Index: head/etc/nsswitch.conf =================================================================== --- head/etc/nsswitch.conf (revision 301710) +++ head/etc/nsswitch.conf (revision 301711) @@ -1,15 +1,16 @@ # # nsswitch.conf(5) - name service switch configuration file # $FreeBSD$ # group: compat group_compat: nis hosts: files dns +netgroup: compat networks: files passwd: compat passwd_compat: nis shells: files services: compat services_compat: nis protocols: files rpc: files Index: head/include/netdb.h =================================================================== --- head/include/netdb.h (revision 301710) +++ head/include/netdb.h (revision 301711) @@ -1,305 +1,306 @@ /*- * Copyright (c) 1980, 1983, 1988, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * - * Portions Copyright (c) 1993 by Digital Equipment Corporation. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies, and that * the name of Digital Equipment Corporation not be used in advertising or * publicity pertaining to distribution of the document or software without * specific, written prior permission. * * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS * SOFTWARE. * - * --Copyright-- */ /* * @(#)netdb.h 8.1 (Berkeley) 6/2/93 * From: Id: netdb.h,v 8.9 1996/11/19 08:39:29 vixie Exp $ * $FreeBSD$ */ #ifndef _NETDB_H_ #define _NETDB_H_ #include #include #ifndef _IN_ADDR_T_DECLARED typedef __uint32_t in_addr_t; #define _IN_ADDR_T_DECLARED #endif #ifndef _IN_PORT_T_DECLARED typedef __uint16_t in_port_t; #define _IN_PORT_T_DECLARED #endif #ifndef _SIZE_T_DECLARED typedef __size_t size_t; #define _SIZE_T_DECLARED #endif #ifndef _SOCKLEN_T_DECLARED typedef __socklen_t socklen_t; #define _SOCKLEN_T_DECLARED #endif #ifndef _UINT32_T_DECLARED typedef __uint32_t uint32_t; #define _UINT32_T_DECLARED #endif #ifndef _PATH_HEQUIV # define _PATH_HEQUIV "/etc/hosts.equiv" #endif #define _PATH_HOSTS "/etc/hosts" #define _PATH_NETWORKS "/etc/networks" #define _PATH_PROTOCOLS "/etc/protocols" #define _PATH_SERVICES "/etc/services" #define _PATH_SERVICES_DB "/var/db/services.db" #define h_errno (*__h_errno()) /* * Structures returned by network data base library. All addresses are * supplied in host order, and returned in network order (suitable for * use in system calls). */ struct hostent { char *h_name; /* official name of host */ char **h_aliases; /* alias list */ int h_addrtype; /* host address type */ int h_length; /* length of address */ char **h_addr_list; /* list of addresses from name server */ #define h_addr h_addr_list[0] /* address, for backward compatibility */ }; struct netent { char *n_name; /* official name of net */ char **n_aliases; /* alias list */ int n_addrtype; /* net address type */ uint32_t n_net; /* network # */ }; struct servent { char *s_name; /* official service name */ char **s_aliases; /* alias list */ int s_port; /* port # */ char *s_proto; /* protocol to use */ }; struct protoent { char *p_name; /* official protocol name */ char **p_aliases; /* alias list */ int p_proto; /* protocol # */ }; struct addrinfo { int ai_flags; /* AI_PASSIVE, AI_CANONNAME, AI_NUMERICHOST */ int ai_family; /* AF_xxx */ int ai_socktype; /* SOCK_xxx */ int ai_protocol; /* 0 or IPPROTO_xxx for IPv4 and IPv6 */ socklen_t ai_addrlen; /* length of ai_addr */ char *ai_canonname; /* canonical name for hostname */ struct sockaddr *ai_addr; /* binary address */ struct addrinfo *ai_next; /* next structure in linked list */ }; #define IPPORT_RESERVED 1024 /* * Error return codes from gethostbyname() and gethostbyaddr() * (left in h_errno). */ #define NETDB_INTERNAL -1 /* see errno */ #define NETDB_SUCCESS 0 /* no problem */ #define HOST_NOT_FOUND 1 /* Authoritative Answer Host not found */ #define TRY_AGAIN 2 /* Non-Authoritative Host not found, or SERVERFAIL */ #define NO_RECOVERY 3 /* Non recoverable errors, FORMERR, REFUSED, NOTIMP */ #define NO_DATA 4 /* Valid name, no data record of requested type */ #define NO_ADDRESS NO_DATA /* no address, look for MX record */ /* * Error return codes from getaddrinfo() */ #if 0 /* obsoleted */ #define EAI_ADDRFAMILY 1 /* address family for hostname not supported */ #endif #define EAI_AGAIN 2 /* temporary failure in name resolution */ #define EAI_BADFLAGS 3 /* invalid value for ai_flags */ #define EAI_FAIL 4 /* non-recoverable failure in name resolution */ #define EAI_FAMILY 5 /* ai_family not supported */ #define EAI_MEMORY 6 /* memory allocation failure */ #if 0 /* obsoleted */ #define EAI_NODATA 7 /* no address associated with hostname */ #endif #define EAI_NONAME 8 /* hostname nor servname provided, or not known */ #define EAI_SERVICE 9 /* servname not supported for ai_socktype */ #define EAI_SOCKTYPE 10 /* ai_socktype not supported */ #define EAI_SYSTEM 11 /* system error returned in errno */ #define EAI_BADHINTS 12 /* invalid value for hints */ #define EAI_PROTOCOL 13 /* resolved protocol is unknown */ #define EAI_OVERFLOW 14 /* argument buffer overflow */ #define EAI_MAX 15 /* * Flag values for getaddrinfo() */ #define AI_PASSIVE 0x00000001 /* get address to use bind() */ #define AI_CANONNAME 0x00000002 /* fill ai_canonname */ #define AI_NUMERICHOST 0x00000004 /* prevent host name resolution */ #define AI_NUMERICSERV 0x00000008 /* prevent service name resolution */ /* valid flags for addrinfo (not a standard def, apps should not use it) */ #define AI_MASK \ (AI_PASSIVE | AI_CANONNAME | AI_NUMERICHOST | AI_NUMERICSERV | \ AI_ADDRCONFIG | AI_ALL | AI_V4MAPPED) #define AI_ALL 0x00000100 /* IPv6 and IPv4-mapped (with AI_V4MAPPED) */ #define AI_V4MAPPED_CFG 0x00000200 /* accept IPv4-mapped if kernel supports */ #define AI_ADDRCONFIG 0x00000400 /* only if any address is assigned */ #define AI_V4MAPPED 0x00000800 /* accept IPv4-mapped IPv6 address */ /* special recommended flags for getipnodebyname */ #define AI_DEFAULT (AI_V4MAPPED_CFG | AI_ADDRCONFIG) /* * Constants for getnameinfo() */ #define NI_MAXHOST 1025 #define NI_MAXSERV 32 /* * Flag values for getnameinfo() */ #define NI_NOFQDN 0x00000001 #define NI_NUMERICHOST 0x00000002 #define NI_NAMEREQD 0x00000004 #define NI_NUMERICSERV 0x00000008 #define NI_DGRAM 0x00000010 #if 0 /* obsolete */ #define NI_WITHSCOPEID 0x00000020 #endif /* * Scope delimit character */ #define SCOPE_DELIMITER '%' __BEGIN_DECLS void endhostent(void); void endnetent(void); void endprotoent(void); void endservent(void); #if __BSD_VISIBLE || (__POSIX_VISIBLE && __POSIX_VISIBLE <= 200112) struct hostent *gethostbyaddr(const void *, socklen_t, int); struct hostent *gethostbyname(const char *); #endif struct hostent *gethostent(void); struct netent *getnetbyaddr(uint32_t, int); struct netent *getnetbyname(const char *); struct netent *getnetent(void); struct protoent *getprotobyname(const char *); struct protoent *getprotobynumber(int); struct protoent *getprotoent(void); struct servent *getservbyname(const char *, const char *); struct servent *getservbyport(int, const char *); struct servent *getservent(void); void sethostent(int); /* void sethostfile(const char *); */ void setnetent(int); void setprotoent(int); int getaddrinfo(const char *, const char *, const struct addrinfo *, struct addrinfo **); int getnameinfo(const struct sockaddr *, socklen_t, char *, size_t, char *, size_t, int); void freeaddrinfo(struct addrinfo *); const char *gai_strerror(int); void setservent(int); #if __BSD_VISIBLE void endnetgrent(void); void freehostent(struct hostent *); int gethostbyaddr_r(const void *, socklen_t, int, struct hostent *, char *, size_t, struct hostent **, int *); int gethostbyname_r(const char *, struct hostent *, char *, size_t, struct hostent **, int *); struct hostent *gethostbyname2(const char *, int); int gethostbyname2_r(const char *, int, struct hostent *, char *, size_t, struct hostent **, int *); int gethostent_r(struct hostent *, char *, size_t, struct hostent **, int *); struct hostent *getipnodebyaddr(const void *, size_t, int, int *); struct hostent *getipnodebyname(const char *, int, int, int *); int getnetbyaddr_r(uint32_t, int, struct netent *, char *, size_t, struct netent**, int *); int getnetbyname_r(const char *, struct netent *, char *, size_t, struct netent **, int *); int getnetent_r(struct netent *, char *, size_t, struct netent **, int *); int getnetgrent(char **, char **, char **); +int getnetgrent_r(char **, char **, char **, char *, size_t); int getprotobyname_r(const char *, struct protoent *, char *, size_t, struct protoent **); int getprotobynumber_r(int, struct protoent *, char *, size_t, struct protoent **); int getprotoent_r(struct protoent *, char *, size_t, struct protoent **); int getservbyname_r(const char *, const char *, struct servent *, char *, size_t, struct servent **); int getservbyport_r(int, const char *, struct servent *, char *, size_t, struct servent **); int getservent_r(struct servent *, char *, size_t, struct servent **); void herror(const char *); const char *hstrerror(int); int innetgr(const char *, const char *, const char *, const char *); void setnetgrent(const char *); #endif /* * PRIVATE functions specific to the FreeBSD implementation */ /* DO NOT USE THESE, THEY ARE SUBJECT TO CHANGE AND ARE NOT PORTABLE!!! */ int * __h_errno(void); __END_DECLS #endif /* !_NETDB_H_ */ Index: head/lib/libc/gen/Symbol.map =================================================================== --- head/lib/libc/gen/Symbol.map (revision 301710) +++ head/lib/libc/gen/Symbol.map (revision 301711) @@ -1,547 +1,548 @@ /* * $FreeBSD$ */ FBSD_1.0 { __xuname; pthread_atfork; pthread_attr_destroy; pthread_attr_getdetachstate; pthread_attr_getguardsize; pthread_attr_getinheritsched; pthread_attr_getschedparam; pthread_attr_getschedpolicy; pthread_attr_getscope; pthread_attr_getstackaddr; pthread_attr_getstacksize; pthread_attr_init; pthread_attr_setdetachstate; pthread_attr_setguardsize; pthread_attr_setinheritsched; pthread_attr_setschedparam; pthread_attr_setschedpolicy; pthread_attr_setscope; pthread_attr_setstackaddr; pthread_attr_setstacksize; pthread_cancel; pthread_cleanup_pop; pthread_cleanup_push; pthread_cond_broadcast; pthread_cond_destroy; pthread_cond_init; pthread_cond_signal; pthread_cond_timedwait; pthread_cond_wait; pthread_detach; pthread_equal; pthread_exit; pthread_getspecific; pthread_join; pthread_key_create; pthread_key_delete; pthread_kill; pthread_main_np; pthread_mutex_destroy; pthread_mutex_init; pthread_mutex_lock; pthread_mutex_trylock; pthread_mutex_unlock; pthread_mutexattr_destroy; pthread_mutexattr_init; pthread_mutexattr_settype; pthread_once; pthread_rwlock_destroy; pthread_rwlock_init; pthread_rwlock_rdlock; pthread_rwlock_tryrdlock; pthread_rwlock_trywrlock; pthread_rwlock_unlock; pthread_rwlock_wrlock; pthread_self; pthread_setcancelstate; pthread_setcanceltype; pthread_setspecific; pthread_sigmask; pthread_testcancel; alarm; arc4random; arc4random_addrandom; arc4random_stir; __assert; basename; check_utility_compat; clock; closedir; confstr; encrypt; des_setkey; des_cipher; setkey; ctermid; ctermid_r; daemon; devname; devname_r; dirname; getdiskbyname; dladdr; dlclose; dlerror; dlfunc; dllockinit; dlopen; dlsym; dlvsym; dlinfo; dl_iterate_phdr; drand48; erand48; err_set_file; err_set_exit; err; verr; errc; verrc; errx; verrx; warn; vwarn; warnc; vwarnc; warnx; vwarnx; sys_errlist; sys_nerr; errno; execl; execle; execlp; execv; execvp; execvP; fmtcheck; fmtmsg; fnmatch; __fpclassifyf; __fpclassifyd; __fpclassifyl; frexp; setfstab; getfstab; getfsent; getfsspec; getfsfile; setfsent; endfsent; ftok; ftw; glob; globfree; getbootfile; getbsize; cgetset; cgetcap; cgetent; cgetmatch; cgetfirst; cgetclose; cgetnext; cgetstr; cgetustr; cgetnum; getcwd; getdomainname; setgrent; setgroupent; endgrent; getgrent_r; getgrnam_r; getgrgid_r; getgrnam; getgrgid; getgrent; /* * Why are __gr_parse_entry() and __gr_match_entry() not static in * gen/getgrent.c? */ getgrouplist; gethostname; getloadavg; getlogin; getlogin_r; getmntinfo; setnetgrent; getnetgrent; endnetgrent; innetgr; getosreldate; getpagesize; getpeereid; _getprogname; getprogname; setpwent; setpassent; endpwent; getpwent_r; getpwnam_r; getpwuid_r; getpwnam; getpwuid; getpwent; getttynam; getttyent; setttyent; endttyent; isdialuptty; isnettty; getusershell; endusershell; setusershell; getvfsbyname; __isnan; isnan; __isnanf; isnanf; __isinf; isinf; __isinff; __isinfl; isatty; initgroups; jrand48; lcong48; ldexp; lockf; lrand48; modf; mrand48; nftw; nice; nlist; nrand48; opendir; pause; posix_madvise; popen; pclose; psignal; raise; readdir; readdir_r; readpassphrase; getpass; rewinddir; scandir; alphasort; seed48; seekdir; user_from_uid; group_from_gid; setdomainname; sethostname; longjmperror; getmode; setmode; setproctitle; setprogname; siginterrupt; sys_signame; sys_siglist; sys_nsig; signal; sigaddset; sigdelset; sigemptyset; sigfillset; sigismember; sleep; srand48; fstatvfs; statvfs; sl_init; sl_add; sl_free; sl_find; fflagstostr; strtofflags; sysconf; sysctl; sysctlbyname; sysctlnametomib; syslog; vsyslog; openlog; closelog; setlogmask; ttyname_r; ttyname; timezone; times; time; telldir; tcgetattr; tcsetattr; tcsetpgrp; tcgetpgrp; cfgetospeed; cfgetispeed; cfsetospeed; cfsetispeed; cfsetspeed; cfmakeraw; tcsendbreak; _init_tls; __tls_get_addr; tcdrain; tcflush; tcflow; ualarm; ulimit; uname; strunvis; strunvisx; usleep; utime; valloc; vis; strvis; strvisx; wait; wait3; waitpid; wordexp; wordfree; }; FBSD_1.1 { arc4random_buf; arc4random_uniform; fdevname; fdevname_r; fdopendir; feature_present; fts_children; fts_close; fts_get_clientptr; fts_get_stream; fts_open; fts_read; fts_set; fts_set_clientptr; posix_spawn; posix_spawn_file_actions_addclose; posix_spawn_file_actions_adddup2; posix_spawn_file_actions_addopen; posix_spawn_file_actions_destroy; posix_spawn_file_actions_init; posix_spawnattr_destroy; posix_spawnattr_getflags; posix_spawnattr_getpgroup; posix_spawnattr_getschedparam; posix_spawnattr_getschedpolicy; posix_spawnattr_getsigdefault; posix_spawnattr_getsigmask; posix_spawnattr_init; posix_spawnattr_setflags; posix_spawnattr_setpgroup; posix_spawnattr_setschedparam; posix_spawnattr_setschedpolicy; posix_spawnattr_setsigdefault; posix_spawnattr_setsigmask; posix_spawnp; semctl; tcgetsid; tcsetsid; __pthread_cleanup_pop_imp; __pthread_cleanup_push_imp; }; FBSD_1.2 { basename_r; cfmakesane; endutxent; getpagesizes; getutxent; getutxid; getutxline; getutxuser; pututxline; sem_close; sem_destroy; sem_getvalue; sem_init; sem_open; sem_post; sem_timedwait; sem_trywait; sem_unlink; sem_wait; setutxdb; setutxent; }; FBSD_1.3 { clock_getcpuclockid; dirfd; dup3; fdclosedir; fdlopen; __FreeBSD_libc_enter_restricted_mode; getcontextx; gid_from_group; nvis; pwcache_userdb; pwcache_groupdb; snvis; strenvisx; strnunvis; strnunvisx; strnvis; strnvisx; strsenvisx; strsnvis; strsnvisx; strsvis; strsvisx; svis; uid_from_user; unvis; waitid; }; FBSD_1.4 { + getnetgrent_r; pthread_mutex_consistent; pthread_mutexattr_getrobust; pthread_mutexattr_setrobust; scandir_b; stravis; }; FBSDprivate_1.0 { /* needed by thread libraries */ __thr_jtable; _pthread_atfork; _pthread_attr_destroy; _pthread_attr_getdetachstate; _pthread_attr_getguardsize; _pthread_attr_getinheritsched; _pthread_attr_getschedparam; _pthread_attr_getschedpolicy; _pthread_attr_getscope; _pthread_attr_getstackaddr; _pthread_attr_getstacksize; _pthread_attr_init; _pthread_attr_setdetachstate; _pthread_attr_setguardsize; _pthread_attr_setinheritsched; _pthread_attr_setschedparam; _pthread_attr_setschedpolicy; _pthread_attr_setscope; _pthread_attr_setstackaddr; _pthread_attr_setstacksize; _pthread_cancel; _pthread_cancel_enter; _pthread_cancel_leave; _pthread_cleanup_pop; _pthread_cleanup_push; _pthread_cond_broadcast; _pthread_cond_destroy; _pthread_cond_init; _pthread_cond_signal; _pthread_cond_timedwait; _pthread_cond_wait; _pthread_detach; _pthread_equal; _pthread_exit; _pthread_getspecific; _pthread_join; _pthread_key_create; _pthread_key_delete; _pthread_kill; _pthread_main_np; _pthread_mutex_destroy; _pthread_mutex_init_calloc_cb; _pthread_mutex_init; _pthread_mutex_lock; _pthread_mutex_trylock; _pthread_mutex_unlock; _pthread_mutexattr_destroy; _pthread_mutexattr_init; _pthread_mutexattr_settype; _pthread_once; _pthread_rwlock_destroy; _pthread_rwlock_init; _pthread_rwlock_rdlock; _pthread_rwlock_tryrdlock; _pthread_rwlock_trywrlock; _pthread_rwlock_unlock; _pthread_rwlock_wrlock; _pthread_self; _pthread_setcancelstate; _pthread_setcanceltype; _pthread_setspecific; _pthread_sigmask; _pthread_testcancel; _spinlock; _spinlock_debug; _spinunlock; _rtld_addr_phdr; _rtld_atfork_pre; _rtld_atfork_post; _rtld_error; /* for private use */ _rtld_get_stack_prot; _rtld_is_dlopened; _rtld_thread_init; /* for private use */ __elf_phdr_match_addr; _err; _warn; __fmtcheck; /* __pw_match_entry; */ /* __pw_parse_entry; */ __fdnlist; /* used by libkvm */ /* __aout_fdnlist; */ /* __elf_is_okay__; */ /* __elf_fdnlist; */ __opendir2; __pause; _pause; __pw_scan; /* Used by (at least) libutil */ __raise; _raise; __sleep; _sleep; _rtld_allocate_tls; _rtld_free_tls; #if defined(i386) ___libc_tls_get_addr; /* x86 only */ #endif __libc_tls_get_addr; __tcdrain; _tcdrain; __usleep; _usleep; __wait; _wait; __waitpid; _waitpid; _libc_sem_init_compat; _libc_sem_destroy_compat; _libc_sem_open_compat; _libc_sem_close_compat; _libc_sem_unlink_compat; _libc_sem_wait_compat; _libc_sem_trywait_compat; _libc_sem_timedwait_compat; _libc_sem_post_compat; _libc_sem_getvalue_compat; __libc_tcdrain; __elf_aux_vector; __pthread_map_stacks_exec; __fillcontextx; __fillcontextx2; __getcontextx_size; }; Index: head/lib/libc/gen/getnetgrent.3 =================================================================== --- head/lib/libc/gen/getnetgrent.3 (revision 301710) +++ head/lib/libc/gen/getnetgrent.3 (revision 301711) @@ -1,131 +1,133 @@ .\" Copyright (c) 1992, 1993 .\" The Regents of the University of California. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 4. Neither the name of the University nor the names of its contributors .\" may be used to endorse or promote products derived from this software .\" without specific prior written permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" .\" @(#)getnetgrent.3 8.1 (Berkeley) 6/4/93 .\" $FreeBSD$ .\" -.Dd June 4, 1993 +.Dd June 5, 2016 .Dt GETNETGRENT 3 .Os .Sh NAME .Nm getnetgrent , .Nm innetgr , .Nm setnetgrent , .Nm endnetgrent .Nd netgroup database operations .Sh LIBRARY .Lb libc .Sh SYNOPSIS .In netdb.h .Ft int .Fn getnetgrent "char **host" "char **user" "char **domain" +.Ft int +.Fn getnetgrent_r "char **host" "char **user" "char **domain" "char *buf" "size_t bufsize" .Ft int .Fn innetgr "const char *netgroup" "const char *host" "const char *user" "const char *domain" .Ft void .Fn setnetgrent "const char *netgroup" .Ft void .Fn endnetgrent void .Sh DESCRIPTION These functions operate on the netgroup database file .Pa /etc/netgroup which is described in .Xr netgroup 5 . The database defines a set of netgroups, each made up of one or more triples: .Bd -literal -offset indent (host, user, domain) .Ed that defines a combination of host, user and domain. Any of the three fields may be specified as ``wildcards'' that match any string. .Pp The function .Fn getnetgrent sets the three pointer arguments to the strings of the next member of the current netgroup. If any of the string pointers are .Dv NULL that field is considered a wildcard. .Pp The functions .Fn setnetgrent and .Fn endnetgrent set the current netgroup and terminate the current netgroup respectively. If .Fn setnetgrent is called with a different netgroup than the previous call, an implicit .Fn endnetgrent is implied. The .Fn setnetgrent function also sets the offset to the first member of the netgroup. .Pp The function .Fn innetgr searches for a match of all fields within the specified group. If any of the .Sy host , .Sy user , or .Sy domain arguments are .Dv NULL those fields will match any string value in the netgroup member. .Sh RETURN VALUES The function .Fn getnetgrent returns 0 for ``no more netgroup members'' and 1 otherwise. The function .Fn innetgr returns 1 for a successful match and 0 otherwise. The functions .Fn setnetgrent and .Fn endnetgrent have no return value. .Sh FILES .Bl -tag -width /etc/netgroup -compact .It Pa /etc/netgroup netgroup database file .El .Sh COMPATIBILITY The netgroup members have three string fields to maintain compatibility with other vendor implementations, however it is not obvious what use the .Sy domain string has within .Bx . .Sh SEE ALSO .Xr netgroup 5 .Sh BUGS The function .Fn getnetgrent returns pointers to dynamically allocated data areas that are freed when the function .Fn endnetgrent is called. Index: head/lib/libc/gen/getnetgrent.c =================================================================== --- head/lib/libc/gen/getnetgrent.c (revision 301710) +++ head/lib/libc/gen/getnetgrent.c (revision 301711) @@ -1,664 +1,1016 @@ /* * Copyright (c) 1992, 1993 * The Regents of the University of California. All rights reserved. * * This code is derived from software contributed to Berkeley by * Rick Macklem at The University of Guelph. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)getnetgrent.c 8.2 (Berkeley) 4/27/95"; #endif /* LIBC_SCCS and not lint */ #include __FBSDID("$FreeBSD$"); +#include "namespace.h" + #include +#include +#include +#include +#include +#include #include #include #include #include +#include "nss_tls.h" + #ifdef YP /* * Notes: * We want to be able to use NIS netgroups properly while retaining * the ability to use a local /etc/netgroup file. Unfortunately, you * can't really do both at the same time - at least, not efficiently. * NetBSD deals with this problem by creating a netgroup database * using Berkeley DB (just like the password database) that allows * for lookups using netgroup, netgroup.byuser or netgroup.byhost * searches. This is a neat idea, but I don't have time to implement * something like that now. (I think ultimately it would be nice * if we DB-fied the group and netgroup stuff all in one shot, but * for now I'm satisfied just to have something that works well * without requiring massive code changes.) * * Therefore, to still permit the use of the local file and maintain * optimum NIS performance, we allow for the following conditions: * * - If /etc/netgroup does not exist and NIS is turned on, we use * NIS netgroups only. * * - If /etc/netgroup exists but is empty, we use NIS netgroups * only. * * - If /etc/netgroup exists and contains _only_ a '+', we use * NIS netgroups only. * * - If /etc/netgroup exists, contains locally defined netgroups * and a '+', we use a mixture of NIS and the local entries. * This method should return the same NIS data as just using * NIS alone, but it will be slower if the NIS netgroup database * is large (innetgr() in particular will suffer since extra * processing has to be done in order to determine memberships * using just the raw netgroup data). * * - If /etc/netgroup exists and contains only locally defined * netgroup entries, we use just those local entries and ignore * NIS (this is the original, pre-NIS behavior). */ #include #include #include #include #include #include static char *_netgr_yp_domain; int _use_only_yp; static int _netgr_yp_enabled; static int _yp_innetgr; #endif #ifndef _PATH_NETGROUP #define _PATH_NETGROUP "/etc/netgroup" #endif +enum constants { + NGRP_STORAGE_INITIAL = 1 << 10, /* 1 KByte */ + NGRP_STORAGE_MAX = 1 << 20, /* 1 MByte */ +}; + +static const ns_src defaultsrc[] = { + { NSSRC_COMPAT, NS_SUCCESS }, + { NULL, 0 }, +}; + /* * Static Variables and functions used by setnetgrent(), getnetgrent() and * endnetgrent(). * There are two linked lists: * - linelist is just used by setnetgrent() to parse the net group file via. * parse_netgrp() * - netgrp is the list of entries for the current netgroup */ struct linelist { struct linelist *l_next; /* Chain ptr. */ int l_parsed; /* Flag for cycles */ char *l_groupname; /* Name of netgroup */ char *l_line; /* Netgroup entrie(s) to be parsed */ }; struct netgrp { struct netgrp *ng_next; /* Chain ptr */ char *ng_str[3]; /* Field pointers, see below */ }; + +struct netgr_state { + FILE *st_netf; + struct linelist *st_linehead; + struct netgrp *st_nextgrp; + struct netgrp *st_gr; + char *st_grname; +}; + #define NG_HOST 0 /* Host name */ #define NG_USER 1 /* User name */ #define NG_DOM 2 /* and Domain name */ -static struct linelist *linehead = (struct linelist *)0; -static struct netgrp *nextgrp = (struct netgrp *)0; -static struct { - struct netgrp *gr; - char *grname; -} grouphead = { - (struct netgrp *)0, - (char *)0, -}; -static FILE *netf = (FILE *)0; +static void netgr_endstate(void *); +NSS_TLS_HANDLING(netgr); -static int parse_netgrp(const char *); -static struct linelist *read_for_group(const char *); -void setnetgrent(const char *); -void endnetgrent(void); -int getnetgrent(char **, char **, char **); -int innetgr(const char *, const char *, const char *, const char *); +static int files_endnetgrent(void *, void *, va_list); +static int files_getnetgrent_r(void *, void *, va_list); +static int files_setnetgrent(void *, void *, va_list); +static int compat_endnetgrent(void *, void *, va_list); +static int compat_innetgr(void *, void *, va_list); +static int compat_getnetgrent_r(void *, void *, va_list); +static int compat_setnetgrent(void *, void *, va_list); + +static void _compat_clearstate(void); +static int _getnetgrent_r(char **, char **, char **, char *, size_t, int *, + struct netgr_state *); +static int _innetgr_fallback(void *, void *, const char *, const char *, + const char *, const char *); +static int innetgr_fallback(void *, void *, va_list); +static int parse_netgrp(const char *, struct netgr_state *, int); +static struct linelist *read_for_group(const char *, struct netgr_state *, int); + #define LINSIZ 1024 /* Length of netgroup file line */ +static const ns_dtab getnetgrent_dtab[] = { + NS_FILES_CB(files_getnetgrent_r, NULL) + NS_COMPAT_CB(compat_getnetgrent_r, NULL) + { NULL, NULL, NULL }, +}; + +static const ns_dtab setnetgrent_dtab[] = { + NS_FILES_CB(files_setnetgrent, NULL) + NS_COMPAT_CB(compat_setnetgrent, NULL) + { NULL, NULL, NULL }, +}; + +static const ns_dtab endnetgrent_dtab[] = { + NS_FILES_CB(files_endnetgrent, NULL) + NS_COMPAT_CB(compat_endnetgrent, NULL) + { NULL, NULL, NULL }, +}; + +static struct netgr_state compat_state; + +static void +netgr_endstate(void *arg) +{ + struct linelist *lp, *olp; + struct netgrp *gp, *ogp; + struct netgr_state *st; + + st = (struct netgr_state *)arg; + lp = st->st_linehead; + while (lp != NULL) { + olp = lp; + lp = lp->l_next; + free(olp->l_groupname); + free(olp->l_line); + free(olp); + } + st->st_linehead = NULL; + if (st->st_grname != NULL) { + free(st->st_grname); + st->st_grname = NULL; + } + gp = st->st_gr; + while (gp != NULL) { + ogp = gp; + gp = gp->ng_next; + free(ogp->ng_str[NG_HOST]); + free(ogp->ng_str[NG_USER]); + free(ogp->ng_str[NG_DOM]); + free(ogp); + } + st->st_gr = NULL; + st->st_nextgrp = NULL; +} + +static int +files_getnetgrent_r(void *retval, void *mdata, va_list ap) +{ + struct netgr_state *st; + char **hostp, **userp, **domp, *buf; + size_t bufsize; + int *errnop; + + hostp = va_arg(ap, char **); + userp = va_arg(ap, char **); + domp = va_arg(ap, char **); + buf = va_arg(ap, char *); + bufsize = va_arg(ap, size_t); + errnop = va_arg(ap, int *); + + if (netgr_getstate(&st) != 0) + return (NS_UNAVAIL); + + return (_getnetgrent_r(hostp, userp, domp, buf, bufsize, errnop, st)); +} + +static int +files_setnetgrent(void *retval, void *mdata, va_list ap) +{ + const ns_src src[] = { + { NSSRC_FILES, NS_SUCCESS }, + { NULL, 0 }, + }; + struct netgr_state *st; + const char *group; + int rv; + + group = va_arg(ap, const char *); + + if (group == NULL || group[0] == '\0') + return (NS_RETURN); + + rv = netgr_getstate(&st); + if (rv != 0) + return (NS_UNAVAIL); + + if (st->st_gr == NULL || strcmp(group, st->st_grname) != 0) { + (void)_nsdispatch(NULL, endnetgrent_dtab, NSDB_NETGROUP, + "endnetgrent", src); + if ((st->st_netf = fopen(_PATH_NETGROUP, "re")) != NULL) { + if (parse_netgrp(group, st, 0) != 0) + (void)_nsdispatch(NULL, endnetgrent_dtab, + NSDB_NETGROUP, "endnetgrent", src); + else + st->st_grname = strdup(group); + (void)fclose(st->st_netf); + st->st_netf = NULL; + } + } + st->st_nextgrp = st->st_gr; + return (st->st_grname != NULL ? NS_SUCCESS : NS_NOTFOUND); +} + +static int +files_endnetgrent(void *retval, void *mdata, va_list ap) +{ + struct netgr_state *st; + + if (netgr_getstate(&st) != 0) + return (NS_UNAVAIL); + netgr_endstate(st); + return (NS_SUCCESS); +} + +static int +compat_getnetgrent_r(void *retval, void *mdata, va_list ap) +{ + char **hostp, **userp, **domp, *buf; + size_t bufsize; + int *errnop; +#ifdef YP + _yp_innetgr = 0; +#endif + + hostp = va_arg(ap, char **); + userp = va_arg(ap, char **); + domp = va_arg(ap, char **); + buf = va_arg(ap, char *); + bufsize = va_arg(ap, size_t); + errnop = va_arg(ap, int *); + + return (_getnetgrent_r(hostp, userp, domp, buf, bufsize, errnop, + &compat_state)); +} + /* - * setnetgrent() + * compat_setnetgrent() * Parse the netgroup file looking for the netgroup and build the list * of netgrp structures. Let parse_netgrp() and read_for_group() do * most of the work. */ -void -setnetgrent(const char *group) +static int +compat_setnetgrent(void *retval, void *mdata, va_list ap) { + FILE *netf; + const char *group; #ifdef YP struct stat _yp_statp; char _yp_plus; #endif - /* Sanity check */ + group = va_arg(ap, const char *); + /* Sanity check */ if (group == NULL || !strlen(group)) - return; + return (NS_RETURN); - if (grouphead.gr == NULL || strcmp(group, grouphead.grname)) { - endnetgrent(); + if (compat_state.st_gr == NULL || + strcmp(group, compat_state.st_grname) != 0) { + _compat_clearstate(); + #ifdef YP /* Presumed guilty until proven innocent. */ _use_only_yp = 0; /* * If /etc/netgroup doesn't exist or is empty, * use NIS exclusively. */ if (((stat(_PATH_NETGROUP, &_yp_statp) < 0) && errno == ENOENT) || _yp_statp.st_size == 0) _use_only_yp = _netgr_yp_enabled = 1; if ((netf = fopen(_PATH_NETGROUP,"re")) != NULL ||_use_only_yp){ + compat_state.st_netf = netf; /* * Icky: grab the first character of the netgroup file * and turn on NIS if it's a '+'. rewind the stream * afterwards so we don't goof up read_for_group() later. */ if (netf) { fscanf(netf, "%c", &_yp_plus); rewind(netf); if (_yp_plus == '+') _use_only_yp = _netgr_yp_enabled = 1; } /* * If we were called specifically for an innetgr() * lookup and we're in NIS-only mode, short-circuit * parse_netgroup() and cut directly to the chase. */ if (_use_only_yp && _yp_innetgr) { /* dohw! */ if (netf != NULL) fclose(netf); - return; + return (NS_RETURN); } #else if ((netf = fopen(_PATH_NETGROUP, "re"))) { + compat_state.st_netf = netf; #endif - if (parse_netgrp(group)) - endnetgrent(); - else { - grouphead.grname = strdup(group); + if (parse_netgrp(group, &compat_state, 1)) { + _compat_clearstate(); + } else { + compat_state.st_grname = strdup(group); } if (netf) fclose(netf); } } - nextgrp = grouphead.gr; + compat_state.st_nextgrp = compat_state.st_gr; + return (NS_SUCCESS); } -/* - * Get the next netgroup off the list. - */ -int -getnetgrent(char **hostp, char **userp, char **domp) +static void +_compat_clearstate(void) { + #ifdef YP - _yp_innetgr = 0; + _netgr_yp_enabled = 0; #endif - - if (nextgrp) { - *hostp = nextgrp->ng_str[NG_HOST]; - *userp = nextgrp->ng_str[NG_USER]; - *domp = nextgrp->ng_str[NG_DOM]; - nextgrp = nextgrp->ng_next; - return (1); - } - return (0); + netgr_endstate(&compat_state); } /* - * endnetgrent() - cleanup + * compat_endnetgrent() - cleanup */ -void -endnetgrent(void) +static int +compat_endnetgrent(void *retval, void *mdata, va_list ap) { - struct linelist *lp, *olp; - struct netgrp *gp, *ogp; - lp = linehead; - while (lp) { - olp = lp; - lp = lp->l_next; - free(olp->l_groupname); - free(olp->l_line); - free(olp); + _compat_clearstate(); + return (NS_SUCCESS); +} + +int +_getnetgrent_r(char **hostp, char **userp, char **domp, char *buf, + size_t bufsize, int *errnop, struct netgr_state *st) +{ + char *p, *src; + size_t len; + int rv; + +#define COPY_NG_ELEM(dstp, i) do { \ + src = st->st_nextgrp->ng_str[(i)]; \ + if (src == NULL) \ + src = ""; \ + len = strlcpy(p, src, bufsize); \ + if (len >= bufsize) { \ + *errnop = ERANGE; \ + return (NS_RETURN); \ + } \ + *(dstp) = p; \ + p += len + 1; \ + bufsize -= len + 1; \ +} while (0) + + p = buf; + if (st->st_nextgrp != NULL) { + COPY_NG_ELEM(hostp, NG_HOST); + COPY_NG_ELEM(userp, NG_USER); + COPY_NG_ELEM(domp, NG_DOM); + st->st_nextgrp = st->st_nextgrp->ng_next; + rv = NS_SUCCESS; + } else { + rv = NS_NOTFOUND; } - linehead = NULL; - if (grouphead.grname) { - free(grouphead.grname); - grouphead.grname = NULL; - } - gp = grouphead.gr; - while (gp) { - ogp = gp; - gp = gp->ng_next; - free(ogp->ng_str[NG_HOST]); - free(ogp->ng_str[NG_USER]); - free(ogp->ng_str[NG_DOM]); - free(ogp); - } - grouphead.gr = NULL; - nextgrp = NULL; -#ifdef YP - _netgr_yp_enabled = 0; -#endif +#undef COPY_NG_ELEM + + return (rv); } #ifdef YP static int _listmatch(const char *list, const char *group, int len) { const char *ptr = list; const char *cptr; int glen = strlen(group); /* skip possible leading whitespace */ while (isspace((unsigned char)*ptr)) ptr++; while (ptr < list + len) { cptr = ptr; while(*ptr != ',' && *ptr != '\0' && !isspace((unsigned char)*ptr)) ptr++; if (strncmp(cptr, group, glen) == 0 && glen == (ptr - cptr)) return (1); while (*ptr == ',' || isspace((unsigned char)*ptr)) ptr++; } return (0); } static int _revnetgr_lookup(char* lookupdom, char* map, const char* str, const char* dom, const char* group) { int y, rv, rot; char key[MAXHOSTNAMELEN]; char *result; int resultlen; for (rot = 0; ; rot++) { switch (rot) { case 0: snprintf(key, MAXHOSTNAMELEN, "%s.%s", str, dom ? dom : lookupdom); break; case 1: snprintf(key, MAXHOSTNAMELEN, "%s.*", str); break; case 2: snprintf(key, MAXHOSTNAMELEN, "*.%s", dom ? dom : lookupdom); break; case 3: snprintf(key, MAXHOSTNAMELEN, "*.