2.11BSD#431 - /usr/src/libexec/tcpd/tcpd.h

   1:  /*
   2:   * @(#) tcpd.h 1.3 95/01/08 21:07:59
   3:   *
   4:   * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
   5:   */
   6: 
   7: /* Structure to describe one communications endpoint. */
   8: 
   9: #define STRING_LENGTH   128     /* hosts, users, processes */
  10: 
  11: struct host_info {
  12:     char    name[STRING_LENGTH];    /* access via eval_hostname(host) */
  13:     char    addr[STRING_LENGTH];    /* access via eval_hostaddr(host) */
  14:     struct sockaddr_in *sin;        /* socket address or 0 */
  15:     struct t_unitdata *unit;        /* TLI transport address or 0 */
  16:     struct request_info *request;   /* for shared information */
  17: };
  18: 
  19: /* Structure to describe what we know about a service request. */
  20: 
  21: struct request_info {
  22:     int     fd;             /* socket handle */
  23:     char    user[STRING_LENGTH];    /* access via eval_user(request) */
  24:     char    daemon[STRING_LENGTH];  /* access via eval_daemon(request) */
  25:     char    pid[10];            /* access via eval_pid(request) */
  26:     struct host_info client[1];     /* client endpoint info */
  27:     struct host_info server[1];     /* server endpoint info */
  28:     void  (*sink) ();           /* datagram sink function or 0 */
  29:     void  (*hostname) ();       /* address to printable hostname */
  30:     void  (*hostaddr) ();       /* address to printable address */
  31:     void  (*cleanup) ();        /* cleanup function or 0 */
  32:     struct netconfig *config;       /* netdir handle */
  33: };
  34: 
  35: /* Common string operations. Less clutter should be more readable. */
  36: 
  37: #define STRN_CPY(d,s,l) { strncpy((d),(s),(l)); (d)[(l)-1] = 0; }
  38: 
  39: #define STRN_EQ(x,y,l)  (strncasecmp((x),(y),(l)) == 0)
  40: #define STRN_NE(x,y,l)  (strncasecmp((x),(y),(l)) != 0)
  41: #define STR_EQ(x,y) (strcasecmp((x),(y)) == 0)
  42: #define STR_NE(x,y) (strcasecmp((x),(y)) != 0)
  43: 
  44:  /*
  45:   * Initially, all above strings have the empty value. Information that
  46:   * cannot be determined at runtime is set to "unknown", so that we can
  47:   * distinguish between `unavailable' and `not yet looked up'. A hostname
  48:   * that we do not believe in is set to "paranoid".
  49:   */
  50: 
  51: #define STRING_UNKNOWN  "unknown"   /* lookup failed */
  52: #define STRING_PARANOID "paranoid"  /* hostname conflict */
  53: 
  54: extern char unknown[];
  55: extern char paranoid[];
  56: 
  57: #define HOSTNAME_KNOWN(s) (STR_NE((s),unknown) && STR_NE((s),paranoid))
  58: 
  59: #define NOT_INADDR(s) (s[strspn(s,"01234567890./")] != 0)
  60: 
  61: /* Global functions. */
  62: 
  63: #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
  64: extern void fromhost();         /* get/validate client host info */
  65: #else
  66: #define fromhost sock_host      /* no TLI support needed */
  67: #endif
  68: 
  69: extern int hosts_access();      /* access control */
  70: extern void shell_cmd();        /* execute shell command */
  71: extern char *percent_x();       /* do %<char> expansion */
  72: extern void rfc931();           /* client name from RFC 931 daemon */
  73: extern void clean_exit();       /* clean up and exit */
  74: extern void refuse();           /* clean up and exit */
  75: extern char *xgets();           /* fgets() on steroids */
  76: extern char *split_at();        /* strchr() and split */
  77: extern unsigned long dot_quad_addr();   /* restricted inet_addr() */
  78: 
  79: /* Global variables. */
  80: 
  81: extern int allow_severity;      /* for connection logging */
  82: extern int deny_severity;       /* for connection logging */
  83: extern char *hosts_allow_table;     /* for verification mode redirection */
  84: extern char *hosts_deny_table;      /* for verification mode redirection */
  85: extern int hosts_access_verbose;    /* for verbose matching mode */
  86: extern int rfc931_timeout;      /* user lookup timeout */
  87: 
  88:  /*
  89:   * Routines for controlled initialization and update of request structure
  90:   * attributes. Each attribute has its own key.
  91:   */
  92: 
  93: #ifdef __STDC__
  94: extern struct request_info *request_init(struct request_info *,...);
  95: extern struct request_info *request_set(struct request_info *,...);
  96: #else
  97: extern struct request_info *request_init(); /* initialize request */
  98: extern struct request_info *request_set();  /* update request structure */
  99: #endif
 100: 
 101: #define RQ_FILE     1       /* file descriptor */
