nss: Turn __nss_database_lookup into a compatibility symbol

The function uses the internal service_user type, so it is not
really usable from the outside of glibc.  Rename the function
to __nss_database_lookup2 for internal use, and change
__nss_database_lookup to always indicate failure to the caller.

__nss_next already was a compatibility symbol.  The new
implementation always fails and no longer calls __nss_next2.

unscd, the alternative nscd implementation, does not use
__nss_database_lookup, so it is not affected by this change.

ChangeLog

@@ -1,3 +1,30 @@
+2019-05-15  Florian Weimer  <fweimer@redhat.com>
+
+	nss: Turn __nss_database_lookup into a compatibility symbol.
+	* nss/nsswitch.h (__nss_database_lookup2): Renamed from
+	__nss_database_lookup.
+	* nss/nsswitch.c (__nss_database_lookup2): Likewise.
+	(nss_load_all_libraries): Call __nss_database_lookup2 instead of
+	__nss_database_lookup.
+	(__nss_next): Move to …
+	* nss/compat-lookup.c (nss_next): … here.  Change it to fail
+	unconditionally.
+	(__nss_database_lookup): New function.
+	* nss/Versions (GLIBC_2.0): Update comment.
+	(GLIBC_PRIVATE): Export __nss_database_lookup2.
+	* grp/initgroups.c (internal_getgrouplist): Call
+	__nss_database_lookup2 instead of __nss_database_lookup.
+	* nscd/aicache.c (addhstaiX): Likewise.
+	* nscd/initgrcache.c (addinitgroupsX): Likewise.
+	* nscd/netgroupcache.c (addgetnetgrentX): Likewise.
+	* nss/XXX-lookup.c (DB_LOOKUP_FCT): Likewise.
+	* nss/nss_compat/compat-grp.c (init_nss_interface): Likewise.
+	* nss/nss_compat/compat-initgroups.c (init_nss_interface):
+	Likewise.
+	* nss/nss_compat/compat-pwd.c (init_nss_interface): Likewise.
+	* nss/nss_compat/compat-spwd.c (init_nss_interface): Likewise.
+	* sysdeps/posix/getaddrinfo.c (gaih_inet): Likewise.
+
 2019-05-15  Alexandra Hajkova  <ahajkova@redhat.com>
 	* support/support.h (support_install_rootsbindir): New variable.
 	* support/support_paths.c: Likewise.

grp/initgroups.c

@@ -79,11 +79,11 @@ internal_getgrouplist (const char *user, gid_t group, long int *size,
 
   if (__nss_initgroups_database == NULL)
     {
-      if (__nss_database_lookup ("initgroups", NULL, "",
+      if (__nss_database_lookup2 ("initgroups", NULL, "",
 				  &__nss_initgroups_database) < 0)
 	{
 	  if (__nss_group_database == NULL)
-	    no_more = __nss_database_lookup ("group", NULL, DEFAULT_CONFIG,
+	    no_more = __nss_database_lookup2 ("group", NULL, DEFAULT_CONFIG,
 					      &__nss_group_database);
 
 	  __nss_initgroups_database = __nss_group_database;

nscd/aicache.c

@@ -92,7 +92,7 @@ addhstaiX (struct database_dyn *db, int fd, request_header *req,
   int herrno = 0;
 
   if (hosts_database == NULL)
-    no_more = __nss_database_lookup ("hosts", NULL,
+    no_more = __nss_database_lookup2 ("hosts", NULL,
 				      "dns [!UNAVAIL=return] files",
 				      &hosts_database);
   else

nscd/initgrcache.c

@@ -88,7 +88,7 @@ addinitgroupsX (struct database_dyn *db, int fd, request_header *req,
   int no_more;
 
   if (group_database == NULL)
-    no_more = __nss_database_lookup ("group", NULL, DEFAULT_CONFIG,
+    no_more = __nss_database_lookup2 ("group", NULL, DEFAULT_CONFIG,
 				      &group_database);
   else
     no_more = 0;

nscd/netgroupcache.c

@@ -143,7 +143,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req,
   *tofreep = NULL;
 
