17c478bd9Sstevel@tonic-gate /*
27c478bd9Sstevel@tonic-gate  * CDDL HEADER START
37c478bd9Sstevel@tonic-gate  *
47c478bd9Sstevel@tonic-gate  * The contents of this file are subject to the terms of the
5cb5caa98Sdjl  * Common Development and Distribution License (the "License").
6cb5caa98Sdjl  * You may not use this file except in compliance with the License.
77c478bd9Sstevel@tonic-gate  *
87c478bd9Sstevel@tonic-gate  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
97c478bd9Sstevel@tonic-gate  * or http://www.opensolaris.org/os/licensing.
107c478bd9Sstevel@tonic-gate  * See the License for the specific language governing permissions
117c478bd9Sstevel@tonic-gate  * and limitations under the License.
127c478bd9Sstevel@tonic-gate  *
137c478bd9Sstevel@tonic-gate  * When distributing Covered Code, include this CDDL HEADER in each
147c478bd9Sstevel@tonic-gate  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
157c478bd9Sstevel@tonic-gate  * If applicable, add the following below this CDDL HEADER, with the
167c478bd9Sstevel@tonic-gate  * fields enclosed by brackets "[]" replaced with your own identifying
177c478bd9Sstevel@tonic-gate  * information: Portions Copyright [yyyy] [name of copyright owner]
187c478bd9Sstevel@tonic-gate  *
197c478bd9Sstevel@tonic-gate  * CDDL HEADER END
207c478bd9Sstevel@tonic-gate  */
217c478bd9Sstevel@tonic-gate /*
22e1dd0a2fSth  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
237c478bd9Sstevel@tonic-gate  * Use is subject to license terms.
247c478bd9Sstevel@tonic-gate  */
257c478bd9Sstevel@tonic-gate 
267c478bd9Sstevel@tonic-gate #pragma ident	"%Z%%M%	%I%	%E% SMI"
277c478bd9Sstevel@tonic-gate 
287c478bd9Sstevel@tonic-gate /*
297c478bd9Sstevel@tonic-gate  * libsldap - library side configuration components
307c478bd9Sstevel@tonic-gate  * Routines to manage the config structure
317c478bd9Sstevel@tonic-gate  */
327c478bd9Sstevel@tonic-gate 
337c478bd9Sstevel@tonic-gate #include <stdio.h>
347c478bd9Sstevel@tonic-gate #include <stdlib.h>
35e1dd0a2fSth #include <stddef.h>
367c478bd9Sstevel@tonic-gate #include <string.h>
377c478bd9Sstevel@tonic-gate #include <strings.h>
387c478bd9Sstevel@tonic-gate #include <libintl.h>
397c478bd9Sstevel@tonic-gate #include <locale.h>
407c478bd9Sstevel@tonic-gate #include <thread.h>
417c478bd9Sstevel@tonic-gate #include <synch.h>
427c478bd9Sstevel@tonic-gate #include <errno.h>
437c478bd9Sstevel@tonic-gate #include <unistd.h>
447c478bd9Sstevel@tonic-gate #include <fcntl.h>
457c478bd9Sstevel@tonic-gate #include <ctype.h>
467c478bd9Sstevel@tonic-gate #include <crypt.h>
477c478bd9Sstevel@tonic-gate #include <arpa/inet.h>
487c478bd9Sstevel@tonic-gate #include <sys/types.h>
497c478bd9Sstevel@tonic-gate #include <sys/stat.h>
507c478bd9Sstevel@tonic-gate #include <syslog.h>
517c478bd9Sstevel@tonic-gate #include <netdb.h>
527c478bd9Sstevel@tonic-gate #include <sys/systeminfo.h>
537c478bd9Sstevel@tonic-gate #include <sys/mman.h>
547c478bd9Sstevel@tonic-gate #include <sys/time.h>
557c478bd9Sstevel@tonic-gate #include <limits.h>
567c478bd9Sstevel@tonic-gate #include "ns_sldap.h"
577c478bd9Sstevel@tonic-gate #include "ns_internal.h"
587c478bd9Sstevel@tonic-gate #include "ns_cache_door.h"
59e1dd0a2fSth #include "ns_connmgmt.h"
607c478bd9Sstevel@tonic-gate 
61*29836b19Smichen #pragma fini(__s_api_shutdown_conn_mgmt, \
62e1dd0a2fSth 	_free_config, __ns_ldap_doorfd_close)
637c478bd9Sstevel@tonic-gate 
647c478bd9Sstevel@tonic-gate static mutex_t		ns_parse_lock = DEFAULTMUTEX;
657c478bd9Sstevel@tonic-gate static mutex_t		ns_loadrefresh_lock = DEFAULTMUTEX;
667c478bd9Sstevel@tonic-gate static ns_config_t	*current_config = NULL;
677c478bd9Sstevel@tonic-gate 
687c478bd9Sstevel@tonic-gate static int		cache_server = FALSE;
69e1dd0a2fSth extern thread_key_t	ns_cmgkey;
707c478bd9Sstevel@tonic-gate 
717c478bd9Sstevel@tonic-gate /*
727c478bd9Sstevel@tonic-gate  * Parameter Index Type validation routines
737c478bd9Sstevel@tonic-gate  */
747c478bd9Sstevel@tonic-gate static int
757c478bd9Sstevel@tonic-gate __s_val_postime(ParamIndexType i, ns_default_config *def,
767c478bd9Sstevel@tonic-gate 		ns_param_t *param, char *errbuf);
777c478bd9Sstevel@tonic-gate static int
787c478bd9Sstevel@tonic-gate __s_val_basedn(ParamIndexType i, ns_default_config *def,
797c478bd9Sstevel@tonic-gate 		ns_param_t *param, char *errbuf);
807c478bd9Sstevel@tonic-gate 
817c478bd9Sstevel@tonic-gate static int
827c478bd9Sstevel@tonic-gate __s_val_binddn(ParamIndexType i, ns_default_config *def,
837c478bd9Sstevel@tonic-gate 		ns_param_t *param, char *errbuf);
847c478bd9Sstevel@tonic-gate 
857c478bd9Sstevel@tonic-gate static int
867c478bd9Sstevel@tonic-gate __s_val_bindpw(ParamIndexType i, ns_default_config *def,
877c478bd9Sstevel@tonic-gate 		ns_param_t *param, char *errbuf);
887c478bd9Sstevel@tonic-gate 
897c478bd9Sstevel@tonic-gate static int
907c478bd9Sstevel@tonic-gate __s_val_serverList(ParamIndexType i, ns_default_config *def,
917c478bd9Sstevel@tonic-gate 		ns_param_t *param, char *errbuf);
927c478bd9Sstevel@tonic-gate 
937c478bd9Sstevel@tonic-gate /*
947c478bd9Sstevel@tonic-gate  * Forward declarations
957c478bd9Sstevel@tonic-gate  */
967c478bd9Sstevel@tonic-gate 
977c478bd9Sstevel@tonic-gate static ns_parse_status
987c478bd9Sstevel@tonic-gate verify_value(ns_config_t *cfg, char *name, char *value, char *errstr);
997c478bd9Sstevel@tonic-gate 
1007c478bd9Sstevel@tonic-gate static int
1017c478bd9Sstevel@tonic-gate set_default_value(ns_config_t *configptr, char *name, char *value,
1027c478bd9Sstevel@tonic-gate 	ns_ldap_error_t **error);
1037c478bd9Sstevel@tonic-gate 
1047c478bd9Sstevel@tonic-gate static void
1057c478bd9Sstevel@tonic-gate set_curr_config(ns_config_t *ptr);
1067c478bd9Sstevel@tonic-gate 
1077c478bd9Sstevel@tonic-gate static int
1087c478bd9Sstevel@tonic-gate __door_getldapconfig(char **buffer, int *buflen, ns_ldap_error_t **error);
1097c478bd9Sstevel@tonic-gate 
1107c478bd9Sstevel@tonic-gate static ns_config_t *
1117c478bd9Sstevel@tonic-gate SetDoorInfo(char *buffer, ns_ldap_error_t **errorp);
1127c478bd9Sstevel@tonic-gate 
1137c478bd9Sstevel@tonic-gate static boolean_t
1147c478bd9Sstevel@tonic-gate timetorefresh(ns_config_t *cfg);
1157c478bd9Sstevel@tonic-gate 
1167c478bd9Sstevel@tonic-gate static ns_config_t *
117e1dd0a2fSth LoadCacheConfiguration(ns_config_t *, ns_ldap_error_t **error);
1187c478bd9Sstevel@tonic-gate 
1197c478bd9Sstevel@tonic-gate static void **
1207c478bd9Sstevel@tonic-gate dupParam(ns_param_t *ptr);
1217c478bd9Sstevel@tonic-gate 
1227c478bd9Sstevel@tonic-gate static time_t
1237c478bd9Sstevel@tonic-gate conv_time(char *s);
1247c478bd9Sstevel@tonic-gate 
1257c478bd9Sstevel@tonic-gate /*
1267c478bd9Sstevel@tonic-gate  * Structures used in enum <-> string mapping routines
1277c478bd9Sstevel@tonic-gate  */
1287c478bd9Sstevel@tonic-gate 
1297c478bd9Sstevel@tonic-gate static ns_enum_map ns_auth_enum_v1[] = {
1307c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_EA_NONE), "NS_LDAP_AUTH_NONE" },
1317c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_EA_SIMPLE), "NS_LDAP_AUTH_SIMPLE" },
1327c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_EA_SASL_CRAM_MD5), "NS_LDAP_AUTH_SASL_CRAM_MD5" },
1337c478bd9Sstevel@tonic-gate 	{ -1, NULL },
1347c478bd9Sstevel@tonic-gate };
1357c478bd9Sstevel@tonic-gate 
1367c478bd9Sstevel@tonic-gate static ns_enum_map ns_auth_enum_v2[] = {
1377c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_EA_NONE), "none" },
1387c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_EA_SIMPLE), "simple" },
1397c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_EA_SASL_CRAM_MD5), "sasl/CRAM-MD5" },
1407c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_EA_SASL_DIGEST_MD5), "sasl/DIGEST-MD5" },
1417c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_EA_SASL_DIGEST_MD5_INT),
1427c478bd9Sstevel@tonic-gate 			"sasl/DIGEST-MD5:auth-int" },
1437c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_EA_SASL_DIGEST_MD5_CONF),
1447c478bd9Sstevel@tonic-gate 			"sasl/DIGEST-MD5:auth-conf" },
1457c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_EA_SASL_EXTERNAL), "sasl/EXTERNAL" },
146cb5caa98Sdjl 	{ ENUM2INT(NS_LDAP_EA_SASL_GSSAPI), "sasl/GSSAPI" },
1477c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_EA_TLS_NONE), "tls:none" },
1487c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_EA_TLS_SIMPLE), "tls:simple" },
1497c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_EA_TLS_SASL_CRAM_MD5), "tls:sasl/CRAM-MD5" },
1507c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_EA_TLS_SASL_DIGEST_MD5), "tls:sasl/DIGEST-MD5" },
1517c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_EA_TLS_SASL_DIGEST_MD5_INT),
1527c478bd9Sstevel@tonic-gate 			"tls:sasl/DIGEST-MD5:auth-int" },
1537c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_EA_TLS_SASL_DIGEST_MD5_CONF),
1547c478bd9Sstevel@tonic-gate 			"tls:sasl/DIGEST-MD5:auth-conf" },
1557c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_EA_TLS_SASL_EXTERNAL), "tls:sasl/EXTERNAL" },
1567c478bd9Sstevel@tonic-gate 	{ -1, NULL },
1577c478bd9Sstevel@tonic-gate };
1587c478bd9Sstevel@tonic-gate 
1597c478bd9Sstevel@tonic-gate 	/* V1 ONLY */
1607c478bd9Sstevel@tonic-gate static ns_enum_map ns_sec_enum_v1[] = {
1617c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_TLS_NONE), "NS_LDAP_SEC_NONE" },
1627c478bd9Sstevel@tonic-gate 	{ -1, NULL },
1637c478bd9Sstevel@tonic-gate };
1647c478bd9Sstevel@tonic-gate 
1657c478bd9Sstevel@tonic-gate 	/* V2 ONLY */
1667c478bd9Sstevel@tonic-gate static ns_enum_map ns_cred_enum_v2[] = {
1677c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_CRED_ANON), "anonymous" },
1687c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_CRED_PROXY), "proxy" },
1697c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_CRED_SELF), "self" },
1707c478bd9Sstevel@tonic-gate 	{ -1, NULL },
1717c478bd9Sstevel@tonic-gate };
1727c478bd9Sstevel@tonic-gate 
1737c478bd9Sstevel@tonic-gate static ns_enum_map ns_ref_enum_v1[] = {
1747c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_FOLLOWREF), "NS_LDAP_FOLLOWREF" },
1757c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_NOREF), "NS_LDAP_NOREF" },
1767c478bd9Sstevel@tonic-gate 	{ -1, NULL },
1777c478bd9Sstevel@tonic-gate };
1787c478bd9Sstevel@tonic-gate 
1797c478bd9Sstevel@tonic-gate static ns_enum_map ns_ref_enum_v2[] = {
1807c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_FOLLOWREF), "TRUE" },
1817c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_NOREF), "FALSE" },
1827c478bd9Sstevel@tonic-gate 	{ -1, NULL },
1837c478bd9Sstevel@tonic-gate };
1847c478bd9Sstevel@tonic-gate 
1857c478bd9Sstevel@tonic-gate static ns_enum_map ns_scope_enum_v1[] = {
1867c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_SCOPE_BASE), "NS_LDAP_SCOPE_BASE" },
1877c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_SCOPE_ONELEVEL), "NS_LDAP_SCOPE_ONELEVEL" },
1887c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_SCOPE_SUBTREE), "NS_LDAP_SCOPE_SUBTREE" },
1897c478bd9Sstevel@tonic-gate 	{ -1, NULL },
1907c478bd9Sstevel@tonic-gate };
1917c478bd9Sstevel@tonic-gate 
1927c478bd9Sstevel@tonic-gate static ns_enum_map ns_scope_enum_v2[] = {
1937c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_SCOPE_BASE), "base" },
1947c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_SCOPE_ONELEVEL), "one" },
1957c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_SCOPE_SUBTREE), "sub" },
1967c478bd9Sstevel@tonic-gate 	{ -1, NULL },
1977c478bd9Sstevel@tonic-gate };
1987c478bd9Sstevel@tonic-gate 
1997c478bd9Sstevel@tonic-gate static ns_enum_map ns_pref_enum[] = {
2007c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_PREF_FALSE), "NS_LDAP_FALSE" },
2017c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_PREF_TRUE), "NS_LDAP_TRUE" },
2027c478bd9Sstevel@tonic-gate 	{ -1, NULL },
2037c478bd9Sstevel@tonic-gate };
2047c478bd9Sstevel@tonic-gate 
2057c478bd9Sstevel@tonic-gate static int	ns_def_auth_v1[] = {
2067c478bd9Sstevel@tonic-gate 	ENUM2INT(NS_LDAP_EA_NONE),
2077c478bd9Sstevel@tonic-gate 	0
2087c478bd9Sstevel@tonic-gate };
2097c478bd9Sstevel@tonic-gate 
2107c478bd9Sstevel@tonic-gate static int	ns_def_auth_v2[] = {
2117c478bd9Sstevel@tonic-gate 	ENUM2INT(NS_LDAP_EA_NONE),
2127c478bd9Sstevel@tonic-gate 	0
2137c478bd9Sstevel@tonic-gate };
2147c478bd9Sstevel@tonic-gate 
2157c478bd9Sstevel@tonic-gate static int	ns_def_cred_v1[] = {
2167c478bd9Sstevel@tonic-gate 	ENUM2INT(NS_LDAP_CRED_PROXY),
2177c478bd9Sstevel@tonic-gate 	0
2187c478bd9Sstevel@tonic-gate };
2197c478bd9Sstevel@tonic-gate 
2207c478bd9Sstevel@tonic-gate static int	ns_def_cred_v2[] = {
2217c478bd9Sstevel@tonic-gate 	ENUM2INT(NS_LDAP_CRED_ANON),
2227c478bd9Sstevel@tonic-gate 	0
2237c478bd9Sstevel@tonic-gate };
2247c478bd9Sstevel@tonic-gate 
2257c478bd9Sstevel@tonic-gate /*
2267c478bd9Sstevel@tonic-gate  * The next macro places an integer in the first sizeof(int) bytes of a
2277c478bd9Sstevel@tonic-gate  * void pointer location. For 32-bit, it is the same as "(void *) i". It
2287c478bd9Sstevel@tonic-gate  * is used to solve a problem found during 64-bit testing.  The problem
2297c478bd9Sstevel@tonic-gate  * was that for a configuration parameter such as NS_LDAP_SEARCH_REF_P,
2307c478bd9Sstevel@tonic-gate  * which is of type INT and has defined default value, an int
2317c478bd9Sstevel@tonic-gate  * variable(ns_param.ns_pu.i) defined inside an union(ns_pu) structure, is
2327c478bd9Sstevel@tonic-gate  * used to access the defined default value. This requires the default
2337c478bd9Sstevel@tonic-gate  * value to be in the first sizeof(int) bytes of the union element.  If
2347c478bd9Sstevel@tonic-gate  * just using "(void *) intval" to declare the default value in the
2357c478bd9Sstevel@tonic-gate  * following defconfig[] structure, the intval data will be placed is the
2367c478bd9Sstevel@tonic-gate  * last sizeof(int) bytes. In which case, when accessing via ns_pu_i in
2377c478bd9Sstevel@tonic-gate  * a 64-bit system, ZERO will be returned as the default value, not the
2387c478bd9Sstevel@tonic-gate  * defined one.
2397c478bd9Sstevel@tonic-gate  *
2407c478bd9Sstevel@tonic-gate  * Note since amd64 is little-endian, the problem is not an issue.
2417c478bd9Sstevel@tonic-gate  * INT2VOIDPTR will just leave the data (i) unchanged.
2427c478bd9Sstevel@tonic-gate  */
2437c478bd9Sstevel@tonic-gate #if defined(__amd64)
2447c478bd9Sstevel@tonic-gate #define	INT2VOIDPTR(i)	(void *)i
2457c478bd9Sstevel@tonic-gate #else
2467c478bd9Sstevel@tonic-gate #define	INT2VOIDPTR(i)	\
2477c478bd9Sstevel@tonic-gate 	(void *)(((long)(i))<<(8*(sizeof (void *) - sizeof (int))))
2487c478bd9Sstevel@tonic-gate #endif
2497c478bd9Sstevel@tonic-gate /*
2507c478bd9Sstevel@tonic-gate  * The default configuration table
2517c478bd9Sstevel@tonic-gate  * Version 1 entries are first, V2 entries follow.
2527c478bd9Sstevel@tonic-gate  */
2537c478bd9Sstevel@tonic-gate static ns_default_config defconfig[] = {
2547c478bd9Sstevel@tonic-gate 	/* optional V1 profile */
2557c478bd9Sstevel@tonic-gate 	{"NS_LDAP_FILE_VERSION", NS_LDAP_FILE_VERSION_P,
2567c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	CHARPTR,	TRUE,	NS_LDAP_V1,
2577c478bd9Sstevel@tonic-gate 		NULL,	/* No version number defined in V1 */
2587c478bd9Sstevel@tonic-gate 		{ CHARPTR, 0, (void *)NS_LDAP_VERSION_1 },
2597c478bd9Sstevel@tonic-gate 		NULL, NULL },
2607c478bd9Sstevel@tonic-gate 
2617c478bd9Sstevel@tonic-gate 	/* ---------- V1 profile ---------- */
2627c478bd9Sstevel@tonic-gate 	{"NS_LDAP_BINDDN", NS_LDAP_BINDDN_P,
2637c478bd9Sstevel@tonic-gate 		CREDCONFIG,	CHARPTR,	TRUE,	NS_LDAP_V1,
2647c478bd9Sstevel@tonic-gate 		_P1_BINDDN,
2657c478bd9Sstevel@tonic-gate 		{ CHARPTR, 0, NULL },
2667c478bd9Sstevel@tonic-gate 		__s_val_binddn, NULL },
2677c478bd9Sstevel@tonic-gate 
2687c478bd9Sstevel@tonic-gate 	{"NS_LDAP_BINDPASSWD", NS_LDAP_BINDPASSWD_P,
2697c478bd9Sstevel@tonic-gate 		CREDCONFIG,	CHARPTR,	TRUE,	NS_LDAP_V1,
2707c478bd9Sstevel@tonic-gate 		_P1_BINDPASSWORD,
2717c478bd9Sstevel@tonic-gate 		{ CHARPTR, 0, NULL },
2727c478bd9Sstevel@tonic-gate 		__s_val_bindpw, NULL },
2737c478bd9Sstevel@tonic-gate 
2747c478bd9Sstevel@tonic-gate 	{"NS_LDAP_SERVERS", NS_LDAP_SERVERS_P,
2757c478bd9Sstevel@tonic-gate 		SERVERCONFIG,	ARRAYCP,	FALSE,	NS_LDAP_V1,
2767c478bd9Sstevel@tonic-gate 		_P1_SERVERS,
2777c478bd9Sstevel@tonic-gate 		{ ARRAYCP, 0, NULL },
2787c478bd9Sstevel@tonic-gate 		__s_val_serverList, NULL },
2797c478bd9Sstevel@tonic-gate 
2807c478bd9Sstevel@tonic-gate 	{"NS_LDAP_SEARCH_BASEDN", NS_LDAP_SEARCH_BASEDN_P,
2817c478bd9Sstevel@tonic-gate 		SERVERCONFIG,	CHARPTR,	TRUE,	NS_LDAP_V1,
2827c478bd9Sstevel@tonic-gate 		_P1_SEARCHBASEDN,
2837c478bd9Sstevel@tonic-gate 		{ CHARPTR, 0, NULL },
2847c478bd9Sstevel@tonic-gate 		__s_val_basedn, NULL },
2857c478bd9Sstevel@tonic-gate 
2867c478bd9Sstevel@tonic-gate 	{"NS_LDAP_AUTH", NS_LDAP_AUTH_P,
2877c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	ARRAYAUTH,	FALSE,	NS_LDAP_V1,
2887c478bd9Sstevel@tonic-gate 		_P1_AUTHMETHOD,
2897c478bd9Sstevel@tonic-gate 		{ ARRAYAUTH, 1, (void *)&ns_def_auth_v1[0] },
2907c478bd9Sstevel@tonic-gate 		NULL, ns_auth_enum_v1 },
2917c478bd9Sstevel@tonic-gate 
2927c478bd9Sstevel@tonic-gate 	{"NS_LDAP_TRANSPORT_SEC", NS_LDAP_TRANSPORT_SEC_P,
2937c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	INT,		TRUE,	NS_LDAP_V1,
2947c478bd9Sstevel@tonic-gate 		_P1_TRANSPORTSECURITY,
2957c478bd9Sstevel@tonic-gate 		{ INT, 0, INT2VOIDPTR(NS_LDAP_TLS_NONE) },
2967c478bd9Sstevel@tonic-gate 		NULL, ns_sec_enum_v1 },
2977c478bd9Sstevel@tonic-gate 
2987c478bd9Sstevel@tonic-gate 	{"NS_LDAP_SEARCH_REF", NS_LDAP_SEARCH_REF_P,
2997c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	INT,		TRUE,	NS_LDAP_V1,
3007c478bd9Sstevel@tonic-gate 		_P1_SEARCHREFERRAL,
3017c478bd9Sstevel@tonic-gate 		{ INT, 0, INT2VOIDPTR(NS_LDAP_FOLLOWREF) },
3027c478bd9Sstevel@tonic-gate 		NULL, ns_ref_enum_v1 },
3037c478bd9Sstevel@tonic-gate 
3047c478bd9Sstevel@tonic-gate 	{"NS_LDAP_DOMAIN", NS_LDAP_DOMAIN_P,
3057c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	CHARPTR,	TRUE,	NS_LDAP_V1,
3067c478bd9Sstevel@tonic-gate 		NULL,	/* not defined in the Profile */
3077c478bd9Sstevel@tonic-gate 		{ CHARPTR, 0, NULL },
3087c478bd9Sstevel@tonic-gate 		NULL, NULL },
3097c478bd9Sstevel@tonic-gate 
3107c478bd9Sstevel@tonic-gate 	{"NS_LDAP_EXP", NS_LDAP_EXP_P,
3117c478bd9Sstevel@tonic-gate 		SERVERCONFIG,	TIMET,		TRUE,	NS_LDAP_V1,
3127c478bd9Sstevel@tonic-gate 		NULL,	/* initialized by code to time+NS_LDAP_CACHETTL */
3137c478bd9Sstevel@tonic-gate 		{ INT, 0, 0 },
3147c478bd9Sstevel@tonic-gate 		NULL, NULL },
3157c478bd9Sstevel@tonic-gate 
3167c478bd9Sstevel@tonic-gate 	{"NS_LDAP_CERT_PATH", NS_LDAP_CERT_PATH_P,
3177c478bd9Sstevel@tonic-gate 		CREDCONFIG,	CHARPTR,	TRUE,	NS_LDAP_V1,
3187c478bd9Sstevel@tonic-gate 		_P1_CERTIFICATEPATH,
3197c478bd9Sstevel@tonic-gate 		{ CHARPTR, 0, NULL },
3207c478bd9Sstevel@tonic-gate 		NULL, NULL },
3217c478bd9Sstevel@tonic-gate 
3227c478bd9Sstevel@tonic-gate 	{"NS_LDAP_CERT_PASS", NS_LDAP_CERT_PASS_P,
3237c478bd9Sstevel@tonic-gate 		CREDCONFIG,	CHARPTR,	TRUE,	NS_LDAP_V1,
3247c478bd9Sstevel@tonic-gate 		_P1_CERTIFICATEPASSWORD,
3257c478bd9Sstevel@tonic-gate 		{ CHARPTR, 0, NULL },
3267c478bd9Sstevel@tonic-gate 		NULL, NULL },
3277c478bd9Sstevel@tonic-gate 
3287c478bd9Sstevel@tonic-gate 	{"NS_LDAP_SEARCH_DN", NS_LDAP_SEARCH_DN_P,
3297c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	SSDLIST,	FALSE,	NS_LDAP_V1,
3307c478bd9Sstevel@tonic-gate 		_P1_DATASEARCHDN,
3317c478bd9Sstevel@tonic-gate 		{ SSDLIST, 0, NULL },
3327c478bd9Sstevel@tonic-gate 		NULL, NULL },
3337c478bd9Sstevel@tonic-gate 
3347c478bd9Sstevel@tonic-gate 	{"NS_LDAP_SEARCH_SCOPE", NS_LDAP_SEARCH_SCOPE_P,
3357c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	INT,		TRUE,	NS_LDAP_V1,
3367c478bd9Sstevel@tonic-gate 		_P1_SEARCHSCOPE,
3377c478bd9Sstevel@tonic-gate 		{ INT, 0, INT2VOIDPTR(NS_LDAP_SCOPE_ONELEVEL) },
3387c478bd9Sstevel@tonic-gate 		NULL, ns_scope_enum_v1 },
3397c478bd9Sstevel@tonic-gate 
3407c478bd9Sstevel@tonic-gate 	{"NS_LDAP_SEARCH_TIME", NS_LDAP_SEARCH_TIME_P,
3417c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	INT,		TRUE,	NS_LDAP_V1,
3427c478bd9Sstevel@tonic-gate 		_P1_SEARCHTIMELIMIT,
3437c478bd9Sstevel@tonic-gate 		{ INT, 0, INT2VOIDPTR(NS_DEFAULT_SEARCH_TIMEOUT) },
3447c478bd9Sstevel@tonic-gate 		NULL, NULL },
3457c478bd9Sstevel@tonic-gate 
3467c478bd9Sstevel@tonic-gate 	{"NS_LDAP_SERVER_PREF", NS_LDAP_SERVER_PREF_P,
3477c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	ARRAYCP,	FALSE,	NS_LDAP_V1,
3487c478bd9Sstevel@tonic-gate 		_P1_PREFERREDSERVER,
3497c478bd9Sstevel@tonic-gate 		{ ARRAYCP, 0, NULL },
3507c478bd9Sstevel@tonic-gate 		__s_val_serverList, NULL },
3517c478bd9Sstevel@tonic-gate 
3527c478bd9Sstevel@tonic-gate 	{"NS_LDAP_PREF_ONLY", NS_LDAP_PREF_ONLY_P,
3537c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	INT,		TRUE,	NS_LDAP_V1,
3547c478bd9Sstevel@tonic-gate 		_P1_PREFERREDSERVERONLY,
3557c478bd9Sstevel@tonic-gate 		{ INT, 0, INT2VOIDPTR(NS_LDAP_PREF_FALSE) },
3567c478bd9Sstevel@tonic-gate 		NULL, ns_pref_enum },
3577c478bd9Sstevel@tonic-gate 
3587c478bd9Sstevel@tonic-gate 	{"NS_LDAP_CACHETTL", NS_LDAP_CACHETTL_P,
3597c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	CHARPTR,	TRUE,	NS_LDAP_V1,
3607c478bd9Sstevel@tonic-gate 		_P1_CACHETTL,
3617c478bd9Sstevel@tonic-gate 		{ CHARPTR, 0, (void *)EXP_DEFAULT_TTL },
3627c478bd9Sstevel@tonic-gate 		__s_val_postime, NULL },
3637c478bd9Sstevel@tonic-gate 
3647c478bd9Sstevel@tonic-gate 	{"NS_LDAP_PROFILE", NS_LDAP_PROFILE_P,
3657c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	CHARPTR,	TRUE,	NS_LDAP_V1,
3667c478bd9Sstevel@tonic-gate 		_P_CN,
3677c478bd9Sstevel@tonic-gate 		{ CHARPTR, 0, (void *)DEFAULTCONFIGNAME },
3687c478bd9Sstevel@tonic-gate 		NULL, NULL },
3697c478bd9Sstevel@tonic-gate 
3707c478bd9Sstevel@tonic-gate 	{"NS_LDAP_BIND_TIME", NS_LDAP_BIND_TIME_P,
3717c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	INT,		TRUE,	NS_LDAP_V1,
3727c478bd9Sstevel@tonic-gate 		_P1_BINDTIMELIMIT,
3737c478bd9Sstevel@tonic-gate 		{ INT, 0, INT2VOIDPTR(NS_DEFAULT_BIND_TIMEOUT) },
3747c478bd9Sstevel@tonic-gate 		NULL, NULL },
3757c478bd9Sstevel@tonic-gate 
3767c478bd9Sstevel@tonic-gate 	/* This configuration option is not visible in V1 */
3777c478bd9Sstevel@tonic-gate 	{"NS_LDAP_CREDENTIAL_LEVEL", NS_LDAP_CREDENTIAL_LEVEL_P,
3787c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	ARRAYCRED,	TRUE,	NS_LDAP_V1,
3797c478bd9Sstevel@tonic-gate 		NULL,	/* No version defined in V1 */
3807c478bd9Sstevel@tonic-gate 		{ ARRAYCRED, 0, (void *)&ns_def_cred_v1[0] },
3817c478bd9Sstevel@tonic-gate 		NULL, NULL },
3827c478bd9Sstevel@tonic-gate 
3837c478bd9Sstevel@tonic-gate 	/* ---------- V2 profile ---------- */
3847c478bd9Sstevel@tonic-gate 	{"NS_LDAP_FILE_VERSION", NS_LDAP_FILE_VERSION_P,
3857c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	CHARPTR,	TRUE,	NS_LDAP_V2,
3867c478bd9Sstevel@tonic-gate 		NULL,	/* No version number defined in V1 */
3877c478bd9Sstevel@tonic-gate 		{ CHARPTR, 0, (void *)NS_LDAP_VERSION_2 },
3887c478bd9Sstevel@tonic-gate 		NULL, NULL },
3897c478bd9Sstevel@tonic-gate 
3907c478bd9Sstevel@tonic-gate 	{"NS_LDAP_BINDDN", NS_LDAP_BINDDN_P,
3917c478bd9Sstevel@tonic-gate 		CREDCONFIG,	CHARPTR,	TRUE,	NS_LDAP_V2,
3927c478bd9Sstevel@tonic-gate 		NULL,	/* not defined in the Profile */
3937c478bd9Sstevel@tonic-gate 		{ CHARPTR, 0, NULL },
3947c478bd9Sstevel@tonic-gate 		__s_val_binddn, NULL },
3957c478bd9Sstevel@tonic-gate 	{"NS_LDAP_BINDPASSWD", NS_LDAP_BINDPASSWD_P,
3967c478bd9Sstevel@tonic-gate 		CREDCONFIG,	CHARPTR,	TRUE,	NS_LDAP_V2,
3977c478bd9Sstevel@tonic-gate 		NULL,	/* not defined in the Profile */
3987c478bd9Sstevel@tonic-gate 		{ CHARPTR, 0, NULL },
3997c478bd9Sstevel@tonic-gate 		__s_val_bindpw, NULL },
4007c478bd9Sstevel@tonic-gate 	{"NS_LDAP_EXP", NS_LDAP_EXP_P,
4017c478bd9Sstevel@tonic-gate 		SERVERCONFIG,	TIMET,		TRUE,	NS_LDAP_V2,
4027c478bd9Sstevel@tonic-gate 		NULL,	/* initialized by code to time+NS_LDAP_CACHETTL */
4037c478bd9Sstevel@tonic-gate 		{ INT, 0, 0 },
4047c478bd9Sstevel@tonic-gate 		NULL, NULL },
4057c478bd9Sstevel@tonic-gate 
4067c478bd9Sstevel@tonic-gate 	{"NS_LDAP_SERVER_PREF", NS_LDAP_SERVER_PREF_P,
4077c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	SERVLIST,	FALSE,	NS_LDAP_V2,
4087c478bd9Sstevel@tonic-gate 		_P2_PREFERREDSERVER,
4097c478bd9Sstevel@tonic-gate 		{ SERVLIST, 0, NULL },
4107c478bd9Sstevel@tonic-gate 		__s_val_serverList, NULL },
4117c478bd9Sstevel@tonic-gate 
4127c478bd9Sstevel@tonic-gate 	{"NS_LDAP_SERVERS", NS_LDAP_SERVERS_P,
4137c478bd9Sstevel@tonic-gate 		SERVERCONFIG,	SERVLIST,	FALSE,	NS_LDAP_V2,
4147c478bd9Sstevel@tonic-gate 		_P2_DEFAULTSERVER,
4157c478bd9Sstevel@tonic-gate 		{ SERVLIST, 0, NULL },
4167c478bd9Sstevel@tonic-gate 		__s_val_serverList, NULL },
4177c478bd9Sstevel@tonic-gate 
4187c478bd9Sstevel@tonic-gate 	{"NS_LDAP_SEARCH_BASEDN", NS_LDAP_SEARCH_BASEDN_P,
4197c478bd9Sstevel@tonic-gate 		SERVERCONFIG,	CHARPTR,	TRUE,	NS_LDAP_V2,
4207c478bd9Sstevel@tonic-gate 		_P2_SEARCHBASEDN,
4217c478bd9Sstevel@tonic-gate 		{ CHARPTR, 0, NULL },
4227c478bd9Sstevel@tonic-gate 		__s_val_basedn, NULL },
4237c478bd9Sstevel@tonic-gate 
4247c478bd9Sstevel@tonic-gate 	{"NS_LDAP_SEARCH_SCOPE", NS_LDAP_SEARCH_SCOPE_P,
4257c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	INT,		TRUE,	NS_LDAP_V2,
4267c478bd9Sstevel@tonic-gate 		_P2_SEARCHSCOPE,
4277c478bd9Sstevel@tonic-gate 		{ INT, 0, INT2VOIDPTR(NS_LDAP_SCOPE_ONELEVEL) },
4287c478bd9Sstevel@tonic-gate 		NULL, ns_scope_enum_v2 },
4297c478bd9Sstevel@tonic-gate 
4307c478bd9Sstevel@tonic-gate 	{"NS_LDAP_AUTH", NS_LDAP_AUTH_P,
4317c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	ARRAYAUTH,	FALSE,	NS_LDAP_V2,
4327c478bd9Sstevel@tonic-gate 		_P2_AUTHMETHOD,
4337c478bd9Sstevel@tonic-gate 		{ ARRAYAUTH, 2, (void *)&ns_def_auth_v2[0] },
4347c478bd9Sstevel@tonic-gate 		NULL, ns_auth_enum_v2 },
4357c478bd9Sstevel@tonic-gate 
4367c478bd9Sstevel@tonic-gate 	{"NS_LDAP_CREDENTIAL_LEVEL", NS_LDAP_CREDENTIAL_LEVEL_P,
4377c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	ARRAYCRED,	FALSE,	NS_LDAP_V2,
4387c478bd9Sstevel@tonic-gate 		_P2_CREDENTIALLEVEL,
4397c478bd9Sstevel@tonic-gate 		{ ARRAYCRED, 0, (void *)&ns_def_cred_v2[0] },
4407c478bd9Sstevel@tonic-gate 		NULL, ns_cred_enum_v2 },
4417c478bd9Sstevel@tonic-gate 
4427c478bd9Sstevel@tonic-gate 	{"NS_LDAP_SERVICE_SEARCH_DESC", NS_LDAP_SERVICE_SEARCH_DESC_P,
4437c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	SSDLIST,	FALSE,	NS_LDAP_V2,
4447c478bd9Sstevel@tonic-gate 		_P2_SERVICESEARCHDESC,
4457c478bd9Sstevel@tonic-gate 		{ SSDLIST, 0, NULL },
4467c478bd9Sstevel@tonic-gate 		NULL, NULL },
4477c478bd9Sstevel@tonic-gate 
4487c478bd9Sstevel@tonic-gate 	{"NS_LDAP_SEARCH_TIME", NS_LDAP_SEARCH_TIME_P,
4497c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	INT,		TRUE,	NS_LDAP_V2,
4507c478bd9Sstevel@tonic-gate 		_P2_SEARCHTIMELIMIT,
4517c478bd9Sstevel@tonic-gate 		{ INT, 0, INT2VOIDPTR(NS_DEFAULT_SEARCH_TIMEOUT) },
4527c478bd9Sstevel@tonic-gate 		NULL, NULL },
4537c478bd9Sstevel@tonic-gate 
4547c478bd9Sstevel@tonic-gate 	{"NS_LDAP_BIND_TIME", NS_LDAP_BIND_TIME_P,
4557c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	INT,		TRUE,	NS_LDAP_V2,
4567c478bd9Sstevel@tonic-gate 		_P2_BINDTIMELIMIT,
4577c478bd9Sstevel@tonic-gate 		{ INT, 0, INT2VOIDPTR(NS_DEFAULT_BIND_TIMEOUT) },
4587c478bd9Sstevel@tonic-gate 		NULL, NULL },
4597c478bd9Sstevel@tonic-gate 
4607c478bd9Sstevel@tonic-gate 	{"NS_LDAP_SEARCH_REF", NS_LDAP_SEARCH_REF_P,
4617c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	INT,		TRUE,	NS_LDAP_V2,
4627c478bd9Sstevel@tonic-gate 		_P2_FOLLOWREFERRALS,
4637c478bd9Sstevel@tonic-gate 		{ INT, 0, INT2VOIDPTR(NS_LDAP_FOLLOWREF) },
4647c478bd9Sstevel@tonic-gate 		NULL, ns_ref_enum_v2 },
4657c478bd9Sstevel@tonic-gate 
4667c478bd9Sstevel@tonic-gate 	{"NS_LDAP_CACHETTL", NS_LDAP_CACHETTL_P,
4677c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	CHARPTR,	TRUE,	NS_LDAP_V2,
4687c478bd9Sstevel@tonic-gate 		_P2_PROFILETTL,
4697c478bd9Sstevel@tonic-gate 		{ CHARPTR, 0, (void *)EXP_DEFAULT_TTL },
4707c478bd9Sstevel@tonic-gate 		__s_val_postime, NULL },
4717c478bd9Sstevel@tonic-gate 
4727c478bd9Sstevel@tonic-gate 	{"NS_LDAP_ATTRIBUTEMAP", NS_LDAP_ATTRIBUTEMAP_P,
4737c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	ATTRMAP,	FALSE,	NS_LDAP_V2,
4747c478bd9Sstevel@tonic-gate 		_P2_ATTRIBUTEMAP,
4757c478bd9Sstevel@tonic-gate 		{ ATTRMAP, 0, NULL },
4767c478bd9Sstevel@tonic-gate 		NULL, NULL },
4777c478bd9Sstevel@tonic-gate 
4787c478bd9Sstevel@tonic-gate 	{"NS_LDAP_OBJECTCLASSMAP", NS_LDAP_OBJECTCLASSMAP_P,
4797c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	OBJMAP,		FALSE,	NS_LDAP_V2,
4807c478bd9Sstevel@tonic-gate 		_P2_OBJECTCLASSMAP,
4817c478bd9Sstevel@tonic-gate 		{ OBJMAP, 0, NULL },
4827c478bd9Sstevel@tonic-gate 		NULL, NULL },
4837c478bd9Sstevel@tonic-gate 
4847c478bd9Sstevel@tonic-gate 	{"NS_LDAP_PROFILE", NS_LDAP_PROFILE_P,
4857c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	CHARPTR,	TRUE,	NS_LDAP_V2,
4867c478bd9Sstevel@tonic-gate 		_P_CN,
4877c478bd9Sstevel@tonic-gate 		{ CHARPTR, 0, (void *)DEFAULTCONFIGNAME },
4887c478bd9Sstevel@tonic-gate 		NULL, NULL },
4897c478bd9Sstevel@tonic-gate 
4907c478bd9Sstevel@tonic-gate 	{"NS_LDAP_SERVICE_AUTH_METHOD", NS_LDAP_SERVICE_AUTH_METHOD_P,
4917c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	SAMLIST,	FALSE,	NS_LDAP_V2,
4927c478bd9Sstevel@tonic-gate 		_P2_SERVICEAUTHMETHOD,
4937c478bd9Sstevel@tonic-gate 		{ SAMLIST, 0, NULL },
4947c478bd9Sstevel@tonic-gate 		NULL, NULL },
4957c478bd9Sstevel@tonic-gate 
4967c478bd9Sstevel@tonic-gate 	{"NS_LDAP_SERVICE_CRED_LEVEL", NS_LDAP_SERVICE_CRED_LEVEL_P,
4977c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	SCLLIST,	FALSE,	NS_LDAP_V2,
4987c478bd9Sstevel@tonic-gate 		_P2_SERVICECREDLEVEL,
4997c478bd9Sstevel@tonic-gate 		{ SCLLIST, 0, NULL },
5007c478bd9Sstevel@tonic-gate 		NULL, NULL },
5017c478bd9Sstevel@tonic-gate 
5027c478bd9Sstevel@tonic-gate 	{"NS_LDAP_HOST_CERTPATH", NS_LDAP_HOST_CERTPATH_P,
5037c478bd9Sstevel@tonic-gate 		CREDCONFIG,	CHARPTR,	TRUE,	NS_LDAP_V2,
5047c478bd9Sstevel@tonic-gate 		NULL,	/* not defined in the Profile */
5057c478bd9Sstevel@tonic-gate 		{ CHARPTR, 0, (void *)NSLDAPDIRECTORY },
5067c478bd9Sstevel@tonic-gate 		NULL, NULL },
5077c478bd9Sstevel@tonic-gate 
5087c478bd9Sstevel@tonic-gate 	/* array terminator [not an entry] */
5097c478bd9Sstevel@tonic-gate 	{NULL, NS_LDAP_FILE_VERSION_P,
5107c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	NS_UNKNOWN,	TRUE,	NULL,
5117c478bd9Sstevel@tonic-gate 		NULL,
5127c478bd9Sstevel@tonic-gate 		{ NS_UNKNOWN, 0, NULL },
5137c478bd9Sstevel@tonic-gate 		NULL, NULL },
5147c478bd9Sstevel@tonic-gate };
5157c478bd9Sstevel@tonic-gate 
5167c478bd9Sstevel@tonic-gate static char *
5177c478bd9Sstevel@tonic-gate __getdomainname()
5187c478bd9Sstevel@tonic-gate {
5197c478bd9Sstevel@tonic-gate 	/*
5207c478bd9Sstevel@tonic-gate 	 * The sysinfo man page recommends using a buffer size
5217c478bd9Sstevel@tonic-gate 	 * of 257 bytes. MAXHOSTNAMELEN is 256. So add 1 here.
