xref: /titanic_50/usr/src/head/nss_dbdefs.h (revision a69116193464f859a8b27a2db19ad330ce163a55)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  *
25  * Database-specific definitions for the getXXXbyYYY routines
26  * (e.g getpwuid_r(), ether_ntohost()) that use the name-service switch.
27  * Database-independent definitions are in <nss_common.h>
28  *
29  * Ideally, this is the only switch header file one would add things
30  * to in order to support a new database.
31  *
32  * NOTE:  The interfaces documented in this file may change in a minor
33  *	  release.  It is intended that in the future a stronger committment
34  *	  will be made to these interface definitions which will guarantee
35  *	  them across minor releases.
36  */
37 
38 #ifndef _NSS_DBDEFS_H
39 #define	_NSS_DBDEFS_H
40 
41 #include <sys/types.h>
42 #include <unistd.h>
43 #include <errno.h>
44 #include <netdb.h>		/* MAXALIASES, MAXADDRS */
45 #include <limits.h>		/* LOGNAME_MAX */
46 #include <nss_common.h>
47 
48 #ifdef	__cplusplus
49 extern "C" {
50 #endif
51 
52 #ifndef	NSS_INCLUDE_UNSAFE
53 #define	NSS_INCLUDE_UNSAFE	1	/* Build old, MT-unsafe interfaces, */
54 #endif	/* NSS_INCLUDE_UNSAFE */	/*  e.g. getpwnam (c.f. getpwnam_r) */
55 
56 /*
57  * Names of the well-known databases.
58  */
59 
60 #define	NSS_DBNAM_ALIASES	"aliases"	/* E-mail aliases, that is */
61 #define	NSS_DBNAM_AUTOMOUNT	"automount"
62 #define	NSS_DBNAM_BOOTPARAMS	"bootparams"
63 #define	NSS_DBNAM_ETHERS	"ethers"
64 #define	NSS_DBNAM_GROUP		"group"
65 #define	NSS_DBNAM_HOSTS		"hosts"
66 #define	NSS_DBNAM_IPNODES	"ipnodes"
67 #define	NSS_DBNAM_NETGROUP	"netgroup"
68 #define	NSS_DBNAM_NETMASKS	"netmasks"
69 #define	NSS_DBNAM_NETWORKS	"networks"
70 #define	NSS_DBNAM_PASSWD	"passwd"
71 #define	NSS_DBNAM_PRINTERS	"printers"
72 #define	NSS_DBNAM_PROJECT	"project"
73 #define	NSS_DBNAM_PROTOCOLS	"protocols"
74 #define	NSS_DBNAM_PUBLICKEY	"publickey"
75 #define	NSS_DBNAM_RPC		"rpc"
76 #define	NSS_DBNAM_SERVICES	"services"
77 #define	NSS_DBNAM_AUDITUSER	"audit_user"
78 #define	NSS_DBNAM_AUTHATTR	"auth_attr"
79 #define	NSS_DBNAM_EXECATTR	"exec_attr"
80 #define	NSS_DBNAM_PROFATTR	"prof_attr"
81 #define	NSS_DBNAM_USERATTR	"user_attr"
82 
83 #define	NSS_DBNAM_TSOL_TP	"tnrhtp"
84 #define	NSS_DBNAM_TSOL_RH	"tnrhdb"
85 #define	NSS_DBNAM_TSOL_ZC	"tnzonecfg"
86 
87 /* getspnam() et al use the "passwd" config entry but the "shadow" backend */
88 #define	NSS_DBNAM_SHADOW	"shadow"
89 
90 /* The "compat" backend gets config entries for these pseudo-databases */
91 #define	NSS_DBNAM_PASSWD_COMPAT	"passwd_compat"
92 #define	NSS_DBNAM_GROUP_COMPAT	"group_compat"
93 
94 /*
95  * Default switch configuration, compiled into the front-ends.
96  *
97  * Absent good reasons to the contrary, this should be compatible with the
98  * default /etc/nsswitch.conf file.
