root / lab4 / .minix-src / include / tcpd.h @ 14
History | View | Annotate | Download (7.48 KB)
| 1 |
/* $NetBSD: tcpd.h,v 1.14 2012/03/22 22:59:43 joerg Exp $ */
|
|---|---|
| 2 |
/*
|
| 3 |
* @(#) tcpd.h 1.5 96/03/19 16:22:24
|
| 4 |
*
|
| 5 |
* Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
|
| 6 |
*/
|
| 7 |
|
| 8 |
#include <sys/cdefs.h> |
| 9 |
#include <stdio.h> |
| 10 |
|
| 11 |
/* Structure to describe one communications endpoint. */
|
| 12 |
|
| 13 |
#define STRING_LENGTH 128 /* hosts, users, processes */ |
| 14 |
|
| 15 |
struct host_info {
|
| 16 |
char name[STRING_LENGTH]; /* access via eval_hostname(host) */ |
| 17 |
char addr[STRING_LENGTH]; /* access via eval_hostaddr(host) */ |
| 18 |
struct sockaddr *sin; /* socket address or 0 */ |
| 19 |
struct t_unitdata *unit; /* TLI transport address or 0 */ |
| 20 |
struct request_info *request; /* for shared information */ |
| 21 |
}; |
| 22 |
|
| 23 |
/* Structure to describe what we know about a service request. */
|
| 24 |
|
| 25 |
struct request_info {
|
| 26 |
int fd; /* socket handle */ |
| 27 |
char user[STRING_LENGTH]; /* access via eval_user(request) */ |
| 28 |
char daemon[STRING_LENGTH]; /* access via eval_daemon(request) */ |
| 29 |
char pid[10]; /* access via eval_pid(request) */ |
| 30 |
struct host_info client[1]; /* client endpoint info */ |
| 31 |
struct host_info server[1]; /* server endpoint info */ |
| 32 |
void (*sink)(int); /* datagram sink function or 0 */ |
| 33 |
void (*hostname)(struct host_info *); /* address to printable hostname */ |
| 34 |
void (*hostaddr)(struct host_info *); /* address to printable address */ |
| 35 |
void (*cleanup)(void); /* cleanup function or 0 */ |
| 36 |
struct netconfig *config; /* netdir handle */ |
| 37 |
}; |
| 38 |
|
| 39 |
/* Common string operations. Less clutter should be more readable. */
|
| 40 |
|
| 41 |
#define STRN_CPY(d,s,l) { strncpy((d),(s),(l)); (d)[(l)-1] = 0; } |
| 42 |
|
| 43 |
#define STRN_EQ(x,y,l) (strncasecmp((x),(y),(l)) == 0) |
| 44 |
#define STRN_NE(x,y,l) (strncasecmp((x),(y),(l)) != 0) |
| 45 |
#define STR_EQ(x,y) (strcasecmp((x),(y)) == 0) |
| 46 |
#define STR_NE(x,y) (strcasecmp((x),(y)) != 0) |
| 47 |
|
| 48 |
/*
|
| 49 |
* Initially, all above strings have the empty value. Information that
|
| 50 |
* cannot be determined at runtime is set to "unknown", so that we can
|
| 51 |
* distinguish between `unavailable' and `not yet looked up'. A hostname
|
| 52 |
* that we do not believe in is set to "paranoid".
