17c478bd9Sstevel@tonic-gate /*
27c478bd9Sstevel@tonic-gate  * CDDL HEADER START
37c478bd9Sstevel@tonic-gate  *
47c478bd9Sstevel@tonic-gate  * The contents of this file are subject to the terms of the
5cb5caa98Sdjl  * Common Development and Distribution License (the "License").
6cb5caa98Sdjl  * You may not use this file except in compliance with the License.
77c478bd9Sstevel@tonic-gate  *
87c478bd9Sstevel@tonic-gate  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
97c478bd9Sstevel@tonic-gate  * or http://www.opensolaris.org/os/licensing.
107c478bd9Sstevel@tonic-gate  * See the License for the specific language governing permissions
117c478bd9Sstevel@tonic-gate  * and limitations under the License.
127c478bd9Sstevel@tonic-gate  *
137c478bd9Sstevel@tonic-gate  * When distributing Covered Code, include this CDDL HEADER in each
147c478bd9Sstevel@tonic-gate  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
157c478bd9Sstevel@tonic-gate  * If applicable, add the following below this CDDL HEADER, with the
167c478bd9Sstevel@tonic-gate  * fields enclosed by brackets "[]" replaced with your own identifying
177c478bd9Sstevel@tonic-gate  * information: Portions Copyright [yyyy] [name of copyright owner]
187c478bd9Sstevel@tonic-gate  *
197c478bd9Sstevel@tonic-gate  * CDDL HEADER END
207c478bd9Sstevel@tonic-gate  */
217c478bd9Sstevel@tonic-gate /*
22dd1104fbSMichen Chang  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
237c478bd9Sstevel@tonic-gate  * Use is subject to license terms.
247c478bd9Sstevel@tonic-gate  */
257c478bd9Sstevel@tonic-gate 
267c478bd9Sstevel@tonic-gate /*
277c478bd9Sstevel@tonic-gate  * libsldap - library side configuration components
287c478bd9Sstevel@tonic-gate  * Routines to manage the config structure
297c478bd9Sstevel@tonic-gate  */
307c478bd9Sstevel@tonic-gate 
317c478bd9Sstevel@tonic-gate #include <stdio.h>
327c478bd9Sstevel@tonic-gate #include <stdlib.h>
33e1dd0a2fSth #include <stddef.h>
347c478bd9Sstevel@tonic-gate #include <string.h>
357c478bd9Sstevel@tonic-gate #include <strings.h>
367c478bd9Sstevel@tonic-gate #include <libintl.h>
377c478bd9Sstevel@tonic-gate #include <locale.h>
387c478bd9Sstevel@tonic-gate #include <thread.h>
397c478bd9Sstevel@tonic-gate #include <synch.h>
407c478bd9Sstevel@tonic-gate #include <errno.h>
417c478bd9Sstevel@tonic-gate #include <unistd.h>
427c478bd9Sstevel@tonic-gate #include <fcntl.h>
437c478bd9Sstevel@tonic-gate #include <ctype.h>
447c478bd9Sstevel@tonic-gate #include <crypt.h>
457c478bd9Sstevel@tonic-gate #include <arpa/inet.h>
467c478bd9Sstevel@tonic-gate #include <sys/types.h>
477c478bd9Sstevel@tonic-gate #include <sys/stat.h>
487c478bd9Sstevel@tonic-gate #include <syslog.h>
497c478bd9Sstevel@tonic-gate #include <netdb.h>
507c478bd9Sstevel@tonic-gate #include <sys/systeminfo.h>
517c478bd9Sstevel@tonic-gate #include <sys/mman.h>
527c478bd9Sstevel@tonic-gate #include <sys/time.h>
537c478bd9Sstevel@tonic-gate #include <limits.h>
547c478bd9Sstevel@tonic-gate #include "ns_sldap.h"
557c478bd9Sstevel@tonic-gate #include "ns_internal.h"
567c478bd9Sstevel@tonic-gate #include "ns_cache_door.h"
57e1dd0a2fSth #include "ns_connmgmt.h"
587c478bd9Sstevel@tonic-gate 
5929836b19Smichen #pragma fini(__s_api_shutdown_conn_mgmt, \
60e1dd0a2fSth 	_free_config, __ns_ldap_doorfd_close)
617c478bd9Sstevel@tonic-gate 
627c478bd9Sstevel@tonic-gate static mutex_t		ns_parse_lock = DEFAULTMUTEX;
637c478bd9Sstevel@tonic-gate static mutex_t		ns_loadrefresh_lock = DEFAULTMUTEX;
647c478bd9Sstevel@tonic-gate static ns_config_t	*current_config = NULL;
657c478bd9Sstevel@tonic-gate 
667c478bd9Sstevel@tonic-gate static int		cache_server = FALSE;
67e1dd0a2fSth extern thread_key_t	ns_cmgkey;
687c478bd9Sstevel@tonic-gate 
697c478bd9Sstevel@tonic-gate /*
707c478bd9Sstevel@tonic-gate  * Parameter Index Type validation routines
717c478bd9Sstevel@tonic-gate  */
727c478bd9Sstevel@tonic-gate static int
737c478bd9Sstevel@tonic-gate __s_val_postime(ParamIndexType i, ns_default_config *def,
74a4abf230SToomas Soome     ns_param_t *param, char *errbuf);
757c478bd9Sstevel@tonic-gate static int
767c478bd9Sstevel@tonic-gate __s_val_basedn(ParamIndexType i, ns_default_config *def,
77a4abf230SToomas Soome     ns_param_t *param, char *errbuf);
787c478bd9Sstevel@tonic-gate 
797c478bd9Sstevel@tonic-gate static int
807c478bd9Sstevel@tonic-gate __s_val_binddn(ParamIndexType i, ns_default_config *def,
81a4abf230SToomas Soome     ns_param_t *param, char *errbuf);
827c478bd9Sstevel@tonic-gate 
837c478bd9Sstevel@tonic-gate static int
847c478bd9Sstevel@tonic-gate __s_val_bindpw(ParamIndexType i, ns_default_config *def,
85a4abf230SToomas Soome     ns_param_t *param, char *errbuf);
867c478bd9Sstevel@tonic-gate 
877c478bd9Sstevel@tonic-gate static int
887c478bd9Sstevel@tonic-gate __s_val_serverList(ParamIndexType i, ns_default_config *def,
89a4abf230SToomas Soome     ns_param_t *param, char *errbuf);
907c478bd9Sstevel@tonic-gate 
917c478bd9Sstevel@tonic-gate /*
927c478bd9Sstevel@tonic-gate  * Forward declarations
937c478bd9Sstevel@tonic-gate  */
947c478bd9Sstevel@tonic-gate 
957c478bd9Sstevel@tonic-gate static ns_parse_status
967c478bd9Sstevel@tonic-gate verify_value(ns_config_t *cfg, char *name, char *value, char *errstr);
977c478bd9Sstevel@tonic-gate 
987c478bd9Sstevel@tonic-gate static int
997c478bd9Sstevel@tonic-gate set_default_value(ns_config_t *configptr, char *name, char *value,
100a4abf230SToomas Soome     ns_ldap_error_t **error);
1017c478bd9Sstevel@tonic-gate 
1027c478bd9Sstevel@tonic-gate static void
1037c478bd9Sstevel@tonic-gate set_curr_config(ns_config_t *ptr);
1047c478bd9Sstevel@tonic-gate 
1057c478bd9Sstevel@tonic-gate static int
1067c478bd9Sstevel@tonic-gate __door_getldapconfig(char **buffer, int *buflen, ns_ldap_error_t **error);
1077c478bd9Sstevel@tonic-gate 
1087c478bd9Sstevel@tonic-gate static ns_config_t *
1097c478bd9Sstevel@tonic-gate SetDoorInfo(char *buffer, ns_ldap_error_t **errorp);
1107c478bd9Sstevel@tonic-gate 
1117c478bd9Sstevel@tonic-gate static boolean_t
1127c478bd9Sstevel@tonic-gate timetorefresh(ns_config_t *cfg);
1137c478bd9Sstevel@tonic-gate 
1147c478bd9Sstevel@tonic-gate static ns_config_t *
115e1dd0a2fSth LoadCacheConfiguration(ns_config_t *, ns_ldap_error_t **error);
1167c478bd9Sstevel@tonic-gate 
1177c478bd9Sstevel@tonic-gate static void **
1187c478bd9Sstevel@tonic-gate dupParam(ns_param_t *ptr);
1197c478bd9Sstevel@tonic-gate 
1207c478bd9Sstevel@tonic-gate static time_t
1217c478bd9Sstevel@tonic-gate conv_time(char *s);
1227c478bd9Sstevel@tonic-gate 
1237c478bd9Sstevel@tonic-gate /*
1247c478bd9Sstevel@tonic-gate  * Structures used in enum <-> string mapping routines
1257c478bd9Sstevel@tonic-gate  */
1267c478bd9Sstevel@tonic-gate 
1277c478bd9Sstevel@tonic-gate static ns_enum_map ns_auth_enum_v1[] = {
1287c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_EA_NONE), "NS_LDAP_AUTH_NONE" },
1297c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_EA_SIMPLE), "NS_LDAP_AUTH_SIMPLE" },
1307c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_EA_SASL_CRAM_MD5), "NS_LDAP_AUTH_SASL_CRAM_MD5" },
1317c478bd9Sstevel@tonic-gate 	{ -1, NULL },
1327c478bd9Sstevel@tonic-gate };
1337c478bd9Sstevel@tonic-gate 
1347c478bd9Sstevel@tonic-gate static ns_enum_map ns_auth_enum_v2[] = {
1357c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_EA_NONE), "none" },
1367c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_EA_SIMPLE), "simple" },
1377c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_EA_SASL_CRAM_MD5), "sasl/CRAM-MD5" },