99  */
100 #define	NSS_FILES_ONLY		"files"
101 #define	NSS_FILES_NS		"files nis"
102 #define	NSS_NS_FALLBACK		"nis [NOTFOUND=return] files"
103 #define	NSS_NS_ONLY		"nis"
104 #define	NSS_TSOL_FALLBACK	"files ldap"
105 
106 #define	NSS_DEFCONF_ALIASES	NSS_FILES_NS
107 #define	NSS_DEFCONF_AUTOMOUNT	NSS_FILES_NS
108 #define	NSS_DEFCONF_BOOTPARAMS	NSS_NS_FALLBACK
109 #define	NSS_DEFCONF_ETHERS	NSS_NS_FALLBACK
110 #define	NSS_DEFCONF_GROUP	NSS_FILES_NS
111 #define	NSS_DEFCONF_HOSTS	NSS_NS_FALLBACK
112 #define	NSS_DEFCONF_IPNODES	NSS_NS_FALLBACK
113 #define	NSS_DEFCONF_NETGROUP	NSS_NS_ONLY
114 #define	NSS_DEFCONF_NETMASKS	NSS_NS_FALLBACK
115 #define	NSS_DEFCONF_NETWORKS	NSS_NS_FALLBACK
116 #define	NSS_DEFCONF_PASSWD	NSS_FILES_NS
117 #define	NSS_DEFCONF_PRINTERS	"user files nis"
118 #define	NSS_DEFCONF_PROJECT	NSS_FILES_NS
119 #define	NSS_DEFCONF_PROTOCOLS	NSS_NS_FALLBACK
120 #define	NSS_DEFCONF_PUBLICKEY	NSS_FILES_NS
121 #define	NSS_DEFCONF_RPC		NSS_NS_FALLBACK
122 #define	NSS_DEFCONF_SERVICES	NSS_FILES_NS	/* speeds up byname() */
123 
124 #define	NSS_DEFCONF_GROUP_COMPAT	NSS_NS_ONLY
125 #define	NSS_DEFCONF_PASSWD_COMPAT	NSS_NS_ONLY
126 
127 #define	NSS_DEFCONF_ATTRDB	NSS_FILES_NS
128 
129 #define	NSS_DEFCONF_AUDITUSER	NSS_DEFCONF_PASSWD
130 #define	NSS_DEFCONF_USERATTR	NSS_DEFCONF_PASSWD
131 #define	NSS_DEFCONF_AUTHATTR	NSS_DEFCONF_ATTRDB
132 #define	NSS_DEFCONF_PROFATTR	NSS_DEFCONF_ATTRDB
133 #define	NSS_DEFCONF_EXECATTR	NSS_DEFCONF_PROFATTR
134 
135 #define	NSS_DEFCONF_TSOL_TP	NSS_TSOL_FALLBACK
136 #define	NSS_DEFCONF_TSOL_RH	NSS_TSOL_FALLBACK
137 #define	NSS_DEFCONF_TSOL_ZC	NSS_TSOL_FALLBACK
138 
139 /*
140  * Line-lengths that the "files" and "compat" backends will try to support.
141  * It may be reasonable (even advisable) to use smaller values than these.
142  */
143 
144 #define	NSS_BUFSIZ		1024
145 
146 #define	NSS_LINELEN_GROUP	((NSS_BUFSIZ) * 8)
147 #define	NSS_LINELEN_HOSTS	((NSS_BUFSIZ) * 8)
148 #define	NSS_LINELEN_IPNODES	((NSS_BUFSIZ) * 8)
149 #define	NSS_LINELEN_NETMASKS	NSS_BUFSIZ
150 #define	NSS_LINELEN_NETWORKS	NSS_BUFSIZ
151 #define	NSS_LINELEN_PASSWD	NSS_BUFSIZ
152 #define	NSS_LINELEN_PRINTERS	NSS_BUFSIZ
153 #define	NSS_LINELEN_PROJECT	((NSS_BUFSIZ) * 4)
154 #define	NSS_LINELEN_PROTOCOLS	NSS_BUFSIZ
155 #define	NSS_LINELEN_PUBLICKEY	NSS_BUFSIZ
156 #define	NSS_LINELEN_RPC		NSS_BUFSIZ
157 #define	NSS_LINELEN_SERVICES	NSS_BUFSIZ
158 #define	NSS_LINELEN_SHADOW	NSS_BUFSIZ
159 #define	NSS_LINELEN_ETHERS	NSS_BUFSIZ
160 #define	NSS_LINELEN_BOOTPARAMS	NSS_BUFSIZ
161 
162 #define	NSS_LINELEN_ATTRDB	NSS_BUFSIZ
163 
164 #define	NSS_LINELEN_AUDITUSER	NSS_LINELEN_ATTRDB
165 #define	NSS_LINELEN_AUTHATTR	NSS_LINELEN_ATTRDB
166 #define	NSS_LINELEN_EXECATTR	NSS_LINELEN_ATTRDB
167 #define	NSS_LINELEN_PROFATTR	NSS_LINELEN_ATTRDB
168 #define	NSS_LINELEN_USERATTR	NSS_LINELEN_ATTRDB
169 
170 #define	NSS_MMAPLEN_EXECATTR	NSS_LINELEN_EXECATTR * 8
171 
172 #define	NSS_LINELEN_TSOL	NSS_BUFSIZ
173 
174 #define	NSS_LINELEN_TSOL_TP	NSS_LINELEN_TSOL
175 #define	NSS_LINELEN_TSOL_RH	NSS_LINELEN_TSOL
176 #define	NSS_LINELEN_TSOL_ZC	NSS_LINELEN_TSOL
177 
178 /*
179  * Reasonable defaults for 'buflen' values passed to _r functions.  The BSD
180  * and SunOS 4.x implementations of the getXXXbyYYY() functions used hard-
181  * coded array sizes;  the values here are meant to handle anything that
182  * those implementations handled.
