1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright (c) 2013 Gary Mills
  23  *
  24  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  25  * Use is subject to license terms.
  26  *
  27  * Database-specific definitions for the getXXXbyYYY routines
  28  * (e.g getpwuid_r(), ether_ntohost()) that use the name-service switch.
  29  * Database-independent definitions are in <nss_common.h>
  30  *
  31  * Ideally, this is the only switch header file one would add things
  32  * to in order to support a new database.
  33  *
  34  * NOTE:  The interfaces documented in this file may change in a minor
  35  *        release.  It is intended that in the future a stronger committment
  36  *        will be made to these interface definitions which will guarantee
  37  *        them across minor releases.
  38  */
  39 
  40 #ifndef _NSS_DBDEFS_H
  41 #define _NSS_DBDEFS_H
  42 
  43 #include <sys/types.h>
  44 #include <unistd.h>
  45 #include <errno.h>
  46 #include <netdb.h>                /* MAXALIASES, MAXADDRS */
  47 #include <limits.h>               /* LOGNAME_MAX */
  48 #include <nss_common.h>
  49 
  50 #ifdef  __cplusplus
  51 extern "C" {
  52 #endif
  53 
  54 #ifndef NSS_INCLUDE_UNSAFE
  55 #define NSS_INCLUDE_UNSAFE      1       /* Build old, MT-unsafe interfaces, */
  56 #endif  /* NSS_INCLUDE_UNSAFE */        /*  e.g. getpwnam (c.f. getpwnam_r) */
  57 
  58 /*
  59  * Names of the well-known databases.
  60  */
  61 
  62 #define NSS_DBNAM_ALIASES       "aliases"       /* E-mail aliases, that is */
  63 #define NSS_DBNAM_AUTOMOUNT     "automount"
  64 #define NSS_DBNAM_BOOTPARAMS    "bootparams"
  65 #define NSS_DBNAM_ETHERS        "ethers"
  66 #define NSS_DBNAM_GROUP         "group"
  67 #define NSS_DBNAM_HOSTS         "hosts"
  68 #define NSS_DBNAM_IPNODES       "ipnodes"
  69 #define NSS_DBNAM_NETGROUP      "netgroup"
  70 #define NSS_DBNAM_NETMASKS      "netmasks"
  71 #define NSS_DBNAM_NETWORKS      "networks"
  72 #define NSS_DBNAM_PASSWD        "passwd"
  73 #define NSS_DBNAM_PRINTERS      "printers"
  74 #define NSS_DBNAM_PROJECT       "project"
  75 #define NSS_DBNAM_PROTOCOLS     "protocols"
  76 #define NSS_DBNAM_PUBLICKEY     "publickey"
  77 #define NSS_DBNAM_RPC           "rpc"
  78 #define NSS_DBNAM_SERVICES      "services"
  79 #define NSS_DBNAM_AUDITUSER     "audit_user"
  80 #define NSS_DBNAM_AUTHATTR      "auth_attr"
  81 #define NSS_DBNAM_EXECATTR      "exec_attr"
  82 #define NSS_DBNAM_PROFATTR      "prof_attr"
  83 #define NSS_DBNAM_USERATTR      "user_attr"
  84 
  85 #define NSS_DBNAM_TSOL_TP       "tnrhtp"
  86 #define NSS_DBNAM_TSOL_RH       "tnrhdb"
  87 #define NSS_DBNAM_TSOL_ZC       "tnzonecfg"
  88 
  89 /* getspnam() et al use the "passwd" config entry but the "shadow" backend */
  90 #define NSS_DBNAM_SHADOW        "shadow"
  91 
  92 /* The "compat" backend gets config entries for these pseudo-databases */
  93 #define NSS_DBNAM_PASSWD_COMPAT "passwd_compat"
  94 #define NSS_DBNAM_GROUP_COMPAT  "group_compat"
  95 
  96 /*
  97  * Default switch configuration, compiled into the front-ends.
  98  *
  99  * Absent good reasons to the contrary, this should be compatible with the
 100  * default /etc/nsswitch.conf file.
 101  */
 102 #define NSS_FILES_ONLY          "files"
 103 #define NSS_FILES_NS            "files nis"
 104 #define NSS_NS_FALLBACK         "nis [NOTFOUND=return] files"
 105 #define NSS_NS_ONLY             "nis"
 106 #define NSS_TSOL_FALLBACK       "files ldap"
 107 
 108 #define NSS_DEFCONF_ALIASES     NSS_FILES_NS
 109 #define NSS_DEFCONF_AUTOMOUNT   NSS_FILES_NS
 110 #define NSS_DEFCONF_BOOTPARAMS  NSS_NS_FALLBACK
 111 #define NSS_DEFCONF_ETHERS      NSS_NS_FALLBACK
 112 #define NSS_DEFCONF_GROUP       NSS_FILES_NS
 113 #define NSS_DEFCONF_HOSTS       NSS_NS_FALLBACK
 114 #define NSS_DEFCONF_IPNODES     NSS_NS_FALLBACK
 115 #define NSS_DEFCONF_NETGROUP    NSS_NS_ONLY
 116 #define NSS_DEFCONF_NETMASKS    NSS_NS_FALLBACK
 117 #define NSS_DEFCONF_NETWORKS    NSS_NS_FALLBACK
 118 #define NSS_DEFCONF_PASSWD      NSS_FILES_NS
 119 #define NSS_DEFCONF_PRINTERS    "user files nis"
 120 #define NSS_DEFCONF_PROJECT     NSS_FILES_NS
 121 #define NSS_DEFCONF_PROTOCOLS   NSS_NS_FALLBACK
 122 #define NSS_DEFCONF_PUBLICKEY   NSS_FILES_NS
 123 #define NSS_DEFCONF_RPC         NSS_NS_FALLBACK
 124 #define NSS_DEFCONF_SERVICES    NSS_FILES_NS    /* speeds up byname() */
 125 
 126 #define NSS_DEFCONF_GROUP_COMPAT        NSS_NS_ONLY
 127 #define NSS_DEFCONF_PASSWD_COMPAT       NSS_NS_ONLY
 128 
 129 #define NSS_DEFCONF_ATTRDB      NSS_FILES_NS
 130 
 131 #define NSS_DEFCONF_AUDITUSER   NSS_DEFCONF_PASSWD
 132 #define NSS_DEFCONF_USERATTR    NSS_DEFCONF_PASSWD
 133 #define NSS_DEFCONF_AUTHATTR    NSS_DEFCONF_ATTRDB
 134 #define NSS_DEFCONF_PROFATTR    NSS_DEFCONF_ATTRDB
 135 #define NSS_DEFCONF_EXECATTR    NSS_DEFCONF_PROFATTR
 136 
 137 #define NSS_DEFCONF_TSOL_TP     NSS_TSOL_FALLBACK
 138 #define NSS_DEFCONF_TSOL_RH     NSS_TSOL_FALLBACK
 139 #define NSS_DEFCONF_TSOL_ZC     NSS_TSOL_FALLBACK
 140 
 141 /*
 142  * Line-lengths that the "files" and "compat" backends will try to support.
