xref: /titanic_41/usr/src/cmd/ldap/ns_ldap/ldapaddent.c (revision 4f4499478f0aa55fc93bcd8030ba3d128663ae70)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright (c) 2001, 2010, Oracle and/or its affiliates. All rights reserved.
23  * Copyright 2012 Milan Jurik. All rights reserved.
24  */
25 
26 /*
27  * ldapaddent.c
28  *
29  * Utility to add /etc files into LDAP.
30  * Can also be used to dump entries from a ldap container in /etc format.
31  */
32 
33 #include <stdio.h>
34 #include <stdlib.h>
35 #include <libintl.h>
36 #include <strings.h>
37 #include <sys/param.h>
38 #include <ctype.h>
39 #include <sys/types.h>
40 #include <sys/socket.h>
41 #include <netinet/in.h>
42 #include <arpa/inet.h>
43 #include <locale.h>
44 #include <syslog.h>
45 
46 #undef opaque
47 
48 #include <nss_dbdefs.h>
49 #include <netdb.h>
50 #include <rpc/rpcent.h>
51 #include <grp.h>
52 #include <pwd.h>
53 #include <project.h>
54 #include <shadow.h>
55 #include <sys/systeminfo.h>
56 #include "ns_internal.h"
57 #include "ldapaddent.h"
58 #include "standalone.h"
59 
60 #define	OP_ADD	0
61 #define	OP_DUMP	3
62 
63 static struct ttypelist_t {
64 	char *ttype;		/* type tag */
65 	int (*genent)(char *, int(*)());
66 				/* routine to turn line into ldap entries */
67 	void (*dump)(ns_ldap_result_t *);
68 				/* routine to print ldap containers */
69 	int (*filedbmline)();	/* routine to turn file line into dbm line */
70 	char *objclass;		/* Objectclass for the servicetype */
71 	char *sortattr;		/* Sort attr for enumeration */
72 } *tt;
73 
74 char	parse_err_msg [PARSE_ERR_MSG_LEN];
75 int	continue_onerror = 0;  /* do not exit on error */
76 
77 static int get_basedn(char *service, char **basedn);
78 static int check_ipaddr(char *addr, char **newaddr);
79 static int check_projname(char *addr);
80 
81 extern	int	optind;
82 extern	char	*optarg;
83 
84 extern	char	*__nis_quote_key(const char *, char *, int);
85 
86 static char	*inputbasedn = NULL;
87 static char	*databasetype = NULL;
88 static int	exit_val = 0;
89 static unsigned	nent_add = 0;
90 static FILE	*etcf = 0;
91 static ns_cred_t	authority;
92 unsigned	flags = 0;
93 
94 static void
95 perr(ns_ldap_error_t *e)
96 {
97 	if (e)
98 		(void) fprintf(stderr, "%d: %s\n",
99 		    e->status, e->message);
100 }
101 
102 
103 static int
104 ascii_to_int(char *str)
105 {
106 	int i;
107 	char *c = str;
108 
109 	if (c == NULL || *c == '\0')
110 		return (-1);
111 
112 	while (c != '\0' && *c == ' ')
113 		c++;
114 	if (*c == '\0')
115 		return (-1);
116 
117 	for (i = 0; i < strlen(c); i++)
118 		if (!isdigit(c[i]))
119 			return (-1);
120 
121 	return (atoi(c));
122 }
123 
124 /*
125  * Internet network address interpretation routine.
126  * The library routines call this routine to interpret
127  * network numbers.
128  */
129 static in_addr_t
130 encode_network(const char *cp)
131 {
132 	in_addr_t val;
133 	int base;
134 	ptrdiff_t n;
135 	char c;
136 	in_addr_t parts[4], *pp = parts;
137 	int i;
138 
139 again:
140 	val = 0; base = 10;
141 	if (*cp == '0') {
142 		if (*++cp == 'x' || *cp == 'X')
143 			base = 16, cp++;
144 		else
145 			base = 8;
146 	}
147 	while ((c = *cp) != NULL) {
148 		if (isdigit(c)) {
149 			if ((c - '0') >= base)
150 				break;
151 			val = (val * base) + (c - '0');
152 			cp++;
153 			continue;
154 		}
155 		if (base == 16 && isxdigit(c)) {
156 			val = (val << 4) + (c + 10 - (islower(c) ? 'a' : 'A'));
157 			cp++;
158 			continue;
159 		}
160 		break;
161 	}
162 	if (*cp == '.') {
163 		if (pp >= parts + 4)
164 			return ((in_addr_t)-1);
165 		*pp++ = val, cp++;
166 		goto again;
167 	}
168 	if (*cp && !isspace(*cp))
169 		return ((in_addr_t)-1);
170 	*pp++ = val;
171 	n = pp - parts;
172 	if (n > 4)
173 		return ((in_addr_t)-1);
174 	for (val = 0, i = 0; i < n; i++) {
175 		val <<= 8;
176 		val |= parts[i] & 0xff;
177 	}
178 	for (/* no init */; i < 4; i++)
179 		val <<= 8;
180 	return (val);
181 }
182 
183 static void
184 replace_tab2space(char *str)
185 {
186 	int i = 0;
187 
188 	while ((str) && (str[i])) {
189 		if (str[i] == '\t')
190 			str[i] = ' ';
191 		i++;
192 	}
193 }
194 
195 static int
196 blankline(char *line)
197 {
198 	char *p;
199 
200 	for (p = line; *p; p++)
201 		if (*p != ' ' && *p != '\t')
202 			return (0);
203 	return (1);
204 }
205 
206 /*
207  * check whether the token <tok> is a triplet,
208  * i. e. <tok> := (<hostname>,<username>,<domainname>)
209  * where <hostname>, <username>, <domainname> are IA5String
210  * <tok> supposes to contain NO spaces and start with '('
211  */
212 static int
213 is_triplet(char *tok)
214 {
215 	char *s;
216 	return (strchr(++tok, '(') == NULL &&		/* no more '(' */
217 	    (s = strchr(tok, ')')) != NULL &&		/* find ')' */
218 	    !*++s &&					/* ')' ends token */
219 	    (tok = strchr(tok, ',')) != NULL &&		/* host up to ',' */
220 	    (tok = strchr(++tok, ',')) != NULL &&	/* user up to ',' */
221 	    strchr(++tok, ',') == NULL);		/* no more ',' */
222 }
223 
224 static void
225 line_buf_expand(struct line_buf *line)
226 {
227 	line->alloc += BUFSIZ;
228 	line->str = (char *)realloc(line->str, line->alloc);
229 
230 	if (line->str == NULL) {
231 		(void) fprintf(stderr,
232 		    gettext("line_buf_expand: out of memory\n"));
233 		exit(1);
234 	}
235 }
236 
237 static void
238 line_buf_init(struct line_buf *line)
239 {
240 	(void) memset((char *)line, 0, sizeof (*line));
241 	line_buf_expand(line);
242 }
243 
244 static int
245 __s_add_attr(ns_ldap_entry_t *e, char *attrname, char *value)
246 {
247 	ns_ldap_attr_t	*a;
248 	char		*v;
249 
250 	a = (ns_ldap_attr_t *)calloc(1, sizeof (ns_ldap_attr_t));
251 	if (a == NULL)
252 		return (NS_LDAP_MEMORY);
253 	a->attrname = strdup(attrname);
254 	if (a->attrname == NULL) {
255 		free(a);
256 		return (NS_LDAP_MEMORY);
257 	}
258 	a->attrvalue = (char **)calloc(1, sizeof (char **));
259 	if (a->attrvalue == NULL) {
260 		free(a->attrname);
261 		free(a);
262 		return (NS_LDAP_MEMORY);
263 	}
264 	a->value_count = 1;
265 	a->attrvalue[0] = NULL;
266 	v = strdup(value);
267 	if (v == NULL) {
268 		free(a->attrname);
269 		free(a->attrvalue);
270 		free(a);
271 		return (NS_LDAP_MEMORY);
272 	}
273 	a->attrvalue[0] = v;
274 	e->attr_pair[e->attr_count] = a;
275 	e->attr_count++;
276 	return (NS_LDAP_SUCCESS);
277 }
278 
279 static int
280 __s_add_attrlist(ns_ldap_entry_t *e, char *attrname, char **argv)
281 {
282 	ns_ldap_attr_t	*a;
283 	char		*v;
284 	char		**av;
285 	int		i, j;
286 
287 	a = (ns_ldap_attr_t *)calloc(1, sizeof (ns_ldap_attr_t));
288 	if (a == NULL)
289 		return (NS_LDAP_MEMORY);
290 	a->attrname = strdup(attrname);
291 	if (a->attrname == NULL) {
292 		free(a);
293 		return (NS_LDAP_MEMORY);
294 	}
295 
296 	for (i = 0, av = argv; *av != NULL; av++, i++)
297 		;
298 
299 	a->attrvalue = (char **)calloc(i, sizeof (char **));
300 
301 	if (a->attrvalue == NULL) {
302 		free(a->attrname);
303 		free(a);
304 		return (NS_LDAP_MEMORY);
305 	}
306 	a->value_count = i;
307 	for (j = 0; j < i; j++) {
308 		v = strdup(argv[j]);
309 		if (v == NULL) {
310 			free(a->attrname);
311 			free(a->attrvalue);
312 			free(a);
313 			return (NS_LDAP_MEMORY);
314 		}
315 		a->attrvalue[j] = v;
316 	}
317 	e->attr_pair[e->attr_count] = a;
318 	e->attr_count++;
319 	return (NS_LDAP_SUCCESS);
320 }
321 
322 static ns_ldap_entry_t *
323 __s_mk_entry(char **objclass, int max_attr)
324 {
325 	ns_ldap_entry_t *e;
326 	e = (ns_ldap_entry_t *)calloc(1, sizeof (ns_ldap_entry_t));
327 	if (e == NULL)
328 		return (NULL);
329 	e->attr_pair = (ns_ldap_attr_t **)calloc(max_attr+1,
330 	    sizeof (ns_ldap_attr_t *));
331 	if (e->attr_pair == NULL) {
332 		free(e);
333 		return (NULL);
334 	}
335 	e->attr_count = 0;
336 	if (__s_add_attrlist(e, "objectClass", objclass) != NS_LDAP_SUCCESS) {
337 		free(e->attr_pair);
338 		free(e);
339 		return (NULL);
340 	}
341 	return (e);
342 }
343 
344 static void
345 ldap_freeEntry(ns_ldap_entry_t *ep)
346 {
347 	int		j, k = 0;
348 
349 	if (ep == NULL)
350 		return;
351 
352 	if (ep->attr_pair == NULL) {
353 		free(ep);
354 		return;
355 	}
356 	for (j = 0; j < ep->attr_count; j++) {
357 		if (ep->attr_pair[j] == NULL)
358 			continue;
359 		if (ep->attr_pair[j]->attrname)
360 			free(ep->attr_pair[j]->attrname);
361 		if (ep->attr_pair[j]->attrvalue) {
362 			for (k = 0; (k < ep->attr_pair[j]->value_count) &&
363 			    (ep->attr_pair[j]->attrvalue[k]); k++) {
364 				free(ep->attr_pair[j]->attrvalue[k]);
365 			}
366 			free(ep->attr_pair[j]->attrvalue);
367 		}
368 		free(ep->attr_pair[j]);
369 	}
370 	free(ep->attr_pair);
371 	free(ep);
372 }
373 
374 static int
375 addentry(void *entry, int mod)
376 {
377 	int		 result = 0;
378 	ns_ldap_error_t	 *eres = NULL;
379 	int		rc = 1;
380 
381 
382 	/*  adds entry into the LDAP tree */
383 	if (mod)
384 		result = __ns_ldap_addTypedEntry(databasetype, inputbasedn,
385 		    entry, 0, &authority, NS_LDAP_FOLLOWREF | NS_LDAP_KEEP_CONN,
386 		    &eres);
387 	else
388 		result = __ns_ldap_addTypedEntry(databasetype, inputbasedn,
389 		    entry, 1, &authority, NS_LDAP_FOLLOWREF | NS_LDAP_KEEP_CONN,
390 		    &eres);
391 	/*
392 	 *  Return	0 on success
393 	 *		LDAP_ALREADY_EXISTS if entry exists already
394 	 *		1 for all other non-fatal errors.
395 	 *  Exit on fatal errors.
396 	 */
397 	switch (result) {
398 	case NS_LDAP_SUCCESS:
399 		nent_add++;
400 		rc = 0;
401 		break;
402 
403 	case NS_LDAP_OP_FAILED:
404 		(void) fprintf(stderr, gettext("operation failed.\n"));
405 		rc = 1;
406 		break;
407 
408 	case NS_LDAP_INVALID_PARAM:
409 		(void) fprintf(stderr,
410 		    gettext("invalid parameter(s) passed.\n"));
411 		rc = 1;
412 		break;
413 
414 	case NS_LDAP_NOTFOUND:
415 		(void) fprintf(stderr, gettext("entry not found.\n"));
416 		rc = 1;
417 		break;
418 
419 	case NS_LDAP_MEMORY:
420 		(void) fprintf(stderr,
421 		    gettext("internal memory allocation error.\n"));
422 		exit(1);
423 		break;
424 
425 	case NS_LDAP_CONFIG:
426 		(void) fprintf(stderr,
427 		    gettext("LDAP Configuration problem.\n"));
428 		perr(eres);
429 		exit(1);
430 		break;
431 
432 	case NS_LDAP_PARTIAL:
433 		(void) fprintf(stderr,
434 		    gettext("partial result returned\n"));
435 		perr(eres);
436 		rc = 1;
437 		break;
438 
439 	case NS_LDAP_INTERNAL:
440 		if (eres->status == LDAP_ALREADY_EXISTS ||
441 		    eres->status == LDAP_NO_SUCH_OBJECT)
442 			rc = eres->status;
443 		else if (eres->status == LDAP_INSUFFICIENT_ACCESS) {
444 			(void) fprintf(stderr,
445 			    gettext("The user does not have permission"
446 			    " to add/modify entries\n"));
447 			perr(eres);
448 			exit(1);
449 		} else {
450 			rc = 1;
451 			perr(eres);
452 		}
453 		break;
454 	}
455 
456 	if (eres)
457 		(void) __ns_ldap_freeError(&eres);
458 	return (rc);
459 }
460 
461 /*
462  * usage(char *msg)
463  * Display usage message to STDERR.
464  */
465 static void
466 usage(char *msg) {
467 
468 	if (msg)
469 		(void) fprintf(stderr, "%s\n", msg);
470 
471 	(void) fprintf(stderr, gettext(
472 	"usage: ldapaddent [-cpv] [-a authenticationMethod] [-b baseDN]\n"
473 	"-D bindDN [-w bindPassword] [-j passwdFile] [-f filename]\n"
474 	"database\n"
475 	"\n"
476 	"usage: ldapaddent  [-cpv] -asasl/GSSAPI [-b baseDN] [-f filename]\n"
477 	"database\n"
478 	"\n"
479 	"usage: ldapaddent  -d [-v] [-a authenticationMethod] [-D bindDN]\n"
480 	"[-w bindPassword] [-j passwdFile] database\n"
481 	"\n"
482 	"usage: ldapaddent [-cpv] -h LDAP_server[:serverPort] [-M domainName]\n"
483 	"[-N  profileName]  [-P certifPath]  [-a authenticationMethod]\n"
484 	"[-b baseDN] -D bindDN [-w bindPassword] [-f filename]\n"
485 	"[-j passwdFile] database\n"
486 	"\n"
487 	"usage: ldapaddent [-cpv] -h LDAP_server[:serverPort] [-M domainName]\n"
488 	"[-N  profileName]  [-P certifPath] -asasl/GSSAPI  [-b baseDN]\n"
489 	"[-f filename] database\n"
490 	"\n"
491 	"usage: ldapaddent -d [-v] -h LDAP_server[:serverPort]"
492 	" [-M domainName]\n"
493 	"[-N profileName]  [-P certifPath]  [-a authenticationMethod]\n"
494 	"[-b baseDN] -D bindDN [-w bindPassword] [-j passwdFile]\n"
495 	"database\n"));
496 	exit(1);
497 }
498 
499 /*
500  * Determine if the given string is an IP address (IPv4 or IPv6).
501  * If so, it's converted to the preferred form (rfc2373) and
502  * *newaddr will point to the new address.
503  *
504  * Returns	-2		: inet_ntop error
505  *		-1		: not an IP address
506  *		0		: unsupported IP address (future use)
507  *		AF_INET		: IPv4
508  *		AF_INET6	: IPv6
509  */
510 static int
511 check_ipaddr(char *addr, char **newaddr) {
512 	ipaddr_t	addr_ipv4 = 0;
513 	in6_addr_t	addr_ipv6;
514 
515 	/* IPv6 */
516 	if (inet_pton(AF_INET6, addr, &addr_ipv6) == 1) {
517 		if (newaddr == NULL)
518 			return (AF_INET6);
519 
520 		/* Convert IPv4-mapped IPv6 address to IPv4 */
521 		if (IN6_IS_ADDR_V4MAPPED(&addr_ipv6) ||
522 					IN6_IS_ADDR_V4COMPAT(&addr_ipv6)) {
523 			IN6_V4MAPPED_TO_IPADDR(&addr_ipv6, addr_ipv4);
524 			if ((*newaddr = calloc(1, INET_ADDRSTRLEN)) == NULL) {
525 				(void) fprintf(stderr,
526 				    gettext("out of memory\n"));
527 				exit(1);
528 			}
529 			if (inet_ntop(AF_INET, &addr_ipv4, *newaddr,
530 			    INET_ADDRSTRLEN))
531 				return (AF_INET6);
532 			free(*newaddr);
533 			return (-2);
534 		}
535 
536 		/* Processing general IPv6 addresses */
537 		if ((*newaddr = calloc(1, INET6_ADDRSTRLEN)) == NULL) {
538 			(void) fprintf(stderr, gettext("out of memory\n"));
539 			exit(1);
540 		}
541 		if (inet_ntop(AF_INET6, &addr_ipv6, *newaddr, INET6_ADDRSTRLEN))
542 			return (AF_INET6);
543 		free(*newaddr);
544 		return (-2);
545 	}
546 
547 	/* Processing IPv4 addresses of the type d.d.d.d. */
548 	if (inet_pton(AF_INET, addr, &addr_ipv4) == 1) {
549 		if (newaddr == NULL)
550 			return (AF_INET);
551 		if ((*newaddr = calloc(1, INET_ADDRSTRLEN)) == NULL) {
552 			(void) fprintf(stderr, gettext("out of memory\n"));
553 			exit(1);
554 		}
555 		if (inet_ntop(AF_INET, &addr_ipv4, *newaddr, INET_ADDRSTRLEN))
556 			return (AF_INET);
557 		free(*newaddr);
558 		return (-2);
559 	}
560 
561 	/* Processing IPv4 addresses d.d.d , d.d and d */
562 	if (inet_addr(addr) != (in_addr_t)-1) {
563 		if (newaddr == NULL)
564 			return (AF_INET);
565 		if ((*newaddr = strdup(addr)) == NULL) {
566 			(void) fprintf(stderr, gettext("out of memory\n"));
567 			exit(1);
568 		}
569 		return (AF_INET);
570 	}
571 
572 	return (-1);
573 }
574 
575 /*
576  * Verifies that project name meets the restrictions defined by project(4).
577  */
578 static int
579 check_projname(char *addr)
580 {
581 	int i;
582 	if (addr == NULL || *addr == '\0')
583 		return (-1);
584 
585 	for (i = 0; i < strlen(addr); i++) {
586 		if (!isalpha(addr[i]) &&
587 		    !isdigit(addr[i]) &&
588 		    addr[i] != '_' &&
589 		    addr[i] != '-' &&
590 		    addr[i] != '.')
