xref: /illumos-gate/usr/src/head/nss_dbdefs.h (revision cb5caa98)
17c478bd9Sstevel@tonic-gate /*
27c478bd9Sstevel@tonic-gate  * CDDL HEADER START
37c478bd9Sstevel@tonic-gate  *
47c478bd9Sstevel@tonic-gate  * The contents of this file are subject to the terms of the
51f3e1ca0Ssatishk  * Common Development and Distribution License (the "License").
61f3e1ca0Ssatishk  * You may not use this file except in compliance with the License.
77c478bd9Sstevel@tonic-gate  *
87c478bd9Sstevel@tonic-gate  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
97c478bd9Sstevel@tonic-gate  * or http://www.opensolaris.org/os/licensing.
107c478bd9Sstevel@tonic-gate  * See the License for the specific language governing permissions
117c478bd9Sstevel@tonic-gate  * and limitations under the License.
127c478bd9Sstevel@tonic-gate  *
137c478bd9Sstevel@tonic-gate  * When distributing Covered Code, include this CDDL HEADER in each
147c478bd9Sstevel@tonic-gate  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
157c478bd9Sstevel@tonic-gate  * If applicable, add the following below this CDDL HEADER, with the
167c478bd9Sstevel@tonic-gate  * fields enclosed by brackets "[]" replaced with your own identifying
177c478bd9Sstevel@tonic-gate  * information: Portions Copyright [yyyy] [name of copyright owner]
187c478bd9Sstevel@tonic-gate  *
197c478bd9Sstevel@tonic-gate  * CDDL HEADER END
207c478bd9Sstevel@tonic-gate  */
217c478bd9Sstevel@tonic-gate /*
221f3e1ca0Ssatishk  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
237c478bd9Sstevel@tonic-gate  * Use is subject to license terms.
247c478bd9Sstevel@tonic-gate  *
2545916cd2Sjpk  * Database-specific definitions for the getXXXbyYYY routines
267c478bd9Sstevel@tonic-gate  * (e.g getpwuid_r(), ether_ntohost()) that use the name-service switch.
277c478bd9Sstevel@tonic-gate  * Database-independent definitions are in <nss_common.h>
287c478bd9Sstevel@tonic-gate  *
297c478bd9Sstevel@tonic-gate  * Ideally, this is the only switch header file one would add things
307c478bd9Sstevel@tonic-gate  * to in order to support a new database.
317c478bd9Sstevel@tonic-gate  *
327c478bd9Sstevel@tonic-gate  * NOTE:  The interfaces documented in this file may change in a minor
337c478bd9Sstevel@tonic-gate  *	  release.  It is intended that in the future a stronger committment
347c478bd9Sstevel@tonic-gate  *	  will be made to these interface definitions which will guarantee
357c478bd9Sstevel@tonic-gate  *	  them across minor releases.
367c478bd9Sstevel@tonic-gate  */
377c478bd9Sstevel@tonic-gate 
387c478bd9Sstevel@tonic-gate #ifndef _NSS_DBDEFS_H
397c478bd9Sstevel@tonic-gate #define	_NSS_DBDEFS_H
407c478bd9Sstevel@tonic-gate 
417c478bd9Sstevel@tonic-gate #pragma ident	"%Z%%M%	%I%	%E% SMI"
427c478bd9Sstevel@tonic-gate 
43*cb5caa98Sdjl #include <sys/types.h>
44*cb5caa98Sdjl #include <unistd.h>
457c478bd9Sstevel@tonic-gate #include <errno.h>
467c478bd9Sstevel@tonic-gate #include <netdb.h>		/* MAXALIASES, MAXADDRS */
477c478bd9Sstevel@tonic-gate #include <limits.h>		/* LOGNAME_MAX */
487c478bd9Sstevel@tonic-gate #include <nss_common.h>
497c478bd9Sstevel@tonic-gate 
507c478bd9Sstevel@tonic-gate #ifdef	__cplusplus
517c478bd9Sstevel@tonic-gate extern "C" {
527c478bd9Sstevel@tonic-gate #endif
537c478bd9Sstevel@tonic-gate 
547c478bd9Sstevel@tonic-gate #ifndef	NSS_INCLUDE_UNSAFE
557c478bd9Sstevel@tonic-gate #define	NSS_INCLUDE_UNSAFE	1	/* Build old, MT-unsafe interfaces, */
567c478bd9Sstevel@tonic-gate #endif	/* NSS_INCLUDE_UNSAFE */	/*  e.g. getpwnam (c.f. getpwnam_r) */
577c478bd9Sstevel@tonic-gate 
587c478bd9Sstevel@tonic-gate /*
597c478bd9Sstevel@tonic-gate  * Names of the well-known databases.
607c478bd9Sstevel@tonic-gate  */
617c478bd9Sstevel@tonic-gate 
627c478bd9Sstevel@tonic-gate #define	NSS_DBNAM_ALIASES	"aliases"	/* E-mail aliases, that is */
637c478bd9Sstevel@tonic-gate #define	NSS_DBNAM_AUTOMOUNT	"automount"
647c478bd9Sstevel@tonic-gate #define	NSS_DBNAM_BOOTPARAMS	"bootparams"
657c478bd9Sstevel@tonic-gate #define	NSS_DBNAM_ETHERS	"ethers"
667c478bd9Sstevel@tonic-gate #define	NSS_DBNAM_GROUP		"group"
677c478bd9Sstevel@tonic-gate #define	NSS_DBNAM_HOSTS		"hosts"
687c478bd9Sstevel@tonic-gate #define	NSS_DBNAM_IPNODES	"ipnodes"
697c478bd9Sstevel@tonic-gate #define	NSS_DBNAM_NETGROUP	"netgroup"
707c478bd9Sstevel@tonic-gate #define	NSS_DBNAM_NETMASKS	"netmasks"
717c478bd9Sstevel@tonic-gate #define	NSS_DBNAM_NETWORKS	"networks"
727c478bd9Sstevel@tonic-gate #define	NSS_DBNAM_PASSWD	"passwd"
737c478bd9Sstevel@tonic-gate #define	NSS_DBNAM_PRINTERS	"printers"
747c478bd9Sstevel@tonic-gate #define	NSS_DBNAM_PROJECT	"project"
757c478bd9Sstevel@tonic-gate #define	NSS_DBNAM_PROTOCOLS	"protocols"
767c478bd9Sstevel@tonic-gate #define	NSS_DBNAM_PUBLICKEY	"publickey"
777c478bd9Sstevel@tonic-gate #define	NSS_DBNAM_RPC		"rpc"
787c478bd9Sstevel@tonic-gate #define	NSS_DBNAM_SERVICES	"services"
797c478bd9Sstevel@tonic-gate #define	NSS_DBNAM_AUDITUSER	"audit_user"
807c478bd9Sstevel@tonic-gate #define	NSS_DBNAM_AUTHATTR	"auth_attr"
817c478bd9Sstevel@tonic-gate #define	NSS_DBNAM_EXECATTR	"exec_attr"
827c478bd9Sstevel@tonic-gate #define	NSS_DBNAM_PROFATTR	"prof_attr"
837c478bd9Sstevel@tonic-gate #define	NSS_DBNAM_USERATTR	"user_attr"
847c478bd9Sstevel@tonic-gate 
8545916cd2Sjpk #define	NSS_DBNAM_TSOL_TP	"tnrhtp"
8645916cd2Sjpk #define	NSS_DBNAM_TSOL_RH	"tnrhdb"
8745916cd2Sjpk #define	NSS_DBNAM_TSOL_ZC	"tnzonecfg"
8845916cd2Sjpk 
897c478bd9Sstevel@tonic-gate /* getspnam() et al use the "passwd" config entry but the "shadow" backend */
907c478bd9Sstevel@tonic-gate #define	NSS_DBNAM_SHADOW	"shadow"
917c478bd9Sstevel@tonic-gate 
927c478bd9Sstevel@tonic-gate /* The "compat" backend gets config entries for these pseudo-databases */
937c478bd9Sstevel@tonic-gate #define	NSS_DBNAM_PASSWD_COMPAT	"passwd_compat"
947c478bd9Sstevel@tonic-gate #define	NSS_DBNAM_GROUP_COMPAT	"group_compat"
957c478bd9Sstevel@tonic-gate 
967c478bd9Sstevel@tonic-gate /*
977c478bd9Sstevel@tonic-gate  * Default switch configuration, compiled into the front-ends.
987c478bd9Sstevel@tonic-gate  *
997c478bd9Sstevel@tonic-gate  * Absent good reasons to the contrary, this should be compatible with the
1007c478bd9Sstevel@tonic-gate  * default /etc/nsswitch.conf file.