|
| 53 |
*/
|
| 54 |
|
| 55 |
#define STRING_UNKNOWN "unknown" /* lookup failed */ |
| 56 |
#define STRING_PARANOID "paranoid" /* hostname conflict */ |
| 57 |
|
| 58 |
__BEGIN_DECLS |
| 59 |
extern char unknown[]; |
| 60 |
extern char paranoid[]; |
| 61 |
__END_DECLS |
| 62 |
|
| 63 |
#define HOSTNAME_KNOWN(s) (STR_NE((s),unknown) && STR_NE((s),paranoid))
|
| 64 |
|
| 65 |
#define NOT_INADDR(s) (s[strspn(s,"01234567890./")] != 0) |
| 66 |
|
| 67 |
/* Global functions. */
|
| 68 |
|
| 69 |
__BEGIN_DECLS |
| 70 |
#define fromhost sock_host /* no TLI support needed */ |
| 71 |
|
| 72 |
extern int hosts_access /* access control */ |
| 73 |
(struct request_info *);
|
| 74 |
extern int hosts_ctl /* limited interface to hosts_access */ |
| 75 |
(char *, char *, char *, char *); |
| 76 |
extern void shell_cmd /* execute shell command */ |
| 77 |
(char *);
|
| 78 |
extern char *percent_x /* do %<char> expansion */ |
| 79 |
(char *, int, char *, struct request_info *); |
| 80 |
extern void rfc931 /* client name from RFC 931 daemon */ |
| 81 |
(struct sockaddr *, struct sockaddr *, char *); |
| 82 |
__dead extern void clean_exit /* clean up and exit */ |
| 83 |
(struct request_info *);
|
| 84 |
__dead extern void refuse /* clean up and exit */ |
| 85 |
(struct request_info *);
|
| 86 |
extern char *xgets /* fgets() on steroids */ |
| 87 |
(char *, int, FILE *); |
| 88 |
extern char *split_at /* strchr() and split */ |
| 89 |
(char *, int); |
| 90 |
extern int dot_quad_addr /* restricted inet_aton() */ |
| 91 |
(char *, unsigned long *); |
| 92 |
|
| 93 |
/* Global variables. */
|
| 94 |
|
| 95 |
extern int allow_severity; /* for connection logging */ |
| 96 |
extern int deny_severity; /* for connection logging */ |
| 97 |
extern const char *hosts_allow_table; /* for verification mode redirection */ |
| 98 |
extern const char *hosts_deny_table; /* for verification mode redirection */ |
| 99 |
extern int hosts_access_verbose; /* for verbose matching mode */ |
| 100 |
extern int rfc931_timeout; /* user lookup timeout */ |
| 101 |
extern int resident; /* > 0 if resident process */ |
| 102 |
|
| 103 |
/*
|
| 104 |
* Routines for controlled initialization and update of request structure
|
| 105 |
* attributes. Each attribute has its own key.
|
| 106 |
*/
|
| 107 |
|
| 108 |
extern struct request_info *request_init /* initialize request */ |
| 109 |
(struct request_info *,...);
|
| 110 |
extern struct request_info *request_set /* update request structure */ |
| 111 |
(struct request_info *,...);
|
| 112 |
|
| 113 |
#define RQ_FILE 1 /* file descriptor */ |
| 114 |
#define RQ_DAEMON 2 /* server process (argv[0]) */ |
| 115 |
#define RQ_USER 3 /* client user name */ |
| 116 |
#define RQ_CLIENT_NAME 4 /* client host name */ |
| 117 |
#define RQ_CLIENT_ADDR 5 /* client host address */ |
| 118 |
#define RQ_CLIENT_SIN 6 /* client endpoint (internal) */ |
| 119 |
#define RQ_SERVER_NAME 7 /* server host name */ |
| 120 |
#define RQ_SERVER_ADDR 8 /* server host address */ |
| 121 |
#define RQ_SERVER_SIN 9 /* server endpoint (internal) */ |
| 122 |
|
| 123 |
/*
|
| 124 |
* Routines for delayed evaluation of request attributes. Each attribute
|
| 125 |
* type has its own access method. The trivial ones are implemented by
|
| 126 |
* macros. The other ones are wrappers around the transport-specific host
|
| 127 |
* name, address, and client user lookup methods. The request_info and
|
| 128 |
* host_info structures serve as caches for the lookup results.
