12aef6930SMark Murray /* 22aef6930SMark Murray * @(#) tcpd.h 1.5 96/03/19 16:22:24 32aef6930SMark Murray * 42aef6930SMark Murray * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. 58053080cSYoshinobu Inoue * 68053080cSYoshinobu Inoue * $FreeBSD$ 72aef6930SMark Murray */ 82aef6930SMark Murray 9fd3e9b38SDimitry Andric #ifdef INET6 10fd3e9b38SDimitry Andric #define TCPD_SOCKADDR struct sockaddr 11fd3e9b38SDimitry Andric #else 12fd3e9b38SDimitry Andric #define TCPD_SOCKADDR struct sockaddr_in 13fd3e9b38SDimitry Andric #endif 14fd3e9b38SDimitry Andric 15dba092b1SDimitry Andric #ifndef _STDFILE_DECLARED 16dba092b1SDimitry Andric #define _STDFILE_DECLARED 17dba092b1SDimitry Andric typedef struct __sFILE FILE; 18dba092b1SDimitry Andric #endif 19dba092b1SDimitry Andric 202aef6930SMark Murray /* Structure to describe one communications endpoint. */ 212aef6930SMark Murray 222aef6930SMark Murray #define STRING_LENGTH 128 /* hosts, users, processes */ 232aef6930SMark Murray 242aef6930SMark Murray struct host_info { 252aef6930SMark Murray char name[STRING_LENGTH]; /* access via eval_hostname(host) */ 262aef6930SMark Murray char addr[STRING_LENGTH]; /* access via eval_hostaddr(host) */ 27fd3e9b38SDimitry Andric TCPD_SOCKADDR *sin; /* socket address or 0 */ 282aef6930SMark Murray struct t_unitdata *unit; /* TLI transport address or 0 */ 292aef6930SMark Murray struct request_info *request; /* for shared information */ 302aef6930SMark Murray }; 312aef6930SMark Murray 322aef6930SMark Murray /* Structure to describe what we know about a service request. */ 332aef6930SMark Murray 342aef6930SMark Murray struct request_info { 352aef6930SMark Murray int fd; /* socket handle */ 362aef6930SMark Murray char user[STRING_LENGTH]; /* access via eval_user(request) */ 372aef6930SMark Murray char daemon[STRING_LENGTH]; /* access via eval_daemon(request) */ 382aef6930SMark Murray char pid[10]; /* access via eval_pid(request) */ 392aef6930SMark Murray struct host_info client[1]; /* client endpoint info */ 402aef6930SMark Murray struct host_info server[1]; /* server endpoint info */ 41b1f8be40SPedro F. Giffuni void (*sink) (int); /* datagram sink function or 0 */ 42b1f8be40SPedro F. Giffuni void (*hostname) (struct host_info *); /* address to printable hostname */ 43b1f8be40SPedro F. Giffuni void (*hostaddr) (struct host_info *); /* address to printable address */ 44b1f8be40SPedro F. Giffuni void (*cleanup) (struct request_info *); /* cleanup function or 0 */ 452aef6930SMark Murray struct netconfig *config; /* netdir handle */ 462aef6930SMark Murray }; 472aef6930SMark Murray 482aef6930SMark Murray /* Common string operations. Less clutter should be more readable. */ 492aef6930SMark Murray 502aef6930SMark Murray #define STRN_CPY(d,s,l) { strncpy((d),(s),(l)); (d)[(l)-1] = 0; } 512aef6930SMark Murray 522aef6930SMark Murray #define STRN_EQ(x,y,l) (strncasecmp((x),(y),(l)) == 0) 532aef6930SMark Murray #define STRN_NE(x,y,l) (strncasecmp((x),(y),(l)) != 0) 542aef6930SMark Murray #define STR_EQ(x,y) (strcasecmp((x),(y)) == 0) 552aef6930SMark Murray #define STR_NE(x,y) (strcasecmp((x),(y)) != 0) 562aef6930SMark Murray 572aef6930SMark Murray /* 582aef6930SMark Murray * Initially, all above strings have the empty value. Information that 592aef6930SMark Murray * cannot be determined at runtime is set to "unknown", so that we can 602aef6930SMark Murray * distinguish between `unavailable' and `not yet looked up'. A hostname 612aef6930SMark Murray * that we do not believe in is set to "paranoid". 