1387c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_EA_SASL_DIGEST_MD5), "sasl/DIGEST-MD5" },
1397c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_EA_SASL_DIGEST_MD5_INT),
1407c478bd9Sstevel@tonic-gate 			"sasl/DIGEST-MD5:auth-int" },
1417c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_EA_SASL_DIGEST_MD5_CONF),
1427c478bd9Sstevel@tonic-gate 			"sasl/DIGEST-MD5:auth-conf" },
1437c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_EA_SASL_EXTERNAL), "sasl/EXTERNAL" },
144cb5caa98Sdjl 	{ ENUM2INT(NS_LDAP_EA_SASL_GSSAPI), "sasl/GSSAPI" },
1457c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_EA_TLS_NONE), "tls:none" },
1467c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_EA_TLS_SIMPLE), "tls:simple" },
1477c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_EA_TLS_SASL_CRAM_MD5), "tls:sasl/CRAM-MD5" },
1487c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_EA_TLS_SASL_DIGEST_MD5), "tls:sasl/DIGEST-MD5" },
1497c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_EA_TLS_SASL_DIGEST_MD5_INT),
1507c478bd9Sstevel@tonic-gate 			"tls:sasl/DIGEST-MD5:auth-int" },
1517c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_EA_TLS_SASL_DIGEST_MD5_CONF),
1527c478bd9Sstevel@tonic-gate 			"tls:sasl/DIGEST-MD5:auth-conf" },
1537c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_EA_TLS_SASL_EXTERNAL), "tls:sasl/EXTERNAL" },
1547c478bd9Sstevel@tonic-gate 	{ -1, NULL },
1557c478bd9Sstevel@tonic-gate };
1567c478bd9Sstevel@tonic-gate 
1577c478bd9Sstevel@tonic-gate 	/* V1 ONLY */
1587c478bd9Sstevel@tonic-gate static ns_enum_map ns_sec_enum_v1[] = {
1597c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_TLS_NONE), "NS_LDAP_SEC_NONE" },
1607c478bd9Sstevel@tonic-gate 	{ -1, NULL },
1617c478bd9Sstevel@tonic-gate };
1627c478bd9Sstevel@tonic-gate 
1637c478bd9Sstevel@tonic-gate 	/* V2 ONLY */
1647c478bd9Sstevel@tonic-gate static ns_enum_map ns_cred_enum_v2[] = {
1657c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_CRED_ANON), "anonymous" },
1667c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_CRED_PROXY), "proxy" },
1677c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_CRED_SELF), "self" },
1687c478bd9Sstevel@tonic-gate 	{ -1, NULL },
1697c478bd9Sstevel@tonic-gate };
1707c478bd9Sstevel@tonic-gate 
1717c478bd9Sstevel@tonic-gate static ns_enum_map ns_ref_enum_v1[] = {
1727c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_FOLLOWREF), "NS_LDAP_FOLLOWREF" },
1737c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_NOREF), "NS_LDAP_NOREF" },
1747c478bd9Sstevel@tonic-gate 	{ -1, NULL },
1757c478bd9Sstevel@tonic-gate };
1767c478bd9Sstevel@tonic-gate 
1777c478bd9Sstevel@tonic-gate static ns_enum_map ns_ref_enum_v2[] = {
1787c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_FOLLOWREF), "TRUE" },
1797c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_NOREF), "FALSE" },
1807c478bd9Sstevel@tonic-gate 	{ -1, NULL },
1817c478bd9Sstevel@tonic-gate };
1827c478bd9Sstevel@tonic-gate 
1837c478bd9Sstevel@tonic-gate static ns_enum_map ns_scope_enum_v1[] = {
1847c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_SCOPE_BASE), "NS_LDAP_SCOPE_BASE" },
1857c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_SCOPE_ONELEVEL), "NS_LDAP_SCOPE_ONELEVEL" },
1867c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_SCOPE_SUBTREE), "NS_LDAP_SCOPE_SUBTREE" },
1877c478bd9Sstevel@tonic-gate 	{ -1, NULL },
1887c478bd9Sstevel@tonic-gate };
1897c478bd9Sstevel@tonic-gate 
1907c478bd9Sstevel@tonic-gate static ns_enum_map ns_scope_enum_v2[] = {
1917c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_SCOPE_BASE), "base" },
1927c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_SCOPE_ONELEVEL), "one" },
1937c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_SCOPE_SUBTREE), "sub" },
1947c478bd9Sstevel@tonic-gate 	{ -1, NULL },
1957c478bd9Sstevel@tonic-gate };
1967c478bd9Sstevel@tonic-gate 
1977c478bd9Sstevel@tonic-gate static ns_enum_map ns_pref_enum[] = {
1987c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_PREF_FALSE), "NS_LDAP_FALSE" },
1997c478bd9Sstevel@tonic-gate 	{ ENUM2INT(NS_LDAP_PREF_TRUE), "NS_LDAP_TRUE" },
2007c478bd9Sstevel@tonic-gate 	{ -1, NULL },
2017c478bd9Sstevel@tonic-gate };
2027c478bd9Sstevel@tonic-gate 
203dd1104fbSMichen Chang static ns_enum_map ns_shadow_update_enum[] = {
204dd1104fbSMichen Chang 	{ ENUM2INT(NS_LDAP_ENABLE_SHADOW_UPDATE_FALSE), "FALSE" },
205dd1104fbSMichen Chang 	{ ENUM2INT(NS_LDAP_ENABLE_SHADOW_UPDATE_TRUE), "TRUE" },
206dd1104fbSMichen Chang 	{ -1, NULL },
207dd1104fbSMichen Chang };
208dd1104fbSMichen Chang 
2097c478bd9Sstevel@tonic-gate static int	ns_def_auth_v1[] = {
2107c478bd9Sstevel@tonic-gate 	ENUM2INT(NS_LDAP_EA_NONE),
2117c478bd9Sstevel@tonic-gate 	0
2127c478bd9Sstevel@tonic-gate };
2137c478bd9Sstevel@tonic-gate 
2147c478bd9Sstevel@tonic-gate static int	ns_def_auth_v2[] = {
2157c478bd9Sstevel@tonic-gate 	ENUM2INT(NS_LDAP_EA_NONE),
2167c478bd9Sstevel@tonic-gate 	0
2177c478bd9Sstevel@tonic-gate };
2187c478bd9Sstevel@tonic-gate 
2197c478bd9Sstevel@tonic-gate static int	ns_def_cred_v1[] = {
2207c478bd9Sstevel@tonic-gate 	ENUM2INT(NS_LDAP_CRED_PROXY),
2217c478bd9Sstevel@tonic-gate 	0
2227c478bd9Sstevel@tonic-gate };
2237c478bd9Sstevel@tonic-gate 
2247c478bd9Sstevel@tonic-gate static int	ns_def_cred_v2[] = {
2257c478bd9Sstevel@tonic-gate 	ENUM2INT(NS_LDAP_CRED_ANON),
2267c478bd9Sstevel@tonic-gate 	0
2277c478bd9Sstevel@tonic-gate };
2287c478bd9Sstevel@tonic-gate 
2297c478bd9Sstevel@tonic-gate /*
2307c478bd9Sstevel@tonic-gate  * The next macro places an integer in the first sizeof(int) bytes of a
2317c478bd9Sstevel@tonic-gate  * void pointer location. For 32-bit, it is the same as "(void *) i". It
2327c478bd9Sstevel@tonic-gate  * is used to solve a problem found during 64-bit testing.  The problem
2337c478bd9Sstevel@tonic-gate  * was that for a configuration parameter such as NS_LDAP_SEARCH_REF_P,
2347c478bd9Sstevel@tonic-gate  * which is of type INT and has defined default value, an int
2357c478bd9Sstevel@tonic-gate  * variable(ns_param.ns_pu.i) defined inside an union(ns_pu) structure, is
2367c478bd9Sstevel@tonic-gate  * used to access the defined default value. This requires the default
2377c478bd9Sstevel@tonic-gate  * value to be in the first sizeof(int) bytes of the union element.  If
2387c478bd9Sstevel@tonic-gate  * just using "(void *) intval" to declare the default value in the
2397c478bd9Sstevel@tonic-gate  * following defconfig[] structure, the intval data will be placed is the
2407c478bd9Sstevel@tonic-gate  * last sizeof(int) bytes. In which case, when accessing via ns_pu_i in
2417c478bd9Sstevel@tonic-gate  * a 64-bit system, ZERO will be returned as the default value, not the
2427c478bd9Sstevel@tonic-gate  * defined one.
2437c478bd9Sstevel@tonic-gate  *
2447c478bd9Sstevel@tonic-gate  * Note since amd64 is little-endian, the problem is not an issue.
2457c478bd9Sstevel@tonic-gate  * INT2VOIDPTR will just leave the data (i) unchanged.
2467c478bd9Sstevel@tonic-gate  */
2477c478bd9Sstevel@tonic-gate #if defined(__amd64)
2487c478bd9Sstevel@tonic-gate #define	INT2VOIDPTR(i)	(void *)i
2497c478bd9Sstevel@tonic-gate #else
2507c478bd9Sstevel@tonic-gate #define	INT2VOIDPTR(i)	\
2517c478bd9Sstevel@tonic-gate 	(void *)(((long)(i))<<(8*(sizeof (void *) - sizeof (int))))
2527c478bd9Sstevel@tonic-gate #endif
2537c478bd9Sstevel@tonic-gate /*
2547c478bd9Sstevel@tonic-gate  * The default configuration table
2557c478bd9Sstevel@tonic-gate  * Version 1 entries are first, V2 entries follow.