*"); break; default: return (0); } y = yp_match(lookupdom, map, key, strlen(key), &result, &resultlen); if (y == 0) { rv = _listmatch(result, group, resultlen); free(result); if (rv) return (1); } else if (y != YPERR_KEY) { /* * If we get an error other than 'no * such key in map' then something is * wrong and we should stop the search. */ return (-1); } } } #endif /* * Search for a match in a netgroup. */ -int -innetgr(const char *group, const char *host, const char *user, const char *dom) +static int +compat_innetgr(void *retval, void *mdata, va_list ap) { - char *hst, *usr, *dm; - /* Sanity check */ - +#ifdef YP + const ns_src src[] = { + { mdata, NS_SUCCESS }, + { NULL, 0 }, + }; +#endif + const char *group, *host, *user, *dom; + + group = va_arg(ap, const char *); + host = va_arg(ap, const char *); + user = va_arg(ap, const char *); + dom = va_arg(ap, const char *); + if (group == NULL || !strlen(group)) - return (0); + return (NS_RETURN); #ifdef YP _yp_innetgr = 1; -#endif - setnetgrent(group); -#ifdef YP + (void)_nsdispatch(NULL, setnetgrent_dtab, NSDB_NETGROUP, "setnetgrent", + src, group); _yp_innetgr = 0; /* * If we're in NIS-only mode, do the search using * NIS 'reverse netgroup' lookups. * * What happens with 'reverse netgroup' lookups: * * 1) try 'reverse netgroup' lookup * 1.a) if host is specified and user is null: * look in netgroup.byhost * (try host.domain, host.*, *.domain or *.*) * if found, return yes * 1.b) if user is specified and host is null: * look in netgroup.byuser * (try host.domain, host.*, *.domain or *.*) * if found, return yes * 1.c) if both host and user are specified, * don't do 'reverse netgroup' lookup. It won't work. * 1.d) if neither host ane user are specified (why?!?) * don't do 'reverse netgroup' lookup either. * 2) if domain is specified and 'reverse lookup' is done: * 'reverse lookup' was authoritative. bye bye. * 3) otherwise, too bad, try it the slow way. */ if (_use_only_yp && (host == NULL) != (user == NULL)) { int ret; if(yp_get_default_domain(&_netgr_yp_domain)) - return (0); - ret = _revnetgr_lookup(_netgr_yp_domain, + return (NS_NOTFOUND); + ret = _revnetgr_lookup(_netgr_yp_domain, host?"netgroup.byhost":"netgroup.byuser", host?host:user, dom, group); - if (ret == 1) - return (1); - else if (ret == 0 && dom != NULL) - return (0); + if (ret == 1) { + *(int *)retval = 1; + return (NS_SUCCESS); + } else if (ret == 0 && dom != NULL) { + *(int *)retval = 0; + return (NS_SUCCESS); + } } - - setnetgrent(group); #endif /* YP */ - while (getnetgrent(&hst, &usr, &dm)) - if ((host == NULL || hst == NULL || !strcmp(host, hst)) && - (user == NULL || usr == NULL || !strcmp(user, usr)) && - ( dom == NULL || dm == NULL || !strcmp(dom, dm))) { - endnetgrent(); - return (1); + return (_innetgr_fallback(retval, mdata, group, host, user, dom)); +} + +static int +_innetgr_fallback(void *retval, void *mdata, const char *group, const char *host, + const char *user, const char *dom) +{ + const ns_src src[] = { + { mdata, NS_SUCCESS }, + { NULL, 0 }, + }; + char *h, *u, *d; + char *buf; + size_t bufsize; + int rv, ret_errno; + + if (group == NULL || group[0] == '\0') + return (NS_RETURN); + + bufsize = NGRP_STORAGE_INITIAL; + buf = malloc(bufsize); + if (buf == NULL) + return (NS_UNAVAIL); + + *(int *)retval = 0; + + (void)_nsdispatch(NULL, setnetgrent_dtab, NSDB_NETGROUP, "setnetgrent", + src, group); + + for (;;) { + do { + ret_errno = 0; + rv = _nsdispatch(NULL, getnetgrent_dtab, NSDB_NETGROUP, + "getnetgrent_r", src, &h, &u, &d, buf, bufsize, + &ret_errno); + if (rv != NS_SUCCESS && ret_errno == ERANGE) { + bufsize *= 2; + if (bufsize > NGRP_STORAGE_MAX || + (buf = reallocf(buf, bufsize)) == NULL) + goto out; + } + } while (rv != NS_SUCCESS && ret_errno == ERANGE); + + if (rv != NS_SUCCESS) { + if (rv == NS_NOTFOUND && ret_errno == 0) + rv = NS_SUCCESS; + break; } - endnetgrent(); - return (0); + + if ((host == NULL || h == NULL || strcmp(host, h) == 0) && + (user == NULL || u == NULL || strcmp(user, u) == 0) && + (dom == NULL || d == NULL || strcmp(dom, d) == 0)) { + *(int *)retval = 1; + break; + } + } + +out: + free(buf); + (void)_nsdispatch(NULL, endnetgrent_dtab, NSDB_NETGROUP, "endnetgrent", + src); + return (rv); } +static int +innetgr_fallback(void *retval, void *mdata, va_list ap) +{ + const char *group, *host, *user, *dom; + + group = va_arg(ap, const char *); + host = va_arg(ap, const char *); + user = va_arg(ap, const char *); + dom = va_arg(ap, const char *); + + return (_innetgr_fallback(retval, mdata, group, host, user, dom)); +} + /* * Parse the netgroup file setting up the linked lists. */ static int -parse_netgrp(const char *group) +parse_netgrp(const char *group, struct netgr_state *st, int niscompat) { struct netgrp *grp; - struct linelist *lp = linehead; + struct linelist *lp = st->st_linehead; char **ng; char *epos, *gpos, *pos, *spos; int freepos, len, strpos; #ifdef DEBUG int fields; #endif /* * First, see if the line has already been read in. */ while (lp) { if (!strcmp(group, lp->l_groupname)) break; lp = lp->l_next; } - if (lp == NULL && (lp = read_for_group(group)) == NULL) + if (lp == NULL && (lp = read_for_group(group, st, niscompat)) == NULL) return (1); if (lp->l_parsed) { #ifdef DEBUG /* * This error message is largely superflous since the * code handles the error condition sucessfully, and * spewing it out from inside libc can actually hose * certain programs. */ fprintf(stderr, "Cycle in netgroup %s\n", lp->l_groupname); #endif return (1); } else lp->l_parsed = 1; pos = lp->l_line; /* Watch for null pointer dereferences, dammit! */ while (pos != NULL && *pos != '\0') { if (*pos == '(') { grp = malloc(sizeof(*grp)); if (grp == NULL) return (1); ng = grp->ng_str; bzero(grp, sizeof(*grp)); pos++; gpos = strsep(&pos, ")"); #ifdef DEBUG fields = 0; #endif for (strpos = 0; strpos < 3; strpos++) { if ((spos = strsep(&gpos, ",")) == NULL) { /* * All other systems I've tested * return NULL for empty netgroup * fields. It's up to user programs * to handle the NULLs appropriately. */ ng[strpos] = NULL; continue; } #ifdef DEBUG fields++; #endif while (*spos == ' ' || *spos == '\t') spos++; if ((epos = strpbrk(spos, " \t"))) { *epos = '\0'; len = epos - spos; } else len = strlen(spos); if (len <= 0) continue; ng[strpos] = malloc(len + 1); if (ng[strpos] == NULL) { for (freepos = 0; freepos < strpos; freepos++) free(ng[freepos]); free(grp); return (1); } bcopy(spos, ng[strpos], len + 1); } - grp->ng_next = grouphead.gr; - grouphead.gr = grp; + grp->ng_next = st->st_gr; + st->st_gr = grp; #ifdef DEBUG /* * Note: on other platforms, malformed netgroup * entries are not normally flagged. While we * can catch bad entries and report them, we should * stay silent by default for compatibility's sake. */ if (fields < 3) { fprintf(stderr, "Bad entry (%s%s%s%s%s) in netgroup \"%s\"\n", ng[NG_HOST] == NULL ? "" : ng[NG_HOST], ng[NG_USER] == NULL ? "" : ",", ng[NG_USER] == NULL ? "" : ng[NG_USER], ng[NG_DOM] == NULL ? "" : ",", ng[NG_DOM] == NULL ? "" : ng[NG_DOM], lp->l_groupname); } #endif } else { spos = strsep(&pos, ", \t"); - if (parse_netgrp(spos)) + if (parse_netgrp(spos, st, niscompat)) continue; } if (pos == NULL) break; while (*pos == ' ' || *pos == ',' || *pos == '\t') pos++; } return (0); } /* * Read the netgroup file and save lines until the line for the netgroup * is found. Return 1 if eof is encountered. */ static struct linelist * -read_for_group(const char *group) +read_for_group(const char *group, struct netgr_state *st, int niscompat) { char *linep, *olinep, *pos, *spos; int len, olen; int cont; struct linelist *lp; char line[LINSIZ + 2]; + FILE *netf; #ifdef YP char *result; int resultlen; linep = NULL; - while (_netgr_yp_enabled || fgets(line, LINSIZ, netf) != NULL) { + netf = st->st_netf; + while ((_netgr_yp_enabled && niscompat) || + fgets(line, LINSIZ, netf) != NULL) { if (_netgr_yp_enabled) { if(!