about summary refs log tree commit diff
path: root/nis/nss_compat
diff options
context:
space:
mode:
authorUlrich Drepper <drepper@redhat.com>1996-12-11 01:40:39 +0000
committerUlrich Drepper <drepper@redhat.com>1996-12-11 01:40:39 +0000
commit6259ec0d78fd301572fcb616fdfa0500b828a824 (patch)
treeb1a008ed66281799defcaf56a92d3b592ca1f34a /nis/nss_compat
parentaee321f468f9214700b24e7aef39ef27bda4c42c (diff)
downloadglibc-6259ec0d78fd301572fcb616fdfa0500b828a824.tar.gz
glibc-6259ec0d78fd301572fcb616fdfa0500b828a824.tar.xz
glibc-6259ec0d78fd301572fcb616fdfa0500b828a824.zip
update from main arcive 961210 cvs/libc-961211
Wed Dec 11 01:04:30 1996  Ulrich Drepper  <drepper@cygnus.com>

	Add NIS NSS implementation.
	* shlib-versions: Add versions for NIS libraries.
	* sysdeps/unix/inet/Subdirs: Add nis.
	* nis/Banner: New file.
	* nis/Makefile: New file.
	* nis/nss-nis.h: New file.
	* nis/yp_xdr.h: New file.
	* nis/ypclnt.h: New file.
	* nis/ypupdate_xdr.c: New file.
	* nis/nss_compat/compat-grp.c: New file.
	* nis/nss_compat/compat-pwd.c: New file.
	* nis/nss_compat/compat-spwd.c: New file.
	* nis/nss_nis/nis-alias.c: New file.
	* nis/nss_nis/nis-ethers.c: New file.
	* nis/nss_nis/nis-grp.c: New file.
	* nis/nss_nis/nis-hosts.c: New file.
	* nis/nss_nis/nis-netgrp.c: New file.
	* nis/nss_nis/nis-network.c: New file.
	* nis/nss_nis/nis-proto.c: New file.
	* nis/nss_nis/nis-publickey.c: New file.
	* nis/nss_nis/nis-pwd.c: New file.
	* nis/nss_nis/nis-rpc.c: New file.
	* nis/nss_nis/nis-service.c: New file.
	* nis/nss_nis/nis-spwd.c: New file.
	* nis/rpcsvc/yp.h: New file.
	* nis/rpcsvc/yp.x: New file.
	* nis/rpcsvc/yp_prot.h: New file.
	* nis/rpcsvc/ypclnt.h: New file.
	* nis/rpcsvc/ypupd.h: New file.

	* libio/_G_config.h: Define _G_HAVE_SYS_WAIT and _G_HAVE_PRINTF_FP.

	* locale/C-numeric.c: Update copyright.

	* locale/Makefile: Add rules to build libBrokenLocale.
	* locale/broken_cur_max.c: New file.
	* locale/mb_cur_max.c: Update copyright.
	(__ctype_get_mb_cur_max): Make function weak.

	* new-malloc/malloc.c: Correct copyright.
	* new-malloc/thread-m.h: Correct key handling.

	* shadow/lckpwdf.c: Update copyright.
	(PWD_LOCKFILE): Change to /etc/.pwd.lock.

	* stdlib/strtod.c: Add another assertion.
	* stdlib/tst-strtod.c: Add another test case.

	* sysdeps/generic/paths.h: Add _PATH_PRESERVE.  Needed by nvi.
	* sysdeps/unix/sysv/linux/paths.h: Likewise.

	* sysdeps/gnu/utmpbits.h: Rename ut_addr field to ut_addr_v6.
	ut_addr names a single element in ut_addr_v6.

	* sysdeps/mach/hurd/xmknod.c: Remove alias from __mknod to mknod.
	Patch by Thomas Bushnell, n/BSG.

Tue Dec 10 11:35:28 1996  Richard Henderson  <rth@tamu.edu>

	* sysdeps/alpha/strncmp.S: Fix aligned short truncated compare
	corner condition.

	* sysdeps/alpha/memchr.S: Don't read ahead, even if the load
	did fit nicely into that delay slot (patch from David Mosberger-Tang).

Mon Dec  9 23:53:43 1996  Thomas Bushnell, n/BSG  <thomas@gnu.ai.mit.edu>

	* sysdeps/mach/hurd/ttyname_r.c (__ttyname_r): Renamed from
	`ttyname_r'.
	(ttyname_r): New alias.

