usr/src/lib/nsswitch/compat/common/compat_common.c

root/usr/src/lib/nsswitch/compat/common/compat_common.c
/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */
/*
 * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 *
 * Common code and structures used by name-service-switch "compat" backends.
 *
 * Most of the code in the "compat" backend is a perverted form of code from
 * the "files" backend;  this file is no exception.
 */

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <bsm/libbsm.h>
#include <user_attr.h>
#include <pwd.h>
#include <shadow.h>
#include <grp.h>
#include <unistd.h>     /* for GF_PATH */
#include <dlfcn.h>
#include "compat_common.h"

/*
 * This should be in a header.
 */

extern int yp_get_default_domain(char **domain);

/* from libc */
extern int str2passwd(const char *instr, int lenstr, void *ent,
                char *buffer, int buflen);
extern int str2spwd(const char *instr, int lenstr, void *ent,
                char *buffer, int buflen);
extern int str2group(const char *instr, int lenstr, void *ent,
                char *buffer, int buflen);

/* from libnsl */
extern char *_strtok_escape(char *, char *, char **);

/*
 * str2auuser_s and str2userattr_s are very simple version
 * of the str2auuser() and str2userattr() that can be found in
 * libnsl. They only copy the user name into the userstr_t
 * or au_user_str_t structure (so check on user name can be
 * performed).
 */
static int
str2auuser_s(
        const char      *instr,
        int             lenstr,
        void            *ent,
        char            *buffer,
        int             buflen)
{
        char            *last = NULL;
        char            *sep = KV_TOKEN_DELIMIT;
        au_user_str_t   *au_user = (au_user_str_t *)ent;

        if (lenstr >= buflen)
                return (NSS_STR_PARSE_ERANGE);
        (void) strncpy(buffer, instr, buflen);
        au_user->au_name = _strtok_escape(buffer, sep, &last);
        return (0);
}

static int
str2userattr_s(
        const char      *instr,
        int             lenstr,
        void            *ent,
        char            *buffer,
        int             buflen)
{
        char            *last = NULL;
        char            *sep = KV_TOKEN_DELIMIT;
        userstr_t       *user = (userstr_t *)ent;

        if (lenstr >= buflen)
                return (NSS_STR_PARSE_ERANGE);
        (void) strncpy(buffer, instr, buflen);
        user->name = _strtok_escape(buffer, sep, &last);
        return (0);
}

/*
 * Routines to manage list of "-" users for get{pw, sp, gr}ent().  Current
 *   implementation is completely moronic; we use a linked list.  But then
 *   that's what it's always done in 4.x...
 */

struct setofstrings {
        char                    *name;
        struct setofstrings     *next;
        /*
         * === Should get smart and malloc the string and pointer as one
         *      object rather than two.
         */
};

static void
strset_free(ssp)
        strset_t        *ssp;
{
        strset_t        cur, nxt;

        for (cur = *ssp;  cur != 0;  cur = nxt) {
                nxt = cur->next;
                free(cur->name);
                free(cur);
        }
        *ssp = 0;
}

static boolean_t
strset_add(ssp, nam)
        strset_t        *ssp;
        const char      *nam;
{
        strset_t        new;

        if (0 == (new = (strset_t)malloc(sizeof (*new)))) {
                return (B_FALSE);
        }
        if (0 == (new->name = malloc(strlen(nam) + 1))) {
                free(new);
                return (B_FALSE);
        }
        (void) strcpy(new->name, nam);
        new->next = *ssp;
        *ssp = new;
        return (B_TRUE);
}

static boolean_t
strset_in(ssp, nam)
        const strset_t  *ssp;
        const char      *nam;
{
        strset_t        cur;

        for (cur = *ssp;  cur != 0;  cur = cur->next) {
                if (strcmp(cur->name, nam) == 0) {
                        return (B_TRUE);
                }
        }
        return (B_FALSE);
}

/*
 * Lookup and enumeration routines for +@group and -@group.
 *
 * This code knows a lot more about lib/libc/port/gen/getnetgrent.c than
 *   is really healthy.  The set/get/end routines below duplicate code
 *   from that file, but keep the state information per-backend-instance
 *   instead of just per-process.
 */

extern void _nss_initf_netgroup(nss_db_params_t *);
/*
 * Should really share the db_root in getnetgrent.c in order to get the
 *   resource-management quotas right, but this will have to do.
 */
static DEFINE_NSS_DB_ROOT(netgr_db_root);

static boolean_t
netgr_in(compat_backend_ptr_t be, const char *group, const char *user)
{
        if (be->yp_domain == 0) {
                if (yp_get_default_domain((char **)&be->yp_domain) != 0) {
                        return (B_FALSE);
                }
        }
        return (innetgr(group, 0, user, be->yp_domain));
}