_netgr_yp_domain) if(yp_get_default_domain(&_netgr_yp_domain)) continue; if (yp_match(_netgr_yp_domain, "netgroup", group, strlen(group), &result, &resultlen)) { free(result); if (_use_only_yp) return ((struct linelist *)0); else { _netgr_yp_enabled = 0; continue; } } if (strlen(result) == 0) { free(result); return (NULL); } snprintf(line, LINSIZ, "%s %s", group, result); free(result); } #else linep = NULL; while (fgets(line, LINSIZ, netf) != NULL) { #endif pos = (char *)&line; #ifdef YP - if (*pos == '+') { + if (niscompat && *pos == '+') { _netgr_yp_enabled = 1; continue; } #endif if (*pos == '#') continue; while (*pos == ' ' || *pos == '\t') pos++; spos = pos; while (*pos != ' ' && *pos != '\t' && *pos != '\n' && *pos != '\0') pos++; len = pos - spos; while (*pos == ' ' || *pos == '\t') pos++; if (*pos != '\n' && *pos != '\0') { - lp = (struct linelist *)malloc(sizeof (*lp)); - if (lp == NULL) + lp = malloc(sizeof (*lp)); + if (lp == NULL) return (NULL); lp->l_parsed = 0; - lp->l_groupname = (char *)malloc(len + 1); + lp->l_groupname = malloc(len + 1); if (lp->l_groupname == NULL) { free(lp); return (NULL); } bcopy(spos, lp->l_groupname, len); *(lp->l_groupname + len) = '\0'; len = strlen(pos); olen = 0; /* * Loop around handling line continuations. */ do { if (*(pos + len - 1) == '\n') len--; if (*(pos + len - 1) == '\\') { len--; cont = 1; } else cont = 0; if (len > 0) { linep = malloc(olen + len + 1); if (linep == NULL) { free(lp->l_groupname); free(lp); if (olen > 0) free(olinep); return (NULL); } if (olen > 0) { bcopy(olinep, linep, olen); free(olinep); } bcopy(pos, linep + olen, len); olen += len; *(linep + olen) = '\0'; olinep = linep; } if (cont) { if (fgets(line, LINSIZ, netf)) { pos = line; len = strlen(pos); } else cont = 0; } } while (cont); lp->l_line = linep; - lp->l_next = linehead; - linehead = lp; + lp->l_next = st->st_linehead; + st->st_linehead = lp; /* * If this is the one we wanted, we are done. */ if (!strcmp(lp->l_groupname, group)) return (lp); } } #ifdef YP /* * Yucky. The recursive nature of this whole mess might require * us to make more than one pass through the netgroup file. * This might be best left outside the #ifdef YP, but YP is * defined by default anyway, so I'll leave it like this * until I know better. */ rewind(netf); #endif return (NULL); +} + +int +getnetgrent_r(char **hostp, char **userp, char **domp, char *buf, size_t bufsize) +{ + int rv, ret_errno; + + ret_errno = 0; + rv = _nsdispatch(NULL, getnetgrent_dtab, NSDB_NETGROUP, "getnetgrent_r", + defaultsrc, hostp, userp, domp, buf, bufsize, &ret_errno); + if (rv == NS_SUCCESS) { + return (1); + } else { + errno = ret_errno; + return (0); + } +} + +int +getnetgrent(char **hostp, char **userp, char **domp) +{ + static char *ngrp_storage; + static size_t ngrp_storage_size; + int ret_errno, rv; + + if (ngrp_storage == NULL) { + ngrp_storage_size = NGRP_STORAGE_INITIAL; + ngrp_storage = malloc(ngrp_storage_size); + if (ngrp_storage == NULL) + return (0); + } + + do { + ret_errno = 0; + rv = _nsdispatch(NULL, getnetgrent_dtab, NSDB_NETGROUP, + "getnetgrent_r", defaultsrc, hostp, userp, domp, + ngrp_storage, ngrp_storage_size, &ret_errno); + if (rv != NS_SUCCESS && ret_errno == ERANGE) { + ngrp_storage_size *= 2; + if (ngrp_storage_size > NGRP_STORAGE_MAX) { + free(ngrp_storage); + ngrp_storage = NULL; + errno = ERANGE; + return (0); + } + ngrp_storage = reallocf(ngrp_storage, + ngrp_storage_size); + if (ngrp_storage == NULL) + return (0); + } + } while (rv != NS_SUCCESS && ret_errno == ERANGE); + + if (rv == NS_SUCCESS) { + return (1); + } else { + errno = ret_errno; + return (0); + } +} + +void +setnetgrent(const char *netgroup) +{ + + (void)_nsdispatch(NULL, setnetgrent_dtab, NSDB_NETGROUP, "setnetgrent", + defaultsrc, netgroup); +} + +void +endnetgrent(void) +{ + + (void)_nsdispatch(NULL, endnetgrent_dtab, NSDB_NETGROUP, "endnetgrent", + defaultsrc); +} + +int +innetgr(const char *netgroup, const char *host, const char *user, + const char *domain) +{ + static const ns_dtab dtab[] = { + NS_COMPAT_CB(compat_innetgr, NULL) + NS_FALLBACK_CB(innetgr_fallback) + { NULL, NULL, NULL }, + }; + int result, rv; + + rv = _nsdispatch(&result, dtab, NSDB_NETGROUP, "innetgr", defaultsrc, + netgroup, host, user, domain); + return (rv == NS_SUCCESS ? result : 0); } Index: head/share/man/man5/nsswitch.conf.5 =================================================================== --- head/share/man/man5/nsswitch.conf.5 (revision 301710) +++ head/share/man/man5/nsswitch.conf.5 (revision 301711) @@ -1,384 +1,386 @@ .\" $NetBSD: nsswitch.conf.5,v 1.14 1999/03/17 20:19:47 garbled Exp $ .\" .\" Copyright (c) 1997, 1998, 1999 The NetBSD Foundation, Inc. .\" All rights reserved. .\" .\" This code is derived from software contributed to The NetBSD Foundation .\" by Luke Mewburn. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions .\" are met: .\" 1. Redistributions of source code must retain the above copyright .\" notice, this list of conditions and the following disclaimer. .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. .\" 3. All advertising materials mentioning features or use of this software .\" must display the following acknowledgement: .\" This product includes software developed by Luke Mewburn. .\" 4. The name of the author may not be used to endorse or promote products .\" derived from this software without specific prior written permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. .\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, .\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS .\" OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND .\" ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR .\" TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE .\" USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" .\" $FreeBSD$ .