| Path : /usr/include/ |
|
B-Con CMD Config cPanel C-Rdp D-Log Info Jump Mass Ransom Symlink vHost Zone-H |
| Current File : //usr/include/tcpd.h |
/*
* @(#) tcpd.h 1.5 96/03/19 16:22:24
*
* Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
*/
#ifndef _TCPWRAPPERS_TCPD_H
#define _TCPWRAPPERS_TCPD_H
/* someone else may have defined this */
#undef __P
/* use prototypes if we have an ANSI C compiler or are using C++ */
#if defined(__STDC__) || defined(__cplusplus)
#define __P(args) args
#else
#define __P(args) ()
#endif
/* Need definitions of struct sockaddr_in and FILE. */
#include <netinet/in.h>
#include <stdio.h>
__BEGIN_DECLS
/* Structure to describe one communications endpoint. */
#define STRING_LENGTH 128 /* hosts, users, processes */
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
typedef struct sockaddr_gen {
union {
struct sockaddr _sg_sa;
struct sockaddr_in _sg_sin;
#ifdef HAVE_IPV6
struct sockaddr_in6 _sg_sin6;
#endif
} sg_addr;
} sockaddr_gen;
typedef union gen_addr {
struct in_addr ga_in;
#ifdef HAVE_IPV6
struct in6_addr ga_in6;
#endif
} gen_addr;
extern void sockgen_simplify();
#define sg_sa sg_addr._sg_sa
#define sg_sin sg_addr._sg_sin
#define sg_sin6 sg_addr._sg_sin6
#define sg_family sg_sa.sa_family
#ifdef HAVE_IPV6
#define SGADDRSZ(sag) ((sag)->sg_family == AF_INET6 ? \
sizeof (struct in6_addr) : \
sizeof (struct in_addr))
#define SGSOCKADDRSZ(sag) ((sag)->sg_family == AF_INET6 ? \
sizeof (struct sockaddr_in6) : \
sizeof (struct sockaddr_in))
#define SGPORT(sag) (*((sag)->sg_family == AF_INET6 ? \
&(sag)->sg_sin6.sin6_port : \
&(sag)->sg_sin.sin_port))
#define SGADDRP(sag) (((sag)->sg_family == AF_INET6 ? \
(char *) &(sag)->sg_sin6.sin6_addr : \
(char *) &(sag)->sg_sin.sin_addr))
#define SGFAM(sag) ((sag)->sg_family == AF_INET6 ? \
AF_INET6 : AF_INET)
#define SG_IS_UNSPECIFIED(sag) \
((sag)->sg_family == AF_INET6 ? \
IN6_IS_ADDR_UNSPECIFIED(&(sag)->sg_sin6.sin6_addr) : \
(sag)->sg_sin.sin_addr.s_addr == 0)
#define VALID_ADDRTYPE(t) ((t) == AF_INET || (t) == AF_INET6)
#ifndef IPV6_ABITS
#define IPV6_ABITS 128 /* Size of IPV6 address in bits */
#endif
#else /* HAVE_IPV6 */
#define SGADDRSZ(sag) sizeof(struct in_addr)
#define SGSOCKADDRSZ(sag) sizeof(struct sockaddr_in)
#define SGPORT(sag) ((sag)->sg_sin.sin_port)
#define SGADDRP(sag) ((char*) &(sag)->sg_sin.sin_addr)
#define SGFAM(sag) AF_INET
#define SG_IS_UNSPECIFIED(sag) ((sag)->sg_sin.sin_addr.s_addr == 0)
#define VALID_ADDRTYPE(t) ((t) == AF_INET)
#endif /* HAVE_IPV6 */
struct host_info {
char name[STRING_LENGTH]; /* access via eval_hostname(host) */
char addr[STRING_LENGTH]; /* access via eval_hostaddr(host) */
struct sockaddr_gen *sin; /* socket address or 0 */
struct t_unitdata *unit; /* TLI transport address or 0 */
struct request_info *request; /* for shared information */
};
/* Structure to describe what we know about a service request. */
struct request_info {
int fd; /* socket handle */
char user[STRING_LENGTH]; /* access via eval_user(request) */
char daemon[STRING_LENGTH]; /* access via eval_daemon(request) */
char pid[10]; /* access via eval_pid(request) */
struct host_info client[1]; /* client endpoint info */
struct host_info server[1]; /* server endpoint info */
void (*sink) __P((int)); /* datagram sink function or 0 */
void (*hostname) __P((struct host_info *)); /* address to printable hostname */
void (*hostaddr) __P((struct host_info *)); /* address to printable address */
void (*cleanup) __P((struct request_info *)); /* cleanup function or 0 */
struct netconfig *config; /* netdir handle */
};
/* Common string operations. Less clutter should be more readable. */
#define STRN_CPY(d,s,l) { strncpy((d),(s),(l)); (d)[(l)-1] = 0; }
#define STRN_EQ(x,y,l) (strncasecmp((x),(y),(l)) == 0)
#define STRN_NE(x,y,l) (strncasecmp((x),(y),(l)) != 0)
#define STR_EQ(x,y) (strcasecmp((x),(y)) == 0)
#define STR_NE(x,y) (strcasecmp((x),(y)) != 0)
/*
* Initially, all above strings have the empty value. Information that
* cannot be determined at runtime is set to "unknown", so that we can
* distinguish between `unavailable' and `not yet looked up'. A hostname
* that we do not believe in is set to "paranoid".
