1 /*
   2  * Copyright 2014 Sachidananda Urs <sacchi@gmail.com>
   3  * Copyright 2001 Sun Microsystems, Inc.  All rights reserved.
   4  * Use is subject to license terms.
   5  */
   6 
   7 /*
   8  * @(#) tcpd.h 1.5 96/03/19 16:22:24
   9  *
  10  * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
  11  */
  12 
  13 #ifndef _TCPD_H
  14 #define _TCPD_H
  15 
  16 /*
  17  * HAVE_IPV6 is traditionally configured at tcp_wrappers build time but for
  18  * Solaris it must always be defined to keep the library interface binary
  19  * compatible.
  20  */
  21 #define HAVE_IPV6
  22 
  23 /* Structure to describe one communications endpoint. */
  24 
  25 #define STRING_LENGTH   128             /* hosts, users, processes */
  26 
  27 #include <sys/socket.h>
  28 #include <netinet/in.h>
  29 
  30 typedef struct sockaddr_gen {
  31     union {
  32         struct sockaddr _sg_sa;
  33         struct sockaddr_in      _sg_sin;
  34 #ifdef HAVE_IPV6
  35         struct sockaddr_in6     _sg_sin6;
  36 #endif
  37         } sg_addr;
  38 } sockaddr_gen;
  39 
  40 typedef union gen_addr {
  41     struct in_addr      ga_in;
  42 #ifdef HAVE_IPV6
  43     struct in6_addr     ga_in6;
  44 #endif
  45 } gen_addr;
  46 
  47 extern void sockgen_simplify();
  48 
  49 #define sg_sa           sg_addr._sg_sa
  50 #define sg_sin          sg_addr._sg_sin
  51 #define sg_sin6         sg_addr._sg_sin6
  52 #define sg_family       sg_sa.sa_family
  53 #ifdef HAVE_IPV6
  54 #define SGADDRSZ(sag)           ((sag)->sg_family == AF_INET6 ? \
  55                                     sizeof (struct in6_addr) : \
  56                                     sizeof (struct in_addr))
  57 #define SGSOCKADDRSZ(sag)       ((sag)->sg_family == AF_INET6 ? \
  58                                     sizeof (struct sockaddr_in6) : \
  59                                     sizeof (struct sockaddr_in))
  60 #define SGPORT(sag)             (*((sag)->sg_family == AF_INET6 ? \
  61                                     &(sag)->sg_sin6.sin6_port : \
  62                                     &(sag)->sg_sin.sin_port))
  63 #define SGADDRP(sag)            (((sag)->sg_family == AF_INET6 ? \
  64                                     (char *)&(sag)->sg_sin6.sin6_addr : \
  65                                     (char *)&(sag)->sg_sin.sin_addr))
  66 #define SGFAM(sag)              ((sag)->sg_family == AF_INET6 ? \
  67                                     AF_INET6 : AF_INET)
  68 
  69 #define SG_IS_UNSPECIFIED(sag) \
  70                 ((sag)->sg_family == AF_INET6 ? \
  71                         IN6_IS_ADDR_UNSPECIFIED(&(sag)->sg_sin6.sin6_addr) : \
  72                         (sag)->sg_sin.sin_addr.s_addr == 0)
  73 
  74 #define VALID_ADDRTYPE(t)       ((t) == AF_INET || (t) == AF_INET6)
  75 
  76 #ifndef IPV6_ABITS
  77 #define IPV6_ABITS 128                  /* Size of IPV6 address in bits */
  78 #endif
  79 
  80 #else /* HAVE_IPV6 */
  81 
  82 #define SGADDRSZ(sag)           sizeof (struct in_addr)
  83 #define SGSOCKADDRSZ(sag)       sizeof (struct sockaddr_in)
  84 #define SGPORT(sag)             ((sag)->sg_sin.sin_port)
  85 #define SGADDRP(sag)            ((char *)&(sag)->sg_sin.sin_addr)
  86 #define SGFAM(sag)              AF_INET
  87 #define SG_IS_UNSPECIFIED(sag)  ((sag)->sg_sin.sin_addr.s_addr == 0)
  88 
  89 #define VALID_ADDRTYPE(t)       ((t) == AF_INET)
  90 
  91 #endif /* HAVE_IPV6 */
  92 
  93 struct host_info {
  94     char    name[STRING_LENGTH];        /* access via eval_hostname(host) */
  95     char    addr[STRING_LENGTH];        /* access via eval_hostaddr(host) */
  96     struct sockaddr_gen *sin;           /* socket address or 0 */
  97     struct t_unitdata *unit;            /* TLI transport address or 0 */
  98     struct request_info *request;       /* for shared information */
  99 };
 100 
 101 /* Structure to describe what we know about a service request. */
 102 
 103 struct request_info {
 104     int     fd;                         /* socket handle */
 105     char    user[STRING_LENGTH];        /* access via eval_user(request) */
