18 struct t_unitdata *unit; /* TLI transport address or 0 */ 19 struct request_info *request; /* for shared information */ 20 }; 21 22 /* Structure to describe what we know about a service request. */ 23 24 struct request_info { 25 int fd; /* socket handle */ 26 char user[STRING_LENGTH]; /* access via eval_user(request) */ 27 char daemon[STRING_LENGTH]; /* access via eval_daemon(request) */ 28 char pid[10]; /* access via eval_pid(request) */ 29 struct host_info client[1]; /* client endpoint info */ 30 struct host_info server[1]; /* server endpoint info */ 31 void (*sink) /* datagram sink function or 0 */ 32 __P((int)); 33 void (*hostname) /* address to printable hostname */ 34 __P((struct host_info *)); 35 void (*hostaddr) /* address to printable address */ 36 __P((struct host_info *)); 37 void (*cleanup) /* cleanup function or 0 */ 38 __P((void)); 39 struct netconfig *config; /* netdir handle */ 40 }; 41 42 /* Common string operations. Less clutter should be more readable. */ 43 44 #define STRN_CPY(d,s,l) { strncpy((d),(s),(l)); (d)[(l)-1] = 0; } 45 46 #define STRN_EQ(x,y,l) (strncasecmp((x),(y),(l)) == 0) 47 #define STRN_NE(x,y,l) (strncasecmp((x),(y),(l)) != 0) 48 #define STR_EQ(x,y) (strcasecmp((x),(y)) == 0) 49 #define STR_NE(x,y) (strcasecmp((x),(y)) != 0) 50 51 /* 52 * Initially, all above strings have the empty value. Information that 53 * cannot be determined at runtime is set to "unknown", so that we can 54 * distinguish between `unavailable' and `not yet looked up'. A hostname 55 * that we do not believe in is set to "paranoid". 56 */ 57 58 #define STRING_UNKNOWN "unknown" /* lookup failed */ 59 #define STRING_PARANOID "paranoid" /* hostname conflict */ 60 61 extern char unknown[]; 62 extern char paranoid[]; 63 64 #define HOSTNAME_KNOWN(s) (STR_NE((s),unknown) && STR_NE((s),paranoid)) 65 66 #define NOT_INADDR(s) (s[strspn(s,"01234567890./")] != 0) 67 68 /* Global functions. */ 69 70 #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT) 71 extern void fromhost /* get/validate client host info */ 72 __P((struct request_info *)); 73 #else 74 #define fromhost sock_host /* no TLI support needed */ 75 #endif 76 77 extern int hosts_access /* access control */ 78 __P((struct request_info *)); 79 extern int hosts_ctl /* limited interface to hosts_access */ 80 __P((char *, char *, char *, char *)); 81 extern void shell_cmd /* execute shell command */ 82 __P((char *)); 83 extern char *percent_x /* do %<char> expansion */ 84 __P((char *, int, char *, struct request_info *)); 85 extern void rfc931 /* client name from RFC 931 daemon */ 86 __P((struct sockaddr *, struct sockaddr *, char *)); 87 extern void clean_exit /* clean up and exit */ 88 __P((struct request_info *)); 89 extern void refuse /* clean up and exit */ 90 __P((struct request_info *)); 91 extern char *xgets /* fgets() on steroids */ 92 __P((char *, int, FILE *)); 93 extern char *split_at /* strchr() and split */ 94 __P((char *, int)); 95 extern int dot_quad_addr /* restricted inet_aton() */ 96 __P((char *, unsigned long *)); 97 98 /* Global variables. */ 99 100 extern int allow_severity; /* for connection logging */ 101 extern int deny_severity; /* for connection logging */ 102 extern char *hosts_allow_table; /* for verification mode redirection */ 103 extern char *hosts_deny_table; /* for verification mode redirection */ 104 extern int hosts_access_verbose; /* for verbose matching mode */ 105 extern int rfc931_timeout; /* user lookup timeout */ 106 extern int resident; /* > 0 if resident process */ 107 108 /* 109 * Routines for controlled initialization and update of request structure 110 * attributes. Each attribute has its own key. 111 */ 112 113 extern struct request_info *request_init /* initialize request */ 114 __P((struct request_info *,...)); 115 extern struct request_info *request_set /* update request structure */ 116 __P((struct request_info *,...)); 117 118 #define RQ_FILE 1 /* file descriptor */ 119 #define RQ_DAEMON 2 /* server process (argv[0]) */ 120 #define RQ_USER 3 /* client user name */ 121 #define RQ_CLIENT_NAME 4 /* client host name */ 122 #define RQ_CLIENT_ADDR 5 /* client host address */ 123 #define RQ_CLIENT_SIN 6 /* client endpoint (internal) */ 124 #define RQ_SERVER_NAME 7 /* server host name */ 125 #define RQ_SERVER_ADDR 8 /* server host address */ 126 #define RQ_SERVER_SIN 9 /* server endpoint (internal) */ 127 128 /* 129 * Routines for delayed evaluation of request attributes. Each attribute 130 * type has its own access method. The trivial ones are implemented by 131 * macros. The other ones are wrappers around the transport-specific host 132 * name, address, and client user lookup methods. The request_info and 133 * host_info structures serve as caches for the lookup results. 