xref: /titanic_52/usr/src/lib/libsldap/common/ns_confmgr.c (revision fd9cb95cbb2f626355a60efb9d02c5f0a33c10e6)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 1999-2003 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 #pragma ident	"%Z%%M%	%I%	%E% SMI"
28 
29 /* libsldap - cachemgr side configuration components */
30 
31 #include <stdio.h>
32 #include <sys/types.h>
33 #include <stdlib.h>
34 #include <libintl.h>
35 #include <string.h>
36 #include <ctype.h>
37 
38 #include <sys/stat.h>
39 #include <fcntl.h>
40 #include <unistd.h>
41 #include <syslog.h>
42 #include <locale.h>
43 #include <errno.h>
44 #include <sys/time.h>
45 
46 #include "ns_sldap.h"
47 #include "ns_internal.h"
48 #include "ns_cache_door.h"
49 
50 #define	ALWAYS		1
51 
52 
53 /*
54  * **************************************************************
55  * Configuration File Routines
56  * **************************************************************
57  */
58 
59 
60 /* Size of the errstr buffer needs to be MAXERROR */
61 static int
62 read_line(FILE *fp, char *buffer, int buflen, char *errstr)
63 {
64 	int	linelen;
65 	char	c;
66 
67 	*errstr = '\0';
68 
69 	for (linelen = 0; linelen < buflen; ) {
70 		c = getc(fp);
71 		if (c == EOF)
72 			break;
73 		switch (c) {
74 		case '\n':
75 		    if (linelen > 0 && buffer[linelen - 1] == '\\') {
76 			/* Continuation line found */
77 			--linelen;
78 		    } else {
79 			/* end of line found */
80 			buffer[linelen] = '\0';
81 			return (linelen);
82 		    }
83 		    break;
84 		default:
85 		    buffer[linelen++] = c;
86 		}
87 	}
88 
89 	if (linelen >= buflen) {
90 		(void) snprintf(errstr, MAXERROR,
91 			gettext("Buffer overflow, line too long."));
92 		return (-2);
93 	} else if (linelen > 0 && buffer[linelen - 1] == '\\') {
94 		(void) snprintf(errstr, MAXERROR,
95 			gettext("Unterminated continuation line."));
96 		return (-2);
97 	} else {
98 		/* end of file */
99 		buffer[linelen] = '\0';
100 	}
101 	return (linelen > 0 ? linelen : -1);
102 }
103 
104 
105 static ns_parse_status
106 read_file(ns_config_t *ptr, int cred_file, ns_ldap_error_t **error)
107 {
108 	ParamIndexType	i = 0;
109 	char		errstr[MAXERROR];
110 	char		buffer[BUFSIZE], *name, *value;
111 	int		emptyfile, lineno;
112 	FILE		*fp;
113 	int		ret;
114 	int		linelen;
115 	char		*file;
116 	int		first = 1;
117 
118 
119 	if (cred_file) {
120 		file = NSCREDFILE;
121 	} else {
122 		file = NSCONFIGFILE;
123 	}
124 	fp = fopen(file, "r");
125 	if (fp == NULL) {
126 		(void) snprintf(errstr, sizeof (errstr),
127 			gettext("Unable to open filename '%s' "
128 			"for reading (errno=%d)."), file, errno);
129 		MKERROR(LOG_ERR, *error, NS_CONFIG_FILE, strdup(errstr), NULL);
130 		return (NS_NOTFOUND);
131 	}
132 
133 	emptyfile = 1;
134 	lineno = 0;
135 	for (; ; ) {
136 		if ((linelen = read_line(fp, buffer, sizeof (buffer),
137 			errstr)) < 0)
138 			/* End of file */
139 			break;
140 		lineno++;
