xref: /illumos-gate/usr/src/head/nss_dbdefs.h (revision cbab2b2687744cbfdc12fae90f8088127a0b266c)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  *
25  * Database-specific definitions for the getXXXbyYYY routines
26  * (e.g getpwuid_r(), ether_ntohost()) that use the name-service switch.
27  * Database-independent definitions are in <nss_common.h>
28  *
29  * Ideally, this is the only switch header file one would add things
30  * to in order to support a new database.
31  *
32  * NOTE:  The interfaces documented in this file may change in a minor
33  *	  release.  It is intended that in the future a stronger committment
34  *	  will be made to these interface definitions which will guarantee
35  *	  them across minor releases.
36  */
37 
38 #ifndef _NSS_DBDEFS_H
39 #define	_NSS_DBDEFS_H
40 
41 #pragma ident	"%Z%%M%	%I%	%E% SMI"
42 
43 #include <errno.h>
44 #include <netdb.h>		/* MAXALIASES, MAXADDRS */
45 #include <limits.h>		/* LOGNAME_MAX */
46 #include <nss_common.h>
47 
48 #ifdef	__cplusplus
49 extern "C" {
50 #endif
51 
52 #ifndef	NSS_INCLUDE_UNSAFE
53 #define	NSS_INCLUDE_UNSAFE	1	/* Build old, MT-unsafe interfaces, */
54 #endif	/* NSS_INCLUDE_UNSAFE */	/*  e.g. getpwnam (c.f. getpwnam_r) */
55 
56 /*
57  * Names of the well-known databases.
58  */
59 
60 #define	NSS_DBNAM_ALIASES	"aliases"	/* E-mail aliases, that is */
61 #define	NSS_DBNAM_AUTOMOUNT	"automount"
62 #define	NSS_DBNAM_BOOTPARAMS	"bootparams"
63 #define	NSS_DBNAM_ETHERS	"ethers"
64 #define	NSS_DBNAM_GROUP		"group"
65 #define	NSS_DBNAM_HOSTS		"hosts"
66 #define	NSS_DBNAM_IPNODES	"ipnodes"
67 #define	NSS_DBNAM_NETGROUP	"netgroup"
68 #define	NSS_DBNAM_NETMASKS	"netmasks"
69 #define	NSS_DBNAM_NETWORKS	"networks"
70 #define	NSS_DBNAM_PASSWD	"passwd"
71 #define	NSS_DBNAM_PRINTERS	"printers"
72 #define	NSS_DBNAM_PROJECT	"project"
73 #define	NSS_DBNAM_PROTOCOLS	"protocols"
74 #define	NSS_DBNAM_PUBLICKEY	"publickey"
75 #define	NSS_DBNAM_RPC		"rpc"
76 #define	NSS_DBNAM_SERVICES	"services"
77 #define	NSS_DBNAM_AUDITUSER	"audit_user"
78 #define	NSS_DBNAM_AUTHATTR	"auth_attr"
79 #define	NSS_DBNAM_EXECATTR	"exec_attr"
80 #define	NSS_DBNAM_PROFATTR	"prof_attr"
81 #define	NSS_DBNAM_USERATTR	"user_attr"
82 
83 #define	NSS_DBNAM_TSOL_TP	"tnrhtp"
84 #define	NSS_DBNAM_TSOL_RH	"tnrhdb"
85 #define	NSS_DBNAM_TSOL_ZC	"tnzonecfg"
86 
87 /* getspnam() et al use the "passwd" config entry but the "shadow" backend */
88 #define	NSS_DBNAM_SHADOW	"shadow"
89 
90 /* The "compat" backend gets config entries for these pseudo-databases */
91 #define	NSS_DBNAM_PASSWD_COMPAT	"passwd_compat"
92 #define	NSS_DBNAM_GROUP_COMPAT	"group_compat"
93 
94 /*
95  * Default switch configuration, compiled into the front-ends.
96  *
97  * Absent good reasons to the contrary, this should be compatible with the
98  * default /etc/nsswitch.conf file.