591 			return (-1);
592 	}
593 
594 	return (0);
595 }
596 
597 static int
598 genent_hosts(char *line, int (*cback)())
599 {
600 	char buf[BUFSIZ+1];
601 	char *t, *comment;
602 	entry_col ecol[4];
603 	char *cname, *pref_addr;
604 	int ctr = 0, retval = 1;
605 	int rc = GENENT_OK, af;
606 
607 	struct hostent  data;
608 	char *alias;
609 
610 	/*
611 	 * don't clobber our argument
612 	 */
613 	if (strlen(line) >= sizeof (buf)) {
614 		(void) strlcpy(parse_err_msg, gettext("line too long"),
615 		    PARSE_ERR_MSG_LEN);
616 		return (GENENT_PARSEERR);
617 	}
618 	(void) strcpy(buf, line);
619 
620 	/*
621 	 * clear column data
622 	 */
623 	(void) memset((char *)ecol, 0, sizeof (ecol));
624 
625 	/*
626 	 * comment (col 3)
627 	 * All leading spaces will be deleted from the comment
628 	 */
629 	ecol[3].ec_value.ec_value_val = "";
630 	ecol[3].ec_value.ec_value_len = 0;
631 	comment = t = strchr(buf, '#');
632 	if (comment) {
633 		do {
634 			++comment;
635 		} while (*comment != '\0' && isspace(*comment));
636 		if (*comment != '\0') {
637 			*--comment = '#';
638 			ecol[3].ec_value.ec_value_val = strdup(comment);
639 			ecol[3].ec_value.ec_value_len = strlen(comment)+1;
640 		}
641 
642 		*t = '\0';
643 	}
644 
645 	/*
646 	 * addr(col 2)
647 	 */
648 	if ((t = strtok(buf, " \t")) == 0) {
649 		(void) strlcpy(parse_err_msg, gettext("no host"),
650 		    PARSE_ERR_MSG_LEN);
651 		return (GENENT_PARSEERR);
652 	}
653 
654 	af = check_ipaddr(t, &pref_addr);
655 	if (af == -2) {
656 		(void) strlcpy(parse_err_msg, gettext("Internal error"),
657 		    PARSE_ERR_MSG_LEN);
658 	} else if (af == -1) {
659 		(void) snprintf(parse_err_msg, sizeof (parse_err_msg),
660 		    gettext("Invalid IP address: %s"), t);
661 	} else if (flags & F_VERBOSE) {
662 		if ((strncasecmp(t, pref_addr, strlen(t))) != 0) {
663 			(void) fprintf(stdout,
664 			    gettext("IP address %s converted to %s\n"),
665 			    t, pref_addr);
666 		}
667 	}
668 
669 	if (af < 0) {
670 		(void) fprintf(stderr, "%s\n", parse_err_msg);
671 		if (continue_onerror == 0)
672 			return (GENENT_CBERR);
673 		else
674 			return (rc);
675 	}
676 
677 	ecol[2].ec_value.ec_value_val = pref_addr;
678 	ecol[2].ec_value.ec_value_len = strlen(pref_addr)+1;
679 
680 	/*
681 	 * cname (col 0)
682 	 */
683 	if ((t = strtok(NULL, " \t")) == 0) {
684 		(void) strlcpy(parse_err_msg, gettext("no cname"),
685 		    PARSE_ERR_MSG_LEN);
686 		return (GENENT_PARSEERR);
687 	}
688 	ecol[0].ec_value.ec_value_val = t;
689 	ecol[0].ec_value.ec_value_len = strlen(t)+1;
690 	cname = t;
691 
692 
693 	/* build entry */
694 	if ((data.h_addr_list = (char **)calloc(2, sizeof (char **))) == NULL) {
695 		(void) fprintf(stderr, gettext("out of memory\n"));
696 		exit(1);
697 	}
698 	data.h_addr_list[0] = strdup(ecol[2].ec_value.ec_value_val);
699 	data.h_addr_list[1] = NULL;
700 
701 	free(pref_addr);
702 	data.h_name = strdup(ecol[0].ec_value.ec_value_val);
703 
704 	/*
705 	 * name (col 1)
706 	 */
707 
708 	data.h_aliases = NULL;
709 
710 	do {
711 		/*
712 		 * don't clobber comment in canonical entry
713 		 */
714 
715 		/* This call to AddEntry may move out of the loop */
716 		/* This is because we have to call the function just once */
717 		if (t != cname && strcasecmp(t, cname) == 0)
718 			continue;
719 		if (strcasecmp(t, ecol[0].ec_value.ec_value_val) == 0)
720 			continue;
721 
722 		ecol[1].ec_value.ec_value_val = t;
723 		ecol[1].ec_value.ec_value_len = strlen(t)+1;
724 
725 		ctr++;
726 		alias = strdup(ecol[1].ec_value.ec_value_val);
727 		if ((data.h_aliases = (char **)realloc(data.h_aliases,
728 		    ctr * sizeof (char **))) == NULL) {
729 			(void) fprintf(stderr, gettext("out of memory\n"));
730 			exit(1);
731 		}
732 		data.h_aliases[ctr-1] = alias;
733 	} while (t = strtok(NULL, " \t"));
734 
735 	/*
736 	 * End the list of all the aliases by NULL
737 	 * If there is some comment, it will be stored as the last entry
738 	 * in the list of the host aliases
739 	 */
740 	if ((data.h_aliases = (char **)realloc(data.h_aliases,
741 	    (ecol[3].ec_value.ec_value_len != 0 ?
742 	    ctr + 2 : ctr + 1) * sizeof (char **))) == NULL) {
743 		(void) fprintf(stderr, gettext("out of memory\n"));
744 		exit(1);
745 	}
746 
747 	if (ecol[3].ec_value.ec_value_len != 0) {
748 		data.h_aliases[ctr++] = ecol[3].ec_value.ec_value_val;
749 	}
750 	data.h_aliases[ctr] = NULL;
751 
752 	if (flags & F_VERBOSE)
753 		(void) fprintf(stdout,
754 		    gettext("Adding entry : cn=%s+ipHostNumber=%s\n"),
755 		    data.h_name, data.h_addr_list[0]);
756 
757 	retval = (*cback)(&data, 0);
758 
759 	if (ecol[3].ec_value.ec_value_len != 0) {
760 		free(ecol[3].ec_value.ec_value_val);
761 	}
762 
763 	if (retval == LDAP_ALREADY_EXISTS) {
764 		if (continue_onerror)
765 			(void) fprintf(stderr,
766 			    gettext("Entry: cn=%s+ipHostNumber=%s "
767 			    "already Exists -skipping it\n"),
768 			    data.h_name, data.h_addr_list[0]);
769 		else {
770 			rc = GENENT_CBERR;
771 			(void) fprintf(stderr,
772 			    gettext("Entry: cn=%s+ipHostNumber=%s"
773 			    " already Exists\n"),
774 			    data.h_name, data.h_addr_list[0]);
775 		}
776 	} else if (retval)
777 		rc = GENENT_CBERR;
778 
779 	free(data.h_name);
780 	free(data.h_aliases);
781 	free(data.h_addr_list);
782 
783 	return (rc);
784 }
785 
786 
787 
788 static void
789 dump_hosts(ns_ldap_result_t *res)
790 {
791 	ns_ldap_attr_t	*attrptr = NULL,
792 	    *cn = NULL,
793 	    *iphostnumber = NULL,
794 	    *desc = NULL;
795 	int		 i, j;
796 	char		*name; /* host name */
797 
798 	if (res == NULL || res->entry == NULL)
799 		return;
800 	for (i = 0; i < res->entry->attr_count; i++) {
801 		attrptr = res->entry->attr_pair[i];
802 		if (strcasecmp(attrptr->attrname, "cn") == 0)
803 			cn = attrptr;
804 		else if (strcasecmp(attrptr->attrname, "iphostnumber") == 0)
805 			iphostnumber = attrptr;
806 		else if (strcasecmp(attrptr->attrname, "description") == 0) {
807 			desc = attrptr;
808 		}
809 	}
810 	/* sanity check */
811 	if (cn == NULL || cn->attrvalue == NULL || cn->attrvalue[0] == NULL ||
812 	    iphostnumber == NULL || iphostnumber->attrvalue == NULL ||
813 	    iphostnumber->attrvalue[0] == NULL)
814 		return;
815 
816 	if ((name = __s_api_get_canonical_name(res->entry, cn, 1)) == NULL)
817 		return;
818 
819 	/* ip host/ipnode number */
820 	if (strlen(iphostnumber->attrvalue[0]) <= INET_ADDRSTRLEN)
821 		/* IPV4 or IPV6 but <= NET_ADDRSTRLEN */
822 		(void) fprintf(stdout, "%-18s", iphostnumber->attrvalue[0]);
823 	else
824 		/* IPV6 */
825 		(void) fprintf(stdout, "%-48s", iphostnumber->attrvalue[0]);
826 
827 	/* host/ipnode name */
828 	(void) fprintf(stdout, "%s ", name);
829 
830 	/* aliases */
831 	for (j = 0; j < cn->value_count; j++) {
832 		if (cn->attrvalue[j]) {
833 			if (strcasecmp(name, cn->attrvalue[j]) == 0)
834 				/* skip host name */
835 				continue;
836 			(void) fprintf(stdout, "%s ", cn->attrvalue[j]);
837 		}
838 	}
839 
840 	/* description */
841 	if (desc != NULL && desc->attrvalue != NULL &&
842 	    desc->attrvalue[0] != NULL) {
843 		(void) fprintf(stdout, "#%s", desc->attrvalue[0]);
844 	}
845 
846 	/* end of line */
847 	(void) fprintf(stdout, "\n");
848 }
849 
850 /*
851  * /etc/rpc
852  */
853 
854 static int
855 genent_rpc(char *line, int (*cback)())
856 {
857 	char buf[BUFSIZ+1];
858 	char *t;
859 	entry_col ecol[4];
860 	char *cname;
861 
862 	struct rpcent	data;
863 	char *alias;
864 	int ctr = 0;
865 	int retval = 1;
866 	int rc = GENENT_OK;
867 
868 	/*
869 	 * don't clobber our argument
870 	 */
871 	if (strlen(line) >= sizeof (buf)) {
872 		(void) strlcpy(parse_err_msg, gettext("line too long"),
873 		    PARSE_ERR_MSG_LEN);
874 		return (GENENT_PARSEERR);
875 	}
876 	(void) strcpy(buf, line);
877 
878 	/*
879 	 * clear column data
880 	 */
881 	(void) memset((char *)ecol, 0, sizeof (ecol));
882 
883 	/*
884 	 * comment (col 3)
885 	 */
886 	t = strchr(buf, '#');
887 	if (t) {
888 		*t++ = 0;
889 		ecol[3].ec_value.ec_value_val = t;
890 		ecol[3].ec_value.ec_value_len = strlen(t)+1;
891 	} else {
892 		ecol[3].ec_value.ec_value_val = 0;
893 		ecol[3].ec_value.ec_value_len = 0;
894 	}
895 
896 	/*
897 	 * cname(col 0)
898 	 */
899 	if ((t = strtok(buf, " \t")) == 0) {
900 		(void) strlcpy(parse_err_msg, gettext("no number"),
901 		    PARSE_ERR_MSG_LEN);
902 		return (GENENT_PARSEERR);
903 	}
904 	ecol[0].ec_value.ec_value_val = t;
905 	ecol[0].ec_value.ec_value_len = strlen(t)+1;
906 	cname = t;
907 
908 	/*
909 	 * number (col 2)
910 	 */
911 	if ((t = strtok(NULL, " \t")) == 0) {
912 		(void) strlcpy(parse_err_msg, gettext("no number"),
913 		    PARSE_ERR_MSG_LEN);
914 		return (GENENT_PARSEERR);
915 	}
916 	ecol[2].ec_value.ec_value_val = t;
917 	ecol[2].ec_value.ec_value_len = strlen(t)+1;
918 
919 
920 	/*
921 	 * build entry
922 	 */
923 
924 	data.r_name = strdup(ecol[0].ec_value.ec_value_val);
925 	if (ecol[2].ec_value.ec_value_val != NULL &&
926 	    ecol[2].ec_value.ec_value_val[0] != '\0') {
927 
928 		data.r_number = ascii_to_int(ecol[2].ec_value.ec_value_val);
929 		if (data.r_number == -1) {
930 			(void) snprintf(parse_err_msg, sizeof (parse_err_msg),
931 			    gettext("invalid program number: %s"),
932 			    ecol[2].ec_value.ec_value_val);
933 		return (GENENT_PARSEERR);
934 		}
935 	} else
936 		data.r_number = -1;
937 
938 	/*
939 	 * name (col 1)
940 	 */
941 	t = cname;
942 	data.r_aliases = NULL;
943 	do {
944 
945 		/*
946 		 * don't clobber comment in canonical entry
947 		 */
948 		if (t != cname && strcasecmp(t, cname) == 0)
949 			continue;
950 		if (strcasecmp(t, ecol[0].ec_value.ec_value_val) == 0)
951 			continue;
952 
953 		ecol[1].ec_value.ec_value_val = t;
954 		ecol[1].ec_value.ec_value_len = strlen(t)+1;
955 
956 		ctr++;
957 		alias = strdup(ecol[1].ec_value.ec_value_val);
958 		if ((data.r_aliases = (char **)realloc(data.r_aliases,
959 		    ctr * sizeof (char **))) == NULL) {
960 			(void) fprintf(stderr, gettext("out of memory\n"));
961 			exit(1);
962 		}
963 		data.r_aliases[ctr-1] = alias;
964 
965 
966 		/*
967 		 * only put comment in canonical entry
968 		 */
969 		ecol[3].ec_value.ec_value_val = 0;
970 		ecol[3].ec_value.ec_value_len = 0;
971 
972 	} while (t = strtok(NULL, " \t"));
973 
974 	/* End the list of all the aliases by NULL */
975 	if ((data.r_aliases = (char **)realloc(data.r_aliases,
976 	    (ctr + 1) * sizeof (char **))) == NULL) {
977 		(void) fprintf(stderr, gettext("out of memory\n"));
978 		exit(1);
979 	}
980 	data.r_aliases[ctr] = NULL;
981 
982 	if (flags & F_VERBOSE)
983 		(void) fprintf(stdout,
984 		    gettext("Adding entry : %s\n"), data.r_name);
985 
986 	retval = (*cback)(&data, 0);
987 
988 	if (retval == LDAP_ALREADY_EXISTS) {
989 		if (continue_onerror)
990 			(void) fprintf(stderr,
991 			    gettext("Entry: %s - already Exists,"
992 			    " skipping it.\n"), data.r_name);
993 		else {
994 			rc = GENENT_CBERR;
995 			(void) fprintf(stderr,
996 			    gettext("Entry: %s - already Exists\n"),
997 			    data.r_name);
998 		}
999 	} else if (retval)
1000 		rc = GENENT_CBERR;
1001 
1002 	free(data.r_name);
1003 	free(data.r_aliases);
1004 
1005 	return (rc);
1006 }
1007 
1008 
1009 
1010 static void
1011 dump_rpc(ns_ldap_result_t *res)
1012 {
1013 	ns_ldap_attr_t	*attrptr = NULL, *cn = NULL, *rpcnumber = NULL;
1014 	int		 i, j;
1015 	char		*name; /* rpc name */
1016 
1017 	if (res == NULL || res->entry == NULL)
1018 		return;
1019 	for (i = 0; i < res->entry->attr_count; i++) {
1020 		attrptr = res->entry->attr_pair[i];
1021 		if (strcasecmp(attrptr->attrname, "cn") == 0)
1022 			cn = attrptr;
1023 		else if (strcasecmp(attrptr->attrname, "oncRpcNumber") == 0)
1024 			rpcnumber = attrptr;
1025 	}
1026 	/* sanity check */
1027 	if (cn == NULL || cn->attrvalue == NULL || cn->attrvalue[0] == NULL ||
1028 	    rpcnumber == NULL || rpcnumber->attrvalue == NULL ||
1029 	    rpcnumber->attrvalue[0] == NULL)
1030 		return;
1031 
1032 	if ((name = __s_api_get_canonical_name(res->entry, cn, 1)) == NULL)
1033 		return;
1034 
1035 	/* rpc name */
1036 	if (strlen(name) < 8)
1037 		(void) fprintf(stdout, "%s\t\t", name);
1038 	else
1039 		(void) fprintf(stdout, "%s\t", name);
1040 
1041 	/* rpc number */
1042 	(void) fprintf(stdout, "%-8s", rpcnumber->attrvalue[0]);
1043 
1044 
1045 	/* aliases */
1046 	for (j = 0; j < cn->value_count; j++) {
1047 		if (cn->attrvalue[j]) {
1048 			if (strcasecmp(name, cn->attrvalue[j]) == 0)
1049 				/* skip rpc name */
1050 				continue;
1051 			(void) fprintf(stdout, "%s ", cn->attrvalue[j]);
1052 		}
1053 	}
1054 
1055 	/* end of line */
1056 	(void) fprintf(stdout, "\n");
1057 
1058 }
1059 
1060 /*
1061  * /etc/protocols
1062  *
1063  */
1064 
1065 static int
1066 genent_protocols(char *line, int (*cback)())
1067 {
1068 	char buf[BUFSIZ+1];
1069 	char *t;
1070 	entry_col ecol[4];
1071 	char *cname;
1072 
1073 	struct protoent	data;
1074 	char *alias;
1075 	int ctr = 0;
1076 	int retval = 1;
1077 	int rc = GENENT_OK;
1078 
1079 	/*
1080 	 * don't clobber our argument
1081 	 */
1082 	if (strlen(line) >= sizeof (buf)) {
1083 		(void) strlcpy(parse_err_msg, gettext("line too long"),
1084 		    PARSE_ERR_MSG_LEN);
1085 		return (GENENT_PARSEERR);
1086 	}
1087 	(void) strcpy(buf, line);
1088 
1089 	/*
1090 	 * clear column data
1091 	 */
1092 	(void) memset((char *)ecol, 0, sizeof (ecol));
1093 
1094 	/*
1095 	 * comment (col 3)
1096 	 */
1097 	t = strchr(buf, '#');
1098 	if (t) {
1099 		*t++ = 0;
1100 		ecol[3].ec_value.ec_value_val = t;
1101 		ecol[3].ec_value.ec_value_len = strlen(t)+1;
1102 	} else {
1103 		ecol[3].ec_value.ec_value_val = 0;
1104 		ecol[3].ec_value.ec_value_len = 0;
1105 	}
1106 
1107 	/*
1108 	 * cname(col 0)
1109 	 */
1110 	if ((t = strtok(buf, " \t")) == 0) {
1111 		(void) strlcpy(parse_err_msg, gettext("no number"),
1112 		    PARSE_ERR_MSG_LEN);
1113 		return (GENENT_PARSEERR);
1114 	}
1115 	ecol[0].ec_value.ec_value_val = t;
1116 	ecol[0].ec_value.ec_value_len = strlen(t)+1;
1117 	cname = t;
1118 
1119 	/*
1120 	 * number (col 2)
1121 	 */
1122 	if ((t = strtok(NULL, " \t")) == 0) {
1123 		(void) strlcpy(parse_err_msg, gettext("no number"),
1124 		    PARSE_ERR_MSG_LEN);
1125 		return (GENENT_PARSEERR);
1126 	}
1127 	ecol[2].ec_value.ec_value_val = t;
1128 	ecol[2].ec_value.ec_value_len = strlen(t)+1;
1129 
1130 
1131 	/*
1132 	 * build entry
1133 	 */
1134 	data.p_name = strdup(ecol[0].ec_value.ec_value_val);
1135 
1136 	if (ecol[2].ec_value.ec_value_val != NULL &&
1137 	    ecol[2].ec_value.ec_value_val[0] != '\0') {
1138 
1139 		data.p_proto = ascii_to_int(ecol[2].ec_value.ec_value_val);
1140 		if (data.p_proto == -1) {
1141 			(void) snprintf(parse_err_msg, sizeof (parse_err_msg),
1142 			    gettext("invalid protocol number: %s"),
1143 			    ecol[2].ec_value.ec_value_val);
1144 		return (GENENT_PARSEERR);
1145 		}
1146 	} else
1147 		data.p_proto = -1;
1148 
1149 	/*
1150 	 * name (col 1)
1151 	 */
1152 	t = cname;
1153 	ctr = 0;
1154 	data.p_aliases = NULL;
1155 
1156 	do {
1157 		/*
1158 		 * don't clobber comment in canonical entry
1159 		 */
1160 		if (t != cname && strcasecmp(t, cname) == 0)
1161 			continue;
1162 		if (strcasecmp(t, ecol[0].ec_value.ec_value_val) == 0)
1163 			continue;
1164 
1165 		ecol[1].ec_value.ec_value_val = t;
1166 		ecol[1].ec_value.ec_value_len = strlen(t)+1;
1167 
1168 		ctr++;
1169 		alias = strdup(ecol[1].ec_value.ec_value_val);
1170 		if ((data.p_aliases = (char **)realloc(data.p_aliases,
1171 		    ctr * sizeof (char **))) == NULL) {
1172 			(void) fprintf(stderr, gettext("out of memory\n"));
1173 			exit(1);
1174 		}
1175 		data.p_aliases[ctr-1] = alias;
1176 
1177 		/*
1178 		 * only put comment in canonical entry
1179 		 */
1180 		ecol[3].ec_value.ec_value_val = 0;
1181 		ecol[3].ec_value.ec_value_len = 0;
1182 
1183 	} while (t = strtok(NULL, " \t"));
1184 
1185 	/* End the list of all the aliases by NULL */
1186 	if ((data.p_aliases = (char **)realloc(data.p_aliases,
1187 	    (ctr + 1) * sizeof (char **))) == NULL) {
1188 		(void) fprintf(stderr, gettext("out of memory\n"));
1189 		exit(1);
1190 	}
1191 	data.p_aliases[ctr] = NULL;
1192 
1193 	if (flags & F_VERBOSE)
1194 		(void) fprintf(stdout,
1195 		    gettext("Adding entry : %s\n"), data.p_name);
1196 
1197 	retval = (*cback)(&data, 0);
1198 
1199 	if (retval == LDAP_ALREADY_EXISTS) {
1200 		if (continue_onerror)
1201 			(void) fprintf(stderr,
1202 			    gettext("Entry: %s - already Exists,"
1203 			    " skipping it.\n"), data.p_name);
1204 		else {
1205 			rc = GENENT_CBERR;
1206 			(void) fprintf(stderr,
1207 			    gettext("Entry: %s - already Exists\n"),
1208 			    data.p_name);
1209 		}
1210 	} else if (retval)
1211 		rc = GENENT_CBERR;
1212 
1213 	free(data.p_name);
1214 	free(data.p_aliases);
1215 
1216 	return (rc);
1217 }
1218 
1219 
1220 static void
1221 dump_protocols(ns_ldap_result_t *res)
1222 {
1223 	ns_ldap_attr_t	*attrptr = NULL, *cn = NULL, *protocolnumber = NULL;
1224 	int		 i, j;
1225 	char		*name, *cp;
1226 
1227 	if (res == NULL || res->entry == NULL)
1228 		return;
1229 	for (i = 0; i < res->entry->attr_count; i++) {
1230 		attrptr = res->entry->attr_pair[i];
1231 		if (strcasecmp(attrptr->attrname, "cn") == 0)
1232 			cn = attrptr;
1233 		else if (strcasecmp(attrptr->attrname, "ipProtocolNumber")
1234 		    == 0)
1235 			protocolnumber = attrptr;
1236 	}
1237 	/* sanity check */
1238 	if (cn == NULL || cn->attrvalue == NULL || cn->attrvalue[0] == NULL ||
1239 	    protocolnumber == NULL || protocolnumber->attrvalue == NULL ||
1240 	    protocolnumber->attrvalue[0] == NULL)
1241 		return;
1242 
1243 	if ((name = __s_api_get_canonical_name(res->entry, cn, 1)) == NULL)
1244 		return;
1245 
1246 	/* protocol name */
1247 	if (strlen(name) < 8)
1248 		(void) fprintf(stdout, "%s\t\t", name);
1249 	else
1250 		(void) fprintf(stdout, "%s\t", name);
1251 
1252 	/* protocol number */
1253 	(void) fprintf(stdout, "%-16s", protocolnumber->attrvalue[0]);
1254 
1255 	/* aliases */
1256 	for (j = 0; j < cn->value_count; j++) {
1257 		if (cn->attrvalue[j]) {
1258 			if (strcasecmp(name, cn->attrvalue[j]) == 0) {
1259 				if (cn->value_count > 1)
1260 					/* Do not replicate */
1261 					continue;
1262 				/*
1263 				 * Replicate name in uppercase as an aliase
1264 				 */
1265 				for (cp = cn->attrvalue[j]; *cp; cp++)
1266 					*cp = toupper(*cp);
1267 			}
1268 			(void) fprintf(stdout, "%s ", cn->attrvalue[j]);
1269 		}
1270 	}
1271 
1272 	/* end of line */
1273 	(void) fprintf(stdout, "\n");
1274 
1275 }
1276 
1277 
1278 
1279 
1280 
1281 /*
1282  * /etc/networks
1283  *
1284  */
1285 
1286 static int
1287 genent_networks(char *line, int (*cback)())
1288 {
1289 	char buf[BUFSIZ+1];
1290 	char *t;
1291 	entry_col ecol[4];
1292 	char *cname;
1293 
1294 	struct netent	data;
1295 	char *alias;
1296 	int ctr = 0;
1297 	int retval = 1;
1298 	int enet;
1299 	int rc = GENENT_OK;
1300 
1301 	/*
1302 	 * don't clobber our argument
1303 	 */
1304 	if (strlen(line) >= sizeof (buf)) {
1305 		(void) strlcpy(parse_err_msg, gettext("line too long"),
1306 		    PARSE_ERR_MSG_LEN);
1307 		return (GENENT_PARSEERR);
1308 	}
1309 	(void) strcpy(buf, line);
1310 
1311 	/*
1312 	 * clear column data
1313 	 */
1314 	(void) memset((char *)ecol, 0, sizeof (ecol));
1315 
1316 	/*
1317 	 * comment (col 3)
1318 	 */
1319 	t = strchr(buf, '#');
1320 	if (t) {
1321 		*t++ = 0;
1322 		ecol[3].ec_value.ec_value_val = t;
1323 		ecol[3].ec_value.ec_value_len = strlen(t)+1;
1324 	} else {
1325 		ecol[3].ec_value.ec_value_val = 0;
1326 		ecol[3].ec_value.ec_value_len = 0;
1327 	}
1328 
1329 	/*
1330 	 * cname(col 0)
1331 	 */
1332 	if ((t = strtok(buf, " \t")) == 0) {
1333 		(void) strlcpy(parse_err_msg, gettext("no number"),
1334 		    PARSE_ERR_MSG_LEN);
1335 		return (GENENT_PARSEERR);
1336 	}
1337 	ecol[0].ec_value.ec_value_val = t;
1338 	ecol[0].ec_value.ec_value_len = strlen(t)+1;
1339 	cname = t;
1340 
1341 	/*
1342 	 * number (col 2)
1343 	 */
1344 	if ((t = strtok(NULL, " \t")) == 0) {
1345 		(void) strlcpy(parse_err_msg, gettext("no number"),
1346 		    PARSE_ERR_MSG_LEN);
1347 		return (GENENT_PARSEERR);
1348 	}
1349 	ecol[2].ec_value.ec_value_val = t;
1350 	ecol[2].ec_value.ec_value_len = strlen(t)+1;
1351 
1352 
1353 	/*
1354 	 * build entry
1355 	 */
1356 
1357 	data.n_name = strdup(ecol[0].ec_value.ec_value_val);
1358 	/*
1359 	 * data.n_net is an unsigned field,
1360 	 * assign -1 to it, make no sense.
