1 | /* |
---|
2 | * @(#) tcpd.h 1.5 96/03/19 16:22:24 |
---|
3 | * |
---|
4 | * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. |
---|
5 | */ |
---|
6 | |
---|
7 | /* Structure to describe one communications endpoint. */ |
---|
8 | |
---|
9 | #define STRING_LENGTH 128 /* hosts, users, processes */ |
---|
10 | |
---|
11 | struct host_info { |
---|
12 | char name[STRING_LENGTH]; /* access via eval_hostname(host) */ |
---|
13 | char addr[STRING_LENGTH]; /* access via eval_hostaddr(host) */ |
---|
14 | struct sockaddr_in *sin; /* socket address or 0 */ |
---|
15 | struct t_unitdata *unit; /* TLI transport address or 0 */ |
---|
16 | struct request_info *request; /* for shared information */ |
---|
17 | }; |
---|
18 | |
---|
19 | /* Structure to describe what we know about a service request. */ |
---|
20 | |
---|
21 | struct request_info { |
---|
22 | int fd; /* socket handle */ |
---|
23 | char user[STRING_LENGTH]; /* access via eval_user(request) */ |
---|
24 | char daemon[STRING_LENGTH]; /* access via eval_daemon(request) */ |
---|
25 | char pid[10]; /* access via eval_pid(request) */ |
---|
26 | struct host_info client[1]; /* client endpoint info */ |
---|
27 | struct host_info server[1]; /* server endpoint info */ |
---|
28 | void (*sink) (); /* datagram sink function or 0 */ |
---|
29 | void (*hostname) (); /* address to printable hostname */ |
---|
30 | void (*hostaddr) (); /* address to printable address */ |
---|
31 | void (*cleanup) (); /* cleanup function or 0 */ |
---|
32 | struct netconfig *config; /* netdir handle */ |
---|
33 | }; |
---|
34 | |
---|
35 | /* Common string operations. Less clutter should be more readable. */ |
---|
36 | |
---|
37 | #define STRN_CPY(d,s,l) { strncpy((d),(s),(l)); (d)[(l)-1] = 0; } |
---|
38 | |
---|
39 | #define STRN_EQ(x,y,l) (strncasecmp((x),(y),(l)) == 0) |
---|
40 | #define STRN_NE(x,y,l) (strncasecmp((x),(y),(l)) != 0) |
---|
41 | #define STR_EQ(x,y) (strcasecmp((x),(y)) == 0) |
---|
42 | #define STR_NE(x,y) (strcasecmp((x),(y)) != 0) |
---|
43 | |
---|
44 | /* |
---|
45 | * Initially, all above strings have the empty value. Information that |
---|
46 | * cannot be determined at runtime is set to "unknown", so that we can |
---|
47 | * distinguish between `unavailable' and `not yet looked up'. A hostname |
---|
48 | * that we do not believe in is set to "paranoid". |
---|
49 | */ |
---|
50 | |
---|
51 | #define STRING_UNKNOWN "unknown" /* lookup failed */ |
---|
52 | #define STRING_PARANOID "paranoid" /* hostname conflict */ |
---|
53 | |
---|
54 | extern char unknown[]; |
---|
55 | extern char paranoid[]; |
---|
56 | |
---|
57 | #define HOSTNAME_KNOWN(s) (STR_NE((s),unknown) && STR_NE((s),paranoid)) |
---|
58 | |
---|
59 | #define NOT_INADDR(s) (s[strspn(s,"01234567890./")] != 0) |
---|
60 | |
---|
61 | /* Global functions. */ |
---|
62 | |
---|
63 | #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT) |
---|
64 | extern void fromhost(); /* get/validate client host info */ |
---|
65 | #else |
---|
66 | #define fromhost sock_host /* no TLI support needed */ |
---|
67 | #endif |
---|
68 | |
---|
69 | extern int hosts_access(); /* access control */ |
---|
70 | extern void shell_cmd(); /* execute shell command */ |
---|
71 | extern char *percent_x(); /* do %<char> expansion */ |
---|
72 | extern void rfc931(); /* client name from RFC 931 daemon */ |
---|
73 | extern void clean_exit(); /* clean up and exit */ |
---|
