1 /*
2 * Copyright 2014 Sachidananda Urs <sacchi@gmail.com>
3 * Copyright 2001 Sun Microsystems, Inc. All rights reserved.
4 * Use is subject to license terms.
5 */
6
7 /*
8 * @(#) tcpd.h 1.5 96/03/19 16:22:24
9 *
10 * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
11 */
12
13 #ifndef _TCPD_H
14 #define _TCPD_H
15
16 /*
17 * HAVE_IPV6 is traditionally configured at tcp_wrappers build time but for
18 * Solaris it must always be defined to keep the library interface binary
19 * compatible.
20 */
21 #define HAVE_IPV6
22
23 /* Structure to describe one communications endpoint. */
24
25 #define STRING_LENGTH 128 /* hosts, users, processes */
26
27 #include <sys/socket.h>
28 #include <netinet/in.h>
29
30 typedef struct sockaddr_gen {
31 union {
32 struct sockaddr _sg_sa;
33 struct sockaddr_in _sg_sin;
34 #ifdef HAVE_IPV6
35 struct sockaddr_in6 _sg_sin6;
36 #endif
37 } sg_addr;
38 } sockaddr_gen;
39
40 typedef union gen_addr {
41 struct in_addr ga_in;
42 #ifdef HAVE_IPV6
43 struct in6_addr ga_in6;
44 #endif
45 } gen_addr;
46
47 extern void sockgen_simplify();
48
49 #define sg_sa sg_addr._sg_sa
50 #define sg_sin sg_addr._sg_sin
51 #define sg_sin6 sg_addr._sg_sin6
52 #define sg_family sg_sa.sa_family
53 #ifdef HAVE_IPV6
54 #define SGADDRSZ(sag) ((sag)->sg_family == AF_INET6 ? \
55 sizeof (struct in6_addr) : \
56 sizeof (struct in_addr))
57 #define SGSOCKADDRSZ(sag) ((sag)->sg_family == AF_INET6 ? \
58 sizeof (struct sockaddr_in6) : \
59 sizeof (struct sockaddr_in))
60 #define SGPORT(sag) (*((sag)->sg_family == AF_INET6 ? \
61 &(sag)->sg_sin6.sin6_port : \
62 &(sag)->sg_sin.sin_port))
63 #define SGADDRP(sag) (((sag)->sg_family == AF_INET6 ? \
64 (char *)&(sag)->sg_sin6.sin6_addr : \
65 (char *)&(sag)->sg_sin.sin_addr))
66 #define SGFAM(sag) ((sag)->sg_family == AF_INET6 ? \
67 AF_INET6 : AF_INET)
68
69 #define SG_IS_UNSPECIFIED(sag) \
70 ((sag)->sg_family == AF_INET6 ? \
71 IN6_IS_ADDR_UNSPECIFIED(&(sag)->sg_sin6.sin6_addr) : \
72 (sag)->sg_sin.sin_addr.s_addr == 0)
73
74 #define VALID_ADDRTYPE(t) ((t) == AF_INET || (t) == AF_INET6)
75
76 #ifndef IPV6_ABITS
77 #define IPV6_ABITS 128 /* Size of IPV6 address in bits */
78 #endif
79
80 #else /* HAVE_IPV6 */
81
82 #define SGADDRSZ(sag) sizeof (struct in_addr)
83 #define SGSOCKADDRSZ(sag) sizeof (struct sockaddr_in)
84 #define SGPORT(sag) ((sag)->sg_sin.sin_port)
85 #define SGADDRP(sag) ((char *)&(sag)->sg_sin.sin_addr)
86 #define SGFAM(sag) AF_INET
87 #define SG_IS_UNSPECIFIED(sag) ((sag)->sg_sin.sin_addr.s_addr == 0)
88
89 #define VALID_ADDRTYPE(t) ((t) == AF_INET)
90
91 #endif /* HAVE_IPV6 */
92
93 struct host_info {
94 char name[STRING_LENGTH]; /* access via eval_hostname(host) */
95 char addr[STRING_LENGTH]; /* access via eval_hostaddr(host) */
96 struct sockaddr_gen *sin; /* socket address or 0 */
97 struct t_unitdata *unit; /* TLI transport address or 0 */
98 struct request_info *request; /* for shared information */
99 };
100
101 /* Structure to describe what we know about a service request. */
102
103 struct request_info {
104 int fd; /* socket handle */
105 char user[STRING_LENGTH]; /* access via eval_user(request) */
106 char daemon[STRING_LENGTH]; /* access via eval_daemon(request) */
107 char pid[10]; /* access via eval_pid(request) */
