xref: /freebsd/contrib/tcp_wrappers/tcpd.h (revision 59c8e88e72633afbc47a4ace0d2170d00d51f7dc)
1  /*
2   * @(#) tcpd.h 1.5 96/03/19 16:22:24
3   *
4   * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
5   *
6   * $FreeBSD$
7   */
8 
9 #ifdef INET6
10 #define	TCPD_SOCKADDR struct sockaddr
11 #else
12 #define	TCPD_SOCKADDR struct sockaddr_in
13 #endif
14 
15 #ifndef _STDFILE_DECLARED
16 #define _STDFILE_DECLARED
17 typedef struct __sFILE FILE;
18 #endif
19 
20 /* Structure to describe one communications endpoint. */
21 
22 #define	STRING_LENGTH	128		/* hosts, users, processes */
23 
24 struct host_info {
25     char    name[STRING_LENGTH];	/* access via eval_hostname(host) */
26     char    addr[STRING_LENGTH];	/* access via eval_hostaddr(host) */
27     TCPD_SOCKADDR *sin;			/* socket address or 0 */
28     struct t_unitdata *unit;		/* TLI transport address or 0 */
29     struct request_info *request;	/* for shared information */
30 };
31 
32 /* Structure to describe what we know about a service request. */
33 
34 struct request_info {
35     int     fd;				/* socket handle */
36     char    user[STRING_LENGTH];	/* access via eval_user(request) */
37     char    daemon[STRING_LENGTH];	/* access via eval_daemon(request) */
38     char    pid[10];			/* access via eval_pid(request) */
39     struct host_info client[1];		/* client endpoint info */
40     struct host_info server[1];		/* server endpoint info */
41     void  (*sink) (int);		/* datagram sink function or 0 */
42     void  (*hostname) (struct host_info *); /* address to printable hostname */
43     void  (*hostaddr) (struct host_info *); /* address to printable address */
44     void  (*cleanup) (struct request_info *); /* cleanup function or 0 */
45     struct netconfig *config;		/* netdir handle */
46 };
47 
48 /* Common string operations. Less clutter should be more readable. */
49 
50 #define	STRN_CPY(d,s,l)	{ strncpy((d),(s),(l)); (d)[(l)-1] = 0; }
51 
52 #define	STRN_EQ(x,y,l)	(strncasecmp((x),(y),(l)) == 0)
53 #define	STRN_NE(x,y,l)	(strncasecmp((x),(y),(l)) != 0)
54 #define	STR_EQ(x,y)	(strcasecmp((x),(y)) == 0)
55 #define	STR_NE(x,y)	(strcasecmp((x),(y)) != 0)
56 
57  /*
58   * Initially, all above strings have the empty value. Information that
59   * cannot be determined at runtime is set to "unknown", so that we can
60   * distinguish between `unavailable' and `not yet looked up'. A hostname
61   * that we do not believe in is set to "paranoid".
62   */
63 
64 #define	STRING_UNKNOWN	"unknown"	/* lookup failed */
65 #define	STRING_PARANOID	"paranoid"	/* hostname conflict */
66 
67 extern char unknown[];
68 extern char paranoid[];
69 
70 #define	HOSTNAME_KNOWN(s) (STR_NE((s),unknown) && STR_NE((s),paranoid))
71 
72 #define	NOT_INADDR(s) (s[strspn(s,"01234567890./")] != 0)
73 #define	NOT_INADDR6(s) (strchr(s, ':') == NULL)
74 
75 /* Global functions. */
76 
77 #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
78 void fromhost(struct request_info *);	/* get/validate client host info */
79 #else
80 #define	fromhost sock_host		/* no TLI support needed */
81 #endif
82 
83 int hosts_access(struct request_info *);			/* access control */
84 int hosts_ctl(char *, char *, char *, char *);			/* wrapper around request_init() */
85 void shell_cmd(char *);						/* execute shell command */
86 char *percent_x(char *, int, char *, struct request_info *);	/* do %<char> expansion */
87 void rfc931(TCPD_SOCKADDR *, TCPD_SOCKADDR *, char *);		/* client name from RFC 931 daemon */
88 void clean_exit(struct request_info *);				/* clean up and exit */
89 void refuse(struct request_info *);				/* clean up and exit */
90 char *xgets(char *, int, FILE *);				/* fgets() on steroids */
91 
92 char *split_at(char *, int);					/* strchr() and split */
93 unsigned long dot_quad_addr(char *);				/* restricted inet_addr() */
94 
95 /* Global variables. */
96 
97 extern int allow_severity;		/* for connection logging */
98 extern int deny_severity;		/* for connection logging */
99 extern char *hosts_allow_table;		/* for verification mode redirection */
100 extern char *hosts_deny_table;		/* for verification mode redirection */
101 extern int hosts_access_verbose;	/* for verbose matching mode */
102 extern int rfc931_timeout;		/* user lookup timeout */
103 extern int resident;			/* > 0 if resident process */
104 
105  /*
106   * Routines for controlled initialization and update of request structure
107   * attributes. Each attribute has its own key.