static void
netgr_set(be, netgroup)
        compat_backend_ptr_t    be;
        const char              *netgroup;
{
        /*
         * ===> Need comment to explain that this first "if" is optimizing
         *      for the same-netgroup-as-last-time case
         */
        if (be->getnetgrent_backend != 0 &&
            NSS_INVOKE_DBOP(be->getnetgrent_backend,
                            NSS_DBOP_SETENT,
                            (void *) netgroup) != NSS_SUCCESS) {
                NSS_INVOKE_DBOP(be->getnetgrent_backend, NSS_DBOP_DESTRUCTOR,
                                0);
                be->getnetgrent_backend = 0;
        }
        if (be->getnetgrent_backend == 0) {
                struct nss_setnetgrent_args     args;

                args.netgroup   = netgroup;
                args.iterator   = 0;
                (void) nss_search(&netgr_db_root, _nss_initf_netgroup,
                        NSS_DBOP_NETGROUP_SET, &args);
                be->getnetgrent_backend = args.iterator;
        }
}

static boolean_t
netgr_next_u(be, up)
        compat_backend_ptr_t    be;
        char                    **up;
{
        if (be->netgr_buffer == 0 &&
            (be->netgr_buffer = malloc(NSS_BUFLEN_NETGROUP)) == 0) {
                /* Out of memory */
                return (B_FALSE);
        }

        do {
                struct nss_getnetgrent_args     args;

                args.buffer     = be->netgr_buffer;
                args.buflen     = NSS_BUFLEN_NETGROUP;
                args.status     = NSS_NETGR_NO;

                if (be->getnetgrent_backend != 0) {
                        NSS_INVOKE_DBOP(be->getnetgrent_backend,
                                        NSS_DBOP_GETENT, &args);
                }

                if (args.status == NSS_NETGR_FOUND) {
                        *up       = args.retp[NSS_NETGR_USER];
                } else {
                        return (B_FALSE);
                }
        } while (*up == 0);
        return (B_TRUE);
}

static void
netgr_end(be)
        compat_backend_ptr_t    be;
{
        if (be->getnetgrent_backend != 0) {
                NSS_INVOKE_DBOP(be->getnetgrent_backend,
                                NSS_DBOP_DESTRUCTOR, 0);
                be->getnetgrent_backend = 0;
        }
        if (be->netgr_buffer != 0) {
                free(be->netgr_buffer);
                be->netgr_buffer = 0;
        }
}


#define MAXFIELDS 9     /* Sufficient for passwd (7), shadow (9), group (4) */

static nss_status_t
do_merge(be, args, instr, linelen)
        compat_backend_ptr_t    be;
        nss_XbyY_args_t         *args;
        const char              *instr;
        int                     linelen;
{
        char                    *fields[MAXFIELDS];
        int                     i;
        int                     overrides;
        const char              *p;
        const char              *end = instr + linelen;
        nss_status_t            res = NSS_NOTFOUND;

        /*
         * Potential optimization:  only perform the field-splitting nonsense
         *   once per input line (at present, "+" and "+@netgroup" entries
         *   will cause us to do this multiple times in getent() requests).
         */

        for (i = 0;  i < MAXFIELDS;  i++) {
                fields[i] = 0;
        }
        for (p = instr, overrides = 0, i = 0; /* no test */; i++) {
                const char      *q = memchr(p, ':', end - p);
                const char      *r = (q == 0) ? end : q;
                ssize_t         len = r - p;

                if (len > 0) {
                        char    *s = malloc(len + 1);
                        if (s == 0) {
                                overrides = -1; /* Indicates "you lose" */
                                break;
                        }
                        (void) memcpy(s, p, len);
                        s[len] = '\0';
                        fields[i] = s;
                        overrides++;
                }
                if (q == 0) {
                        /* End of line */
                        break;
                } else {
                        /* Skip the colon at (*q) */
                        p = q + 1;
                }
        }
        if (overrides == 1) {
                /*
                 * return result here if /etc file format is requested
                 */
                if (be->return_string_data != 1) {
                        /* No real overrides, return (*args) intact */
                        res = NSS_SUCCESS;
                } else {
                        free(fields[0]);
                        fields[0] = NULL;
                }
        }

        if (overrides > 1 || be->return_string_data == 1) {
                /*
                 * The zero'th field is always nonempty (+/-...), but at least
                 *   one other field was also nonempty, i.e. wants to override
                 */
                switch ((*be->mergef)(be, args, (const char **)fields)) {
                    case NSS_STR_PARSE_SUCCESS:
                        if (be->return_string_data != 1)
                                args->returnval = args->buf.result;
                        else
                                args->returnval = args->buf.buffer;
                        args->erange    = 0;
                        res = NSS_SUCCESS;
                        break;
                    case NSS_STR_PARSE_ERANGE:
                        args->returnval = 0;
                        args->erange    = 1;
                        res = NSS_NOTFOUND;
                        break;
                    case NSS_STR_PARSE_PARSE:
                        args->returnval = 0;
                        args->erange    = 0;
/* ===> Very likely the wrong thing to do... */
                        res = NSS_NOTFOUND;
                        break;
                }
        } else if (res != NSS_SUCCESS) {
                args->returnval = 0;
                args->erange    = 0;
                res = NSS_UNAVAIL;      /* ==> Right? */
        }