183  * === These might more reasonably go in <pwd.h>, <netdb.h> et al
184  */
185 
186 #define	NSS_BUFLEN_GROUP	NSS_LINELEN_GROUP
187 #define	NSS_BUFLEN_HOSTS	\
188 	(NSS_LINELEN_HOSTS + (MAXALIASES + MAXADDRS + 2) * sizeof (char *))
189 #define	NSS_BUFLEN_IPNODES	\
190 	(NSS_LINELEN_IPNODES + (MAXALIASES + MAXADDRS + 2) * sizeof (char *))
191 #define	NSS_BUFLEN_NETGROUP	(MAXHOSTNAMELEN * 2 + LOGNAME_MAX + 3)
192 #define	NSS_BUFLEN_NETWORKS	NSS_LINELEN_NETWORKS	/* === ?  + 35 * 4 */
193 #define	NSS_BUFLEN_PASSWD	NSS_LINELEN_PASSWD
194 #define	NSS_BUFLEN_PROJECT	(NSS_LINELEN_PROJECT + 800 * sizeof (char *))
195 #define	NSS_BUFLEN_PROTOCOLS	NSS_LINELEN_PROTOCOLS	/* === ?  + 35 * 4 */
196 #define	NSS_BUFLEN_PUBLICKEY	NSS_LINELEN_PUBLICKEY
197 #define	NSS_BUFLEN_RPC		NSS_LINELEN_RPC		/* === ?  + 35 * 4 */
198 #define	NSS_BUFLEN_SERVICES	NSS_LINELEN_SERVICES	/* === ?  + 35 * 4 */
199 #define	NSS_BUFLEN_SHADOW	NSS_LINELEN_SHADOW
200 #define	NSS_BUFLEN_ETHERS	NSS_LINELEN_ETHERS
201 #define	NSS_BUFLEN_BOOTPARAMS	NSS_LINELEN_BOOTPARAMS
202 
203 #define	NSS_BUFLEN_ATTRDB	NSS_LINELEN_ATTRDB
204 
205 #define	NSS_BUFLEN_AUDITUSER	NSS_BUFLEN_ATTRDB
206 #define	NSS_BUFLEN_AUTHATTR	NSS_BUFLEN_ATTRDB
207 #define	NSS_BUFLEN_EXECATTR	NSS_BUFLEN_ATTRDB
208 #define	NSS_BUFLEN_PROFATTR	NSS_BUFLEN_ATTRDB
209 #define	NSS_BUFLEN_USERATTR	((NSS_BUFLEN_ATTRDB) * 8)
210 
211 #define	NSS_BUFLEN_TSOL		NSS_LINELEN_TSOL
212 #define	NSS_BUFLEN_TSOL_TP	NSS_BUFLEN_TSOL
213 #define	NSS_BUFLEN_TSOL_RH	NSS_BUFLEN_TSOL
214 #define	NSS_BUFLEN_TSOL_ZC	NSS_BUFLEN_TSOL
215 
216 /*
217  * Default cache door buffer size (2x largest buffer)
218  */
219 
220 #define	NSS_BUFLEN_DOOR		((NSS_BUFSIZ) * 16)
221 
222 /*
223  * Arguments and results, passed between the frontends and backends for
224  * the well-known databases.  The getXbyY_r() and getXent_r() routines
225  * use a common format that is further described below;  other routines
226  * use their own formats.
227  */
228 
229 /*
230  * The nss_str2ent_t routine is the data marshaller for the nsswitch.
231  * it converts 'native files' format into 'entry' format as part of the
232  * return processing for a getXbyY interface.
233  *
234  * The nss_groupstr_t routine does the real work for any backend
235  * that can supply a netgroup entry as a string in /etc/group format
236  */
237 #if defined(__STDC__)
238 typedef int		(*nss_str2ent_t)(const char *in, int inlen,
239 				void *ent, char *buf, int buflen);
240 
241 struct nss_groupsbymem;		/* forward definition */
242 typedef nss_status_t	(*nss_groupstr_t)(const char *instr, int inlen,
243 				struct nss_groupsbymem *);
244 #else
245 typedef int		(*nss_str2ent_t)();
246 typedef nss_status_t	(*nss_groupstr_t)();
247 #endif
248 
249 /*
250  * The initgroups() function [see initgroups(3c)] needs to find all the
251  *   groups to which a given user belongs.  To do this it calls
252  *   _getgroupsbymember(), which is part of the frontend for the "group"
253  *   database.
254  * We want the same effect as if we used getgrent_r() to enumerate the
255  *   entire groups database (possibly from multiple sources), but getgrent_r()
256  *   is too inefficient.  Most backends can do better if they know they're
257  *   meant to scan all groups;  hence there's a separate backend operation,
258  *   NSS_DBOP_GROUP_BYMEMBER, which uses the nss_groupsbymem struct.
259  * Note that the normal return-value from such a backend, even when it
260  *   successfully finds matching group entries, is NSS_NOTFOUND, because
261  *   this tells the switch engine to keep searching in any more sources.
262  *   In fact, the backends only return NSS_SUCCESS if they find enough
263  *   matching entries that the gid_array is completely filled, in which
264  *   case the switch engine should stop searching.
265  * If the force_slow_way field is set, the backend should eschew any cached
266  *   information (e.g. the YP netid.byname map or the NIS+ cred.org_dir table)
267  *   and should instead grind its way through the group map/table/whatever.
268  */
269 
270 struct nss_groupsbymem {			/* For _getgroupsbymember() */
271 /* in: */
272 	const char	*username;
273 	gid_t		*gid_array;
274 	int		maxgids;
275 	int		force_slow_way;
276 	nss_str2ent_t	str2ent;
277 	nss_groupstr_t	process_cstr;
278 
279 /* in_out: */
280 	int		numgids;
281 };
282 
283 /*
284  * The netgroup routines are handled as follows:
285  *
286  *   Policy decision:
287  *	If netgroup A refers to netgroup B, both must occur in the same
288  *	source (other choices give very confusing semantics).  This
289  *	assumption is deeply embedded in the frontend and backends.
