xref: /titanic_51/usr/src/lib/libnisdb/nis_parse_ldap_conf.c (revision c2765d203a42aaeda144370182c6cda62904d860)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #include <stdio.h>
27 #include <string.h>
28 #include <stdlib.h>
29 #include <ctype.h>
30 #include <fcntl.h>
31 #include <unistd.h>
32 #include <errno.h>
33 #include <locale.h>
34 #include <sys/stat.h>
35 #include <lber.h>
36 #include <ldap.h>
37 #include <deflt.h>
38 
39 #include "ldap_map.h"
40 
41 #include "ldap_parse.h"
42 #include "ldap_glob.h"
43 #include "nis_parse_ldap_conf.h"
44 
45 __nis_ldap_proxy_info	proxyInfo		=
46 	{NULL, (auth_method_t)NO_VALUE_SET, (tls_method_t)NO_VALUE_SET, NULL,
47 		NULL, NULL, NULL, NULL, (follow_referral_t)NO_VALUE_SET};
48 __nis_config_t		ldapConfig;
49 __nisdb_table_mapping_t ldapDBTableMapping;
50 __nis_table_mapping_t	*ldapTableMapping	= NULL;
51 __yp_domain_context_t	ypDomains;
52 
53 parse_error		p_error			= no_parse_error;
54 int			cur_line_num		= 0;
55 int			start_line_num		= 0;
56 int			seq_num 		= 0;
57 const char		*warn_file		= NULL;
58 
59 char			_key_val[38];
60 const char		*command_line_source	= NULL;
61 const char		*file_source		= NULL;
62 const char		*ldap_source		= NULL;
63 
64 static
65 const char *const	*cmdline_config		= NULL;
66 static bool_t		got_config_data		= FALSE;
67 
68 /* high level parsing functions functions */
69 static int parse_ldap_cmd_line(const char *const *cmdline_options,
70     __nis_ldap_proxy_info *proxy_info, __nis_config_t *nis_config,
71     __nis_table_mapping_t **table_mapping, __nis_config_info_t *config_info,
72     __nisdb_table_mapping_t *table_info);
73 static int parse_ldap_default_conf(__nis_ldap_proxy_info *proxy_info,
74     __nis_config_t *nis_config, __nis_config_info_t *config_info,
75     __nisdb_table_mapping_t *table_info);
76 static int parse_ldap_config_file(const char *config_file,
77     __nis_ldap_proxy_info *proxy_info, __nis_config_t *nis_config,
78     __nis_table_mapping_t **table_mapping, __nis_config_info_t *config_info,
79     __nisdb_table_mapping_t *table_info);
80 static int parse_ldap_config_dn_attrs(__nis_ldap_proxy_info *proxy_info,
81     __nis_config_t *nis_config, __nis_table_mapping_t **table_mapping,
82     __nis_config_info_t *config_info, __nisdb_table_mapping_t *table_info);
83 static int yp_parse_ldap_default_conf(__nis_ldap_proxy_info *proxy_info,
84 	__nis_config_t *nis_config, __nis_config_info_t *config_info,
85 	__nisdb_table_mapping_t *table_info);
86 
87 
88 /* helper functions */
89 static config_key get_attrib_num_cmdline(const char *s,
90     const char **begin_s, const char **end_s);
91 static config_key get_file_attr_val(int fd, char **attr_val);
92 static void get_attribute_list(
93 	const __nis_ldap_proxy_info *proxy_info,
94 	const __nis_config_t *nis_config,
95 	const __nis_config_info_t *config_info,
96 	const __nisdb_table_mapping_t *table_info,
97 	char **ldap_config_attributes);
98 
99 /*
100  * FUNCTION:	parse_ldap_migration
101  *
102  *	Parses the information for LDAP. The values are first
103  *	obtained from the command line, secondly from the preference
104  *	file, and finally from an LDAP profile (if so configured in
105  *	the command line or preference file). Any unset values will
106  *	be set to their default values.
107  *
108  *	If no command line options, no settings in the /etc/default
109  *  configuration file, and no mapping file, then no mapping
110  *  should be used.
111  *
112  * RETURN VALUE:
113  *			0	Success
114  *			-1	Config file stat/open or parse error
115  *			1	No mapping should be used.
116  *
117  * INPUT:		command line parameters, configuration file
118  */
119 
120 int
121 parse_ldap_migration(
122 	const char *const	*cmdline_options,
123 	const char		*config_file)
124 {
125 	int			rc	= 0;
126 	__nis_config_info_t	config_info
127 				= {NULL, NULL, (auth_method_t)NO_VALUE_SET,
128 					(tls_method_t)NO_VALUE_SET, NULL,
129 					NULL, NULL};
130 	struct stat		buf;
131 	int i = 0;
132 
133 	p_error = no_parse_error;
134 
135 	if (verbose)
136 		report_info("Getting LDAP configuration", NULL);
137 
138 	initialize_parse_structs(&proxyInfo, &ldapConfig, &ldapDBTableMapping);
139 
140 	if (yp2ldap)
141 		initialize_yp_parse_structs(&ypDomains);
142 
143 	if (cmdline_options != NULL) {
144 		got_config_data = TRUE;
145 		/* NIS to LDAP does not read command line attributes */
146 		if (!yp2ldap)
147 			rc = parse_ldap_cmd_line(cmdline_options, &proxyInfo,
148 			    &ldapConfig, &ldapTableMapping, &config_info,
149 			    &ldapDBTableMapping);
150 		else
151 			rc = 0;
152 	}
153 
154 	if (rc == 0) {
155 		if (yp2ldap)
156 			rc = yp_parse_ldap_default_conf(&proxyInfo, &ldapConfig,
157 			    &config_info, &ldapDBTableMapping);
158 		else
159 			rc = parse_ldap_default_conf(&proxyInfo, &ldapConfig,
160 			    &config_info, &ldapDBTableMapping);
161 	}
162 
163 	if (config_file == NULL) {
164 		if (yp2ldap) {
165 			if (stat(YP_DEFAULT_MAPPING_FILE, &buf) == 0)
166 				config_file = YP_DEFAULT_MAPPING_FILE;
167 		} else {
168 			if (stat(DEFAULT_MAPPING_FILE, &buf) == 0)
169 				config_file = DEFAULT_MAPPING_FILE;
170 		}
171 	}
172 
173 	if (rc == 0 && config_file != NULL) {
174 		got_config_data = TRUE;
175 		warn_file = config_file;
176 		cmdline_config = cmdline_options;
177 		if (yp2ldap)
178 			rc = yp_parse_ldap_config_file(config_file, &proxyInfo,
179 			    &ldapConfig, &ldapTableMapping, &config_info,
180 			    &ldapDBTableMapping, &ypDomains);
181 		else
182 			rc = parse_ldap_config_file(config_file, &proxyInfo,
183 			    &ldapConfig, &ldapTableMapping, &config_info,
184 			    &ldapDBTableMapping);
185 
186 		warn_file = NULL;
187 		cmdline_config = NULL;
188 	}
189 	if (rc == 0 && (config_info.config_dn != NULL) &&
190 	    (config_info.config_dn[0] != '\0')) {
191 		rc = parse_ldap_config_dn_attrs(&proxyInfo,
192 		    &ldapConfig, &ldapTableMapping, &config_info,
193 		    &ldapDBTableMapping);
194 	}
195 
196 	free_config_info(&config_info);
197 
198 	if (rc == 0 && got_config_data == FALSE)
199 		rc = 1;
200 
201 	set_default_values(&proxyInfo, &ldapConfig, &ldapDBTableMapping);
202 
203 	if (yp2ldap == 1 && rc == 0) {
204 		rc = second_parser_pass(&ldapTableMapping);
205 		if (rc == 0)
206 			rc = final_parser_pass(&ldapTableMapping, &ypDomains);
207 		if (rc == -2)
208 			return (-1);
209 	}
210 
211 	if (rc == 0)
212 		rc = finish_parse(&proxyInfo, &ldapTableMapping);
213 
214 	if (rc == 0)
215 		rc = linked2hash(ldapTableMapping);
216 
217 	if ((rc == 0) && yptol_mode)
218 		rc = map_id_list_init();
