1 /* 2 * Copyright 2014 Sachidananda Urs <sacchi@gmail.com> 3 * Copyright 2001 Sun Microsystems, Inc. All rights reserved. 4 * Use is subject to license terms. 5 */ 6 7 /* 8 * @(#) tcpd.h 1.5 96/03/19 16:22:24 9 * 10 * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. 11 */ 12 13 #ifndef _TCPD_H 14 #define _TCPD_H 15 16 /* 17 * HAVE_IPV6 is traditionally configured at tcp_wrappers build time but for 18 * Solaris it must always be defined to keep the library interface binary 19 * compatible. 20 */ 21 #define HAVE_IPV6 22 23 /* Structure to describe one communications endpoint. */ 24 25 #define STRING_LENGTH 128 /* hosts, users, processes */ 26 27 #include <sys/socket.h> 28 #include <netinet/in.h> 29 30 typedef struct sockaddr_gen { 31 union { 32 struct sockaddr _sg_sa; 33 struct sockaddr_in _sg_sin; 34 #ifdef HAVE_IPV6 35 struct sockaddr_in6 _sg_sin6; 36 #endif 37 } sg_addr; 38 } sockaddr_gen; 39 40 typedef union gen_addr { 41 struct in_addr ga_in; 42 #ifdef HAVE_IPV6 43 struct in6_addr ga_in6; 44 #endif 45 } gen_addr; 46 47 extern void sockgen_simplify(); 48 49 #define sg_sa sg_addr._sg_sa 50 #define sg_sin sg_addr._sg_sin 51 #define sg_sin6 sg_addr._sg_sin6 52 #define sg_family sg_sa.sa_family 53 #ifdef HAVE_IPV6 54 #define SGADDRSZ(sag) ((sag)->sg_family == AF_INET6 ? \ 55 sizeof (struct in6_addr) : \ 56 sizeof (struct in_addr)) 57 #define SGSOCKADDRSZ(sag) ((sag)->sg_family == AF_INET6 ? \ 58 sizeof (struct sockaddr_in6) : \ 59 sizeof (struct sockaddr_in)) 60 #define SGPORT(sag) (*((sag)->sg_family == AF_INET6 ? \ 61 &(sag)->sg_sin6.sin6_port : \ 62 &(sag)->sg_sin.sin_port)) 63 #define SGADDRP(sag) (((sag)->sg_family == AF_INET6 ? \ 64 (char *)&(sag)->sg_sin6.sin6_addr : \ 65 (char *)&(sag)->sg_sin.sin_addr)) 66 #define SGFAM(sag) ((sag)->sg_family == AF_INET6 ? \ 67 AF_INET6 : AF_INET) 68 69 #define SG_IS_UNSPECIFIED(sag) \ 70 ((sag)->sg_family == AF_INET6 ? \ 71 IN6_IS_ADDR_UNSPECIFIED(&(sag)->sg_sin6.sin6_addr) : \ 72 (sag)->sg_sin.sin_addr.s_addr == 0) 73 74 #define VALID_ADDRTYPE(t) ((t) == AF_INET || (t) == AF_INET6) 75 76 #ifndef IPV6_ABITS 77 #define IPV6_ABITS 128 /* Size of IPV6 address in bits */ 78 #endif 79 80 #else /* HAVE_IPV6 */ 81 82 #define SGADDRSZ(sag) sizeof (struct in_addr) 83 #define SGSOCKADDRSZ(sag) sizeof (struct sockaddr_in) 84 #define SGPORT(sag) ((sag)->sg_sin.sin_port) 85 #define SGADDRP(sag) ((char *)&(sag)->sg_sin.sin_addr) 86 #define SGFAM(sag) AF_INET 87 #define SG_IS_UNSPECIFIED(sag) ((sag)->sg_sin.sin_addr.s_addr == 0) 88 89 #define VALID_ADDRTYPE(t) ((t) == AF_INET) 90 91 #endif /* HAVE_IPV6 */ 92 93 struct host_info { 94 char name[STRING_LENGTH]; /* access via eval_hostname(host) */ 95 char addr[STRING_LENGTH]; /* access via eval_hostaddr(host) */ 96 struct sockaddr_gen *sin; /* socket address or 0 */ 97 struct t_unitdata *unit; /* TLI transport address or 0 */ 98 struct request_info *request; /* for shared information */ 99 }; 100 101 /* Structure to describe what we know about a service request. */ 102 103 struct request_info { 104 int fd; /* socket handle */ 105 char user[STRING_LENGTH]; /* access via eval_user(request) */ 106 char daemon[STRING_LENGTH]; /* access via eval_daemon(request) */ 107 char pid[10]; /* access via eval_pid(request) */ 108 struct host_info client[1]; /* client endpoint info */ 109 struct host_info server[1]; /* server endpoint info */ 110 void (*sink) (); /* datagram sink function or 0 */ 111 void (*hostname) (); /* address to printable hostname */ 112 void (*hostaddr) (); /* address to printable address */ 113 void (*cleanup) (); /* cleanup function or 0 */ 114 struct netconfig *config; /* netdir handle */ 115 }; 116 117 /* Common string operations. Less clutter should be more readable. */ 118 119 #define