 106     char    daemon[STRING_LENGTH];      /* access via eval_daemon(request) */
 107     char    pid[10];                    /* access via eval_pid(request) */
 108     struct host_info client[1];         /* client endpoint info */
 109     struct host_info server[1];         /* server endpoint info */
 110     void  (*sink) ();                   /* datagram sink function or 0 */
 111     void  (*hostname) ();               /* address to printable hostname */
 112     void  (*hostaddr) ();               /* address to printable address */
 113     void  (*cleanup) ();                /* cleanup function or 0 */
 114     struct netconfig *config;           /* netdir handle */
 115 };
 116 
 117 /* Common string operations. Less clutter should be more readable. */
 118 
 119 #define STRN_CPY(d, s, l)       { strncpy((d), (s), (l)); (d)[(l)-1] = 0; }
 120 
 121 #define STRN_EQ(x, y, l)        (strncasecmp((x), (y), (l)) == 0)
 122 #define STRN_NE(x, y, l)        (strncasecmp((x), (y), (l)) != 0)
 123 #define STR_EQ(x, y)            (strcasecmp((x), (y)) == 0)
 124 #define STR_NE(x, y)            (strcasecmp((x), (y)) != 0)
 125 
 126 /*
 127  * Initially, all above strings have the empty value. Information that
 128  * cannot be determined at runtime is set to "unknown", so that we can
 129  * distinguish between `unavailable' and `not yet looked up'. A hostname
 130  * that we do not believe in is set to "paranoid".
 131  */
 132 
 133 #define STRING_UNKNOWN  "unknown"       /* lookup failed */
 134 #define STRING_PARANOID "paranoid"      /* hostname conflict */
 135 
 136 extern char unknown[];
 137 extern char paranoid[];
 138 
 139 #define HOSTNAME_KNOWN(s) (STR_NE((s), unknown) && STR_NE((s), paranoid))
 140 
 141 #ifdef HAVE_IPV6
 142 #define NOT_INADDR(s) (strchr(s, ':') == 0 && s[strspn(s, "0123456789./")] != 0)
 143 #else
 144 #define NOT_INADDR(s) (s[strspn(s, "0123456789./")] != 0)
 145 #endif
 146 
 147 /* Global functions. */
 148 
 149 #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
 150 extern void fromhost();                 /* get/validate client host info */
 151 #else
 152 #define fromhost sock_host              /* no TLI support needed */
 153 #endif
 154 
 155 extern int hosts_ctl();                 /* wrapper around request_init() */
 156 extern int hosts_access();              /* access control */
 157 extern void shell_cmd();                /* execute shell command */
 158 extern char *percent_x();               /* do %<char> expansion */
 159 extern void rfc931();                   /* client name from RFC 931 daemon */
 160 extern void clean_exit();               /* clean up and exit */
 161 extern void refuse();                   /* clean up and exit */
 162 extern char *xgets();                   /* fgets() on steroids */
 163 extern char *split_at();                /* strchr() and split */
 164 extern unsigned long dot_quad_addr();   /* restricted inet_addr() */
 165 extern int numeric_addr();              /* IP4/IP6 inet_addr (restricted) */
 166 extern struct hostent *tcpd_gethostbyname();
 167                                         /* IP4/IP6 gethostbyname */
 168 #ifdef HAVE_IPV6
 169 extern char *skip_ipv6_addrs();         /* skip over colons in IPv6 addrs */
 170 #else
 171 #define skip_ipv6_addrs(x)      x
 172 #endif
 173 
 174 /* Global variables. */
 175 
 176 extern int allow_severity;              /* for connection logging */
 177 extern int deny_severity;               /* for connection logging */
 178 extern char *hosts_allow_table;         /* for verification mode redirection */
 179 extern char *hosts_deny_table;          /* for verification mode redirection */
 180 extern int hosts_access_verbose;        /* for verbose matching mode */
 181 extern int rfc931_timeout;              /* user lookup timeout */
 182 extern int resident;                    /* > 0 if resident process */
 183 
 184 /*
 185  * Routines for controlled initialization and update of request structure
 186  * attributes. Each attribute has its own key.