74 | extern void refuse(); /* clean up and exit */ |
---|
75 | extern char *xgets(); /* fgets() on steroids */ |
---|
76 | extern char *split_at(); /* strchr() and split */ |
---|
77 | extern unsigned long dot_quad_addr(); /* restricted inet_addr() */ |
---|
78 | |
---|
79 | /* Global variables. */ |
---|
80 | |
---|
81 | extern int allow_severity; /* for connection logging */ |
---|
82 | extern int deny_severity; /* for connection logging */ |
---|
83 | extern char *hosts_allow_table; /* for verification mode redirection */ |
---|
84 | extern char *hosts_deny_table; /* for verification mode redirection */ |
---|
85 | extern int hosts_access_verbose; /* for verbose matching mode */ |
---|
86 | extern int rfc931_timeout; /* user lookup timeout */ |
---|
87 | extern int resident; /* > 0 if resident process */ |
---|
88 | |
---|
89 | /* |
---|
90 | * Routines for controlled initialization and update of request structure |
---|
91 | * attributes. Each attribute has its own key. |
---|
92 | */ |
---|
93 | |
---|
94 | #ifdef __STDC__ |
---|
95 | extern struct request_info *request_init(struct request_info *,...); |
---|
96 | extern struct request_info *request_set(struct request_info *,...); |
---|
97 | #else |
---|
98 | extern struct request_info *request_init(); /* initialize request */ |
---|
99 | extern struct request_info *request_set(); /* update request structure */ |
---|
100 | #endif |
---|
101 | |
---|
102 | #define RQ_FILE 1 /* file descriptor */ |
---|
103 | #define RQ_DAEMON 2 /* server process (argv[0]) */ |
---|
104 | #define RQ_USER 3 /* client user name */ |
---|
105 | #define RQ_CLIENT_NAME 4 /* client host name */ |
---|
106 | #define RQ_CLIENT_ADDR 5 /* client host address */ |
---|
107 | #define RQ_CLIENT_SIN 6 /* client endpoint (internal) */ |
---|
108 | #define RQ_SERVER_NAME 7 /* server host name */ |
---|
109 | #define RQ_SERVER_ADDR 8 /* server host address */ |
---|
110 | #define RQ_SERVER_SIN 9 /* server endpoint (internal) */ |
---|
111 | |
---|
112 | /* |
---|
113 | * Routines for delayed evaluation of request attributes. Each attribute |
---|
114 | * type has its own access method. The trivial ones are implemented by |
---|
115 | * macros. The other ones are wrappers around the transport-specific host |
---|
116 | * name, address, and client user lookup methods. The request_info and |
---|
117 | * host_info structures serve as caches for the lookup results. |
---|
118 | */ |
---|
119 | |
---|
120 | extern char *eval_user(); /* client user */ |
---|
121 | extern char *eval_hostname(); /* printable hostname */ |
---|
122 | extern char *eval_hostaddr(); /* printable host address */ |
---|
123 | extern char *eval_hostinfo(); /* host name or address */ |
---|
124 | extern char *eval_client(); /* whatever is available */ |
---|
125 | extern char *eval_server(); /* whatever is available */ |
---|
126 | #define eval_daemon(r) ((r)->daemon) /* daemon process name */ |
---|
127 | #define eval_pid(r) ((r)->pid) /* process id */ |
---|
128 | |
---|
129 | /* Socket-specific methods, including DNS hostname lookups. */ |
---|
130 | |
---|
131 | extern void sock_host(); /* look up endpoint addresses */ |
---|
132 | extern void sock_hostname(); /* translate address to hostname */ |
---|
133 | extern void sock_hostaddr(); /* address to printable address */ |
---|
134 | #define sock_methods(r) \ |
---|
135 | { (r)->hostname = sock_hostname; (r)->hostaddr = sock_hostaddr; } |