2567c478bd9Sstevel@tonic-gate  */
2577c478bd9Sstevel@tonic-gate static ns_default_config defconfig[] = {
2587c478bd9Sstevel@tonic-gate 	/* optional V1 profile */
2597c478bd9Sstevel@tonic-gate 	{"NS_LDAP_FILE_VERSION", NS_LDAP_FILE_VERSION_P,
2607c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	CHARPTR,	TRUE,	NS_LDAP_V1,
2617c478bd9Sstevel@tonic-gate 		NULL,	/* No version number defined in V1 */
2627c478bd9Sstevel@tonic-gate 		{ CHARPTR, 0, (void *)NS_LDAP_VERSION_1 },
2637c478bd9Sstevel@tonic-gate 		NULL, NULL },
2647c478bd9Sstevel@tonic-gate 
2657c478bd9Sstevel@tonic-gate 	/* ---------- V1 profile ---------- */
2667c478bd9Sstevel@tonic-gate 	{"NS_LDAP_BINDDN", NS_LDAP_BINDDN_P,
2677c478bd9Sstevel@tonic-gate 		CREDCONFIG,	CHARPTR,	TRUE,	NS_LDAP_V1,
2687c478bd9Sstevel@tonic-gate 		_P1_BINDDN,
2697c478bd9Sstevel@tonic-gate 		{ CHARPTR, 0, NULL },
2707c478bd9Sstevel@tonic-gate 		__s_val_binddn, NULL },
2717c478bd9Sstevel@tonic-gate 
2727c478bd9Sstevel@tonic-gate 	{"NS_LDAP_BINDPASSWD", NS_LDAP_BINDPASSWD_P,
2737c478bd9Sstevel@tonic-gate 		CREDCONFIG,	CHARPTR,	TRUE,	NS_LDAP_V1,
2747c478bd9Sstevel@tonic-gate 		_P1_BINDPASSWORD,
2757c478bd9Sstevel@tonic-gate 		{ CHARPTR, 0, NULL },
2767c478bd9Sstevel@tonic-gate 		__s_val_bindpw, NULL },
2777c478bd9Sstevel@tonic-gate 
2787c478bd9Sstevel@tonic-gate 	{"NS_LDAP_SERVERS", NS_LDAP_SERVERS_P,
2797c478bd9Sstevel@tonic-gate 		SERVERCONFIG,	ARRAYCP,	FALSE,	NS_LDAP_V1,
2807c478bd9Sstevel@tonic-gate 		_P1_SERVERS,
2817c478bd9Sstevel@tonic-gate 		{ ARRAYCP, 0, NULL },
2827c478bd9Sstevel@tonic-gate 		__s_val_serverList, NULL },
2837c478bd9Sstevel@tonic-gate 
2847c478bd9Sstevel@tonic-gate 	{"NS_LDAP_SEARCH_BASEDN", NS_LDAP_SEARCH_BASEDN_P,
2857c478bd9Sstevel@tonic-gate 		SERVERCONFIG,	CHARPTR,	TRUE,	NS_LDAP_V1,
2867c478bd9Sstevel@tonic-gate 		_P1_SEARCHBASEDN,
2877c478bd9Sstevel@tonic-gate 		{ CHARPTR, 0, NULL },
2887c478bd9Sstevel@tonic-gate 		__s_val_basedn, NULL },
2897c478bd9Sstevel@tonic-gate 
2907c478bd9Sstevel@tonic-gate 	{"NS_LDAP_AUTH", NS_LDAP_AUTH_P,
2917c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	ARRAYAUTH,	FALSE,	NS_LDAP_V1,
2927c478bd9Sstevel@tonic-gate 		_P1_AUTHMETHOD,
2937c478bd9Sstevel@tonic-gate 		{ ARRAYAUTH, 1, (void *)&ns_def_auth_v1[0] },
2947c478bd9Sstevel@tonic-gate 		NULL, ns_auth_enum_v1 },
2957c478bd9Sstevel@tonic-gate 
2967c478bd9Sstevel@tonic-gate 	{"NS_LDAP_TRANSPORT_SEC", NS_LDAP_TRANSPORT_SEC_P,
2977c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	INT,		TRUE,	NS_LDAP_V1,
2987c478bd9Sstevel@tonic-gate 		_P1_TRANSPORTSECURITY,
2997c478bd9Sstevel@tonic-gate 		{ INT, 0, INT2VOIDPTR(NS_LDAP_TLS_NONE) },
3007c478bd9Sstevel@tonic-gate 		NULL, ns_sec_enum_v1 },
3017c478bd9Sstevel@tonic-gate 
3027c478bd9Sstevel@tonic-gate 	{"NS_LDAP_SEARCH_REF", NS_LDAP_SEARCH_REF_P,
3037c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	INT,		TRUE,	NS_LDAP_V1,
3047c478bd9Sstevel@tonic-gate 		_P1_SEARCHREFERRAL,
3057c478bd9Sstevel@tonic-gate 		{ INT, 0, INT2VOIDPTR(NS_LDAP_FOLLOWREF) },
3067c478bd9Sstevel@tonic-gate 		NULL, ns_ref_enum_v1 },
3077c478bd9Sstevel@tonic-gate 
3087c478bd9Sstevel@tonic-gate 	{"NS_LDAP_DOMAIN", NS_LDAP_DOMAIN_P,
3097c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	CHARPTR,	TRUE,	NS_LDAP_V1,
3107c478bd9Sstevel@tonic-gate 		NULL,	/* not defined in the Profile */
3117c478bd9Sstevel@tonic-gate 		{ CHARPTR, 0, NULL },
3127c478bd9Sstevel@tonic-gate 		NULL, NULL },
3137c478bd9Sstevel@tonic-gate 
3147c478bd9Sstevel@tonic-gate 	{"NS_LDAP_EXP", NS_LDAP_EXP_P,
3157c478bd9Sstevel@tonic-gate 		SERVERCONFIG,	TIMET,		TRUE,	NS_LDAP_V1,
3167c478bd9Sstevel@tonic-gate 		NULL,	/* initialized by code to time+NS_LDAP_CACHETTL */
3177c478bd9Sstevel@tonic-gate 		{ INT, 0, 0 },
3187c478bd9Sstevel@tonic-gate 		NULL, NULL },
3197c478bd9Sstevel@tonic-gate 
3207c478bd9Sstevel@tonic-gate 	{"NS_LDAP_CERT_PATH", NS_LDAP_CERT_PATH_P,
3217c478bd9Sstevel@tonic-gate 		CREDCONFIG,	CHARPTR,	TRUE,	NS_LDAP_V1,
3227c478bd9Sstevel@tonic-gate 		_P1_CERTIFICATEPATH,
3237c478bd9Sstevel@tonic-gate 		{ CHARPTR, 0, NULL },
3247c478bd9Sstevel@tonic-gate 		NULL, NULL },
3257c478bd9Sstevel@tonic-gate 
3267c478bd9Sstevel@tonic-gate 	{"NS_LDAP_CERT_PASS", NS_LDAP_CERT_PASS_P,
3277c478bd9Sstevel@tonic-gate 		CREDCONFIG,	CHARPTR,	TRUE,	NS_LDAP_V1,
3287c478bd9Sstevel@tonic-gate 		_P1_CERTIFICATEPASSWORD,
3297c478bd9Sstevel@tonic-gate 		{ CHARPTR, 0, NULL },
3307c478bd9Sstevel@tonic-gate 		NULL, NULL },
3317c478bd9Sstevel@tonic-gate 
3327c478bd9Sstevel@tonic-gate 	{"NS_LDAP_SEARCH_DN", NS_LDAP_SEARCH_DN_P,
3337c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	SSDLIST,	FALSE,	NS_LDAP_V1,
3347c478bd9Sstevel@tonic-gate 		_P1_DATASEARCHDN,
3357c478bd9Sstevel@tonic-gate 		{ SSDLIST, 0, NULL },
3367c478bd9Sstevel@tonic-gate 		NULL, NULL },
3377c478bd9Sstevel@tonic-gate 
3387c478bd9Sstevel@tonic-gate 	{"NS_LDAP_SEARCH_SCOPE", NS_LDAP_SEARCH_SCOPE_P,
3397c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	INT,		TRUE,	NS_LDAP_V1,
3407c478bd9Sstevel@tonic-gate 		_P1_SEARCHSCOPE,
3417c478bd9Sstevel@tonic-gate 		{ INT, 0, INT2VOIDPTR(NS_LDAP_SCOPE_ONELEVEL) },
3427c478bd9Sstevel@tonic-gate 		NULL, ns_scope_enum_v1 },
3437c478bd9Sstevel@tonic-gate 
3447c478bd9Sstevel@tonic-gate 	{"NS_LDAP_SEARCH_TIME", NS_LDAP_SEARCH_TIME_P,
3457c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	INT,		TRUE,	NS_LDAP_V1,
3467c478bd9Sstevel@tonic-gate 		_P1_SEARCHTIMELIMIT,
3477c478bd9Sstevel@tonic-gate 		{ INT, 0, INT2VOIDPTR(NS_DEFAULT_SEARCH_TIMEOUT) },
3487c478bd9Sstevel@tonic-gate 		NULL, NULL },
3497c478bd9Sstevel@tonic-gate 
3507c478bd9Sstevel@tonic-gate 	{"NS_LDAP_SERVER_PREF", NS_LDAP_SERVER_PREF_P,
3517c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	ARRAYCP,	FALSE,	NS_LDAP_V1,
3527c478bd9Sstevel@tonic-gate 		_P1_PREFERREDSERVER,
3537c478bd9Sstevel@tonic-gate 		{ ARRAYCP, 0, NULL },
3547c478bd9Sstevel@tonic-gate 		__s_val_serverList, NULL },
3557c478bd9Sstevel@tonic-gate 
3567c478bd9Sstevel@tonic-gate 	{"NS_LDAP_PREF_ONLY", NS_LDAP_PREF_ONLY_P,
3577c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	INT,		TRUE,	NS_LDAP_V1,
3587c478bd9Sstevel@tonic-gate 		_P1_PREFERREDSERVERONLY,
3597c478bd9Sstevel@tonic-gate 		{ INT, 0, INT2VOIDPTR(NS_LDAP_PREF_FALSE) },
3607c478bd9Sstevel@tonic-gate 		NULL, ns_pref_enum },
3617c478bd9Sstevel@tonic-gate 
3627c478bd9Sstevel@tonic-gate 	{"NS_LDAP_CACHETTL", NS_LDAP_CACHETTL_P,
3637c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	CHARPTR,	TRUE,	NS_LDAP_V1,
3647c478bd9Sstevel@tonic-gate 		_P1_CACHETTL,
3657c478bd9Sstevel@tonic-gate 		{ CHARPTR, 0, (void *)EXP_DEFAULT_TTL },
3667c478bd9Sstevel@tonic-gate 		__s_val_postime, NULL },
3677c478bd9Sstevel@tonic-gate 
3687c478bd9Sstevel@tonic-gate 	{"NS_LDAP_PROFILE", NS_LDAP_PROFILE_P,
3697c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	CHARPTR,	TRUE,	NS_LDAP_V1,
3707c478bd9Sstevel@tonic-gate 		_P_CN,
3717c478bd9Sstevel@tonic-gate 		{ CHARPTR, 0, (void *)DEFAULTCONFIGNAME },
3727c478bd9Sstevel@tonic-gate 		NULL, NULL },
3737c478bd9Sstevel@tonic-gate 
3747c478bd9Sstevel@tonic-gate 	{"NS_LDAP_BIND_TIME", NS_LDAP_BIND_TIME_P,
3757c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	INT,		TRUE,	NS_LDAP_V1,
3767c478bd9Sstevel@tonic-gate 		_P1_BINDTIMELIMIT,
3777c478bd9Sstevel@tonic-gate 		{ INT, 0, INT2VOIDPTR(NS_DEFAULT_BIND_TIMEOUT) },
3787c478bd9Sstevel@tonic-gate 		NULL, NULL },
3797c478bd9Sstevel@tonic-gate 
3807c478bd9Sstevel@tonic-gate 	/* This configuration option is not visible in V1 */
3817c478bd9Sstevel@tonic-gate 	{"NS_LDAP_CREDENTIAL_LEVEL", NS_LDAP_CREDENTIAL_LEVEL_P,
3827c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	ARRAYCRED,	TRUE,	NS_LDAP_V1,
3837c478bd9Sstevel@tonic-gate 		NULL,	/* No version defined in V1 */
3847c478bd9Sstevel@tonic-gate 		{ ARRAYCRED, 0, (void *)&ns_def_cred_v1[0] },
3857c478bd9Sstevel@tonic-gate 		NULL, NULL },
3867c478bd9Sstevel@tonic-gate 
3877c478bd9Sstevel@tonic-gate 	/* ---------- V2 profile ---------- */
3887c478bd9Sstevel@tonic-gate 	{"NS_LDAP_FILE_VERSION", NS_LDAP_FILE_VERSION_P,
3897c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	CHARPTR,	TRUE,	NS_LDAP_V2,
3907c478bd9Sstevel@tonic-gate 		NULL,	/* No version number defined in V1 */
3917c478bd9Sstevel@tonic-gate 		{ CHARPTR, 0, (void *)NS_LDAP_VERSION_2 },
3927c478bd9Sstevel@tonic-gate 		NULL, NULL },
3937c478bd9Sstevel@tonic-gate 
3947c478bd9Sstevel@tonic-gate 	{"NS_LDAP_BINDDN", NS_LDAP_BINDDN_P,
3957c478bd9Sstevel@tonic-gate 		CREDCONFIG,	CHARPTR,	TRUE,	NS_LDAP_V2,
3967c478bd9Sstevel@tonic-gate 		NULL,	/* not defined in the Profile */
3977c478bd9Sstevel@tonic-gate 		{ CHARPTR, 0, NULL },
3987c478bd9Sstevel@tonic-gate 		__s_val_binddn, NULL },
399dd1104fbSMichen Chang 
4007c478bd9Sstevel@tonic-gate 	{"NS_LDAP_BINDPASSWD", NS_LDAP_BINDPASSWD_P,
4017c478bd9Sstevel@tonic-gate 		CREDCONFIG,	CHARPTR,	TRUE,	NS_LDAP_V2,
4027c478bd9Sstevel@tonic-gate 		NULL,	/* not defined in the Profile */
4037c478bd9Sstevel@tonic-gate 		{ CHARPTR, 0, NULL },
4047c478bd9Sstevel@tonic-gate 		__s_val_bindpw, NULL },
405dd1104fbSMichen Chang 
406dd1104fbSMichen Chang 	{"NS_LDAP_ENABLE_SHADOW_UPDATE", NS_LDAP_ENABLE_SHADOW_UPDATE_P,
407dd1104fbSMichen Chang 		CREDCONFIG,	INT,	TRUE,	NS_LDAP_V2,
408dd1104fbSMichen Chang 		NULL,	/* not defined in the Profile */
409dd1104fbSMichen Chang 		{ INT, 0, INT2VOIDPTR(NS_LDAP_ENABLE_SHADOW_UPDATE_FALSE) },
410dd1104fbSMichen Chang 		NULL, ns_shadow_update_enum },
411dd1104fbSMichen Chang 
412dd1104fbSMichen Chang 	{"NS_LDAP_ADMIN_BINDDN", NS_LDAP_ADMIN_BINDDN_P,
413dd1104fbSMichen Chang 		CREDCONFIG,	CHARPTR,	TRUE,	NS_LDAP_V2,
414dd1104fbSMichen Chang 		NULL,	/* not defined in the Profile */
415dd1104fbSMichen Chang 		{ CHARPTR, 0, NULL },
416dd1104fbSMichen Chang 		__s_val_binddn, NULL },
417dd1104fbSMichen Chang 
418dd1104fbSMichen Chang 	{"NS_LDAP_ADMIN_BINDPASSWD", NS_LDAP_ADMIN_BINDPASSWD_P,
419dd1104fbSMichen Chang 		CREDCONFIG,	CHARPTR,	TRUE,	NS_LDAP_V2,
420dd1104fbSMichen Chang 		NULL,	/* not defined in the Profile */
421dd1104fbSMichen Chang 		{ CHARPTR, 0, NULL },
422dd1104fbSMichen Chang 		__s_val_bindpw, NULL },
423dd1104fbSMichen Chang 
4247c478bd9Sstevel@tonic-gate 	{"NS_LDAP_EXP", NS_LDAP_EXP_P,
4257c478bd9Sstevel@tonic-gate 		SERVERCONFIG,	TIMET,		TRUE,	NS_LDAP_V2,
4267c478bd9Sstevel@tonic-gate 		NULL,	/* initialized by code to time+NS_LDAP_CACHETTL */
4277c478bd9Sstevel@tonic-gate 		{ INT, 0, 0 },
4287c478bd9Sstevel@tonic-gate 		NULL, NULL },
4297c478bd9Sstevel@tonic-gate 
4307c478bd9Sstevel@tonic-gate 	{"NS_LDAP_SERVER_PREF", NS_LDAP_SERVER_PREF_P,
4317c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	SERVLIST,	FALSE,	NS_LDAP_V2,
4327c478bd9Sstevel@tonic-gate 		_P2_PREFERREDSERVER,
4337c478bd9Sstevel@tonic-gate 		{ SERVLIST, 0, NULL },
4347c478bd9Sstevel@tonic-gate 		__s_val_serverList, NULL },
4357c478bd9Sstevel@tonic-gate 
4367c478bd9Sstevel@tonic-gate 	{"NS_LDAP_SERVERS", NS_LDAP_SERVERS_P,
4377c478bd9Sstevel@tonic-gate 		SERVERCONFIG,	SERVLIST,	FALSE,	NS_LDAP_V2,
4387c478bd9Sstevel@tonic-gate 		_P2_DEFAULTSERVER,
4397c478bd9Sstevel@tonic-gate 		{ SERVLIST, 0, NULL },
4407c478bd9Sstevel@tonic-gate 		__s_val_serverList, NULL },
4417c478bd9Sstevel@tonic-gate 
4427c478bd9Sstevel@tonic-gate 	{"NS_LDAP_SEARCH_BASEDN", NS_LDAP_SEARCH_BASEDN_P,
4437c478bd9Sstevel@tonic-gate 		SERVERCONFIG,	CHARPTR,	TRUE,	NS_LDAP_V2,
4447c478bd9Sstevel@tonic-gate 		_P2_SEARCHBASEDN,
4457c478bd9Sstevel@tonic-gate 		{ CHARPTR, 0, NULL },
4467c478bd9Sstevel@tonic-gate 		__s_val_basedn, NULL },
4477c478bd9Sstevel@tonic-gate 
4487c478bd9Sstevel@tonic-gate 	{"NS_LDAP_SEARCH_SCOPE", NS_LDAP_SEARCH_SCOPE_P,
4497c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	INT,		TRUE,	NS_LDAP_V2,
4507c478bd9Sstevel@tonic-gate 		_P2_SEARCHSCOPE,
4517c478bd9Sstevel@tonic-gate 		{ INT, 0, INT2VOIDPTR(NS_LDAP_SCOPE_ONELEVEL) },
4527c478bd9Sstevel@tonic-gate 		NULL, ns_scope_enum_v2 },
4537c478bd9Sstevel@tonic-gate 
4547c478bd9Sstevel@tonic-gate 	{"NS_LDAP_AUTH", NS_LDAP_AUTH_P,
4557c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	ARRAYAUTH,	FALSE,	NS_LDAP_V2,
4567c478bd9Sstevel@tonic-gate 		_P2_AUTHMETHOD,
4577c478bd9Sstevel@tonic-gate 		{ ARRAYAUTH, 2, (void *)&ns_def_auth_v2[0] },
4587c478bd9Sstevel@tonic-gate 		NULL, ns_auth_enum_v2 },
4597c478bd9Sstevel@tonic-gate 
4607c478bd9Sstevel@tonic-gate 	{"NS_LDAP_CREDENTIAL_LEVEL", NS_LDAP_CREDENTIAL_LEVEL_P,
4617c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	ARRAYCRED,	FALSE,	NS_LDAP_V2,
4627c478bd9Sstevel@tonic-gate 		_P2_CREDENTIALLEVEL,
4637c478bd9Sstevel@tonic-gate 		{ ARRAYCRED, 0, (void *)&ns_def_cred_v2[0] },
4647c478bd9Sstevel@tonic-gate 		NULL, ns_cred_enum_v2 },
4657c478bd9Sstevel@tonic-gate 
4667c478bd9Sstevel@tonic-gate 	{"NS_LDAP_SERVICE_SEARCH_DESC", NS_LDAP_SERVICE_SEARCH_DESC_P,
4677c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	SSDLIST,	FALSE,	NS_LDAP_V2,
4687c478bd9Sstevel@tonic-gate 		_P2_SERVICESEARCHDESC,
4697c478bd9Sstevel@tonic-gate 		{ SSDLIST, 0, NULL },
4707c478bd9Sstevel@tonic-gate 		NULL, NULL },
4717c478bd9Sstevel@tonic-gate 
4727c478bd9Sstevel@tonic-gate 	{"NS_LDAP_SEARCH_TIME", NS_LDAP_SEARCH_TIME_P,
4737c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	INT,		TRUE,	NS_LDAP_V2,
4747c478bd9Sstevel@tonic-gate 		_P2_SEARCHTIMELIMIT,
4757c478bd9Sstevel@tonic-gate 		{ INT, 0, INT2VOIDPTR(NS_DEFAULT_SEARCH_TIMEOUT) },
4767c478bd9Sstevel@tonic-gate 		NULL, NULL },
4777c478bd9Sstevel@tonic-gate 
4787c478bd9Sstevel@tonic-gate 	{"NS_LDAP_BIND_TIME", NS_LDAP_BIND_TIME_P,
4797c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	INT,		TRUE,	NS_LDAP_V2,
4807c478bd9Sstevel@tonic-gate 		_P2_BINDTIMELIMIT,
4817c478bd9Sstevel@tonic-gate 		{ INT, 0, INT2VOIDPTR(NS_DEFAULT_BIND_TIMEOUT) },
4827c478bd9Sstevel@tonic-gate 		NULL, NULL },
4837c478bd9Sstevel@tonic-gate 
4847c478bd9Sstevel@tonic-gate 	{"NS_LDAP_SEARCH_REF", NS_LDAP_SEARCH_REF_P,
4857c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	INT,		TRUE,	NS_LDAP_V2,
4867c478bd9Sstevel@tonic-gate 		_P2_FOLLOWREFERRALS,
4877c478bd9Sstevel@tonic-gate 		{ INT, 0, INT2VOIDPTR(NS_LDAP_FOLLOWREF) },
4887c478bd9Sstevel@tonic-gate 		NULL, ns_ref_enum_v2 },
4897c478bd9Sstevel@tonic-gate 
4907c478bd9Sstevel@tonic-gate 	{"NS_LDAP_CACHETTL", NS_LDAP_CACHETTL_P,
4917c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	CHARPTR,	TRUE,	NS_LDAP_V2,
4927c478bd9Sstevel@tonic-gate 		_P2_PROFILETTL,
4937c478bd9Sstevel@tonic-gate 		{ CHARPTR, 0, (void *)EXP_DEFAULT_TTL },
4947c478bd9Sstevel@tonic-gate 		__s_val_postime, NULL },
4957c478bd9Sstevel@tonic-gate 
4967c478bd9Sstevel@tonic-gate 	{"NS_LDAP_ATTRIBUTEMAP", NS_LDAP_ATTRIBUTEMAP_P,
4977c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	ATTRMAP,	FALSE,	NS_LDAP_V2,
4987c478bd9Sstevel@tonic-gate 		_P2_ATTRIBUTEMAP,
4997c478bd9Sstevel@tonic-gate 		{ ATTRMAP, 0, NULL },
5007c478bd9Sstevel@tonic-gate 		NULL, NULL },
5017c478bd9Sstevel@tonic-gate 
5027c478bd9Sstevel@tonic-gate 	{"NS_LDAP_OBJECTCLASSMAP", NS_LDAP_OBJECTCLASSMAP_P,
5037c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	OBJMAP,		FALSE,	NS_LDAP_V2,
5047c478bd9Sstevel@tonic-gate 		_P2_OBJECTCLASSMAP,
5057c478bd9Sstevel@tonic-gate 		{ OBJMAP, 0, NULL },
5067c478bd9Sstevel@tonic-gate 		NULL, NULL },
5077c478bd9Sstevel@tonic-gate 
5087c478bd9Sstevel@tonic-gate 	{"NS_LDAP_PROFILE", NS_LDAP_PROFILE_P,
5097c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	CHARPTR,	TRUE,	NS_LDAP_V2,
5107c478bd9Sstevel@tonic-gate 		_P_CN,
5117c478bd9Sstevel@tonic-gate 		{ CHARPTR, 0, (void *)DEFAULTCONFIGNAME },
5127c478bd9Sstevel@tonic-gate 		NULL, NULL },
5137c478bd9Sstevel@tonic-gate 
5147c478bd9Sstevel@tonic-gate 	{"NS_LDAP_SERVICE_AUTH_METHOD", NS_LDAP_SERVICE_AUTH_METHOD_P,
5157c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	SAMLIST,	FALSE,	NS_LDAP_V2,
5167c478bd9Sstevel@tonic-gate 		_P2_SERVICEAUTHMETHOD,
5177c478bd9Sstevel@tonic-gate 		{ SAMLIST, 0, NULL },
5187c478bd9Sstevel@tonic-gate 		NULL, NULL },
5197c478bd9Sstevel@tonic-gate 
5207c478bd9Sstevel@tonic-gate 	{"NS_LDAP_SERVICE_CRED_LEVEL", NS_LDAP_SERVICE_CRED_LEVEL_P,
5217c478bd9Sstevel@tonic-gate 		CLIENTCONFIG,	SCLLIST,	FALSE,	NS_LDAP_V2,
5227c478bd9Sstevel@tonic-gate 		_P2_SERVICECREDLEVEL,
5237c478bd9Sstevel@tonic-gate 		{ SCLLIST, 0, NULL },
5247c478bd9Sstevel@tonic-gate 		NULL, NULL },
5257c478bd9Sstevel@tonic-gate 
5267c478bd9Sstevel@tonic-gate 	{"NS_LDAP_HOST_CERTPATH", NS_LDAP_HOST_CERTPATH_P,
5277c478bd9Sstevel@tonic-gate 		CREDCONFIG,	CHARPTR,	TRUE,	NS_LDAP_V2,
5287c478bd9Sstevel@tonic-gate 		NULL,	/* not defined in the Profile */
5297c478bd9Sstevel@tonic-gate 		{ CHARPTR, 0, (void *)NSLDAPDIRECTORY },
5307c478bd9Sstevel@tonic-gate 		NULL, NULL },
5317c478bd9Sstevel@tonic-gate 
5327c478bd9Sstevel@tonic-gate 	/* array terminator [not an entry] */
5337c478bd9Sstevel@tonic-gate 	{NULL, NS_LDAP_FILE_VERSION_P,
534*51b02b29SToomas Soome 		CLIENTCONFIG,	NS_UNKNOWN,	TRUE,	0,
5357c478bd9Sstevel@tonic-gate 		NULL,
5367c478bd9Sstevel@tonic-gate 		{ NS_UNKNOWN, 0, NULL },
5377c478bd9Sstevel@tonic-gate 		NULL, NULL },
5387c478bd9Sstevel@tonic-gate };
5397c478bd9Sstevel@tonic-gate 
5407c478bd9Sstevel@tonic-gate static char *
__getdomainname()5417c478bd9Sstevel@tonic-gate __getdomainname()
5427c478bd9Sstevel@tonic-gate {
5437c478bd9Sstevel@tonic-gate 	/*
5447c478bd9Sstevel@tonic-gate 	 * The sysinfo man page recommends using a buffer size
5457c478bd9Sstevel@tonic-gate 	 * of 257 bytes. MAXHOSTNAMELEN is 256. So add 1 here.
5467c478bd9Sstevel@tonic-gate 	 */
5477c478bd9Sstevel@tonic-gate 	char	buf[MAXHOSTNAMELEN + 1];
5487c478bd9Sstevel@tonic-gate 	int	status;
5497c478bd9Sstevel@tonic-gate 
5507c478bd9Sstevel@tonic-gate 	status = sysinfo(SI_SRPC_DOMAIN, buf, MAXHOSTNAMELEN);
5517c478bd9Sstevel@tonic-gate 	if (status < 0)
5527c478bd9Sstevel@tonic-gate 		return (NULL);
5537c478bd9Sstevel@tonic-gate 	/* error: not enough space to hold returned value */
5547c478bd9Sstevel@tonic-gate 	if (status > sizeof (buf))
5557c478bd9Sstevel@tonic-gate 		return (NULL);
5567c478bd9Sstevel@tonic-gate 	return (strdup(buf));
5577c478bd9Sstevel@tonic-gate }
5587c478bd9Sstevel@tonic-gate 
5597c478bd9Sstevel@tonic-gate void
__ns_ldap_setServer(int set)5607c478bd9Sstevel@tonic-gate __ns_ldap_setServer(int set)
5617c478bd9Sstevel@tonic-gate {
5627c478bd9Sstevel@tonic-gate 	cache_server = set;
5637c478bd9Sstevel@tonic-gate }
5647c478bd9Sstevel@tonic-gate 
5657c478bd9Sstevel@tonic-gate static boolean_t
timetorefresh(ns_config_t * cfg)5667c478bd9Sstevel@tonic-gate timetorefresh(ns_config_t *cfg)
5677c478bd9Sstevel@tonic-gate {
5687c478bd9Sstevel@tonic-gate 	struct timeval	tp;
5697c478bd9Sstevel@tonic-gate 	static time_t	expire = 0;
5707c478bd9Sstevel@tonic-gate 
5717c478bd9Sstevel@tonic-gate 	if (cfg == NULL || gettimeofday(&tp, NULL) == -1)
5727c478bd9Sstevel@tonic-gate 		return (B_TRUE);
5737c478bd9Sstevel@tonic-gate 
5747c478bd9Sstevel@tonic-gate 	if (cfg->paramList[NS_LDAP_EXP_P].ns_ptype == TIMET)
5757c478bd9Sstevel@tonic-gate 		expire = cfg->paramList[NS_LDAP_EXP_P].ns_tm;
5767c478bd9Sstevel@tonic-gate 	else
5777c478bd9Sstevel@tonic-gate 		return (B_TRUE);
5787c478bd9Sstevel@tonic-gate 
5797c478bd9Sstevel@tonic-gate 	return (expire != 0 && tp.tv_sec > expire);
5807c478bd9Sstevel@tonic-gate }
5817c478bd9Sstevel@tonic-gate 
5827c478bd9Sstevel@tonic-gate int
__s_get_enum_value(ns_config_t * ptr,char * value,ParamIndexType i)5837c478bd9Sstevel@tonic-gate __s_get_enum_value(ns_config_t *ptr, char *value, ParamIndexType i)
5847c478bd9Sstevel@tonic-gate {
5857c478bd9Sstevel@tonic-gate 	register ns_enum_map	*mapp;
5867c478bd9Sstevel@tonic-gate 	char			*pstart = value;
5877c478bd9Sstevel@tonic-gate 	char			*pend;
5887c478bd9Sstevel@tonic-gate 	int			len;
5897c478bd9Sstevel@tonic-gate 
5907c478bd9Sstevel@tonic-gate 	if (pstart == NULL)
5917c478bd9Sstevel@tonic-gate 		return (-1);
5927c478bd9Sstevel@tonic-gate 
5937c478bd9Sstevel@tonic-gate 	/* skip leading spaces */
5947c478bd9Sstevel@tonic-gate 	while (*pstart == SPACETOK)
5957c478bd9Sstevel@tonic-gate 		pstart++;
5967c478bd9Sstevel@tonic-gate 	/* skip trailing spaces */
5977c478bd9Sstevel@tonic-gate 	pend = pstart + strlen(pstart) - 1;
5987ddae043Siz 	for (; pend >= pstart && *pend == SPACETOK; pend--)
5997ddae043Siz 		;
6007c478bd9Sstevel@tonic-gate 	len = pend - pstart + 1;
6017c478bd9Sstevel@tonic-gate 	if (len == 0)
6027c478bd9Sstevel@tonic-gate 		return (-1);
6037c478bd9Sstevel@tonic-gate 
6047c478bd9Sstevel@tonic-gate 	switch (i) {
6057c478bd9Sstevel@tonic-gate 	case NS_LDAP_AUTH_P:
6067c478bd9Sstevel@tonic-gate 		if (ptr->version == NS_LDAP_V1)
6077c478bd9Sstevel@tonic-gate 			mapp = &ns_auth_enum_v1[0];
6087c478bd9Sstevel@tonic-gate 		else
6097c478bd9Sstevel@tonic-gate 			mapp = &ns_auth_enum_v2[0];
6107c478bd9Sstevel@tonic-gate 		break;
6117c478bd9Sstevel@tonic-gate 	case NS_LDAP_TRANSPORT_SEC_P:
6127c478bd9Sstevel@tonic-gate 		return (-1);
6137c478bd9Sstevel@tonic-gate 	case NS_LDAP_SEARCH_SCOPE_P:
6147c478bd9Sstevel@tonic-gate 		if (ptr->version == NS_LDAP_V1)
6157c478bd9Sstevel@tonic-gate 			mapp = &ns_scope_enum_v1[0];
6167c478bd9Sstevel@tonic-gate 		else
6177c478bd9Sstevel@tonic-gate 			mapp = &ns_scope_enum_v2[0];
6187c478bd9Sstevel@tonic-gate 		break;
6197c478bd9Sstevel@tonic-gate 	case NS_LDAP_SEARCH_REF_P:
6207c478bd9Sstevel@tonic-gate 		if (ptr->version == NS_LDAP_V1)
6217c478bd9Sstevel@tonic-gate 			mapp = &ns_ref_enum_v1[0];
6227c478bd9Sstevel@tonic-gate 		else
6237c478bd9Sstevel@tonic-gate 			mapp = &ns_ref_enum_v2[0];
6247c478bd9Sstevel@tonic-gate 		break;
6257c478bd9Sstevel@tonic-gate 	case NS_LDAP_PREF_ONLY_P:
6267c478bd9Sstevel@tonic-gate 		mapp = &ns_pref_enum[0];
6277c478bd9Sstevel@tonic-gate 		break;
628dd1104fbSMichen Chang 	case NS_LDAP_ENABLE_SHADOW_UPDATE_P:
629dd1104fbSMichen Chang 		mapp = &ns_shadow_update_enum[0];
630dd1104fbSMichen Chang 		break;
6317c478bd9Sstevel@tonic-gate 	case NS_LDAP_CREDENTIAL_LEVEL_P:
6327c478bd9Sstevel@tonic-gate 		if (ptr->version == NS_LDAP_V1)
6337c478bd9Sstevel@tonic-gate 			return (-1);
6347c478bd9Sstevel@tonic-gate 		else
6357c478bd9Sstevel@tonic-gate 			mapp = &ns_cred_enum_v2[0];
6367c478bd9Sstevel@tonic-gate 		break;
6377c478bd9Sstevel@tonic-gate 	case NS_LDAP_SERVICE_AUTH_METHOD_P:
6387c478bd9Sstevel@tonic-gate 		mapp = &ns_auth_enum_v2[0];
6397c478bd9Sstevel@tonic-gate 		break;
6407c478bd9Sstevel@tonic-gate 	case NS_LDAP_SERVICE_CRED_LEVEL_P:
6417c478bd9Sstevel@tonic-gate 		mapp = &ns_cred_enum_v2[0];
6427c478bd9Sstevel@tonic-gate 		break;
6437c478bd9Sstevel@tonic-gate 	default:
6447c478bd9Sstevel@tonic-gate 		return (-1);
6457c478bd9Sstevel@tonic-gate 	}
6467c478bd9Sstevel@tonic-gate 
6477c478bd9Sstevel@tonic-gate 	for (; mapp->name != NULL; mapp++) {
6487c478bd9Sstevel@tonic-gate 		if (strncasecmp(pstart, mapp->name, len) == 0 &&
6497ddae043Siz 		    (strlen(mapp->name) == len)) {
6507c478bd9Sstevel@tonic-gate 			return (mapp->value);
6517c478bd9Sstevel@tonic-gate 		}
6527c478bd9Sstevel@tonic-gate 	}
6537c478bd9Sstevel@tonic-gate 	return (-1);
6547c478bd9Sstevel@tonic-gate }
6557c478bd9Sstevel@tonic-gate 
6567c478bd9Sstevel@tonic-gate char *
__s_get_auth_name(ns_config_t * ptr,AuthType_t type)6577c478bd9Sstevel@tonic-gate __s_get_auth_name(ns_config_t *ptr, AuthType_t type)
6587c478bd9Sstevel@tonic-gate {
6597c478bd9Sstevel@tonic-gate 	register ns_enum_map	*mapp;
6607c478bd9Sstevel@tonic-gate 
6617c478bd9Sstevel@tonic-gate 	if (ptr->version == NS_LDAP_V1)
6627c478bd9Sstevel@tonic-gate 		mapp = &ns_auth_enum_v1[0];
6637c478bd9Sstevel@tonic-gate 	else
6647c478bd9Sstevel@tonic-gate 		mapp = &ns_auth_enum_v2[0];
6657c478bd9Sstevel@tonic-gate 
6667c478bd9Sstevel@tonic-gate 	for (; mapp->name != NULL; mapp++) {
6677c478bd9Sstevel@tonic-gate 		if (type == INT2AUTHENUM(mapp->value)) {
6687c478bd9Sstevel@tonic-gate 			return (mapp->name);
6697c478bd9Sstevel@tonic-gate 		}
6707c478bd9Sstevel@tonic-gate 	}
6717c478bd9Sstevel@tonic-gate 	return ("Unknown AuthType_t type specified");
6727c478bd9Sstevel@tonic-gate }
6737c478bd9Sstevel@tonic-gate 
6747c478bd9Sstevel@tonic-gate 
6757c478bd9Sstevel@tonic-gate char *
__s_get_security_name(ns_config_t * ptr,TlsType_t type)6767c478bd9Sstevel@tonic-gate __s_get_security_name(ns_config_t *ptr, TlsType_t type)
6777c478bd9Sstevel@tonic-gate {
6787c478bd9Sstevel@tonic-gate 	register ns_enum_map	*mapp;
6797c478bd9Sstevel@tonic-gate 
6807c478bd9Sstevel@tonic-gate 	if (ptr->version == NS_LDAP_V1) {
6817c478bd9Sstevel@tonic-gate 		mapp = &ns_sec_enum_v1[0];
6827c478bd9Sstevel@tonic-gate 
6837c478bd9Sstevel@tonic-gate 		for (; mapp->name != NULL; mapp++) {
6847c478bd9Sstevel@tonic-gate 			if (type == INT2SECENUM(mapp->value)) {
6857c478bd9Sstevel@tonic-gate 				return (mapp->name);
6867c478bd9Sstevel@tonic-gate 			}
6877c478bd9Sstevel@tonic-gate 		}
6887c478bd9Sstevel@tonic-gate 	}
6897c478bd9Sstevel@tonic-gate 	return ("Unknown TlsType_t type specified");
6907c478bd9Sstevel@tonic-gate }
6917c478bd9Sstevel@tonic-gate 
6927c478bd9Sstevel@tonic-gate 
6937c478bd9Sstevel@tonic-gate char *
__s_get_scope_name(ns_config_t * ptr,ScopeType_t type)6947c478bd9Sstevel@tonic-gate __s_get_scope_name(ns_config_t *ptr, ScopeType_t type)
6957c478bd9Sstevel@tonic-gate {
6967c478bd9Sstevel@tonic-gate 	register ns_enum_map	*mapp;
6977c478bd9Sstevel@tonic-gate 
6987c478bd9Sstevel@tonic-gate 	if (ptr->version == NS_LDAP_V1)
6997c478bd9Sstevel@tonic-gate 		mapp = &ns_scope_enum_v1[0];
7007c478bd9Sstevel@tonic-gate 	else
7017c478bd9Sstevel@tonic-gate 		mapp = &ns_scope_enum_v2[0];
7027c478bd9Sstevel@tonic-gate 
7037c478bd9Sstevel@tonic-gate 	for (; mapp->name != NULL; mapp++) {
7047c478bd9Sstevel@tonic-gate 		if (type == INT2SCOPEENUM(mapp->value)) {
7057c478bd9Sstevel@tonic-gate 			return (mapp->name);
7067c478bd9Sstevel@tonic-gate 		}
7077c478bd9Sstevel@tonic-gate 	}
7087c478bd9Sstevel@tonic-gate 	return ("Unknown ScopeType_t type specified");
7097c478bd9Sstevel@tonic-gate }
7107c478bd9Sstevel@tonic-gate 
7117c478bd9Sstevel@tonic-gate 
7127c478bd9Sstevel@tonic-gate char *
__s_get_pref_name(PrefOnly_t type)7137c478bd9Sstevel@tonic-gate __s_get_pref_name(PrefOnly_t type)
7147c478bd9Sstevel@tonic-gate {
7157c478bd9Sstevel@tonic-gate 	register ns_enum_map	*mapp = &ns_pref_enum[0];
7167c478bd9Sstevel@tonic-gate 
7177c478bd9Sstevel@tonic-gate 	for (; mapp->name != NULL; mapp++) {
7187c478bd9Sstevel@tonic-gate 		if (type == INT2PREFONLYENUM(mapp->value)) {
7197c478bd9Sstevel@tonic-gate 			return (mapp->name);
7207c478bd9Sstevel@tonic-gate 		}
7217c478bd9Sstevel@tonic-gate 	}
7227c478bd9Sstevel@tonic-gate 	return ("Unknown PrefOnly_t type specified");
7237c478bd9Sstevel@tonic-gate }
7247c478bd9Sstevel@tonic-gate 
7257c478bd9Sstevel@tonic-gate char *
__s_get_searchref_name(ns_config_t * ptr,SearchRef_t type)7267c478bd9Sstevel@tonic-gate __s_get_searchref_name(ns_config_t *ptr, SearchRef_t type)
7277c478bd9Sstevel@tonic-gate {
7287c478bd9Sstevel@tonic-gate 	register ns_enum_map	*mapp;
7297c478bd9Sstevel@tonic-gate 
7307c478bd9Sstevel@tonic-gate 	if (ptr->version == NS_LDAP_V1)
7317c478bd9Sstevel@tonic-gate 		mapp = &ns_ref_enum_v1[0];
7327c478bd9Sstevel@tonic-gate 	else
7337c478bd9Sstevel@tonic-gate 		mapp = &ns_ref_enum_v2[0];
7347c478bd9Sstevel@tonic-gate 
7357c478bd9Sstevel@tonic-gate 	for (; mapp->name != NULL; mapp++) {
7367c478bd9Sstevel@tonic-gate 		if (type == INT2SEARCHREFENUM(mapp->value)) {
7377c478bd9Sstevel@tonic-gate 			return (mapp->name);
7387c478bd9Sstevel@tonic-gate 		}
7397c478bd9Sstevel@tonic-gate 	}
7407c478bd9Sstevel@tonic-gate 	return ("Unknown SearchRef_t type specified");
7417c478bd9Sstevel@tonic-gate }
7427c478bd9Sstevel@tonic-gate 
743dd1104fbSMichen Chang char *
__s_get_shadowupdate_name(enableShadowUpdate_t type)744dd1104fbSMichen Chang __s_get_shadowupdate_name(enableShadowUpdate_t type)
745dd1104fbSMichen Chang {
746dd1104fbSMichen Chang 	register ns_enum_map	*mapp;
747dd1104fbSMichen Chang 
748dd1104fbSMichen Chang 	mapp = &ns_shadow_update_enum[0];
749dd1104fbSMichen Chang 
750dd1104fbSMichen Chang 	for (; mapp->name != NULL; mapp++) {
751dd1104fbSMichen Chang 		if (type == INT2SHADOWUPDATENUM(mapp->value)) {
752dd1104fbSMichen Chang 			return (mapp->name);
753dd1104fbSMichen Chang 		}
754dd1104fbSMichen Chang 	}
755dd1104fbSMichen Chang 	return ("Unknown enableShadowUpdate_t type specified");
756dd1104fbSMichen Chang }
757dd1104fbSMichen Chang 
7587c478bd9Sstevel@tonic-gate static char *
__s_get_credlvl_name(ns_config_t * ptr,CredLevel_t type)7597c478bd9Sstevel@tonic-gate __s_get_credlvl_name(ns_config_t *ptr, CredLevel_t type)
7607c478bd9Sstevel@tonic-gate {
7617c478bd9Sstevel@tonic-gate 	register ns_enum_map	*mapp;
7627c478bd9Sstevel@tonic-gate 
7637c478bd9Sstevel@tonic-gate 	if (ptr->version == NS_LDAP_V2) {
7647c478bd9Sstevel@tonic-gate 		mapp = &ns_cred_enum_v2[0];
7657c478bd9Sstevel@tonic-gate 		for (; mapp->name != NULL; mapp++) {
7667c478bd9Sstevel@tonic-gate 			if (type == INT2CREDLEVELENUM(mapp->value)) {
7677c478bd9Sstevel@tonic-gate 				return (mapp->name);
7687c478bd9Sstevel@tonic-gate 			}
7697c478bd9Sstevel@tonic-gate 		}
7707c478bd9Sstevel@tonic-gate 	}
7717c478bd9Sstevel@tonic-gate 	return ("Unknown CredLevel_t type specified");
7727c478bd9Sstevel@tonic-gate }
7737c478bd9Sstevel@tonic-gate 
7747c478bd9Sstevel@tonic-gate static void
destroy_param(ns_config_t * ptr,ParamIndexType type)7757c478bd9Sstevel@tonic-gate destroy_param(ns_config_t *ptr, ParamIndexType type)
7767c478bd9Sstevel@tonic-gate {
7777c478bd9Sstevel@tonic-gate 	int	i, j;
7787c478bd9Sstevel@tonic-gate 	char	**ppc;
7797c478bd9Sstevel@tonic-gate 
7807c478bd9Sstevel@tonic-gate 	if (ptr == NULL)
7817c478bd9Sstevel@tonic-gate 		return;
7827c478bd9Sstevel@tonic-gate 
7837c478bd9Sstevel@tonic-gate 	/*
7847c478bd9Sstevel@tonic-gate 	 * This routine is not lock protected because
7857c478bd9Sstevel@tonic-gate 	 * the config param it may be destroying is not
7867c478bd9Sstevel@tonic-gate 	 * necessarily THE config.  Mutex protect elsewhere.
7877c478bd9Sstevel@tonic-gate 	 */
7887c478bd9Sstevel@tonic-gate 	switch (ptr->paramList[type].ns_ptype) {
7897c478bd9Sstevel@tonic-gate 	case CHARPTR:
7907c478bd9Sstevel@tonic-gate 		if (ptr->paramList[type].ns_pc) {
7917c478bd9Sstevel@tonic-gate 			free(ptr->paramList[type].ns_pc);
7927c478bd9Sstevel@tonic-gate 			ptr->paramList[type].ns_pc = NULL;
7937c478bd9Sstevel@tonic-gate 		}
7947c478bd9Sstevel@tonic-gate 		break;
7957c478bd9Sstevel@tonic-gate 	case SAMLIST:
7967c478bd9Sstevel@tonic-gate 	case SCLLIST:
7977c478bd9Sstevel@tonic-gate 	case SSDLIST:
7987c478bd9Sstevel@tonic-gate 	case ARRAYCP:
7997c478bd9Sstevel@tonic-gate 	case SERVLIST:
8007c478bd9Sstevel@tonic-gate 		if (ptr->paramList[type].ns_ppc) {
8017c478bd9Sstevel@tonic-gate 			ppc = ptr->paramList[type].ns_ppc;
8027c478bd9Sstevel@tonic-gate 			j = ptr->paramList[type].ns_acnt;
8037c478bd9Sstevel@tonic-gate 			for (i = 0; i < j && ppc[i] != NULL; i++) {
8047c478bd9Sstevel@tonic-gate 				free((void *)ppc[i]);
8057c478bd9Sstevel@tonic-gate 			}
8067c478bd9Sstevel@tonic-gate 			free((void *)ppc);
8077c478bd9Sstevel@tonic-gate 			ptr->paramList[type].ns_ppc = NULL;
8087c478bd9Sstevel@tonic-gate 		}
8097c478bd9Sstevel@tonic-gate 		break;
8107c478bd9Sstevel@tonic-gate 	case ARRAYAUTH:
8117c478bd9Sstevel@tonic-gate 	case ARRAYCRED:
8127c478bd9Sstevel@tonic-gate 		if (ptr->paramList[type].ns_pi) {
8137c478bd9Sstevel@tonic-gate 			free(ptr->paramList[type].ns_pi);
8147c478bd9Sstevel@tonic-gate 			ptr->paramList[type].ns_pi = NULL;
8157c478bd9Sstevel@tonic-gate 		}
8167c478bd9Sstevel@tonic-gate 		break;
8177c478bd9Sstevel@tonic-gate 	case INT:
8187c478bd9Sstevel@tonic-gate 		ptr->paramList[type].ns_i = 0;
8197c478bd9Sstevel@tonic-gate 		break;
8207c478bd9Sstevel@tonic-gate 	case ATTRMAP:
8217c478bd9Sstevel@tonic-gate 		break;
8227c478bd9Sstevel@tonic-gate 	case OBJMAP:
8237c478bd9Sstevel@tonic-gate 		break;
8247c478bd9Sstevel@tonic-gate 	default:
8257c478bd9Sstevel@tonic-gate 		break;
8267c478bd9Sstevel@tonic-gate 	}
8277c478bd9Sstevel@tonic-gate 	ptr->paramList[type].ns_ptype = NS_UNKNOWN;
8287c478bd9Sstevel@tonic-gate }
8297c478bd9Sstevel@tonic-gate 
8307c478bd9Sstevel@tonic-gate static void
destroy_config(ns_config_t * ptr)8317c478bd9Sstevel@tonic-gate destroy_config(ns_config_t *ptr)
8327c478bd9Sstevel@tonic-gate {
8337c478bd9Sstevel@tonic-gate 	ParamIndexType	i;
8347c478bd9Sstevel@tonic-gate 
8357c478bd9Sstevel@tonic-gate 	if (ptr != NULL) {
836e1dd0a2fSth 		if (ptr == current_config)
837e1dd0a2fSth 			current_config = NULL;
838a4abf230SToomas Soome 		free(ptr->domainName);
839a4abf230SToomas Soome 		ptr->domainName = NULL;
8407c478bd9Sstevel@tonic-gate 		for (i = 0; i <= LAST_VALUE; i++) {
8417c478bd9Sstevel@tonic-gate 			destroy_param(ptr, i);
8427c478bd9Sstevel@tonic-gate 		}
8437c478bd9Sstevel@tonic-gate 		__s_api_destroy_hash(ptr);
8447c478bd9Sstevel@tonic-gate 		free(ptr);
8457c478bd9Sstevel@tonic-gate 	}
8467c478bd9Sstevel@tonic-gate }
8477c478bd9Sstevel@tonic-gate 
8487c478bd9Sstevel@tonic-gate /*
8497c478bd9Sstevel@tonic-gate  * Marks the ns_config_t to be deleted and then releases it. (If no other
8507c478bd9Sstevel@tonic-gate  * caller is using, then __s_api_release_config will destroy it.)
8517c478bd9Sstevel@tonic-gate  *
8527c478bd9Sstevel@tonic-gate  * Note that __s_api_destroy_config should only be called if the caller has
8537c478bd9Sstevel@tonic-gate  * created the ns_config_t with __s_api_create_config (with the exception
8547c478bd9Sstevel@tonic-gate  * of set_curr_config). The ns_config_t should be private to the caller.
8557c478bd9Sstevel@tonic-gate  *
8567c478bd9Sstevel@tonic-gate  * This function should not be called with the current_config except by
8577c478bd9Sstevel@tonic-gate  * set_curr_config which locks ns_parse_lock to ensure that no thread
8587c478bd9Sstevel@tonic-gate  * will be waiting on current_config->config_mutex. This ensures that
8597c478bd9Sstevel@tonic-gate  * no caller with be waiting on cfg->config_mutex while it is being
8607c478bd9Sstevel@tonic-gate  * destroyed by __s_api_release_config.
8617c478bd9Sstevel@tonic-gate  */
8627c478bd9Sstevel@tonic-gate 
8637c478bd9Sstevel@tonic-gate void
__s_api_destroy_config(ns_config_t * cfg)8647c478bd9Sstevel@tonic-gate __s_api_destroy_config(ns_config_t *cfg)
8657c478bd9Sstevel@tonic-gate {
8667c478bd9Sstevel@tonic-gate 	if (cfg != NULL) {
8677c478bd9Sstevel@tonic-gate 		(void) mutex_lock(&cfg->config_mutex);
8687c478bd9Sstevel@tonic-gate 		cfg->delete = TRUE;
8697c478bd9Sstevel@tonic-gate 		(void) mutex_unlock(&cfg->config_mutex);
8707c478bd9Sstevel@tonic-gate 		__s_api_release_config(cfg);
8717c478bd9Sstevel@tonic-gate 	}
8727c478bd9Sstevel@tonic-gate }
8737c478bd9Sstevel@tonic-gate 
8747c478bd9Sstevel@tonic-gate 
8757c478bd9Sstevel@tonic-gate /*
8767c478bd9Sstevel@tonic-gate  * Increment the configuration use count by one - assumes ns_parse_lock has
877e1dd0a2fSth  * been obtained.
8787c478bd9Sstevel@tonic-gate  */
8797c478bd9Sstevel@tonic-gate 
8807c478bd9Sstevel@tonic-gate static ns_config_t *
get_curr_config_unlocked(ns_config_t * cfg,boolean_t global)881ca190d8dSmichen get_curr_config_unlocked(ns_config_t *cfg, boolean_t global)
8827c478bd9Sstevel@tonic-gate {
8837c478bd9Sstevel@tonic-gate 	ns_config_t *ret;
8847c478bd9Sstevel@tonic-gate 
8857c478bd9Sstevel@tonic-gate 	ret = cfg;
8867c478bd9Sstevel@tonic-gate 	if (cfg != NULL) {
8877c478bd9Sstevel@tonic-gate 		(void) mutex_lock(&cfg->config_mutex);
888ca190d8dSmichen 		/*
889ca190d8dSmichen 		 * allow access to per connection management (non-global)
890ca190d8dSmichen 		 * config so operations on connection being closed can still
891ca190d8dSmichen 		 * be completed
892ca190d8dSmichen 		 */
893ca190d8dSmichen 		if (cfg->delete && global == B_TRUE)
8947c478bd9Sstevel@tonic-gate 			ret = NULL;
8957c478bd9Sstevel@tonic-gate 		else
8967c478bd9Sstevel@tonic-gate 			cfg->nUse++;
8977c478bd9Sstevel@tonic-gate 		(void) mutex_unlock(&cfg->config_mutex);
8987c478bd9Sstevel@tonic-gate 	}
8997c478bd9Sstevel@tonic-gate 	return (ret);
9007c478bd9Sstevel@tonic-gate }
9017c478bd9Sstevel@tonic-gate 
9027c478bd9Sstevel@tonic-gate /*
903e1dd0a2fSth  * set_curr_config_global sets the current global config to the
904e1dd0a2fSth  * specified ns_config_t. Note that this function is similar
905e1dd0a2fSth  * to the project private function __s_api_init_config_global
906e1dd0a2fSth  * except that it does not release the new ns_config_t.
9077c478bd9Sstevel@tonic-gate  */
9087c478bd9Sstevel@tonic-gate static void
set_curr_config_global(ns_config_t * ptr)909e1dd0a2fSth set_curr_config_global(ns_config_t *ptr)
9107c478bd9Sstevel@tonic-gate {
911e1dd0a2fSth 	ns_config_t	*cfg;
912e1dd0a2fSth 	ns_config_t	*cur_cfg;
9137c478bd9Sstevel@tonic-gate 
9147c478bd9Sstevel@tonic-gate 	(void) mutex_lock(&ns_parse_lock);
915e1dd0a2fSth 	cur_cfg = current_config;
916ca190d8dSmichen 	cfg = get_curr_config_unlocked(cur_cfg, B_TRUE);
9177c478bd9Sstevel@tonic-gate 	if (cfg != ptr) {
9187c478bd9Sstevel@tonic-gate 		__s_api_destroy_config(cfg);
9197c478bd9Sstevel@tonic-gate 		current_config = ptr;
9207c478bd9Sstevel@tonic-gate 	}
9217c478bd9Sstevel@tonic-gate 	(void) mutex_unlock(&ns_parse_lock);
9227c478bd9Sstevel@tonic-gate }
9237c478bd9Sstevel@tonic-gate 
924e1dd0a2fSth 
925e1dd0a2fSth /*
926e1dd0a2fSth  * set_curr_config sets the current config or the per connection
927e1dd0a2fSth  * management one to the specified ns_config_t. Note that this function
928e1dd0a2fSth  * is similar to the project private function __s_api_init_config
929e1dd0a2fSth  * except that it does not release the new ns_config_t. Also note
930e1dd0a2fSth  * that if there's no per connection management one to set, the
931e1dd0a2fSth  * global current config will be set.
932e1dd0a2fSth  */
933e1dd0a2fSth 
934e1dd0a2fSth static void
set_curr_config(ns_config_t * ptr)935e1dd0a2fSth set_curr_config(ns_config_t *ptr)
936e1dd0a2fSth {
937e1dd0a2fSth 	ns_config_t	*cfg;
938e1dd0a2fSth 	ns_config_t	*cur_cfg;
939e1dd0a2fSth 	ns_conn_mgmt_t	*cmg;
940e1dd0a2fSth 	int		rc;
941e1dd0a2fSth 
942e1dd0a2fSth 	rc = thr_getspecific(ns_cmgkey, (void **)&cmg);
943e1dd0a2fSth 
944e1dd0a2fSth 	/* set the per connection management config if possible */
945e1dd0a2fSth 	if (rc == 0 && cmg != NULL && cmg->config != NULL) {
946e1dd0a2fSth 		(void) mutex_lock(&cmg->cfg_lock);
947e1dd0a2fSth 		cur_cfg = cmg->config;
948ca190d8dSmichen 		cfg = get_curr_config_unlocked(cur_cfg, B_FALSE);
949e1dd0a2fSth 		if (cfg != ptr) {
950e1dd0a2fSth 			__s_api_destroy_config(cfg);
951e1dd0a2fSth 			cmg->config = ptr;
952e1dd0a2fSth 		}
953e1dd0a2fSth 		(void) mutex_unlock(&cmg->cfg_lock);
954e1dd0a2fSth 		return;
955e1dd0a2fSth 	}
956e1dd0a2fSth 
957e1dd0a2fSth 	/* else set the global current config */
958e1dd0a2fSth 	set_curr_config_global(ptr);
959e1dd0a2fSth }
960e1dd0a2fSth 
9617c478bd9Sstevel@tonic-gate /*
9627c478bd9Sstevel@tonic-gate  * Decrements the ns_config_t usage count by one. Delete if delete flag
9637c478bd9Sstevel@tonic-gate  * is set and no other callers are using.
9647c478bd9Sstevel@tonic-gate  */
9657c478bd9Sstevel@tonic-gate 
9667c478bd9Sstevel@tonic-gate void
__s_api_release_config(ns_config_t * cfg)9677c478bd9Sstevel@tonic-gate __s_api_release_config(ns_config_t *cfg)
9687c478bd9Sstevel@tonic-gate {
9697c478bd9Sstevel@tonic-gate 	if (cfg != NULL) {
9707c478bd9Sstevel@tonic-gate 		(void) mutex_lock(&cfg->config_mutex);
9717c478bd9Sstevel@tonic-gate 		cfg->nUse--;
9727c478bd9Sstevel@tonic-gate 		if (cfg->nUse == 0 && cfg->delete) {
9737c478bd9Sstevel@tonic-gate 			destroy_config(cfg);
9747c478bd9Sstevel@tonic-gate 		} else
9757c478bd9Sstevel@tonic-gate 			(void) mutex_unlock(&cfg->config_mutex);
9767c478bd9Sstevel@tonic-gate 	}
9777c478bd9Sstevel@tonic-gate }
9787c478bd9Sstevel@tonic-gate 
979e1dd0a2fSth /*
980e1dd0a2fSth  * __s_api_init_config function destroys the previous global configuration
981e1dd0a2fSth  * sets the new global configuration and then releases it
982e1dd0a2fSth  */
983e1dd0a2fSth void
__s_api_init_config_global(ns_config_t * ptr)984e1dd0a2fSth __s_api_init_config_global(ns_config_t *ptr)
985e1dd0a2fSth {
986e1dd0a2fSth 	set_curr_config_global(ptr);
987e1dd0a2fSth 	__s_api_release_config(ptr);
988e1dd0a2fSth }
989e1dd0a2fSth 
9907c478bd9Sstevel@tonic-gate /*
9917c478bd9Sstevel@tonic-gate  * __s_api_init_config function destroys the previous configuration
992e1dd0a2fSth  * sets the new configuration and then releases it. The configuration
993e1dd0a2fSth  * may be the global one or the per connection management one.
9947c478bd9Sstevel@tonic-gate  */
9957c478bd9Sstevel@tonic-gate void
__s_api_init_config(ns_config_t * ptr)9967c478bd9