        for (i = 0;  i < MAXFIELDS;  i++) {
                if (fields[i] != 0) {
                        free(fields[i]);
                }
        }

        return (res);
}

/*ARGSUSED*/
nss_status_t
_nss_compat_setent(be, dummy)
        compat_backend_ptr_t    be;
        void                    *dummy;
{
        if (be->f == 0) {
                if (be->filename == 0) {
                        /* Backend isn't initialized properly? */
                        return (NSS_UNAVAIL);
                }
                if ((be->f = fopen(be->filename, "rF")) == 0) {
                        return (NSS_UNAVAIL);
                }
        } else {
                rewind(be->f);
        }
        strset_free(&be->minuses);
        /* ===> ??? nss_endent(be->db_rootp, be->db_initf, &be->db_context); */

        if ((strcmp(be->filename, USERATTR_FILENAME) == 0) ||
            (strcmp(be->filename, AUDITUSER_FILENAME) == 0))
                be->state = GETENT_ATTRDB;
        else
                be->state = GETENT_FILE;

        be->return_string_data = 0;

        /* ===> ??  netgroup stuff? */
        return (NSS_SUCCESS);
}

/*ARGSUSED*/
nss_status_t
_nss_compat_endent(be, dummy)
        compat_backend_ptr_t    be;
        void                    *dummy;
{
        if (be->f != 0) {
                (void) fclose(be->f);
                be->f = 0;
        }
        if (be->buf != 0) {
                free(be->buf);
                be->buf = 0;
        }
        nss_endent(be->db_rootp, be->db_initf, &be->db_context);

        be->state = GETENT_FILE; /* Probably superfluous but comforting */
        strset_free(&be->minuses);
        netgr_end(be);

        /*
         * Question: from the point of view of resource-freeing vs. time to
         *   start up again, how much should we do in endent() and how much
         *   in the destructor?
         */
        return (NSS_SUCCESS);
}

/*ARGSUSED*/
nss_status_t
_nss_compat_destr(be, dummy)
        compat_backend_ptr_t    be;
        void                    *dummy;
{
        if (be != 0) {
                if (be->f != 0) {
                        (void) _nss_compat_endent(be, 0);
                }
                nss_delete(be->db_rootp);
                nss_delete(&netgr_db_root);
                free(be->workarea);
                free(be);
        }
        return (NSS_SUCCESS);   /* In case anyone is dumb enough to check */
}

static int
read_line(f, buffer, buflen)
        FILE                    *f;
        char                    *buffer;
        int                     buflen;
{
        /*CONSTCOND*/
        while (1) {
                int     linelen;

                if (fgets(buffer, buflen, f) == 0) {
                        /* End of file */
                        return (-1);
                }
                linelen = strlen(buffer);
                /* linelen >= 1 (since fgets didn't return 0) */

                if (buffer[linelen - 1] == '\n') {
                        /*
                         * ===> The code below that calls read_line() doesn't
                         *      play by the rules;  it assumes in places that
                         *      the line is null-terminated.  For now we'll
                         *      humour it.
                         */
                        buffer[--linelen] = '\0';
                        return (linelen);
                }
                if (feof(f)) {
                        /* Line is last line in file, and has no newline */
                        return (linelen);
                }
                /* Line too long for buffer;  toss it and loop for next line */
                /* ===== should syslog() in cases where previous code did */
                while (fgets(buffer, buflen, f) != 0 &&
                    buffer[strlen(buffer) - 1] != '\n') {
                        ;
                }
        }
        /*NOTREACHED*/
}

static int
is_nss_lookup_by_name(int attrdb, nss_dbop_t op)
{
        int result = 0;

        if ((attrdb != 0) &&
            ((op == NSS_DBOP_AUDITUSER_BYNAME) ||
            (op == NSS_DBOP_USERATTR_BYNAME))) {
                result = 1;
        } else if ((attrdb == 0) &&
            ((op == NSS_DBOP_GROUP_BYNAME) ||
            (op == NSS_DBOP_PASSWD_BYNAME) ||
            (op == NSS_DBOP_SHADOW_BYNAME))) {
                result = 1;
        }

        return (result);
}

/*ARGSUSED*/
nss_status_t
_attrdb_compat_XY_all(be, argp, netdb, check, op_num)
    compat_backend_ptr_t be;
    nss_XbyY_args_t *argp;
    int netdb;
    compat_XY_check_func check;
    nss_dbop_t op_num;
{
        int             parsestat;
        int             (*func)();
        const char      *filter = argp->key.name;
        nss_status_t    res;