 102: #define RQ_DAEMON   2       /* server process (argv[0]) */
 103: #define RQ_USER     3       /* client user name */
 104: #define RQ_CLIENT_NAME  4       /* client host name */
 105: #define RQ_CLIENT_ADDR  5       /* client host address */
 106: #define RQ_CLIENT_SIN   6       /* client endpoint (internal) */
 107: #define RQ_SERVER_NAME  7       /* server host name */
 108: #define RQ_SERVER_ADDR  8       /* server host address */
 109: #define RQ_SERVER_SIN   9       /* server endpoint (internal) */
 110: 
 111:  /*
 112:   * Routines for delayed evaluation of request attributes. Each attribute
 113:   * type has its own access method. The trivial ones are implemented by
 114:   * macros. The other ones are wrappers around the transport-specific host
 115:   * name, address, and client user lookup methods. The request_info and
 116:   * host_info structures serve as caches for the lookup results.
 117:   */
 118: 
 119: extern char *eval_user();       /* client user */
 120: extern char *eval_hostname();       /* printable hostname */
 121: extern char *eval_hostaddr();       /* printable host address */
 122: extern char *eval_hostinfo();       /* host name or address */
 123: extern char *eval_client();     /* whatever is available */
 124: extern char *eval_server();     /* whatever is available */
 125: #define eval_daemon(r)  ((r)->daemon)   /* daemon process name */
 126: #define eval_pid(r) ((r)->pid)  /* process id */
 127: 
 128: /* Socket-specific methods, including DNS hostname lookups. */
 129: 
 130: extern void sock_host();        /* look up endpoint addresses */
 131: extern void sock_hostname();        /* translate address to hostname */
 132: extern void sock_hostaddr();        /* address to printable address */
 133: #define sock_methods(r) \
 134:     { (r)->hostname = sock_hostname; (r)->hostaddr = sock_hostaddr; }
 135: 
 136: /* The System V Transport-Level Interface (TLI) interface. */
 137: 
 138: #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
 139: extern void tli_host();         /* look up endpoint addresses etc. */
 140: #endif
 141: 
 142:  /*
 143:   * Problem reporting interface. Additional file/line context is reported
 144:   * when available. The jump buffer (tcpd_buf) is not declared here, or
 145:   * everyone would have to include <setjmp.h>.
 146:   */
 147: 
 148: #ifdef __STDC__
 149: extern void tcpd_warn(char *, ...); /* report problem and proceed */
 150: extern void tcpd_jump(char *, ...); /* report problem and jump */
 151: #else
 152: extern void tcpd_warn();
 153: extern void tcpd_jump();
 154: #endif
 155: 
 156: struct tcpd_context {
 157:     char   *file;           /* current file */
 158:     int     line;           /* current line */
 159: };
 160: extern struct tcpd_context tcpd_context;
 161: 
 162:  /*
 163:   * While processing access control rules, error conditions are handled by
 164:   * jumping back into the hosts_access() routine. This is cleaner than
 165:   * checking the return value of each and every silly little function. The
 166:   * (-1) returns are here because zero is already taken by longjmp().
 167:   */
 168: 
 169: #define AC_PERMIT   1       /* permit access */
 170: #define AC_DENY     (-1)        /* deny_access */
 171: #define AC_ERROR    AC_DENY     /* XXX */
 172: 
 173:  /*
 174:   * In verification mode an option function should just say what it would do,
 175:   * instead of really doing it. An option function that would not return
 176:   * should clear the dry_run flag to inform the caller of this unusual
 177:   * behavior.
 178:   */
 179: 
 180: extern void process_options();      /* execute options */
 181: extern int dry_run;         /* verification flag */
 182: 
 183: /* Bug workarounds. */
 184: 
 185: #ifdef INET_ADDR_BUG            /* inet_addr() returns struct */
 186: #define inet_addr fix_inet_addr
 187: extern long fix_inet_addr();
 188: #endif
 189: 
 190: #ifdef BROKEN_FGETS         /* partial reads from sockets */
 191: #define fgets fix_fgets
 192: extern char *fix_fgets();
 193: #endif
 194: 
 195: #ifdef RECVFROM_BUG         /* no address family info */
 196: #define recvfrom fix_recvfrom
 197: extern int fix_recvfrom();
 198: #endif
 199: 
 200: #ifdef GETPEERNAME_BUG          /* claims success with UDP */
 201: #define getpeername fix_getpeername
 202: extern int fix_getpeername();
 203: #endif
 204: 
 205: #ifdef SOLARIS_24_GETHOSTBYNAME_BUG /* lists addresses as aliases */
 206: #define gethostbyname fix_gethostbyname
 207: extern struct hostent *fix_gethostbyname();
 208: #endif

Defined struct's

Defined macros

Usage of this include