port/gen/getnetgrent.c

/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */

/*
 * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */

#pragma ident   "%Z%%M% %I% %E% SMI"

/*
 * getnetgrent.c
 *
 *  - name-service switch frontend routines for the netgroup API.
 *
 * Policy decision:
 *  If netgroup A refers to netgroup B, both must occur in the same
 *  source (any other choice gives very confusing semantics).  This
 *  assumption is deeply embedded in the code below and in the backends.
 *
 * innetgr() is implemented on top of something called __multi_innetgr(),
 * which replaces each (char *) argument of innetgr() with a counted vector
 * of (char *).  The semantics are the same as an OR of the results of
 * innetgr() operations on each possible 4-tuple picked from the arguments,
 * but it's possible to implement some cases more efficiently.  This is
 * important for mountd, which used to read YP netgroup.byhost directly in
 * order to determine efficiently whether a given host belonged to any one
 * of a long list of netgroups.  Wildcarded arguments are indicated by a
 * count of zero.
 */

#include "lint.h"
#include <string.h>
#include <synch.h>
#include <nss_dbdefs.h>
#include <mtlib.h>
#include <libc.h>

static DEFINE_NSS_DB_ROOT(db_root);

void
_nss_initf_netgroup(p)
    nss_db_params_t *p;
{
    p->name = NSS_DBNAM_NETGROUP;
    p->default_config = NSS_DEFCONF_NETGROUP;
}

/*
 * The netgroup routines aren't quite like the majority of the switch clients.
 *   innetgr() more-or-less fits the getXXXbyYYY mould, but for the others:
 *  - setnetgrent("netgroup") is really a getXXXbyYYY routine, i.e. it
 *    searches the sources until it finds an entry with the given name.
 *    Rather than returning the (potentially large) entry, it simply
 *    initializes a cursor, and then...
 *      - getnetgrent(...) is repeatedly invoked by the user to extract the
 *    contents of the entry found by setnetgrent().
 *  - endnetgrent() is almost like a real endXXXent routine.
 * The behaviour in NSS was:
 *  If we were certain that all the backends could provide netgroup information
 *  in a common form, we could make the setnetgrent() backend return the entire
 *  entry to the frontend, then implement getnetgrent() and endnetgrent()
 *  strictly in the frontend (aka here).  But we're not certain, so we won't.
 * In NSS2:
 *  Since nscd returns the results, and it is nscd that accumulates
 *  the results, then we can return the entire result on the setnetgrent.
 *
 * NOTE:
 *  In the SunOS 4.x (YP) version of this code, innetgr() did not
 *  affect the state of {set,get,end}netgrent().  Somewhere out
 *  there probably lurks a program that depends on this behaviour,
 *  so this version (both frontend and backends) had better
 *  behave the same way.
 */

/* ===> ?? fix "__" name */
int
__multi_innetgr(ngroup, pgroup,
        nhost,  phost,
        nuser,  puser,
        ndomain, pdomain)
    nss_innetgr_argc    ngroup, nhost, nuser, ndomain;
    nss_innetgr_argv    pgroup, phost, puser, pdomain;
{
    struct nss_innetgr_args ia;

    if (ngroup == 0) {
        return (0); /* One thing fewer to worry backends */
    }

    ia.groups.argc          = ngroup;
    ia.groups.argv          = pgroup;
    ia.arg[NSS_NETGR_MACHINE].argc  = nhost;
    ia.arg[NSS_NETGR_MACHINE].argv  = phost;
    ia.arg[NSS_NETGR_USER].argc = nuser;
    ia.arg[NSS_NETGR_USER].argv = puser;
    ia.arg[NSS_NETGR_DOMAIN].argc   = ndomain;
    ia.arg[NSS_NETGR_DOMAIN].argv   = pdomain;
    ia.status           = NSS_NETGR_NO;

    (void) nss_search(&db_root, _nss_initf_netgroup,
        NSS_DBOP_NETGROUP_IN, &ia);
    return (ia.status == NSS_NETGR_FOUND);
}

int
innetgr(group, host, user, domain)
    const char *group, *host, *user, *domain;
{
#define IA(charp)   \
    (nss_innetgr_argc)((charp) != 0), (nss_innetgr_argv)(&(charp))

    return (__multi_innetgr(IA(group), IA(host), IA(user), IA(domain)));
}

/*
 * Context for setnetgrent()/getnetgrent().  If the user is being sensible
 * the requests will be serialized anyway, but let's play safe and
 * serialize them ourselves (anything to prevent a coredump)...
 * We can't use lmutex_lock() here because we don't know what the backends
 * that we call may call in turn.  They might call malloc()/free().
 * So we use the brute-force callout_lock_enter() instead.
 */
static nss_backend_t    *getnetgrent_backend;

int
setnetgrent(const char *netgroup)
{
    nss_backend_t   *be;

    if (netgroup == NULL) {
        /* Prevent coredump, otherwise don't do anything profound */
        netgroup = "";
    }

    callout_lock_enter();
    be = getnetgrent_backend;
    if (be != NULL && NSS_INVOKE_DBOP(be, NSS_DBOP_SETENT,
        (void *)netgroup) != NSS_SUCCESS) {
        (void) NSS_INVOKE_DBOP(be, NSS_DBOP_DESTRUCTOR, 0);
        be = NULL;
    }
    if (be == NULL) {
        struct nss_setnetgrent_args args;

        args.netgroup   = netgroup;
        args.iterator   = 0;
        (void) nss_search(&db_root, _nss_initf_netgroup,
            NSS_DBOP_NETGROUP_SET, &args);
        be = args.iterator;
    }
    getnetgrent_backend = be;
    callout_lock_exit();
    return (0);
}

int
getnetgrent_r(machinep, namep, domainp, buffer, buflen)
    char        **machinep;
    char        **namep;
    char        **domainp;
    char        *buffer;
    int     buflen;
{
    struct nss_getnetgrent_args args;

    args.buffer = buffer;
    args.buflen = buflen;
    args.status = NSS_NETGR_NO;

    callout_lock_enter();
    if (getnetgrent_backend != 0) {
        (void) NSS_INVOKE_DBOP(getnetgrent_backend,
            NSS_DBOP_GETENT, &args);
    }
    callout_lock_exit();

    if (args.status == NSS_NETGR_FOUND) {
        *machinep = args.retp[NSS_NETGR_MACHINE];
        *namep    = args.retp[NSS_NETGR_USER];
        *domainp  = args.retp[NSS_NETGR_DOMAIN];
        return (1);
    } else {
        return (0);
    }
}

static nss_XbyY_buf_t *buf;

int
getnetgrent(machinep, namep, domainp)
    char        **machinep;
    char        **namep;
    char        **domainp;
{
    (void) NSS_XbyY_ALLOC(&buf, 0, NSS_BUFLEN_NETGROUP);
    return (getnetgrent_r(machinep, namep, domainp,
        buf->buffer, buf->buflen));
}

int
endnetgrent()
{
    callout_lock_enter();
    if (getnetgrent_backend != 0) {
        (void) NSS_INVOKE_DBOP(getnetgrent_backend,
            NSS_DBOP_DESTRUCTOR, 0);
        getnetgrent_backend = 0;
    }
    callout_lock_exit();
    nss_delete(&db_root);   /* === ? */
    NSS_XbyY_FREE(&buf);
    return (0);
}