1361 	 * Use enet here to avoid lint warning.
1362 	 */
1363 	enet = encode_network(ecol[2].ec_value.ec_value_val);
1364 
1365 	if (enet == -1 && continue_onerror == 0) {
1366 		(void) fprintf(stderr, gettext("Invalid network number\n"));
1367 		if (continue_onerror == 0)
1368 			return (GENENT_CBERR);
1369 	} else
1370 		data.n_net = enet;
1371 
1372 	/*
1373 	 * name (col 1)
1374 	 */
1375 	t = cname;
1376 	data.n_aliases = NULL;
1377 
1378 	do {
1379 		/*
1380 		 * don't clobber comment in canonical entry
1381 		 */
1382 		if (t != cname && strcasecmp(t, cname) == 0)
1383 			continue;
1384 		if (strcasecmp(t, ecol[0].ec_value.ec_value_val) == 0)
1385 			continue;
1386 
1387 		ecol[1].ec_value.ec_value_val = t;
1388 		ecol[1].ec_value.ec_value_len = strlen(t)+1;
1389 
1390 		ctr++;
1391 		alias = strdup(ecol[1].ec_value.ec_value_val);
1392 		if ((data.n_aliases = (char **)realloc(data.n_aliases,
1393 		    ctr * sizeof (char **))) == NULL) {
1394 			(void) fprintf(stderr, gettext("out of memory\n"));
1395 			exit(1);
1396 		}
1397 		data.n_aliases[ctr-1] = alias;
1398 
1399 		/*
1400 		 * only put comment in canonical entry
1401 		 */
1402 		ecol[3].ec_value.ec_value_val = 0;
1403 		ecol[3].ec_value.ec_value_len = 0;
1404 
1405 	} while (t = strtok(NULL, " \t"));
1406 
1407 	/* End the list of all the aliases by NULL */
1408 	if ((data.n_aliases = (char **)realloc(data.n_aliases,
1409 	    (ctr + 1) * sizeof (char **))) == NULL) {
1410 		(void) fprintf(stderr, gettext("out of memory\n"));
1411 		exit(1);
1412 	}
1413 	data.n_aliases[ctr] = NULL;
1414 
1415 	if (flags & F_VERBOSE)
1416 		(void) fprintf(stdout,
1417 		    gettext("Adding entry : %s\n"), data.n_name);
1418 
1419 	retval = (*cback)(&data, 0);
1420 
1421 	if (retval == LDAP_ALREADY_EXISTS) {
1422 		if (continue_onerror)
1423 			(void) fprintf(stderr,
1424 			    gettext("Entry: %s - already Exists,"
1425 			    " skipping it.\n"), data.n_name);
1426 		else {
1427 			rc = GENENT_CBERR;
1428 			(void) fprintf(stderr,
1429 			    gettext("Entry: %s - already Exists\n"),
1430 			    data.n_name);
1431 		}
1432 	} else if (retval)
1433 		rc = GENENT_CBERR;
1434 
1435 	free(data.n_name);
1436 	free(data.n_aliases);
1437 
1438 	return (rc);
1439 }
1440 
1441 
1442 static void
1443 dump_networks(ns_ldap_result_t *res)
1444 {
1445 	ns_ldap_attr_t	*attrptr = NULL, *cn = NULL, *networknumber = NULL;
1446 	int		 i, j;
1447 	char		*name;
1448 
1449 	if (res == NULL || res->entry == NULL)
1450 		return;
1451 	for (i = 0; i < res->entry->attr_count; i++) {
1452 		attrptr = res->entry->attr_pair[i];
1453 		if (strcasecmp(attrptr->attrname, "cn") == 0)
1454 			cn = attrptr;
1455 		else if (strcasecmp(attrptr->attrname, "ipNetworkNumber")
1456 		    == 0)
1457 			networknumber = attrptr;
1458 	}
1459 	/* sanity check */
1460 	if (cn == NULL || cn->attrvalue == NULL || cn->attrvalue[0] == NULL ||
1461 	    networknumber == NULL || networknumber->attrvalue == NULL ||
1462 	    networknumber->attrvalue[0] == NULL)
1463 		return;
1464 
1465 	/*
1466 	 * cn can be a MUST attribute(RFC 2307) or MAY attribute(2307bis).
1467 	 * If the canonical name can not be found (2307bis), use the 1st
1468 	 * value as the official name.
1469 	 */
1470 
1471 	/* network name */
1472 	if ((name = __s_api_get_canonical_name(res->entry, cn, 1)) == NULL)
1473 		name = cn->attrvalue[0];
1474 
1475 	if (strlen(name) < 8)
1476 		(void) fprintf(stdout, "%s\t\t", name);
1477 	else
1478 		(void) fprintf(stdout, "%s\t", name);
1479 
1480 	/* network number */
1481 	(void) fprintf(stdout, "%-16s", networknumber->attrvalue[0]);
1482 
1483 	/* aliases */
1484 	for (j = 0; j < cn->value_count; j++) {
1485 		if (cn->attrvalue[j]) {
1486 			if (strcasecmp(name, cn->attrvalue[j]) == 0)
1487 				/* skip name */
1488 				continue;
1489 			(void) fprintf(stdout, "%s ", cn->attrvalue[j]);
1490 		}
1491 	}
1492 
1493 	/* end of line */
1494 	(void) fprintf(stdout, "\n");
1495 
1496 }
1497 
1498 
1499 
1500 
1501 /*
1502  * /etc/services
1503  *
1504  */
1505 
1506 static int
1507 genent_services(char *line, int (*cback)())
1508 {
1509 	char buf[BUFSIZ+1];
1510 	char *t, *p;
1511 	entry_col ecol[5];
1512 	char *cname;
1513 
1514 	struct servent	data;
1515 	char *alias;
1516 	int ctr = 0;
1517 	int retval = 1;
1518 	int rc = GENENT_OK;
1519 
1520 	/*
1521 	 * don't clobber our argument
1522 	 */
1523 	if (strlen(line) >= sizeof (buf)) {
1524 		(void) strlcpy(parse_err_msg, gettext("line too long"),
1525 		    PARSE_ERR_MSG_LEN);
1526 		return (GENENT_PARSEERR);
1527 	}
1528 	(void) strcpy(buf, line);
1529 
1530 	/*
1531 	 * clear column data
1532 	 */
1533 	(void) memset((char *)ecol, 0, sizeof (ecol));
1534 
1535 	/*
1536 	 * comment (col 4)
1537 	 */
1538 	t = strchr(buf, '#');
1539 	if (t) {
1540 		*t++ = 0;
1541 		ecol[4].ec_value.ec_value_val = t;
1542 		ecol[4].ec_value.ec_value_len = strlen(t)+1;
1543 	} else {
1544 		ecol[4].ec_value.ec_value_val = 0;
1545 		ecol[4].ec_value.ec_value_len = 0;
1546 	}
1547 
1548 	/*
1549 	 * cname(col 0)
1550 	 */
1551 	if ((t = strtok(buf, " \t")) == 0) {
1552 		(void) strlcpy(parse_err_msg, gettext("no port"),
1553 		    PARSE_ERR_MSG_LEN);
1554 		return (GENENT_PARSEERR);
1555 	}
1556 	ecol[0].ec_value.ec_value_val = t;
1557 	ecol[0].ec_value.ec_value_len = strlen(t)+1;
1558 	cname = t;
1559 
1560 	/*
1561 	 * port (col 3)
1562 	 */
1563 	if ((t = strtok(NULL, " \t")) == 0) {
1564 		(void) strlcpy(parse_err_msg, gettext("no protocol"),
1565 		    PARSE_ERR_MSG_LEN);
1566 		return (GENENT_PARSEERR);
1567 	}
1568 	if ((p = strchr(t, '/')) == 0) {
1569 		(void) strlcpy(parse_err_msg, gettext("bad port/proto"),
1570 		    PARSE_ERR_MSG_LEN);
1571 		return (GENENT_PARSEERR);
1572 	}
1573 	*(p++) = 0;
1574 	ecol[3].ec_value.ec_value_val = t;
1575 	ecol[3].ec_value.ec_value_len = strlen(t)+1;
1576 
1577 	/*
1578 	 * proto (col 2)
1579 	 */
1580 	ecol[2].ec_value.ec_value_val = p;
1581 	ecol[2].ec_value.ec_value_len = strlen(p)+1;
1582 
1583 
1584 	/*
1585 	 * build entry
1586 	 */
1587 
1588 	data.s_name = strdup(ecol[0].ec_value.ec_value_val);
1589 	data.s_proto = strdup(ecol[2].ec_value.ec_value_val);
1590 
1591 	if (ecol[3].ec_value.ec_value_val != NULL &&
1592 	    ecol[3].ec_value.ec_value_val[0] != '\0') {
1593 
1594 		data.s_port = ascii_to_int(ecol[3].ec_value.ec_value_val);
1595 		if (data.s_port == -1) {
1596 			(void) snprintf(parse_err_msg, sizeof (parse_err_msg),
1597 			    gettext("invalid port number: %s"),
1598 			    ecol[3].ec_value.ec_value_val);
1599 		return (GENENT_PARSEERR);
1600 		}
1601 	} else
1602 		data.s_port = -1;
1603 
1604 	/*
1605 	 * name (col 1)
1606 	 */
1607 	t = cname;
1608 	data.s_aliases = NULL;
1609 
1610 	do {
1611 		/*
1612 		 * don't clobber comment in canonical entry
1613 		 */
1614 		if (t != cname && strcasecmp(t, cname) == 0)
1615 			continue;
1616 		if (strcasecmp(t, ecol[0].ec_value.ec_value_val) == 0)
1617 			continue;
1618 
1619 		ecol[1].ec_value.ec_value_val = t;
1620 		ecol[1].ec_value.ec_value_len = strlen(t)+1;
1621 
1622 		ctr++;
1623 		alias = strdup(ecol[1].ec_value.ec_value_val);
1624 		if ((data.s_aliases = (char **)realloc(data.s_aliases,
1625 		    ctr * sizeof (char **))) == NULL) {
1626 			(void) fprintf(stderr, gettext("out of memory\n"));
1627 			exit(1);
1628 		}
1629 		data.s_aliases[ctr-1] = alias;
1630 
1631 		/*
1632 		 * only put comment in canonical entry
1633 		 */
1634 		ecol[4].ec_value.ec_value_val = 0;
1635 		ecol[4].ec_value.ec_value_len = 0;
1636 
1637 	} while (t = strtok(NULL, " \t"));
1638 
1639 	/* End the list of all the aliases by NULL */
1640 	if ((data.s_aliases = (char **)realloc(data.s_aliases,
1641 	    (ctr + 1) * sizeof (char **))) == NULL) {
1642 		(void) fprintf(stderr, gettext("out of memory\n"));
1643 		exit(1);
1644 	}
1645 	data.s_aliases[ctr] = NULL;
1646 
1647 	if (flags & F_VERBOSE)
1648 		(void) fprintf(stdout,
1649 		    gettext("Adding entry : %s\n"), line);
1650 
1651 	retval = (*cback)(&data, 0);
1652 
1653 	if (retval == LDAP_ALREADY_EXISTS) {
1654 		if (continue_onerror)
1655 			(void) fprintf(stderr, gettext(
1656 			    "Entry: cn=%s+ipServiceProtocol=%s"
1657 			    " already Exists, skipping it.\n"),
1658 			    data.s_name, data.s_proto);
1659 		else {
1660 			rc = GENENT_CBERR;
1661 			(void) fprintf(stderr,
1662 			    gettext("Entry: cn=%s+ipServiceProtocol=%s"
1663 			    " - already Exists\n"),
1664 			    data.s_name, data.s_proto);
1665 		}
1666 	} else if (retval)
1667 		rc = GENENT_CBERR;
1668 
1669 	free(data.s_name);
1670 	free(data.s_proto);
1671 	free(data.s_aliases);
1672 
1673 	return (rc);
1674 }
1675 
1676 
1677 
1678 static void
1679 dump_services(ns_ldap_result_t *res)
1680 {
1681 	ns_ldap_attr_t	*attrptr = NULL, *cn = NULL, *port = NULL;
1682 	ns_ldap_attr_t	*protocol = NULL;
1683 	int		i, j, len;
1684 	char		*name; /* service name */
1685 
1686 	/*
1687 	 * cn can have multiple values.(service name and its aliases)
1688 	 * In order to support RFC 2307, section 5.5, ipserviceprotocol  can
1689 	 * have multiple values too.