#ifdef  DEBUG
        (void) fprintf(stdout, "\n[compat_common.c: _attrdb_compat_XY_all]\n");
#endif  /* DEBUG */

        if (be->buf == 0 &&
            (be->buf = malloc(be->minbuf)) == 0) {
                return (NSS_UNAVAIL);
        }
        if (check != NULL)
                if ((res = _nss_compat_setent(be, 0)) != NSS_SUCCESS)
                        return (res);

        res = NSS_NOTFOUND;

        /*
         * assume a NULL buf.result pointer is an indication
         * that the lookup result should be returned in /etc
         * file format (if called from _nss_compat_getent(),
         * be->return_string_data and argp->buf.result
         * would be set already if argp->buf.result is NULL)
         */
        if (check != NULL) {
                if (argp->buf.result == NULL) {
                        be->return_string_data = 1;

                        /*
                         * the code executed later needs the result struct
                         * as working area
                         */
                        argp->buf.result = be->workarea;
                } else
                        be->return_string_data = 0;
        }

        /*
         * use an alternate str2ent function if necessary
         */
        if (be->return_string_data == 1)
                func = be->str2ent_alt;
        else
                func = argp->str2ent;

        /*CONSTCOND*/
        while (1) {
                int     linelen;
                char    *instr  = be->buf;

                if ((linelen = read_line(be->f, instr, be->minbuf)) < 0) {
                        /* End of file */
                        argp->returnval = 0;
                        argp->erange    = 0;
                        break;
                }
                if (filter != 0 && strstr(instr, filter) == 0) {
                        /*
                         * Optimization:  if the entry doesn't contain the
                         * filter string then it can't be the entry we want,
                         * so don't bother looking more closely at it.
                         */
                        continue;
                }
                if (netdb) {
                        char    *first;
                        char    *last;

                        if ((last = strchr(instr, '#')) == 0) {
                                last = instr + linelen;
                        }
                        *last-- = '\0';         /* Nuke '\n' or #comment */

                        /*
                         * Skip leading whitespace.  Normally there isn't
                         * any, so it's not worth calling strspn().
                         */
                        for (first = instr;  isspace(*first);  first++) {
                                ;
                        }
                        if (*first == '\0') {
                                continue;
                        }
                        /*
                         * Found something non-blank on the line.  Skip back
                         * over any trailing whitespace;  since we know
                         * there's non-whitespace earlier in the line,
                         * checking for termination is easy.
                         */
                        while (isspace(*last)) {
                                --last;
                        }
                        linelen = last - first + 1;
                        if (first != instr) {
                                instr = first;
                        }
                }
                argp->returnval = 0;
                parsestat = (*func)(instr, linelen, argp->buf.result,
                                        argp->buf.buffer, argp->buf.buflen);
                if (parsestat == NSS_STR_PARSE_SUCCESS) {
                                argp->returnval = argp->buf.result;
                        if (check == 0 || (*check)(argp)) {
                                int     len;

                                if (be->return_string_data != 1) {
                                        res = NSS_SUCCESS;
                                        break;
                                }

                                /* copy string data to result buffer */
                                argp->buf.result = NULL;
                                argp->returnval = argp->buf.buffer;
                                if ((len = strlcpy(argp->buf.buffer, instr,
                                        argp->buf.buflen)) >=
                                        argp->buf.buflen) {
                                        argp->returnval = NULL;
                                        res = NSS_NOTFOUND;
                                        argp->erange = 1;
                                        break;
                                }

                                argp->returnlen = len;
                                res = NSS_SUCCESS;
                                break;
                        }
                } else if (parsestat == NSS_STR_PARSE_ERANGE) {
                        res = NSS_NOTFOUND;
                        argp->erange = 1;
                        break;
                }
        }
        /*
         * stayopen is set to 0 by default in order to close the opened
         * file.  Some applications may break if it is set to 1.
         */
        if (check != 0 && !argp->stayopen) {
                (void) _nss_compat_endent(be, 0);
        }

        if (res != NSS_SUCCESS) {
                /*
                 * tell the nss_search() and nss_getent() below
                 * if the result should be returned in the /etc
                 * file format
                 */
                if (be->return_string_data == 1)
                        argp->buf.result = NULL;

                if ((op_num == NSS_DBOP_USERATTR_BYNAME) ||
                    (op_num == NSS_DBOP_AUDITUSER_BYNAME)) {
                        res = nss_search(be->db_rootp,
                            be->db_initf,
                            op_num,
                            argp);
                } else {
                        res = nss_getent(be->db_rootp,
                            be->db_initf, &be->db_context, argp);
                }
                if (res != NSS_SUCCESS) {
                        argp->returnval = 0;
                        argp->erange    = 0;
                }
        }

        return (res);
}

static int
validate_ids(compat_backend_ptr_t be, nss_XbyY_args_t *argp,
        char *line, int *linelenp, int buflen, int extra_chars)
{
        if (be->return_string_data != 1) {
                struct passwd   *p;
                struct group    *g;
                /*
                 * The data is already marshalled into
                 * struct passwd or group.
                 */
                if (strcmp(be->filename, PASSWD) == 0) {
                        p = (struct passwd *)argp->returnval;
                        if (p->pw_uid > MAXUID)
                                p->pw_uid = UID_NOBODY;
                        if (p->pw_gid > MAXUID)
                                p->pw_gid = GID_NOBODY;
                } else if (strcmp(be->filename, GF_PATH) == 0) {
                        g = (struct group *)argp->returnval;
                        if (g->gr_gid > MAXUID)
                                g->gr_gid = GID_NOBODY;
                }
                return (NSS_STR_PARSE_SUCCESS);
        }

        /*
         * The data needs to be returned in string format therefore
         * validate the return string.
         */
        if (strcmp(be->filename, PASSWD) == 0)
                return (validate_passwd_ids(line, linelenp, buflen,
                    extra_chars));
        else if (strcmp(be->filename, GF_PATH) == 0)
                return (validate_group_ids(line, linelenp, buflen,
                    extra_chars));
        return (NSS_STR_PARSE_SUCCESS);
}

nss_status_t
_nss_compat_XY_all(be, args, check, op_num)
        compat_backend_ptr_t    be;
        nss_XbyY_args_t         *args;
        compat_XY_check_func    check;
        nss_dbop_t              op_num;
{
        nss_status_t            res;
        int                     parsestat;


        if (be->buf == 0 &&
            (be->buf = malloc(be->minbuf)) == 0) {
                return (NSS_UNAVAIL); /* really panic, malloc failed */
        }

        if ((res = _nss_compat_setent(be, 0)) != NSS_SUCCESS) {
                return (res);
        }

        res = NSS_NOTFOUND;

        /*
         * assume a NULL buf.result pointer is an indication
         * that the lookup result should be returned in /etc
         * file format
         */
        if (args->buf.result == NULL) {

                be->return_string_data = 1;

                /*
                 * the code executed later needs the result struct
                 * as working area
                 */
                args->buf.result = be->workarea;

                be->str2ent_save = args->str2ent;
                args->str2ent = be->str2ent_alt;
        } else
                be->return_string_data = 0;

        /*CONSTCOND*/
        while (1) {
                int             linelen;
                char            *instr  = be->buf;
                char            *colon;

                linelen = read_line(be->f, instr, be->minbuf);
                if (linelen < 0) {
                        /* End of file */
                        args->returnval = 0;
                        args->erange    = 0;
                        break;
                }

                args->returnval = 0;    /* reset for both types of entries */

                if (instr[0] != '+' && instr[0] != '-') {
                        /* Simple, wholesome, God-fearing entry */
                        parsestat = (*args->str2ent)(instr, linelen,
                                                    args->buf.result,
                                                    args->buf.buffer,
                                                    args->buf.buflen);
                        if (parsestat == NSS_STR_PARSE_SUCCESS) {
                                args->returnval = args->buf.result;
                                if ((*check)(args) != 0) {
                                        int len;

                                        parsestat = validate_ids(be, args,
                                            instr, &linelen, be->minbuf, 1);
                                        if (parsestat ==
                                            NSS_STR_PARSE_ERANGE) {
                                                args->erange = 1;
                                                res = NSS_NOTFOUND;
                                                break;
                                        } else if (parsestat !=
                                            NSS_STR_PARSE_SUCCESS) {
                                                continue;
                                        }

                                        if (be->return_string_data != 1) {
                                                res = NSS_SUCCESS;
                                                break;
                                        }

                                        /*
                                         * copy string data to
                                         * result buffer
                                         */
                                        args->buf.result = NULL;
                                        args->str2ent = be->str2ent_save;
                                        if ((len = strlcpy(args->buf.buffer,
                                                instr, args->buf.buflen)) >=
                                                        args->buf.buflen)
                                                parsestat =
                                                        NSS_STR_PARSE_ERANGE;
                                        else {
                                                args->returnval =
                                                        args->buf.buffer;
                                                args->returnlen = len;
                                                res = NSS_SUCCESS;
                                                break;
                                        }
                                } else
                                        continue;
                        }

/* ===> Check the Dani logic here... */

                        if (parsestat == NSS_STR_PARSE_ERANGE) {
                                args->erange = 1;
                                res = NSS_NOTFOUND;
                                break;
                                /* should we just skip this one long line ? */
                        } /* else if (parsestat == NSS_STR_PARSE_PARSE) */
                                /* don't care ! */