*/
#define STRING_UNKNOWN "unknown" /* lookup failed */
#define STRING_PARANOID "paranoid" /* hostname conflict */
extern char unknown[];
extern char paranoid[];
#define HOSTNAME_KNOWN(s) (STR_NE((s),unknown) && STR_NE((s),paranoid))
#ifdef HAVE_IPV6
#define NOT_INADDR(s) (strchr(s,':') == 0 && s[strspn(s,"0123456789./")] != 0)
#else
#define NOT_INADDR(s) (s[strspn(s,"0123456789./")] != 0)
#endif
/* Global functions. */
#if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
extern void fromhost __P((struct request_info *)); /* get/validate client host info */
#else
#define fromhost sock_host /* no TLI support needed */
#endif
extern void shell_cmd __P((char *)); /* execute shell command */
extern char *percent_x __P((char *, int, char *, struct request_info *)); /* do %<char> expansion */
extern void rfc931 __P((struct sockaddr_gen *, struct sockaddr_gen *, char *)); /* client name from RFC 931 daemon */
extern void clean_exit __P((struct request_info *)); /* clean up and exit */
extern void refuse __P((struct request_info *)); /* clean up and exit */
extern char *xgets __P((char *, int, FILE *)); /* fgets() on steroids */
extern char *split_at __P((char *, int)); /* strchr() and split */
extern unsigned long dot_quad_addr __P((char *)); /* restricted inet_addr() */
extern unsigned long prefix_to_netmask __P((char *)); /* 0-32 prefix length */
extern int numeric_addr __P((char *, union gen_addr *, int *, int *)); /* IP4/IP6 inet_addr (restricted) */
extern struct hostent *tcpd_gethostbyname __P((char *, int));
/* IP4/IP6 gethostbyname */
#ifdef HAVE_IPV6
extern char *skip_ipv6_addrs __P((char *)); /* skip over colons in IPv6 addrs */
#else
#define skip_ipv6_addrs(x) x
#endif
/* Global variables. */
#ifdef HAVE_WEAKSYMS
extern int allow_severity __attribute__ ((weak)); /* for connection logging */
extern int deny_severity __attribute__ ((weak)); /* for connection logging */
#else
extern int allow_severity; /* for connection logging */
extern int deny_severity; /* for connection logging */
#endif
extern char *hosts_allow_table; /* for verification mode redirection */
extern char *hosts_deny_table; /* for verification mode redirection */
extern int hosts_access_verbose; /* for verbose matching mode */
extern int rfc931_timeout; /* user lookup timeout */
extern int resident; /* > 0 if resident process */
/*
* Routines for controlled initialization and update of request structure
* attributes. Each attribute has its own key.