1017c478bd9Sstevel@tonic-gate  */
1027c478bd9Sstevel@tonic-gate #define	NSS_FILES_ONLY		"files"
1037c478bd9Sstevel@tonic-gate #define	NSS_FILES_NS		"files nis"
1047c478bd9Sstevel@tonic-gate #define	NSS_NS_FALLBACK		"nis [NOTFOUND=return] files"
1057c478bd9Sstevel@tonic-gate #define	NSS_NS_ONLY		"nis"
10645916cd2Sjpk #define	NSS_TSOL_FALLBACK	"files ldap"
1077c478bd9Sstevel@tonic-gate 
1087c478bd9Sstevel@tonic-gate #define	NSS_DEFCONF_ALIASES	NSS_FILES_NS
1097c478bd9Sstevel@tonic-gate #define	NSS_DEFCONF_AUTOMOUNT	NSS_FILES_NS
1107c478bd9Sstevel@tonic-gate #define	NSS_DEFCONF_BOOTPARAMS	NSS_NS_FALLBACK
1117c478bd9Sstevel@tonic-gate #define	NSS_DEFCONF_ETHERS	NSS_NS_FALLBACK
1127c478bd9Sstevel@tonic-gate #define	NSS_DEFCONF_GROUP	NSS_FILES_NS
1137c478bd9Sstevel@tonic-gate #define	NSS_DEFCONF_HOSTS	NSS_NS_FALLBACK
1147c478bd9Sstevel@tonic-gate #define	NSS_DEFCONF_IPNODES	NSS_NS_FALLBACK
1157c478bd9Sstevel@tonic-gate #define	NSS_DEFCONF_NETGROUP	NSS_NS_ONLY
1167c478bd9Sstevel@tonic-gate #define	NSS_DEFCONF_NETMASKS	NSS_NS_FALLBACK
1177c478bd9Sstevel@tonic-gate #define	NSS_DEFCONF_NETWORKS	NSS_NS_FALLBACK
1187c478bd9Sstevel@tonic-gate #define	NSS_DEFCONF_PASSWD	NSS_FILES_NS
1197c478bd9Sstevel@tonic-gate #define	NSS_DEFCONF_PRINTERS	"user files nis nisplus"
1207c478bd9Sstevel@tonic-gate #define	NSS_DEFCONF_PROJECT	NSS_FILES_NS
1217c478bd9Sstevel@tonic-gate #define	NSS_DEFCONF_PROTOCOLS	NSS_NS_FALLBACK
1227c478bd9Sstevel@tonic-gate #define	NSS_DEFCONF_PUBLICKEY	NSS_FILES_NS
1237c478bd9Sstevel@tonic-gate #define	NSS_DEFCONF_RPC		NSS_NS_FALLBACK
1247c478bd9Sstevel@tonic-gate #define	NSS_DEFCONF_SERVICES	NSS_FILES_NS	/* speeds up byname() */
1257c478bd9Sstevel@tonic-gate 
1267c478bd9Sstevel@tonic-gate #define	NSS_DEFCONF_GROUP_COMPAT	NSS_NS_ONLY
1277c478bd9Sstevel@tonic-gate #define	NSS_DEFCONF_PASSWD_COMPAT	NSS_NS_ONLY
1287c478bd9Sstevel@tonic-gate 
1297c478bd9Sstevel@tonic-gate #define	NSS_DEFCONF_ATTRDB	NSS_FILES_NS
1307c478bd9Sstevel@tonic-gate 
1317c478bd9Sstevel@tonic-gate #define	NSS_DEFCONF_AUDITUSER	NSS_DEFCONF_PASSWD
1327c478bd9Sstevel@tonic-gate #define	NSS_DEFCONF_USERATTR	NSS_DEFCONF_PASSWD
1337c478bd9Sstevel@tonic-gate #define	NSS_DEFCONF_AUTHATTR	NSS_DEFCONF_ATTRDB
1347c478bd9Sstevel@tonic-gate #define	NSS_DEFCONF_PROFATTR	NSS_DEFCONF_ATTRDB
1357c478bd9Sstevel@tonic-gate #define	NSS_DEFCONF_EXECATTR	NSS_DEFCONF_PROFATTR
1367c478bd9Sstevel@tonic-gate 
13745916cd2Sjpk #define	NSS_DEFCONF_TSOL_TP	NSS_TSOL_FALLBACK
13845916cd2Sjpk #define	NSS_DEFCONF_TSOL_RH	NSS_TSOL_FALLBACK
13945916cd2Sjpk #define	NSS_DEFCONF_TSOL_ZC	NSS_TSOL_FALLBACK
14045916cd2Sjpk 
1417c478bd9Sstevel@tonic-gate /*
1427c478bd9Sstevel@tonic-gate  * Line-lengths that the "files" and "compat" backends will try to support.
1437c478bd9Sstevel@tonic-gate  * It may be reasonable (even advisable) to use smaller values than these.
1447c478bd9Sstevel@tonic-gate  */
1457c478bd9Sstevel@tonic-gate 
1467c478bd9Sstevel@tonic-gate #define	NSS_BUFSIZ		1024
1477c478bd9Sstevel@tonic-gate 
1481f3e1ca0Ssatishk #define	NSS_LINELEN_GROUP	((NSS_BUFSIZ) * 8)
1497c478bd9Sstevel@tonic-gate #define	NSS_LINELEN_HOSTS	((NSS_BUFSIZ) * 8)
1507c478bd9Sstevel@tonic-gate #define	NSS_LINELEN_IPNODES	((NSS_BUFSIZ) * 8)
1517c478bd9Sstevel@tonic-gate #define	NSS_LINELEN_NETMASKS	NSS_BUFSIZ
1527c478bd9Sstevel@tonic-gate #define	NSS_LINELEN_NETWORKS	NSS_BUFSIZ
1537c478bd9Sstevel@tonic-gate #define	NSS_LINELEN_PASSWD	NSS_BUFSIZ
1547c478bd9Sstevel@tonic-gate #define	NSS_LINELEN_PRINTERS	NSS_BUFSIZ
1557c478bd9Sstevel@tonic-gate #define	NSS_LINELEN_PROJECT	((NSS_BUFSIZ) * 4)
1567c478bd9Sstevel@tonic-gate #define	NSS_LINELEN_PROTOCOLS	NSS_BUFSIZ
1577c478bd9Sstevel@tonic-gate #define	NSS_LINELEN_PUBLICKEY	NSS_BUFSIZ
1587c478bd9Sstevel@tonic-gate #define	NSS_LINELEN_RPC		NSS_BUFSIZ
1597c478bd9Sstevel@tonic-gate #define	NSS_LINELEN_SERVICES	NSS_BUFSIZ
1607c478bd9Sstevel@tonic-gate #define	NSS_LINELEN_SHADOW	NSS_BUFSIZ
1617c478bd9Sstevel@tonic-gate #define	NSS_LINELEN_ETHERS	NSS_BUFSIZ
1627c478bd9Sstevel@tonic-gate #define	NSS_LINELEN_BOOTPARAMS	NSS_BUFSIZ
1637c478bd9Sstevel@tonic-gate 
1647c478bd9Sstevel@tonic-gate #define	NSS_LINELEN_ATTRDB	NSS_BUFSIZ
1657c478bd9Sstevel@tonic-gate 
1667c478bd9Sstevel@tonic-gate #define	NSS_LINELEN_AUDITUSER	NSS_LINELEN_ATTRDB
1677c478bd9Sstevel@tonic-gate #define	NSS_LINELEN_AUTHATTR	NSS_LINELEN_ATTRDB
1687c478bd9Sstevel@tonic-gate #define	NSS_LINELEN_EXECATTR	NSS_LINELEN_ATTRDB
1697c478bd9Sstevel@tonic-gate #define	NSS_LINELEN_PROFATTR	NSS_LINELEN_ATTRDB
1707c478bd9Sstevel@tonic-gate #define	NSS_LINELEN_USERATTR	NSS_LINELEN_ATTRDB
1717c478bd9Sstevel@tonic-gate 
1727c478bd9Sstevel@tonic-gate #define	NSS_MMAPLEN_EXECATTR	NSS_LINELEN_EXECATTR * 8
1737c478bd9Sstevel@tonic-gate 
17445916cd2Sjpk #define	NSS_LINELEN_TSOL	NSS_BUFSIZ
17545916cd2Sjpk 
17645916cd2Sjpk #define	NSS_LINELEN_TSOL_TP	NSS_LINELEN_TSOL
17745916cd2Sjpk #define	NSS_LINELEN_TSOL_RH	NSS_LINELEN_TSOL
17845916cd2Sjpk #define	NSS_LINELEN_TSOL_ZC	NSS_LINELEN_TSOL
17945916cd2Sjpk 
1807c478bd9Sstevel@tonic-gate /*
1817c478bd9Sstevel@tonic-gate  * Reasonable defaults for 'buflen' values passed to _r functions.  The BSD
1827c478bd9Sstevel@tonic-gate  * and SunOS 4.x implementations of the getXXXbyYYY() functions used hard-
1837c478bd9Sstevel@tonic-gate  * coded array sizes;  the values here are meant to handle anything that
1847c478bd9Sstevel@tonic-gate  * those implementations handled.