141 		if (linelen == 0)
142 			continue;
143 		/* get rid of comment lines */
144 		if (buffer[0] == '#')
145 			continue;
146 		emptyfile = 0;
147 		name = NULL;
148 		value = NULL;
149 		__s_api_split_key_value(buffer, &name, &value);
150 		if (name == NULL || value == NULL) {
151 			(void) snprintf(errstr, sizeof (errstr),
152 			    gettext("Missing Name or Value on line %d."),
153 				    lineno);
154 			MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX,
155 				strdup(errstr), NULL);
156 			(void) fclose(fp);
157 			return (NS_PARSE_ERR);
158 		}
159 		if (__s_api_get_versiontype(ptr, name, &i) != 0) {
160 			(void) snprintf(errstr, sizeof (errstr),
161 			    gettext("Illegal profile type on line %d."),
162 				    lineno);
163 			MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX,
164 				strdup(errstr), NULL);
165 			(void) fclose(fp);
166 			return (NS_PARSE_ERR);
167 		}
168 		if (!first && i == NS_LDAP_FILE_VERSION_P) {
169 			(void) snprintf(errstr, sizeof (errstr),
170 				gettext("Illegal NS_LDAP_FILE_VERSION "
171 				"on line %d."), lineno);
172 			MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX,
173 				strdup(errstr), NULL);
174 			(void) fclose(fp);
175 			return (NS_PARSE_ERR);
176 		}
177 		first = 0;
178 		switch (__s_api_get_configtype(i)) {
179 		case SERVERCONFIG:
180 		case CLIENTCONFIG:
181 			if (cred_file == 0) {
182 				ret = __ns_ldap_setParamValue(ptr, i, value,
183 					error);
184 				if (ret != NS_SUCCESS) {
185 					(void) fclose(fp);
186 					return (ret);
187 				}
188 			} else if (i != NS_LDAP_FILE_VERSION_P) {
189 				(void) snprintf(errstr, sizeof (errstr),
190 					gettext("Illegal entry in '%s' on "
191 					"line %d"), file, lineno);
192 				MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX,
193 					strdup(errstr), NULL);
194 				(void) fclose(fp);
195 				return (NS_PARSE_ERR);
196 			}
197 			break;
198 		case CREDCONFIG:
199 			if (i == NS_LDAP_FILE_VERSION_P)
200 				break;
201 			if (cred_file) {
202 				ret = __ns_ldap_setParamValue(ptr, i, value,
203 					error);
204 				if (ret != NS_SUCCESS) {
205 					(void) fclose(fp);
206 					return (ret);
207 				}
208 			} else {
209 				(void) snprintf(errstr, sizeof (errstr),
210 					gettext("Illegal entry in '%s' on "
211 					"line %d"), file, lineno);
212 				MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX,
213 					strdup(errstr), NULL);
214 				(void) fclose(fp);
215 				return (NS_PARSE_ERR);
216 			}
217 		}
218 	}
219 	(void) fclose(fp);
220 	if (!cred_file && emptyfile) {
221 		/* Error in read_line */
222 		(void) snprintf(errstr, sizeof (errstr),
223 			gettext("Empty config file: '%s'"), file);
224 		MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX, strdup(errstr),
225 			NULL);
226 		return (NS_PARSE_ERR);
227 	}
228 	if (linelen == -2) {
229 		/* Error in read_line */
230 		(void) snprintf(errstr, sizeof (errstr),