99  */
100 #define	NSS_FILES_ONLY		"files"
101 #define	NSS_FILES_NS		"files nis"
102 #define	NSS_NS_FALLBACK		"nis [NOTFOUND=return] files"
103 #define	NSS_NS_ONLY		"nis"
104 #define	NSS_TSOL_FALLBACK	"files ldap"
105 
106 #define	NSS_DEFCONF_ALIASES	NSS_FILES_NS
107 #define	NSS_DEFCONF_AUTOMOUNT	NSS_FILES_NS
108 #define	NSS_DEFCONF_BOOTPARAMS	NSS_NS_FALLBACK
109 #define	NSS_DEFCONF_ETHERS	NSS_NS_FALLBACK
110 #define	NSS_DEFCONF_GROUP	NSS_FILES_NS
111 #define	NSS_DEFCONF_HOSTS	NSS_NS_FALLBACK
112 #define	NSS_DEFCONF_IPNODES	NSS_NS_FALLBACK
113 #define	NSS_DEFCONF_NETGROUP	NSS_NS_ONLY
114 #define	NSS_DEFCONF_NETMASKS	NSS_NS_FALLBACK
115 #define	NSS_DEFCONF_NETWORKS	NSS_NS_FALLBACK
116 #define	NSS_DEFCONF_PASSWD	NSS_FILES_NS
117 #define	NSS_DEFCONF_PRINTERS	"user files nis nisplus"
118 #define	NSS_DEFCONF_PROJECT	NSS_FILES_NS
119 #define	NSS_DEFCONF_PROTOCOLS	NSS_NS_FALLBACK
120 #define	NSS_DEFCONF_PUBLICKEY	NSS_FILES_NS
121 #define	NSS_DEFCONF_RPC		NSS_NS_FALLBACK
122 #define	NSS_DEFCONF_SERVICES	NSS_FILES_NS	/* speeds up byname() */
123 
124 #define	NSS_DEFCONF_GROUP_COMPAT	NSS_NS_ONLY
125 #define	NSS_DEFCONF_PASSWD_COMPAT	NSS_NS_ONLY
126 
127 #define	NSS_DEFCONF_ATTRDB	NSS_FILES_NS
128 
129 #define	NSS_DEFCONF_AUDITUSER	NSS_DEFCONF_PASSWD
130 #define	NSS_DEFCONF_USERATTR	NSS_DEFCONF_PASSWD
131 #define	NSS_DEFCONF_AUTHATTR	NSS_DEFCONF_ATTRDB
132 #define	NSS_DEFCONF_PROFATTR	NSS_DEFCONF_ATTRDB
133 #define	NSS_DEFCONF_EXECATTR	NSS_DEFCONF_PROFATTR
134 
135 #define	NSS_DEFCONF_TSOL_TP	NSS_TSOL_FALLBACK
136 #define	NSS_DEFCONF_TSOL_RH	NSS_TSOL_FALLBACK
137 #define	NSS_DEFCONF_TSOL_ZC	NSS_TSOL_FALLBACK
138 
139 /*
140  * Line-lengths that the "files" and "compat" backends will try to support.
141  * It may be reasonable (even advisable) to use smaller values than these.
142  */
143 
144 #define	NSS_BUFSIZ		1024
145 
146 #define	NSS_LINELEN_GROUP	((NSS_BUFSIZ) * 8)
147 #define	NSS_LINELEN_HOSTS	((NSS_BUFSIZ) * 8)
148 #define	NSS_LINELEN_IPNODES	((NSS_BUFSIZ) * 8)
149 #define	NSS_LINELEN_NETMASKS	NSS_BUFSIZ
150 #define	NSS_LINELEN_NETWORKS	NSS_BUFSIZ
151 #define	NSS_LINELEN_PASSWD	NSS_BUFSIZ
152 #define	NSS_LINELEN_PRINTERS	NSS_BUFSIZ
153 #define	NSS_LINELEN_PROJECT	((NSS_BUFSIZ) * 4)
154 #define	NSS_LINELEN_PROTOCOLS	NSS_BUFSIZ
155 #define	NSS_LINELEN_PUBLICKEY	NSS_BUFSIZ
156 #define	NSS_LINELEN_RPC		NSS_BUFSIZ
157 #define	NSS_LINELEN_SERVICES	NSS_BUFSIZ
158 #define	NSS_LINELEN_SHADOW	NSS_BUFSIZ
159 #define	NSS_LINELEN_ETHERS	NSS_BUFSIZ
160 #define	NSS_LINELEN_BOOTPARAMS	NSS_BUFSIZ
161 
162 #define	NSS_LINELEN_ATTRDB	NSS_BUFSIZ
163 
164 #define	NSS_LINELEN_AUDITUSER	NSS_LINELEN_ATTRDB
165 #define	NSS_LINELEN_AUTHATTR	NSS_LINELEN_ATTRDB
166 #define	NSS_LINELEN_EXECATTR	NSS_LINELEN_ATTRDB
167 #define	NSS_LINELEN_PROFATTR	NSS_LINELEN_ATTRDB
168 #define	NSS_LINELEN_USERATTR	NSS_LINELEN_ATTRDB
169 
170 #define	NSS_MMAPLEN_EXECATTR	NSS_LINELEN_EXECATTR * 8
171 
172 #define	NSS_LINELEN_TSOL	NSS_BUFSIZ
173 
174 #define	NSS_LINELEN_TSOL_TP	NSS_LINELEN_TSOL
175 #define	NSS_LINELEN_TSOL_RH	NSS_LINELEN_TSOL
176 #define	NSS_LINELEN_TSOL_ZC	NSS_LINELEN_TSOL
177 
178 /*
179  * Reasonable defaults for 'buflen' values passed to _r functions.  The BSD
180  * and SunOS 4.x implementations of the getXXXbyYYY() functions used hard-
181  * coded array sizes;  the values here are meant to handle anything that
182  * those implementations handled.