	* stdio-common/printf_fp.c (__guess_grouping): Fix off by one
Diffstat (limited to 'nis/nss_compat')
-rw-r--r--nis/nss_compat/compat-grp.c421
-rw-r--r--nis/nss_compat/compat-pwd.c695
-rw-r--r--nis/nss_compat/compat-spwd.c612
3 files changed, 1728 insertions, 0 deletions
diff --git a/nis/nss_compat/compat-grp.c b/nis/nss_compat/compat-grp.c
new file mode 100644
index 0000000000..0b4ed40e59
--- /dev/null
+++ b/nis/nss_compat/compat-grp.c
@@ -0,0 +1,421 @@
+/* Copyright (C) 1996 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+   Contributed by Thorsten Kukuk <kukuk@vt.uni-paderborn.de>, 1996.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Library General Public License as
+   published by the Free Software Foundation; either version 2 of the
+   License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Library General Public License for more details.
+
+   You should have received a copy of the GNU Library General Public
+   License along with the GNU C Library; see the file COPYING.LIB.  If not,
+   write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+   Boston, MA 02111-1307, USA.  */
+
+#include <errno.h>
+#include <nss.h>
+#include <grp.h>
+#include <ctype.h>
+#include <libc-lock.h>
+#include <string.h>
+#include <rpcsvc/yp.h>
+#include <rpcsvc/ypclnt.h>
+
+/* Structure for remembering -@netgroup and -user members ... */
+#define BLACKLIST_INITIAL_SIZE 512
+#define BLACKLIST_INCREMENT 256
+struct blacklist_t
+  {
+    char *data;
+    int current;
+    int size;
+  };
+
+struct ent_t
+  {
+    bool_t nis;
+    bool_t nis_first;
+    char *oldkey;
+    int oldkeylen;
+    FILE *stream;
+    struct blacklist_t blacklist;
+  };
+typedef struct ent_t ent_t;
+
+static ent_t ext_ent = {0, 0, NULL, 0, NULL, {NULL, 0, 0}};
+
+/* Protect global state against multiple changers.  */
+__libc_lock_define_initialized (static, lock)
+
+/* Prototypes for local functions.  */
+static void blacklist_store_name (const char *, ent_t *);
+static int in_blacklist (const char *, int, ent_t *);
+
+static enum nss_status
+internal_setgrent (ent_t *ent)
+{
+  enum nss_status status = NSS_STATUS_SUCCESS;
+
+  ent->nis = ent->nis_first = 0;
+
+  if (ent->oldkey != NULL)
+    {
+      free (ent->oldkey);
+      ent->oldkey = NULL;
+      ent->oldkeylen = 0;
+    }
+
+  ent->blacklist.current = 0;
+  if (ent->blacklist.data != NULL)
+    ent->blacklist.data[0] = '\0';
+
+  if (ent->stream == NULL)
+    {
+      ent->stream = fopen ("/etc/group", "r");
+
+      if (ent->stream == NULL)
+	status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL;
+    }
+  else
+    rewind (ent->stream);
+
+  return status;
+}
+
+
+enum nss_status
+_nss_compat_setgrent (void)
+{
+  enum nss_status result;
+
+  __libc_lock_lock (lock);
+
+  result = internal_setgrent (&ext_ent);
+
+  __libc_lock_unlock (lock);
+
+  return result;
+}
+
+
+static enum nss_status
+internal_endgrent (ent_t *ent)
+{
+  if (ent->stream != NULL)
+    {
+      fclose (ent->stream);
+      ent->stream = NULL;
+    }
+
+  ent->nis = ent->nis_first = 0;
+
+  if (ent->oldkey != NULL)
+    {
+      free (ent->oldkey);
+      ent->oldkey = NULL;
+      ent->oldkeylen = 0;
+    }
+
+  ent->blacklist.current = 0;
+  if (ent->blacklist.data != NULL)
+    ent->blacklist.data[0] = '\0';
+
+  return NSS_STATUS_SUCCESS;
+}
+
+enum nss_status
+_nss_compat_endgrent (void)
+{
+  enum nss_status result;
+
+  __libc_lock_lock (lock);
+
+  result = internal_endgrent (&ext_ent);
+
+  __libc_lock_unlock (lock);
+
+  return result;
+}
+
+static enum nss_status
+getgrent_next_nis (struct group *result, ent_t *ent, char *buffer,
+		   size_t buflen)
+{
+  char *domain;
+  char *outkey, *outval;
+  int outkeylen, outvallen;
+  char *p;
+
+  if (yp_get_default_domain (&domain) != YPERR_SUCCESS)
+    {
+      ent->nis = 0;
+      return NSS_STATUS_NOTFOUND;
+    }
+
+  do
+    {
+      if (ent->nis_first)
+	{
+	  if (yp_first (domain, "group.byname", &outkey, &outkeylen,
+			&outval, &outvallen) != YPERR_SUCCESS)
+	    {
+	      ent->nis = 0;
+	      return NSS_STATUS_UNAVAIL;
+	    }
+
+	  ent->oldkey = outkey;
+	  ent->oldkeylen = outkeylen;
+	  ent->nis_first = FALSE;
+	}
+      else
+	{
+	  if (yp_next (domain, "group.byname", ent->oldkey, ent->oldkeylen,
+		       &outkey, &outkeylen, &outval, &outvallen)
+	      != YPERR_SUCCESS)
+	    {
+	      ent->nis = 0;
+	      return NSS_STATUS_NOTFOUND;
+	    }
+
+	  free (ent->oldkey);
+	  ent->oldkey = outkey;
+	  ent->oldkeylen = outkeylen;
+	}
+
+      /* Copy the found data to our buffer  */
+      p = strncpy (buffer, outval, buflen);
+
+      /* ...and free the data.  */
+      free (outval);
+
+      while (isspace (*p))
+	++p;
+    }
+  while (!_nss_files_parse_grent (p, result, buffer, buflen));
+
+  if (!in_blacklist (result->gr_name, strlen (result->gr_name), ent))
+    return NSS_STATUS_SUCCESS;
+  else
+    return NSS_STATUS_NOTFOUND;
+}
+
+
+static enum nss_status
+getgrent_next_file (struct group *result, ent_t *ent,
+		    char *buffer, size_t buflen)
+{
+  while (1)
+    {
+      char *p;
+
+      do
+	{
+	  p = fgets (buffer, buflen, ent->stream);
+	  if (p == NULL)
+	    return NSS_STATUS_NOTFOUND;
+
+	  /* Terminate the line for any case.  */
+	  buffer[buflen - 1] = '\0';
+
+	  /* Skip leading blanks.  */
+	  while (isspace (*p))
+	    ++p;
+	}
+      /* Ignore empty and comment lines.  */
+      while (*p == '\0' || *p == '#' ||
+      /* Parse the line.  If it is invalid, loop to
+         get the next line of the file to parse.  */
+	     !_nss_files_parse_grent (p, result, buffer, buflen));
+
+      if (result->gr_name[0] != '+' && result->gr_name[0] != '-')
+	/* This is a real entry.  */
+	break;
+
+      /* -group */
+      if (result->gr_name[0] == '-' && result->gr_name[1] != '\0'
+	  && result->gr_name[1] != '@')
+	{
+	  blacklist_store_name (&result->gr_name[1], ent);
+	  continue;
+	}
+
+      /* +group */
+      if (result->gr_name[0] == '+' && result->gr_name[1] != '\0'
+	  && result->gr_name[1] != '@')
+	{
+	  char *domain;