231 			gettext("Line too long in '%s'"), file);
232 		MKERROR(LOG_ERR, *error, NS_CONFIG_SYNTAX, strdup(errstr),
233 			NULL);
234 		return (NS_PARSE_ERR);
235 	}
236 	return (NS_SUCCESS);
237 }
238 
239 
240 /*
241  * Cache Manager side of configuration file loading
242  */
243 
244 ns_ldap_error_t *
245 __ns_ldap_LoadConfiguration()
246 {
247 	ns_ldap_error_t	*error = NULL;
248 	ns_config_t	*ptr = NULL;
249 	char		errstr[MAXERROR];
250 	ns_parse_status	ret;
251 
252 
253 	ptr = __s_api_create_config();
254 	if (ptr == NULL) {
255 		(void) snprintf(errstr, sizeof (errstr),
256 			gettext("__ns_ldap_LoadConfiguration: "
257 				"Out of memory."));
258 		MKERROR(LOG_ERR, error, NS_CONFIG_NOTLOADED,
259 			strdup(errstr), NULL);
260 		return (error);
261 	}
262 
263 	/* Load in Configuration file */
264 	ret = read_file(ptr, 0, &error);
265 	if (ret != NS_SUCCESS) {
266 		__s_api_destroy_config(ptr);
267 		return (error);
268 	}
269 
270 	/* Load in Credential file */
271 	ret = read_file(ptr, 1, &error);
272 	if (ret != NS_SUCCESS) {
273 		__s_api_destroy_config(ptr);
274 		return (error);
275 	}
276 
277 	if (__s_api_crosscheck(ptr, errstr, B_TRUE) != NS_SUCCESS) {
278 		__s_api_destroy_config(ptr);
279 		MKERROR(LOG_ERR, error, NS_CONFIG_SYNTAX, strdup(errstr), NULL);
280 		return (error);
281 	}
282 
283 	__s_api_init_config(ptr);
284 	return (NULL);
285 }
286 
287 
288 static int
289 _print2buf(LineBuf *line, char *toprint, int addsep)
290 {
291 	int	newsz = 0;
292 	int	newmax = 0;
293 	char	*str;
294 
295 	if (line == NULL)
296 		return (-1);
297 
298 	newsz = strlen(toprint) + line->len + 1;
299 	if (addsep) {
300 		newsz += strlen(DOORLINESEP);
301 	}
302 	if (line->alloc == 0 || newsz > line->alloc) {
303 		/* Round up to next buffer and add 1 */
304 		newmax = (((newsz+(BUFSIZ-1))/BUFSIZ)+1) * BUFSIZ;
305 		if (line->alloc == 0)
306 			line->str = (char *)calloc(newmax, 1);
307 		else {
308 			/*
309 			 * if realloc() returns NULL,
310 			 * the original buffer is untouched.
311 			 * It needs to be freed.
312 			 */
313 			str = (char *)realloc(line->str, newmax);
314 			if (str == NULL) {
315 				free(line->str);
316 				line->str = NULL;
317 			}
318 			else
319 				line->str = str;
320 		}
321 		line->alloc = newmax;
322 		if (line->str == NULL) {
323 			line->alloc = 0;
324 			line->len = 0;
325 			return (-1);
326 		}
327 	}
328 	/* now add new 'toprint' data to buffer */
329 	(void) strlcat(line->str, toprint, line->alloc);
330 	if (addsep) {
331 		(void) strlcat(line->str, DOORLINESEP, line->alloc);
332 	}
333 	line->len = newsz;
334 	return (0);
335 }
336 
337 
338 /*
339  * __ns_ldap_LoadDoorInfo is a routine used by the ldapcachemgr
340  * to create a configuration buffer to transmit back to a client
341  * domainname is transmitted to ldapcachemgr and ldapcachemgr uses
342  * it to select a configuration to transmit back.  Otherwise it
343  * is essentially unused in sldap.