622aef6930SMark Murray */ 632aef6930SMark Murray 642aef6930SMark Murray #define STRING_UNKNOWN "unknown" /* lookup failed */ 652aef6930SMark Murray #define STRING_PARANOID "paranoid" /* hostname conflict */ 662aef6930SMark Murray 672aef6930SMark Murray extern char unknown[]; 682aef6930SMark Murray extern char paranoid[]; 692aef6930SMark Murray 702aef6930SMark Murray #define HOSTNAME_KNOWN(s) (STR_NE((s),unknown) && STR_NE((s),paranoid)) 712aef6930SMark Murray 722aef6930SMark Murray #define NOT_INADDR(s) (s[strspn(s,"01234567890./")] != 0) 73*1d9722deSGleb Smirnoff #define NOT_INADDR6(s) (strchr(s, ':') == NULL) 742aef6930SMark Murray 752aef6930SMark Murray /* Global functions. */ 762aef6930SMark Murray 772aef6930SMark Murray #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT) 788da8161bSDimitry Andric void fromhost(struct request_info *); /* get/validate client host info */ 792aef6930SMark Murray #else 802aef6930SMark Murray #define fromhost sock_host /* no TLI support needed */ 812aef6930SMark Murray #endif 822aef6930SMark Murray 838da8161bSDimitry Andric int hosts_access(struct request_info *); /* access control */ 848da8161bSDimitry Andric int hosts_ctl(char *, char *, char *, char *); /* wrapper around request_init() */ 858da8161bSDimitry Andric void shell_cmd(char *); /* execute shell command */ 868da8161bSDimitry Andric char *percent_x(char *, int, char *, struct request_info *); /* do %<char> expansion */ 878da8161bSDimitry Andric void rfc931(TCPD_SOCKADDR *, TCPD_SOCKADDR *, char *); /* client name from RFC 931 daemon */ 888da8161bSDimitry Andric void clean_exit(struct request_info *); /* clean up and exit */ 898da8161bSDimitry Andric void refuse(struct request_info *); /* clean up and exit */ 908da8161bSDimitry Andric char *xgets(char *, int, FILE *); /* fgets() on steroids */ 91fd3e9b38SDimitry Andric 928da8161bSDimitry Andric char *split_at(char *, int); /* strchr() and split */ 938da8161bSDimitry Andric unsigned long dot_quad_addr(char *); /* restricted inet_addr() */ 942aef6930SMark Murray 952aef6930SMark Murray /* Global variables. */ 962aef6930SMark Murray 972aef6930SMark Murray extern int allow_severity; /* for connection logging */ 982aef6930SMark Murray extern int deny_severity; /* for connection logging */ 992aef6930SMark Murray extern char *hosts_allow_table; /* for verification mode redirection */ 1002aef6930SMark Murray extern char *hosts_deny_table; /* for verification mode redirection */ 1012aef6930SMark Murray extern int hosts_access_verbose; /* for verbose matching mode */ 1022aef6930SMark Murray extern int rfc931_timeout; /* user lookup timeout */ 1032aef6930SMark Murray extern int resident; /* > 0 if resident process */ 1042aef6930SMark Murray 1052aef6930SMark Murray /* 1062aef6930SMark Murray * Routines for controlled initialization and update of request structure 1072aef6930SMark Murray * attributes. Each attribute has its own key. 1082aef6930SMark Murray */ 1092aef6930SMark Murray 1108da8161bSDimitry Andric struct request_info *request_init(struct request_info *,...); /* initialize request */ 1118da8161bSDimitry Andric struct request_info *request_set(struct request_info *,...); /* update request structure */ 1122aef6930SMark Murray 1132aef6930SMark Murray #define