xref: /illumos-gate/usr/src/lib/libnisdb/nis_parse_ldap_conf.c (revision 7153155797a2d348ef707cf0655ea4f87b029013)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2015 Gary Mills
23  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #include <stdio.h>
28 #include <string.h>
29 #include <stdlib.h>
30 #include <ctype.h>
31 #include <fcntl.h>
32 #include <unistd.h>
33 #include <errno.h>
34 #include <locale.h>
35 #include <sys/stat.h>
36 #include <lber.h>
37 #include <ldap.h>
38 #include <deflt.h>
39 
40 #include "ldap_map.h"
41 
42 #include "ldap_parse.h"
43 #include "ldap_glob.h"
44 #include "nis_parse_ldap_conf.h"
45 
46 __nis_ldap_proxy_info	proxyInfo		=
47 	{NULL, (auth_method_t)NO_VALUE_SET, (tls_method_t)NO_VALUE_SET, NULL,
48 		NULL, NULL, NULL, NULL, (follow_referral_t)NO_VALUE_SET};
49 __nis_config_t		ldapConfig;
50 __nisdb_table_mapping_t ldapDBTableMapping;
51 __nis_table_mapping_t	*ldapTableMapping	= NULL;
52 __yp_domain_context_t	ypDomains;
53 
54 parse_error		p_error			= no_parse_error;
55 int			cur_line_num		= 0;
56 int			start_line_num		= 0;
57 int			seq_num 		= 0;
58 const char		*warn_file		= NULL;
59 
60 char			_key_val[38];
61 const char		*command_line_source	= NULL;
62 const char		*file_source		= NULL;
63 const char		*ldap_source		= NULL;
64 
65 static
66 const char *const	*cmdline_config		= NULL;
67 static bool_t		got_config_data		= FALSE;
68 
69 /* high level parsing functions functions */
70 static int parse_ldap_cmd_line(const char *const *cmdline_options,
71     __nis_ldap_proxy_info *proxy_info, __nis_config_t *nis_config,
72     __nis_table_mapping_t **table_mapping, __nis_config_info_t *config_info,
73     __nisdb_table_mapping_t *table_info);
74 static int parse_ldap_default_conf(__nis_ldap_proxy_info *proxy_info,
75     __nis_config_t *nis_config, __nis_config_info_t *config_info,
76     __nisdb_table_mapping_t *table_info);
77 static int parse_ldap_config_file(const char *config_file,
78     __nis_ldap_proxy_info *proxy_info, __nis_config_t *nis_config,
79     __nis_table_mapping_t **table_mapping, __nis_config_info_t *config_info,
80     __nisdb_table_mapping_t *table_info);
81 static int parse_ldap_config_dn_attrs(__nis_ldap_proxy_info *proxy_info,
82     __nis_config_t *nis_config, __nis_table_mapping_t **table_mapping,
83     __nis_config_info_t *config_info, __nisdb_table_mapping_t *table_info);
84 static int yp_parse_ldap_default_conf(__nis_ldap_proxy_info *proxy_info,
85 	__nis_config_t *nis_config, __nis_config_info_t *config_info,
86 	__nisdb_table_mapping_t *table_info);
87 
88 /* Forward declarations */
89 int yp_parse_ldap_config_file(const char *, __nis_ldap_proxy_info *,
90     __nis_config_t *, __nis_table_mapping_t **, __nis_config_info_t *,
91     __nisdb_table_mapping_t *, 	__yp_domain_context_t *);
92 
93 
94 /* helper functions */
95 static config_key get_attrib_num_cmdline(const char *s,
96     const char **begin_s, const char **end_s);
97 static config_key get_file_attr_val(int fd, char **attr_val);
98 static void get_attribute_list(
99 	const __nis_ldap_proxy_info *proxy_info,
100 	const __nis_config_t *nis_config,
101 	const __nis_config_info_t *config_info,
102 	const __nisdb_table_mapping_t *table_info,
103 	char **ldap_config_attributes);
104 
105 /*
106  * FUNCTION:	parse_ldap_migration
107  *
108  *	Parses the information for LDAP. The values are first
109  *	obtained from the command line, secondly from the preference
110  *	file, and finally from an LDAP profile (if so configured in
111  *	the command line or preference file). Any unset values will
112  *	be set to their default values.
113  *
114  *	If no command line options, no settings in the /etc/default
115  *  configuration file, and no mapping file, then no mapping
116  *  should be used.
117  *
118  * RETURN VALUE:
119  *			0	Success
120  *			-1	Config file stat/open or parse error
121  *			1	No mapping should be used.
122  *
123  * INPUT:		command line parameters, configuration file
124  */
125 
126 int
127 parse_ldap_migration(
128 	const char *const	*cmdline_options,
129 	const char		*config_file)
130 {
131 	int			rc	= 0;
132 	__nis_config_info_t	config_info
133 				= {NULL, NULL, (auth_method_t)NO_VALUE_SET,
134 					(tls_method_t)NO_VALUE_SET, NULL,
135 					NULL, NULL};
136 	struct stat		buf;
137 
138 	p_error = no_parse_error;
139 
140 	if (verbose)
141 		report_info("Getting LDAP configuration", NULL);
142 
143 	initialize_parse_structs(&proxyInfo, &ldapConfig, &ldapDBTableMapping);
144 
145 	if (yp2ldap)
146 		initialize_yp_parse_structs(&ypDomains);
147 
148 	if (cmdline_options != NULL) {
149 		got_config_data = TRUE;
150 		/* NIS to LDAP does not read command line attributes */
151 		if (!yp2ldap)
152 			rc = parse_ldap_cmd_line(cmdline_options, &proxyInfo,
153 			    &ldapConfig, &ldapTableMapping, &config_info,
154 			    &ldapDBTableMapping);
155 		else
156 			rc = 0;
157 	}
158 
159 	if (rc == 0) {
160 		if (yp2ldap)
161 			rc = yp_parse_ldap_default_conf(&proxyInfo, &ldapConfig,
162 			    &config_info, &ldapDBTableMapping);
163 		else
164 			rc = parse_ldap_default_conf(&proxyInfo, &ldapConfig,
165 			    &config_info, &ldapDBTableMapping);
166 	}
167 
168 	if (config_file == NULL) {
169 		if (yp2ldap) {
170 			if (stat(YP_DEFAULT_MAPPING_FILE, &buf) == 0)
171 				config_file = YP_DEFAULT_MAPPING_FILE;
172 		} else {
173 			if (stat(DEFAULT_MAPPING_FILE, &buf) == 0)
174 				config_file = DEFAULT_MAPPING_FILE;
175 		}
176 	}
177 
178 	if (rc == 0 && config_file != NULL) {
179 		got_config_data = TRUE;
180 		warn_file = config_file;
181 		cmdline_config = cmdline_options;
182 		if (yp2ldap)
183 			rc = yp_parse_ldap_config_file(config_file, &proxyInfo,
184 			    &ldapConfig, &ldapTableMapping, &config_info,
185 			    &ldapDBTableMapping, &ypDomains);
186 		else
187 			rc = parse_ldap_config_file(config_file, &proxyInfo,
188 			    &ldapConfig, &ldapTableMapping, &config_info,
189 			    &ldapDBTableMapping);
190 
191 		warn_file = NULL;
192 		cmdline_config = NULL;
193 	}
194 	if (rc == 0 && (config_info.config_dn != NULL) &&
195 	    (config_info.config_dn[0] != '\0')) {
196 		rc = parse_ldap_config_dn_attrs(&proxyInfo,
197 		    &ldapConfig, &ldapTableMapping, &config_info,
198 		    &ldapDBTableMapping);
199 	}
200 
201 	free_config_info(&config_info);
202 
203 	if (rc == 0 && got_config_data == FALSE)
204 		rc = 1;
205 
206 	set_default_values(&proxyInfo, &ldapConfig, &ldapDBTableMapping);
207 
208 	if (yp2ldap == 1 && rc == 0) {
209 		rc = second_parser_pass(&ldapTableMapping);
210 		if (rc == 0)
211 			rc = final_parser_pass(&ldapTableMapping, &ypDomains);
212 		if (rc == -2)
213 			return (-1);
214 	}
