1 /* $NetBSD: tcpd.h,v 1.11 2001/03/27 22:46:55 kleink Exp $ */
3 * @(#) tcpd.h 1.5 96/03/19 16:22:24
5 * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
11 /* Structure to describe one communications endpoint. */
13 #define STRING_LENGTH 128 /* hosts, users, processes */
16 char name
[STRING_LENGTH
]; /* access via eval_hostname(host) */
17 char addr
[STRING_LENGTH
]; /* access via eval_hostaddr(host) */
18 struct sockaddr
*sin
; /* socket address or 0 */
19 struct t_unitdata
*unit
; /* TLI transport address or 0 */
20 struct request_info
*request
; /* for shared information */
23 /* Structure to describe what we know about a service request. */
26 int fd
; /* socket handle */
27 char user
[STRING_LENGTH
]; /* access via eval_user(request) */
28 char daemon
[STRING_LENGTH
]; /* access via eval_daemon(request) */
29 char pid
[10]; /* access via eval_pid(request) */
30 struct host_info client
[1]; /* client endpoint info */
31 struct host_info server
[1]; /* server endpoint info */
32 void (*sink
) /* datagram sink function or 0 */
34 void (*hostname
) /* address to printable hostname */
35 __P((struct host_info
*));
36 void (*hostaddr
) /* address to printable address */
37 __P((struct host_info
*));
38 void (*cleanup
) /* cleanup function or 0 */
40 struct netconfig
*config
; /* netdir handle */
43 /* Common string operations. Less clutter should be more readable. */
45 #define STRN_CPY(d,s,l) { strncpy((d),(s),(l)); (d)[(l)-1] = 0; }
47 #define STRN_EQ(x,y,l) (strncasecmp((x),(y),(l)) == 0)
48 #define STRN_NE(x,y,l) (strncasecmp((x),(y),(l)) != 0)
49 #define STR_EQ(x,y) (strcasecmp((x),(y)) == 0)
50 #define STR_NE(x,y) (strcasecmp((x),(y)) != 0)
53 * Initially, all above strings have the empty value. Information that
54 * cannot be determined at runtime is set to "unknown", so that we can
55 * distinguish between `unavailable' and `not yet looked up'. A hostname
56 * that we do not believe in is set to "paranoid".
59 #define STRING_UNKNOWN "unknown" /* lookup failed */
60 #define STRING_PARANOID "paranoid" /* hostname conflict */
63 extern char unknown
[];
64 extern char paranoid
[];
67 #define HOSTNAME_KNOWN(s) (STR_NE((s),unknown) && STR_NE((s),paranoid))
69 #define NOT_INADDR(s) (s[strspn(s,"01234567890./")] != 0)
71 /* Global functions. */
74 #define fromhost sock_host /* no TLI support needed */
76 extern int hosts_access
/* access control */
77 __P((struct request_info
*));
78 extern int hosts_ctl
/* limited interface to hosts_access */
79 __P((char *, char *, char *, char *));
80 extern void shell_cmd
/* execute shell command */
82 extern char *percent_x
/* do %<char> expansion */
83 __P((char *, int, char *, struct request_info
*));
84 extern void rfc931
/* client name from RFC 931 daemon */
85 __P((struct sockaddr
*, struct sockaddr
*, char *));
86 extern void clean_exit
/* clean up and exit */
87 __P((struct request_info
*));
88 extern void refuse
/* clean up and exit */
89 __P((struct request_info
*));
90 extern char *xgets
/* fgets() on steroids */
91 __P((char *, int, FILE *));
92 extern char *split_at
/* strchr() and split */
94 extern int dot_quad_addr
/* restricted inet_aton() */
95 __P((char *, unsigned long *));
97 /* Global variables. */
99 extern int allow_severity
; /* for connection logging */
100 extern int deny_severity
; /* for connection logging */
101 extern char *hosts_allow_table
; /* for verification mode redirection */
102 extern char *hosts_deny_table
; /* for verification mode redirection */
103 extern int hosts_access_verbose
; /* for verbose matching mode */
104 extern int rfc931_timeout
; /* user lookup timeout */
105 extern int resident
; /* > 0 if resident process */
108 * Routines for controlled initialization and update of request structure
109 * attributes. Each attribute has its own key.