5227c478bd9Sstevel@tonic-gate 	 */
5237c478bd9Sstevel@tonic-gate 	char	buf[MAXHOSTNAMELEN + 1];
5247c478bd9Sstevel@tonic-gate 	int	status;
5257c478bd9Sstevel@tonic-gate 
5267c478bd9Sstevel@tonic-gate 	status = sysinfo(SI_SRPC_DOMAIN, buf, MAXHOSTNAMELEN);
5277c478bd9Sstevel@tonic-gate 	if (status < 0)
5287c478bd9Sstevel@tonic-gate 		return (NULL);
5297c478bd9Sstevel@tonic-gate 	/* error: not enough space to hold returned value */
5307c478bd9Sstevel@tonic-gate 	if (status > sizeof (buf))
5317c478bd9Sstevel@tonic-gate 		return (NULL);
5327c478bd9Sstevel@tonic-gate 	return (strdup(buf));
5337c478bd9Sstevel@tonic-gate }
5347c478bd9Sstevel@tonic-gate 
5357c478bd9Sstevel@tonic-gate void
5367c478bd9Sstevel@tonic-gate __ns_ldap_setServer(int set)
5377c478bd9Sstevel@tonic-gate {
5387c478bd9Sstevel@tonic-gate 	cache_server = set;
5397c478bd9Sstevel@tonic-gate }
5407c478bd9Sstevel@tonic-gate 
5417c478bd9Sstevel@tonic-gate static boolean_t
5427c478bd9Sstevel@tonic-gate timetorefresh(ns_config_t *cfg)
5437c478bd9Sstevel@tonic-gate {
5447c478bd9Sstevel@tonic-gate 	struct timeval	tp;
5457c478bd9Sstevel@tonic-gate 	static time_t	expire = 0;
5467c478bd9Sstevel@tonic-gate 
5477c478bd9Sstevel@tonic-gate 	if (cfg == NULL || gettimeofday(&tp, NULL) == -1)
5487c478bd9Sstevel@tonic-gate 		return (B_TRUE);
5497c478bd9Sstevel@tonic-gate 
5507c478bd9Sstevel@tonic-gate 	if (cfg->paramList[NS_LDAP_EXP_P].ns_ptype == TIMET)
5517c478bd9Sstevel@tonic-gate 		expire = cfg->paramList[NS_LDAP_EXP_P].ns_tm;
5527c478bd9Sstevel@tonic-gate 	else
5537c478bd9Sstevel@tonic-gate 		return (B_TRUE);
5547c478bd9Sstevel@tonic-gate 
5557c478bd9Sstevel@tonic-gate 	return (expire != 0 && tp.tv_sec > expire);
5567c478bd9Sstevel@tonic-gate }
5577c478bd9Sstevel@tonic-gate 
5587c478bd9Sstevel@tonic-gate int
5597c478bd9Sstevel@tonic-gate __s_get_enum_value(ns_config_t *ptr, char *value, ParamIndexType i)
5607c478bd9Sstevel@tonic-gate {
5617c478bd9Sstevel@tonic-gate 	register ns_enum_map	*mapp;
5627c478bd9Sstevel@tonic-gate 	char			*pstart = value;
5637c478bd9Sstevel@tonic-gate 	char			*pend;
5647c478bd9Sstevel@tonic-gate 	int			len;
5657c478bd9Sstevel@tonic-gate 
5667c478bd9Sstevel@tonic-gate 	if (pstart == NULL)
5677c478bd9Sstevel@tonic-gate 		return (-1);
5687c478bd9Sstevel@tonic-gate 
5697c478bd9Sstevel@tonic-gate 	/* skip leading spaces */
5707c478bd9Sstevel@tonic-gate 	while (*pstart == SPACETOK)
5717c478bd9Sstevel@tonic-gate 		pstart++;
5727c478bd9Sstevel@tonic-gate 	/* skip trailing spaces */
5737c478bd9Sstevel@tonic-gate 	pend = pstart + strlen(pstart) - 1;
5747ddae043Siz 	for (; pend >= pstart && *pend == SPACETOK; pend--)
5757ddae043Siz 		;
5767c478bd9Sstevel@tonic-gate 	len = pend - pstart + 1;
5777c478bd9Sstevel@tonic-gate 	if (len == 0)
5787c478bd9Sstevel@tonic-gate 		return (-1);
5797c478bd9Sstevel@tonic-gate 
5807c478bd9Sstevel@tonic-gate 	switch (i) {
5817c478bd9Sstevel@tonic-gate 	case NS_LDAP_AUTH_P:
5827c478bd9Sstevel@tonic-gate 		if (ptr->version == NS_LDAP_V1)
5837c478bd9Sstevel@tonic-gate 			mapp = &ns_auth_enum_v1[0];
5847c478bd9Sstevel@tonic-gate 		else
5857c478bd9Sstevel@tonic-gate 			mapp = &ns_auth_enum_v2[0];
5867c478bd9Sstevel@tonic-gate 		break;
5877c478bd9Sstevel@tonic-gate 	case NS_LDAP_TRANSPORT_SEC_P:
5887c478bd9Sstevel@tonic-gate 		return (-1);
5897c478bd9Sstevel@tonic-gate 	case NS_LDAP_SEARCH_SCOPE_P:
5907c478bd9Sstevel@tonic-gate 		if (ptr->version == NS_LDAP_V1)
5917c478bd9Sstevel@tonic-gate 			mapp = &ns_scope_enum_v1[0];
5927c478bd9Sstevel@tonic-gate 		else
5937c478bd9Sstevel@tonic-gate 			mapp = &ns_scope_enum_v2[0];
5947c478bd9Sstevel@tonic-gate 		break;
5957c478bd9Sstevel@tonic-gate 	case NS_LDAP_SEARCH_REF_P:
5967c478bd9Sstevel@tonic-gate 		if (ptr->version == NS_LDAP_V1)
5977c478bd9Sstevel@tonic-gate 			mapp = &ns_ref_enum_v1[0];
5987c478bd9Sstevel@tonic-gate 		else
5997c478bd9Sstevel@tonic-gate 			mapp = &ns_ref_enum_v2[0];
6007c478bd9Sstevel@tonic-gate 		break;
6017c478bd9Sstevel@tonic-gate 	case NS_LDAP_PREF_ONLY_P:
6027c478bd9Sstevel@tonic-gate 		mapp = &ns_pref_enum[0];
6037c478bd9Sstevel@tonic-gate 		break;
6047c478bd9Sstevel@tonic-gate 	case NS_LDAP_CREDENTIAL_LEVEL_P:
6057c478bd9Sstevel@tonic-gate 		if (ptr->version == NS_LDAP_V1)
6067c478bd9Sstevel@tonic-gate 			return (-1);
6077c478bd9Sstevel@tonic-gate 		else
6087c478bd9Sstevel@tonic-gate 			mapp = &ns_cred_enum_v2[0];
6097c478bd9Sstevel@tonic-gate 		break;
6107c478bd9Sstevel@tonic-gate 	case NS_LDAP_SERVICE_AUTH_METHOD_P:
6117c478bd9Sstevel@tonic-gate 		mapp = &ns_auth_enum_v2[0];
6127c478bd9Sstevel@tonic-gate 		break;
6137c478bd9Sstevel@tonic-gate 	case NS_LDAP_SERVICE_CRED_LEVEL_P:
6147c478bd9Sstevel@tonic-gate 		mapp = &ns_cred_enum_v2[0];
6157c478bd9Sstevel@tonic-gate 		break;
6167c478bd9Sstevel@tonic-gate 	default:
6177c478bd9Sstevel@tonic-gate 		return (-1);
6187c478bd9Sstevel@tonic-gate 	}
6197c478bd9Sstevel@tonic-gate 
6207c478bd9Sstevel@tonic-gate 	for (; mapp->name != NULL; mapp++) {
6217c478bd9Sstevel@tonic-gate 		if (strncasecmp(pstart, mapp->name, len) == 0 &&
6227ddae043Siz 		    (strlen(mapp->name) == len)) {
6237c478bd9Sstevel@tonic-gate 			return (mapp->value);
6247c478bd9Sstevel@tonic-gate 		}
6257c478bd9Sstevel@tonic-gate 	}
6267c478bd9Sstevel@tonic-gate 	return (-1);
6277c478bd9Sstevel@tonic-gate }
6287c478bd9Sstevel@tonic-gate 
6297c478bd9Sstevel@tonic-gate char *
6307c478bd9Sstevel@tonic-gate __s_get_auth_name(ns_config_t *ptr, AuthType_t type)
6317c478bd9Sstevel@tonic-gate {
6327c478bd9Sstevel@tonic-gate 	register ns_enum_map	*mapp;
6337c478bd9Sstevel@tonic-gate 
6347c478bd9Sstevel@tonic-gate 	if (ptr->version == NS_LDAP_V1)
6357c478bd9Sstevel@tonic-gate 		mapp = &ns_auth_enum_v1[0];
6367c478bd9Sstevel@tonic-gate 	else
6377c478bd9Sstevel@tonic-gate 		mapp = &ns_auth_enum_v2[0];
6387c478bd9Sstevel@tonic-gate 
6397c478bd9Sstevel@tonic-gate 	for (; mapp->name != NULL; mapp++) {
6407c478bd9Sstevel@tonic-gate 		if (type == INT2AUTHENUM(mapp->value)) {
6417c478bd9Sstevel@tonic-gate 			return (mapp->name);
6427c478bd9Sstevel@tonic-gate 		}
6437c478bd9Sstevel@tonic-gate 	}
6447c478bd9Sstevel@tonic-gate 	return ("Unknown AuthType_t type specified");
6457c478bd9Sstevel@tonic-gate }
6467c478bd9Sstevel@tonic-gate 
6477c478bd9Sstevel@tonic-gate 
6487c478bd9Sstevel@tonic-gate char *
6497c478bd9Sstevel@tonic-gate __s_get_security_name(ns_config_t *ptr, TlsType_t type)
6507c478bd9Sstevel@tonic-gate {
6517c478bd9Sstevel@tonic-gate 	register ns_enum_map	*mapp;
6527c478bd9Sstevel@tonic-gate 
6537c478bd9Sstevel@tonic-gate 	if (ptr->version == NS_LDAP_V1) {
6547c478bd9Sstevel@tonic-gate 		mapp = &ns_sec_enum_v1[0];
6557c478bd9Sstevel@tonic-gate 
6567c478bd9Sstevel@tonic-gate 		for (; mapp->name != NULL; mapp++) {
6577c478bd9Sstevel@tonic-gate 			if (type == INT2SECENUM(mapp->value)) {
6587c478bd9Sstevel@tonic-gate 				return (mapp->name);
6597c478bd9Sstevel@tonic-gate 			}
6607c478bd9Sstevel@tonic-gate 		}
6617c478bd9Sstevel@tonic-gate 	}
6627c478bd9Sstevel@tonic-gate 	return ("Unknown TlsType_t type specified");
6637c478bd9Sstevel@tonic-gate }
6647c478bd9Sstevel@tonic-gate 
6657c478bd9Sstevel@tonic-gate 
6667c478bd9Sstevel@tonic-gate char *
6677c478bd9Sstevel@tonic-gate __s_get_scope_name(ns_config_t *ptr, ScopeType_t type)
6687c478bd9Sstevel@tonic-gate {
6697c478bd9Sstevel@tonic-gate 	register ns_enum_map	*mapp;
6707c478bd9Sstevel@tonic-gate 
6717c478bd9Sstevel@tonic-gate 	if (ptr->version == NS_LDAP_V1)
6727c478bd9Sstevel@tonic-gate 		mapp = &ns_scope_enum_v1[0];
6737c478bd9Sstevel@tonic-gate 	else
6747c478bd9Sstevel@tonic-gate 		mapp = &ns_scope_enum_v2[0];
6757c478bd9Sstevel@tonic-gate 
6767c478bd9Sstevel@tonic-gate 	for (; mapp->name != NULL; mapp++) {
6777c478bd9Sstevel@tonic-gate 		if (type == INT2SCOPEENUM(mapp->value)) {
6787c478bd9Sstevel@tonic-gate 			return (mapp->name);
6797c478bd9Sstevel@tonic-gate 		}
6807c478bd9Sstevel@tonic-gate 	}
6817c478bd9Sstevel@tonic-gate 	return ("Unknown ScopeType_t type specified");
6827c478bd9Sstevel@tonic-gate }
6837c478bd9Sstevel@tonic-gate 
6847c478bd9Sstevel@tonic-gate 
6857c478bd9Sstevel@tonic-gate char *
6867c478bd9Sstevel@tonic-gate __s_get_pref_name(PrefOnly_t type)
6877c478bd9Sstevel@tonic-gate {
6887c478bd9Sstevel@tonic-gate 	register ns_enum_map	*mapp = &ns_pref_enum[0];
6897c478bd9Sstevel@tonic-gate 
6907c478bd9Sstevel@tonic-gate 	for (; mapp->name != NULL; mapp++) {
6917c478bd9Sstevel@tonic-gate 		if (type == INT2PREFONLYENUM(mapp->value)) {
6927c478bd9Sstevel@tonic-gate 			return (mapp->name);
6937c478bd9Sstevel@tonic-gate 		}
6947c478bd9Sstevel@tonic-gate 	}
6957c478bd9Sstevel@tonic-gate 	return ("Unknown PrefOnly_t type specified");
6967c478bd9Sstevel@tonic-gate }
6977c478bd9Sstevel@tonic-gate 
6987c478bd9Sstevel@tonic-gate char *
6997c478bd9Sstevel@tonic-gate __s_get_searchref_name(ns_config_t *ptr, SearchRef_t type)
7007c478bd9Sstevel@tonic-gate {
7017c478bd9Sstevel@tonic-gate 	register ns_enum_map	*mapp;
7027c478bd9Sstevel@tonic-gate 
7037c478bd9Sstevel@tonic-gate 	if (ptr->version == NS_LDAP_V1)
7047c478bd9Sstevel@tonic-gate 		mapp = &ns_ref_enum_v1[0];
7057c478bd9Sstevel@tonic-gate 	else
7067c478bd9Sstevel@tonic-gate 		mapp = &ns_ref_enum_v2[0];
7077c478bd9Sstevel@tonic-gate 
7087c478bd9Sstevel@tonic-gate 	for (; mapp->name != NULL; mapp++) {
7097c478bd9Sstevel@tonic-gate 		if (type == INT2SEARCHREFENUM(mapp->value)) {
7107c478bd9Sstevel@tonic-gate 			return (mapp->name);
7117c478bd9Sstevel@tonic-gate 		}
7127c478bd9Sstevel@tonic-gate 	}
7137c478bd9Sstevel@tonic-gate 	return ("Unknown SearchRef_t type specified");
7147c478bd9Sstevel@tonic-gate }
7157c478bd9Sstevel@tonic-gate 
7167c478bd9Sstevel@tonic-gate static char *
7177c478bd9Sstevel@tonic-gate __s_get_credlvl_name(ns_config_t *ptr, CredLevel_t type)
7187c478bd9Sstevel@tonic-gate {
7197c478bd9Sstevel@tonic-gate 	register ns_enum_map	*mapp;
7207c478bd9Sstevel@tonic-gate 
7217c478bd9Sstevel@tonic-gate 	if (ptr->version == NS_LDAP_V2) {
7227c478bd9Sstevel@tonic-gate 		mapp = &ns_cred_enum_v2[0];
7237c478bd9Sstevel@tonic-gate 		for (; mapp->name != NULL; mapp++) {
7247c478bd9Sstevel@tonic-gate 			if (type == INT2CREDLEVELENUM(mapp->value)) {
7257c478bd9Sstevel@tonic-gate 				return (mapp->name);
7267c478bd9Sstevel@tonic-gate 			}
7277c478bd9Sstevel@tonic-gate 		}
7287c478bd9Sstevel@tonic-gate 	}
7297c478bd9Sstevel@tonic-gate 	return ("Unknown CredLevel_t type specified");
7307c478bd9Sstevel@tonic-gate }
7317c478bd9Sstevel@tonic-gate 
7327c478bd9Sstevel@tonic-gate static void
7337c478bd9Sstevel@tonic-gate destroy_param(ns_config_t *ptr, ParamIndexType type)
7347c478bd9Sstevel@tonic-gate {
7357c478bd9Sstevel@tonic-gate 	int	i, j;
7367c478bd9Sstevel@tonic-gate 	char	**ppc;
7377c478bd9Sstevel@tonic-gate 
7387c478bd9Sstevel@tonic-gate 	if (ptr == NULL)
7397c478bd9Sstevel@tonic-gate 		return;
7407c478bd9Sstevel@tonic-gate 
7417c478bd9Sstevel@tonic-gate 	/*
7427c478bd9Sstevel@tonic-gate 	 * This routine is not lock protected because
7437c478bd9Sstevel@tonic-gate 	 * the config param it may be destroying is not
7447c478bd9Sstevel@tonic-gate 	 * necessarily THE config.  Mutex protect elsewhere.
7457c478bd9Sstevel@tonic-gate 	 */
7467c478bd9Sstevel@tonic-gate 	switch (ptr->paramList[type].ns_ptype) {
7477c478bd9Sstevel@tonic-gate 	case CHARPTR:
7487c478bd9Sstevel@tonic-gate 		if (ptr->paramList[type].ns_pc) {
7497c478bd9Sstevel@tonic-gate 			free(ptr->paramList[type].ns_pc);
7507c478bd9Sstevel@tonic-gate 			ptr->paramList[type].ns_pc = NULL;
7517c478bd9Sstevel@tonic-gate 		}
7527c478bd9Sstevel@tonic-gate 		break;
7537c478bd9Sstevel@tonic-gate 	case SAMLIST:
7547c478bd9Sstevel@tonic-gate 	case SCLLIST:
7557c478bd9Sstevel@tonic-gate 	case SSDLIST:
7567c478bd9Sstevel@tonic-gate 	case ARRAYCP:
7577c478bd9Sstevel@tonic-gate 	case SERVLIST:
7587c478bd9Sstevel@tonic-gate 		if (ptr->paramList[type].ns_ppc) {
7597c478bd9Sstevel@tonic-gate 			ppc = ptr->paramList[type].ns_ppc;
7607c478bd9Sstevel@tonic-gate 			j = ptr->paramList[type].ns_acnt;
7617c478bd9Sstevel@tonic-gate 			for (i = 0; i < j && ppc[i] != NULL; i++) {
7627c478bd9Sstevel@tonic-gate 				free((void *)ppc[i]);
7637c478bd9Sstevel@tonic-gate 			}
7647c478bd9Sstevel@tonic-gate 			free((void *)ppc);
7657c478bd9Sstevel@tonic-gate 			ptr->paramList[type].ns_ppc = NULL;
7667c478bd9Sstevel@tonic-gate 		}
7677c478bd9Sstevel@tonic-gate 		break;
7687c478bd9Sstevel@tonic-gate 	case ARRAYAUTH:
7697c478bd9Sstevel@tonic-gate 	case ARRAYCRED:
7707c478bd9Sstevel@tonic-gate 		if (ptr->paramList[type].ns_pi) {
7717c478bd9Sstevel@tonic-gate 			free(ptr->paramList[type].ns_pi);
7727c478bd9Sstevel@tonic-gate 			ptr->paramList[type].ns_pi = NULL;
7737c478bd9Sstevel@tonic-gate 		}
7747c478bd9Sstevel@tonic-gate 		break;
7757c478bd9Sstevel@tonic-gate 	case INT:
7767c478bd9Sstevel@tonic-gate 		ptr->paramList[type].ns_i = 0;
7777c478bd9Sstevel@tonic-gate 		break;
7787c478bd9Sstevel@tonic-gate 	case ATTRMAP:
7797c478bd9Sstevel@tonic-gate 		break;
7807c478bd9Sstevel@tonic-gate 	case OBJMAP:
7817c478bd9Sstevel@tonic-gate 		break;
7827c478bd9Sstevel@tonic-gate 	default:
7837c478bd9Sstevel@tonic-gate 		break;
7847c478bd9Sstevel@tonic-gate 	}
7857c478bd9Sstevel@tonic-gate 	ptr->paramList[type].ns_ptype = NS_UNKNOWN;
7867c478bd9Sstevel@tonic-gate }
7877c478bd9Sstevel@tonic-gate 
7887c478bd9Sstevel@tonic-gate static void
7897c478bd9Sstevel@tonic-gate destroy_config(ns_config_t *ptr)
7907c478bd9Sstevel@tonic-gate {
7917c478bd9Sstevel@tonic-gate 	ParamIndexType	i;
7927c478bd9Sstevel@tonic-gate 
7937c478bd9Sstevel@tonic-gate 	if (ptr != NULL) {
794e1dd0a2fSth 		if (ptr == current_config)
795e1dd0a2fSth 			current_config = NULL;
7967c478bd9Sstevel@tonic-gate 		if (ptr->domainName != NULL)
7977c478bd9Sstevel@tonic-gate 			free(ptr->domainName);
7987c478bd9Sstevel@tonic-gate 			ptr->domainName = NULL;
7997c478bd9Sstevel@tonic-gate 		for (i = 0; i <= LAST_VALUE; i++) {
8007c478bd9Sstevel@tonic-gate 			destroy_param(ptr, i);
8017c478bd9Sstevel@tonic-gate 		}
8027c478bd9Sstevel@tonic-gate 		__s_api_destroy_hash(ptr);
8037c478bd9Sstevel@tonic-gate 		free(ptr);
8047c478bd9Sstevel@tonic-gate 	}
8057c478bd9Sstevel@tonic-gate }
8067c478bd9Sstevel@tonic-gate 
8077c478bd9Sstevel@tonic-gate /*
8087c478bd9Sstevel@tonic-gate  * Marks the ns_config_t to be deleted and then releases it. (If no other
8097c478bd9Sstevel@tonic-gate  * caller is using, then __s_api_release_config will destroy it.)
8107c478bd9Sstevel@tonic-gate  *
8117c478bd9Sstevel@tonic-gate  * Note that __s_api_destroy_config should only be called if the caller has
8127c478bd9Sstevel@tonic-gate  * created the ns_config_t with __s_api_create_config (with the exception
8137c478bd9Sstevel@tonic-gate  * of set_curr_config). The ns_config_t should be private to the caller.
8147c478bd9Sstevel@tonic-gate  *
8157c478bd9Sstevel@tonic-gate  * This function should not be called with the current_config except by
8167c478bd9Sstevel@tonic-gate  * set_curr_config which locks ns_parse_lock to ensure that no thread
8177c478bd9Sstevel@tonic-gate  * will be waiting on current_config->config_mutex. This ensures that
8187c478bd9Sstevel@tonic-gate  * no caller with be waiting on cfg->config_mutex while it is being
8197c478bd9Sstevel@tonic-gate  * destroyed by __s_api_release_config.
8207c478bd9Sstevel@tonic-gate  */
8217c478bd9Sstevel@tonic-gate 
8227c478bd9Sstevel@tonic-gate void
8237c478bd9Sstevel@tonic-gate __s_api_destroy_config(ns_config_t *cfg)
8247c478bd9Sstevel@tonic-gate {
8257c478bd9Sstevel@tonic-gate 	if (cfg != NULL) {
8267c478bd9Sstevel@tonic-gate 		(void) mutex_lock(&cfg->config_mutex);
8277c478bd9Sstevel@tonic-gate 		cfg->delete = TRUE;
8287c478bd9Sstevel@tonic-gate 		(void) mutex_unlock(&cfg->config_mutex);
8297c478bd9Sstevel@tonic-gate 		__s_api_release_config(cfg);
8307c478bd9Sstevel@tonic-gate 	}
8317c478bd9Sstevel@tonic-gate }
8327c478bd9Sstevel@tonic-gate 
8337c478bd9Sstevel@tonic-gate 
8347c478bd9Sstevel@tonic-gate /*
8357c478bd9Sstevel@tonic-gate  * Increment the configuration use count by one - assumes ns_parse_lock has
836e1dd0a2fSth  * been obtained.
8377c478bd9Sstevel@tonic-gate  */
8387c478bd9Sstevel@tonic-gate 
8397c478bd9Sstevel@tonic-gate static ns_config_t *
840ca190d8dSmichen get_curr_config_unlocked(ns_config_t *cfg, boolean_t global)
8417c478bd9Sstevel@tonic-gate {
8427c478bd9Sstevel@tonic-gate 	ns_config_t *ret;
8437c478bd9Sstevel@tonic-gate 
8447c478bd9Sstevel@tonic-gate 	ret = cfg;
8457c478bd9Sstevel@tonic-gate 	if (cfg != NULL) {
8467c478bd9Sstevel@tonic-gate 		(void) mutex_lock(&cfg->config_mutex);
847ca190d8dSmichen 		/*
848ca190d8dSmichen 		 * allow access to per connection management (non-global)
849ca190d8dSmichen 		 * config so operations on connection being closed can still
850ca190d8dSmichen 		 * be completed
851ca190d8dSmichen 		 */
852ca190d8dSmichen 		if (cfg->delete && global == B_TRUE)
8537c478bd9Sstevel@tonic-gate 			ret = NULL;
8547c478bd9Sstevel@tonic-gate 		else
8557c478bd9Sstevel@tonic-gate 			cfg->nUse++;
8567c478bd9Sstevel@tonic-gate 		(void) mutex_unlock(&cfg->config_mutex);
8577c478bd9Sstevel@tonic-gate 	}
8587c478bd9Sstevel@tonic-gate 	return (ret);
8597c478bd9Sstevel@tonic-gate }
8607c478bd9Sstevel@tonic-gate 
8617c478bd9Sstevel@tonic-gate /*
862e1dd0a2fSth  * set_curr_config_global sets the current global config to the
863e1dd0a2fSth  * specified ns_config_t. Note that this function is similar
864e1dd0a2fSth  * to the project private function __s_api_init_config_global
865e1dd0a2fSth  * except that it does not release the new ns_config_t.
8667c478bd9Sstevel@tonic-gate  */
8677c478bd9Sstevel@tonic-gate static void
868e1dd0a2fSth set_curr_config_global(ns_config_t *ptr)
8697c478bd9Sstevel@tonic-gate {
870e1dd0a2fSth 	ns_config_t	*cfg;
871e1dd0a2fSth 	ns_config_t	*cur_cfg;
8727c478bd9Sstevel@tonic-gate 
8737c478bd9Sstevel@tonic-gate 	(void) mutex_lock(&ns_parse_lock);
874e1dd0a2fSth 	cur_cfg = current_config;
875ca190d8dSmichen 	cfg = get_curr_config_unlocked(cur_cfg, B_TRUE);
8767c478bd9Sstevel@tonic-gate 	if (cfg != ptr) {
8777c478bd9Sstevel@tonic-gate 		__s_api_destroy_config(cfg);
8787c478bd9Sstevel@tonic-gate 		current_config = ptr;
8797c478bd9Sstevel@tonic-gate 	}
8807c478bd9Sstevel@tonic-gate 	(void) mutex_unlock(&ns_parse_lock);
8817c478bd9Sstevel@tonic-gate }
8827c478bd9Sstevel@tonic-gate 
883e1dd0a2fSth 
884e1dd0a2fSth /*
885e1dd0a2fSth  * set_curr_config sets the current config or the per connection
886e1dd0a2fSth  * management one to the specified ns_config_t. Note that this function
887e1dd0a2fSth  * is similar to the project private function __s_api_init_config
888e1dd0a2fSth  * except that it does not release the new ns_config_t. Also note
889e1dd0a2fSth  * that if there's no per connection management one to set, the
890e1dd0a2fSth  * global current config will be set.
891e1dd0a2fSth  */
892e1dd0a2fSth 
893e1dd0a2fSth static void
894e1dd0a2fSth set_curr_config(ns_config_t *ptr)
895e1dd0a2fSth {
896e1dd0a2fSth 	ns_config_t	*cfg;
897e1dd0a2fSth 	ns_config_t	*cur_cfg;
898e1dd0a2fSth 	ns_conn_mgmt_t	*cmg;
899e1dd0a2fSth 	int		rc;
900e1dd0a2fSth 
901e1dd0a2fSth 	rc = thr_getspecific(ns_cmgkey, (void **)&cmg);
902e1dd0a2fSth 
903e1dd0a2fSth 	/* set the per connection management config if possible */
904e1dd0a2fSth 	if (rc == 0 && cmg != NULL && cmg->config != NULL) {
905e1dd0a2fSth 		(void) mutex_lock(&cmg->cfg_lock);
906e1dd0a2fSth 		cur_cfg = cmg->config;
907ca190d8dSmichen 		cfg = get_curr_config_unlocked(cur_cfg, B_FALSE);
908e1dd0a2fSth 		if (cfg != ptr) {
909e1dd0a2fSth 			__s_api_destroy_config(cfg);
910e1dd0a2fSth 			cmg->config = ptr;
911e1dd0a2fSth 		}
912e1dd0a2fSth 		(void) mutex_unlock(&cmg->cfg_lock);
913e1dd0a2fSth 		return;
914e1dd0a2fSth 	}
915e1dd0a2fSth 
916e1dd0a2fSth 	/* else set the global current config */
917e1dd0a2fSth 	set_curr_config_global(ptr);
918e1dd0a2fSth }
919e1dd0a2fSth 
9207c478bd9Sstevel@tonic-gate /*
9217c478bd9Sstevel@tonic-gate  * Decrements the ns_config_t usage count by one. Delete if delete flag
9227c478bd9Sstevel@tonic-gate  * is set and no other callers are using.