+	  char *outval;
+	  int outvallen;
+
+	  if (yp_get_default_domain (&domain) != YPERR_SUCCESS)
+	    /* XXX Should we regard this as an fatal error?  I don't
+	       think so.  Just continue working.  --drepper@gnu  */
+	    continue;
+
+	  if (yp_match (domain, "group.byname", &result->gr_name[1],
+			strlen (result->gr_name) - 1, &outval, &outvallen)
+	      != YPERR_SUCCESS)
+	    continue;
+
+	  p = strncpy (buffer, outval, buflen);
+	  while (isspace (*p))
+	    p++;
+	  free (outval);
+	  if (_nss_files_parse_grent (p, result, buffer, buflen))
+	    /* We found the entry.  */
+	    break;
+	}
+
+      /* +:... */
+      if (result->gr_name[0] == '+' && result->gr_name[1] == '\0')
+	{
+	  ent->nis = TRUE;
+	  ent->nis_first = TRUE;
+
+	  return getgrent_next_nis (result, ent, buffer, buflen);
+	}
+    }
+
+  return NSS_STATUS_SUCCESS;
+}
+
+
+static enum nss_status
+internal_getgrent_r (struct group *gr, ent_t *ent, char *buffer,
+		     size_t buflen)
+{
+  if (ent->nis)
+    return getgrent_next_nis (gr, ent, buffer, buflen);
+  else
+    return getgrent_next_file (gr, ent, buffer, buflen);
+}
+
+enum nss_status
+_nss_compat_getgrent_r (struct group *grp, char *buffer, size_t buflen)
+{
+  enum nss_status status = NSS_STATUS_SUCCESS;
+
+  __libc_lock_lock (lock);
+
+  /* Be prepared that the setgrent function was not called before.  */
+  if (ext_ent.stream == NULL)
+    status = internal_setgrent (&ext_ent);
+
+  if (status == NSS_STATUS_SUCCESS)
+    status = internal_getgrent_r (grp, &ext_ent, buffer, buflen);
+
+  __libc_lock_unlock (lock);
+
+  return status;
+}
+
+
+enum nss_status
+_nss_compat_getgrnam_r (const char *name, struct group *grp,
+			char *buffer, size_t buflen)
+{
+  ent_t ent = {0, 0, NULL, 0, NULL, {NULL, 0, 0}};
+  enum nss_status status;
+
+  if (name[0] == '-' || name[0] == '+')
+    return NSS_STATUS_NOTFOUND;
+
+
+  status = internal_setgrent (&ent);
+  if (status != NSS_STATUS_SUCCESS)
+    return status;
+
+  while ((status = internal_getgrent_r (grp, &ent, buffer, buflen))
+	 == NSS_STATUS_SUCCESS)
+    if (strcmp (grp->gr_name, name) == 0)
+      break;
+
+  internal_endgrent (&ent);
+  return status;
+}
+
+
+enum nss_status
+_nss_compat_getgrgid_r (gid_t gid, struct group *grp,
+			char *buffer, size_t buflen)
+{
+  ent_t ent = {0, 0, NULL, 0, NULL, {NULL, 0, 0}};
+  enum nss_status status;
+
+  status = internal_setgrent (&ent);
+  if (status != NSS_STATUS_SUCCESS)
+    return status;
+
+  while ((status = internal_getgrent_r (grp, &ent, buffer, buflen))
+	 == NSS_STATUS_SUCCESS)
+    if (grp->gr_gid == gid && grp->gr_name[0] != '+' && grp->gr_name[0] != '-')
+      break;
+
+  internal_endgrent (&ent);
+  return status;
+}
+
+
+/* Support routines for remembering -@netgroup and -user entries.
+   The names are stored in a single string with `|' as separator. */
+static void
+blacklist_store_name (const char *name, ent_t *ent)
+{
+  int namelen = strlen (name);
+  char *tmp;
+
+  /* first call, setup cache */
+  if (ent->blacklist.size == 0)
+    {
+      ent->blacklist.size = MAX (BLACKLIST_INITIAL_SIZE, 2 * namelen);
+      ent->blacklist.data = malloc (ent->blacklist.size);
+      if (ent->blacklist.data == NULL)
+	return;
+      ent->blacklist.data[0] = '|';
+      ent->blacklist.data[1] = '\0';
+      ent->blacklist.current = 1;
+    }
+  else
+    {
+      if (in_blacklist (name, namelen, ent))
+	return;			/* no duplicates */
+
+      if (ent->blacklist.current + namelen + 1 >= ent->blacklist.size)
+	{
+	  ent->blacklist.size += MAX (BLACKLIST_INCREMENT, 2 * namelen);
+	  tmp = realloc (ent->blacklist.data, ent->blacklist.size);
+	  if (tmp == NULL)
+	    {
+	      free (ent->blacklist.data);
+	      ent->blacklist.size = 0;
+	      return;
+	    }
+	  ent->blacklist.data = tmp;
+	}
+    }
+
+  tmp = stpcpy (ent->blacklist.data + ent->blacklist.current, name);
+  *tmp++ = '|';
+  *tmp = '\0';
+  ent->blacklist.current += namelen + 1;
+
+  return;
+}
+
+/* returns TRUE if ent->blacklist contains name, else FALSE */
+static bool_t
+in_blacklist (const char *name, int namelen, ent_t *ent)
+{
+  char buf[namelen + 3];
+
+  if (ent->blacklist.data == NULL)
+    return FALSE;
+
+  stpcpy (stpcpy (stpcpy (buf, "|"), name), "|");
+  return strstr (ent->blacklist.data, buf) != NULL;
+}
diff --git a/nis/nss_compat/compat-pwd.c b/nis/nss_compat/compat-pwd.c
new file mode 100644
index 0000000000..503aafb51e
--- /dev/null
+++ b/nis/nss_compat/compat-pwd.c
@@ -0,0 +1,695 @@
+/* Copyright (C) 1996 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+   Contributed by Thorsten Kukuk <kukuk@vt.uni-paderborn.de>, 1996.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Library General Public License as
+   published by the Free Software Foundation; either version 2 of the
+   License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Library General Public License for more details.
+
+   You should have received a copy of the GNU Library General Public
+   License along with the GNU C Library; see the file COPYING.LIB.  If not,
+   write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+   Boston, MA 02111-1307, USA.  */
+
+#include <nss.h>
+#include <pwd.h>
+#include <errno.h>
+#include <ctype.h>
+#include <netdb.h>
+#include <string.h>
+#include <libc-lock.h>
+#include <rpcsvc/yp.h>
+#include <rpcsvc/ypclnt.h>
+
+#include "netgroup.h"
+
+/* Structure for remembering -@netgroup and -user members ... */
+#define BLACKLIST_INITIAL_SIZE 512
+#define BLACKLIST_INCREMENT 256
+struct blacklist_t
+  {
+    char *data;
+    int current;
+    int size;
+  };
+
+struct ent_t
+  {
+    bool_t netgroup;
+    bool_t nis;
+    bool_t first;
+    char *oldkey;
+    int oldkeylen;
+    FILE *stream;
+    struct blacklist_t blacklist;
+    struct passwd pwd;
+    struct __netgrent netgrdata;
+  };
+typedef struct ent_t ent_t;
+
+static ent_t ext_ent = {0, 0, 0, NULL, 0, NULL, {NULL, 0, 0},
+			{NULL, NULL, 0, 0, NULL, NULL, NULL}};
+
+/* Protect global state against multiple changers.  */
