Print this page
re #11201 nss: need local netgroup implementation
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/head/nss_dbdefs.h
+++ new/usr/src/head/nss_dbdefs.h
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
|
↓ open down ↓ |
11 lines elided |
↑ open up ↑ |
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 + * Copyright 2012 Nexenta Systems, Inc. All rights reserved.
22 23 * Copyright 2014 Garrett D'Amore <garrett@damore.org>
23 24 *
24 25 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
25 26 * Use is subject to license terms.
26 27 *
27 28 * Database-specific definitions for the getXXXbyYYY routines
28 29 * (e.g getpwuid_r(), ether_ntohost()) that use the name-service switch.
29 30 * Database-independent definitions are in <nss_common.h>
30 31 *
31 32 * Ideally, this is the only switch header file one would add things
32 33 * to in order to support a new database.
33 34 *
34 35 * NOTE: The interfaces documented in this file may change in a minor
35 36 * release. It is intended that in the future a stronger committment
36 37 * will be made to these interface definitions which will guarantee
37 38 * them across minor releases.
38 39 */
39 40
40 41 #ifndef _NSS_DBDEFS_H
41 42 #define _NSS_DBDEFS_H
42 43
43 44 #include <sys/types.h>
44 45 #include <unistd.h>
45 46 #include <errno.h>
46 47 #include <netdb.h> /* MAXALIASES, MAXADDRS */
47 48 #include <limits.h> /* LOGNAME_MAX */
48 49 #include <nss_common.h>
49 50
50 51 #ifdef __cplusplus
51 52 extern "C" {
52 53 #endif
53 54
54 55 #ifndef NSS_INCLUDE_UNSAFE
55 56 #define NSS_INCLUDE_UNSAFE 1 /* Build old, MT-unsafe interfaces, */
56 57 #endif /* NSS_INCLUDE_UNSAFE */ /* e.g. getpwnam (c.f. getpwnam_r) */
57 58
58 59 /*
59 60 * Names of the well-known databases.
60 61 */
61 62
62 63 #define NSS_DBNAM_ALIASES "aliases" /* E-mail aliases, that is */
63 64 #define NSS_DBNAM_AUTOMOUNT "automount"
64 65 #define NSS_DBNAM_BOOTPARAMS "bootparams"
65 66 #define NSS_DBNAM_ETHERS "ethers"
66 67 #define NSS_DBNAM_GROUP "group"
67 68 #define NSS_DBNAM_HOSTS "hosts"
68 69 #define NSS_DBNAM_IPNODES "ipnodes"
69 70 #define NSS_DBNAM_NETGROUP "netgroup"
70 71 #define NSS_DBNAM_NETMASKS "netmasks"
71 72 #define NSS_DBNAM_NETWORKS "networks"
72 73 #define NSS_DBNAM_PASSWD "passwd"
73 74 #define NSS_DBNAM_PRINTERS "printers"
74 75 #define NSS_DBNAM_PROJECT "project"
75 76 #define NSS_DBNAM_PROTOCOLS "protocols"
76 77 #define NSS_DBNAM_PUBLICKEY "publickey"
77 78 #define NSS_DBNAM_RPC "rpc"
78 79 #define NSS_DBNAM_SERVICES "services"
79 80 #define NSS_DBNAM_AUDITUSER "audit_user"
80 81 #define NSS_DBNAM_AUTHATTR "auth_attr"
81 82 #define NSS_DBNAM_EXECATTR "exec_attr"
82 83 #define NSS_DBNAM_PROFATTR "prof_attr"
83 84 #define NSS_DBNAM_USERATTR "user_attr"
84 85
85 86 #define NSS_DBNAM_TSOL_TP "tnrhtp"
86 87 #define NSS_DBNAM_TSOL_RH "tnrhdb"
87 88 #define NSS_DBNAM_TSOL_ZC "tnzonecfg"
88 89
89 90 /* getspnam() et al use the "passwd" config entry but the "shadow" backend */
90 91 #define NSS_DBNAM_SHADOW "shadow"
91 92
92 93 /* The "compat" backend gets config entries for these pseudo-databases */
93 94 #define NSS_DBNAM_PASSWD_COMPAT "passwd_compat"
94 95 #define NSS_DBNAM_GROUP_COMPAT "group_compat"
95 96
96 97 /*
97 98 * Default switch configuration, compiled into the front-ends.
98 99 *
99 100 * Absent good reasons to the contrary, this should be compatible with the
100 101 * default /etc/nsswitch.conf file.
