xref: /dragonfly/contrib/tcp_wrappers/tcpd.h (revision a351117dd3913cb9ec3bd35b18ecaa78ddbd0d5e)
1  /*
2   * @(#) tcpd.h 1.5 96/03/19 16:22:24
3   *
4   * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
5   *
6   * $FreeBSD: src/contrib/tcp_wrappers/tcpd.h,v 1.2 2000/02/03 10:26:59 shin Exp $
7   */
8 
9 #ifndef _LIBWRAP_TCPD_H
10 #define _LIBWRAP_TCPD_H
11 
12 #include <sys/cdefs.h>
13 #include <sys/socket.h>
14 #include <stdio.h>
15 
16 /* Structure to describe one communications endpoint. */
17 
18 #define STRING_LENGTH         128                 /* hosts, users, processes */
19 
20 struct host_info {
21     char    name[STRING_LENGTH];        /* access via eval_hostname(host) */
22     char    addr[STRING_LENGTH];        /* access via eval_hostaddr(host) */
23 #ifdef INET6
24     struct sockaddr *sin;               /* socket address or 0 */
25 #else
26     struct sockaddr_in *sin;            /* socket address or 0 */
27 #endif
28     struct t_unitdata *unit;            /* TLI transport address or 0 */
29     struct request_info *request;       /* for shared information */
30 };
31 
32 /* Structure to describe what we know about a service request. */
33 
34 struct request_info {
35     int     fd;                                   /* socket handle */
36     char    user[STRING_LENGTH];        /* access via eval_user(request) */
37     char    daemon[STRING_LENGTH];      /* access via eval_daemon(request) */
38     char    pid[10];                              /* access via eval_pid(request) */
39     struct host_info client[1];                   /* client endpoint info */
40     struct host_info server[1];                   /* server endpoint info */
41     void  (*sink) (int);                /* datagram sink function or 0 */
42     void  (*hostname)                             /* address to printable hostname */
43             (struct host_info *);
44     void  (*hostaddr)                             /* address to printable address */
45             (struct host_info *);
46     void  (*cleanup) (void);            /* cleanup function or 0 */
47     struct netconfig *config;           /* netdir handle */
48 };
49 
50 /* Common string operations. Less clutter should be more readable. */
51 
52 #define STRN_CPY(d,s,l)       { strncpy((d),(s),(l)); (d)[(l)-1] = 0; }
53 
54 #define STRN_EQ(x,y,l)        (strncasecmp((x),(y),(l)) == 0)
55 #define STRN_NE(x,y,l)        (strncasecmp((x),(y),(l)) != 0)
56 #define STR_EQ(x,y) (strcasecmp((x),(y)) == 0)
57 #define STR_NE(x,y) (strcasecmp((x),(y)) != 0)
58 
59  /*
60   * Initially, all above strings have the empty value. Information that
61   * cannot be determined at runtime is set to "unknown", so that we can
62   * distinguish between `unavailable' and `not yet looked up'. A hostname
63   * that we do not believe in is set to "paranoid".
64   */
65 
66 #define STRING_UNKNOWN        "unknown" /* lookup failed */
67 #define STRING_PARANOID       "paranoid"          /* hostname conflict */
68 
69 __BEGIN_DECLS
70 extern char unknown[];
71 extern char paranoid[];
72 __END_DECLS
73 
74 #define HOSTNAME_KNOWN(s) (STR_NE((s),unknown) && STR_NE((s),paranoid))
75 
76 #define NOT_INADDR(s) (s[strspn(s,"01234567890./")] != 0)
77 
78 /* Global functions. */
79 
80 __BEGIN_DECLS
81 #define fromhost sock_host
82 
83 int                 hosts_access(struct request_info *);/* access control */
84 int                 hosts_ctl(char *, char *, char *, char *);/* limited interface to the hosts_access() routine */
85 void                shell_cmd(char *);            /* execute shell command */
86 char                *percent_x(char *, int, char *, struct request_info *);/* do %<char> expansion */
87 void                rfc931(struct sockaddr *, struct sockaddr *, char *);/* client name from RFC 931 daemon */
88 void                clean_exit(struct request_info *);/* clean up and exit */
89 void                refuse(struct request_info *);          /* clean up and exit */
90 char                *xgets(char *, int, FILE *);  /* fgets() on steroids */
91 char                *split_at(char *, int);                 /* strchr() and split */
92 unsigned long       dot_quad_addr(char *);                  /* restricted inet_addr() */
93 
94 /* Global variables. */
95 
96 extern int allow_severity;              /* for connection logging */
97 extern int deny_severity;               /* for connection logging */
98 extern char *hosts_allow_table;                   /* for verification mode redirection */
99 extern char *hosts_deny_table;                    /* for verification mode redirection */
100 extern int hosts_access_verbose;        /* for verbose matching mode */
101 extern int rfc931_timeout;              /* user lookup timeout */
102 extern int resident;                              /* > 0 if resident process */
103 
104  /*
105   * Routines for controlled initialization and update of request structure
106   * attributes. Each attribute has its own key.