/* ==> ?? */            continue;
                }


                /*
                 * Process "+", "+name", "+@netgroup", "-name" or "-@netgroup"
                 *
                 * This code is optimized for lookups by name.
                 *
                 * For lookups by identifier search key cannot be matched with
                 * the name of the "+" or "-" entry. So nss_search() is to be
                 * called before extracting the name i.e. via (*be->getnamef)().
                 *
                 * But for lookups by name, search key is compared with the name
                 * of the "+" or "-" entry to acquire a match and thus
                 * unnesessary calls to nss_search() is eliminated. Also for
                 * matching "-" entries, calls to nss_search() is eliminated.
                 */

                if ((colon = strchr(instr, ':')) != 0) {
                        *colon = '\0';  /* terminate field to extract name */
                }

                if (instr[1] == '@') {
                        /*
                         * Case 1:
                         * The entry is of the form "+@netgroup" or
                         * "-@netgroup".  If we're performing a lookup by name,
                         * we can simply extract the name from the search key
                         * (i.e. args->key.name).  If not, then we must call
                         * nss_search() before extracting the name via the
                         * get_XXname() function. i.e. (*be->getnamef)(args).
                         */
                        if (is_nss_lookup_by_name(0, op_num) != 0) {
                                /* compare then search */
                                if (!be->permit_netgroups ||
                                    !netgr_in(be, instr + 2, args->key.name))
                                        continue;
                                if (instr[0] == '+') {
                                        /* need to search for "+" entry */
                                        (void) nss_search(be->db_rootp,
                                                be->db_initf, op_num, args);
                                        if (args->returnval == 0)
                                                continue;
                                }
                        } else {
                                /* search then compare */
                                (void) nss_search(be->db_rootp,
                                        be->db_initf, op_num, args);
                                if (args->returnval == 0)
                                        continue;
                                if (!be->permit_netgroups ||
                                    !netgr_in(be, instr + 2,
                                    (*be->getnamef)(args)))
                                        continue;
                        }
                } else if (instr[1] == '\0') {
                        /*
                         * Case 2:
                         * The entry is of the form "+" or "-".  The former
                         * allows all entries from name services.  The latter
                         * is illegal and ought to be ignored.
                         */
                        if (instr[0] == '-')
                                continue;
                        /* need to search for "+" entry */
                        (void) nss_search(be->db_rootp, be->db_initf,
                                op_num, args);
                        if (args->returnval == 0)
                                continue;
                } else {
                        /*
                         * Case 3:
                         * The entry is of the form "+name" or "-name".
                         * If we're performing a lookup by name, we can simply
                         * extract the name from the search key
                         * (i.e. args->key.name).  If not, then we must call
                         * nss_search() before extracting the name via the
                         * get_XXname() function. i.e. (*be->getnamef)(args).
                         */
                        if (is_nss_lookup_by_name(0, op_num) != 0) {
                                /* compare then search */
                                if (strcmp(instr + 1, args->key.name) != 0)
                                        continue;
                                if (instr[0] == '+') {
                                        /* need to search for "+" entry */
                                        (void) nss_search(be->db_rootp,
                                                be->db_initf, op_num, args);
                                        if (args->returnval == 0)
                                                continue;
                                }
                        } else {
                                /* search then compare */
                                (void) nss_search(be->db_rootp,
                                        be->db_initf, op_num, args);
                                if (args->returnval == 0)
                                        continue;
                                if (strcmp(instr + 1, (*be->getnamef)(args))
                                    != 0)
                                        continue;
                        }
                }
                if (instr[0] == '-') {
                        /* no need to search for "-" entry */
                        args->returnval = 0;
                        args->erange = 0;
                        res = NSS_NOTFOUND;
                } else {
                        if (colon != 0)
                                *colon = ':';   /* restoration */
                        res = do_merge(be, args, instr, linelen);
                }
                break;
        }

        /*
         * stayopen is set to 0 by default in order to close the opened
         * file.  Some applications may break if it is set to 1.
         */
        if (!args->stayopen) {
                (void) _nss_compat_endent(be, 0);
        }

        if (be->return_string_data == 1) {
                args->str2ent = be->str2ent_save;
        }

        return (res);
}

nss_status_t
_nss_compat_getent(be, a)
        compat_backend_ptr_t    be;
        void                    *a;
{
        nss_XbyY_args_t         *args = (nss_XbyY_args_t *)a;
        nss_status_t            res;
        char                    *colon = 0; /* <=== need comment re lifetime */

        if (be->f == 0) {
                if ((res = _nss_compat_setent(be, 0)) != NSS_SUCCESS) {
                        return (res);
                }
        }

        if (be->buf == 0 &&
            (be->buf = malloc(be->minbuf)) == 0) {
                return (NSS_UNAVAIL); /* really panic, malloc failed */
        }

