root / lab4 / .minix-src / include / tcpd.h @ 14
History | View | Annotate | Download (7.48 KB)
| 1 | 13 | up20180614 | /* $NetBSD: tcpd.h,v 1.14 2012/03/22 22:59:43 joerg Exp $ */
|
|---|---|---|---|
| 2 | /*
|
||
| 3 | * @(#) tcpd.h 1.5 96/03/19 16:22:24
|
||
| 4 | *
|
||
| 5 | * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
|
||
| 6 | */
|
||
| 7 | |||
| 8 | #include <sys/cdefs.h> |
||
| 9 | #include <stdio.h> |
||
| 10 | |||
| 11 | /* Structure to describe one communications endpoint. */
|
||
| 12 | |||
| 13 | #define STRING_LENGTH 128 /* hosts, users, processes */ |
||
| 14 | |||
| 15 | struct host_info {
|
||
| 16 | char name[STRING_LENGTH]; /* access via eval_hostname(host) */ |
||
| 17 | char addr[STRING_LENGTH]; /* access via eval_hostaddr(host) */ |
||
| 18 | struct sockaddr *sin; /* socket address or 0 */ |
||
| 19 | struct t_unitdata *unit; /* TLI transport address or 0 */ |
||
| 20 | struct request_info *request; /* for shared information */ |
||
| 21 | }; |
||
| 22 | |||
| 23 | /* Structure to describe what we know about a service request. */
|
||
| 24 | |||
| 25 | struct request_info {
|
||
| 26 | int fd; /* socket handle */ |
||
| 27 | char user[STRING_LENGTH]; /* access via eval_user(request) */ |
||
| 28 | char daemon[STRING_LENGTH]; /* access via eval_daemon(request) */ |
||
| 29 | char pid[10]; /* access via eval_pid(request) */ |
||
| 30 | struct host_info client[1]; /* client endpoint info */ |
||
| 31 | struct host_info server[1]; /* server endpoint info */ |
||
| 32 | void (*sink)(int); /* datagram sink function or 0 */ |
||
| 33 | void (*hostname)(struct host_info *); /* address to printable hostname */ |
||
| 34 | void (*hostaddr)(struct host_info *); /* address to printable address */ |
||
| 35 | void (*cleanup)(void); /* cleanup function or 0 */ |
||
| 36 | struct netconfig *config; /* netdir handle */ |
||
| 37 | }; |
||
| 38 | |||
| 39 | /* Common string operations. Less clutter should be more readable. */
|
||
| 40 | |||
| 41 | #define STRN_CPY(d,s,l) { strncpy((d),(s),(l)); (d)[(l)-1] = 0; } |
||
| 42 | |||
| 43 | #define STRN_EQ(x,y,l) (strncasecmp((x),(y),(l)) == 0) |
||
| 44 | #define STRN_NE(x,y,l) (strncasecmp((x),(y),(l)) != 0) |
||
| 45 | #define STR_EQ(x,y) (strcasecmp((x),(y)) == 0) |
||
| 46 | #define STR_NE(x,y) (strcasecmp((x),(y)) != 0) |
||
| 47 | |||
| 48 | /*
|
||
| 49 | * Initially, all above strings have the empty value. Information that
|
||
| 50 | * cannot be determined at runtime is set to "unknown", so that we can
|
||
| 51 | * distinguish between `unavailable' and `not yet looked up'. A hostname
|
||
| 52 | * that we do not believe in is set to "paranoid".
