/* $OpenBSD: tcpd.h,v 1.11 2001/11/07 18:49:10 deraadt Exp $ */ /* * Copyright (c) 1997, Jason Downs. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by Jason Downs for the * OpenBSD system. * 4. Neither the name(s) of the author(s) nor the name OpenBSD * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * @(#) tcpd.h 1.5 96/03/19 16:22:24 * * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. */ #ifndef _TCPD_H_ #define _TCPD_H_ #include /* Structure to describe one communications endpoint. */ #define STRING_LENGTH 256 /* hosts, users, processes */ struct host_info { char name[STRING_LENGTH]; /* access via eval_hostname(host) */ char addr[STRING_LENGTH]; /* access via eval_hostaddr(host) */ struct sockaddr *sin; /* socket address or 0 */ struct t_unitdata *unit; /* TLI transport address or 0 */ struct request_info *request; /* for shared information */ }; /* Structure to describe what we know about a service request. */ struct request_info { int fd; /* socket handle */ char user[STRING_LENGTH]; /* access via eval_user(request) */ char daemon[STRING_LENGTH]; /* access via eval_daemon(request) */ char pid[10]; /* access via eval_pid(request) */ struct host_info client[1]; /* client endpoint info */ struct host_info server[1]; /* server endpoint info */ void (*sink) (); /* datagram sink function or 0 */ void (*hostname) (); /* address to printable hostname */ void (*hostaddr) (); /* address to printable address */ void (*cleanup) (); /* cleanup function or 0 */ struct netconfig *config; /* netdir handle */ }; /* Common string operations. Less clutter should be more readable. */ #define STRN_CPY(d,s,l) { strncpy((d),(s),(l)); (d)[(l)-1] = 0; } #define STRN_EQ(x,y,l) (strncasecmp((x),(y),(l)) == 0) #define STRN_NE(x,y,l) (strncasecmp((x),(y),(l)) != 0) #define STR_EQ(x,y) (strcasecmp((x),(y)) == 0) #define STR_NE(x,y) (strcasecmp((x),(y)) != 0) /* * Initially, all above strings have the empty value. Information that * cannot be determined at runtime is set to "unknown", so that we can * distinguish between `unavailable' and `not yet looked up'. A hostname * that we do not believe in is set to "paranoid". */ #define STRING_UNKNOWN "unknown" /* lookup failed */ #define STRING_PARANOID "paranoid" /* hostname conflict */ __BEGIN_DECLS extern char unknown[]; extern char paranoid[]; __END_DECLS #define HOSTNAME_KNOWN(s) (STR_NE((s),unknown) && STR_NE((s),paranoid)) #define NOT_INADDR(s) (s[strspn(s,"01234567890./")] != 0) /* Global functions. */ #ifdef __cplusplus extern "C" { #endif #define fromhost sock_host /* no TLI support needed */ __BEGIN_DECLS extern int hosts_access __P((struct request_info *)); extern int hosts_ctl __P((char *, char *, char *, char *)); extern void shell_cmd __P((char *)); extern char *percent_m __P((char *, char *)); extern char *percent_x __P((char *, int, char *, struct request_info *)); extern void rfc931 __P((struct sockaddr *, struct sockaddr *, char *)); extern int rfc1413 __P((struct sockaddr *, struct sockaddr *, char *, size_t, int)); extern void clean_exit __P((struct request_info *)); extern void refuse __P((struct request_info *)); #ifdef _STDIO_H_ extern char *xgets __P((char *, int, FILE *)); #endif /* _STDIO_H_ */ extern char *split_at __P((char *, int)); extern int dot_quad_addr_new __P((char *, in_addr_t *)); extern in_addr_t dot_quad_addr __P((char *)); #ifdef __cplusplus } #endif /* Global variables. */ extern int allow_severity; /* for connection logging */ extern int deny_severity; /* for connection logging */ extern char *hosts_allow_table; /* for verification mode redirection */ extern char *hosts_deny_table; /* for verification mode redirection */ extern int hosts_access_verbose; /* for verbose matching mode */ extern int rfc931_timeout; /* user lookup timeout */ extern int resident; /* > 0 if resident process */ /* * Routines for controlled initialization and update of request structure * attributes. Each attribute has its own key. */ extern struct request_info *request_init __P((struct request_info *, ...)); extern struct request_info *request_set __P((struct request_info *, ...)); #define RQ_FILE 1 /* file descriptor */ #define RQ_DAEMON 2 /* server process (argv[0]) */ #define RQ_USER 3 /* client user name */ #define RQ_CLIENT_NAME 4 /* client host name */ #define RQ_CLIENT_ADDR 5 /* client host address */ #define RQ_CLIENT_SIN 6 /* client endpoint (internal) */ #define RQ_SERVER_NAME 7 /* server host name */ #define RQ_SERVER_ADDR 8 /* server host address */ #define RQ_SERVER_SIN 9 /* server endpoint (internal) */ /* * Routines for delayed evaluation of request attributes. Each attribute * type has its own access method. The trivial ones are implemented by * macros. The other ones are wrappers around the transport-specific host * name, address, and client user lookup methods. The request_info and * host_info structures serve as caches for the lookup results. */ extern char *eval_user __P((struct request_info *)); extern char *eval_hostname __P((struct host_info *)); extern char *eval_hostaddr __P((struct host_info *)); extern char *eval_hostinfo __P((struct host_info *)); extern char *eval_client __P((struct request_info *)); extern char *eval_server __P((struct request_info *)); #define eval_daemon(r) ((r)->daemon) /* daemon process name */ #define eval_pid(r) ((r)->pid) /* process id */ /* Socket-specific methods, including DNS hostname lookups. */ extern void sock_host __P((struct request_info *)); extern void sock_hostname __P((struct host_info *)); extern void sock_hostaddr __P((struct host_info *)); #define sock_methods(r) \ { (r)->hostname = sock_hostname; (r)->hostaddr = sock_hostaddr; } /* * Problem reporting interface. Additional file/line context is reported * when available. The jump buffer (tcpd_buf) is not declared here, or * everyone would have to include . */ extern void tcpd_warn __P((char *, ...)); extern void tcpd_jump __P((char *, ...)); __END_DECLS struct tcpd_context { char *file; /* current file */ int line; /* current line */ }; __BEGIN_DECLS extern struct tcpd_context tcpd_context; /* * While processing access control rules, error conditions are handled by * jumping back into the hosts_access() routine. This is cleaner than * checking the return value of each and every silly little function. The * (-1) returns are here because zero is already taken by longjmp(). */ #define AC_PERMIT 1 /* permit access */ #define AC_DENY (-1) /* deny_access */ #define AC_ERROR AC_DENY /* XXX */ /* * In verification mode an option function should just say what it would do, * instead of really doing it. An option function that would not return * should clear the dry_run flag to inform the caller of this unusual * behavior. */ extern void process_options __P((char *, struct request_info *)); extern int dry_run; /* verification flag */ __END_DECLS #ifdef _TCPD_PRIVATE /* * What follows is an attempt to unify varargs.h and stdarg.h. I'd rather * have this than #ifdefs all over the code. * * The code using these must include the proper system header. */ #ifdef __STDC__ #define VARARGS(func,type,arg) func(type arg, ...) #define VASTART(ap,type,name) va_start(ap,name) #define VAEND(ap) va_end(ap) #else #define VARARGS(func,type,arg) func(va_alist) va_dcl #define VASTART(ap,type,name) {type name; va_start(ap); name = va_arg(ap, type) #define VAEND(ap) va_end(ap);} #endif #endif /* _TCPD_PRIVATE */ #endif /* _TCPD_H_ */