Index: head/contrib/tcp_wrappers/scaffold.c =================================================================== --- head/contrib/tcp_wrappers/scaffold.c (revision 311458) +++ head/contrib/tcp_wrappers/scaffold.c (revision 311459) @@ -1,272 +1,262 @@ /* * Routines for testing only. Not really industrial strength. * * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. * * $FreeBSD$ */ #ifndef lint static char sccs_id[] = "@(#) scaffold.c 1.6 97/03/21 19:27:24"; #endif /* System libraries. */ #include #include #include #include #include #include #include #include #include #include #ifndef INADDR_NONE #define INADDR_NONE (-1) /* XXX should be 0xffffffff */ #endif #ifndef INET6 extern char *malloc(); #endif /* Application-specific. */ #include "tcpd.h" #include "scaffold.h" /* * These are referenced by the options module and by rfc931.c. */ int allow_severity = SEVERITY; int deny_severity = LOG_WARNING; int rfc931_timeout = RFC931_TIMEOUT; #ifndef INET6 /* dup_hostent - create hostent in one memory block */ static struct hostent *dup_hostent(hp) struct hostent *hp; { struct hostent_block { struct hostent host; char *addr_list[1]; }; struct hostent_block *hb; int count; char *data; char *addr; for (count = 0; hp->h_addr_list[count] != 0; count++) /* void */ ; if ((hb = (struct hostent_block *) malloc(sizeof(struct hostent_block) + (hp->h_length + sizeof(char *)) * count)) == 0) { fprintf(stderr, "Sorry, out of memory\n"); exit(1); } memset((char *) &hb->host, 0, sizeof(hb->host)); hb->host.h_length = hp->h_length; hb->host.h_addr_list = hb->addr_list; hb->host.h_addr_list[count] = 0; data = (char *) (hb->host.h_addr_list + count + 1); for (count = 0; (addr = hp->h_addr_list[count]) != 0; count++) { hb->host.h_addr_list[count] = data + hp->h_length * count; memcpy(hb->host.h_addr_list[count], addr, hp->h_length); } return (&hb->host); } #endif /* find_inet_addr - find all addresses for this host, result to free() */ #ifdef INET6 struct addrinfo *find_inet_addr(host) char *host; { struct addrinfo hints, *res; memset(&hints, 0, sizeof(hints)); hints.ai_family = PF_UNSPEC; hints.ai_socktype = SOCK_STREAM; hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST; if (getaddrinfo(host, NULL, &hints, &res) == 0) return (res); memset(&hints, 0, sizeof(hints)); hints.ai_family = PF_UNSPEC; hints.ai_socktype = SOCK_STREAM; hints.ai_flags = AI_PASSIVE | AI_CANONNAME; if (getaddrinfo(host, NULL, &hints, &res) != 0) { tcpd_warn("%s: host not found", host); return (0); } if (res->ai_family != AF_INET6 && res->ai_family != AF_INET) { tcpd_warn("%d: not an internet host", res->ai_family); freeaddrinfo(res); return (0); } if (!res->ai_canonname) { tcpd_warn("%s: hostname alias", host); tcpd_warn("(cannot obtain official name)", res->ai_canonname); } else if (STR_NE(host, res->ai_canonname)) { tcpd_warn("%s: hostname alias", host); tcpd_warn("(official name: %.*s)", STRING_LENGTH, res->ai_canonname); } return (res); } #else struct hostent *find_inet_addr(host) char *host; { struct in_addr addr; struct hostent *hp; static struct hostent h; static char *addr_list[2]; /* * Host address: translate it to internal form. */ if ((addr.s_addr = dot_quad_addr(host)) != INADDR_NONE) { h.h_addr_list = addr_list; h.h_addr_list[0] = (char *) &addr; h.h_length = sizeof(addr); return (dup_hostent(&h)); } /* * Map host name to a series of addresses. Watch out for non-internet * forms or aliases. The NOT_INADDR() is here in case gethostbyname() has * been "enhanced" to accept numeric addresses. Make a copy of the * address list so that later gethostbyXXX() calls will not clobber it. */ if (NOT_INADDR(host) == 0) { tcpd_warn("%s: not an internet address", host); return (0); } if ((hp = gethostbyname(host)) == 0) { tcpd_warn("%s: host not found", host); return (0); } if (hp->h_addrtype != AF_INET) { tcpd_warn("%d: not an internet host", hp->h_addrtype); return (0); } if (STR_NE(host, hp->h_name)) { tcpd_warn("%s: hostname alias", host); tcpd_warn("(official name: %.