101 102 */
102 103 #define NSS_FILES_ONLY "files"
103 104 #define NSS_FILES_NS "files nis"
104 105 #define NSS_NS_FALLBACK "nis [NOTFOUND=return] files"
105 106 #define NSS_NS_ONLY "nis"
106 107 #define NSS_TSOL_FALLBACK "files ldap"
107 108
108 109 #define NSS_DEFCONF_ALIASES NSS_FILES_NS
109 110 #define NSS_DEFCONF_AUTOMOUNT NSS_FILES_NS
110 111 #define NSS_DEFCONF_BOOTPARAMS NSS_NS_FALLBACK
111 112 #define NSS_DEFCONF_ETHERS NSS_NS_FALLBACK
112 113 #define NSS_DEFCONF_GROUP NSS_FILES_NS
113 114 #define NSS_DEFCONF_HOSTS NSS_NS_FALLBACK
114 115 #define NSS_DEFCONF_IPNODES NSS_NS_FALLBACK
115 116 #define NSS_DEFCONF_NETGROUP NSS_NS_ONLY
116 117 #define NSS_DEFCONF_NETMASKS NSS_NS_FALLBACK
117 118 #define NSS_DEFCONF_NETWORKS NSS_NS_FALLBACK
118 119 #define NSS_DEFCONF_PASSWD NSS_FILES_NS
119 120 #define NSS_DEFCONF_PRINTERS "user files nis"
120 121 #define NSS_DEFCONF_PROJECT NSS_FILES_NS
121 122 #define NSS_DEFCONF_PROTOCOLS NSS_NS_FALLBACK
122 123 #define NSS_DEFCONF_PUBLICKEY NSS_FILES_NS
123 124 #define NSS_DEFCONF_RPC NSS_NS_FALLBACK
124 125 #define NSS_DEFCONF_SERVICES NSS_FILES_NS /* speeds up byname() */
125 126
126 127 #define NSS_DEFCONF_GROUP_COMPAT NSS_NS_ONLY
127 128 #define NSS_DEFCONF_PASSWD_COMPAT NSS_NS_ONLY
128 129
129 130 #define NSS_DEFCONF_ATTRDB NSS_FILES_NS
130 131
131 132 #define NSS_DEFCONF_AUDITUSER NSS_DEFCONF_PASSWD
132 133 #define NSS_DEFCONF_USERATTR NSS_DEFCONF_PASSWD
133 134 #define NSS_DEFCONF_AUTHATTR NSS_DEFCONF_ATTRDB
134 135 #define NSS_DEFCONF_PROFATTR NSS_DEFCONF_ATTRDB
135 136 #define NSS_DEFCONF_EXECATTR NSS_DEFCONF_PROFATTR
136 137
137 138 #define NSS_DEFCONF_TSOL_TP NSS_TSOL_FALLBACK
138 139 #define NSS_DEFCONF_TSOL_RH NSS_TSOL_FALLBACK
139 140 #define NSS_DEFCONF_TSOL_ZC NSS_TSOL_FALLBACK
140 141
|
↓ open down ↓ |
109 lines elided |
↑ open up ↑ |
141 142 /*
142 143 * Line-lengths that the "files" and "compat" backends will try to support.
143 144 * It may be reasonable (even advisable) to use smaller values than these.
144 145 */
145 146
146 147 #define NSS_BUFSIZ 1024
147 148
148 149 #define NSS_LINELEN_GROUP ((NSS_BUFSIZ) * 8)
149 150 #define NSS_LINELEN_HOSTS ((NSS_BUFSIZ) * 8)
150 151 #define NSS_LINELEN_IPNODES ((NSS_BUFSIZ) * 8)
152 +#define NSS_LINELEN_NETGROUP ((NSS_BUFSIZ) * 32)
151 153 #define NSS_LINELEN_NETMASKS NSS_BUFSIZ
152 154 #define NSS_LINELEN_NETWORKS NSS_BUFSIZ
153 155 #define NSS_LINELEN_PASSWD NSS_BUFSIZ
154 156 #define NSS_LINELEN_PRINTERS NSS_BUFSIZ
155 157 #define NSS_LINELEN_PROJECT ((NSS_BUFSIZ) * 4)
156 158 #define NSS_LINELEN_PROTOCOLS NSS_BUFSIZ
157 159 #define NSS_LINELEN_PUBLICKEY NSS_BUFSIZ
158 160 #define NSS_LINELEN_RPC NSS_BUFSIZ
159 161 #define NSS_LINELEN_SERVICES NSS_BUFSIZ
160 162 #define NSS_LINELEN_SHADOW NSS_BUFSIZ
161 163 #define NSS_LINELEN_ETHERS NSS_BUFSIZ
162 164 #define NSS_LINELEN_BOOTPARAMS NSS_BUFSIZ
163 165
164 166 #define NSS_LINELEN_ATTRDB NSS_BUFSIZ
165 167
166 168 #define NSS_LINELEN_AUDITUSER NSS_LINELEN_ATTRDB
167 169 #define NSS_LINELEN_AUTHATTR NSS_LINELEN_ATTRDB
168 170 #define NSS_LINELEN_EXECATTR NSS_LINELEN_ATTRDB
169 171 #define NSS_LINELEN_PROFATTR NSS_LINELEN_ATTRDB
170 172 #define NSS_LINELEN_USERATTR NSS_LINELEN_ATTRDB
171 173
172 174 #define NSS_MMAPLEN_EXECATTR NSS_LINELEN_EXECATTR * 8
173 175
174 176 #define NSS_LINELEN_TSOL NSS_BUFSIZ
175 177
176 178 #define NSS_LINELEN_TSOL_TP NSS_LINELEN_TSOL
177 179 #define NSS_LINELEN_TSOL_RH NSS_LINELEN_TSOL
178 180 #define NSS_LINELEN_TSOL_ZC NSS_LINELEN_TSOL
179 181
180 182 /*
181 183 * Reasonable defaults for 'buflen' values passed to _r functions. The BSD
182 184 * and SunOS 4.x implementations of the getXXXbyYYY() functions used hard-
183 185 * coded array sizes; the values here are meant to handle anything that
184 186 * those implementations handled.