290  *
291  *    -	setnetgrent(), despite its name, is really a getXXXbyYYY operation:
292  *	it takes a name and finds a netgroup with that name (see the
293  *	nss_setnetgrent_args struct below).  The "result" that it returns
294  *	to the frontend is an nss_backend_t for a pseudo-backend that allows
295  *	one to enumerate the members of that netgroup.
296  *
297  *    -	getnetgrent() calls the 'getXXXent' function in the pseudo-backend;
298  *	it doesn't go through the switch engine at all.  It uses the
299  *	nss_getnetgrent_args struct below.
300  *
301  *    -	innetgr() is implemented on top of __multi_innetgr(), which replaces
302  *	each (char *) argument of innetgr() with a counted vector of (char *).
303  *	The semantics are the same as an OR of the results of innetgr()
304  *	operations on each possible 4-tuple picked from the arguments, but
305  *	it's possible to implement some cases more efficiently.  This is
306  *	important for mountd, which used to read YP netgroup.byhost directly
307  *	in order to determine efficiently whether a given host belonged to any
308  *	one of a long list of netgroups.  Wildcarded arguments are indicated
309  *	by a count of zero.
310  *
311  *    -	__multi_innetgr() uses the nss_innetgr_args struct.  A backend whose
312  *	source contains at least one of the groups listed in the 'groups'
313  *	vector will return NSS_SUCCESS and will set the 'status' field to
314  *	indicate whether any 4-tuple was satisfied.  A backend will only
315  *	return NSS_NOTFOUND if the source contained none of the groups
316  *	listed in the 'groups' vector.
317  */
318 
319 enum nss_netgr_argn {		/* We need (machine, user, domain) triples */
320 	NSS_NETGR_MACHINE = 0,
321 	NSS_NETGR_USER = 1,
322 	NSS_NETGR_DOMAIN = 2,
323 	NSS_NETGR_N = 3
324 };
325 
326 enum nss_netgr_status {		/* Status from setnetgrent, multi_innetgr */
327 	NSS_NETGR_FOUND = 0,
328 	NSS_NETGR_NO = 1,
329 	NSS_NETGR_NOMEM = 2
330 };
331 
332 struct nss_setnetgrent_args {
333 /* in: */
334 	const char		*netgroup;
335 /* out: */
336 	nss_backend_t		*iterator;	/* <==== Explain */
337 };
338 
339 struct nss_getnetgrent_args {
340 /* in: */
341 	char			*buffer;
342 	int			buflen;
343 /* out: */
344 	enum nss_netgr_status	status;
345 	char			*retp[NSS_NETGR_N];
346 };
347 
348 typedef unsigned	nss_innetgr_argc;    /* 0 means wildcard */
349 typedef char **		nss_innetgr_argv;    /* === Do we really need these? */
350 
351 struct nss_innetgr_1arg {
352 	nss_innetgr_argc	argc;
353 	nss_innetgr_argv	argv;
354 };
355 
356 struct nss_innetgr_args {
357 /* in: */
358 	struct nss_innetgr_1arg	arg[NSS_NETGR_N];
359 	struct nss_innetgr_1arg groups;
360 /* out: */
361 	enum nss_netgr_status	status;
362 };
363 
364 /*
365  * nss_XbyY_buf_t -- structure containing the generic arguments passwd to
366  *   getXXXbyYYY_r() and getXXXent_r() routines.  The (void *) value points to
367  *   a struct of the appropriate type, e.g. struct passwd or struct hostent.
368  *
369  * The functions that allocate and free these structures do no locking at
370  * all, since the routines that use them are inherently MT-unsafe anyway.
371  */
372 
373 typedef struct {
374 	void		*result;	/* "result" parameter to getXbyY_r() */
375 	char		*buffer;	/* "buffer"     "             "      */
376 	int		buflen;		/* "buflen"     "             "      */
377 } nss_XbyY_buf_t;
378 
379 #if defined(__STDC__)
380 extern nss_XbyY_buf_t	*_nss_XbyY_buf_alloc(int struct_size, int buffer_size);
381 extern void		 _nss_XbyY_buf_free(nss_XbyY_buf_t *);
382 #else
383 extern nss_XbyY_buf_t	*_nss_XbyY_buf_alloc();
384 extern void		 _nss_XbyY_buf_free();
385 #endif
386 
387 #define	NSS_XbyY_ALLOC(bufpp, str_size, buf_size)		(\
388 	(*bufpp) == 0						\
389 	? (*bufpp) = _nss_XbyY_buf_alloc(str_size, buf_size)	\
390 	: (*bufpp))
391 
392 #define	NSS_XbyY_FREE(bufpp)	(_nss_XbyY_buf_free(*bufpp), (*bufpp) = 0)
393 
394 /*
395  * The nss_XbyY_args_t struct contains all the information passed between
396  * frontends and backends for the getXbyY_r() and getXent() routines,
397  * including an nss_XbyY_buf_t and the lookup key (unused for getXXXent_r).
398  *
399  * The (*str2ent)() member converts a single XXXent from ASCII text to the
400  * appropriate struct, storing any pointer data (strings, in_addrs, arrays
401  * of these) in the buffer.  The ASCII text is a counted string (*not* a
402  * zero-terminated string) whose length is specified by the instr_len
403  * parameter.  The text is found at the address specified by instr and
404  * the string is treated as readonly. buffer and instr must be non-
405  * intersecting memory areas.