9237c478bd9Sstevel@tonic-gate  */
9247c478bd9Sstevel@tonic-gate 
9257c478bd9Sstevel@tonic-gate void
9267c478bd9Sstevel@tonic-gate __s_api_release_config(ns_config_t *cfg)
9277c478bd9Sstevel@tonic-gate {
9287c478bd9Sstevel@tonic-gate 	if (cfg != NULL) {
9297c478bd9Sstevel@tonic-gate 		(void) mutex_lock(&cfg->config_mutex);
9307c478bd9Sstevel@tonic-gate 		cfg->nUse--;
9317c478bd9Sstevel@tonic-gate 		if (cfg->nUse == 0 && cfg->delete) {
9327c478bd9Sstevel@tonic-gate 			destroy_config(cfg);
9337c478bd9Sstevel@tonic-gate 		} else
9347c478bd9Sstevel@tonic-gate 			(void) mutex_unlock(&cfg->config_mutex);
9357c478bd9Sstevel@tonic-gate 	}
9367c478bd9Sstevel@tonic-gate }
9377c478bd9Sstevel@tonic-gate 
938e1dd0a2fSth /*
939e1dd0a2fSth  * __s_api_init_config function destroys the previous global configuration
940e1dd0a2fSth  * sets the new global configuration and then releases it
941e1dd0a2fSth  */
942e1dd0a2fSth void
943e1dd0a2fSth __s_api_init_config_global(ns_config_t *ptr)
944e1dd0a2fSth {
945e1dd0a2fSth 	set_curr_config_global(ptr);
946e1dd0a2fSth 	__s_api_release_config(ptr);
947e1dd0a2fSth }
948e1dd0a2fSth 
9497c478bd9Sstevel@tonic-gate /*
9507c478bd9Sstevel@tonic-gate  * __s_api_init_config function destroys the previous configuration
951e1dd0a2fSth  * sets the new configuration and then releases it. The configuration
952e1dd0a2fSth  * may be the global one or the per connection management one.
9537c478bd9Sstevel@tonic-gate  */
9547c478bd9Sstevel@tonic-gate void
9557c478bd9Sstevel@tonic-gate __s_api_init_config(ns_config_t *ptr)
9567c478bd9Sstevel@tonic-gate {
9577c478bd9Sstevel@tonic-gate 	set_curr_config(ptr);
9587c478bd9Sstevel@tonic-gate 	__s_api_release_config(ptr);
9597c478bd9Sstevel@tonic-gate }
9607c478bd9Sstevel@tonic-gate 
9617c478bd9Sstevel@tonic-gate 
9627c478bd9Sstevel@tonic-gate /*
9637c478bd9Sstevel@tonic-gate  * Create an ns_config_t, set the usage count to one
9647c478bd9Sstevel@tonic-gate  */
9657c478bd9Sstevel@tonic-gate 
9667c478bd9Sstevel@tonic-gate ns_config_t *
9677c478bd9Sstevel@tonic-gate __s_api_create_config(void)
9687c478bd9Sstevel@tonic-gate {
9697c478bd9Sstevel@tonic-gate 	ns_config_t	*ret;
9707c478bd9Sstevel@tonic-gate 	ret = (ns_config_t *)calloc(1, sizeof (ns_config_t));
9717c478bd9Sstevel@tonic-gate 	if (ret == NULL)
9727c478bd9Sstevel@tonic-gate 		return (NULL);
9737c478bd9Sstevel@tonic-gate 
9747c478bd9Sstevel@tonic-gate 	ret->domainName = __getdomainname();
9757c478bd9Sstevel@tonic-gate 	if (ret->domainName == NULL) {
9767c478bd9Sstevel@tonic-gate 		free(ret);
9777c478bd9Sstevel@tonic-gate 		return (NULL);
9787c478bd9Sstevel@tonic-gate 	}
9797c478bd9Sstevel@tonic-gate 	ret->version = NS_LDAP_V1;
9807c478bd9Sstevel@tonic-gate 	(void) mutex_init(&ret->config_mutex, USYNC_THREAD, NULL);
9817c478bd9Sstevel@tonic-gate 	ret->nUse = 1;
9827c478bd9Sstevel@tonic-gate 	ret->delete = B_FALSE;
9837c478bd9Sstevel@tonic-gate 	return (ret);
9847c478bd9Sstevel@tonic-gate }
9857c478bd9Sstevel@tonic-gate 
986e1dd0a2fSth /*
987e1dd0a2fSth  * __s_api_get_default_config_global returns the current global config
988e1dd0a2fSth  */
9897c478bd9Sstevel@tonic-gate ns_config_t *
990e1dd0a2fSth __s_api_get_default_config_global(void)
9917c478bd9Sstevel@tonic-gate {
992e1dd0a2fSth 	ns_config_t	*cfg;
993e1dd0a2fSth 	ns_config_t	*cur_cfg;
9947c478bd9Sstevel@tonic-gate 
9957c478bd9Sstevel@tonic-gate 	(void) mutex_lock(&ns_parse_lock);
996e1dd0a2fSth 	cur_cfg = current_config;
997ca190d8dSmichen 	cfg = get_curr_config_unlocked(cur_cfg, B_TRUE);
9987c478bd9Sstevel@tonic-gate 	(void) mutex_unlock(&ns_parse_lock);
9997c478bd9Sstevel@tonic-gate 
10007c478bd9Sstevel@tonic-gate 	return (cfg);
10017c478bd9Sstevel@tonic-gate }
10027c478bd9Sstevel@tonic-gate 
1003e1dd0a2fSth /*
1004e1dd0a2fSth  * __s_api_get_default_config returns the current global config or the
1005e1dd0a2fSth  * per connection management one.
1006e1dd0a2fSth  */
1007e1dd0a2fSth ns_config_t *
1008e1dd0a2fSth __s_api_get_default_config(void)
1009e1dd0a2fSth {
1010e1dd0a2fSth 	ns_config_t	*cfg;
1011e1dd0a2fSth 	ns_config_t	*cur_cfg;
1012e1dd0a2fSth 	ns_conn_mgmt_t	*cmg;
1013e1dd0a2fSth 	int		rc;
1014e1dd0a2fSth 
1015e1dd0a2fSth 	rc = thr_getspecific(ns_cmgkey, (void **)&cmg);
1016e1dd0a2fSth 
1017e1dd0a2fSth 	/* get the per connection management config if available */
1018e1dd0a2fSth 	if (rc == 0 && cmg != NULL && cmg->config != NULL) {
1019e1dd0a2fSth 		(void) mutex_lock(&cmg->cfg_lock);
1020e1dd0a2fSth 		cur_cfg = cmg->config;
1021ca190d8dSmichen 		cfg = get_curr_config_unlocked(cur_cfg, B_FALSE);
1022e1dd0a2fSth 		(void) mutex_unlock(&cmg->cfg_lock);
1023e1dd0a2fSth 		return (cfg);
1024e1dd0a2fSth 	}
1025e1dd0a2fSth 
1026e1dd0a2fSth 	/* else get the global current config */
1027e1dd0a2fSth 	return (__s_api_get_default_config_global());
1028e1dd0a2fSth }
1029e1dd0a2fSth 
10307c478bd9Sstevel@tonic-gate static char *
10317c478bd9Sstevel@tonic-gate stripdup(const char *instr)
10327c478bd9Sstevel@tonic-gate {
10337c478bd9Sstevel@tonic-gate 	char	*pstart = (char *)instr;
10347c478bd9Sstevel@tonic-gate 	char	*pend, *ret;
10357c478bd9Sstevel@tonic-gate 	int	len;
10367c478bd9Sstevel@tonic-gate 
10377c478bd9Sstevel@tonic-gate 	if (pstart == NULL)
10387c478bd9Sstevel@tonic-gate 		return (NULL);
10397c478bd9Sstevel@tonic-gate 	/* remove leading spaces */
10407c478bd9Sstevel@tonic-gate 	while (*pstart == SPACETOK)
10417c478bd9Sstevel@tonic-gate 		pstart++;
10427c478bd9Sstevel@tonic-gate 	/* remove trailing spaces */
10437c478bd9Sstevel@tonic-gate 	pend = pstart + strlen(pstart) - 1;
10447ddae043Siz 	for (; pend >= pstart && *pend == SPACETOK; pend--)
10457ddae043Siz 		;
10467c478bd9Sstevel@tonic-gate 	len = pend - pstart + 1;
10477c478bd9Sstevel@tonic-gate 	if ((ret = malloc(len + 1)) == NULL)
10487c478bd9Sstevel@tonic-gate 		return (NULL);
10497c478bd9Sstevel@tonic-gate 	if (len != 0) {
10507c478bd9Sstevel@tonic-gate 		(void) strncpy(ret, pstart, len);
10517c478bd9Sstevel@tonic-gate 	}
10527c478bd9Sstevel@tonic-gate 	ret[len] = '\0';
10537c478bd9Sstevel@tonic-gate 	return (ret);
10547c478bd9Sstevel@tonic-gate }
10557c478bd9Sstevel@tonic-gate 
10567c478bd9Sstevel@tonic-gate /*
10577c478bd9Sstevel@tonic-gate  * Note that __s_api_crosscheck is assumed to be called with an ns_config_t
10587c478bd9Sstevel@tonic-gate  * that is properly protected - so that it will not change during the
10597c478bd9Sstevel@tonic-gate  * duration of the call
10607c478bd9Sstevel@tonic-gate  */
10617c478bd9Sstevel@tonic-gate 
10627c478bd9Sstevel@tonic-gate /* Size of errstr needs to be MAXERROR */
10637c478bd9Sstevel@tonic-gate ns_parse_status
10647c478bd9Sstevel@tonic-gate __s_api_crosscheck(ns_config_t *ptr, char *errstr, int check_dn)
10657c478bd9Sstevel@tonic-gate {
10667c478bd9Sstevel@tonic-gate 	int		value, j;
10677c478bd9Sstevel@tonic-gate 	time_t		tm;
10687c478bd9Sstevel@tonic-gate 	const char	*str, *str1;
1069e1dd0a2fSth 	int		i, cnt;
1070e1dd0a2fSth 	int		self, gssapi;
10717c478bd9Sstevel@tonic-gate 
10727c478bd9Sstevel@tonic-gate 	if (ptr == NULL)
10737c478bd9Sstevel@tonic-gate 		return (NS_SUCCESS);
10747c478bd9Sstevel@tonic-gate 
10757c478bd9Sstevel@tonic-gate 	/* check for no server specified */
10767c478bd9Sstevel@tonic-gate 	if (ptr->paramList[NS_LDAP_SERVERS_P].ns_ppc == NULL) {
10777c478bd9Sstevel@tonic-gate 		if (ptr->version == NS_LDAP_V1) {
10787c478bd9Sstevel@tonic-gate 			str = NULL_OR_STR(__s_api_get_configname(
10797ddae043Siz 			    NS_LDAP_SERVERS_P));
10807c478bd9Sstevel@tonic-gate 			(void) snprintf(errstr, MAXERROR,
10817ddae043Siz 			    gettext("Configuration Error: No entry for "
10827ddae043Siz 			    "'%s' found"), str);
10837c478bd9Sstevel@tonic-gate 			return (NS_PARSE_ERR);
10847c478bd9Sstevel@tonic-gate 		} else if (ptr->paramList[NS_LDAP_SERVER_PREF_P].ns_ppc ==
10857ddae043Siz 		    NULL) {
10867c478bd9Sstevel@tonic-gate 			str = NULL_OR_STR(__s_api_get_configname(
10877ddae043Siz 			    NS_LDAP_SERVERS_P));
10887c478bd9Sstevel@tonic-gate 			str1 = NULL_OR_STR(__s_api_get_configname(
10897ddae043Siz 			    NS_LDAP_SERVER_PREF_P));
10907c478bd9Sstevel@tonic-gate 			(void) snprintf(errstr, MAXERROR,
10917ddae043Siz 			    gettext("Configuration Error: "
10927ddae043Siz 			    "Neither '%s' nor '%s' is defined"), str, str1);
10937c478bd9Sstevel@tonic-gate 			return (NS_PARSE_ERR);
10947c478bd9Sstevel@tonic-gate 		}
10957c478bd9Sstevel@tonic-gate 	}
10967c478bd9Sstevel@tonic-gate 	if (ptr->paramList[NS_LDAP_CERT_PASS_P].ns_pc != NULL &&
10977ddae043Siz 	    ptr->paramList[NS_LDAP_CERT_PATH_P].ns_pc == NULL) {
10987c478bd9Sstevel@tonic-gate 			str = NULL_OR_STR(__s_api_get_configname(
10997ddae043Siz 			    NS_LDAP_CERT_PASS_P));
11007c478bd9Sstevel@tonic-gate 			str1 = NULL_OR_STR(__s_api_get_configname(
11017ddae043Siz 			    NS_LDAP_CERT_PATH_P));
11027c478bd9Sstevel@tonic-gate 			(void) snprintf(errstr, MAXERROR,
11037c478bd9Sstevel@tonic-gate 			gettext("Configuration Error: %s specified "
11047ddae043Siz 			    "but no value for '%s' found"), str, str1);
11057c478bd9Sstevel@tonic-gate 		return (NS_PARSE_ERR);
11067c478bd9Sstevel@tonic-gate 	}
11077c478bd9Sstevel@tonic-gate 	if (ptr->paramList[NS_LDAP_CERT_PASS_P].ns_pc == NULL &&
11087ddae043Siz 	    ptr->paramList[NS_LDAP_CERT_PATH_P].ns_pc != NULL) {
11097c478bd9Sstevel@tonic-gate 			str = NULL_OR_STR(__s_api_get_configname(
11107ddae043Siz 			    NS_LDAP_CERT_PATH_P));
11117c478bd9Sstevel@tonic-gate 			str1 = NULL_OR_STR(__s_api_get_configname(
11127ddae043Siz 			    NS_LDAP_CERT_PASS_P));
11137c478bd9Sstevel@tonic-gate 			(void) snprintf(errstr, MAXERROR,
11147c478bd9Sstevel@tonic-gate 			gettext("Configuration Error: %s specified "
11157ddae043Siz 			    "but no value for '%s' found"), str, str1);
11167c478bd9Sstevel@tonic-gate 		return (NS_PARSE_ERR);
11177c478bd9Sstevel@tonic-gate 	}
11187c478bd9Sstevel@tonic-gate 	/* check if search basedn has been specified */
11197c478bd9Sstevel@tonic-gate 	if (ptr->paramList[NS_LDAP_SEARCH_BASEDN_P].ns_ppc == NULL) {
11207c478bd9Sstevel@tonic-gate 		str = NULL_OR_STR(__s_api_get_configname(
11217ddae043Siz 		    NS_LDAP_SEARCH_BASEDN_P));
11227c478bd9Sstevel@tonic-gate 		(void) snprintf(errstr, MAXERROR,
11237ddae043Siz 		    gettext("Configuration Error: No entry for "
11247ddae043Siz 		    "'%s' found"), str);
11257c478bd9Sstevel@tonic-gate 		return (NS_PARSE_ERR);
11267c478bd9Sstevel@tonic-gate 	}
11277c478bd9Sstevel@tonic-gate 
11287c478bd9Sstevel@tonic-gate 	if (check_dn) {
11297c478bd9Sstevel@tonic-gate 	    /* check for auth value....passwd/bindn if necessary */
11307c478bd9Sstevel@tonic-gate 
11317ddae043Siz 		for (j = 0; ptr->paramList[NS_LDAP_AUTH_P].ns_pi != NULL &&
11327c478bd9Sstevel@tonic-gate 		    ptr->paramList[NS_LDAP_AUTH_P].ns_pi[j] != NULL; j++) {
11337c478bd9Sstevel@tonic-gate 		value = ptr->paramList[NS_LDAP_AUTH_P].ns_pi[j];
11347c478bd9Sstevel@tonic-gate 		switch (value) {
11357ddae043Siz 		case NS_LDAP_EA_SIMPLE:
11367ddae043Siz 		case NS_LDAP_EA_SASL_CRAM_MD5:
11377ddae043Siz 		case NS_LDAP_EA_SASL_DIGEST_MD5:
11387ddae043Siz 		case NS_LDAP_EA_SASL_DIGEST_MD5_INT:
11397ddae043Siz 		case NS_LDAP_EA_SASL_DIGEST_MD5_CONF:
11407ddae043Siz 		case NS_LDAP_EA_TLS_SIMPLE:
11417ddae043Siz 		case NS_LDAP_EA_TLS_SASL_CRAM_MD5:
11427ddae043Siz 		case NS_LDAP_EA_TLS_SASL_DIGEST_MD5:
11437ddae043Siz 		case NS_LDAP_EA_TLS_SASL_DIGEST_MD5_INT:
11447ddae043Siz 		case NS_LDAP_EA_TLS_SASL_DIGEST_MD5_CONF:
11457c478bd9Sstevel@tonic-gate 			if (ptr->paramList[NS_LDAP_BINDDN_P].ns_ppc == NULL) {
11467c478bd9Sstevel@tonic-gate 				str = NULL_OR_STR(__s_api_get_configname(
11477ddae043Siz 				    NS_LDAP_BINDDN_P));
11487c478bd9Sstevel@tonic-gate 				(void) snprintf(errstr, MAXERROR,
11497c478bd9Sstevel@tonic-gate 				gettext("Configuration Error: No entry for "
11507c478bd9Sstevel@tonic-gate 				    "'%s' found"), str);
11517c478bd9Sstevel@tonic-gate 				return (NS_PARSE_ERR);
11527c478bd9Sstevel@tonic-gate 			}
11537c478bd9Sstevel@tonic-gate 			if (ptr->paramList[NS_LDAP_BINDPASSWD_P].ns_ppc
11547ddae043Siz 			    == NULL) {
11557c478bd9Sstevel@tonic-gate 				str = NULL_OR_STR(__s_api_get_configname(
11567ddae043Siz 				    NS_LDAP_BINDPASSWD_P));
11577c478bd9Sstevel@tonic-gate 				(void) snprintf(errstr, MAXERROR,
11587c478bd9Sstevel@tonic-gate 				gettext("Configuration Error: No entry for "
11597ddae043Siz 				    "'%s' found"), str);
11607c478bd9Sstevel@tonic-gate 				return (NS_PARSE_ERR);
11617c478bd9Sstevel@tonic-gate 			}
11627c478bd9Sstevel@tonic-gate 			break;
11637c478bd9Sstevel@tonic-gate 		}
11647ddae043Siz 		}
11657c478bd9Sstevel@tonic-gate 	}
11667c478bd9Sstevel@tonic-gate 
11677c478bd9Sstevel@tonic-gate 	/*
11687c478bd9Sstevel@tonic-gate 	 * If NS_LDAP_CACHETTL is not specified,
11697c478bd9Sstevel@tonic-gate 	 * init NS_LDAP_EXP_P here. Otherwise,
11707c478bd9Sstevel@tonic-gate 	 * ldap_cachemgr will never refresh the profile.
11717c478bd9Sstevel@tonic-gate 	 * Set it to current time + default
11727c478bd9Sstevel@tonic-gate 	 * NS_LDAP_CACHETTL
11737c478bd9Sstevel@tonic-gate 	 */
11747c478bd9Sstevel@tonic-gate 	if (ptr->paramList[NS_LDAP_CACHETTL_P].ns_pc == NULL) {
11757c478bd9Sstevel@tonic-gate 		tm = conv_time(
11767ddae043Siz 		    defconfig[NS_LDAP_CACHETTL_P].defval.ns_pc);
11777c478bd9Sstevel@tonic-gate 		ptr->paramList[NS_LDAP_EXP_P].ns_ptype = TIMET;
11787c478bd9Sstevel@tonic-gate 		if (tm != 0) {
11797c478bd9Sstevel@tonic-gate 			tm += time(NULL);
11807c478bd9Sstevel@tonic-gate 		}
11817c478bd9Sstevel@tonic-gate 		ptr->paramList[NS_LDAP_EXP_P].ns_tm = tm;
11827c478bd9Sstevel@tonic-gate 	}
1183cb5caa98Sdjl 	/*
1184cb5caa98Sdjl 	 * If credential level self is defined, there should be
1185cb5caa98Sdjl 	 * at least an auth method sasl/GSSAPI and vice versa.
1186cb5caa98Sdjl 	 */
1187cb5caa98Sdjl 	self = 0;
1188cb5caa98Sdjl 	cnt = ptr->paramList[NS_LDAP_CREDENTIAL_LEVEL_P].ns_acnt;
1189cb5caa98Sdjl 	for (i = 0; i < cnt; i++) {
1190cb5caa98Sdjl 		if (ptr->paramList[NS_LDAP_CREDENTIAL_LEVEL_P].ns_pi[i] ==
11917ddae043Siz 		    NS_LDAP_CRED_SELF)
1192cb5caa98Sdjl 			self++;
1193cb5caa98Sdjl 	}
1194cb5caa98Sdjl 	gssapi = 0;
1195cb5caa98Sdjl 	cnt = ptr->paramList[NS_LDAP_AUTH_P].ns_acnt;
1196cb5caa98Sdjl 	for (i = 0; i < cnt; i++) {
1197cb5caa98Sdjl 		if (ptr->paramList[NS_LDAP_AUTH_P].ns_pi[i] ==
11987ddae043Siz 		    NS_LDAP_EA_SASL_GSSAPI)
1199cb5caa98Sdjl 			gssapi++;
1200cb5caa98Sdjl 	}
1201cb5caa98Sdjl 	if (gssapi == 0 && self > 0) {
1202cb5caa98Sdjl 		(void) snprintf(errstr, MAXERROR,
12037ddae043Siz 		    gettext("Configuration Error: "
12047ddae043Siz 		    "Credential level self requires "
12057ddae043Siz 		    "authentication method sasl/GSSAPI"));
1206cb5caa98Sdjl 		return (NS_PARSE_ERR);
1207cb5caa98Sdjl 	}
1208cb5caa98Sdjl 	if (gssapi > 0 && self == 0) {
1209cb5caa98Sdjl 		(void) snprintf(errstr, MAXERROR,
12107ddae043Siz 		    gettext("Configuration Error: "
12117ddae043Siz 		    "Authentication method sasl/GSSAPI "
12127ddae043Siz 		    "requires credential level self"));
1213cb5caa98Sdjl 		return (NS_PARSE_ERR);
1214cb5caa98Sdjl 	}
12157c478bd9Sstevel@tonic-gate 	return (NS_SUCCESS);
12167c478bd9Sstevel@tonic-gate }
12177c478bd9Sstevel@tonic-gate 
12187c478bd9Sstevel@tonic-gate 
12197c478bd9Sstevel@tonic-gate int
12207c478bd9Sstevel@tonic-gate __s_api_get_type(const char *value, ParamIndexType *type)
12217c478bd9Sstevel@tonic-gate {
12227c478bd9Sstevel@tonic-gate 	int	i;
12237c478bd9Sstevel@tonic-gate 
12247c478bd9Sstevel@tonic-gate 	for (i = 0; defconfig[i].name != NULL; i++) {
12257c478bd9Sstevel@tonic-gate 		if (strcasecmp(defconfig[i].name, value) == 0) {
12267c478bd9Sstevel@tonic-gate 			*type = defconfig[i].index;
12277c478bd9Sstevel@tonic-gate 			return (0);
12287c478bd9Sstevel@tonic-gate 		}
12297c478bd9Sstevel@tonic-gate 	}
12307c478bd9Sstevel@tonic-gate 	return (-1);
12317c478bd9Sstevel@tonic-gate }
12327c478bd9Sstevel@tonic-gate 
12337c478bd9Sstevel@tonic-gate /*
12347c478bd9Sstevel@tonic-gate  * Externally defined version of get_type.
12357c478bd9Sstevel@tonic-gate  * Includes extra error checking
12367c478bd9Sstevel@tonic-gate  */
12377c478bd9Sstevel@tonic-gate 
12387c478bd9Sstevel@tonic-gate int
12397c478bd9Sstevel@tonic-gate __ns_ldap_getParamType(const char *value, ParamIndexType *type)
12407c478bd9Sstevel@tonic-gate {
12417c478bd9Sstevel@tonic-gate 	if (value == NULL || type == NULL)
12427c478bd9Sstevel@tonic-gate 		return (-1);
12437c478bd9Sstevel@tonic-gate 	return (__s_api_get_type(value, type));
12447c478bd9Sstevel@tonic-gate }
12457c478bd9Sstevel@tonic-gate 
12467c478bd9Sstevel@tonic-gate int
12477c478bd9Sstevel@tonic-gate __s_api_get_versiontype(ns_config_t *ptr, char *value, ParamIndexType *type)
12487c478bd9Sstevel@tonic-gate {
12497c478bd9Sstevel@tonic-gate 	ns_version_t	ver;
12507c478bd9Sstevel@tonic-gate 	int		i;
12517c478bd9Sstevel@tonic-gate 
12527c478bd9Sstevel@tonic-gate 	if (ptr == NULL)
12537c478bd9Sstevel@tonic-gate 		return (-1);
12547c478bd9Sstevel@tonic-gate 
12557c478bd9Sstevel@tonic-gate 	ver = ptr->version;
12567c478bd9Sstevel@tonic-gate 
12577c478bd9Sstevel@tonic-gate 	for (i = 0; defconfig[i].name != NULL; i++) {
12587c478bd9Sstevel@tonic-gate 		if (strcasecmp(defconfig[i].name, value) == 0) {
12597c478bd9Sstevel@tonic-gate 			if (defconfig[i].version == ver) {
12607c478bd9Sstevel@tonic-gate 				*type = defconfig[i].index;
12617c478bd9Sstevel@tonic-gate 				return (0);
12627c478bd9Sstevel@tonic-gate 			}
12637c478bd9Sstevel@tonic-gate 		}
12647c478bd9Sstevel@tonic-gate 	}
12657c478bd9Sstevel@tonic-gate 	return (-1);
12667c478bd9Sstevel@tonic-gate }
12677c478bd9Sstevel@tonic-gate 
12687c478bd9Sstevel@tonic-gate int
12697c478bd9Sstevel@tonic-gate __s_api_get_profiletype(char *value, ParamIndexType *type)
12707c478bd9Sstevel@tonic-gate {
12717c478bd9Sstevel@tonic-gate 	int	i;
12727c478bd9Sstevel@tonic-gate 
12737c478bd9Sstevel@tonic-gate 	for (i = 0; defconfig[i].name != NULL; i++) {
12747c478bd9Sstevel@tonic-gate 		if (defconfig[i].profile_name == NULL)
12757c478bd9Sstevel@tonic-gate 			continue;
12767c478bd9Sstevel@tonic-gate 		if (strcasecmp(defconfig[i].profile_name, value) == 0) {
12777c478bd9Sstevel@tonic-gate 			*type = defconfig[i].index;
12787c478bd9Sstevel@tonic-gate 			return (0);
12797c478bd9Sstevel@tonic-gate 		}
12807c478bd9Sstevel@tonic-gate 	}
12817c478bd9Sstevel@tonic-gate 	return (-1);
12827c478bd9Sstevel@tonic-gate }
12837c478bd9Sstevel@tonic-gate 
12847c478bd9Sstevel@tonic-gate int
12857c478bd9Sstevel@tonic-gate __s_api_get_configtype(ParamIndexType type)
12867c478bd9Sstevel@tonic-gate {
12877c478bd9Sstevel@tonic-gate 	int i;
12887c478bd9Sstevel@tonic-gate 
12897c478bd9Sstevel@tonic-gate 	for (i = 0; defconfig[i].name != NULL; i++) {
12907c478bd9Sstevel@tonic-gate 		if (defconfig[i].index == type) {
12917c478bd9Sstevel@tonic-gate 			return (defconfig[i].config_type);
12927c478bd9Sstevel@tonic-gate 		}
12937c478bd9Sstevel@tonic-gate 	}
12947c478bd9Sstevel@tonic-gate 	return (-1);
12957c478bd9Sstevel@tonic-gate }
12967c478bd9Sstevel@tonic-gate 
12977c478bd9Sstevel@tonic-gate const char *
12987c478bd9Sstevel@tonic-gate __s_api_get_configname(ParamIndexType type)
12997c478bd9Sstevel@tonic-gate {
13007c478bd9Sstevel@tonic-gate 	int i;
13017c478bd9Sstevel@tonic-gate 
13027c478bd9Sstevel@tonic-gate 	for (i = 0; defconfig[i].name != NULL; i++) {
13037c478bd9Sstevel@tonic-gate 		if (defconfig[i].index == type) {
13047c478bd9Sstevel@tonic-gate 			if (defconfig[i].name[0] == '\0')
13057c478bd9Sstevel@tonic-gate 				return (NULL);
13067c478bd9Sstevel@tonic-gate 			else
13077c478bd9Sstevel@tonic-gate 				return (defconfig[i].name);
13087c478bd9Sstevel@tonic-gate 		}
13097c478bd9Sstevel@tonic-gate 	}
13107c478bd9Sstevel@tonic-gate 	return (NULL);
13117c478bd9Sstevel@tonic-gate }
13127c478bd9Sstevel@tonic-gate 
13137c478bd9Sstevel@tonic-gate static ns_default_config *
13147c478bd9Sstevel@tonic-gate get_defconfig(ns_config_t *ptr, ParamIndexType type)
13157c478bd9Sstevel@tonic-gate {
13167c478bd9Sstevel@tonic-gate 	ns_version_t	ver;
13177c478bd9Sstevel@tonic-gate 	int		i;
13187c478bd9Sstevel@tonic-gate 
13197c478bd9Sstevel@tonic-gate 	ver = ptr->version;
13207c478bd9Sstevel@tonic-gate 
13217c478bd9Sstevel@tonic-gate 	for (i = 0; defconfig[i].name != NULL; i++) {
13227c478bd9Sstevel@tonic-gate 		if (defconfig[i].index == type &&
13237c478bd9Sstevel@tonic-gate 		    defconfig[i].version == ver) {
13247c478bd9Sstevel@tonic-gate 			return (&defconfig[i]);
13257c478bd9Sstevel@tonic-gate 		}
13267c478bd9Sstevel@tonic-gate 	}
13277c478bd9Sstevel@tonic-gate 	return (NULL);
13287c478bd9Sstevel@tonic-gate }
13297c478bd9Sstevel@tonic-gate 
13307c478bd9Sstevel@tonic-gate static int
13317c478bd9Sstevel@tonic-gate set_default_value(ns_config_t *configptr, char *name,
13327c478bd9Sstevel@tonic-gate 			char *value, ns_ldap_error_t **error)
13337c478bd9Sstevel@tonic-gate {
13347c478bd9Sstevel@tonic-gate 	ParamIndexType	i;
13357c478bd9Sstevel@tonic-gate 	int		ret;
13367c478bd9Sstevel@tonic-gate 	char		errstr[MAXERROR];
13377c478bd9Sstevel@tonic-gate 
13387c478bd9Sstevel@tonic-gate 	if (__s_api_get_type(name, &i) < 0) {
13397c478bd9Sstevel@tonic-gate 		(void) snprintf(errstr, sizeof (errstr), gettext(
13407ddae043Siz 		    "Illegal type name (%s).\n"), name);
13417c478bd9Sstevel@tonic-gate 		MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX, strdup(errstr),
13427ddae043Siz 		    NULL);
13437c478bd9Sstevel@tonic-gate 		return (NS_LDAP_CONFIG);
13447c478bd9Sstevel@tonic-gate 	}
13457c478bd9Sstevel@tonic-gate 
13467c478bd9Sstevel@tonic-gate 	if (i != NS_LDAP_SERVERS_P &&
13477ddae043Siz 	    i != NS_LDAP_SERVICE_AUTH_METHOD_P &&
13487ddae043Siz 	    i != NS_LDAP_SERVICE_CRED_LEVEL_P &&
13497ddae043Siz 	    i != NS_LDAP_SERVICE_SEARCH_DESC_P &&
13507ddae043Siz 	    i != NS_LDAP_SERVER_PREF_P &&
13517ddae043Siz 	    i != NS_LDAP_SEARCH_DN_P) {
13527c478bd9Sstevel@tonic-gate 		if (configptr->paramList[i].ns_ptype != NS_UNKNOWN) {
13537c478bd9Sstevel@tonic-gate 			destroy_param(configptr, i);
13547c478bd9Sstevel@tonic-gate 		}
13557c478bd9Sstevel@tonic-gate 	}
13567c478bd9Sstevel@tonic-gate 
13577c478bd9Sstevel@tonic-gate 	ret = __ns_ldap_setParamValue(configptr, i, value, error);
13587c478bd9Sstevel@tonic-gate 	return (ret);
13597c478bd9Sstevel@tonic-gate }
13607c478bd9Sstevel@tonic-gate 
13617c478bd9Sstevel@tonic-gate 
13627c478bd9Sstevel@tonic-gate /*
13637c478bd9Sstevel@tonic-gate  * Initialize config to a default state
13647c478bd9Sstevel@tonic-gate  * By default leave configuration empty
13657c478bd9Sstevel@tonic-gate  * getParam will automatically get the
13667c478bd9Sstevel@tonic-gate  * appropriate default value if none exists
13677c478bd9Sstevel@tonic-gate  */
13687c478bd9Sstevel@tonic-gate 
13697c478bd9Sstevel@tonic-gate void
13707c478bd9Sstevel@tonic-gate __ns_ldap_default_config()
13717c478bd9Sstevel@tonic-gate {
13727c478bd9Sstevel@tonic-gate 	ns_config_t	*ptr;
13737c478bd9Sstevel@tonic-gate 
13747c478bd9Sstevel@tonic-gate 	ptr = __s_api_create_config();
13757c478bd9Sstevel@tonic-gate 	if (ptr == NULL)
13767c478bd9Sstevel@tonic-gate 		return;
13777c478bd9Sstevel@tonic-gate 
13787c478bd9Sstevel@tonic-gate 	set_curr_config(ptr);
13797c478bd9Sstevel@tonic-gate 	__s_api_release_config(ptr);
13807c478bd9Sstevel@tonic-gate }
13817c478bd9Sstevel@tonic-gate 
13827c478bd9Sstevel@tonic-gate /*
13837c478bd9Sstevel@tonic-gate  * Get the current configuration pointer and return it.
13847c478bd9Sstevel@tonic-gate  * If necessary initialize or refresh the current
1385e1dd0a2fSth  * configuration as applicable. If global is set, returns
1386e1dd0a2fSth  * the global one.
13877c478bd9Sstevel@tonic-gate  */
13887c478bd9Sstevel@tonic-gate 
1389e1dd0a2fSth static ns_config_t *
1390e1dd0a2fSth loadrefresh_config(boolean_t global)
13917c478bd9Sstevel@tonic-gate {
13927c478bd9Sstevel@tonic-gate 	ns_config_t		*cfg;
13937c478bd9Sstevel@tonic-gate 	ns_config_t		*new_cfg;
13947c478bd9Sstevel@tonic-gate 	ns_ldap_error_t		*errorp;
13957c478bd9Sstevel@tonic-gate 
13967c478bd9Sstevel@tonic-gate 	/* We want to refresh only one configuration at a time */
13977c478bd9Sstevel@tonic-gate 	(void) mutex_lock(&ns_loadrefresh_lock);
1398e1dd0a2fSth 	if (global == B_TRUE)
1399e1dd0a2fSth 		cfg = __s_api_get_default_config_global();
1400e1dd0a2fSth 	else
1401e1dd0a2fSth 		cfg = __s_api_get_default_config();
14027c478bd9Sstevel@tonic-gate 
14037c478bd9Sstevel@tonic-gate 	/* (re)initialize configuration if necessary */
1404e1dd0a2fSth 	if (!__s_api_isStandalone() && timetorefresh(cfg)) {
1405e1dd0a2fSth 		new_cfg = LoadCacheConfiguration(cfg, &errorp);
1406e1dd0a2fSth 		if (new_cfg != NULL && new_cfg != cfg) {
14077c478bd9Sstevel@tonic-gate 			__s_api_release_config(cfg);
1408e1dd0a2fSth 			if (global == B_TRUE)
1409e1dd0a2fSth 				set_curr_config_global(new_cfg);
1410e1dd0a2fSth 			else
1411e1dd0a2fSth 				set_curr_config(new_cfg);
14127c478bd9Sstevel@tonic-gate 			cfg = new_cfg;
14137c478bd9Sstevel@tonic-gate 		}
14147c478bd9Sstevel@tonic-gate 		if (errorp != NULL)
14157c478bd9Sstevel@tonic-gate 			(void) __ns_ldap_freeError(&errorp);
14167c478bd9Sstevel@tonic-gate 	}
14177c478bd9Sstevel@tonic-gate 	(void) mutex_unlock(&ns_loadrefresh_lock);
14187c478bd9Sstevel@tonic-gate 	return (cfg);
14197c478bd9Sstevel@tonic-gate }
14207c478bd9Sstevel@tonic-gate 
1421e1dd0a2fSth /*
1422e1dd0a2fSth  * Get the current global configuration pointer and return it.