183  * === These might more reasonably go in <pwd.h>, <netdb.h> et al
184  */
185 
186 #define	NSS_BUFLEN_GROUP	NSS_LINELEN_GROUP
187 #define	NSS_BUFLEN_HOSTS	\
188 	(NSS_LINELEN_HOSTS + (MAXALIASES + MAXADDRS + 2) * sizeof (char *))
189 #define	NSS_BUFLEN_IPNODES	\
190 	(NSS_LINELEN_IPNODES + (MAXALIASES + MAXADDRS + 2) * sizeof (char *))
191 #define	NSS_BUFLEN_NETGROUP	(MAXHOSTNAMELEN * 2 + LOGNAME_MAX + 3)
192 #define	NSS_BUFLEN_NETWORKS	NSS_LINELEN_NETWORKS	/* === ?  + 35 * 4 */
193 #define	NSS_BUFLEN_PASSWD	NSS_LINELEN_PASSWD
194 #define	NSS_BUFLEN_PROJECT	(NSS_LINELEN_PROJECT + 800 * sizeof (char *))
195 #define	NSS_BUFLEN_PROTOCOLS	NSS_LINELEN_PROTOCOLS	/* === ?  + 35 * 4 */
196 #define	NSS_BUFLEN_PUBLICKEY	NSS_LINELEN_PUBLICKEY
197 #define	NSS_BUFLEN_RPC		NSS_LINELEN_RPC		/* === ?  + 35 * 4 */
198 #define	NSS_BUFLEN_SERVICES	NSS_LINELEN_SERVICES	/* === ?  + 35 * 4 */
199 #define	NSS_BUFLEN_SHADOW	NSS_LINELEN_SHADOW
200 #define	NSS_BUFLEN_ETHERS	NSS_LINELEN_ETHERS
201 #define	NSS_BUFLEN_BOOTPARAMS	NSS_LINELEN_BOOTPARAMS
202 
203 #define	NSS_BUFLEN_ATTRDB	NSS_LINELEN_ATTRDB
204 
205 #define	NSS_BUFLEN_AUDITUSER	NSS_BUFLEN_ATTRDB
206 #define	NSS_BUFLEN_AUTHATTR	NSS_BUFLEN_ATTRDB
207 #define	NSS_BUFLEN_EXECATTR	NSS_BUFLEN_ATTRDB
208 #define	NSS_BUFLEN_PROFATTR	NSS_BUFLEN_ATTRDB
209 #define	NSS_BUFLEN_USERATTR	((NSS_BUFLEN_ATTRDB) * 8)
210 
211 #define	NSS_BUFLEN_TSOL		NSS_LINELEN_TSOL
212 
213 #define	NSS_BUFLEN_TSOL_TP	NSS_BUFLEN_TSOL
214 #define	NSS_BUFLEN_TSOL_RH	NSS_BUFLEN_TSOL
215 #define	NSS_BUFLEN_TSOL_ZC	NSS_BUFLEN_TSOL
216 
217 /*
218  * Arguments and results, passed between the frontends and backends for
219  * the well-known databases.  The getXbyY_r() and getXent_r() routines
220  * use a common format that is further described below;  other routines
221  * use their own formats.