406  *
407  * With the exception of passwd, shadow and group, the text form for these
408  * databases allows trailing comments and arbitrary whitespace.  The
409  * corresponding str2ent routine assumes that comments, leading whitespace
410  * and trailing whitespace have been stripped (and thus assumes that entries
411  * consisting only of these have been discarded).
412  *
413  * The text entries for "rpc" and for the databases described in <netdb.h>
414  * follow a common format (a canonical name with a possibly empty list
415  * of aliases, and some other value), albeit with minor variations.
416  * The function _nss_netdb_aliases() does most of the generic work involved
417  * in parsing and marshalling these into the buffer.
418  */
419 
420 typedef union nss_XbyY_key {	/* No tag; backend should know what to expect */
421 	uid_t		uid;
422 	gid_t		gid;
423 	projid_t	projid;
424 	const char	*name;
425 	int		number;
426 	struct {
427 		int	net;
428 		int		type;
429 	}	netaddr;
430 	struct {
431 		const char	*addr;
432 		int		len;
433 		int		type;
434 	}	hostaddr;
435 	struct {
436 		union {
437 			const char	*name;
438 			int		port;
439 		}		serv;
440 		const char	*proto;
441 	}	serv;
442 	void *ether;
443 	struct {
444 		const char	*name;
445 		const char	*keytype;
446 	} pkey;
447 	struct {
448 		const char	*name;
449 		int		af_family;
450 		int		flags;
451 	}	ipnode;
452 	void *attrp;	/* for the new attr databases */
453 } nss_XbyY_key_t;
454 
455 
456 #if defined(__STDC__)
457 typedef int		(*nss_key2str_t)(void *buffer, size_t buflen,
458 				nss_XbyY_key_t *key, size_t *len);
459 #else
460 typedef int		(*nss_key2str_t)();
461 #endif
462 
463 
464 typedef struct nss_XbyY_args {
465 
466 /* IN */
467 	nss_XbyY_buf_t	buf;
468 	int		stayopen;
469 			/*
470 			 * Support for setXXXent(stayopen)
471 			 * Used only in hosts, protocols,
472 			 * networks, rpc, and services.
473 			 */
474 	nss_str2ent_t	str2ent;
475 	union nss_XbyY_key key;
476 
477 /* OUT */
478 	void		*returnval;
479 	int		erange;
480 	int		h_errno;	/* For gethost*_r() */
481 	nss_status_t	status;		/* from the backend last called */
482 /* NSS2 */
483 	nss_key2str_t	key2str;	/* IN */
484 	size_t		returnlen;	/* OUT */
485 
486 /* NSCD/DOOR data */
487 
488 /* ... buffer arena follows... */
489 } nss_XbyY_args_t;
490 
491 
492 
493 /*
494  * nss/nscd v2 interface, packed buffer format
495  *
496  * A key component of the v2 name service switch is the redirection
497  * of all activity to nscd for actual processing.  In the original
498  * switch most activity took place in each application, and the nscd
499  * cache component was an add-on optional interface.
500  *
501  * The nscd v1 format was a completely private interface that
502  * implemented specific bufferiing formats on a per getXbyY API basis.
503  *
504  * The nss/nscd v2 interface uses a common header and commonalizes
505  * the buffering format as consistently as possible.  The general rule
506  * of thumb is that backends are required to assemble their results in
507  * "files based" format [IE the format used on a per result basis as
508  * returned by the files backend] and then call the standard str2ent
509  * interface.  This is the original intended design as used in the files
510  * and nis backends.
511  *
512  * The benefit of this is that the application side library can assemble
513  * a request and provide a header and a variable length result buffer via
514  * a doors API, and then the nscd side switch can assemble a a getXbyY
515  * request providing the result buffer and a str2ent function that copies
516  * but does not unpack the result.
517  *
518  * This results is returned back via the door, and unpacked using the
519  * native library side str2ent interface.
520  *
521  * Additionally, the common header allows extensibility to add new
522  * getXbyYs, putXbyYs or other maintenance APIs to/from nscd without
523  * changing the existing "old style" backend interfaces.
524  *
525  * Finally new style getXbyY, putXbyY and backend interfaces can be
526  * by adding new operation requests to the header, while old style
527  * backwards compatability.
528  */
529 
530 /*
531  * nss/nscd v2 callnumber definitions
532  */
533 
534 /*
535  * callnumbers are separated by categories, such as:
536  * application to nscd requests, nscd to nscd requests,
537  * smf to nscd requests, etc.
538  */
539 
540 #define	NSCDV2CATMASK	(0xFF000000)
541 #define	NSCDV2CALLMASK	(0x00FFFFFF)
542 
543 /*
544  * nss/nscd v2 categories
545  */
546 
547 #define	NSCD_CALLCAT_APP	('a'<<24)
548 #define	NSCD_CALLCAT_N2N	('n'<<24)
549 
550 /* nscd v2 app-> nscd callnumbers */
551 
552 #define	NSCD_SEARCH	(NSCD_CALLCAT_APP|0x01)
553 #define	NSCD_SETENT	(NSCD_CALLCAT_APP|0x02)
554 #define	NSCD_GETENT	(NSCD_CALLCAT_APP|0x03)
555 #define	NSCD_ENDENT	(NSCD_CALLCAT_APP|0x04)
556 #define	NSCD_PUT	(NSCD_CALLCAT_APP|0x05)
557 #define	NSCD_GETHINTS	(NSCD_CALLCAT_APP|0x06)
558 
559 /* nscd v2 SETENT cookie markers */
560 
561 #define	NSCD_NEW_COOKIE		0
562 #define	NSCD_LOCAL_COOKIE	1
563 
564 /* nscd v2 header revision */
565 /* treated as 0xMMMMmmmm MMMM - Major Rev, mmmm - Minor Rev */
566 
567 #define	NSCD_HEADER_REV		0x00020000
568 
569 /*
570  * ptr/uint data type used to calculate shared nscd buffer struct sizes
571  * sizes/offsets are arbitrarily limited to 32 bits for 32/64 compatibility
572  * datatype is 64 bits for possible pointer storage and future use
573  */
574 
575 typedef uint64_t	nssuint_t;
576 
577 /*
578  * nscd v2 buffer layout overview
579  *
580  * The key interface to nscd moving forward is the doors interface
581  * between applications and nscd (NSCD_CALLCAT_APP), and nscd and
582  * it's children (NSCD_CALLCAT_N2N).