185 187 * === These might more reasonably go in <pwd.h>, <netdb.h> et al
186 188 */
187 189
188 190 #define NSS_BUFLEN_GROUP NSS_LINELEN_GROUP
189 191 #define NSS_BUFLEN_HOSTS \
190 192 (NSS_LINELEN_HOSTS + (MAXALIASES + MAXADDRS + 2) * sizeof (char *))
191 193 #define NSS_BUFLEN_IPNODES \
192 194 (NSS_LINELEN_IPNODES + (MAXALIASES + MAXADDRS + 2) * sizeof (char *))
193 195 #define NSS_BUFLEN_NETGROUP (MAXHOSTNAMELEN * 2 + LOGNAME_MAX + 3)
194 196 #define NSS_BUFLEN_NETWORKS NSS_LINELEN_NETWORKS /* === ? + 35 * 4 */
195 197 #define NSS_BUFLEN_PASSWD NSS_LINELEN_PASSWD
196 198 #define NSS_BUFLEN_PROJECT (NSS_LINELEN_PROJECT + 800 * sizeof (char *))
197 199 #define NSS_BUFLEN_PROTOCOLS NSS_LINELEN_PROTOCOLS /* === ? + 35 * 4 */
198 200 #define NSS_BUFLEN_PUBLICKEY NSS_LINELEN_PUBLICKEY
199 201 #define NSS_BUFLEN_RPC NSS_LINELEN_RPC /* === ? + 35 * 4 */
200 202 #define NSS_BUFLEN_SERVICES NSS_LINELEN_SERVICES /* === ? + 35 * 4 */
201 203 #define NSS_BUFLEN_SHADOW NSS_LINELEN_SHADOW
202 204 #define NSS_BUFLEN_ETHERS NSS_LINELEN_ETHERS
203 205 #define NSS_BUFLEN_BOOTPARAMS NSS_LINELEN_BOOTPARAMS
204 206
205 207 #define NSS_BUFLEN_ATTRDB NSS_LINELEN_ATTRDB
206 208
207 209 #define NSS_BUFLEN_AUDITUSER NSS_BUFLEN_ATTRDB
208 210 #define NSS_BUFLEN_AUTHATTR NSS_BUFLEN_ATTRDB
209 211 #define NSS_BUFLEN_EXECATTR NSS_BUFLEN_ATTRDB
210 212 #define NSS_BUFLEN_PROFATTR NSS_BUFLEN_ATTRDB
211 213 #define NSS_BUFLEN_USERATTR ((NSS_BUFLEN_ATTRDB) * 8)
212 214
213 215 #define NSS_BUFLEN_TSOL NSS_LINELEN_TSOL
214 216 #define NSS_BUFLEN_TSOL_TP NSS_BUFLEN_TSOL
215 217 #define NSS_BUFLEN_TSOL_RH NSS_BUFLEN_TSOL
216 218 #define NSS_BUFLEN_TSOL_ZC NSS_BUFLEN_TSOL
217 219
218 220 /*
219 221 * Default cache door buffer size (2x largest buffer)
220 222 */
221 223
222 224 #define NSS_BUFLEN_DOOR ((NSS_BUFSIZ) * 16)
223 225
224 226 /*
225 227 * Arguments and results, passed between the frontends and backends for
226 228 * the well-known databases. The getXbyY_r() and getXent_r() routines
227 229 * use a common format that is further described below; other routines
228 230 * use their own formats.
229 231 */
230 232
231 233 /*
232 234 * The nss_str2ent_t routine is the data marshaller for the nsswitch.
233 235 * it converts 'native files' format into 'entry' format as part of the
234 236 * return processing for a getXbyY interface.
235 237 *
236 238 * The nss_groupstr_t routine does the real work for any backend
237 239 * that can supply a netgroup entry as a string in /etc/group format
238 240 */
239 241 typedef int (*nss_str2ent_t)(const char *in, int inlen,
240 242 void *ent, char *buf, int buflen);
241 243
242 244 struct nss_groupsbymem; /* forward definition */
243 245 typedef nss_status_t (*nss_groupstr_t)(const char *instr, int inlen,
244 246 struct nss_groupsbymem *);
245 247
246 248 /*
247 249 * The initgroups() function [see initgroups(3c)] needs to find all the
248 250 * groups to which a given user belongs. To do this it calls
249 251 * _getgroupsbymember(), which is part of the frontend for the "group"
250 252 * database.
251 253 * We want the same effect as if we used getgrent_r() to enumerate the
252 254 * entire groups database (possibly from multiple sources), but getgrent_r()
253 255 * is too inefficient. Most backends can do better if they know they're
254 256 * meant to scan all groups; hence there's a separate backend operation,
255 257 * NSS_DBOP_GROUP_BYMEMBER, which uses the nss_groupsbymem struct.
256 258 * Note that the normal return-value from such a backend, even when it
257 259 * successfully finds matching group entries, is NSS_NOTFOUND, because
258 260 * this tells the switch engine to keep searching in any more sources.
259 261 * In fact, the backends only return NSS_SUCCESS if they find enough
260 262 * matching entries that the gid_array is completely filled, in which
261 263 * case the switch engine should stop searching.
262 264 * If the force_slow_way field is set, the backend should eschew any cached
263 265 * information (e.g. the YP netid.byname map or the NIS+ cred.org_dir table)
264 266 * and should instead grind its way through the group map/table/whatever.
265 267 */
266 268
267 269 struct nss_groupsbymem { /* For _getgroupsbymember() */
268 270 /* in: */
269 271 const char *username;
270 272 gid_t *gid_array;
271 273 int maxgids;
272 274 int force_slow_way;
273 275 nss_str2ent_t str2ent;
274 276 nss_groupstr_t process_cstr;
275 277
276 278 /* in_out: */
277 279 int numgids;
278 280 };
279 281
280 282 /*
281 283 * The netgroup routines are handled as follows:
282 284 *
283 285 * Policy decision:
284 286 * If netgroup A refers to netgroup B, both must occur in the same
285 287 * source (other choices give very confusing semantics). This
286 288 * assumption is deeply embedded in the frontend and backends.