        /*
         * assume a NULL buf.result pointer is an indication
         * that the lookup result should be returned in /etc
         * file format
         */
        if (args->buf.result == NULL) {
                be->return_string_data = 1;

                /*
                 * the code executed later needs the result struct
                 * as working area
                 */
                args->buf.result = be->workarea;
        } else
                be->return_string_data = 0;

        /*CONSTCOND*/
        while (1) {
                char            *instr  = be->buf;
                int             linelen;
                char            *name;  /* === Need more distinctive label */
                const char      *savename;

                /*
                 * In the code below...
                 *    break     means "I found one, I think" (i.e. goto the
                 *              code after the end of the switch statement),
                 *    continue  means "Next candidate"
                 *              (i.e. loop around to the switch statement),
                 *    return    means "I'm quite sure" (either Yes or No).
                 */
                switch (be->state) {

                    case GETENT_DONE:
                        args->returnval = 0;
                        args->erange    = 0;
                        return (NSS_NOTFOUND);

                    case GETENT_ATTRDB:
                        args->key.name = NULL;
                        res = _attrdb_compat_XY_all(be,
                            args, 1, (compat_XY_check_func)NULL, 0);
                        return (res);

                    case GETENT_FILE:
                        linelen = read_line(be->f, instr, be->minbuf);
                        if (linelen < 0) {
                                /* End of file */
                                be->state = GETENT_DONE;
                                continue;
                        }
                        if ((colon = strchr(instr, ':')) != 0) {
                                *colon = '\0';
                        }
                        if (instr[0] == '-') {
                                if (instr[1] != '@') {
                                        (void) strset_add(&be->minuses,
                                                instr + 1);
                                } else if (be->permit_netgroups) {
                                        netgr_set(be, instr + 2);
                                        while (netgr_next_u(be, &name)) {
                                                (void) strset_add(&be->minuses,
                                                        name);
                                        }
                                        netgr_end(be);
                                } /* Else (silently) ignore the entry */
                                continue;
                        } else if (instr[0] != '+') {
                                int     parsestat;
                                /*
                                 * Normal entry, no +/- nonsense
                                 */
                                if (colon != 0) {
                                        *colon = ':';
                                }
                                args->returnval = 0;
                                parsestat = (*args->str2ent)(instr, linelen,
                                                        args->buf.result,
                                                        args->buf.buffer,
                                                        args->buf.buflen);
                                if (parsestat == NSS_STR_PARSE_SUCCESS) {
                                        int     len;

                                        if (be->return_string_data != 1) {
                                                args->returnval =
                                                        args->buf.result;
                                                return (NSS_SUCCESS);
                                        }

                                        /*
                                         * copy string data to
                                         * result buffer
                                         */
                                        args->buf.result = NULL;
                                        args->returnval =
                                                args->buf.buffer;
                                        if ((len = strlcpy(args->buf.buffer,
                                                instr, args->buf.buflen)) >=
                                                args->buf.buflen)
                                                parsestat =
                                                        NSS_STR_PARSE_ERANGE;
                                        else {
                                                args->returnlen = len;
                                                return (NSS_SUCCESS);
                                        }
                                }
                                /* ==> ?? Treat ERANGE differently ?? */
                                if (parsestat == NSS_STR_PARSE_ERANGE) {
                                        args->returnval = 0;
                                        args->erange = 1;
                                        return (NSS_NOTFOUND);
                                }
                                /* Skip the offending entry, get next */
                                continue;
                        } else if (instr[1] == '\0') {
                                /* Plain "+" */
                                nss_setent(be->db_rootp, be->db_initf,
                                        &be->db_context);
                                be->state = GETENT_ALL;
                                be->linelen = linelen;

                                continue;
                        } else if (instr[1] == '@') {
                                /* "+@netgroup" */
                                netgr_set(be, instr + 2);
                                be->state = GETENT_NETGROUP;
                                be->linelen = linelen;
                                continue;
                        } else {
                                /* "+name" */
                                name = instr + 1;
                                break;
                        }
                        /* NOTREACHED */

                    case GETENT_ALL:
                        linelen = be->linelen;
                        args->returnval = 0;
                        if (be->return_string_data == 1) {
                                be->str2ent_save = args->str2ent;
                                args->str2ent = be->str2ent_alt;
                        }