1690 	 * The output format should look like
1691 	 *
1692 	 * test		2345/udp mytest
1693 	 * test		2345/tcp mytest
1694 	 */
1695 	if (res == NULL || res->entry == NULL)
1696 		return;
1697 	for (i = 0; i < res->entry->attr_count; i++) {
1698 		attrptr = res->entry->attr_pair[i];
1699 		if (strcasecmp(attrptr->attrname, "cn") == 0)
1700 			cn = attrptr;
1701 		else if (strcasecmp(attrptr->attrname, "ipServicePort") == 0)
1702 			port = attrptr;
1703 		else if (strcasecmp(attrptr->attrname,
1704 		    "ipServiceProtocol") == 0)
1705 			protocol = attrptr;
1706 	}
1707 	/* sanity check */
1708 	if (cn == NULL || cn->attrvalue == NULL || cn->attrvalue[0] == NULL ||
1709 	    port == NULL || port->attrvalue == NULL ||
1710 	    port->attrvalue[0] == NULL || protocol == NULL ||
1711 	    protocol->attrvalue == NULL || protocol->attrvalue[0] == NULL)
1712 		return;
1713 
1714 	if ((name = __s_api_get_canonical_name(res->entry, cn, 1)) == NULL)
1715 		return;
1716 	for (i = 0; i < protocol->value_count; i++) {
1717 		if (protocol->attrvalue[i] == NULL)
1718 			return;
1719 		/* service name */
1720 		(void) fprintf(stdout, "%-16s", name);
1721 
1722 		/* port & protocol */
1723 		(void) fprintf(stdout, "%s/%s%n", port->attrvalue[0],
1724 		    protocol->attrvalue[i], &len);
1725 
1726 		if (len < 8)
1727 			(void) fprintf(stdout, "\t\t");
1728 		else
1729 			(void) fprintf(stdout, "\t");
1730 
1731 		/* aliases */
1732 		for (j = 0; j < cn->value_count; j++) {
1733 			if (cn->attrvalue[j]) {
1734 				if (strcasecmp(name, cn->attrvalue[j]) == 0)
1735 					/* skip service name */
1736 					continue;
1737 				(void) fprintf(stdout, "%s ", cn->attrvalue[j]);
1738 			}
1739 		}
1740 
1741 		/* end of line */
1742 		(void) fprintf(stdout, "\n");
1743 	}
1744 }
1745 
1746 
1747 /*
1748  * /etc/group
1749  */
1750 
1751 static int
1752 genent_group(char *line, int (*cback)())
1753 {
1754 	char buf[BIGBUF+1];
1755 	char *s, *t;
1756 	entry_col ecol[5];
1757 
1758 	struct group	data;
1759 	int ctr = 0;
1760 	int retval = 1;
1761 	int rc = GENENT_OK;
1762 
1763 	/*
1764 	 * don't clobber our argument
1765 	 */
1766 	if (strlen(line) >= sizeof (buf)) {
1767 		(void) strlcpy(parse_err_msg, gettext("line too long"),
1768 		    PARSE_ERR_MSG_LEN);
1769 		return (GENENT_PARSEERR);
1770 	}
1771 	(void) strcpy(buf, line);
1772 	t = buf;
1773 
1774 	/* ignore empty entries */
1775 	if (*t == '\0')
1776 		return (GENENT_OK);
1777 
1778 	/*
1779 	 * clear column data
1780 	 */
1781 	(void) memset((char *)ecol, 0, sizeof (ecol));
1782 
1783 	/*
1784 	 * name (col 0)
1785 	 */
1786 	if ((s = strchr(t, ':')) == 0) {
1787 		(void) strlcpy(parse_err_msg, gettext("no passwd"),
1788 		    PARSE_ERR_MSG_LEN);
1789 		return (GENENT_PARSEERR);
1790 	}
1791 	*s++ = 0;
1792 	ecol[0].ec_value.ec_value_val = t;
1793 	ecol[0].ec_value.ec_value_len = strlen(t)+1;
1794 	t = s;
1795 
1796 	/*
1797 	 * passwd (col 1)
1798 	 */
1799 	if ((s = strchr(t, ':')) == 0) {
1800 		(void) strlcpy(parse_err_msg, gettext("no gid"),
1801 		    PARSE_ERR_MSG_LEN);
1802 		return (GENENT_PARSEERR);
1803 	}
1804 	*s++ = 0;
1805 	ecol[1].ec_value.ec_value_val = t;
1806 	ecol[1].ec_value.ec_value_len = strlen(t)+1;
1807 	t = s;
1808 
1809 
1810 	/*
1811 	 * gid (col 2)
1812 	 */
1813 	if ((s = strchr(t, ':')) == 0 || s == t) {
1814 		(void) strlcpy(parse_err_msg, gettext("no members"),
1815 		    PARSE_ERR_MSG_LEN);
1816 		return (GENENT_PARSEERR);
1817 	}
1818 	*s++ = 0;
1819 	ecol[2].ec_value.ec_value_val = t;
1820 	ecol[2].ec_value.ec_value_len = strlen(t)+1;
1821 	t = s;
1822 
1823 	/*
1824 	 * members (col 3)
1825 	 */
1826 	ecol[3].ec_value.ec_value_val = t;
1827 	ecol[3].ec_value.ec_value_len = strlen(t)+1;
1828 
1829 
1830 	/*
1831 	 * build entry
1832 	 */
1833 	data.gr_name = strdup(ecol[0].ec_value.ec_value_val);
1834 	data.gr_passwd = strdup(ecol[1].ec_value.ec_value_val);
1835 	if (ecol[2].ec_value.ec_value_val != NULL &&
1836 	    ecol[2].ec_value.ec_value_val[0] != '\0') {
1837 
1838 		data.gr_gid = ascii_to_int(ecol[2].ec_value.ec_value_val);
1839 		if (data.gr_gid == (uid_t)-1) {
1840 			(void) snprintf(parse_err_msg, sizeof (parse_err_msg),
1841 			    gettext("invalid group id: %s"),
1842 			    ecol[2].ec_value.ec_value_val);
1843 		return (GENENT_PARSEERR);
1844 		}
1845 	} else
1846 		data.gr_gid = (uid_t)-1;
1847 
1848 	data.gr_mem = NULL;
1849 
1850 	/* Compute maximum amount of members */
1851 	s = t;
1852 	while (s = strchr(s, ',')) {
1853 		s++;
1854 		ctr++;
1855 	}
1856 
1857 	/* Allocate memory for all members */
1858 	data.gr_mem = calloc(ctr + 2, sizeof (char **));
1859 	if (data.gr_mem == NULL) {
1860 		(void) fprintf(stderr, gettext("out of memory\n"));
1861 		exit(1);
1862 	}
1863 
1864 	ctr = 0;
1865 	while (s = strchr(t, ',')) {
1866 
1867 		*s++ = 0;
1868 		ecol[3].ec_value.ec_value_val = t;
1869 		t = s;
1870 		/* Send to server only non empty member names */
1871 		if (strlen(ecol[3].ec_value.ec_value_val) != 0)
1872 			data.gr_mem[ctr++] = ecol[3].ec_value.ec_value_val;
1873 	}
1874 
1875 	/* Send to server only non empty member names */
1876 	if (strlen(t) != 0)
1877 		data.gr_mem[ctr++] = t;
1878 
1879 	/* Array of members completed, finished by NULL, see calloc() */
1880 
1881 	if (flags & F_VERBOSE)
1882 		(void) fprintf(stdout,
1883 		    gettext("Adding entry : %s\n"), data.gr_name);
1884 
1885 	retval = (*cback)(&data, 0);
1886 
1887 	if (retval == LDAP_ALREADY_EXISTS) {
1888 		if (continue_onerror)
1889 			(void) fprintf(stderr,
1890 			    gettext("Entry: %s - already Exists,"
1891 			    " skipping it.\n"), data.gr_name);
1892 		else {
1893 			rc = GENENT_CBERR;
1894 			(void) fprintf(stderr,
1895 			    gettext("Entry: %s - already Exists\n"),
1896 			    data.gr_name);
1897 		}
1898 	} else if (retval)
1899 		rc = GENENT_CBERR;
1900 
1901 	free(data.gr_name);
1902 	free(data.gr_passwd);
1903 	free(data.gr_mem);
1904 
1905 	return (rc);
1906 }
1907 
1908 static void
1909 dump_group(ns_ldap_result_t *res)
1910 {
1911 	char    **value = NULL;
1912 	char	pnam[256];
1913 	int	attr_count = 0;
1914 
1915 	value = __ns_ldap_getAttr(res->entry, "cn");
1916 	if (value && value[0])
1917 		(void) fprintf(stdout, "%s:", value[0]);
1918 	value = __ns_ldap_getAttr(res->entry, "userPassword");
1919 	if (value == NULL || value[0] == NULL)
1920 		(void) fprintf(stdout, "*:");
1921 	else {
1922 		(void) strcpy(pnam, value[0]);
1923 		if (strncasecmp(value[0], "{crypt}", 7) == 0)
1924 			(void) fprintf(stdout, "%s:", (pnam+7));
1925 		else
1926 			(void) fprintf(stdout, "*:");
1927 	}
1928 	value = __ns_ldap_getAttr(res->entry, "gidNumber");
1929 	if (value && value[0])
1930 		(void) fprintf(stdout, "%s:", value[0]);
1931 
1932 	value = __ns_ldap_getAttr(res->entry, "memberUid");
1933 	if (value != NULL && value[0] != NULL) {
1934 		while (value[attr_count] != NULL) {
1935 			if (value[attr_count+1] == NULL)
1936 				(void) fprintf(stdout, "%s", value[attr_count]);
1937 			else
1938 				(void) fprintf(stdout, "%s,",
1939 				    value[attr_count]);
1940 			attr_count++;
1941 		}
1942 		(void) fprintf(stdout, "\n");
1943 	}
1944 	else
1945 		(void) fprintf(stdout, "\n");
1946 }
1947 
1948 
1949 
1950 
1951 
1952 /*
1953  * /etc/ethers
1954  */
1955 
1956 static int
1957 genent_ethers(char *line, int (*cback)())
1958 {
1959 	char buf[BUFSIZ+1];
1960 	char *t;
1961 	entry_col ecol[3];
1962 	int retval = 1;
1963 	struct _ns_ethers	data;
1964 	int rc = GENENT_OK;
1965 
1966 	/*
1967 	 * don't clobber our argument
1968 	 */
1969 	if (strlen(line) >= sizeof (buf)) {
1970 		(void) strlcpy(parse_err_msg, gettext("line too long"),
1971 		    PARSE_ERR_MSG_LEN);
1972 		return (GENENT_PARSEERR);
1973 	}
1974 	(void) strcpy(buf, line);
1975 
1976 	/*
1977 	 * clear column data
1978 	 */
1979 	(void) memset((char *)ecol, 0, sizeof (ecol));
1980 
1981 	/*
1982 	 * comment (col 2)
1983 	 */
1984 	t = strchr(buf, '#');
1985 	if (t) {
1986 		*t++ = 0;
1987 		ecol[2].ec_value.ec_value_val = t;
1988 		ecol[2].ec_value.ec_value_len = strlen(t)+1;
1989 	} else {
1990 		ecol[2].ec_value.ec_value_val = 0;
1991 		ecol[2].ec_value.ec_value_len = 0;
1992 	}
1993 
1994 	/*
1995 	 * addr(col 0)
1996 	 */
1997 	if ((t = strtok(buf, " \t")) == 0) {
1998 		(void) strlcpy(parse_err_msg, gettext("no name"),
1999 		    PARSE_ERR_MSG_LEN);
2000 		return (GENENT_PARSEERR);
2001 	}
2002 	ecol[0].ec_value.ec_value_val = t;
2003 	ecol[0].ec_value.ec_value_len = strlen(t)+1;
2004 
2005 	/*
2006 	 * name(col 1)
2007 	 */
2008 	if ((t = strtok(NULL, " \t")) == 0) {
2009 		(void) strlcpy(parse_err_msg,
2010 		    gettext("no white space allowed in name"),
2011 		    PARSE_ERR_MSG_LEN);
2012 		return (GENENT_PARSEERR);
2013 	}
2014 	ecol[1].ec_value.ec_value_val = t;
2015 	ecol[1].ec_value.ec_value_len = strlen(t)+1;
2016 
2017 
2018 	/*
2019 	 * build entry
2020 	 */
2021 
2022 	data.ether = strdup(ecol[0].ec_value.ec_value_val);
2023 	data.name  = strdup(ecol[1].ec_value.ec_value_val);
2024 
2025 
2026 	if (flags & F_VERBOSE)
2027 		(void) fprintf(stdout,
2028 		    gettext("Adding entry : %s\n"), data.name);
2029 
2030 	retval = (*cback)(&data, 0);
2031 
2032 	if (retval == LDAP_ALREADY_EXISTS) {
2033 		if (continue_onerror)
2034 			(void) fprintf(stderr,
2035 			    gettext("Entry: %s - already Exists,"
2036 			    " skipping it.\n"), data.name);
2037 		else {
2038 			rc = GENENT_CBERR;
2039 			(void) fprintf(stderr,
2040 			    gettext("Entry: %s - already Exists\n"),
2041 			    data.name);
2042 		}
2043 	} else if (retval)
2044 		rc = GENENT_CBERR;
2045 
2046 	free(data.ether);
2047 	free(data.name);
2048 
2049 	return (rc);
2050 }
2051 
2052 
2053 static void
2054 dump_ethers(ns_ldap_result_t *res)
2055 {
2056 	char	**value = NULL;
2057 
2058 	value = __ns_ldap_getAttr(res->entry, "macAddress");
2059 	if (value && value[0])
2060 		(void) fprintf(stdout, "%s", value[0]);
2061 	else
2062 		return;
2063 	value = __ns_ldap_getAttr(res->entry, "cn");
2064 	if (value && value[0])
2065 		(void) fprintf(stdout, "	%s\n", value[0]);
2066 }
2067 
2068 static int
2069 genent_aliases(char *line, int (*cback)())
2070 {
2071 	char buf[BUFSIZ+1];
2072 	char *t, *aliases;
2073 	char *cname;
2074 	int ctr = 0;
2075 	int retval = 1;
2076 	int i;
2077 
2078 	struct _ns_alias data;
2079 	char *alias;
2080 	int rc = GENENT_OK;
2081 
2082 	/*
2083 	 * don't clobber our argument
2084 	 */
2085 	if (strlen(line) >= sizeof (buf)) {
2086 		(void) strlcpy(parse_err_msg, gettext("line too long"),
2087 		    PARSE_ERR_MSG_LEN);
2088 		return (GENENT_PARSEERR);
2089 	}
2090 
2091 	(void) strcpy(buf, line);
2092 
2093 	if ((t = strchr(buf, ':')) == 0) {
2094 		(void) strlcpy(parse_err_msg, gettext("no alias name"),
2095 		    PARSE_ERR_MSG_LEN);
2096 		return (GENENT_PARSEERR);
2097 	}
2098 
2099 	t[0] = '\0';
2100 	if (++t == '\0') {
2101 		(void) strlcpy(parse_err_msg, gettext("no alias value"),
2102 		    PARSE_ERR_MSG_LEN);
2103 		return (GENENT_PARSEERR);
2104 	}
2105 
2106 	cname = buf;
2107 	aliases = t;
2108 
2109 	/* build entry */
2110 	data.alias = strdup(cname);
2111 	if (!data.alias) {
2112 		(void) fprintf(stderr, gettext("out of memory\n"));
2113 		exit(1);
2114 	}
2115 
2116 	data.member = NULL;
2117 	t = strtok(aliases, ",");
2118 	do {
2119 		ctr++;
2120 		while (t[0] == ' ')
2121 			t++;
2122 		alias = strdup(t);
2123 		if ((alias == NULL) ||
2124 		    ((data.member = (char **)realloc(data.member,
2125 		    (ctr + 1) * sizeof (char **))) == NULL)) {
2126 			(void) fprintf(stderr, gettext("out of memory\n"));
2127 			exit(1);
2128 		}
2129 		data.member[ctr-1] = alias;
2130 
2131 	} while (t = strtok(NULL, ","));
2132 
2133 	data.member[ctr] = NULL;
2134 
2135 	if (flags & F_VERBOSE)
2136 		(void) fprintf(stdout,
2137 		    gettext("Adding entry : %s\n"), data.alias);
2138 
2139 	retval = (*cback)(&data, 0);
2140 
2141 	if (retval == LDAP_ALREADY_EXISTS) {
2142 		if (continue_onerror)
2143 			(void) fprintf(stderr,
2144 			    gettext("Entry: %s - already Exists,"
2145 			    " skipping it.\n"), data.alias);
2146 		else {
2147 			rc = GENENT_CBERR;
2148 			(void) fprintf(stderr,
2149 			    gettext("Entry: %s - already Exists\n"),
2150 			    data.alias);
2151 		}
2152 	} else if (retval)
2153 		rc = GENENT_CBERR;
2154 
2155 	free(data.alias);
2156 	i = 0;
2157 	while (data.member[i])
2158 		free(data.member[i++]);
2159 	free(data.member);
2160 
2161 	return (rc);
2162 }
2163 
2164 
2165 static void
2166 dump_aliases(ns_ldap_result_t *res)
2167 {
2168 
2169 	char	**value = NULL;
2170 	int 		attr_count = 0;
2171 
2172 	value = __ns_ldap_getAttr(res->entry, "mail");
2173 	if (value && value[0])
2174 		(void) fprintf(stdout, "%s:", value[0]);
2175 	value = __ns_ldap_getAttr(res->entry, "mgrpRFC822MailMember");
2176 	if (value != NULL)
2177 		while (value[attr_count] != NULL) {
2178 			(void) fprintf(stdout, "%s,", value[attr_count]);
2179 			attr_count++;
2180 		}
2181 	(void) fprintf(stdout, "\n");
2182 
2183 }
2184 
2185 /*
2186  * /etc/publickey
2187  */
2188 
2189 static char *h_errno2str(int h_errno);
2190 
2191 static int
2192 genent_publickey(char *line, int (*cback)())
2193 {
2194 	char buf[BUFSIZ+1], tmpbuf[BUFSIZ+1], cname[BUFSIZ+1];
2195 	char *t, *p, *tmppubkey, *tmpprivkey;
2196 	entry_col ecol[3];
2197 	int buflen, uid, retval = 1, errnum = 0;
2198 	struct passwd *pwd;
2199 	char auth_type[BUFSIZ+1], *dot;
2200 	keylen_t keylen;
2201 	algtype_t algtype;
2202 	struct _ns_pubkey data;
2203 	struct hostent *hp;
2204 	struct in_addr in;
2205 	struct in6_addr in6;
2206 	char abuf[INET6_ADDRSTRLEN];
2207 
2208 	/*
2209 	 * don't clobber our argument
2210 	 */
2211 	if (strlen(line) >= sizeof (buf)) {
2212 		(void) strlcpy(parse_err_msg, gettext("line too long"),
2213 		    PARSE_ERR_MSG_LEN);
2214 		return (GENENT_PARSEERR);
2215 	}
2216 	(void) strcpy(buf, line);
2217 
2218 	/*
2219 	 * clear column data
2220 	 */
2221 	(void) memset((char *)ecol, 0, sizeof (ecol));
2222 
2223 	if ((t = strtok(buf, " \t")) == 0) {
2224 		(void) strlcpy(parse_err_msg, gettext("no cname"),
2225 		    PARSE_ERR_MSG_LEN);
2226 		return (GENENT_PARSEERR);
2227 	}
2228 
2229 	/*
2230 	 * Special case:  /etc/publickey usually has an entry
2231 	 * for principal "nobody".  We skip it.
2232 	 */
2233 	if (strcmp(t, "nobody") == 0)
2234 		return (GENENT_OK);
2235 
2236 	/*
2237 	 * cname (col 0)
2238 	 */
2239 	if (strncmp(t, "unix.", 5)) {
2240 		(void) strlcpy(parse_err_msg, gettext("bad cname"),
2241 		    PARSE_ERR_MSG_LEN);
2242 		return (GENENT_PARSEERR);
2243 	}
2244 	(void) strcpy(tmpbuf, &(t[5]));
2245 	if ((p = strchr(tmpbuf, '@')) == 0) {
2246 		(void) strlcpy(parse_err_msg, gettext("bad cname"),
2247 		    PARSE_ERR_MSG_LEN);
2248 		return (GENENT_PARSEERR);
2249 	}
2250 	*(p++) = 0;
2251 	if (isdigit(*tmpbuf)) {
2252 
2253 		uid = atoi(tmpbuf);
2254 		/*
2255 		 * don't generate entries for uids without passwd entries
2256 		 */
2257 		if ((pwd = getpwuid(uid)) == 0) {
2258 			(void) fprintf(stderr,
2259 			gettext("can't map uid %d to username, skipping\n"),
2260 			    uid);
2261 			return (GENENT_OK);
2262 		}
2263 		(void) strcpy(cname, pwd->pw_name);
2264 		data.hostcred = NS_HOSTCRED_FALSE;
2265 	} else {
2266 		if ((hp = getipnodebyname(tmpbuf, AF_INET6,
2267 		    AI_ALL | AI_V4MAPPED, &errnum)) == NULL) {
2268 			(void) fprintf(stderr,
2269 			    gettext("can't map hostname %s to hostaddress, "
2270 			    "errnum %d %s skipping\n"), tmpbuf, errnum,
2271 			    h_errno2str(errnum));
2272 			return (GENENT_OK);
2273 		}
2274 		(void) memcpy((char *)&in6.s6_addr, hp->h_addr_list[0],
2275 		    hp->h_length);
2276 		if (IN6_IS_ADDR_V4MAPPED(&in6) ||
2277 		    IN6_IS_ADDR_V4COMPAT(&in6)) {
2278 			IN6_V4MAPPED_TO_INADDR(&in6, &in);
2279 			if (inet_ntop(AF_INET, (const void *)&in, abuf,
2280 			    INET6_ADDRSTRLEN) == NULL) {
2281 				(void) fprintf(stderr,
2282 				    gettext("can't convert IPV4 address of"
2283 				    " hostname %s to string, "
2284 				    "skipping\n"), tmpbuf);
2285 					return (GENENT_OK);
2286 			}
2287 		} else {
2288 			if (inet_ntop(AF_INET6, (const void *)&in6, abuf,
2289 			    INET6_ADDRSTRLEN) == NULL) {
2290 				(void) fprintf(stderr,
2291 				    gettext("can't convert IPV6 address of"
2292 				    " hostname %s to string, "
2293 				    "skipping\n"), tmpbuf);
2294 					return (GENENT_OK);
2295 			}
2296 		}
2297 		data.hostcred = NS_HOSTCRED_TRUE;
2298 		/*
2299 		 * tmpbuf could be an alias, use hp->h_name instead.
2300 		 * hp->h_name is in FQDN format, so extract 1st field.
2301 		 */
2302 		if ((dot = strchr(hp->h_name, '.')) != NULL)
2303 			*dot = '\0';
2304 		(void) snprintf(cname, sizeof (cname),
2305 		    "%s+ipHostNumber=%s", hp->h_name, abuf);
2306 		if (dot)
2307 			*dot = '.';
2308 	}
2309 
2310 	ecol[0].ec_value.ec_value_val = cname;
2311 	ecol[0].ec_value.ec_value_len = strlen(cname)+1;
2312 
2313 	/*
2314 	 * public_data (col 1)
2315 	 */
2316 	if ((t = strtok(NULL, " \t")) == 0) {
2317 		(void) strlcpy(parse_err_msg, gettext("no private_data"),
2318 		    PARSE_ERR_MSG_LEN);
2319 		return (GENENT_PARSEERR);
2320 	}
2321 	if ((p = strchr(t, ':')) == 0) {
2322 		(void) strlcpy(parse_err_msg, gettext("bad public_data"),
2323 		    PARSE_ERR_MSG_LEN);
2324 		return (GENENT_PARSEERR);
2325 	}
2326 	*(p++) = 0;
2327 	ecol[1].ec_value.ec_value_val = t;
2328 	ecol[1].ec_value.ec_value_len = strlen(t)+1;
2329 	keylen = (strlen(t) / 2) * 8;
2330 
2331 	/*
2332 	 * private_data (col 2) and algtype extraction
2333 	 */
2334 	if (*p == ':')
2335 		p++;
2336 	t = p;
2337 	if (!(t = strchr(t, ':'))) {
2338 		(void) fprintf(stderr,
2339 		    gettext("WARNING: No algorithm type data found "
2340 		    "in publickey file, assuming 0\n"));
2341 		algtype = 0;
2342 	} else {
2343 		*t = '\0';
2344 		t++;
2345 		algtype = atoi(t);
2346 	}
2347 	ecol[2].ec_value.ec_value_val = p;
2348 	ecol[2].ec_value.ec_value_len = strlen(p)+1;
2349 
2350 	/*
2351 	 * auth_type (col 1)
2352 	 */
2353 	if (AUTH_DES_KEY(keylen, algtype))
2354 		/*
2355 		 * {DES} and {DH192-0} means same thing.
2356 		 * However, nisplus uses "DES" and ldap uses "DH192-0"
2357 		 * internally.
2358 		 * See newkey(1M), __nis_mechalias2authtype() which is
2359 		 * called by __nis_keyalg2authtype() and getkey_ldap_g()
2360 		 */
2361 		(void) strlcpy(auth_type, "DH192-0", BUFSIZ+1);
2362 	else if (!(__nis_keyalg2authtype(keylen, algtype, auth_type,
2363 	    MECH_MAXATNAME))) {
2364 		(void) fprintf(stderr,
2365 		    gettext("Could not convert algorithm type to "
2366 		    "corresponding auth type string\n"));
2367 		return (GENENT_ERR);
2368 	}
2369 
2370 	/*
2371 	 * build entry
2372 	 */
2373 	data.name = strdup(ecol[0].ec_value.ec_value_val);
2374 	if (data.name == NULL) {
2375 		(void) fprintf(stderr, gettext("out of memory\n"));
2376 		exit(1);
2377 	}
2378 
2379 	buflen = sizeof (auth_type) + strlen(ecol[1].ec_value.ec_value_val) + 3;
2380 	if ((tmppubkey = (char *)malloc(buflen)) == NULL) {
2381 		(void) fprintf(stderr, gettext("out of memory\n"));
2382 		exit(1);
2383 	}
2384 	(void) snprintf(tmppubkey, buflen, "{%s}%s", auth_type,
2385 	    ecol[1].ec_value.ec_value_val);
2386 	data.pubkey = tmppubkey;
2387 
2388 	buflen = sizeof (auth_type) + strlen(ecol[2].ec_value.ec_value_val) + 3;
2389 	if ((tmpprivkey = (char *)malloc(buflen)) == NULL) {
2390 		(void) fprintf(stderr, gettext("out of memory\n"));
2391 		exit(1);
2392 	}
2393 
2394 	(void) snprintf(tmpprivkey, buflen, "{%s}%s", auth_type,
2395 	    ecol[2].ec_value.ec_value_val);
2396 	data.privkey = tmpprivkey;
2397 
2398 	retval = (*cback)(&data, 1);
2399 	if (retval != NS_LDAP_SUCCESS) {
2400 		if (retval == LDAP_NO_SUCH_OBJECT) {
2401 			if (data.hostcred == NS_HOSTCRED_TRUE)
2402 				(void) fprintf(stdout,
2403 				    gettext("Cannot add publickey entry"" (%s),"
2404 				    " add host entry first\n"),
2405 				    tmpbuf);
2406 			else
2407 				(void) fprintf(stdout,
2408 				    gettext("Cannot add publickey entry (%s), "
2409 				    "add passwd entry first\n"),
2410 				    data.name);
2411 		}
2412 		if (continue_onerror == 0)
2413 			return (GENENT_CBERR);
2414 	}
2415 
2416 	free(data.name);
2417 	free(data.pubkey);
2418 	free(data.privkey);
2419 	return (GENENT_OK);
2420 }
2421 
2422 static void
2423 dump_publickey(ns_ldap_result_t *res, char *container)
2424 {
2425 	char	**value = NULL;
2426 	char	buf[BUFSIZ];
2427 	char	domainname[BUFSIZ];
2428 	char	*pubptr, *prvptr;
2429 
2430 	if (res == NULL)
2431 		return;
2432 
2433 	if (sysinfo(SI_SRPC_DOMAIN, domainname, BUFSIZ) < 0) {
2434 		(void) fprintf(stderr,
2435 		    gettext("could not obtain domainname\n"));
2436 		exit(1);
2437 	}
2438 
2439 	/*
2440 	 * Retrieve all the attributes, but don't print
2441 	 * until we have all the required ones.