\" -.Dd December 25, 2013 +.Dd June 6, 2016 .Dt NSSWITCH.CONF 5 .Os .Sh NAME .Nm nsswitch.conf .Nd name-service switch configuration file .Sh DESCRIPTION The .Nm file specifies how the .Xr nsdispatch 3 (name-service switch dispatcher) routines in the C library should operate. .Pp The configuration file controls how a process looks up various databases containing information regarding hosts, users (passwords), groups, etc. Each database comes from a source (such as local files, DNS, .Tn NIS , and cache), and the order to look up the sources is specified in .Nm . .Pp Each entry in .Nm consists of a database name, and a space separated list of sources. Each source can have an optional trailing criterion that determines whether the next listed source is used, or the search terminates at the current source. Each criterion consists of one or more status codes, and actions to take if that status code occurs. .Ss Sources The following sources are implemented: .Pp .Bl -tag -width Source -compact .It Sy Source .Sy Description .It files Local files, such as .Pa /etc/hosts , and .Pa /etc/passwd . .It db Local database. .It dns Internet Domain Name System. .Dq hosts and .Sq networks use .Sy IN class entries, all other databases use .Sy HS class (Hesiod) entries. .It nis NIS (formerly YP) .It compat support .Sq +/- in the .Dq passwd and .Dq group databases. If this is present, it must be the only source for that entry. .It cache makes use of the .Xr nscd 8 daemon. .El .Ss Databases The following databases are used by the following C library functions: .Pp .Bl -tag -width networks -compact .It Sy Database .Sy "Used by" .It group .Xr getgrent 3 , .Xr getgrent_r 3 , .Xr getgrgid_r 3 , .Xr getgrnam_r 3 , .Xr setgrent 3 , .Xr endgrent 3 .It hosts .Xr getaddrinfo 3 , .Xr gethostbyaddr 3 , .Xr gethostbyaddr_r 3 , .Xr gethostbyname 3 , .Xr gethostbyname2 3 , .Xr gethostbyname_r 3 , .Xr getipnodebyaddr 3 , .Xr getipnodebyname 3 .It networks .Xr getnetbyaddr 3 , .Xr getnetbyaddr_r 3 , .Xr getnetbyname 3 , .Xr getnetbyname_r 3 .It passwd .Xr getpwent 3 , .Xr getpwent_r 3 , .Xr getpwnam_r 3 , .Xr getpwuid_r 3 , .Xr setpwent 3 , .Xr endpwent 3 .It shells .Xr getusershell 3 .It services .Xr getservent 3 .It rpc .Xr getrpcbyname 3 , .Xr getrpcbynumber 3 , .Xr getrpcent 3 .It proto .Xr getprotobyname 3 , .Xr getprotobynumber 3 , .Xr getprotoent 3 .It netgroup .Xr getnetgrent 3 , +.Xr getnetgrent_r 3 , .Xr setnetgrent 3 , +.Xr endnetgrent 3 , .Xr innetgr 3 .El .Ss Status codes The following status codes are available: .Pp .Bl -tag -width tryagain -compact .It Sy Status .Sy Description .It success The requested entry was found. .It notfound The entry is not present at this source. .It tryagain The source is busy, and may respond to retries. .It unavail The source is not responding, or entry is corrupt. .El .Ss Actions For each of the status codes, one of two actions is possible: .Pp .Bl -tag -width continue -compact .It Sy Action .Sy Description .It continue Try the next source .It return Return with the current result .El .Ss Format of file A .Tn BNF description of the syntax of .Nm is: .Pp .Bl -tag -width -compact .It ::= ":" [ []]* .It ::= "[" + "]" .It ::= "=" .It ::= "success" | "notfound" | "unavail" | "tryagain" .It ::= "return" | "continue" .El .Pp Each entry starts on a new line in the file. A .Sq # delimits a comment to end of line. Blank lines are ignored. A .Sq \e at the end of a line escapes the newline, and causes the next line to be a continuation of the current line. All entries are case-insensitive. .Pp The default criteria is to return on .Dq success , and continue on anything else (i.e, .Li "[success=return notfound=continue unavail=continue tryagain=continue]" ) . .Ss Cache You can enable caching for the particular database by specifying .Dq cache as the first source in the .Xr nsswitch.conf 5 file. You should also enable caching for this database in .Xr nscd.conf 5 . If for the particular query .Dq cache source returns success, no further sources are queried. On the other hand, if there are no previously cached data, the query result will be placed into the cache right after all other sources are processed. Note, that .Dq cache requires .Xr nscd 8 daemon to be running. .Ss Compat mode: +/- syntax In historical multi-source implementations, the .Sq + and .Sq - characters are used to specify the importing of user password and group information from .Tn NIS . Although .Nm provides alternative methods of accessing distributed sources such as .Tn NIS , specifying a sole source of .Dq compat will provide the historical behaviour. .Pp An alternative source for the information accessed via .Sq +/- can be used by specifying .Dq passwd_compat: source . .Dq source in this case can be .Sq dns , .Sq nis , or any other source except for .Sq files and .Sq compat . .Ss Notes Historically, many of the databases had enumeration functions, often of the form .Fn getXXXent . These made sense when the databases were in local files, but do not make sense or have lesser relevance when there are possibly multiple sources, each of an unknown size. The interfaces are still provided for compatibility, but the source may not be able to provide complete entries, or duplicate entries may be retrieved if multiple sources that contain similar information are specified. .Pp To ensure compatibility with previous and current implementations, the .Dq compat source must appear alone for a given database. .Ss Default source lists If, for any reason, .Nm does not exist, or it has missing or corrupt entries, .Xr nsdispatch 3 will default to an entry of .Dq files for the requested database. Exceptions are: .Pp .Bl -tag -width services_compat -compact .It Sy Database .Sy "Default source list" .It group compat .It group_compat nis .It hosts files dns .It passwd compat .It passwd_compat nis .It services compat .It services_compat nis .El .Sh FILES .Bl -tag -width /etc/nsswitch.conf -compact .It Pa /etc/nsswitch.conf The file .Nm resides in .Pa /etc . .El .Sh EXAMPLES To lookup hosts in cache, then in .Pa /etc/hosts and then from the DNS, and lookup user information from .Tn NIS then files, use: .Pp .Bl -tag -width passwd: -compact .It hosts: cache files dns .It passwd: nis [notfound=return] files .It group: nis [notfound=return] files .El .Pp The criteria .Dq [notfound=return] sets a policy of "if the user is notfound in nis, do not try files." This treats nis as the authoritative source of information, except when the server is down. .Sh NOTES If system got compiled with .Va WITHOUT_NIS you have to remove .Sq nis entries. .Pp .Fx Ns 's .Lb libc provides stubs for compatibility with NSS modules written for the .Tn GNU C Library .Nm nsswitch interface. However, these stubs only support the use of the .Dq Li passwd and .Dq Li group databases. .Sh SEE ALSO .Xr nsdispatch 3 , .Xr nscd.conf 5 , .Xr resolv.conf 5 , .Xr nscd 8 , .Xr ypbind 8 .Sh HISTORY The .Nm file format first appeared in .Fx 5.0 . It was imported from the .Nx Project, where it appeared first in .Nx 1.4 . .Sh AUTHORS .An Luke Mewburn Aq Mt lukem@netbsd.org wrote this freely distributable name-service switch implementation, using ideas from the .Tn ULTRIX .Xr svc.conf 5 and .Tn Solaris .Xr nsswitch.conf 4 manual pages.