1857c478bd9Sstevel@tonic-gate  * === These might more reasonably go in <pwd.h>, <netdb.h> et al
1867c478bd9Sstevel@tonic-gate  */
1877c478bd9Sstevel@tonic-gate 
1881f3e1ca0Ssatishk #define	NSS_BUFLEN_GROUP	NSS_LINELEN_GROUP
1897c478bd9Sstevel@tonic-gate #define	NSS_BUFLEN_HOSTS	\
1907c478bd9Sstevel@tonic-gate 	(NSS_LINELEN_HOSTS + (MAXALIASES + MAXADDRS + 2) * sizeof (char *))
1917c478bd9Sstevel@tonic-gate #define	NSS_BUFLEN_IPNODES	\
1927c478bd9Sstevel@tonic-gate 	(NSS_LINELEN_IPNODES + (MAXALIASES + MAXADDRS + 2) * sizeof (char *))
1937c478bd9Sstevel@tonic-gate #define	NSS_BUFLEN_NETGROUP	(MAXHOSTNAMELEN * 2 + LOGNAME_MAX + 3)
1947c478bd9Sstevel@tonic-gate #define	NSS_BUFLEN_NETWORKS	NSS_LINELEN_NETWORKS	/* === ?  + 35 * 4 */
1957c478bd9Sstevel@tonic-gate #define	NSS_BUFLEN_PASSWD	NSS_LINELEN_PASSWD
1967c478bd9Sstevel@tonic-gate #define	NSS_BUFLEN_PROJECT	(NSS_LINELEN_PROJECT + 800 * sizeof (char *))
1977c478bd9Sstevel@tonic-gate #define	NSS_BUFLEN_PROTOCOLS	NSS_LINELEN_PROTOCOLS	/* === ?  + 35 * 4 */
1987c478bd9Sstevel@tonic-gate #define	NSS_BUFLEN_PUBLICKEY	NSS_LINELEN_PUBLICKEY
1997c478bd9Sstevel@tonic-gate #define	NSS_BUFLEN_RPC		NSS_LINELEN_RPC		/* === ?  + 35 * 4 */
2007c478bd9Sstevel@tonic-gate #define	NSS_BUFLEN_SERVICES	NSS_LINELEN_SERVICES	/* === ?  + 35 * 4 */
2017c478bd9Sstevel@tonic-gate #define	NSS_BUFLEN_SHADOW	NSS_LINELEN_SHADOW
2027c478bd9Sstevel@tonic-gate #define	NSS_BUFLEN_ETHERS	NSS_LINELEN_ETHERS
2037c478bd9Sstevel@tonic-gate #define	NSS_BUFLEN_BOOTPARAMS	NSS_LINELEN_BOOTPARAMS
2047c478bd9Sstevel@tonic-gate 
2057c478bd9Sstevel@tonic-gate #define	NSS_BUFLEN_ATTRDB	NSS_LINELEN_ATTRDB
2067c478bd9Sstevel@tonic-gate 
2077c478bd9Sstevel@tonic-gate #define	NSS_BUFLEN_AUDITUSER	NSS_BUFLEN_ATTRDB
2087c478bd9Sstevel@tonic-gate #define	NSS_BUFLEN_AUTHATTR	NSS_BUFLEN_ATTRDB
2097c478bd9Sstevel@tonic-gate #define	NSS_BUFLEN_EXECATTR	NSS_BUFLEN_ATTRDB
2107c478bd9Sstevel@tonic-gate #define	NSS_BUFLEN_PROFATTR	NSS_BUFLEN_ATTRDB
2111f3e1ca0Ssatishk #define	NSS_BUFLEN_USERATTR	((NSS_BUFLEN_ATTRDB) * 8)
2127c478bd9Sstevel@tonic-gate 
21345916cd2Sjpk #define	NSS_BUFLEN_TSOL		NSS_LINELEN_TSOL
21445916cd2Sjpk #define	NSS_BUFLEN_TSOL_TP	NSS_BUFLEN_TSOL
21545916cd2Sjpk #define	NSS_BUFLEN_TSOL_RH	NSS_BUFLEN_TSOL
21645916cd2Sjpk #define	NSS_BUFLEN_TSOL_ZC	NSS_BUFLEN_TSOL
2177c478bd9Sstevel@tonic-gate 
218*cb5caa98Sdjl /*
219*cb5caa98Sdjl  * Default cache door buffer size (2x largest buffer)
220*cb5caa98Sdjl  */
221*cb5caa98Sdjl 
222*cb5caa98Sdjl #define	NSS_BUFLEN_DOOR		((NSS_BUFSIZ) * 16)
223*cb5caa98Sdjl 
2247c478bd9Sstevel@tonic-gate /*
2257c478bd9Sstevel@tonic-gate  * Arguments and results, passed between the frontends and backends for
2267c478bd9Sstevel@tonic-gate  * the well-known databases.  The getXbyY_r() and getXent_r() routines
2277c478bd9Sstevel@tonic-gate  * use a common format that is further described below;  other routines
2287c478bd9Sstevel@tonic-gate  * use their own formats.
2297c478bd9Sstevel@tonic-gate  */
2307c478bd9Sstevel@tonic-gate 
231*cb5caa98Sdjl /*
232*cb5caa98Sdjl  * The nss_str2ent_t routine is the data marshaller for the nsswitch.
233*cb5caa98Sdjl  * it converts 'native files' format into 'entry' format as part of the
234*cb5caa98Sdjl  * return processing for a getXbyY interface.
235*cb5caa98Sdjl  *
236*cb5caa98Sdjl  * The nss_groupstr_t routine does the real work for any backend
237*cb5caa98Sdjl  * that can supply a netgroup entry as a string in /etc/group format
238*cb5caa98Sdjl  */
239*cb5caa98Sdjl #if defined(__STDC__)
240*cb5caa98Sdjl typedef int		(*nss_str2ent_t)(const char *in, int inlen,
241*cb5caa98Sdjl 				void *ent, char *buf, int buflen);
242*cb5caa98Sdjl 
243*cb5caa98Sdjl struct nss_groupsbymem;		/* forward definition */
244*cb5caa98Sdjl typedef nss_status_t	(*nss_groupstr_t)(const char *instr, int inlen,
245*cb5caa98Sdjl 				struct nss_groupsbymem *);
246*cb5caa98Sdjl #else
247*cb5caa98Sdjl typedef int		(*nss_str2ent_t)();
248*cb5caa98Sdjl typedef nss_status_t	(*nss_groupstr_t)();
249*cb5caa98Sdjl #endif
250*cb5caa98Sdjl 
2517c478bd9Sstevel@tonic-gate /*
2527c478bd9Sstevel@tonic-gate  * The initgroups() function [see initgroups(3c)] needs to find all the
2537c478bd9Sstevel@tonic-gate  *   groups to which a given user belongs.  To do this it calls
2547c478bd9Sstevel@tonic-gate  *   _getgroupsbymember(), which is part of the frontend for the "group"
2557c478bd9Sstevel@tonic-gate  *   database.
2567c478bd9Sstevel@tonic-gate  * We want the same effect as if we used getgrent_r() to enumerate the
2577c478bd9Sstevel@tonic-gate  *   entire groups database (possibly from multiple sources), but getgrent_r()
2587c478bd9Sstevel@tonic-gate  *   is too inefficient.  Most backends can do better if they know they're
2597c478bd9Sstevel@tonic-gate  *   meant to scan all groups;  hence there's a separate backend operation,
2607c478bd9Sstevel@tonic-gate  *   NSS_DBOP_GROUP_BYMEMBER, which uses the nss_groupsbymem struct.
2617c478bd9Sstevel@tonic-gate  * Note that the normal return-value from such a backend, even when it
2627c478bd9Sstevel@tonic-gate  *   successfully finds matching group entries, is NSS_NOTFOUND, because
2637c478bd9Sstevel@tonic-gate  *   this tells the switch engine to keep searching in any more sources.
2647c478bd9Sstevel@tonic-gate  *   In fact, the backends only return NSS_SUCCESS if they find enough
2657c478bd9Sstevel@tonic-gate  *   matching entries that the gid_array is completely filled, in which
2667c478bd9Sstevel@tonic-gate  *   case the switch engine should stop searching.
2677c478bd9Sstevel@tonic-gate  * If the force_slow_way field is set, the backend should eschew any cached
2687c478bd9Sstevel@tonic-gate  *   information (e.g. the YP netid.byname map or the NIS+ cred.org_dir table)
2697c478bd9Sstevel@tonic-gate  *   and should instead grind its way through the group map/table/whatever.
2707c478bd9Sstevel@tonic-gate  */
2717c478bd9Sstevel@tonic-gate 
2727c478bd9Sstevel@tonic-gate struct nss_groupsbymem {			/* For _getgroupsbymember() */
2737c478bd9Sstevel@tonic-gate /* in: */
2747c478bd9Sstevel@tonic-gate 	const char	*username;
2757c478bd9Sstevel@tonic-gate 	gid_t		*gid_array;
2767c478bd9Sstevel@tonic-gate 	int		maxgids;
2777c478bd9Sstevel@tonic-gate 	int		force_slow_way;
278*cb5caa98Sdjl 	nss_str2ent_t	str2ent;
279*cb5caa98Sdjl 	nss_groupstr_t	process_cstr;
2807c478bd9Sstevel@tonic-gate 
2817c478bd9Sstevel@tonic-gate /* in_out: */
2827c478bd9Sstevel@tonic-gate 	int		numgids;
2837c478bd9Sstevel@tonic-gate };
2847c478bd9Sstevel@tonic-gate 
2857c478bd9Sstevel@tonic-gate /*
2867c478bd9Sstevel@tonic-gate  * The netgroup routines are handled as follows:
2877c478bd9Sstevel@tonic-gate  *
2887c478bd9Sstevel@tonic-gate  *   Policy decision:
2897c478bd9Sstevel@tonic-gate  *	If netgroup A refers to netgroup B, both must occur in the same
2907c478bd9Sstevel@tonic-gate  *	source (other choices give very confusing semantics).  This
2917c478bd9Sstevel@tonic-gate  *	assumption is deeply embedded in the frontend and backends.