219 
220 	if (rc != 0) {
221 		free_parse_structs();
222 	} else if (verbose)
223 		report_info("LDAP configuration complete", NULL);
224 	return (rc);
225 }
226 
227 /*
228  * FUNCTION:	parse_ldap_cmd_line
229  *
230  *	Parses the information for LDAP from the command line
231  *
232  * RETURN VALUE:	0 on success, -1 on failure
233  *
234  * INPUT:		command line values
235  */
236 
237 static int
238 parse_ldap_cmd_line(
239 	const char *const	*cmdline_options,
240 	__nis_ldap_proxy_info	*proxy_info,
241 	__nis_config_t		*nis_config,
242 	__nis_table_mapping_t	**table_mapping,
243 	__nis_config_info_t	*config_info,
244 	__nisdb_table_mapping_t	*table_info)
245 {
246 	int		rc = 0;
247 	config_key	attrib_num;
248 	const char	*begin_s;
249 	const char	*end_s;
250 
251 	if (verbose)
252 		report_info("Command line values: ", NULL);
253 	while (*cmdline_options != NULL) {
254 		if (verbose)
255 			report_info("\t", *cmdline_options);
256 
257 		attrib_num = get_attrib_num_cmdline(
258 		    *cmdline_options, &begin_s, &end_s);
259 		if (attrib_num == key_bad) {
260 			command_line_source = "command line";
261 			report_error(*cmdline_options, NULL);
262 			command_line_source = NULL;
263 			rc = -1;
264 			break;
265 		} else if (IS_CONFIG_KEYWORD(attrib_num)) {
266 			rc = add_config_attribute(attrib_num,
267 			    begin_s, end_s - begin_s, config_info);
268 		} else if (IS_BIND_INFO(attrib_num)) {
269 			rc = add_bind_attribute(attrib_num,
270 			    begin_s, end_s - begin_s, proxy_info);
271 		} else if (IS_OPER_INFO(attrib_num)) {
272 			rc = add_operation_attribute(attrib_num,
273 			    begin_s, end_s - begin_s, nis_config,
274 			    table_info);
275 		} else {
276 			rc = add_mapping_attribute(attrib_num,
277 			    begin_s, end_s - begin_s, table_mapping);
278 		}
279 
280 		if (rc < 0) {
281 			command_line_source = "command line";
282 			report_error(begin_s, _key_val);
283 			command_line_source = NULL;
284 			break;
285 		}
286 		cmdline_options++;
287 	}
288 	return (rc);
289 }
290 
291 static int
292 parse_ldap_default_conf(
293 	__nis_ldap_proxy_info *proxy_info,
294 	__nis_config_t *nis_config,
295 	__nis_config_info_t *config_info,
296 	__nisdb_table_mapping_t	*table_info)
297 {
298 	int		rc = 0;
299 	char		*ldap_config_attributes[n_config_keys];
300 	char		attr_buf[128];
301 	char		*attr;
302 	char		*attr_val;
303 	int		defflags;
304 	config_key	attrib_num;
305 	int		i;
306 	int		len;
307 	int		attr_len;
308 	void		*defp;
309 
310 	if ((defp = defopen_r(ETCCONFFILE)) != NULL) {
311 		file_source = ETCCONFFILE;
312 		if (verbose)
313 			report_info("default configuration values: ", NULL);
314 		/* Set defread_r() to be case insensitive */
315 		defflags = defcntl_r(DC_GETFLAGS, 0, defp);
316 		TURNOFF(defflags, DC_CASE);
317 		(void) defcntl_r(DC_SETFLAGS, defflags, defp);
318 
319 		get_attribute_list(proxy_info, nis_config, config_info,
320 		    table_info, ldap_config_attributes);
321 		i = 0;
322 		while ((attr = ldap_config_attributes[i++]) != NULL) {
323 			(void) strlcpy(attr_buf, attr, sizeof (attr_buf));
324 			/*
325 			 * if nisplusUpdateBatching, make sure
326 			 * we don't match nisplusUpdateBatchingTimeout
327 			 */
328 			if (strcmp(attr, UPDATE_BATCHING) == 0) {
329 				attr_len = strlen(attr);
330 				attr_buf[attr_len] = '=';
331 				attr_buf[attr_len + 1] = '\0';
332 				attr_val = defread_r(attr_buf, defp);
333 
334 				if (attr_val == 0) {
335 					attr_buf[attr_len] = ' ';
336 					attr_val = defread_r(attr_buf, defp);
337 				}
338 				if (attr_val == 0) {
339 					attr_buf[attr_len] = '\t';
340 					attr_val = defread_r(attr_buf, defp);
341 				}
342 				if (attr_val == 0) {
343 					attr_buf[attr_len] = '\n';
344 					attr_val = defread_r(attr_buf, defp);
345 				}
346 			} else {
347 				attr_val = defread_r(attr_buf, defp);
348 			}
349 			if (attr_val == NULL)
350 				continue;
351 
352 			got_config_data = TRUE;
353 			attrib_num = get_attrib_num(attr, strlen(attr));
354 			if (attrib_num == key_bad) {
355 				report_error(attr, NULL);
356 				rc = -1;
357 				break;
358 			}
359 
360 			/*
361 			 * Allow either entries of the form
362 			 *	attr val
363 			 *	   or
364 			 *	attr = val
365 			 */
366 			while (is_whitespace(*attr_val))
367 				attr_val++;
368 			if (*attr_val == '=')
369 				attr_val++;
370 			while (is_whitespace(*attr_val))
371 				attr_val++;
372 			len = strlen(attr_val);
373 			while (len > 0 && is_whitespace(attr_val[len - 1]))
374 				len--;
375 
376 			if (verbose) {
377 				report_info("\t", attr);
378 				report_info("\t\t", attr_val);
379 			}
380 			if (IS_BIND_INFO(attrib_num)) {
381 				rc = add_bind_attribute(attrib_num,
382 				    attr_val, len, proxy_info);
383 			} else if (IS_OPER_INFO(attrib_num)) {
384 				rc = add_operation_attribute(attrib_num,
385 				    attr_val, len, nis_config,
386 				    table_info);
387 			}
388 			if (p_error != no_parse_error) {
389 				report_error(attr_val, attr);
390 				rc = -1;
391 				break;
392 			}
393 		}
394 		file_source = NULL;
395 		/* Close the /etc/default file */
396 		defclose_r(defp);
397 	}
398 	return (rc);
399 }
400 
401 static int
402 yp_parse_ldap_default_conf(
403 	__nis_ldap_proxy_info *proxy_info,
404 	__nis_config_t	*nis_config,
405 	__nis_config_info_t *config_info,
406 	__nisdb_table_mapping_t *table_info)
407 {
408 	int rc = 0;
409 	char		*ldap_config_attributes[n_config_keys];
410 	char		attr_buf[128];
411 	char		*attr;
412 	char		*attr_val;
413 	int		defflags;
414 	config_key	attrib_num;
415 	int 	i, len, attr_len;
416 	void		*defp;
417 
418 	if ((defp = defopen_r(YP_ETCCONFFILE)) != NULL) {
419 		file_source = YP_ETCCONFFILE;
420 		if (verbose)
421 			report_info("default configuration values: ", NULL);
422 		/* Set defread_r() to be case insensitive */
423 		defflags = defcntl_r(DC_GETFLAGS, 0, defp);
424 		TURNOFF(defflags, DC_CASE);
425 		(void) defcntl_r(DC_SETFLAGS, defflags, defp);
426 
427 		get_attribute_list(proxy_info, nis_config, config_info,
428 		    table_info, ldap_config_attributes);
429 		i = 0;
430 		while ((attr = ldap_config_attributes[i++]) != NULL) {
431 			if ((strlcpy(attr_buf, attr, sizeof (attr_buf))) >=
432 			    sizeof (attr_buf)) {
433 				report_error(
434 				    "Static buffer attr_buf overflow", NULL);
435 				defclose_r(defp);
436 				return (-1);
437 			}
438 
439 			if ((attr_val = defread_r(attr_buf, defp)) == NULL)
440 				continue;
441 
442 			got_config_data = TRUE;
443 			attrib_num = get_attrib_num(attr, strlen(attr));
444 			if (attrib_num == key_bad) {
445 				report_error(attr, NULL);
