PSARC 2005/487 sysidtool(1m) Integrated NFSv4 Prompts

6231897 ON changes in support of 5110062: nuke sysidnfs4(1m)

--HG--
rename : usr/src/cmd/fs.d/nfs/sysidnfs4/Makefile => deleted_files/usr/src/cmd/fs.d/nfs/sysidnfs4/Makefile
rename : usr/src/cmd/fs.d/nfs/sysidnfs4/config_nfs4.c => deleted_files/usr/src/cmd/fs.d/nfs/sysidnfs4/config_nfs4.c
rename : usr/src/cmd/fs.d/nfs/sysidnfs4/config_nfs4.h => deleted_files/usr/src/cmd/fs.d/nfs/sysidnfs4/config_nfs4.h
rename : usr/src/cmd/fs.d/nfs/sysidnfs4/sysidnfs4.c => deleted_files/usr/src/cmd/fs.d/nfs/sysidnfs4/sysidnfs4.c
rename : usr/src/cmd/fs.d/nfs/sysidnfs4/sysidnfs4.h => deleted_files/usr/src/cmd/fs.d/nfs/sysidnfs4/sysidnfs4.h
rename : usr/src/pkgdefs/SUNWnfscu/postinstall => deleted_files/usr/src/pkgdefs/SUNWnfscu/postinstall
rename : usr/src/cmd/fs.d/nfs/nfsmapid/nfsmapid_resolv.c => usr/src/lib/libmapid/common/mapid.c
rename : usr/src/cmd/fs.d/nfs/nfsmapid/nfsmapid_resolv.h => usr/src/lib/libmapid/common/mapid.h

29 files changed, 1469 insertions, 792 deletions

diff --git a/usr/src/cmd/fs.d/nfs/sysidnfs4/Makefile b/deleted_files/usr/src/cmd/fs.d/nfs/sysidnfs4/Makefile
index 65b71c0eb1..65b71c0eb1 100644
--- a/usr/src/cmd/fs.d/nfs/sysidnfs4/Makefile
+++ b/deleted_files/usr/src/cmd/fs.d/nfs/sysidnfs4/Makefile
diff --git a/usr/src/cmd/fs.d/nfs/sysidnfs4/config_nfs4.c b/deleted_files/usr/src/cmd/fs.d/nfs/sysidnfs4/config_nfs4.c
index ec22e75d0e..ec22e75d0e 100644
--- a/usr/src/cmd/fs.d/nfs/sysidnfs4/config_nfs4.c
+++ b/deleted_files/usr/src/cmd/fs.d/nfs/sysidnfs4/config_nfs4.c
diff --git a/usr/src/cmd/fs.d/nfs/sysidnfs4/config_nfs4.h b/deleted_files/usr/src/cmd/fs.d/nfs/sysidnfs4/config_nfs4.h
index 78b7ac8c75..78b7ac8c75 100644
--- a/usr/src/cmd/fs.d/nfs/sysidnfs4/config_nfs4.h
+++ b/deleted_files/usr/src/cmd/fs.d/nfs/sysidnfs4/config_nfs4.h
diff --git a/usr/src/cmd/fs.d/nfs/sysidnfs4/sysidnfs4.c b/deleted_files/usr/src/cmd/fs.d/nfs/sysidnfs4/sysidnfs4.c
index 585b541c3e..585b541c3e 100644
--- a/usr/src/cmd/fs.d/nfs/sysidnfs4/sysidnfs4.c
+++ b/deleted_files/usr/src/cmd/fs.d/nfs/sysidnfs4/sysidnfs4.c
diff --git a/usr/src/cmd/fs.d/nfs/sysidnfs4/sysidnfs4.h b/deleted_files/usr/src/cmd/fs.d/nfs/sysidnfs4/sysidnfs4.h
index 4391e026d7..4391e026d7 100644
--- a/usr/src/cmd/fs.d/nfs/sysidnfs4/sysidnfs4.h
+++ b/deleted_files/usr/src/cmd/fs.d/nfs/sysidnfs4/sysidnfs4.h
diff --git a/usr/src/pkgdefs/SUNWnfscu/postinstall b/deleted_files/usr/src/pkgdefs/SUNWnfscu/postinstall
index e40767e926..e40767e926 100644
--- a/usr/src/pkgdefs/SUNWnfscu/postinstall
+++ b/deleted_files/usr/src/pkgdefs/SUNWnfscu/postinstall
diff --git a/usr/src/Makefile.lint b/usr/src/Makefile.lint
index 1dbe39c846..db6904d8a2 100644
--- a/usr/src/Makefile.lint
+++ b/usr/src/Makefile.lint
@@ -326,6 +326,7 @@ COMMON_SUBDIRS = \
 	lib/liblm \
 	lib/libmacadm \
 	lib/libmalloc \
+	lib/libmapid \
 	lib/libmd \
 	lib/libmp \
 	lib/libnsl \
diff --git a/usr/src/cmd/fs.d/nfs/Makefile b/usr/src/cmd/fs.d/nfs/Makefile
index 13dcc0d5b4..41478658b9 100644
--- a/usr/src/cmd/fs.d/nfs/Makefile
+++ b/usr/src/cmd/fs.d/nfs/Makefile
@@ -2,9 +2,8 @@
 # CDDL HEADER START
 #
 # The contents of this file are subject to the terms of the
-# Common Development and Distribution License, Version 1.0 only
-# (the "License").  You may not use this file except in compliance
-# with the License.
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
 #
 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 # or http://www.opensolaris.org/os/licensing.
@@ -22,7 +21,7 @@
 #
 #ident	"%Z%%M%	%I%	%E% SMI"
 #
-# Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
+# Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
 # cmd/fs.d/nfs/Makefile
@@ -37,8 +36,7 @@ SUBDIR1=	exportfs nfsd rquotad unshare \
 		statd nfsstat mountd dfshares \
 		nfsfind nfs4cbd
 SUBDIR2=	clear_locks umount showmount \
-		share mount dfmounts nfslog nfsmapid \
-		sysidnfs4
+		share mount dfmounts nfslog nfsmapid
 