583  *
584  * Regardless of the interface used, the buffer layout is consistent.
585  * The General Layout is:
586  *   [nss_pheader_t][IN key][OUT data results]{extend results}
587  *
588  *   The header (nss_pheader_t) remains constant.
589  *   Keys and key layouts vary between call numbers/requests
590  *	NSCD_CALLCAT_APP use key layouts mimics/defines in nss_dbdefs.h
591  *	NSCD_CALLCAT_NSN use layouts defined by nscd headers
592  *   Data and data results vary between results
593  *	NSCD_CALLCAT_APP return "file standard format" output buffers
594  *	NSCD_CALLCAT_NSN return data defined by nscd headers
595  *   extended results are optional and vary
596  *
597  */
598 
599 /*
600  * nss_pheader_t -- buffer header structure that contains switch data
601  * "packed" by the client into a buffer suitable for transport over
602  * nscd's door, and that can be unpacked into a native form within
603  * nscd's switch.  Capable of packing and unpacking data ans results.
604  *
605  * NSCD_HEADER_REV: 0x00020000		16 x uint64 = (128 byte header)
606  */
607 
608 typedef struct {
609 	uint32_t	nsc_callnumber;		/* packed buffer request */
610 	uint32_t	nss_dbop;		/* old nss dbop */
611 	uint32_t	p_ruid;			/* real uid */
612 	uint32_t	p_euid;			/* effective uid */
613 	uint32_t	p_version;		/* 0xMMMMmmmm Major/minor */
614 	uint32_t	p_status;		/* nss_status_t */
615 	uint32_t	p_errno;		/* errno */
616 	uint32_t	p_herrno;		/* h_errno */
617 	nssuint_t	libpriv;		/* reserved (for lib/client) */
618 	nssuint_t	pbufsiz;		/* buffer size */
619 	nssuint_t	dbd_off;		/* IN: db desc off */
620 	nssuint_t	dbd_len;		/* IN: db desc len */
621 	nssuint_t	key_off;		/* IN: key off */
622 	nssuint_t	key_len;		/* IN: key len */
623 	nssuint_t	data_off;		/* OUT: data off */
624 	nssuint_t	data_len;		/* OUT: data len */
625 	nssuint_t	ext_off;		/* OUT: extended results off */
626 	nssuint_t	ext_len;		/* OUT: extended results len */
627 	nssuint_t	nscdpriv;		/* reserved (for nscd) */
628 	nssuint_t	reserved1;		/* reserved (TBD) */
629 } nss_pheader_t;
630 
631 /*
632  * nss_pnetgr_t -- packed offset structure for holding keys used
633  * by innetgr (__multi_innetgr) key
634  * Key format is:
635  *    nss_pnetgr_t
636  *     (nssuint_t)[machine_argc] offsets to strings
637  *     (nssuint_t)[user_argc] offsets to strings
638  *     (nssuint_t)[domain_argc] offsets to strings
639  *     (nssuint_t)[groups_argc] offsets to strings
640  *     machine,user,domain,groups strings
641  */
642 
643 typedef struct {
644 	uint32_t	machine_argc;
645 	uint32_t	user_argc;
646 	uint32_t	domain_argc;
647 	uint32_t	groups_argc;
648 	nssuint_t	machine_offv;
649 	nssuint_t	user_offv;
650 	nssuint_t	domain_offv;
651 	nssuint_t	groups_offv;
652 } nss_pnetgr_t;
653 
654 
655 /* status returned by the str2ent parsing routines */
656 #define	NSS_STR_PARSE_SUCCESS 0
657 #define	NSS_STR_PARSE_PARSE 1
658 #define	NSS_STR_PARSE_ERANGE 2
659 
660 #define	NSS_XbyY_INIT(str, res, bufp, len, func)	(\
661 	(str)->buf.result = (res),			\
662 	(str)->buf.buffer = (bufp),			\
663 	(str)->buf.buflen = (len),			\
664 	(str)->stayopen  = 0,				\
665 	(str)->str2ent  = (func),			\
666 	(str)->key2str  = NULL,				\
667 	(str)->returnval = 0,				\
668 	(str)->returnlen = 0,				\
669 	(str)->erange    = 0)
670 
671 #define	NSS_XbyY_INIT_EXT(str, res, bufp, len, func, kfunc)	(\
