xref: /onnv-gate/usr/src/lib/libc/port/gen/nss_common.c (revision 11411:c2fe1bf96826)

/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */

/*
 * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */

/*
 * Shared code used by the name-service-switch frontends (e.g. getpwnam_r())
 */

#include "lint.h"
#include <mtlib.h>
#include <dlfcn.h>
#include <atomic.h>

#define	__NSS_PRIVATE_INTERFACE
#include "nsswitch_priv.h"
#undef	__NSS_PRIVATE_INTERFACE

#include <nss_common.h>
#include <nss_dbdefs.h>
#include <unistd.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <thread.h>
#include <synch.h>
#include <pthread.h>
#include <sys/types.h>
#include <sys/mman.h>
#include <errno.h>
#include "libc.h"
#include "tsd.h"

#include <getxby_door.h>

/*
 * configurable values for default buffer sizes
 */

/*
 * PSARC/2005/133 updated the buffering mechanisms to handle
 * up to 2^64 buffering.  But sets a practical limit of 512*1024.
 * the expectation is the practical limit will be dynamic from
 * nscd.  For now, set the group limit to this value.
 */

#define	NSS_BUFLEN_PRACTICAL	(512*1024)

static size_t __nss_buflen_group = NSS_BUFLEN_PRACTICAL;
static size_t __nss_buflen_default = NSS_BUFLEN_DOOR;

/*
 * policy component function interposing definitions:
 * nscd if so desired can interpose it's own switch functions over
 * the internal unlocked counterparts.  This will allow nscd to replace
 * the switch policy state engine with one that uses it's internal
 * components.
 * Only nscd can change this through it's use of nss_config.
 * The golden rule is: ptr == NULL checking is used in the switch to
 * see if a function was interposed.  But nscd is responsible for seeing
 * that mutex locking to change the values are observed when the data is
 * changed.  Especially if it happens > once.  The switch does not lock
 * the pointer with mutexs.
 */

typedef struct {
	void	*p;
#if 0
	void		(*nss_delete_fp)(nss_db_root_t *rootp);
	nss_status_t	(*nss_search_fp)(nss_db_root_t *rootp,
				nss_db_initf_t initf, int search_fnum,
				void *search_args);
	void		(*nss_setent_u_fp)(nss_db_root_t *,
				nss_db_initf_t, nss_getent_t *);
	nss_status_t	(*nss_getent_u_fp)(nss_db_root_t *,
				nss_db_initf_t, nss_getent_t *, void *);
	void		(*nss_endent_u_fp)(nss_db_root_t *,
				nss_db_initf_t, nss_getent_t *);
	void		(*end_iter_u_fp)(nss_db_root_t *rootp,
				struct nss_getent_context *contextp);
#endif
} nss_policyf_t;

static mutex_t nss_policyf_lock = DEFAULTMUTEX;
static nss_policyf_t nss_policyf_ptrs =
	{ (void *)NULL };

/*
 * nsswitch db_root state machine definitions:
 * The golden rule is:  if you hold a pointer to an nss_db_state struct and
 * you don't hold the lock, you'd better have incremented the refcount
 * while you held the lock;  otherwise, it may vanish or change
 * significantly when you least expect it.
 *
 * The pointer in nss_db_root_t is one such, so the reference count >= 1.
 * Ditto the pointer in struct nss_getent_context.
 */

/*
 * State for one nsswitch database (e.g. "passwd", "hosts")
 */
struct nss_db_state {
	nss_db_root_t		orphan_root;	/* XXX explain */
	unsigned		refcount;	/* One for the pointer in    */
						/*   nss_db_root_t, plus one */
						/*   for each active thread. */
	nss_db_params_t		p;
	struct __nsw_switchconfig_v1 *config;
	int			max_src;	/* is == config->num_lookups */
	struct nss_src_state	*src;		/* Pointer to array[max_src] */
};

/*
 * State for one of the sources (e.g. "nis", "compat") for a database
 */
struct nss_src_state {
	struct __nsw_lookup_v1	*lkp;
	int			n_active;
	int			n_dormant;
	int			n_waiting;	/* ... on wanna_be */
	cond_t			wanna_be;
	union {
		nss_backend_t	*single; /* Efficiency hack for common case */
					    /* when limit_dead_backends == 1 */
		nss_backend_t	**multi; /* array[limit_dead_backends] of */
	} dormant;			    /* pointers to dormant backends */
	nss_backend_constr_t	be_constr;
	nss_backend_finder_t	*finder;
	void			*finder_priv;
};

static struct nss_db_state	*_nss_db_state_constr(nss_db_initf_t);
void				_nss_db_state_destr(struct nss_db_state *);

/* ==== null definitions if !MTSAFE?  Ditto lock field in nss_db_root_t */

#define	NSS_ROOTLOCK(r, sp)	(cancel_safe_mutex_lock(&(r)->lock), \
				*(sp) = (r)->s)

#define	NSS_UNLOCK(r)		(cancel_safe_mutex_unlock(&(r)->lock))

#define	NSS_CHECKROOT(rp, s)	((s) != (*(rp))->s &&			\
			(cancel_safe_mutex_unlock(&(*(rp))->lock),	\
			cancel_safe_mutex_lock(&(s)->orphan_root.lock), \
			*(rp) = &(s)->orphan_root))

#define	NSS_RELOCK(rp, s)	(cancel_safe_mutex_lock(&(*(rp))->lock), \
			NSS_CHECKROOT(rp, s))

#define	NSS_STATE_REF_u(s)	(++(s)->refcount)

#define	NSS_UNREF_UNLOCK(r, s)	(--(s)->refcount != 0			\
			? ((void)NSS_UNLOCK(r))				\
			: ((void)NSS_UNLOCK(r), (void)_nss_db_state_destr(s)))

#define	NSS_LOCK_CHECK(r, f, sp)    (NSS_ROOTLOCK((r), (sp)),	\
				    *(sp) == 0 &&		\
				    (r->s = *(sp) = _nss_db_state_constr(f)))
/* === In the future, NSS_LOCK_CHECK() may also have to check that   */
/* === the config info hasn't changed (by comparing version numbers) */


/*
 * NSS_OPTIONS/NIS_OPTIONS environment varibles data definitions:
 * This remains for backwards compatibility.  But generally nscd will
 * decide if/how this gets used.
 */
static int checked_env = 0;		/* protected by "rootlock" */

	/* allowing __nss_debug_file to be set could be a security hole. */
FILE *__nss_debug_file = stdout;
int __nss_debug_eng_loop;

/* NIS_OPTIONS infrastructure (from linbsl/nis/cache/cache_api.cc) */
	/* allowing __nis_debug_file to be set could be a security hole. */
FILE *__nis_debug_file = stdout;
int __nis_debug_bind;
int __nis_debug_rpc;
int __nis_debug_calls;
char *__nis_prefsrv;
char *__nis_preftype;
char *__nis_server;   /* if set, use only this server for binding */

#define	OPT_INT 1
#define	OPT_STRING 2
#ifdef DEBUG
#define	OPT_FILE 3
#endif

struct option {
	char *name;
	int type;
	void *address;
};

static struct option nss_options[] = {
#ifdef DEBUG
	/* allowing __nss_debug_file to be set could be a security hole. */
	{ "debug_file", OPT_FILE, &__nss_debug_file },
#endif
	{ "debug_eng_loop", OPT_INT, &__nss_debug_eng_loop },
	{ 0, 0, 0 },
};

static struct option nis_options[] = {
#ifdef DEBUG
	/* allowing __nis_debug_file to be set could be a security hole. */
	{ "debug_file", OPT_FILE, &__nis_debug_file },
#endif
	{ "debug_bind", OPT_INT, &__nis_debug_bind },
	{ "debug_rpc", OPT_INT, &__nis_debug_rpc },
	{ "debug_calls", OPT_INT, &__nis_debug_calls },
	{ "server", OPT_STRING, &__nis_server },
	{ "pref_srvr", OPT_STRING, &__nis_prefsrv },
	{ "pref_type", OPT_STRING, &__nis_preftype },
	{ 0, 0, 0 },
};

/*
 * switch configuration parameter "database" definitions:
 * The switch maintains a simmple read/write parameter database
 * that nscd and the switch components can use to communicate
 * nscd data to other components for configuration or out of band
 * [IE no in the context of a getXbyY or putXbyY operation] data.
 * The data passed are pointers to a lock  data buffer and a length.
 * Use of this is treated as SunwPrivate between nscd and the switch
 * unless other wise stated.
 */

typedef struct nss_cfgparam {
	char 		*name;
	mutex_t		*lock;
	void		*buffer;
	size_t		length;
} nss_cfgparam_t;

typedef struct nss_cfglist {
	char 		*name;
	nss_cfgparam_t	*list;
	int		count;
	int		max;
} nss_cfglist_t;

#define	NSS_CFG_INCR	16

static nss_cfglist_t *nss_cfg = NULL;
static int nss_cfgcount = 0;
static int nss_cfgmax = 0;
static mutex_t nss_cfglock = DEFAULTMUTEX;

static int nss_cfg_policy_init();

/*
 * A config parameters are in the form component:parameter
 * as in: nss:parameter - switch (internal FE/policy/BE) parameter
 *	  nscd:param - nscd application parameter
 *	  ldap:param - nss_ldap BE parameter
 *	  passwd:param - get/put passwd FE parameter
 */

#define	NSS_CONFIG_BRK	':'

/*
 * The policy components initial parameter list
 */
static nss_config_t	nss_policy_params[] = {
	{ "nss:policyfunc", NSS_CONFIG_ADD, &nss_policyf_lock,
		(void *)&nss_policyf_ptrs, (size_t)sizeof (nss_policyf_t) },
	{ NULL,	NSS_CONFIG_ADD,	(mutex_t *)NULL, (void *)NULL, (size_t)0 },
};

/*
 * NSS parameter configuration routines
 */

/* compare config name (component:parameter) to a component name */
static int
nss_cfgcn_cmp(const char *cfgname, const char *compname)
{
	char *c;
	size_t len, len2;

	/* this code assumes valid pointers */
	if ((c = strchr(cfgname, NSS_CONFIG_BRK)) == NULL)
		return (-1);
	len = (size_t)(c - cfgname);
	len2 = strlen(compname);
	if (len2 != len)
		return (-1);
	return (strncmp(cfgname, compname, len));
}

/* init configuration arena */
static int
nss_cfg_init()
{
	nss_cfglist_t *cfg;
	int i;

	/* First time caller? */
	if (nss_cfg != NULL) {
		membar_consumer();
		return (0);
	}

	/* Initialize internal tables */
	lmutex_lock(&nss_cfglock);
	if (nss_cfg != NULL) {
		lmutex_unlock(&nss_cfglock);
		membar_consumer();
		return (0);
	}
	cfg = libc_malloc(NSS_CFG_INCR * sizeof (nss_cfglist_t));
	if (cfg == NULL) {
		errno = ENOMEM;
		lmutex_unlock(&nss_cfglock);
		return (-1);
	}
	for (i = 0; i < NSS_CFG_INCR; i++) {
		cfg[i].list = libc_malloc(
		    NSS_CFG_INCR * sizeof (nss_cfgparam_t));
		if (cfg[i].list == NULL) {
			while (--i >= 0)
				libc_free(cfg[i].list);
			libc_free(cfg);
			errno = ENOMEM;
			lmutex_unlock(&nss_cfglock);
			return (-1);
		}
		cfg[i].max = NSS_CFG_INCR;
	}
	nss_cfgmax = NSS_CFG_INCR;
	membar_producer();
	nss_cfg = cfg;
	lmutex_unlock(&nss_cfglock);

	/* Initialize Policy Engine values */
	if (nss_cfg_policy_init() < 0) {
		return (-1);
	}
	return (0);
}

/* find the name'd component list - create it if non-existent */
static nss_cfglist_t *
nss_cfgcomp_get(char *name, int add)
{
	nss_cfglist_t	*next;
	char	*c;
	int	i, len;
	size_t	nsize;

	/* Make sure system is init'd */
	if (nss_cfg_init() < 0)
		return ((nss_cfglist_t *)NULL);

	/* and check component:name validity */
	if (name == NULL || (c = strchr(name, NSS_CONFIG_BRK)) == NULL)
		return ((nss_cfglist_t *)NULL);

	lmutex_lock(&nss_cfglock);
	next = nss_cfg;
	for (i = 0; i < nss_cfgcount; i++) {
		if (next->name && nss_cfgcn_cmp(name, next->name) == 0) {
			lmutex_unlock(&nss_cfglock);
			return (next);
		}
		next++;
	}
	if (!add) {
		lmutex_unlock(&nss_cfglock);
		return (NULL);
	}

	/* not found, create a fresh one */
	if (nss_cfgcount >= nss_cfgmax) {
		/* realloc first */
		nsize = (nss_cfgmax + NSS_CFG_INCR) * sizeof (nss_cfgparam_t);
		next = (nss_cfglist_t *)libc_realloc(nss_cfg, nsize);
		if (next == NULL) {
			errno = ENOMEM;
			lmutex_unlock(&nss_cfglock);
			return ((nss_cfglist_t *)NULL);
		}
		(void) memset((void *)(next + nss_cfgcount), '\0',
		    NSS_CFG_INCR * sizeof (nss_cfglist_t));
		nss_cfgmax += NSS_CFG_INCR;
		nss_cfg = next;
	}
	next = nss_cfg + nss_cfgcount;
	len = (size_t)(c - name) + 1;
	if ((next->name = libc_malloc(len)) == NULL) {
		errno = ENOMEM;
		lmutex_unlock(&nss_cfglock);
		return ((nss_cfglist_t *)NULL);
	}
	nss_cfgcount++;
	(void) strlcpy(next->name, name, len);
	lmutex_unlock(&nss_cfglock);
	return (next);
}

/* find the name'd parameter - create it if non-existent */
static nss_cfgparam_t *
nss_cfgparam_get(char *name, int add)
{
	nss_cfglist_t	*comp;
	nss_cfgparam_t	*next;
	int	count, i;
	size_t	nsize;

	if ((comp = nss_cfgcomp_get(name, add)) == NULL)
		return ((nss_cfgparam_t *)NULL);
	lmutex_lock(&nss_cfglock);
	count = comp->count;
	next = comp->list;
	for (i = 0; i < count; i++) {
		if (next->name && strcmp(name, next->name) == 0) {
			lmutex_unlock(&nss_cfglock);
			return (next);
		}
		next++;
	}
	if (!add) {
		lmutex_unlock(&nss_cfglock);
		return (NULL);
	}

	/* not found, create a fresh one */
	if (count >= comp->max) {
		/* realloc first */
		nsize = (comp->max + NSS_CFG_INCR) * sizeof (nss_cfgparam_t);
		next = (nss_cfgparam_t *)libc_realloc(comp->list, nsize);
		if (next == NULL) {
			errno = ENOMEM;
			lmutex_unlock(&nss_cfglock);
			return ((nss_cfgparam_t *)NULL);
		}
		comp->max += NSS_CFG_INCR;
		comp->list = next;
	}
	next = comp->list + comp->count;
	if ((next->name = libc_strdup(name)) == NULL) {
		errno = ENOMEM;
		lmutex_unlock(&nss_cfglock);
		return ((nss_cfgparam_t *)NULL);
	}
	comp->count++;
	lmutex_unlock(&nss_cfglock);
	return (next);
}

/* find the name'd parameter - delete it if it exists */
static void
nss_cfg_del(nss_config_t *cfgp)
{
	char		*name;
	nss_cfglist_t	*comp;
	nss_cfgparam_t	*next, *cur;
	int	count, i, j;

	/* exit if component name does not already exist */
	if ((name = cfgp->name) == NULL ||
	    (comp = nss_cfgcomp_get(name, 0)) == NULL)
		return;

	/* find it */
	lmutex_lock(&nss_cfglock);
	count = comp->count;
	next = comp->list;
	for (i = 0; i < count; i++) {
		if (next->name && strcmp(name, next->name) == 0) {
			break;	/* found it... */
		}
		next++;
	}
	if (i >= count) {
		/* not found, already deleted */
		lmutex_unlock(&nss_cfglock);
		return;
	}

	/* copy down the remaining parameters, and clean up */
	/* don't try to clean up component tables */
	cur = next;
	next++;
	for (j = i+1; j < count; j++) {
		*cur = *next;
		cur++;
		next++;
	}
	/* erase the last one */
	if (cur->name) {
		libc_free(cur->name);
		cur->name = (char *)NULL;
	}
	cur->lock = (mutex_t *)NULL;
	cur->buffer = (void *)NULL;
	cur->length = 0;
	comp->count--;
	lmutex_unlock(&nss_cfglock);
}

static int
nss_cfg_get(nss_config_t *next)
{
	nss_cfgparam_t	*param;

	errno = 0;
	if ((param = nss_cfgparam_get(next->name, 0)) == NULL)
		return (-1);
	next->lock = param->lock;
	next->buffer = param->buffer;
	next->length = param->length;
	return (0);
}

static int
nss_cfg_put(nss_config_t *next, int add)
{
	nss_cfgparam_t	*param;

	errno = 0;
	if ((param = nss_cfgparam_get(next->name, add)) == NULL)
		return (-1);
	param->lock = next->lock;
	param->buffer = next->buffer;
	param->length = next->length;
	return (0);
}

/*
 * Policy engine configurator - set and get interface
 * argument is a NULL terminated list of set/get requests
 * with input/result buffers and lengths.  nss_cname is the
 * specifier of a set or get operation and the property being
 * managed.  The intent is limited functions and expandability.
 */

nss_status_t
nss_config(nss_config_t **plist, int cnt)
{
	nss_config_t	*next;
	int 	i;

	/* interface is only available to nscd */
	if (_nsc_proc_is_cache() <= 0) {
		return (NSS_UNAVAIL);
	}
	if (plist == NULL || cnt <= 0)
		return (NSS_SUCCESS);
	for (i = 0; i < cnt; i++) {
		next = plist[i];
		if (next == NULL)
			break;
		if (next->name == NULL) {
			errno = EFAULT;
			return (NSS_ERROR);
		}
		switch (next->cop) {
		case NSS_CONFIG_GET:
			/* get current lock/buffer/length fields */
			if (nss_cfg_get(next) < 0) {
				return (NSS_ERROR);
			}
			break;
		case NSS_CONFIG_PUT:
			/* set new lock/buffer/length fields */
			if (nss_cfg_put(next, 0) < 0) {
				return (NSS_ERROR);
			}
			break;
		case NSS_CONFIG_ADD:
			/* add parameter & set new lock/buffer/length fields */
			if (nss_cfg_put(next, 1) < 0) {
				return (NSS_ERROR);
			}
			break;
		case NSS_CONFIG_DELETE:
			/* delete parameter - should always work... */
			nss_cfg_del(next);
			break;
		case NSS_CONFIG_LIST:
			break;
		default:
			continue;
		}
	}
	return (NSS_SUCCESS);
}

/*
 * This routine is called immediately after nss_cfg_init but prior to
 * any commands from nscd being processed.  The intent here is to
 * initialize the nss:* parameters allowed by the policy component
 * so that nscd can then proceed and modify them if so desired.
 *
 * We know we can only get here if we are nscd so we can skip the
 * preliminaries.
 */

static int
nss_cfg_policy_init()
{
	nss_config_t	*next = &nss_policy_params[0];

	for (; next && next->name != NULL; next++) {
		if (nss_cfg_put(next, 1) < 0)
			return (-1);
	}
	return (0);
}

/*
 * NSS_OPTION & NIS_OPTION environment variable functions
 */

static
void
set_option(struct option *opt, char *name, char *val)
{
	int n;
	char *p;
#ifdef DEBUG
	FILE *fp;
#endif

	for (; opt->name; opt++) {
		if (strcmp(name, opt->name) == 0) {
			switch (opt->type) {
			case OPT_STRING:
				p = libc_strdup(val);
				*((char **)opt->address) = p;
				break;

			case OPT_INT:
				if (strcmp(val, "") == 0)
					n = 1;
				else
					n = atoi(val);
				*((int *)opt->address) = n;
				break;
#ifdef DEBUG
			case OPT_FILE:
				fp = fopen(val, "wF");
				*((FILE **)opt->address) = fp;
				break;
#endif
			}
			break;
		}
	}
}

static
void
__parse_environment(struct option *opt, char *p)
{
	char *base;
	char optname[100];
	char optval[100];

	while (*p) {
		while (isspace(*p))
			p++;
		if (*p == '\0')
			break;

		base = p;
		while (*p && *p != '=' && !isspace(*p))
			p++;
		/*
		 * play it safe and keep it simple, bail if an opt name
		 * is too long.
		 */
		if ((p-base) >= sizeof (optname))
			return;

		(void) strncpy(optname, base, p-base);
		optname[p-base] = '\0';

		if (*p == '=') {
			p++;
			base = p;
			while (*p && !isspace(*p))
				p++;
			/*
			 * play it safe and keep it simple, bail if an opt
			 * value is too long.
			 */
			if ((p-base) >= sizeof (optval))
				return;

			(void) strncpy(optval, base, p-base);
			optval[p-base] = '\0';
		} else {
			optval[0] = '\0';
		}

		set_option(opt, optname, optval);
	}
}

static
void
nss_get_environment()
{
	char *p;

/* NSS_OPTIONS is undocumented and should be used without nscd running. */
	p = getenv("NSS_OPTIONS");
	if (p == NULL)
		return;
	__parse_environment(nss_options, p);
}

/*
 * sole external routine called from libnsl/nis/cache/cache_api.cc in the
 * routines _nis_CacheInit/__nis_CacheLocalInit/__nis_CacheMgrInit_discard
 * Only after checking "checked_env" (which must be done with mutex
 * "cur_cache_lock" held) and is done once, (then "checked_env" is set)
 */
void
__nis_get_environment()
{
	char *p;

	p = getenv("NIS_OPTIONS");
	if (p == NULL)
		return;
	__parse_environment(nis_options, p);
}


/*
 * Switch policy component backend state machine functions
 */

static nss_backend_t *
nss_get_backend_u(nss_db_root_t **rootpp, struct nss_db_state *s, int n_src)
{
	struct nss_src_state	*src = &s->src[n_src];
	nss_backend_t		*be;
	int cancel_state;

	for (;;) {
		if (src->n_dormant > 0) {
			src->n_dormant--;
			src->n_active++;
			if (s->p.max_dormant_per_src == 1) {
				be = src->dormant.single;
			} else {
				be = src->dormant.multi[src->n_dormant];
			}
			break;
		}

		if (src->be_constr == 0) {
			nss_backend_finder_t	*bf;

			for (bf = s->p.finders;  bf != 0;  bf = bf->next) {
				nss_backend_constr_t c;

				c = (*bf->lookup) (bf->lookup_priv, s->p.name,
				    src->lkp->service_name, &src->finder_priv);
				if (c != 0) {
					src->be_constr = c;
					src->finder = bf;
					break;
				}
			}
			if (src->be_constr == 0) {
				/* Couldn't find the backend anywhere */
				be = 0;
				break;
			}
		}

		if (src->n_active < s->p.max_active_per_src) {
			be = (*src->be_constr)(s->p.name,
			    src->lkp->service_name, 0 /* === unimplemented */);
			if (be != 0) {
				src->n_active++;
				break;
			} else if (src->n_active == 0) {
				/* Something's wrong;  we should be */
				/*   able to create at least one    */
				/*   instance of the backend	    */
				break;
			}
			/*
			 * Else it's odd that we can't create another backend
			 *   instance, but don't sweat it;  instead, queue for
			 *   an existing backend instance.
			 */
		}

		src->n_waiting++;
		(void) pthread_setcancelstate(PTHREAD_CANCEL_DISABLE,
		    &cancel_state);
		(void) cond_wait(&src->wanna_be, &(*rootpp)->lock);
		(void) pthread_setcancelstate(cancel_state, NULL);
		NSS_CHECKROOT(rootpp, s);
		src->n_waiting--;

		/*
		 * Loop and see whether things got better for us, or whether
		 *   someone else got scheduled first and we have to try
		 *   this again.
		 *
		 * === ?? Should count iterations, assume bug if many ??
		 */
	}
	return (be);
}

static void
nss_put_backend_u(struct nss_db_state *s, int n_src, nss_backend_t *be)
{
	struct nss_src_state	*src = &s->src[n_src];

	if (be == 0) {
		return;
	}

	src->n_active--;

	if (src->n_dormant < s->p.max_dormant_per_src) {
		if (s->p.max_dormant_per_src == 1) {
			src->dormant.single = be;
			src->n_dormant++;
		} else if (src->dormant.multi != 0 ||
		    (src->dormant.multi =
		    libc_malloc(s->p.max_dormant_per_src *
		    sizeof (nss_backend_t *))) != NULL) {
			src->dormant.multi[src->n_dormant] = be;
			src->n_dormant++;
		} else {
			/* Can't store it, so toss it */
			(void) NSS_INVOKE_DBOP(be, NSS_DBOP_DESTRUCTOR, 0);
		}
	} else {
		/* We've stored as many as we want, so toss it */
		(void) NSS_INVOKE_DBOP(be, NSS_DBOP_DESTRUCTOR, 0);
	}
	if (src->n_waiting > 0) {
		(void) cond_signal(&src->wanna_be);
	}
}

static struct nss_db_state *
_nss_db_state_constr(nss_db_initf_t initf)
{
	struct nss_db_state	*s;
	struct __nsw_switchconfig_v1 *config = 0;
	struct __nsw_lookup_v1	*lkp;
	enum __nsw_parse_err	err;
	const char		*config_name;
	int			n_src;

	if ((s = libc_malloc(sizeof (*s))) == 0) {
		return (0);
	}
	(void) mutex_init(&s->orphan_root.lock, USYNC_THREAD, 0);

	s->p.max_active_per_src	= 10;
	s->p.max_dormant_per_src = 1;
	s->p.finders = nss_default_finders;
	(*initf)(&s->p);
	if (s->p.name == 0) {
		_nss_db_state_destr(s);
		return (0);
	}

	if (!checked_env) {
/* NSS_OPTIONS is undocumented and should be used without nscd running. */
		nss_get_environment();
		checked_env = 1;
	}

	config_name = s->p.config_name ? s->p.config_name : s->p.name;
	if (! (s->p.flags & NSS_USE_DEFAULT_CONFIG)) {
		config = __nsw_getconfig_v1(config_name, &err);
		/* === ? test err ? */
	}
	if (config == 0) {
		/* getconfig failed, or frontend demanded default config */

		char	*str;	/* _nsw_getoneconfig() clobbers its argument */

		if ((str = libc_strdup(s->p.default_config)) != 0) {
			config = _nsw_getoneconfig_v1(config_name, str, &err);
			libc_free(str);
		}
		if (config == 0) {
			_nss_db_state_destr(s);
			return (0);
		}
	}
	s->config = config;
	if ((s->max_src = config->num_lookups) <= 0 ||
	    (s->src = libc_malloc(s->max_src * sizeof (*s->src))) == 0) {
		_nss_db_state_destr(s);
		return (0);
	}
	for (n_src = 0, lkp = config->lookups;
	    n_src < s->max_src; n_src++, lkp = lkp->next) {
		s->src[n_src].lkp = lkp;
		(void) cond_init(&s->src[n_src].wanna_be, USYNC_THREAD, 0);
	}
	s->refcount = 1;
	return (s);
}

void
_nss_src_state_destr(struct nss_src_state *src, int max_dormant)
{
	if (max_dormant == 1) {
		if (src->n_dormant != 0) {
			(void) NSS_INVOKE_DBOP(src->dormant.single,
			    NSS_DBOP_DESTRUCTOR, 0);
		};
	} else if (src->dormant.multi != 0) {
		int	n;

		for (n = 0;  n < src->n_dormant;  n++) {
			(void) NSS_INVOKE_DBOP(src->dormant.multi[n],
			    NSS_DBOP_DESTRUCTOR, 0);
		}
		libc_free(src->dormant.multi);
	}

	/* cond_destroy(&src->wanna_be); */

	if (src->finder != 0) {
		(*src->finder->delete)(src->finder_priv, src->be_constr);
	}
}

/*
 * _nss_db_state_destr() -- used by NSS_UNREF_UNLOCK() to free the entire
 *	nss_db_state structure.
 * Assumes that s has been ref-counted down to zero (in particular,
 *	rootp->s has already been dealt with).
 *
 * Nobody else holds a pointer to *s (if they did, refcount != 0),
 *   so we can clean up state *after* we drop the lock (also, by the
 *   time we finish freeing the state structures, the lock may have
 *   ceased to exist -- if we were using the orphan_root).
 */

void
_nss_db_state_destr(struct nss_db_state *s)
{

	if (s == NULL)
		return;

	/* === mutex_destroy(&s->orphan_root.lock); */
	if (s->p.cleanup != 0) {
		(*s->p.cleanup)(&s->p);
	}
	if (s->config != 0) {
		(void) __nsw_freeconfig_v1(s->config);
	}
	if (s->src != 0) {
		int	n_src;

		for (n_src = 0;  n_src < s->max_src;  n_src++) {
			_nss_src_state_destr(&s->src[n_src],
			    s->p.max_dormant_per_src);
		}
		libc_free(s->src);
	}
	libc_free(s);
}


/*
 * _nss_status_vec() returns a bit vector of all status codes returned during
 * the most recent call to nss_search().
 * _nss_status_vec_p() returns a pointer to this bit vector, or NULL on
 * failure.
 * These functions are private.  Don't use them externally without discussing
 * it with the switch maintainers.
 */
static uint_t *
_nss_status_vec_p()
{
	return (tsdalloc(_T_NSS_STATUS_VEC, sizeof (uint_t), NULL));
}

unsigned int
_nss_status_vec(void)
{
	unsigned int *status_vec_p = _nss_status_vec_p();

	return ((status_vec_p != NULL) ? *status_vec_p : (1 << NSS_UNAVAIL));
}

static void
output_loop_diag_a(
	int n,
	char *dbase,
	struct __nsw_lookup_v1 *lkp)

{
	(void) fprintf(__nss_debug_file,
		"NSS_retry(%d): '%s': trying '%s' ... ",
		n, dbase, lkp->service_name);
	(void) fflush(__nss_debug_file);

}

static void
output_loop_diag_b(
	nss_status_t res,
	struct __nsw_lookup_v1 *lkp)

{
	(void) fprintf(__nss_debug_file, "result=");
	switch (res) {
	case NSS_SUCCESS:
		(void) fprintf(__nss_debug_file, "SUCCESS");
		break;
	case NSS_NOTFOUND:
		(void) fprintf(__nss_debug_file, "NOTFOUND");
		break;
	case NSS_UNAVAIL:
		(void) fprintf(__nss_debug_file, "UNAVAIL");
		break;
	case NSS_TRYAGAIN:
		(void) fprintf(__nss_debug_file, "TRYAGAIN");
		break;
	case NSS_NISSERVDNS_TRYAGAIN:
		(void) fprintf(__nss_debug_file, "NISSERVDNS_TRYAGAIN");
		break;
	default:
		(void) fprintf(__nss_debug_file, "undefined");
	}
	(void) fprintf(__nss_debug_file, ", action=");
	switch (lkp->actions[res]) {
	case __NSW_CONTINUE:
		(void) fprintf(__nss_debug_file, "CONTINUE");
		break;
	case  __NSW_RETURN:
		(void) fprintf(__nss_debug_file, "RETURN");
		break;
	case __NSW_TRYAGAIN_FOREVER:
		(void) fprintf(__nss_debug_file, "TRYAGAIN_FOREVER");
		break;
	case __NSW_TRYAGAIN_NTIMES:
		(void) fprintf(__nss_debug_file, "TRYAGAIN_NTIMES (N=%d)",
			lkp->max_retries);
		break;
	case __NSW_TRYAGAIN_PAUSED:
		(void) fprintf(__nss_debug_file, "TRYAGAIN_PAUSED");
		break;
	default:
		(void) fprintf(__nss_debug_file, "undefined");
	}
	(void) fprintf(__nss_debug_file, "\n");
}

#define	NSS_BACKOFF(n, b, t) \
			((n) > ((b) + 3) ? t : (1 << ((n) - ((b) + 1))))

static int
retry_test(nss_status_t res, int n, struct __nsw_lookup_v1 *lkp)
{
	if (res != NSS_TRYAGAIN && res !=  NSS_NISSERVDNS_TRYAGAIN) {
		if (res == NSS_SUCCESS) {
			__NSW_UNPAUSE_ACTION(lkp->actions[__NSW_TRYAGAIN]);
			__NSW_UNPAUSE_ACTION(
			    lkp->actions[__NSW_NISSERVDNS_TRYAGAIN]);
		}
		return (0);
	}

	if ((res == NSS_TRYAGAIN &&
	    lkp->actions[__NSW_TRYAGAIN] == __NSW_TRYAGAIN_FOREVER) ||
	    (res == NSS_NISSERVDNS_TRYAGAIN &&
	    lkp->actions[__NSW_NISSERVDNS_TRYAGAIN] == __NSW_TRYAGAIN_FOREVER))
		return (1);

	if (res == NSS_TRYAGAIN &&
	    lkp->actions[__NSW_TRYAGAIN] == __NSW_TRYAGAIN_NTIMES)
		if (n <= lkp->max_retries)
			return (1);
		else {
			lkp->actions[__NSW_TRYAGAIN] = __NSW_TRYAGAIN_PAUSED;
			return (0);
		}

	if (res == NSS_NISSERVDNS_TRYAGAIN &&
	    lkp->actions[__NSW_NISSERVDNS_TRYAGAIN] == __NSW_TRYAGAIN_NTIMES)
		if (n <= lkp->max_retries)
			return (1);
		else {
			lkp->actions[__NSW_NISSERVDNS_TRYAGAIN] =
			    __NSW_TRYAGAIN_PAUSED;
			return (0);
		}

	return (0);
}

/*
 * Switch policy component functional interfaces
 */

void
nss_delete(nss_db_root_t *rootp)
{
	struct nss_db_state	*s;

	/* no name service cache daemon divert here */
	/* local nss_delete decrements state reference counts */
	/* and may free up opened switch resources. */

	NSS_ROOTLOCK(rootp, &s);
	if (s == 0) {
		NSS_UNLOCK(rootp);
	} else {
		rootp->s = 0;
		NSS_UNREF_UNLOCK(rootp, s);
	}
}

nss_status_t
nss_search(nss_db_root_t *rootp, nss_db_initf_t initf, int search_fnum,
	void *search_args)
{
	nss_status_t		res = NSS_UNAVAIL;
	struct nss_db_state	*s;
	int			n_src;
	unsigned int		*status_vec_p;

	/* name service cache daemon divert */
	res = _nsc_search(rootp, initf, search_fnum, search_args);
	if (res != NSS_TRYLOCAL)
		return (res);

	/* fall through - process locally */
	errno = 0;			/* just in case ... */
	res = NSS_UNAVAIL;
	status_vec_p = _nss_status_vec_p();

	if (status_vec_p == NULL) {
		return (NSS_UNAVAIL);
	}
	*status_vec_p = 0;

	NSS_LOCK_CHECK(rootp, initf, &s);
	if (s == 0) {
		NSS_UNLOCK(rootp);
		return (res);
	}
	NSS_STATE_REF_u(s);

	for (n_src = 0;  n_src < s->max_src;  n_src++) {
		nss_backend_t		*be;
		nss_backend_op_t	funcp;

		res = NSS_UNAVAIL;
		if ((be = nss_get_backend_u(&rootp, s, n_src)) != 0) {
			if ((funcp = NSS_LOOKUP_DBOP(be, search_fnum)) != 0) {
				int n_loop = 0;
				int no_backoff = 19;
				int max_backoff = 5;	/* seconds */

				do {
					/*
					 * Backend operation may take a while;
					 * drop the lock so we don't serialize
					 * more than necessary.
					 */
					NSS_UNLOCK(rootp);

					/* After several tries, backoff... */
					if (n_loop > no_backoff) {
						if (__nss_debug_eng_loop > 1)
							(void) fprintf(
							    __nss_debug_file,
							    "NSS: loop: "
							    "sleeping %d ...\n",
							    NSS_BACKOFF(n_loop,
							    no_backoff,
							    max_backoff));

						(void) sleep(NSS_BACKOFF(n_loop,
						    no_backoff, max_backoff));
					}

					if (__nss_debug_eng_loop)
						output_loop_diag_a(n_loop,
						    s->config->dbase,
						    s->src[n_src].lkp);


					res = (*funcp)(be, search_args);
					NSS_RELOCK(&rootp, s);
					n_loop++;
					if (__nss_debug_eng_loop)
						output_loop_diag_b(res,
						    s->src[n_src].lkp);
				} while (retry_test(res, n_loop,
				    s->src[n_src].lkp));
			}
			nss_put_backend_u(s, n_src, be);
		}
		*status_vec_p |= (1 << res);
		if (__NSW_ACTION_V1(s->src[n_src].lkp, res) == __NSW_RETURN) {
			if (__nss_debug_eng_loop)
				(void) fprintf(__nss_debug_file,
				    "NSS: '%s': return.\n",
				    s->config->dbase);
			break;
		} else
			if (__nss_debug_eng_loop)
				(void) fprintf(__nss_debug_file,
				    "NSS: '%s': continue ...\n",
				    s->config->dbase);
	}
	NSS_UNREF_UNLOCK(rootp, s);
	return (res);
}


/*
 * Start of nss_{setent|getent|endent}
 */

/*
 * State (here called "context") for one setent/getent.../endent sequence.
 *   In principle there could be multiple contexts active for a single
 *   database;  in practice, since Posix and UI have helpfully said that
 *   getent() state is global rather than, say, per-thread or user-supplied,
 *   we have at most one of these per nss_db_state.
 *   XXX ? Is this statement still true?
 *
 * NSS2 - a client's context is maintained as a cookie delivered by and
 * passed to nscd.  The cookie is a 64 bit (nssuint_t) unique opaque value
 * created by nscd.
 * cookie states:
 *	NSCD_NEW_COOKIE		- cookie value uninitialized
 *	NSCD_LOCAL_COOKIE	- setent is a local setent
 *	all other		- NSCD unique opaque id for this setent
 * A client's context is also associated with a seq_num.  This is a nscd
 * opaque 64 bit (nssuint_t) value passed with a cookie, and used to by nscd
 * to validate the sequencing of the context.  The client treats this as
 * a pass through value.
 *
 * XXX ??  Use Cookie as cross-check info so that we can detect an
 * nss_context that missed an nss_delete() or similar.
 */

struct nss_getent_context {
	int			n_src;	/* >= max_src ==> end of sequence */
	nss_backend_t		*be;
	struct nss_db_state	*s;
	nssuint_t		cookie;
	nssuint_t		seq_num;
	nssuint_t		cookie_setent;
	nss_db_params_t		param;
};

static void		nss_setent_u(nss_db_root_t *,
				    nss_db_initf_t,
				    nss_getent_t *);
static nss_status_t	nss_getent_u(nss_db_root_t *,
				    nss_db_initf_t,
				    nss_getent_t *,
				    void *);
static void		nss_endent_u(nss_db_root_t *,
				    nss_db_initf_t,
				    nss_getent_t *);

void
nss_setent(nss_db_root_t *rootp, nss_db_initf_t initf, nss_getent_t *contextpp)
{
	if (contextpp == 0) {
		return;
	}
	cancel_safe_mutex_lock(&contextpp->lock);
	nss_setent_u(rootp, initf, contextpp);
	cancel_safe_mutex_unlock(&contextpp->lock);
}

nss_status_t
nss_getent(nss_db_root_t *rootp, nss_db_initf_t initf, nss_getent_t *contextpp,
	void *args)
{
	nss_status_t		status;

	if (contextpp == 0) {
		return (NSS_UNAVAIL);
	}
	cancel_safe_mutex_lock(&contextpp->lock);
	status = nss_getent_u(rootp, initf, contextpp, args);
	cancel_safe_mutex_unlock(&contextpp->lock);
	return (status);
}

void
nss_endent(nss_db_root_t *rootp, nss_db_initf_t initf, nss_getent_t *contextpp)
{
	if (contextpp == 0) {
		return;
	}
	cancel_safe_mutex_lock(&contextpp->lock);
	nss_endent_u(rootp, initf, contextpp);
	cancel_safe_mutex_unlock(&contextpp->lock);
}

/*
 * Each of the _u versions of the nss interfaces assume that the context
 * lock is held.  No need to divert to nscd.  Private to local sequencing.
 */

static void
end_iter_u(nss_db_root_t *rootp, struct nss_getent_context *contextp)
{
	struct nss_db_state	*s;
	nss_backend_t		*be;
	int			n_src;

	s = contextp->s;
	n_src = contextp->n_src;
	be = contextp->be;

	if (s != 0) {
		if (n_src < s->max_src && be != 0) {
			(void) NSS_INVOKE_DBOP(be, NSS_DBOP_ENDENT, 0);
			NSS_RELOCK(&rootp, s);
			nss_put_backend_u(s, n_src, be);
			contextp->be = 0;  /* Should be unnecessary, but hey */
			NSS_UNREF_UNLOCK(rootp, s);
		}
		contextp->s = 0;
	}
}

static void
nss_setent_u(nss_db_root_t *rootp, nss_db_initf_t initf,
	nss_getent_t *contextpp)
{
	nss_status_t		status;
	struct nss_db_state	*s;
	struct nss_getent_context *contextp;
	nss_backend_t		*be;
	int			n_src;

	/* setup process wide context while locked */
	if ((contextp = contextpp->ctx) == 0) {
		if ((contextp = libc_malloc(sizeof (*contextp))) == 0) {
			return;
		}
		contextpp->ctx = contextp;
		contextp->cookie = NSCD_NEW_COOKIE;	/* cookie init */
		contextp->seq_num = 0;			/* seq_num init */
		s = 0;
	} else {
		s = contextp->s;
		if (contextp->cookie != NSCD_LOCAL_COOKIE)
			contextp->cookie = NSCD_NEW_COOKIE;
	}

	/* name service cache daemon divert */
	if (contextp->cookie == NSCD_NEW_COOKIE) {
		status = _nsc_setent_u(rootp, initf, contextpp);
		if (status != NSS_TRYLOCAL)
			return;
	}

	/* fall through - process locally */
	if (s == 0) {
		NSS_LOCK_CHECK(rootp, initf, &s);
		if (s == 0) {
			/* Couldn't set up state, so quit */
			NSS_UNLOCK(rootp);
			/* ==== is there any danger of not having done an */
			/* end_iter() here, and hence of losing backends? */
			contextpp->ctx = 0;
			libc_free(contextp);
			return;
		}
		NSS_STATE_REF_u(s);
		contextp->s = s;
	} else {
		s	= contextp->s;
		n_src	= contextp->n_src;
		be	= contextp->be;
		if (n_src == 0 && be != 0) {
			/*
			 * Optimization:  don't do endent, don't change
			 *   backends, just do the setent.  Look Ma, no locks
			 *   (nor any context that needs updating).
			 */
			(void) NSS_INVOKE_DBOP(be, NSS_DBOP_SETENT, 0);
			return;
		}
		if (n_src < s->max_src && be != 0) {
			(void) NSS_INVOKE_DBOP(be, NSS_DBOP_ENDENT, 0);
			NSS_RELOCK(&rootp, s);
			nss_put_backend_u(s, n_src, be);
			contextp->be = 0;	/* Play it safe */
		} else {
			NSS_RELOCK(&rootp, s);
		}
	}
	for (n_src = 0, be = 0; n_src < s->max_src &&
	    (be = nss_get_backend_u(&rootp, s, n_src)) == 0; n_src++) {
		;
	}
	NSS_UNLOCK(rootp);

	contextp->n_src	= n_src;
	contextp->be	= be;

	if (be == 0) {
		/* Things are broken enough that we can't do setent/getent */
		nss_endent_u(rootp, initf, contextpp);
		return;
	}
	(void) NSS_INVOKE_DBOP(be, NSS_DBOP_SETENT, 0);
}

static nss_status_t
nss_getent_u(nss_db_root_t *rootp, nss_db_initf_t initf,
	nss_getent_t *contextpp, void *args)
{
	nss_status_t		status;
	struct nss_db_state	*s;
	struct nss_getent_context *contextp;
	int			n_src;
	nss_backend_t		*be;

	if ((contextp = contextpp->ctx) == 0) {
		nss_setent_u(rootp, initf, contextpp);
		if ((contextp = contextpp->ctx) == 0) {
			/* Give up */
			return (NSS_UNAVAIL);
		}
	}
	/* name service cache daemon divert */
	status = _nsc_getent_u(rootp, initf, contextpp, args);
	if (status != NSS_TRYLOCAL)
		return (status);

	/* fall through - process locally */
	s	= contextp->s;
	n_src	= contextp->n_src;
	be	= contextp->be;

	if (s == 0) {
		/*
		 * We've done an end_iter() and haven't done nss_setent()
		 * or nss_endent() since;  we should stick in this state
		 * until the caller invokes one of those two routines.
		 */
		return (NSS_SUCCESS);
	}

	while (n_src < s->max_src) {
		nss_status_t res;

		if (be == 0) {
			/* If it's null it's a bug, but let's play safe */
			res = NSS_UNAVAIL;
		} else {
			res = NSS_INVOKE_DBOP(be, NSS_DBOP_GETENT, args);
		}

		if (__NSW_ACTION_V1(s->src[n_src].lkp, res) == __NSW_RETURN) {
			if (res != __NSW_SUCCESS) {
				end_iter_u(rootp, contextp);
			}
			return (res);
		}
		(void) NSS_INVOKE_DBOP(be, NSS_DBOP_ENDENT, 0);
		NSS_RELOCK(&rootp, s);
		nss_put_backend_u(s, n_src, be);
		do {
			n_src++;
		} while (n_src < s->max_src &&
		    (be = nss_get_backend_u(&rootp, s, n_src)) == 0);
		contextp->be = be;
		if (be == 0) {
			/*
			 * This is the case where we failed to get the backend
			 * for the last source. We exhausted all sources.
			 *
			 * We need to do cleanup ourselves because end_iter_u()
			 * does not do it for be == 0.
			 */
			NSS_UNREF_UNLOCK(rootp, s);
			contextp->s = 0;
			break;
		} else {
			NSS_UNLOCK(rootp);
			contextp->n_src = n_src;
			(void) NSS_INVOKE_DBOP(be, NSS_DBOP_SETENT, 0);
		}
	}
	/* Got to the end of the sources without finding another entry */
	end_iter_u(rootp, contextp);
	return (NSS_SUCCESS);
	/* success is either a successful entry or end of the sources */
}

/*ARGSUSED*/
static void
nss_endent_u(nss_db_root_t *rootp, nss_db_initf_t initf,
	nss_getent_t *contextpp)
{
	nss_status_t		status;
	struct nss_getent_context *contextp;

	if ((contextp = contextpp->ctx) == 0) {
		/* nss_endent() on an unused context is a no-op */
		return;
	}

	/* notify name service cache daemon */
	status = _nsc_endent_u(rootp, initf, contextpp);
	if (status != NSS_TRYLOCAL) {
		/* clean up */
		libc_free(contextp);
		contextpp->ctx = 0;
		return;
	}

	/* fall through - process locally */

	/*
	 * Existing code (BSD, SunOS) works in such a way that getXXXent()
	 *   following an endXXXent() behaves as though the user had invoked
	 *   setXXXent(), i.e. it iterates properly from the beginning.
	 * We'd better not break this, so our choices are
	 *	(1) leave the context structure around, and do nss_setent or
	 *	    something equivalent,
	 *   or	(2) free the context completely, and rely on the code in
	 *	    nss_getent() that makes getXXXent() do the right thing
	 *	    even without a preceding setXXXent().
	 * The code below does (2), which frees up resources nicely but will
	 * cost more if the user then does more getXXXent() operations.
	 * Moral:  for efficiency, don't call endXXXent() prematurely.
	 */
	end_iter_u(rootp, contextp);
	libc_free(contextp);
	contextpp->ctx = 0;
}

/*
 * pack dbd data into header
 * Argment pointers assumed valid.
 * poff offset position pointer
 *   IN = starting offset for dbd header
 *   OUT = starting offset for next section
 */

static nss_status_t
nss_pack_dbd(void *buffer, size_t bufsize, nss_db_params_t *p, size_t *poff)
{
	nss_pheader_t		*pbuf = (nss_pheader_t *)buffer;
	nss_dbd_t		*pdbd;
	size_t			off = *poff;
	size_t			len, blen;
	size_t			n, nc, dc;
	char			*bptr;

	pbuf->dbd_off = (nssuint_t)off;
	bptr = (char *)buffer + off;
	blen = bufsize - off;
	len = sizeof (nss_dbd_t);

	n = nc = dc = 0;
	if (p->name == NULL) {
		errno = ERANGE;			/* actually EINVAL */
		return (NSS_ERROR);
	}

	/* if default config not specified, the flag should be reset */
	if (p->default_config == NULL) {
		p->default_config = "<NULL>";
		p->flags = p->flags & ~NSS_USE_DEFAULT_CONFIG;
	}

	n = strlen(p->name) + 1;
	dc = strlen(p->default_config) + 1;
	if (n < 2 || dc < 2) {			/* What no DB? */
		errno = ERANGE;			/* actually EINVAL */
		return (NSS_ERROR);
	}
	if (p->config_name != NULL) {
		nc = strlen(p->config_name) + 1;
	}
	if ((len + n + nc + dc) >= blen) {
		errno = ERANGE;			/* actually EINVAL */
		return (NSS_ERROR);
	}

	pdbd = (nss_dbd_t *)((void *)bptr);
	bptr += len;
	pdbd->flags = p->flags;
	pdbd->o_name = len;
	(void) strlcpy(bptr, p->name, n);
	len += n;
	bptr += n;
	if (nc == 0) {
		pdbd->o_config_name = 0;
	} else {
		pdbd->o_config_name = len;
		(void) strlcpy(bptr, p->config_name, nc);
		bptr += nc;
		len += nc;
	}
	pdbd->o_default_config = len;
	(void) strlcpy(bptr, p->default_config, dc);
	len += dc;
	pbuf->dbd_len = (nssuint_t)len;
	off += ROUND_UP(len, sizeof (nssuint_t));
	*poff = off;
	return (NSS_SUCCESS);
}

/*
 * Switch packed and _nsc (switch->nscd) interfaces
 * Return: NSS_SUCCESS (OK to proceed), NSS_ERROR, NSS_NOTFOUND
 */

/*ARGSUSED*/
nss_status_t
nss_pack(void *buffer, size_t bufsize, nss_db_root_t *rootp,
	    nss_db_initf_t initf, int search_fnum, void *search_args)
{
	nss_pheader_t		*pbuf = (nss_pheader_t *)buffer;
	nss_XbyY_args_t		*in = (nss_XbyY_args_t *)search_args;
	nss_db_params_t		tparam = { 0 };
	nss_status_t		ret = NSS_ERROR;
	const char		*dbn;
	size_t			blen, len, off = 0;
	char			*bptr;
	struct nss_groupsbymem	*gbm;

	if (pbuf == NULL || in == NULL || initf == (nss_db_initf_t)NULL) {
		errno = ERANGE;			/* actually EINVAL */
		return (ret);
	}
	tparam.cleanup = NULL;
	(*initf)(&tparam);
	if ((dbn = tparam.name) == 0) {
		if (tparam.cleanup != 0)
			(tparam.cleanup)(&tparam);
		errno = ERANGE;			/* actually EINVAL */
		return (ret);
	}

	/* init buffer header */
	pbuf->pbufsiz = (nssuint_t)bufsize;
	pbuf->p_ruid = (uint32_t)getuid();
	pbuf->p_euid = (uint32_t)geteuid();
	pbuf->p_version = NSCD_HEADER_REV;
	pbuf->p_status = 0;
	pbuf->p_errno = 0;
	pbuf->p_herrno = 0;

	/* possible audituser init */
	if (strcmp(dbn, NSS_DBNAM_AUTHATTR) == 0 && in->h_errno != 0)
		pbuf->p_herrno = (uint32_t)in->h_errno;

	pbuf->libpriv = 0;

	off = sizeof (nss_pheader_t);

	/* setup getXbyY operation - database and sub function */
	pbuf->nss_dbop = (uint32_t)search_fnum;
	ret = nss_pack_dbd(buffer, bufsize, &tparam, &off);
	if (ret != NSS_SUCCESS) {
		errno = ERANGE;			/* actually EINVAL */
		return (ret);
	}
	ret = NSS_ERROR;
	/* setup request key */
	pbuf->key_off = (nssuint_t)off;
	bptr = (char *)buffer + off;
	blen = bufsize - off;
	/* use key2str if provided, else call default getXbyY packer */
	if (strcmp(dbn, NSS_DBNAM_NETGROUP) == 0) {
		/* This has to run locally due to backend knowledge */
		if (search_fnum == NSS_DBOP_NETGROUP_SET) {
			errno = 0;
			return (NSS_TRYLOCAL);
		}
		/* use default packer for known getXbyY ops */
		ret = nss_default_key2str(bptr, blen, in, dbn,
		    search_fnum, &len);
	} else if (in->key2str == NULL ||
	    (search_fnum == NSS_DBOP_GROUP_BYMEMBER &&
	    strcmp(dbn, NSS_DBNAM_GROUP) == 0)) {
		/* use default packer for known getXbyY ops */
		ret = nss_default_key2str(bptr, blen, in, dbn,
		    search_fnum, &len);
	} else {
		ret = (*in->key2str)(bptr, blen, &in->key, &len);
	}
	if (tparam.cleanup != 0)
		(tparam.cleanup)(&tparam);
	if (ret != NSS_SUCCESS) {
		errno = ERANGE;			/* actually ENOMEM */
		return (ret);
	}
	pbuf->key_len = (nssuint_t)len;
	off += ROUND_UP(len, sizeof (nssuint_t));

	pbuf->data_off = (nssuint_t)off;
	pbuf->data_len = (nssuint_t)(bufsize - off);
	/*
	 * Prime data return with first result if
	 * the first result is passed in
	 * [_getgroupsbymember oddness]
	 */
	gbm = (struct nss_groupsbymem *)search_args;
	if (search_fnum == NSS_DBOP_GROUP_BYMEMBER &&
	    strcmp(dbn, NSS_DBNAM_GROUP) == 0 && gbm->numgids == 1) {
		gid_t	*gidp;
		gidp = (gid_t *)((void *)((char *)buffer + off));
		*gidp = gbm->gid_array[0];
	}

	errno = 0;				/* just in case ... */
	return (NSS_SUCCESS);
}

/*
 * Switch packed and _nsc (switch->nscd) {set/get/end}ent interfaces
 * Return: NSS_SUCCESS (OK to proceed), NSS_ERROR, NSS_NOTFOUND
 */

/*ARGSUSED*/
nss_status_t
nss_pack_ent(void *buffer, size_t bufsize, nss_db_root_t *rootp,
	    nss_db_initf_t initf, nss_getent_t *contextpp)
{
	nss_pheader_t		*pbuf = (nss_pheader_t *)buffer;
	struct nss_getent_context *contextp = contextpp->ctx;
	nss_status_t		ret = NSS_ERROR;
	size_t			blen, len = 0, off = 0;
	char			*bptr;
	nssuint_t		*nptr;

	if (pbuf == NULL || initf == (nss_db_initf_t)NULL) {
		errno = ERANGE;			/* actually EINVAL */
		return (ret);
	}

	/* init buffer header */
	pbuf->pbufsiz = (nssuint_t)bufsize;
	pbuf->p_ruid = (uint32_t)getuid();
	pbuf->p_euid = (uint32_t)geteuid();
	pbuf->p_version = NSCD_HEADER_REV;
	pbuf->p_status = 0;
	pbuf->p_errno = 0;
	pbuf->p_herrno = 0;
	pbuf->libpriv = 0;

	off = sizeof (nss_pheader_t);

	/* setup getXXXent operation - database and sub function */
	pbuf->nss_dbop = (uint32_t)0;	/* iterators have no dbop */
	ret = nss_pack_dbd(buffer, bufsize, &contextp->param, &off);
	if (ret != NSS_SUCCESS) {
		errno = ERANGE;			/* actually EINVAL */
		return (ret);
	}
	ret = NSS_ERROR;
	off += ROUND_UP(len, sizeof (nssuint_t));

	pbuf->key_off = (nssuint_t)off;
	bptr = (char *)buffer + off;
	blen = bufsize - off;
	len = (size_t)(sizeof (nssuint_t) * 2);
	if (len >= blen) {
		errno = ERANGE;			/* actually EINVAL */
		return (ret);
	}
	nptr = (nssuint_t *)((void *)bptr);
	*nptr++ = contextp->cookie;
	*nptr = contextp->seq_num;
	pbuf->key_len = (nssuint_t)len;

	off += len;
	pbuf->data_off = (nssuint_t)off;
	pbuf->data_len = (nssuint_t)(bufsize - off);
	return (NSS_SUCCESS);
}

/*
 * Unpack packed arguments buffer
 * Return: status, errnos and results from requested operation.
 *
 * NOTES: When getgroupsbymember is being processed in the NSCD backend,
 * or via the backwards compatibility interfaces then the standard
 * str2group API is used in conjunction with process_cstr.  When,
 * processing a returned buffer, in NSS2 the return results are the
 * already digested groups array.  Therefore, unpack the digested results
 * back to the return buffer.
 *
 * Note: the digested results are nssuint_t quantities.  _getgroupsbymember
 * digests int quantities.  Therefore convert.  Assume input is in nssuint_t
 * quantities.  Store in an int array... Assume gid's are <= 32 bits...
 */

/*ARGSUSED*/
nss_status_t
nss_unpack(void *buffer, size_t bufsize, nss_db_root_t *rootp,
	    nss_db_initf_t initf, int search_fnum, void *search_args)
{
	nss_pheader_t		*pbuf = (nss_pheader_t *)buffer;
	nss_XbyY_args_t		*in = (nss_XbyY_args_t *)search_args;
	nss_dbd_t		*pdbd;
	char			*dbn;
	nss_status_t		status;
	char			*buf;
	int			len;
	int			ret;
	int			i;
	int			fmt_type;
	gid_t			*gidp;
	gid_t			*gptr;
	struct nss_groupsbymem	*arg;


	if (pbuf == NULL || in == NULL)
		return (-1);
	status = pbuf->p_status;
	/* Identify odd cases */
	pdbd = (nss_dbd_t *)((void *)((char *)buffer + pbuf->dbd_off));
	dbn = (char *)pdbd + pdbd->o_name;
	fmt_type = 0; /* nss_XbyY_args_t */
	if (search_fnum == NSS_DBOP_GROUP_BYMEMBER &&
	    strcmp(dbn, NSS_DBNAM_GROUP) == 0)
		fmt_type = 1; /* struct nss_groupsbymem */
	else if (search_fnum == NSS_DBOP_NETGROUP_IN &&
	    strcmp(dbn, NSS_DBNAM_NETGROUP) == 0)
		fmt_type = 2; /* struct nss_innetgr_args */

	/* if error - door's switch error */
	/* extended data could contain additional information? */
	if (status != NSS_SUCCESS) {
		if (fmt_type == 0) {
			in->h_errno = (int)pbuf->p_herrno;
			if (pbuf->p_errno == ERANGE)
				in->erange = 1;
		}
		return (status);
	}

	if (pbuf->data_off == 0 || pbuf->data_len == 0)
		return (NSS_NOTFOUND);

	buf = (char *)buffer + pbuf->data_off;
	len = pbuf->data_len;

	/* sidestep odd cases */
	if (fmt_type == 1) {
		arg = (struct nss_groupsbymem *)in;
		/* copy returned gid array from returned nscd buffer */
		i = len / sizeof (gid_t);
		/* not enough buffer */
		if (i > arg->maxgids) {
			i = arg->maxgids;
		}
		arg->numgids = i;
		gidp = arg->gid_array;
		gptr = (gid_t *)((void *)buf);
		(void) memcpy(gidp, gptr, len);
		return (NSS_SUCCESS);
	}
	if (fmt_type == 2) {
		struct nss_innetgr_args *arg = (struct nss_innetgr_args *)in;

		if (pbuf->p_status == NSS_SUCCESS) {
			arg->status = NSS_NETGR_FOUND;
			return (NSS_SUCCESS);
		} else {
			arg->status = NSS_NETGR_NO;
			return (NSS_NOTFOUND);
		}
	}

	/* process the normal cases */
	/* marshall data directly into users buffer */
	ret = (*in->str2ent)(buf, len, in->buf.result, in->buf.buffer,
	    in->buf.buflen);
	if (ret == NSS_STR_PARSE_ERANGE) {
		in->returnval = 0;
		in->returnlen = 0;
		in->erange    = 1;
		ret = NSS_NOTFOUND;
	} else if (ret == NSS_STR_PARSE_SUCCESS) {
		in->returnval = in->buf.result;
		in->returnlen =  len;
		ret = NSS_SUCCESS;
	}
	in->h_errno = (int)pbuf->p_herrno;
	return ((nss_status_t)ret);
}

/*
 * Unpack a returned packed {set,get,end}ent arguments buffer
 * Return: status, errnos, cookie info and results from requested operation.
 */

/*ARGSUSED*/
nss_status_t
nss_unpack_ent(void *buffer, size_t bufsize, nss_db_root_t *rootp,
	    nss_db_initf_t initf, nss_getent_t *contextpp, void *args)
{
	nss_pheader_t		*pbuf = (nss_pheader_t *)buffer;
	nss_XbyY_args_t		*in = (nss_XbyY_args_t *)args;
	struct nss_getent_context *contextp = contextpp->ctx;
	nssuint_t		*nptr;
	nssuint_t		cookie;
	nss_status_t		status;
	char			*buf;
	int			len;
	int			ret;

	if (pbuf == NULL)
		return (-1);
	status = pbuf->p_status;
	/* if error - door's switch error */
	/* extended data could contain additional information? */
	if (status != NSS_SUCCESS)
		return (status);

	/* unpack assigned cookie from SET/GET/END request */
	if (pbuf->key_off == 0 ||
	    pbuf->key_len != (sizeof (nssuint_t) * 2))
		return (NSS_NOTFOUND);

	nptr = (nssuint_t *)((void *)((char *)buffer + pbuf->key_off));
	cookie = contextp->cookie;
	if (cookie != NSCD_NEW_COOKIE && cookie != contextp->cookie_setent &&
	    cookie != *nptr) {
		/*
		 * Should either be new, or the cookie returned by the last
		 * setent (i.e., this is the first getent after the setent)
		 * or a match, else error
		 */
		return (NSS_NOTFOUND);
	}
	/* save away for the next ent request */
	contextp->cookie = *nptr++;
	contextp->seq_num = *nptr;

	/* All done if no marshalling is expected {set,end}ent */
	if (args == NULL)
		return (NSS_SUCCESS);

	/* unmarshall the data */
	if (pbuf->data_off == 0 || pbuf->data_len == 0)
		return (NSS_NOTFOUND);
	buf = (char *)buffer + pbuf->data_off;

	len = pbuf->data_len;

	/* marshall data directly into users buffer */
	ret = (*in->str2ent)(buf, len, in->buf.result, in->buf.buffer,
	    in->buf.buflen);
	if (ret == NSS_STR_PARSE_ERANGE) {
		in->returnval = 0;
		in->returnlen = 0;
		in->erange    = 1;
	} else if (ret == NSS_STR_PARSE_SUCCESS) {
		in->returnval = in->buf.result;
		in->returnlen =  len;
	}
	in->h_errno = (int)pbuf->p_herrno;
	return ((nss_status_t)ret);
}

/*
 * Start of _nsc_{search|setent_u|getent_u|endent_u} NSCD interposition funcs
 */

nss_status_t
_nsc_search(nss_db_root_t *rootp, nss_db_initf_t initf, int search_fnum,
	void *search_args)
{
	nss_pheader_t		*pbuf;
	void			*doorptr = NULL;
	size_t			bufsize = 0;
	size_t			datasize = 0;
	nss_status_t		status;

	if (_nsc_proc_is_cache() > 0) {
		/* internal nscd call - don't use the door */
		return (NSS_TRYLOCAL);
	}

	/* standard client calls nscd code */
	if (search_args == NULL)
		return (NSS_NOTFOUND);

	/* get the door buffer  & configured size */
	bufsize = ((nss_XbyY_args_t *)search_args)->buf.buflen;
	if (_nsc_getdoorbuf(&doorptr, &bufsize) != 0)
		return (NSS_TRYLOCAL);
	if (doorptr == NULL || bufsize == 0)
		return (NSS_TRYLOCAL);

	pbuf = (nss_pheader_t *)doorptr;
	/* pack argument and request into door buffer */
	pbuf->nsc_callnumber = NSCD_SEARCH;
	/* copy relevant door request info into door buffer */
	status = nss_pack((void *)pbuf, bufsize, rootp,
	    initf, search_fnum, search_args);

	/* Packing error return error results */
	if (status != NSS_SUCCESS)
		return (status);

	/* transfer packed switch request to nscd via door */
	/* data_off can be used because it is header+dbd_len+key_len */
	datasize = pbuf->data_off;
	status = _nsc_trydoorcall_ext(&doorptr, &bufsize, &datasize);

	/* If unsuccessful fallback to standard nss logic */
	if (status != NSS_SUCCESS) {
		/*
		 * check if doors reallocated the memory underneath us
		 * if they did munmap it or suffer a memory leak
		 */
		if (doorptr != (void *)pbuf) {
			_nsc_resizedoorbuf(bufsize);
			(void) munmap((void *)doorptr, bufsize);
		}
		return (NSS_TRYLOCAL);
	}

	/* unpack and marshall data/errors to user structure */
	/* set any error conditions */
	status = nss_unpack((void *)doorptr, bufsize, rootp, initf,
	    search_fnum, search_args);
	/*
	 * check if doors reallocated the memory underneath us
	 * if they did munmap it or suffer a memory leak
	 */
	if (doorptr != (void *)pbuf) {
		_nsc_resizedoorbuf(bufsize);
		(void) munmap((void *)doorptr, bufsize);
	}
	return (status);
}

/*
 * contact nscd for a cookie or to reset an existing cookie
 * if nscd fails (NSS_TRYLOCAL) then set cookie to -1 and
 * continue diverting to local
 */
nss_status_t
_nsc_setent_u(nss_db_root_t *rootp, nss_db_initf_t initf,
	nss_getent_t *contextpp)
{
	nss_status_t		status = NSS_TRYLOCAL;
	struct nss_getent_context *contextp = contextpp->ctx;
	nss_pheader_t		*pbuf;
	void			*doorptr = NULL;
	size_t			bufsize = 0;
	size_t			datasize = 0;

	/* return if already in local mode */
	if (contextp->cookie == NSCD_LOCAL_COOKIE)
		return (NSS_TRYLOCAL);

	if (_nsc_proc_is_cache() > 0) {
		/* internal nscd call - don't try to use the door */
		contextp->cookie = NSCD_LOCAL_COOKIE;
		return (NSS_TRYLOCAL);
	}

	/* get the door buffer & configured size */
	if (_nsc_getdoorbuf(&doorptr, &bufsize) != 0) {
		contextp->cookie = NSCD_LOCAL_COOKIE;
		return (NSS_TRYLOCAL);
	}
	if (doorptr == NULL || bufsize == 0) {
		contextp->cookie = NSCD_LOCAL_COOKIE;
		return (NSS_TRYLOCAL);
	}

	pbuf = (nss_pheader_t *)doorptr;
	pbuf->nsc_callnumber = NSCD_SETENT;

	contextp->param.cleanup = NULL;
	(*initf)(&contextp->param);
	if (contextp->param.name == 0) {
		if (contextp->param.cleanup != 0)
			(contextp->param.cleanup)(&contextp->param);
		errno = ERANGE;			/* actually EINVAL */
		return (NSS_ERROR);
	}

	/* pack relevant setent request info into door buffer */
	status = nss_pack_ent((void *)pbuf, bufsize, rootp, initf, contextpp);
	if (status != NSS_SUCCESS)
		return (status);

	/* transfer packed switch request to nscd via door */
	/* data_off can be used because it is header+dbd_len+key_len */
	datasize = pbuf->data_off;
	status = _nsc_trydoorcall_ext(&doorptr, &bufsize, &datasize);

	/* If fallback to standard nss logic (door failure) if possible */
	if (status != NSS_SUCCESS) {
		if (contextp->cookie == NSCD_NEW_COOKIE) {
			contextp->cookie = NSCD_LOCAL_COOKIE;
			return (NSS_TRYLOCAL);
		}
		return (NSS_UNAVAIL);
	}
	/* unpack returned cookie stash it away */
	status = nss_unpack_ent((void *)doorptr, bufsize, rootp,
	    initf, contextpp, NULL);
	/* save the setent cookie for later use */
	contextp->cookie_setent = contextp->cookie;
	/*
	 * check if doors reallocated the memory underneath us
	 * if they did munmap it or suffer a memory leak
	 */
	if (doorptr != (void *)pbuf) {
		_nsc_resizedoorbuf(bufsize);
		(void) munmap((void *)doorptr, bufsize);
	}
	return (status);
}

nss_status_t
_nsc_getent_u(nss_db_root_t *rootp, nss_db_initf_t initf,
	nss_getent_t *contextpp, void *args)
{
	nss_status_t		status = NSS_TRYLOCAL;
	struct nss_getent_context *contextp = contextpp->ctx;
	nss_pheader_t		*pbuf;
	void			*doorptr = NULL;
	size_t			bufsize = 0;
	size_t			datasize = 0;

	/* return if already in local mode */
	if (contextp->cookie == NSCD_LOCAL_COOKIE)
		return (NSS_TRYLOCAL);

	/* _nsc_setent_u already checked for nscd local case ... proceed */
	if (args == NULL)
		return (NSS_NOTFOUND);

	/* get the door buffer  & configured size */
	bufsize = ((nss_XbyY_args_t *)args)->buf.buflen;
	if (_nsc_getdoorbuf(&doorptr, &bufsize) != 0)
		return (NSS_UNAVAIL);
	if (doorptr == NULL || bufsize == 0)
		return (NSS_UNAVAIL);

	pbuf = (nss_pheader_t *)doorptr;
	pbuf->nsc_callnumber = NSCD_GETENT;

	/* pack relevant setent request info into door buffer */
	status = nss_pack_ent((void *)pbuf, bufsize, rootp, initf, contextpp);
	if (status != NSS_SUCCESS)
		return (status);

	/* transfer packed switch request to nscd via door */
	/* data_off can be used because it is header+dbd_len+key_len */
	datasize = pbuf->data_off;
	status = _nsc_trydoorcall_ext(&doorptr, &bufsize, &datasize);

	/* If fallback to standard nss logic (door failure) if possible */
	if (status != NSS_SUCCESS) {
		if (status == NSS_TRYLOCAL ||
		    contextp->cookie == NSCD_NEW_COOKIE) {
			contextp->cookie = NSCD_LOCAL_COOKIE;

			/* init the local cookie */
			nss_setent_u(rootp, initf, contextpp);
			if (contextpp->ctx == 0)
				return (NSS_UNAVAIL);
			return (NSS_TRYLOCAL);
		}
		return (NSS_UNAVAIL);
	}
	/* check error, unpack and process results */
	status = nss_unpack_ent((void *)doorptr, bufsize, rootp,
	    initf, contextpp, args);
	/*
	 * check if doors reallocated the memory underneath us
	 * if they did munmap it or suffer a memory leak
	 */
	if (doorptr != (void *)pbuf) {
		_nsc_resizedoorbuf(bufsize);
		(void) munmap((void *)doorptr, bufsize);
	}
	return (status);
}

nss_status_t
_nsc_endent_u(nss_db_root_t *rootp, nss_db_initf_t initf,
	nss_getent_t *contextpp)
{
	nss_status_t		status = NSS_TRYLOCAL;
	struct nss_getent_context *contextp = contextpp->ctx;
	nss_pheader_t		*pbuf;
	void			*doorptr = NULL;
	size_t			bufsize = 0;
	size_t			datasize = 0;

	/* return if already in local mode */
	if (contextp->cookie == NSCD_LOCAL_COOKIE)
		return (NSS_TRYLOCAL);

	/* _nsc_setent_u already checked for nscd local case ... proceed */

	/* get the door buffer  & configured size */
	if (_nsc_getdoorbuf(&doorptr, &bufsize) != 0)
		return (NSS_UNAVAIL);
	if (doorptr == NULL || bufsize == 0)
		return (NSS_UNAVAIL);

	/* pack up a NSCD_ENDGET request passing in the cookie */
	pbuf = (nss_pheader_t *)doorptr;
	pbuf->nsc_callnumber = NSCD_ENDENT;

	/* pack relevant setent request info into door buffer */
	status = nss_pack_ent((void *)pbuf, bufsize, rootp, initf, contextpp);
	if (status != NSS_SUCCESS)
		return (status);

	/* transfer packed switch request to nscd via door */
	/* data_off can be used because it is header+dbd_len+key_len */
	datasize = pbuf->data_off;
	(void) _nsc_trydoorcall_ext(&doorptr, &bufsize, &datasize);

	/* error codes & unpacking ret values don't matter.  We're done */

	/*
	 * check if doors reallocated the memory underneath us
	 * if they did munmap it or suffer a memory leak
	 */
	if (doorptr != (void *)pbuf) {
		_nsc_resizedoorbuf(bufsize);
		(void) munmap((void *)doorptr, bufsize);
	}

	/* clean up initf setup */
	if (contextp->param.cleanup != 0)
		(contextp->param.cleanup)(&contextp->param);
	contextp->param.cleanup = NULL;

	/* clear cookie */
	contextp->cookie = NSCD_NEW_COOKIE;
	return (NSS_SUCCESS);
}

/*
 * Internal private API to return default suggested buffer sizes
 * for nsswitch API requests
 */

size_t
_nss_get_bufsizes(int arg)
{
	switch (arg) {
	case _SC_GETGR_R_SIZE_MAX:
		return (__nss_buflen_group);
	}
	return (__nss_buflen_default);
}