xref: /freebsd/contrib/tcp_wrappers/tcpd.h (revision dba092b1097884ae8e928c9b5409a95d279d7f04)
12aef6930SMark Murray  /*
22aef6930SMark Murray   * @(#) tcpd.h 1.5 96/03/19 16:22:24
32aef6930SMark Murray   *
42aef6930SMark Murray   * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
58053080cSYoshinobu Inoue   *
68053080cSYoshinobu Inoue   * $FreeBSD$
72aef6930SMark Murray   */
82aef6930SMark Murray 
9fd3e9b38SDimitry Andric #ifdef INET6
10fd3e9b38SDimitry Andric #define	TCPD_SOCKADDR struct sockaddr
11fd3e9b38SDimitry Andric #else
12fd3e9b38SDimitry Andric #define	TCPD_SOCKADDR struct sockaddr_in
13fd3e9b38SDimitry Andric #endif
14fd3e9b38SDimitry Andric 
15*dba092b1SDimitry Andric #ifndef _STDFILE_DECLARED
16*dba092b1SDimitry Andric #define _STDFILE_DECLARED
17*dba092b1SDimitry Andric typedef struct __sFILE FILE;
18*dba092b1SDimitry Andric #endif
19*dba092b1SDimitry Andric 
202aef6930SMark Murray /* Structure to describe one communications endpoint. */
212aef6930SMark Murray 
222aef6930SMark Murray #define	STRING_LENGTH	128		/* hosts, users, processes */
232aef6930SMark Murray 
242aef6930SMark Murray struct host_info {
252aef6930SMark Murray     char    name[STRING_LENGTH];	/* access via eval_hostname(host) */
262aef6930SMark Murray     char    addr[STRING_LENGTH];	/* access via eval_hostaddr(host) */
27fd3e9b38SDimitry Andric     TCPD_SOCKADDR *sin;			/* socket address or 0 */
282aef6930SMark Murray     struct t_unitdata *unit;		/* TLI transport address or 0 */
292aef6930SMark Murray     struct request_info *request;	/* for shared information */
302aef6930SMark Murray };
312aef6930SMark Murray 
322aef6930SMark Murray /* Structure to describe what we know about a service request. */
332aef6930SMark Murray 
342aef6930SMark Murray struct request_info {
352aef6930SMark Murray     int     fd;				/* socket handle */
362aef6930SMark Murray     char    user[STRING_LENGTH];	/* access via eval_user(request) */
372aef6930SMark Murray     char    daemon[STRING_LENGTH];	/* access via eval_daemon(request) */
382aef6930SMark Murray     char    pid[10];			/* access via eval_pid(request) */
392aef6930SMark Murray     struct host_info client[1];		/* client endpoint info */
402aef6930SMark Murray     struct host_info server[1];		/* server endpoint info */
41b1f8be40SPedro F. Giffuni     void  (*sink) (int);		/* datagram sink function or 0 */
42b1f8be40SPedro F. Giffuni     void  (*hostname) (struct host_info *); /* address to printable hostname */
43b1f8be40SPedro F. Giffuni     void  (*hostaddr) (struct host_info *); /* address to printable address */
44b1f8be40SPedro F. Giffuni     void  (*cleanup) (struct request_info *); /* cleanup function or 0 */
452aef6930SMark Murray     struct netconfig *config;		/* netdir handle */
462aef6930SMark Murray };
472aef6930SMark Murray 
482aef6930SMark Murray /* Common string operations. Less clutter should be more readable. */
492aef6930SMark Murray 
502aef6930SMark Murray #define	STRN_CPY(d,s,l)	{ strncpy((d),(s),(l)); (d)[(l)-1] = 0; }
512aef6930SMark Murray 
522aef6930SMark Murray #define	STRN_EQ(x,y,l)	(strncasecmp((x),(y),(l)) == 0)
532aef6930SMark Murray #define	STRN_NE(x,y,l)	(strncasecmp((x),(y),(l)) != 0)
542aef6930SMark Murray #define	STR_EQ(x,y)	(strcasecmp((x),(y)) == 0)
552aef6930SMark Murray #define	STR_NE(x,y)	(strcasecmp((x),(y)) != 0)
562aef6930SMark Murray 
572aef6930SMark Murray  /*
582aef6930SMark Murray   * Initially, all above strings have the empty value. Information that
592aef6930SMark Murray   * cannot be determined at runtime is set to "unknown", so that we can
602aef6930SMark Murray   * distinguish between `unavailable' and `not yet looked up'. A hostname
612aef6930SMark Murray   * that we do not believe in is set to "paranoid".