 143  * It may be reasonable (even advisable) to use smaller values than these.
 144  */
 145 
 146 #define NSS_BUFSIZ              1024
 147 
 148 #define NSS_LINELEN_GROUP       ((NSS_BUFSIZ) * 8)
 149 #define NSS_LINELEN_HOSTS       ((NSS_BUFSIZ) * 8)
 150 #define NSS_LINELEN_IPNODES     ((NSS_BUFSIZ) * 8)
 151 #define NSS_LINELEN_NETMASKS    NSS_BUFSIZ
 152 #define NSS_LINELEN_NETWORKS    NSS_BUFSIZ
 153 #define NSS_LINELEN_PASSWD      NSS_BUFSIZ
 154 #define NSS_LINELEN_PRINTERS    NSS_BUFSIZ
 155 #define NSS_LINELEN_PROJECT     ((NSS_BUFSIZ) * 4)
 156 #define NSS_LINELEN_PROTOCOLS   NSS_BUFSIZ
 157 #define NSS_LINELEN_PUBLICKEY   NSS_BUFSIZ
 158 #define NSS_LINELEN_RPC         NSS_BUFSIZ
 159 #define NSS_LINELEN_SERVICES    NSS_BUFSIZ
 160 #define NSS_LINELEN_SHADOW      NSS_BUFSIZ
 161 #define NSS_LINELEN_ETHERS      NSS_BUFSIZ
 162 #define NSS_LINELEN_BOOTPARAMS  NSS_BUFSIZ
 163 
 164 #define NSS_LINELEN_ATTRDB      NSS_BUFSIZ
 165 
 166 #define NSS_LINELEN_AUDITUSER   NSS_LINELEN_ATTRDB
 167 #define NSS_LINELEN_AUTHATTR    NSS_LINELEN_ATTRDB
 168 #define NSS_LINELEN_EXECATTR    NSS_LINELEN_ATTRDB
 169 #define NSS_LINELEN_PROFATTR    NSS_LINELEN_ATTRDB
 170 #define NSS_LINELEN_USERATTR    NSS_LINELEN_ATTRDB
 171 
 172 #define NSS_MMAPLEN_EXECATTR    NSS_LINELEN_EXECATTR * 8
 173 
 174 #define NSS_LINELEN_TSOL        NSS_BUFSIZ
 175 
 176 #define NSS_LINELEN_TSOL_TP     NSS_LINELEN_TSOL
 177 #define NSS_LINELEN_TSOL_RH     NSS_LINELEN_TSOL
 178 #define NSS_LINELEN_TSOL_ZC     NSS_LINELEN_TSOL
 179 
 180 /*
 181  * Reasonable defaults for 'buflen' values passed to _r functions.  The BSD
 182  * and SunOS 4.x implementations of the getXXXbyYYY() functions used hard-
 183  * coded array sizes;  the values here are meant to handle anything that
 184  * those implementations handled.