112 extern struct request_info
*request_init
/* initialize request */
113 __P((struct request_info
*,...));
114 extern struct request_info
*request_set
/* update request structure */
115 __P((struct request_info
*,...));
117 #define RQ_FILE 1 /* file descriptor */
118 #define RQ_DAEMON 2 /* server process (argv[0]) */
119 #define RQ_USER 3 /* client user name */
120 #define RQ_CLIENT_NAME 4 /* client host name */
121 #define RQ_CLIENT_ADDR 5 /* client host address */
122 #define RQ_CLIENT_SIN 6 /* client endpoint (internal) */
123 #define RQ_SERVER_NAME 7 /* server host name */
124 #define RQ_SERVER_ADDR 8 /* server host address */
125 #define RQ_SERVER_SIN 9 /* server endpoint (internal) */
128 * Routines for delayed evaluation of request attributes. Each attribute
129 * type has its own access method. The trivial ones are implemented by
130 * macros. The other ones are wrappers around the transport-specific host
131 * name, address, and client user lookup methods. The request_info and
132 * host_info structures serve as caches for the lookup results.
135 extern char *eval_user
/* client user */
136 __P((struct request_info
*));
137 extern char *eval_hostname
/* printable hostname */
138 __P((struct host_info
*));
139 extern char *eval_hostaddr
/* printable host address */
140 __P((struct host_info
*));
141 extern char *eval_hostinfo
/* host name or address */
142 __P((struct host_info
*));
143 extern char *eval_client
/* whatever is available */
144 __P((struct request_info
*));
145 extern char *eval_server
/* whatever is available */
146 __P((struct request_info
*));
147 #define eval_daemon(r) ((r)->daemon) /* daemon process name */
148 #define eval_pid(r) ((r)->pid) /* process id */
150 /* Socket-specific methods, including DNS hostname lookups. */
152 extern void sock_host
/* look up endpoint addresses */
153 __P((struct request_info
*));
154 extern void sock_hostname
/* translate address to hostname */
155 __P((struct host_info
*));
156 extern void sock_hostaddr
/* address to printable address */
157 __P((struct host_info
*));
158 #define sock_methods(r) \
159 { (r)->hostname = sock_hostname; (r)->hostaddr = sock_hostaddr; }
161 /* The System V Transport-Level Interface (TLI) interface. */
163 #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
164 extern void tli_host
/* look up endpoint addresses etc. */
165 __P((struct request_info
*));
169 * Problem reporting interface. Additional file/line context is reported
170 * when available. The jump buffer (tcpd_buf) is not declared here, or
171 * everyone would have to include <setjmp.h>.
174 extern void tcpd_warn
/* report problem and proceed */
176 __attribute__((__format__(__printf__
, 1, 2)));
177 extern void tcpd_jump
/* report problem and jump */
179 __attribute__((__format__(__printf__
, 1, 2)));
182 struct tcpd_context
{
183 char *file
; /* current file */
184 int line
; /* current line */
187 extern struct tcpd_context tcpd_context
;
191 * While processing access control rules, error conditions are handled by
192 * jumping back into the hosts_access() routine. This is cleaner than
193 * checking the return value of each and every silly little function. The
194 * (-1) returns are here because zero is already taken by longjmp().
197 #define AC_PERMIT 1 /* permit access */
198 #define AC_DENY (-1) /* deny_access */
199 #define AC_ERROR AC_DENY /* XXX */
202 * In verification mode an option function should just say what it would do,
203 * instead of really doing it. An option function that would not return
204 * should clear the dry_run flag to inform the caller of this unusual
209 extern void process_options
/* execute options */
210 __P((char *, struct request_info
*));
211 extern int dry_run
; /* verification flag */
212 extern void fix_options
/* get rid of IP-level socket options */
213 __P((struct request_info
*));