1423e1dd0a2fSth  * If necessary initialize or refresh the current
1424e1dd0a2fSth  * configuration as applicable.
1425e1dd0a2fSth  */
1426e1dd0a2fSth 
1427e1dd0a2fSth ns_config_t *
1428e1dd0a2fSth __s_api_loadrefresh_config_global()
1429e1dd0a2fSth {
1430e1dd0a2fSth 	return (loadrefresh_config(B_TRUE));
1431e1dd0a2fSth }
1432e1dd0a2fSth 
1433e1dd0a2fSth /*
1434e1dd0a2fSth  * Get the current configuration pointer and return it.
1435e1dd0a2fSth  * If necessary initialize or refresh the current
1436e1dd0a2fSth  * configuration as applicable. The configuration may
1437e1dd0a2fSth  * be the global one or the per connection management one.
1438e1dd0a2fSth  */
1439e1dd0a2fSth 
1440e1dd0a2fSth ns_config_t *
1441e1dd0a2fSth __s_api_loadrefresh_config()
1442e1dd0a2fSth {
1443e1dd0a2fSth 	return (loadrefresh_config(B_FALSE));
1444e1dd0a2fSth }
1445e1dd0a2fSth 
14467c478bd9Sstevel@tonic-gate /*
14477c478bd9Sstevel@tonic-gate  * In general this routine is not very usefull. Individual routines can be
14487c478bd9Sstevel@tonic-gate  * created to do this job.  Once that is done, this function can be removed.
14497c478bd9Sstevel@tonic-gate  * Size of errstr buffer needs to be MAXERROR.
14507c478bd9Sstevel@tonic-gate  */
14517c478bd9Sstevel@tonic-gate static ns_parse_status
14527c478bd9Sstevel@tonic-gate verify_value(ns_config_t *cfg, char *name, char *value, char *errstr)
14537c478bd9Sstevel@tonic-gate {
14547c478bd9Sstevel@tonic-gate 	ParamIndexType	index = 0;
14557c478bd9Sstevel@tonic-gate 	int		found = 0, j;
14567c478bd9Sstevel@tonic-gate 	char		*ptr = NULL, *strptr = NULL, buffer[BUFSIZE];
14577c478bd9Sstevel@tonic-gate 	char		*rest;
14587c478bd9Sstevel@tonic-gate 	ns_default_config	*def = NULL;
14597c478bd9Sstevel@tonic-gate 
14607c478bd9Sstevel@tonic-gate 	if (__s_api_get_type(name, &index) != 0) {
14617c478bd9Sstevel@tonic-gate 		(void) snprintf(errstr, MAXERROR,
14627ddae043Siz 		    gettext("Unknown keyword encountered '%s'."), name);
14637c478bd9Sstevel@tonic-gate 		return (NS_PARSE_ERR);
14647c478bd9Sstevel@tonic-gate 	}
14657c478bd9Sstevel@tonic-gate 
14667c478bd9Sstevel@tonic-gate 	def = get_defconfig(cfg, index);
14677c478bd9Sstevel@tonic-gate 
14687c478bd9Sstevel@tonic-gate 	/* eat up beginning quote, if any */
14697c478bd9Sstevel@tonic-gate 	while (value != NULL && (*value == QUOTETOK || *value == SPACETOK))
14707c478bd9Sstevel@tonic-gate 		value++;
14717c478bd9Sstevel@tonic-gate 
14727c478bd9Sstevel@tonic-gate 	/* eat up space/quote at end of value */
14737c478bd9Sstevel@tonic-gate 	if (strlen(value) > 0)
14747c478bd9Sstevel@tonic-gate 		ptr = value + strlen(value) - 1;
14757c478bd9Sstevel@tonic-gate 	else
14767c478bd9Sstevel@tonic-gate 		ptr = value;
14777c478bd9Sstevel@tonic-gate 	for (; ptr != value && (*ptr == SPACETOK || *ptr == QUOTETOK); ptr--) {
14787c478bd9Sstevel@tonic-gate 		*ptr = '\0';
14797c478bd9Sstevel@tonic-gate 	}
14807c478bd9Sstevel@tonic-gate 
14817c478bd9Sstevel@tonic-gate 	switch (index) {
14827c478bd9Sstevel@tonic-gate 	case NS_LDAP_EXP_P:
14837c478bd9Sstevel@tonic-gate 	case NS_LDAP_CACHETTL_P:
14847c478bd9Sstevel@tonic-gate 	case NS_LDAP_CERT_PATH_P:
14857c478bd9Sstevel@tonic-gate 	case NS_LDAP_CERT_PASS_P:
14867c478bd9Sstevel@tonic-gate 	case NS_LDAP_CERT_NICKNAME_P:
14877c478bd9Sstevel@tonic-gate 	case NS_LDAP_BINDDN_P:
14887c478bd9Sstevel@tonic-gate 	case NS_LDAP_BINDPASSWD_P:
14897c478bd9Sstevel@tonic-gate 	case NS_LDAP_DOMAIN_P:
14907c478bd9Sstevel@tonic-gate 	case NS_LDAP_SEARCH_BASEDN_P:
14917c478bd9Sstevel@tonic-gate 	case NS_LDAP_SEARCH_TIME_P:
14927c478bd9Sstevel@tonic-gate 	case NS_LDAP_PROFILE_P:
14937c478bd9Sstevel@tonic-gate 	case NS_LDAP_AUTH_P:
14947c478bd9Sstevel@tonic-gate 	case NS_LDAP_SEARCH_SCOPE_P:
14957c478bd9Sstevel@tonic-gate 	case NS_LDAP_CREDENTIAL_LEVEL_P:
14967c478bd9Sstevel@tonic-gate 	case NS_LDAP_SERVICE_SEARCH_DESC_P:
14977c478bd9Sstevel@tonic-gate 	case NS_LDAP_BIND_TIME_P:
14987c478bd9Sstevel@tonic-gate 	case NS_LDAP_ATTRIBUTEMAP_P:
14997c478bd9Sstevel@tonic-gate 	case NS_LDAP_OBJECTCLASSMAP_P:
15007c478bd9Sstevel@tonic-gate 	case NS_LDAP_SERVICE_AUTH_METHOD_P:
15017c478bd9Sstevel@tonic-gate 	case NS_LDAP_SERVICE_CRED_LEVEL_P:
15027c478bd9Sstevel@tonic-gate 	case NS_LDAP_HOST_CERTPATH_P:
15037c478bd9Sstevel@tonic-gate 		break;
15047c478bd9Sstevel@tonic-gate 	case NS_LDAP_SEARCH_DN_P:
15057c478bd9Sstevel@tonic-gate 		/* depreciated because of service descriptors */
15067c478bd9Sstevel@tonic-gate 		/* Parse as appropriate at descriptor create time */
15077c478bd9Sstevel@tonic-gate 		break;
15087c478bd9Sstevel@tonic-gate 	case NS_LDAP_FILE_VERSION_P:
15097c478bd9Sstevel@tonic-gate 		if (value != NULL &&
15107ddae043Siz 		    strcasecmp(value, NS_LDAP_VERSION_1) != 0 &&
15117ddae043Siz 		    strcasecmp(value, NS_LDAP_VERSION_2) != 0) {
15127c478bd9Sstevel@tonic-gate 			(void) snprintf(errstr, MAXERROR,
15137ddae043Siz 			    gettext("Version mismatch, expected "
15147ddae043Siz 			    "cache version '%s' or '%s' but "
15157ddae043Siz 			    "encountered version '%s'."),
15167ddae043Siz 			    NS_LDAP_VERSION_1,
15177ddae043Siz 			    NS_LDAP_VERSION_2, value);
15187c478bd9Sstevel@tonic-gate 				return (NS_PARSE_ERR);
15197c478bd9Sstevel@tonic-gate 		}
15207c478bd9Sstevel@tonic-gate 		break;
15217c478bd9Sstevel@tonic-gate 	case NS_LDAP_SERVERS_P:
15227c478bd9Sstevel@tonic-gate 	case NS_LDAP_SERVER_PREF_P:
15237c478bd9Sstevel@tonic-gate 		(void) strcpy(buffer, value);
15247c478bd9Sstevel@tonic-gate 		strptr = strtok_r(buffer, ",", &rest);
15257c478bd9Sstevel@tonic-gate 		while (strptr != NULL) {
15267c478bd9Sstevel@tonic-gate 			char	*tmp = NULL;
15277c478bd9Sstevel@tonic-gate 			tmp = stripdup(strptr);
15287c478bd9Sstevel@tonic-gate 			if (tmp == NULL || (strchr(tmp, ' ') != NULL)) {
15297c478bd9Sstevel@tonic-gate 				(void) snprintf(errstr, MAXERROR,
15307c478bd9Sstevel@tonic-gate 				    gettext("Invalid parameter values "
15317c478bd9Sstevel@tonic-gate 				    "'%s' specified for keyword '%s'."),
15327c478bd9Sstevel@tonic-gate 				    tmp, name);
15337c478bd9Sstevel@tonic-gate 				free(tmp);
15347c478bd9Sstevel@tonic-gate 				return (NS_PARSE_ERR);
15357c478bd9Sstevel@tonic-gate 			}
15367c478bd9Sstevel@tonic-gate 			free(tmp);
15377c478bd9Sstevel@tonic-gate 			strptr = strtok_r(NULL, ",", &rest);
15387c478bd9Sstevel@tonic-gate 		}
15397c478bd9Sstevel@tonic-gate 		break;
15407c478bd9Sstevel@tonic-gate 	default:
15417c478bd9Sstevel@tonic-gate 		found = 0; j = 0;
15427c478bd9Sstevel@tonic-gate 		while (def->allowed != NULL &&
15437ddae043Siz 		    def->allowed[j].name != NULL && j < DEFMAX) {
15447c478bd9Sstevel@tonic-gate 			if (strcmp(def->allowed[j].name,
15457c478bd9Sstevel@tonic-gate 			    value) == 0) {
15467c478bd9Sstevel@tonic-gate 				found = 1;
15477c478bd9Sstevel@tonic-gate 				break;
15487c478bd9Sstevel@tonic-gate 			}
15497c478bd9Sstevel@tonic-gate 			j++;
15507c478bd9Sstevel@tonic-gate 		}
15517c478bd9Sstevel@tonic-gate 		if (!found) {
15527ddae043Siz 			(void) snprintf(errstr, MAXERROR,
15537c478bd9Sstevel@tonic-gate 			    gettext("Invalid option specified for "
15547c478bd9Sstevel@tonic-gate 			    "'%s' keyword. '%s' is not a recognized "
15557c478bd9Sstevel@tonic-gate 			    "keyword value."), name, value);
15567c478bd9Sstevel@tonic-gate 			return (NS_PARSE_ERR);
15577c478bd9Sstevel@tonic-gate 		}
15587c478bd9Sstevel@tonic-gate 	}
15597c478bd9Sstevel@tonic-gate 
15607c478bd9Sstevel@tonic-gate 	return (NS_SUCCESS);
15617c478bd9Sstevel@tonic-gate }
15627c478bd9Sstevel@tonic-gate 
15637c478bd9Sstevel@tonic-gate void
15647c478bd9Sstevel@tonic-gate __s_api_split_key_value(char *buffer, char **name, char **value)
15657c478bd9Sstevel@tonic-gate {
15667c478bd9Sstevel@tonic-gate 	char	*ptr;
15677c478bd9Sstevel@tonic-gate 
15687c478bd9Sstevel@tonic-gate 	*name = buffer;
15697c478bd9Sstevel@tonic-gate 	/* split into name value pair */
15707c478bd9Sstevel@tonic-gate 	if ((ptr = strchr(buffer, TOKENSEPARATOR)) != NULL) {
15717c478bd9Sstevel@tonic-gate 		*ptr = '\0';
15727c478bd9Sstevel@tonic-gate 		ptr++;
15737c478bd9Sstevel@tonic-gate 		/* trim whitespace */
15747c478bd9Sstevel@tonic-gate 		while (*ptr == SPACETOK)
15757c478bd9Sstevel@tonic-gate 			ptr++;
15767c478bd9Sstevel@tonic-gate 		*value = ptr;
15777c478bd9Sstevel@tonic-gate 	}
15787c478bd9Sstevel@tonic-gate }
15797c478bd9Sstevel@tonic-gate 
15807c478bd9Sstevel@tonic-gate /*
15817c478bd9Sstevel@tonic-gate  * Set a parameter value in a generic configuration structure
15827c478bd9Sstevel@tonic-gate  * Assume any necessary locks are in place.  This routine would
15837c478bd9Sstevel@tonic-gate  * be better named: __ns_ldap_translateString2Param
15847c478bd9Sstevel@tonic-gate  *
15857c478bd9Sstevel@tonic-gate  * This routine translates external string format into internal
15867c478bd9Sstevel@tonic-gate  * param format and saves the result in the param table.
15877c478bd9Sstevel@tonic-gate  */
15887c478bd9Sstevel@tonic-gate int
15897c478bd9Sstevel@tonic-gate __ns_ldap_setParamValue(ns_config_t *ptr, const ParamIndexType type,
15907c478bd9Sstevel@tonic-gate 		const void *data, ns_ldap_error_t **error)
15917c478bd9Sstevel@tonic-gate {
15927c478bd9Sstevel@tonic-gate 	ns_default_config	*def = NULL;
15937c478bd9Sstevel@tonic-gate 	ns_param_t		conf;
15947c478bd9Sstevel@tonic-gate 	ns_mapping_t		*map, *rmap;
15957c478bd9Sstevel@tonic-gate 	int			i, j, len;
15967c478bd9Sstevel@tonic-gate 	char			*cp, *cp2, *end;
15977c478bd9Sstevel@tonic-gate 	char			*tcp = NULL;
15987c478bd9Sstevel@tonic-gate 	char			errstr[2 * MAXERROR];
15997c478bd9Sstevel@tonic-gate 	char			tbuf[100], *ptbuf;
16007c478bd9Sstevel@tonic-gate 	char			*sid, *origA, **mapA;
16017c478bd9Sstevel@tonic-gate 	char			**attr;
16027c478bd9Sstevel@tonic-gate 	time_t			tm;
16037c478bd9Sstevel@tonic-gate 	int 			free_memory, exitrc;
16047c478bd9Sstevel@tonic-gate 	char			**p;
16057c478bd9Sstevel@tonic-gate 
16067c478bd9Sstevel@tonic-gate 	/* Find ParamIndexType default configuration data */
16077c478bd9Sstevel@tonic-gate 	def = get_defconfig(ptr, type);
16087c478bd9Sstevel@tonic-gate 	if (def == NULL) {
16097c478bd9Sstevel@tonic-gate 		(void) snprintf(errstr, sizeof (errstr),
16107ddae043Siz 		    gettext("Unable to set value: "
16117ddae043Siz 		    "invalid ParamIndexType (%d)"), type);
16127c478bd9Sstevel@tonic-gate 		MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX, strdup(errstr),
16137ddae043Siz 		    NULL);
16147c478bd9Sstevel@tonic-gate 		return (NS_LDAP_CONFIG);
16157c478bd9Sstevel@tonic-gate 	}
16167c478bd9Sstevel@tonic-gate 
16177c478bd9Sstevel@tonic-gate 	(void) memset(&conf, 0, sizeof (conf));
16187c478bd9Sstevel@tonic-gate 
16197c478bd9Sstevel@tonic-gate 	/* data is actually const char */
16207c478bd9Sstevel@tonic-gate 	cp = (char *)data;
16217c478bd9Sstevel@tonic-gate 
16227c478bd9Sstevel@tonic-gate 	/* eat up beginning quote, if any */
16237c478bd9Sstevel@tonic-gate 	while (cp && (*cp == QUOTETOK || *cp == SPACETOK))
16247c478bd9Sstevel@tonic-gate 		cp++;
16257c478bd9Sstevel@tonic-gate 
16267c478bd9Sstevel@tonic-gate 	/* eat up space/quote at end of value */
16277c478bd9Sstevel@tonic-gate 	end = cp2 = cp + strlen(cp) - 1;
16287c478bd9Sstevel@tonic-gate 	for (; cp2 > cp && (*cp2 == SPACETOK || *cp2 == QUOTETOK); cp2--)
16297c478bd9Sstevel@tonic-gate 		;
16307c478bd9Sstevel@tonic-gate 	/* data is const, must duplicate */
16317c478bd9Sstevel@tonic-gate 	if (cp2 != end) {
16327c478bd9Sstevel@tonic-gate 		tcp = (char *)calloc((int)(cp2 - cp + 2), sizeof (char));
16337c478bd9Sstevel@tonic-gate 		if (tcp == NULL)
16347c478bd9Sstevel@tonic-gate 			return (NS_LDAP_MEMORY);
16357c478bd9Sstevel@tonic-gate 		end = cp2;
16367c478bd9Sstevel@tonic-gate 		cp2 = tcp;
16377c478bd9Sstevel@tonic-gate 		while (cp <= end) {
16387c478bd9Sstevel@tonic-gate 			*cp2++ = *cp++;
16397c478bd9Sstevel@tonic-gate 		}
16407c478bd9Sstevel@tonic-gate 		*cp2 = '\0';
16417c478bd9Sstevel@tonic-gate 		cp = tcp;
16427c478bd9Sstevel@tonic-gate 	}
16437c478bd9Sstevel@tonic-gate 
16447c478bd9Sstevel@tonic-gate 	/* Parse data according to type */
16457c478bd9Sstevel@tonic-gate 	switch (def->data_type) {
16467c478bd9Sstevel@tonic-gate 	case INT:
16477c478bd9Sstevel@tonic-gate 		switch (def->index) {
16487c478bd9Sstevel@tonic-gate 		case NS_LDAP_PREF_ONLY_P:
16497c478bd9Sstevel@tonic-gate 		case NS_LDAP_SEARCH_REF_P:
16507c478bd9Sstevel@tonic-gate 		case NS_LDAP_SEARCH_SCOPE_P:
16517c478bd9Sstevel@tonic-gate 			i = __s_get_enum_value(ptr, cp, def->index);
16527c478bd9Sstevel@tonic-gate 			if (i < 0) {
16537c478bd9Sstevel@tonic-gate 				(void) snprintf(errstr, sizeof (errstr),
16547ddae043Siz 				    gettext("Unable to set value: "
16557ddae043Siz 				    "invalid %s (%d)"), def->name,
16567ddae043Siz 				    def->index);
16577c478bd9Sstevel@tonic-gate 				MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX,
16587ddae043Siz 				    strdup(errstr), NULL);
16597c478bd9Sstevel@tonic-gate 				if (tcp != NULL)
16607c478bd9Sstevel@tonic-gate 					free(tcp);
16617c478bd9Sstevel@tonic-gate 				return (NS_LDAP_CONFIG);
16627c478bd9Sstevel@tonic-gate 			}
16637c478bd9Sstevel@tonic-gate 			conf.ns_i = i;
16647c478bd9Sstevel@tonic-gate 			break;
16657c478bd9Sstevel@tonic-gate 		case NS_LDAP_TRANSPORT_SEC_P:	/* ignore TRANSPORT_SEC */
16667c478bd9Sstevel@tonic-gate 			break;
16677c478bd9Sstevel@tonic-gate 		default:
16687c478bd9Sstevel@tonic-gate 			cp2 = cp;
16697c478bd9Sstevel@tonic-gate 			if ((*cp2 == '+') || (*cp2 == '-'))
16707c478bd9Sstevel@tonic-gate 				cp2++;
16717c478bd9Sstevel@tonic-gate 			for (/* empty */; *cp2; cp2++) {
16727c478bd9Sstevel@tonic-gate 				if (isdigit(*cp2))
16737c478bd9Sstevel@tonic-gate 					continue;
16747c478bd9Sstevel@tonic-gate 
16757c478bd9Sstevel@tonic-gate 				(void) snprintf(errstr, sizeof (errstr),
16767ddae043Siz 				    gettext("Unable to set value: "
16777ddae043Siz 				    "invalid %s (%d)"), def->name,
16787ddae043Siz 				    def->index);
16797c478bd9Sstevel@tonic-gate 				MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX,
16807ddae043Siz 				    strdup(errstr), NULL);
16817c478bd9Sstevel@tonic-gate 				if (tcp != NULL)
16827c478bd9Sstevel@tonic-gate 					free(tcp);
16837c478bd9Sstevel@tonic-gate 				return (NS_LDAP_CONFIG);
16847c478bd9Sstevel@tonic-gate 			}
16857c478bd9Sstevel@tonic-gate 			i = atoi(cp);
16867c478bd9Sstevel@tonic-gate 			conf.ns_i = i;
16877c478bd9Sstevel@tonic-gate 			break;
16887c478bd9Sstevel@tonic-gate 		}
16897c478bd9Sstevel@tonic-gate 		break;
16907c478bd9Sstevel@tonic-gate 	case TIMET:
16917c478bd9Sstevel@tonic-gate 		/* Do nothing with a TIMET.  Initialize it below */
16927c478bd9Sstevel@tonic-gate 		break;
16937c478bd9Sstevel@tonic-gate 	case CHARPTR:
16947c478bd9Sstevel@tonic-gate 		conf.ns_pc = (char *)strdup(cp);
16957c478bd9Sstevel@tonic-gate 		if (conf.ns_pc == NULL) {
16967c478bd9Sstevel@tonic-gate 			if (tcp != NULL)
16977c478bd9Sstevel@tonic-gate 				free(tcp);
16987c478bd9Sstevel@tonic-gate 			return (NS_LDAP_MEMORY);
16997c478bd9Sstevel@tonic-gate 		}
17007c478bd9Sstevel@tonic-gate 		break;
17017c478bd9Sstevel@tonic-gate 	case SAMLIST:
17027c478bd9Sstevel@tonic-gate 		/* first check to see if colon (:) is there */
17037c478bd9Sstevel@tonic-gate 		if ((strchr(cp, COLONTOK)) == NULL) {
17047c478bd9Sstevel@tonic-gate 			(void) snprintf(errstr, sizeof (errstr),
17057ddae043Siz 			    gettext("Unable to set value: "
17067ddae043Siz 			    "invalid serviceAuthenticationMethod (%s)"),
17077ddae043Siz 			    cp);
17087c478bd9Sstevel@tonic-gate 			MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX,
17097ddae043Siz 			    strdup(errstr), NULL);
17107c478bd9Sstevel@tonic-gate 			if (tcp != NULL)
17117c478bd9Sstevel@tonic-gate 				free(tcp);
17127c478bd9Sstevel@tonic-gate 			return (NS_LDAP_CONFIG);
17137c478bd9Sstevel@tonic-gate 		}
17147c478bd9Sstevel@tonic-gate 		/* Appends an entry to the existing list */
17157c478bd9Sstevel@tonic-gate 		if (ptr->paramList[type].ns_ptype != SAMLIST) {
17167c478bd9Sstevel@tonic-gate 			conf.ns_ppc = (char **)calloc(2, sizeof (char *));
17177c478bd9Sstevel@tonic-gate 			if (conf.ns_ppc == NULL) {
17187c478bd9Sstevel@tonic-gate 				if (tcp != NULL)
17197c478bd9Sstevel@tonic-gate 					free(tcp);
17207c478bd9Sstevel@tonic-gate 				return (NS_LDAP_MEMORY);
17217c478bd9Sstevel@tonic-gate 			}
17227c478bd9Sstevel@tonic-gate 			conf.ns_acnt = 1;
17237c478bd9Sstevel@tonic-gate 			conf.ns_ppc[0] = (char *)strdup(cp);
17247c478bd9Sstevel@tonic-gate 			if (conf.ns_ppc[0] == NULL) {
17257c478bd9Sstevel@tonic-gate 				free(conf.ns_ppc);
17267c478bd9Sstevel@tonic-gate 				if (tcp != NULL)
17277c478bd9Sstevel@tonic-gate 					free(tcp);
17287c478bd9Sstevel@tonic-gate 				return (NS_LDAP_MEMORY);
17297c478bd9Sstevel@tonic-gate 			}
17307c478bd9Sstevel@tonic-gate 		} else {
17317c478bd9Sstevel@tonic-gate 			char *dp, *dpend;
17327c478bd9Sstevel@tonic-gate 			int fnd = 0;
17337c478bd9Sstevel@tonic-gate 
17347c478bd9Sstevel@tonic-gate 			/* Attempt to replace if possible */
17357c478bd9Sstevel@tonic-gate 			dpend = strchr(cp, COLONTOK);
17367c478bd9Sstevel@tonic-gate 			len = dpend - cp;
17377c478bd9Sstevel@tonic-gate 			dp = (char *)malloc(len+1);
17387c478bd9Sstevel@tonic-gate 			if (dp == NULL) {
17397c478bd9Sstevel@tonic-gate 				if (tcp != NULL)
17407c478bd9Sstevel@tonic-gate 					free(tcp);
17417c478bd9Sstevel@tonic-gate 				return (NS_LDAP_MEMORY);
17427c478bd9Sstevel@tonic-gate 			}
17437c478bd9Sstevel@tonic-gate 			(void) strlcpy(dp, cp, len+1);
17447c478bd9Sstevel@tonic-gate 			fnd = 0;
17457c478bd9Sstevel@tonic-gate 			for (j = 0; j < ptr->paramList[type].ns_acnt; j++) {
17467c478bd9Sstevel@tonic-gate 				dpend = strchr(ptr->paramList[type].ns_ppc[j],
17477ddae043Siz 				    COLONTOK);
17487c478bd9Sstevel@tonic-gate 				if (dpend == NULL)
17497c478bd9Sstevel@tonic-gate 					continue;
17507c478bd9Sstevel@tonic-gate 				i = dpend - ptr->paramList[type].ns_ppc[j];
17517c478bd9Sstevel@tonic-gate 				if (i != len)
17527c478bd9Sstevel@tonic-gate 					continue;
17537c478bd9Sstevel@tonic-gate 				if (strncmp(ptr->paramList[type].ns_ppc[j],
17547ddae043Siz 				    dp, len) == 0) {
17557c478bd9Sstevel@tonic-gate 					conf.ns_acnt =
17567ddae043Siz 					    ptr->paramList[type].ns_acnt;
17577c478bd9Sstevel@tonic-gate 					conf.ns_ppc =
17587ddae043Siz 					    ptr->paramList[type].ns_ppc;
17597c478bd9Sstevel@tonic-gate 					ptr->paramList[type].ns_ppc = NULL;
17607c478bd9Sstevel@tonic-gate 					free(conf.ns_ppc[j]);
17617c478bd9Sstevel@tonic-gate 					conf.ns_ppc[j] = (char *)strdup(cp);
17627c478bd9Sstevel@tonic-gate 					if (conf.ns_ppc[j] == NULL) {
17637c478bd9Sstevel@tonic-gate 						free(dp);
17647c478bd9Sstevel@tonic-gate 						__s_api_free2dArray
17657ddae043Siz 						    (conf.ns_ppc);
17667c478bd9Sstevel@tonic-gate 						if (tcp != NULL)
17677c478bd9Sstevel@tonic-gate 							free(tcp);
17687c478bd9Sstevel@tonic-gate 						return (NS_LDAP_MEMORY);
17697c478bd9Sstevel@tonic-gate 					}
17707c478bd9Sstevel@tonic-gate 					fnd = 1;
17717c478bd9Sstevel@tonic-gate 					break;
17727c478bd9Sstevel@tonic-gate 				}
17737c478bd9Sstevel@tonic-gate 			}
17747c478bd9Sstevel@tonic-gate 			free(dp);
17757c478bd9Sstevel@tonic-gate 
17767c478bd9Sstevel@tonic-gate 			if (fnd)
17777c478bd9Sstevel@tonic-gate 				break;	/* Replaced completed */
17787c478bd9Sstevel@tonic-gate 
17797c478bd9Sstevel@tonic-gate 			/* Append */
17807c478bd9Sstevel@tonic-gate 			len = ptr->paramList[type].ns_acnt + 1;
17817c478bd9Sstevel@tonic-gate 			if (len > 1) {
17827c478bd9Sstevel@tonic-gate 				p = (char **)dupParam(&ptr->paramList[type]);
17837c478bd9Sstevel@tonic-gate 				if (p == NULL) {
17847c478bd9Sstevel@tonic-gate 					if (tcp != NULL)
17857c478bd9Sstevel@tonic-gate 						free(tcp);
17867c478bd9Sstevel@tonic-gate 					return (NS_LDAP_MEMORY);
17877c478bd9Sstevel@tonic-gate 				}
17887c478bd9Sstevel@tonic-gate 			} else
17897c478bd9Sstevel@tonic-gate 				p = NULL;
17907c478bd9Sstevel@tonic-gate 			conf.ns_ppc =
17917ddae043Siz 			    (char **)realloc(p, (len+1) * sizeof (char *));
17927c478bd9Sstevel@tonic-gate 			if (conf.ns_ppc == NULL) {
17937c478bd9Sstevel@tonic-gate 				__s_api_free2dArray(p);
17947c478bd9Sstevel@tonic-gate 				if (tcp != NULL)
17957c478bd9Sstevel@tonic-gate 					free(tcp);
17967c478bd9Sstevel@tonic-gate 				return (NS_LDAP_MEMORY);
17977c478bd9Sstevel@tonic-gate 			}
17987c478bd9Sstevel@tonic-gate 			conf.ns_acnt = len;
17997c478bd9Sstevel@tonic-gate 			conf.ns_ppc[len-1] = (char *)strdup(cp);
18007c478bd9Sstevel@tonic-gate 			if (conf.ns_ppc[len-1] == NULL) {
18017c478bd9Sstevel@tonic-gate 				__s_api_free2dArray(conf.ns_ppc);
18027c478bd9Sstevel@tonic-gate 				if (tcp != NULL)
18037c478bd9Sstevel@tonic-gate 					free(tcp);
18047c478bd9Sstevel@tonic-gate 				return (NS_LDAP_MEMORY);
18057c478bd9Sstevel@tonic-gate 			}
18067c478bd9Sstevel@tonic-gate 			conf.ns_ppc[len] = NULL;
18077c478bd9Sstevel@tonic-gate 		}
18087c478bd9Sstevel@tonic-gate 		break;
18097c478bd9Sstevel@tonic-gate 	case SCLLIST:
18107c478bd9Sstevel@tonic-gate 		/* first check to see if colon (:) is there */
18117c478bd9Sstevel@tonic-gate 		if ((strchr(cp, COLONTOK)) == NULL) {
18127c478bd9Sstevel@tonic-gate 			(void) snprintf(errstr, sizeof (errstr),
18137ddae043Siz 			    gettext("Unable to set value: "
18147ddae043Siz 			    "invalid serviceCredentialLevel (%s)"),
18157ddae043Siz 			    cp);
18167c478bd9Sstevel@tonic-gate 			MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX,
18177ddae043Siz 			    strdup(errstr), NULL);
18187c478bd9Sstevel@tonic-gate 			if (tcp != NULL)
18197c478bd9Sstevel@tonic-gate 				free(tcp);
18207c478bd9Sstevel@tonic-gate 			return (NS_LDAP_CONFIG);
18217c478bd9Sstevel@tonic-gate 		}
18227c478bd9Sstevel@tonic-gate 		/* Appends an entry to the existing list */
18237c478bd9Sstevel@tonic-gate 		if (ptr->paramList[type].ns_ptype != SCLLIST) {
18247c478bd9Sstevel@tonic-gate 			conf.ns_ppc = (char **)calloc(2, sizeof (char *));
18257c478bd9Sstevel@tonic-gate 			if (conf.ns_ppc == NULL) {
18267c478bd9Sstevel@tonic-gate 				if (tcp != NULL)
18277c478bd9Sstevel@tonic-gate 					free(tcp);
18287c478bd9Sstevel@tonic-gate 				return (NS_LDAP_MEMORY);
18297c478bd9Sstevel@tonic-gate 			}
18307c478bd9Sstevel@tonic-gate 			conf.ns_acnt = 1;
18317c478bd9Sstevel@tonic-gate 			conf.ns_ppc[0] = (char *)strdup(cp);
18327c478bd9Sstevel@tonic-gate 			if (conf.ns_ppc[0] == NULL) {
18337c478bd9Sstevel@tonic-gate 				free(conf.ns_ppc);
18347c478bd9Sstevel@tonic-gate 				if (tcp != NULL)
18357c478bd9Sstevel@tonic-gate 					free(tcp);
18367c478bd9Sstevel@tonic-gate 				return (NS_LDAP_MEMORY);
18377c478bd9Sstevel@tonic-gate 			}
18387c478bd9Sstevel@tonic-gate 		} else {
18397c478bd9Sstevel@tonic-gate 			char *dp, *dpend;
18407c478bd9Sstevel@tonic-gate 			int fnd = 0;
18417c478bd9Sstevel@tonic-gate 
18427c478bd9Sstevel@tonic-gate 			/* Attempt to replace if possible */
18437c478bd9Sstevel@tonic-gate 			dpend = strchr(cp, COLONTOK);
18447c478bd9Sstevel@tonic-gate 			len = dpend - cp;
18457c478bd9Sstevel@tonic-gate 			dp = (char *)malloc(len+1);
18467c478bd9Sstevel@tonic-gate 			if (dp == NULL) {
18477c478bd9Sstevel@tonic-gate 				if (tcp != NULL)
18487c478bd9Sstevel@tonic-gate 					free(tcp);
18497c478bd9Sstevel@tonic-gate 				return (NS_LDAP_MEMORY);
18507c478bd9Sstevel@tonic-gate 			}
18517c478bd9Sstevel@tonic-gate 			(void) strlcpy(dp, cp, len+1);
18527c478bd9Sstevel@tonic-gate 			fnd = 0;
18537c478bd9Sstevel@tonic-gate 			for (j = 0; j < ptr->paramList[type].ns_acnt; j++) {
18547c478bd9Sstevel@tonic-gate 				dpend = strchr(ptr->paramList[type].ns_ppc[j],
18557ddae043Siz 				    COLONTOK);
18567c478bd9Sstevel@tonic-gate 				if (dpend == NULL)
18577c478bd9Sstevel@tonic-gate 					continue;
18587c478bd9Sstevel@tonic-gate 				i = dpend - ptr->paramList[type].ns_ppc[j];
18597c478bd9Sstevel@tonic-gate 				if (i != len)
18607c478bd9Sstevel@tonic-gate 					continue;
18617c478bd9Sstevel@tonic-gate 				if (strncmp(ptr->paramList[type].ns_ppc[j],
18627ddae043Siz 				    dp, len) == 0) {
18637c478bd9Sstevel@tonic-gate 					conf.ns_acnt =
18647ddae043Siz 					    ptr->paramList[type].ns_acnt;
18657c478bd9Sstevel@tonic-gate 					conf.ns_ppc =
18667ddae043Siz 					    ptr->paramList[type].ns_ppc;
18677c478bd9Sstevel@tonic-gate 					ptr->paramList[type].ns_ppc = NULL;
18687c478bd9Sstevel@tonic-gate 					free(conf.ns_ppc[j]);
18697c478bd9Sstevel@tonic-gate 					conf.ns_ppc[j] = (char *)strdup(cp);
18707c478bd9Sstevel@tonic-gate 					if (conf.ns_ppc[j] == NULL) {
18717c478bd9Sstevel@tonic-gate 						free(dp);
18727c478bd9Sstevel@tonic-gate 						__s_api_free2dArray
18737ddae043Siz 						    (conf.ns_ppc);
18747c478bd9Sstevel@tonic-gate 						if (tcp != NULL)
18757c478bd9Sstevel@tonic-gate 							free(tcp);
18767c478bd9Sstevel@tonic-gate 						return (NS_LDAP_MEMORY);
18777c478bd9Sstevel@tonic-gate 					}
18787c478bd9Sstevel@tonic-gate 					fnd = 1;
18797c478bd9Sstevel@tonic-gate 					break;
18807c478bd9Sstevel@tonic-gate 				}
18817c478bd9Sstevel@tonic-gate 			}
18827c478bd9Sstevel@tonic-gate 			free(dp);
18837c478bd9Sstevel@tonic-gate 
18847c478bd9Sstevel@tonic-gate 			if (fnd)
18857c478bd9Sstevel@tonic-gate 				break;	/* Replaced completed */
18867c478bd9Sstevel@tonic-gate 
18877c478bd9Sstevel@tonic-gate 			/* Append */
18887c478bd9Sstevel@tonic-gate 			len = ptr->paramList[type].ns_acnt + 1;
18897c478bd9Sstevel@tonic-gate 			if (len > 1) {
18907c478bd9Sstevel@tonic-gate 				p = (char **)dupParam(&ptr->paramList[type]);
18917c478bd9Sstevel@tonic-gate 				if (p == NULL) {
18927c478bd9Sstevel@tonic-gate 					if (tcp != NULL)
18937c478bd9Sstevel@tonic-gate 						free(tcp);
18947c478bd9Sstevel@tonic-gate 					return (NS_LDAP_MEMORY);
18957c478bd9Sstevel@tonic-gate 				}
18967c478bd9Sstevel@tonic-gate 			} else
18977c478bd9Sstevel@tonic-gate 				p = NULL;
18987c478bd9Sstevel@tonic-gate 			conf.ns_ppc =
18997ddae043Siz 			    (char **)realloc(p, (len+1) * sizeof (char *));
19007c478bd9Sstevel@tonic-gate 			if (conf.ns_ppc == NULL) {
19017c478bd9Sstevel@tonic-gate 				__s_api_free2dArray(p);