 185  * === These might more reasonably go in <pwd.h>, <netdb.h> et al
 186  */
 187 
 188 #define NSS_BUFLEN_GROUP        NSS_LINELEN_GROUP
 189 #define NSS_BUFLEN_HOSTS        \
 190         (NSS_LINELEN_HOSTS + (MAXALIASES + MAXADDRS + 2) * sizeof (char *))
 191 #define NSS_BUFLEN_IPNODES      \
 192         (NSS_LINELEN_IPNODES + (MAXALIASES + MAXADDRS + 2) * sizeof (char *))
 193 #ifdef  LOGNAME_MAX_ILLUMOS
 194 #define NSS_BUFLEN_NETGROUP     (MAXHOSTNAMELEN * 2 + LOGNAME_MAX_ILLUMOS + 3)
 195 #else /* LOGNAME_MAX_ILLUMOS */
 196 #define NSS_BUFLEN_NETGROUP     (MAXHOSTNAMELEN * 2 + LOGNAME_MAX + 3)
 197 #endif /* LOGNAME_MAX_ILLUMOS */
 198 #define NSS_BUFLEN_NETWORKS     NSS_LINELEN_NETWORKS    /* === ?  + 35 * 4 */
 199 #define NSS_BUFLEN_PASSWD       NSS_LINELEN_PASSWD
 200 #define NSS_BUFLEN_PROJECT      (NSS_LINELEN_PROJECT + 800 * sizeof (char *))
 201 #define NSS_BUFLEN_PROTOCOLS    NSS_LINELEN_PROTOCOLS   /* === ?  + 35 * 4 */
 202 #define NSS_BUFLEN_PUBLICKEY    NSS_LINELEN_PUBLICKEY
 203 #define NSS_BUFLEN_RPC          NSS_LINELEN_RPC         /* === ?  + 35 * 4 */
 204 #define NSS_BUFLEN_SERVICES     NSS_LINELEN_SERVICES    /* === ?  + 35 * 4 */
 205 #define NSS_BUFLEN_SHADOW       NSS_LINELEN_SHADOW
 206 #define NSS_BUFLEN_ETHERS       NSS_LINELEN_ETHERS
 207 #define NSS_BUFLEN_BOOTPARAMS   NSS_LINELEN_BOOTPARAMS
 208 
 209 #define NSS_BUFLEN_ATTRDB       NSS_LINELEN_ATTRDB
 210 
 211 #define NSS_BUFLEN_AUDITUSER    NSS_BUFLEN_ATTRDB
 212 #define NSS_BUFLEN_AUTHATTR     NSS_BUFLEN_ATTRDB
 213 #define NSS_BUFLEN_EXECATTR     NSS_BUFLEN_ATTRDB
 214 #define NSS_BUFLEN_PROFATTR     NSS_BUFLEN_ATTRDB
 215 #define NSS_BUFLEN_USERATTR     ((NSS_BUFLEN_ATTRDB) * 8)
 216 
 217 #define NSS_BUFLEN_TSOL         NSS_LINELEN_TSOL
 218 #define NSS_BUFLEN_TSOL_TP      NSS_BUFLEN_TSOL
 219 #define NSS_BUFLEN_TSOL_RH      NSS_BUFLEN_TSOL
 220 #define NSS_BUFLEN_TSOL_ZC      NSS_BUFLEN_TSOL
 221 
 222 /*
 223  * Default cache door buffer size (2x largest buffer)
 224  */
 225 
 226 #define NSS_BUFLEN_DOOR         ((NSS_BUFSIZ) * 16)
 227 
 228 /*
 229  * Arguments and results, passed between the frontends and backends for
 230  * the well-known databases.  The getXbyY_r() and getXent_r() routines
 231  * use a common format that is further described below;  other routines
 232  * use their own formats.
 233  */
 234 
 235 /*
 236  * The nss_str2ent_t routine is the data marshaller for the nsswitch.
 237  * it converts 'native files' format into 'entry' format as part of the
 238  * return processing for a getXbyY interface.
 239  *
 240  * The nss_groupstr_t routine does the real work for any backend
 241  * that can supply a netgroup entry as a string in /etc/group format
 242  */
 243 #if defined(__STDC__)
 244 typedef int             (*nss_str2ent_t)(const char *in, int inlen,
 245                                 void *ent, char *buf, int buflen);
 246 
 247 struct nss_groupsbymem;         /* forward definition */
 248 typedef nss_status_t    (*nss_groupstr_t)(const char *instr, int inlen,
 249                                 struct nss_groupsbymem *);
 250 #else
 251 typedef int             (*nss_str2ent_t)();
 252 typedef nss_status_t    (*nss_groupstr_t)();
 253 #endif
 254 
 255 /*
 256  * The initgroups() function [see initgroups(3c)] needs to find all the
 257  *   groups to which a given user belongs.  To do this it calls
 258  *   _getgroupsbymember(), which is part of the frontend for the "group"
 259  *   database.
 260  * We want the same effect as if we used getgrent_r() to enumerate the
 261  *   entire groups database (possibly from multiple sources), but getgrent_r()
 262  *   is too inefficient.  Most backends can do better if they know they're
 263  *   meant to scan all groups;  hence there's a separate backend operation,
 264  *   NSS_DBOP_GROUP_BYMEMBER, which uses the nss_groupsbymem struct.
 265  * Note that the normal return-value from such a backend, even when it
 266  *   successfully finds matching group entries, is NSS_NOTFOUND, because
 267  *   this tells the switch engine to keep searching in any more sources.
 268  *   In fact, the backends only return NSS_SUCCESS if they find enough
 269  *   matching entries that the gid_array is completely filled, in which
 270  *   case the switch engine should stop searching.
 271  * If the force_slow_way field is set, the backend should eschew any cached
 272  *   information (e.g. the YP netid.byname map or the NIS+ cred.org_dir table)
 273  *   and should instead grind its way through the group map/table/whatever.
 274  */
 275 
 276 struct nss_groupsbymem {                        /* For _getgroupsbymember() */
 277 /* in: */
 278         const char      *username;
 279         gid_t           *gid_array;
 280         int             maxgids;
 281         int             force_slow_way;
 282         nss_str2ent_t   str2ent;
 283         nss_groupstr_t  process_cstr;
 284 
 285 /* in_out: */
 286         int             numgids;
 287 };
 288 
 289 /*
 290  * The netgroup routines are handled as follows:
 291  *
 292  *   Policy decision:
 293  *      If netgroup A refers to netgroup B, both must occur in the same
 294  *      source (other choices give very confusing semantics).  This
 295  *      assumption is deeply embedded in the frontend and backends.