STRN_CPY(d, s, l) { strncpy((d), (s), (l)); (d)[(l)-1] = 0; } 120 121 #define STRN_EQ(x, y, l) (strncasecmp((x), (y), (l)) == 0) 122 #define STRN_NE(x, y, l) (strncasecmp((x), (y), (l)) != 0) 123 #define STR_EQ(x, y) (strcasecmp((x), (y)) == 0) 124 #define STR_NE(x, y) (strcasecmp((x), (y)) != 0) 125 126 /* 127 * Initially, all above strings have the empty value. Information that 128 * cannot be determined at runtime is set to "unknown", so that we can 129 * distinguish between `unavailable' and `not yet looked up'. A hostname 130 * that we do not believe in is set to "paranoid". 131 */ 132 133 #define STRING_UNKNOWN "unknown" /* lookup failed */ 134 #define STRING_PARANOID "paranoid" /* hostname conflict */ 135 136 extern char unknown[]; 137 extern char paranoid[]; 138 139 #define HOSTNAME_KNOWN(s) (STR_NE((s), unknown) && STR_NE((s), paranoid)) 140 141 #ifdef HAVE_IPV6 142 #define NOT_INADDR(s) (strchr(s, ':') == 0 && s[strspn(s, "0123456789./")] != 0) 143 #else 144 #define NOT_INADDR(s) (s[strspn(s, "0123456789./")] != 0) 145 #endif 146 147 /* Global functions. */ 148 149 #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT) 150 extern void fromhost(); /* get/validate client host info */ 151 #else 152 #define fromhost sock_host /* no TLI support needed */ 153 #endif 154 155 extern int hosts_ctl(); /* wrapper around request_init() */ 156 extern int hosts_access(); /* access control */ 157 extern void shell_cmd(); /* execute shell command */ 158 extern char *percent_x(); /* do %<char> expansion */ 159 extern void rfc931(); /* client name from RFC 931 daemon */ 160 extern void clean_exit(); /* clean up and exit */ 161 extern void refuse(); /* clean up and exit */ 162 extern char *xgets(); /* fgets() on steroids */ 163 extern char *split_at(); /* strchr() and split */ 164 extern unsigned long dot_quad_addr(); /* restricted inet_addr() */ 165 extern int numeric_addr(); /* IP4/IP6 inet_addr (restricted) */ 166 extern struct hostent *tcpd_gethostbyname(); 167 /* IP4/IP6 gethostbyname */ 168 #ifdef HAVE_IPV6 169 extern char *skip_ipv6_addrs(); /* skip over colons in IPv6 addrs */ 170 #else 171 #define skip_ipv6_addrs(x) x 172 #endif 173 174 /* Global variables. */ 175 176 extern int allow_severity; /* for connection logging */ 177 extern int deny_severity; /* for connection logging */ 178 extern char *hosts_allow_table; /* for verification mode redirection */ 179 extern char *hosts_deny_table; /* for verification mode redirection */ 180 extern int hosts_access_verbose; /* for verbose matching mode */ 181 extern int rfc931_timeout; /* user lookup timeout */ 182 extern int resident; /* > 0 if resident process */ 183 184 /* 185 * Routines for controlled initialization and update of request structure 186 * attributes. Each attribute has its own key. 187 */ 188 189 #ifdef __STDC__ 190 extern struct request_info *request_init(struct request_info *, ...); 191 extern struct request_info *request_set(struct request_info *, ...); 192 #else 193 extern struct request_info *request_init(); /* initialize request */ 194 extern struct request_info *request_set(); /* update request structure */ 195 #endif 196 197 #define RQ_FILE 1 /* file descriptor */ 198 #define RQ_DAEMON 2 /* server process (argv[0]) */ 199 #define RQ_USER 3 /* client user name */ 200 #define RQ_CLIENT_NAME 4 /* client host name */ 201 #define RQ_CLIENT_ADDR 5 /* client host address */ 202 #define RQ_CLIENT_SIN 6 /* client endpoint (internal) */ 203 #define RQ_SERVER_NAME 7 /* server host name */ 204 #define RQ_SERVER_ADDR 8 /* server host address */ 205 #define RQ_SERVER_SIN 9 /* server endpoint (internal) */ 206 207 /* 208 * Routines for delayed evaluation of request attributes. Each attribute 209 * type has its own access method. The trivial ones are implemented by 210 * macros. The other ones are wrappers around the transport-specific host 211 * name, address, and client user lookup methods. The request_info and 212 * host_info structures serve as caches for the lookup results. 