215 
216 	if (rc == 0)
217 		rc = finish_parse(&proxyInfo, &ldapTableMapping);
218 
219 	if (rc == 0)
220 		rc = linked2hash(ldapTableMapping);
221 
222 	if ((rc == 0) && yptol_mode)
223 		rc = map_id_list_init();
224 
225 	if (rc != 0) {
226 		free_parse_structs();
227 	} else if (verbose)
228 		report_info("LDAP configuration complete", NULL);
229 	return (rc);
230 }
231 
232 /*
233  * FUNCTION:	parse_ldap_cmd_line
234  *
235  *	Parses the information for LDAP from the command line
236  *
237  * RETURN VALUE:	0 on success, -1 on failure
238  *
239  * INPUT:		command line values
240  */
241 
242 static int
243 parse_ldap_cmd_line(
244 	const char *const	*cmdline_options,
245 	__nis_ldap_proxy_info	*proxy_info,
246 	__nis_config_t		*nis_config,
247 	__nis_table_mapping_t	**table_mapping,
248 	__nis_config_info_t	*config_info,
249 	__nisdb_table_mapping_t	*table_info)
250 {
251 	int		rc = 0;
252 	config_key	attrib_num;
253 	const char	*begin_s;
254 	const char	*end_s;
255 
256 	if (verbose)
257 		report_info("Command line values: ", NULL);
258 	while (*cmdline_options != NULL) {
259 		if (verbose)
260 			report_info("\t", *cmdline_options);
261 
262 		attrib_num = get_attrib_num_cmdline(
263 		    *cmdline_options, &begin_s, &end_s);
264 		if (attrib_num == key_bad) {
265 			command_line_source = "command line";
266 			report_error(*cmdline_options, NULL);
267 			command_line_source = NULL;
268 			rc = -1;
269 			break;
270 		} else if (IS_CONFIG_KEYWORD(attrib_num)) {
271 			rc = add_config_attribute(attrib_num,
272 			    begin_s, end_s - begin_s, config_info);
273 		} else if (IS_BIND_INFO(attrib_num)) {
274 			rc = add_bind_attribute(attrib_num,
275 			    begin_s, end_s - begin_s, proxy_info);
276 		} else if (IS_OPER_INFO(attrib_num)) {
277 			rc = add_operation_attribute(attrib_num,
278 			    begin_s, end_s - begin_s, nis_config,
279 			    table_info);
280 		} else {
281 			rc = add_mapping_attribute(attrib_num,
282 			    begin_s, end_s - begin_s, table_mapping);
283 		}
284 
285 		if (rc < 0) {
286 			command_line_source = "command line";
287 			report_error(begin_s, _key_val);
288 			command_line_source = NULL;
289 			break;
290 		}
291 		cmdline_options++;
292 	}
293 	return (rc);
294 }
295 
296 static int
297 parse_ldap_default_conf(
298 	__nis_ldap_proxy_info *proxy_info,
299 	__nis_config_t *nis_config,
300 	__nis_config_info_t *config_info,
301 	__nisdb_table_mapping_t	*table_info)
302 {
303 	int		rc = 0;
304 	char		*ldap_config_attributes[n_config_keys];
305 	char		attr_buf[128];
306 	char		*attr;
307 	char		*attr_val;
308 	int		defflags;
309 	config_key	attrib_num;
310 	int		i;
311 	int		len;
312 	int		attr_len;
313 	void		*defp;
314 
315 	if ((defp = defopen_r(ETCCONFFILE)) != NULL) {
316 		file_source = ETCCONFFILE;
317 		if (verbose)
318 			report_info("default configuration values: ", NULL);
319 		/* Set defread_r() to be case insensitive */
320 		defflags = defcntl_r(DC_GETFLAGS, 0, defp);
321 		TURNOFF(defflags, DC_CASE);
322 		(void) defcntl_r(DC_SETFLAGS, defflags, defp);
323 
324 		get_attribute_list(proxy_info, nis_config, config_info,
325 		    table_info, ldap_config_attributes);
326 		i = 0;
327 		while ((attr = ldap_config_attributes[i++]) != NULL) {
328 			(void) strlcpy(attr_buf, attr, sizeof (attr_buf));
329 			/*
330 			 * if nisplusUpdateBatching, make sure
331 			 * we don't match nisplusUpdateBatchingTimeout
332 			 */
333 			if (strcmp(attr, UPDATE_BATCHING) == 0) {
334 				attr_len = strlen(attr);
335 				attr_buf[attr_len] = '=';
336 				attr_buf[attr_len + 1] = '\0';
337 				attr_val = defread_r(attr_buf, defp);
338 
339 				if (attr_val == 0) {
340 					attr_buf[attr_len] = ' ';
341 					attr_val = defread_r(attr_buf, defp);
342 				}
343 				if (attr_val == 0) {
344 					attr_buf[attr_len] = '\t';
345 					attr_val = defread_r(attr_buf, defp);
346 				}
347 				if (attr_val == 0) {
348 					attr_buf[attr_len] = '\n';
349 					attr_val = defread_r(attr_buf, defp);
350 				}
351 			} else {
352 				attr_val = defread_r(attr_buf, defp);
353 			}
354 			if (attr_val == NULL)
355 				continue;
356 
357 			got_config_data = TRUE;
358 			attrib_num = get_attrib_num(attr, strlen(attr));
359 			if (attrib_num == key_bad) {
360 				report_error(attr, NULL);
361 				rc = -1;
362 				break;
363 			}
364 
365 			/*
366 			 * Allow either entries of the form
367 			 *	attr val
368 			 *	   or
369 			 *	attr = val
370 			 */
371 			while (is_whitespace(*attr_val))
372 				attr_val++;
373 			if (*attr_val == '=')
374 				attr_val++;
375 			while (is_whitespace(*attr_val))
376 				attr_val++;
377 			len = strlen(attr_val);
378 			while (len > 0 && is_whitespace(attr_val[len - 1]))
379 				len--;
380 
381 			if (verbose) {
382 				report_info("\t", attr);
383 				report_info("\t\t", attr_val);
384 			}
385 			if (IS_BIND_INFO(attrib_num)) {
386 				rc = add_bind_attribute(attrib_num,
387 				    attr_val, len, proxy_info);
388 			} else if (IS_OPER_INFO(attrib_num)) {
389 				rc = add_operation_attribute(attrib_num,
390 				    attr_val, len, nis_config,
391 				    table_info);
392 			}
393 			if (p_error != no_parse_error) {
394 				report_error(attr_val, attr);
395 				rc = -1;
396 				break;
397 			}
398 		}
399 		file_source = NULL;
400 		/* Close the /etc/default file */
401 		defclose_r(defp);
402 	}
403 	return (rc);
404 }
405 
406 static int
407 yp_parse_ldap_default_conf(
408 	__nis_ldap_proxy_info *proxy_info,
409 	__nis_config_t	*nis_config,
410 	__nis_config_info_t *config_info,
411 	__nisdb_table_mapping_t *table_info)
412 {
413 	int rc = 0;
414 	char		*ldap_config_attributes[n_config_keys];
415 	char		attr_buf[128];
416 	char		*attr;
417 	char		*attr_val;
418 	int		defflags;
419 	config_key	attrib_num;
420 	int 		i, len;
421 	void		*defp;
422 
423 	if ((defp = defopen_r(YP_ETCCONFFILE)) != NULL) {
424 		file_source = YP_ETCCONFFILE;
425 		if (verbose)
426 			report_info("default configuration values: ", NULL);
427 		/* Set defread_r() to be case insensitive */
428 		defflags = defcntl_r(DC_GETFLAGS, 0, defp);
429 		TURNOFF(defflags, DC_CASE);
430 		(void) defcntl_r(DC_SETFLAGS, defflags, defp);
431 
432 		get_attribute_list(proxy_info, nis_config, config_info,
433 		    table_info, ldap_config_attributes);
434 		i = 0;
435 		while ((attr = ldap_config_attributes[i++]) != NULL) {
436 			if ((strlcpy(attr_buf, attr, sizeof (attr_buf))) >=
437 			    sizeof (attr_buf)) {
438 				report_error(
439 				    "Static buffer attr_buf overflow", NULL);
440 				defclose_r(defp);
441 				return (-1);
442 			}
443 
444 			if ((attr_val = defread_r(attr_buf, defp)) == NULL)
445 				continue;
446 
447 			got_config_data = TRUE;