 296  *
 297  *    - setnetgrent(), despite its name, is really a getXXXbyYYY operation:
 298  *      it takes a name and finds a netgroup with that name (see the
 299  *      nss_setnetgrent_args struct below).  The "result" that it returns
 300  *      to the frontend is an nss_backend_t for a pseudo-backend that allows
 301  *      one to enumerate the members of that netgroup.
 302  *
 303  *    - getnetgrent() calls the 'getXXXent' function in the pseudo-backend;
 304  *      it doesn't go through the switch engine at all.  It uses the
 305  *      nss_getnetgrent_args struct below.
 306  *
 307  *    - innetgr() is implemented on top of __multi_innetgr(), which replaces
 308  *      each (char *) argument of innetgr() with a counted vector of (char *).
 309  *      The semantics are the same as an OR of the results of innetgr()
 310  *      operations on each possible 4-tuple picked from the arguments, but
 311  *      it's possible to implement some cases more efficiently.  This is
 312  *      important for mountd, which used to read YP netgroup.byhost directly
 313  *      in order to determine efficiently whether a given host belonged to any
 314  *      one of a long list of netgroups.  Wildcarded arguments are indicated
 315  *      by a count of zero.
 316  *
 317  *    - __multi_innetgr() uses the nss_innetgr_args struct.  A backend whose
 318  *      source contains at least one of the groups listed in the 'groups'
 319  *      vector will return NSS_SUCCESS and will set the 'status' field to
 320  *      indicate whether any 4-tuple was satisfied.  A backend will only
 321  *      return NSS_NOTFOUND if the source contained none of the groups
 322  *      listed in the 'groups' vector.
 323  */
 324 
 325 enum nss_netgr_argn {           /* We need (machine, user, domain) triples */
 326         NSS_NETGR_MACHINE = 0,
 327         NSS_NETGR_USER = 1,
 328         NSS_NETGR_DOMAIN = 2,
 329         NSS_NETGR_N = 3
 330 };
 331 
 332 enum nss_netgr_status {         /* Status from setnetgrent, multi_innetgr */
 333         NSS_NETGR_FOUND = 0,
 334         NSS_NETGR_NO = 1,
 335         NSS_NETGR_NOMEM = 2
 336 };
 337 
 338 struct nss_setnetgrent_args {
 339 /* in: */
 340         const char              *netgroup;
 341 /* out: */
 342         nss_backend_t           *iterator;      /* <==== Explain */
 343 };
 344 
 345 struct nss_getnetgrent_args {
 346 /* in: */
 347         char                    *buffer;
 348         int                     buflen;
 349 /* out: */
 350         enum nss_netgr_status   status;
 351         char                    *retp[NSS_NETGR_N];
 352 };
 353 
 354 typedef unsigned        nss_innetgr_argc;    /* 0 means wildcard */
 355 typedef char **         nss_innetgr_argv;    /* === Do we really need these? */
 356 
 357 struct nss_innetgr_1arg {
 358         nss_innetgr_argc        argc;
 359         nss_innetgr_argv        argv;
 360 };
 361 
 362 struct nss_innetgr_args {
 363 /* in: */
 364         struct nss_innetgr_1arg arg[NSS_NETGR_N];
 365         struct nss_innetgr_1arg groups;
 366 /* out: */
 367         enum nss_netgr_status   status;
 368 };
 369 
 370 /*
 371  * nss_XbyY_buf_t -- structure containing the generic arguments passwd to
 372  *   getXXXbyYYY_r() and getXXXent_r() routines.  The (void *) value points to
 373  *   a struct of the appropriate type, e.g. struct passwd or struct hostent.
 374  *
 375  * The functions that allocate and free these structures do no locking at
 376  * all, since the routines that use them are inherently MT-unsafe anyway.
 377  */
 378 
 379 typedef struct {
 380         void            *result;        /* "result" parameter to getXbyY_r() */
 381         char            *buffer;        /* "buffer"     "             "      */
 382         int             buflen;         /* "buflen"     "             "      */
 383 } nss_XbyY_buf_t;
 384 
 385 #if defined(__STDC__)
 386 extern nss_XbyY_buf_t   *_nss_XbyY_buf_alloc(int struct_size, int buffer_size);
 387 extern void              _nss_XbyY_buf_free(nss_XbyY_buf_t *);
 388 #else
 389 extern nss_XbyY_buf_t   *_nss_XbyY_buf_alloc();
 390 extern void              _nss_XbyY_buf_free();
 391 #endif
 392 
 393 #define NSS_XbyY_ALLOC(bufpp, str_size, buf_size)               (\
 394         (*bufpp) == 0                                           \
 395         ? (*bufpp) = _nss_XbyY_buf_alloc(str_size, buf_size)    \
 396         : (*bufpp))
 397 
 398 #define NSS_XbyY_FREE(bufpp)    (_nss_XbyY_buf_free(*bufpp), (*bufpp) = 0)
 399 
 400 /*
 401  * The nss_XbyY_args_t struct contains all the information passed between
 402  * frontends and backends for the getXbyY_r() and getXent() routines,
 403  * including an nss_XbyY_buf_t and the lookup key (unused for getXXXent_r).
 404  *
 405  * The (*str2ent)() member converts a single XXXent from ASCII text to the
 406  * appropriate struct, storing any pointer data (strings, in_addrs, arrays
 407  * of these) in the buffer.  The ASCII text is a counted string (*not* a
 408  * zero-terminated string) whose length is specified by the instr_len
 409  * parameter.  The text is found at the address specified by instr and
 410  * the string is treated as readonly. buffer and instr must be non-
 411  * intersecting memory areas.