287 289 *
288 290 * - setnetgrent(), despite its name, is really a getXXXbyYYY operation:
289 291 * it takes a name and finds a netgroup with that name (see the
290 292 * nss_setnetgrent_args struct below). The "result" that it returns
291 293 * to the frontend is an nss_backend_t for a pseudo-backend that allows
292 294 * one to enumerate the members of that netgroup.
293 295 *
294 296 * - getnetgrent() calls the 'getXXXent' function in the pseudo-backend;
295 297 * it doesn't go through the switch engine at all. It uses the
296 298 * nss_getnetgrent_args struct below.
297 299 *
298 300 * - innetgr() is implemented on top of __multi_innetgr(), which replaces
299 301 * each (char *) argument of innetgr() with a counted vector of (char *).
300 302 * The semantics are the same as an OR of the results of innetgr()
301 303 * operations on each possible 4-tuple picked from the arguments, but
302 304 * it's possible to implement some cases more efficiently. This is
303 305 * important for mountd, which used to read YP netgroup.byhost directly
304 306 * in order to determine efficiently whether a given host belonged to any
305 307 * one of a long list of netgroups. Wildcarded arguments are indicated
306 308 * by a count of zero.
307 309 *
308 310 * - __multi_innetgr() uses the nss_innetgr_args struct. A backend whose
309 311 * source contains at least one of the groups listed in the 'groups'
310 312 * vector will return NSS_SUCCESS and will set the 'status' field to
311 313 * indicate whether any 4-tuple was satisfied. A backend will only
312 314 * return NSS_NOTFOUND if the source contained none of the groups
313 315 * listed in the 'groups' vector.
314 316 */
315 317
316 318 enum nss_netgr_argn { /* We need (machine, user, domain) triples */
317 319 NSS_NETGR_MACHINE = 0,
318 320 NSS_NETGR_USER = 1,
319 321 NSS_NETGR_DOMAIN = 2,
320 322 NSS_NETGR_N = 3
321 323 };
322 324
323 325 enum nss_netgr_status { /* Status from setnetgrent, multi_innetgr */
324 326 NSS_NETGR_FOUND = 0,
325 327 NSS_NETGR_NO = 1,
326 328 NSS_NETGR_NOMEM = 2
327 329 };
328 330
329 331 struct nss_setnetgrent_args {
330 332 /* in: */
331 333 const char *netgroup;
332 334 /* out: */
333 335 nss_backend_t *iterator; /* <==== Explain */
334 336 };
335 337
336 338 struct nss_getnetgrent_args {
337 339 /* in: */
338 340 char *buffer;
339 341 int buflen;
340 342 /* out: */
341 343 enum nss_netgr_status status;
342 344 char *retp[NSS_NETGR_N];
343 345 };
344 346
345 347 typedef unsigned nss_innetgr_argc; /* 0 means wildcard */
346 348 typedef char ** nss_innetgr_argv; /* === Do we really need these? */
347 349
348 350 struct nss_innetgr_1arg {
349 351 nss_innetgr_argc argc;
350 352 nss_innetgr_argv argv;
|
↓ open down ↓ |
190 lines elided |
↑ open up ↑ |
351 353 };
352 354
353 355 struct nss_innetgr_args {
354 356 /* in: */
355 357 struct nss_innetgr_1arg arg[NSS_NETGR_N];
356 358 struct nss_innetgr_1arg groups;
357 359 /* out: */
358 360 enum nss_netgr_status status;
359 361 };
360 362
363 +/* For NSS_DBOP_NETGROUP_BYNAME */
364 +struct nss_netgrent {
365 + char *netgr_name;
366 + char *netgr_members;
367 +};
368 +
361 369 /*
362 370 * nss_XbyY_buf_t -- structure containing the generic arguments passwd to
363 371 * getXXXbyYYY_r() and getXXXent_r() routines. The (void *) value points to
364 372 * a struct of the appropriate type, e.g. struct passwd or struct hostent.
365 373 *
366 374 * The functions that allocate and free these structures do no locking at
367 375 * all, since the routines that use them are inherently MT-unsafe anyway.
368 376 */
369 377
370 378 typedef struct {
371 379 void *result; /* "result" parameter to getXbyY_r() */
372 380 char *buffer; /* "buffer" " " */
373 381 int buflen; /* "buflen" " " */
374 382 } nss_XbyY_buf_t;
375 383
376 384 extern nss_XbyY_buf_t *_nss_XbyY_buf_alloc(int struct_size, int buffer_size);
377 385 extern void _nss_XbyY_buf_free(nss_XbyY_buf_t *);
378 386
379 387 #define NSS_XbyY_ALLOC(bufpp, str_size, buf_size) (\
380 388 (*bufpp) == 0 \
381 389 ? (*bufpp) = _nss_XbyY_buf_alloc(str_size, buf_size) \
382 390 : (*bufpp))
383 391
384 392 #define NSS_XbyY_FREE(bufpp) (_nss_XbyY_buf_free(*bufpp), (*bufpp) = 0)
385 393
386 394 /*
387 395 * The nss_XbyY_args_t struct contains all the information passed between
388 396 * frontends and backends for the getXbyY_r() and getXent() routines,
389 397 * including an nss_XbyY_buf_t and the lookup key (unused for getXXXent_r).
390 398 *
391 399 * The (*str2ent)() member converts a single XXXent from ASCII text to the
392 400 * appropriate struct, storing any pointer data (strings, in_addrs, arrays
393 401 * of these) in the buffer. The ASCII text is a counted string (*not* a
394 402 * zero-terminated string) whose length is specified by the instr_len
395 403 * parameter. The text is found at the address specified by instr and
396 404 * the string is treated as readonly. buffer and instr must be non-
397 405 * intersecting memory areas.