   if (netgroup_database == NULL
-      && __nss_database_lookup ("netgroup", NULL, NULL, &netgroup_database))
+      && __nss_database_lookup2 ("netgroup", NULL, NULL, &netgroup_database))
     {
       /* No such service.  */
       cacheable = do_notfound (db, fd, req, key, &dataset, &total, &timeout,

nss/Versions

@@ -1,8 +1,10 @@
 libc {
   GLIBC_2.0 {
-     # functions used in other libraries
+    __nss_configure_lookup;
+
+    # Functions exported as no-op compat symbols.
     __nss_passwd_lookup; __nss_group_lookup; __nss_hosts_lookup; __nss_next;
-    __nss_database_lookup; __nss_configure_lookup;
+    __nss_database_lookup;
   }
   GLIBC_2.2.2 {
     __nss_hostname_digits_dots;
@@ -15,7 +17,7 @@ libc {
 
     __nss_passwd_lookup2; __nss_group_lookup2; __nss_hosts_lookup2;
     __nss_services_lookup2; __nss_next2; __nss_lookup;
-    __nss_hash;
+    __nss_hash; __nss_database_lookup2;
   }
 }
 

nss/XXX-lookup.c

@@ -57,7 +57,7 @@ DB_LOOKUP_FCT (service_user **ni, const char *fct_name, const char *fct2_name,
 	       void **fctp)
 {
   if (DATABASE_NAME_SYMBOL == NULL
-      && __nss_database_lookup (DATABASE_NAME_STRING, ALTERNATE_NAME_STRING,
+      && __nss_database_lookup2 (DATABASE_NAME_STRING, ALTERNATE_NAME_STRING,
 				 DEFAULT_CONFIG, &DATABASE_NAME_SYMBOL) < 0)
     return -1;
 

nss/compat-lookup.c

@@ -16,11 +16,12 @@
    License along with the GNU C Library; if not, see
    <http://www.gnu.org/licenses/>.  */
 
+#include <nsswitch.h>
+
 #include <shlib-compat.h>
 #if SHLIB_COMPAT (libc, GLIBC_2_0, GLIBC_2_27)
 
 # include <errno.h>
-# include <nsswitch.h>
 
 /* On i386, the function calling convention changed from the standard
    ABI calling convention to three register parameters in glibc 2.8.
@@ -40,3 +41,30 @@ strong_alias (__nss_passwd_lookup, __nss_hosts_lookup)
 compat_symbol (libc, __nss_hosts_lookup, __nss_hosts_lookup, GLIBC_2_0);
 
 #endif /* SHLIB_COMPAT */
+
+#if SHLIB_COMPAT (libc, GLIBC_2_0, GLIBC_2_30)
+
+/* These functions were exported under a non-GLIBC_PRIVATE version,
+   even though it is not usable externally due to the service_user
+   type dependency.  */
+
+int
+attribute_compat_text_section
+__nss_next (service_user **ni, const char *fct_name, void **fctp, int status,
+            int all_values)
+{
+  return -1;
+}
+compat_symbol (libc, __nss_next, __nss_next, GLIBC_2_0);
+
+int
+attribute_compat_text_section
+__nss_database_lookup (const char *database, const char *alternate_name,
+                       const char *defconfig, service_user **ni)
+{
+  *ni = NULL;
+  return -1;
+}
+compat_symbol (libc, __nss_database_lookup, __nss_database_lookup, GLIBC_2_0);
+
+#endif /* SHLIB_COMPAT */

nss/nss_compat/compat-grp.c

@@ -78,7 +78,7 @@ static bool in_blacklist (const char *, int, ent_t *);
 static void
 init_nss_interface (void)
 {
-  if (__nss_database_lookup ("group_compat", NULL, "nis", &ni) >= 0)
+  if (__nss_database_lookup2 ("group_compat", NULL, "nis", &ni) >= 0)
     {
       nss_setgrent = __nss_lookup_function (ni, "setgrent");
       nss_getgrnam_r = __nss_lookup_function (ni, "getgrnam_r");

nss/nss_compat/compat-initgroups.c

@@ -89,7 +89,7 @@ init_nss_interface (void)
 