|
| 129 |
*/
|
| 130 |
|
| 131 |
extern char *eval_user /* client user */ |
| 132 |
(struct request_info *);
|
| 133 |
extern char *eval_hostname /* printable hostname */ |
| 134 |
(struct host_info *);
|
| 135 |
extern char *eval_hostaddr /* printable host address */ |
| 136 |
(struct host_info *);
|
| 137 |
extern char *eval_hostinfo /* host name or address */ |
| 138 |
(struct host_info *);
|
| 139 |
extern char *eval_client /* whatever is available */ |
| 140 |
(struct request_info *);
|
| 141 |
extern char *eval_server /* whatever is available */ |
| 142 |
(struct request_info *);
|
| 143 |
#define eval_daemon(r) ((r)->daemon) /* daemon process name */ |
| 144 |
#define eval_pid(r) ((r)->pid) /* process id */ |
| 145 |
|
| 146 |
/* Socket-specific methods, including DNS hostname lookups. */
|
| 147 |
|
| 148 |
extern void sock_host /* look up endpoint addresses */ |
| 149 |
(struct request_info *);
|
| 150 |
extern void sock_hostname /* translate address to hostname */ |
| 151 |
(struct host_info *);
|
| 152 |
extern void sock_hostaddr /* address to printable address */ |
| 153 |
(struct host_info *);
|
| 154 |
#define sock_methods(r) \
|
| 155 |
{ (r)->hostname = sock_hostname; (r)->hostaddr = sock_hostaddr; }
|
| 156 |
|
| 157 |
/* The System V Transport-Level Interface (TLI) interface. */
|
| 158 |
|
| 159 |
#if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
|
| 160 |
extern void tli_host /* look up endpoint addresses etc. */ |
| 161 |
(struct request_info *);
|
| 162 |
#endif
|
| 163 |
|
| 164 |
/*
|
| 165 |
* Problem reporting interface. Additional file/line context is reported
|
| 166 |
* when available. The jump buffer (tcpd_buf) is not declared here, or
|
| 167 |
* everyone would have to include <setjmp.h>.
|
| 168 |
*/
|
| 169 |
|
| 170 |
/* Report problem and proceed */
|
| 171 |
void tcpd_warn(const char *, ...) __printflike(1, 2); |
| 172 |
|
| 173 |
/* Report problem and jump */
|
| 174 |
void tcpd_jump(const char *, ...) __dead __printflike(1, 2); |
| 175 |
__END_DECLS |
| 176 |
|
| 177 |
struct tcpd_context {
|
| 178 |
const char *file; /* current file */ |
| 179 |
int line; /* current line */ |
| 180 |
}; |
| 181 |
__BEGIN_DECLS |
| 182 |
extern struct tcpd_context tcpd_context; |
| 183 |
__END_DECLS |
| 184 |
|
| 185 |
/*
|
| 186 |
* While processing access control rules, error conditions are handled by
|
| 187 |
* jumping back into the hosts_access() routine. This is cleaner than
|
| 188 |
* checking the return value of each and every silly little function. The
|
| 189 |
* (-1) returns are here because zero is already taken by longjmp().
|
| 190 |
*/
|
| 191 |
|
| 192 |
#define AC_PERMIT 1 /* permit access */ |
| 193 |
#define AC_DENY (-1) /* deny_access */ |
| 194 |
#define AC_ERROR AC_DENY /* XXX */ |
| 195 |
|
| 196 |
/*
|
| 197 |
* In verification mode an option function should just say what it would do,
|
| 198 |
* instead of really doing it. An option function that would not return
|
| 199 |
* should clear the dry_run flag to inform the caller of this unusual
|
| 200 |
* behavior.
|
| 201 |
*/
|
| 202 |
|
| 203 |
__BEGIN_DECLS |
| 204 |
extern void process_options /* execute options */ |
| 205 |
(char *, struct request_info *); |
| 206 |
extern int dry_run; /* verification flag */ |
| 207 |
extern void fix_options /* get rid of IP-level socket options */ |
| 208 |
(struct request_info *);
|
| 209 |
__END_DECLS |