 SUBDIR3=	etc svc
 SUBDIRS=	$(SUBDIR1) $(SUBDIR2) $(SUBDIR3)
diff --git a/usr/src/cmd/fs.d/nfs/nfsmapid/Makefile b/usr/src/cmd/fs.d/nfs/nfsmapid/Makefile
index a687ed8bbc..defc5fe500 100644
--- a/usr/src/cmd/fs.d/nfs/nfsmapid/Makefile
+++ b/usr/src/cmd/fs.d/nfs/nfsmapid/Makefile
@@ -2,9 +2,8 @@
 # CDDL HEADER START
 #
 # The contents of this file are subject to the terms of the
-# Common Development and Distribution License, Version 1.0 only
-# (the "License").  You may not use this file except in compliance
-# with the License.
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
 #
 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 # or http://www.opensolaris.org/os/licensing.
@@ -20,61 +19,53 @@
 # CDDL HEADER END
 #
 #
-# Copyright 2005 Sun Microsystems, Inc.
+# Copyright 2006 Sun Microsystems, Inc.
 # All rights reserved.  Use is subject to license terms.
 #
 # ident	"%Z%%M%	%I%	%E% SMI"
 #
 
-FSTYPE=		nfs
-
-TYPEPROG=	nfsmapid
-TESTPROG=	nfsmapid_test
-ATTMK=          $(TYPEPROG)
-
-POFILE= nfsmapid.po
-
-catalog: $(POFILE)
-
-$(POFILE): $(SRCS)
-	$(RM) $@
-	$(COMPILE.cpp) $(SRCS)	> $(POFILE).i
-	$(XGETTEXT) $(XGETFLAGS)	$(POFILE).i
-	sed "/^domain/d"	messages.po     > $@
-	$(RM) $(POFILE).i messages.po
+FSTYPE	  =	nfs
+TYPEPROG  =	nfsmapid
+TESTPROG  =	nfsmapid_test
+ATTMK	  =	$(TYPEPROG)
 
 include		../../Makefile.fstype
 
-LDLIBS +=	-lresolv -lnsl -lcmd -lrt -ldtrace
-
-SRCS=		nfsmapid.c nfsmapid_server.c nfsmapid_resolv.c
-DSRC=		nfsmapid_dt.d
-DOBJ=		$(DSRC:%.d=%.o)
-HDRS+=		nfsmapid_resolv.h
-OBJS=		$(SRCS:%.c=%.o)
+LDLIBS   +=	-L$(ROOT)/usr/lib/nfs -R/usr/lib/nfs
+LDLIBS   +=	-lnsl -lmapid -lrt -ldoor -ldtrace
+SRCS	  =	nfsmapid.c nfsmapid_server.c
+DSRC	  =	nfsmapid_dt.d
+DOBJ	  =	$(DSRC:%.d=%.o)
+OBJS	  =	$(SRCS:%.c=%.o)
 CPPFLAGS +=	-I../lib -D_POSIX_PTHREAD_SEMANTICS
 
+all:		$(TYPEPROG) $(TESTPROG)
+
 $(TYPEPROG):	$(OBJS) $(DSRC)
 		$(COMPILE.d) -s $(DSRC) -o $(DOBJ) $(OBJS)
 		$(LINK.c) -zignore -o $@ $(DOBJ) $(OBJS) $(LDLIBS)
 		$(POST_PROCESS)
 
-$(OBJS):	$(HDRS)
-
-#
-# Test program
-#
-TESTSRCS=	nfsmapid_test.c
-TESTOBJS=	$(TESTSRCS:%.c=%.o)
-TEST_OBJS=	$(TESTOBJS)
+TESTSRCS  =	nfsmapid_test.c
+TESTOBJS  =	$(TESTSRCS:%.c=%.o)
+TEST_OBJS =	$(TESTOBJS)
 