446 				rc = -1;
447 				break;
448 			}
449 
450 			/*
451 			 * Allow either entries of the form
452 			 * attr val
453 			 * or
454 			 * attr = val
455 			 */
456 			while (is_whitespace(*attr_val))
457 				attr_val++;
458 			if (*attr_val == '=')
459 				attr_val++;
460 			while (is_whitespace(*attr_val))
461 				attr_val++;
462 			len = strlen(attr_val);
463 			while (len > 0 && is_whitespace(attr_val[len - 1]))
464 				len--;
465 
466 			if (verbose) {
467 				report_info("\t", attr);
468 				report_info("\t\t", attr_val);
469 			}
470 			if (IS_YP_BIND_INFO(attrib_num)) {
471 				rc = add_bind_attribute(attrib_num,
472 				    attr_val, len, proxy_info);
473 			} else if (IS_YP_OPER_INFO(attrib_num)) {
474 				rc = add_operation_attribute(attrib_num,
475 				    attr_val, len, nis_config,
476 				    table_info);
477 			}
478 			if (p_error != no_parse_error) {
479 				report_error(attr_val, attr);
480 				rc = -1;
481 				break;
482 			}
483 		}
484 		file_source = NULL;
485 		/* Close the /etc/default file */
486 		defclose_r(defp);
487 	}
488 	return (rc);
489 }
490 
491 /*
492  * FUNCTION:	get_attrib_num_cmdline
493  *
494  *	Parses the information for LDAP from the command line
495  *	The form of the command line request is
496  *		-x attribute=value
497  *
498  * RETURN VALUE:	0 on success, -1 on failure
499  *
500  * INPUT:		command line values
501  */
502 
503 static config_key
504 get_attrib_num_cmdline(
505 	const char	*s,
506 	const char 	**begin_s,
507 	const char 	**end_s)
508 {
509 	const char	*s_end		= s + strlen(s);
510 	const char	*equal_s;
511 	const char	*s1;
512 	config_key	attrib_num;
513 
514 	while (s < s_end && is_whitespace(*s))
515 		s++;
516 
517 	for (equal_s = s; equal_s < s_end; equal_s++)
518 		if (*equal_s == EQUAL_CHAR)
519 			break;
520 
521 	if (equal_s == s_end) {
522 		p_error = parse_bad_command_line_attribute_format;
523 		return (key_bad);
524 	}
525 
526 	for (s1 = equal_s; s1 > s && is_whitespace(s1[-1]); s1--)
527 		;
528 
529 	if (s1 == s) {
530 		p_error = parse_bad_command_line_attribute_format;
531 		return (key_bad);
532 	}
533 
534 	attrib_num = get_attrib_num(s, s1 - s);
535 
536 	if (attrib_num != key_bad) {
537 		s1 = equal_s + 1;
538 		while (s1 < s_end && is_whitespace(*s1))
539 			s1++;
540 		*begin_s = s1;
541 		while (s_end > s1 && is_whitespace(s_end[-1]))
542 			s_end--;
543 		*end_s = s_end;
544 	}
545 
546 	return (attrib_num);
547 }
548 
549 /*
550  * FUNCTION:	parse_ldap_config_file
551  *
552  *	Parses the information for LDAP from a configuration
553  *	file. If no file is specified, /var/nis/NIS+LDAPmapping
554  *	is used
555  *
556  * RETURN VALUE:	0 on success, -1 on failure
557  *
558  * INPUT:		configuration file name
559  */
560 
561 static int
562 parse_ldap_config_file(
563 	const char 		*config_file,
564 	__nis_ldap_proxy_info	*proxy_info,
565 	__nis_config_t		*nis_config,
566 	__nis_table_mapping_t	**table_mapping,
567 	__nis_config_info_t	*config_info,
568 	__nisdb_table_mapping_t	*table_info)
569 {
570 	int		rc = 0;
571 	config_key	attrib_num;
572 	int		fd;
573 	char		*attr_val;
574 	int		len;
575 
576 	if ((fd = open(config_file, O_RDONLY)) == -1) {
577 		p_error = parse_open_file_error;
578 		report_error(config_file, NULL);
579 		return (-1);
580 	}
581 
582 	start_line_num = 1;
583 	cur_line_num = 1;
584 
585 	if (verbose)
586 		report_info("Reading configuration from ", config_file);
587 
588 	file_source = config_file;
589 	while ((attrib_num = get_file_attr_val(fd, &attr_val)) > 0) {
590 		len = attr_val == NULL ? 0 : strlen(attr_val);
591 		if (IS_CONFIG_KEYWORD(attrib_num)) {
592 			rc = add_config_attribute(attrib_num,
593 			    attr_val, len, config_info);
594 		} else if (IS_BIND_INFO(attrib_num)) {
595 			rc = add_bind_attribute(attrib_num,
596 			    attr_val, len, proxy_info);
597 		} else if (IS_OPER_INFO(attrib_num)) {
598 			rc = add_operation_attribute(attrib_num,
599 			    attr_val, len, nis_config, table_info);
600 		} else {
601 			rc = add_mapping_attribute(attrib_num,
602 			    attr_val, len, table_mapping);
603 		}
604 
605 		if (rc < 0) {
606 			report_error(attr_val == NULL ?
607 			    "<no attribute>" : attr_val, _key_val);
608 			if (attr_val)
609 				free(attr_val);
610 			break;
611 		}
612 		if (attr_val)
613 			free(attr_val);
614 	}
615 
616 	(void) close(fd);
617 	if (attrib_num == key_bad) {
618 		report_error(_key_val, NULL);
619 		rc = -1;
620 	}
621 	start_line_num = 0;
622 	file_source = NULL;
623 	return (rc);
624 }
625 
626 /*
627  * FUNCTION:	yp_parse_ldap_config_file
628  *
629  * Parses the information for LDAP from a configuration
630  * file. If no file is specified, /var/yp/NISLDAPmapping
631  * is used
632  *
633  * RETURN VALUE:    0 on success, -1 on failure
634  *
635  * INPUT:       configuration file name
636  */
637 
638 int
639 yp_parse_ldap_config_file(
640 	const char	*config_file,
641 	__nis_ldap_proxy_info	*proxy_info,
642 	__nis_config_t			*nis_config,
643 	__nis_table_mapping_t	**table_mapping,
644 	__nis_config_info_t		*config_info,
645 	__nisdb_table_mapping_t	*table_info,
646 	__yp_domain_context_t	*ypDomains)
647 {
648 	int	rc = 0;
649 	int	numDomains = 0;
650 	config_key	attrib_num;
651 	int	fd;
652 	char	*attr_val = NULL;
653 	int		len;
654 
655 	if ((fd = open(config_file, O_RDONLY)) == -1) {
656 		p_error = parse_open_file_error;
657 		report_error(config_file, NULL);
658 		return (-1);
659 	}
660 
661 	start_line_num = 1;
662 	cur_line_num = 1;
663 
664 	if (verbose)
665 		report_info("Reading configuration from ", config_file);
666 
667 	file_source = config_file;
668 	while ((attrib_num = get_file_attr_val(fd, &attr_val)) > 0) {
669 		len = attr_val == NULL ? 0 : strlen(attr_val);
670 		if (IS_YP_CONFIG_KEYWORD(attrib_num)) {
671 			rc = add_config_attribute(attrib_num,
672 			    attr_val, len, config_info);
673 		} else if (IS_YP_BIND_INFO(attrib_num)) {
674 			rc = add_bind_attribute(attrib_num,
675 			    attr_val, len, proxy_info);
676 		} else if (IS_YP_OPER_INFO(attrib_num)) {
677 			rc = add_operation_attribute(attrib_num,
678 			    attr_val, len, nis_config, table_info);
679 		} else if (IS_YP_DOMAIN_INFO(attrib_num)) {
680 			rc = add_ypdomains_attribute(attrib_num,
681 			    attr_val, len, ypDomains);
682 		} else if (IS_YP_MAP_ATTR(attrib_num)) {
683 			rc = add_mapping_attribute(attrib_num,
684 			    attr_val, len, table_mapping);
685 		} else {
686 			rc = -1;
687 			p_error = parse_unsupported_format;
688 		}
689 
690 		if (rc < 0) {
691 			report_error(attr_val == NULL ?