---|
136 | |
---|
137 | /* The System V Transport-Level Interface (TLI) interface. */ |
---|
138 | |
---|
139 | #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT) |
---|
140 | extern void tli_host(); /* look up endpoint addresses etc. */ |
---|
141 | #endif |
---|
142 | |
---|
143 | /* |
---|
144 | * Problem reporting interface. Additional file/line context is reported |
---|
145 | * when available. The jump buffer (tcpd_buf) is not declared here, or |
---|
146 | * everyone would have to include <setjmp.h>. |
---|
147 | */ |
---|
148 | |
---|
149 | #ifdef __STDC__ |
---|
150 | extern void tcpd_warn(char *, ...); /* report problem and proceed */ |
---|
151 | extern void tcpd_jump(char *, ...); /* report problem and jump */ |
---|
152 | #else |
---|
153 | extern void tcpd_warn(); |
---|
154 | extern void tcpd_jump(); |
---|
155 | #endif |
---|
156 | |
---|
157 | struct tcpd_context { |
---|
158 | char *file; /* current file */ |
---|
159 | int line; /* current line */ |
---|
160 | }; |
---|
161 | extern struct tcpd_context tcpd_context; |
---|
162 | |
---|
163 | /* |
---|
164 | * While processing access control rules, error conditions are handled by |
---|
165 | * jumping back into the hosts_access() routine. This is cleaner than |
---|
166 | * checking the return value of each and every silly little function. The |
---|
167 | * (-1) returns are here because zero is already taken by longjmp(). |
---|
168 | */ |
---|
169 | |
---|
170 | #define AC_PERMIT 1 /* permit access */ |
---|
171 | #define AC_DENY (-1) /* deny_access */ |
---|
172 | #define AC_ERROR AC_DENY /* XXX */ |
---|
173 | |
---|
174 | /* |
---|
175 | * In verification mode an option function should just say what it would do, |
---|
176 | * instead of really doing it. An option function that would not return |
---|
177 | * should clear the dry_run flag to inform the caller of this unusual |
---|
178 | * behavior. |
---|
179 | */ |
---|
180 | |
---|
181 | extern void process_options(); /* execute options */ |
---|
182 | extern int dry_run; /* verification flag */ |
---|
183 | |
---|
184 | /* Bug workarounds. */ |
---|
185 | |
---|
186 | #ifdef INET_ADDR_BUG /* inet_addr() returns struct */ |
---|
187 | #define inet_addr fix_inet_addr |
---|
188 | extern long fix_inet_addr(); |
---|
189 | #endif |
---|
190 | |
---|
191 | #ifdef BROKEN_FGETS /* partial reads from sockets */ |
---|
192 | #define fgets fix_fgets |
---|
193 | extern char *fix_fgets(); |
---|
194 | #endif |
---|
195 | |
---|
196 | #ifdef RECVFROM_BUG /* no address family info */ |
---|
197 | #define recvfrom fix_recvfrom |
---|
198 | extern int fix_recvfrom(); |
---|
199 | #endif |
---|
200 | |
---|
201 | #ifdef GETPEERNAME_BUG /* claims success with UDP */ |
---|
202 | #define getpeername fix_getpeername |
---|
203 | extern int fix_getpeername(); |
---|
204 | #endif |
---|
205 | |
---|
206 | #ifdef SOLARIS_24_GETHOSTBYNAME_BUG /* lists addresses as aliases */ |
---|
207 | #define gethostbyname fix_gethostbyname |
---|
208 | extern struct hostent *fix_gethostbyname(); |
---|
209 | #endif |
---|
210 | |
---|
211 | #ifdef USE_STRSEP /* libc calls strtok() */ |
---|
212 | #define strtok fix_strtok |
---|
213 | extern char *fix_strtok(); |
---|
214 | #endif |
---|
215 | |
---|
216 | #ifdef LIBC_CALLS_STRTOK /* libc calls strtok() */ |
---|
217 | #define strtok my_strtok |
---|
218 | extern char *my_strtok(); |
---|
219 | #endif |
---|