398 406 *
399 407 * With the exception of passwd, shadow and group, the text form for these
400 408 * databases allows trailing comments and arbitrary whitespace. The
401 409 * corresponding str2ent routine assumes that comments, leading whitespace
402 410 * and trailing whitespace have been stripped (and thus assumes that entries
403 411 * consisting only of these have been discarded).
404 412 *
405 413 * The text entries for "rpc" and for the databases described in <netdb.h>
406 414 * follow a common format (a canonical name with a possibly empty list
407 415 * of aliases, and some other value), albeit with minor variations.
408 416 * The function _nss_netdb_aliases() does most of the generic work involved
409 417 * in parsing and marshalling these into the buffer.
410 418 */
411 419
412 420 typedef union nss_XbyY_key { /* No tag; backend should know what to expect */
413 421 uid_t uid;
414 422 gid_t gid;
415 423 projid_t projid;
416 424 const char *name;
417 425 int number;
418 426 struct {
419 427 int net;
420 428 int type;
421 429 } netaddr;
422 430 struct {
423 431 const char *addr;
424 432 int len;
425 433 int type;
426 434 } hostaddr;
427 435 struct {
428 436 union {
429 437 const char *name;
430 438 int port;
431 439 } serv;
432 440 const char *proto;
433 441 } serv;
434 442 void *ether;
435 443 struct {
436 444 const char *name;
437 445 const char *keytype;
438 446 } pkey;
439 447 struct {
440 448 const char *name;
441 449 int af_family;
442 450 int flags;
443 451 } ipnode;
444 452 void *attrp; /* for the new attr databases */
445 453 } nss_XbyY_key_t;
446 454
447 455
448 456 typedef int (*nss_key2str_t)(void *buffer, size_t buflen,
449 457 nss_XbyY_key_t *key, size_t *len);
450 458
451 459
452 460 typedef struct nss_XbyY_args {
453 461
454 462 /* IN */
455 463 nss_XbyY_buf_t buf;
456 464 int stayopen;
457 465 /*
458 466 * Support for setXXXent(stayopen)
459 467 * Used only in hosts, protocols,
460 468 * networks, rpc, and services.
461 469 */
462 470 nss_str2ent_t str2ent;
463 471 union nss_XbyY_key key;
464 472
465 473 /* OUT */
466 474 void *returnval;
467 475 int erange;
468 476 int h_errno; /* For gethost*_r() */
469 477 nss_status_t status; /* from the backend last called */
470 478 /* NSS2 */
471 479 nss_key2str_t key2str; /* IN */
472 480 size_t returnlen; /* OUT */
473 481
474 482 /* NSCD/DOOR data */
475 483
476 484 /* ... buffer arena follows... */
477 485 } nss_XbyY_args_t;
478 486
479 487
480 488
481 489 /*
482 490 * nss/nscd v2 interface, packed buffer format
483 491 *
484 492 * A key component of the v2 name service switch is the redirection
485 493 * of all activity to nscd for actual processing. In the original
486 494 * switch most activity took place in each application, and the nscd
487 495 * cache component was an add-on optional interface.
488 496 *
489 497 * The nscd v1 format was a completely private interface that
490 498 * implemented specific bufferiing formats on a per getXbyY API basis.
491 499 *
492 500 * The nss/nscd v2 interface uses a common header and commonalizes
493 501 * the buffering format as consistently as possible. The general rule
494 502 * of thumb is that backends are required to assemble their results in
495 503 * "files based" format [IE the format used on a per result basis as
496 504 * returned by the files backend] and then call the standard str2ent
497 505 * interface. This is the original intended design as used in the files
498 506 * and nis backends.
499 507 *
500 508 * The benefit of this is that the application side library can assemble
501 509 * a request and provide a header and a variable length result buffer via
502 510 * a doors API, and then the nscd side switch can assemble a a getXbyY
503 511 * request providing the result buffer and a str2ent function that copies
504 512 * but does not unpack the result.
505 513 *
506 514 * This results is returned back via the door, and unpacked using the
507 515 * native library side str2ent interface.
508 516 *
509 517 * Additionally, the common header allows extensibility to add new
510 518 * getXbyYs, putXbyYs or other maintenance APIs to/from nscd without
511 519 * changing the existing "old style" backend interfaces.
512 520 *
513 521 * Finally new style getXbyY, putXbyY and backend interfaces can be
514 522 * by adding new operation requests to the header, while old style
515 523 * backwards compatability.
516 524 */
517 525
518 526 /*
519 527 * nss/nscd v2 callnumber definitions
520 528 */
521 529
522 530 /*
523 531 * callnumbers are separated by categories, such as:
524 532 * application to nscd requests, nscd to nscd requests,
525 533 * smf to nscd requests, etc.