19027c478bd9Sstevel@tonic-gate 				if (tcp != NULL)
19037c478bd9Sstevel@tonic-gate 					free(tcp);
19047c478bd9Sstevel@tonic-gate 				return (NS_LDAP_MEMORY);
19057c478bd9Sstevel@tonic-gate 			}
19067c478bd9Sstevel@tonic-gate 			conf.ns_acnt = len;
19077c478bd9Sstevel@tonic-gate 			conf.ns_ppc[len-1] = (char *)strdup(cp);
19087c478bd9Sstevel@tonic-gate 			if (conf.ns_ppc[len-1] == NULL) {
19097c478bd9Sstevel@tonic-gate 				__s_api_free2dArray(conf.ns_ppc);
19107c478bd9Sstevel@tonic-gate 				if (tcp != NULL)
19117c478bd9Sstevel@tonic-gate 					free(tcp);
19127c478bd9Sstevel@tonic-gate 				return (NS_LDAP_MEMORY);
19137c478bd9Sstevel@tonic-gate 			}
19147c478bd9Sstevel@tonic-gate 			conf.ns_ppc[len] = NULL;
19157c478bd9Sstevel@tonic-gate 		}
19167c478bd9Sstevel@tonic-gate 		break;
19177c478bd9Sstevel@tonic-gate 	case SSDLIST:
19187c478bd9Sstevel@tonic-gate 		/*
19197c478bd9Sstevel@tonic-gate 		 * first check to see if colon (:) is there,
19207c478bd9Sstevel@tonic-gate 		 * if so, make sure the serviceId is specified,
19217c478bd9Sstevel@tonic-gate 		 * i.e., colon is not the first character
19227c478bd9Sstevel@tonic-gate 		 */
19237c478bd9Sstevel@tonic-gate 		if ((strchr(cp, COLONTOK)) == NULL || *cp == COLONTOK) {
19247c478bd9Sstevel@tonic-gate 			(void) snprintf(errstr, sizeof (errstr),
19257ddae043Siz 			    gettext("Unable to set value: "
19267ddae043Siz 			    "invalid serviceSearchDescriptor (%s)"),
19277ddae043Siz 			    cp);
19287c478bd9Sstevel@tonic-gate 			MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX,
19297ddae043Siz 			    strdup(errstr), NULL);
19307c478bd9Sstevel@tonic-gate 			if (tcp != NULL)
19317c478bd9Sstevel@tonic-gate 				free(tcp);
19327c478bd9Sstevel@tonic-gate 			return (NS_LDAP_CONFIG);
19337c478bd9Sstevel@tonic-gate 		}
19347c478bd9Sstevel@tonic-gate 		/* Appends an entry to the existing list */
19357c478bd9Sstevel@tonic-gate 		if (ptr->paramList[type].ns_ptype != SSDLIST) {
19367c478bd9Sstevel@tonic-gate 			conf.ns_ppc = (char **)calloc(2, sizeof (char *));
19377c478bd9Sstevel@tonic-gate 			if (conf.ns_ppc == NULL) {
19387c478bd9Sstevel@tonic-gate 				if (tcp != NULL)
19397c478bd9Sstevel@tonic-gate 					free(tcp);
19407c478bd9Sstevel@tonic-gate 				return (NS_LDAP_MEMORY);
19417c478bd9Sstevel@tonic-gate 			}
19427c478bd9Sstevel@tonic-gate 			conf.ns_acnt = 1;
19437c478bd9Sstevel@tonic-gate 			conf.ns_ppc[0] = (char *)strdup(cp);
19447c478bd9Sstevel@tonic-gate 			if (conf.ns_ppc[0] == NULL) {
19457c478bd9Sstevel@tonic-gate 				free(conf.ns_ppc);
19467c478bd9Sstevel@tonic-gate 				if (tcp != NULL)
19477c478bd9Sstevel@tonic-gate 					free(tcp);
19487c478bd9Sstevel@tonic-gate 				return (NS_LDAP_MEMORY);
19497c478bd9Sstevel@tonic-gate 			}
19507c478bd9Sstevel@tonic-gate 		} else {
19517c478bd9Sstevel@tonic-gate 			char *dp, *dpend;
19527c478bd9Sstevel@tonic-gate 			int fnd = 0;
19537c478bd9Sstevel@tonic-gate 
19547c478bd9Sstevel@tonic-gate 			/* Attempt to replace if possible */
19557c478bd9Sstevel@tonic-gate 			dpend = strchr(cp, COLONTOK);
19567c478bd9Sstevel@tonic-gate 			len = dpend - cp;
19577c478bd9Sstevel@tonic-gate 			dp = (char *)malloc(len+1);
19587c478bd9Sstevel@tonic-gate 			if (dp == NULL) {
19597c478bd9Sstevel@tonic-gate 				if (tcp != NULL)
19607c478bd9Sstevel@tonic-gate 					free(tcp);
19617c478bd9Sstevel@tonic-gate 				return (NS_LDAP_MEMORY);
19627c478bd9Sstevel@tonic-gate 			}
19637c478bd9Sstevel@tonic-gate 			(void) strlcpy(dp, cp, len+1);
19647c478bd9Sstevel@tonic-gate 			fnd = 0;
19657c478bd9Sstevel@tonic-gate 			for (j = 0; j < ptr->paramList[type].ns_acnt; j++) {
19667c478bd9Sstevel@tonic-gate 				dpend = strchr(ptr->paramList[type].ns_ppc[j],
19677ddae043Siz 				    COLONTOK);
19687c478bd9Sstevel@tonic-gate 				if (dpend == NULL)
19697c478bd9Sstevel@tonic-gate 					continue;
19707c478bd9Sstevel@tonic-gate 				i = dpend - ptr->paramList[type].ns_ppc[j];
19717c478bd9Sstevel@tonic-gate 				if (i != len)
19727c478bd9Sstevel@tonic-gate 					continue;
19737c478bd9Sstevel@tonic-gate 				if (strncmp(ptr->paramList[type].ns_ppc[j],
19747ddae043Siz 				    dp, len) == 0) {
19757c478bd9Sstevel@tonic-gate 					conf.ns_acnt =
19767ddae043Siz 					    ptr->paramList[type].ns_acnt;
19777c478bd9Sstevel@tonic-gate 					conf.ns_ppc =
19787ddae043Siz 					    ptr->paramList[type].ns_ppc;
19797c478bd9Sstevel@tonic-gate 					ptr->paramList[type].ns_ppc = NULL;
19807c478bd9Sstevel@tonic-gate 					free(conf.ns_ppc[j]);
19817c478bd9Sstevel@tonic-gate 					conf.ns_ppc[j] = (char *)strdup(cp);
19827c478bd9Sstevel@tonic-gate 					if (conf.ns_ppc[j] == NULL) {
19837c478bd9Sstevel@tonic-gate 						free(dp);
19847c478bd9Sstevel@tonic-gate 						__s_api_free2dArray
19857ddae043Siz 						    (conf.ns_ppc);
19867c478bd9Sstevel@tonic-gate 						if (tcp != NULL)
19877c478bd9Sstevel@tonic-gate 							free(tcp);
19887c478bd9Sstevel@tonic-gate 						return (NS_LDAP_MEMORY);
19897c478bd9Sstevel@tonic-gate 					}
19907c478bd9Sstevel@tonic-gate 					fnd = 1;
19917c478bd9Sstevel@tonic-gate 					break;
19927c478bd9Sstevel@tonic-gate 				}
19937c478bd9Sstevel@tonic-gate 			}
19947c478bd9Sstevel@tonic-gate 			free(dp);
19957c478bd9Sstevel@tonic-gate 
19967c478bd9Sstevel@tonic-gate 			if (fnd)
19977c478bd9Sstevel@tonic-gate 				break;	/* Replaced completed */
19987c478bd9Sstevel@tonic-gate 
19997c478bd9Sstevel@tonic-gate 			/* Append */
20007c478bd9Sstevel@tonic-gate 			len = ptr->paramList[type].ns_acnt + 1;
20017c478bd9Sstevel@tonic-gate 			if (len > 1) {
20027c478bd9Sstevel@tonic-gate 				p = (char **)dupParam(&ptr->paramList[type]);
20037c478bd9Sstevel@tonic-gate 				if (p == NULL) {
20047c478bd9Sstevel@tonic-gate 					if (tcp != NULL)
20057c478bd9Sstevel@tonic-gate 						free(tcp);
20067c478bd9Sstevel@tonic-gate 					return (NS_LDAP_MEMORY);
20077c478bd9Sstevel@tonic-gate 				}
20087c478bd9Sstevel@tonic-gate 			} else
20097c478bd9Sstevel@tonic-gate 				p = NULL;
20107c478bd9Sstevel@tonic-gate 			conf.ns_ppc =
20117ddae043Siz 			    (char **)realloc(p, (len+1) * sizeof (char *));
20127c478bd9Sstevel@tonic-gate 			if (conf.ns_ppc == NULL) {
20137c478bd9Sstevel@tonic-gate 				__s_api_free2dArray(p);
20147c478bd9Sstevel@tonic-gate 				if (tcp != NULL)
20157c478bd9Sstevel@tonic-gate 					free(tcp);
20167c478bd9Sstevel@tonic-gate 				return (NS_LDAP_MEMORY);
20177c478bd9Sstevel@tonic-gate 			}
20187c478bd9Sstevel@tonic-gate 			conf.ns_acnt = len;
20197c478bd9Sstevel@tonic-gate 			conf.ns_ppc[len-1] = (char *)strdup(cp);
20207c478bd9Sstevel@tonic-gate 			if (conf.ns_ppc[len-1] == NULL) {
20217c478bd9Sstevel@tonic-gate 				__s_api_free2dArray(conf.ns_ppc);
20227c478bd9Sstevel@tonic-gate 				if (tcp != NULL)
20237c478bd9Sstevel@tonic-gate 					free(tcp);
20247c478bd9Sstevel@tonic-gate 				return (NS_LDAP_MEMORY);
20257c478bd9Sstevel@tonic-gate 			}
20267c478bd9Sstevel@tonic-gate 			conf.ns_ppc[len] = NULL;
20277c478bd9Sstevel@tonic-gate 		}
20287c478bd9Sstevel@tonic-gate 		break;
20297c478bd9Sstevel@tonic-gate 	case ARRAYCP:
20307c478bd9Sstevel@tonic-gate 		len = 0;
20317c478bd9Sstevel@tonic-gate 		for (cp2 = cp; *cp2; cp2++) {
20327c478bd9Sstevel@tonic-gate 			if (*cp2 == COMMATOK)
20337c478bd9Sstevel@tonic-gate 				len++;
20347c478bd9Sstevel@tonic-gate 		}
20357c478bd9Sstevel@tonic-gate 		if (cp != cp2)
20367c478bd9Sstevel@tonic-gate 			len++;
20377c478bd9Sstevel@tonic-gate 		if (len == 0) {
20387c478bd9Sstevel@tonic-gate 			conf.ns_ppc = (char **)NULL;
20397c478bd9Sstevel@tonic-gate 			conf.ns_acnt = 0;
20407c478bd9Sstevel@tonic-gate 			break;
20417c478bd9Sstevel@tonic-gate 		}
20427c478bd9Sstevel@tonic-gate 		conf.ns_ppc = (char **)calloc(len + 1, sizeof (char *));
20437c478bd9Sstevel@tonic-gate 		if (conf.ns_ppc == NULL) {
20447c478bd9Sstevel@tonic-gate 			if (tcp != NULL)
20457c478bd9Sstevel@tonic-gate 				free(tcp);
20467c478bd9Sstevel@tonic-gate 			return (NS_LDAP_MEMORY);
20477c478bd9Sstevel@tonic-gate 		}
20487c478bd9Sstevel@tonic-gate 		conf.ns_acnt = len;
20497c478bd9Sstevel@tonic-gate 		i = 0;
20507c478bd9Sstevel@tonic-gate 		for (cp2 = cp; *cp2; cp2++) {
20517c478bd9Sstevel@tonic-gate 			if (*cp2 == COMMATOK) {
20527c478bd9Sstevel@tonic-gate 				j = cp2 - cp + 1;
20537c478bd9Sstevel@tonic-gate 				conf.ns_ppc[i] = (char *)malloc(j + 1);
20547c478bd9Sstevel@tonic-gate 				if (conf.ns_ppc[i] == NULL) {
20557c478bd9Sstevel@tonic-gate 					__s_api_free2dArray(conf.ns_ppc);
20567c478bd9Sstevel@tonic-gate 					if (tcp != NULL)
20577c478bd9Sstevel@tonic-gate 						free(tcp);
20587c478bd9Sstevel@tonic-gate 					return (NS_LDAP_MEMORY);
20597c478bd9Sstevel@tonic-gate 				}
20607c478bd9Sstevel@tonic-gate 				(void) strlcpy(conf.ns_ppc[i], cp, j);
20617c478bd9Sstevel@tonic-gate 				cp = cp2+1;
20627c478bd9Sstevel@tonic-gate 				while (*cp == SPACETOK || *cp == COMMATOK)
20637c478bd9Sstevel@tonic-gate 					cp++;
20647c478bd9Sstevel@tonic-gate 				cp2 = cp - 1;
20657c478bd9Sstevel@tonic-gate 				i++;
20667c478bd9Sstevel@tonic-gate 			}
20677c478bd9Sstevel@tonic-gate 		}
20687c478bd9Sstevel@tonic-gate 		j = cp2 - cp + 1;
20697c478bd9Sstevel@tonic-gate 		conf.ns_ppc[i] = (char *)malloc(j + 1);
20707c478bd9Sstevel@tonic-gate 		if (conf.ns_ppc[i] == NULL) {
20717c478bd9Sstevel@tonic-gate 			__s_api_free2dArray(conf.ns_ppc);
20727c478bd9Sstevel@tonic-gate 			if (tcp != NULL)
20737c478bd9Sstevel@tonic-gate 				free(tcp);
20747c478bd9Sstevel@tonic-gate 			return (NS_LDAP_MEMORY);
20757c478bd9Sstevel@tonic-gate 		}
20767c478bd9Sstevel@tonic-gate 		(void) strlcpy(conf.ns_ppc[i], cp, j);
20777c478bd9Sstevel@tonic-gate 		break;
20787c478bd9Sstevel@tonic-gate 	case SERVLIST:
20797c478bd9Sstevel@tonic-gate 		len = 0;
20807c478bd9Sstevel@tonic-gate 		for (cp2 = cp; *cp2; cp2++) {
20817c478bd9Sstevel@tonic-gate 			if (*cp2 == SPACETOK || *cp2 == COMMATOK) {
20827c478bd9Sstevel@tonic-gate 				len++;
20837c478bd9Sstevel@tonic-gate 				for (; *(cp2 + 1) == SPACETOK ||
20847ddae043Siz 				    *(cp2 +1) == COMMATOK; cp2++)
20857c478bd9Sstevel@tonic-gate 					;
20867c478bd9Sstevel@tonic-gate 			}
20877c478bd9Sstevel@tonic-gate 		}
20887c478bd9Sstevel@tonic-gate 		if (cp != cp2)
20897c478bd9Sstevel@tonic-gate 			len++;
20907c478bd9Sstevel@tonic-gate 		if (len == 0) {
20917c478bd9Sstevel@tonic-gate 			conf.ns_ppc = (char **)NULL;
20927c478bd9Sstevel@tonic-gate 			conf.ns_acnt = 0;
20937c478bd9Sstevel@tonic-gate 			break;
20947c478bd9Sstevel@tonic-gate 		}
20957c478bd9Sstevel@tonic-gate 		conf.ns_ppc = (char **)calloc(len + 1, sizeof (char *));
20967c478bd9Sstevel@tonic-gate 		if (conf.ns_ppc == NULL) {
20977c478bd9Sstevel@tonic-gate 			if (tcp != NULL)
20987c478bd9Sstevel@tonic-gate 				free(tcp);
20997c478bd9Sstevel@tonic-gate 			return (NS_LDAP_MEMORY);
21007c478bd9Sstevel@tonic-gate 		}
21017c478bd9Sstevel@tonic-gate 		conf.ns_acnt = len;
21027c478bd9Sstevel@tonic-gate 		i = 0;
21037c478bd9Sstevel@tonic-gate 		for (cp2 = cp; *cp2; cp2++) {
21047c478bd9Sstevel@tonic-gate 			if (*cp2 == SPACETOK || *cp2 == COMMATOK) {
21057c478bd9Sstevel@tonic-gate 				j = cp2 - cp + 1;
21067c478bd9Sstevel@tonic-gate 				conf.ns_ppc[i] = (char *)malloc(j + 1);
21077c478bd9Sstevel@tonic-gate 				if (conf.ns_ppc[i] == NULL) {
21087c478bd9Sstevel@tonic-gate 					__s_api_free2dArray(conf.ns_ppc);
21097c478bd9Sstevel@tonic-gate 					if (tcp != NULL)
21107c478bd9Sstevel@tonic-gate 						free(tcp);
21117c478bd9Sstevel@tonic-gate 					return (NS_LDAP_MEMORY);
21127c478bd9Sstevel@tonic-gate 				}
21137c478bd9Sstevel@tonic-gate 				(void) strlcpy(conf.ns_ppc[i], cp, j);
21147c478bd9Sstevel@tonic-gate 				cp = cp2+1;
21157c478bd9Sstevel@tonic-gate 				while (*cp == SPACETOK || *cp == COMMATOK)
21167c478bd9Sstevel@tonic-gate 					cp++;
21177c478bd9Sstevel@tonic-gate 				cp2 = cp - 1;
21187c478bd9Sstevel@tonic-gate 				i++;
21197c478bd9Sstevel@tonic-gate 			}
21207c478bd9Sstevel@tonic-gate 		}
21217c478bd9Sstevel@tonic-gate 		j = cp2 - cp + 1;
21227c478bd9Sstevel@tonic-gate 		conf.ns_ppc[i] = (char *)malloc(j + 1);
21237c478bd9Sstevel@tonic-gate 		if (conf.ns_ppc[i] == NULL) {
21247c478bd9Sstevel@tonic-gate 			__s_api_free2dArray(conf.ns_ppc);
21257c478bd9Sstevel@tonic-gate 			if (tcp != NULL)
21267c478bd9Sstevel@tonic-gate 				free(tcp);
21277c478bd9Sstevel@tonic-gate 			return (NS_LDAP_MEMORY);
21287c478bd9Sstevel@tonic-gate 		}
21297c478bd9Sstevel@tonic-gate 		(void) strlcpy(conf.ns_ppc[i], cp, j);
21307c478bd9Sstevel@tonic-gate 		break;
21317c478bd9Sstevel@tonic-gate 	case ARRAYAUTH:
21327c478bd9Sstevel@tonic-gate 		len = 0;
21337c478bd9Sstevel@tonic-gate 		for (cp2 = cp; *cp2; cp2++) {
21347c478bd9Sstevel@tonic-gate 			if (*cp2 == SEMITOK || *cp2 == COMMATOK)
21357c478bd9Sstevel@tonic-gate 				len++;
21367c478bd9Sstevel@tonic-gate 		}
21377c478bd9Sstevel@tonic-gate 		if (cp != cp2)
21387c478bd9Sstevel@tonic-gate 			len++;
21397c478bd9Sstevel@tonic-gate 		if (len == 0) {
21407c478bd9Sstevel@tonic-gate 			conf.ns_pi = (int *)NULL;
21417c478bd9Sstevel@tonic-gate 			conf.ns_acnt = 0;
21427c478bd9Sstevel@tonic-gate 			break;
21437c478bd9Sstevel@tonic-gate 		}
21447c478bd9Sstevel@tonic-gate 		conf.ns_pi = (int *)calloc(len + 1, sizeof (int));
21457c478bd9Sstevel@tonic-gate 		if (conf.ns_pi == NULL) {
21467c478bd9Sstevel@tonic-gate 			if (tcp != NULL)
21477c478bd9Sstevel@tonic-gate 				free(tcp);
21487c478bd9Sstevel@tonic-gate 			return (NS_LDAP_MEMORY);
21497c478bd9Sstevel@tonic-gate 		}
21507c478bd9Sstevel@tonic-gate 		conf.ns_acnt = len;
21517c478bd9Sstevel@tonic-gate 		i = 0;
21527c478bd9Sstevel@tonic-gate 		for (cp2 = cp; *cp2; cp2++) {
21537c478bd9Sstevel@tonic-gate 			if (*cp2 == SEMITOK || *cp2 == COMMATOK) {
21547c478bd9Sstevel@tonic-gate 				j = cp2 - cp + 1;
21557c478bd9Sstevel@tonic-gate 				if (j > sizeof (tbuf)) {
21567c478bd9Sstevel@tonic-gate 					j = -1;
21577c478bd9Sstevel@tonic-gate 					ptbuf = cp;
21587c478bd9Sstevel@tonic-gate 				} else {
21597c478bd9Sstevel@tonic-gate 					(void) strlcpy(tbuf, cp, j);
21607c478bd9Sstevel@tonic-gate 					j = __s_get_enum_value(ptr, tbuf,
21617ddae043Siz 					    def->index);
21627c478bd9Sstevel@tonic-gate 					ptbuf = tbuf;
21637c478bd9Sstevel@tonic-gate 				}
21647c478bd9Sstevel@tonic-gate 				if (j < 0) {
21657c478bd9Sstevel@tonic-gate 					(void) snprintf(errstr, sizeof (errstr),
21667ddae043Siz 					    gettext("Unable to set value: "
21677ddae043Siz 					    "invalid "
21687ddae043Siz 					    "authenticationMethod (%s)"),
21697ddae043Siz 					    ptbuf);
21707c478bd9Sstevel@tonic-gate 					MKERROR(LOG_ERR, *error,
21717ddae043Siz 					    NS_CONFIG_SYNTAX,
21727ddae043Siz 					    strdup(errstr), NULL);
21737c478bd9Sstevel@tonic-gate 					free(conf.ns_pi);
21747c478bd9Sstevel@tonic-gate 					if (tcp != NULL)
21757c478bd9Sstevel@tonic-gate 						free(tcp);
21767c478bd9Sstevel@tonic-gate 					return (NS_LDAP_CONFIG);
21777c478bd9Sstevel@tonic-gate 				}
21787c478bd9Sstevel@tonic-gate 				conf.ns_pi[i] = j;
21797c478bd9Sstevel@tonic-gate 				cp = cp2+1;
21807c478bd9Sstevel@tonic-gate 				i++;
21817c478bd9Sstevel@tonic-gate 			}
21827c478bd9Sstevel@tonic-gate 		}
21837c478bd9Sstevel@tonic-gate 		j = cp2 - cp + 1;
21847c478bd9Sstevel@tonic-gate 		if (j > sizeof (tbuf)) {
21857c478bd9Sstevel@tonic-gate 			j = -1;
21867c478bd9Sstevel@tonic-gate 			ptbuf = cp;
21877c478bd9Sstevel@tonic-gate 		} else {
21887c478bd9Sstevel@tonic-gate 			(void) strlcpy(tbuf, cp, j);
21897c478bd9Sstevel@tonic-gate 			j = __s_get_enum_value(ptr, tbuf, def->index);
21907c478bd9Sstevel@tonic-gate 			ptbuf = tbuf;
21917c478bd9Sstevel@tonic-gate 		}
21927c478bd9Sstevel@tonic-gate 		if (j < 0) {
21937c478bd9Sstevel@tonic-gate 			(void) snprintf(errstr, sizeof (errstr),
21947ddae043Siz 			    gettext("Unable to set value: "
21957ddae043Siz 			    "invalid authenticationMethod (%s)"), ptbuf);
21967c478bd9Sstevel@tonic-gate 			MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX,
21977ddae043Siz 			    strdup(errstr), NULL);
21987c478bd9Sstevel@tonic-gate 			if (tcp != NULL)
21997c478bd9Sstevel@tonic-gate 				free(tcp);
22007c478bd9Sstevel@tonic-gate 			return (NS_LDAP_CONFIG);
22017c478bd9Sstevel@tonic-gate 		}
22027c478bd9Sstevel@tonic-gate 		conf.ns_pi[i] = j;
22037c478bd9Sstevel@tonic-gate 		break;
22047c478bd9Sstevel@tonic-gate 	case ARRAYCRED:
22057c478bd9Sstevel@tonic-gate 		len = 0;
22067c478bd9Sstevel@tonic-gate 		for (cp2 = cp; *cp2; cp2++) {
22077c478bd9Sstevel@tonic-gate 			if (*cp2 == SPACETOK)
22087c478bd9Sstevel@tonic-gate 				len++;
22097c478bd9Sstevel@tonic-gate 		}
22107c478bd9Sstevel@tonic-gate 		if (cp != cp2)
22117c478bd9Sstevel@tonic-gate 			len++;
22127c478bd9Sstevel@tonic-gate 		if (len == 0) {
22137c478bd9Sstevel@tonic-gate 			conf.ns_pi = (int *)NULL;
22147c478bd9Sstevel@tonic-gate 			conf.ns_acnt = 0;
22157c478bd9Sstevel@tonic-gate 			break;
22167c478bd9Sstevel@tonic-gate 		}
22177c478bd9Sstevel@tonic-gate 		conf.ns_pi = (int *)calloc(len + 1, sizeof (int));
22187c478bd9Sstevel@tonic-gate 		if (conf.ns_pi == NULL) {
22197c478bd9Sstevel@tonic-gate 			if (tcp != NULL)
22207c478bd9Sstevel@tonic-gate 				free(tcp);
22217c478bd9Sstevel@tonic-gate 			return (NS_LDAP_MEMORY);
22227c478bd9Sstevel@tonic-gate 		}
22237c478bd9Sstevel@tonic-gate 		conf.ns_acnt = len;
22247c478bd9Sstevel@tonic-gate 		i = 0;
22257c478bd9Sstevel@tonic-gate 		for (cp2 = cp; *cp2; cp2++) {
22267c478bd9Sstevel@tonic-gate 			if (*cp2 == SPACETOK) {
22277c478bd9Sstevel@tonic-gate 				j = cp2 - cp + 1;
22287c478bd9Sstevel@tonic-gate 				if (j > sizeof (tbuf)) {
22297c478bd9Sstevel@tonic-gate 					j = -1;
22307c478bd9Sstevel@tonic-gate 					ptbuf = cp;
22317c478bd9Sstevel@tonic-gate 				} else {
22327c478bd9Sstevel@tonic-gate 					(void) strlcpy(tbuf, cp, j);
22337c478bd9Sstevel@tonic-gate 					j = __s_get_enum_value(ptr, tbuf,
22347ddae043Siz 					    def->index);
22357c478bd9Sstevel@tonic-gate 					ptbuf = tbuf;
22367c478bd9Sstevel@tonic-gate 				}
22377c478bd9Sstevel@tonic-gate 				if (j < 0) {
22387c478bd9Sstevel@tonic-gate 					(void) snprintf(errstr, sizeof (errstr),
22397ddae043Siz 					    gettext("Unable to set value: "
22407ddae043Siz 					    "invalid credentialLevel (%s)"),
22417ddae043Siz 					    ptbuf);
22427c478bd9Sstevel@tonic-gate 					MKERROR(LOG_ERR, *error,
22437ddae043Siz 					    NS_CONFIG_SYNTAX,
22447ddae043Siz 					    strdup(errstr), NULL);
22457c478bd9Sstevel@tonic-gate 					free(conf.ns_pi);
22467c478bd9Sstevel@tonic-gate 					if (tcp != NULL)
22477c478bd9Sstevel@tonic-gate 						free(tcp);
22487c478bd9Sstevel@tonic-gate 					return (NS_LDAP_CONFIG);
22497c478bd9Sstevel@tonic-gate 				}
22507c478bd9Sstevel@tonic-gate 				conf.ns_pi[i] = j;
22517c478bd9Sstevel@tonic-gate 				cp = cp2+1;
22527c478bd9Sstevel@tonic-gate 				i++;
22537c478bd9Sstevel@tonic-gate 			}
22547c478bd9Sstevel@tonic-gate 		}
22557c478bd9Sstevel@tonic-gate 		j = cp2 - cp + 1;
22567c478bd9Sstevel@tonic-gate 		if (j > sizeof (tbuf)) {
22577c478bd9Sstevel@tonic-gate 			j = -1;
22587c478bd9Sstevel@tonic-gate 			ptbuf = cp;
22597c478bd9Sstevel@tonic-gate 		} else {
22607c478bd9Sstevel@tonic-gate 			(void) strlcpy(tbuf, cp, j);
22617c478bd9Sstevel@tonic-gate 			j = __s_get_enum_value(ptr, tbuf, def->index);
22627c478bd9Sstevel@tonic-gate 			ptbuf = tbuf;
22637c478bd9Sstevel@tonic-gate 		}
22647c478bd9Sstevel@tonic-gate 		if (j < 0) {
22657c478bd9Sstevel@tonic-gate 			(void) snprintf(errstr, sizeof (errstr),
22667ddae043Siz 			    gettext("Unable to set value: "
22677ddae043Siz 			    "invalid credentialLevel (%s)"), ptbuf);
22687c478bd9Sstevel@tonic-gate 			MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX,
22697ddae043Siz 			    strdup(errstr), NULL);
22707c478bd9Sstevel@tonic-gate 			if (tcp != NULL)
22717c478bd9Sstevel@tonic-gate 				free(tcp);
22727c478bd9Sstevel@tonic-gate 			return (NS_LDAP_CONFIG);
22737c478bd9Sstevel@tonic-gate 		}
22747c478bd9Sstevel@tonic-gate 		conf.ns_pi[i] = j;
22757c478bd9Sstevel@tonic-gate 		break;
22767c478bd9Sstevel@tonic-gate 	case ATTRMAP:
22777c478bd9Sstevel@tonic-gate 	case OBJMAP:
22787c478bd9Sstevel@tonic-gate 		i = __s_api_parse_map(cp, &sid, &origA, &mapA);
22797c478bd9Sstevel@tonic-gate 		if (i != NS_HASH_RC_SUCCESS) {
22807c478bd9Sstevel@tonic-gate 			if (i == NS_HASH_RC_NO_MEMORY) {
22817c478bd9Sstevel@tonic-gate 				exitrc = NS_LDAP_MEMORY;
22827c478bd9Sstevel@tonic-gate 			} else {
22837c478bd9Sstevel@tonic-gate 				(void) snprintf(errstr, sizeof (errstr),
22847c478bd9Sstevel@tonic-gate 				gettext("Unable to set value: "
22857c478bd9Sstevel@tonic-gate 				"invalid schema mapping (%s)"), cp);
22867c478bd9Sstevel@tonic-gate 				exitrc = NS_LDAP_CONFIG;
22877c478bd9Sstevel@tonic-gate 				MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX,
22887ddae043Siz 				    strdup(errstr), NULL);
22897c478bd9Sstevel@tonic-gate 			}
22907c478bd9Sstevel@tonic-gate 			if (tcp)
22917c478bd9Sstevel@tonic-gate 				free(tcp);
22927c478bd9Sstevel@tonic-gate 			return (exitrc);
22937c478bd9Sstevel@tonic-gate 		}
22947c478bd9Sstevel@tonic-gate 
22957c478bd9Sstevel@tonic-gate 		/*
22967c478bd9Sstevel@tonic-gate 		 * Add reverse map first.
22977c478bd9Sstevel@tonic-gate 		 * There could be more than one.
22987c478bd9Sstevel@tonic-gate 		 */
22997c478bd9Sstevel@tonic-gate 		for (attr = mapA; *attr; attr++) {
23007c478bd9Sstevel@tonic-gate 
23017c478bd9Sstevel@tonic-gate 			free_memory = 1;
23027c478bd9Sstevel@tonic-gate 			exitrc = NS_LDAP_MEMORY;
23037c478bd9Sstevel@tonic-gate 
23047c478bd9Sstevel@tonic-gate 			rmap = (ns_mapping_t *)calloc(1,
23057ddae043Siz 			    sizeof (ns_mapping_t));
23067c478bd9Sstevel@tonic-gate 			if (rmap) {
23077c478bd9Sstevel@tonic-gate 				rmap->service = strdup(sid);
23087c478bd9Sstevel@tonic-gate 				if (rmap->service) {
23097c478bd9Sstevel@tonic-gate 					rmap->orig = strdup(*attr);
23107c478bd9Sstevel@tonic-gate 					if (rmap->orig) {
23117c478bd9Sstevel@tonic-gate 						rmap->map = (char **)calloc(2,
23127ddae043Siz 						    sizeof (char *));
23137c478bd9Sstevel@tonic-gate 						if (rmap->map) {
23147c478bd9Sstevel@tonic-gate 							(rmap->map)[0] =
23157ddae043Siz 							    strdup(origA);
23167c478bd9Sstevel@tonic-gate 							if ((rmap->map)[0])
23177c478bd9Sstevel@tonic-gate 								free_memory = 0;
23187c478bd9Sstevel@tonic-gate 						}
23197c478bd9Sstevel@tonic-gate 					}
23207c478bd9Sstevel@tonic-gate 				}
23217c478bd9Sstevel@tonic-gate 			}
23227c478bd9Sstevel@tonic-gate 
23237c478bd9Sstevel@tonic-gate 			if (free_memory == 0) {
23247c478bd9Sstevel@tonic-gate 				if (def->data_type == ATTRMAP) {
23257c478bd9Sstevel@tonic-gate 					rmap->type = NS_ATTR_MAP;
23267c478bd9Sstevel@tonic-gate 					i = __s_api_add_map2hash(ptr,
23277ddae043Siz 					    NS_HASH_RAMAP, rmap);
23287c478bd9Sstevel@tonic-gate 				} else {
23297c478bd9Sstevel@tonic-gate 					rmap->type = NS_OBJ_MAP;
23307c478bd9Sstevel@tonic-gate 					i = __s_api_add_map2hash(ptr,
23317ddae043Siz 					    NS_HASH_ROMAP, rmap);
23327c478bd9Sstevel@tonic-gate 				}
23337c478bd9Sstevel@tonic-gate 
23347c478bd9Sstevel@tonic-gate 				if (i != NS_HASH_RC_SUCCESS) {
23357c478bd9Sstevel@tonic-gate 					switch (i) {
23367c478bd9Sstevel@tonic-gate 					case NS_HASH_RC_CONFIG_ERROR:
23377c478bd9Sstevel@tonic-gate 						exitrc = NS_LDAP_INTERNAL;
23387c478bd9Sstevel@tonic-gate 						(void) snprintf(errstr,
23397ddae043Siz 						    sizeof (errstr),
23407ddae043Siz 						    gettext(
23417ddae043Siz 						    "Unable to set value: "
23427ddae043Siz 						    "no configuration info "
23437ddae043Siz 						    "for schema map "
23447ddae043Siz 						    "update (%s)"), cp);
23457c478bd9Sstevel@tonic-gate 						MKERROR(LOG_ERR, *error,
23467ddae043Siz 						    NS_LDAP_INTERNAL,
23477ddae043Siz 						    strdup(errstr),
23487ddae043Siz 						    NULL);
23497c478bd9Sstevel@tonic-gate 						break;
23507c478bd9Sstevel@tonic-gate 					case NS_HASH_RC_EXISTED:
23517c478bd9Sstevel@tonic-gate 						exitrc = NS_LDAP_CONFIG;
23527c478bd9Sstevel@tonic-gate 						(void) snprintf(errstr,
23537ddae043Siz 						    sizeof (errstr),
23547ddae043Siz 						    gettext(
23557ddae043Siz 						    "Unable to set value: "
23567ddae043Siz 						    "schema map "
23577ddae043Siz 						    "already existed for "
23587ddae043Siz 						    "(%s, %s)."),
23597ddae043Siz 						    *attr, origA);
23607c478bd9Sstevel@tonic-gate 						MKERROR(LOG_ERR, *error,
23617ddae043Siz 						    NS_CONFIG_SYNTAX,
23627ddae043Siz 						    strdup(errstr),
23637ddae043Siz 						    NULL);
23647c478bd9Sstevel@tonic-gate 						break;
23657c478bd9Sstevel@tonic-gate 					case NS_HASH_RC_NO_MEMORY:
23667c478bd9Sstevel@tonic-gate 						exitrc = NS_LDAP_MEMORY;
23677c478bd9Sstevel@tonic-gate 						break;
23687c478bd9Sstevel@tonic-gate 					}
23697c478bd9Sstevel@tonic-gate 					free_memory = 1;
23707c478bd9Sstevel@tonic-gate 				}
23717c478bd9Sstevel@tonic-gate 			}
23727c478bd9Sstevel@tonic-gate 
23737c478bd9Sstevel@tonic-gate 			if (free_memory) {
23747c478bd9Sstevel@tonic-gate 				if (tcp)
23757c478bd9Sstevel@tonic-gate 					free(tcp);
23767c478bd9Sstevel@tonic-gate 				free(sid);
23777c478bd9Sstevel@tonic-gate 				free(origA);
23787c478bd9Sstevel@tonic-gate 				__s_api_free2dArray(mapA);
23797c478bd9Sstevel@tonic-gate 				if (rmap) {
23807c478bd9Sstevel@tonic-gate 					if (rmap->service)
23817c478bd9Sstevel@tonic-gate 						free(rmap->service);
23827c478bd9Sstevel@tonic-gate 					if (rmap->orig)
23837c478bd9Sstevel@tonic-gate 						free(rmap->orig);
23847c478bd9Sstevel@tonic-gate 					if (rmap->map) {
23857c478bd9Sstevel@tonic-gate 						if ((rmap->map)[0])
23867c478bd9Sstevel@tonic-gate 							free((rmap->map)[0]);
23877c478bd9Sstevel@tonic-gate 						free(rmap->map);
23887c478bd9Sstevel@tonic-gate 					}
23897c478bd9Sstevel@tonic-gate 					free(rmap);
23907c478bd9Sstevel@tonic-gate 				}
23917c478bd9Sstevel@tonic-gate 				return (exitrc);
23927c478bd9Sstevel@tonic-gate 			}
23937c478bd9Sstevel@tonic-gate 		}
23947c478bd9Sstevel@tonic-gate 
23957c478bd9Sstevel@tonic-gate 		/*
23967c478bd9Sstevel@tonic-gate 		 * For performance gain,
23977c478bd9Sstevel@tonic-gate 		 * add a "schema mapping existed" indicator
23987c478bd9Sstevel@tonic-gate 		 * for the given service if not already added.