108 struct host_info client[1]; /* client endpoint info */
109 struct host_info server[1]; /* server endpoint info */
110 void (*sink) (); /* datagram sink function or 0 */
111 void (*hostname) (); /* address to printable hostname */
112 void (*hostaddr) (); /* address to printable address */
113 void (*cleanup) (); /* cleanup function or 0 */
114 struct netconfig *config; /* netdir handle */
115 };
116
117 /* Common string operations. Less clutter should be more readable. */
118
119 #define STRN_CPY(d, s, l) { strncpy((d), (s), (l)); (d)[(l)-1] = 0; }
120
121 #define STRN_EQ(x, y, l) (strncasecmp((x), (y), (l)) == 0)
122 #define STRN_NE(x, y, l) (strncasecmp((x), (y), (l)) != 0)
123 #define STR_EQ(x, y) (strcasecmp((x), (y)) == 0)
124 #define STR_NE(x, y) (strcasecmp((x), (y)) != 0)
125
126 /*
127 * Initially, all above strings have the empty value. Information that
128 * cannot be determined at runtime is set to "unknown", so that we can
129 * distinguish between `unavailable' and `not yet looked up'. A hostname
130 * that we do not believe in is set to "paranoid".
131 */
132
133 #define STRING_UNKNOWN "unknown" /* lookup failed */
134 #define STRING_PARANOID "paranoid" /* hostname conflict */
135
136 extern char unknown[];
137 extern char paranoid[];
138
139 #define HOSTNAME_KNOWN(s) (STR_NE((s), unknown) && STR_NE((s), paranoid))
140
141 #ifdef HAVE_IPV6
142 #define NOT_INADDR(s) (strchr(s, ':') == 0 && s[strspn(s, "0123456789./")] != 0)
143 #else
144 #define NOT_INADDR(s) (s[strspn(s, "0123456789./")] != 0)
145 #endif
146
147 /* Global functions. */
148
149 #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
150 extern void fromhost(); /* get/validate client host info */
151 #else
152 #define fromhost sock_host /* no TLI support needed */
153 #endif
154
155 extern int hosts_ctl(); /* wrapper around request_init() */
156 extern int hosts_access(); /* access control */
157 extern void shell_cmd(); /* execute shell command */
158 extern char *percent_x(); /* do %<char> expansion */
159 extern void rfc931(); /* client name from RFC 931 daemon */
160 extern void clean_exit(); /* clean up and exit */
161 extern void refuse(); /* clean up and exit */
162 extern char *xgets(); /* fgets() on steroids */
163 extern char *split_at(); /* strchr() and split */
164 extern unsigned long dot_quad_addr(); /* restricted inet_addr() */
165 extern int numeric_addr(); /* IP4/IP6 inet_addr (restricted) */
166 extern struct hostent *tcpd_gethostbyname();
167 /* IP4/IP6 gethostbyname */
168 #ifdef HAVE_IPV6
169 extern char *skip_ipv6_addrs(); /* skip over colons in IPv6 addrs */
170 #else
171 #define skip_ipv6_addrs(x) x
172 #endif
173
174 /* Global variables. */
175
176 extern int allow_severity; /* for connection logging */
177 extern int deny_severity; /* for connection logging */
178 extern char *hosts_allow_table; /* for verification mode redirection */
179 extern char *hosts_deny_table; /* for verification mode redirection */
180 extern int hosts_access_verbose; /* for verbose matching mode */
181 extern int rfc931_timeout; /* user lookup timeout */
182 extern int resident; /* > 0 if resident process */
183
184 /*
185 * Routines for controlled initialization and update of request structure
186 * attributes. Each attribute has its own key.