448 			attrib_num = get_attrib_num(attr, strlen(attr));
449 			if (attrib_num == key_bad) {
450 				report_error(attr, NULL);
451 				rc = -1;
452 				break;
453 			}
454 
455 			/*
456 			 * Allow either entries of the form
457 			 * attr val
458 			 * or
459 			 * attr = val
460 			 */
461 			while (is_whitespace(*attr_val))
462 				attr_val++;
463 			if (*attr_val == '=')
464 				attr_val++;
465 			while (is_whitespace(*attr_val))
466 				attr_val++;
467 			len = strlen(attr_val);
468 			while (len > 0 && is_whitespace(attr_val[len - 1]))
469 				len--;
470 
471 			if (verbose) {
472 				report_info("\t", attr);
473 				report_info("\t\t", attr_val);
474 			}
475 			if (IS_YP_BIND_INFO(attrib_num)) {
476 				rc = add_bind_attribute(attrib_num,
477 				    attr_val, len, proxy_info);
478 			} else if (IS_YP_OPER_INFO(attrib_num)) {
479 				rc = add_operation_attribute(attrib_num,
480 				    attr_val, len, nis_config,
481 				    table_info);
482 			}
483 			if (p_error != no_parse_error) {
484 				report_error(attr_val, attr);
485 				rc = -1;
486 				break;
487 			}
488 		}
489 		file_source = NULL;
490 		/* Close the /etc/default file */
491 		defclose_r(defp);
492 	}
493 	return (rc);
494 }
495 
496 /*
497  * FUNCTION:	get_attrib_num_cmdline
498  *
499  *	Parses the information for LDAP from the command line
500  *	The form of the command line request is
501  *		-x attribute=value
502  *
503  * RETURN VALUE:	0 on success, -1 on failure
504  *
505  * INPUT:		command line values
506  */
507 
508 static config_key
509 get_attrib_num_cmdline(
510 	const char	*s,
511 	const char 	**begin_s,
512 	const char 	**end_s)
513 {
514 	const char	*s_end		= s + strlen(s);
515 	const char	*equal_s;
516 	const char	*s1;
517 	config_key	attrib_num;
518 
519 	while (s < s_end && is_whitespace(*s))
520 		s++;
521 
522 	for (equal_s = s; equal_s < s_end; equal_s++)
523 		if (*equal_s == EQUAL_CHAR)
524 			break;
525 
526 	if (equal_s == s_end) {
527 		p_error = parse_bad_command_line_attribute_format;
528 		return (key_bad);
529 	}
530 
531 	for (s1 = equal_s; s1 > s && is_whitespace(s1[-1]); s1--)
532 		;
533 
534 	if (s1 == s) {
535 		p_error = parse_bad_command_line_attribute_format;
536 		return (key_bad);
537 	}
538 
539 	attrib_num = get_attrib_num(s, s1 - s);
540 
541 	if (attrib_num != key_bad) {
542 		s1 = equal_s + 1;
543 		while (s1 < s_end && is_whitespace(*s1))
544 			s1++;
545 		*begin_s = s1;
546 		while (s_end > s1 && is_whitespace(s_end[-1]))
547 			s_end--;
548 		*end_s = s_end;
549 	}
550 
551 	return (attrib_num);
552 }
553 
554 /*
555  * FUNCTION:	parse_ldap_config_file
556  *
557  *	Parses the information for LDAP from a configuration
558  *	file. If no file is specified, /var/nis/NIS+LDAPmapping
559  *	is used
560  *
561  * RETURN VALUE:	0 on success, -1 on failure
562  *
563  * INPUT:		configuration file name
564  */
565 
566 static int
567 parse_ldap_config_file(
568 	const char 		*config_file,
569 	__nis_ldap_proxy_info	*proxy_info,
570 	__nis_config_t		*nis_config,
571 	__nis_table_mapping_t	**table_mapping,
572 	__nis_config_info_t	*config_info,
573 	__nisdb_table_mapping_t	*table_info)
574 {
575 	int		rc = 0;
576 	config_key	attrib_num;
577 	int		fd;
578 	char		*attr_val;
579 	int		len;
580 
581 	if ((fd = open(config_file, O_RDONLY)) == -1) {
582 		p_error = parse_open_file_error;
583 		report_error(config_file, NULL);
584 		return (-1);
585 	}
586 
587 	start_line_num = 1;
588 	cur_line_num = 1;
589 
590 	if (verbose)
591 		report_info("Reading configuration from ", config_file);
592 
593 	file_source = config_file;
594 	while ((attrib_num = get_file_attr_val(fd, &attr_val)) > 0) {
595 		len = attr_val == NULL ? 0 : strlen(attr_val);
596 		if (IS_CONFIG_KEYWORD(attrib_num)) {
597 			rc = add_config_attribute(attrib_num,
598 			    attr_val, len, config_info);
599 		} else if (IS_BIND_INFO(attrib_num)) {
600 			rc = add_bind_attribute(attrib_num,
601 			    attr_val, len, proxy_info);
602 		} else if (IS_OPER_INFO(attrib_num)) {
603 			rc = add_operation_attribute(attrib_num,
604 			    attr_val, len, nis_config, table_info);
605 		} else {
606 			rc = add_mapping_attribute(attrib_num,
607 			    attr_val, len, table_mapping);
608 		}
609 
610 		if (rc < 0) {
611 			report_error(attr_val == NULL ?
612 			    "<no attribute>" : attr_val, _key_val);
613 			if (attr_val)
614 				free(attr_val);
615 			break;
616 		}
617 		if (attr_val)
618 			free(attr_val);
619 	}
620 
621 	(void) close(fd);
622 	if (attrib_num == key_bad) {
623 		report_error(_key_val, NULL);
624 		rc = -1;
625 	}
626 	start_line_num = 0;
627 	file_source = NULL;
628 	return (rc);
629 }
630 
631 /*
632  * FUNCTION:	yp_parse_ldap_config_file
633  *
634  * Parses the information for LDAP from a configuration
635  * file. If no file is specified, /var/yp/NISLDAPmapping
636  * is used
637  *
638  * RETURN VALUE:    0 on success, -1 on failure
639  *
640  * INPUT:       configuration file name
641  */
642 
643 int
644 yp_parse_ldap_config_file(
645 	const char	*config_file,
646 	__nis_ldap_proxy_info	*proxy_info,
647 	__nis_config_t			*nis_config,
648 	__nis_table_mapping_t	**table_mapping,
649 	__nis_config_info_t		*config_info,
650 	__nisdb_table_mapping_t	*table_info,
651 	__yp_domain_context_t	*ypDomains)
652 {
653 	int	rc = 0;
654 	config_key	attrib_num;
655 	int	fd;
656 	char	*attr_val = NULL;
657 	int		len;
658 
659 	if ((fd = open(config_file, O_RDONLY)) == -1) {
660 		p_error = parse_open_file_error;
661 		report_error(config_file, NULL);
662 		return (-1);
663 	}
664 
665 	start_line_num = 1;
666 	cur_line_num = 1;
667 
668 	if (verbose)
669 		report_info("Reading configuration from ", config_file);
670 
671 	file_source = config_file;
672 	while ((attrib_num = get_file_attr_val(fd, &attr_val)) > 0) {
673 		len = attr_val == NULL ? 0 : strlen(attr_val);
674 		if (IS_YP_CONFIG_KEYWORD(attrib_num)) {
675 			rc = add_config_attribute(attrib_num,
676 			    attr_val, len, config_info);
677 		} else if (IS_YP_BIND_INFO(attrib_num)) {
678 			rc = add_bind_attribute(attrib_num,
679 			    attr_val, len, proxy_info);
680 		} else if (IS_YP_OPER_INFO(attrib_num)) {
681 			rc = add_operation_attribute(attrib_num,
682 			    attr_val, len, nis_config, table_info);
683 		} else if (IS_YP_DOMAIN_INFO(attrib_num)) {
684 			rc = add_ypdomains_attribute(attrib_num,
685 			    attr_val, len, ypDomains);
686 		} else if (IS_YP_MAP_ATTR(attrib_num)) {
687 			rc = add_mapping_attribute(attrib_num,
688 			    attr_val, len, table_mapping);
689 		} else {
690 			rc = -1;
691 			p_error = parse_unsupported_format;
692 		}
693 
694 		if (rc < 0) {
695 			report_error(attr_val == NULL ?
696 			    "<no attribute>" : attr_val, _key_val);
697 			if (attr_val)
698 				free(attr_val);
699 			break;
700 		}
701 		if (attr_val) {
702 			free(attr_val);
703 			attr_val = NULL;
704 		}
705 	}
706 
707 	(void) close(fd);
708 	if (attrib_num == key_bad) {
709 		report_error(_key_val, NULL);
710 		rc = -1;
711 	}
712 	start_line_num = 0;
713 	file_source = NULL;
714 	return (rc);
715 }
716 
717 /*
718  * FUNCTION:	get_file_attr_val
719  *
720  *	Gets the next attribute from the configuration file.
721  *
722  * RETURN VALUE:	The config key if more attributes
723  *			no_more_keys if eof
724  *			key_bad if error
725  */
726 
727 static config_key
728 get_file_attr_val(int fd, char **attr_val)
729 {
730 	char		buf[BUFSIZE];
731 	char		*start_tag;
732 	char		*start_val;
733 	char		*end_val;
734 	char		*cut_here;
735 	char		*s;
736 	char		*a;
737 	char		*attribute_value;
738 	int		ret;
739 	config_key	attrib_num = no_more_keys;
740 
741 	*attr_val = NULL;
742 
743 	if ((ret = read_line(fd, buf, sizeof (buf))) > 0) {
744 		for (s = buf; is_whitespace(*s); s++)
745 			;
746 
747 		start_tag = s;
748 		while (*s != '\0' && !is_whitespace(*s))
749 			s++;
750 
751 		if (verbose)
752 			report_info("\t", start_tag);
753 		attrib_num = get_attrib_num(start_tag, s - start_tag);
754 		if (attrib_num == key_bad)
755 			return (key_bad);
756 
757 		while (is_whitespace(*s))
758 			s++;
759 		if (*s == '\0')
760 			return (attrib_num);
761 		start_val = s;
762 
763 		/* note that read_line will not return a line ending with \ */
764 		for (; *s != '\0'; s++) {
765 			if (*s == ESCAPE_CHAR)
766 				s++;
767 		}
768 		while (s > start_val && is_whitespace(s[-1]))
769 			s--;
770 
771 		attribute_value =
772 		    calloc(1, (size_t)(s - start_val) + 1);
773 		if (attribute_value == NULL) {
774 			p_error = parse_no_mem_error;
775 			return (key_bad);
776 		}
777 		attr_val[0] = attribute_value;
778 
779 		a = *attr_val;
780 		end_val = s;
781 		cut_here = 0;
782 		for (s = start_val; s < end_val; s++) {
783 			if (*s == POUND_SIGN) {
784 					cut_here = s;
785 					while (s < end_val) {
786 						if (*s == DOUBLE_QUOTE_CHAR ||
787 						    *s == SINGLE_QUOTE_CHAR) {
788 							cut_here = 0;
789 							break;
790 						}
791 						s++;
792 					}
793 			}
794 		}
795 		if (cut_here != 0)
796 			end_val = cut_here;
797 
798 		for (s = start_val; s < end_val; s++)
799 			*a++ = *s;
800 		*a++ = '\0';
801 	}
802 	if (ret == -1)
803 		return (key_bad);
804 
805 	return (attrib_num);
806 }
807 
808 static LDAP *
809 connect_to_ldap_config_server(
810 	char			*sever_name,
811 	int			server_port,
812 	__nis_config_info_t	*config_info)
813 {
814 	LDAP		*ld		= NULL;
815 	int		ldapVersion	= LDAP_VERSION3;
816 	int		derefOption	= LDAP_DEREF_ALWAYS;
817 	int		timelimit	= LDAP_NO_LIMIT;
818 	int		sizelimit	= LDAP_NO_LIMIT;
819 	int		errnum;
820 	bool_t		retrying	= FALSE;
821 	int		sleep_seconds	= 1;
822 	struct berval	cred;
823 
824 	if (config_info->tls_method == no_tls) {
825 		ld = ldap_init(sever_name, server_port);
826 		if (ld == NULL) {
827 			p_error = parse_ldap_init_error;
828 			report_error(strerror(errno), NULL);
829 			return (NULL);
830 		}
831 	} else {
832 		if ((errnum = ldapssl_client_init(
833 		    config_info->tls_cert_db, NULL)) < 0) {
834 			p_error = parse_ldapssl_client_init_error;
835 			report_error(ldapssl_err2string(errnum), NULL);
836 			return (NULL);
837 		}
838 		ld = ldapssl_init(sever_name, server_port, 1);
839 		if (ld == NULL) {
840 			p_error = parse_ldapssl_init_error;
841 			report_error(strerror(errno), NULL);
842 			return (NULL);
843 		}
844 	}
845 
846 	(void) ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION,
847 	    &ldapVersion);
848 	(void) ldap_set_option(ld, LDAP_OPT_DEREF, &derefOption);
849 	(void) ldap_set_option(ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF);
850 	(void) ldap_set_option(ld, LDAP_OPT_TIMELIMIT, &timelimit);
851 	(void) ldap_set_option(ld, LDAP_OPT_SIZELIMIT, &sizelimit);
852 
853 	/*
854 	 * Attempt to bind to the LDAP server.
855 	 * We will loop until success or until an error other
856 	 * than LDAP_CONNECT_ERROR or LDAP_SERVER_DOWN
857 	 */
858 	if (verbose)
859 		report_info("Connecting to ", sever_name);
860 
861 	for (;;) {
862 		if (config_info->auth_method == simple) {
863 			errnum = ldap_simple_bind_s(ld, config_info->proxy_dn,
864 			    config_info->proxy_passwd);
865 		} else if (config_info->auth_method == cram_md5) {
866 			cred.bv_len = strlen(config_info->proxy_passwd);
867 			cred.bv_val = config_info->proxy_passwd;
868 			errnum = ldap_sasl_cram_md5_bind_s(ld,
869 			    config_info->proxy_dn, &cred, NULL, NULL);
870 		} else if (config_info->auth_method == digest_md5) {
871 			cred.bv_len = strlen(config_info->proxy_passwd);
872 			cred.bv_val = config_info->proxy_passwd;
873 			errnum = ldap_x_sasl_digest_md5_bind_s(ld,
874 			    config_info->proxy_dn, &cred, NULL, NULL);
875 		} else {
876 			errnum = ldap_simple_bind_s(ld, NULL, NULL);
877 		}
878 
879 		if (errnum == LDAP_SUCCESS)
880 			break;
881 
882 		if (errnum == LDAP_CONNECT_ERROR ||
883 		    errnum == LDAP_SERVER_DOWN) {
884 			if (!retrying) {
885 				if (verbose)
886 					report_info(
887 					"LDAP server unavailable. Retrying...",
888 					    NULL);
889 				retrying = TRUE;
890 			}
891 			(void) sleep(sleep_seconds);
892 			sleep_seconds *= 2;
893 			if (sleep_seconds > MAX_LDAP_CONFIG_RETRY_TIME)
894 				sleep_seconds = MAX_LDAP_CONFIG_RETRY_TIME;
895 			p_error = no_parse_error;
896 			continue;
897 		}
898 		p_error = parse_ldap_bind_error;
899 		report_error2(config_info->proxy_dn, ldap_err2string(errnum));
900 		(void) ldap_unbind(ld);
901 		return (NULL);
902 	}
903 
904 	if (verbose)
905 		report_info("Reading values from ", config_info->config_dn);
906 
907 	return (ld);
908 }
909 
910 /*
911  * FUNCTION:	process_ldap_config_result
912  *
913  *	Extracts the LDAPMessage containing the nis+/LDAP
914  *	configuration
915  *
916  * RETURN VALUE:	0 on success, -1 on failure
917  *
918  * INPUT:		LDAP		the LDAP connection
919  *			LDAPMessage	the LDAP message
920  */
921 
922 static int
923 process_ldap_config_result(
924 	LDAP			*ld,
925 	LDAPMessage		*resultMsg,
926 	__nis_ldap_proxy_info	*proxy_info,
927 	__nis_config_t		*nis_config,
928 	__nis_table_mapping_t	**table_mapping,
929 	__nisdb_table_mapping_t	*table_info)
930 {
931 	LDAPMessage	*e;
932 	int		errnum;
933 	char		*attr;
934 	BerElement	*ber		= NULL;
935 	config_key	attrib_num;
936 	char		**vals;
937 	int		n;
938 	int		i;
939 	char		*attr_val;
940 	int		len;
941 	int		rc = 0;
942 	bool_t		error_reported	= FALSE;
943 
944 	e = ldap_first_entry(ld, resultMsg);
945 
946 	if (e != NULL) {
947 		for (attr = ldap_first_attribute(ld, e, &ber); attr != NULL;
948 		    attr = ldap_next_attribute(ld, e, ber)) {
949 			if (verbose)
950 				report_info("\t", attr);
951 			attrib_num = get_attrib_num(attr, strlen(attr));
952 			if (attrib_num == key_bad) {
953 				report_error(attr, NULL);
954 				break;
955 			}
956 			if ((vals = ldap_get_values(ld, e, attr)) != NULL) {
957 				n = ldap_count_values(vals);
958 				/* parse the attribute values */
959 				for (i = 0; i < n; i++) {
960 					attr_val = vals[i];
961 					while (is_whitespace(*attr_val))
962 						attr_val++;
963 					if (verbose)
964 						report_info("\t\t", attr_val);
965 					len = strlen(attr_val);
966 					while (len > 0 &&
967 					    is_whitespace(attr_val[len - 1]))
968 						len--;
969 		if (yp2ldap) {
970 			if (IS_YP_BIND_INFO(attrib_num)) {
971 				rc = add_bind_attribute(attrib_num, attr_val,
972 				    len, proxy_info);
973 			} else if (IS_YP_OPER_INFO(attrib_num)) {
974 				rc = add_operation_attribute(attrib_num,
975 				    attr_val, len, nis_config, table_info);
976 			} else if (IS_YP_MAP_ATTR(attrib_num)) {
977 				rc = add_mapping_attribute(attrib_num, attr_val,
978 				    len, table_mapping);
979 			} else {
980 				p_error = parse_unsupported_format;
981 			}
982 		} else {
983 			if (IS_BIND_INFO(attrib_num)) {
984 				rc = add_bind_attribute(attrib_num, attr_val,
985 				    len, proxy_info);
986 			} else if (IS_OPER_INFO(attrib_num)) {
987 				rc = add_operation_attribute(attrib_num,
988 				    attr_val, len, nis_config, table_info);
989 			} else {
990 				rc = add_mapping_attribute(attrib_num, attr_val,
991 				    len, table_mapping);
992 			}
993 		}
994 					if (p_error != no_parse_error) {
995 						report_error(attr_val, attr);
996 						error_reported = TRUE;
997 						break;
998 					}
999 				}
1000 				ldap_value_free(vals);
1001 			} else {
1002 				(void) ldap_get_option(ld,
1003 				    LDAP_OPT_ERROR_NUMBER, &errnum);
1004 				if (errnum != LDAP_SUCCESS)
1005 					p_error = parse_ldap_get_values_error;
1006 			}
1007 			ldap_memfree(attr);
1008 			if (p_error != no_parse_error)
1009 				break;
1010 		}
1011 	} else {
1012 		errnum = ldap_result2error(ld, resultMsg, FALSE);
1013 		if (errnum != LDAP_SUCCESS)
1014 			p_error = parse_ldap_search_error;
1015 	}
1016 	if (ber != NULL)
1017 		ber_free(ber, 0);
1018 
1019 	if (!error_reported && p_error != no_parse_error) {
1020 		report_error(ldap_err2string(errnum), 0);
1021 	}
1022 
1023 	if (p_error != no_parse_error)
1024 		rc = -1;
1025 	return (rc);
1026 }
1027 
1028 /*
1029  * FUNCTION:	process_ldap_referral
1030  *
1031  *	Retrieves the configuration for a referral url
1032  *
1033  * RETURN VALUE:	0 on success, -1 on failure, 1 on skip
1034  *
1035  * INPUT:		url		the ldap url
1036  *			__nis_ldap_proxy_info
1037  */
1038 
1039 static int
1040 process_ldap_referral(
1041 	char			*url,
1042 	char			**attrs,
1043 	__nis_ldap_proxy_info	*proxy_info,
1044 	__nis_config_t		*nis_config,
1045 	__nis_table_mapping_t	**table_mapping,
1046 	__nis_config_info_t	*config_info,
1047 	__nisdb_table_mapping_t	*table_info)
1048 {
1049 	LDAPURLDesc	*ludpp		= NULL;
1050 	int		rc;
1051 	LDAP		*ld		= NULL;
1052 	int		errnum;
1053 	LDAPMessage	*resultMsg	= NULL;
1054 
1055 	if ((rc = ldap_url_parse(url, &ludpp)) != LDAP_SUCCESS)
1056 		return (1);
1057 
1058 #ifdef LDAP_URL_OPT_SECURE
1059 	if (ludpp->lud_options & LDAP_URL_OPT_SECURE) {
1060 		if (config_info->tls_method != ssl_tls) {
1061 			ldap_free_urldesc(ludpp);
1062 			return (1);
1063 		}
1064 	} else {
1065 		if (config_info->tls_method != no_tls) {
1066 			ldap_free_urldesc(ludpp);
1067 			return (1);
1068 		}
1069 	}
1070 #endif
1071 
1072 	if ((ld = connect_to_ldap_config_server(ludpp->lud_host,
1073 	    ludpp->lud_port, config_info)) == NULL) {
1074 		ldap_free_urldesc(ludpp);
1075 		return (-1);
1076 	}
1077 
1078 	errnum = ldap_search_s(ld, config_info->config_dn, LDAP_SCOPE_BASE,
1079 	    "objectclass=nisplusLDAPconfig", attrs, 0, &resultMsg);
1080 
1081 	ldap_source = config_info->config_dn;
1082 
1083 	if (errnum != LDAP_SUCCESS) {
1084 		p_error = parse_ldap_search_error;
1085 		report_error(ldap_err2string(errnum), 0);
1086 		rc = -1;
1087 	} else {
1088 		rc = process_ldap_config_result(ld, resultMsg, proxy_info,
1089 		    nis_config, table_mapping, table_info);
1090 	}
1091 
1092 	ldap_source = NULL;
1093 	(void) ldap_unbind(ld);
1094 	if (resultMsg != NULL)
1095 		(void) ldap_msgfree(resultMsg);
1096 
1097 	return (rc);
1098 }
1099 
1100 /*
1101  * FUNCTION:	process_ldap_referral_msg
1102  *
1103  *	Retrieves the configuration from referred servers
1104  *
1105  * RETURN VALUE:	0 on success, -1 on failure
1106  *
1107  * INPUT:		LDAP		the LDAP connection
1108  *			LDAPMessage	the LDAP message
1109  *			__nis_ldap_proxy_info
1110  */
1111 
1112 static int
1113 process_ldap_referral_msg(
1114 	LDAP			*ld,
1115 	LDAPMessage		*resultMsg,
1116 	char			**attrs,
1117 	__nis_ldap_proxy_info	*proxy_info,
1118 	__nis_config_t		*nis_config,
1119 	__nis_table_mapping_t	**table_mapping,
1120 	__nis_config_info_t	*config_info,
1121 	__nisdb_table_mapping_t	*table_info)
1122 {
1123 	int	errCode;
1124 	char	**referralsp	= NULL;
1125 	int	i;
1126 	int	rc;
1127 
1128 	rc = ldap_parse_result(ld, resultMsg, &errCode, NULL, NULL, &referralsp,
1129 	    NULL, 0);
1130 
1131 	if (rc != LDAP_SUCCESS || errCode != LDAP_REFERRAL) {
1132 		p_error = parse_ldap_get_values_error;
1133 		report_error(ldap_err2string(errCode), 0);
1134 		rc = -1;
1135 	} else {
1136 		for (i = 0; referralsp[i] != NULL; i++) {
1137 			rc = process_ldap_referral(referralsp[i], attrs,
1138 			    proxy_info, nis_config, table_mapping,
1139 			    config_info, table_info);
1140 			if (rc <= 0)
1141 				break;
1142 			else
1143 				report_info("Cannot use referral \n",
1144 				    referralsp[i]);
1145 
1146 		}
1147 		if (rc > 0) {
1148 			p_error = parse_no_available_referrals_error;
1149 			report_error(0, 0);
1150 		}
1151 	}
1152 
1153 	if (referralsp)
1154 		ldap_value_free(referralsp);
1155 
1156 	return (rc);
1157 }
1158 
1159 /*
1160  * FUNCTION:	parse_ldap_config_dn_attrs
1161  *
1162  *	Parses the information for LDAP from the LDAP profile
1163  *	- the profile object name, the LDAP server, and the
1164  *	authentication method must be specified.
1165  *
1166  * RETURN VALUE:	0 on success, -1 on failure
1167  *
1168  * INPUT:		__nis_ldap_proxy_info
1169  */
1170 
1171 static int
1172 parse_ldap_config_dn_attrs(
1173 	__nis_ldap_proxy_info	*proxy_info,
1174 	__nis_config_t		*nis_config,
1175 	__nis_table_mapping_t	**table_mapping,
1176 	__nis_config_info_t	*config_info,
1177 	__nisdb_table_mapping_t	*table_info)
1178 {
1179 	int		rc		= 0;
1180 	LDAP		*ld		= NULL;
1181 	int		errnum;
1182 	char		*ldap_config_attributes[n_config_keys];
1183 	LDAPMessage	*resultMsg	= NULL;
1184 
1185 	/* Determine if properly configured for LDAP lookup */
1186 	if (config_info->auth_method == simple &&
1187 	    config_info->proxy_dn == NULL)
1188 		p_error = parse_no_proxy_dn_error;
1189 	else if (config_info->auth_method ==
1190 	    (auth_method_t)NO_VALUE_SET)
1191 		p_error = parse_no_config_auth_error;
1192 	else if ((config_info->default_servers == NULL) ||
1193 	    (config_info->default_servers[0] == '\0'))
1194 		p_error = parse_no_config_server_addr;
1195 	if (p_error != no_parse_error) {
1196 		report_error(NULL, NULL);
1197 		return (-1);
1198 	}
1199 
1200 	if (config_info->tls_method == (tls_method_t)NO_VALUE_SET)
1201 		config_info->tls_method = no_tls;
1202 	else if (config_info->tls_method == ssl_tls &&
1203 	    (config_info->tls_cert_db == NULL ||
1204 	    *config_info->tls_cert_db == '\0')) {
1205 		p_error = parse_no_config_cert_db;
1206 		report_error(NULL, NULL);
1207 		return (-1);
1208 	}
1209 
1210 	if (verbose)
1211 		report_info(
1212 		    "Getting configuration from LDAP server(s): ",
1213 		    config_info->default_servers);
1214 
1215 	/* Determine which attributes should be retrieved */
1216 	get_attribute_list(proxy_info, nis_config, NULL, table_info,
1217 	    ldap_config_attributes);
1218 
1219 	if ((ld = connect_to_ldap_config_server(config_info->default_servers, 0,
1220 	    config_info)) == NULL)
1221 		return (-1);
1222 
1223 	/* Get the attribute values */
1224 	errnum = ldap_search_s(ld, config_info->config_dn, LDAP_SCOPE_BASE,
1225 	    "objectclass=nisplusLDAPconfig",
1226 	    ldap_config_attributes, 0, &resultMsg);
1227 	ldap_source = config_info->config_dn;
1228 
1229 	if (errnum == LDAP_REFERRAL) {
1230 		rc = process_ldap_referral_msg(ld, resultMsg,
1231 		    ldap_config_attributes, proxy_info, nis_config,
1232 		    table_mapping, config_info, table_info);
1233 	} else if (errnum != LDAP_SUCCESS) {
1234 		p_error = parse_ldap_search_error;
1235 		report_error(ldap_err2string(errnum), 0);
1236 		rc = -1;
1237 	} else {
1238 		rc = process_ldap_config_result(ld, resultMsg, proxy_info,
1239 		    nis_config, table_mapping, table_info);
1240 	}
1241 
1242 	ldap_source = NULL;
1243 	(void) ldap_unbind(ld);
1244 	if (resultMsg != NULL)
1245 		(void) ldap_msgfree(resultMsg);
1246 
1247 	return (rc);
1248 }
1249 
1250 bool_t
1251 is_cmd_line_option(config_key a_num)
1252 {
1253 	const char *const	*cmdline_options = cmdline_config;
1254 	config_key		attrib_num;
1255 	const char		*begin_s;
1256 	const char		*end_s;
1257 
1258 	if (cmdline_options == NULL)
1259 		return (FALSE);
1260 
1261 	while (*cmdline_options != NULL) {
1262 		attrib_num = get_attrib_num_cmdline(
1263 		    *cmdline_options, &begin_s, &end_s);
1264 		if (attrib_num == a_num)
1265 			break;
1266 		cmdline_options++;
1267 	}
1268 	return (*cmdline_options != NULL);
1269 }
1270 
1271 /*
1272  * FUNCTION:	get_attribute_list
1273  *
1274  *	Get a list of attributes from the LDAP server that have not yet
1275  *	been gotten. If config_info is NULL, the associated parameters
1276  *	are not needed.
1277  *
1278  * RETURN VALUE:	none
1279  *
1280  * INPUT:		Returns a list of parameters in attributes
1281  *			which is assumed to be of sufficient size.
1282  */
1283 
1284 static void
1285 get_attribute_list(
1286 	const __nis_ldap_proxy_info	*proxy_info,
1287 	const __nis_config_t		*nis_config,
1288 	const __nis_config_info_t	*config_info,
1289 	const __nisdb_table_mapping_t	*table_info,
1290 	char				**attributes)
1291 {
1292 	int		n_attrs;
1293 
1294 	/* Determine which attributes should be retrieved */
1295 	n_attrs = 0;
1296 
1297 	if (config_info != NULL) {
1298 		if (yp2ldap) {
1299 			if (config_info->config_dn == NULL)
1300 				attributes[n_attrs++] = YP_CONFIG_DN;
1301 			if (config_info->default_servers == NULL)
1302 				attributes[n_attrs++] = YP_CONFIG_SERVER_LIST;
1303 			if (config_info->auth_method ==
1304 			    (auth_method_t)NO_VALUE_SET)
1305 				attributes[n_attrs++] = YP_CONFIG_AUTH_METHOD;
1306 			if (config_info->tls_method ==
1307 			    (tls_method_t)NO_VALUE_SET)
1308 				attributes[n_attrs++] = YP_CONFIG_TLS_OPTION;
1309 			if (config_info->proxy_dn == NULL)
1310 				attributes[n_attrs++] = YP_CONFIG_PROXY_USER;
1311 			if (config_info->proxy_passwd == NULL)
1312 				attributes[n_attrs++] = YP_CONFIG_PROXY_PASSWD;
1313 			if (config_info->tls_cert_db == NULL)
1314 				attributes[n_attrs++] = YP_CONFIG_TLS_CERT_DB;
1315 		} else {
1316 			if (config_info->config_dn == NULL)
1317 				attributes[n_attrs++] = CONFIG_DN;
1318 			if (config_info->default_servers == NULL)
1319 				attributes[n_attrs++] = CONFIG_SERVER_LIST;
1320 			if (config_info->auth_method ==
1321 			    (auth_method_t)NO_VALUE_SET)
1322 				attributes[n_attrs++] = CONFIG_AUTH_METHOD;
1323 			if (config_info->tls_method ==
1324 			    (tls_method_t)NO_VALUE_SET)
1325 				attributes[n_attrs++] = CONFIG_TLS_OPTION;
1326 			if (config_info->proxy_dn == NULL)
1327 				attributes[n_attrs++] = CONFIG_PROXY_USER;
1328 			if (config_info->proxy_passwd == NULL)
1329 				attributes[n_attrs++] = CONFIG_PROXY_PASSWD;
1330 			if (config_info->tls_cert_db == NULL)
1331 				attributes[n_attrs++] = CONFIG_TLS_CERT_DB;
1332 		}
1333 	} else {
1334 		if (yp2ldap) {
1335 			attributes[n_attrs++] = YP_DOMAIN_CONTEXT;
1336 			attributes[n_attrs++] = YPPASSWDD_DOMAINS;
1337 			attributes[n_attrs++] = YP_DB_ID_MAP;
1338 			attributes[n_attrs++] = YP_COMMENT_CHAR;
1339 			attributes[n_attrs++] = YP_MAP_FLAGS;
1340 			attributes[n_attrs++] = YP_ENTRY_TTL;
1341 			attributes[n_attrs++] = YP_NAME_FIELDS;
1342 			attributes[n_attrs++] = YP_SPLIT_FIELD;
1343 			attributes[n_attrs++] = YP_REPEATED_FIELD_SEPARATORS;
1344 			attributes[n_attrs++] = YP_LDAP_OBJECT_DN;
1345 			attributes[n_attrs++] = NIS_TO_LDAP_MAP;
1346 			attributes[n_attrs++] = LDAP_TO_NIS_MAP;
1347 		} else {
1348 			attributes[n_attrs++] = DB_ID_MAP;
1349 			attributes[n_attrs++] = ENTRY_TTL;
1350 			attributes[n_attrs++] = LDAP_OBJECT_DN;
1351 			attributes[n_attrs++] = NISPLUS_TO_LDAP_MAP;
1352 			attributes[n_attrs++] = LDAP_TO_NISPLUS_MAP;
1353 		}
1354 	}
1355 
1356 	if (yp2ldap) {
1357 		if (proxy_info->default_servers == NULL)
1358 			attributes[n_attrs++] = PREFERRED_SERVERS;
1359 		if (proxy_info->auth_method == (auth_method_t)NO_VALUE_SET)
1360 			attributes[n_attrs++] = AUTH_METHOD;
1361 		if (proxy_info->tls_method == (tls_method_t)NO_VALUE_SET)
1362 			attributes[n_attrs++] = YP_TLS_OPTION;
1363 		if (proxy_info->tls_cert_db == NULL)
1364 			attributes[n_attrs++] = YP_TLS_CERT_DB;
1365 		if (proxy_info->default_search_base == NULL)
1366 			attributes[n_attrs++] = SEARCH_BASE;
1367 		if (proxy_info->proxy_dn == NULL)
1368 			attributes[n_attrs++] = YP_PROXY_USER;
1369 		if (proxy_info->proxy_passwd == NULL)
1370 			attributes[n_attrs++] = YP_PROXY_PASSWD;
1371 		if (proxy_info->default_nis_domain == NULL)
1372 			attributes[n_attrs++] = YP_LDAP_BASE_DOMAIN;
1373 		if (proxy_info->bind_timeout.tv_sec ==
1374 		    (time_t)NO_VALUE_SET)
1375 			attributes[n_attrs++] = YP_BIND_TIMEOUT;
1376 		if (proxy_info->search_timeout.tv_sec ==
1377 		    (time_t)NO_VALUE_SET)
1378 			attributes[n_attrs++] = YP_SEARCH_TIMEOUT;
1379 		if (proxy_info->modify_timeout.tv_sec ==
1380 		    (time_t)NO_VALUE_SET)
1381 			attributes[n_attrs++] = YP_MODIFY_TIMEOUT;
1382 		if (proxy_info->add_timeout.tv_sec == (time_t)NO_VALUE_SET)
1383 			attributes[n_attrs++] = YP_ADD_TIMEOUT;
1384 		if (proxy_info->delete_timeout.tv_sec ==
1385 		    (time_t)NO_VALUE_SET)
1386 			attributes[n_attrs++] = YP_DELETE_TIMEOUT;
1387 		if (proxy_info->search_time_limit == (int)NO_VALUE_SET)
1388 			attributes[n_attrs++] = YP_SEARCH_TIME_LIMIT;
1389 		if (proxy_info->search_size_limit == (int)NO_VALUE_SET)
1390 			attributes[n_attrs++] = YP_SEARCH_SIZE_LIMIT;
1391 		if (proxy_info->follow_referral ==
1392 		    (follow_referral_t)NO_VALUE_SET)
1393 			attributes[n_attrs++] = YP_FOLLOW_REFERRAL;
1394 
1395 		if (table_info->retrieveError ==
1396 		    (__nis_retrieve_error_t)NO_VALUE_SET)
1397 			attributes[n_attrs++] = YP_RETRIEVE_ERROR_ACTION;
1398 		if (table_info->retrieveErrorRetry.attempts == NO_VALUE_SET)
1399 			attributes[n_attrs++] = YP_RETREIVE_ERROR_ATTEMPTS;
1400 		if (table_info->retrieveErrorRetry.timeout ==
1401 		    (time_t)NO_VALUE_SET)
1402 			attributes[n_attrs++] = YP_RETREIVE_ERROR_TIMEOUT;
1403 		if (table_info->storeError ==
1404 		    (__nis_store_error_t)NO_VALUE_SET)
1405 			attributes[n_attrs++] = YP_STORE_ERROR_ACTION;
1406 		if (table_info->storeErrorRetry.attempts == NO_VALUE_SET)
1407 			attributes[n_attrs++] = YP_STORE_ERROR_ATTEMPTS;
1408 		if (table_info->storeErrorRetry.timeout ==
1409 		    (time_t)NO_VALUE_SET)
1410 			attributes[n_attrs++] = YP_STORE_ERROR_TIMEOUT;
1411 		if (table_info->refreshError ==
1412 		    (__nis_refresh_error_t)NO_VALUE_SET)
1413 			attributes[n_attrs++] = REFRESH_ERROR_ACTION;
1414 		if (table_info->refreshErrorRetry.attempts == NO_VALUE_SET)
1415 			attributes[n_attrs++] = REFRESH_ERROR_ATTEMPTS;
1416 		if (table_info->refreshErrorRetry.timeout ==
1417 		    (time_t)NO_VALUE_SET)
1418 			attributes[n_attrs++] = REFRESH_ERROR_TIMEOUT;
1419 		if (table_info->matchFetch ==
1420 		    (__nis_match_fetch_t)NO_VALUE_SET)
1421 			attributes[n_attrs++] = YP_MATCH_FETCH;
1422 	} else {
1423 		if (proxy_info->default_servers == NULL)
1424 			attributes[n_attrs++] = PREFERRED_SERVERS;
1425 		if (proxy_info->auth_method == (auth_method_t)NO_VALUE_SET)
1426 			attributes[n_attrs++] = AUTH_METHOD;
1427 		if (proxy_info->tls_method == (tls_method_t)NO_VALUE_SET)
1428 			attributes[n_attrs++] = TLS_OPTION;
1429 		if (proxy_info->tls_cert_db == NULL)
1430 			attributes[n_attrs++] = TLS_CERT_DB;
1431 		if (proxy_info->default_search_base == NULL)
1432 			attributes[n_attrs++] = SEARCH_BASE;
1433 		if (proxy_info->proxy_dn == NULL)
1434 			attributes[n_attrs++] = PROXY_USER;
1435 		if (proxy_info->proxy_passwd == NULL)
1436 			attributes[n_attrs++] = PROXY_PASSWD;
1437 		if (proxy_info->default_nis_domain == NULL)
1438 			attributes[n_attrs++] = LDAP_BASE_DOMAIN;
1439 		if (proxy_info->bind_timeout.tv_sec ==
1440 		    (time_t)NO_VALUE_SET)
1441 			attributes[n_attrs++] = BIND_TIMEOUT;
1442 		if (proxy_info->search_timeout.tv_sec ==
1443 		    (time_t)NO_VALUE_SET)
1444 			attributes[n_attrs++] = SEARCH_TIMEOUT;
1445 		if (proxy_info->modify_timeout.tv_sec ==
1446 		    (time_t)NO_VALUE_SET)
1447 			attributes[n_attrs++] = MODIFY_TIMEOUT;
1448 		if (proxy_info->add_timeout.tv_sec == (time_t)NO_VALUE_SET)
1449 			attributes[n_attrs++] = ADD_TIMEOUT;
1450 		if (proxy_info->delete_timeout.tv_sec ==
1451 		    (time_t)NO_VALUE_SET)
1452 			attributes[n_attrs++] = DELETE_TIMEOUT;
1453 		if (proxy_info->search_time_limit == (int)NO_VALUE_SET)
1454 			attributes[n_attrs++] = SEARCH_TIME_LIMIT;
1455 		if (proxy_info->search_size_limit == (int)NO_VALUE_SET)
1456 			attributes[n_attrs++] = SEARCH_SIZE_LIMIT;
1457 		if (proxy_info->follow_referral ==
1458 		    (follow_referral_t)NO_VALUE_SET)
1459 			attributes[n_attrs++] = FOLLOW_REFERRAL;
1460 
1461 		if (table_info->retrieveError ==
1462 		    (__nis_retrieve_error_t)NO_VALUE_SET)
1463 			attributes[n_attrs++] = RETRIEVE_ERROR_ACTION;
1464 		if (table_info->retrieveErrorRetry.attempts == NO_VALUE_SET)
1465 			attributes[n_attrs++] = RETREIVE_ERROR_ATTEMPTS;
1466 		if (table_info->retrieveErrorRetry.timeout ==
1467 		    (time_t)NO_VALUE_SET)
1468 			attributes[n_attrs++] = RETREIVE_ERROR_TIMEOUT;
1469 		if (table_info->storeError ==
1470 		    (__nis_store_error_t)NO_VALUE_SET)
1471 			attributes[n_attrs++] = STORE_ERROR_ACTION;
1472 		if (table_info->storeErrorRetry.attempts == NO_VALUE_SET)
1473 			attributes[n_attrs++] = STORE_ERROR_ATTEMPTS;
1474 		if (table_info->storeErrorRetry.timeout ==
1475 		    (time_t)NO_VALUE_SET)
1476 			attributes[n_attrs++] = STORE_ERROR_TIMEOUT;
1477 		if (table_info->refreshError ==
1478 		    (__nis_refresh_error_t)NO_VALUE_SET)
1479 			attributes[n_attrs++] = REFRESH_ERROR_ACTION;
1480 		if (table_info->refreshErrorRetry.attempts == NO_VALUE_SET)
1481 			attributes[n_attrs++] = REFRESH_ERROR_ATTEMPTS;
1482 		if (table_info->refreshErrorRetry.timeout ==
1483 		    (time_t)NO_VALUE_SET)
1484 			attributes[n_attrs++] = REFRESH_ERROR_TIMEOUT;
1485 		if (table_info->matchFetch ==
1486 		    (__nis_match_fetch_t)NO_VALUE_SET)
1487 			attributes[n_attrs++] = MATCH_FETCH;
1488 	}
1489 
1490 	switch (nis_config->initialUpdate) {
1491 	case (__nis_initial_update_t)NO_VALUE_SET:
1492 		attributes[n_attrs++] = INITIAL_UPDATE_ACTION;
1493 		attributes[n_attrs++] = INITIAL_UPDATE_ONLY;
1494 		break;
1495 	case (__nis_initial_update_t)INITIAL_UPDATE_NO_ACTION:
1496 	case (__nis_initial_update_t)NO_INITIAL_UPDATE_NO_ACTION:
1497 		attributes[n_attrs++] = INITIAL_UPDATE_ACTION;
1498 		break;
1499 	case (__nis_initial_update_t)FROM_NO_INITIAL_UPDATE:
1500 	case (__nis_initial_update_t)TO_NO_INITIAL_UPDATE:
1501 		attributes[n_attrs++] = INITIAL_UPDATE_ONLY;
1502 		break;
1503 	}
1504 
1505 	if (nis_config->threadCreationError ==
1506 	    (__nis_thread_creation_error_t)NO_VALUE_SET)
1507 		attributes[n_attrs++] = THREAD_CREATE_ERROR_ACTION;
1508 	if (nis_config->threadCreationErrorTimeout.attempts == NO_VALUE_SET)
1509 		attributes[n_attrs++] = THREAD_CREATE_ERROR_ATTEMPTS;
1510 	if (nis_config->threadCreationErrorTimeout.timeout ==
1511 	    (time_t)NO_VALUE_SET)
1512 		attributes[n_attrs++] = THREAD_CREATE_ERROR_TIMEOUT;
1513 	if (nis_config->dumpError == (__nis_dump_error_t)NO_VALUE_SET)
1514 		attributes[n_attrs++] = DUMP_ERROR_ACTION;
1515 	if (nis_config->dumpErrorTimeout.attempts == NO_VALUE_SET)
1516 		attributes[n_attrs++] = DUMP_ERROR_ATTEMPTS;
1517 	if (nis_config->dumpErrorTimeout.timeout == (time_t)NO_VALUE_SET)
1518 		attributes[n_attrs++] = DUMP_ERROR_TIMEOUT;
1519 	if (nis_config->resyncService == (__nis_resync_service_t)NO_VALUE_SET)
1520 		attributes[n_attrs++] = RESYNC;
1521 	if (nis_config->updateBatching ==
1522 	    (__nis_update_batching_t)NO_VALUE_SET)
1523 		attributes[n_attrs++] = UPDATE_BATCHING;
1524 	if (nis_config->updateBatchingTimeout.timeout == (time_t)NO_VALUE_SET)
1525 		attributes[n_attrs++] = UPDATE_BATCHING_TIMEOUT;
1526 	if (nis_config->numberOfServiceThreads == (int)NO_VALUE_SET)
1527 		attributes[n_attrs++] = NUMBER_THEADS;
1528 	if (nis_config->emulate_yp == (int)NO_VALUE_SET)
1529 		attributes[n_attrs++] = YP_EMULATION;
1530 
1531 	/* maxRPCRecordSize is not configurable through LDAP profiles */
1532 	if (nis_config->maxRPCRecordSize == (int)NO_VALUE_SET)
1533 		attributes[n_attrs++] = MAX_RPC_RECSIZE;
1534 
1535 	attributes[n_attrs++] = NULL;
1536 }
1537 
1538 /*
1539  *	Notes on adding new attributes
1540  *	1. Determine where the attribute value will be saved
1541  *	    Currently, the following structures are defined:
1542  *		__nis_config_info_t	config_info
1543  *		__nis_ldap_proxy_info	proxyInfo
1544  *		__nis_config_t		ldapConfig
1545  *		__nisdb_table_mapping_t	ldapDBTableMapping
1546  *		__nis_table_mapping_t	ldapTableMapping
1547  *	    or add a new structure or variable - this will require
1548  *	    more code.
1549  *	2. Initialize the value to a known unconfigured value.
1550  *	    This can be done in initialize_parse_structs or
1551  *	    parse_ldap_migration.
1552  *	3. In the header file nis_parse_ldap_conf.h, add the name
1553  *	    of the attribute. (Currently, the attribute name is assumed
1554  *	    to be the same for the command line, the preference file,
1555  *	    and LDAP.) The names are grouped logically. Add a corresponding
1556  *	    config_key to the enum. Note that position in this file is
1557  *	    essential because the macros such as IS_BIND_INFO depend on
1558  *	    the sequence. The corresponding macro (IS_CONFIG_KEYWORD,
1559  *	    IS_BIND_INFO, or IS_OPER_INFO) may need to be adjusted. These
1560  *	    are used to partition the attributes into smaller chunks.
1561  *	4. Add the correspond entry to the keyword_lookup array in
1562  *	    nis_parse_ldap_attr.c, which is used to determine the config_key
1563  *	    from the corresponding key word.
1564  *	5. Add the attribute to the list of attributes to retrieve from
1565  *	    the LDAP server if no value has been set in the function
1566  *	    parse_ldap_config_dn_attrs. (This assumes that the attribute
1567  *	    is not used to get the configuration from the LDAP server.)
1568  *	6. Add logic to parse the individual attribute in
1569  *	    add_config_attribute, add_bind_attribute,
1570  *	    add_operation_attribute, or add_mapping_attribute depending
1571  *	    which group of attributes the added attribute belongs to.
1572  *	7. In set_default_values, if the attribute value has not been set, set
1573  *	    the default value. If any additional fixup is needed depending
1574  *	    on other configuration values, it should be done here.
1575  *	8. If an attribute name is a subset of another, parse_ldap_default_conf
1576  *          should be modified.
1577  */
1578