*s)", STRING_LENGTH, hp->h_name); } return (dup_hostent(hp)); } #endif /* check_dns - give each address thorough workout, return address count */ int check_dns(host) char *host; { struct request_info request; #ifdef INET6 struct sockaddr_storage sin; struct addrinfo *hp, *res; #else struct sockaddr_in sin; struct hostent *hp; #endif int count; char *addr; if ((hp = find_inet_addr(host)) == 0) return (0); request_init(&request, RQ_CLIENT_SIN, &sin, 0); sock_methods(&request); #ifndef INET6 memset((char *) &sin, 0, sizeof(sin)); sin.sin_family = AF_INET; #endif #ifdef INET6 for (res = hp, count = 0; res; res = res->ai_next, count++) { memcpy(&sin, res->ai_addr, res->ai_addrlen); #else for (count = 0; (addr = hp->h_addr_list[count]) != 0; count++) { memcpy((char *) &sin.sin_addr, addr, sizeof(sin.sin_addr)); #endif /* * Force host name and address conversions. Use the request structure * as a cache. Detect hostname lookup problems. Any name/name or * name/address conflicts will be reported while eval_hostname() does * its job. */ request_set(&request, RQ_CLIENT_ADDR, "", RQ_CLIENT_NAME, "", 0); if (STR_EQ(eval_hostname(request.client), unknown)) tcpd_warn("host address %s->name lookup failed", eval_hostaddr(request.client)); } #ifdef INET6 freeaddrinfo(hp); #else free((char *) hp); #endif return (count); } /* dummy function to intercept the real shell_cmd() */ /* ARGSUSED */ void shell_cmd(command) char *command; { if (hosts_access_verbose) printf("command: %s", command); } /* dummy function to intercept the real clean_exit() */ /* ARGSUSED */ void clean_exit(request) struct request_info *request; { exit(0); } -/* dummy function to intercept the real rfc931() */ - -/* ARGSUSED */ - -void rfc931(request) -struct request_info *request; -{ - strcpy(request->user, unknown); -} - /* check_path - examine accessibility */ int check_path(path, st) char *path; struct stat *st; { struct stat stbuf; char buf[BUFSIZ]; if (stat(path, st) < 0) return (-1); #ifdef notdef if (st->st_uid != 0) tcpd_warn("%s: not owned by root", path); if (st->st_mode & 020) tcpd_warn("%s: group writable", path); #endif if (st->st_mode & 002) tcpd_warn("%s: world writable", path); if (path[0] == '/' && path[1] != 0) { strrchr(strcpy(buf, path), '/')[0] = 0; (void) check_path(buf[0] ? buf : "/", &stbuf); } return (0); } Index: head/contrib/tcp_wrappers/tcpd.h =================================================================== --- head/contrib/tcp_wrappers/tcpd.h (revision 311458) +++ head/contrib/tcp_wrappers/tcpd.h (revision 311459) @@ -1,226 +1,219 @@ /* * @(#) tcpd.h 1.5 96/03/19 16:22:24 * * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. * * $FreeBSD$ */ +#ifdef INET6 +#define TCPD_SOCKADDR struct sockaddr +#else +#define TCPD_SOCKADDR struct sockaddr_in +#endif + /* Structure to describe one communications endpoint. */ #define STRING_LENGTH 128 /* hosts, users, processes */ struct host_info { char name[STRING_LENGTH]; /* access via eval_hostname(host) */ char addr[STRING_LENGTH]; /* access via eval_hostaddr(host) */ -#ifdef INET6 - struct sockaddr *sin; /* socket address or 0 */ -#else - struct sockaddr_in *sin; /* socket address or 0 */ -#endif + TCPD_SOCKADDR *sin; /* socket address or 0 */ struct t_unitdata *unit; /* TLI transport address or 0 */ struct request_info *request; /* for shared information */ }; /* Structure to describe what we know about a service request. */ struct request_info { int fd; /* socket handle */ char user[STRING_LENGTH]; /* access via eval_user(request) */ char daemon[STRING_LENGTH]; /* access via eval_daemon(request) */ char pid[10]; /* access via eval_pid(request) */ struct host_info client[1]; /* client endpoint info */ struct host_info server[1]; /* server endpoint info */ void (*sink) (int); /* datagram sink function or 0 */ void (*hostname) (struct host_info *); /* address to printable hostname */ void (*hostaddr) (struct host_info *); /* address to printable address */ void (*cleanup) (struct request_info *); /* cleanup function or 0 */ struct netconfig *config; /* netdir handle */ }; /* Common string operations. Less clutter should be more readable. */ #define STRN_CPY(d,s,l) { strncpy((d),(s),(l)); (d)[(l)-1] = 0; } #define STRN_EQ(x,y,l) (strncasecmp((x),(y),(l)) == 0) #define STRN_NE(x,y,l) (strncasecmp((x),(y),(l)) != 0) #define STR_EQ(x,y) (strcasecmp((x),(y)) == 0) #define STR_NE(x,y) (strcasecmp((x),(y)) != 0) /* * Initially, all above