622aef6930SMark Murray   */
632aef6930SMark Murray 
642aef6930SMark Murray #define	STRING_UNKNOWN	"unknown"	/* lookup failed */
652aef6930SMark Murray #define	STRING_PARANOID	"paranoid"	/* hostname conflict */
662aef6930SMark Murray 
672aef6930SMark Murray extern char unknown[];
682aef6930SMark Murray extern char paranoid[];
692aef6930SMark Murray 
702aef6930SMark Murray #define	HOSTNAME_KNOWN(s) (STR_NE((s),unknown) && STR_NE((s),paranoid))
712aef6930SMark Murray 
722aef6930SMark Murray #define	NOT_INADDR(s) (s[strspn(s,"01234567890./")] != 0)
732aef6930SMark Murray 
742aef6930SMark Murray /* Global functions. */
752aef6930SMark Murray 
762aef6930SMark Murray #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
778da8161bSDimitry Andric void fromhost(struct request_info *);	/* get/validate client host info */
782aef6930SMark Murray #else
792aef6930SMark Murray #define	fromhost sock_host		/* no TLI support needed */
802aef6930SMark Murray #endif
812aef6930SMark Murray 
828da8161bSDimitry Andric int hosts_access(struct request_info *);			/* access control */
838da8161bSDimitry Andric int hosts_ctl(char *, char *, char *, char *);			/* wrapper around request_init() */
848da8161bSDimitry Andric void shell_cmd(char *);						/* execute shell command */
858da8161bSDimitry Andric char *percent_x(char *, int, char *, struct request_info *);	/* do %<char> expansion */
868da8161bSDimitry Andric void rfc931(TCPD_SOCKADDR *, TCPD_SOCKADDR *, char *);		/* client name from RFC 931 daemon */
878da8161bSDimitry Andric void clean_exit(struct request_info *);				/* clean up and exit */
888da8161bSDimitry Andric void refuse(struct request_info *);				/* clean up and exit */
898da8161bSDimitry Andric char *xgets(char *, int, FILE *);				/* fgets() on steroids */
90fd3e9b38SDimitry Andric 
918da8161bSDimitry Andric char *split_at(char *, int);					/* strchr() and split */
928da8161bSDimitry Andric unsigned long dot_quad_addr(char *);				/* restricted inet_addr() */
932aef6930SMark Murray 
942aef6930SMark Murray /* Global variables. */
952aef6930SMark Murray 
962aef6930SMark Murray extern int allow_severity;		/* for connection logging */
972aef6930SMark Murray extern int deny_severity;		/* for connection logging */
982aef6930SMark Murray extern char *hosts_allow_table;		/* for verification mode redirection */
992aef6930SMark Murray extern char *hosts_deny_table;		/* for verification mode redirection */
1002aef6930SMark Murray extern int hosts_access_verbose;	/* for verbose matching mode */
1012aef6930SMark Murray extern int rfc931_timeout;		/* user lookup timeout */
1022aef6930SMark Murray extern int resident;			/* > 0 if resident process */
1032aef6930SMark Murray 
1042aef6930SMark Murray  /*
1052aef6930SMark Murray   * Routines for controlled initialization and update of request structure
1062aef6930SMark Murray   * attributes. Each attribute has its own key.