213 */ 214 215 extern char *eval_user(); /* client user */ 216 extern char *eval_hostname(); /* printable hostname */ 217 extern char *eval_hostaddr(); /* printable host address */ 218 extern char *eval_hostinfo(); /* host name or address */ 219 extern char *eval_client(); /* whatever is available */ 220 extern char *eval_server(); /* whatever is available */ 221 #define eval_daemon(r) ((r)->daemon) /* daemon process name */ 222 #define eval_pid(r) ((r)->pid) /* process id */ 223 224 /* Socket-specific methods, including DNS hostname lookups. */ 225 226 extern void sock_host(); /* look up endpoint addresses */ 227 extern void sock_hostname(); /* translate address to hostname */ 228 extern void sock_hostaddr(); /* address to printable address */ 229 #define sock_methods(r) \ 230 { (r)->hostname = sock_hostname; (r)->hostaddr = sock_hostaddr; } 231 232 /* The System V Transport-Level Interface (TLI) interface. */ 233 234 #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT) 235 extern void tli_host(); /* look up endpoint addresses etc. */ 236 #endif 237 238 /* 239 * Problem reporting interface. Additional file/line context is reported 240 * when available. The jump buffer (tcpd_buf) is not declared here, or 241 * everyone would have to include <setjmp.h>. 242 */ 243 244 #ifdef __STDC__ 245 extern void tcpd_warn(char *, ...); /* report problem and proceed */ 246 extern void tcpd_jump(char *, ...); /* report problem and jump */ 247 #else 248 extern void tcpd_warn(); 249 extern void tcpd_jump(); 250 #endif 251 252 struct tcpd_context { 253 char *file; /* current file */ 254 int line; /* current line */ 255 }; 256 extern struct tcpd_context tcpd_context; 257 258 /* 259 * While processing access control rules, error conditions are handled by 260 * jumping back into the hosts_access() routine. This is cleaner than 261 * checking the return value of each and every silly little function. The 262 * (-1) returns are here because zero is already taken by longjmp(). 263 */ 264 265 #define AC_PERMIT 1 /* permit access */ 266 #define AC_DENY (-1) /* deny_access */ 267 #define AC_ERROR AC_DENY /* XXX */ 268 269 /* 270 * In verification mode an option function should just say what it would do, 271 * instead of really doing it. An option function that would not return 272 * should clear the dry_run flag to inform the caller of this unusual 273 * behavior. 274 */ 275 276 extern void process_options(); /* execute options */ 277 extern int dry_run; /* verification flag */ 278 279 /* Bug workarounds. */ 280 281 #ifdef INET_ADDR_BUG /* inet_addr() returns struct */ 282 #define inet_addr fix_inet_addr 283 extern long fix_inet_addr(); 284 #endif 285 286 #ifdef BROKEN_FGETS /* partial reads from sockets */ 287 #define fgets fix_fgets 288 extern char *fix_fgets(); 289 #endif 290 291 #ifdef RECVFROM_BUG /* no address family info */ 292 #define recvfrom fix_recvfrom 293 extern int fix_recvfrom(); 294 #endif 295 296 #ifdef GETPEERNAME_BUG /* claims success with UDP */ 297 #define getpeername fix_getpeername 298 extern int fix_getpeername(); 299 #endif 300 301 #ifdef SOLARIS_24_GETHOSTBYNAME_BUG /* lists addresses as aliases */ 302 #define gethostbyname fix_gethostbyname 303 extern struct hostent *fix_gethostbyname(); 304 #endif 305 306 #ifdef USE_STRSEP /* libc calls strtok() */ 307 #define strtok fix_strtok 308 extern char *fix_strtok(); 309 #endif 310 311 #ifdef LIBC_CALLS_STRTOK /* libc calls strtok() */ 312 #define strtok my_strtok 313 extern char *my_strtok(); 314 #endif 315 316 #endif /* _TCPD_H */