692 			    "<no attribute>" : attr_val, _key_val);
693 			if (attr_val)
694 				free(attr_val);
695 			break;
696 		}
697 		if (attr_val) {
698 			free(attr_val);
699 			attr_val = NULL;
700 		}
701 	}
702 
703 	(void) close(fd);
704 	if (attrib_num == key_bad) {
705 		report_error(_key_val, NULL);
706 		rc = -1;
707 	}
708 	start_line_num = 0;
709 	file_source = NULL;
710 	return (rc);
711 }
712 
713 /*
714  * FUNCTION:	get_file_attr_val
715  *
716  *	Gets the next attribute from the configuration file.
717  *
718  * RETURN VALUE:	The config key if more attributes
719  *			no_more_keys if eof
720  *			key_bad if error
721  */
722 
723 static config_key
724 get_file_attr_val(int fd, char **attr_val)
725 {
726 	char		buf[BUFSIZE];
727 	char		*start_tag;
728 	char		*start_val;
729 	char		*end_val;
730 	char		*cut_here;
731 	char		*s;
732 	char		*a;
733 	char		*attribute_value;
734 	int		ret;
735 	config_key	attrib_num = no_more_keys;
736 	int		found_quote = 0;
737 
738 	*attr_val = NULL;
739 
740 	if ((ret = read_line(fd, buf, sizeof (buf))) > 0) {
741 		for (s = buf; is_whitespace(*s); s++)
742 			;
743 
744 		start_tag = s;
745 		while (*s != '\0' && !is_whitespace(*s))
746 			s++;
747 
748 		if (verbose)
749 			report_info("\t", start_tag);
750 		attrib_num = get_attrib_num(start_tag, s - start_tag);
751 		if (attrib_num == key_bad)
752 			return (key_bad);
753 
754 		while (is_whitespace(*s))
755 			s++;
756 		if (*s == '\0')
757 			return (attrib_num);
758 		start_val = s;
759 
760 		/* note that read_line will not return a line ending with \ */
761 		for (; *s != '\0'; s++) {
762 			if (*s == ESCAPE_CHAR)
763 				s++;
764 		}
765 		while (s > start_val && is_whitespace(s[-1]))
766 			s--;
767 
768 		attribute_value =
769 		    calloc(1, (size_t)(s - start_val) + 1);
770 		if (attribute_value == NULL) {
771 			p_error = parse_no_mem_error;
772 			return (key_bad);
773 		}
774 		attr_val[0] = attribute_value;
775 
776 		a = *attr_val;
777 		end_val = s;
778 		cut_here = 0;
779 		for (s = start_val; s < end_val; s++) {
780 			if (*s == POUND_SIGN) {
781 					cut_here = s;
782 					while (s < end_val) {
783 						if (*s == DOUBLE_QUOTE_CHAR ||
784 						    *s == SINGLE_QUOTE_CHAR) {
785 							cut_here = 0;
786 							break;
787 						}
788 						s++;
789 					}
790 			}
791 		}
792 		if (cut_here != 0)
793 			end_val = cut_here;
794 
795 		for (s = start_val; s < end_val; s++)
796 			*a++ = *s;
797 		*a++ = '\0';
798 	}
799 	if (ret == -1)
800 		return (key_bad);
801 
802 	return (attrib_num);
803 }
804 
805 static LDAP *
806 connect_to_ldap_config_server(
807 	char			*sever_name,
808 	int			server_port,
809 	__nis_config_info_t	*config_info)
810 {
811 	int		rc		= 0;
812 	LDAP		*ld		= NULL;
813 	int		ldapVersion	= LDAP_VERSION3;
814 	int		derefOption	= LDAP_DEREF_ALWAYS;
815 	int		timelimit	= LDAP_NO_LIMIT;
816 	int		sizelimit	= LDAP_NO_LIMIT;
817 	int		errnum;
818 	bool_t		retrying	= FALSE;
819 	int		sleep_seconds	= 1;
820 	struct berval	cred;
821 
822 	if (config_info->tls_method == no_tls) {
823 		ld = ldap_init(sever_name, server_port);
824 		if (ld == NULL) {
825 			p_error = parse_ldap_init_error;
826 			report_error(strerror(errno), NULL);
827 			return (NULL);
828 		}
829 	} else {
830 		if ((errnum = ldapssl_client_init(
831 		    config_info->tls_cert_db, NULL)) < 0) {
832 			p_error = parse_ldapssl_client_init_error;
833 			report_error(ldapssl_err2string(errnum), NULL);
834 			return (NULL);
835 		}
836 		ld = ldapssl_init(sever_name, server_port, 1);
837 		if (ld == NULL) {
838 			p_error = parse_ldapssl_init_error;
839 			report_error(strerror(errno), NULL);
840 			return (NULL);
841 		}
842 	}
843 
844 	(void) ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION,
845 	    &ldapVersion);
846 	(void) ldap_set_option(ld, LDAP_OPT_DEREF, &derefOption);
847 	(void) ldap_set_option(ld, LDAP_OPT_REFERRALS, LDAP_OPT_OFF);
848 	(void) ldap_set_option(ld, LDAP_OPT_TIMELIMIT, &timelimit);
849 	(void) ldap_set_option(ld, LDAP_OPT_SIZELIMIT, &sizelimit);
850 
851 	/*
852 	 * Attempt to bind to the LDAP server.
853 	 * We will loop until success or until an error other
854 	 * than LDAP_CONNECT_ERROR or LDAP_SERVER_DOWN
855 	 */
856 	if (verbose)
857 		report_info("Connecting to ", sever_name);
858 
859 	for (;;) {
860 		if (config_info->auth_method == simple) {
861 			errnum = ldap_simple_bind_s(ld, config_info->proxy_dn,
862 			    config_info->proxy_passwd);
863 		} else if (config_info->auth_method == cram_md5) {
864 			cred.bv_len = strlen(config_info->proxy_passwd);
865 			cred.bv_val = config_info->proxy_passwd;
866 			errnum = ldap_sasl_cram_md5_bind_s(ld,
867 			    config_info->proxy_dn, &cred, NULL, NULL);
868 		} else if (config_info->auth_method == digest_md5) {
869 			cred.bv_len = strlen(config_info->proxy_passwd);
870 			cred.bv_val = config_info->proxy_passwd;
871 			errnum = ldap_x_sasl_digest_md5_bind_s(ld,
872 			    config_info->proxy_dn, &cred, NULL, NULL);
873 		} else {
874 			errnum = ldap_simple_bind_s(ld, NULL, NULL);
875 		}
876 
877 		if (errnum == LDAP_SUCCESS)
878 			break;
879 
880 		if (errnum == LDAP_CONNECT_ERROR ||
881 		    errnum == LDAP_SERVER_DOWN) {
882 			if (!retrying) {
883 				if (verbose)
884 					report_info(
885 					"LDAP server unavailable. Retrying...",
886 					    NULL);
887 				retrying = TRUE;
888 			}
889 			(void) sleep(sleep_seconds);
890 			sleep_seconds *= 2;
891 			if (sleep_seconds > MAX_LDAP_CONFIG_RETRY_TIME)
892 				sleep_seconds = MAX_LDAP_CONFIG_RETRY_TIME;
893 			p_error = no_parse_error;
894 			continue;
895 		}
896 		p_error = parse_ldap_bind_error;
897 		report_error2(config_info->proxy_dn, ldap_err2string(errnum));
898 		(void) ldap_unbind(ld);
899 		return (NULL);
900 	}
901 
902 	if (verbose)
903 		report_info("Reading values from ", config_info->config_dn);
904 
905 	return (ld);
906 }
907 
908 /*
909  * FUNCTION:	process_ldap_config_result
910  *
911  *	Extracts the LDAPMessage containing the nis+/LDAP
912  *	configuration
913  *
914  * RETURN VALUE:	0 on success, -1 on failure
915  *
916  * INPUT:		LDAP		the LDAP connection
917  *			LDAPMessage	the LDAP message
918  */
919 
920 static int
921 process_ldap_config_result(
922 	LDAP			*ld,
923 	LDAPMessage		*resultMsg,
924 	__nis_ldap_proxy_info	*proxy_info,
925 	__nis_config_t		*nis_config,
926 	__nis_table_mapping_t	**table_mapping,
927 	__nisdb_table_mapping_t	*table_info)
928 {
929 	LDAPMessage	*e;
930 	int		errnum;
931 	char		*attr;
932 	BerElement	*ber		= NULL;
933 	config_key	attrib_num;