 187  */
 188 
 189 #ifdef __STDC__
 190 extern struct request_info *request_init(struct request_info *, ...);
 191 extern struct request_info *request_set(struct request_info *, ...);
 192 #else
 193 extern struct request_info *request_init();     /* initialize request */
 194 extern struct request_info *request_set();      /* update request structure */
 195 #endif
 196 
 197 #define RQ_FILE         1               /* file descriptor */
 198 #define RQ_DAEMON       2               /* server process (argv[0]) */
 199 #define RQ_USER         3               /* client user name */
 200 #define RQ_CLIENT_NAME  4               /* client host name */
 201 #define RQ_CLIENT_ADDR  5               /* client host address */
 202 #define RQ_CLIENT_SIN   6               /* client endpoint (internal) */
 203 #define RQ_SERVER_NAME  7               /* server host name */
 204 #define RQ_SERVER_ADDR  8               /* server host address */
 205 #define RQ_SERVER_SIN   9               /* server endpoint (internal) */
 206 
 207 /*
 208  * Routines for delayed evaluation of request attributes. Each attribute
 209  * type has its own access method. The trivial ones are implemented by
 210  * macros. The other ones are wrappers around the transport-specific host
 211  * name, address, and client user lookup methods. The request_info and
 212  * host_info structures serve as caches for the lookup results.
 213  */
 214 
 215 extern char *eval_user();               /* client user */
 216 extern char *eval_hostname();           /* printable hostname */
 217 extern char *eval_hostaddr();           /* printable host address */
 218 extern char *eval_hostinfo();           /* host name or address */
 219 extern char *eval_client();             /* whatever is available */
 220 extern char *eval_server();             /* whatever is available */
 221 #define eval_daemon(r)  ((r)->daemon)        /* daemon process name */
 222 #define eval_pid(r)     ((r)->pid)   /* process id */
 223 
 224 /* Socket-specific methods, including DNS hostname lookups. */
 225 
 226 extern void sock_host();                /* look up endpoint addresses */
 227 extern void sock_hostname();            /* translate address to hostname */
 228 extern void sock_hostaddr();            /* address to printable address */
 229 #define sock_methods(r) \
 230         { (r)->hostname = sock_hostname; (r)->hostaddr = sock_hostaddr; }
 231 
 232 /* The System V Transport-Level Interface (TLI) interface. */
 233 
 234 #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
 235 extern void tli_host();                 /* look up endpoint addresses etc. */
 236 #endif
 237 
 238 /*
 239  * Problem reporting interface. Additional file/line context is reported
 240  * when available. The jump buffer (tcpd_buf) is not declared here, or
 241  * everyone would have to include <setjmp.h>.
 242  */
 243 
 244 #ifdef __STDC__
 245 extern void tcpd_warn(char *, ...);     /* report problem and proceed */
 246 extern void tcpd_jump(char *, ...);     /* report problem and jump */
 247 #else
 248 extern void tcpd_warn();
 249 extern void tcpd_jump();
 250 #endif
 251 
 252 struct tcpd_context {
 253     char   *file;                       /* current file */
 254     int     line;                       /* current line */
 255 };
 256 extern struct tcpd_context tcpd_context;
 257 
 258 /*
 259  * While processing access control rules, error conditions are handled by
 260  * jumping back into the hosts_access() routine. This is cleaner than
 261  * checking the return value of each and every silly little function. The
 262  * (-1) returns are here because zero is already taken by longjmp().
 263  */
 264 
 265 #define AC_PERMIT       1               /* permit access */
 266 #define AC_DENY         (-1)            /* deny_access */
 267 #define AC_ERROR        AC_DENY         /* XXX */
 268 
 269 /*
 270  * In verification mode an option function should just say what it would do,
 271  * instead of really doing it. An option function that would not return
 272  * should clear the dry_run flag to inform the caller of this unusual
 273  * behavior.
 274  */
 275 
 276 extern void process_options();          /* execute options */
 277 extern int dry_run;                     /* verification flag */
 278 
 279 /* Bug workarounds. */
 280 
 281 #ifdef INET_ADDR_BUG                    /* inet_addr() returns struct */
 282 #define inet_addr fix_inet_addr
 283 extern long fix_inet_addr();
 284 #endif
 285 
 286 #ifdef BROKEN_FGETS                     /* partial reads from sockets */
 287 #define fgets fix_fgets
 288 extern char *fix_fgets();
 289 #endif
 290 
 291 #ifdef RECVFROM_BUG                     /* no address family info */
 292 #define recvfrom fix_recvfrom
 293 extern int fix_recvfrom();
 294 #endif
 295 
 296 #ifdef GETPEERNAME_BUG                  /* claims success with UDP */
 297 #define getpeername fix_getpeername
 298 extern int fix_getpeername();
 299 #endif
 300 
 301 #ifdef SOLARIS_24_GETHOSTBYNAME_BUG     /* lists addresses as aliases */
 302 #define gethostbyname fix_gethostbyname
 303 extern struct hostent *fix_gethostbyname();
 304 #endif
 305 
 306 #ifdef USE_STRSEP                       /* libc calls strtok() */
 307 #define strtok  fix_strtok
 308 extern char *fix_strtok();
 309 #endif
 310 
 311 #ifdef LIBC_CALLS_STRTOK                /* libc calls strtok() */
 312 #define strtok  my_strtok
 313 extern char *my_strtok();
 314 #endif
 315 
 316 #endif /* _TCPD_H */