526 534 */
527 535
528 536 #define NSCDV2CATMASK (0xFF000000)
529 537 #define NSCDV2CALLMASK (0x00FFFFFF)
530 538
531 539 /*
532 540 * nss/nscd v2 categories
533 541 */
534 542
535 543 #define NSCD_CALLCAT_APP ('a'<<24)
536 544 #define NSCD_CALLCAT_N2N ('n'<<24)
537 545
538 546 /* nscd v2 app-> nscd callnumbers */
539 547
540 548 #define NSCD_SEARCH (NSCD_CALLCAT_APP|0x01)
541 549 #define NSCD_SETENT (NSCD_CALLCAT_APP|0x02)
542 550 #define NSCD_GETENT (NSCD_CALLCAT_APP|0x03)
543 551 #define NSCD_ENDENT (NSCD_CALLCAT_APP|0x04)
544 552 #define NSCD_PUT (NSCD_CALLCAT_APP|0x05)
545 553 #define NSCD_GETHINTS (NSCD_CALLCAT_APP|0x06)
546 554
547 555 /* nscd v2 SETENT cookie markers */
548 556
549 557 #define NSCD_NEW_COOKIE 0
550 558 #define NSCD_LOCAL_COOKIE 1
551 559
552 560 /* nscd v2 header revision */
553 561 /* treated as 0xMMMMmmmm MMMM - Major Rev, mmmm - Minor Rev */
554 562
555 563 #define NSCD_HEADER_REV 0x00020000
556 564
557 565 /*
558 566 * ptr/uint data type used to calculate shared nscd buffer struct sizes
559 567 * sizes/offsets are arbitrarily limited to 32 bits for 32/64 compatibility
560 568 * datatype is 64 bits for possible pointer storage and future use
561 569 */
562 570
563 571 typedef uint64_t nssuint_t;
564 572
565 573 /*
566 574 * nscd v2 buffer layout overview
567 575 *
568 576 * The key interface to nscd moving forward is the doors interface
569 577 * between applications and nscd (NSCD_CALLCAT_APP), and nscd and
570 578 * it's children (NSCD_CALLCAT_N2N).
571 579 *
572 580 * Regardless of the interface used, the buffer layout is consistent.
573 581 * The General Layout is:
574 582 * [nss_pheader_t][IN key][OUT data results]{extend results}
575 583 *
576 584 * The header (nss_pheader_t) remains constant.
577 585 * Keys and key layouts vary between call numbers/requests
578 586 * NSCD_CALLCAT_APP use key layouts mimics/defines in nss_dbdefs.h
579 587 * NSCD_CALLCAT_NSN use layouts defined by nscd headers
580 588 * Data and data results vary between results
581 589 * NSCD_CALLCAT_APP return "file standard format" output buffers
582 590 * NSCD_CALLCAT_NSN return data defined by nscd headers
583 591 * extended results are optional and vary
584 592 *
585 593 */
586 594
587 595 /*
588 596 * nss_pheader_t -- buffer header structure that contains switch data
589 597 * "packed" by the client into a buffer suitable for transport over
590 598 * nscd's door, and that can be unpacked into a native form within
591 599 * nscd's switch. Capable of packing and unpacking data ans results.
592 600 *
593 601 * NSCD_HEADER_REV: 0x00020000 16 x uint64 = (128 byte header)
594 602 */
595 603
596 604 typedef struct {
597 605 uint32_t nsc_callnumber; /* packed buffer request */
598 606 uint32_t nss_dbop; /* old nss dbop */
599 607 uint32_t p_ruid; /* real uid */
600 608 uint32_t p_euid; /* effective uid */
601 609 uint32_t p_version; /* 0xMMMMmmmm Major/minor */
602 610 uint32_t p_status; /* nss_status_t */
603 611 uint32_t p_errno; /* errno */
604 612 uint32_t p_herrno; /* h_errno */
605 613 nssuint_t libpriv; /* reserved (for lib/client) */
606 614 nssuint_t pbufsiz; /* buffer size */
607 615 nssuint_t dbd_off; /* IN: db desc off */
608 616 nssuint_t dbd_len; /* IN: db desc len */
609 617 nssuint_t key_off; /* IN: key off */
610 618 nssuint_t key_len; /* IN: key len */
611 619 nssuint_t data_off; /* OUT: data off */
612 620 nssuint_t data_len; /* OUT: data len */
613 621 nssuint_t ext_off; /* OUT: extended results off */
614 622 nssuint_t ext_len; /* OUT: extended results len */
615 623 nssuint_t nscdpriv; /* reserved (for nscd) */
616 624 nssuint_t reserved1; /* reserved (TBD) */
617 625 } nss_pheader_t;
618 626
619 627 /*
620 628 * nss_pnetgr_t -- packed offset structure for holding keys used
621 629 * by innetgr (__multi_innetgr) key
622 630 * Key format is:
623 631 * nss_pnetgr_t
624 632 * (nssuint_t)[machine_argc] offsets to strings
625 633 * (nssuint_t)[user_argc] offsets to strings
626 634 * (nssuint_t)[domain_argc] offsets to strings
627 635 * (nssuint_t)[groups_argc] offsets to strings