1072aef6930SMark Murray   */
1082aef6930SMark Murray 
1098da8161bSDimitry Andric struct request_info *request_init(struct request_info *,...);	/* initialize request */
1108da8161bSDimitry Andric struct request_info *request_set(struct request_info *,...);	/* update request structure */
1112aef6930SMark Murray 
1122aef6930SMark Murray #define	RQ_FILE		1		/* file descriptor */
1132aef6930SMark Murray #define	RQ_DAEMON	2		/* server process (argv[0]) */
1142aef6930SMark Murray #define	RQ_USER		3		/* client user name */
1152aef6930SMark Murray #define	RQ_CLIENT_NAME	4		/* client host name */
1162aef6930SMark Murray #define	RQ_CLIENT_ADDR	5		/* client host address */
1172aef6930SMark Murray #define	RQ_CLIENT_SIN	6		/* client endpoint (internal) */
1182aef6930SMark Murray #define	RQ_SERVER_NAME	7		/* server host name */
1192aef6930SMark Murray #define	RQ_SERVER_ADDR	8		/* server host address */
1202aef6930SMark Murray #define	RQ_SERVER_SIN	9		/* server endpoint (internal) */
1212aef6930SMark Murray 
1222aef6930SMark Murray  /*
1232aef6930SMark Murray   * Routines for delayed evaluation of request attributes. Each attribute
1242aef6930SMark Murray   * type has its own access method. The trivial ones are implemented by
1252aef6930SMark Murray   * macros. The other ones are wrappers around the transport-specific host
1262aef6930SMark Murray   * name, address, and client user lookup methods. The request_info and
1272aef6930SMark Murray   * host_info structures serve as caches for the lookup results.
1282aef6930SMark Murray   */
1292aef6930SMark Murray 
1308da8161bSDimitry Andric char *eval_user(struct request_info *);		/* client user */
1318da8161bSDimitry Andric char *eval_hostname(struct host_info *);	/* printable hostname */
1328da8161bSDimitry Andric char *eval_hostaddr(struct host_info *);	/* printable host address */
1338da8161bSDimitry Andric char *eval_hostinfo(struct host_info *);	/* host name or address */
1348da8161bSDimitry Andric char *eval_client(struct request_info *);	/* whatever is available */
1358da8161bSDimitry Andric char *eval_server(struct request_info *);	/* whatever is available */
1362aef6930SMark Murray #define	eval_daemon(r)	((r)->daemon)	/* daemon process name */
1372aef6930SMark Murray #define	eval_pid(r)	((r)->pid)	/* process id */
1382aef6930SMark Murray 
1392aef6930SMark Murray /* Socket-specific methods, including DNS hostname lookups. */
1402aef6930SMark Murray 
1418da8161bSDimitry Andric void sock_host(struct request_info *);		/* look up endpoint addresses */
1428da8161bSDimitry Andric void sock_hostname(struct host_info *);		/* translate address to hostname */
1438da8161bSDimitry Andric void sock_hostaddr(struct host_info *);		/* address to printable address */
1442aef6930SMark Murray #define	sock_methods(r) \
1452aef6930SMark Murray 	{ (r)->hostname = sock_hostname; (r)->hostaddr = sock_hostaddr; }
1462aef6930SMark Murray 
1472aef6930SMark Murray /* The System V Transport-Level Interface (TLI) interface. */
1482aef6930SMark Murray 
1492aef6930SMark Murray #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
1508da8161bSDimitry Andric void tli_host(struct request_info *);		/* look up endpoint addresses etc. */
1512aef6930SMark Murray #endif
1522aef6930SMark Murray 
1532aef6930SMark Murray  /*
1542aef6930SMark Murray   * Problem reporting interface. Additional file/line context is reported
1552aef6930SMark Murray   * when available. The jump buffer (tcpd_buf) is not declared here, or
1562aef6930SMark Murray   * everyone would have to include <setjmp.h>.