222  */
223 
224 /*
225  * The initgroups() function [see initgroups(3c)] needs to find all the
226  *   groups to which a given user belongs.  To do this it calls
227  *   _getgroupsbymember(), which is part of the frontend for the "group"
228  *   database.
229  * We want the same effect as if we used getgrent_r() to enumerate the
230  *   entire groups database (possibly from multiple sources), but getgrent_r()
231  *   is too inefficient.  Most backends can do better if they know they're
232  *   meant to scan all groups;  hence there's a separate backend operation,
233  *   NSS_DBOP_GROUP_BYMEMBER, which uses the nss_groupsbymem struct.
234  * Note that the normal return-value from such a backend, even when it
235  *   successfully finds matching group entries, is NSS_NOTFOUND, because
236  *   this tells the switch engine to keep searching in any more sources.
237  *   In fact, the backends only return NSS_SUCCESS if they find enough
238  *   matching entries that the gid_array is completely filled, in which
239  *   case the switch engine should stop searching.
240  * If the force_slow_way field is set, the backend should eschew any cached
241  *   information (e.g. the YP netid.byname map or the NIS+ cred.org_dir table)
242  *   and should instead grind its way through the group map/table/whatever.
243  */
244 
245 struct nss_groupsbymem {			/* For _getgroupsbymember() */
246 /* in: */
247 	const char	*username;
248 	gid_t		*gid_array;
249 	int		maxgids;
250 	int		force_slow_way;
251 	/*
252 	 * The process_cstr() routine does the real work for any backend
253 	 * that can supply a group entry as a string in /etc/group format
254 	 */
255 #if defined(__STDC__)
256 	int		(*str2ent)	(const char		*instr,
257 					int			instr_len,
258 					void *ent, char *buffer, int buflen);
259 	nss_status_t	(*process_cstr)	(const char		*instr,
260 					int			instr_len,
261 					struct nss_groupsbymem *);
262 #else
263 	int		(*str2ent)();
264 	nss_status_t	(*process_cstr)();
265 #endif
266 
267 /* in_out: */
268 	int		numgids;
269 };
270 
271 /*
272  * The netgroup routines are handled as follows:
273  *
274  *   Policy decision:
275  *	If netgroup A refers to netgroup B, both must occur in the same
276  *	source (other choices give very confusing semantics).  This
277  *	assumption is deeply embedded in the frontend and backends.
278  *
279  *    -	setnetgrent(), despite its name, is really a getXXXbyYYY operation:
280  *	it takes a name and finds a netgroup with that name (see the
281  *	nss_setnetgrent_args struct below).  The "result" that it returns
282  *	to the frontend is an nss_backend_t for a pseudo-backend that allows
283  *	one to enumerate the members of that netgroup.
284  *
285  *    -	getnetgrent() calls the 'getXXXent' function in the pseudo-backend;
286  *	it doesn't go through the switch engine at all.  It uses the
287  *	nss_getnetgrent_args struct below.
288  *
289  *    -	innetgr() is implemented on top of __multi_innetgr(), which replaces
290  *	each (char *) argument of innetgr() with a counted vector of (char *).
291  *	The semantics are the same as an OR of the results of innetgr()
292  *	operations on each possible 4-tuple picked from the arguments, but
293  *	it's possible to implement some cases more efficiently.  This is
294  *	important for mountd, which used to read YP netgroup.byhost directly
295  *	in order to determine efficiently whether a given host belonged to any
296  *	one of a long list of netgroups.  Wildcarded arguments are indicated
297  *	by a count of zero.
298  *
299  *    -	__multi_innetgr() uses the nss_innetgr_args struct.  A backend whose
300  *	source contains at least one of the groups listed in the 'groups'
301  *	vector will return NSS_SUCCESS and will set the 'status' field to
302  *	indicate whether any 4-tuple was satisfied.  A backend will only
303  *	return NSS_NOTFOUND if the source contained none of the groups
304  *	listed in the 'groups' vector.