+__libc_lock_define_initialized (static, lock)
+
+/* Prototypes for local functions.  */
+static void blacklist_store_name (const char *, ent_t *);
+static int in_blacklist (const char *, int, ent_t *);
+
+static void
+give_pwd_free (struct passwd *pwd)
+{
+  if (pwd->pw_name != NULL)
+    free (pwd->pw_name);
+  if (pwd->pw_passwd != NULL)
+    free (pwd->pw_passwd);
+  if (pwd->pw_gecos != NULL)
+    free (pwd->pw_gecos);
+  if (pwd->pw_dir != NULL)
+    free (pwd->pw_dir);
+  if (pwd->pw_shell != NULL)
+    free (pwd->pw_shell);
+
+  memset (pwd, '\0', sizeof (struct passwd));
+}
+
+static size_t
+pwd_need_buflen (struct passwd *pwd)
+{
+  size_t len = 0;
+
+  if (pwd->pw_passwd != NULL)
+    len += strlen (pwd->pw_passwd) + 1;
+
+  if (pwd->pw_gecos != NULL)
+    len += strlen (pwd->pw_gecos) + 1;
+
+  if (pwd->pw_dir != NULL)
+    len += strlen (pwd->pw_dir) + 1;
+
+  if (pwd->pw_shell != NULL)
+    len += strlen (pwd->pw_shell) + 1;
+
+  return len;
+}
+
+static void
+copy_pwd_changes (struct passwd *dest, struct passwd *src,
+		  char *buffer, size_t buflen)
+{
+  if (src->pw_passwd != NULL && strlen (src->pw_passwd))
+    {
+      if (buffer == NULL)
+	dest->pw_passwd = strdup (src->pw_passwd);
+      else if (dest->pw_passwd &&
+	       strlen (dest->pw_passwd) >= strlen (src->pw_passwd))
+	strcpy (dest->pw_passwd, src->pw_passwd);
+      else
+	{
+	  dest->pw_passwd = buffer;
+	  strcpy (dest->pw_passwd, src->pw_passwd);
+	  buffer += strlen (dest->pw_passwd) + 1;
+	  buflen = buflen - (strlen (dest->pw_passwd) + 1);
+	}
+    }
+
+  if (src->pw_gecos != NULL && strlen (src->pw_gecos))
+    {
+      if (buffer == NULL)
+	dest->pw_gecos = strdup (src->pw_gecos);
+      else if (dest->pw_gecos &&
+	       strlen (dest->pw_gecos) >= strlen (src->pw_gecos))
+	strcpy (dest->pw_gecos, src->pw_gecos);
+      else
+	{
+	  dest->pw_gecos = buffer;
+	  strcpy (dest->pw_gecos, src->pw_gecos);
+	  buffer += strlen (dest->pw_gecos) + 1;
+	  buflen = buflen - (strlen (dest->pw_gecos) + 1);
+	}
+    }
+  if (src->pw_dir != NULL && strlen (src->pw_dir))
+    {
+      if (buffer == NULL)
+	dest->pw_dir = strdup (src->pw_dir);
+      else if (dest->pw_dir &&
+	       strlen (dest->pw_dir) >= strlen (src->pw_dir))
+	strcpy (dest->pw_dir, src->pw_dir);
+      else
+	{
+	  dest->pw_dir = buffer;
+	  strcpy (dest->pw_dir, src->pw_dir);
+	  buffer += strlen (dest->pw_dir) + 1;
+	  buflen = buflen - (strlen (dest->pw_dir) + 1);
+	}
+    }
+
+  if (src->pw_shell != NULL && strlen (src->pw_shell))
+    {
+      if (buffer == NULL)
+	dest->pw_shell = strdup (src->pw_shell);
+      else if (dest->pw_shell &&
+	       strlen (dest->pw_shell) >= strlen (src->pw_shell))
+	strcpy (dest->pw_shell, src->pw_shell);
+      else
+	{
+	  dest->pw_shell = buffer;
+	  strcpy (dest->pw_shell, src->pw_shell);
+	  buffer += strlen (dest->pw_shell) + 1;
+	  buflen = buflen - (strlen (dest->pw_shell) + 1);
+	}
+    }
+}
+
+static enum nss_status
+internal_setpwent (ent_t *ent)
+{
+  enum nss_status status = NSS_STATUS_SUCCESS;
+
+  ent->nis = ent->first = ent->netgroup = 0;
+
+  /* If something was left over free it.  */
+  if (ent->netgroup)
+    __internal_endnetgrent (&ent->netgrdata);
+
+  if (ent->oldkey != NULL)
+    {
+      free (ent->oldkey);
+      ent->oldkey = NULL;
+      ent->oldkeylen = 0;
+    }
+
+  ent->blacklist.current = 0;
+  if (ent->blacklist.data != NULL)
+    ent->blacklist.data[0] = '\0';
+
+  if (ent->stream == NULL)
+    {
+      ent->stream = fopen ("/etc/passwd", "r");
+
+      if (ent->stream == NULL)
+	status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL;
+    }
+  else
+    rewind (ent->stream);
+
+  give_pwd_free (&ent->pwd);
+
+  return status;
+}
+
+
+enum nss_status
+_nss_compat_setpwent (void)
+{
+  enum nss_status result;
+
+  __libc_lock_lock (lock);
+
+  result = internal_setpwent (&ext_ent);
+
+  __libc_lock_unlock (lock);
+
+  return result;
+}
+
+
+static enum nss_status
+internal_endpwent (ent_t *ent)
+{
+  if (ent->stream != NULL)
+    {
+      fclose (ent->stream);
+      ent->stream = NULL;
+    }
+
+  ent->nis = ent->first = ent->netgroup = 0;
+
+  if (ent->oldkey != NULL)
+    {
+      free (ent->oldkey);
+      ent->oldkey = NULL;
+      ent->oldkeylen = 0;
+    }
+
+  ent->blacklist.current = 0;
+  if (ent->blacklist.data != NULL)
+    ent->blacklist.data[0] = '\0';
+
+  give_pwd_free (&ent->pwd);
+
+  return NSS_STATUS_SUCCESS;
+}
+
+enum nss_status
+_nss_compat_endpwent (void)
+{
+  enum nss_status result;
+
+  __libc_lock_lock (lock);
+
+  if (ext_ent.netgroup)
+    __internal_endnetgrent (&ext_ent.netgrdata);
+
+  result = internal_endpwent (&ext_ent);
+
+  __libc_lock_unlock (lock);
+
+  return result;
+}
+
+static enum nss_status
+getpwent_next_netgr (struct passwd *result, ent_t *ent, char *group,
+		     char *buffer, size_t buflen)
+{
+  char *ypdomain, *host, *user, *domain, *outval, *p, *p2;
+  int status, outvallen, p2len;
+
+  if (yp_get_default_domain (&ypdomain) != YPERR_SUCCESS)
+    {
+      ent->netgroup = 0;
+      ent->first = 0;
+      give_pwd_free (&ent->pwd);
+      return NSS_STATUS_UNAVAIL;
+    }
+
+  if (ent->first == TRUE)
+    {
+      bzero (&ent->netgrdata, sizeof (struct __netgrent));
+      __internal_setnetgrent (group, &ent->netgrdata);
+      ent->first = FALSE;
+    }
+
+  while (1)
+    {
+      status = __internal_getnetgrent (&host, &user, &domain, &ent->netgrdata,
+				       buffer, buflen);
+      if (status != 1)
+	{
+	  __internal_endnetgrent (&ent->netgrdata);
+	  ent->netgroup = 0;
+	  give_pwd_free (&ent->pwd);
+	  return NSS_STATUS_RETURN;
+	}
+
+      if (user == NULL || user[0] == '-')
+	continue;
+
+      if (domain != NULL && strcmp (ypdomain, domain) != 0)
+	continue;
+
+      if (yp_match (ypdomain, "passwd.byname", user,
+		    strlen (user), &outval, &outvallen)
+	  != YPERR_SUCCESS)
+	continue;
+
+      p2len = pwd_need_buflen (&ent->pwd);
+      if (p2len > buflen)
+	{
+	  __set_errno (ERANGE);
+	  return NSS_STATUS_TRYAGAIN;
+	}
+      p2 = buffer + (buflen - p2len);