672 	(str)->buf.result = (res),			\
673 	(str)->buf.buffer = (bufp),			\
674 	(str)->buf.buflen = (len),			\
675 	(str)->stayopen  = 0,				\
676 	(str)->str2ent  = (func),			\
677 	(str)->key2str  = (kfunc),			\
678 	(str)->returnval = 0,				\
679 	(str)->returnlen = 0,				\
680 	(str)->erange    = 0)
681 
682 #define	NSS_XbyY_FINI(str)				(\
683 	(str)->returnval == 0 && (str)->erange && (errno = ERANGE), \
684 	(str)->returnval)
685 
686 #define	NSS_PACKED_CRED_CHECK(buf, ruid, euid)		(\
687 	((nss_pheader_t *)(buf))->p_ruid == (ruid) && \
688 	((nss_pheader_t *)(buf))->p_euid == (euid))
689 
690 #if defined(__STDC__)
691 extern char		**_nss_netdb_aliases(const char *, int, char *, int);
692 extern nss_status_t	nss_default_key2str(void *, size_t, nss_XbyY_args_t *,
693 					const char *, int, size_t *);
694 extern nss_status_t	nss_packed_arg_init(void *, size_t, nss_db_root_t *,
695 					nss_db_initf_t *, int *,
696 					nss_XbyY_args_t *);
697 extern nss_status_t	nss_packed_context_init(void *, size_t, nss_db_root_t *,
698 					nss_db_initf_t *, nss_getent_t **,
699 					nss_XbyY_args_t *);
700 extern void		nss_packed_set_status(void *, size_t, nss_status_t,
701 					nss_XbyY_args_t *);
702 extern nss_status_t	nss_packed_getkey(void *, size_t, char **, int *,
703 					nss_XbyY_args_t *);
704 #else
705 extern char		**_nss_netdb_aliases();
706 extern int		nss_default_key2str();
707 extern nss_status_t	nss_packed_arg_init();
708 extern nss_status_t	nss_packed_context_init();
709 extern void		nss_packed_set_status();
710 extern nss_status_t	nss_packed_getkey();
711 #endif
712 
713 /*
714  * nss_dbop_t values for searches with various keys;  values for
715  * destructor/endent/setent/getent are defined in <nss_common.h>
716  */
717 
718 /*
719  * These are part of the "Over the wire" IE app->nscd getXbyY
720  * op for well known getXbyY's.  Cannot use NSS_DBOP_X_Y directly
721  * because NSS_DBOP_next_iter is NOT an incrementing counter value
722  * it's a starting offset into an array value.
723  */
724 
725 #define	NSS_DBOP_X(x)			((x)<<16)
726 #define	NSS_DBOP_XY(x, y)		((x)|(y))
727 
728 #define	NSS_DBOP_ALIASES	NSS_DBOP_X(1)
729 #define	NSS_DBOP_AUTOMOUNT	NSS_DBOP_X(2)
730 #define	NSS_DBOP_BOOTPARAMS	NSS_DBOP_X(3)
731 #define	NSS_DBOP_ETHERS		NSS_DBOP_X(4)
732 #define	NSS_DBOP_GROUP		NSS_DBOP_X(5)
733 #define	NSS_DBOP_HOSTS		NSS_DBOP_X(6)
734 #define	NSS_DBOP_IPNODES	NSS_DBOP_X(7)
735 #define	NSS_DBOP_NETGROUP	NSS_DBOP_X(8)
736 #define	NSS_DBOP_NETMASKS	NSS_DBOP_X(9)
737 #define	NSS_DBOP_NETWORKS	NSS_DBOP_X(10)
738 #define	NSS_DBOP_PASSWD		NSS_DBOP_X(11)
739 #define	NSS_DBOP_PRINTERS	NSS_DBOP_X(12)
740 #define	NSS_DBOP_PROJECT	NSS_DBOP_X(13)
741 #define	NSS_DBOP_PROTOCOLS	NSS_DBOP_X(14)
742 #define	NSS_DBOP_PUBLICKEY	NSS_DBOP_X(15)
743 #define	NSS_DBOP_RPC		NSS_DBOP_X(16)
744 #define	NSS_DBOP_SERVICES	NSS_DBOP_X(17)
745 #define	NSS_DBOP_AUDITUSER	NSS_DBOP_X(18)
746 #define	NSS_DBOP_AUTHATTR	NSS_DBOP_X(19)
747 #define	NSS_DBOP_EXECATTR	NSS_DBOP_X(20)
748 #define	NSS_DBOP_PROFATTR	NSS_DBOP_X(21)
749 #define	NSS_DBOP_USERATTR	NSS_DBOP_X(22)
750 
751 #define	NSS_DBOP_GROUP_BYNAME		(NSS_DBOP_next_iter)
752 #define	NSS_DBOP_GROUP_BYGID		(NSS_DBOP_GROUP_BYNAME + 1)
753 #define	NSS_DBOP_GROUP_BYMEMBER		(NSS_DBOP_GROUP_BYGID  + 1)
754 
755 #define	NSS_DBOP_PASSWD_BYNAME		(NSS_DBOP_next_iter)