187 */
188
189 #ifdef __STDC__
190 extern struct request_info *request_init(struct request_info *, ...);
191 extern struct request_info *request_set(struct request_info *, ...);
192 #else
193 extern struct request_info *request_init(); /* initialize request */
194 extern struct request_info *request_set(); /* update request structure */
195 #endif
196
197 #define RQ_FILE 1 /* file descriptor */
198 #define RQ_DAEMON 2 /* server process (argv[0]) */
199 #define RQ_USER 3 /* client user name */
200 #define RQ_CLIENT_NAME 4 /* client host name */
201 #define RQ_CLIENT_ADDR 5 /* client host address */
202 #define RQ_CLIENT_SIN 6 /* client endpoint (internal) */
203 #define RQ_SERVER_NAME 7 /* server host name */
204 #define RQ_SERVER_ADDR 8 /* server host address */
205 #define RQ_SERVER_SIN 9 /* server endpoint (internal) */
206
207 /*
208 * Routines for delayed evaluation of request attributes. Each attribute
209 * type has its own access method. The trivial ones are implemented by
210 * macros. The other ones are wrappers around the transport-specific host
211 * name, address, and client user lookup methods. The request_info and
212 * host_info structures serve as caches for the lookup results.
213 */
214
215 extern char *eval_user(); /* client user */
216 extern char *eval_hostname(); /* printable hostname */
217 extern char *eval_hostaddr(); /* printable host address */
218 extern char *eval_hostinfo(); /* host name or address */
219 extern char *eval_client(); /* whatever is available */
220 extern char *eval_server(); /* whatever is available */
221 #define eval_daemon(r) ((r)->daemon) /* daemon process name */
222 #define eval_pid(r) ((r)->pid) /* process id */
223
224 /* Socket-specific methods, including DNS hostname lookups. */
225
226 extern void sock_host(); /* look up endpoint addresses */
227 extern void sock_hostname(); /* translate address to hostname */
228 extern void sock_hostaddr(); /* address to printable address */
229 #define sock_methods(r) \
230 { (r)->hostname = sock_hostname; (r)->hostaddr = sock_hostaddr; }
231
232 /* The System V Transport-Level Interface (TLI) interface. */
233
234 #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
235 extern void tli_host(); /* look up endpoint addresses etc. */
236 #endif
237
238 /*
239 * Problem reporting interface. Additional file/line context is reported
240 * when available. The jump buffer (tcpd_buf) is not declared here, or
241 * everyone would have to include <setjmp.h>.
242 */
243
244 #ifdef __STDC__
245 extern void tcpd_warn(char *, ...); /* report problem and proceed */
246 extern void tcpd_jump(char *, ...); /* report problem and jump */
247 #else
248 extern void tcpd_warn();
249 extern void tcpd_jump();
250 #endif
251
252 struct tcpd_context {
253 char *file; /* current file */
254 int line; /* current line */
255 };
256 extern struct tcpd_context tcpd_context;
257
258 /*
259 * While processing access control rules, error conditions are handled by
260 * jumping back into the hosts_access() routine. This is cleaner than
261 * checking the return value of each and every silly little function. The
262 * (-1) returns are here because zero is already taken by longjmp().
263 */
264
265 #define AC_PERMIT 1 /* permit access */
266 #define AC_DENY (-1) /* deny_access */
267 #define AC_ERROR AC_DENY /* XXX */
268
269 /*
270 * In verification mode an option function should just say what it would do,
271 * instead of really doing it. An option function that would not return
272 * should clear the dry_run flag to inform the caller of this unusual
273 * behavior.
274 */
275
276 extern void process_options(); /* execute options */
277 extern int dry_run; /* verification flag */
278
279 /* Bug workarounds. */
280
281 #ifdef INET_ADDR_BUG /* inet_addr() returns struct */
282 #define inet_addr fix_inet_addr
283 extern long fix_inet_addr();
284 #endif
285
286 #ifdef BROKEN_FGETS /* partial reads from sockets */
287 #define fgets fix_fgets
288 extern char *fix_fgets();
289 #endif
290
291 #ifdef RECVFROM_BUG /* no address family info */
292 #define recvfrom fix_recvfrom
293 extern int fix_recvfrom();
294 #endif
295
296 #ifdef GETPEERNAME_BUG /* claims success with UDP */
297 #define getpeername fix_getpeername
298 extern int fix_getpeername();
299 #endif
300
301 #ifdef SOLARIS_24_GETHOSTBYNAME_BUG /* lists addresses as aliases */
302 #define gethostbyname fix_gethostbyname
303 extern struct hostent *fix_gethostbyname();
304 #endif
305
306 #ifdef USE_STRSEP /* libc calls strtok() */
307 #define strtok fix_strtok
308 extern char *fix_strtok();
309 #endif
310
311 #ifdef LIBC_CALLS_STRTOK /* libc calls strtok() */
312 #define strtok my_strtok
313 extern char *my_strtok();
314 #endif
315
316 #endif /* _TCPD_H */