root / lab4 / .minix-src / include / tcpd.h @ 13
History | View | Annotate | Download (7.48 KB)
1 |
/* $NetBSD: tcpd.h,v 1.14 2012/03/22 22:59:43 joerg Exp $ */
|
---|---|
2 |
/*
|
3 |
* @(#) tcpd.h 1.5 96/03/19 16:22:24
|
4 |
*
|
5 |
* Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
|
6 |
*/
|
7 |
|
8 |
#include <sys/cdefs.h> |
9 |
#include <stdio.h> |
10 |
|
11 |
/* Structure to describe one communications endpoint. */
|
12 |
|
13 |
#define STRING_LENGTH 128 /* hosts, users, processes */ |
14 |
|
15 |
struct host_info {
|
16 |
char name[STRING_LENGTH]; /* access via eval_hostname(host) */ |
17 |
char addr[STRING_LENGTH]; /* access via eval_hostaddr(host) */ |
18 |
struct sockaddr *sin; /* socket address or 0 */ |
19 |
struct t_unitdata *unit; /* TLI transport address or 0 */ |
20 |
struct request_info *request; /* for shared information */ |
21 |
}; |
22 |
|
23 |
/* Structure to describe what we know about a service request. */
|
24 |
|
25 |
struct request_info {
|
26 |
int fd; /* socket handle */ |
27 |
char user[STRING_LENGTH]; /* access via eval_user(request) */ |
28 |
char daemon[STRING_LENGTH]; /* access via eval_daemon(request) */ |
29 |
char pid[10]; /* access via eval_pid(request) */ |
30 |
struct host_info client[1]; /* client endpoint info */ |
31 |
struct host_info server[1]; /* server endpoint info */ |
32 |
void (*sink)(int); /* datagram sink function or 0 */ |
33 |
void (*hostname)(struct host_info *); /* address to printable hostname */ |
34 |
void (*hostaddr)(struct host_info *); /* address to printable address */ |
35 |
void (*cleanup)(void); /* cleanup function or 0 */ |
36 |
struct netconfig *config; /* netdir handle */ |
37 |
}; |
38 |
|
39 |
/* Common string operations. Less clutter should be more readable. */
|
40 |
|
41 |
#define STRN_CPY(d,s,l) { strncpy((d),(s),(l)); (d)[(l)-1] = 0; } |
42 |
|
43 |
#define STRN_EQ(x,y,l) (strncasecmp((x),(y),(l)) == 0) |
44 |
#define STRN_NE(x,y,l) (strncasecmp((x),(y),(l)) != 0) |
45 |
#define STR_EQ(x,y) (strcasecmp((x),(y)) == 0) |
46 |
#define STR_NE(x,y) (strcasecmp((x),(y)) != 0) |
47 |
|
48 |
/*
|
49 |
* Initially, all above strings have the empty value. Information that
|
50 |
* cannot be determined at runtime is set to "unknown", so that we can
|
51 |
* distinguish between `unavailable' and `not yet looked up'. A hostname
|
52 |
* that we do not believe in is set to "paranoid".
|
53 |
*/
|
54 |
|
55 |
#define STRING_UNKNOWN "unknown" /* lookup failed */ |
56 |
#define STRING_PARANOID "paranoid" /* hostname conflict */ |
57 |
|
58 |
__BEGIN_DECLS |
59 |
extern char unknown[]; |
60 |
extern char paranoid[]; |
61 |
__END_DECLS |
62 |
|
63 |
#define HOSTNAME_KNOWN(s) (STR_NE((s),unknown) && STR_NE((s),paranoid))
|
64 |
|
65 |
#define NOT_INADDR(s) (s[strspn(s,"01234567890./")] != 0) |
66 |
|
67 |
/* Global functions. */
|
68 |
|
69 |
__BEGIN_DECLS |
70 |
#define fromhost sock_host /* no TLI support needed */ |
71 |
|
72 |
extern int hosts_access /* access control */ |
73 |
(struct request_info *);
|
74 |
extern int hosts_ctl /* limited interface to hosts_access */ |
75 |
(char *, char *, char *, char *); |
76 |
extern void shell_cmd /* execute shell command */ |
77 |
(char *);
|
78 |
extern char *percent_x /* do %<char> expansion */ |
79 |
(char *, int, char *, struct request_info *); |
80 |
extern void rfc931 /* client name from RFC 931 daemon */ |
81 |
(struct sockaddr *, struct sockaddr *, char *); |
82 |
__dead extern void clean_exit /* clean up and exit */ |
83 |
(struct request_info *);
|
84 |
__dead extern void refuse /* clean up and exit */ |
85 |
(struct request_info *);
|
86 |
extern char *xgets /* fgets() on steroids */ |
87 |
(char *, int, FILE *); |
88 |
extern char *split_at /* strchr() and split */ |
89 |
(char *, int); |
90 |
extern int dot_quad_addr /* restricted inet_aton() */ |
91 |
(char *, unsigned long *); |
92 |
|
93 |
/* Global variables. */
|
94 |
|
95 |
extern int allow_severity; /* for connection logging */ |
96 |
extern int deny_severity; /* for connection logging */ |
97 |
extern const char *hosts_allow_table; /* for verification mode redirection */ |
98 |
extern const char *hosts_deny_table; /* for verification mode redirection */ |
99 |
extern int hosts_access_verbose; /* for verbose matching mode */ |
100 |
extern int rfc931_timeout; /* user lookup timeout */ |
101 |
extern int resident; /* > 0 if resident process */ |
102 |
|
103 |
/*
|
104 |
* Routines for controlled initialization and update of request structure
|
105 |
* attributes. Each attribute has its own key.