134 */ 135 136 extern char *eval_user /* client user */ 137 __P((struct request_info *)); 138 extern char *eval_hostname /* printable hostname */ 139 __P((struct host_info *)); 140 extern char *eval_hostaddr /* printable host address */ 141 __P((struct host_info *)); 142 extern char *eval_hostinfo /* host name or address */ 143 __P((struct host_info *)); 144 extern char *eval_client /* whatever is available */ 145 __P((struct request_info *)); 146 extern char *eval_server /* whatever is available */ 147 __P((struct request_info *)); 148 #define eval_daemon(r) ((r)->daemon) /* daemon process name */ 149 #define eval_pid(r) ((r)->pid) /* process id */ 150 151 /* Socket-specific methods, including DNS hostname lookups. */ 152 153 extern void sock_host /* look up endpoint addresses */ 154 __P((struct request_info *)); 155 extern void sock_hostname /* translate address to hostname */ 156 __P((struct host_info *)); 157 extern void sock_hostaddr /* address to printable address */ 158 __P((struct host_info *)); 159 #define sock_methods(r) \ 160 { (r)->hostname = sock_hostname; (r)->hostaddr = sock_hostaddr; } 161 162 /* The System V Transport-Level Interface (TLI) interface. */ 163 164 #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT) 165 extern void tli_host /* look up endpoint addresses etc. */ 166 __P((struct request_info *)); 167 #endif 168 169 /* 170 * Problem reporting interface. Additional file/line context is reported 171 * when available. The jump buffer (tcpd_buf) is not declared here, or 172 * everyone would have to include <setjmp.h>. 173 */ 174 175 extern void tcpd_warn /* report problem and proceed */ 176 __P((char *, ...)); 177 extern void tcpd_jump /* report problem and jump */ 178 __P((char *, ...)); 179 180 struct tcpd_context { 181 char *file; /* current file */ 182 int line; /* current line */ 183 }; 184 extern struct tcpd_context tcpd_context; 185 186 /* 187 * While processing access control rules, error conditions are handled by 188 * jumping back into the hosts_access() routine. This is cleaner than 189 * checking the return value of each and every silly little function. The 190 * (-1) returns are here because zero is already taken by longjmp(). 191 */ 192 193 #define AC_PERMIT 1 /* permit access */ 194 #define AC_DENY (-1) /* deny_access */ 195 #define AC_ERROR AC_DENY /* XXX */ 196 197 /* 198 * In verification mode an option function should just say what it would do, 199 * instead of really doing it. An option function that would not return 200 * should clear the dry_run flag to inform the caller of this unusual 201 * behavior. 202 */ 203 204 extern void process_options /* execute options */ 205 __P((char *, struct request_info *)); 206 extern int dry_run; /* verification flag */ 207 extern void fix_options /* get rid of IP-level socket options */ 208 __P((struct request_info *)); 209 /* Bug workarounds. */ 210 211 #ifdef INET_ADDR_BUG /* inet_addr() returns struct */ 212 #define inet_addr fix_inet_addr 213 extern long fix_inet_addr __P((char *)); 214 #endif 215 216 #ifdef BROKEN_FGETS /* partial reads from sockets */ 217 #define fgets fix_fgets 218 extern char *fix_fgets __P((char *, int, FILE *)); 219 #endif 220 221 #ifdef RECVFROM_BUG /* no address family info */ 222 #define recvfrom fix_recvfrom 223 extern int fix_recvfrom __P((int, char *, int, int, struct sockaddr *, int *)); 224 #endif 225 226 #ifdef GETPEERNAME_BUG /* claims success with UDP */ 227 #include <sys/socket.h> /* XXX serious hack! */ 228 #define getpeername fix_getpeername 229 extern int fix_getpeername __P((int, struct sockaddr *, int *)); 230 #endif 231 232 #ifdef SOLARIS_24_GETHOSTBYNAME_BUG /* lists addresses as aliases */ 233 #define gethostbyname fix_gethostbyname 234 extern struct hostent *fix_gethostbyname __P((char *)); 235 #endif 236 237 #ifdef USE_STRSEP /* libc calls strtok() */ 238 #define strtok fix_strtok 239 extern char *fix_strtok __P((char *, char *)); 240 #endif 241 242 #ifdef LIBC_CALLS_STRTOK /* libc calls strtok() */ 243 #define strtok my_strtok 244 extern char *my_strtok __P((char *, char *)); 245 #endif 246
Indexes created Tue Sep 23 02:09:52 GMT 2025