|
||
| 53 | */
|
||
| 54 | |||
| 55 | #define STRING_UNKNOWN "unknown" /* lookup failed */ |
||
| 56 | #define STRING_PARANOID "paranoid" /* hostname conflict */ |
||
| 57 | |||
| 58 | __BEGIN_DECLS |
||
| 59 | extern char unknown[]; |
||
| 60 | extern char paranoid[]; |
||
| 61 | __END_DECLS |
||
| 62 | |||
| 63 | #define HOSTNAME_KNOWN(s) (STR_NE((s),unknown) && STR_NE((s),paranoid))
|
||
| 64 | |||
| 65 | #define NOT_INADDR(s) (s[strspn(s,"01234567890./")] != 0) |
||
| 66 | |||
| 67 | /* Global functions. */
|
||
| 68 | |||
| 69 | __BEGIN_DECLS |
||
| 70 | #define fromhost sock_host /* no TLI support needed */ |
||
| 71 | |||
| 72 | extern int hosts_access /* access control */ |
||
| 73 | (struct request_info *);
|
||
| 74 | extern int hosts_ctl /* limited interface to hosts_access */ |
||
| 75 | (char *, char *, char *, char *); |
||
| 76 | extern void shell_cmd /* execute shell command */ |
||
| 77 | (char *);
|
||
| 78 | extern char *percent_x /* do %<char> expansion */ |
||
| 79 | (char *, int, char *, struct request_info *); |
||
| 80 | extern void rfc931 /* client name from RFC 931 daemon */ |
||
| 81 | (struct sockaddr *, struct sockaddr *, char *); |
||
| 82 | __dead extern void clean_exit /* clean up and exit */ |
||
| 83 | (struct request_info *);
|
||
| 84 | __dead extern void refuse /* clean up and exit */ |
||
| 85 | (struct request_info *);
|
||
| 86 | extern char *xgets /* fgets() on steroids */ |
||
| 87 | (char *, int, FILE *); |
||
| 88 | extern char *split_at /* strchr() and split */ |
||
| 89 | (char *, int); |
||
| 90 | extern int dot_quad_addr /* restricted inet_aton() */ |
||
| 91 | (char *, unsigned long *); |
||
| 92 | |||
| 93 | /* Global variables. */
|
||
| 94 | |||
| 95 | extern int allow_severity; /* for connection logging */ |
||
| 96 | extern int deny_severity; /* for connection logging */ |
||
| 97 | extern const char *hosts_allow_table; /* for verification mode redirection */ |
||
| 98 | extern const char *hosts_deny_table; /* for verification mode redirection */ |
||
| 99 | extern int hosts_access_verbose; /* for verbose matching mode */ |
||
| 100 | extern int rfc931_timeout; /* user lookup timeout */ |
||
| 101 | extern int resident; /* > 0 if resident process */ |
||
| 102 | |||
| 103 | /*
|
||
| 104 | * Routines for controlled initialization and update of request structure
|
||
| 105 | * attributes. Each attribute has its own key.
|
||
| 106 | */
|
||
| 107 | |||
| 108 | extern struct request_info *request_init /* initialize request */ |
||
| 109 | (struct request_info *,...);
|
||
| 110 | extern struct request_info *request_set /* update request structure */ |
||
| 111 | (struct request_info *,...);
|
||
| 112 | |||
| 113 | #define RQ_FILE 1 /* file descriptor */ |
||
| 114 | #define RQ_DAEMON 2 /* server process (argv[0]) */ |
||
| 115 | #define RQ_USER 3 /* client user name */ |
||
| 116 | #define RQ_CLIENT_NAME 4 /* client host name */ |
||
| 117 | #define RQ_CLIENT_ADDR 5 /* client host address */ |
||
| 118 | #define RQ_CLIENT_SIN 6 /* client endpoint (internal) */ |
||
| 119 | #define RQ_SERVER_NAME 7 /* server host name */ |
||
| 120 | #define RQ_SERVER_ADDR 8 /* server host address */ |
||
| 121 | #define RQ_SERVER_SIN 9 /* server endpoint (internal) */ |
||
| 122 | |||
| 123 | /*
|
||
| 124 | * Routines for delayed evaluation of request attributes. Each attribute
|
||
| 125 | * type has its own access method. The trivial ones are implemented by
|
||
| 126 | * macros. The other ones are wrappers around the transport-specific host
|
||
| 127 | * name, address, and client user lookup methods. The request_info and
|
||
| 128 | * host_info structures serve as caches for the lookup results.