|
106 |
*/
|
107 |
|
108 |
extern struct request_info *request_init /* initialize request */ |
109 |
(struct request_info *,...);
|
110 |
extern struct request_info *request_set /* update request structure */ |
111 |
(struct request_info *,...);
|
112 |
|
113 |
#define RQ_FILE 1 /* file descriptor */ |
114 |
#define RQ_DAEMON 2 /* server process (argv[0]) */ |
115 |
#define RQ_USER 3 /* client user name */ |
116 |
#define RQ_CLIENT_NAME 4 /* client host name */ |
117 |
#define RQ_CLIENT_ADDR 5 /* client host address */ |
118 |
#define RQ_CLIENT_SIN 6 /* client endpoint (internal) */ |
119 |
#define RQ_SERVER_NAME 7 /* server host name */ |
120 |
#define RQ_SERVER_ADDR 8 /* server host address */ |
121 |
#define RQ_SERVER_SIN 9 /* server endpoint (internal) */ |
122 |
|
123 |
/*
|
124 |
* Routines for delayed evaluation of request attributes. Each attribute
|
125 |
* type has its own access method. The trivial ones are implemented by
|
126 |
* macros. The other ones are wrappers around the transport-specific host
|
127 |
* name, address, and client user lookup methods. The request_info and
|
128 |
* host_info structures serve as caches for the lookup results.
|
129 |
*/
|
130 |
|
131 |
extern char *eval_user /* client user */ |
132 |
(struct request_info *);
|
133 |
extern char *eval_hostname /* printable hostname */ |
134 |
(struct host_info *);
|
135 |
extern char *eval_hostaddr /* printable host address */ |
136 |
(struct host_info *);
|
137 |
extern char *eval_hostinfo /* host name or address */ |
138 |
(struct host_info *);
|
139 |
extern char *eval_client /* whatever is available */ |
140 |
(struct request_info *);
|
141 |
extern char *eval_server /* whatever is available */ |
142 |
(struct request_info *);
|
143 |
#define eval_daemon(r) ((r)->daemon) /* daemon process name */ |
144 |
#define eval_pid(r) ((r)->pid) /* process id */ |
145 |
|
146 |
/* Socket-specific methods, including DNS hostname lookups. */
|
147 |
|
148 |
extern void sock_host /* look up endpoint addresses */ |
149 |
(struct request_info *);
|
150 |
extern void sock_hostname /* translate address to hostname */ |
151 |
(struct host_info *);
|
152 |
extern void sock_hostaddr /* address to printable address */ |
153 |
(struct host_info *);
|
154 |
#define sock_methods(r) \
|
155 |
{ (r)->hostname = sock_hostname; (r)->hostaddr = sock_hostaddr; } |
156 |
|
157 |
/* The System V Transport-Level Interface (TLI) interface. */
|
158 |
|
159 |
#if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
|
160 |
extern void tli_host /* look up endpoint addresses etc. */ |
161 |
(struct request_info *);
|
162 |
#endif
|
163 |
|
164 |
/*
|
165 |
* Problem reporting interface. Additional file/line context is reported
|
166 |
* when available. The jump buffer (tcpd_buf) is not declared here, or
|
167 |
* everyone would have to include <setjmp.h>.
|
168 |
*/
|
169 |
|
170 |
/* Report problem and proceed */
|
171 |
void tcpd_warn(const char *, ...) __printflike(1, 2); |
172 |
|
173 |
/* Report problem and jump */
|
174 |
void tcpd_jump(const char *, ...) __dead __printflike(1, 2); |
175 |
__END_DECLS |
176 |
|
177 |
struct tcpd_context {
|
178 |
const char *file; /* current file */ |
179 |
int line; /* current line */ |
180 |
}; |
181 |
__BEGIN_DECLS |
182 |
extern struct tcpd_context tcpd_context; |
183 |
__END_DECLS |
184 |
|
185 |
/*
|
186 |
* While processing access control rules, error conditions are handled by
|
187 |
* jumping back into the hosts_access() routine. This is cleaner than
|
188 |
* checking the return value of each and every silly little function. The
|
189 |
* (-1) returns are here because zero is already taken by longjmp().
|
190 |
*/
|
191 |
|
192 |
#define AC_PERMIT 1 /* permit access */ |
193 |
#define AC_DENY (-1) /* deny_access */ |
194 |
#define AC_ERROR AC_DENY /* XXX */ |
195 |
|
196 |
/*
|
197 |
* In verification mode an option function should just say what it would do,
|
198 |
* instead of really doing it. An option function that would not return
|
199 |
* should clear the dry_run flag to inform the caller of this unusual
|
200 |
* behavior.
|
201 |
*/
|
202 |
|
203 |
__BEGIN_DECLS |
204 |
extern void process_options /* execute options */ |
205 |
(char *, struct request_info *); |
206 |
extern int dry_run; /* verification flag */ |
207 |
extern void fix_options /* get rid of IP-level socket options */ |
208 |
(struct request_info *);
|
209 |
__END_DECLS |