[Dnsmasq-discuss] nsswitch

Simon Kelley simon@thekelleys.org.uk
Sun, 30 Jan 2005 10:16:19 +0000


Thomas Angst wrote:
> 
> I used allways a libc6 tool named getent for watching of the correct 
> working nsswitch for hosts, passwd or shadow. So I thought there must be 
> a library function to do this in C. Last time I programmed in C is about 
> 10 years ago, so maybe the informations are not completely :).
> I have made some investigations and watched the source of getent.c from 
> glibc6. There are the functions print_hosts and hosts_keys.
> host_keys has this part of code inside:
> 
> 8<--------
>     sethostent (0);
>      while ((host = gethostent ()) != NULL)
>        print_hosts (host);
>      endhostent ();
>      return result;
> ------->8
> 
> It seems, in my opinion, that this construct will get all entries of 
> hosts, no matter if you are using /etc/host only or combined with nis, 
> ldap, mysql or whatever.
> By the way, there are the similar functions for the other system files too.
> 

Hmm, Googling reveals the following, which is from a Solaris Manpage, 
but I'm pretty sure applies everywhere. Certainly there's no sane way to 
  enumerate in DNS which can be a backend database in nsswitch.conf 
(though it wouldn't make sense to use DNS as a backend with dnsmasq.) 
There might be be suitable enumeration functions in the LDAP library, 
I'll search further there.

Enumeration - getXXXent()
      Many of the databases have enumeration functions: passwd has
      getpwent(),  hosts  has  gethostent(), and so on. These were
      reasonable when the only source was  files  but  often  make
      little sense for hierarchically structured sources that con-
      tain large  numbers  of  entries,  much  less  for  multiple
      sources. The interfaces are still provided and the implemen-
      tations strive to provide reasonable results, but  the  data
      returned  may be incomplete (enumeration for hosts is simply
      not supported by the dns source), inconsistent (if  multiple
      sources are used), formatted in an unexpected fashion (for a
      host with a canonical name and three  aliases,  the  nisplus
      source  will  return four hostents, and they may not be con-
      secutive), or very expensive (enumerating a passwd  database
      of  5,000 users is probably a bad idea). Furthermore, multi-
      ple threads in the same process  using  the  same  reentrant
      enumeration  function (getXXXent_r() are supported beginning
      with SunOS 5.3) share the same enumeration position; if they
      interleave  calls,  they  will enumerate disjoint subsets of
      the same database.

      In general, the use of the enumeration functions  is  depre-
      cated.  In  the  case  of  passwd, shadow, and group, it may
      sometimes be appropriate to  use  fgetgrent(),  fgetpwent(),
      and   fgetspent()   (see   getgrnam(3C),  getpwnam(3C),  and
      getspnam(3C),  respectively),  which  use  only  the   files
      source.

Cheers,

Simon.