934 	char		**vals;
935 	int		n;
936 	int		i;
937 	char		*attr_val;
938 	int		len;
939 	int		rc = 0;
940 	bool_t		error_reported	= FALSE;
941 
942 	e = ldap_first_entry(ld, resultMsg);
943 
944 	if (e != NULL) {
945 		for (attr = ldap_first_attribute(ld, e, &ber); attr != NULL;
946 		    attr = ldap_next_attribute(ld, e, ber)) {
947 			if (verbose)
948 				report_info("\t", attr);
949 			attrib_num = get_attrib_num(attr, strlen(attr));
950 			if (attrib_num == key_bad) {
951 				report_error(attr, NULL);
952 				break;
953 			}
954 			if ((vals = ldap_get_values(ld, e, attr)) != NULL) {
955 				n = ldap_count_values(vals);
956 				/* parse the attribute values */
957 				for (i = 0; i < n; i++) {
958 					attr_val = vals[i];
959 					while (is_whitespace(*attr_val))
960 						attr_val++;
961 					if (verbose)
962 						report_info("\t\t", attr_val);
963 					len = strlen(attr_val);
964 					while (len > 0 &&
965 					    is_whitespace(attr_val[len - 1]))
966 						len--;
967 		if (yp2ldap) {
968 			if (IS_YP_BIND_INFO(attrib_num)) {
969 				rc = add_bind_attribute(attrib_num, attr_val,
970 				    len, proxy_info);
971 			} else if (IS_YP_OPER_INFO(attrib_num)) {
972 				rc = add_operation_attribute(attrib_num,
973 				    attr_val, len, nis_config, table_info);
974 			} else if (IS_YP_MAP_ATTR(attrib_num)) {
975 				rc = add_mapping_attribute(attrib_num, attr_val,
976 				    len, table_mapping);
977 			} else {
978 				p_error = parse_unsupported_format;
979 			}
980 		} else {
981 			if (IS_BIND_INFO(attrib_num)) {
982 				rc = add_bind_attribute(attrib_num, attr_val,
983 				    len, proxy_info);
984 			} else if (IS_OPER_INFO(attrib_num)) {
985 				rc = add_operation_attribute(attrib_num,
986 				    attr_val, len, nis_config, table_info);
987 			} else {
988 				rc = add_mapping_attribute(attrib_num, attr_val,
989 				    len, table_mapping);
990 			}
991 		}
992 					if (p_error != no_parse_error) {
993 						report_error(attr_val, attr);
994 						error_reported = TRUE;
995 						break;
996 					}
997 				}
998 				ldap_value_free(vals);
999 			} else {
1000 				(void) ldap_get_option(ld,
1001 				    LDAP_OPT_ERROR_NUMBER, &errnum);
1002 				if (errnum != LDAP_SUCCESS)
1003 					p_error = parse_ldap_get_values_error;
1004 			}
1005 			ldap_memfree(attr);
1006 			if (p_error != no_parse_error)
1007 				break;
1008 		}
1009 	} else {
1010 		errnum = ldap_result2error(ld, resultMsg, FALSE);
1011 		if (errnum != LDAP_SUCCESS)
1012 			p_error = parse_ldap_search_error;
1013 	}
1014 	if (ber != NULL)
1015 		ber_free(ber, 0);
1016 
1017 	if (!error_reported && p_error != no_parse_error) {
1018 		report_error(ldap_err2string(errnum), 0);
1019 	}
1020 
1021 	if (p_error != no_parse_error)
1022 		rc = -1;
1023 	return (rc);
1024 }
1025 
1026 /*
1027  * FUNCTION:	process_ldap_referral
1028  *
1029  *	Retrieves the configuration for a referral url
1030  *
1031  * RETURN VALUE:	0 on success, -1 on failure, 1 on skip
1032  *
1033  * INPUT:		url		the ldap url
1034  *			__nis_ldap_proxy_info
1035  */
1036 
1037 static int
1038 process_ldap_referral(
1039 	char			*url,
1040 	char			**attrs,
1041 	__nis_ldap_proxy_info	*proxy_info,
1042 	__nis_config_t		*nis_config,
1043 	__nis_table_mapping_t	**table_mapping,
1044 	__nis_config_info_t	*config_info,
1045 	__nisdb_table_mapping_t	*table_info)
1046 {
1047 	LDAPURLDesc	*ludpp		= NULL;
1048 	int		rc;
1049 	LDAP		*ld		= NULL;
1050 	int		errnum;
1051 	LDAPMessage	*resultMsg	= NULL;
1052 
1053 	if ((rc = ldap_url_parse(url, &ludpp)) != LDAP_SUCCESS)
1054 		return (1);
1055 
1056 #ifdef LDAP_URL_OPT_SECURE
1057 	if (ludpp->lud_options & LDAP_URL_OPT_SECURE) {
1058 		if (config_info->tls_method != ssl_tls) {
1059 			ldap_free_urldesc(ludpp);
1060 			return (1);
1061 		}
1062 	} else {
1063 		if (config_info->tls_method != no_tls) {
1064 			ldap_free_urldesc(ludpp);
1065 			return (1);
1066 		}
1067 	}
1068 #endif
1069 
1070 	if ((ld = connect_to_ldap_config_server(ludpp->lud_host,
1071 	    ludpp->lud_port, config_info)) == NULL) {
1072 		ldap_free_urldesc(ludpp);
1073 		return (-1);
1074 	}
1075 
1076 	errnum = ldap_search_s(ld, config_info->config_dn, LDAP_SCOPE_BASE,
1077 	    "objectclass=nisplusLDAPconfig", attrs, 0, &resultMsg);
1078 
1079 	ldap_source = config_info->config_dn;
1080 
1081 	if (errnum != LDAP_SUCCESS) {
1082 		p_error = parse_ldap_search_error;
1083 		report_error(ldap_err2string(errnum), 0);
1084 		rc = -1;
1085 	} else {
1086 		rc = process_ldap_config_result(ld, resultMsg, proxy_info,
1087 		    nis_config, table_mapping, table_info);
1088 	}
1089 
1090 	ldap_source = NULL;
1091 	(void) ldap_unbind(ld);
1092 	if (resultMsg != NULL)
1093 		(void) ldap_msgfree(resultMsg);
1094 
1095 	return (rc);
1096 }
1097 
1098 /*
1099  * FUNCTION:	process_ldap_referral_msg
1100  *
1101  *	Retrieves the configuration from referred servers
1102  *
1103  * RETURN VALUE:	0 on success, -1 on failure
1104  *
1105  * INPUT:		LDAP		the LDAP connection
1106  *			LDAPMessage	the LDAP message
1107  *			__nis_ldap_proxy_info
1108  */
1109 
1110 static int
1111 process_ldap_referral_msg(
1112 	LDAP			*ld,
1113 	LDAPMessage		*resultMsg,
1114 	char			**attrs,
1115 	__nis_ldap_proxy_info	*proxy_info,
1116 	__nis_config_t		*nis_config,
1117 	__nis_table_mapping_t	**table_mapping,
1118 	__nis_config_info_t	*config_info,
1119 	__nisdb_table_mapping_t	*table_info)
1120 {
1121 	int	errCode;
1122 	char	**referralsp	= NULL;
1123 	int	i;
1124 	int	rc;
1125 
1126 	rc = ldap_parse_result(ld, resultMsg, &errCode, NULL, NULL, &referralsp,
1127 	    NULL, 0);
1128 
1129 	if (rc != LDAP_SUCCESS || errCode != LDAP_REFERRAL) {
1130 		p_error = parse_ldap_get_values_error;
1131 		report_error(ldap_err2string(errCode), 0);
1132 		rc = -1;
1133 	} else {
1134 		for (i = 0; referralsp[i] != NULL; i++) {
1135 			rc = process_ldap_referral(referralsp[i], attrs,
1136 			    proxy_info, nis_config, table_mapping,
1137 			    config_info, table_info);
1138 			if (rc <= 0)
1139 				break;
1140 			else
1141 				report_info("Cannot use referral \n",
1142 				    referralsp[i]);
1143 
1144 		}
1145 		if (rc > 0) {
1146 			p_error = parse_no_available_referrals_error;
1147 			report_error(0, 0);
1148 		}
1149 	}
1150 
1151 	if (referralsp)
1152 		ldap_value_free(referralsp);
1153 
1154 	return (rc);
1155 }
1156 
1157 /*
1158  * FUNCTION:	parse_ldap_config_dn_attrs
1159  *
1160  *	Parses the information for LDAP from the LDAP profile
1161  *	- the profile object name, the LDAP server, and the
1162  *	authentication method must be specified.