 412  *
 413  * With the exception of passwd, shadow and group, the text form for these
 414  * databases allows trailing comments and arbitrary whitespace.  The
 415  * corresponding str2ent routine assumes that comments, leading whitespace
 416  * and trailing whitespace have been stripped (and thus assumes that entries
 417  * consisting only of these have been discarded).
 418  *
 419  * The text entries for "rpc" and for the databases described in <netdb.h>
 420  * follow a common format (a canonical name with a possibly empty list
 421  * of aliases, and some other value), albeit with minor variations.
 422  * The function _nss_netdb_aliases() does most of the generic work involved
 423  * in parsing and marshalling these into the buffer.
 424  */
 425 
 426 typedef union nss_XbyY_key {    /* No tag; backend should know what to expect */
 427         uid_t           uid;
 428         gid_t           gid;
 429         projid_t        projid;
 430         const char      *name;
 431         int             number;
 432         struct {
 433                 int     net;
 434                 int             type;
 435         }       netaddr;
 436         struct {
 437                 const char      *addr;
 438                 int             len;
 439                 int             type;
 440         }       hostaddr;
 441         struct {
 442                 union {
 443                         const char      *name;
 444                         int             port;
 445                 }               serv;
 446                 const char      *proto;
 447         }       serv;
 448         void *ether;
 449         struct {
 450                 const char      *name;
 451                 const char      *keytype;
 452         } pkey;
 453         struct {
 454                 const char      *name;
 455                 int             af_family;
 456                 int             flags;
 457         }       ipnode;
 458         void *attrp;    /* for the new attr databases */
 459 } nss_XbyY_key_t;
 460 
 461 
 462 #if defined(__STDC__)
 463 typedef int             (*nss_key2str_t)(void *buffer, size_t buflen,
 464                                 nss_XbyY_key_t *key, size_t *len);
 465 #else
 466 typedef int             (*nss_key2str_t)();
 467 #endif
 468 
 469 
 470 typedef struct nss_XbyY_args {
 471 
 472 /* IN */
 473         nss_XbyY_buf_t  buf;
 474         int             stayopen;
 475                         /*
 476                          * Support for setXXXent(stayopen)
 477                          * Used only in hosts, protocols,
 478                          * networks, rpc, and services.
 479                          */
 480         nss_str2ent_t   str2ent;
 481         union nss_XbyY_key key;
 482 
 483 /* OUT */
 484         void            *returnval;
 485         int             erange;
 486         int             h_errno;        /* For gethost*_r() */
 487         nss_status_t    status;         /* from the backend last called */
 488 /* NSS2 */
 489         nss_key2str_t   key2str;        /* IN */
 490         size_t          returnlen;      /* OUT */
 491 
 492 /* NSCD/DOOR data */
 493 
 494 /* ... buffer arena follows... */
 495 } nss_XbyY_args_t;
 496 
 497 
 498 
 499 /*
 500  * nss/nscd v2 interface, packed buffer format
 501  *
 502  * A key component of the v2 name service switch is the redirection
 503  * of all activity to nscd for actual processing.  In the original
 504  * switch most activity took place in each application, and the nscd
 505  * cache component was an add-on optional interface.
 506  *
 507  * The nscd v1 format was a completely private interface that
 508  * implemented specific bufferiing formats on a per getXbyY API basis.
 509  *
 510  * The nss/nscd v2 interface uses a common header and commonalizes
 511  * the buffering format as consistently as possible.  The general rule
 512  * of thumb is that backends are required to assemble their results in
 513  * "files based" format [IE the format used on a per result basis as
 514  * returned by the files backend] and then call the standard str2ent
 515  * interface.  This is the original intended design as used in the files
 516  * and nis backends.
 517  *
 518  * The benefit of this is that the application side library can assemble
 519  * a request and provide a header and a variable length result buffer via
 520  * a doors API, and then the nscd side switch can assemble a a getXbyY
 521  * request providing the result buffer and a str2ent function that copies
 522  * but does not unpack the result.
 523  *
 524  * This results is returned back via the door, and unpacked using the
 525  * native library side str2ent interface.
 526  *
 527  * Additionally, the common header allows extensibility to add new
 528  * getXbyYs, putXbyYs or other maintenance APIs to/from nscd without
 529  * changing the existing "old style" backend interfaces.
 530  *
 531  * Finally new style getXbyY, putXbyY and backend interfaces can be
 532  * by adding new operation requests to the header, while old style
 533  * backwards compatability.
 534  */
 535 
 536 /*
 537  * nss/nscd v2 callnumber definitions
 538  */
 539 
 540 /*
 541  * callnumbers are separated by categories, such as:
 542  * application to nscd requests, nscd to nscd requests,
 543  * smf to nscd requests, etc.