RQ_FILE 1 /* file descriptor */ 1142aef6930SMark Murray #define RQ_DAEMON 2 /* server process (argv[0]) */ 1152aef6930SMark Murray #define RQ_USER 3 /* client user name */ 1162aef6930SMark Murray #define RQ_CLIENT_NAME 4 /* client host name */ 1172aef6930SMark Murray #define RQ_CLIENT_ADDR 5 /* client host address */ 1182aef6930SMark Murray #define RQ_CLIENT_SIN 6 /* client endpoint (internal) */ 1192aef6930SMark Murray #define RQ_SERVER_NAME 7 /* server host name */ 1202aef6930SMark Murray #define RQ_SERVER_ADDR 8 /* server host address */ 1212aef6930SMark Murray #define RQ_SERVER_SIN 9 /* server endpoint (internal) */ 1222aef6930SMark Murray 1232aef6930SMark Murray /* 1242aef6930SMark Murray * Routines for delayed evaluation of request attributes. Each attribute 1252aef6930SMark Murray * type has its own access method. The trivial ones are implemented by 1262aef6930SMark Murray * macros. The other ones are wrappers around the transport-specific host 1272aef6930SMark Murray * name, address, and client user lookup methods. The request_info and 1282aef6930SMark Murray * host_info structures serve as caches for the lookup results. 1292aef6930SMark Murray */ 1302aef6930SMark Murray 1318da8161bSDimitry Andric char *eval_user(struct request_info *); /* client user */ 1328da8161bSDimitry Andric char *eval_hostname(struct host_info *); /* printable hostname */ 1338da8161bSDimitry Andric char *eval_hostaddr(struct host_info *); /* printable host address */ 1348da8161bSDimitry Andric char *eval_hostinfo(struct host_info *); /* host name or address */ 1358da8161bSDimitry Andric char *eval_client(struct request_info *); /* whatever is available */ 1368da8161bSDimitry Andric char *eval_server(struct request_info *); /* whatever is available */ 1372aef6930SMark Murray #define eval_daemon(r) ((r)->daemon) /* daemon process name */ 1382aef6930SMark Murray #define eval_pid(r) ((r)->pid) /* process id */ 1392aef6930SMark Murray 1402aef6930SMark Murray /* Socket-specific methods, including DNS hostname lookups. */ 1412aef6930SMark Murray 1428da8161bSDimitry Andric void sock_host(struct request_info *); /* look up endpoint addresses */ 1438da8161bSDimitry Andric void sock_hostname(struct host_info *); /* translate address to hostname */ 1448da8161bSDimitry Andric void sock_hostaddr(struct host_info *); /* address to printable address */ 1452aef6930SMark Murray #define sock_methods(r) \ 1462aef6930SMark Murray { (r)->hostname = sock_hostname; (r)->hostaddr = sock_hostaddr; } 1472aef6930SMark Murray 1482aef6930SMark Murray /* The System V Transport-Level Interface (TLI) interface. */ 1492aef6930SMark Murray 1502aef6930SMark Murray #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT) 1518da8161bSDimitry Andric void tli_host(struct request_info *); /* look up endpoint addresses etc. */ 1522aef6930SMark Murray #endif 1532aef6930SMark Murray 1542aef6930SMark Murray /* 1552aef6930SMark Murray * Problem reporting interface. Additional file/line context is reported 1562aef6930SMark Murray * when available. The jump buffer (tcpd_buf) is not declared here, or 1572aef6930SMark Murray * everyone would have to include <setjmp.h>. 