305  */
306 
307 enum nss_netgr_argn {		/* We need (machine, user, domain) triples */
308 	NSS_NETGR_MACHINE,
309 	NSS_NETGR_USER,
310 	NSS_NETGR_DOMAIN,
311 	NSS_NETGR_N
312 };
313 
314 enum nss_netgr_status {		/* Status from setnetgrent, multi_innetgr */
315 	NSS_NETGR_FOUND,
316 	NSS_NETGR_NO,
317 	NSS_NETGR_NOMEM
318 };
319 
320 struct nss_setnetgrent_args {
321 /* in: */
322 	const char		*netgroup;
323 /* out: */
324 	nss_backend_t		*iterator;	/* <==== Explain */
325 };
326 
327 struct nss_getnetgrent_args {
328 /* in: */
329 	char			*buffer;
330 	int			buflen;
331 /* out: */
332 	enum nss_netgr_status	status;
333 	char			*retp[NSS_NETGR_N];
334 };
335 
336 typedef unsigned	nss_innetgr_argc;    /* 0 means wildcard */
337 typedef char **		nss_innetgr_argv;    /* === Do we really need these? */
338 
339 struct nss_innetgr_1arg {
340 	nss_innetgr_argc	argc;
341 	nss_innetgr_argv	argv;
342 };
343 
344 struct nss_innetgr_args {
345 /* in: */
346 	struct nss_innetgr_1arg	arg[NSS_NETGR_N];
347 	struct nss_innetgr_1arg groups;
348 /* out: */
349 	enum nss_netgr_status	status;
350 };
351 
352 
353 /*
354  * nss_XbyY_buf_t -- structure containing the generic arguments passwd to
355  *   getXXXbyYYY_r() and getXXXent_r() routines.  The (void *) value points to
356  *   a struct of the appropriate type, e.g. struct passwd or struct hostent.
357  *
358  * The functions that allocate and free these structures do no locking at
359  * all, since the routines that use them are inherently MT-unsafe anyway.
360  */
361 
362 typedef struct {
363 	void		*result;	/* "result" parameter to getXbyY_r() */
364 	char		*buffer;	/* "buffer"     "             "      */
365 	int		buflen;		/* "buflen"     "             "      */
366 } nss_XbyY_buf_t;
367 
368 #if defined(__STDC__)
369 extern nss_XbyY_buf_t	*_nss_XbyY_buf_alloc(int struct_size, int buffer_size);
370 extern void		 _nss_XbyY_buf_free(nss_XbyY_buf_t *);
371 #else
372 extern nss_XbyY_buf_t	*_nss_XbyY_buf_alloc();
373 extern void		 _nss_XbyY_buf_free();
374 #endif
375 
376 #define	NSS_XbyY_ALLOC(bufpp, str_size, buf_size)		(\
377 	(*bufpp) == 0						\
378 	? (*bufpp) = _nss_XbyY_buf_alloc(str_size, buf_size)	\
379 	: (*bufpp))						\
380 
381 #define	NSS_XbyY_FREE(bufpp)	(_nss_XbyY_buf_free(*bufpp), (*bufpp) = 0)
382 
383 /*
384  * The nss_XbyY_args_t struct contains all the information passed between
385  * frontends and backends for the getXbyY_r() and getXent() routines,
386  * including an nss_XbyY_buf_t and the lookup key (unused for getXXXent_r).
387  *
388  * The (*str2ent)() member converts a single XXXent from ASCII text to the
389  * appropriate struct, storing any pointer data (strings, in_addrs, arrays
390  * of these) in the buffer.  The ASCII text is a counted string (*not* a
391  * zero-terminated string) whose length is specified by the instr_len
392  * parameter.  The text is found at the address specified by instr and
393  * the string is treated as readonly. buffer and instr must be non-
394  * intersecting memory areas.
395  *
396  * With the exception of passwd, shadow and group, the text form for these
397  * databases allows trailing comments and arbitrary whitespace.  The
398  * corresponding str2ent routine assumes that comments, leading whitespace
399  * and trailing whitespace have been stripped (and thus assumes that entries
400  * consisting only of these have been discarded).
401  *
402  * The text entries for "rpc" and for the databases described in <netdb.h>
403  * follow a common format (a canonical name with a possibly empty list
404  * of aliases, and some other value), albeit with minor variations.
405  * The function _nss_netdb_aliases() does most of the generic work involved
406  * in parsing and marshalling these into the buffer.