23997c478bd9Sstevel@tonic-gate 		 * This dummy map needs not be removed, if
24007c478bd9Sstevel@tonic-gate 		 * the next real map add operation fails.
24017c478bd9Sstevel@tonic-gate 		 * since the caller, e.g. ldap_cachemgr.
24027c478bd9Sstevel@tonic-gate 		 * should exit anyway.
24037c478bd9Sstevel@tonic-gate 		 */
24047c478bd9Sstevel@tonic-gate 		free_memory = 1;
24057c478bd9Sstevel@tonic-gate 		exitrc = NS_LDAP_MEMORY;
24067c478bd9Sstevel@tonic-gate 
24077c478bd9Sstevel@tonic-gate 		map = (ns_mapping_t *)calloc(1,
24087ddae043Siz 		    sizeof (ns_mapping_t));
24097c478bd9Sstevel@tonic-gate 		if (map) {
24107c478bd9Sstevel@tonic-gate 			map->service = strdup(sid);
24117c478bd9Sstevel@tonic-gate 			if (map->service) {
24127c478bd9Sstevel@tonic-gate 				map->orig = strdup(
24137ddae043Siz 				    NS_HASH_SCHEMA_MAPPING_EXISTED);
24147c478bd9Sstevel@tonic-gate 				if (map->orig) {
24157c478bd9Sstevel@tonic-gate 					map->map = (char **)calloc(2,
24167ddae043Siz 					    sizeof (char *));
24177c478bd9Sstevel@tonic-gate 					if (map->map) {
24187c478bd9Sstevel@tonic-gate 						(map->map)[0] =
24197ddae043Siz 						    strdup(sid);
24207c478bd9Sstevel@tonic-gate 						if ((map->map)[0])
24217c478bd9Sstevel@tonic-gate 							free_memory = 0;
24227c478bd9Sstevel@tonic-gate 					}
24237c478bd9Sstevel@tonic-gate 				}
24247c478bd9Sstevel@tonic-gate 			}
24257c478bd9Sstevel@tonic-gate 		}
24267c478bd9Sstevel@tonic-gate 
24277c478bd9Sstevel@tonic-gate 		if (free_memory == 0) {
24287c478bd9Sstevel@tonic-gate 			map->type = NS_ATTR_MAP;
24297c478bd9Sstevel@tonic-gate 			/*
24307c478bd9Sstevel@tonic-gate 			 * add to reverse map,
24317c478bd9Sstevel@tonic-gate 			 * so that "ldapclient list"
24327c478bd9Sstevel@tonic-gate 			 * would not show it
24337c478bd9Sstevel@tonic-gate 			 */
24347c478bd9Sstevel@tonic-gate 			i = __s_api_add_map2hash(ptr,
24357ddae043Siz 			    NS_HASH_RAMAP, map);
24367c478bd9Sstevel@tonic-gate 
24377c478bd9Sstevel@tonic-gate 			/*
24387c478bd9Sstevel@tonic-gate 			 * ignore "map already existed" error,
24397c478bd9Sstevel@tonic-gate 			 * just need one per service.
24407c478bd9Sstevel@tonic-gate 			 * Need however to free memory allocated
24417c478bd9Sstevel@tonic-gate 			 * for map.
24427c478bd9Sstevel@tonic-gate 			 */
24437c478bd9Sstevel@tonic-gate 			if (i != NS_HASH_RC_SUCCESS &&
24447ddae043Siz 			    i != NS_HASH_RC_EXISTED) {
24457c478bd9Sstevel@tonic-gate 				switch (i) {
24467c478bd9Sstevel@tonic-gate 				case NS_HASH_RC_CONFIG_ERROR:
24477c478bd9Sstevel@tonic-gate 					exitrc = NS_LDAP_INTERNAL;
24487c478bd9Sstevel@tonic-gate 					(void) snprintf(errstr,
24497ddae043Siz 					    sizeof (errstr),
24507ddae043Siz 					    gettext(
24517ddae043Siz 					    "Unable to set value: "
24527ddae043Siz 					    "no configuration info "
24537ddae043Siz 					    "for schema map "
24547ddae043Siz 					    "update (%s)"), cp);
24557c478bd9Sstevel@tonic-gate 					MKERROR(LOG_ERR, *error,
24567ddae043Siz 					    NS_LDAP_INTERNAL,
24577ddae043Siz 					    strdup(errstr),
24587ddae043Siz 					    NULL);
24597c478bd9Sstevel@tonic-gate 					break;
24607c478bd9Sstevel@tonic-gate 				case NS_HASH_RC_NO_MEMORY:
24617c478bd9Sstevel@tonic-gate 					exitrc = NS_LDAP_MEMORY;
24627c478bd9Sstevel@tonic-gate 					break;
24637c478bd9Sstevel@tonic-gate 				}
24647c478bd9Sstevel@tonic-gate 				free_memory = 1;
24657c478bd9Sstevel@tonic-gate 			} else if (i == NS_HASH_RC_EXISTED) {
24667c478bd9Sstevel@tonic-gate 				if (map->service)
24677c478bd9Sstevel@tonic-gate 					free(map->service);
24687c478bd9Sstevel@tonic-gate 				if (map->orig)
24697c478bd9Sstevel@tonic-gate 					free(map->orig);
24707c478bd9Sstevel@tonic-gate 				if (map->map) {
24717c478bd9Sstevel@tonic-gate 					if ((map->map)[0])
24727c478bd9Sstevel@tonic-gate 						free((map->map)[0]);
24737c478bd9Sstevel@tonic-gate 					free(map->map);
24747c478bd9Sstevel@tonic-gate 				}
24757c478bd9Sstevel@tonic-gate 				free(map);
24767c478bd9Sstevel@tonic-gate 				map = NULL;
24777c478bd9Sstevel@tonic-gate 			}
24787c478bd9Sstevel@tonic-gate 		}
24797c478bd9Sstevel@tonic-gate 
24807c478bd9Sstevel@tonic-gate 		if (free_memory) {
24817c478bd9Sstevel@tonic-gate 			if (tcp)
24827c478bd9Sstevel@tonic-gate 				free(tcp);
24837c478bd9Sstevel@tonic-gate 			free(sid);
24847c478bd9Sstevel@tonic-gate 			free(origA);
24857c478bd9Sstevel@tonic-gate 			__s_api_free2dArray(mapA);
24867c478bd9Sstevel@tonic-gate 			if (map) {
24877c478bd9Sstevel@tonic-gate 				if (map->service)
24887c478bd9Sstevel@tonic-gate 					free(map->service);
24897c478bd9Sstevel@tonic-gate 				if (map->orig)
24907c478bd9Sstevel@tonic-gate 					free(map->orig);
24917c478bd9Sstevel@tonic-gate 				if (map->map) {
24927c478bd9Sstevel@tonic-gate 					if ((map->map)[0])
24937c478bd9Sstevel@tonic-gate 						free((map->map)[0]);
24947c478bd9Sstevel@tonic-gate 					free(map->map);
24957c478bd9Sstevel@tonic-gate 				}
24967c478bd9Sstevel@tonic-gate 				free(map);
24977c478bd9Sstevel@tonic-gate 			}
24987c478bd9Sstevel@tonic-gate 			return (exitrc);
24997c478bd9Sstevel@tonic-gate 		}
25007c478bd9Sstevel@tonic-gate 
25017c478bd9Sstevel@tonic-gate 		/*
25027c478bd9Sstevel@tonic-gate 		 * add the real schema map
25037c478bd9Sstevel@tonic-gate 		 */
25047c478bd9Sstevel@tonic-gate 		free_memory = 1;
25057c478bd9Sstevel@tonic-gate 		exitrc = NS_LDAP_MEMORY;
25067c478bd9Sstevel@tonic-gate 		map = (ns_mapping_t *)calloc(1, sizeof (ns_mapping_t));
25077c478bd9Sstevel@tonic-gate 		if (map) {
25087c478bd9Sstevel@tonic-gate 			map->service = sid;
25097c478bd9Sstevel@tonic-gate 			map->orig = origA;
25107c478bd9Sstevel@tonic-gate 			map->map = mapA;
25117c478bd9Sstevel@tonic-gate 
25127c478bd9Sstevel@tonic-gate 			if (def->data_type == ATTRMAP) {
25137c478bd9Sstevel@tonic-gate 				map->type = NS_ATTR_MAP;
25147c478bd9Sstevel@tonic-gate 				i = __s_api_add_map2hash(ptr,
25157ddae043Siz 				    NS_HASH_AMAP, map);
25167c478bd9Sstevel@tonic-gate 			} else {
25177c478bd9Sstevel@tonic-gate 				map->type = NS_OBJ_MAP;
25187c478bd9Sstevel@tonic-gate 				i = __s_api_add_map2hash(ptr,
25197ddae043Siz 				    NS_HASH_OMAP, map);
25207c478bd9Sstevel@tonic-gate 			}
25217c478bd9Sstevel@tonic-gate 
25227c478bd9Sstevel@tonic-gate 			if (i != NS_HASH_RC_SUCCESS) {
25237c478bd9Sstevel@tonic-gate 				switch (i) {
25247c478bd9Sstevel@tonic-gate 				case NS_HASH_RC_CONFIG_ERROR:
25257c478bd9Sstevel@tonic-gate 					exitrc = NS_LDAP_INTERNAL;
25267c478bd9Sstevel@tonic-gate 					(void) snprintf(errstr,
25277ddae043Siz 					    sizeof (errstr),
25287ddae043Siz 					    gettext(
25297ddae043Siz 					    "Unable to set value: "
25307ddae043Siz 					    "no configuration info "
25317ddae043Siz 					    "for schema map "
25327ddae043Siz 					    "update (%s)"), cp);
25337c478bd9Sstevel@tonic-gate 					MKERROR(LOG_ERR, *error,
25347ddae043Siz 					    NS_LDAP_INTERNAL,
25357ddae043Siz 					    strdup(errstr),
25367ddae043Siz 					    NULL);
25377c478bd9Sstevel@tonic-gate 					break;
25387c478bd9Sstevel@tonic-gate 				case NS_HASH_RC_EXISTED:
25397c478bd9Sstevel@tonic-gate 					exitrc = NS_LDAP_CONFIG;
25407c478bd9Sstevel@tonic-gate 					(void) snprintf(errstr,
25417ddae043Siz 					    sizeof (errstr),
25427ddae043Siz 					    gettext(
25437ddae043Siz 					    "Unable to set value: "
25447ddae043Siz 					    "schema map "
25457ddae043Siz 					    "already existed for "
25467ddae043Siz 					    "'%s'."), origA);
25477c478bd9Sstevel@tonic-gate 					MKERROR(LOG_ERR, *error,
25487ddae043Siz 					    NS_CONFIG_SYNTAX,
25497ddae043Siz 					    strdup(errstr),
25507ddae043Siz 					    NULL);
25517c478bd9Sstevel@tonic-gate 					break;
25527c478bd9Sstevel@tonic-gate 				case NS_HASH_RC_NO_MEMORY:
25537c478bd9Sstevel@tonic-gate 					exitrc = NS_LDAP_MEMORY;
25547c478bd9Sstevel@tonic-gate 					break;
25557c478bd9Sstevel@tonic-gate 				}
25567c478bd9Sstevel@tonic-gate 				free_memory = 1;
25577c478bd9Sstevel@tonic-gate 			} else
25587c478bd9Sstevel@tonic-gate 				free_memory = 0;
25597c478bd9Sstevel@tonic-gate 		}
25607c478bd9Sstevel@tonic-gate 
25617c478bd9Sstevel@tonic-gate 		if (free_memory) {
25627c478bd9Sstevel@tonic-gate 			if (tcp)
25637c478bd9Sstevel@tonic-gate 				free(tcp);
25647c478bd9Sstevel@tonic-gate 			free(sid);
25657c478bd9Sstevel@tonic-gate 			free(origA);
25667c478bd9Sstevel@tonic-gate 			__s_api_free2dArray(mapA);
25677c478bd9Sstevel@tonic-gate 			if (map)
25687c478bd9Sstevel@tonic-gate 				free(map);
25697c478bd9Sstevel@tonic-gate 			return (exitrc);
25707c478bd9Sstevel@tonic-gate 		}
25717c478bd9Sstevel@tonic-gate 
25727c478bd9Sstevel@tonic-gate 		break;
25737c478bd9Sstevel@tonic-gate 	default:
25747c478bd9Sstevel@tonic-gate 		/* This should never happen. */
25757c478bd9Sstevel@tonic-gate 		(void) snprintf(errstr, sizeof (errstr),
25767ddae043Siz 		    gettext("Unable to set value: invalid configuration "
25777ddae043Siz 		    "type (%d)"), def->data_type);
25787c478bd9Sstevel@tonic-gate 		MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX, strdup(errstr),
25797ddae043Siz 		    NULL);
25807c478bd9Sstevel@tonic-gate 		if (tcp != NULL)
25817c478bd9Sstevel@tonic-gate 			free(tcp);
25827c478bd9Sstevel@tonic-gate 		return (NS_LDAP_CONFIG);
25837c478bd9Sstevel@tonic-gate 	}
25847c478bd9Sstevel@tonic-gate 	conf.ns_ptype = def->data_type;
25857c478bd9Sstevel@tonic-gate 	if (tcp != NULL)
25867c478bd9Sstevel@tonic-gate 		free(tcp);
25877c478bd9Sstevel@tonic-gate 
25887c478bd9Sstevel@tonic-gate 	/* Individually written verify routines here can replace */
25897c478bd9Sstevel@tonic-gate 	/* verify_value.  Verify conf (data) as appropriate here */
25907c478bd9Sstevel@tonic-gate 	if (def->ns_verify != NULL) {
25917c478bd9Sstevel@tonic-gate 		if ((*def->ns_verify)(type, def, &conf, errstr) != NS_SUCCESS) {
25927c478bd9Sstevel@tonic-gate 			ns_param_t sav_conf;
25937c478bd9Sstevel@tonic-gate 
25947c478bd9Sstevel@tonic-gate 			(void) snprintf(errstr, sizeof (errstr),
25957ddae043Siz 			    gettext("%s"), errstr);
25967c478bd9Sstevel@tonic-gate 			MKERROR(LOG_WARNING, *error, NS_CONFIG_SYNTAX,
25977ddae043Siz 			    strdup(errstr), NULL);
25987c478bd9Sstevel@tonic-gate 
25997c478bd9Sstevel@tonic-gate 			sav_conf = ptr->paramList[type];
26007c478bd9Sstevel@tonic-gate 			ptr->paramList[type] = conf;
26017c478bd9Sstevel@tonic-gate 			destroy_param(ptr, type);
26027c478bd9Sstevel@tonic-gate 			ptr->paramList[type] = sav_conf;
26037c478bd9Sstevel@tonic-gate 
26047c478bd9Sstevel@tonic-gate 			return (NS_LDAP_CONFIG);
26057c478bd9Sstevel@tonic-gate 		}
26067c478bd9Sstevel@tonic-gate 	}
26077c478bd9Sstevel@tonic-gate 
26087c478bd9Sstevel@tonic-gate 	/* post evaluate the data */
26097c478bd9Sstevel@tonic-gate 
26107c478bd9Sstevel@tonic-gate 	/*
26117c478bd9Sstevel@tonic-gate 	 * if this is for setting a password,
26127c478bd9Sstevel@tonic-gate 	 * encrypt the password first.
26137c478bd9Sstevel@tonic-gate 	 * NOTE evalue() is smart and will just return
26147c478bd9Sstevel@tonic-gate 	 * the value passed if it is already encrypted.
26157c478bd9Sstevel@tonic-gate 	 *
26167c478bd9Sstevel@tonic-gate 	 * Init NS_LDAP_EXP_P here when CACHETTL is updated
26177c478bd9Sstevel@tonic-gate 	 */
26187c478bd9Sstevel@tonic-gate 	if (type == NS_LDAP_BINDPASSWD_P) {
26197c478bd9Sstevel@tonic-gate 		cp = conf.ns_pc;
26207c478bd9Sstevel@tonic-gate 		cp2 = evalue((char *)cp);
26217c478bd9Sstevel@tonic-gate 		conf.ns_pc = cp2;
26227c478bd9Sstevel@tonic-gate 		free(cp);
26237c478bd9Sstevel@tonic-gate 		cp = NULL;
26247c478bd9Sstevel@tonic-gate 	} else if (type == NS_LDAP_FILE_VERSION_P) {
26257c478bd9Sstevel@tonic-gate 		ptr->version = NS_LDAP_V1;
26267c478bd9Sstevel@tonic-gate 		if (strcasecmp(conf.ns_pc, NS_LDAP_VERSION_2) == 0) {
26277c478bd9Sstevel@tonic-gate 			ptr->version = NS_LDAP_V2;
26287c478bd9Sstevel@tonic-gate 		}
26297c478bd9Sstevel@tonic-gate 	} else if (type == NS_LDAP_CACHETTL_P) {
26307c478bd9Sstevel@tonic-gate 		cp = conf.ns_pc;
26317c478bd9Sstevel@tonic-gate 		tm = conv_time(cp);
26327c478bd9Sstevel@tonic-gate 		ptr->paramList[NS_LDAP_EXP_P].ns_ptype = TIMET;
26337c478bd9Sstevel@tonic-gate 		if (tm != 0) {
26347c478bd9Sstevel@tonic-gate 			tm += time(NULL);
26357c478bd9Sstevel@tonic-gate 		}
26367c478bd9Sstevel@tonic-gate 		ptr->paramList[NS_LDAP_EXP_P].ns_tm = tm;
26377c478bd9Sstevel@tonic-gate 	}
26387c478bd9Sstevel@tonic-gate 
26397c478bd9Sstevel@tonic-gate 	/* Everything checks out move new values into param */
26407c478bd9Sstevel@tonic-gate 	destroy_param(ptr, type);
26417c478bd9Sstevel@tonic-gate 	/* Assign new/updated value into paramList */
26427c478bd9Sstevel@tonic-gate 	ptr->paramList[type] = conf;
26437c478bd9Sstevel@tonic-gate 
26447c478bd9Sstevel@tonic-gate 	return (NS_LDAP_SUCCESS);
26457c478bd9Sstevel@tonic-gate }
26467c478bd9Sstevel@tonic-gate 
26477c478bd9Sstevel@tonic-gate 
26487c478bd9Sstevel@tonic-gate /*
26497c478bd9Sstevel@tonic-gate  * Set a parameter value in the 'config' configuration structure
26507c478bd9Sstevel@tonic-gate  * Lock as appropriate
26517c478bd9Sstevel@tonic-gate  */
26527c478bd9Sstevel@tonic-gate 
26537c478bd9Sstevel@tonic-gate int
26547c478bd9Sstevel@tonic-gate __ns_ldap_setParam(const ParamIndexType type,
26557c478bd9Sstevel@tonic-gate 		const void *data, ns_ldap_error_t **error)
26567c478bd9Sstevel@tonic-gate {
26577c478bd9Sstevel@tonic-gate 	ns_ldap_error_t		*errorp;
26587c478bd9Sstevel@tonic-gate 	int			ret;
26597c478bd9Sstevel@tonic-gate 	char			errstr[2 * MAXERROR];
26607c478bd9Sstevel@tonic-gate 	ns_config_t		*cfg;
2661e1dd0a2fSth 	ns_config_t		*cfg_g = (ns_config_t *)-1;
26627c478bd9Sstevel@tonic-gate 	ns_config_t		*new_cfg;
2663e1dd0a2fSth 	boolean_t		reinit_connmgmt = B_FALSE;
26647c478bd9Sstevel@tonic-gate 
26657c478bd9Sstevel@tonic-gate 	/* We want to refresh only one configuration at a time */
26667c478bd9Sstevel@tonic-gate 	(void) mutex_lock(&ns_loadrefresh_lock);
26677c478bd9Sstevel@tonic-gate 	cfg = __s_api_get_default_config();
26687c478bd9Sstevel@tonic-gate 
26697c478bd9Sstevel@tonic-gate 	if (cache_server == TRUE) {
26707c478bd9Sstevel@tonic-gate 		if (cfg == NULL) {
26717ddae043Siz 			__ns_ldap_default_config();
26727ddae043Siz 			cfg = __s_api_get_default_config();
26737ddae043Siz 			if (cfg == NULL) {
26747ddae043Siz 				(void) mutex_unlock(&ns_loadrefresh_lock);
26757ddae043Siz 				return (NS_LDAP_MEMORY);
26767ddae043Siz 			}
26777c478bd9Sstevel@tonic-gate 		}
26787c478bd9Sstevel@tonic-gate 	} else {
26797c478bd9Sstevel@tonic-gate 		/*
26807c478bd9Sstevel@tonic-gate 		 * This code always return error here on client side,
26817c478bd9Sstevel@tonic-gate 		 * this needs to change once libsldap is used by more
26827c478bd9Sstevel@tonic-gate 		 * applications that need to set parameters.
26837c478bd9Sstevel@tonic-gate 		 */
26847c478bd9Sstevel@tonic-gate 		(void) snprintf(errstr, sizeof (errstr),
26857ddae043Siz 		    gettext("Unable to set parameter from a client in "
26867ddae043Siz 		    "__ns_ldap_setParam()"));
26877c478bd9Sstevel@tonic-gate 		MKERROR(LOG_WARNING, *error, NS_CONFIG_SYNTAX, strdup(errstr),
26887ddae043Siz 		    NULL);
26897c478bd9Sstevel@tonic-gate 		if (cfg != NULL)
26907c478bd9Sstevel@tonic-gate 			__s_api_release_config(cfg);
26917c478bd9Sstevel@tonic-gate 		(void) mutex_unlock(&ns_loadrefresh_lock);
26927c478bd9Sstevel@tonic-gate 		return (NS_LDAP_CONFIG);
26937c478bd9Sstevel@tonic-gate 	}
26947c478bd9Sstevel@tonic-gate 
26957c478bd9Sstevel@tonic-gate 	/* (re)initialize configuration if necessary */
2696e1dd0a2fSth 	if (!__s_api_isStandalone() &&
2697e1dd0a2fSth 	    cache_server == FALSE && timetorefresh(cfg))
2698e1dd0a2fSth 		cfg_g = __s_api_get_default_config_global();
2699e1dd0a2fSth 	/* only (re)initialize the global configuration */
2700e1dd0a2fSth 	if (cfg == cfg_g) {
2701e1dd0a2fSth 		if (cfg_g != NULL)
2702e1dd0a2fSth 			__s_api_release_config(cfg_g);
2703e1dd0a2fSth 		new_cfg = LoadCacheConfiguration(cfg, &errorp);
2704e1dd0a2fSth 		if (new_cfg != cfg)
2705e1dd0a2fSth 			__s_api_release_config(cfg);
27067c478bd9Sstevel@tonic-gate 		if (new_cfg == NULL) {
27077c478bd9Sstevel@tonic-gate 			(void) snprintf(errstr, sizeof (errstr),
27087ddae043Siz 			    gettext("Unable to load configuration '%s' "
27097ddae043Siz 			    "('%s')."), NSCONFIGFILE,
27107ddae043Siz 			    errorp != NULL && errorp->message != NULL ?
27117ddae043Siz 			    errorp->message : "");
27127c478bd9Sstevel@tonic-gate 			MKERROR(LOG_WARNING, *error, NS_CONFIG_NOTLOADED,
27137ddae043Siz 			    strdup(errstr), NULL);
27147c478bd9Sstevel@tonic-gate 			if (errorp != NULL)
27157c478bd9Sstevel@tonic-gate 				(void) __ns_ldap_freeError(&errorp);
27167c478bd9Sstevel@tonic-gate 			(void) mutex_unlock(&ns_loadrefresh_lock);
27177c478bd9Sstevel@tonic-gate 			return (NS_LDAP_CONFIG);
27187c478bd9Sstevel@tonic-gate 		}
2719e1dd0a2fSth 		if (new_cfg != cfg) {
2720e1dd0a2fSth 			set_curr_config_global(new_cfg);
2721e1dd0a2fSth 			cfg = new_cfg;
2722e1dd0a2fSth 			reinit_connmgmt = B_TRUE;
2723e1dd0a2fSth 		}
27247c478bd9Sstevel@tonic-gate 	}
27257c478bd9Sstevel@tonic-gate 	(void) mutex_unlock(&ns_loadrefresh_lock);
27267c478bd9Sstevel@tonic-gate 
2727e1dd0a2fSth 	if (reinit_connmgmt == B_TRUE)
2728e1dd0a2fSth 		__s_api_reinit_conn_mgmt_new_config(cfg);
2729e1dd0a2fSth 
27307c478bd9Sstevel@tonic-gate 	/* translate input and save in the parameter list */
27317c478bd9Sstevel@tonic-gate 	ret = __ns_ldap_setParamValue(cfg, type, data, error);
27327c478bd9Sstevel@tonic-gate 
27337c478bd9Sstevel@tonic-gate 	__s_api_release_config(cfg);
27347c478bd9Sstevel@tonic-gate 
27357c478bd9Sstevel@tonic-gate 	return (ret);
27367c478bd9Sstevel@tonic-gate }
27377c478bd9Sstevel@tonic-gate 
27387c478bd9Sstevel@tonic-gate 
27397c478bd9Sstevel@tonic-gate /*
27407c478bd9Sstevel@tonic-gate  * Make a copy of a parameter entry
27417c478bd9Sstevel@tonic-gate  */
27427c478bd9Sstevel@tonic-gate 
27437c478bd9Sstevel@tonic-gate static void **
27447c478bd9Sstevel@tonic-gate dupParam(ns_param_t *ptr)
27457c478bd9Sstevel@tonic-gate {
27467c478bd9Sstevel@tonic-gate 	int		count, i;
27477c478bd9Sstevel@tonic-gate 	void		**dupdata, *ret;
27487c478bd9Sstevel@tonic-gate 	int		*intptr;
27497c478bd9Sstevel@tonic-gate 	char		*cp, tmbuf[32];
27507c478bd9Sstevel@tonic-gate 	static time_t	expire = 0;
27517c478bd9Sstevel@tonic-gate 	ns_auth_t	*ap;
27527c478bd9Sstevel@tonic-gate 
27537c478bd9Sstevel@tonic-gate 	switch (ptr->ns_ptype) {
27547c478bd9Sstevel@tonic-gate 	case ARRAYAUTH:
27557c478bd9Sstevel@tonic-gate 	case ARRAYCRED:
27567c478bd9Sstevel@tonic-gate 	case SAMLIST:
27577c478bd9Sstevel@tonic-gate 	case SCLLIST:
27587c478bd9Sstevel@tonic-gate 	case SSDLIST:
27597c478bd9Sstevel@tonic-gate 	case SERVLIST:
27607c478bd9Sstevel@tonic-gate 	case ARRAYCP:
27617c478bd9Sstevel@tonic-gate 		count = ptr->ns_acnt;
27627c478bd9Sstevel@tonic-gate 		if (count == 0)
27637c478bd9Sstevel@tonic-gate 			return (NULL);
27647c478bd9Sstevel@tonic-gate 		break;
27657c478bd9Sstevel@tonic-gate 	case CHARPTR:
27667c478bd9Sstevel@tonic-gate 	case INT:
27677c478bd9Sstevel@tonic-gate 	case TIMET:
27687c478bd9Sstevel@tonic-gate 		count = 1;
27697c478bd9Sstevel@tonic-gate 	}
27707c478bd9Sstevel@tonic-gate 
27717c478bd9Sstevel@tonic-gate 	dupdata = (void **)calloc((count + 1), sizeof (void *));
27727c478bd9Sstevel@tonic-gate 	if (dupdata == NULL)
27737c478bd9Sstevel@tonic-gate 		return (NULL);
27747c478bd9Sstevel@tonic-gate 
27757c478bd9Sstevel@tonic-gate 	switch (ptr->ns_ptype) {
27767c478bd9Sstevel@tonic-gate 	case ARRAYAUTH:
27777c478bd9Sstevel@tonic-gate 		for (i = 0; i < count; i++) {
27787c478bd9Sstevel@tonic-gate 			ap = __s_api_AuthEnumtoStruct(
27797ddae043Siz 			    (EnumAuthType_t)ptr->ns_pi[i]);
27807c478bd9Sstevel@tonic-gate 			if (ap == NULL) {
27817c478bd9Sstevel@tonic-gate 				free(dupdata);
27827c478bd9Sstevel@tonic-gate 				return (NULL);
27837c478bd9Sstevel@tonic-gate 			}
27847c478bd9Sstevel@tonic-gate 			dupdata[i] = ap;
27857c478bd9Sstevel@tonic-gate 		}
27867c478bd9Sstevel@tonic-gate 		break;
27877c478bd9Sstevel@tonic-gate 	case ARRAYCRED:
27887c478bd9Sstevel@tonic-gate 		for (i = 0; i < count; i++) {
27897c478bd9Sstevel@tonic-gate 			intptr = (int *)malloc(sizeof (int));
27907c478bd9Sstevel@tonic-gate 			if (intptr == NULL) {
27917c478bd9Sstevel@tonic-gate 				free(dupdata);
27927c478bd9Sstevel@tonic-gate 				return (NULL);
27937c478bd9Sstevel@tonic-gate 			}
27947c478bd9Sstevel@tonic-gate 			dupdata[i] = (void *)intptr;
27957c478bd9Sstevel@tonic-gate 			*intptr = ptr->ns_pi[i];
27967c478bd9Sstevel@tonic-gate 		}
27977c478bd9Sstevel@tonic-gate 		break;
27987c478bd9Sstevel@tonic-gate 	case SAMLIST:
27997c478bd9Sstevel@tonic-gate 	case SCLLIST:
28007c478bd9Sstevel@tonic-gate 	case SSDLIST:
28017c478bd9Sstevel@tonic-gate 	case SERVLIST:
28027c478bd9Sstevel@tonic-gate 	case ARRAYCP:
28037c478bd9Sstevel@tonic-gate 		for (i = 0; i < count; i++) {
28047c478bd9Sstevel@tonic-gate 			ret = (void *)strdup(ptr->ns_ppc[i]);
28057c478bd9Sstevel@tonic-gate 			if (ret == NULL) {
28067c478bd9Sstevel@tonic-gate 				free(dupdata);
28077c478bd9Sstevel@tonic-gate 				return (NULL);
28087c478bd9Sstevel@tonic-gate 			}
28097c478bd9Sstevel@tonic-gate 			dupdata[i] = ret;
28107c478bd9Sstevel@tonic-gate 		}
28117c478bd9Sstevel@tonic-gate 		break;
28127c478bd9Sstevel@tonic-gate 	case CHARPTR:
28137c478bd9Sstevel@tonic-gate 		if (ptr->ns_pc == NULL) {
28147c478bd9Sstevel@tonic-gate 			free(dupdata);
28157c478bd9Sstevel@tonic-gate 			return (NULL);
28167c478bd9Sstevel@tonic-gate 		}
28177c478bd9Sstevel@tonic-gate 		ret = (void *)strdup(ptr->ns_pc);
28187c478bd9Sstevel@tonic-gate 		if (ret == NULL) {
28197c478bd9Sstevel@tonic-gate 			free(dupdata);
28207c478bd9Sstevel@tonic-gate 			return (NULL);
28217c478bd9Sstevel@tonic-gate 		}
28227c478bd9Sstevel@tonic-gate 		dupdata[0] = ret;
28237c478bd9Sstevel@tonic-gate 		break;
28247c478bd9Sstevel@tonic-gate 	case INT:
28257c478bd9Sstevel@tonic-gate 		intptr = (int *)malloc(sizeof (int));
28267c478bd9Sstevel@tonic-gate 		if (intptr == NULL) {
28277c478bd9Sstevel@tonic-gate 			free(dupdata);
28287c478bd9Sstevel@tonic-gate 			return (NULL);
28297c478bd9Sstevel@tonic-gate 		}
28307c478bd9Sstevel@tonic-gate 		*intptr = ptr->ns_i;
28317c478bd9Sstevel@tonic-gate 		dupdata[0] = (void *)intptr;
28327c478bd9Sstevel@tonic-gate 		break;
28337c478bd9Sstevel@tonic-gate 	case TIMET:
28347c478bd9Sstevel@tonic-gate 		expire = ptr->ns_tm;
28357c478bd9Sstevel@tonic-gate 		tmbuf[31] = '\0';
28367c478bd9Sstevel@tonic-gate 		cp = lltostr((long)expire, &tmbuf[31]);
28377c478bd9Sstevel@tonic-gate 		ret = (void *)strdup(cp);
28387c478bd9Sstevel@tonic-gate 		if (ret == NULL) {
28397c478bd9Sstevel@tonic-gate 			free(dupdata);
28407c478bd9Sstevel@tonic-gate 			return (NULL);
28417c478bd9Sstevel@tonic-gate 		}
28427c478bd9Sstevel@tonic-gate 		dupdata[0] = ret;
28437c478bd9Sstevel@tonic-gate 		break;
28447c478bd9Sstevel@tonic-gate 	}
28457c478bd9Sstevel@tonic-gate 	return (dupdata);
28467c478bd9Sstevel@tonic-gate }
28477c478bd9Sstevel@tonic-gate 
28487c478bd9Sstevel@tonic-gate int
28497c478bd9Sstevel@tonic-gate __ns_ldap_freeParam(void ***data)
28507c478bd9Sstevel@tonic-gate {
28517c478bd9Sstevel@tonic-gate 	void	**tmp;
28527c478bd9Sstevel@tonic-gate 	int	i = 0;
28537c478bd9Sstevel@tonic-gate 
28547c478bd9Sstevel@tonic-gate 	if (*data == NULL)
28557c478bd9Sstevel@tonic-gate 		return (NS_LDAP_SUCCESS);
28567c478bd9Sstevel@tonic-gate 
28577c478bd9Sstevel@tonic-gate 	for (i = 0, tmp = *data; tmp[i] != NULL; i++)
28587c478bd9Sstevel@tonic-gate 		free(tmp[i]);
28597c478bd9Sstevel@tonic-gate 
28607c478bd9Sstevel@tonic-gate 	free(*data);
28617c478bd9Sstevel@tonic-gate 
28627c478bd9Sstevel@tonic-gate 	*data = NULL;
28637c478bd9Sstevel@tonic-gate 
28647c478bd9Sstevel@tonic-gate 	return (NS_LDAP_SUCCESS);
28657c478bd9Sstevel@tonic-gate }
28667c478bd9Sstevel@tonic-gate 
28677c478bd9Sstevel@tonic-gate /*
28687c478bd9Sstevel@tonic-gate  * Get the internal format for a parameter value.  This
28697c478bd9Sstevel@tonic-gate  * routine makes a copy of an internal param value from
28707c478bd9Sstevel@tonic-gate  * the currently active parameter list and returns it.