strings have the empty value. Information that * cannot be determined at runtime is set to "unknown", so that we can * distinguish between `unavailable' and `not yet looked up'. A hostname * that we do not believe in is set to "paranoid". */ #define STRING_UNKNOWN "unknown" /* lookup failed */ #define STRING_PARANOID "paranoid" /* hostname conflict */ extern char unknown[]; extern char paranoid[]; #define HOSTNAME_KNOWN(s) (STR_NE((s),unknown) && STR_NE((s),paranoid)) #define NOT_INADDR(s) (s[strspn(s,"01234567890./")] != 0) /* Global functions. */ #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT) -extern void fromhost(); /* get/validate client host info */ +extern void fromhost(struct request_info *); /* get/validate client host info */ #else -#define fromhost sock_host /* no TLI support needed */ +#define fromhost sock_host /* no TLI support needed */ #endif -extern int hosts_access(); /* access control */ -extern int hosts_ctl(); /* wrapper around request_init() */ -extern void shell_cmd(); /* execute shell command */ -extern char *percent_x(); /* do % expansion */ -extern void rfc931(); /* client name from RFC 931 daemon */ -extern void clean_exit(); /* clean up and exit */ -extern void refuse(); /* clean up and exit */ -extern char *xgets(); /* fgets() on steroids */ -extern char *split_at(); /* strchr() and split */ -extern unsigned long dot_quad_addr(); /* restricted inet_addr() */ +extern int hosts_access(struct request_info *); /* access control */ +extern int hosts_ctl(char *, char *, char *, char *); /* wrapper around request_init() */ +extern void shell_cmd(char *); /* execute shell command */ +extern char *percent_x(char *, int, char *, struct request_info *); /* do % expansion */ +extern void rfc931(TCPD_SOCKADDR *, TCPD_SOCKADDR *, char *); /* client name from RFC 931 daemon */ +extern void clean_exit(struct request_info *); /* clean up and exit */ +extern void refuse(struct request_info *); /* clean up and exit */ +extern char *xgets(char *, int, FILE *); /* fgets() on steroids */ +extern char *split_at(char *, int); /* strchr() and split */ +extern unsigned long dot_quad_addr(char *); /* restricted inet_addr() */ + /* Global variables. */ extern int allow_severity; /* for connection logging */ extern int deny_severity; /* for connection logging */ extern char *hosts_allow_table; /* for verification mode redirection */ extern char *hosts_deny_table; /* for verification mode redirection */ extern int hosts_access_verbose; /* for verbose matching mode */ extern int rfc931_timeout; /* user lookup timeout */ extern int resident; /* > 0 if resident process */ /* * Routines for controlled initialization and update of request structure * attributes. Each attribute has its own key. */ -#ifdef __STDC__ -extern struct request_info *request_init(struct request_info *,...); -extern struct request_info *request_set(struct request_info *,...); -#else -extern struct request_info *request_init(); /* initialize request */ -extern struct request_info *request_set(); /* update request structure */ -#endif +extern struct request_info *request_init(struct request_info *,...); /* initialize request */ +extern struct request_info *request_set(struct request_info *,...); /* update request structure */ #define RQ_FILE 1 /* file descriptor */ #define RQ_DAEMON 2 /* server process (argv[0]) */ #define RQ_USER 3 /* client user name */ #define RQ_CLIENT_NAME 4 /* client host name */ #define RQ_CLIENT_ADDR 5 /* client host address */ #define RQ_CLIENT_SIN 6 /* client endpoint (internal) */ #define RQ_SERVER_NAME 7 /* server host name */ #define RQ_SERVER_ADDR 8 /* server host address */ #define RQ_SERVER_SIN 9 /* server endpoint (internal) */ /* * Routines for delayed evaluation of request attributes. Each attribute * type has its own access method. The trivial ones are implemented by * macros. The other ones are wrappers around the transport-specific host * name, address, and client user lookup methods. The request_info and * host_info structures serve as caches for the lookup results. */ -extern char *eval_user(); /* client user */ -extern char *eval_hostname(); /* printable hostname */ -extern char *eval_hostaddr(); /* printable host address */ -extern char *eval_hostinfo(); /* host name or address */ -extern char *eval_client(); /* whatever is available */ -extern char *eval_server(); /* whatever is available */ +extern char *eval_user(struct request_info *); /* client user */ +extern char *eval_hostname(struct host_info *); /* printable hostname */ +extern char *eval_hostaddr(struct host_info *); /* printable host address */ +extern char *eval_hostinfo(struct host_info *); /* host name or address */ +extern char *eval_client(struct request_info *); /* whatever is available */ +extern char *eval_server(struct request_info *); /* whatever is available */ #define eval_daemon(r) ((r)->daemon) /* daemon process name */ #define eval_pid(r) ((r)->pid) /* process id */ /* Socket-specific methods, including DNS hostname lookups. */ -extern void sock_host(); /* look up endpoint addresses */ -extern void sock_hostname(); /* translate address to hostname */ -extern void sock_hostaddr(); /* address to printable address */ +extern void sock_host(struct request_info *); /* look up endpoint addresses */ +extern void sock_hostname(struct host_info *); /* translate address to hostname */ +extern void sock_hostaddr(struct host_info *); /* address to printable address */ #define sock_methods(r) \ { (r)->hostname = sock_hostname; (r)->hostaddr = sock_hostaddr; } /* The System V Transport-Level Interface (TLI) interface. */ #if defined(TLI) || defined(PTX) || defined(TLI_SEQUENT) -extern void tli_host(); /* look up endpoint addresses etc. */ +extern void tli_host(struct request_info *); /* look up endpoint addresses etc. */ #endif /* * Problem reporting interface. Additional file/line context is reported * when available. The jump buffer (tcpd_buf) is not declared here, or * everyone would have to include . */ -#ifdef __STDC__ extern void tcpd_warn(char *, ...); /* report problem and proceed */ extern void tcpd_jump(char *, ...); /* report problem and jump */ -#else -extern void tcpd_warn(); -extern void tcpd_jump(); -#endif struct tcpd_context { char *file; /* current file */ int line; /* current line */ }; extern struct tcpd_context tcpd_context; /* * While processing access control rules, error conditions are handled by * jumping back into the hosts_access() routine. This is cleaner than * checking the return value of each and every silly little function. The * (-1) returns are here because zero is already taken by longjmp(). */ #define AC_PERMIT 1 /* permit access */ #define AC_DENY (-1) /* deny_access */ #define AC_ERROR AC_DENY /* XXX */ /* * In verification mode an option function should just say what it would do, * instead of really doing it. An option function that would not return * should clear the dry_run flag to inform the caller of this unusual * behavior. */ -extern void process_options(); /* execute options */ -extern int dry_run; /* verification flag */ +extern void process_options(char *, struct request_info *); /* execute options */ +extern int dry_run; /* verification flag */ /* Bug workarounds. */ #ifdef INET_ADDR_BUG /* inet_addr() returns struct */ #define inet_addr fix_inet_addr -extern long fix_inet_addr(); +extern long fix_inet_addr(char *); #endif #ifdef BROKEN_FGETS /* partial reads from sockets */ #define fgets fix_fgets -extern char *fix_fgets(); +extern char *fix_fgets(char *, int, FILE *); #endif #ifdef RECVFROM_BUG /* no address family info */ #define recvfrom fix_recvfrom -extern int fix_recvfrom(); +extern int fix_recvfrom(int, char *, int, int, struct sockaddr *, int *); #endif #ifdef GETPEERNAME_BUG /* claims success with UDP */ #define getpeername fix_getpeername -extern int fix_getpeername(); +extern int fix_getpeername(int, struct sockaddr *, int *); #endif #ifdef SOLARIS_24_GETHOSTBYNAME_BUG /* lists addresses as aliases */ #define gethostbyname fix_gethostbyname -extern struct hostent *fix_gethostbyname(); +extern struct hostent *fix_gethostbyname(char *); #endif #ifdef USE_STRSEP /* libc calls strtok() */ #define strtok fix_strtok -extern char *fix_strtok(); +extern char *fix_strtok(char *, char *); #endif #ifdef LIBC_CALLS_STRTOK /* libc calls strtok() */ #define strtok my_strtok -extern char *my_strtok(); +extern char *my_strtok(char *, char *); #endif