2927c478bd9Sstevel@tonic-gate  *
2937c478bd9Sstevel@tonic-gate  *    -	setnetgrent(), despite its name, is really a getXXXbyYYY operation:
2947c478bd9Sstevel@tonic-gate  *	it takes a name and finds a netgroup with that name (see the
2957c478bd9Sstevel@tonic-gate  *	nss_setnetgrent_args struct below).  The "result" that it returns
2967c478bd9Sstevel@tonic-gate  *	to the frontend is an nss_backend_t for a pseudo-backend that allows
2977c478bd9Sstevel@tonic-gate  *	one to enumerate the members of that netgroup.
2987c478bd9Sstevel@tonic-gate  *
2997c478bd9Sstevel@tonic-gate  *    -	getnetgrent() calls the 'getXXXent' function in the pseudo-backend;
3007c478bd9Sstevel@tonic-gate  *	it doesn't go through the switch engine at all.  It uses the
3017c478bd9Sstevel@tonic-gate  *	nss_getnetgrent_args struct below.
3027c478bd9Sstevel@tonic-gate  *
3037c478bd9Sstevel@tonic-gate  *    -	innetgr() is implemented on top of __multi_innetgr(), which replaces
3047c478bd9Sstevel@tonic-gate  *	each (char *) argument of innetgr() with a counted vector of (char *).
3057c478bd9Sstevel@tonic-gate  *	The semantics are the same as an OR of the results of innetgr()
3067c478bd9Sstevel@tonic-gate  *	operations on each possible 4-tuple picked from the arguments, but
3077c478bd9Sstevel@tonic-gate  *	it's possible to implement some cases more efficiently.  This is
3087c478bd9Sstevel@tonic-gate  *	important for mountd, which used to read YP netgroup.byhost directly
3097c478bd9Sstevel@tonic-gate  *	in order to determine efficiently whether a given host belonged to any
3107c478bd9Sstevel@tonic-gate  *	one of a long list of netgroups.  Wildcarded arguments are indicated
3117c478bd9Sstevel@tonic-gate  *	by a count of zero.
3127c478bd9Sstevel@tonic-gate  *
3137c478bd9Sstevel@tonic-gate  *    -	__multi_innetgr() uses the nss_innetgr_args struct.  A backend whose
3147c478bd9Sstevel@tonic-gate  *	source contains at least one of the groups listed in the 'groups'
3157c478bd9Sstevel@tonic-gate  *	vector will return NSS_SUCCESS and will set the 'status' field to
3167c478bd9Sstevel@tonic-gate  *	indicate whether any 4-tuple was satisfied.  A backend will only
3177c478bd9Sstevel@tonic-gate  *	return NSS_NOTFOUND if the source contained none of the groups
3187c478bd9Sstevel@tonic-gate  *	listed in the 'groups' vector.
3197c478bd9Sstevel@tonic-gate  */
3207c478bd9Sstevel@tonic-gate 
3217c478bd9Sstevel@tonic-gate enum nss_netgr_argn {		/* We need (machine, user, domain) triples */
322*cb5caa98Sdjl 	NSS_NETGR_MACHINE = 0,
323*cb5caa98Sdjl 	NSS_NETGR_USER = 1,
324*cb5caa98Sdjl 	NSS_NETGR_DOMAIN = 2,
325*cb5caa98Sdjl 	NSS_NETGR_N = 3
3267c478bd9Sstevel@tonic-gate };
3277c478bd9Sstevel@tonic-gate 
3287c478bd9Sstevel@tonic-gate enum nss_netgr_status {		/* Status from setnetgrent, multi_innetgr */
329*cb5caa98Sdjl 	NSS_NETGR_FOUND = 0,
330*cb5caa98Sdjl 	NSS_NETGR_NO = 1,
331*cb5caa98Sdjl 	NSS_NETGR_NOMEM = 2
3327c478bd9Sstevel@tonic-gate };
3337c478bd9Sstevel@tonic-gate 
3347c478bd9Sstevel@tonic-gate struct nss_setnetgrent_args {
3357c478bd9Sstevel@tonic-gate /* in: */
3367c478bd9Sstevel@tonic-gate 	const char		*netgroup;
3377c478bd9Sstevel@tonic-gate /* out: */
3387c478bd9Sstevel@tonic-gate 	nss_backend_t		*iterator;	/* <==== Explain */
3397c478bd9Sstevel@tonic-gate };
3407c478bd9Sstevel@tonic-gate 
3417c478bd9Sstevel@tonic-gate struct nss_getnetgrent_args {
3427c478bd9Sstevel@tonic-gate /* in: */
3437c478bd9Sstevel@tonic-gate 	char			*buffer;
3447c478bd9Sstevel@tonic-gate 	int			buflen;
3457c478bd9Sstevel@tonic-gate /* out: */
3467c478bd9Sstevel@tonic-gate 	enum nss_netgr_status	status;
3477c478bd9Sstevel@tonic-gate 	char			*retp[NSS_NETGR_N];
3487c478bd9Sstevel@tonic-gate };
3497c478bd9Sstevel@tonic-gate 
3507c478bd9Sstevel@tonic-gate typedef unsigned	nss_innetgr_argc;    /* 0 means wildcard */
3517c478bd9Sstevel@tonic-gate typedef char **		nss_innetgr_argv;    /* === Do we really need these? */
3527c478bd9Sstevel@tonic-gate 
3537c478bd9Sstevel@tonic-gate struct nss_innetgr_1arg {
3547c478bd9Sstevel@tonic-gate 	nss_innetgr_argc	argc;
3557c478bd9Sstevel@tonic-gate 	nss_innetgr_argv	argv;
3567c478bd9Sstevel@tonic-gate };
3577c478bd9Sstevel@tonic-gate 
3587c478bd9Sstevel@tonic-gate struct nss_innetgr_args {
3597c478bd9Sstevel@tonic-gate /* in: */
3607c478bd9Sstevel@tonic-gate 	struct nss_innetgr_1arg	arg[NSS_NETGR_N];
3617c478bd9Sstevel@tonic-gate 	struct nss_innetgr_1arg groups;
3627c478bd9Sstevel@tonic-gate /* out: */
3637c478bd9Sstevel@tonic-gate 	enum nss_netgr_status	status;
3647c478bd9Sstevel@tonic-gate };
3657c478bd9Sstevel@tonic-gate 
3667c478bd9Sstevel@tonic-gate /*
3677c478bd9Sstevel@tonic-gate  * nss_XbyY_buf_t -- structure containing the generic arguments passwd to
3687c478bd9Sstevel@tonic-gate  *   getXXXbyYYY_r() and getXXXent_r() routines.  The (void *) value points to
3697c478bd9Sstevel@tonic-gate  *   a struct of the appropriate type, e.g. struct passwd or struct hostent.
3707c478bd9Sstevel@tonic-gate  *
3717c478bd9Sstevel@tonic-gate  * The functions that allocate and free these structures do no locking at
3727c478bd9Sstevel@tonic-gate  * all, since the routines that use them are inherently MT-unsafe anyway.
3737c478bd9Sstevel@tonic-gate  */
3747c478bd9Sstevel@tonic-gate 
3757c478bd9Sstevel@tonic-gate typedef struct {
3767c478bd9Sstevel@tonic-gate 	void		*result;	/* "result" parameter to getXbyY_r() */
3777c478bd9Sstevel@tonic-gate 	char		*buffer;	/* "buffer"     "             "      */
3787c478bd9Sstevel@tonic-gate 	int		buflen;		/* "buflen"     "             "      */
3797c478bd9Sstevel@tonic-gate } nss_XbyY_buf_t;
3807c478bd9Sstevel@tonic-gate 
3817c478bd9Sstevel@tonic-gate #if defined(__STDC__)
3827c478bd9Sstevel@tonic-gate extern nss_XbyY_buf_t	*_nss_XbyY_buf_alloc(int struct_size, int buffer_size);
3837c478bd9Sstevel@tonic-gate extern void		 _nss_XbyY_buf_free(nss_XbyY_buf_t *);
3847c478bd9Sstevel@tonic-gate #else
3857c478bd9Sstevel@tonic-gate extern nss_XbyY_buf_t	*_nss_XbyY_buf_alloc();
3867c478bd9Sstevel@tonic-gate extern void		 _nss_XbyY_buf_free();
3877c478bd9Sstevel@tonic-gate #endif
3887c478bd9Sstevel@tonic-gate 
3897c478bd9Sstevel@tonic-gate #define	NSS_XbyY_ALLOC(bufpp, str_size, buf_size)		(\
3907c478bd9Sstevel@tonic-gate 	(*bufpp) == 0						\
3917c478bd9Sstevel@tonic-gate 	? (*bufpp) = _nss_XbyY_buf_alloc(str_size, buf_size)	\
392*cb5caa98Sdjl 	: (*bufpp))
3937c478bd9Sstevel@tonic-gate 
3947c478bd9Sstevel@tonic-gate #define	NSS_XbyY_FREE(bufpp)	(_nss_XbyY_buf_free(*bufpp), (*bufpp) = 0)
3957c478bd9Sstevel@tonic-gate 
3967c478bd9Sstevel@tonic-gate /*
3977c478bd9Sstevel@tonic-gate  * The nss_XbyY_args_t struct contains all the information passed between
3987c478bd9Sstevel@tonic-gate  * frontends and backends for the getXbyY_r() and getXent() routines,
3997c478bd9Sstevel@tonic-gate  * including an nss_XbyY_buf_t and the lookup key (unused for getXXXent_r).