756 #define	NSS_DBOP_PASSWD_BYUID		(NSS_DBOP_PASSWD_BYNAME + 1)
757 
758 /* The "compat" backend requires that PASSWD_BYNAME == SHADOW_BYNAME */
759 /*   (it also requires that both use key.name to pass the username). */
760 #define	NSS_DBOP_SHADOW_BYNAME		(NSS_DBOP_PASSWD_BYNAME)
761 
762 #define	NSS_DBOP_PROJECT_BYNAME		(NSS_DBOP_next_iter)
763 #define	NSS_DBOP_PROJECT_BYID		(NSS_DBOP_PROJECT_BYNAME + 1)
764 
765 #define	NSS_DBOP_HOSTS_BYNAME		(NSS_DBOP_next_iter)
766 #define	NSS_DBOP_HOSTS_BYADDR		(NSS_DBOP_HOSTS_BYNAME + 1)
767 
768 #define	NSS_DBOP_IPNODES_BYNAME		(NSS_DBOP_next_iter)
769 #define	NSS_DBOP_IPNODES_BYADDR		(NSS_DBOP_IPNODES_BYNAME + 1)
770 
771 /*
772  * NSS_DBOP_NAME_2ADDR
773  * NSS_DBOP_ADDR_2NAME
774  *                                : are defines for ipv6 api's
775  */
776 
777 #define	NSS_DBOP_NAME_2ADDR		(NSS_DBOP_next_ipv6_iter)
778 #define	NSS_DBOP_ADDR_2NAME		(NSS_DBOP_NAME_2ADDR + 1)
779 
780 #define	NSS_DBOP_RPC_BYNAME		(NSS_DBOP_next_iter)
781 #define	NSS_DBOP_RPC_BYNUMBER		(NSS_DBOP_RPC_BYNAME + 1)
782 
783 #define	NSS_DBOP_NETWORKS_BYNAME		(NSS_DBOP_next_iter)
784 #define	NSS_DBOP_NETWORKS_BYADDR		(NSS_DBOP_NETWORKS_BYNAME + 1)
785 
786 #define	NSS_DBOP_SERVICES_BYNAME	(NSS_DBOP_next_iter)
787 #define	NSS_DBOP_SERVICES_BYPORT	(NSS_DBOP_SERVICES_BYNAME + 1)
788 
789 #define	NSS_DBOP_PROTOCOLS_BYNAME	(NSS_DBOP_next_iter)
790 #define	NSS_DBOP_PROTOCOLS_BYNUMBER	(NSS_DBOP_PROTOCOLS_BYNAME + 1)
791 
792 #define	NSS_DBOP_ETHERS_HOSTTON	(NSS_DBOP_next_noiter)
793 #define	NSS_DBOP_ETHERS_NTOHOST	(NSS_DBOP_ETHERS_HOSTTON + 1)
794 
795 #define	NSS_DBOP_BOOTPARAMS_BYNAME	(NSS_DBOP_next_noiter)
796 #define	NSS_DBOP_NETMASKS_BYNET	(NSS_DBOP_next_noiter)
797 
798 #define	NSS_DBOP_PRINTERS_BYNAME	(NSS_DBOP_next_iter)
799 
800 /*
801  * The "real" backend for netgroup (__multi_innetgr, setnetgrent)
802  */
803 #define	NSS_DBOP_NETGROUP_IN		(NSS_DBOP_next_iter)
804 #define	NSS_DBOP_NETGROUP_SET		(NSS_DBOP_NETGROUP_IN  + 1)
805 
806 /*
807  * The backend for getpublickey and getsecretkey (getkeys)
808  */
809 #define	NSS_DBOP_KEYS_BYNAME		(NSS_DBOP_next_iter)
810 
811 /*
812  * The pseudo-backend for netgroup (returned by setnetgrent) doesn't have
813  *   any getXXXbyYYY operations, just the usual destr/end/set/get ops,
814  *   so needs no definitions here.
815  */
816 
817 #define	NSS_DBOP_ATTRDB_BYNAME		(NSS_DBOP_next_iter)
818 
819 #define	NSS_DBOP_AUDITUSER_BYNAME	NSS_DBOP_ATTRDB_BYNAME
820 #define	NSS_DBOP_AUTHATTR_BYNAME	NSS_DBOP_ATTRDB_BYNAME
821 #define	NSS_DBOP_EXECATTR_BYNAME	NSS_DBOP_ATTRDB_BYNAME
822 #define	NSS_DBOP_EXECATTR_BYID		(NSS_DBOP_EXECATTR_BYNAME + 1)
823 #define	NSS_DBOP_EXECATTR_BYNAMEID	(NSS_DBOP_EXECATTR_BYID + 1)
824 #define	NSS_DBOP_PROFATTR_BYNAME	NSS_DBOP_ATTRDB_BYNAME
825 #define	NSS_DBOP_USERATTR_BYNAME	NSS_DBOP_ATTRDB_BYNAME
826 
827 #define	NSS_DBOP_TSOL_TP_BYNAME		(NSS_DBOP_next_iter)
828 #define	NSS_DBOP_TSOL_RH_BYADDR		(NSS_DBOP_next_iter)
829 #define	NSS_DBOP_TSOL_ZC_BYNAME		(NSS_DBOP_next_iter)
830 
831 /*
832  * Used all over in the switch code. The best home for it I can think of.
833  * Power-of-two alignments only.
834  */
835 #define	ROUND_DOWN(n, align)	(((uintptr_t)n) & ~((align) - 1l))
836 #define	ROUND_UP(n, align)	ROUND_DOWN(((uintptr_t)n) + (align) - 1l, \
837 				(align))
838 
839 #ifdef	__cplusplus
840 }
841 #endif
842 
843 #endif /* _NSS_DBDEFS_H */
844