2 * @(#) tcpd.h 1.5 96/03/19 16:22:24
4 * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
6 * $FreeBSD: src/contrib/tcp_wrappers/tcpd.h,v 1.2 2000/02/03 10:26:59 shin Exp $
9 #ifndef _LIBWRAP_TCPD_H
10 #define _LIBWRAP_TCPD_H
12 #include <sys/cdefs.h>
13 #include <sys/socket.h>
16 /* Structure to describe one communications endpoint. */
18 #define STRING_LENGTH 128 /* hosts, users, processes */
21 char name
[STRING_LENGTH
]; /* access via eval_hostname(host) */
22 char addr
[STRING_LENGTH
]; /* access via eval_hostaddr(host) */
24 struct sockaddr
*sin
; /* socket address or 0 */
26 struct sockaddr_in
*sin
; /* socket address or 0 */
28 struct t_unitdata
*unit
; /* TLI transport address or 0 */
29 struct request_info
*request
; /* for shared information */
32 /* Structure to describe what we know about a service request. */
35 int fd
; /* socket handle */
36 char user
[STRING_LENGTH
]; /* access via eval_user(request) */
37 char daemon
[STRING_LENGTH
]; /* access via eval_daemon(request) */
38 char pid
[10]; /* access via eval_pid(request) */
39 struct host_info client
[1]; /* client endpoint info */
40 struct host_info server
[1]; /* server endpoint info */
41 void (*sink
) (int); /* datagram sink function or 0 */
42 void (*hostname
) /* address to printable hostname */
44 void (*hostaddr
) /* address to printable address */
46 void (*cleanup
) (void); /* cleanup function or 0 */
47 struct netconfig
*config
; /* netdir handle */
50 /* Common string operations. Less clutter should be more readable. */
52 #define STRN_CPY(d,s,l) { strncpy((d),(s),(l)); (d)[(l)-1] = 0; }
54 #define STRN_EQ(x,y,l) (strncasecmp((x),(y),(l)) == 0)
55 #define STRN_NE(x,y,l) (strncasecmp((x),(y),(l)) != 0)
56 #define STR_EQ(x,y) (strcasecmp((x),(y)) == 0)
57 #define STR_NE(x,y) (strcasecmp((x),(y)) != 0)
60 * Initially, all above strings have the empty value. Information that
61 * cannot be determined at runtime is set to "unknown", so that we can
62 * distinguish between `unavailable' and `not yet looked up'. A hostname
63 * that we do not believe in is set to "paranoid".
66 #define STRING_UNKNOWN "unknown" /* lookup failed */
67 #define STRING_PARANOID "paranoid" /* hostname conflict */
70 extern char unknown
[];
71 extern char paranoid
[];
74 #define HOSTNAME_KNOWN(s) (STR_NE((s),unknown) && STR_NE((s),paranoid))
76 #define NOT_INADDR(s) (s[strspn(s,"01234567890./")] != 0)
78 /* Global functions. */
81 #define fromhost sock_host
83 int hosts_access(struct request_info
*);/* access control */
84 int hosts_ctl(char *, char *, char *, char *);/* limited interface to the hosts_access() routine */
85 void shell_cmd(char *); /* execute shell command */
86 char *percent_x(char *, int, char *, struct request_info
*);/* do %<char> expansion */
87 void rfc931(struct sockaddr
*, struct sockaddr
*, char *);/* client name from RFC 931 daemon */
88 void clean_exit(struct request_info
*);/* clean up and exit */
89 void refuse(struct request_info
*); /* clean up and exit */
90 char *xgets(char *, int, FILE *); /* fgets() on steroids */
91 char *split_at(char *, int); /* strchr() and split */
92 unsigned long dot_quad_addr(char *); /* restricted inet_addr() */
94 /* Global variables. */
96 extern int allow_severity
; /* for connection logging */
97 extern int deny_severity
; /* for connection logging */
98 extern char *hosts_allow_table
; /* for verification mode redirection */
99 extern char *hosts_deny_table
; /* for verification mode redirection */
100 extern int hosts_access_verbose
; /* for verbose matching mode */
101 extern int rfc931_timeout
; /* user lookup timeout */
102 extern int resident
; /* > 0 if resident process */
105 * Routines for controlled initialization and update of request structure
106 * attributes. Each attribute has its own key.
109 struct request_info
*request_init(struct request_info
*,...);/* initialize request */
110 struct request_info
*request_set(struct request_info
*,...);/* update request structure */
112 #define RQ_FILE 1 /* file descriptor */
113 #define RQ_DAEMON 2 /* server process (argv[0]) */
114 #define RQ_USER 3 /* client user name */
115 #define RQ_CLIENT_NAME 4 /* client host name */
116 #define RQ_CLIENT_ADDR 5 /* client host address */
117 #define RQ_CLIENT_SIN 6 /* client endpoint (internal) */
118 #define RQ_SERVER_NAME 7 /* server host name */
119 #define RQ_SERVER_ADDR 8 /* server host address */
120 #define RQ_SERVER_SIN 9 /* server endpoint (internal) */
123 * Routines for delayed evaluation of request attributes. Each attribute
124 * type has its own access method. The trivial ones are implemented by
125 * macros. The other ones are wrappers around the transport-specific host
126 * name, address, and client user lookup methods. The request_info and
127 * host_info structures serve as caches for the lookup results.
130 char *eval_user(struct request_info
*); /* client user */
131 char *eval_hostname(struct host_info
*); /* printable hostname */
132 char *eval_hostaddr(struct host_info
*); /* printable host address */
133 char *eval_hostinfo(struct host_info
*); /* host name or address */
134 char *eval_client(struct request_info
*); /* whatever is available */
135 char *eval_server(struct request_info
*); /* whatever is available */
136 #define eval_daemon(r) ((r)->daemon) /* daemon process name */
137 #define eval_pid(r) ((r)->pid) /* process id */
139 /* Socket-specific methods, including DNS hostname lookups. */
141 void sock_host(struct request_info
*); /* look up endpoint addresses */
142 void sock_hostname(struct host_info
*); /* translate address to hostname */
143 void sock_hostaddr(struct host_info
*); /* address to printable address */
144 #define sock_methods(r) \
145 { (r)->hostname = sock_hostname; (r)->hostaddr = sock_hostaddr; }
148 * Problem reporting interface. Additional file/line context is reported
149 * when available. The jump buffer (tcpd_buf) is not declared here, or
150 * everyone would have to include <setjmp.h>.
153 void tcpd_warn(const char *, ...) __printflike(1, 2);/* report problem and proceed */
154 void tcpd_jump(const char *, ...) __printflike(1, 2) __dead2
;/* report problem and jump */
157 struct tcpd_context
{
158 char *file
; /* current file */
159 int line
; /* current line */
162 extern struct tcpd_context tcpd_context
;
166 * While processing access control rules, error conditions are handled by
167 * jumping back into the hosts_access() routine. This is cleaner than
168 * checking the return value of each and every silly little function. The
169 * (-1) returns are here because zero is already taken by longjmp().
172 #define AC_PERMIT 1 /* permit access */
173 #define AC_DENY (-1) /* deny_access */
174 #define AC_ERROR AC_DENY /* XXX */
178 * In verification mode an option function should just say what it would do,
179 * instead of really doing it. An option function that would not return
180 * should clear the dry_run flag to inform the caller of this unusual
184 void process_options(char *, struct request_info
*); /* execute options */
185 void fix_options(struct request_info
*); /* get rid of IP-level socket options */
187 extern int dry_run
; /* verification flag */
190 #endif /* !_LIBWRAP_TCPD_H */