+      buflen -= p2len;
+      p = strncpy (buffer, outval, buflen);
+      while (isspace (*p))
+	p++;
+      free (outval);
+      if (_nss_files_parse_pwent (p, result, buffer, buflen))
+	{
+	  copy_pwd_changes (result, &ent->pwd, p2, p2len);
+	  break;
+	}
+    }
+
+  return NSS_STATUS_SUCCESS;
+}
+
+static enum nss_status
+getpwent_next_nis (struct passwd *result, ent_t *ent, char *buffer,
+		   size_t buflen)
+{
+  char *domain, *outkey, *outval, *p, *p2;
+  int outkeylen, outvallen, p2len;
+
+  if (yp_get_default_domain (&domain) != YPERR_SUCCESS)
+    {
+      ent->nis = 0;
+      give_pwd_free (&ent->pwd);
+      return NSS_STATUS_UNAVAIL;
+    }
+
+  p2len = pwd_need_buflen (&ent->pwd);
+  if (p2len > buflen)
+    {
+      __set_errno (ERANGE);
+      return NSS_STATUS_TRYAGAIN;
+    }
+  p2 = buffer + (buflen - p2len);
+  buflen -= p2len;
+  do
+    {
+      if (ent->first)
+	{
+	  if (yp_first (domain, "passwd.byname", &outkey, &outkeylen,
+			&outval, &outvallen) != YPERR_SUCCESS)
+	    {
+	      ent->nis = 0;
+	      give_pwd_free (&ent->pwd);
+	      return NSS_STATUS_UNAVAIL;
+	    }
+
+	  ent->oldkey = outkey;
+	  ent->oldkeylen = outkeylen;
+	  ent->first = FALSE;
+	}
+      else
+	{
+	  if (yp_next (domain, "passwd.byname", ent->oldkey, ent->oldkeylen,
+		       &outkey, &outkeylen, &outval, &outvallen)
+	      != YPERR_SUCCESS)
+	    {
+	      ent->nis = 0;
+	      give_pwd_free (&ent->pwd);
+	      return NSS_STATUS_NOTFOUND;
+	    }
+
+	  free (ent->oldkey);
+	  ent->oldkey = outkey;
+	  ent->oldkeylen = outkeylen;
+	}
+
+      /* Copy the found data to our buffer  */
+      p = strncpy (buffer, outval, buflen);
+
+      /* ...and free the data.  */
+      free (outval);
+
+      while (isspace (*p))
+	++p;
+    }
+  while (!_nss_files_parse_pwent (p, result, buffer, buflen));
+
+  copy_pwd_changes (result, &ent->pwd, p2, p2len);
+
+  if (!in_blacklist (result->pw_name, strlen (result->pw_name), ent))
+    return NSS_STATUS_SUCCESS;
+  else
+    return NSS_STATUS_NOTFOUND;
+}
+
+
+static enum nss_status
+getpwent_next_file (struct passwd *result, ent_t *ent,
+		    char *buffer, size_t buflen)
+{
+  while (1)
+    {
+      char *p, *p2;
+      int p2len;
+
+      do
+	{
+	  p = fgets (buffer, buflen, ent->stream);
+	  if (p == NULL)
+	    return NSS_STATUS_NOTFOUND;
+
+	  /* Terminate the line for any case.  */
+	  buffer[buflen - 1] = '\0';
+
+	  /* Skip leading blanks.  */
+	  while (isspace (*p))
+	    ++p;
+	}
+      while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines.  */
+      /* Parse the line.  If it is invalid, loop to
+         get the next line of the file to parse.  */
+	     !_nss_files_parse_pwent (p, result, buffer, buflen));
+
+      if (result->pw_name[0] != '+' && result->pw_name[0] != '-')
+	/* This is a real entry.  */
+	break;
+
+      /* -@netgroup */
+      if (result->pw_name[0] == '-' && result->pw_name[1] == '@'
+	  && result->pw_name[2] != '\0')
+	{
+	  char *user, *host, *domain;
+
+	  setnetgrent (&result->pw_name[2]);
+	  while (getnetgrent (&host, &user, &domain))
+	    {
+	      if (user != NULL && user[0] != '-')
+		blacklist_store_name (user, ent);
+	    }
+	  endnetgrent ();
+	  continue;
+	}
+
+      /* +@netgroup */
+      if (result->pw_name[0] == '+' && result->pw_name[1] == '@'
+	  && result->pw_name[2] != '\0')
+	{
+	  int status;
+
+	  ent->netgroup = TRUE;
+	  ent->first = TRUE;
+	  copy_pwd_changes (&ent->pwd, result, NULL, 0);
+
+	  status = getpwent_next_netgr (result, ent, &result->pw_name[2],
+					buffer, buflen);
+	  if (status == NSS_STATUS_RETURN)
+	    continue;
+	  else
+	    return status;
+	}
+
+      /* -user */
+      if (result->pw_name[0] == '-' && result->pw_name[1] != '\0'
+	  && result->pw_name[1] != '@')
+	{
+	  blacklist_store_name (&result->pw_name[1], ent);
+	  continue;
+	}
+
+      /* +user */
+      if (result->pw_name[0] == '+' && result->pw_name[1] != '\0'
+	  && result->pw_name[1] != '@')
+	{
+	  char *domain;
+	  char *outval;
+	  int outvallen;
+	  struct passwd pwd;
+
+	  memset (&pwd, '\0', sizeof (struct passwd));
+
+	  if (yp_get_default_domain (&domain) != YPERR_SUCCESS)
+	    /* XXX Should we regard this as an fatal error?  I don't
+	       think so.  Just continue working.  --drepper@gnu  */
+	    continue;
+
+	  if (yp_match (domain, "passwd.byname", &result->pw_name[1],
+			strlen (result->pw_name) - 1, &outval, &outvallen)
+	      != YPERR_SUCCESS)
+	    continue;
+
+	  copy_pwd_changes (&pwd, result, NULL, 0);
+
+	  p2len = pwd_need_buflen (&pwd);
+	  if (p2len > buflen)
+	    {
+	      __set_errno (ERANGE);
+	      return NSS_STATUS_TRYAGAIN;
+	    }
+	  p2 = buffer + (buflen - p2len);
+	  buflen -= p2len;
+	  p = strncpy (buffer, outval, buflen);
+	  while (isspace (*p))
+	    p++;
+	  free (outval);
+	  if (_nss_files_parse_pwent (p, result, buffer, buflen))
+	    {
+	      copy_pwd_changes (result, &pwd, p2, p2len);
+	      give_pwd_free (&pwd);
+	      /* We found the entry.  */
+	      break;
+	    }
+	  else
+	    {
+	      /* Give buffer the old len back */
+	      buflen += p2len;
+	      give_pwd_free (&pwd);
+	    }
+	}
+
+      /* +:... */
+      if (result->pw_name[0] == '+' && result->pw_name[1] == '\0')
+	{
+	  ent->nis = TRUE;
+	  ent->first = TRUE;
+	  copy_pwd_changes (&ent->pwd, result, NULL, 0);
+
+	  return getpwent_next_nis (result, ent, buffer, buflen);
+	}
+    }
+
+  return NSS_STATUS_SUCCESS;
+}
+
+
+static enum nss_status
+internal_getpwent_r (struct passwd *pw, ent_t *ent, char *buffer,
+		     size_t buflen)
+{
+  if (ent->netgroup)
+    {
+      int status;
+
+      /* We are searching members in a netgroup */
+      /* Since this is not the first call, we don't need the group name */
+      status = getpwent_next_netgr (pw, ent, NULL, buffer, buflen);
+      if (status == NSS_STATUS_RETURN)
+	return getpwent_next_file (pw, ent, buffer, buflen);
+      else
+	return status;
+    }
+  else if (ent->nis)
+    return getpwent_next_nis (pw, ent, buffer, buflen);
+  else