1163  *
1164  * RETURN VALUE:	0 on success, -1 on failure
1165  *
1166  * INPUT:		__nis_ldap_proxy_info
1167  */
1168 
1169 static int
1170 parse_ldap_config_dn_attrs(
1171 	__nis_ldap_proxy_info	*proxy_info,
1172 	__nis_config_t		*nis_config,
1173 	__nis_table_mapping_t	**table_mapping,
1174 	__nis_config_info_t	*config_info,
1175 	__nisdb_table_mapping_t	*table_info)
1176 {
1177 	int		rc		= 0;
1178 	LDAP		*ld		= NULL;
1179 	int		errnum;
1180 	char		*ldap_config_attributes[n_config_keys];
1181 	LDAPMessage	*resultMsg	= NULL;
1182 
1183 	/* Determine if properly configured for LDAP lookup */
1184 	if (config_info->auth_method == simple &&
1185 	    config_info->proxy_dn == NULL)
1186 		p_error = parse_no_proxy_dn_error;
1187 	else if (config_info->auth_method ==
1188 	    (auth_method_t)NO_VALUE_SET)
1189 		p_error = parse_no_config_auth_error;
1190 	else if ((config_info->default_servers == NULL) ||
1191 	    (config_info->default_servers[0] == '\0'))
1192 		p_error = parse_no_config_server_addr;
1193 	if (p_error != no_parse_error) {
1194 		report_error(NULL, NULL);
1195 		return (-1);
1196 	}
1197 
1198 	if (config_info->tls_method == (tls_method_t)NO_VALUE_SET)
1199 		config_info->tls_method = no_tls;
1200 	else if (config_info->tls_method == ssl_tls &&
1201 	    (config_info->tls_cert_db == NULL ||
1202 	    *config_info->tls_cert_db == '\0')) {
1203 		p_error = parse_no_config_cert_db;
1204 		report_error(NULL, NULL);
1205 		return (-1);
1206 	}
1207 
1208 	if (verbose)
1209 		report_info(
1210 		    "Getting configuration from LDAP server(s): ",
1211 		    config_info->default_servers);
1212 
1213 	/* Determine which attributes should be retrieved */
1214 	get_attribute_list(proxy_info, nis_config, NULL, table_info,
1215 	    ldap_config_attributes);
1216 
1217 	if ((ld = connect_to_ldap_config_server(config_info->default_servers, 0,
1218 	    config_info)) == NULL)
1219 		return (-1);
1220 
1221 	/* Get the attribute values */
1222 	errnum = ldap_search_s(ld, config_info->config_dn, LDAP_SCOPE_BASE,
1223 	    "objectclass=nisplusLDAPconfig",
1224 	    ldap_config_attributes, 0, &resultMsg);
1225 	ldap_source = config_info->config_dn;
1226 
1227 	if (errnum == LDAP_REFERRAL) {
1228 		rc = process_ldap_referral_msg(ld, resultMsg,
1229 		    ldap_config_attributes, proxy_info, nis_config,
1230 		    table_mapping, config_info, table_info);
1231 	} else if (errnum != LDAP_SUCCESS) {
1232 		p_error = parse_ldap_search_error;
1233 		report_error(ldap_err2string(errnum), 0);
1234 		rc = -1;
1235 	} else {
1236 		rc = process_ldap_config_result(ld, resultMsg, proxy_info,
1237 		    nis_config, table_mapping, table_info);
1238 	}
1239 
1240 	ldap_source = NULL;
1241 	(void) ldap_unbind(ld);
1242 	if (resultMsg != NULL)
1243 		(void) ldap_msgfree(resultMsg);
1244 
1245 	return (rc);
1246 }
1247 
1248 bool_t
1249 is_cmd_line_option(config_key a_num)
1250 {
1251 	const char *const	*cmdline_options = cmdline_config;
1252 	config_key		attrib_num;
1253 	const char		*begin_s;
1254 	const char		*end_s;
1255 
1256 	if (cmdline_options == NULL)
1257 		return (FALSE);
1258 
1259 	while (*cmdline_options != NULL) {
1260 		attrib_num = get_attrib_num_cmdline(
1261 		    *cmdline_options, &begin_s, &end_s);
1262 		if (attrib_num == a_num)
1263 			break;
1264 		cmdline_options++;
1265 	}
1266 	return (*cmdline_options != NULL);
1267 }
1268 
1269 /*
1270  * FUNCTION:	get_attribute_list
1271  *
1272  *	Get a list of attributes from the LDAP server that have not yet
1273  *	been gotten. If config_info is NULL, the associated parameters
1274  *	are not needed.
1275  *
1276  * RETURN VALUE:	none
1277  *
1278  * INPUT:		Returns a list of parameters in attributes
1279  *			which is assumed to be of sufficient size.
1280  */
1281 
1282 static void
1283 get_attribute_list(
1284 	const __nis_ldap_proxy_info	*proxy_info,
1285 	const __nis_config_t		*nis_config,
1286 	const __nis_config_info_t	*config_info,
1287 	const __nisdb_table_mapping_t	*table_info,
1288 	char				**attributes)
1289 {
1290 	int		n_attrs;
1291 
1292 	/* Determine which attributes should be retrieved */
1293 	n_attrs = 0;
1294 
1295 	if (config_info != NULL) {
1296 		if (yp2ldap) {
1297 			if (config_info->config_dn == NULL)
1298 				attributes[n_attrs++] = YP_CONFIG_DN;
1299 			if (config_info->default_servers == NULL)
1300 				attributes[n_attrs++] = YP_CONFIG_SERVER_LIST;
1301 			if (config_info->auth_method ==
1302 			    (auth_method_t)NO_VALUE_SET)
1303 				attributes[n_attrs++] = YP_CONFIG_AUTH_METHOD;
1304 			if (config_info->tls_method ==
1305 			    (tls_method_t)NO_VALUE_SET)
1306 				attributes[n_attrs++] = YP_CONFIG_TLS_OPTION;
1307 			if (config_info->proxy_dn == NULL)
1308 				attributes[n_attrs++] = YP_CONFIG_PROXY_USER;
1309 			if (config_info->proxy_passwd == NULL)
1310 				attributes[n_attrs++] = YP_CONFIG_PROXY_PASSWD;
1311 			if (config_info->tls_cert_db == NULL)
1312 				attributes[n_attrs++] = YP_CONFIG_TLS_CERT_DB;
1313 		} else {
1314 			if (config_info->config_dn == NULL)
1315 				attributes[n_attrs++] = CONFIG_DN;
1316 			if (config_info->default_servers == NULL)
1317 				attributes[n_attrs++] = CONFIG_SERVER_LIST;
1318 			if (config_info->auth_method ==
1319 			    (auth_method_t)NO_VALUE_SET)
1320 				attributes[n_attrs++] = CONFIG_AUTH_METHOD;
1321 			if (config_info->tls_method ==
1322 			    (tls_method_t)NO_VALUE_SET)
1323 				attributes[n_attrs++] = CONFIG_TLS_OPTION;
1324 			if (config_info->proxy_dn == NULL)
1325 				attributes[n_attrs++] = CONFIG_PROXY_USER;
1326 			if (config_info->proxy_passwd == NULL)
1327 				attributes[n_attrs++] = CONFIG_PROXY_PASSWD;
1328 			if (config_info->tls_cert_db == NULL)
1329 				attributes[n_attrs++] = CONFIG_TLS_CERT_DB;
1330 		}
1331 	} else {
1332 		if (yp2ldap) {
1333 			attributes[n_attrs++] = YP_DOMAIN_CONTEXT;
1334 			attributes[n_attrs++] = YPPASSWDD_DOMAINS;
1335 			attributes[n_attrs++] = YP_DB_ID_MAP;