628 636 * machine,user,domain,groups strings
629 637 */
630 638
631 639 typedef struct {
632 640 uint32_t machine_argc;
633 641 uint32_t user_argc;
634 642 uint32_t domain_argc;
635 643 uint32_t groups_argc;
636 644 nssuint_t machine_offv;
637 645 nssuint_t user_offv;
638 646 nssuint_t domain_offv;
639 647 nssuint_t groups_offv;
640 648 } nss_pnetgr_t;
641 649
642 650
643 651 /* status returned by the str2ent parsing routines */
644 652 #define NSS_STR_PARSE_SUCCESS 0
645 653 #define NSS_STR_PARSE_PARSE 1
646 654 #define NSS_STR_PARSE_ERANGE 2
647 655
648 656 #define NSS_XbyY_INIT(str, res, bufp, len, func) (\
649 657 (str)->buf.result = (res), \
650 658 (str)->buf.buffer = (bufp), \
651 659 (str)->buf.buflen = (len), \
652 660 (str)->stayopen = 0, \
653 661 (str)->str2ent = (func), \
654 662 (str)->key2str = NULL, \
655 663 (str)->returnval = 0, \
656 664 (str)->returnlen = 0, \
657 665 (str)->h_errno = 0, \
658 666 (str)->erange = 0)
659 667
660 668 #define NSS_XbyY_INIT_EXT(str, res, bufp, len, func, kfunc) (\
661 669 (str)->buf.result = (res), \
662 670 (str)->buf.buffer = (bufp), \
663 671 (str)->buf.buflen = (len), \
664 672 (str)->stayopen = 0, \
665 673 (str)->str2ent = (func), \
666 674 (str)->key2str = (kfunc), \
667 675 (str)->returnval = 0, \
668 676 (str)->returnlen = 0, \
669 677 (str)->h_errno = 0, \
670 678 (str)->erange = 0)
671 679
672 680 #define NSS_XbyY_FINI(str) _nss_XbyY_fini(str)
673 681
674 682 #define NSS_PACKED_CRED_CHECK(buf, ruid, euid) (\
675 683 ((nss_pheader_t *)(buf))->p_ruid == (ruid) && \
676 684 ((nss_pheader_t *)(buf))->p_euid == (euid))
677 685
678 686 extern void *_nss_XbyY_fini(nss_XbyY_args_t *);
679 687 extern char **_nss_netdb_aliases(const char *, int, char *, int);
680 688 extern nss_status_t nss_default_key2str(void *, size_t, nss_XbyY_args_t *,
681 689 const char *, int, size_t *);
682 690 extern nss_status_t nss_packed_arg_init(void *, size_t, nss_db_root_t *,
683 691 nss_db_initf_t *, int *,
684 692 nss_XbyY_args_t *);
685 693 extern nss_status_t nss_packed_context_init(void *, size_t, nss_db_root_t *,
686 694 nss_db_initf_t *, nss_getent_t **,
687 695 nss_XbyY_args_t *);
688 696 extern void nss_packed_set_status(void *, size_t, nss_status_t,
689 697 nss_XbyY_args_t *);
690 698 extern nss_status_t nss_packed_getkey(void *, size_t, char **, int *,
691 699 nss_XbyY_args_t *);
692 700
693 701 /*
694 702 * nss_dbop_t values for searches with various keys; values for
695 703 * destructor/endent/setent/getent are defined in <nss_common.h>
696 704 */
697 705
698 706 /*
699 707 * These are part of the "Over the wire" IE app->nscd getXbyY
700 708 * op for well known getXbyY's. Cannot use NSS_DBOP_X_Y directly
701 709 * because NSS_DBOP_next_iter is NOT an incrementing counter value
702 710 * it's a starting offset into an array value.
703 711 */
704 712
705 713 #define NSS_DBOP_X(x) ((x)<<16)
706 714 #define NSS_DBOP_XY(x, y) ((x)|(y))
707 715
708 716 #define NSS_DBOP_ALIASES NSS_DBOP_X(1)
709 717 #define NSS_DBOP_AUTOMOUNT NSS_DBOP_X(2)
710 718 #define NSS_DBOP_BOOTPARAMS NSS_DBOP_X(3)
711 719 #define NSS_DBOP_ETHERS NSS_DBOP_X(4)
712 720 #define NSS_DBOP_GROUP NSS_DBOP_X(5)
713 721 #define NSS_DBOP_HOSTS NSS_DBOP_X(6)
714 722 #define NSS_DBOP_IPNODES NSS_DBOP_X(7)
715 723 #define NSS_DBOP_NETGROUP NSS_DBOP_X(8)
716 724 #define NSS_DBOP_NETMASKS NSS_DBOP_X(9)
717 725 #define NSS_DBOP_NETWORKS NSS_DBOP_X(10)
718 726 #define NSS_DBOP_PASSWD NSS_DBOP_X(11)
719 727 #define NSS_DBOP_PRINTERS NSS_DBOP_X(12)
720 728 #define NSS_DBOP_PROJECT NSS_DBOP_X(13)
721 729 #define NSS_DBOP_PROTOCOLS NSS_DBOP_X(14)
722 730 #define NSS_DBOP_PUBLICKEY NSS_DBOP_X(15)
723 731 #define NSS_DBOP_RPC NSS_DBOP_X(16)
724 732 #define NSS_DBOP_SERVICES NSS_DBOP_X(17)
725 733 #define NSS_DBOP_AUDITUSER NSS_DBOP_X(18)
726 734 #define NSS_DBOP_AUTHATTR NSS_DBOP_X(19)
727 735 #define NSS_DBOP_EXECATTR NSS_DBOP_X(20)
728 736 #define NSS_DBOP_PROFATTR NSS_DBOP_X(21)
729 737 #define NSS_DBOP_USERATTR NSS_DBOP_X(22)
730 738
731 739 #define NSS_DBOP_GROUP_BYNAME (NSS_DBOP_next_iter)