4007c478bd9Sstevel@tonic-gate  *
4017c478bd9Sstevel@tonic-gate  * The (*str2ent)() member converts a single XXXent from ASCII text to the
4027c478bd9Sstevel@tonic-gate  * appropriate struct, storing any pointer data (strings, in_addrs, arrays
4037c478bd9Sstevel@tonic-gate  * of these) in the buffer.  The ASCII text is a counted string (*not* a
4047c478bd9Sstevel@tonic-gate  * zero-terminated string) whose length is specified by the instr_len
4057c478bd9Sstevel@tonic-gate  * parameter.  The text is found at the address specified by instr and
4067c478bd9Sstevel@tonic-gate  * the string is treated as readonly. buffer and instr must be non-
4077c478bd9Sstevel@tonic-gate  * intersecting memory areas.
4087c478bd9Sstevel@tonic-gate  *
4097c478bd9Sstevel@tonic-gate  * With the exception of passwd, shadow and group, the text form for these
4107c478bd9Sstevel@tonic-gate  * databases allows trailing comments and arbitrary whitespace.  The
4117c478bd9Sstevel@tonic-gate  * corresponding str2ent routine assumes that comments, leading whitespace
4127c478bd9Sstevel@tonic-gate  * and trailing whitespace have been stripped (and thus assumes that entries
4137c478bd9Sstevel@tonic-gate  * consisting only of these have been discarded).
4147c478bd9Sstevel@tonic-gate  *
4157c478bd9Sstevel@tonic-gate  * The text entries for "rpc" and for the databases described in <netdb.h>
4167c478bd9Sstevel@tonic-gate  * follow a common format (a canonical name with a possibly empty list
4177c478bd9Sstevel@tonic-gate  * of aliases, and some other value), albeit with minor variations.
4187c478bd9Sstevel@tonic-gate  * The function _nss_netdb_aliases() does most of the generic work involved
4197c478bd9Sstevel@tonic-gate  * in parsing and marshalling these into the buffer.
4207c478bd9Sstevel@tonic-gate  */
4217c478bd9Sstevel@tonic-gate 
422*cb5caa98Sdjl typedef union nss_XbyY_key {	/* No tag; backend should know what to expect */
4237c478bd9Sstevel@tonic-gate 	uid_t		uid;
4247c478bd9Sstevel@tonic-gate 	gid_t		gid;
4257c478bd9Sstevel@tonic-gate 	projid_t	projid;
4267c478bd9Sstevel@tonic-gate 	const char	*name;
4277c478bd9Sstevel@tonic-gate 	int		number;
4287c478bd9Sstevel@tonic-gate 	struct {
4297c478bd9Sstevel@tonic-gate 		int	net;
4307c478bd9Sstevel@tonic-gate 		int		type;
4317c478bd9Sstevel@tonic-gate 	}	netaddr;
4327c478bd9Sstevel@tonic-gate 	struct {
4337c478bd9Sstevel@tonic-gate 		const char	*addr;
4347c478bd9Sstevel@tonic-gate 		int		len;
4357c478bd9Sstevel@tonic-gate 		int		type;
4367c478bd9Sstevel@tonic-gate 	}	hostaddr;
4377c478bd9Sstevel@tonic-gate 	struct {
4387c478bd9Sstevel@tonic-gate 		union {
4397c478bd9Sstevel@tonic-gate 			const char	*name;
4407c478bd9Sstevel@tonic-gate 			int		port;
4417c478bd9Sstevel@tonic-gate 		}		serv;
4427c478bd9Sstevel@tonic-gate 		const char	*proto;
4437c478bd9Sstevel@tonic-gate 	}	serv;
4447c478bd9Sstevel@tonic-gate 	void *ether;
4457c478bd9Sstevel@tonic-gate 	struct {
4467c478bd9Sstevel@tonic-gate 		const char	*name;
4477c478bd9Sstevel@tonic-gate 		const char	*keytype;
4487c478bd9Sstevel@tonic-gate 	} pkey;
4497c478bd9Sstevel@tonic-gate 	struct {
4507c478bd9Sstevel@tonic-gate 		const char	*name;
4517c478bd9Sstevel@tonic-gate 		int		af_family;
4527c478bd9Sstevel@tonic-gate 		int		flags;
4537c478bd9Sstevel@tonic-gate 	}	ipnode;
4547c478bd9Sstevel@tonic-gate 	void *attrp;	/* for the new attr databases */
455*cb5caa98Sdjl } nss_XbyY_key_t;
456*cb5caa98Sdjl 
457*cb5caa98Sdjl 
458*cb5caa98Sdjl #if defined(__STDC__)
459*cb5caa98Sdjl typedef int		(*nss_key2str_t)(void *buffer, size_t buflen,
460*cb5caa98Sdjl 				nss_XbyY_key_t *key, size_t *len);
461*cb5caa98Sdjl #else
462*cb5caa98Sdjl typedef int		(*nss_key2str_t)();
463*cb5caa98Sdjl #endif
464*cb5caa98Sdjl 
4657c478bd9Sstevel@tonic-gate 
4667c478bd9Sstevel@tonic-gate typedef struct nss_XbyY_args {
4677c478bd9Sstevel@tonic-gate 
4687c478bd9Sstevel@tonic-gate /* IN */
4697c478bd9Sstevel@tonic-gate 	nss_XbyY_buf_t	buf;
4707c478bd9Sstevel@tonic-gate 	int		stayopen;
4717c478bd9Sstevel@tonic-gate 			/*
4727c478bd9Sstevel@tonic-gate 			 * Support for setXXXent(stayopen)
4737c478bd9Sstevel@tonic-gate 			 * Used only in hosts, protocols,
4747c478bd9Sstevel@tonic-gate 			 * networks, rpc, and services.
4757c478bd9Sstevel@tonic-gate 			 */
476*cb5caa98Sdjl 	nss_str2ent_t	str2ent;
4777c478bd9Sstevel@tonic-gate 	union nss_XbyY_key key;
4787c478bd9Sstevel@tonic-gate 
4797c478bd9Sstevel@tonic-gate /* OUT */
4807c478bd9Sstevel@tonic-gate 	void		*returnval;
4817c478bd9Sstevel@tonic-gate 	int		erange;
482*cb5caa98Sdjl 	int		h_errno;	/* For gethost*_r() */
483*cb5caa98Sdjl 	nss_status_t	status;		/* from the backend last called */
484*cb5caa98Sdjl /* NSS2 */
485*cb5caa98Sdjl 	nss_key2str_t	key2str;	/* IN */
486*cb5caa98Sdjl 	size_t		returnlen;	/* OUT */
487*cb5caa98Sdjl 
488*cb5caa98Sdjl /* NSCD/DOOR data */
489*cb5caa98Sdjl 
490*cb5caa98Sdjl /* ... buffer arena follows... */
4917c478bd9Sstevel@tonic-gate } nss_XbyY_args_t;
4927c478bd9Sstevel@tonic-gate 
493*cb5caa98Sdjl 
494*cb5caa98Sdjl 
495*cb5caa98Sdjl /*
496*cb5caa98Sdjl  * nss/nscd v2 interface, packed buffer format
497*cb5caa98Sdjl  *
498*cb5caa98Sdjl  * A key component of the v2 name service switch is the redirection
499*cb5caa98Sdjl  * of all activity to nscd for actual processing.  In the original
500*cb5caa98Sdjl  * switch most activity took place in each application, and the nscd
501*cb5caa98Sdjl  * cache component was an add-on optional interface.
502*cb5caa98Sdjl  *
503*cb5caa98Sdjl  * The nscd v1 format was a completely private interface that
504*cb5caa98Sdjl  * implemented specific bufferiing formats on a per getXbyY API basis.
505*cb5caa98Sdjl  *
506*cb5caa98Sdjl  * The nss/nscd v2 interface uses a common header and commonalizes
507*cb5caa98Sdjl  * the buffering format as consistently as possible.  The general rule
508*cb5caa98Sdjl  * of thumb is that backends are required to assemble their results in
509*cb5caa98Sdjl  * "files based" format [IE the format used on a per result basis as
510*cb5caa98Sdjl  * returned by the files backend] and then call the standard str2ent
511*cb5caa98Sdjl  * interface.  This is the original intended design as used in the files
512*cb5caa98Sdjl  * and nis backends.
513*cb5caa98Sdjl  *
514*cb5caa98Sdjl  * The benefit of this is that the application side library can assemble
515*cb5caa98Sdjl  * a request and provide a header and a variable length result buffer via
516*cb5caa98Sdjl  * a doors API, and then the nscd side switch can assemble a a getXbyY
517*cb5caa98Sdjl  * request providing the result buffer and a str2ent function that copies
518*cb5caa98Sdjl  * but does not unpack the result.
519*cb5caa98Sdjl  *
520*cb5caa98Sdjl  * This results is returned back via the door, and unpacked using the
521*cb5caa98Sdjl  * native library side str2ent interface.
522*cb5caa98Sdjl  *
523*cb5caa98Sdjl  * Additionally, the common header allows extensibility to add new
524*cb5caa98Sdjl  * getXbyYs, putXbyYs or other maintenance APIs to/from nscd without
525*cb5caa98Sdjl  * changing the existing "old style" backend interfaces.