   /* Retest.  */
   if (ni == NULL
-      && __nss_database_lookup ("group_compat", NULL, "nis", &ni) >= 0)
+      && __nss_database_lookup2 ("group_compat", NULL, "nis", &ni) >= 0)
     {
       nss_initgroups_dyn = __nss_lookup_function (ni, "initgroups_dyn");
       nss_getgrnam_r = __nss_lookup_function (ni, "getgrnam_r");

nss/nss_compat/compat-pwd.c

@@ -88,7 +88,7 @@ static bool in_blacklist (const char *, int, ent_t *);
 static void
 init_nss_interface (void)
 {
-  if (__nss_database_lookup ("passwd_compat", NULL, "nis", &ni) >= 0)
+  if (__nss_database_lookup2 ("passwd_compat", NULL, "nis", &ni) >= 0)
     {
       nss_setpwent = __nss_lookup_function (ni, "setpwent");
       nss_getpwnam_r = __nss_lookup_function (ni, "getpwnam_r");

nss/nss_compat/compat-spwd.c

@@ -85,7 +85,7 @@ static bool in_blacklist (const char *, int, ent_t *);
 static void
 init_nss_interface (void)
 {
-  if (__nss_database_lookup ("shadow_compat", "passwd_compat",
+  if (__nss_database_lookup2 ("shadow_compat", "passwd_compat",
 			      "nis", &ni) >= 0)
     {
       nss_setspent = __nss_lookup_function (ni, "setspent");

nss/nsswitch.c

@@ -115,7 +115,7 @@ static void (*nscd_init_cb) (size_t, struct traced_file *);
 /* -1 == database not found
     0 == database entry pointer stored */
 int
-__nss_database_lookup (const char *database, const char *alternate_name,
+__nss_database_lookup2 (const char *database, const char *alternate_name,
 			const char *defconfig, service_user **ni)
 {
   /* Prevent multiple threads to change the service table.  */
@@ -185,7 +185,7 @@ __nss_database_lookup (const char *database, const char *alternate_name,
 
   return *ni != NULL ? 0 : -1;
 }
-libc_hidden_def (__nss_database_lookup)
+libc_hidden_def (__nss_database_lookup2)
 
 
 /* -1 == not found
@@ -260,16 +260,6 @@ __nss_next2 (service_user **ni, const char *fct_name, const char *fct2_name,
 }
 libc_hidden_def (__nss_next2)
 
-
-int
-attribute_compat_text_section
-__nss_next (service_user **ni, const char *fct_name, void **fctp, int status,
-	    int all_values)
-{
-  return __nss_next2 (ni, fct_name, NULL, fctp, status, all_values);
-}
-
-
 int
 __nss_configure_lookup (const char *dbname, const char *service_line)
 {
@@ -835,7 +825,7 @@ nss_load_all_libraries (const char *service, const char *def)
 {
   service_user *ni = NULL;
 
-  if (__nss_database_lookup (service, NULL, def, &ni) == 0)
+  if (__nss_database_lookup2 (service, NULL, def, &ni) == 0)
     while (ni != NULL)
       {
 	nss_load_library (ni);

nss/nsswitch.h

@@ -125,10 +125,10 @@ extern bool __nss_database_custom[NSS_DBSIDX_max] attribute_hidden;
    If there is no configuration for this database in the file,
    parse a service list from DEFCONFIG and use that.  More
    than one function can use the database.  */
-extern int __nss_database_lookup (const char *database,
+extern int __nss_database_lookup2 (const char *database,
 				   const char *alternative_name,
 				   const char *defconfig, service_user **ni);
-libc_hidden_proto (__nss_database_lookup)
+libc_hidden_proto (__nss_database_lookup2)
 
 /* Put first function with name FCT_NAME for SERVICE in FCTP.  The
    position is remembered in NI.  The function returns a value < 0 if

sysdeps/posix/getaddrinfo.c

@@ -732,7 +732,7 @@ gaih_inet (const char *name, const struct gaih_service *service,
 #endif
 
 	  if (__nss_hosts_database == NULL)
-	    no_more = __nss_database_lookup ("hosts", NULL,
+	    no_more = __nss_database_lookup2 ("hosts", NULL,
 					      "dns [!UNAVAIL=return] files",
 					      &__nss_hosts_database);
 	  else