28717c478bd9Sstevel@tonic-gate  */
28727c478bd9Sstevel@tonic-gate 
28737c478bd9Sstevel@tonic-gate int
28747c478bd9Sstevel@tonic-gate __ns_ldap_getParam(const ParamIndexType Param,
28757c478bd9Sstevel@tonic-gate 		void ***data, ns_ldap_error_t **error)
28767c478bd9Sstevel@tonic-gate {
28777c478bd9Sstevel@tonic-gate 	char			errstr[2 * MAXERROR];
28787c478bd9Sstevel@tonic-gate 	ns_ldap_error_t		*errorp;
28797c478bd9Sstevel@tonic-gate 	ns_default_config	*def;
28807c478bd9Sstevel@tonic-gate 	ns_config_t		*cfg;
2881e1dd0a2fSth 	ns_config_t		*cfg_g = (ns_config_t *)-1;
28827c478bd9Sstevel@tonic-gate 	ns_config_t		*new_cfg;
2883e1dd0a2fSth 	boolean_t		reinit_connmgmt = B_FALSE;
28847c478bd9Sstevel@tonic-gate 
28857c478bd9Sstevel@tonic-gate 	if (data == NULL)
28867c478bd9Sstevel@tonic-gate 		return (NS_LDAP_INVALID_PARAM);
28877c478bd9Sstevel@tonic-gate 
28887c478bd9Sstevel@tonic-gate 	*data = NULL;
28897c478bd9Sstevel@tonic-gate 
28907c478bd9Sstevel@tonic-gate 	/* We want to refresh only one configuration at a time */
28917c478bd9Sstevel@tonic-gate 	(void) mutex_lock(&ns_loadrefresh_lock);
28927c478bd9Sstevel@tonic-gate 	cfg = __s_api_get_default_config();
28937c478bd9Sstevel@tonic-gate 
28947c478bd9Sstevel@tonic-gate 	/* (re)initialize configuration if necessary */
2895e1dd0a2fSth 	if (!__s_api_isStandalone() &&
2896e1dd0a2fSth 	    cache_server == FALSE && timetorefresh(cfg))
2897e1dd0a2fSth 		cfg_g = __s_api_get_default_config_global();
2898e1dd0a2fSth 	/* only (re)initialize the global configuration */
2899e1dd0a2fSth 	if (cfg == cfg_g) {
2900e1dd0a2fSth 		if (cfg_g != NULL)
2901e1dd0a2fSth 			__s_api_release_config(cfg_g);
2902e1dd0a2fSth 		new_cfg = LoadCacheConfiguration(cfg, &errorp);
2903e1dd0a2fSth 		if (new_cfg != cfg)
2904e1dd0a2fSth 			__s_api_release_config(cfg);
29057c478bd9Sstevel@tonic-gate 		if (new_cfg == NULL) {
29067c478bd9Sstevel@tonic-gate 			(void) snprintf(errstr, sizeof (errstr),
29077ddae043Siz 			    gettext("Unable to load configuration "
29087ddae043Siz 			    "'%s' ('%s')."),
29097ddae043Siz 			    NSCONFIGFILE,
29107ddae043Siz 			    errorp != NULL && errorp->message != NULL ?
29117ddae043Siz 			    errorp->message : "");
29127c478bd9Sstevel@tonic-gate 			MKERROR(LOG_WARNING, *error, NS_CONFIG_NOTLOADED,
29137ddae043Siz 			    strdup(errstr), NULL);
29147c478bd9Sstevel@tonic-gate 			if (errorp != NULL)
29157c478bd9Sstevel@tonic-gate 				(void) __ns_ldap_freeError(&errorp);
29167c478bd9Sstevel@tonic-gate 			(void) mutex_unlock(&ns_loadrefresh_lock);
29177c478bd9Sstevel@tonic-gate 			return (NS_LDAP_CONFIG);
29187c478bd9Sstevel@tonic-gate 		}
2919e1dd0a2fSth 		if (new_cfg != cfg) {
2920e1dd0a2fSth 			set_curr_config_global(new_cfg);
2921e1dd0a2fSth 			cfg = new_cfg;
2922e1dd0a2fSth 			reinit_connmgmt = B_TRUE;
2923e1dd0a2fSth 		}
29247c478bd9Sstevel@tonic-gate 	}
29257c478bd9Sstevel@tonic-gate 	(void) mutex_unlock(&ns_loadrefresh_lock);
29267c478bd9Sstevel@tonic-gate 
2927e1dd0a2fSth 	if (reinit_connmgmt == B_TRUE)
2928e1dd0a2fSth 		__s_api_reinit_conn_mgmt_new_config(cfg);
2929e1dd0a2fSth 
29307c478bd9Sstevel@tonic-gate 	if (cfg == NULL) {
29317c478bd9Sstevel@tonic-gate 		(void) snprintf(errstr, sizeof (errstr),
29327c478bd9Sstevel@tonic-gate 		    gettext("No configuration information available."));
29337c478bd9Sstevel@tonic-gate 		MKERROR(LOG_ERR, *error, NS_CONFIG_NOTLOADED,
29347ddae043Siz 		    strdup(errstr), NULL);
29357c478bd9Sstevel@tonic-gate 		return (NS_LDAP_CONFIG);
29367c478bd9Sstevel@tonic-gate 	}
29377c478bd9Sstevel@tonic-gate 
29387c478bd9Sstevel@tonic-gate 	if (Param == NS_LDAP_DOMAIN_P) {
29397c478bd9Sstevel@tonic-gate 		*data = (void **)calloc(2, sizeof (void *));
29407c478bd9Sstevel@tonic-gate 		if (*data == NULL) {
29417c478bd9Sstevel@tonic-gate 			__s_api_release_config(cfg);
29427c478bd9Sstevel@tonic-gate 			return (NS_LDAP_MEMORY);
29437c478bd9Sstevel@tonic-gate 		}
29447c478bd9Sstevel@tonic-gate 		(*data)[0] = (void *)strdup(cfg->domainName);
29457c478bd9Sstevel@tonic-gate 		if ((*data)[0] == NULL) {
29467c478bd9Sstevel@tonic-gate 			free(*data);
29477c478bd9Sstevel@tonic-gate 			__s_api_release_config(cfg);
29487c478bd9Sstevel@tonic-gate 			return (NS_LDAP_MEMORY);
29497c478bd9Sstevel@tonic-gate 		}
29507c478bd9Sstevel@tonic-gate 	} else if (cfg->paramList[Param].ns_ptype == NS_UNKNOWN) {
29517c478bd9Sstevel@tonic-gate 		/* get default */
29527c478bd9Sstevel@tonic-gate 		def = get_defconfig(cfg, Param);
29537c478bd9Sstevel@tonic-gate 		if (def != NULL)
29547c478bd9Sstevel@tonic-gate 			*data = dupParam(&def->defval);
29557c478bd9Sstevel@tonic-gate 	} else {
29567c478bd9Sstevel@tonic-gate 		*data = dupParam(&(cfg->paramList[Param]));
29577c478bd9Sstevel@tonic-gate 	}
29587c478bd9Sstevel@tonic-gate 	__s_api_release_config(cfg);
29597c478bd9Sstevel@tonic-gate 
29607c478bd9Sstevel@tonic-gate 	return (NS_LDAP_SUCCESS);
29617c478bd9Sstevel@tonic-gate }
29627c478bd9Sstevel@tonic-gate 
29637c478bd9Sstevel@tonic-gate /*
29647c478bd9Sstevel@tonic-gate  * This routine takes a parameter in internal format and
29657c478bd9Sstevel@tonic-gate  * translates it into a variety of string formats for various
29667c478bd9Sstevel@tonic-gate  * outputs (doors/file/ldif).  This routine would be better
29677c478bd9Sstevel@tonic-gate  * named: __ns_ldap_translateParam2String
29687c478bd9Sstevel@tonic-gate  */
29697c478bd9Sstevel@tonic-gate 
29707c478bd9Sstevel@tonic-gate char *
29717c478bd9Sstevel@tonic-gate __s_api_strValue(ns_config_t *cfg, char *str,
29727c478bd9Sstevel@tonic-gate 			int bufsz, ParamIndexType index,
29737c478bd9Sstevel@tonic-gate 			ns_strfmt_t fmt)
29747c478bd9Sstevel@tonic-gate {
29757c478bd9Sstevel@tonic-gate 	ns_default_config *def = NULL;
29767c478bd9Sstevel@tonic-gate 	ns_param_t	*ptr;
29777c478bd9Sstevel@tonic-gate 	ns_hash_t	*hptr;
29787c478bd9Sstevel@tonic-gate 	ns_mapping_t	*mptr;
29797c478bd9Sstevel@tonic-gate 	char		ibuf[14], *buf;
29807c478bd9Sstevel@tonic-gate 	char		abuf[64], **cpp;
29817c478bd9Sstevel@tonic-gate 	int		alen, count, i, sz;
29827c478bd9Sstevel@tonic-gate 	int		seplen = strlen(COMMASEP) + strlen(DOORLINESEP);
29837c478bd9Sstevel@tonic-gate 	int		first;
29847c478bd9Sstevel@tonic-gate 
29857c478bd9Sstevel@tonic-gate 	if (cfg == NULL || str == NULL)
29867c478bd9Sstevel@tonic-gate 		return (NULL);
29877c478bd9Sstevel@tonic-gate 
29887c478bd9Sstevel@tonic-gate 	/* NS_LDAP_EXP and TRANSPORT_SEC are not exported externally */
29897c478bd9Sstevel@tonic-gate 	if (index == NS_LDAP_EXP_P || index == NS_LDAP_TRANSPORT_SEC_P)
29907c478bd9Sstevel@tonic-gate 		return (NULL);
29917c478bd9Sstevel@tonic-gate 
29927c478bd9Sstevel@tonic-gate 	/* Return nothing if the value is the default */
29937c478bd9Sstevel@tonic-gate 	if (cfg->paramList[index].ns_ptype == NS_UNKNOWN)
29947c478bd9Sstevel@tonic-gate 		return (NULL);
29957c478bd9Sstevel@tonic-gate 
29967c478bd9Sstevel@tonic-gate 	ptr = &(cfg->paramList[index]);
29977c478bd9Sstevel@tonic-gate 
29987c478bd9Sstevel@tonic-gate 	abuf[0] = '\0';
29997c478bd9Sstevel@tonic-gate 	alen = 0;
30007c478bd9Sstevel@tonic-gate 
30017c478bd9Sstevel@tonic-gate 	/* get default */
30027c478bd9Sstevel@tonic-gate 	def = get_defconfig(cfg, index);
30037c478bd9Sstevel@tonic-gate 	if (def == NULL)
30047c478bd9Sstevel@tonic-gate 		return (NULL);
30057c478bd9Sstevel@tonic-gate 
30067c478bd9Sstevel@tonic-gate 	switch (fmt) {
30077c478bd9Sstevel@tonic-gate 	case NS_DOOR_FMT:
30087c478bd9Sstevel@tonic-gate 		(void) strlcpy(abuf, def->name, sizeof (abuf));
30097c478bd9Sstevel@tonic-gate 		(void) strlcat(abuf, EQUALSEP, sizeof (abuf));
30107c478bd9Sstevel@tonic-gate 		break;
30117c478bd9Sstevel@tonic-gate 	case NS_FILE_FMT:
30127c478bd9Sstevel@tonic-gate 		(void) strlcpy(abuf, def->name, sizeof (abuf));
30137c478bd9Sstevel@tonic-gate 		(void) strlcat(abuf, EQUSPSEP, sizeof (abuf));
30147c478bd9Sstevel@tonic-gate 		break;
30157c478bd9Sstevel@tonic-gate 	case NS_LDIF_FMT:
30167c478bd9Sstevel@tonic-gate 		/* If no LDIF attr exists ignore the entry */
30177c478bd9Sstevel@tonic-gate 		if (def->profile_name == NULL)
30187c478bd9Sstevel@tonic-gate 			return (NULL);
30197c478bd9Sstevel@tonic-gate 		(void) strlcpy(abuf, def->profile_name, sizeof (abuf));
30207c478bd9Sstevel@tonic-gate 		(void) strlcat(abuf, COLSPSEP, sizeof (abuf));
30217c478bd9Sstevel@tonic-gate 		break;
30227c478bd9Sstevel@tonic-gate 	default:
30237c478bd9Sstevel@tonic-gate 		break;
30247c478bd9Sstevel@tonic-gate 	}
30257c478bd9Sstevel@tonic-gate 	alen = strlen(abuf);
30267c478bd9Sstevel@tonic-gate 	if (alen > bufsz)
30277c478bd9Sstevel@tonic-gate 		return (NULL);
30287c478bd9Sstevel@tonic-gate 
30297c478bd9Sstevel@tonic-gate 	buf = str;
30307c478bd9Sstevel@tonic-gate 	(void) strlcpy(buf, abuf, bufsz);
30317c478bd9Sstevel@tonic-gate 
30327c478bd9Sstevel@tonic-gate 	switch (ptr->ns_ptype) {
30337c478bd9Sstevel@tonic-gate 	case ARRAYAUTH:
30347c478bd9Sstevel@tonic-gate 		count = ptr->ns_acnt;
30357c478bd9Sstevel@tonic-gate 		sz = 0;
30367c478bd9Sstevel@tonic-gate 		for (i = 0; i < count; i++) {
30377c478bd9Sstevel@tonic-gate 			sz += strlen(__s_get_auth_name(cfg,
30387ddae043Siz 			    (AuthType_t)(ptr->ns_pi[i]))) + seplen;
30397c478bd9Sstevel@tonic-gate 		}
30407c478bd9Sstevel@tonic-gate 		sz = sz + alen + 1;
30417c478bd9Sstevel@tonic-gate 		if (sz <= bufsz) {
30427c478bd9Sstevel@tonic-gate 			buf = str;
30437c478bd9Sstevel@tonic-gate 		} else {
30447c478bd9Sstevel@tonic-gate 			buf = (char *)calloc(sz, sizeof (char));
30457c478bd9Sstevel@tonic-gate 			if (buf == NULL)
30467c478bd9Sstevel@tonic-gate 				return (NULL);
30477c478bd9Sstevel@tonic-gate 			(void) strcpy(buf, abuf);
30487c478bd9Sstevel@tonic-gate 		}
30497c478bd9Sstevel@tonic-gate 		for (i = 0; i < count; i++) {
30507c478bd9Sstevel@tonic-gate 			(void) strcat(buf,
30517ddae043Siz 			    __s_get_auth_name(cfg,
30527ddae043Siz 			    (AuthType_t)(ptr->ns_pi[i])));
30537c478bd9Sstevel@tonic-gate 			if (i != count-1) {
30547c478bd9Sstevel@tonic-gate 				if (cfg->version == NS_LDAP_V1)
30557c478bd9Sstevel@tonic-gate 					(void) strcat(buf, COMMASEP);
30567c478bd9Sstevel@tonic-gate 				else
30577c478bd9Sstevel@tonic-gate 					(void) strcat(buf, SEMISEP);
30587c478bd9Sstevel@tonic-gate 			}
30597c478bd9Sstevel@tonic-gate 		}
30607c478bd9Sstevel@tonic-gate 		break;
30617c478bd9Sstevel@tonic-gate 	case ARRAYCRED:
30627c478bd9Sstevel@tonic-gate 		count = ptr->ns_acnt;
30637c478bd9Sstevel@tonic-gate 		sz = 0;
30647c478bd9Sstevel@tonic-gate 		for (i = 0; i < count; i++) {
30657c478bd9Sstevel@tonic-gate 			sz += strlen(__s_get_credlvl_name(cfg,
30667ddae043Siz 			    (CredLevel_t)ptr->ns_pi[i])) + seplen;
30677c478bd9Sstevel@tonic-gate 		}
30687c478bd9Sstevel@tonic-gate 		sz = sz + alen + 1;
30697c478bd9Sstevel@tonic-gate 		if (sz <= bufsz) {
30707c478bd9Sstevel@tonic-gate 			buf = str;
30717c478bd9Sstevel@tonic-gate 		} else {
30727c478bd9Sstevel@tonic-gate 			buf = (char *)calloc(sz, sizeof (char));
30737c478bd9Sstevel@tonic-gate 			if (buf == NULL)
30747c478bd9Sstevel@tonic-gate 				return (NULL);
30757c478bd9Sstevel@tonic-gate 			(void) strcpy(buf, abuf);
30767c478bd9Sstevel@tonic-gate 		}
30777c478bd9Sstevel@tonic-gate 		for (i = 0; i < count; i++) {
30787c478bd9Sstevel@tonic-gate 			(void) strcat(buf,
30797ddae043Siz 			    __s_get_credlvl_name(cfg,
30807ddae043Siz 			    (CredLevel_t)ptr->ns_pi[i]));
30817c478bd9Sstevel@tonic-gate 			if (i != count-1) {
30827c478bd9Sstevel@tonic-gate 				(void) strcat(buf, SPACESEP);
30837c478bd9Sstevel@tonic-gate 			}
30847c478bd9Sstevel@tonic-gate 		}
30857c478bd9Sstevel@tonic-gate 		break;
30867c478bd9Sstevel@tonic-gate 	case SAMLIST:
30877c478bd9Sstevel@tonic-gate 	case SCLLIST:
30887c478bd9Sstevel@tonic-gate 	case SSDLIST:
30897c478bd9Sstevel@tonic-gate 		count = ptr->ns_acnt;
30907c478bd9Sstevel@tonic-gate 		sz = 0;
30917c478bd9Sstevel@tonic-gate 		for (i = 0; i < count; i++) {
30927c478bd9Sstevel@tonic-gate 			sz += strlen(ptr->ns_ppc[i]) + seplen;
30937c478bd9Sstevel@tonic-gate 		}
30947c478bd9Sstevel@tonic-gate 		sz = sz + alen + 1;
30957c478bd9Sstevel@tonic-gate 		/*
30967c478bd9Sstevel@tonic-gate 		 * We need to allocate buffer depending on the 'fmt' and
30977c478bd9Sstevel@tonic-gate 		 * on the number of ns_ptype's present(count) as we add
30987c478bd9Sstevel@tonic-gate 		 * name' or 'profile_name' and DOORLINESEP or new line
30997c478bd9Sstevel@tonic-gate 		 * char to the buffer - see below.
31007c478bd9Sstevel@tonic-gate 		 */
31017c478bd9Sstevel@tonic-gate 		switch (fmt) {
31027c478bd9Sstevel@tonic-gate 		case NS_LDIF_FMT:
31037c478bd9Sstevel@tonic-gate 			sz += count * (strlen(def->profile_name)
31047ddae043Siz 			    + strlen(COLSPSEP) + strlen("\n"));
31057c478bd9Sstevel@tonic-gate 			break;
31067c478bd9Sstevel@tonic-gate 		case NS_FILE_FMT:
31077c478bd9Sstevel@tonic-gate 			sz += count * (strlen(def->name)
31087ddae043Siz 			    + strlen(EQUALSEP) + strlen("\n"));
31097c478bd9Sstevel@tonic-gate 			break;
31107c478bd9Sstevel@tonic-gate 		case NS_DOOR_FMT:
31117c478bd9Sstevel@tonic-gate 			sz += count * (strlen(def->name)
31127ddae043Siz 			    + strlen(EQUALSEP) + strlen(DOORLINESEP));
31137c478bd9Sstevel@tonic-gate 			break;
31147c478bd9Sstevel@tonic-gate 		}
31157c478bd9Sstevel@tonic-gate 		if (sz <= bufsz) {
31167c478bd9Sstevel@tonic-gate 			buf = str;
31177c478bd9Sstevel@tonic-gate 		} else {
31187c478bd9Sstevel@tonic-gate 			buf = (char *)calloc(sz, sizeof (char));
31197c478bd9Sstevel@tonic-gate 			if (buf == NULL)
31207c478bd9Sstevel@tonic-gate 				return (NULL);
31217c478bd9Sstevel@tonic-gate 			(void) strcpy(buf, abuf);
31227c478bd9Sstevel@tonic-gate 		}
31237c478bd9Sstevel@tonic-gate 		for (i = 0; i < count; i++) {
31247c478bd9Sstevel@tonic-gate 			(void) strcat(buf, ptr->ns_ppc[i]);
31257c478bd9Sstevel@tonic-gate 			if (i != count-1) {
31267c478bd9Sstevel@tonic-gate 				/* Separate items */
31277c478bd9Sstevel@tonic-gate 				switch (fmt) {
31287c478bd9Sstevel@tonic-gate 				case NS_DOOR_FMT:
31297c478bd9Sstevel@tonic-gate 					(void) strcat(buf, DOORLINESEP);
31307c478bd9Sstevel@tonic-gate 					(void) strcat(buf, def->name);
31317c478bd9Sstevel@tonic-gate 					(void) strcat(buf, EQUALSEP);
31327c478bd9Sstevel@tonic-gate 					break;
31337c478bd9Sstevel@tonic-gate 				case NS_FILE_FMT:
31347c478bd9Sstevel@tonic-gate 					(void) strcat(buf, "\n");
31357c478bd9Sstevel@tonic-gate 					(void) strcat(buf, def->name);
31367c478bd9Sstevel@tonic-gate 					(void) strcat(buf, EQUSPSEP);
31377c478bd9Sstevel@tonic-gate 					break;
31387c478bd9Sstevel@tonic-gate 				case NS_LDIF_FMT:
31397c478bd9Sstevel@tonic-gate 					(void) strcat(buf, "\n");
31407c478bd9Sstevel@tonic-gate 					(void) strcat(buf, def->profile_name);
31417c478bd9Sstevel@tonic-gate 					(void) strcat(buf, COLSPSEP);
31427c478bd9Sstevel@tonic-gate 					break;
31437c478bd9Sstevel@tonic-gate 				}
31447c478bd9Sstevel@tonic-gate 			}
31457c478bd9Sstevel@tonic-gate 		}
31467c478bd9Sstevel@tonic-gate 		break;
31477c478bd9Sstevel@tonic-gate 	case ARRAYCP:
31487c478bd9Sstevel@tonic-gate 		count = ptr->ns_acnt;
31497c478bd9Sstevel@tonic-gate 		sz = 0;
31507c478bd9Sstevel@tonic-gate 		for (i = 0; i < count; i++) {
31517c478bd9Sstevel@tonic-gate 			sz += strlen(ptr->ns_ppc[i]) + seplen;
31527c478bd9Sstevel@tonic-gate 		}
31537c478bd9Sstevel@tonic-gate 		sz = sz + alen + 1;
31547c478bd9Sstevel@tonic-gate 		if (sz <= bufsz) {
31557c478bd9Sstevel@tonic-gate 			buf = str;
31567c478bd9Sstevel@tonic-gate 		} else {
31577c478bd9Sstevel@tonic-gate 			buf = (char *)calloc(sz, sizeof (char));
31587c478bd9Sstevel@tonic-gate 			if (buf == NULL)
31597c478bd9Sstevel@tonic-gate 				return (NULL);
31607c478bd9Sstevel@tonic-gate 			(void) strcpy(buf, abuf);
31617c478bd9Sstevel@tonic-gate 		}
31627c478bd9Sstevel@tonic-gate 		for (i = 0; i < count; i++) {
31637c478bd9Sstevel@tonic-gate 			(void) strcat(buf, ptr->ns_ppc[i]);
31647c478bd9Sstevel@tonic-gate 			if (i != count-1) {
31657c478bd9Sstevel@tonic-gate 				(void) strcat(buf, COMMASEP);
31667c478bd9Sstevel@tonic-gate 			}
31677c478bd9Sstevel@tonic-gate 		}
31687c478bd9Sstevel@tonic-gate 		break;
31697c478bd9Sstevel@tonic-gate 	case SERVLIST:
31707c478bd9Sstevel@tonic-gate 		count = ptr->ns_acnt;
31717c478bd9Sstevel@tonic-gate 		sz = 0;
31727c478bd9Sstevel@tonic-gate 		for (i = 0; i < count; i++) {
31737c478bd9Sstevel@tonic-gate 			sz += strlen(ptr->ns_ppc[i]) + seplen;
31747c478bd9Sstevel@tonic-gate 		}
31757c478bd9Sstevel@tonic-gate 		sz = sz + alen + 1;
31767c478bd9Sstevel@tonic-gate 		if (sz <= bufsz) {
31777c478bd9Sstevel@tonic-gate 			buf = str;
31787c478bd9Sstevel@tonic-gate 		} else {
31797c478bd9Sstevel@tonic-gate 			buf = (char *)calloc(sz, sizeof (char));
31807c478bd9Sstevel@tonic-gate 			if (buf == NULL)
31817c478bd9Sstevel@tonic-gate 				return (NULL);
31827c478bd9Sstevel@tonic-gate 			(void) strcpy(buf, abuf);
31837c478bd9Sstevel@tonic-gate 		}
31847c478bd9Sstevel@tonic-gate 		for (i = 0; i < count; i++) {
31857c478bd9Sstevel@tonic-gate 			(void) strcat(buf, ptr->ns_ppc[i]);
31867c478bd9Sstevel@tonic-gate 			if (i != count-1) {
31877c478bd9Sstevel@tonic-gate 				if (fmt == NS_LDIF_FMT)
31887c478bd9Sstevel@tonic-gate 					(void) strcat(buf, SPACESEP);
31897c478bd9Sstevel@tonic-gate 				else
31907c478bd9Sstevel@tonic-gate 					(void) strcat(buf, COMMASEP);
31917c478bd9Sstevel@tonic-gate 			}
31927c478bd9Sstevel@tonic-gate 		}
31937c478bd9Sstevel@tonic-gate 		break;
31947c478bd9Sstevel@tonic-gate 	case CHARPTR:
31957c478bd9Sstevel@tonic-gate 		if (ptr->ns_pc == NULL)
31967c478bd9Sstevel@tonic-gate 			break;
31977c478bd9Sstevel@tonic-gate 		sz = strlen(ptr->ns_pc) + alen + 1;
31987c478bd9Sstevel@tonic-gate 		if (sz > bufsz) {
31997c478bd9Sstevel@tonic-gate 			buf = (char *)calloc(sz, sizeof (char));
32007c478bd9Sstevel@tonic-gate 			if (buf == NULL)
32017c478bd9Sstevel@tonic-gate 				return (NULL);
32027c478bd9Sstevel@tonic-gate 			(void) strcpy(buf, abuf);
32037c478bd9Sstevel@tonic-gate 		}
32047c478bd9Sstevel@tonic-gate 		(void) strcat(buf, ptr->ns_pc);
32057c478bd9Sstevel@tonic-gate 		break;
32067c478bd9Sstevel@tonic-gate 	case INT:
32077c478bd9Sstevel@tonic-gate 		switch (def->index) {
32087c478bd9Sstevel@tonic-gate 		case NS_LDAP_PREF_ONLY_P:
32097c478bd9Sstevel@tonic-gate 			(void) strcat(buf,
32107ddae043Siz 			    __s_get_pref_name((PrefOnly_t)ptr->ns_i));
32117c478bd9Sstevel@tonic-gate 			break;
32127c478bd9Sstevel@tonic-gate 		case NS_LDAP_SEARCH_REF_P:
32137c478bd9Sstevel@tonic-gate 			(void) strcat(buf,
32147ddae043Siz 			    __s_get_searchref_name(cfg,
32157ddae043Siz 			    (SearchRef_t)ptr->ns_i));
32167c478bd9Sstevel@tonic-gate 			break;
32177c478bd9Sstevel@tonic-gate 		case NS_LDAP_SEARCH_SCOPE_P:
32187c478bd9Sstevel@tonic-gate 			(void) strcat(buf,
32197ddae043Siz 			    __s_get_scope_name(cfg,
32207ddae043Siz 			    (ScopeType_t)ptr->ns_i));
32217c478bd9Sstevel@tonic-gate 			break;
32227c478bd9Sstevel@tonic-gate 		default:
32237c478bd9Sstevel@tonic-gate 			(void) snprintf(ibuf, sizeof (ibuf),
32247ddae043Siz 			    "%d", ptr->ns_i);
32257c478bd9Sstevel@tonic-gate 			(void) strcat(buf, ibuf);
32267c478bd9Sstevel@tonic-gate 			break;
32277c478bd9Sstevel@tonic-gate 		}
32287c478bd9Sstevel@tonic-gate 		break;
32297c478bd9Sstevel@tonic-gate 	case ATTRMAP:
32307c478bd9Sstevel@tonic-gate 		buf[0] = '\0';
32317c478bd9Sstevel@tonic-gate 		first = 1;
32327c478bd9Sstevel@tonic-gate 		for (hptr = cfg->llHead; hptr; hptr = hptr->h_llnext) {
32337c478bd9Sstevel@tonic-gate 			if (hptr->h_type != NS_HASH_AMAP) {
32347c478bd9Sstevel@tonic-gate 				continue;
32357c478bd9Sstevel@tonic-gate 			}
32367c478bd9Sstevel@tonic-gate 			if (!first) {
32377c478bd9Sstevel@tonic-gate 				if (fmt == NS_DOOR_FMT)
32387c478bd9Sstevel@tonic-gate 					(void) strcat(buf, DOORLINESEP);
32397c478bd9Sstevel@tonic-gate 				else
32407c478bd9Sstevel@tonic-gate 					(void) strcat(buf, "\n");
32417c478bd9Sstevel@tonic-gate 			}
32427c478bd9Sstevel@tonic-gate 			mptr = hptr->h_map;
32437c478bd9Sstevel@tonic-gate 			(void) strcat(buf, abuf);
32447c478bd9Sstevel@tonic-gate 			(void) strcat(buf, mptr->service);
32457c478bd9Sstevel@tonic-gate 			(void) strcat(buf, COLONSEP);
32467c478bd9Sstevel@tonic-gate 			(void) strcat(buf, mptr->orig);
32477c478bd9Sstevel@tonic-gate 			(void) strcat(buf, EQUALSEP);
32487c478bd9Sstevel@tonic-gate 			for (cpp = mptr->map; cpp && *cpp; cpp++) {
32497c478bd9Sstevel@tonic-gate 				if (cpp != mptr->map)
32507c478bd9Sstevel@tonic-gate 					(void) strcat(buf, SPACESEP);
32517c478bd9Sstevel@tonic-gate 				(void) strcat(buf, *cpp);
32527c478bd9Sstevel@tonic-gate 			}
32537c478bd9Sstevel@tonic-gate 			first = 0;
32547c478bd9Sstevel@tonic-gate 		}
32557c478bd9Sstevel@tonic-gate 		break;
32567c478bd9Sstevel@tonic-gate 	case OBJMAP:
32577c478bd9Sstevel@tonic-gate 		buf[0] = '\0';
32587c478bd9Sstevel@tonic-gate 		first = 1;
32597c478bd9Sstevel@tonic-gate 		for (hptr = cfg->llHead; hptr; hptr = hptr->h_llnext) {
32607c478bd9Sstevel@tonic-gate 			if (hptr->h_type != NS_HASH_OMAP) {
32617c478bd9Sstevel@tonic-gate 				continue;
32627c478bd9Sstevel@tonic-gate 			}
32637c478bd9Sstevel@tonic-gate 			if (!first) {
32647c478bd9Sstevel@tonic-gate 				if (fmt == NS_DOOR_FMT)
32657c478bd9Sstevel@tonic-gate 					(void) strcat(buf, DOORLINESEP);
32667c478bd9Sstevel@tonic-gate 				else
32677c478bd9Sstevel@tonic-gate 					(void) strcat(buf, "\n");
32687c478bd9Sstevel@tonic-gate 			}
32697c478bd9Sstevel@tonic-gate 			mptr = hptr->h_map;
32707c478bd9Sstevel@tonic-gate 			(void) strcat(buf, abuf);
32717c478bd9Sstevel@tonic-gate 			(void) strcat(buf, mptr->service);
32727c478bd9Sstevel@tonic-gate 			(void) strcat(buf, COLONSEP);
32737c478bd9Sstevel@tonic-gate 			(void) strcat(buf, mptr->orig);
32747c478bd9Sstevel@tonic-gate 			(void) strcat(buf, EQUALSEP);
32757c478bd9Sstevel@tonic-gate 			for (cpp = mptr->map; cpp && *cpp; cpp++) {
32767c478bd9Sstevel@tonic-gate 				if (cpp != mptr->map)
32777c478bd9Sstevel@tonic-gate 					(void) strcat(buf, SPACESEP);
32787c478bd9Sstevel@tonic-gate 				(void) strcat(buf, *cpp);
32797c478bd9Sstevel@tonic-gate 			}
32807c478bd9Sstevel@tonic-gate 			first = 0;
32817c478bd9Sstevel@tonic-gate 		}
32827c478bd9Sstevel@tonic-gate 		break;
32837c478bd9Sstevel@tonic-gate 	}
32847c478bd9Sstevel@tonic-gate 	return (buf);
32857c478bd9Sstevel@tonic-gate }
32867c478bd9Sstevel@tonic-gate 
32877c478bd9Sstevel@tonic-gate static int
32887c478bd9Sstevel@tonic-gate __door_getldapconfig(char **buffer, int *buflen, ns_ldap_error_t **error)
32897c478bd9Sstevel@tonic-gate {
32907c478bd9Sstevel@tonic-gate 	typedef union {
32917c478bd9Sstevel@tonic-gate 		ldap_data_t	s_d;
32927c478bd9Sstevel@tonic-gate 		char		s_b[DOORBUFFERSIZE];
32937c478bd9Sstevel@tonic-gate 	} space_t;
32947ddae043Siz 	space_t			*space;
32957c478bd9Sstevel@tonic-gate 
32967ddae043Siz 	ldap_data_t		*sptr;
32977ddae043Siz 	int			ndata;
32987ddae043Siz 	int			adata;
32997ddae043Siz 	char			errstr[MAXERROR];
33007ddae043Siz 	char			*domainname;
33017ddae043Siz 	ns_ldap_return_code	retCode;
3302e1dd0a2fSth 	ldap_config_out_t	*cfghdr;
33037ddae043Siz 
33047ddae043Siz 	*error = NULL;
33057c478bd9Sstevel@tonic-gate 
33067c478bd9Sstevel@tonic-gate 	domainname = __getdomainname();
33077c478bd9Sstevel@tonic-gate 	if (domainname == NULL || buffer == NULL || buflen == NULL ||
33087c478bd9Sstevel@tonic-gate 	    (strlen(domainname) >= (sizeof (space_t)
33097ddae043Siz 	    - sizeof (space->s_d.ldap_call.ldap_callnumber)))) {
33107c478bd9Sstevel@tonic-gate 		return (NS_LDAP_OP_FAILED);
33117c478bd9Sstevel@tonic-gate 	}
33127c478bd9Sstevel@tonic-gate 
33137c478bd9Sstevel@tonic-gate 	space = (space_t *)calloc(1, sizeof (space_t));
33147c478bd9Sstevel@tonic-gate 	if (space == NULL)
33157ddae043Siz 		return (NS_LDAP_MEMORY);
33167c478bd9Sstevel@tonic-gate 
33177c478bd9Sstevel@tonic-gate 	adata = (sizeof (ldap_call_t) + strlen(domainname) +1);
33187c478bd9Sstevel@tonic-gate 	ndata = sizeof (space_t);
33197c478bd9Sstevel@tonic-gate 	space->s_d.ldap_call.ldap_callnumber = GETLDAPCONFIGV1;
33207c478bd9Sstevel@tonic-gate 	(void) strcpy(space->s_d.ldap_call.ldap_u.domainname, domainname);
33217c478bd9Sstevel@tonic-gate 	free(domainname);
33227c478bd9Sstevel@tonic-gate 	domainname = NULL;
33237c478bd9Sstevel@tonic-gate 	sptr = &space->s_d;
33247c478bd9Sstevel@tonic-gate 
33257c478bd9Sstevel@tonic-gate 	switch (__ns_ldap_trydoorcall(&sptr, &ndata, &adata)) {
3326e1dd0a2fSth 	case NS_CACHE_SUCCESS:
33277c478bd9Sstevel@tonic-gate 		break;
3328e1dd0a2fSth 	case NS_CACHE_NOTFOUND:
33297c478bd9Sstevel@tonic-gate 		(void) snprintf(errstr, sizeof (errstr),
33307ddae043Siz 		    gettext("Door call to "
33317ddae043Siz 		    "ldap_cachemgr failed - error: %d."),
33327ddae043Siz 		    space->s_d.ldap_ret.ldap_errno);
33337c478bd9Sstevel@tonic-gate 		MKERROR(LOG_WARNING, *error, NS_CONFIG_CACHEMGR,
33347ddae043Siz 		    strdup(errstr), NULL);
33357c478bd9Sstevel@tonic-gate 		free(space);
33367c478bd9Sstevel@tonic-gate 		return (NS_LDAP_OP_FAILED);
33377c478bd9Sstevel@tonic-gate 	default:
33387c478bd9Sstevel@tonic-gate 		free(space);
33397c478bd9Sstevel@tonic-gate 		return (NS_LDAP_OP_FAILED);
33407c478bd9Sstevel@tonic-gate 	}
33417c478bd9Sstevel@tonic-gate 
33427ddae043Siz 	retCode = NS_LDAP_SUCCESS;
33437ddae043Siz 
33447c478bd9Sstevel@tonic-gate 	/* copy info from door call to buffer here */
3345e1dd0a2fSth 	cfghdr = &sptr->ldap_ret.ldap_u.config_str;
3346e1dd0a2fSth 	*buflen = offsetof(ldap_config_out_t, config_str) +
3347e1dd0a2fSth 	    cfghdr->data_size + 1;
33487c478bd9Sstevel@tonic-gate 	*buffer = calloc(*buflen, sizeof (char));
33497c478bd9Sstevel@tonic-gate 	if (*buffer == NULL) {
33507ddae043Siz 		retCode = NS_LDAP_MEMORY;
3351e1dd0a2fSth 	} else
3352e1dd0a2fSth 		(void) memcpy(*buffer, cfghdr, *buflen - 1);
33537c478bd9Sstevel@tonic-gate 
33547c478bd9Sstevel@tonic-gate 	if (sptr != &space->s_d) {
33557c478bd9Sstevel@tonic-gate 		(void) munmap((char *)sptr, ndata);
33567c478bd9Sstevel@tonic-gate 	}
33577ddae043Siz 	free(space);
33587c478bd9Sstevel@tonic-gate 
33597ddae043Siz 	return (retCode);
33607c478bd9Sstevel@tonic-gate }
33617c478bd9Sstevel@tonic-gate 
33627c478bd9Sstevel@tonic-gate /*
33637c478bd9Sstevel@tonic-gate  * SetDoorInfo parses ldapcachemgr configuration information
33647c478bd9Sstevel@tonic-gate  * and verifies that the profile is version 1 or version 2 based.