344  */
345 
346 ns_ldap_error_t *
347 __ns_ldap_LoadDoorInfo(LineBuf *configinfo, char *domainname)
348 {
349 	ns_config_t	*ptr;
350 	char		errstr[MAXERROR];
351 	ns_ldap_error_t	*errorp;
352 	char		string[BUFSIZE];
353 	char		*str;
354 	ParamIndexType	i = 0;
355 
356 	ptr = __s_api_get_default_config();
357 	if (ptr == NULL) {
358 		(void) snprintf(errstr, sizeof (errstr),
359 		    gettext("No configuration information available for %s."),
360 		    domainname == NULL ? "<no domain specified>" : domainname);
361 		MKERROR(LOG_WARNING, errorp, NS_CONFIG_NOTLOADED,
362 			strdup(errstr), NULL);
363 		return (errorp);
364 	}
365 	(void) memset((char *)configinfo, 0, sizeof (LineBuf));
366 	for (i = 0; i <= NS_LDAP_MAX_PIT_P; i++) {
367 		str = __s_api_strValue(ptr, string, sizeof (string),
368 			i, NS_DOOR_FMT);
369 		if (str == NULL)
370 			continue;
371 		if (_print2buf(configinfo, str, 1) != 0) {
372 			(void) snprintf(errstr, sizeof (errstr),
373 				gettext("_print2buf: Out of memory."));
374 			MKERROR(LOG_WARNING, errorp, NS_CONFIG_NOTLOADED,
375 				strdup(errstr), NULL);
376 			__s_api_release_config(ptr);
377 			if (str != (char *)&string[0]) {
378 				free(str);
379 				str = NULL;
380 			}
381 			return (errorp);
382 		}
383 		if (str != (char *)&string[0]) {
384 			free(str);
385 			str = NULL;
386 		}
387 	}
388 	__s_api_release_config(ptr);
389 	return (NULL);
390 }
391 
392 
393 ns_ldap_error_t *
394 __ns_ldap_DumpLdif(char *filename)
395 {
396 	ns_config_t	*ptr;
397 	char		errstr[MAXERROR];
398 	ns_ldap_error_t	*errorp;
399 	char		string[BUFSIZE];
400 	char		*str;
401 	FILE		*fp;
402 	ParamIndexType	i = 0;
403 	char		*profile, *container, *base;
404 
405 	ptr = __s_api_get_default_config();
406 	if (ptr == NULL) {
407 		(void) snprintf(errstr, sizeof (errstr),
408 		    gettext("No configuration information available."));
409 		MKERROR(LOG_ERR, errorp, NS_CONFIG_NOTLOADED, strdup(errstr),
410 			NULL);
411 		return (errorp);
412 	}
413 
414 	if (filename == NULL) {
415 		fp = stdout;
416 	} else {
417 		fp = fopen(filename, "w");
418 		if (fp == NULL) {
419 			(void) snprintf(errstr, sizeof (errstr),
420 				gettext("Unable to open filename %s for ldif "
421 				"dump (errno=%d)."), filename, errno);
422 			MKERROR(LOG_WARNING, errorp, NS_CONFIG_FILE,
423 				strdup(errstr), NULL);
424 			__s_api_release_config(ptr);
425 			return (errorp);
426 		}
427 		(void) fchmod(fileno(fp), 0444);
428 	}
429 
430 	if (ptr->paramList[NS_LDAP_SEARCH_BASEDN_P].ns_ptype != CHARPTR ||
431 	    ptr->paramList[NS_LDAP_PROFILE_P].ns_ptype != CHARPTR) {
432 		(void) snprintf(errstr, sizeof (errstr),
433 			gettext("Required BaseDN and/or Profile name "
434 				"ldif fields not present"));
435 		MKERROR(LOG_WARNING, errorp, NS_CONFIG_FILE, strdup(errstr),
436 			NULL);
437 		__s_api_release_config(ptr);