 544  */
 545 
 546 #define NSCDV2CATMASK   (0xFF000000)
 547 #define NSCDV2CALLMASK  (0x00FFFFFF)
 548 
 549 /*
 550  * nss/nscd v2 categories
 551  */
 552 
 553 #define NSCD_CALLCAT_APP        ('a'<<24)
 554 #define NSCD_CALLCAT_N2N        ('n'<<24)
 555 
 556 /* nscd v2 app-> nscd callnumbers */
 557 
 558 #define NSCD_SEARCH     (NSCD_CALLCAT_APP|0x01)
 559 #define NSCD_SETENT     (NSCD_CALLCAT_APP|0x02)
 560 #define NSCD_GETENT     (NSCD_CALLCAT_APP|0x03)
 561 #define NSCD_ENDENT     (NSCD_CALLCAT_APP|0x04)
 562 #define NSCD_PUT        (NSCD_CALLCAT_APP|0x05)
 563 #define NSCD_GETHINTS   (NSCD_CALLCAT_APP|0x06)
 564 
 565 /* nscd v2 SETENT cookie markers */
 566 
 567 #define NSCD_NEW_COOKIE         0
 568 #define NSCD_LOCAL_COOKIE       1
 569 
 570 /* nscd v2 header revision */
 571 /* treated as 0xMMMMmmmm MMMM - Major Rev, mmmm - Minor Rev */
 572 
 573 #define NSCD_HEADER_REV         0x00020000
 574 
 575 /*
 576  * ptr/uint data type used to calculate shared nscd buffer struct sizes
 577  * sizes/offsets are arbitrarily limited to 32 bits for 32/64 compatibility
 578  * datatype is 64 bits for possible pointer storage and future use
 579  */
 580 
 581 typedef uint64_t        nssuint_t;
 582 
 583 /*
 584  * nscd v2 buffer layout overview
 585  *
 586  * The key interface to nscd moving forward is the doors interface
 587  * between applications and nscd (NSCD_CALLCAT_APP), and nscd and
 588  * it's children (NSCD_CALLCAT_N2N).
 589  *
 590  * Regardless of the interface used, the buffer layout is consistent.
 591  * The General Layout is:
 592  *   [nss_pheader_t][IN key][OUT data results]{extend results}
 593  *
 594  *   The header (nss_pheader_t) remains constant.
 595  *   Keys and key layouts vary between call numbers/requests
 596  *      NSCD_CALLCAT_APP use key layouts mimics/defines in nss_dbdefs.h
 597  *      NSCD_CALLCAT_NSN use layouts defined by nscd headers
 598  *   Data and data results vary between results
 599  *      NSCD_CALLCAT_APP return "file standard format" output buffers
 600  *      NSCD_CALLCAT_NSN return data defined by nscd headers
 601  *   extended results are optional and vary
 602  *
 603  */
 604 
 605 /*
 606  * nss_pheader_t -- buffer header structure that contains switch data
 607  * "packed" by the client into a buffer suitable for transport over
 608  * nscd's door, and that can be unpacked into a native form within
 609  * nscd's switch.  Capable of packing and unpacking data ans results.
 610  *
 611  * NSCD_HEADER_REV: 0x00020000          16 x uint64 = (128 byte header)
 612  */
 613 
 614 typedef struct {
 615         uint32_t        nsc_callnumber;         /* packed buffer request */
 616         uint32_t        nss_dbop;               /* old nss dbop */
 617         uint32_t        p_ruid;                 /* real uid */
 618         uint32_t        p_euid;                 /* effective uid */
 619         uint32_t        p_version;              /* 0xMMMMmmmm Major/minor */
 620         uint32_t        p_status;               /* nss_status_t */
 621         uint32_t        p_errno;                /* errno */
 622         uint32_t        p_herrno;               /* h_errno */
 623         nssuint_t       libpriv;                /* reserved (for lib/client) */
 624         nssuint_t       pbufsiz;                /* buffer size */
 625         nssuint_t       dbd_off;                /* IN: db desc off */
 626         nssuint_t       dbd_len;                /* IN: db desc len */
 627         nssuint_t       key_off;                /* IN: key off */
 628         nssuint_t       key_len;                /* IN: key len */
 629         nssuint_t       data_off;               /* OUT: data off */
 630         nssuint_t       data_len;               /* OUT: data len */
 631         nssuint_t       ext_off;                /* OUT: extended results off */
 632         nssuint_t       ext_len;                /* OUT: extended results len */
 633         nssuint_t       nscdpriv;               /* reserved (for nscd) */
 634         nssuint_t       reserved1;              /* reserved (TBD) */
 635 } nss_pheader_t;
 636 
 637 /*
 638  * nss_pnetgr_t -- packed offset structure for holding keys used
 639  * by innetgr (__multi_innetgr) key
 640  * Key format is:
 641  *    nss_pnetgr_t
 642  *     (nssuint_t)[machine_argc] offsets to strings
 643  *     (nssuint_t)[user_argc] offsets to strings
 644  *     (nssuint_t)[domain_argc] offsets to strings
 645  *     (nssuint_t)[groups_argc] offsets to strings
 646  *     machine,user,domain,groups strings
 647  */
 648 
 649 typedef struct {
 650         uint32_t        machine_argc;