33657c478bd9Sstevel@tonic-gate  * version 2 profiles must have a version number as the first profile
33667c478bd9Sstevel@tonic-gate  * attribute in the configuration.
33677c478bd9Sstevel@tonic-gate  */
33687c478bd9Sstevel@tonic-gate static ns_config_t *
33697c478bd9Sstevel@tonic-gate SetDoorInfo(char *buffer, ns_ldap_error_t **errorp)
33707c478bd9Sstevel@tonic-gate {
33717c478bd9Sstevel@tonic-gate 	ns_config_t	*ptr;
33727c478bd9Sstevel@tonic-gate 	char		errstr[MAXERROR], errbuf[MAXERROR];
33737c478bd9Sstevel@tonic-gate 	char		*name, *value, valbuf[BUFSIZE];
33747c478bd9Sstevel@tonic-gate 	char		*strptr;
33757c478bd9Sstevel@tonic-gate 	char		*rest;
33767c478bd9Sstevel@tonic-gate 	char		*bufptr = buffer;
33777c478bd9Sstevel@tonic-gate 	ParamIndexType	i;
33787c478bd9Sstevel@tonic-gate 	int		ret;
33797c478bd9Sstevel@tonic-gate 	int		first = 1;
33807c478bd9Sstevel@tonic-gate 	int		errfnd = 0;
3381e1dd0a2fSth 	ldap_config_out_t *cfghdr;
33827c478bd9Sstevel@tonic-gate 
33837c478bd9Sstevel@tonic-gate 	if (errorp == NULL)
33847c478bd9Sstevel@tonic-gate 		return (NULL);
33857c478bd9Sstevel@tonic-gate 	*errorp = NULL;
33867c478bd9Sstevel@tonic-gate 
33877c478bd9Sstevel@tonic-gate 	ptr = __s_api_create_config();
33887c478bd9Sstevel@tonic-gate 	if (ptr == NULL) {
33897c478bd9Sstevel@tonic-gate 		return (NULL);
33907c478bd9Sstevel@tonic-gate 	}
33917c478bd9Sstevel@tonic-gate 
3392e1dd0a2fSth 	/* get config cookie from the header */
3393e1dd0a2fSth 	cfghdr = (ldap_config_out_t *)bufptr;
3394e1dd0a2fSth 	ptr->config_cookie = cfghdr->cookie;
3395e1dd0a2fSth 	bufptr = (char *)cfghdr->config_str;
3396e1dd0a2fSth 
33977c478bd9Sstevel@tonic-gate 	strptr = (char *)strtok_r(bufptr, DOORLINESEP, &rest);
33987c478bd9Sstevel@tonic-gate 	for (; ; ) {
33997c478bd9Sstevel@tonic-gate 		if (strptr == NULL)
34007c478bd9Sstevel@tonic-gate 			break;
34017c478bd9Sstevel@tonic-gate 		(void) strlcpy(valbuf, strptr, sizeof (valbuf));
34027c478bd9Sstevel@tonic-gate 		__s_api_split_key_value(valbuf, &name, &value);
34037c478bd9Sstevel@tonic-gate 		/* Use get_versiontype and check for V1 vs V2 prototypes */
34047c478bd9Sstevel@tonic-gate 		if (__s_api_get_versiontype(ptr, name, &i) < 0) {
34057c478bd9Sstevel@tonic-gate 			(void) snprintf(errstr, sizeof (errstr),
34067ddae043Siz 			    "%s (%s)\n",
34077ddae043Siz 			    gettext("Illegal profile entry "
34087ddae043Siz 			    "line in configuration."),
34097ddae043Siz 			    name);
34107c478bd9Sstevel@tonic-gate 			errfnd++;
34117c478bd9Sstevel@tonic-gate 		/* Write verify routines and get rid of verify_value here */
34127c478bd9Sstevel@tonic-gate 		} else if (verify_value(ptr, name,
34137ddae043Siz 		    value, errbuf) != NS_SUCCESS) {
34147c478bd9Sstevel@tonic-gate 			(void) snprintf(errstr, sizeof (errstr),
34157ddae043Siz 			    gettext("%s\n"), errbuf);
34167c478bd9Sstevel@tonic-gate 			errfnd++;
34177c478bd9Sstevel@tonic-gate 		} else if (!first && i == NS_LDAP_FILE_VERSION_P) {
34187c478bd9Sstevel@tonic-gate 			(void) snprintf(errstr, sizeof (errstr),
34197ddae043Siz 			    gettext("Illegal NS_LDAP_FILE_VERSION "
34207ddae043Siz 			    "line in configuration.\n"));
34217c478bd9Sstevel@tonic-gate 			errfnd++;
34227c478bd9Sstevel@tonic-gate 		}
34237c478bd9Sstevel@tonic-gate 		if (errfnd) {
34247c478bd9Sstevel@tonic-gate 			MKERROR(LOG_ERR, *errorp, NS_CONFIG_SYNTAX,
34257ddae043Siz 			    strdup(errstr), NULL);
34267c478bd9Sstevel@tonic-gate 		} else {
34277c478bd9Sstevel@tonic-gate 			ret = set_default_value(ptr, name, value, errorp);
34287c478bd9Sstevel@tonic-gate 		}
34297c478bd9Sstevel@tonic-gate 		if (errfnd || ret != NS_SUCCESS) {
34307c478bd9Sstevel@tonic-gate 			__s_api_destroy_config(ptr);
34317c478bd9Sstevel@tonic-gate 			return (NULL);
34327c478bd9Sstevel@tonic-gate 		}
34337c478bd9Sstevel@tonic-gate 		first = 0;
34347c478bd9Sstevel@tonic-gate 
34357c478bd9Sstevel@tonic-gate 		strptr = (char *)strtok_r(NULL, DOORLINESEP, &rest);
34367c478bd9Sstevel@tonic-gate 	}
34377c478bd9Sstevel@tonic-gate 
34387c478bd9Sstevel@tonic-gate 	if (__s_api_crosscheck(ptr, errstr, B_TRUE) != NS_SUCCESS) {
34397c478bd9Sstevel@tonic-gate 		__s_api_destroy_config(ptr);
34407c478bd9Sstevel@tonic-gate 		MKERROR(LOG_WARNING, *errorp, NS_CONFIG_SYNTAX, strdup(errstr),
34417ddae043Siz 		    NULL);
34427c478bd9Sstevel@tonic-gate 		return (NULL);
34437c478bd9Sstevel@tonic-gate 	}
34447c478bd9Sstevel@tonic-gate 
34457c478bd9Sstevel@tonic-gate 	return (ptr);
34467c478bd9Sstevel@tonic-gate }
34477c478bd9Sstevel@tonic-gate 
34487c478bd9Sstevel@tonic-gate static ns_config_t *
3449e1dd0a2fSth LoadCacheConfiguration(ns_config_t *oldcfg, ns_ldap_error_t **error)
34507c478bd9Sstevel@tonic-gate {
34517c478bd9Sstevel@tonic-gate 	char		*buffer = NULL;
34527c478bd9Sstevel@tonic-gate 	int		buflen = 0;
34537c478bd9Sstevel@tonic-gate 	int		ret;
34547c478bd9Sstevel@tonic-gate 	ns_config_t	*cfg;
3455e1dd0a2fSth 	ldap_config_out_t *cfghdr;
3456e1dd0a2fSth 	ldap_get_chg_cookie_t old_cookie;
3457e1dd0a2fSth 	ldap_get_chg_cookie_t new_cookie;
34587c478bd9Sstevel@tonic-gate 
34597c478bd9Sstevel@tonic-gate 	*error = NULL;
34607c478bd9Sstevel@tonic-gate 	ret = __door_getldapconfig(&buffer, &buflen, error);
34617c478bd9Sstevel@tonic-gate 
34627c478bd9Sstevel@tonic-gate 	if (ret != NS_LDAP_SUCCESS) {
34637c478bd9Sstevel@tonic-gate 		if (*error != NULL && (*error)->message != NULL)
34647c478bd9Sstevel@tonic-gate 			syslog(LOG_WARNING, "libsldap: %s", (*error)->message);
34657c478bd9Sstevel@tonic-gate 		return (NULL);
34667c478bd9Sstevel@tonic-gate 	}
34677c478bd9Sstevel@tonic-gate 
3468e1dd0a2fSth 	/* No need to reload configuration if config cookie is the same */
3469e1dd0a2fSth 	cfghdr = (ldap_config_out_t *)buffer;
3470e1dd0a2fSth 	new_cookie = cfghdr->cookie;
3471e1dd0a2fSth 	if (oldcfg != NULL)
3472e1dd0a2fSth 		old_cookie = oldcfg->config_cookie;
3473e1dd0a2fSth 
3474e1dd0a2fSth 	if (oldcfg != NULL && old_cookie.mgr_pid == new_cookie.mgr_pid &&
3475e1dd0a2fSth 	    old_cookie.seq_num == new_cookie.seq_num) {
3476e1dd0a2fSth 		free(buffer);
3477e1dd0a2fSth 		return (oldcfg);
3478e1dd0a2fSth 	}
3479e1dd0a2fSth 
34807c478bd9Sstevel@tonic-gate 	/* now convert from door format */
34817c478bd9Sstevel@tonic-gate 	cfg = SetDoorInfo(buffer, error);
34827c478bd9Sstevel@tonic-gate 	free(buffer);
34837c478bd9Sstevel@tonic-gate 
34847c478bd9Sstevel@tonic-gate 	if (cfg == NULL && *error != NULL && (*error)->message != NULL)
34857c478bd9Sstevel@tonic-gate 		syslog(LOG_WARNING, "libsldap: %s", (*error)->message);
34867c478bd9Sstevel@tonic-gate 	return (cfg);
34877c478bd9Sstevel@tonic-gate }
34887c478bd9Sstevel@tonic-gate 
34897c478bd9Sstevel@tonic-gate /*
34907c478bd9Sstevel@tonic-gate  * converts the time string into seconds.  The time string can be specified
34917c478bd9Sstevel@tonic-gate  * using one of the following time units:
34927c478bd9Sstevel@tonic-gate  * 	#s (# of seconds)
34937c478bd9Sstevel@tonic-gate  *	#m (# of minutes)
34947c478bd9Sstevel@tonic-gate  *	#h (# of hours)
34957c478bd9Sstevel@tonic-gate  *	#d (# of days)
34967c478bd9Sstevel@tonic-gate  *	#w (# of weeks)
34977c478bd9Sstevel@tonic-gate  * NOTE: you can only specify one the above.  No combination of the above
34987c478bd9Sstevel@tonic-gate  * units is allowed.  If no unit specified, it will default to "seconds".
34997c478bd9Sstevel@tonic-gate  */
35007c478bd9Sstevel@tonic-gate static time_t
35017c478bd9Sstevel@tonic-gate conv_time(char *s)
35027c478bd9Sstevel@tonic-gate {
35037c478bd9Sstevel@tonic-gate 	time_t t;
35047c478bd9Sstevel@tonic-gate 	char c;
35057c478bd9Sstevel@tonic-gate 	int l, m;
35067c478bd9Sstevel@tonic-gate 	long tot;
35077c478bd9Sstevel@tonic-gate 
35087c478bd9Sstevel@tonic-gate 	l = strlen(s);
35097c478bd9Sstevel@tonic-gate 	if (l == 0)
35107c478bd9Sstevel@tonic-gate 		return (0);
35117c478bd9Sstevel@tonic-gate 	c = s[--l];
35127c478bd9Sstevel@tonic-gate 	m = 0;
35137c478bd9Sstevel@tonic-gate 	switch (c) {
35147c478bd9Sstevel@tonic-gate 	case 'w': /* weeks */
35157c478bd9Sstevel@tonic-gate 		m = 604800;
35167c478bd9Sstevel@tonic-gate 		break;
35177c478bd9Sstevel@tonic-gate 	case 'd': /* days */
35187c478bd9Sstevel@tonic-gate 		m = 86400;
35197c478bd9Sstevel@tonic-gate 		break;
35207c478bd9Sstevel@tonic-gate 	case 'h': /* hours */
35217c478bd9Sstevel@tonic-gate 		m = 3600;
35227c478bd9Sstevel@tonic-gate 		break;
35237c478bd9Sstevel@tonic-gate 	case 'm': /* minutes */
35247c478bd9Sstevel@tonic-gate 		m = 60;
35257c478bd9Sstevel@tonic-gate 		break;
35267c478bd9Sstevel@tonic-gate 	case 's': /* seconds */
35277c478bd9Sstevel@tonic-gate 		m = 1;
35287c478bd9Sstevel@tonic-gate 		break;
35297c478bd9Sstevel@tonic-gate 	/* the default case is set to "second" */
35307c478bd9Sstevel@tonic-gate 	}
35317c478bd9Sstevel@tonic-gate 	if (m != 0)
35327c478bd9Sstevel@tonic-gate 		s[l] = '\0';
35337c478bd9Sstevel@tonic-gate 	else
35347c478bd9Sstevel@tonic-gate 		m = 1;
35357c478bd9Sstevel@tonic-gate 	errno = 0;
35367c478bd9Sstevel@tonic-gate 	tot = atol(s);
35377c478bd9Sstevel@tonic-gate 	if ((0 == tot) && (EINVAL == errno))
35387c478bd9Sstevel@tonic-gate 		return (0);
35397c478bd9Sstevel@tonic-gate 	if (((LONG_MAX == tot) || (LONG_MIN == tot)) && (EINVAL == errno))
35407c478bd9Sstevel@tonic-gate 		return (0);
35417c478bd9Sstevel@tonic-gate 
35427c478bd9Sstevel@tonic-gate 	tot = tot * m;
35437c478bd9Sstevel@tonic-gate 	t = (time_t)tot;
35447c478bd9Sstevel@tonic-gate 	return (t);
35457c478bd9Sstevel@tonic-gate }
35467c478bd9Sstevel@tonic-gate 
35477c478bd9Sstevel@tonic-gate 
35487c478bd9Sstevel@tonic-gate ns_auth_t *
35497c478bd9Sstevel@tonic-gate __s_api_AuthEnumtoStruct(const EnumAuthType_t i)
35507c478bd9Sstevel@tonic-gate {
35517c478bd9Sstevel@tonic-gate 	ns_auth_t *ap;
35527c478bd9Sstevel@tonic-gate 
35537c478bd9Sstevel@tonic-gate 	ap = (ns_auth_t *)calloc(1, sizeof (ns_auth_t));
35547c478bd9Sstevel@tonic-gate 	if (ap == NULL)
35557c478bd9Sstevel@tonic-gate 		return (NULL);
35567c478bd9Sstevel@tonic-gate 	switch (i) {
35577c478bd9Sstevel@tonic-gate 		case NS_LDAP_EA_NONE:
35587c478bd9Sstevel@tonic-gate 			break;
35597c478bd9Sstevel@tonic-gate 		case NS_LDAP_EA_SIMPLE:
35607c478bd9Sstevel@tonic-gate 			ap->type = NS_LDAP_AUTH_SIMPLE;
35617c478bd9Sstevel@tonic-gate 			break;
35627c478bd9Sstevel@tonic-gate 		case NS_LDAP_EA_SASL_CRAM_MD5:
35637c478bd9Sstevel@tonic-gate 			ap->type = NS_LDAP_AUTH_SASL;
35647c478bd9Sstevel@tonic-gate 			ap->saslmech = NS_LDAP_SASL_CRAM_MD5;
35657c478bd9Sstevel@tonic-gate 			break;
35667c478bd9Sstevel@tonic-gate 		case NS_LDAP_EA_SASL_DIGEST_MD5:
35677c478bd9Sstevel@tonic-gate 			ap->type = NS_LDAP_AUTH_SASL;
35687c478bd9Sstevel@tonic-gate 			ap->saslmech = NS_LDAP_SASL_DIGEST_MD5;
35697c478bd9Sstevel@tonic-gate 			break;
35707c478bd9Sstevel@tonic-gate 		case NS_LDAP_EA_SASL_DIGEST_MD5_INT:
35717c478bd9Sstevel@tonic-gate 			ap->type = NS_LDAP_AUTH_SASL;
35727c478bd9Sstevel@tonic-gate 			ap->saslmech = NS_LDAP_SASL_DIGEST_MD5;
35737c478bd9Sstevel@tonic-gate 			ap->saslopt = NS_LDAP_SASLOPT_INT;
35747c478bd9Sstevel@tonic-gate 			break;
35757c478bd9Sstevel@tonic-gate 		case NS_LDAP_EA_SASL_DIGEST_MD5_CONF:
35767c478bd9Sstevel@tonic-gate 			ap->type = NS_LDAP_AUTH_SASL;
35777c478bd9Sstevel@tonic-gate 			ap->saslmech = NS_LDAP_SASL_DIGEST_MD5;
35787c478bd9Sstevel@tonic-gate 			ap->saslopt = NS_LDAP_SASLOPT_PRIV;
35797c478bd9Sstevel@tonic-gate 			break;
35807c478bd9Sstevel@tonic-gate 		case NS_LDAP_EA_SASL_EXTERNAL:
35817c478bd9Sstevel@tonic-gate 			ap->type = NS_LDAP_AUTH_SASL;
35827c478bd9Sstevel@tonic-gate 			ap->saslmech = NS_LDAP_SASL_EXTERNAL;
35837c478bd9Sstevel@tonic-gate 			break;
3584cb5caa98Sdjl 		case NS_LDAP_EA_SASL_GSSAPI:
3585cb5caa98Sdjl 			ap->type = NS_LDAP_AUTH_SASL;
3586cb5caa98Sdjl 			ap->saslmech = NS_LDAP_SASL_GSSAPI;
3587cb5caa98Sdjl 			ap->saslopt = NS_LDAP_SASLOPT_INT |
35887ddae043Siz 			    NS_LDAP_SASLOPT_PRIV;
3589cb5caa98Sdjl 			break;
35907c478bd9Sstevel@tonic-gate 		case NS_LDAP_EA_TLS_NONE:
35917c478bd9Sstevel@tonic-gate 			ap->type = NS_LDAP_AUTH_TLS;
35927c478bd9Sstevel@tonic-gate 			ap->tlstype = NS_LDAP_TLS_NONE;
35937c478bd9Sstevel@tonic-gate 			break;
35947c478bd9Sstevel@tonic-gate 		case NS_LDAP_EA_TLS_SIMPLE:
35957c478bd9Sstevel@tonic-gate 			ap->type = NS_LDAP_AUTH_TLS;
35967c478bd9Sstevel@tonic-gate 			ap->tlstype = NS_LDAP_TLS_SIMPLE;
35977c478bd9Sstevel@tonic-gate 			break;
35987c478bd9Sstevel@tonic-gate 		case NS_LDAP_EA_TLS_SASL_CRAM_MD5:
35997c478bd9Sstevel@tonic-gate 			ap->type = NS_LDAP_AUTH_TLS;
36007c478bd9Sstevel@tonic-gate 			ap->tlstype = NS_LDAP_TLS_SASL;
36017c478bd9Sstevel@tonic-gate 			ap->saslmech = NS_LDAP_SASL_CRAM_MD5;
36027c478bd9Sstevel@tonic-gate 			break;
36037c478bd9Sstevel@tonic-gate 		case NS_LDAP_EA_TLS_SASL_DIGEST_MD5:
36047c478bd9Sstevel@tonic-gate 			ap->type = NS_LDAP_AUTH_TLS;
36057c478bd9Sstevel@tonic-gate 			ap->tlstype = NS_LDAP_TLS_SASL;
36067c478bd9Sstevel@tonic-gate 			ap->saslmech = NS_LDAP_SASL_DIGEST_MD5;
36077c478bd9Sstevel@tonic-gate 			break;
36087c478bd9Sstevel@tonic-gate 		case NS_LDAP_EA_TLS_SASL_DIGEST_MD5_INT:
36097c478bd9Sstevel@tonic-gate 			ap->type = NS_LDAP_AUTH_TLS;
36107c478bd9Sstevel@tonic-gate 			ap->tlstype = NS_LDAP_TLS_SASL;
36117c478bd9Sstevel@tonic-gate 			ap->saslmech = NS_LDAP_SASL_DIGEST_MD5;
36127c478bd9Sstevel@tonic-gate 			ap->saslopt = NS_LDAP_SASLOPT_INT;
36137c478bd9Sstevel@tonic-gate 			break;
36147c478bd9Sstevel@tonic-gate 		case NS_LDAP_EA_TLS_SASL_DIGEST_MD5_CONF:
36157c478bd9Sstevel@tonic-gate 			ap->type = NS_LDAP_AUTH_TLS;
36167c478bd9Sstevel@tonic-gate 			ap->tlstype = NS_LDAP_TLS_SASL;
36177c478bd9Sstevel@tonic-gate 			ap->saslmech = NS_LDAP_SASL_DIGEST_MD5;
36187c478bd9Sstevel@tonic-gate 			ap->saslopt = NS_LDAP_SASLOPT_PRIV;
36197c478bd9Sstevel@tonic-gate 			break;
36207c478bd9Sstevel@tonic-gate 		case NS_LDAP_EA_TLS_SASL_EXTERNAL:
36217c478bd9Sstevel@tonic-gate 			ap->type = NS_LDAP_AUTH_TLS;
36227c478bd9Sstevel@tonic-gate 			ap->tlstype = NS_LDAP_TLS_SASL;
36237c478bd9Sstevel@tonic-gate 			ap->saslmech = NS_LDAP_SASL_EXTERNAL;
36247c478bd9Sstevel@tonic-gate 			break;
36257c478bd9Sstevel@tonic-gate 		default:
36267c478bd9Sstevel@tonic-gate 			/* should never get here */
36277c478bd9Sstevel@tonic-gate 			free(ap);
36287c478bd9Sstevel@tonic-gate 			return (NULL);
36297c478bd9Sstevel@tonic-gate 	}
36307c478bd9Sstevel@tonic-gate 	return (ap);
36317c478bd9Sstevel@tonic-gate }
36327c478bd9Sstevel@tonic-gate 
36337c478bd9Sstevel@tonic-gate 
36347c478bd9Sstevel@tonic-gate /*
36357c478bd9Sstevel@tonic-gate  * Parameter Index Type validation routines
36367c478bd9Sstevel@tonic-gate  */
36377c478bd9Sstevel@tonic-gate 
36387c478bd9Sstevel@tonic-gate /* Validate a positive integer */
36397c478bd9Sstevel@tonic-gate /* Size of errbuf needs to be MAXERROR */
36407c478bd9Sstevel@tonic-gate /* ARGSUSED */
36417c478bd9Sstevel@tonic-gate static int
36427c478bd9Sstevel@tonic-gate __s_val_postime(ParamIndexType i, ns_default_config *def,
36437c478bd9Sstevel@tonic-gate 		ns_param_t *param, char *errbuf)
36447c478bd9Sstevel@tonic-gate {
36457c478bd9Sstevel@tonic-gate 	char	*cp;
36467c478bd9Sstevel@tonic-gate 	long	tot;
36477c478bd9Sstevel@tonic-gate 
36487c478bd9Sstevel@tonic-gate 	if (param && param->ns_ptype == CHARPTR && param->ns_pc) {
36497c478bd9Sstevel@tonic-gate 		for (cp = param->ns_pc; cp && *cp; cp++) {
36507c478bd9Sstevel@tonic-gate 			if (*cp >= '0' && *cp <= '9')
36517c478bd9Sstevel@tonic-gate 				continue;
36527c478bd9Sstevel@tonic-gate 			switch (*cp) {
36537c478bd9Sstevel@tonic-gate 			case 'w': /* weeks */
36547c478bd9Sstevel@tonic-gate 			case 'd': /* days */
36557c478bd9Sstevel@tonic-gate 			case 'h': /* hours */
36567c478bd9Sstevel@tonic-gate 			case 'm': /* minutes */
36577c478bd9Sstevel@tonic-gate 			case 's': /* seconds */
36587c478bd9Sstevel@tonic-gate 				if (*(cp+1) == '\0') {
36597c478bd9Sstevel@tonic-gate 					break;
36607c478bd9Sstevel@tonic-gate 				}
36617c478bd9Sstevel@tonic-gate 			default:
36627c478bd9Sstevel@tonic-gate 				(void) strcpy(errbuf, "Illegal time value");
36637c478bd9Sstevel@tonic-gate 				return (NS_PARSE_ERR);
36647c478bd9Sstevel@tonic-gate 			}
36657c478bd9Sstevel@tonic-gate 		}
36667c478bd9Sstevel@tonic-gate 		/* Valid form:  [0-9][0-9]*[wdhms]* */
36677c478bd9Sstevel@tonic-gate 		tot = atol(param->ns_pc);	/* check overflow */
36687c478bd9Sstevel@tonic-gate 		if (tot >= 0)
36697c478bd9Sstevel@tonic-gate 			return (NS_SUCCESS);
36707c478bd9Sstevel@tonic-gate 	}
36717c478bd9Sstevel@tonic-gate 	(void) snprintf(errbuf, MAXERROR,
36727ddae043Siz 	    gettext("Illegal time value in %s"), def->name);
36737c478bd9Sstevel@tonic-gate 	return (NS_PARSE_ERR);
36747c478bd9Sstevel@tonic-gate }
36757c478bd9Sstevel@tonic-gate 
36767c478bd9Sstevel@tonic-gate 
36777c478bd9Sstevel@tonic-gate /* Validate the Base DN */
36787c478bd9Sstevel@tonic-gate /* It can be empty (RootDSE request) or needs to have an '=' */
36797c478bd9Sstevel@tonic-gate /* Size of errbuf needs to be MAXERROR */
36807c478bd9Sstevel@tonic-gate /* ARGSUSED */
36817c478bd9Sstevel@tonic-gate static int
36827c478bd9Sstevel@tonic-gate __s_val_basedn(ParamIndexType i, ns_default_config *def,
36837c478bd9Sstevel@tonic-gate 		ns_param_t *param, char *errbuf)
36847c478bd9Sstevel@tonic-gate {
36857c478bd9Sstevel@tonic-gate 	if (param && param->ns_ptype == CHARPTR &&
36867c478bd9Sstevel@tonic-gate 	    i == NS_LDAP_SEARCH_BASEDN_P &&
36877ddae043Siz 	    ((param->ns_pc == NULL) || 		/* empty */
36887ddae043Siz 	    (*(param->ns_pc) == '\0') ||		/* empty */
36897ddae043Siz 	    (strchr(param->ns_pc, '=') != NULL)))	/* '=' */
36907c478bd9Sstevel@tonic-gate 	{
36917c478bd9Sstevel@tonic-gate 		return (NS_SUCCESS);
36927c478bd9Sstevel@tonic-gate 	}
36937c478bd9Sstevel@tonic-gate 	(void) snprintf(errbuf, MAXERROR,
36947ddae043Siz 	    gettext("Non-existent or invalid DN in %s"),
36957ddae043Siz 	    def->name);
36967c478bd9Sstevel@tonic-gate 	return (NS_PARSE_ERR);
36977c478bd9Sstevel@tonic-gate }
36987c478bd9Sstevel@tonic-gate 
36997c478bd9Sstevel@tonic-gate 
37007c478bd9Sstevel@tonic-gate /* Validate the serverList */
37017c478bd9Sstevel@tonic-gate /* For each server in list, check if valid IP or hostname */
37027c478bd9Sstevel@tonic-gate /* Size of errbuf needs to be MAXERROR */
37037c478bd9Sstevel@tonic-gate /* ARGSUSED */
37047c478bd9Sstevel@tonic-gate static int
37057c478bd9Sstevel@tonic-gate __s_val_serverList(ParamIndexType i, ns_default_config *def,
37067c478bd9Sstevel@tonic-gate 		ns_param_t *param, char *errbuf)
37077c478bd9Sstevel@tonic-gate {
37087c478bd9Sstevel@tonic-gate 	for (i = 0; i < param->ns_acnt; i++) {
37097c478bd9Sstevel@tonic-gate 		if ((__s_api_isipv4(param->ns_ppc[i])) ||
37107ddae043Siz 		    (__s_api_isipv6(param->ns_ppc[i])) ||
37117ddae043Siz 		    (__s_api_ishost(param->ns_ppc[i]))) {
37127c478bd9Sstevel@tonic-gate 			continue;
37137c478bd9Sstevel@tonic-gate 		}
37147c478bd9Sstevel@tonic-gate 		/* err */
37157c478bd9Sstevel@tonic-gate 		(void) snprintf(errbuf, MAXERROR,
37167ddae043Siz 		    gettext("Invalid server (%s) in %s"),
37177ddae043Siz 		    param->ns_ppc[i], def->name);
37187c478bd9Sstevel@tonic-gate 		return (NS_PARSE_ERR);
37197c478bd9Sstevel@tonic-gate 	}
37207c478bd9Sstevel@tonic-gate 
37217c478bd9Sstevel@tonic-gate 	return (NS_SUCCESS);
37227c478bd9Sstevel@tonic-gate }
37237c478bd9Sstevel@tonic-gate 
37247c478bd9Sstevel@tonic-gate 
37257c478bd9Sstevel@tonic-gate /* Check for a BINDDN */
37267c478bd9Sstevel@tonic-gate /* It can not be empty and needs to have an '=' */
37277c478bd9Sstevel@tonic-gate /* Size of errbuf needs to be MAXERROR */
37287c478bd9Sstevel@tonic-gate /* ARGSUSED */
37297c478bd9Sstevel@tonic-gate static int
37307c478bd9Sstevel@tonic-gate __s_val_binddn(ParamIndexType i, ns_default_config *def,
37317c478bd9Sstevel@tonic-gate 		ns_param_t *param, char *errbuf)
37327c478bd9Sstevel@tonic-gate {
37337c478bd9Sstevel@tonic-gate 	if (param && param->ns_ptype == CHARPTR &&
37347c478bd9Sstevel@tonic-gate 	    i == NS_LDAP_BINDDN_P &&
37357ddae043Siz 	    ((param->ns_pc == NULL) ||
37367ddae043Siz 	    ((*(param->ns_pc) != '\0') &&
37377ddae043Siz 	    (strchr(param->ns_pc, '=') != NULL)))) {
37387c478bd9Sstevel@tonic-gate 		return (NS_SUCCESS);
37397c478bd9Sstevel@tonic-gate 	}
37407c478bd9Sstevel@tonic-gate 	(void) snprintf(errbuf, MAXERROR,
37417ddae043Siz 	    gettext("NULL or invalid proxy bind DN"));
37427c478bd9Sstevel@tonic-gate 	return (NS_PARSE_ERR);
37437c478bd9Sstevel@tonic-gate }
37447c478bd9Sstevel@tonic-gate 
37457c478bd9Sstevel@tonic-gate 
37467c478bd9Sstevel@tonic-gate /* Check for a BINDPASSWD */
37477c478bd9Sstevel@tonic-gate /* The string can not be NULL or empty */
37487c478bd9Sstevel@tonic-gate /* Size of errbuf needs to be MAXERROR */
37497c478bd9Sstevel@tonic-gate /* ARGSUSED */
37507c478bd9Sstevel@tonic-gate static int
37517c478bd9Sstevel@tonic-gate __s_val_bindpw(ParamIndexType i, ns_default_config *def,
37527c478bd9Sstevel@tonic-gate 		ns_param_t *param, char *errbuf)
37537c478bd9Sstevel@tonic-gate {
37547c478bd9Sstevel@tonic-gate 	if (param && param->ns_ptype == CHARPTR &&
37557c478bd9Sstevel@tonic-gate 	    i == NS_LDAP_BINDPASSWD_P &&
37567ddae043Siz 	    ((param->ns_pc == NULL) ||
37577ddae043Siz 	    (*(param->ns_pc) != '\0'))) {
37587c478bd9Sstevel@tonic-gate 		return (NS_SUCCESS);
37597c478bd9Sstevel@tonic-gate 	}
37607c478bd9Sstevel@tonic-gate 	(void) snprintf(errbuf, MAXERROR,
37617ddae043Siz 	    gettext("NULL proxy bind password"));
37627c478bd9Sstevel@tonic-gate 	return (NS_PARSE_ERR);
37637c478bd9Sstevel@tonic-gate }
37647c478bd9Sstevel@tonic-gate 
37657c478bd9Sstevel@tonic-gate /*
37667c478bd9Sstevel@tonic-gate  * __s_get_hostcertpath returns either the configured host certificate path
37677c478bd9Sstevel@tonic-gate  * or, if none, the default host certificate path (/var/ldap). Note that this
37687c478bd9Sstevel@tonic-gate  * does not use __ns_ldap_getParam because it may be called during connection
37697c478bd9Sstevel@tonic-gate  * setup. This can fail due to insufficient memory.
37707c478bd9Sstevel@tonic-gate  */
37717c478bd9Sstevel@tonic-gate 
37727c478bd9Sstevel@tonic-gate char *
37737c478bd9Sstevel@tonic-gate __s_get_hostcertpath(void)
37747c478bd9Sstevel@tonic-gate {
37757c478bd9Sstevel@tonic-gate 	ns_config_t		*cfg;
37767c478bd9Sstevel@tonic-gate 	ns_param_t		*param;
37777c478bd9Sstevel@tonic-gate 	char			*ret = NULL;
37787c478bd9Sstevel@tonic-gate 
37797c478bd9Sstevel@tonic-gate 	cfg = __s_api_get_default_config();
37807c478bd9Sstevel@tonic-gate 	if (cfg != NULL) {
37817c478bd9Sstevel@tonic-gate 		param = &cfg->paramList[NS_LDAP_HOST_CERTPATH_P];
37827c478bd9Sstevel@tonic-gate 		if (param->ns_ptype == CHARPTR)
37837c478bd9Sstevel@tonic-gate 			ret = strdup(param->ns_pc);
37847c478bd9Sstevel@tonic-gate 		__s_api_release_config(cfg);
37857c478bd9Sstevel@tonic-gate 	}
37867c478bd9Sstevel@tonic-gate 	if (ret == NULL)
37877c478bd9Sstevel@tonic-gate 		ret = strdup(NSLDAPDIRECTORY);
37887c478bd9Sstevel@tonic-gate 	return (ret);
37897c478bd9Sstevel@tonic-gate }
37907c478bd9Sstevel@tonic-gate 
37917c478bd9Sstevel@tonic-gate static void
37927c478bd9Sstevel@tonic-gate _free_config()
37937c478bd9Sstevel@tonic-gate {
37947c478bd9Sstevel@tonic-gate 	if (current_config != NULL)
37957c478bd9Sstevel@tonic-gate 		destroy_config(current_config);
37967c478bd9Sstevel@tonic-gate 
37977c478bd9Sstevel@tonic-gate 	current_config = NULL;
37987c478bd9Sstevel@tonic-gate }
3799