438 		return (errorp);
439 	}
440 
441 	profile = ptr->paramList[NS_LDAP_PROFILE_P].ns_pc;
442 	base = ptr->paramList[NS_LDAP_SEARCH_BASEDN_P].ns_pc;
443 	container = _PROFILE_CONTAINER;
444 
445 	/*
446 	 * Construct DN, but since this is the profile, there is no need
447 	 * to worry about mapping.  The profile itself can not be mapped
448 	 */
449 	(void) fprintf(fp, "dn: cn=%s,ou=%s,%s\n", profile, container, base);
450 
451 	/* dump objectclass names */
452 	if (ptr->version == NS_LDAP_V1) {
453 		(void) fprintf(fp,
454 			"ObjectClass: top\nObjectClass: %s\n",
455 			_PROFILE1_OBJECTCLASS);
456 	} else {
457 		(void) fprintf(fp,
458 			"ObjectClass: top\n"
459 			"ObjectClass: %s\n",
460 			_PROFILE2_OBJECTCLASS);
461 	}
462 
463 	/* For each parameter - construct value */
464 	for (i = 0; i <= NS_LDAP_MAX_PIT_P; i++) {
465 		str = __s_api_strValue(ptr, string, BUFSIZ, i, NS_LDIF_FMT);
466 		if (str == NULL)
467 			continue;
468 		/*
469 		 * don't dump binddn, bind password, or cert path as they
470 		 * are not part of version 2 profiles
471 		 */
472 		if ((i != NS_LDAP_BINDDN_P) && (i != NS_LDAP_BINDPASSWD_P) &&
473 				(i != NS_LDAP_HOST_CERTPATH_P))
474 			(void) fprintf(fp, "%s\n", str);
475 		if (str != (char *)&string[0]) {
476 			free(str);
477 			str = NULL;
478 		}
479 	}
480 
481 	if (filename != NULL)
482 		(void) fclose(fp);
483 
484 	__s_api_release_config(ptr);
485 	return (NULL);
486 }
487 
488 /*
489  * This routine can process the configuration  and/or
490  * the credential files at the same time.
491  * files is char *[3] = { "config", "cred", NULL };
492  */
493 
494 static
495 ns_ldap_error_t *
496 __ns_ldap_DumpConfigFiles(char **files)
497 {
498 	char		*filename;
499 	int		fi;
500 	int		docred;
501 	ns_config_t	*ptr;
502 	char		string[BUFSIZE];
503 	char		*str;
504 	char		errstr[MAXERROR];
505 	ParamIndexType	i = 0;
506 	FILE		*fp;
507 	int		rc;
508 	ns_ldap_error_t	*errorp;
509 	struct stat	buf;
510 	int		cfgtype;
511 
512 	ptr = __s_api_get_default_config();
513 	if (ptr == NULL) {
514 		(void) snprintf(errstr, sizeof (errstr),
515 			gettext("No configuration information available."));
516 		MKERROR(LOG_ERR, errorp, NS_CONFIG_NOTLOADED, strdup(errstr),
517 			NULL);
518 		return (errorp);
519 	}
520 
521 	for (fi = 0; fi < 2; fi++) {
522 		docred = 0;
523 		filename = files[fi];
524 		if (filename == NULL)
525 			continue;
526 		if (fi == 1)
527 			docred++;
528 		rc = stat(filename, &buf);
529 		fp = fopen(filename, "w");
530 		if (fp == NULL) {
531 			(void) snprintf(errstr, sizeof (errstr),
532 				gettext("Unable to open filename %s"
533 				" for configuration dump (errno=%d)."),
534 				filename, errno);
535 			MKERROR(LOG_WARNING, errorp, NS_CONFIG_FILE,
536 				strdup(errstr), NULL);
537 			__s_api_release_config(ptr);
538 			return (errorp);