2442 	 */
2443 
2444 	if (strcmp(container, "passwd") == 0)
2445 		value = __ns_ldap_getAttr(res->entry, "uidNumber");
2446 	else
2447 		value = __ns_ldap_getAttr(res->entry, "cn");
2448 
2449 	if (value && value[0])
2450 		(void) snprintf(buf, sizeof (buf), "unix.%s@%s",
2451 		    value[0], domainname);
2452 	else
2453 		return;
2454 
2455 	value = __ns_ldap_getAttr(res->entry, "nisPublickey");
2456 	if (value != NULL && value[0] != NULL) {
2457 		if ((pubptr = strchr(value[0], '}')) == NULL)
2458 			return;
2459 	}
2460 
2461 	value = __ns_ldap_getAttr(res->entry, "nisSecretkey");
2462 	if (value != NULL && value[0] != NULL)
2463 		if ((prvptr = strchr(value[0], '}')) == NULL)
2464 			return;
2465 
2466 	/* print the attributes, algorithm type is always 0 */
2467 	(void) fprintf(stdout, "%s	%s:%s:0\n", buf, ++pubptr, ++prvptr);
2468 }
2469 
2470 
2471 
2472 /*
2473  * /etc/netmasks
2474  */
2475 
2476 static int
2477 genent_netmasks(char *line, int (*cback)())
2478 {
2479 	char buf[BUFSIZ+1];
2480 	char *t;
2481 	entry_col ecol[3];
2482 	int retval;
2483 
2484 	struct _ns_netmasks data;
2485 
2486 
2487 	/*
2488 	 * don't clobber our argument
2489 	 */
2490 	if (strlen(line) >= sizeof (buf)) {
2491 		(void) strlcpy(parse_err_msg, gettext("line too long"),
2492 		    PARSE_ERR_MSG_LEN);
2493 		return (GENENT_PARSEERR);
2494 	}
2495 	(void) strcpy(buf, line);
2496 
2497 	/*
2498 	 * clear column data
2499 	 */
2500 	(void) memset((char *)ecol, 0, sizeof (ecol));
2501 
2502 	/*
2503 	 * comment (col 2)
2504 	 */
2505 	t = strchr(buf, '#');
2506 	if (t) {
2507 		*t++ = 0;
2508 		ecol[2].ec_value.ec_value_val = t;
2509 		ecol[2].ec_value.ec_value_len = strlen(t)+1;
2510 	} else {
2511 		ecol[2].ec_value.ec_value_val = 0;
2512 		ecol[2].ec_value.ec_value_len = 0;
2513 	}
2514 
2515 	/*
2516 	 * addr(col 0)
2517 	 */
2518 	if ((t = strtok(buf, " \t")) == 0) {
2519 		(void) strlcpy(parse_err_msg, gettext("no mask"),
2520 		    PARSE_ERR_MSG_LEN);
2521 		return (GENENT_PARSEERR);
2522 	}
2523 	ecol[0].ec_value.ec_value_val = t;
2524 	ecol[0].ec_value.ec_value_len = strlen(t)+1;
2525 
2526 	/*
2527 	 * mask (col 1)
2528 	 */
2529 	if ((t = strtok(NULL, " \t")) == 0) {
2530 		(void) strlcpy(parse_err_msg, gettext("no mask"),
2531 		    PARSE_ERR_MSG_LEN);
2532 		return (GENENT_PARSEERR);
2533 	}
2534 	ecol[1].ec_value.ec_value_val = t;
2535 	ecol[1].ec_value.ec_value_len = strlen(t)+1;
2536 
2537 	/* build entry */
2538 	data.netnumber = ecol[0].ec_value.ec_value_val;
2539 	data.netmask = ecol[1].ec_value.ec_value_val;
2540 
2541 	if (flags & F_VERBOSE)
2542 		(void) fprintf(stdout,
2543 		    gettext("Adding entry : %s\n"), data.netnumber);
2544 
2545 	retval = (*cback)(&data, 1);
2546 	if (retval != NS_LDAP_SUCCESS) {
2547 		if (retval == LDAP_NO_SUCH_OBJECT)
2548 			(void) fprintf(stdout,
2549 			    gettext("Cannot add netmask entry (%s), "
2550 			    "add network entry first\n"), data.netnumber);
2551 		if (continue_onerror == 0)
2552 			return (GENENT_CBERR);
2553 	}
2554 
2555 	return (GENENT_OK);
2556 }
2557 
2558 static void
2559 dump_netmasks(ns_ldap_result_t *res)
2560 {
2561 	char	**value = NULL;
2562 
2563 	value = __ns_ldap_getAttr(res->entry, "ipNetworkNumber");
2564 	if (value && value[0])
2565 		(void) fprintf(stdout, "%s", value[0]);
2566 	value = __ns_ldap_getAttr(res->entry, "ipNetmaskNumber");
2567 	if (value && value[0])
2568 		(void) fprintf(stdout, "	%s\n", value[0]);
2569 }
2570 
2571 
2572 /*
2573  * /etc/netgroup
2574  * column data format is:
2575  *    col 0: netgroup name (or cname)
2576  *    col 1: netgroup member, if this is a triplet
2577  *    col 2: netgroup member, if not a triplet
2578  *    col 3: comment
2579  */
2580 
2581 static int
2582 genent_netgroup(char *line, int (*cback)())
2583 {
2584 	char buf[BIGBUF+1];    /* netgroup entries tend to be big */
2585 	char *t;
2586 	char *cname = NULL;
2587 	entry_col ecol[4];
2588 	char *netg_tmp = NULL, *triplet_tmp = NULL;
2589 	int netgcount = 0, tripletcount = 0, retval = 1, i;
2590 	struct _ns_netgroups data;
2591 	int rc = GENENT_OK;
2592 
2593 	/* don't clobber our argument */
2594 	if (strlen(line) >= sizeof (buf)) {
2595 		(void) strlcpy(parse_err_msg, gettext("line too long"),
2596 		    PARSE_ERR_MSG_LEN);
2597 		return (GENENT_PARSEERR);
2598 	}
2599 	(void) strcpy(buf, line);
2600 
2601 	/* clear column data */
2602 	(void) memset((char *)ecol, 0, sizeof (ecol));
2603 
2604 	/*
2605 	 * process 1st minimal entry, to validate that there is no
2606 	 * parsing error.
2607 	 * start with comment(col 3)
2608 	 */
2609 	t = strchr(buf, '#');
2610 	if (t) {
2611 		*t++ = 0;
2612 		ecol[3].ec_value.ec_value_val = t;
2613 		ecol[3].ec_value.ec_value_len = strlen(t)+1;
2614 	} else {
2615 		ecol[3].ec_value.ec_value_val = "";
2616 		ecol[3].ec_value.ec_value_len = 0;
2617 	}
2618 
2619 	ecol[1].ec_value.ec_value_val = NULL;
2620 	ecol[2].ec_value.ec_value_val = NULL;
2621 
2622 	/* cname (col 0) */
2623 	if ((t = strtok(buf, " \t")) == 0) {
2624 		(void) strlcpy(parse_err_msg, gettext("no cname"),
2625 		    PARSE_ERR_MSG_LEN);
2626 		return (GENENT_PARSEERR);
2627 	}
2628 
2629 	ecol[0].ec_value.ec_value_val = t;
2630 	ecol[0].ec_value.ec_value_len = strlen(t)+1;
2631 	cname = t;
2632 
2633 	/* addr(col 1 and 2) */
2634 	if ((t = strtok(NULL, " \t")) == 0) {
2635 		(void) strlcpy(parse_err_msg,
2636 		    gettext("no members for netgroup"), PARSE_ERR_MSG_LEN);
2637 		return (GENENT_PARSEERR);
2638 	}
2639 
2640 	if (*t == '(') {
2641 		/* if token starts with '(' it must be a valid triplet */
2642 		if (is_triplet(t)) {
2643 			ecol[1].ec_value.ec_value_val = t;
2644 			ecol[1].ec_value.ec_value_len = strlen(t)+1;
2645 		} else {
2646 			(void) strlcpy(parse_err_msg,
2647 			    gettext("invalid triplet"), PARSE_ERR_MSG_LEN);
2648 			return (GENENT_PARSEERR);
2649 		}
2650 	} else {
2651 		ecol[2].ec_value.ec_value_val = t;
2652 		ecol[2].ec_value.ec_value_len = strlen(t)+1;
2653 	}
2654 
2655 	/*
2656 	 * now build entry.
2657 	 * start by clearing entry data
2658 	 */
2659 	(void) memset((struct _ns_netgroups *)&data, 0, sizeof (data));
2660 
2661 	data.name = strdup(ecol[0].ec_value.ec_value_val);
2662 
2663 	if (ecol[1].ec_value.ec_value_val != NULL) {
2664 		if ((data.triplet = calloc(1, sizeof (char **))) == NULL) {
2665 				(void) fprintf(stderr,
2666 				    gettext("out of memory\n"));
2667 				exit(1);
2668 		}
2669 		data.triplet[tripletcount++] =
2670 		    strdup(ecol[1].ec_value.ec_value_val);
2671 	} else if (ecol[2].ec_value.ec_value_val != NULL) {
2672 			if ((data.netgroup = calloc(1, sizeof (char **)))
2673 			    == NULL) {
2674 					(void) fprintf(stderr,
2675 				    gettext("out of memory\n"));
2676 					exit(1);
2677 			}
2678 			data.netgroup[netgcount++] =
2679 			    strdup(ecol[2].ec_value.ec_value_val);
2680 	}
2681 
2682 	/*
2683 	 * we now have a valid entry (at least 1 netgroup name and
2684 	 * 1 netgroup member), proceed with the rest of the line
2685 	 */
2686 	while (rc == GENENT_OK && (t = strtok(NULL, " \t"))) {
2687 
2688 		/* if next token is equal to netgroup name, ignore */
2689 		if (t != cname && strcasecmp(t, cname) == 0)
2690 			continue;
2691 		if (strcasecmp(t, ecol[0].ec_value.ec_value_val) == 0)
2692 			continue;
2693 
2694 		if (*t == '(') {
2695 			if (is_triplet(t)) {
2696 				/* skip a triplet if it is added already */
2697 				for (i = 0; i < tripletcount &&
2698 				    strcmp(t, data.triplet[i]); i++)
2699 					;
2700 				if (i < tripletcount)
2701 					continue;
2702 
2703 				tripletcount++;
2704 				triplet_tmp = strdup(t);
2705 				if ((data.triplet = (char **)realloc(
2706 				    data.triplet,
2707 				    tripletcount * sizeof (char **))) == NULL) {
2708 					(void) fprintf(stderr,
2709 					    gettext("out of memory\n"));
2710 					exit(1);
2711 				}
2712 				data.triplet[tripletcount-1] = triplet_tmp;
2713 			} else {
2714 				(void) strlcpy(parse_err_msg,
2715 				    gettext("invalid triplet"),
2716 				    PARSE_ERR_MSG_LEN);
2717 				rc = GENENT_PARSEERR;
2718 			}
2719 		} else {
2720 			/* skip a netgroup if it is added already */
2721 			for (i = 0; i < netgcount &&
2722 			    strcmp(t, data.netgroup[i]); i++)
2723 				;
2724 			if (i < netgcount)
2725 				continue;
2726 
2727 			netgcount++;
2728 			netg_tmp = strdup(t);
2729 			if ((data.netgroup = (char **)realloc(data.netgroup,
2730 			    netgcount * sizeof (char **))) == NULL) {
2731 				(void) fprintf(stderr,
2732 				gettext("out of memory\n"));
2733 				exit(1);
2734 			}
2735 			data.netgroup[netgcount-1] = netg_tmp;
2736 		}
2737 	}
2738 
2739 	/* End the list with NULL */
2740 	if ((data.triplet = (char **)realloc(data.triplet,
2741 	    (tripletcount + 1) * sizeof (char **))) == NULL) {
2742 		(void) fprintf(stderr, gettext("out of memory\n"));
2743 		exit(1);
2744 	}
2745 	data.triplet[tripletcount] = NULL;
2746 	if ((data.netgroup = (char **)realloc(data.netgroup,
2747 	    (netgcount + 1) * sizeof (char **))) == NULL) {
2748 		(void) fprintf(stderr, gettext("out of memory\n"));
2749 		exit(1);
2750 	}
2751 	data.netgroup[netgcount] = NULL;
2752 
2753 	if (rc == GENENT_OK) {
2754 		if (flags & F_VERBOSE)
2755 			(void) fprintf(stdout,
2756 			    gettext("Adding entry : %s\n"), data.name);
2757 
2758 		retval = (*cback)(&data, 0);
2759 
2760 		if (retval == LDAP_ALREADY_EXISTS) {
2761 			if (continue_onerror)
2762 				(void) fprintf(stderr, gettext(
2763 				    "Entry: %s - already Exists,"
2764 				    " skipping it.\n"), data.name);
2765 			else {
2766 				rc = GENENT_CBERR;
2767 				(void) fprintf(stderr,
2768 				    gettext("Entry: %s - already Exists\n"),
2769 				    data.name);
2770 			}
2771 		} else if (retval)
2772 			rc = GENENT_CBERR;
2773 	}
2774 
2775 	/* release memory allocated by strdup() */
2776 	for (i = 0; i < tripletcount; i++) {
2777 		free(data.triplet[i]);
2778 	}
2779 	for (i = 0; i < netgcount; i++) {
2780 		free(data.netgroup[i]);
2781 	}
2782 
2783 	free(data.name);
2784 	free(data.triplet);
2785 	free(data.netgroup);
2786 
2787 	return (rc);
2788 }
2789 
2790 static void
2791 dump_netgroup(ns_ldap_result_t *res)
2792 {
2793 	char	**value = NULL;
2794 	int	attr_count = 0;
2795 
2796 	value = __ns_ldap_getAttr(res->entry, "cn");
2797 	if ((value != NULL) && (value[0] != NULL))
2798 		(void) fprintf(stdout, "%s", value[0]);
2799 	else
2800 		return;
2801 	value = __ns_ldap_getAttr(res->entry, "nisNetgroupTriple");
2802 	if (value != NULL)
2803 		while (value[attr_count] != NULL) {
2804 			(void) fprintf(stdout, " %s", value[attr_count]);
2805 			attr_count++;
2806 		}
2807 	attr_count = 0;
2808 	value = __ns_ldap_getAttr(res->entry, "memberNisNetgroup");
2809 	if (value != NULL)
2810 		while (value[attr_count] != NULL) {
2811 			(void) fprintf(stdout, " %s", value[attr_count]);
2812 			attr_count++;
2813 		}
2814 	(void) fprintf(stdout, "\n");
2815 
2816 }
2817 
2818 static int
2819 genent_automount(char *line, int (*cback)())
2820 {
2821 	char buf[BUFSIZ+1];
2822 	char *t, *s;
2823 	entry_col ecol[2];
2824 	struct _ns_automount data;
2825 	int retval = 1;
2826 	int rc = GENENT_OK;
2827 
2828 	/*
2829 	 * don't clobber our argument
2830 	 */
2831 	if (strlen(line) >= sizeof (buf)) {
2832 		(void) strlcpy(parse_err_msg, gettext("line too long"),
2833 		    PARSE_ERR_MSG_LEN);
2834 		return (GENENT_PARSEERR);
2835 	}
2836 
2837 	/* replace every tabspace with single space */
2838 	replace_tab2space(line);
2839 	(void) strcpy(buf, line);
2840 
2841 	/*
2842 	 * clear column data
2843 	 */
2844 	(void) memset((char *)ecol, 0, sizeof (ecol));
2845 
2846 	/*
2847 	 * key (col 0)
2848 	 */
2849 	t = buf;
2850 	while (t[0] == ' ')
2851 		t++;
2852 
2853 	if ((s = strchr(t, ' ')) == 0) {
2854 		return (GENENT_PARSEERR);
2855 	}
2856 	*s++ = 0;
2857 
2858 	ecol[0].ec_value.ec_value_val = t;
2859 	ecol[0].ec_value.ec_value_len = strlen(t)+1;
2860 	t = s;
2861 
2862 	while (t[0] == ' ')
2863 		t++;
2864 
2865 	/*
2866 	 * mapentry (col 1)
2867 	 */
2868 
2869 	ecol[1].ec_value.ec_value_val = t;
2870 	ecol[1].ec_value.ec_value_len = strlen(t)+1;
2871 
2872 	data.mapname = strdup(databasetype);
2873 	data.key = strdup(ecol[0].ec_value.ec_value_val);
2874 	data.value = strdup(ecol[1].ec_value.ec_value_val);
2875 
2876 	if (flags & F_VERBOSE)
2877 		(void) fprintf(stdout,
2878 		    gettext("Adding entry : %s\n"), data.key);
2879 
2880 	retval = (*cback)(&data, 0);
2881 
2882 	if (retval == LDAP_ALREADY_EXISTS) {
2883 		if (continue_onerror)
2884 			(void) fprintf(stderr,
2885 			    gettext("Entry: %s - already Exists,"
2886 			    " skipping it.\n"), data.key);
2887 		else {
2888 			rc = GENENT_CBERR;
2889 			(void) fprintf(stderr,
2890 			    gettext("Entry: %s - already Exists\n"),
2891 			    data.key);
2892 		}
2893 	} else if (retval)
2894 		rc = GENENT_CBERR;
2895 
2896 	free(data.mapname);
2897 	free(data.key);
2898 	free(data.value);
2899 	return (rc);
2900 }
2901 
2902 static void
2903 dump_automount(ns_ldap_result_t *res)
2904 {
2905 	char	**value = NULL;
2906 
2907 	if (res == NULL)
2908 		return;
2909 
2910 	value = __ns_ldap_getAttr(res->entry, "automountKey");
2911 	if (value != NULL) {
2912 		(void) fprintf(stdout, "%s", value[0]);
2913 		value = __ns_ldap_getAttr(res->entry, "automountInformation");
2914 		if (value != NULL)
2915 			(void) fprintf(stdout, "	%s\n", value[0]);
2916 		else
2917 			(void) fprintf(stdout, "\n");
2918 	}
2919 }
2920 
2921 
2922 /*
2923  * /etc/passwd
2924  *
2925  */
2926 
2927 static int
2928 genent_passwd(char *line, int (*cback)())
2929 {
2930 	char buf[BUFSIZ+1];
2931 	char *s, *t;
2932 	entry_col ecol[8];
2933 	int retval = 1;
2934 	char pname[BUFSIZ];
2935 
2936 	struct passwd	data;
2937 	int rc = GENENT_OK;
2938 
2939 
2940 	/*
2941 	 * don't clobber our argument
2942 	 */
2943 	if (strlen(line) >= sizeof (buf)) {
2944 		(void) strlcpy(parse_err_msg, gettext("line too long"),
2945 		    PARSE_ERR_MSG_LEN);
2946 		return (GENENT_PARSEERR);
2947 	}
2948 	(void) strcpy(buf, line);
2949 	t = buf;
2950 
2951 	/* ignore empty entries */
2952 	if (*t == '\0')
2953 		return (GENENT_OK);
2954 
2955 	/*
2956 	 * clear column data
2957 	 */
2958 	(void) memset((char *)ecol, 0, sizeof (ecol));
2959 
2960 	/*
2961 	 * name (col 0)
2962 	 */
2963 	if ((s = strchr(t, ':')) == 0) {
2964 		(void) strlcpy(parse_err_msg, gettext("no password"),
2965 		    PARSE_ERR_MSG_LEN);
2966 		return (GENENT_PARSEERR);
2967 	}
2968 	*s++ = 0;
2969 	ecol[0].ec_value.ec_value_val = t;
2970 	ecol[0].ec_value.ec_value_len = strlen(t)+1;
2971 	t = s;
2972 
2973 	/*
2974 	 * passwd (col 1)
2975 	 */
2976 	if ((s = strchr(t, ':')) == 0) {
2977 		(void) strlcpy(parse_err_msg, gettext("no uid"),
2978 		    PARSE_ERR_MSG_LEN);
2979 		return (GENENT_PARSEERR);
2980 	}
2981 	*s++ = 0;
2982 
2983 	ecol[1].ec_value.ec_value_val = t;
2984 	ecol[1].ec_value.ec_value_len = strlen(t)+1;
2985 
2986 	t = s;
2987 
2988 	/*
2989 	 * uid (col 2)
2990 	 */
2991 	if ((s = strchr(t, ':')) == 0 || s == t) {
2992 		(void) strlcpy(parse_err_msg, gettext("no gid"),
2993 		    PARSE_ERR_MSG_LEN);
2994 		return (GENENT_PARSEERR);
2995 	}
2996 	*s++ = 0;
2997 	ecol[2].ec_value.ec_value_val = t;
2998 	ecol[2].ec_value.ec_value_len = strlen(t)+1;
2999 	t = s;
3000 
3001 	/*
3002 	 * gid (col 3)
3003 	 */
3004 	if ((s = strchr(t, ':')) == 0 || s == t) {
3005 		(void) strlcpy(parse_err_msg, gettext("no gcos"),
3006 		    PARSE_ERR_MSG_LEN);
3007 		return (GENENT_PARSEERR);
3008 	}
3009 	*s++ = 0;
3010 	ecol[3].ec_value.ec_value_val = t;
3011 	ecol[3].ec_value.ec_value_len = strlen(t)+1;
3012 	t = s;
3013 
3014 	/*
3015 	 * gcos (col 4)
3016 	 */
3017 	if ((s = strchr(t, ':')) == 0) {
3018 		(void) strlcpy(parse_err_msg, gettext("no home"),
3019 		    PARSE_ERR_MSG_LEN);
3020 		return (GENENT_PARSEERR);
3021 	}
3022 	*s++ = 0;
3023 	ecol[4].ec_value.ec_value_val = t;
3024 	ecol[4].ec_value.ec_value_len = strlen(t)+1;
3025 	t = s;
3026 
3027 	/*
3028 	 * home (col 5)
3029 	 */
3030 	if ((s = strchr(t, ':')) == 0) {
3031 		(void) strlcpy(parse_err_msg, gettext("no shell"),
3032 		    PARSE_ERR_MSG_LEN);
3033 		return (GENENT_PARSEERR);
3034 	}
3035 	*s++ = 0;
3036 	ecol[5].ec_value.ec_value_val = t;
3037 	ecol[5].ec_value.ec_value_len = strlen(t)+1;
3038 	t = s;
3039 
3040 	/*
3041 	 * shell (col 6)
3042 	 */
3043 	ecol[6].ec_value.ec_value_val = t;
3044 	ecol[6].ec_value.ec_value_len = strlen(t)+1;
3045 
3046 	/*
3047 	 * build entry
3048 	 */
3049 	data.pw_name = strdup(ecol[0].ec_value.ec_value_val);
3050 
3051 	if (flags & F_PASSWD) {
3052 		/* Add {crypt} before passwd entry */
3053 		(void) snprintf(pname, sizeof (pname), "{crypt}%s",
3054 		    ecol[1].ec_value.ec_value_val);
3055 		data.pw_passwd = strdup(pname);
3056 	}
3057 	else
3058 		data.pw_passwd = NULL;
3059 
3060 	if (ecol[2].ec_value.ec_value_val != NULL &&
3061 	    ecol[2].ec_value.ec_value_val[0] != '\0') {
3062 		data.pw_uid = ascii_to_int(ecol[2].ec_value.ec_value_val);
3063 		if (data.pw_uid == (uid_t)-1) {
3064 			(void) snprintf(parse_err_msg, sizeof (parse_err_msg),
3065 			    gettext("invalid uid : %s"),
3066 			    ecol[2].ec_value.ec_value_val);
3067 		return (GENENT_PARSEERR);
3068 		}
3069 	} else
3070 		data.pw_uid = (uid_t)-1;
3071 
3072 	if (ecol[3].ec_value.ec_value_val != NULL &&
3073 	    ecol[3].ec_value.ec_value_val[0] != '\0') {
3074 
3075 		data.pw_gid = ascii_to_int(ecol[3].ec_value.ec_value_val);
3076 		if (data.pw_gid == (uid_t)-1) {
3077 			(void) snprintf(parse_err_msg, sizeof (parse_err_msg),
3078 			    gettext("invalid gid : %s"),
3079 			    ecol[3].ec_value.ec_value_val);
3080 		return (GENENT_PARSEERR);
3081 		}
3082 	} else
3083 		data.pw_gid = (uid_t)-1;
3084 
3085 	data.pw_age = NULL;
3086 	data.pw_comment = NULL;
3087 	data.pw_gecos = strdup(ecol[4].ec_value.ec_value_val);
3088 	data.pw_dir = strdup(ecol[5].ec_value.ec_value_val);
3089 	data.pw_shell = strdup(ecol[6].ec_value.ec_value_val);
3090 
3091 	if (flags & F_VERBOSE)
3092 		(void) fprintf(stdout,
3093 		    gettext("Adding entry : %s\n"), data.pw_name);
3094 
3095 	retval = (*cback)(&data, 0);
3096 
3097 	if (retval == LDAP_ALREADY_EXISTS) {
3098 		if (continue_onerror)
3099 			(void) fprintf(stderr,
3100 			    gettext("Entry: %s - already Exists,"
3101 			    " skipping it.\n"), data.pw_name);
3102 		else {
3103 			rc = GENENT_CBERR;
3104 			(void) fprintf(stderr,
3105 			    gettext("Entry: %s - already Exists\n"),
3106 			    data.pw_name);
3107 		}
3108 	} else if (retval)
3109 		rc = GENENT_CBERR;
3110 
3111 	free(data.pw_name);
3112 	free(data.pw_gecos);
3113 	free(data.pw_dir);
3114 	free(data.pw_shell);
3115 	return (rc);
3116 }
3117 
3118 
3119 static void
3120 dump_passwd(ns_ldap_result_t *res)
3121 {
3122 	char    **value = NULL;
3123 
3124 	value = __ns_ldap_getAttr(res->entry, "uid");
3125 	if (value == NULL)
3126 		return;
3127 	else
3128 		(void) fprintf(stdout, "%s:", value[0]);
3129 	value = __ns_ldap_getAttr(res->entry, "userPassword");
3130 
3131 	/*
3132 	 * Don't print the encrypted password, Use x to
3133 	 * indicate it is in the shadow database.
3134 	 */
3135 	(void) fprintf(stdout, "x:");
3136 
3137 	value = __ns_ldap_getAttr(res->entry, "uidNumber");
3138 	if (value && value[0])
3139 		(void) fprintf(stdout, "%s:", value[0]);
3140 	value = __ns_ldap_getAttr(res->entry, "gidNumber");
3141 	if (value && value[0])
3142 		(void) fprintf(stdout, "%s:", value[0]);
3143 	value = __ns_ldap_getAttr(res->entry, "gecos");
3144 	if (value == NULL)
3145 		(void) fprintf(stdout, ":");
3146 	else
3147 		(void) fprintf(stdout, "%s:", value[0]);
3148 	value = __ns_ldap_getAttr(res->entry, "homeDirectory");
3149 	if (value == NULL)
3150 		(void) fprintf(stdout, ":");
3151 	else
3152 		(void) fprintf(stdout, "%s:", value[0]);
3153 	value = __ns_ldap_getAttr(res->entry, "loginShell");
3154 	if (value == NULL)
3155 		(void) fprintf(stdout, "\n");
3156 	else
3157 		(void) fprintf(stdout, "%s\n", value[0]);
3158 
3159 }
3160 
3161 /*
3162  * /etc/shadow
3163  */
3164 
3165 static int
3166 genent_shadow(char *line, int (*cback)())
3167 {
3168 	char buf[BUFSIZ+1];
3169 	char *s, *t;
3170 	entry_col ecol[9];
3171 	char pname[BUFSIZ];
3172 
3173 	struct spwd	data;
3174 	int spflag;
3175 	int retval;
3176 
3177 
3178 	/*
3179 	 * don't clobber our argument
3180 	 */
3181 	if (strlen(line) >= sizeof (buf)) {
3182 		(void) strlcpy(parse_err_msg, gettext("line too long"),
3183 		    PARSE_ERR_MSG_LEN);
3184 		return (GENENT_PARSEERR);
3185 	}
3186 	(void) strcpy(buf, line);
3187 	t = buf;
3188 
3189 	/* ignore empty entries */
3190 	if (*t == '\0')
3191 		return (GENENT_OK);
3192 
3193 	/*
3194 	 * clear column data
3195 	 */
3196 	(void) memset((char *)ecol, 0, sizeof (ecol));
3197 
3198 	/*
3199 	 * name (col 0)
3200 	 */
3201 	if ((s = strchr(t, ':')) == 0) {
3202 		(void) strlcpy(parse_err_msg, gettext("no uid"),
3203 		    PARSE_ERR_MSG_LEN);
3204 		return (GENENT_PARSEERR);
3205 	}
3206 	*s++ = 0;
3207 	ecol[0].ec_value.ec_value_val = t;
3208 	ecol[0].ec_value.ec_value_len = strlen(t)+1;
3209 	t = s;
3210 
3211 	/*
3212 	 * passwd (col 1)
3213 	 */
3214 	if ((s = strchr(t, ':')) == 0) {
3215 		(void) strlcpy(parse_err_msg, gettext("Improper format"),
3216 		    PARSE_ERR_MSG_LEN);
3217 		return (GENENT_PARSEERR);
3218 	}
3219 	*s++ = 0;
3220 
3221 		ecol[1].ec_value.ec_value_val = t;
3222 		ecol[1].ec_value.ec_value_len = strlen(t)+1;
3223 
3224 	t = s;
3225 
3226 	/*
3227 	 * shadow last change (col 2)
3228 	 */
3229 	if ((s = strchr(t, ':')) == 0) {
3230 		(void) strlcpy(parse_err_msg, gettext("Improper format"),
3231 		    PARSE_ERR_MSG_LEN);
3232 		return (GENENT_PARSEERR);
3233 	}
3234 	*s++ = 0;
3235 	ecol[2].ec_value.ec_value_val = t;
3236 	ecol[2].ec_value.ec_value_len = strlen(t)+1;
3237 	t = s;
3238 
3239 	/*
3240 	 * shadow min (col 3)
3241 	 */
3242 	if ((s = strchr(t, ':')) == 0) {
3243 		(void) strlcpy(parse_err_msg, gettext("Improper format"),
3244 		    PARSE_ERR_MSG_LEN);
3245 		return (GENENT_PARSEERR);
3246 	}
3247 	*s++ = 0;
3248 	ecol[3].ec_value.ec_value_val = t;
3249 	ecol[3].ec_value.ec_value_len = strlen(t)+1;
3250 	t = s;
3251 
3252 	/*
3253 	 * shadow max (col 4)
3254 	 */
3255 	if ((s = strchr(t, ':')) == 0) {
3256 		(void) strlcpy(parse_err_msg, gettext("Improper format"),
3257 		    PARSE_ERR_MSG_LEN);
3258 		return (GENENT_PARSEERR);
3259 	}
3260 	*s++ = 0;
3261 	ecol[4].ec_value.ec_value_val = t;
3262 	ecol[4].ec_value.ec_value_len = strlen(t)+1;
3263 	t = s;
3264 
3265 	/*
3266 	 * shadow warn (col 5)
3267 	 */
3268 	if ((s = strchr(t, ':')) == 0) {
3269 		(void) strlcpy(parse_err_msg, gettext("Improper format"),
3270 		    PARSE_ERR_MSG_LEN);
3271 		return (GENENT_PARSEERR);
3272 	}
3273 	*s++ = 0;
3274 	ecol[5].ec_value.ec_value_val = t;
3275 	ecol[5].ec_value.ec_value_len = strlen(t)+1;
3276 	t = s;
3277 
3278 	/*
3279 	 * shadow inactive (col 6)
3280 	 */
3281 	if ((s = strchr(t, ':')) != 0) {
3282 	*s++ = 0;
3283 	ecol[6].ec_value.ec_value_val = t;
3284 	ecol[6].ec_value.ec_value_len = strlen(t)+1;
3285 	t = s;
3286 	}
3287 
3288 	/*
3289 	 * shadow expire  (col 7)
3290 	 */
3291 	if ((s = strchr(t, ':')) != 0) {
3292 	*s++ = 0;
3293 	ecol[7].ec_value.ec_value_val = t;
3294 	ecol[7].ec_value.ec_value_len = strlen(t)+1;
3295 	t = s;
3296 
3297 	/*
3298 	 * flag (col 8)
3299 	 */
3300 	ecol[8].ec_value.ec_value_val = t;
3301 	ecol[8].ec_value.ec_value_len = strlen(t)+1;
3302 	}
3303 
3304 	/*
3305 	 * build entry
3306 	 */
3307 
3308 	data.sp_namp = strdup(ecol[0].ec_value.ec_value_val);
3309 
3310 	if (ecol[1].ec_value.ec_value_val != NULL &&
3311 	    ecol[1].ec_value.ec_value_val[0] != '\0') {
3312 		/* Add {crypt} before passwd entry */
3313 		(void) snprintf(pname, sizeof (pname), "{crypt}%s",
3314 		    ecol[1].ec_value.ec_value_val);
3315 		data.sp_pwdp = strdup(pname);
3316 	} else {
3317 		/*
3318 		 * no password (e.g., deleted by "passwd -d"):
3319 		 * use the special value NS_LDAP_NO_UNIX_PASSWORD
3320 		 * instead.
3321 		 */
3322 		(void) snprintf(pname, sizeof (pname), "{crypt}%s",
3323 		    NS_LDAP_NO_UNIX_PASSWORD);
3324 		data.sp_pwdp = strdup(pname);
3325 	}
3326 
3327 	if (ecol[2].ec_value.ec_value_val != NULL &&
3328 	    ecol[2].ec_value.ec_value_val[0] != '\0') {
3329 
3330 		data.sp_lstchg = ascii_to_int(ecol[2].ec_value.ec_value_val);
3331 		if (data.sp_lstchg < -1) {
3332 			(void) snprintf(parse_err_msg, sizeof (parse_err_msg),
3333 			    gettext("invalid last changed date: %s"),
3334 			    ecol[2].ec_value.ec_value_val);
3335 		return (GENENT_PARSEERR);
3336 		}
3337 	} else
3338 		data.sp_lstchg = -1;
3339 
3340 	if (ecol[3].ec_value.ec_value_val != NULL &&
3341 	    ecol[3].ec_value.ec_value_val[0] != '\0') {
3342 
3343 		data.sp_min = ascii_to_int(ecol[3].ec_value.ec_value_val);
3344 		if (data.sp_min < -1) {
3345 			(void) snprintf(parse_err_msg, sizeof (parse_err_msg),
3346 			    gettext("invalid sp_min : %s"),
3347 			    ecol[3].ec_value.ec_value_val);
3348 		return (GENENT_PARSEERR);
3349 		}
3350 	} else
3351 		data.sp_min = -1;
3352 
3353 	if (ecol[4].ec_value.ec_value_val != NULL &&
3354 	    ecol[4].ec_value.ec_value_val[0] != '\0') {
3355 
3356 		data.sp_max = ascii_to_int(ecol[4].ec_value.ec_value_val);
3357 		if (data.sp_max < -1) {
3358 			(void) snprintf(parse_err_msg, sizeof (parse_err_msg),
3359 			    gettext("invalid sp_max : %s"),
3360 			    ecol[4].ec_value.ec_value_val);
3361 		return (GENENT_PARSEERR);
3362 		}
3363 	} else
3364 		data.sp_max = -1;
3365 
3366 	if (ecol[5].ec_value.ec_value_val != NULL &&
3367 	    ecol[5].ec_value.ec_value_val[0] != '\0') {
3368 
3369 		data.sp_warn = ascii_to_int(ecol[5].ec_value.ec_value_val);
3370 		if (data.sp_warn < -1) {
3371 			(void) snprintf(parse_err_msg, sizeof (parse_err_msg),
3372 			    gettext("invalid sp_warn : %s"),
3373 			    ecol[5].ec_value.ec_value_val);
3374 		return (GENENT_PARSEERR);
3375 		}
3376 	} else
3377 		data.sp_warn = -1;
3378 
3379 	if (ecol[6].ec_value.ec_value_val != NULL &&
3380 	    ecol[6].ec_value.ec_value_val[0] != '\0') {
3381 
3382 		data.sp_inact = ascii_to_int(ecol[6].ec_value.ec_value_val);
3383 		if (data.sp_inact < -1) {
3384 			(void) snprintf(parse_err_msg, sizeof (parse_err_msg),
3385 			    gettext("invalid sp_inact : %s"),
3386 			    ecol[6].ec_value.ec_value_val);
3387 		return (GENENT_PARSEERR);
3388 		}
3389 	} else
3390 		data.sp_inact = -1;
3391 
3392 	if (ecol[7].ec_value.ec_value_val != NULL &&
3393 	    ecol[7].ec_value.ec_value_val[0] != '\0') {
3394 
3395 		data.sp_expire = ascii_to_int(ecol[7].ec_value.ec_value_val);
3396 		if (data.sp_expire < -1) {
3397 			(void) snprintf(parse_err_msg, sizeof (parse_err_msg),
3398 			    gettext("invalid login expiry date : %s"),
3399 			    ecol[7].ec_value.ec_value_val);
3400 		return (GENENT_PARSEERR);
3401 		}
3402 	} else
3403 		data.sp_expire = -1;
3404 
3405 	if (ecol[8].ec_value.ec_value_val != NULL &&
3406 	    ecol[8].ec_value.ec_value_val[0] != '\0') {
3407 
3408 		/*
3409 		 * data.sp_flag is an unsigned int,
3410 		 * assign -1 to it, make no sense.
3411 		 * Use spflag here to avoid lint warning.
3412 		 */
3413 		spflag = ascii_to_int(ecol[8].ec_value.ec_value_val);
3414 		if (spflag < 0) {
3415 			(void) snprintf(parse_err_msg, sizeof (parse_err_msg),
3416 			    gettext("invalid flag value: %s"),
3417 			    ecol[8].ec_value.ec_value_val);
3418 		return (GENENT_PARSEERR);
3419 		} else
3420 			data.sp_flag = spflag;
3421 	} else
3422 		data.sp_flag = 0;
3423 
3424 	if (flags & F_VERBOSE)
3425 		(void) fprintf(stdout,
3426 		    gettext("Adding entry : %s\n"), data.sp_namp);
3427 
3428 	retval = (*cback)(&data, 1);
3429 	if (retval != NS_LDAP_SUCCESS) {
3430 		if (retval == LDAP_NO_SUCH_OBJECT)
3431 			(void) fprintf(stdout,
3432 			    gettext("Cannot add shadow entry (%s), "
3433 			    "add passwd entry first\n"), data.sp_namp);
3434 		if (continue_onerror == 0)
3435 			return (GENENT_CBERR);
3436 	}
3437 
3438 	free(data.sp_namp);
3439 	free(data.sp_pwdp);
3440 	return (GENENT_OK);
3441 }
3442 
3443 static void
3444 dump_shadow(ns_ldap_result_t *res)
3445 {
3446 	char    **value = NULL;
3447 	char   pnam[256];
3448 
3449 	value = __ns_ldap_getAttr(res->entry, "uid");
3450 	if (value == NULL)
3451 		return;
3452 	else
3453 		(void) fprintf(stdout, "%s:", value[0]);
3454 	value = __ns_ldap_getAttr(res->entry, "userPassword");
3455 	if (value == NULL)
3456 		(void) fprintf(stdout, "*:");
3457 	else {
3458 		(void) strcpy(pnam, value[0]);
3459 		if (strncasecmp(value[0], "{crypt}", 7) == 0) {
3460 			if (strcmp(pnam + 7, NS_LDAP_NO_UNIX_PASSWORD) == 0)
3461 				(void) fprintf(stdout, ":");
3462 			else
3463 				(void) fprintf(stdout, "%s:", (pnam+7));
3464 		} else
3465 			(void) fprintf(stdout, "*:");
3466 	}
3467 	value = __ns_ldap_getAttr(res->entry, "shadowLastChange");
3468 	if (value == NULL)
3469 		(void) fprintf(stdout, ":");
3470 	else
3471 		(void) fprintf(stdout, "%s:", value[0]);
3472 	value = __ns_ldap_getAttr(res->entry, "shadowMin");
3473 	if (value == NULL)
3474 		(void) fprintf(stdout, ":");
3475 	else
3476 		(void) fprintf(stdout, "%s:", value[0]);
3477 	value = __ns_ldap_getAttr(res->entry, "shadowMax");
3478 	if (value == NULL)
3479 		(void) fprintf(stdout, ":");
3480 	else
3481 		(void) fprintf(stdout, "%s:", value[0]);
3482 
3483 	value = __ns_ldap_getAttr(res->entry, "shadowWarning");
3484 	if (value == NULL)
3485 		(void) fprintf(stdout, ":");
3486 	else
3487 		(void) fprintf(stdout, "%s:", value[0]);
3488 
3489 	value = __ns_ldap_getAttr(res->entry, "shadowInactive");
3490 	if (value == NULL)
3491 		(void) fprintf(stdout, ":");
3492 	else
3493 		(void) fprintf(stdout, "%s:", value[0]);
3494 
3495 	value = __ns_ldap_getAttr(res->entry, "shadowExpire");
3496 	if (value == NULL)
3497 		(void) fprintf(stdout, ":");
3498 	else
3499 		(void) fprintf(stdout, "%s:", value[0]);
3500 
3501 	value = __ns_ldap_getAttr(res->entry, "shadowFlag");
3502 	if (value == NULL || value[0] == NULL || strcmp(value[0], "0") == 0)
3503 		(void) fprintf(stdout, "\n");
3504 	else
3505 		(void) fprintf(stdout, "%s\n", value[0]);
3506 }
3507 
3508 static int
3509 genent_bootparams(char *line, int (*cback)())
3510 {
3511 	char buf[BUFSIZ+1];
3512 	char *t;
3513 	entry_col ecol[2];
3514 	int ctr = 0, retval = 1;
3515 
3516 	struct _ns_bootp data;
3517 	char *parameter;
3518 	int rc = GENENT_OK;
3519 
3520 	/*
3521 	 * don't clobber our argument
3522 	 */
3523 	if (strlen(line) >= sizeof (buf)) {
3524 		(void) strlcpy(parse_err_msg, gettext("line too long"),
3525 		    PARSE_ERR_MSG_LEN);
3526 		return (GENENT_PARSEERR);
3527 	}
3528 	(void) strcpy(buf, line);
3529 
3530 	/*
3531 	 * clear column data
3532 	 */
3533 	(void) memset((char *)ecol, 0, sizeof (ecol));
3534 
3535 
3536 	/*
3537 	 * cname (col 0)
3538 	 */
3539 	if ((t = strtok(buf, " \t")) == 0) {
3540 		(void) strlcpy(parse_err_msg, gettext("no cname"),
3541 		    PARSE_ERR_MSG_LEN);
3542 		return (GENENT_PARSEERR);
3543 	}
3544 	ecol[0].ec_value.ec_value_val = t;
3545 	ecol[0].ec_value.ec_value_len = strlen(t)+1;
3546 
3547 
3548 
3549 	/* build entry */
3550 	data.name = strdup(ecol[0].ec_value.ec_value_val);
3551 
3552 	/*
3553 	 * name (col 1)
3554 	 */
3555 
3556 	data.param = NULL;
3557 
3558 	while (t = strtok(NULL, " \t"))  {
3559 
3560 		/*
3561 		 * don't clobber comment in canonical entry
3562 		 */
3563 
3564 
3565 		ecol[1].ec_value.ec_value_val = t;
3566 		ecol[1].ec_value.ec_value_len = strlen(t)+1;
3567 
3568 		ctr++;
3569 		parameter = strdup(ecol[1].ec_value.ec_value_val);
3570 		if ((data.param = (char **)realloc(data.param,
3571 		    (ctr + 1) * sizeof (char **))) == NULL) {
3572 			(void) fprintf(stderr, gettext("out of memory\n"));
3573 			exit(1);
3574 		}
3575 		data.param[ctr-1] = parameter;
3576 
3577 	}
3578 
3579 
3580 	/* End the list of all the aliases by NULL */
3581 	if ((data.param = (char **)realloc(data.param,
3582 	    (ctr + 1) * sizeof (char **))) == NULL) {
3583 		(void) fprintf(stderr, gettext("out of memory\n"));
3584 		exit(1);
3585 	}
3586 	data.param[ctr] = NULL;
3587 
3588 	if (flags & F_VERBOSE)
3589 		(void) fprintf(stdout,
3590 		    gettext("Adding entry : %s\n"), data.name);
3591 
3592 	retval = (*cback)(&data, 0);
3593 
3594 	if (retval == LDAP_ALREADY_EXISTS) {
3595 		if (continue_onerror)
3596 			(void) fprintf(stderr,
3597 			    gettext("Entry: %s - already Exists,"
3598 			    " skipping it.\n"), data.name);
3599 		else {
3600 			rc = GENENT_CBERR;
3601 			(void) fprintf(stderr,
3602 			    gettext("Entry: %s - already Exists\n"),
3603 			    data.name);
3604 		}
3605 	} else if (retval)
3606 		rc = GENENT_CBERR;
3607 
3608 	free(data.name);
3609 	free(data.param);
3610 
3611 	return (rc);
3612 
3613 }
3614 
3615 /*
3616  * Count number of tokens in string which has tokens separated by colons.
3617  *
3618  * NULL or "" - 0 tokens
3619  * "foo" - 1 token
3620  * "foo:bar" - 2 tokens
3621  * ":bar" - 2 tokens, first empty
3622  * "::" - 3 tokens, all empty
3623  */
3624 static int
3625 count_tokens(char *string, char delim)
3626 {
3627 	int i = 0;
3628 	char *s = string;
3629 
3630 	if (string == NULL || *string == '\0')
3631 		return (0);
3632 
3633 	/* Count delimiters */
3634 	while ((s = strchr(s, delim)) != NULL && *s != '\0') {
3635 		i++;
3636 		s++;
3637 	}
3638 
3639 	return (i + 1);
3640 }
3641 
3642 static int
3643 genent_project(char *line, int (*cback)())
3644 {
3645 	char buf[BUFSIZ+1];
3646 	char *b = buf;
3647 	char *s;
3648 	int rc = GENENT_OK, retval;
3649 	int index = 0;
3650 	struct project data;
3651 
3652 	(void) memset(&data, 0, sizeof (struct project));
3653 
3654 	/*
3655 	 * don't clobber our argument
3656 	 */
3657 	if (strlen(line) >= sizeof (buf)) {
3658 		(void) strlcpy(parse_err_msg, gettext("line too long"),
3659 		    PARSE_ERR_MSG_LEN);
3660 		return (GENENT_PARSEERR);
3661 	}
3662 
3663 	if (count_tokens(line, ':') != 6) {
3664 		(void) strlcpy(parse_err_msg, gettext("Improper format"),
3665 		    PARSE_ERR_MSG_LEN);
3666 		return (GENENT_PARSEERR);
3667 	}
3668 
3669 	(void) strcpy(buf, line);
3670 
3671 	s = strsep(&b, ":");
3672 	while (s != NULL) {
3673 		switch (index) {
3674 		/* Project name */
3675 		case 0:
3676 			if (check_projname(s) != 0) {
3677 				(void) strlcpy(parse_err_msg,
3678 				    gettext("invalid project name"),
3679 				    PARSE_ERR_MSG_LEN);
3680 				return (GENENT_PARSEERR);
3681 			} else {
3682 				data.pj_name = strdup(s);
3683 			}
3684 			break;
3685 
3686 		/* Project ID */
3687 		case 1:
3688 		{
3689 			char *endptr = NULL;
3690 			int projid = strtoul(s, &endptr, 10);
3691 
3692 			if (*s == '\0' || strlen(endptr) != 0 || projid < 0 ||
3693 			    projid > MAXPROJID) {
3694 				(void) strlcpy(parse_err_msg,
3695 				    gettext("invalid project id"),
3696 				    PARSE_ERR_MSG_LEN);
3697 				return (GENENT_PARSEERR);
3698 			} else {
3699 				data.pj_projid = projid;
3700 			}
3701 			break;
3702 		}
3703 
3704 		/* Project description */
3705 		case 2:
3706 			if (*s != '\0')
3707 				data.pj_comment = strdup(s);
3708 			break;
3709 
3710 		/* Project users */
3711 		case 3:
3712 		{
3713 			if (*s == '\0')
3714 				break;
3715 
3716 			char *usrlist = strdup(s);
3717 			int   i = 0;
3718 			int   usr_count = count_tokens(usrlist, ',');
3719 			char *u = strsep(&usrlist, ",");
3720 
3721 			if (usr_count == 0) {
3722 				free(usrlist);
3723 				break;
3724 			}
3725 
3726 			/* +1 to NULL-terminate the array */
3727 			data.pj_users = (char **)calloc(usr_count + 1,
3728 			    sizeof (char *));
3729 
3730 			while (u != NULL) {
3731 				data.pj_users[i++] = strdup(u);
3732 				u = strsep(&usrlist, ",");
3733 			}
3734 
3735 			free(usrlist);
3736 			break;
3737 		}
3738 
3739 		/* Project groups */
3740 		case 4:
3741 		{
3742 			if (*s == '\0')
3743 				break;
3744 
3745 			char *grouplist = strdup(s);
3746 			int   i = 0;
3747 			int   grp_count = count_tokens(grouplist, ',');
3748 			char *g = strsep(&grouplist, ",");
3749 
3750 			if (grp_count == 0) {
3751 				free(grouplist);
3752 				break;
3753 			}
3754 
3755 			/* +1 to NULL-terminate the array */
3756 			data.pj_groups = (char **)calloc(grp_count + 1,
3757 			    sizeof (char *));
3758 
3759 			while (g != NULL) {
3760 				data.pj_groups[i++] = strdup(g);
3761 				g = strsep(&grouplist, ",");
3762 			}
3763 
3764 			free(grouplist);
3765 			break;
3766 		}
3767 
3768 		/* Attributes */
3769 		case 5:
3770 			if (*s != '\0')
3771 				data.pj_attr = strdup(s);
3772 
3773 			break;
3774 		}
3775 
3776 		/* Next token */
3777 		s = strsep(&b, ":");
3778 		index++;
3779 	}
3780 
3781 	if (flags & F_VERBOSE)
3782 		(void) fprintf(stdout,
3783 		    gettext("Adding entry : %s\n"), data.pj_name);
3784 
3785 	retval = (*cback)(&data, 0);
3786 
3787 	if (retval == LDAP_ALREADY_EXISTS) {
3788 		if (continue_onerror)
3789 			(void) fprintf(stderr,
3790 			    gettext("Entry: %s - already Exists,"
3791 			    " skipping it.\n"), data.pj_name);
3792 		else {
3793 			rc = GENENT_CBERR;
3794 			(void) fprintf(stderr,
3795 			    gettext("Entry: %s - already Exists\n"),
3796 			    data.pj_name);
3797 		}
3798 	} else if (retval)
3799 		rc = GENENT_CBERR;
3800 
3801 	/* Clean up */
3802 	free(data.pj_name);
3803 	free(data.pj_attr);
3804 	if (data.pj_users != NULL) {
3805 		for (index = 0; data.pj_users[index] != NULL; index++)
3806 			free(data.pj_users[index]);
3807 		free(data.pj_users);
3808 	}
3809 	if (data.pj_groups != NULL) {
3810 		for (index = 0; data.pj_groups[index] != NULL; index++)
3811 			free(data.pj_groups[index]);
3812 		free(data.pj_groups);
3813 	}
3814 
3815 	return (rc);
3816 }
3817 
3818 static void
3819 dump_project(ns_ldap_result_t *res)
3820 {
3821 	char    **value = NULL;
3822 	char 	*endptr = NULL;
3823 	int 	projid;
3824 
3825 	if (res == NULL || res->entry == NULL)
3826 		return;
3827 
3828 	/* Sanity checking */
3829 	value = __ns_ldap_getAttr(res->entry, "SolarisProjectID");
3830 
3831 	if (value[0] == NULL)
3832 		return;
3833 
3834 	projid = strtoul(value[0], &endptr, 10);
3835 	if (*value[0] == '\0' || strlen(endptr) != 0 || projid < 0 ||
3836 	    projid > MAXPROJID)
3837 		return;
3838 
3839 	value = __ns_ldap_getAttr(res->entry, "SolarisProjectName");
3840 	if (value && value[0] && check_projname(value[0]) == 0)
3841 		(void) fprintf(stdout, "%s:", value[0]);
3842 	else
3843 		return;
3844 
3845 	(void) fprintf(stdout, "%d:", projid);
3846 
3847 	value = __ns_ldap_getAttr(res->entry, "description");
3848 	if (value && value[0])
3849 		(void) fprintf(stdout, "%s:", value[0]);
3850 	else
3851 		(void) fprintf(stdout, ":");
3852 
3853 	value = __ns_ldap_getAttr(res->entry, "memberUid");
3854 	if (value) {
3855 		int i;
3856 		for (i = 0; value[i] != NULL; i++)
3857 			if (value[i+1] != NULL)
3858 				(void) fprintf(stdout, "%s,", value[i]);
3859 			else
3860 				(void) fprintf(stdout, "%s:", value[i]);
3861 	} else {
3862 		(void) fprintf(stdout, ":");
3863 	}
3864 
3865 	value = __ns_ldap_getAttr(res->entry, "memberGid");
3866 	if (value) {
3867 		int i;
3868 		for (i = 0; value[i] != NULL; i++)
3869 			if (value[i+1] != NULL)
3870 				(void) fprintf(stdout, "%s,", value[i]);
3871 			else
3872 				(void) fprintf(stdout, "%s:", value[i]);
3873 	} else {
3874 		(void) fprintf(stdout, ":");
3875 	}
3876 
3877 	value = __ns_ldap_getAttr(res->entry, "SolarisProjectAttr");
3878 	if (value && value[0])
3879 		(void) fprintf(stdout, "%s\n", value[0]);
3880 	else
3881 		(void) fprintf(stdout, "\n");
3882 
3883 }
3884 
3885 static void
3886 dump_bootparams(ns_ldap_result_t *res)
3887 {
3888 	char	**value = NULL;
3889 	int		attr_count = 0;
3890 
3891 	value = __ns_ldap_getAttr(res->entry, "cn");
3892 	if (value[0] != NULL)
3893 		(void) fprintf(stdout, "%s", value[0]);
3894 	value = __ns_ldap_getAttr(res->entry, "bootParameter");
3895 	if (value != NULL)
3896 		while (value[attr_count] != NULL) {
3897 		(void) fprintf(stdout, "\t%s", value[attr_count]);
3898 			attr_count++;
3899 		}
3900 	(void) fprintf(stdout, "\n");
3901 
3902 
3903 }
3904 
3905 static char *
3906 fget_line_at(struct line_buf *line, int n, FILE *fp)
3907 {
3908 	int c;
3909 
3910 	line->len = n;
3911 
3912 	for (;;) {
3913 		c = fgetc(fp);
3914 		if (c == -1)
3915 			break;
3916 		if (line->len >= line->alloc)
3917 			line_buf_expand(line);
3918 		line->str[line->len++] = c;
3919 
3920 		if (c == '\n')
3921 			break;
3922 	}
3923 
3924 	/* Null Terminate */
3925 	if (line->len >= line->alloc)
3926 		line_buf_expand(line);
3927 	line->str[line->len++] = 0;
3928 
3929 	/* if no characters are read, return NULL to indicate EOF */
3930 	if (line->str[0] == '\0')
3931 		return (0);
3932 
3933 	return (line->str);
3934 }
3935 
3936 /*
3937  * return a line from the file, discarding comments and blank lines
3938  */
3939 static int
3940 filedbmline_comment(struct line_buf *line, FILE *etcf, int *lineno,
3941     struct file_loc *loc)
3942 {
3943 	int i, len = 0;
3944 
3945 	loc->offset = ftell(etcf);
3946 	for (;;) {
3947 		if (fget_line_at(line, len, etcf) == 0)
3948 			return (0);
3949 
3950 		if (lineno)
3951 			(*lineno)++;
3952 
3953 		len = strlen(line->str);
3954 		if (len >= 2 &&
3955 		    line->str[0] != '#' &&
3956 		    line->str[len-2] == '\\' && line->str[len-1] == '\n') {
3957 			line->str[len-2] = 0;
3958 			len -= 2;
3959 			continue;    /* append next line at end */
3960 		}
3961 
3962 		if (line->str[len-1] == '\n') {
3963 			line->str[len-1] = 0;
3964 			len -= 1;
3965 		}
3966 
3967 		/*
3968 		 * Skip lines where '#' is the first non-blank character.
3969 		 */
3970 		for (i = 0; i < len; i++) {
3971 			if (line->str[i] == '#') {
3972 				line->str[i] = '\0';
3973 				len = i;
3974 				break;
3975 			}
3976 			if (line->str[i] != ' ' && line->str[i] != '\t')
3977 				break;
3978 		}
3979 
3980 		/*
3981 		 * A line with one or more white space characters followed
3982 		 * by a comment will now be blank. The special case of a
3983 		 * line with '#' in the first byte will have len == 0.
3984 		 */
3985 		if (len > 0 && !blankline(line->str))
3986 			break;
3987 
3988 		len = 0;
3989 		loc->offset = ftell(etcf);
3990 	}
3991 
3992 	loc->size = len;
3993 	return (1);
3994 }
3995 
3996 /*
3997  * return a line from the file, discarding comments, blanks, and '+' lines
3998  */
3999 static int
4000 filedbmline_plus(struct line_buf *line, FILE *etcf, int *lineno,
4001     struct file_loc *loc)
4002 {
4003 	int len = 0;
4004 
4005 	loc->offset = ftell(etcf);
4006 	for (;;) {
4007 		if (fget_line_at(line, len, etcf) == 0)
4008 			return (0);
4009 
4010 		if (lineno)
4011 			(*lineno)++;
4012 
4013 		len = strlen(line->str);
4014 		if (line->str[len-1] == '\n') {
4015 			line->str[len-1] = 0;
4016 			len -= 1;
4017 		}
4018 
4019 		if (!blankline(line->str) &&
4020 		    line->str[0] != '+' && line->str[0] != '-' &&
4021 		    line->str[0] != '#')
4022 			break;
4023 
4024 		len = 0;
4025 		loc->offset = ftell(etcf);
4026 	}
4027 
4028 	loc->size = len;
4029 	return (1);
4030 }
4031 
4032 
4033 /* Populating the ttypelist structure */
4034 
4035 static struct ttypelist_t ttypelist[] = {
4036 	{ NS_LDAP_TYPE_HOSTS, genent_hosts, dump_hosts,
4037 		filedbmline_comment, "iphost", "cn" },
4038 	{ NS_LDAP_TYPE_IPNODES, genent_hosts, dump_hosts,
4039 		filedbmline_comment, "iphost", "cn" },
4040 	{ NS_LDAP_TYPE_RPC, genent_rpc, dump_rpc,
4041 		filedbmline_comment, "oncrpc", "cn" },
4042 	{ NS_LDAP_TYPE_PROTOCOLS, genent_protocols, dump_protocols,
4043 		filedbmline_comment, "ipprotocol", "cn" },
4044 	{ NS_LDAP_TYPE_NETWORKS, genent_networks, dump_networks,
4045 		filedbmline_comment, "ipnetwork", "ipnetworknumber" },
4046 	{ NS_LDAP_TYPE_SERVICES, genent_services, dump_services,
4047 		filedbmline_comment, "ipservice", "cn" },
4048 	{ NS_LDAP_TYPE_GROUP, genent_group, dump_group,
4049 		filedbmline_plus, "posixgroup", "gidnumber" },
4050 	{ NS_LDAP_TYPE_NETMASKS, genent_netmasks, dump_netmasks,
4051 		filedbmline_comment, "ipnetwork", "ipnetworknumber"},
4052 	{ NS_LDAP_TYPE_ETHERS, genent_ethers, dump_ethers,
4053 		filedbmline_comment, "ieee802Device", "cn" },
4054 	{ NS_LDAP_TYPE_NETGROUP, genent_netgroup, dump_netgroup,
4055 		filedbmline_comment, "nisnetgroup", "cn" },
4056 	{ NS_LDAP_TYPE_BOOTPARAMS, genent_bootparams, dump_bootparams,
4057 		filedbmline_comment, "bootableDevice", "cn" },
4058 	{ NS_LDAP_TYPE_PUBLICKEY, genent_publickey, NULL /* dump_publickey */,
4059 		filedbmline_comment, "niskeyobject", "cn" },
4060 	{ NS_LDAP_TYPE_PASSWD, genent_passwd, dump_passwd,
4061 		filedbmline_plus, "posixaccount", "uid" },
4062 	{ NS_LDAP_TYPE_SHADOW, genent_shadow, dump_shadow,
4063 		filedbmline_plus, "shadowaccount", "uid" },
4064 	{ NS_LDAP_TYPE_ALIASES, genent_aliases, dump_aliases,
4065 		filedbmline_plus, "mailGroup", "cn" },
4066 	{ NS_LDAP_TYPE_AUTOMOUNT, genent_automount, dump_automount,
4067 		filedbmline_comment, "automount", "automountKey" },
4068 	{ NS_LDAP_TYPE_USERATTR, genent_user_attr, dump_user_attr,
4069 		filedbmline_comment, "SolarisUserAttr", "uid" },
4070 	{ NS_LDAP_TYPE_PROFILE, genent_prof_attr, dump_prof_attr,
4071 		filedbmline_comment, "SolarisProfAttr", "cn" },
4072 	{ NS_LDAP_TYPE_EXECATTR, genent_exec_attr, dump_exec_attr,
4073 		filedbmline_comment, "SolarisExecAttr", "cn" },
4074 	{ NS_LDAP_TYPE_AUTHATTR, genent_auth_attr, dump_auth_attr,
4075 		filedbmline_comment, "SolarisAuthAttr", "cn" },
4076 	{ NS_LDAP_TYPE_TNRHDB, genent_tnrhdb, dump_tnrhdb,
4077 		filedbmline_comment, "ipTnetHost", "ipTnetNumber" },
4078 	{ NS_LDAP_TYPE_TNRHTP, genent_tnrhtp, dump_tnrhtp,
4079 		filedbmline_comment, "ipTnetTemplate", "ipTnetTemplateName" },
4080 	{ NS_LDAP_TYPE_PROJECT, genent_project, dump_project,
4081 		filedbmline_comment, "SolarisProject", "SolarisProjectName" },
4082 	{ 0, 0, 0, 0, 0, 0 }
4083 };
4084 
4085 
4086 
4087 
4088 static int lineno = 0;
4089 
4090 static	void
4091 addfile()
4092 {
4093 	struct line_buf line;
4094 	struct file_loc loc;
4095 
4096 	/* Initializing the Line Buffer */
4097 	line_buf_init(&line);
4098 
4099 	/* Loop through all the lines in the file */
4100 	while (tt->filedbmline(&line, etcf, &lineno, &loc)) {
4101 		switch ((*(tt->genent))(line.str, addentry)) {
4102 		case GENENT_OK:
4103 			break;
4104 		case GENENT_PARSEERR:
4105 			(void) fprintf(stderr,
4106 			    gettext("parse error: %s (line %d)\n"),
4107 			    parse_err_msg, lineno);
4108 			exit_val = 1;
4109 			break;
4110 		case GENENT_CBERR:
4111 			(void) fprintf(stderr,
4112 			    gettext("Error while adding line: %s\n"),
4113 			    line.str);
4114 			exit_val = 2;
4115 			free(line.str);
4116 			return;
4117 		case GENENT_ERR:
4118 			(void) fprintf(stderr,
4119 			    gettext("Internal Error while adding line: %s\n"),
4120 			    line.str);
4121 			exit_val = 3;
4122 			free(line.str);
4123 			return;
4124 		}
4125 	}
4126 	free(line.str);
4127 }
4128 
4129 static void
4130 dumptable(char *service)
4131 {
4132 
4133 	ns_ldap_result_t *eres = NULL;
4134 	ns_ldap_error_t *err = NULL;
4135 	int	rc = 0, success = 0;
4136 	char	filter[BUFSIZ];
4137 	int	done = 0;
4138 	void	*cookie = NULL;
4139 
4140 	/* set the appropriate filter */
4141 	if (strcmp(tt->ttype, NS_LDAP_TYPE_PROFILE) == 0) {
4142 		/*
4143 		 * prof_attr entries are SolarisProfAttr
4144 		 * without AUXILIARY SolarisExecAttr
4145 		 */
4146 		(void) snprintf(filter, sizeof (filter),
4147 		    "(&(objectclass=%s)(!(objectclass=SolarisExecAttr)))",
4148 		    tt->objclass);
4149 	} else if (strcmp(tt->ttype, NS_LDAP_TYPE_TNRHDB) == 0) {
4150 		/*
4151 		 * tnrhtp entries are ipTnet entries with SolarisAttrKeyValue
4152 		 */
4153 		(void) snprintf(filter, sizeof (filter),
4154 		    "(&(objectclass=%s)(SolarisAttrKeyValue=*)))",
4155 		    tt->objclass);
4156 	} else {
4157 		(void) snprintf(filter, sizeof (filter),
4158 		    "(objectclass=%s)", tt->objclass);
4159 	}
4160 
4161 	if (flags & F_VERBOSE)
4162 		(void) fprintf(stdout, gettext("FILTER = %s\n"), filter);
4163 
4164 	/* Pass cred only if supplied. Cred is not always needed for dump */
4165 	if (authority.cred.unix_cred.userID == NULL ||
4166 	    authority.cred.unix_cred.passwd == NULL)
4167 		rc = __ns_ldap_firstEntry(service, filter, tt->sortattr, NULL,
4168 		    NULL, NULL, NS_LDAP_HARD, &cookie, &eres, &err, NULL);
4169 	else
4170 		rc = __ns_ldap_firstEntry(service, filter, tt->sortattr, NULL,
4171 		    NULL, &authority, NS_LDAP_HARD, &cookie, &eres, &err, NULL);
4172 
4173 	switch (rc) {
4174 	case NS_LDAP_SUCCESS:
4175 		nent_add++;
4176 		success = 1;
4177 		if (eres != NULL) {
4178 			if (strcmp(databasetype, "publickey") == 0)
4179 				dump_publickey(eres, service);
4180 			else
4181 				(*(tt->dump))(eres);
4182 		}
4183 		else
4184 			(void) fprintf(stderr, gettext("No entries found.\n"));
4185 		break;
4186 
4187 	case NS_LDAP_OP_FAILED:
4188 		exit_val = 2;
4189 		(void) fprintf(stderr, gettext("operation failed.\n"));
4190 		break;
4191 
4192 	case NS_LDAP_INVALID_PARAM:
4193 		exit_val = 2;
4194 		(void) fprintf(stderr,
4195 		    gettext("invalid parameter(s) passed.\n"));
4196 		break;
4197 
4198 	case NS_LDAP_NOTFOUND:
4199 		exit_val = 2;
4200 		(void) fprintf(stderr, gettext("entry not found.\n"));
4201 		break;
4202 
4203 	case NS_LDAP_MEMORY:
4204 		exit_val = 2;
4205 		(void) fprintf(stderr,
4206 		    gettext("internal memory allocation error.\n"));
4207 		break;
4208 
4209 	case NS_LDAP_CONFIG:
4210 		exit_val = 2;
4211 		(void) fprintf(stderr,
4212 		    gettext("LDAP Configuration problem.\n"));
4213 		perr(err);
4214 		break;
4215 
4216 	case NS_LDAP_PARTIAL:
4217 		exit_val = 2;
4218 		(void) fprintf(stderr,
4219 		    gettext("partial result returned\n"));
4220 		perr(err);
4221 		break;
4222 
4223 	case NS_LDAP_INTERNAL:
4224 		exit_val = 2;
4225 		(void) fprintf(stderr,
4226 		    gettext("internal LDAP error occured.\n"));
4227 		perr(err);
4228 		break;
4229 	}
4230 
4231 	if (eres != NULL) {
4232 		(void) __ns_ldap_freeResult(&eres);
4233 		eres = NULL;
4234 	}
4235 
4236 	if (success) {
4237 		while (!done) {
4238 			rc = __ns_ldap_nextEntry(cookie, &eres, &err);
4239 			if (rc != NS_LDAP_SUCCESS || eres  == NULL) {
4240 				done = 1;
4241 				continue;
4242 			}
4243 
4244 			/* Print the result */
4245 			if (eres != NULL) {
4246 				if (strcmp(databasetype, "publickey") == 0)
4247 					dump_publickey(eres, service);
4248 				else
4249 					(*(tt->dump))(eres);
4250 				(void) __ns_ldap_freeResult(&eres);
4251 				eres = NULL;
4252 			}
4253 		}
4254 	}
4255 }
4256 
4257 int
4258 main(int argc, char **argv)
4259 {
4260 	char			*password;
4261 	ns_standalone_conf_t	standalone_cfg = standaloneDefaults;
4262 	int			c;
4263 	int			rc;
4264 	int			ldaprc;
4265 	int			authstried = 0;
4266 	int			op = OP_ADD;
4267 	char			*ttype, *authmech = 0, *etcfile = 0;
4268 	/* Temporary password variable */
4269 	char			ps[LDAP_MAXNAMELEN];
4270 	char			filter[BUFSIZ];
4271 	void			**paramVal = NULL;
4272 	ns_auth_t		**app;
4273 	ns_auth_t		**authpp = NULL;
4274 	ns_auth_t		*authp = NULL;
4275 	ns_ldap_error_t		*errorp = NULL;
4276 	ns_ldap_result_t	*resultp;
4277 	ns_ldap_entry_t		*e;
4278 	int			flag = 0;
4279 	int			version1 = 0;
4280 
4281 	(void) setlocale(LC_ALL, "");
4282 	(void) textdomain(TEXT_DOMAIN);
4283 
4284 	openlog("ldapaddent", LOG_PID, LOG_USER);
4285 
4286 	inputbasedn = NULL;
4287 	authority.cred.unix_cred.passwd = NULL;
4288 	authority.cred.unix_cred.userID = NULL;
4289 	authority.auth.type = NS_LDAP_AUTH_SIMPLE;
4290 
4291 	while ((c = getopt(argc, argv, "cdh:N:M:vpf:D:w:j:b:a:P:r:")) != EOF) {
4292 		switch (c) {
4293 		case 'd':
4294 			if (op)
4295 				usage(gettext(
4296 				    "no other option should be specified"));
4297 			op = OP_DUMP;
4298 			break;
4299 		case 'c':
4300 			continue_onerror = 1;
4301 			break;
4302 		case 'v':
4303 			flags |= F_VERBOSE;
4304 			break;
4305 		case 'p':
4306 			flags |= F_PASSWD;
4307 			break;
4308 		case 'M':
4309 			standalone_cfg.type = NS_LDAP_SERVER;
4310 			standalone_cfg.SA_DOMAIN = optarg;
4311 			break;
4312 		case 'h':
4313 			standalone_cfg.type = NS_LDAP_SERVER;
4314 			if (separatePort(optarg,
4315 			    &standalone_cfg.SA_SERVER,
4316 			    &standalone_cfg.SA_PORT) > 0) {
4317 				exit(1);
4318 			}
4319 			break;
4320 		case 'P':
4321 			standalone_cfg.type = NS_LDAP_SERVER;
4322 			authority.hostcertpath = optarg;
4323 			break;
4324 		case 'N':
4325 			standalone_cfg.type = NS_LDAP_SERVER;
4326 			standalone_cfg.SA_PROFILE_NAME = optarg;
4327 			break;
4328 		case 'f':
4329 			etcfile = optarg;
4330 			break;
4331 		case 'D':
4332 			authority.cred.unix_cred.userID = strdup(optarg);
4333 			break;
4334 		case 'w':
4335 			if (authority.cred.unix_cred.passwd) {
4336 				(void) fprintf(stderr,
4337 				    gettext("Warning: The -w option is mutually"
4338 				    " exclusive of -j. -w is ignored.\n"));
4339 				break;
4340 			}
4341 
4342 			if (optarg != NULL &&
4343 			    optarg[0] == '-' && optarg[1] == '\0') {
4344 				/* Ask for a password later */
4345 				break;
4346 			}
4347 
4348 			authority.cred.unix_cred.passwd = strdup(optarg);
4349 			break;
4350 		case 'j':
4351 			if (authority.cred.unix_cred.passwd != NULL) {
4352 				(void) fprintf(stderr,
4353 				    gettext("The -w option is mutually "
4354 				    "exclusive of -j. -w is ignored.\n"));
4355 				free(authority.cred.unix_cred.passwd);
4356 			}
4357 			authority.cred.unix_cred.passwd = readPwd(optarg);
4358 			if (authority.cred.unix_cred.passwd == NULL) {
4359 				exit(1);
4360 			}
4361 			break;
4362 		case 'b':
4363 			inputbasedn = strdup(optarg);
4364 			break;
4365 		case 'a':
4366 			authmech = strdup(optarg);
4367 			break;
4368 		default:
4369 			usage(gettext("Invalid option"));
4370 		}
4371 	}
4372 
4373 	if (standalone_cfg.type == NS_LDAP_SERVER &&
4374 	    standalone_cfg.SA_SERVER == NULL) {
4375 		(void) fprintf(stderr,
4376 		    gettext("Please specify an LDAP server you want "
4377 		    "to connect to. \n"));
4378 		exit(1);
4379 	}
4380 
4381 	if (authmech != NULL) {
4382 		if (__ns_ldap_initAuth(authmech, &authority.auth, &errorp) !=
4383 		    NS_LDAP_SUCCESS) {
4384 			if (errorp) {
4385 				(void) fprintf(stderr, "%s", errorp->message);
4386 				(void) __ns_ldap_freeError(&errorp);
4387 			}
4388 			exit(1);
4389 		}
4390 	}
4391 
4392 	if (authority.auth.saslmech != NS_LDAP_SASL_GSSAPI &&
4393 	    authority.cred.unix_cred.userID == NULL &&
4394 	    op != OP_DUMP) {
4395 	    /* This is not an optional parameter. Exit */
4396 		(void) fprintf(stderr,
4397 		    gettext("DN must be specified unless SASL/GSSAPI is used."
4398 		    " Use option -D.\n"));
4399 		exit(1);
4400 	}
4401 
4402 	if (authority.auth.saslmech != NS_LDAP_SASL_GSSAPI &&
4403 	    authority.cred.unix_cred.passwd == NULL &&
4404 	    (op != OP_DUMP ||
4405 	    standalone_cfg.type != NS_CACHEMGR &&
4406 	    authority.cred.unix_cred.userID != NULL)) {
4407 		/* If password is not specified, then prompt user for it. */
4408 		password = getpassphrase("Enter password:");
4409 		(void) strcpy(ps, password);
4410 		authority.cred.unix_cred.passwd = strdup(ps);
4411 	}
4412 
4413 	standalone_cfg.SA_AUTH = authmech == NULL ? NULL : &authority.auth;
4414 	standalone_cfg.SA_CERT_PATH = authority.hostcertpath;
4415 	standalone_cfg.SA_BIND_DN = authority.cred.unix_cred.userID;
4416 	standalone_cfg.SA_BIND_PWD = authority.cred.unix_cred.passwd;
4417 
4418 	if (__ns_ldap_initStandalone(&standalone_cfg,
4419 	    &errorp) != NS_LDAP_SUCCESS) {
4420 		if (errorp) {
4421 			(void) fprintf(stderr, "%s", errorp->message);
4422 		}
4423 		exit(1);
4424 	}
4425 
4426 	if (authmech == NULL) {
4427 		ldaprc = __ns_ldap_getParam(NS_LDAP_AUTH_P, (void ***)&authpp,
4428 		    &errorp);
4429 		if (ldaprc != NS_LDAP_SUCCESS ||
4430 		    (authpp == NULL && op != OP_DUMP)) {
4431 			(void) fprintf(stderr,
4432 			    gettext("No legal authentication method "
4433 			    "configured.\n"));
4434 			(void) fprintf(stderr,
4435 			    gettext("Provide a legal authentication method "
4436 			    "using -a option\n"));
4437 			exit(1);
4438 		}
4439 
4440 		/* Use the first authentication method which is not none */
4441 		for (app = authpp; *app; app++) {
4442 			authp = *app;
4443 			if (authp->type != NS_LDAP_AUTH_NONE) {
4444 				authstried++;
4445 				authority.auth.type = authp->type;
4446 				authority.auth.tlstype = authp->tlstype;
4447 				authority.auth.saslmech = authp->saslmech;
4448 				authority.auth.saslopt = authp->saslopt;
4449 				break;
4450 			}
4451 		}
4452 		if (authstried == 0 && op != OP_DUMP) {
4453 			(void) fprintf(stderr,
4454 			    gettext("No legal authentication method configured."
4455 			    "\nProvide a legal authentication method using "
4456 			    "-a option"));
4457 			exit(1);
4458 		}
4459 		if (authority.auth.saslmech == NS_LDAP_SASL_GSSAPI &&
4460 		    authority.cred.unix_cred.passwd != NULL &&
4461 		    authority.cred.unix_cred.userID != NULL) {
4462 			/*
4463 			 * -a is not specified and the auth method sasl/GSSAPI
4464 			 * is defined in the configuration of the ldap profile.
4465 			 * Even -D and -w is provided it's not valid usage.
4466 			 * Drop them on the floor.
4467 			 */
4468 
4469 			(void) fprintf(stderr,
4470 			    gettext("The default authentication is "
4471 			    "sasl/GSSAPI.\n"
4472 			    "The bind DN and password will be ignored.\n"));
4473 			authority.cred.unix_cred.passwd = NULL;
4474 			authority.cred.unix_cred.userID = NULL;
4475 		}
4476 	}
4477 
4478 	ttype = argv[optind++];
4479 
4480 	if (ttype == NULL) {
4481 		usage(gettext("No database type specified"));
4482 		exit(1);
4483 	}
4484 
4485 	if (strncasecmp(ttype, "automount", 9) == 0) {
4486 		(void) fprintf(stderr,
4487 		    gettext("automount is not a valid service for ldapaddent.\n"
4488 		    "Please use auto_*.\n"
4489 		    "e.g.  auto_home, auto_ws etc.\n "));
4490 		exit(1);
4491 	}
4492 
4493 	for (tt = ttypelist; tt->ttype; tt++) {
4494 		if (strcmp(tt->ttype, ttype) == 0)
4495 			break;
4496 		if (strcmp(tt->ttype, NS_LDAP_TYPE_AUTOMOUNT) == 0 &&
4497 		    strncmp(ttype, NS_LDAP_TYPE_AUTOMOUNT,
4498 		    sizeof (NS_LDAP_TYPE_AUTOMOUNT) - 1) == 0)
4499 			break;
4500 	}
4501 
4502 	if (tt->ttype == 0) {
4503 		(void) fprintf(stderr,
4504 		    gettext("database %s not supported;"
4505 		    " supported databases are:\n"), ttype);
4506 		for (tt = ttypelist; tt->ttype; tt++)
4507 			(void) fprintf(stderr, gettext("\t%s\n"), tt->ttype);
4508 		exit(1);
4509 	}
4510 
4511 	if (flags & F_VERBOSE)
4512 		(void) fprintf(stdout, gettext("SERVICE = %s\n"), tt->ttype);
4513 
4514 	databasetype = ttype;
4515 
4516 	if (strcmp(tt->ttype, NS_LDAP_TYPE_AUTOMOUNT) == 0) {
4517 		paramVal = NULL;
4518 		errorp = NULL;
4519 		rc = __ns_ldap_getParam(NS_LDAP_FILE_VERSION_P, &paramVal,
4520 		    &errorp);
4521 		if (paramVal && *paramVal &&
4522 		    strcasecmp(*paramVal, NS_LDAP_VERSION_1) == 0)
4523 			version1 = 1;
4524 		if (paramVal)
4525 			(void) __ns_ldap_freeParam(&paramVal);
4526 		if (errorp)
4527 			(void) __ns_ldap_freeError(&errorp);
4528 	}
4529 
4530 	/* Check if the container exists in first place */
4531 	(void) strcpy(&filter[0], "(objectclass=*)");
4532 
4533 	rc = __ns_ldap_list(databasetype, filter, NULL, (const char **)NULL,
4534 	    NULL, NS_LDAP_SCOPE_BASE, &resultp, &errorp, NULL, NULL);
4535 
4536 	/* create a container for auto_* if it does not exist already */
4537 	if ((rc == NS_LDAP_NOTFOUND) && (op == OP_ADD) &&
4538 	    (strcmp(tt->ttype, NS_LDAP_TYPE_AUTOMOUNT) == 0)) {
4539 		static	char *oclist[] = {NULL, "top", NULL};
4540 		if (version1)
4541 			oclist[0] = "nisMap";
4542 		else
4543 			oclist[0] = "automountMap";
4544 		e = __s_mk_entry(oclist, 3);
4545 		if (e == NULL) {
4546 			(void) fprintf(stderr,
4547 			    gettext("internal memory allocation error.\n"));
4548 			exit(1);
4549 		}
4550 		if (__s_add_attr(e,
4551 		    version1 ? "nisMapName" : "automountMapName",
4552 		    databasetype) != NS_LDAP_SUCCESS) {
4553 			(void) fprintf(stderr,
4554 			    gettext("internal memory allocation error.\n"));
4555 			ldap_freeEntry(e);
4556 			exit(1);
4557 		}
4558 
4559 		if (inputbasedn == NULL) {
4560 			if (get_basedn(databasetype, &inputbasedn) !=
4561 			    NS_LDAP_SUCCESS) {
4562 				(void) fprintf(stderr,
4563 				    gettext("Could not obtain basedn\n"));
4564 				ldap_freeEntry(e);
4565 				exit(1);
4566 			}
4567 		}
4568 		if (__ns_ldap_addEntry(databasetype, inputbasedn, e,
4569 		    &authority, flag, &errorp) != NS_LDAP_SUCCESS) {
4570 			(void) fprintf(stderr,
4571 			    gettext("Could not create container for %s\n"),
4572 			    databasetype);
4573 			ldap_freeEntry(e);
4574 		}
4575 	} else if (strcmp(databasetype, "publickey") != 0) {
4576 		if (rc == NS_LDAP_NOTFOUND) {
4577 			(void) fprintf(stderr,
4578 			    gettext("Container %s does not exist\n"),
4579 			    databasetype);
4580 			exit(1);
4581 		}
4582 	}
4583 
4584 	if (op == OP_DUMP) {
4585 		if (strcmp(databasetype, "publickey") == 0) {
4586 			dumptable("hosts");
4587 			dumptable("passwd");
4588 		} else {
4589 			dumptable(databasetype);
4590 		}
4591 		exit(exit_val);
4592 	}
4593 
4594 	if (etcfile) {
4595 		if ((etcf = fopen(etcfile, "r")) == 0) {
4596 			(void) fprintf(stderr,
4597 			    gettext("can't open file %s\n"), etcfile);
4598 			exit(1);
4599 		}
4600 	} else {
4601 		etcfile = "stdin";
4602 		etcf = stdin;
4603 	}
4604 
4605 	if (op == OP_ADD) {
4606 		(void) addfile();
4607 		(void) fprintf(stdout, gettext("%d entries added\n"), nent_add);
4608 	}
4609 
4610 	__ns_ldap_cancelStandalone();
4611 	/* exit() -> return for make lint */
4612 	return (exit_val);
4613 }
4614 
4615 
4616 /*
4617  * This is called when service == auto_*.
4618  * It calls __ns_ldap_getSearchDescriptors
4619  * to generate the dn from SSD's base dn.
4620  * If there is no SSD available,
4621  * default base dn will be used
4622  * Only the first baseDN in the SSD is used
4623  */
4624 
4625 static int get_basedn(char *service, char **basedn) {
4626 	int rc = NS_LDAP_SUCCESS;
4627 	char *dn = NULL;
4628 	ns_ldap_search_desc_t **desc = NULL;
4629 	ns_ldap_error_t *errp = NULL;
4630 	void		**paramVal = NULL;
4631 	int		prepend_automountmapname = FALSE;
4632 
4633 	/*
4634 	 * Get auto_* SSD first
4635 	 */
4636 
4637 	if ((rc = __ns_ldap_getSearchDescriptors(
4638 			(const char *) service,
4639 			&desc, &errp))  == NS_LDAP_SUCCESS &&
4640 		desc != NULL) {
4641 
4642 		if (desc[0] != NULL && desc[0]->basedn != NULL) {
4643 			dn = strdup(desc[0]->basedn);
4644 			if (dn == NULL) {
4645 				(void) __ns_ldap_freeSearchDescriptors
4646 						(&desc);
4647 				return (NS_LDAP_MEMORY);
4648 			}
4649 		}
4650 	}
4651 
4652 	/* clean up */
4653 	if (desc) (void) __ns_ldap_freeSearchDescriptors(&desc);
4654 	if (errp) (void) __ns_ldap_freeError(&errp);
4655 
4656 	/*
4657 	 * If no dn is duplicated from auto_* SSD, try automount SSD
4658 	 */
4659 	if (dn == NULL) {
4660 		if ((rc = __ns_ldap_getSearchDescriptors(
4661 				"automount", &desc, &errp))
4662 				== NS_LDAP_SUCCESS && desc != NULL) {
4663 
4664 			if (desc[0] != NULL && desc[0]->basedn != NULL) {
4665 				dn = strdup(desc[0]->basedn);
4666 				if (dn == NULL) {
4667 					(void) __ns_ldap_freeSearchDescriptors
4668 							(&desc);
4669 					return (NS_LDAP_MEMORY);
4670 				}
4671 				prepend_automountmapname = TRUE;
4672 			}
4673 		}
4674 		/* clean up */
4675 		if (desc) (void) __ns_ldap_freeSearchDescriptors(&desc);
4676 		if (errp) (void) __ns_ldap_freeError(&errp);
4677 	}
4678 
4679 	/*
4680 	 * If no dn is duplicated from auto_* or automount SSD,
4681 	 * use default DN
4682 	 */
4683 
4684 	if (dn == NULL) {
4685 		if ((rc = __ns_ldap_getParam(NS_LDAP_SEARCH_BASEDN_P,
4686 			&paramVal, &errp)) == NS_LDAP_SUCCESS) {
4687 			dn = strdup((char *)paramVal[0]);
4688 			if (dn == NULL) {
4689 				(void) __ns_ldap_freeParam(&paramVal);
4690 				return (NS_LDAP_MEMORY);
4691 			}
4692 			prepend_automountmapname = TRUE;
4693 		}
4694 		if (paramVal) (void) __ns_ldap_freeParam(&paramVal);
4695 		if (errp) (void) __ns_ldap_freeError(&errp);
4696 	}
4697 
4698 
4699 	if (dn == NULL) {
4700 		return (NS_LDAP_OP_FAILED);
4701 	} else {
4702 		/*
4703 		 * If dn is duplicated from
4704 		 * automount SSD basedn or
4705 		 * default base dn
4706 		 * then prepend automountMapName=auto_xxx
4707 		 */
4708 		if (prepend_automountmapname)
4709 			rc = __s_api_prepend_automountmapname_to_dn(
4710 				service, &dn, &errp);
4711 
4712 		if (rc != NS_LDAP_SUCCESS) {
4713 			(void) __ns_ldap_freeError(&errp);
4714 			free(dn);
4715 			return (rc);
4716 		}
4717 
4718 		*basedn = dn;
4719 
4720 		return (NS_LDAP_SUCCESS);
4721 	}
4722 }
4723 static char *
4724 h_errno2str(int h_errno) {
4725 	switch (h_errno) {
4726 	case HOST_NOT_FOUND:
4727 		return ("HOST_NOT_FOUND");
4728 	case TRY_AGAIN:
4729 		return ("TRY_AGAIN");
4730 	case NO_RECOVERY:
4731 		return ("NO_RECOVERY");
4732 	case NO_DATA:
4733 		return ("NO_DATA");
4734 	default:
4735 		break;
4736 	}
4737 	return ("UNKNOWN_ERROR");
4738 }
4739