1336 			attributes[n_attrs++] = YP_COMMENT_CHAR;
1337 			attributes[n_attrs++] = YP_MAP_FLAGS;
1338 			attributes[n_attrs++] = YP_ENTRY_TTL;
1339 			attributes[n_attrs++] = YP_NAME_FIELDS;
1340 			attributes[n_attrs++] = YP_SPLIT_FIELD;
1341 			attributes[n_attrs++] = YP_REPEATED_FIELD_SEPARATORS;
1342 			attributes[n_attrs++] = YP_LDAP_OBJECT_DN;
1343 			attributes[n_attrs++] = NIS_TO_LDAP_MAP;
1344 			attributes[n_attrs++] = LDAP_TO_NIS_MAP;
1345 		} else {
1346 			attributes[n_attrs++] = DB_ID_MAP;
1347 			attributes[n_attrs++] = ENTRY_TTL;
1348 			attributes[n_attrs++] = LDAP_OBJECT_DN;
1349 			attributes[n_attrs++] = NISPLUS_TO_LDAP_MAP;
1350 			attributes[n_attrs++] = LDAP_TO_NISPLUS_MAP;
1351 		}
1352 	}
1353 
1354 	if (yp2ldap) {
1355 		if (proxy_info->default_servers == NULL)
1356 			attributes[n_attrs++] = PREFERRED_SERVERS;
1357 		if (proxy_info->auth_method == (auth_method_t)NO_VALUE_SET)
1358 			attributes[n_attrs++] = AUTH_METHOD;
1359 		if (proxy_info->tls_method == (tls_method_t)NO_VALUE_SET)
1360 			attributes[n_attrs++] = YP_TLS_OPTION;
1361 		if (proxy_info->tls_cert_db == NULL)
1362 			attributes[n_attrs++] = YP_TLS_CERT_DB;
1363 		if (proxy_info->default_search_base == NULL)
1364 			attributes[n_attrs++] = SEARCH_BASE;
1365 		if (proxy_info->proxy_dn == NULL)
1366 			attributes[n_attrs++] = YP_PROXY_USER;
1367 		if (proxy_info->proxy_passwd == NULL)
1368 			attributes[n_attrs++] = YP_PROXY_PASSWD;
1369 		if (proxy_info->default_nis_domain == NULL)
1370 			attributes[n_attrs++] = YP_LDAP_BASE_DOMAIN;
1371 		if (proxy_info->bind_timeout.tv_sec ==
1372 		    (time_t)NO_VALUE_SET)
1373 			attributes[n_attrs++] = YP_BIND_TIMEOUT;
1374 		if (proxy_info->search_timeout.tv_sec ==
1375 		    (time_t)NO_VALUE_SET)
1376 			attributes[n_attrs++] = YP_SEARCH_TIMEOUT;
1377 		if (proxy_info->modify_timeout.tv_sec ==
1378 		    (time_t)NO_VALUE_SET)
1379 			attributes[n_attrs++] = YP_MODIFY_TIMEOUT;
1380 		if (proxy_info->add_timeout.tv_sec == (time_t)NO_VALUE_SET)
1381 			attributes[n_attrs++] = YP_ADD_TIMEOUT;
1382 		if (proxy_info->delete_timeout.tv_sec ==
1383 		    (time_t)NO_VALUE_SET)
1384 			attributes[n_attrs++] = YP_DELETE_TIMEOUT;
1385 		if (proxy_info->search_time_limit == (int)NO_VALUE_SET)
1386 			attributes[n_attrs++] = YP_SEARCH_TIME_LIMIT;
1387 		if (proxy_info->search_size_limit == (int)NO_VALUE_SET)
1388 			attributes[n_attrs++] = YP_SEARCH_SIZE_LIMIT;
1389 		if (proxy_info->follow_referral ==
1390 		    (follow_referral_t)NO_VALUE_SET)
1391 			attributes[n_attrs++] = YP_FOLLOW_REFERRAL;
1392 
1393 		if (table_info->retrieveError ==
1394 		    (__nis_retrieve_error_t)NO_VALUE_SET)
1395 			attributes[n_attrs++] = YP_RETRIEVE_ERROR_ACTION;
1396 		if (table_info->retrieveErrorRetry.attempts == NO_VALUE_SET)
1397 			attributes[n_attrs++] = YP_RETREIVE_ERROR_ATTEMPTS;
1398 		if (table_info->retrieveErrorRetry.timeout ==
1399 		    (time_t)NO_VALUE_SET)
1400 			attributes[n_attrs++] = YP_RETREIVE_ERROR_TIMEOUT;
1401 		if (table_info->storeError ==
1402 		    (__nis_store_error_t)NO_VALUE_SET)
1403 			attributes[n_attrs++] = YP_STORE_ERROR_ACTION;
1404 		if (table_info->storeErrorRetry.attempts == NO_VALUE_SET)
1405 			attributes[n_attrs++] = YP_STORE_ERROR_ATTEMPTS;
1406 		if (table_info->storeErrorRetry.timeout ==
1407 		    (time_t)NO_VALUE_SET)
1408 			attributes[n_attrs++] = YP_STORE_ERROR_TIMEOUT;
1409 		if (table_info->refreshError ==
1410 		    (__nis_refresh_error_t)NO_VALUE_SET)
1411 			attributes[n_attrs++] = REFRESH_ERROR_ACTION;
1412 		if (table_info->refreshErrorRetry.attempts == NO_VALUE_SET)
1413 			attributes[n_attrs++] = REFRESH_ERROR_ATTEMPTS;
1414 		if (table_info->refreshErrorRetry.timeout ==
1415 		    (time_t)NO_VALUE_SET)
1416 			attributes[n_attrs++] = REFRESH_ERROR_TIMEOUT;
1417 		if (table_info->matchFetch ==
1418 		    (__nis_match_fetch_t)NO_VALUE_SET)
1419 			attributes[n_attrs++] = YP_MATCH_FETCH;
1420 	} else {
1421 		if (proxy_info->default_servers == NULL)
1422 			attributes[n_attrs++] = PREFERRED_SERVERS;
1423 		if (proxy_info->auth_method == (auth_method_t)NO_VALUE_SET)
1424 			attributes[n_attrs++] = AUTH_METHOD;
1425 		if (proxy_info->tls_method == (tls_method_t)NO_VALUE_SET)
1426 			attributes[n_attrs++] = TLS_OPTION;
1427 		if (proxy_info->tls_cert_db == NULL)
1428 			attributes[n_attrs++] = TLS_CERT_DB;
1429 		if (proxy_info->default_search_base == NULL)
1430 			attributes[n_attrs++] = SEARCH_BASE;
1431 		if (proxy_info->proxy_dn == NULL)
1432 			attributes[n_attrs++] = PROXY_USER;
1433 		if (proxy_info->proxy_passwd == NULL)
1434 			attributes[n_attrs++] = PROXY_PASSWD;
1435 		if (proxy_info->default_nis_domain == NULL)
1436 			attributes[n_attrs++] = LDAP_BASE_DOMAIN;
1437 		if (proxy_info->bind_timeout.tv_sec ==
1438 		    (time_t)NO_VALUE_SET)
1439 			attributes[n_attrs++] = BIND_TIMEOUT;
1440 		if (proxy_info->search_timeout.tv_sec ==
1441 		    (time_t)NO_VALUE_SET)
1442 			attributes[n_attrs++] = SEARCH_TIMEOUT;
1443 		if (proxy_info->modify_timeout.tv_sec ==
1444 		    (time_t)NO_VALUE_SET)
1445 			attributes[n_attrs++] = MODIFY_TIMEOUT;
1446 		if (proxy_info->add_timeout.tv_sec == (time_t)NO_VALUE_SET)
1447 			attributes[n_attrs++] = ADD_TIMEOUT;
1448 		if (proxy_info->delete_timeout.tv_sec ==
1449 		    (time_t)NO_VALUE_SET)
1450 			attributes[n_attrs++] = DELETE_TIMEOUT;
1451 		if (proxy_info->search_time_limit == (int)NO_VALUE_SET)
1452 			attributes[n_attrs++] = SEARCH_TIME_LIMIT;
1453 		if (proxy_info->search_size_limit == (int)NO_VALUE_SET)
1454 			attributes[n_attrs++] = SEARCH_SIZE_LIMIT;
1455 		if (proxy_info->follow_referral ==
1456 		    (follow_referral_t)NO_VALUE_SET)
1457 			attributes[n_attrs++] = FOLLOW_REFERRAL;
1458 
1459 		if (table_info->retrieveError ==
1460 		    (__nis_retrieve_error_t)NO_VALUE_SET)
1461 			attributes[n_attrs++] = RETRIEVE_ERROR_ACTION;
1462 		if (table_info->retrieveErrorRetry.attempts == NO_VALUE_SET)