 651         uint32_t        user_argc;
 652         uint32_t        domain_argc;
 653         uint32_t        groups_argc;
 654         nssuint_t       machine_offv;
 655         nssuint_t       user_offv;
 656         nssuint_t       domain_offv;
 657         nssuint_t       groups_offv;
 658 } nss_pnetgr_t;
 659 
 660 
 661 /* status returned by the str2ent parsing routines */
 662 #define NSS_STR_PARSE_SUCCESS 0
 663 #define NSS_STR_PARSE_PARSE 1
 664 #define NSS_STR_PARSE_ERANGE 2
 665 
 666 #define NSS_XbyY_INIT(str, res, bufp, len, func)        (\
 667         (str)->buf.result = (res),                   \
 668         (str)->buf.buffer = (bufp),                  \
 669         (str)->buf.buflen = (len),                   \
 670         (str)->stayopen  = 0,                                \
 671         (str)->str2ent  = (func),                    \
 672         (str)->key2str  = NULL,                              \
 673         (str)->returnval = 0,                                \
 674         (str)->returnlen = 0,                                \
 675         (str)->h_errno    = 0,                               \
 676         (str)->erange    = 0)
 677 
 678 #define NSS_XbyY_INIT_EXT(str, res, bufp, len, func, kfunc)     (\
 679         (str)->buf.result = (res),                   \
 680         (str)->buf.buffer = (bufp),                  \
 681         (str)->buf.buflen = (len),                   \
 682         (str)->stayopen  = 0,                                \
 683         (str)->str2ent  = (func),                    \
 684         (str)->key2str  = (kfunc),                   \
 685         (str)->returnval = 0,                                \
 686         (str)->returnlen = 0,                                \
 687         (str)->h_errno    = 0,                               \
 688         (str)->erange    = 0)
 689 
 690 #define NSS_XbyY_FINI(str)                              (\
 691         (str)->returnval == 0 && (str)->erange && (errno = ERANGE), \
 692         (str)->returnval)
 693 
 694 #define NSS_PACKED_CRED_CHECK(buf, ruid, euid)          (\
 695         ((nss_pheader_t *)(buf))->p_ruid == (ruid) && \
 696         ((nss_pheader_t *)(buf))->p_euid == (euid))
 697 
 698 #if defined(__STDC__)
 699 extern char             **_nss_netdb_aliases(const char *, int, char *, int);
 700 extern nss_status_t     nss_default_key2str(void *, size_t, nss_XbyY_args_t *,
 701                                         const char *, int, size_t *);
 702 extern nss_status_t     nss_packed_arg_init(void *, size_t, nss_db_root_t *,
 703                                         nss_db_initf_t *, int *,
 704                                         nss_XbyY_args_t *);
 705 extern nss_status_t     nss_packed_context_init(void *, size_t, nss_db_root_t *,
 706                                         nss_db_initf_t *, nss_getent_t **,
 707                                         nss_XbyY_args_t *);
 708 extern void             nss_packed_set_status(void *, size_t, nss_status_t,
 709                                         nss_XbyY_args_t *);
 710 extern nss_status_t     nss_packed_getkey(void *, size_t, char **, int *,
 711                                         nss_XbyY_args_t *);
 712 #else
 713 extern char             **_nss_netdb_aliases();
 714 extern int              nss_default_key2str();
 715 extern nss_status_t     nss_packed_arg_init();
 716 extern nss_status_t     nss_packed_context_init();
 717 extern void             nss_packed_set_status();
 718 extern nss_status_t     nss_packed_getkey();
 719 #endif
 720 
 721 /*
 722  * nss_dbop_t values for searches with various keys;  values for
 723  * destructor/endent/setent/getent are defined in <nss_common.h>
 724  */
 725 
 726 /*
 727  * These are part of the "Over the wire" IE app->nscd getXbyY
 728  * op for well known getXbyY's.  Cannot use NSS_DBOP_X_Y directly
 729  * because NSS_DBOP_next_iter is NOT an incrementing counter value
 730  * it's a starting offset into an array value.
 731  */
 732 
 733 #define NSS_DBOP_X(x)                   ((x)<<16)
 734 #define NSS_DBOP_XY(x, y)               ((x)|(y))
 735 
 736 #define NSS_DBOP_ALIASES        NSS_DBOP_X(1)
 737 #define NSS_DBOP_AUTOMOUNT      NSS_DBOP_X(2)
 738 #define NSS_DBOP_BOOTPARAMS     NSS_DBOP_X(3)
 739 #define NSS_DBOP_ETHERS         NSS_DBOP_X(4)
 740 #define NSS_DBOP_GROUP          NSS_DBOP_X(5)
 741 #define NSS_DBOP_HOSTS          NSS_DBOP_X(6)
 742 #define NSS_DBOP_IPNODES        NSS_DBOP_X(7)
 743 #define NSS_DBOP_NETGROUP       NSS_DBOP_X(8)
 744 #define NSS_DBOP_NETMASKS       NSS_DBOP_X(9)
 745 #define NSS_DBOP_NETWORKS       NSS_DBOP_X(10)
 746 #define NSS_DBOP_PASSWD         NSS_DBOP_X(11)