539 		}
540 		if (rc == 0)
541 			(void) fchmod(fileno(fp), buf.st_mode);
542 		else
543 			(void) fchmod(fileno(fp), 0400);
544 		(void) fprintf(fp, "#\n# %s\n#\n", DONOTEDIT);
545 
546 		/* assume VERSION is set and it outputs first */
547 
548 		/* For each parameter - construct value */
549 		for (i = 0; i <= NS_LDAP_MAX_PIT_P; i++) {
550 			cfgtype = __s_api_get_configtype(i);
551 			if ((docred == 0 && cfgtype == CREDCONFIG) ||
552 				(docred == 1 && cfgtype != CREDCONFIG))
553 				continue;
554 
555 			str = __s_api_strValue(ptr, string, BUFSIZ,
556 					i, NS_FILE_FMT);
557 			if (str == NULL)
558 				continue;
559 			(void) fprintf(fp, "%s\n", str);
560 			if (str != (char *)&string[0]) {
561 				free(str);
562 				str = NULL;
563 			}
564 		}
565 		(void) fclose(fp);
566 	}
567 
568 	__s_api_release_config(ptr);
569 	return (NULL);
570 }
571 
572 ns_ldap_error_t *
573 __ns_ldap_DumpConfiguration(char *file)
574 {
575 	ns_ldap_error_t	*ret;
576 	char		*files[3];
577 
578 	files[0] = NULL;
579 	files[1] = NULL;
580 	files[2] = NULL;
581 	if (strcmp(file, NSCONFIGFILE) == 0) {
582 		files[0] = file;
583 	} else if (strcmp(file, NSCONFIGREFRESH) == 0) {
584 		files[0] = file;
585 	} else if (strcmp(file, NSCREDFILE) == 0) {
586 		files[1] = file;
587 	} else if (strcmp(file, NSCREDREFRESH) == 0) {
588 		files[1] = file;
589 	}
590 	ret = __ns_ldap_DumpConfigFiles(files);
591 	return (ret);
592 }
593 
594 /*
595  * **************************************************************
596  * Misc Routines
597  * **************************************************************
598  */
599 
600 ns_config_t *
601 __ns_ldap_make_config(ns_ldap_result_t *result)
602 {
603 	int		i, l, m;
604 	char		val[BUFSIZ];
605 	char    	*attrname;
606 	ns_ldap_entry_t	*entry;
607 	ns_ldap_attr_t	*attr;
608 	char		**attrval;
609 	ParamIndexType	index;
610 	ns_config_t	*ptr;
611 	ns_ldap_error_t	*error = NULL;
612 	int		firsttime;
613 	int		prof_ver;
614 	ns_config_t	*curr_ptr = NULL;
615 
616 	if (result == NULL)
617 		return (NULL);
618 
619 	ptr = __s_api_create_config();
620 	if (ptr == NULL)
621 		return (NULL);
622 
623 	curr_ptr = __s_api_get_default_config();
624 	if (curr_ptr == NULL) {
625 		__s_api_destroy_config(ptr);
626 		return (NULL);
627 	}
628 
629 	/* Check to see if the profile is version 1 or version 2 */
630 	prof_ver = 1;
631 	entry = result->entry;
632 	for (i = 0; i < result->entries_count; i++) {
633 		for (l = 0; l < entry->attr_count; l++) {
634 			attr = entry->attr_pair[l];
635 
636 			attrname = attr->attrname;
637 			if (attrname == NULL)
638 				continue;
639 			if (strcasecmp(attrname, "objectclass") == 0) {
640 				for (m = 0; m < attr->value_count; m++) {
641 					if (strcasecmp(_PROFILE2_OBJECTCLASS,
642 						attr->attrvalue[m]) == 0) {
643 						prof_ver = 2;
644 						break;