+    return getpwent_next_file (pw, ent, buffer, buflen);
+}
+
+enum nss_status
+_nss_compat_getpwent_r (struct passwd *pwd, char *buffer,
+			size_t buflen)
+{
+  enum nss_status status = NSS_STATUS_SUCCESS;
+
+  __libc_lock_lock (lock);
+
+  /* Be prepared that the setpwent function was not called before.  */
+  if (ext_ent.stream == NULL)
+    status = internal_setpwent (&ext_ent);
+
+  if (status == NSS_STATUS_SUCCESS)
+    status = internal_getpwent_r (pwd, &ext_ent, buffer, buflen);
+
+  __libc_lock_unlock (lock);
+
+  return status;
+}
+
+
+enum nss_status
+_nss_compat_getpwnam_r (const char *name, struct passwd *pwd,
+			char *buffer, size_t buflen)
+{
+  ent_t ent = {0, 0, 0, NULL, 0, NULL, {NULL, 0, 0},
+	       {NULL, NULL, 0, 0, NULL, NULL, NULL}};
+  enum nss_status status;
+
+  if (name[0] == '-' || name[0] == '+')
+    return NSS_STATUS_NOTFOUND;
+
+
+  status = internal_setpwent (&ent);
+  if (status != NSS_STATUS_SUCCESS)
+    return status;
+
+  while ((status = internal_getpwent_r (pwd, &ent, buffer, buflen))
+	 == NSS_STATUS_SUCCESS)
+    if (strcmp (pwd->pw_name, name) == 0)
+      break;
+
+  internal_endpwent (&ent);
+  return status;
+}
+
+
+enum nss_status
+_nss_compat_getpwuid_r (uid_t uid, struct passwd *pwd,
+			char *buffer, size_t buflen)
+{
+  ent_t ent = {0, 0, 0, NULL, 0, NULL, {NULL, 0, 0},
+	       {NULL, NULL, 0, 0, NULL, NULL, NULL}};
+  enum nss_status status;
+
+  status = internal_setpwent (&ent);
+  if (status != NSS_STATUS_SUCCESS)
+    return status;
+
+  while ((status = internal_getpwent_r (pwd, &ent, buffer, buflen))
+	 == NSS_STATUS_SUCCESS)
+    if (pwd->pw_uid == uid && pwd->pw_name[0] != '+' && pwd->pw_name[0] != '-')
+      break;
+
+  internal_endpwent (&ent);
+  return status;
+}
+
+
+/* Support routines for remembering -@netgroup and -user entries.
+   The names are stored in a single string with `|' as separator. */
+static void
+blacklist_store_name (const char *name, ent_t *ent)
+{
+  int namelen = strlen (name);
+  char *tmp;
+
+  /* first call, setup cache */
+  if (ent->blacklist.size == 0)
+    {
+      ent->blacklist.size = MAX (BLACKLIST_INITIAL_SIZE, 2 * namelen);
+      ent->blacklist.data = malloc (ent->blacklist.size);
+      if (ent->blacklist.data == NULL)
+	return;
+      ent->blacklist.data[0] = '|';
+      ent->blacklist.data[1] = '\0';
+      ent->blacklist.current = 1;
+    }
+  else
+    {
+      if (in_blacklist (name, namelen, ent))
+	return;			/* no duplicates */
+
+      if (ent->blacklist.current + namelen + 1 >= ent->blacklist.size)
+	{
+	  ent->blacklist.size += MAX (BLACKLIST_INCREMENT, 2 * namelen);
+	  tmp = realloc (ent->blacklist.data, ent->blacklist.size);
+	  if (tmp == NULL)
+	    {
+	      free (ent->blacklist.data);
+	      ent->blacklist.size = 0;
+	      return;
+	    }
+	  ent->blacklist.data = tmp;
+	}
+    }
+
+  tmp = stpcpy (ent->blacklist.data + ent->blacklist.current, name);
+  *tmp++ = '|';
+  *tmp = '\0';
+  ent->blacklist.current += namelen + 1;
+
+  return;
+}
+
+/* returns TRUE if ent->blacklist contains name, else FALSE */
+static bool_t
+in_blacklist (const char *name, int namelen, ent_t *ent)
+{
+  char buf[namelen + 3];
+
+  if (ent->blacklist.data == NULL)
+    return FALSE;
+
+  stpcpy (stpcpy (stpcpy (buf, "|"), name), "|");
+  return strstr (ent->blacklist.data, buf) != NULL;
+}
diff --git a/nis/nss_compat/compat-spwd.c b/nis/nss_compat/compat-spwd.c
new file mode 100644
index 0000000000..ba73b1846f
--- /dev/null
+++ b/nis/nss_compat/compat-spwd.c
@@ -0,0 +1,612 @@
+/* Copyright (C) 1996 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+   Contributed by Thorsten Kukuk <kukuk@vt.uni-paderborn.de>, 1996.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Library General Public License as
+   published by the Free Software Foundation; either version 2 of the
+   License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Library General Public License for more details.
+
+   You should have received a copy of the GNU Library General Public
+   License along with the GNU C Library; see the file COPYING.LIB.  If not,
+   write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+   Boston, MA 02111-1307, USA.  */
+
+#include <nss.h>
+#include <errno.h>
+#include <ctype.h>
+#include <netdb.h>
+#include <shadow.h>
+#include <string.h>
+#include <libc-lock.h>
+#include <rpcsvc/yp.h>
+#include <rpcsvc/ypclnt.h>
+
+/* Structure for remembering -@netgroup and -user members ... */
+#define BLACKLIST_INITIAL_SIZE 512
+#define BLACKLIST_INCREMENT 256
+struct blacklist_t
+  {
+    char *data;
+    int current;
+    int size;
+  };
+
+struct ent_t
+  {
+    bool_t netgroup;
+    bool_t nis;
+    bool_t first;
+    char *oldkey;
+    int oldkeylen;
+    FILE *stream;
+    struct blacklist_t blacklist;
+    struct spwd pwd;
+  };
+typedef struct ent_t ent_t;
+
+static ent_t ext_ent = {0, 0, 0, NULL, 0, NULL,	{NULL, 0, 0},
+			{NULL, NULL, 0, 0, 0, 0, 0, 0, 0}};
+
+/* Protect global state against multiple changers.  */
+__libc_lock_define_initialized (static, lock)
+
+/* Prototypes for local functions.  */
+static void blacklist_store_name (const char *, ent_t *);
+static int in_blacklist (const char *, int, ent_t *);
+
+static void
+give_spwd_free (struct spwd *pwd)
+{
+  if (pwd->sp_namp != NULL)
+    free (pwd->sp_namp);
+  if (pwd->sp_pwdp != NULL)
+    free (pwd->sp_pwdp);
+
+  memset (pwd, '\0', sizeof (struct spwd));
+}
+
+static int
+spwd_need_buflen (struct spwd *pwd)
+{
+  int len = 0;
+
+  if (pwd->sp_pwdp != NULL)
+    len += strlen (pwd->sp_pwdp) + 1;
+
+  return len;
+}
+
+static void
+copy_spwd_changes (struct spwd *dest, struct spwd *src,
+		   char *buffer, size_t buflen)
+{
+  if (src->sp_pwdp != NULL && strlen (src->sp_pwdp))
+    {
+      if (buffer == NULL)
+	dest->sp_pwdp = strdup (src->sp_pwdp);
+      else if (dest->sp_pwdp &&
+	       strlen (dest->sp_pwdp) >= strlen (src->sp_pwdp))
+	strcpy (dest->sp_pwdp, src->sp_pwdp);
+      else
+	{
+	  dest->sp_pwdp = buffer;
+	  strcpy (dest->sp_pwdp, src->sp_pwdp);
+	  buffer += strlen (dest->sp_pwdp) + 1;
