Remove building with NOCRYPTO option
[minix3.git] / lib / libwrap / tcpd.h
blob58a44a0d2f3bf6a1030e4039bc420f2d68170a31
1 /* $NetBSD: tcpd.h,v 1.14 2012/03/22 22:59:43 joerg Exp $ */
2 /*
3 * @(#) tcpd.h 1.5 96/03/19 16:22:24
4 *
5 * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
6 */
8 #include <sys/cdefs.h>
9 #include <stdio.h>
11 /* Structure to describe one communications endpoint. */
13 #define STRING_LENGTH 128 /* hosts, users, processes */
15 struct host_info {
16 char name[STRING_LENGTH]; /* access via eval_hostname(host) */
17 char addr[STRING_LENGTH]; /* access via eval_hostaddr(host) */
18 struct sockaddr *sin; /* socket address or 0 */
19 struct t_unitdata *unit; /* TLI transport address or 0 */
20 struct request_info *request; /* for shared information */
23 /* Structure to describe what we know about a service request. */
25 struct request_info {
26 int fd; /* socket handle */
27 char user[STRING_LENGTH]; /* access via eval_user(request) */
28 char daemon[STRING_LENGTH]; /* access via eval_daemon(request) */
29 char pid[10]; /* access via eval_pid(request) */
30 struct host_info client[1]; /* client endpoint info */
31 struct host_info server[1]; /* server endpoint info */
32 void (*sink)(int); /* datagram sink function or 0 */
33 void (*hostname)(struct host_info *); /* address to printable hostname */
34 void (*hostaddr)(struct host_info *); /* address to printable address */
35 void (*cleanup)(void); /* cleanup function or 0 */
36 struct netconfig *config; /* netdir handle */
39 /* Common string operations. Less clutter should be more readable. */
41 #define STRN_CPY(d,s,l) { strncpy((d),(s),(l)); (d)[(l)-1] = 0; }
43 #define STRN_EQ(x,y,l) (strncasecmp((x),(y),(l)) == 0)
44 #define STRN_NE(x,y,l) (strncasecmp((x),(y),(l)) != 0)
45 #define STR_EQ(x,y) (strcasecmp((x),(y)) == 0)
46 #define STR_NE(x,y) (strcasecmp((x),(y)) != 0)
49 * Initially, all above strings have the empty value. Information that
50 * cannot be determined at runtime is set to "unknown", so that we can
51 * distinguish between `unavailable' and `not yet looked up'. A hostname
52 * that we do not believe in is set to "paranoid".
55 #define STRING_UNKNOWN "unknown" /* lookup failed */
56 #define STRING_PARANOID "paranoid" /* hostname conflict */
58 __BEGIN_DECLS
59 extern char unknown[];
60 extern char paranoid[];
61 __END_DECLS
63 #define HOSTNAME_KNOWN(s) (STR_NE((s),unknown) && STR_NE((s),paranoid))
65 #define NOT_INADDR(s) (s[strspn(s,"01234567890./")] != 0)
67 /* Global functions. */
69 __BEGIN_DECLS
70 #define fromhost sock_host /* no TLI support needed */
72 extern int hosts_access /* access control */
73 (struct request_info *);
74 extern int hosts_ctl /* limited interface to hosts_access */
75 (char *, char *, char *, char *);
76 extern void shell_cmd /* execute shell command */
77 (char *);
78 extern char *percent_x /* do %<char> expansion */
79 (char *, int, char *, struct request_info *);
80 extern void rfc931 /* client name from RFC 931 daemon */
81 (struct sockaddr *, struct sockaddr *, char *);
82 __dead extern void clean_exit /* clean up and exit */
83 (struct request_info *);
84 __dead extern void refuse /* clean up and exit */
85 (struct request_info *);
86 extern char *xgets /* fgets() on steroids */
87 (char *, int, FILE *);
88 extern char *split_at /* strchr() and split */
89 (char *, int);
90 extern int dot_quad_addr /* restricted inet_aton() */
91 (char *, unsigned long *);
93 /* Global variables. */
95 extern int allow_severity; /* for connection logging */
96 extern int deny_severity; /* for connection logging */
97 extern const char *hosts_allow_table; /* for verification mode redirection */
98 extern const char *hosts_deny_table; /* for verification mode redirection */
99 extern int hosts_access_verbose; /* for verbose matching mode */
100 extern int rfc931_timeout; /* user lookup timeout */
101 extern int resident; /* > 0 if resident process */
104 * Routines for controlled initialization and update of request structure
105 * attributes. Each attribute has its own key.