645 					}
646 				}
647 			}
648 		}
649 	}
650 	/* update the configuration to accept v1 or v2 attributes */
651 	if (prof_ver == 1) {
652 		(void) strcpy(val, NS_LDAP_VERSION_1);
653 		(void) __ns_ldap_setParamValue(ptr,
654 				NS_LDAP_FILE_VERSION_P, val, &error);
655 	} else {
656 		(void) strcpy(val, NS_LDAP_VERSION_2);
657 		(void) __ns_ldap_setParamValue(ptr,
658 				NS_LDAP_FILE_VERSION_P, val, &error);
659 	}
660 
661 	entry = result->entry;
662 	for (i = 0; i < result->entries_count; i++) {
663 		for (l = 0; l < entry->attr_count; l++) {
664 			attr = entry->attr_pair[l];
665 
666 			attrname = attr->attrname;
667 			if (attrname == NULL)
668 				continue;
669 			if (__s_api_get_profiletype(attrname, &index) != 0)
670 				continue;
671 
672 			attrval = attr->attrvalue;
673 			switch (index) {
674 			case NS_LDAP_SEARCH_DN_P:
675 			case NS_LDAP_SERVICE_SEARCH_DESC_P:
676 			case NS_LDAP_ATTRIBUTEMAP_P:
677 			case NS_LDAP_OBJECTCLASSMAP_P:
678 			case NS_LDAP_SERVICE_CRED_LEVEL_P:
679 			case NS_LDAP_SERVICE_AUTH_METHOD_P:
680 				/* Multiple Value - insert 1 at a time */
681 				for (m = 0; m < attr->value_count; m++) {
682 					(void) __ns_ldap_setParamValue(ptr,
683 							index,
684 							attrval[m],
685 							&error);
686 				}
687 				break;
688 			default:
689 				firsttime = 1;
690 				/* Single or Multiple Value */
691 				val[0] = '\0';
692 				for (m = 0; m < attr->value_count; m++) {
693 					if (firsttime == 1) {
694 						firsttime = 0;
695 						(void) strlcpy(val, attrval[m],
696 							sizeof (val));
697 					} else {
698 						(void) strlcat(val, " ",
699 							sizeof (val));
700 						(void) strlcat(val, attrval[m],
701 							sizeof (val));
702 					}
703 				}
704 				(void) __ns_ldap_setParamValue(ptr, index,
705 							val, &error);
706 				break;
707 			}
708 		}
709 		entry = entry->next;
710 	}
711 	if (ptr->version != NS_LDAP_V1) {
712 	    if (curr_ptr->paramList[NS_LDAP_BINDDN_P].ns_ptype == CHARPTR) {
713 		(void) __ns_ldap_setParamValue(ptr, NS_LDAP_BINDDN_P,
714 			curr_ptr->paramList[NS_LDAP_BINDDN_P].ns_pc, &error);
715 	    }
716 	    if (curr_ptr->paramList[NS_LDAP_BINDPASSWD_P].ns_ptype == CHARPTR) {
717 		(void) __ns_ldap_setParamValue(ptr, NS_LDAP_BINDPASSWD_P,
718 			curr_ptr->paramList[NS_LDAP_BINDPASSWD_P].ns_pc,
719 			&error);
720 	    }
721 	    if (curr_ptr->paramList[NS_LDAP_HOST_CERTPATH_P].ns_ptype ==
722 			CHARPTR) {
723 		(void) __ns_ldap_setParamValue(ptr, NS_LDAP_HOST_CERTPATH_P,
724 			curr_ptr->paramList[NS_LDAP_HOST_CERTPATH_P].ns_pc,
725 			&error);
726 	    }
727 	}
728 	__s_api_release_config(curr_ptr);
729 	return (ptr);
730 }
731 
732 /*
733  * Download a profile into our internal structure.  The calling application
734  * needs to DumpConfig() to save the information to NSCONFIGFILE and NSCREDFILE
735  * if desired.
736  */
737 int
738 __ns_ldap_download(const char *profile, char *addr, char *baseDN,
739 	ns_ldap_error_t **errorp)
740 {
741 	char filter[BUFSIZ];
742 	int rc;
743 	ns_ldap_result_t *result = NULL;
744 	ns_config_t	*ptr = NULL;
745 	ns_config_t	*new_ptr = NULL;
746 	char		errstr[MAXERROR];
747 
748 	*errorp = NULL;
749 	if (baseDN == NULL)
750 		return (NS_LDAP_INVALID_PARAM);
751 
752 	ptr = __s_api_get_default_config();
753 	if (ptr == NULL) {
754 		(void) snprintf(errstr, sizeof (errstr),
755 		    gettext("No configuration information available."));
756 		MKERROR(LOG_ERR, *errorp, NS_CONFIG_NOTLOADED, strdup(errstr),
757 			NULL);
758 		return (NS_LDAP_CONFIG);
759 	}
760 
761 	rc = __ns_ldap_setParamValue(ptr, NS_LDAP_SEARCH_BASEDN_P,
762 				baseDN, errorp);
763 	if (rc != NS_LDAP_SUCCESS) {
764 		__s_api_release_config(ptr);
765 		return (rc);
766 	}
767 
768 	rc = __ns_ldap_setParamValue(ptr, NS_LDAP_SERVERS_P, addr, errorp);
769 	__s_api_release_config(ptr);
770 	if (rc != NS_LDAP_SUCCESS)
771 		return (rc);
772 
773 	(void) snprintf(filter, sizeof (filter), _PROFILE_FILTER,
774 			_PROFILE1_OBJECTCLASS,
775 			_PROFILE2_OBJECTCLASS,
776 			profile);
777 	rc = __ns_ldap_list(_PROFILE_CONTAINER, (const char *)filter,
778 		NULL, NULL, NULL, 0, &result, errorp, NULL, NULL);
779 
780 	if (rc != NS_LDAP_SUCCESS)
781 		return (rc);
782 
783 	new_ptr = __ns_ldap_make_config(result);
784 	(void) __ns_ldap_freeResult(&result);
785 
786 	rc = __s_api_crosscheck(new_ptr, errstr, B_FALSE);
787 	if (rc != NS_LDAP_SUCCESS) {
788 		__s_api_destroy_config(new_ptr);
789 		MKERROR(LOG_ERR, *errorp, NS_CONFIG_NOTLOADED, strdup(errstr),
790 			NULL);
791 		return (NS_LDAP_CONFIG);
792 	}
793 
794 	__s_api_init_config(new_ptr);
795 	return (rc);
796 }
797 
798 /*
799  * **************************************************************
800  * Configuration Printing Routines
801  * **************************************************************
802  */
803 
804 /*
805  * Yes the use of stdio is okay here because all we are doing is sending
806  * output to stdout.  This would not be necessary if we could get to the
807  * configuration pointer outside this file.
808  */
809 ns_ldap_error_t *
810 __ns_ldap_print_config(int verbose)
811 {
812 	ns_config_t	*ptr;
813 	char		errstr[MAXERROR];
814 	ns_ldap_error_t *errorp;
815 	char		string[BUFSIZE];
816 	char		*str;
817 	int		i;
818 
819 	ptr = __s_api_get_default_config();
820 	if (ptr == NULL) {
821 		errorp = __ns_ldap_LoadConfiguration();
822 		if (errorp != NULL)
823 			return (errorp);
824 		ptr = __s_api_get_default_config();
825 		if (ptr == NULL) {
826 			(void) snprintf(errstr, sizeof (errstr),
827 			    gettext("No configuration information."));
828 			MKERROR(LOG_WARNING, errorp, NS_CONFIG_NOTLOADED,
829 				strdup(errstr), NULL);
830 			return (errorp);
831 		}
832 	}
833 
834 	if (verbose && (ptr->domainName != NULL)) {
835 		(void) fputs("ptr->domainName ", stdout);
836 		(void) fputs(ptr->domainName, stdout);
837 		(void) putchar('\n');
838 	}
839 	/* For each parameter - construct value */
840 	for (i = 0; i <= NS_LDAP_MAX_PIT_P; i++) {
841 			/*
842 			 * Version 1 skipped this entry because:
843 			 *
844 			 * don't print default cache TTL for now since
845 			 * we don't store it in the ldap_client_file.
846 			 */
847 		if ((i == NS_LDAP_CACHETTL_P) && (ptr->version == NS_LDAP_V1))
848 			continue;
849 
850 		str = __s_api_strValue(ptr, string, BUFSIZ, i, NS_FILE_FMT);
851 		if (str == NULL)
852 			continue;
853 		if (verbose)
854 			(void) putchar('\t');
855 		(void) fprintf(stdout, "%s\n", str);
856 		if (str != (char *)&string[0]) {
857 			free(str);
858 			str = NULL;
859 		}
860 	}
861 
862 	__s_api_release_config(ptr);
863 	return (NULL);
864 }
865