732 740 #define NSS_DBOP_GROUP_BYGID (NSS_DBOP_GROUP_BYNAME + 1)
733 741 #define NSS_DBOP_GROUP_BYMEMBER (NSS_DBOP_GROUP_BYGID + 1)
734 742
735 743 #define NSS_DBOP_PASSWD_BYNAME (NSS_DBOP_next_iter)
736 744 #define NSS_DBOP_PASSWD_BYUID (NSS_DBOP_PASSWD_BYNAME + 1)
737 745
738 746 /* The "compat" backend requires that PASSWD_BYNAME == SHADOW_BYNAME */
739 747 /* (it also requires that both use key.name to pass the username). */
740 748 #define NSS_DBOP_SHADOW_BYNAME (NSS_DBOP_PASSWD_BYNAME)
741 749
742 750 #define NSS_DBOP_PROJECT_BYNAME (NSS_DBOP_next_iter)
743 751 #define NSS_DBOP_PROJECT_BYID (NSS_DBOP_PROJECT_BYNAME + 1)
744 752
745 753 #define NSS_DBOP_HOSTS_BYNAME (NSS_DBOP_next_iter)
746 754 #define NSS_DBOP_HOSTS_BYADDR (NSS_DBOP_HOSTS_BYNAME + 1)
747 755
748 756 #define NSS_DBOP_IPNODES_BYNAME (NSS_DBOP_next_iter)
749 757 #define NSS_DBOP_IPNODES_BYADDR (NSS_DBOP_IPNODES_BYNAME + 1)
750 758
751 759 /*
752 760 * NSS_DBOP_NAME_2ADDR
753 761 * NSS_DBOP_ADDR_2NAME
754 762 * : are defines for ipv6 api's
755 763 */
756 764
757 765 #define NSS_DBOP_NAME_2ADDR (NSS_DBOP_next_ipv6_iter)
758 766 #define NSS_DBOP_ADDR_2NAME (NSS_DBOP_NAME_2ADDR + 1)
759 767
760 768 #define NSS_DBOP_RPC_BYNAME (NSS_DBOP_next_iter)
761 769 #define NSS_DBOP_RPC_BYNUMBER (NSS_DBOP_RPC_BYNAME + 1)
762 770
763 771 #define NSS_DBOP_NETWORKS_BYNAME (NSS_DBOP_next_iter)
764 772 #define NSS_DBOP_NETWORKS_BYADDR (NSS_DBOP_NETWORKS_BYNAME + 1)
765 773
766 774 #define NSS_DBOP_SERVICES_BYNAME (NSS_DBOP_next_iter)
767 775 #define NSS_DBOP_SERVICES_BYPORT (NSS_DBOP_SERVICES_BYNAME + 1)
768 776
769 777 #define NSS_DBOP_PROTOCOLS_BYNAME (NSS_DBOP_next_iter)
770 778 #define NSS_DBOP_PROTOCOLS_BYNUMBER (NSS_DBOP_PROTOCOLS_BYNAME + 1)
771 779
|
↓ open down ↓ |
401 lines elided |
↑ open up ↑ |
772 780 #define NSS_DBOP_ETHERS_HOSTTON (NSS_DBOP_next_noiter)
773 781 #define NSS_DBOP_ETHERS_NTOHOST (NSS_DBOP_ETHERS_HOSTTON + 1)
774 782
775 783 #define NSS_DBOP_BOOTPARAMS_BYNAME (NSS_DBOP_next_noiter)
776 784 #define NSS_DBOP_NETMASKS_BYNET (NSS_DBOP_next_noiter)
777 785
778 786 #define NSS_DBOP_PRINTERS_BYNAME (NSS_DBOP_next_iter)
779 787
780 788 /*
781 789 * The "real" backend for netgroup (__multi_innetgr, setnetgrent)
790 + * Note: _BYNAME is implemented only in "files" (for now).
782 791 */
783 792 #define NSS_DBOP_NETGROUP_IN (NSS_DBOP_next_iter)
784 793 #define NSS_DBOP_NETGROUP_SET (NSS_DBOP_NETGROUP_IN + 1)
794 +#define NSS_DBOP_NETGROUP_BYNAME (NSS_DBOP_NETGROUP_SET + 1)
785 795
786 796 /*
787 797 * The backend for getpublickey and getsecretkey (getkeys)
788 798 */
789 799 #define NSS_DBOP_KEYS_BYNAME (NSS_DBOP_next_iter)
790 800
791 801 /*
792 802 * The pseudo-backend for netgroup (returned by setnetgrent) doesn't have
793 803 * any getXXXbyYYY operations, just the usual destr/end/set/get ops,
794 804 * so needs no definitions here.
795 805 */
796 806
797 807 #define NSS_DBOP_ATTRDB_BYNAME (NSS_DBOP_next_iter)
798 808
799 809 #define NSS_DBOP_AUDITUSER_BYNAME NSS_DBOP_ATTRDB_BYNAME
800 810 #define NSS_DBOP_AUTHATTR_BYNAME NSS_DBOP_ATTRDB_BYNAME
801 811 #define NSS_DBOP_EXECATTR_BYNAME NSS_DBOP_ATTRDB_BYNAME
802 812 #define NSS_DBOP_EXECATTR_BYID (NSS_DBOP_EXECATTR_BYNAME + 1)
803 813 #define NSS_DBOP_EXECATTR_BYNAMEID (NSS_DBOP_EXECATTR_BYID + 1)
804 814 #define NSS_DBOP_PROFATTR_BYNAME NSS_DBOP_ATTRDB_BYNAME
805 815 #define NSS_DBOP_USERATTR_BYNAME NSS_DBOP_ATTRDB_BYNAME
806 816
807 817 #define NSS_DBOP_TSOL_TP_BYNAME (NSS_DBOP_next_iter)
808 818 #define NSS_DBOP_TSOL_RH_BYADDR (NSS_DBOP_next_iter)
809 819 #define NSS_DBOP_TSOL_ZC_BYNAME (NSS_DBOP_next_iter)
810 820
811 821 /*
812 822 * Used all over in the switch code. The best home for it I can think of.
813 823 * Power-of-two alignments only.
814 824 */
815 825 #define ROUND_DOWN(n, align) (((uintptr_t)n) & ~((align) - 1l))
816 826 #define ROUND_UP(n, align) ROUND_DOWN(((uintptr_t)n) + (align) - 1l, \
817 827 (align))
818 828
819 829 #ifdef __cplusplus
820 830 }
821 831 #endif
822 832
823 833 #endif /* _NSS_DBDEFS_H */
|
↓ open down ↓ |
29 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX