libnss_tcb: Match interfaces with NSS documentation.

[besser82]

According to [1] the interfaces provided are of return-type 'enum nss_status', of which the _nss_database_getXXX_r() interfaces are mandated to take four parameters: a pointer to the result, a pointer to an additional buffer, the size of the buffer supplied, and a pointer to an integer to report error values (errnop). The returned status values are meant to be accompanied by a corresponding error value [2] passed through the errnop pointer.

[1] https://www.gnu.org/software/libc/manual/html_node/NSS-Module-Function-Internals.html
[2] https://www.gnu.org/software/libc/manual/html_node/NSS-Modules-Interface.html

[besser82]

Last one for v1.3, promissed!

[solardiz]

I've made some comments based on skimming of the code, but also I need to review the spec and we need to review and cleanup our previous errno logic. This may be overly complicated with us separately maintaining errno and *__errnop.

Was the spec always this way or are we breaking compatibility with some legacy glibc?

[solardiz]

Should maybe be *__errnop = errno, because asprintf may set perhaps ENOMEM and it'd be right.

[besser82]

According to the specs EAGAIN looks correct to me, as NSS_STATUS_TRYAGAIN with errnop EAGAIN means: "One of the functions used ran temporarily out of resources or a service is currently not available."

[ldv-alt]

The documentation says that in case of NSS_STATUS_TRYAGAIN only ERANGE has a special meaning, and everything else is as good as EAGAIN. The implementation agrees with the documentation, there is some special handling for ERANGE, but besides that all errno values are equal. In fact, __nss_getent_r returns EAGAIN in case of NSS_STATUS_TRYAGAIN regardless of errno value.

[solardiz]

Maybe EINVAL here? But is it a good idea to check for improper usage like that? It's typical for libc function to just crash when called with a NULL pointer where that is not allowed.

[solardiz]

Maybe *__errnop = errno;.

[besser82]

NSS_STATUS_UNAVAIL with ENOENT means "A necessary input file cannot be found.", which is the case here; tcbdir cannot be opened.

[solardiz]

I am not sure that our previous errno logic here was right, so maybe ENOENT is right here.

[besser82]

Yes, as we cannot iterate over tcbdir for unknown reasons, so we should indicate "A necessary input file cannot be found."

[ldv-alt]

Given that in practice __errnop == &errno, assigning different values to errno and *__errnop doesn't make sense.

[besser82]

Was the spec always this way or are we breaking compatibility with some legacy glibc?

The spec for the function prototype is unchanged since glibc-2.0.98 (~Oct 1998); the int *errnop parameter was added around this time, which was the reason for the libnss_$module soname has been bumped from 1 to 2.

See: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=c66dbe00b9c98bb9d1fc10c9007fdcfb98a59b73

[besser82]

@solardiz I would be nice, if you could another look here; this rebase should address most of your previous comments.

[solardiz]

@solardiz I would be nice, if you could another look here; this rebase should address most of your previous comments.

Thanks. I will, but not right now. I want to take a look at the specs and hear from @ldv-alt his thoughts on whether we should continue setting errno as well (and if not, maybe removing that should be a separate commit).

[ldv-alt]

@solardiz I would be nice, if you could another look here; this rebase should address most of your previous comments.

Thanks. I will, but not right now. I want to take a look at the specs and hear from @ldv-alt his thoughts on whether we should continue setting errno as well (and if not, maybe removing that should be a separate commit).

I've checked the current glibc implementation of nss_files, and for me it looks like it's not quite consistent wrt setting errno.
For example, while its internal_getent sets errnop argument and strives not to clobber errno, internal_setent doesn't take errnop argument and sets errno, as result, _nss_files_get*_r may set either errno or errnop argument depending on the function where the error takes place. However, __nss_getent_r passes &errno as errnop argument, so the error ends up in errno anyway.

That is, we could make nss_tcb behavior wrt setting errno more consistent, but glibc doesn't care.

[solardiz]

That is, we could make nss_tcb behavior wrt setting errno more consistent, but glibc doesn't care.

OK, and what's your preference? Off the top of my head, our options may be:

1. Leave everything as-is (don't merge this PR).
2. Consistently set errno only (similar to option 1?)
3. Consistently set *errnop only, but let errno also be set/clobbered in places where this happens without extra effort by us.
4. Consistently set *errnop only and spend extra effort to preserve errno.
5. Merge this PR in whatever inconsistent state it may happen to be in. Looking at what's seen in patch context only, it appears that currently this PR consistently sets *errnop, but also sometimes spends extra effort to set errno.

[ldv-alt]

The original logic seems to be correct: ENOENT means that the shadow file doesn't exist, in that case NSS_STATUS_NOTFOUND (The requested entry is not available) should be returned. If the shadow file is not available for other reasons, than NSS_STATUS_UNAVAIL should be returned.

[ldv-alt]

Just to make sure, this is a bug fix: when fgetspent_r returns a nonzero value, it writes NULL at the address specified by its last argument. Before this change, that address used to be &errno.

[ldv-alt]

This is correct, the error code returned by fgetspent_r is currently either ENOENT or EAGAIN, it doesn't necessarily have to match the value of errno.

[ldv-alt]

Likewise.

[ldv-alt]

That is, we could make nss_tcb behavior wrt setting errno more consistent, but glibc doesn't care.

OK, and what's your preference? Off the top of my head, our options may be:

I think first of all we should update the function prototypes and fix the bug of passing __errnop to fgetspent_r.

After that we could fix other inconsistencies, keeping in the mind that in practice __errnop == &errno.

[solardiz]

I think first of all we should update the function prototypes and fix the bug of passing __errnop to fgetspent_r.

After that we could fix other inconsistencies, keeping in the mind that in practice __errnop == &errno.

So maybe 3 separate commits (fix bug, fix prototypes, start to use the passed *errnop and avoid inconsistencies)?

BTW, why the two underscores? I think that's inappropriate.

[ldv-alt]

BTW, why the two underscores? I think that's inappropriate.

I concur, identifiers with two leading underscores belong to the reserved namespace, it's not correct to introduce them here.

[ldv-alt]

I think first of all we should update the function prototypes and fix the bug of passing errnop to fgetspent_r.
After that we could fix other inconsistencies, keeping in the mind that in practice errnop == &errno.

So maybe 3 separate commits (fix bug, fix prototypes, start to use the passed *errnop and avoid inconsistencies)?

LGTM.