107   */
108 
109 struct request_info *request_init(struct request_info *,...);/* initialize request */
110 struct request_info *request_set(struct request_info *,...);/* update request structure */
111 
112 #define RQ_FILE               1                   /* file descriptor */
113 #define RQ_DAEMON   2                   /* server process (argv[0]) */
114 #define RQ_USER               3                   /* client user name */
115 #define RQ_CLIENT_NAME        4                   /* client host name */
116 #define RQ_CLIENT_ADDR        5                   /* client host address */
117 #define RQ_CLIENT_SIN         6                   /* client endpoint (internal) */
118 #define RQ_SERVER_NAME        7                   /* server host name */
119 #define RQ_SERVER_ADDR        8                   /* server host address */
120 #define RQ_SERVER_SIN         9                   /* server endpoint (internal) */
121 
122  /*
123   * Routines for delayed evaluation of request attributes. Each attribute
124   * type has its own access method. The trivial ones are implemented by
125   * macros. The other ones are wrappers around the transport-specific host
126   * name, address, and client user lookup methods. The request_info and
127   * host_info structures serve as caches for the lookup results.
128   */
129 
130 char      *eval_user(struct request_info *);      /* client user */
131 char      *eval_hostname(struct host_info *);     /* printable hostname */
132 char      *eval_hostaddr(struct host_info *);     /* printable host address */
133 char      *eval_hostinfo(struct host_info *);     /* host name or address */
134 char      *eval_client(struct request_info *);    /* whatever is available */
135 char      *eval_server(struct request_info *);    /* whatever is available */
136 #define eval_daemon(r)        ((r)->daemon)       /* daemon process name */
137 #define eval_pid(r) ((r)->pid)          /* process id */
138 
139 /* Socket-specific methods, including DNS hostname lookups. */
140 
141 void      sock_host(struct request_info *);       /* look up endpoint addresses */
142 void      sock_hostname(struct host_info *);      /* translate address to hostname */
143 void      sock_hostaddr(struct host_info *);      /* address to printable address */
144 #define sock_methods(r) \
145           { (r)->hostname = sock_hostname; (r)->hostaddr = sock_hostaddr; }
146 
147  /*
148   * Problem reporting interface. Additional file/line context is reported
149   * when available. The jump buffer (tcpd_buf) is not declared here, or
150   * everyone would have to include <setjmp.h>.
151   */
152 
153 void      tcpd_warn(const char *, ...) __printflike(1, 2);/* report problem and proceed */
154 void      tcpd_jump(const char *, ...) __printflike(1, 2) __dead2;/* report problem and jump */
155 __END_DECLS
156 
157 struct tcpd_context {
158     char   *file;                       /* current file */
159     int     line;                       /* current line */
160 };
161 __BEGIN_DECLS
162 extern struct tcpd_context tcpd_context;
163 __END_DECLS
164 
165  /*
166   * While processing access control rules, error conditions are handled by
167   * jumping back into the hosts_access() routine. This is cleaner than
168   * checking the return value of each and every silly little function. The
169   * (-1) returns are here because zero is already taken by longjmp().
170   */
171 
172 #define AC_PERMIT   1                   /* permit access */
173 #define AC_DENY               (-1)                /* deny_access */
174 #define AC_ERROR    AC_DENY             /* XXX */
175 
176 __BEGIN_DECLS
177  /*
178   * In verification mode an option function should just say what it would do,
179   * instead of really doing it. An option function that would not return
180   * should clear the dry_run flag to inform the caller of this unusual
181   * behavior.
182   */
183 
184 void      process_options(char *, struct request_info *);   /* execute options */
185 void      fix_options(struct request_info *);               /* get rid of IP-level socket options */
186 
187 extern int dry_run;                     /* verification flag */
188 __END_DECLS
189 
190 #endif    /* !_LIBWRAP_TCPD_H */
191