/* $OpenBSD: tcpd.h,v 1.10 2001/03/28 22:06:29 deraadt Exp $ */
/*
* Copyright (c) 1997, Jason Downs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Jason Downs for the
* OpenBSD system.
* 4. Neither the name(s) of the author(s) nor the name OpenBSD
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS
* OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* @(#) tcpd.h 1.5 96/03/19 16:22:24
*
* Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
*/
#ifndef _TCPD_H_
#define _TCPD_H_
#include <sys/cdefs.h>
/* Structure to describe one communications endpoint. */
#define STRING_LENGTH 128 /* hosts, users, processes */
struct host_info {
char name[STRING_LENGTH]; /* access via eval_hostname(host) */
char addr[STRING_LENGTH]; /* access via eval_hostaddr(host) */
struct sockaddr *sin; /* socket address or 0 */
struct t_unitdata *unit; /* TLI transport address or 0 */
struct request_info *request; /* for shared information */
};
/* Structure to describe what we know about a service request. */
struct request_info {
int fd; /* socket handle */
char user[STRING_LENGTH]; /* access via eval_user(request) */
char daemon[STRING_LENGTH]; /* access via eval_daemon(request) */
char pid[10]; /* access via eval_pid(request) */
struct host_info client[1]; /* client endpoint info */
struct host_info server[1]; /* server endpoint info */
void (*sink) (); /* datagram sink function or 0 */
void (*hostname) (); /* address to printable hostname */
void (*hostaddr) (); /* address to printable address */
void (*cleanup) (); /* cleanup function or 0 */
struct netconfig *config; /* netdir handle */
};
/* Common string operations. Less clutter should be more readable. */
#define STRN_CPY(d,s,l) { strncpy((d),(s),(l)); (d)[(l)-1] = 0; }
#define STRN_EQ(x,y,l) (strncasecmp((x),(y),(l)) == 0)
#define STRN_NE(x,y,l) (strncasecmp((x),(y),(l)) != 0)
#define STR_EQ(x,y) (strcasecmp((x),(y)) == 0)
#define STR_NE(x,y) (strcasecmp((x),(y)) != 0)
/*
* Initially, all above strings have the empty value. Information that
* cannot be determined at runtime is set to "unknown", so that we can
* distinguish between `unavailable' and `not yet looked up'. A hostname
* that we do not believe in is set to "paranoid".
*/
#define STRING_UNKNOWN "unknown" /* lookup failed */
#define STRING_PARANOID "paranoid" /* hostname conflict */
__BEGIN_DECLS
extern char unknown[];
extern char paranoid[];
__END_DECLS
#define HOSTNAME_KNOWN(s) (STR_NE((s),unknown) && STR_NE((s),paranoid))
#define NOT_INADDR(s) (s[strspn(s,"01234567890./")] != 0)
/* Global functions. */
#ifdef __cplusplus
extern "C" {
#endif
#define fromhost sock_host /* no TLI support needed */
__BEGIN_DECLS
extern int hosts_access __P((struct request_info *));
extern int hosts_ctl __P((char *, char *, char *, char *));
extern void shell_cmd __P((char *));
extern char *percent_m __P((char *, char *));
extern char *percent_x __P((char *, int, char *, struct request_info *));
extern void rfc931 __P((struct sockaddr *, struct sockaddr *, char *));
extern int rfc1413 __P((struct sockaddr *, struct sockaddr *, char *, size_t, int));
extern void clean_exit __P((struct request_info *));
extern void refuse __P((struct request_info *));
#ifdef _STDIO_H_
extern char *xgets __P((char *, int, FILE *));
#endif /* _STDIO_H_ */
extern char *split_at __P((char *, int));
extern int dot_quad_addr_new __P((char *, in_addr_t *));
extern in_addr_t dot_quad_addr __P((char *));
#ifdef __cplusplus
}
#endif
/* Global variables. */
extern int allow_severity; /* for connection logging */
extern int deny_severity; /* for connection logging */
extern char *hosts_allow_table; /* for verification mode redirection */
extern char *hosts_deny_table; /* for verification mode redirection */
extern int hosts_access_verbose; /* for verbose matching mode */
extern int rfc931_timeout; /* user lookup timeout */
extern int resident; /* > 0 if resident process */
/*
* Routines for controlled initialization and update of request structure
* attributes. Each attribute has its own key.