                        (void) nss_getent(be->db_rootp, be->db_initf,
                                &be->db_context, args);
                        if (args->returnval == 0) {
                                /* ==> ?? Treat ERANGE differently ?? */
                                nss_endent(be->db_rootp, be->db_initf,
                                        &be->db_context);
                                be->state = GETENT_FILE;
                                if (be->return_string_data == 1)
                                        args->str2ent = be->str2ent_save;
                                continue;
                        }
                        if (strset_in(&be->minuses, (*be->getnamef)(args)))
                                continue;
                        name = 0; /* tell code below we've done the lookup */
                        if (be->return_string_data == 1)
                                args->str2ent = be->str2ent_save;
                        break;

                    case GETENT_NETGROUP:
                        linelen = be->linelen;
                        if (!netgr_next_u(be, &name)) {
                                netgr_end(be);
                                be->state = GETENT_FILE;
                                continue;
                        }
                        /* pass "name" variable to code below... */
                        break;
                }

                if (name != 0) {
                        if (strset_in(&be->minuses, name)) {
                                continue;
                        }
                        /*
                         * Do a getXXXnam(name).  If we were being pure,
                         *   we'd introduce yet another function-pointer
                         *   that the database-specific code had to supply
                         *   to us.  Instead we'll be grotty and hard-code
                         *   the knowledge that
                         *      (a) The username is always passwd in key.name,
                         *      (b) NSS_DBOP_PASSWD_BYNAME ==
                         *              NSS_DBOP_SHADOW_BYNAME ==
                         *              NSS_DBOP_next_iter.
                         */
                        savename = args->key.name;
                        args->key.name  = name;
                        args->returnval = 0;
                        if (be->return_string_data == 1) {
                                be->str2ent_save = args->str2ent;
                                args->str2ent = be->str2ent_alt;
                        }

                        (void) nss_search(be->db_rootp, be->db_initf,
                                NSS_DBOP_next_iter, args);

                        if (be->return_string_data == 1)
                                args->str2ent = be->str2ent_save;
                        args->key.name = savename;  /* In case anyone cares */
                }
                /*
                 * Found one via "+", "+name" or "@netgroup".
                 * Override some fields if the /etc file says to do so.
                 */
                if (args->returnval == 0) {
                        /* ==> ?? Should treat erange differently? */
                        continue;
                }
                /* 'colon' was set umpteen iterations ago in GETENT_FILE */
                if (colon != 0) {
                        *colon = ':';
                        colon = 0;
                }
                return (do_merge(be, args, instr, linelen));
        }
        /*NOTREACHED*/
}

/* We don't use this directly;  we just copy the bits when we want to    */
/* initialize the variable (in the compat_backend struct) that we do use */
static DEFINE_NSS_GETENT(context_initval);

nss_backend_t *
_nss_compat_constr(ops, n_ops, filename, min_bufsize, rootp, initf, netgroups,
                getname_func, merge_func)
        compat_backend_op_t     ops[];
        int                     n_ops;
        const char              *filename;
        int                     min_bufsize;
        nss_db_root_t           *rootp;
        nss_db_initf_t          initf;
        int                     netgroups;
        compat_get_name         getname_func;
        compat_merge_func       merge_func;
{
        compat_backend_ptr_t    be;

        if ((be = (compat_backend_ptr_t)malloc(sizeof (*be))) == 0) {
                return (0);
        }
        be->ops         = ops;
        be->n_ops       = n_ops;
        be->filename    = filename;
        be->f           = 0;
        be->minbuf      = min_bufsize;
        be->buf         = 0;

        be->db_rootp    = rootp;
        be->db_initf    = initf;
        be->db_context  = context_initval;

        be->getnamef    = getname_func;
        be->mergef      = merge_func;

        be->state = GETENT_FILE;    /* i.e. do Automatic setent(); */
        if (strcmp(be->filename, USERATTR_FILENAME) == 0) {
                be->state = GETENT_ATTRDB;
                be->str2ent_alt = str2userattr_s;
                be->workarea = calloc(1, sizeof (userstr_t));
        } else if (strcmp(be->filename, AUDITUSER_FILENAME) == 0) {
                be->state = GETENT_ATTRDB;
                be->str2ent_alt = str2auuser_s;
                be->workarea = calloc(1, sizeof (au_user_str_t));
        } else if (strcmp(be->filename, PASSWD) == 0) {
                be->str2ent_alt = str2passwd;
                be->workarea = calloc(1, sizeof (struct passwd));
        } else if (strcmp(be->filename, SHADOW) == 0) {
                be->str2ent_alt = str2spwd;
                be->workarea = calloc(1, sizeof (struct spwd));
        } else { /* group */
                be->str2ent_alt = str2group;
                be->workarea = calloc(1, sizeof (struct group));
        }
        if (be->workarea == NULL)
                return (NULL);

        be->minuses     = 0;

        be->permit_netgroups = netgroups;
        be->yp_domain   = 0;
        be->getnetgrent_backend = 0;
        be->netgr_buffer = 0;
        be->return_string_data = 0;

        return ((nss_backend_t *)be);
}
Illumos
