[Dnsmasq-discuss] nsswitch
Simon Kelley
simon@thekelleys.org.uk
Sun, 30 Jan 2005 10:16:19 +0000
Thomas Angst wrote:
>
> I used allways a libc6 tool named getent for watching of the correct
> working nsswitch for hosts, passwd or shadow. So I thought there must be
> a library function to do this in C. Last time I programmed in C is about
> 10 years ago, so maybe the informations are not completely :).
> I have made some investigations and watched the source of getent.c from
> glibc6. There are the functions print_hosts and hosts_keys.
> host_keys has this part of code inside:
>
> 8<--------
> sethostent (0);
> while ((host = gethostent ()) != NULL)
> print_hosts (host);
> endhostent ();
> return result;
> ------->8
>
> It seems, in my opinion, that this construct will get all entries of
> hosts, no matter if you are using /etc/host only or combined with nis,
> ldap, mysql or whatever.
> By the way, there are the similar functions for the other system files too.
>
Hmm, Googling reveals the following, which is from a Solaris Manpage,
but I'm pretty sure applies everywhere. Certainly there's no sane way to
enumerate in DNS which can be a backend database in nsswitch.conf
(though it wouldn't make sense to use DNS as a backend with dnsmasq.)
There might be be suitable enumeration functions in the LDAP library,
I'll search further there.
Enumeration - getXXXent()
Many of the databases have enumeration functions: passwd has
getpwent(), hosts has gethostent(), and so on. These were
reasonable when the only source was files but often make
little sense for hierarchically structured sources that con-
tain large numbers of entries, much less for multiple
sources. The interfaces are still provided and the implemen-
tations strive to provide reasonable results, but the data
returned may be incomplete (enumeration for hosts is simply
not supported by the dns source), inconsistent (if multiple
sources are used), formatted in an unexpected fashion (for a
host with a canonical name and three aliases, the nisplus
source will return four hostents, and they may not be con-
secutive), or very expensive (enumerating a passwd database
of 5,000 users is probably a bad idea). Furthermore, multi-
ple threads in the same process using the same reentrant
enumeration function (getXXXent_r() are supported beginning
with SunOS 5.3) share the same enumeration position; if they
interleave calls, they will enumerate disjoint subsets of
the same database.
In general, the use of the enumeration functions is depre-
cated. In the case of passwd, shadow, and group, it may
sometimes be appropriate to use fgetgrent(), fgetpwent(),
and fgetspent() (see getgrnam(3C), getpwnam(3C), and
getspnam(3C), respectively), which use only the files
source.
Cheers,
Simon.