*/
extern struct request_info *request_init __P((struct request_info *, ...));
extern struct request_info *request_set __P((struct request_info *, ...));
#define RQ_FILE 1 /* file descriptor */
#define RQ_DAEMON 2 /* server process (argv[0]) */
#define RQ_USER 3 /* client user name */
#define RQ_CLIENT_NAME 4 /* client host name */
#define RQ_CLIENT_ADDR 5 /* client host address */
#define RQ_CLIENT_SIN 6 /* client endpoint (internal) */
#define RQ_SERVER_NAME 7 /* server host name */
#define RQ_SERVER_ADDR 8 /* server host address */
#define RQ_SERVER_SIN 9 /* server endpoint (internal) */
/*
* Routines for delayed evaluation of request attributes. Each attribute
* type has its own access method. The trivial ones are implemented by
* macros. The other ones are wrappers around the transport-specific host
* name, address, and client user lookup methods. The request_info and
* host_info structures serve as caches for the lookup results.
*/
extern char *eval_user __P((struct request_info *));
extern char *eval_hostname __P((struct host_info *));
extern char *eval_hostaddr __P((struct host_info *));
extern char *eval_hostinfo __P((struct host_info *));
extern char *eval_client __P((struct request_info *));
extern char *eval_server __P((struct request_info *));
#define eval_daemon(r) ((r)->daemon) /* daemon process name */
#define eval_pid(r) ((r)->pid) /* process id */
/* Socket-specific methods, including DNS hostname lookups. */
extern void sock_host __P((struct request_info *));
extern void sock_hostname __P((struct host_info *));
extern void sock_hostaddr __P((struct host_info *));
#define sock_methods(r) \
{ (r)->hostname = sock_hostname; (r)->hostaddr = sock_hostaddr; }
/*
* Problem reporting interface. Additional file/line context is reported
* when available. The jump buffer (tcpd_buf) is not declared here, or
* everyone would have to include <setjmp.h>.
*/
extern void tcpd_warn __P((char *, ...));
extern void tcpd_jump __P((char *, ...));
__END_DECLS
struct tcpd_context {
char *file; /* current file */
int line; /* current line */
};
__BEGIN_DECLS
extern struct tcpd_context tcpd_context;
/*
* While processing access control rules, error conditions are handled by
* jumping back into the hosts_access() routine. This is cleaner than
* checking the return value of each and every silly little function. The
* (-1) returns are here because zero is already taken by longjmp().
*/
#define AC_PERMIT 1 /* permit access */
#define AC_DENY (-1) /* deny_access */
#define AC_ERROR AC_DENY /* XXX */
/*
* In verification mode an option function should just say what it would do,
* instead of really doing it. An option function that would not return
* should clear the dry_run flag to inform the caller of this unusual
* behavior.
*/
extern void process_options __P((char *, struct request_info *));
extern int dry_run; /* verification flag */
__END_DECLS
#ifdef _TCPD_PRIVATE
/*
* What follows is an attempt to unify varargs.h and stdarg.h. I'd rather
* have this than #ifdefs all over the code.
*
* The code using these must include the proper system header.
*/
#ifdef __STDC__
#define VARARGS(func,type,arg) func(type arg, ...)
#define VASTART(ap,type,name) va_start(ap,name)
#define VAEND(ap) va_end(ap)
#else
#define VARARGS(func,type,arg) func(va_alist) va_dcl
#define VASTART(ap,type,name) {type name; va_start(ap); name = va_arg(ap, type)
#define VAEND(ap) va_end(ap);}
#endif
#endif /* _TCPD_PRIVATE */
#endif /* _TCPD_H_ */