526*cb5caa98Sdjl  *
527*cb5caa98Sdjl  * Finally new style getXbyY, putXbyY and backend interfaces can be
528*cb5caa98Sdjl  * by adding new operation requests to the header, while old style
529*cb5caa98Sdjl  * backwards compatability.
530*cb5caa98Sdjl  */
531*cb5caa98Sdjl 
532*cb5caa98Sdjl /*
533*cb5caa98Sdjl  * nss/nscd v2 callnumber definitions
534*cb5caa98Sdjl  */
535*cb5caa98Sdjl 
536*cb5caa98Sdjl /*
537*cb5caa98Sdjl  * callnumbers are separated by categories, such as:
538*cb5caa98Sdjl  * application to nscd requests, nscd to nscd requests,
539*cb5caa98Sdjl  * smf to nscd requests, etc.
540*cb5caa98Sdjl  */
541*cb5caa98Sdjl 
542*cb5caa98Sdjl #define	NSCDV2CATMASK	(0xFF000000)
543*cb5caa98Sdjl #define	NSCDV2CALLMASK	(0x00FFFFFF)
544*cb5caa98Sdjl 
545*cb5caa98Sdjl /*
546*cb5caa98Sdjl  * nss/nscd v2 categories
547*cb5caa98Sdjl  */
548*cb5caa98Sdjl 
549*cb5caa98Sdjl #define	NSCD_CALLCAT_APP	('a'<<24)
550*cb5caa98Sdjl #define	NSCD_CALLCAT_N2N	('n'<<24)
551*cb5caa98Sdjl 
552*cb5caa98Sdjl /* nscd v2 app-> nscd callnumbers */
553*cb5caa98Sdjl 
554*cb5caa98Sdjl #define	NSCD_SEARCH	(NSCD_CALLCAT_APP|0x01)
555*cb5caa98Sdjl #define	NSCD_SETENT	(NSCD_CALLCAT_APP|0x02)
556*cb5caa98Sdjl #define	NSCD_GETENT	(NSCD_CALLCAT_APP|0x03)
557*cb5caa98Sdjl #define	NSCD_ENDENT	(NSCD_CALLCAT_APP|0x04)
558*cb5caa98Sdjl #define	NSCD_PUT	(NSCD_CALLCAT_APP|0x05)
559*cb5caa98Sdjl #define	NSCD_GETHINTS	(NSCD_CALLCAT_APP|0x06)
560*cb5caa98Sdjl 
561*cb5caa98Sdjl /* nscd v2 SETENT cookie markers */
562*cb5caa98Sdjl 
563*cb5caa98Sdjl #define	NSCD_NEW_COOKIE		0
564*cb5caa98Sdjl #define	NSCD_LOCAL_COOKIE	1
565*cb5caa98Sdjl 
566*cb5caa98Sdjl /* nscd v2 header revision */
567*cb5caa98Sdjl /* treated as 0xMMMMmmmm MMMM - Major Rev, mmmm - Minor Rev */
568*cb5caa98Sdjl 
569*cb5caa98Sdjl #define	NSCD_HEADER_REV		0x00020000
570*cb5caa98Sdjl 
571*cb5caa98Sdjl /*
572*cb5caa98Sdjl  * ptr/uint data type used to calculate shared nscd buffer struct sizes
573*cb5caa98Sdjl  * sizes/offsets are arbitrarily limited to 32 bits for 32/64 compatibility
574*cb5caa98Sdjl  * datatype is 64 bits for possible pointer storage and future use
575*cb5caa98Sdjl  */
576*cb5caa98Sdjl 
577*cb5caa98Sdjl typedef uint64_t	nssuint_t;
578*cb5caa98Sdjl 
579*cb5caa98Sdjl /*
580*cb5caa98Sdjl  * nscd v2 buffer layout overview
581*cb5caa98Sdjl  *
582*cb5caa98Sdjl  * The key interface to nscd moving forward is the doors interface
583*cb5caa98Sdjl  * between applications and nscd (NSCD_CALLCAT_APP), and nscd and
584*cb5caa98Sdjl  * it's children (NSCD_CALLCAT_N2N).
585*cb5caa98Sdjl  *
586*cb5caa98Sdjl  * Regardless of the interface used, the buffer layout is consistent.
587*cb5caa98Sdjl  * The General Layout is:
588*cb5caa98Sdjl  *   [nss_pheader_t][IN key][OUT data results]{extend results}
589*cb5caa98Sdjl  *
590*cb5caa98Sdjl  *   The header (nss_pheader_t) remains constant.
591*cb5caa98Sdjl  *   Keys and key layouts vary between call numbers/requests
592*cb5caa98Sdjl  *	NSCD_CALLCAT_APP use key layouts mimics/defines in nss_dbdefs.h
593*cb5caa98Sdjl  *	NSCD_CALLCAT_NSN use layouts defined by nscd headers
594*cb5caa98Sdjl  *   Data and data results vary between results
595*cb5caa98Sdjl  *	NSCD_CALLCAT_APP return "file standard format" output buffers
596*cb5caa98Sdjl  *	NSCD_CALLCAT_NSN return data defined by nscd headers
597*cb5caa98Sdjl  *   extended results are optional and vary
598*cb5caa98Sdjl  *
599*cb5caa98Sdjl  */
600*cb5caa98Sdjl 
601*cb5caa98Sdjl /*
602*cb5caa98Sdjl  * nss_pheader_t -- buffer header structure that contains switch data
603*cb5caa98Sdjl  * "packed" by the client into a buffer suitable for transport over
604*cb5caa98Sdjl  * nscd's door, and that can be unpacked into a native form within
605*cb5caa98Sdjl  * nscd's switch.  Capable of packing and unpacking data ans results.
606*cb5caa98Sdjl  *
607*cb5caa98Sdjl  * NSCD_HEADER_REV: 0x00020000		16 x uint64 = (128 byte header)
608*cb5caa98Sdjl  */
609*cb5caa98Sdjl 
610*cb5caa98Sdjl typedef struct {
611*cb5caa98Sdjl 	uint32_t	nsc_callnumber;		/* packed buffer request */
612*cb5caa98Sdjl 	uint32_t	nss_dbop;		/* old nss dbop */
613*cb5caa98Sdjl 	uint32_t	p_ruid;			/* real uid */
614*cb5caa98Sdjl 	uint32_t	p_euid;			/* effective uid */
615*cb5caa98Sdjl 	uint32_t	p_version;		/* 0xMMMMmmmm Major/minor */
616*cb5caa98Sdjl 	uint32_t	p_status;		/* nss_status_t */
617*cb5caa98Sdjl 	uint32_t	p_errno;		/* errno */
618*cb5caa98Sdjl 	uint32_t	p_herrno;		/* h_errno */
619*cb5caa98Sdjl 	nssuint_t	libpriv;		/* reserved (for lib/client) */
620*cb5caa98Sdjl 	nssuint_t	pbufsiz;		/* buffer size */
621*cb5caa98Sdjl 	nssuint_t	dbd_off;		/* IN: db desc off */
622*cb5caa98Sdjl 	nssuint_t	dbd_len;		/* IN: db desc len */
623*cb5caa98Sdjl 	nssuint_t	key_off;		/* IN: key off */
624*cb5caa98Sdjl 	nssuint_t	key_len;		/* IN: key len */
625*cb5caa98Sdjl 	nssuint_t	data_off;		/* OUT: data off */
626*cb5caa98Sdjl 	nssuint_t	data_len;		/* OUT: data len */
627*cb5caa98Sdjl 	nssuint_t	ext_off;		/* OUT: extended results off */
628*cb5caa98Sdjl 	nssuint_t	ext_len;		/* OUT: extended results len */
629*cb5caa98Sdjl 	nssuint_t	nscdpriv;		/* reserved (for nscd) */
630*cb5caa98Sdjl 	nssuint_t	reserved1;		/* reserved (TBD) */
631*cb5caa98Sdjl } nss_pheader_t;
632*cb5caa98Sdjl 
633*cb5caa98Sdjl /*
634*cb5caa98Sdjl  * nss_pnetgr_t -- packed offset structure for holding keys used
635*cb5caa98Sdjl  * by innetgr (__multi_innetgr) key
636*cb5caa98Sdjl  * Key format is:
637*cb5caa98Sdjl  *    nss_pnetgr_t
638*cb5caa98Sdjl  *     (nssuint_t)[machine_argc] offsets to strings
639*cb5caa98Sdjl  *     (nssuint_t)[user_argc] offsets to strings
640*cb5caa98Sdjl  *     (nssuint_t)[domain_argc] offsets to strings
641*cb5caa98Sdjl  *     (nssuint_t)[groups_argc] offsets to strings
642*cb5caa98Sdjl  *     machine,user,domain,groups strings
643*cb5caa98Sdjl  */
644*cb5caa98Sdjl 
645*cb5caa98Sdjl typedef struct {