|
||
| 129 | */
|
||
| 130 | |||
| 131 | extern char *eval_user /* client user */ |
||
| 132 | (struct request_info *);
|
||
| 133 | extern char *eval_hostname /* printable hostname */ |
||
| 134 | (struct host_info *);
|
||
| 135 | extern char *eval_hostaddr /* printable host address */ |
||
| 136 | (struct host_info *);
|
||
| 137 | extern char *eval_hostinfo /* host name or address */ |
||
| 138 | (struct host_info *);
|
||
| 139 | extern char *eval_client /* whatever is available */ |
||
| 140 | (struct request_info *);
|
||
| 141 | extern char *eval_server /* whatever is available */ |
||
| 142 | (struct request_info *);
|
||
| 143 | #define eval_daemon(r) ((r)->daemon) /* daemon process name */ |
||
| 144 | #define eval_pid(r) ((r)->pid) /* process id */ |
||
| 145 | |||
| 146 | /* Socket-specific methods, including DNS hostname lookups. */
|
||
| 147 | |||
| 148 | extern void sock_host /* look up endpoint addresses */ |
||
| 149 | (struct request_info *);
|
||
| 150 | extern void sock_hostname /* translate address to hostname */ |
||
| 151 | (struct host_info *);
|
||
| 152 | extern void sock_hostaddr /* address to printable address */ |
||
| 153 | (struct host_info *);
|
||
| 154 | #define sock_methods(r) \
|
||
| 155 | { (r)->hostname = sock_hostname; (r)->hostaddr = sock_hostaddr; }
|
||
| 156 | |||
| 157 | /* The System V Transport-Level Interface (TLI) interface. */
|
||
| 158 | |||
| 159 | #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
|
||
| 160 | extern void tli_host /* look up endpoint addresses etc. */ |
||
| 161 | (struct request_info *);
|
||
| 162 | #endif
|
||
| 163 | |||
| 164 | /*
|
||
| 165 | * Problem reporting interface. Additional file/line context is reported
|
||
| 166 | * when available. The jump buffer (tcpd_buf) is not declared here, or
|
||
| 167 | * everyone would have to include <setjmp.h>.
|
||
| 168 | */
|
||
| 169 | |||
| 170 | /* Report problem and proceed */
|
||
| 171 | void tcpd_warn(const char *, ...) __printflike(1, 2); |
||
| 172 | |||
| 173 | /* Report problem and jump */
|
||
| 174 | void tcpd_jump(const char *, ...) __dead __printflike(1, 2); |
||
| 175 | __END_DECLS |
||
| 176 | |||
| 177 | struct tcpd_context {
|
||
| 178 | const char *file; /* current file */ |
||
| 179 | int line; /* current line */ |
||
| 180 | }; |
||
| 181 | __BEGIN_DECLS |
||
| 182 | extern struct tcpd_context tcpd_context; |
||
| 183 | __END_DECLS |
||
| 184 | |||
| 185 | /*
|
||
| 186 | * While processing access control rules, error conditions are handled by
|
||
| 187 | * jumping back into the hosts_access() routine. This is cleaner than
|
||
| 188 | * checking the return value of each and every silly little function. The
|
||
| 189 | * (-1) returns are here because zero is already taken by longjmp().
|
||
| 190 | */
|
||
| 191 | |||
| 192 | #define AC_PERMIT 1 /* permit access */ |
||
| 193 | #define AC_DENY (-1) /* deny_access */ |
||
| 194 | #define AC_ERROR AC_DENY /* XXX */ |
||
| 195 | |||
| 196 | /*
|
||
| 197 | * In verification mode an option function should just say what it would do,
|
||
| 198 | * instead of really doing it. An option function that would not return
|
||
| 199 | * should clear the dry_run flag to inform the caller of this unusual
|
||
| 200 | * behavior.
|
||
| 201 | */
|
||
| 202 | |||
| 203 | __BEGIN_DECLS |
||
| 204 | extern void process_options /* execute options */ |
||
| 205 | (char *, struct request_info *); |
||
| 206 | extern int dry_run; /* verification flag */ |
||
| 207 | extern void fix_options /* get rid of IP-level socket options */ |
||
| 208 | (struct request_info *);
|
||
| 209 | __END_DECLS |