1582aef6930SMark Murray */ 1592aef6930SMark Murray 1608da8161bSDimitry Andric void tcpd_warn(char *, ...); /* report problem and proceed */ 1618da8161bSDimitry Andric void tcpd_jump(char *, ...); /* report problem and jump */ 1622aef6930SMark Murray 1632aef6930SMark Murray struct tcpd_context { 1642aef6930SMark Murray char *file; /* current file */ 1652aef6930SMark Murray int line; /* current line */ 1662aef6930SMark Murray }; 1672aef6930SMark Murray extern struct tcpd_context tcpd_context; 1682aef6930SMark Murray 1692aef6930SMark Murray /* 1702aef6930SMark Murray * While processing access control rules, error conditions are handled by 1712aef6930SMark Murray * jumping back into the hosts_access() routine. This is cleaner than 1722aef6930SMark Murray * checking the return value of each and every silly little function. The 1732aef6930SMark Murray * (-1) returns are here because zero is already taken by longjmp(). 1742aef6930SMark Murray */ 1752aef6930SMark Murray 1762aef6930SMark Murray #define AC_PERMIT 1 /* permit access */ 1772aef6930SMark Murray #define AC_DENY (-1) /* deny_access */ 1782aef6930SMark Murray #define AC_ERROR AC_DENY /* XXX */ 1792aef6930SMark Murray 1802aef6930SMark Murray /* 1812aef6930SMark Murray * In verification mode an option function should just say what it would do, 1822aef6930SMark Murray * instead of really doing it. An option function that would not return 1832aef6930SMark Murray * should clear the dry_run flag to inform the caller of this unusual 1842aef6930SMark Murray * behavior. 1852aef6930SMark Murray */ 1862aef6930SMark Murray 1878da8161bSDimitry Andric void process_options(char *, struct request_info *); /* execute options */ 1882aef6930SMark Murray extern int dry_run; /* verification flag */ 1892aef6930SMark Murray 1902aef6930SMark Murray /* Bug workarounds. */ 1912aef6930SMark Murray 1922aef6930SMark Murray #ifdef INET_ADDR_BUG /* inet_addr() returns struct */ 1932aef6930SMark Murray #define inet_addr fix_inet_addr 1948da8161bSDimitry Andric long fix_inet_addr(char *); 1952aef6930SMark Murray #endif 1962aef6930SMark Murray 1972aef6930SMark Murray #ifdef BROKEN_FGETS /* partial reads from sockets */ 1982aef6930SMark Murray #define fgets fix_fgets 1998da8161bSDimitry Andric char *fix_fgets(char *, int, FILE *); 2002aef6930SMark Murray #endif 2012aef6930SMark Murray 2022aef6930SMark Murray #ifdef RECVFROM_BUG /* no address family info */ 2032aef6930SMark Murray #define recvfrom fix_recvfrom 2048da8161bSDimitry Andric int fix_recvfrom(int, char *, int, int, struct sockaddr *, int *); 2052aef6930SMark Murray #endif 2062aef6930SMark Murray 2072aef6930SMark Murray #ifdef GETPEERNAME_BUG /* claims success with UDP */ 2082aef6930SMark Murray #define getpeername fix_getpeername 2098da8161bSDimitry Andric int fix_getpeername(int, struct sockaddr *, int *); 2102aef6930SMark Murray #endif 2112aef6930SMark Murray 2122aef6930SMark Murray #ifdef SOLARIS_24_GETHOSTBYNAME_BUG /* lists addresses as aliases */ 2132aef6930SMark Murray #define gethostbyname fix_gethostbyname 2148da8161bSDimitry Andric struct hostent *fix_gethostbyname(char *); 2152aef6930SMark Murray #endif 2162aef6930SMark Murray 2172aef6930SMark Murray #ifdef USE_STRSEP /* libc calls strtok() */ 2182aef6930SMark Murray #define strtok fix_strtok 2198da8161bSDimitry Andric char *fix_strtok(char *, char *); 2202aef6930SMark Murray #endif 2212aef6930SMark Murray 2222aef6930SMark Murray #ifdef LIBC_CALLS_STRTOK /* libc calls strtok() */ 2232aef6930SMark Murray #define strtok my_strtok 2248da8161bSDimitry Andric char *my_strtok(char *, char *); 2252aef6930SMark Murray #endif 226