108 extern struct request_info *request_init /* initialize request */
109 (struct request_info *,...);
110 extern struct request_info *request_set /* update request structure */
111 (struct request_info *,...);
113 #define RQ_FILE 1 /* file descriptor */
114 #define RQ_DAEMON 2 /* server process (argv[0]) */
115 #define RQ_USER 3 /* client user name */
116 #define RQ_CLIENT_NAME 4 /* client host name */
117 #define RQ_CLIENT_ADDR 5 /* client host address */
118 #define RQ_CLIENT_SIN 6 /* client endpoint (internal) */
119 #define RQ_SERVER_NAME 7 /* server host name */
120 #define RQ_SERVER_ADDR 8 /* server host address */
121 #define RQ_SERVER_SIN 9 /* server endpoint (internal) */
124 * Routines for delayed evaluation of request attributes. Each attribute
125 * type has its own access method. The trivial ones are implemented by
126 * macros. The other ones are wrappers around the transport-specific host
127 * name, address, and client user lookup methods. The request_info and
128 * host_info structures serve as caches for the lookup results.
131 extern char *eval_user /* client user */
132 (struct request_info *);
133 extern char *eval_hostname /* printable hostname */
134 (struct host_info *);
135 extern char *eval_hostaddr /* printable host address */
136 (struct host_info *);
137 extern char *eval_hostinfo /* host name or address */
138 (struct host_info *);
139 extern char *eval_client /* whatever is available */
140 (struct request_info *);
141 extern char *eval_server /* whatever is available */
142 (struct request_info *);
143 #define eval_daemon(r) ((r)->daemon) /* daemon process name */
144 #define eval_pid(r) ((r)->pid) /* process id */
146 /* Socket-specific methods, including DNS hostname lookups. */
148 extern void sock_host /* look up endpoint addresses */
149 (struct request_info *);
150 extern void sock_hostname /* translate address to hostname */
151 (struct host_info *);
152 extern void sock_hostaddr /* address to printable address */
153 (struct host_info *);
154 #define sock_methods(r) \
155 { (r)->hostname = sock_hostname; (r)->hostaddr = sock_hostaddr; }
157 /* The System V Transport-Level Interface (TLI) interface. */
159 #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
160 extern void tli_host /* look up endpoint addresses etc. */
161 (struct request_info *);
162 #endif
165 * Problem reporting interface. Additional file/line context is reported
166 * when available. The jump buffer (tcpd_buf) is not declared here, or
167 * everyone would have to include <setjmp.h>.
170 /* Report problem and proceed */
171 void tcpd_warn(const char *, ...) __printflike(1, 2);
173 /* Report problem and jump */
174 void tcpd_jump(const char *, ...) __dead __printflike(1, 2);
175 __END_DECLS
177 struct tcpd_context {
178 const char *file; /* current file */
179 int line; /* current line */
181 __BEGIN_DECLS
182 extern struct tcpd_context tcpd_context;
183 __END_DECLS
186 * While processing access control rules, error conditions are handled by
187 * jumping back into the hosts_access() routine. This is cleaner than
188 * checking the return value of each and every silly little function. The
189 * (-1) returns are here because zero is already taken by longjmp().
192 #define AC_PERMIT 1 /* permit access */
193 #define AC_DENY (-1) /* deny_access */
194 #define AC_ERROR AC_DENY /* XXX */
197 * In verification mode an option function should just say what it would do,
198 * instead of really doing it. An option function that would not return
199 * should clear the dry_run flag to inform the caller of this unusual
200 * behavior.
203 __BEGIN_DECLS
204 extern void process_options /* execute options */
205 (char *, struct request_info *);
206 extern int dry_run; /* verification flag */
207 extern void fix_options /* get rid of IP-level socket options */
208 (struct request_info *);
209 __END_DECLS