forked from jtniehof/pam_shield
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathpam_shield_lib.h
179 lines (139 loc) · 3.85 KB
/
pam_shield_lib.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
/*
pam_shield_lib.h
pam_shield 0.9.7
Copyright (C) 2007-2012 Walter de Jong <walter@heiho.net>
and Jonathan Niehof <jtniehof@gmail.com>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
#include <string.h>
#include <unistd.h>
#include <syslog.h>
#include <pwd.h>
#include <time.h>
#include <netdb.h>
#include <fcntl.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/wait.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <errno.h>
#include <gdbm.h>
#include "config.h"
#include "pam_shield.h"
#pragma GCC visibility push(hidden)
#define DEFAULT_MAX_CONNS 10
#define DEFAULT_INTERVAL 60L
#define DEFAULT_RETENTION (3600L * 24L)
#define MAX_LINE 1024
#define OPT_DEBUG 0x001
#define OPT_BLOCK_ALL 0x002 /* block all, including known users */
#define OPT_DRYRUN 0x004
#define OPT_LISTDB 0x008
#define OPT_MISSING_DNS 0x010 /* allow missing DNS */
#define OPT_MISSING_REVERSE 0x020 /* allow missing reverse DNS */
#define OPT_FORCE 0x040 /* purge unexpired entries */
#define OPT_REMOVEIP 0x080
#define OPT_SYNC 0x100
extern int options;
extern GDBM_FILE dbf;
extern char *conffile;
extern char *dbfile;
extern char *trigger_cmd;
extern char *removeip;
/* white lists of addresses */
extern ip_list *allow_ipv4_list;
extern ip_list *allow_ipv6_list;
extern name_list *allow_names;
extern int max_conns;
extern long interval;
extern long retention;
extern time_t this_time;
void logmsg(int level, const char *fmt, ...);
ip_list *new_ip_list(void);
void destroy_ip_list(ip_list *list);
void add_ip_list(ip_list **root, ip_list *ip);
/*
try to match an IP number against the allow list
returns 1 if it matches
*/
int match_ipv4_list(unsigned char *saddr);
int match_ipv6_list(unsigned char *saddr);
/*
name_lists are hostnames and/or network names
*/
name_list *new_name_list(char *name);
void destroy_name_list(name_list *list);
void add_name_list(name_list **root, name_list *n);
/*
see if 'name' matches our whitelist
return 1 if it does
*/
int match_name_list(char *name);
/*
initialize variables
*/
int init_module(void);
void deinit_module(void);
/*
strip leading and trailing whitespace from a string
*/
void strip(char *str);
/*
multipliers:
1s second
1m minute
1h hour
1d day
1w week
1M month
1y year
default is 1
returns 0 on error
*/
long get_multiplier(char *str);
/*
generate bitmask from '/24' notation
mask is struct in_addr.saddr, size is the size of the array
(4 for IPv4, 16 for IPv6)
*/
void ip_bitmask(int bits, unsigned char *mask, int size);
/*
allow network/netmask, for both IPv4 and IPv6
netmask can be in canonical or decimal notation
*/
int allow_ip(char *ipnum, int line_no);
/*
read configuration file
*/
int read_config(void);
/*
print the IP number of a db_record
return NULL on error, or buf on success
*/
const char *print_ip(_pam_shield_db_rec_t *record, char *buf, int buflen);
/*
run external command
*/
int run_trigger(char *cmd, _pam_shield_db_rec_t *record);
int expire_record(_pam_shield_db_rec_t *record);
/*
gdbm has encountered a fatal error
*/
void fatal_func(const char *str);
#pragma GCC visibility pop
/* EOB */