646*cb5caa98Sdjl 	uint32_t	machine_argc;
647*cb5caa98Sdjl 	uint32_t	user_argc;
648*cb5caa98Sdjl 	uint32_t	domain_argc;
649*cb5caa98Sdjl 	uint32_t	groups_argc;
650*cb5caa98Sdjl 	nssuint_t	machine_offv;
651*cb5caa98Sdjl 	nssuint_t	user_offv;
652*cb5caa98Sdjl 	nssuint_t	domain_offv;
653*cb5caa98Sdjl 	nssuint_t	groups_offv;
654*cb5caa98Sdjl } nss_pnetgr_t;
655*cb5caa98Sdjl 
656*cb5caa98Sdjl 
6577c478bd9Sstevel@tonic-gate /* status returned by the str2ent parsing routines */
6587c478bd9Sstevel@tonic-gate #define	NSS_STR_PARSE_SUCCESS 0
6597c478bd9Sstevel@tonic-gate #define	NSS_STR_PARSE_PARSE 1
6607c478bd9Sstevel@tonic-gate #define	NSS_STR_PARSE_ERANGE 2
6617c478bd9Sstevel@tonic-gate 
6627c478bd9Sstevel@tonic-gate #define	NSS_XbyY_INIT(str, res, bufp, len, func)	(\
6637c478bd9Sstevel@tonic-gate 	(str)->buf.result = (res),			\
6647c478bd9Sstevel@tonic-gate 	(str)->buf.buffer = (bufp),			\
6657c478bd9Sstevel@tonic-gate 	(str)->buf.buflen = (len),			\
6667c478bd9Sstevel@tonic-gate 	(str)->stayopen  = 0,				\
6677c478bd9Sstevel@tonic-gate 	(str)->str2ent  = (func),			\
668*cb5caa98Sdjl 	(str)->key2str  = NULL,				\
6697c478bd9Sstevel@tonic-gate 	(str)->returnval = 0,				\
670*cb5caa98Sdjl 	(str)->returnlen = 0,				\
671*cb5caa98Sdjl 	(str)->erange    = 0)
672*cb5caa98Sdjl 
673*cb5caa98Sdjl #define	NSS_XbyY_INIT_EXT(str, res, bufp, len, func, kfunc)	(\
674*cb5caa98Sdjl 	(str)->buf.result = (res),			\
675*cb5caa98Sdjl 	(str)->buf.buffer = (bufp),			\
676*cb5caa98Sdjl 	(str)->buf.buflen = (len),			\
677*cb5caa98Sdjl 	(str)->stayopen  = 0,				\
678*cb5caa98Sdjl 	(str)->str2ent  = (func),			\
679*cb5caa98Sdjl 	(str)->key2str  = (kfunc),			\
680*cb5caa98Sdjl 	(str)->returnval = 0,				\
681*cb5caa98Sdjl 	(str)->returnlen = 0,				\
6827c478bd9Sstevel@tonic-gate 	(str)->erange    = 0)
6837c478bd9Sstevel@tonic-gate 
6847c478bd9Sstevel@tonic-gate #define	NSS_XbyY_FINI(str)				(\
6857c478bd9Sstevel@tonic-gate 	(str)->returnval == 0 && (str)->erange && (errno = ERANGE), \
6867c478bd9Sstevel@tonic-gate 	(str)->returnval)
6877c478bd9Sstevel@tonic-gate 
688*cb5caa98Sdjl #define	NSS_PACKED_CRED_CHECK(buf, ruid, euid)		(\
689*cb5caa98Sdjl 	((nss_pheader_t *)(buf))->p_ruid == (ruid) && \
690*cb5caa98Sdjl 	((nss_pheader_t *)(buf))->p_euid == (euid))
691*cb5caa98Sdjl 
6927c478bd9Sstevel@tonic-gate #if defined(__STDC__)
693*cb5caa98Sdjl extern char		**_nss_netdb_aliases(const char *, int, char *, int);
694*cb5caa98Sdjl extern nss_status_t	nss_default_key2str(void *, size_t, nss_XbyY_args_t *,
695*cb5caa98Sdjl 					const char *, int, size_t *);
696*cb5caa98Sdjl extern nss_status_t	nss_packed_arg_init(void *, size_t, nss_db_root_t *,
697*cb5caa98Sdjl 					nss_db_initf_t *, int *,
698*cb5caa98Sdjl 					nss_XbyY_args_t *);
699*cb5caa98Sdjl extern nss_status_t	nss_packed_context_init(void *, size_t, nss_db_root_t *,
700*cb5caa98Sdjl 					nss_db_initf_t *, nss_getent_t **,
701*cb5caa98Sdjl 					nss_XbyY_args_t *);
702*cb5caa98Sdjl extern void		nss_packed_set_status(void *, size_t, nss_status_t,
703*cb5caa98Sdjl 					nss_XbyY_args_t *);
704*cb5caa98Sdjl extern nss_status_t	nss_packed_getkey(void *, size_t, char **, int *,
705*cb5caa98Sdjl 					nss_XbyY_args_t *);
7067c478bd9Sstevel@tonic-gate #else
7077c478bd9Sstevel@tonic-gate extern char		**_nss_netdb_aliases();
708*cb5caa98Sdjl extern int		nss_default_key2str();
709*cb5caa98Sdjl extern nss_status_t	nss_packed_arg_init();
710*cb5caa98Sdjl extern nss_status_t	nss_packed_context_init();
711*cb5caa98Sdjl extern void		nss_packed_set_status();
712*cb5caa98Sdjl extern nss_status_t	nss_packed_getkey();
7137c478bd9Sstevel@tonic-gate #endif
7147c478bd9Sstevel@tonic-gate 
7157c478bd9Sstevel@tonic-gate /*
7167c478bd9Sstevel@tonic-gate  * nss_dbop_t values for searches with various keys;  values for
7177c478bd9Sstevel@tonic-gate  * destructor/endent/setent/getent are defined in <nss_common.h>
7187c478bd9Sstevel@tonic-gate  */
7197c478bd9Sstevel@tonic-gate 
720*cb5caa98Sdjl /*
721*cb5caa98Sdjl  * These are part of the "Over the wire" IE app->nscd getXbyY
722*cb5caa98Sdjl  * op for well known getXbyY's.  Cannot use NSS_DBOP_X_Y directly
723*cb5caa98Sdjl  * because NSS_DBOP_next_iter is NOT an incrementing counter value
724*cb5caa98Sdjl  * it's a starting offset into an array value.
725*cb5caa98Sdjl  */
726*cb5caa98Sdjl 
727*cb5caa98Sdjl #define	NSS_DBOP_X(x)			((x)<<16)
728*cb5caa98Sdjl #define	NSS_DBOP_XY(x, y)		((x)|(y))
729*cb5caa98Sdjl 
730*cb5caa98Sdjl #define	NSS_DBOP_ALIASES	NSS_DBOP_X(1)
731*cb5caa98Sdjl #define	NSS_DBOP_AUTOMOUNT	NSS_DBOP_X(2)
732*cb5caa98Sdjl #define	NSS_DBOP_BOOTPARAMS	NSS_DBOP_X(3)
733*cb5caa98Sdjl #define	NSS_DBOP_ETHERS		NSS_DBOP_X(4)
734*cb5caa98Sdjl #define	NSS_DBOP_GROUP		NSS_DBOP_X(5)
735*cb5caa98Sdjl #define	NSS_DBOP_HOSTS		NSS_DBOP_X(6)
736*cb5caa98Sdjl #define	NSS_DBOP_IPNODES	NSS_DBOP_X(7)
737*cb5caa98Sdjl #define	NSS_DBOP_NETGROUP	NSS_DBOP_X(8)
738*cb5caa98Sdjl #define	NSS_DBOP_NETMASKS	NSS_DBOP_X(9)
739*cb5caa98Sdjl #define	NSS_DBOP_NETWORKS	NSS_DBOP_X(10)
740*cb5caa98Sdjl #define	NSS_DBOP_PASSWD		NSS_DBOP_X(11)
741*cb5caa98Sdjl #define	NSS_DBOP_PRINTERS	NSS_DBOP_X(12)
742*cb5caa98Sdjl #define	NSS_DBOP_PROJECT	NSS_DBOP_X(13)
743*cb5caa98Sdjl #define	NSS_DBOP_PROTOCOLS	NSS_DBOP_X(14)
744*cb5caa98Sdjl #define	NSS_DBOP_PUBLICKEY	NSS_DBOP_X(15)
745*cb5caa98Sdjl #define	NSS_DBOP_RPC		NSS_DBOP_X(16)
746*cb5caa98Sdjl #define	NSS_DBOP_SERVICES	NSS_DBOP_X(17)
747*cb5caa98Sdjl #define	NSS_DBOP_AUDITUSER	NSS_DBOP_X(18)
748*cb5caa98Sdjl #define	NSS_DBOP_AUTHATTR	NSS_DBOP_X(19)
749*cb5caa98Sdjl #define	NSS_DBOP_EXECATTR	NSS_DBOP_X(20)
750*cb5caa98Sdjl #define	NSS_DBOP_PROFATTR	NSS_DBOP_X(21)
751*cb5caa98Sdjl #define	NSS_DBOP_USERATTR	NSS_DBOP_X(22)
752*cb5caa98Sdjl 
7537c478bd9Sstevel@tonic-gate #define	NSS_DBOP_GROUP_BYNAME		(NSS_DBOP_next_iter)
7547c478bd9Sstevel@tonic-gate #define	NSS_DBOP_GROUP_BYGID		(NSS_DBOP_GROUP_BYNAME + 1)
