Bug#47467: [Pkg-shadow-devel] #47467 to be closed by PAMification of chfn and chsh?

Alexander Gattin xrgtn at yandex.ru
Sat Oct 15 18:09:37 UTC 2005 

Hi!

On Sat, Oct 15, 2005 at 08:40:59AM +0200, Christian Perrier wrote:
> > No, this is NSS/libc guys' problem in first place, then
> > ours (with Tomasz).
...
> From the above, I understand that this bug should be reassigned to
> "passwd,glibc".

Yes, we should have 2 bugs one depending on another.

For example, in terms of bugzilla (I think you know its
design) -- let's call a bug for libc6 as bug1 and a bug
for passwd as bug2, then bug1 should be marked as a bug
that _blocks_ progress of bug2.

This means that without necessary changes to libc we
can't implement the features requested.

> So, we need to describe to the glibc maintainers what we are talking
> about.
> 
> Can you please summarize this?

Yes, it's quite easy but lengthy description, that's
why I didn't do it before -- my laziness is the reason.

OK, here I go:

1. prerequisites:
   1a) `info libc Name Service Switch` 
   1b) `info libc NSS` (point to consider is
       "services to _access_ the databases")
   1g) `info libc Group Database` (point to consider is
       "how to _search_ and _scan_ the database" (R/O),
       i.e. no mention of how to _change_ (R/W) the
       database)
   1w) `info libc Writing a User Entry` (point to
       consider is the only W interface for "passwd" in
       NSS:
         int putpwent (const struct passwd *P, FILE *STREAM)
       here we see that:
       * an entry is written to file, not to the
        "passwd" _database_
       * citing: "This function exists for compatibility
         with SVID. We recommend that you avoid using it"
   1h) /usr/include/pwd.h, /usr/include/shadow.h
       look into these just to confirm the
       abovementioned points.

2. problems:
   Basically, there's exactly one problem -- NSS
   services are unidirectional, i.e. R/O, while for
   updating Full Name, login shell, group members list
   etc. a bidirectional (R/W) interface is required.

3. proposals:
   3a) provide services for modifying the databases, at
       least for "passwd", "group", "shadow" and
       "gshadow" ones, as this is the most wanted
       feature ATM
   3b) provide underlying interface for NSS modules in
       order for them to support modifications of their
       respective data sources (files/NIS, LDAP, DNS
       etc.)
       Of course, NSS is just a layer above these
       modules, so it can't add any functionality that
       is not implemented or absent in modules. I.e. an
       extension of the API (in fact, just a naming
       conventions AFAIU -- right?) _between_ NSS and
       NSS modules is required for (3a) to work.

P.S. at first I too was surprised that there's no R/W
NSS API at all in existance despite its obvious likely
usefullness.

Then I remembered history of the Hurd and think that
the current state of the matter is no big surprise,
given voluntarily nature of GNU libc development and
absense of _demand_ from major players like Sun, IBM
or even RH, SuSE etc.

P.P.S. all the story of the bug is just a sequence of
obvious misasumptions.

-- 
WBR,
xrgtn

More information about the Pkg-shadow-devel mailing list