407  */
408 
409 union nss_XbyY_key {	/* No tag;  backend should know what to expect */
410 	uid_t		uid;
411 	gid_t		gid;
412 	projid_t	projid;
413 	const char	*name;
414 	int		number;
415 	struct {
416 		int	net;
417 		int		type;
418 	}	netaddr;
419 	struct {
420 		const char	*addr;
421 		int		len;
422 		int		type;
423 	}	hostaddr;
424 	struct {
425 		union {
426 			const char	*name;
427 			int		port;
428 		}		serv;
429 		const char	*proto;
430 	}	serv;
431 	void *ether;
432 	struct {
433 		const char	*name;
434 		const char	*keytype;
435 	} pkey;
436 	struct {
437 		const char	*name;
438 		int		af_family;
439 		int		flags;
440 	}	ipnode;
441 	void *attrp;	/* for the new attr databases */
442 };
443 
444 typedef struct nss_XbyY_args {
445 
446 /* IN */
447 	nss_XbyY_buf_t	buf;
448 	int		stayopen;
449 			/*
450 			 * Support for setXXXent(stayopen)
451 			 * Used only in hosts, protocols,
452 			 * networks, rpc, and services.
453 			 */
454 #if defined(__STDC__)
455 	int		(*str2ent)	(const char		*instr,
456 					int			instr_len,
457 					void *ent, char *buffer, int buflen);
458 #else
459 	int		(*str2ent)();
460 #endif
461 	union nss_XbyY_key key;
462 
463 /* OUT */
464 	void		*returnval;
465 	int		erange;
466 	int		h_errno;		/* For gethost*_r() */
467 	nss_status_t	status; /* from the backend last called */
468 } nss_XbyY_args_t;
469 
470 /* status returned by the str2ent parsing routines */
471 #define	NSS_STR_PARSE_SUCCESS 0
472 #define	NSS_STR_PARSE_PARSE 1
473 #define	NSS_STR_PARSE_ERANGE 2
474 
475 #define	NSS_XbyY_INIT(str, res, bufp, len, func)	(\
476 	(str)->buf.result = (res),			\
477 	(str)->buf.buffer = (bufp),			\
478 	(str)->buf.buflen = (len),			\
479 	(str)->stayopen  = 0,				\
480 	(str)->str2ent  = (func),			\
481 	(str)->returnval = 0,				\
482 	(str)->erange    = 0)
483 
484 #define	NSS_XbyY_FINI(str)				(\
485 	(str)->returnval == 0 && (str)->erange && (errno = ERANGE), \
486 	(str)->returnval)
487 
488 #if defined(__STDC__)
489 extern char		**_nss_netdb_aliases
490 	(const char *, int, char *, int);
491 #else
492 extern char		**_nss_netdb_aliases();
493 #endif
494 
495 /*
496  * nss_dbop_t values for searches with various keys;  values for
497  * destructor/endent/setent/getent are defined in <nss_common.h>
498  */
499 
500 #define	NSS_DBOP_GROUP_BYNAME		(NSS_DBOP_next_iter)
501 #define	NSS_DBOP_GROUP_BYGID		(NSS_DBOP_GROUP_BYNAME + 1)
502 #define	NSS_DBOP_GROUP_BYMEMBER		(NSS_DBOP_GROUP_BYGID  + 1)
503 
504 #define	NSS_DBOP_PASSWD_BYNAME		(NSS_DBOP_next_iter)
505 #define	NSS_DBOP_PASSWD_BYUID		(NSS_DBOP_PASSWD_BYNAME + 1)
506 
507 /* The "compat" backend requires that PASSWD_BYNAME == SHADOW_BYNAME */
508 /*   (it also requires that both use key.name to pass the username). */
509 #define	NSS_DBOP_SHADOW_BYNAME		(NSS_DBOP_PASSWD_BYNAME)
510 
511 #define	NSS_DBOP_PROJECT_BYNAME		(NSS_DBOP_next_iter)
512 #define	NSS_DBOP_PROJECT_BYID		(NSS_DBOP_PROJECT_BYNAME + 1)
513 