7557c478bd9Sstevel@tonic-gate #define	NSS_DBOP_GROUP_BYMEMBER		(NSS_DBOP_GROUP_BYGID  + 1)
7567c478bd9Sstevel@tonic-gate 
7577c478bd9Sstevel@tonic-gate #define	NSS_DBOP_PASSWD_BYNAME		(NSS_DBOP_next_iter)
7587c478bd9Sstevel@tonic-gate #define	NSS_DBOP_PASSWD_BYUID		(NSS_DBOP_PASSWD_BYNAME + 1)
7597c478bd9Sstevel@tonic-gate 
7607c478bd9Sstevel@tonic-gate /* The "compat" backend requires that PASSWD_BYNAME == SHADOW_BYNAME */
7617c478bd9Sstevel@tonic-gate /*   (it also requires that both use key.name to pass the username). */
7627c478bd9Sstevel@tonic-gate #define	NSS_DBOP_SHADOW_BYNAME		(NSS_DBOP_PASSWD_BYNAME)
7637c478bd9Sstevel@tonic-gate 
7647c478bd9Sstevel@tonic-gate #define	NSS_DBOP_PROJECT_BYNAME		(NSS_DBOP_next_iter)
7657c478bd9Sstevel@tonic-gate #define	NSS_DBOP_PROJECT_BYID		(NSS_DBOP_PROJECT_BYNAME + 1)
7667c478bd9Sstevel@tonic-gate 
7677c478bd9Sstevel@tonic-gate #define	NSS_DBOP_HOSTS_BYNAME		(NSS_DBOP_next_iter)
7687c478bd9Sstevel@tonic-gate #define	NSS_DBOP_HOSTS_BYADDR		(NSS_DBOP_HOSTS_BYNAME + 1)
7697c478bd9Sstevel@tonic-gate 
7707c478bd9Sstevel@tonic-gate #define	NSS_DBOP_IPNODES_BYNAME		(NSS_DBOP_next_iter)
7717c478bd9Sstevel@tonic-gate #define	NSS_DBOP_IPNODES_BYADDR		(NSS_DBOP_IPNODES_BYNAME + 1)
7727c478bd9Sstevel@tonic-gate 
7737c478bd9Sstevel@tonic-gate /*
7747c478bd9Sstevel@tonic-gate  * NSS_DBOP_NAME_2ADDR
7757c478bd9Sstevel@tonic-gate  * NSS_DBOP_ADDR_2NAME
7767c478bd9Sstevel@tonic-gate  *                                : are defines for ipv6 api's
7777c478bd9Sstevel@tonic-gate  */
7787c478bd9Sstevel@tonic-gate 
7797c478bd9Sstevel@tonic-gate #define	NSS_DBOP_NAME_2ADDR		(NSS_DBOP_next_ipv6_iter)
7807c478bd9Sstevel@tonic-gate #define	NSS_DBOP_ADDR_2NAME		(NSS_DBOP_NAME_2ADDR + 1)
7817c478bd9Sstevel@tonic-gate 
7827c478bd9Sstevel@tonic-gate #define	NSS_DBOP_RPC_BYNAME		(NSS_DBOP_next_iter)
7837c478bd9Sstevel@tonic-gate #define	NSS_DBOP_RPC_BYNUMBER		(NSS_DBOP_RPC_BYNAME + 1)
7847c478bd9Sstevel@tonic-gate 
7857c478bd9Sstevel@tonic-gate #define	NSS_DBOP_NETWORKS_BYNAME		(NSS_DBOP_next_iter)
7867c478bd9Sstevel@tonic-gate #define	NSS_DBOP_NETWORKS_BYADDR		(NSS_DBOP_NETWORKS_BYNAME + 1)
7877c478bd9Sstevel@tonic-gate 
7887c478bd9Sstevel@tonic-gate #define	NSS_DBOP_SERVICES_BYNAME	(NSS_DBOP_next_iter)
7897c478bd9Sstevel@tonic-gate #define	NSS_DBOP_SERVICES_BYPORT	(NSS_DBOP_SERVICES_BYNAME + 1)
7907c478bd9Sstevel@tonic-gate 
7917c478bd9Sstevel@tonic-gate #define	NSS_DBOP_PROTOCOLS_BYNAME	(NSS_DBOP_next_iter)
7927c478bd9Sstevel@tonic-gate #define	NSS_DBOP_PROTOCOLS_BYNUMBER	(NSS_DBOP_PROTOCOLS_BYNAME + 1)
7937c478bd9Sstevel@tonic-gate 
7947c478bd9Sstevel@tonic-gate #define	NSS_DBOP_ETHERS_HOSTTON	(NSS_DBOP_next_noiter)
7957c478bd9Sstevel@tonic-gate #define	NSS_DBOP_ETHERS_NTOHOST	(NSS_DBOP_ETHERS_HOSTTON + 1)
7967c478bd9Sstevel@tonic-gate 
7977c478bd9Sstevel@tonic-gate #define	NSS_DBOP_BOOTPARAMS_BYNAME	(NSS_DBOP_next_noiter)
7987c478bd9Sstevel@tonic-gate #define	NSS_DBOP_NETMASKS_BYNET	(NSS_DBOP_next_noiter)
7997c478bd9Sstevel@tonic-gate 
8007c478bd9Sstevel@tonic-gate #define	NSS_DBOP_PRINTERS_BYNAME	(NSS_DBOP_next_iter)
8017c478bd9Sstevel@tonic-gate 
8027c478bd9Sstevel@tonic-gate /*
8037c478bd9Sstevel@tonic-gate  * The "real" backend for netgroup (__multi_innetgr, setnetgrent)
8047c478bd9Sstevel@tonic-gate  */
8057c478bd9Sstevel@tonic-gate #define	NSS_DBOP_NETGROUP_IN		(NSS_DBOP_next_iter)
8067c478bd9Sstevel@tonic-gate #define	NSS_DBOP_NETGROUP_SET		(NSS_DBOP_NETGROUP_IN  + 1)
8077c478bd9Sstevel@tonic-gate 
8087c478bd9Sstevel@tonic-gate /*
8097c478bd9Sstevel@tonic-gate  * The backend for getpublickey and getsecretkey (getkeys)
8107c478bd9Sstevel@tonic-gate  */
8117c478bd9Sstevel@tonic-gate #define	NSS_DBOP_KEYS_BYNAME		(NSS_DBOP_next_iter)
8127c478bd9Sstevel@tonic-gate 
8137c478bd9Sstevel@tonic-gate /*
8147c478bd9Sstevel@tonic-gate  * The pseudo-backend for netgroup (returned by setnetgrent) doesn't have
8157c478bd9Sstevel@tonic-gate  *   any getXXXbyYYY operations, just the usual destr/end/set/get ops,
8167c478bd9Sstevel@tonic-gate  *   so needs no definitions here.
8177c478bd9Sstevel@tonic-gate  */
8187c478bd9Sstevel@tonic-gate 
8197c478bd9Sstevel@tonic-gate #define	NSS_DBOP_ATTRDB_BYNAME		(NSS_DBOP_next_iter)
8207c478bd9Sstevel@tonic-gate 
8217c478bd9Sstevel@tonic-gate #define	NSS_DBOP_AUDITUSER_BYNAME	NSS_DBOP_ATTRDB_BYNAME
8227c478bd9Sstevel@tonic-gate #define	NSS_DBOP_AUTHATTR_BYNAME	NSS_DBOP_ATTRDB_BYNAME
8237c478bd9Sstevel@tonic-gate #define	NSS_DBOP_EXECATTR_BYNAME	NSS_DBOP_ATTRDB_BYNAME
8247c478bd9Sstevel@tonic-gate #define	NSS_DBOP_EXECATTR_BYID		(NSS_DBOP_EXECATTR_BYNAME + 1)
8257c478bd9Sstevel@tonic-gate #define	NSS_DBOP_EXECATTR_BYNAMEID	(NSS_DBOP_EXECATTR_BYID + 1)
8267c478bd9Sstevel@tonic-gate #define	NSS_DBOP_PROFATTR_BYNAME	NSS_DBOP_ATTRDB_BYNAME
8277c478bd9Sstevel@tonic-gate #define	NSS_DBOP_USERATTR_BYNAME	NSS_DBOP_ATTRDB_BYNAME
8287c478bd9Sstevel@tonic-gate 
82945916cd2Sjpk #define	NSS_DBOP_TSOL_TP_BYNAME		(NSS_DBOP_next_iter)
83045916cd2Sjpk #define	NSS_DBOP_TSOL_RH_BYADDR		(NSS_DBOP_next_iter)
83145916cd2Sjpk #define	NSS_DBOP_TSOL_ZC_BYNAME		(NSS_DBOP_next_iter)
83245916cd2Sjpk 
8337c478bd9Sstevel@tonic-gate /*
8347c478bd9Sstevel@tonic-gate  * Used all over in the switch code. The best home for it I can think of.
8357c478bd9Sstevel@tonic-gate  * Power-of-two alignments only.
8367c478bd9Sstevel@tonic-gate  */
8377c478bd9Sstevel@tonic-gate #define	ROUND_DOWN(n, align)	(((uintptr_t)n) & ~((align) - 1l))
8387c478bd9Sstevel@tonic-gate #define	ROUND_UP(n, align)	ROUND_DOWN(((uintptr_t)n) + (align) - 1l, \
8397c478bd9Sstevel@tonic-gate 				(align))
8407c478bd9Sstevel@tonic-gate 
8417c478bd9Sstevel@tonic-gate #ifdef	__cplusplus
8427c478bd9Sstevel@tonic-gate }
8437c478bd9Sstevel@tonic-gate #endif
8447c478bd9Sstevel@tonic-gate 
8457c478bd9Sstevel@tonic-gate #endif /* _NSS_DBDEFS_H */
846