108   */
109 
110 struct request_info *request_init(struct request_info *,...);	/* initialize request */
111 struct request_info *request_set(struct request_info *,...);	/* update request structure */
112 
113 #define	RQ_FILE		1		/* file descriptor */
114 #define	RQ_DAEMON	2		/* server process (argv[0]) */
115 #define	RQ_USER		3		/* client user name */
116 #define	RQ_CLIENT_NAME	4		/* client host name */
117 #define	RQ_CLIENT_ADDR	5		/* client host address */
118 #define	RQ_CLIENT_SIN	6		/* client endpoint (internal) */
119 #define	RQ_SERVER_NAME	7		/* server host name */
120 #define	RQ_SERVER_ADDR	8		/* server host address */
121 #define	RQ_SERVER_SIN	9		/* server endpoint (internal) */
122 
123  /*
124   * Routines for delayed evaluation of request attributes. Each attribute
125   * type has its own access method. The trivial ones are implemented by
126   * macros. The other ones are wrappers around the transport-specific host
127   * name, address, and client user lookup methods. The request_info and
128   * host_info structures serve as caches for the lookup results.
129   */
130 
131 char *eval_user(struct request_info *);		/* client user */
132 char *eval_hostname(struct host_info *);	/* printable hostname */
133 char *eval_hostaddr(struct host_info *);	/* printable host address */
134 char *eval_hostinfo(struct host_info *);	/* host name or address */
135 char *eval_client(struct request_info *);	/* whatever is available */
136 char *eval_server(struct request_info *);	/* whatever is available */
137 #define	eval_daemon(r)	((r)->daemon)	/* daemon process name */
138 #define	eval_pid(r)	((r)->pid)	/* process id */
139 
140 /* Socket-specific methods, including DNS hostname lookups. */
141 
142 void sock_host(struct request_info *);		/* look up endpoint addresses */
143 void sock_hostname(struct host_info *);		/* translate address to hostname */
144 void sock_hostaddr(struct host_info *);		/* address to printable address */
145 #define	sock_methods(r) \
146 	{ (r)->hostname = sock_hostname; (r)->hostaddr = sock_hostaddr; }
147 
148 /* The System V Transport-Level Interface (TLI) interface. */
149 
150 #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
151 void tli_host(struct request_info *);		/* look up endpoint addresses etc. */
152 #endif
153 
154  /*
155   * Problem reporting interface. Additional file/line context is reported
156   * when available. The jump buffer (tcpd_buf) is not declared here, or
157   * everyone would have to include <setjmp.h>.
158   */
159 
160 void tcpd_warn(char *, ...);		/* report problem and proceed */
161 void tcpd_jump(char *, ...);		/* report problem and jump */
162 
163 struct tcpd_context {
164     char   *file;			/* current file */
165     int     line;			/* current line */
166 };
167 extern struct tcpd_context tcpd_context;
168 
169  /*
170   * While processing access control rules, error conditions are handled by
171   * jumping back into the hosts_access() routine. This is cleaner than
172   * checking the return value of each and every silly little function. The
173   * (-1) returns are here because zero is already taken by longjmp().
174   */
175 
176 #define	AC_PERMIT	1		/* permit access */
177 #define	AC_DENY		(-1)		/* deny_access */
178 #define	AC_ERROR	AC_DENY		/* XXX */
179 
180  /*
181   * In verification mode an option function should just say what it would do,
182   * instead of really doing it. An option function that would not return
183   * should clear the dry_run flag to inform the caller of this unusual
184   * behavior.
185   */
186 
187 void process_options(char *, struct request_info *);	/* execute options */
188 extern int dry_run;					/* verification flag */
189 
190 /* Bug workarounds. */
191 
192 #ifdef INET_ADDR_BUG			/* inet_addr() returns struct */
193 #define	inet_addr fix_inet_addr
194 long fix_inet_addr(char *);
195 #endif
196 
197 #ifdef BROKEN_FGETS			/* partial reads from sockets */
198 #define	fgets fix_fgets
199 char *fix_fgets(char *, int, FILE *);
200 #endif
201 
202 #ifdef RECVFROM_BUG			/* no address family info */
203 #define	recvfrom fix_recvfrom
204 int fix_recvfrom(int, char *, int, int, struct sockaddr *, int *);
205 #endif
206 
207 #ifdef GETPEERNAME_BUG			/* claims success with UDP */
208 #define	getpeername fix_getpeername
209 int fix_getpeername(int, struct sockaddr *, int *);
210 #endif
211 
212 #ifdef SOLARIS_24_GETHOSTBYNAME_BUG	/* lists addresses as aliases */
213 #define	gethostbyname fix_gethostbyname
214 struct hostent *fix_gethostbyname(char *);
215 #endif
216 
217 #ifdef USE_STRSEP			/* libc calls strtok() */
218 #define	strtok	fix_strtok
219 char *fix_strtok(char *, char *);
220 #endif
221 
222 #ifdef LIBC_CALLS_STRTOK		/* libc calls strtok() */
223 #define	strtok	my_strtok
224 char *my_strtok(char *, char *);
225 #endif
226