*/
#ifdef __STDC__
extern int hosts_access(struct request_info *request);
extern int hosts_ctl(char *daemon, char *client_name, char *client_addr,
char *client_user);
extern struct request_info *request_init(struct request_info *,...);
extern struct request_info *request_set(struct request_info *,...);
#else
extern int hosts_access();
extern int hosts_ctl();
extern struct request_info *request_init(); /* initialize request */
extern struct request_info *request_set(); /* update request structure */
#endif
#define RQ_FILE 1 /* file descriptor */
#define RQ_DAEMON 2 /* server process (argv[0]) */
#define RQ_USER 3 /* client user name */
#define RQ_CLIENT_NAME 4 /* client host name */
#define RQ_CLIENT_ADDR 5 /* client host address */
#define RQ_CLIENT_SIN 6 /* client endpoint (internal) */
#define RQ_SERVER_NAME 7 /* server host name */
#define RQ_SERVER_ADDR 8 /* server host address */
#define RQ_SERVER_SIN 9 /* server endpoint (internal) */
/*
* Routines for delayed evaluation of request attributes. Each attribute
* type has its own access method. The trivial ones are implemented by
* macros. The other ones are wrappers around the transport-specific host
* name, address, and client user lookup methods. The request_info and
* host_info structures serve as caches for the lookup results.
*/
extern char *eval_user __P((struct request_info *)); /* client user */
extern char *eval_hostname __P((struct host_info *)); /* printable hostname */
extern char *eval_hostaddr __P((struct host_info *)); /* printable host address */
extern char *eval_hostinfo __P((struct host_info *)); /* host name or address */
extern char *eval_client __P((struct request_info *)); /* whatever is available */
extern char *eval_server __P((struct request_info *)); /* whatever is available */
#define eval_daemon(r) ((r)->daemon) /* daemon process name */
#define eval_pid(r) ((r)->pid) /* process id */
/* Socket-specific methods, including DNS hostname lookups. */
/* look up endpoint addresses */
extern void sock_host __P((struct request_info *));
extern void sock_hostnofd __P((struct request_info *));
/* translate address to hostname */
extern void sock_hostname __P((struct host_info *));
/* address to printable address */
extern void sock_hostaddr __P((struct host_info *));
#define sock_methods(r) \
{ (r)->hostname = sock_hostname; (r)->hostaddr = sock_hostaddr; }
/* The System V Transport-Level Interface (TLI) interface. */
#if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT)
extern void tli_host __P((struct request_info *)); /* look up endpoint addresses etc. */
#endif
/*
* Problem reporting interface. Additional file/line context is reported
* when available. The jump buffer (tcpd_buf) is not declared here, or
* everyone would have to include <setjmp.h>.
*/
#ifdef __STDC__
extern void tcpd_warn(char *, ...); /* report problem and proceed */
extern void tcpd_jump(char *, ...); /* report problem and jump */
#else
extern void tcpd_warn();
extern void tcpd_jump();
#endif
struct tcpd_context {
char *file; /* current file */
int line; /* current line */
};
extern struct tcpd_context tcpd_context;
/*
* While processing access control rules, error conditions are handled by
* jumping back into the hosts_access() routine. This is cleaner than
* checking the return value of each and every silly little function. The
* (-1) returns are here because zero is already taken by longjmp().
*/
#define AC_PERMIT 1 /* permit access */
#define AC_DENY (-1) /* deny_access */
#define AC_ERROR AC_DENY /* XXX */
/*
* In verification mode an option function should just say what it would do,
* instead of really doing it. An option function that would not return
* should clear the dry_run flag to inform the caller of this unusual
* behavior.
*/
extern void process_options __P((char *, struct request_info *)); /* execute options */
extern int dry_run; /* verification flag */
/* Bug workarounds. */
#ifdef INET_ADDR_BUG /* inet_addr() returns struct */
#define inet_addr fix_inet_addr
extern long fix_inet_addr();
#endif
#ifdef BROKEN_FGETS /* partial reads from sockets */
#define fgets fix_fgets
extern char *fix_fgets();
#endif
#ifdef RECVFROM_BUG /* no address family info */
#define recvfrom fix_recvfrom
extern int fix_recvfrom();
#endif
#ifdef GETPEERNAME_BUG /* claims success with UDP */
#define getpeername fix_getpeername
extern int fix_getpeername();
#endif
#ifdef SOLARIS_24_GETHOSTBYNAME_BUG /* lists addresses as aliases */
#define gethostbyname fix_gethostbyname
extern struct hostent *fix_gethostbyname();
#endif
#ifdef USE_STRSEP /* libc calls strtok() */
#define strtok fix_strtok
extern char *fix_strtok();
#endif
#ifdef LIBC_CALLS_STRTOK /* libc calls strtok() */
#define strtok my_strtok
extern char *my_strtok();
#endif
__END_DECLS
#endif /* tcpd.h */