 747 #define NSS_DBOP_PRINTERS       NSS_DBOP_X(12)
 748 #define NSS_DBOP_PROJECT        NSS_DBOP_X(13)
 749 #define NSS_DBOP_PROTOCOLS      NSS_DBOP_X(14)
 750 #define NSS_DBOP_PUBLICKEY      NSS_DBOP_X(15)
 751 #define NSS_DBOP_RPC            NSS_DBOP_X(16)
 752 #define NSS_DBOP_SERVICES       NSS_DBOP_X(17)
 753 #define NSS_DBOP_AUDITUSER      NSS_DBOP_X(18)
 754 #define NSS_DBOP_AUTHATTR       NSS_DBOP_X(19)
 755 #define NSS_DBOP_EXECATTR       NSS_DBOP_X(20)
 756 #define NSS_DBOP_PROFATTR       NSS_DBOP_X(21)
 757 #define NSS_DBOP_USERATTR       NSS_DBOP_X(22)
 758 
 759 #define NSS_DBOP_GROUP_BYNAME           (NSS_DBOP_next_iter)
 760 #define NSS_DBOP_GROUP_BYGID            (NSS_DBOP_GROUP_BYNAME + 1)
 761 #define NSS_DBOP_GROUP_BYMEMBER         (NSS_DBOP_GROUP_BYGID  + 1)
 762 
 763 #define NSS_DBOP_PASSWD_BYNAME          (NSS_DBOP_next_iter)
 764 #define NSS_DBOP_PASSWD_BYUID           (NSS_DBOP_PASSWD_BYNAME + 1)
 765 
 766 /* The "compat" backend requires that PASSWD_BYNAME == SHADOW_BYNAME */
 767 /*   (it also requires that both use key.name to pass the username). */
 768 #define NSS_DBOP_SHADOW_BYNAME          (NSS_DBOP_PASSWD_BYNAME)
 769 
 770 #define NSS_DBOP_PROJECT_BYNAME         (NSS_DBOP_next_iter)
 771 #define NSS_DBOP_PROJECT_BYID           (NSS_DBOP_PROJECT_BYNAME + 1)
 772 
 773 #define NSS_DBOP_HOSTS_BYNAME           (NSS_DBOP_next_iter)
 774 #define NSS_DBOP_HOSTS_BYADDR           (NSS_DBOP_HOSTS_BYNAME + 1)
 775 
 776 #define NSS_DBOP_IPNODES_BYNAME         (NSS_DBOP_next_iter)
 777 #define NSS_DBOP_IPNODES_BYADDR         (NSS_DBOP_IPNODES_BYNAME + 1)
 778 
 779 /*
 780  * NSS_DBOP_NAME_2ADDR
 781  * NSS_DBOP_ADDR_2NAME
 782  *                                : are defines for ipv6 api's
 783  */
 784 
 785 #define NSS_DBOP_NAME_2ADDR             (NSS_DBOP_next_ipv6_iter)
 786 #define NSS_DBOP_ADDR_2NAME             (NSS_DBOP_NAME_2ADDR + 1)
 787 
 788 #define NSS_DBOP_RPC_BYNAME             (NSS_DBOP_next_iter)
 789 #define NSS_DBOP_RPC_BYNUMBER           (NSS_DBOP_RPC_BYNAME + 1)
 790 
 791 #define NSS_DBOP_NETWORKS_BYNAME                (NSS_DBOP_next_iter)
 792 #define NSS_DBOP_NETWORKS_BYADDR                (NSS_DBOP_NETWORKS_BYNAME + 1)
 793 
 794 #define NSS_DBOP_SERVICES_BYNAME        (NSS_DBOP_next_iter)
 795 #define NSS_DBOP_SERVICES_BYPORT        (NSS_DBOP_SERVICES_BYNAME + 1)
 796 
 797 #define NSS_DBOP_PROTOCOLS_BYNAME       (NSS_DBOP_next_iter)
 798 #define NSS_DBOP_PROTOCOLS_BYNUMBER     (NSS_DBOP_PROTOCOLS_BYNAME + 1)
 799 
 800 #define NSS_DBOP_ETHERS_HOSTTON (NSS_DBOP_next_noiter)
 801 #define NSS_DBOP_ETHERS_NTOHOST (NSS_DBOP_ETHERS_HOSTTON + 1)
 802 
 803 #define NSS_DBOP_BOOTPARAMS_BYNAME      (NSS_DBOP_next_noiter)
 804 #define NSS_DBOP_NETMASKS_BYNET (NSS_DBOP_next_noiter)
 805 
 806 #define NSS_DBOP_PRINTERS_BYNAME        (NSS_DBOP_next_iter)
 807 
 808 /*
 809  * The "real" backend for netgroup (__multi_innetgr, setnetgrent)
 810  */
 811 #define NSS_DBOP_NETGROUP_IN            (NSS_DBOP_next_iter)
 812 #define NSS_DBOP_NETGROUP_SET           (NSS_DBOP_NETGROUP_IN  + 1)
 813 
 814 /*
 815  * The backend for getpublickey and getsecretkey (getkeys)
 816  */
 817 #define NSS_DBOP_KEYS_BYNAME            (NSS_DBOP_next_iter)
 818 
 819 /*
 820  * The pseudo-backend for netgroup (returned by setnetgrent) doesn't have
 821  *   any getXXXbyYYY operations, just the usual destr/end/set/get ops,
 822  *   so needs no definitions here.
 823  */
 824 
 825 #define NSS_DBOP_ATTRDB_BYNAME          (NSS_DBOP_next_iter)
 826 
 827 #define NSS_DBOP_AUDITUSER_BYNAME       NSS_DBOP_ATTRDB_BYNAME
 828 #define NSS_DBOP_AUTHATTR_BYNAME        NSS_DBOP_ATTRDB_BYNAME
 829 #define NSS_DBOP_EXECATTR_BYNAME        NSS_DBOP_ATTRDB_BYNAME
 830 #define NSS_DBOP_EXECATTR_BYID          (NSS_DBOP_EXECATTR_BYNAME + 1)
 831 #define NSS_DBOP_EXECATTR_BYNAMEID      (NSS_DBOP_EXECATTR_BYID + 1)
 832 #define NSS_DBOP_PROFATTR_BYNAME        NSS_DBOP_ATTRDB_BYNAME
 833 #define NSS_DBOP_USERATTR_BYNAME        NSS_DBOP_ATTRDB_BYNAME
 834 
 835 #define NSS_DBOP_TSOL_TP_BYNAME         (NSS_DBOP_next_iter)
 836 #define NSS_DBOP_TSOL_RH_BYADDR         (NSS_DBOP_next_iter)
 837 #define NSS_DBOP_TSOL_ZC_BYNAME         (NSS_DBOP_next_iter)
 838 
 839 /*
 840  * Used all over in the switch code. The best home for it I can think of.
 841  * Power-of-two alignments only.
 842  */
 843 #define ROUND_DOWN(n, align)    (((uintptr_t)n) & ~((align) - 1l))
 844 #define ROUND_UP(n, align)      ROUND_DOWN(((uintptr_t)n) + (align) - 1l, \
 845                                 (align))
 846 
 847 #ifdef  __cplusplus
 848 }
 849 #endif
 850 
 851 #endif /* _NSS_DBDEFS_H */