1463 			attributes[n_attrs++] = RETREIVE_ERROR_ATTEMPTS;
1464 		if (table_info->retrieveErrorRetry.timeout ==
1465 		    (time_t)NO_VALUE_SET)
1466 			attributes[n_attrs++] = RETREIVE_ERROR_TIMEOUT;
1467 		if (table_info->storeError ==
1468 		    (__nis_store_error_t)NO_VALUE_SET)
1469 			attributes[n_attrs++] = STORE_ERROR_ACTION;
1470 		if (table_info->storeErrorRetry.attempts == NO_VALUE_SET)
1471 			attributes[n_attrs++] = STORE_ERROR_ATTEMPTS;
1472 		if (table_info->storeErrorRetry.timeout ==
1473 		    (time_t)NO_VALUE_SET)
1474 			attributes[n_attrs++] = STORE_ERROR_TIMEOUT;
1475 		if (table_info->refreshError ==
1476 		    (__nis_refresh_error_t)NO_VALUE_SET)
1477 			attributes[n_attrs++] = REFRESH_ERROR_ACTION;
1478 		if (table_info->refreshErrorRetry.attempts == NO_VALUE_SET)
1479 			attributes[n_attrs++] = REFRESH_ERROR_ATTEMPTS;
1480 		if (table_info->refreshErrorRetry.timeout ==
1481 		    (time_t)NO_VALUE_SET)
1482 			attributes[n_attrs++] = REFRESH_ERROR_TIMEOUT;
1483 		if (table_info->matchFetch ==
1484 		    (__nis_match_fetch_t)NO_VALUE_SET)
1485 			attributes[n_attrs++] = MATCH_FETCH;
1486 	}
1487 
1488 	switch (nis_config->initialUpdate) {
1489 	case (__nis_initial_update_t)NO_VALUE_SET:
1490 		attributes[n_attrs++] = INITIAL_UPDATE_ACTION;
1491 		attributes[n_attrs++] = INITIAL_UPDATE_ONLY;
1492 		break;
1493 	case (__nis_initial_update_t)INITIAL_UPDATE_NO_ACTION:
1494 	case (__nis_initial_update_t)NO_INITIAL_UPDATE_NO_ACTION:
1495 		attributes[n_attrs++] = INITIAL_UPDATE_ACTION;
1496 		break;
1497 	case (__nis_initial_update_t)FROM_NO_INITIAL_UPDATE:
1498 	case (__nis_initial_update_t)TO_NO_INITIAL_UPDATE:
1499 		attributes[n_attrs++] = INITIAL_UPDATE_ONLY;
1500 		break;
1501 	}
1502 
1503 	if (nis_config->threadCreationError ==
1504 	    (__nis_thread_creation_error_t)NO_VALUE_SET)
1505 		attributes[n_attrs++] = THREAD_CREATE_ERROR_ACTION;
1506 	if (nis_config->threadCreationErrorTimeout.attempts == NO_VALUE_SET)
1507 		attributes[n_attrs++] = THREAD_CREATE_ERROR_ATTEMPTS;
1508 	if (nis_config->threadCreationErrorTimeout.timeout ==
1509 	    (time_t)NO_VALUE_SET)
1510 		attributes[n_attrs++] = THREAD_CREATE_ERROR_TIMEOUT;
1511 	if (nis_config->dumpError == (__nis_dump_error_t)NO_VALUE_SET)
1512 		attributes[n_attrs++] = DUMP_ERROR_ACTION;
1513 	if (nis_config->dumpErrorTimeout.attempts == NO_VALUE_SET)
1514 		attributes[n_attrs++] = DUMP_ERROR_ATTEMPTS;
1515 	if (nis_config->dumpErrorTimeout.timeout == (time_t)NO_VALUE_SET)
1516 		attributes[n_attrs++] = DUMP_ERROR_TIMEOUT;
1517 	if (nis_config->resyncService == (__nis_resync_service_t)NO_VALUE_SET)
1518 		attributes[n_attrs++] = RESYNC;
1519 	if (nis_config->updateBatching ==
1520 	    (__nis_update_batching_t)NO_VALUE_SET)
1521 		attributes[n_attrs++] = UPDATE_BATCHING;
1522 	if (nis_config->updateBatchingTimeout.timeout == (time_t)NO_VALUE_SET)
1523 		attributes[n_attrs++] = UPDATE_BATCHING_TIMEOUT;
1524 	if (nis_config->numberOfServiceThreads == (int)NO_VALUE_SET)
1525 		attributes[n_attrs++] = NUMBER_THEADS;
1526 	if (nis_config->emulate_yp == (int)NO_VALUE_SET)
1527 		attributes[n_attrs++] = YP_EMULATION;
1528 
1529 	/* maxRPCRecordSize is not configurable through LDAP profiles */
1530 	if (nis_config->maxRPCRecordSize == (int)NO_VALUE_SET)
1531 		attributes[n_attrs++] = MAX_RPC_RECSIZE;
1532 
1533 	attributes[n_attrs++] = NULL;
1534 }
1535 
1536 /*
1537  *	Notes on adding new attributes
1538  *	1. Determine where the attribute value will be saved
1539  *	    Currently, the following structures are defined:
1540  *		__nis_config_info_t	config_info
1541  *		__nis_ldap_proxy_info	proxyInfo
1542  *		__nis_config_t		ldapConfig
1543  *		__nisdb_table_mapping_t	ldapDBTableMapping
1544  *		__nis_table_mapping_t	ldapTableMapping
1545  *	    or add a new structure or variable - this will require
1546  *	    more code.
1547  *	2. Initialize the value to a known unconfigured value.
1548  *	    This can be done in initialize_parse_structs or
1549  *	    parse_ldap_migration.
1550  *	3. In the header file nis_parse_ldap_conf.h, add the name
1551  *	    of the attribute. (Currently, the attribute name is assumed
1552  *	    to be the same for the command line, the preference file,
1553  *	    and LDAP.) The names are grouped logically. Add a corresponding
1554  *	    config_key to the enum. Note that position in this file is
1555  *	    essential because the macros such as IS_BIND_INFO depend on
1556  *	    the sequence. The corresponding macro (IS_CONFIG_KEYWORD,
1557  *	    IS_BIND_INFO, or IS_OPER_INFO) may need to be adjusted. These
1558  *	    are used to partition the attributes into smaller chunks.
1559  *	4. Add the correspond entry to the keyword_lookup array in
1560  *	    nis_parse_ldap_attr.c, which is used to determine the config_key
1561  *	    from the corresponding key word.
1562  *	5. Add the attribute to the list of attributes to retrieve from
1563  *	    the LDAP server if no value has been set in the function
1564  *	    parse_ldap_config_dn_attrs. (This assumes that the attribute
1565  *	    is not used to get the configuration from the LDAP server.)
1566  *	6. Add logic to parse the individual attribute in
1567  *	    add_config_attribute, add_bind_attribute,
1568  *	    add_operation_attribute, or add_mapping_attribute depending
1569  *	    which group of attributes the added attribute belongs to.
1570  *	7. In set_default_values, if the attribute value has not been set, set
1571  *	    the default value. If any additional fixup is needed depending
1572  *	    on other configuration values, it should be done here.
1573  *	8. If an attribute name is a subset of another, parse_ldap_default_conf
1574  *          should be modified.
1575  *	9. Add the new attribute to the class action script
1576  *	   usr/src/pkgdefs/common_files/i.defrpc.nisd, if the user
1577  *	   configured value has to be preserved across upgrades
1578  */
1579