1572aef6930SMark Murray   */
1582aef6930SMark Murray 
1598da8161bSDimitry Andric void tcpd_warn(char *, ...);		/* report problem and proceed */
1608da8161bSDimitry Andric void tcpd_jump(char *, ...);		/* report problem and jump */
1612aef6930SMark Murray 
1622aef6930SMark Murray struct tcpd_context {
1632aef6930SMark Murray     char   *file;			/* current file */
1642aef6930SMark Murray     int     line;			/* current line */
1652aef6930SMark Murray };
1662aef6930SMark Murray extern struct tcpd_context tcpd_context;
1672aef6930SMark Murray 
1682aef6930SMark Murray  /*
1692aef6930SMark Murray   * While processing access control rules, error conditions are handled by
1702aef6930SMark Murray   * jumping back into the hosts_access() routine. This is cleaner than
1712aef6930SMark Murray   * checking the return value of each and every silly little function. The
1722aef6930SMark Murray   * (-1) returns are here because zero is already taken by longjmp().
1732aef6930SMark Murray   */
1742aef6930SMark Murray 
1752aef6930SMark Murray #define	AC_PERMIT	1		/* permit access */
1762aef6930SMark Murray #define	AC_DENY		(-1)		/* deny_access */
1772aef6930SMark Murray #define	AC_ERROR	AC_DENY		/* XXX */
1782aef6930SMark Murray 
1792aef6930SMark Murray  /*
1802aef6930SMark Murray   * In verification mode an option function should just say what it would do,
1812aef6930SMark Murray   * instead of really doing it. An option function that would not return
1822aef6930SMark Murray   * should clear the dry_run flag to inform the caller of this unusual
1832aef6930SMark Murray   * behavior.
1842aef6930SMark Murray   */
1852aef6930SMark Murray 
1868da8161bSDimitry Andric void process_options(char *, struct request_info *);	/* execute options */
1872aef6930SMark Murray extern int dry_run;					/* verification flag */
1882aef6930SMark Murray 
1892aef6930SMark Murray /* Bug workarounds. */
1902aef6930SMark Murray 
1912aef6930SMark Murray #ifdef INET_ADDR_BUG			/* inet_addr() returns struct */
1922aef6930SMark Murray #define	inet_addr fix_inet_addr
1938da8161bSDimitry Andric long fix_inet_addr(char *);
1942aef6930SMark Murray #endif
1952aef6930SMark Murray 
1962aef6930SMark Murray #ifdef BROKEN_FGETS			/* partial reads from sockets */
1972aef6930SMark Murray #define	fgets fix_fgets
1988da8161bSDimitry Andric char *fix_fgets(char *, int, FILE *);
1992aef6930SMark Murray #endif
2002aef6930SMark Murray 
2012aef6930SMark Murray #ifdef RECVFROM_BUG			/* no address family info */
2022aef6930SMark Murray #define	recvfrom fix_recvfrom
2038da8161bSDimitry Andric int fix_recvfrom(int, char *, int, int, struct sockaddr *, int *);
2042aef6930SMark Murray #endif
2052aef6930SMark Murray 
2062aef6930SMark Murray #ifdef GETPEERNAME_BUG			/* claims success with UDP */
2072aef6930SMark Murray #define	getpeername fix_getpeername
2088da8161bSDimitry Andric int fix_getpeername(int, struct sockaddr *, int *);
2092aef6930SMark Murray #endif
2102aef6930SMark Murray 
2112aef6930SMark Murray #ifdef SOLARIS_24_GETHOSTBYNAME_BUG	/* lists addresses as aliases */
2122aef6930SMark Murray #define	gethostbyname fix_gethostbyname
2138da8161bSDimitry Andric struct hostent *fix_gethostbyname(char *);
2142aef6930SMark Murray #endif
2152aef6930SMark Murray 
2162aef6930SMark Murray #ifdef USE_STRSEP			/* libc calls strtok() */
2172aef6930SMark Murray #define	strtok	fix_strtok
2188da8161bSDimitry Andric char *fix_strtok(char *, char *);
2192aef6930SMark Murray #endif
2202aef6930SMark Murray 
2212aef6930SMark Murray #ifdef LIBC_CALLS_STRTOK		/* libc calls strtok() */
2222aef6930SMark Murray #define	strtok	my_strtok
2238da8161bSDimitry Andric char *my_strtok(char *, char *);
2242aef6930SMark Murray #endif
225