514 #define	NSS_DBOP_HOSTS_BYNAME		(NSS_DBOP_next_iter)
515 #define	NSS_DBOP_HOSTS_BYADDR		(NSS_DBOP_HOSTS_BYNAME + 1)
516 
517 #define	NSS_DBOP_IPNODES_BYNAME		(NSS_DBOP_next_iter)
518 #define	NSS_DBOP_IPNODES_BYADDR		(NSS_DBOP_IPNODES_BYNAME + 1)
519 
520 /*
521  * NSS_DBOP_NAME_2ADDR
522  * NSS_DBOP_ADDR_2NAME
523  *                                : are defines for ipv6 api's
524  */
525 
526 #define	NSS_DBOP_NAME_2ADDR		(NSS_DBOP_next_ipv6_iter)
527 #define	NSS_DBOP_ADDR_2NAME		(NSS_DBOP_NAME_2ADDR + 1)
528 
529 #define	NSS_DBOP_RPC_BYNAME		(NSS_DBOP_next_iter)
530 #define	NSS_DBOP_RPC_BYNUMBER		(NSS_DBOP_RPC_BYNAME + 1)
531 
532 #define	NSS_DBOP_NETWORKS_BYNAME		(NSS_DBOP_next_iter)
533 #define	NSS_DBOP_NETWORKS_BYADDR		(NSS_DBOP_NETWORKS_BYNAME + 1)
534 
535 #define	NSS_DBOP_SERVICES_BYNAME	(NSS_DBOP_next_iter)
536 #define	NSS_DBOP_SERVICES_BYPORT	(NSS_DBOP_SERVICES_BYNAME + 1)
537 
538 #define	NSS_DBOP_PROTOCOLS_BYNAME	(NSS_DBOP_next_iter)
539 #define	NSS_DBOP_PROTOCOLS_BYNUMBER	(NSS_DBOP_PROTOCOLS_BYNAME + 1)
540 
541 #define	NSS_DBOP_ETHERS_HOSTTON	(NSS_DBOP_next_noiter)
542 #define	NSS_DBOP_ETHERS_NTOHOST	(NSS_DBOP_ETHERS_HOSTTON + 1)
543 
544 #define	NSS_DBOP_BOOTPARAMS_BYNAME	(NSS_DBOP_next_noiter)
545 #define	NSS_DBOP_NETMASKS_BYNET	(NSS_DBOP_next_noiter)
546 
547 #define	NSS_DBOP_PRINTERS_BYNAME	(NSS_DBOP_next_iter)
548 
549 /*
550  * The "real" backend for netgroup (__multi_innetgr, setnetgrent)
551  */
552 #define	NSS_DBOP_NETGROUP_IN		(NSS_DBOP_next_iter)
553 #define	NSS_DBOP_NETGROUP_SET		(NSS_DBOP_NETGROUP_IN  + 1)
554 
555 /*
556  * The backend for getpublickey and getsecretkey (getkeys)
557  */
558 #define	NSS_DBOP_KEYS_BYNAME		(NSS_DBOP_next_iter)
559 
560 /*
561  * The pseudo-backend for netgroup (returned by setnetgrent) doesn't have
562  *   any getXXXbyYYY operations, just the usual destr/end/set/get ops,
563  *   so needs no definitions here.
564  */
565 
566 #define	NSS_DBOP_ATTRDB_BYNAME		(NSS_DBOP_next_iter)
567 
568 #define	NSS_DBOP_AUDITUSER_BYNAME	NSS_DBOP_ATTRDB_BYNAME
569 #define	NSS_DBOP_AUTHATTR_BYNAME	NSS_DBOP_ATTRDB_BYNAME
570 #define	NSS_DBOP_EXECATTR_BYNAME	NSS_DBOP_ATTRDB_BYNAME
571 #define	NSS_DBOP_EXECATTR_BYID		(NSS_DBOP_EXECATTR_BYNAME + 1)
572 #define	NSS_DBOP_EXECATTR_BYNAMEID	(NSS_DBOP_EXECATTR_BYID + 1)
573 #define	NSS_DBOP_PROFATTR_BYNAME	NSS_DBOP_ATTRDB_BYNAME
574 #define	NSS_DBOP_USERATTR_BYNAME	NSS_DBOP_ATTRDB_BYNAME
575 
576 #define	NSS_DBOP_TSOL_TP_BYNAME		(NSS_DBOP_next_iter)
577 #define	NSS_DBOP_TSOL_RH_BYADDR		(NSS_DBOP_next_iter)
578 #define	NSS_DBOP_TSOL_ZC_BYNAME		(NSS_DBOP_next_iter)
579 
580 /*
581  * Used all over in the switch code. The best home for it I can think of.
582  * Power-of-two alignments only.
583  */
584 #define	ROUND_DOWN(n, align)	(((uintptr_t)n) & ~((align) - 1l))
585 #define	ROUND_UP(n, align)	ROUND_DOWN(((uintptr_t)n) + (align) - 1l, \
586 				(align))
587 
588 #ifdef	__cplusplus
589 }
590 #endif
591 
592 #endif /* _NSS_DBDEFS_H */
593