+	  buflen = buflen - (strlen (dest->sp_pwdp) + 1);
+	}
+    }
+  if (src->sp_lstchg != 0)
+    dest->sp_lstchg = src->sp_lstchg;
+  if (src->sp_min != 0)
+    dest->sp_min = src->sp_min;
+  if (src->sp_max != 0)
+    dest->sp_max = src->sp_max;
+  if (src->sp_warn != 0)
+    dest->sp_warn = src->sp_warn;
+  if (src->sp_inact != 0)
+    dest->sp_inact = src->sp_inact;
+  if (src->sp_expire != 0)
+    dest->sp_expire = src->sp_expire;
+  if (src->sp_flag != 0)
+    dest->sp_flag = src->sp_flag;
+}
+
+static enum nss_status
+internal_setspent (ent_t *ent)
+{
+  enum nss_status status = NSS_STATUS_SUCCESS;
+
+  ent->nis = ent->first = ent->netgroup = 0;
+
+  if (ent->oldkey != NULL)
+    {
+      free (ent->oldkey);
+      ent->oldkey = NULL;
+      ent->oldkeylen = 0;
+    }
+
+  ent->blacklist.current = 0;
+  if (ent->blacklist.data != NULL)
+    ent->blacklist.data[0] = '\0';
+
+  if (ent->stream == NULL)
+    {
+      ent->stream = fopen ("/etc/shadow", "r");
+
+      if (ent->stream == NULL)
+	status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL;
+    }
+  else
+    rewind (ent->stream);
+
+  give_spwd_free (&ent->pwd);
+
+  return status;
+}
+
+
+enum nss_status
+_nss_compat_setspent (void)
+{
+  enum nss_status result;
+
+  __libc_lock_lock (lock);
+
+  result = internal_setspent (&ext_ent);
+
+  __libc_lock_unlock (lock);
+
+  return result;
+}
+
+
+static enum nss_status
+internal_endspent (ent_t *ent)
+{
+  if (ent->stream != NULL)
+    {
+      fclose (ent->stream);
+      ent->stream = NULL;
+    }
+
+  ent->nis = ent->first = ent->netgroup = 0;
+
+  if (ent->oldkey != NULL)
+    {
+      free (ent->oldkey);
+      ent->oldkey = NULL;
+      ent->oldkeylen = 0;
+    }
+
+  ent->blacklist.current = 0;
+  if (ent->blacklist.data != NULL)
+    ent->blacklist.data[0] = '\0';
+
+  give_spwd_free (&ent->pwd);
+
+  return NSS_STATUS_SUCCESS;
+}
+
+enum nss_status
+_nss_compat_endspent (void)
+{
+  enum nss_status result;
+
+  __libc_lock_lock (lock);
+
+  result = internal_endspent (&ext_ent);
+
+  __libc_lock_unlock (lock);
+
+  return result;
+}
+
+
+static enum nss_status
+getspent_next_netgr (struct spwd *result, ent_t *ent, char *group,
+		     char *buffer, size_t buflen)
+{
+  char *ypdomain, *host, *user, *domain, *outval, *p, *p2;
+  int status, outvallen;
+  size_t p2len;
+
+  if (yp_get_default_domain (&ypdomain) != YPERR_SUCCESS)
+    {
+      ent->netgroup = 0;
+      ent->first = 0;
+      give_spwd_free (&ent->pwd);
+      return NSS_STATUS_UNAVAIL;
+    }
+
+  if (ent->first == TRUE)
+    {
+      setnetgrent (group);
+      ent->first = FALSE;
+    }
+
+  while (1)
+    {
+      if ((status = getnetgrent (&host, &user, &domain)) != 1)
+	{
+	  endnetgrent ();
+	  ent->netgroup = 0;
+	  give_spwd_free (&ent->pwd);
+	  return NSS_STATUS_RETURN;
+	}
+
+      if (user == NULL || user[0] == '-')
+	continue;
+
+      if (domain != NULL && strcmp (ypdomain, domain) != 0)
+	continue;
+
+      if (yp_match (ypdomain, "shadow.byname", user,
+		    strlen (user), &outval, &outvallen)
+	  != YPERR_SUCCESS)
+	continue;
+
+      p2len = spwd_need_buflen (&ent->pwd);
+      if (p2len > buflen)
+	{
+	  __set_errno (ERANGE);
+	  return NSS_STATUS_TRYAGAIN;
+	}
+      p2 = buffer + (buflen - p2len);
+      buflen -= p2len;
+      p = strncpy (buffer, outval, buflen);
+      while (isspace (*p))
+	p++;
+      free (outval);
+      if (_nss_files_parse_spent (p, result, buffer, buflen))
+	{
+	  copy_spwd_changes (result, &ent->pwd, p2, p2len);
+	  break;
+	}
+    }
+
+  return NSS_STATUS_SUCCESS;
+}
+
+static enum nss_status
+getspent_next_nis (struct spwd *result, ent_t *ent,
+		   char *buffer, size_t buflen)
+{
+  char *domain, *outkey, *outval, *p, *p2;
+  int outkeylen, outvallen;
+  size_t p2len;
+
+  if (yp_get_default_domain (&domain) != YPERR_SUCCESS)
+    {
+      ent->nis = 0;
+      give_spwd_free (&ent->pwd);
+      return NSS_STATUS_UNAVAIL;
+    }
+
+  p2len = spwd_need_buflen (&ent->pwd);
+  if (p2len > buflen)
+    {
+      __set_errno (ERANGE);
+      return NSS_STATUS_TRYAGAIN;
+    }
+  p2 = buffer + (buflen - p2len);
+  buflen -= p2len;
+  do
+    {
+      if (ent->first)
+	{
+	  if (yp_first (domain, "shadow.byname", &outkey, &outkeylen,
+			&outval, &outvallen) != YPERR_SUCCESS)
+	    {
+	      ent->nis = 0;
+	      give_spwd_free (&ent->pwd);
+	      return NSS_STATUS_UNAVAIL;
+	    }
+
+	  ent->oldkey = outkey;
+	  ent->oldkeylen = outkeylen;
+	  ent->first = FALSE;
+	}
+      else
+	{
+	  if (yp_next (domain, "shadow.byname", ent->oldkey, ent->oldkeylen,
+		       &outkey, &outkeylen, &outval, &outvallen)
+	      != YPERR_SUCCESS)
+	    {
+	      ent->nis = 0;
+	      give_spwd_free (&ent->pwd);
+	      return NSS_STATUS_NOTFOUND;
+	    }
+
+	  free (ent->oldkey);
+	  ent->oldkey = outkey;
+	  ent->oldkeylen = outkeylen;
+	}
+
+      /* Copy the found data to our buffer  */
+      p = strncpy (buffer, outval, buflen);
+
+      /* ...and free the data.  */
+      free (outval);
+
+      while (isspace (*p))
+	++p;
+    }
+  while (!_nss_files_parse_spent (p, result, buffer, buflen));
+
+  copy_spwd_changes (result, &ent->pwd, p2, p2len);
+
+  if (!in_blacklist (result->sp_namp, strlen (result->sp_namp), ent))
+    return NSS_STATUS_SUCCESS;
+  else
+    return NSS_STATUS_NOTFOUND;
+}
+
+
+static enum nss_status
+getspent_next_file (struct spwd *result, ent_t *ent,
+		    char *buffer, size_t buflen)
+{
+  while (1)
+    {
+      char *p, *p2;
+      size_t p2len;
+
+      do
+	{
+	  p = fgets (buffer, buflen, ent->stream);
+	  if (p == NULL)
+	    return NSS_STATUS_NOTFOUND;
+
+	  /* Terminate the line for any case.  */
+	  buffer[buflen - 1] = '\0';
+
+	  /* Skip leading blanks.  */
+	  while (isspace (*p))
+	    ++p;
+	}
+      while (*p == '\0' || *p == '#' ||		/* Ignore empty and comment lines.  */
+      /* Parse the line.  If it is invalid, loop to
+         get the next line of the file to parse.  */
+	     !_nss_files_parse_spent (p, result, buffer, buflen));
+
+      if (result->sp_namp[0] != '+' && result->sp_namp[0] != '-')
+	/* This is a real entry.  */
+	break;
+
+      /* -@netgroup */
+      if (result->sp_namp[0] == '-' && result->sp_namp[1] == '@'
+	  && result->sp_namp[2] != '\0')
+	{
+	  char *user, *host, *domain;
+
+	  setnetgrent (&result->sp_namp[2]);
+	  while (getnetgrent (&host, &user, &domain))
+	    {
+	      if (user != NULL && user[0] != '-')
+		blacklist_store_name (user, ent);
+	    }
+	  endnetgrent ();
+	  continue;
+	}
+
+      /* +@netgroup */
+      if (result->sp_namp[0] == '+' && result->sp_namp[1] == '@'
+	  && result->sp_namp[2] != '\0')
+	{
+	  int status;
+
+	  ent->netgroup = TRUE;
+	  ent->first = TRUE;
+	  copy_spwd_changes (&ent->pwd, result, NULL, 0);
+
+	  status = getspent_next_netgr (result, ent, &result->sp_namp[2],
+					buffer, buflen);
+	  if (status == NSS_STATUS_RETURN)
+	    continue;
+	  else
+	    return status;
+	}
+
+      /* -user */
+      if (result->sp_namp[0] == '-' && result->sp_namp[1] != '\0'
+	  && result->sp_namp[1] != '@')
+	{
+	  blacklist_store_name (&result->sp_namp[1], ent);
+	  continue;
+	}
+
+      /* +user */
+      if (result->sp_namp[0] == '+' && result->sp_namp[1] != '\0'
+	  && result->sp_namp[1] != '@')
+	{
+	  char *domain;
+	  char *outval;
+	  int outvallen;
+	  struct spwd pwd;
+
+	  memset (&pwd, '\0', sizeof (struct spwd));
+
+	  if (yp_get_default_domain (&domain) != YPERR_SUCCESS)
+	    /* XXX Should we regard this as an fatal error?  I don't
+	       think so.  Just continue working.  --drepper@gnu  */
+	    continue;
+
+	  if (yp_match (domain, "shadow.byname", &result->sp_namp[1],
+			strlen (result->sp_namp) - 1, &outval, &outvallen)
+	      != YPERR_SUCCESS)
+	    continue;
+
+	  copy_spwd_changes (&pwd, result, NULL, 0);
+
+	  p2len = spwd_need_buflen (&pwd);
+	  if (p2len > buflen)
+	    {
+	      __set_errno (ERANGE);
+	      return NSS_STATUS_TRYAGAIN;
+	    }
+	  p2 = buffer + (buflen - p2len);
+	  buflen -= p2len;
+	  p = strncpy (buffer, outval, buflen);
+	  while (isspace (*p))
+	    p++;
+	  free (outval);
+	  if (_nss_files_parse_spent (p, result, buffer, buflen))
+	    {
+	      copy_spwd_changes (result, &pwd, p2, p2len);
+	      give_spwd_free (&pwd);
+	      /* We found the entry.  */
+	      break;
+	    }
+	  else
+	    {
+	      /* Give buffer the old len back */
+	      buflen += p2len;
+	      give_spwd_free (&pwd);
+	    }
+	}
+
+      /* +:... */
+      if (result->sp_namp[0] == '+' && result->sp_namp[1] == '\0')
+	{
+	  ent->nis = TRUE;
+	  ent->first = TRUE;
+	  copy_spwd_changes (&ent->pwd, result, NULL, 0);
+
+	  return getspent_next_nis (result, ent, buffer, buflen);
+	}
+    }
+
+  return NSS_STATUS_SUCCESS;
+}
+
+
+static enum nss_status
+internal_getspent_r (struct spwd *pw, ent_t *ent,
+		     char *buffer, size_t buflen)
+{
+  if (ent->netgroup)
+    {
+      int status;
+
+      /* We are searching members in a netgroup */
+      /* Since this is not the first call, we don't need the group name */
+      status = getspent_next_netgr (pw, ent, NULL, buffer, buflen);
+      if (status == NSS_STATUS_RETURN)
+	return getspent_next_file (pw, ent, buffer, buflen);
+      else
+	return status;
+    }
+  else if (ent->nis)
+    return getspent_next_nis (pw, ent, buffer, buflen);
+  else
+    return getspent_next_file (pw, ent, buffer, buflen);
+}
+
+enum nss_status
+_nss_compat_getspent_r (struct spwd *pwd, char *buffer, size_t buflen)
+{
+  enum nss_status status = NSS_STATUS_SUCCESS;
+
+  __libc_lock_lock (lock);
+
+  /* Be prepared that the setspent function was not called before.  */
+  if (ext_ent.stream == NULL)
+    status = internal_setspent (&ext_ent);
+
+  if (status == NSS_STATUS_SUCCESS)
+    status = internal_getspent_r (pwd, &ext_ent, buffer, buflen);
+
+  __libc_lock_unlock (lock);
+
+  return status;
+}
+
+
+enum nss_status
+_nss_compat_getspnam_r (const char *name, struct spwd *pwd,
+			char *buffer, size_t buflen)
+{
+  ent_t ent = {0, 0, 0, NULL, 0, NULL, {NULL, 0, 0},
+	       {NULL, NULL, 0, 0, 0, 0, 0, 0, 0}};
+  enum nss_status status;
+
+  if (name[0] == '-' || name[0] == '+')
+    return NSS_STATUS_NOTFOUND;
+
+  status = internal_setspent (&ent);
+  if (status != NSS_STATUS_SUCCESS)
+    return status;
+
+  while ((status = internal_getspent_r (pwd, &ent, buffer, buflen))
+	 == NSS_STATUS_SUCCESS)
+    if (strcmp (pwd->sp_namp, name) == 0)
+      break;
+
+  internal_endspent (&ent);
+  return status;
+}
+
+/* Support routines for remembering -@netgroup and -user entries.
+   The names are stored in a single string with `|' as separator. */
+static void
+blacklist_store_name (const char *name, ent_t *ent)
+{
+  int namelen = strlen (name);
+  char *tmp;
+
+  /* first call, setup cache */
+  if (ent->blacklist.size == 0)
+    {
+      ent->blacklist.size = MAX (BLACKLIST_INITIAL_SIZE, 2 * namelen);
+      ent->blacklist.data = malloc (ent->blacklist.size);
+      if (ent->blacklist.data == NULL)
+	return;
+      ent->blacklist.data[0] = '|';
+      ent->blacklist.data[1] = '\0';
+      ent->blacklist.current = 1;
+    }
+  else
+    {
+      if (in_blacklist (name, namelen, ent))
+	return;			/* no duplicates */
+
+      if (ent->blacklist.current + namelen + 1 >= ent->blacklist.size)
+	{
+	  ent->blacklist.size += MAX (BLACKLIST_INCREMENT, 2 * namelen);
+	  tmp = realloc (ent->blacklist.data, ent->blacklist.size);
+	  if (tmp == NULL)
+	    {
+	      free (ent->blacklist.data);
+	      ent->blacklist.size = 0;
+	      return;
+	    }
+	  ent->blacklist.data = tmp;
+	}
+    }
+
+  tmp = stpcpy (ent->blacklist.data + ent->blacklist.current, name);
+  *tmp++ = '|';
+  *tmp = '\0';
+  ent->blacklist.current += namelen + 1;
+
+  return;
+}
+
+/* returns TRUE if ent->blacklist contains name, else FALSE */
+static bool_t
+in_blacklist (const char *name, int namelen, ent_t *ent)
+{
+  char buf[namelen + 3];
+
+  if (ent->blacklist.data == NULL)
+    return FALSE;
+
+  stpcpy (stpcpy (stpcpy (buf, "|"), name), "|");
+  return strstr (ent->blacklist.data, buf) != NULL;
+}