 $(TESTPROG):	$(TEST_OBJS)
 		$(LINK.c) -o $@ $(TEST_OBJS) $(LDLIBS)
 		$(POST_PROCESS)
 
-all:		$(TYPEPROG) $(TESTPROG)
+POFILE	  =	nfsmapid.po
+catalog:	$(POFILE)
+
+$(POFILE):	$(SRCS)
+		$(RM) $@
+		$(COMPILE.cpp) $(SRCS) > $@.i
+		$(XGETTEXT) $(XGETFLAGS) $@.i
+		sed "/^domain/d" messages.po > $@
+		$(RM) $@.i messages.po
 
 clean:
-		$(RM) $(OBJS) $(TESTOBJS) $(DOBJ)
+		$(RM) $(OBJS) $(TESTPROG) $(TESTOBJS) $(DOBJ) $(POFILE)
 
 lint:		$(SRCS) lint_SRCS
diff --git a/usr/src/cmd/fs.d/nfs/nfsmapid/nfsmapid.c b/usr/src/cmd/fs.d/nfs/nfsmapid/nfsmapid.c
index 28e1b15dd5..46d282d948 100644
--- a/usr/src/cmd/fs.d/nfs/nfsmapid/nfsmapid.c
+++ b/usr/src/cmd/fs.d/nfs/nfsmapid/nfsmapid.c
@@ -2,9 +2,8 @@
  * CDDL HEADER START
  *
  * The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License").  You may not use this file except in compliance
- * with the License.
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
  *
  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  * or http://www.opensolaris.org/os/licensing.
@@ -20,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -32,6 +31,7 @@
 #include <signal.h>
 #include <fcntl.h>
 #include <door.h>
+#include <thread.h>
 #include <priv_utils.h>
 #include <locale.h>
 #include <strings.h>
@@ -45,7 +45,6 @@
 #include <errno.h>
 #include <pwd.h>
 #include <grp.h>
-#include "nfsmapid_resolv.h"
 
 extern struct group *_uncached_getgrgid_r(gid_t, struct group *, char *, int);
 extern struct group *_uncached_getgrnam_r(const char *, struct group *,
@@ -64,7 +63,6 @@ extern void	nfsmapid_func(void *, char *, size_t, door_desc_t *, uint_t);
 
 extern void	check_domain(int);
 extern void	idmap_kcall(int);
-extern rwlock_t domain_cfg_lock;
 extern void	open_diag_file(void);
 
 size_t		pwd_buflen = 0;
@@ -121,7 +119,6 @@ sig_handler(void *arg)
 	struct timespec	tmout;
 	int		ret;
 
-	tmout.tv_sec = nfscfg_domain_tmout;
 	tmout.tv_nsec = 0;
 	(void) sigemptyset(&sigset);
 	(void) sigaddset(&sigset, SIGHUP);
@@ -129,10 +126,10 @@ sig_handler(void *arg)
 #ifdef	DEBUG
 	(void) sigaddset(&sigset, SIGINT);
 #endif
-	IDMAP_DBG("sig_handler started !", NULL, NULL);
 
 	/*CONSTCOND*/
 	while (1) {
+		tmout.tv_sec = nfscfg_domain_tmout;
 		if ((ret = sigtimedwait(&sigset, &si, &tmout)) != 0) {
 			/*
 			 * EAGAIN: no signals arrived during timeout.
@@ -207,22 +204,12 @@ daemon_init(void)
 	char *grp_buf;
 
 	/*
-	 * Initialize resolver
-	 */
-	(void) resolv_init();
-
-	/*
 	 * passwd/group reentrant interfaces limits
 	 */
 	pwd_buflen = (size_t)sysconf(_SC_GETPW_R_SIZE_MAX);
 	grp_buflen = (size_t)sysconf(_SC_GETGR_R_SIZE_MAX);
 
 	/*
-	 * Initialize lock
-	 */
-	(void) rwlock_init(&domain_cfg_lock, USYNC_THREAD, NULL);
-
-	/*
 	 * MT initialization is done first so that if there is the
 	 * need to fire an additional thread to continue to query
 	 * DNS, that thread is started off with the main thread's
@@ -345,12 +332,14 @@ main(int argc, char **argv)
 	/*
 	 * Initialize the daemon to basic + sys_nfs
 	 */
+#ifndef	DEBUG
 	if (__init_daemon_priv(PU_RESETGROUPS|PU_CLEARLIMITSET,
 	    DAEMON_UID, DAEMON_GID, PRIV_SYS_NFS, (char *)NULL) == -1) {
 		(void) fprintf(stderr, gettext("%s PRIV_SYS_NFS privilege "
 			"missing\n"), MyName);
 		exit(1);
 	}
+#endif
 
 	/*
 	 * Take away a subset of basic, while this is not the absolute
diff --git a/usr/src/cmd/fs.d/nfs/nfsmapid/nfsmapid_dt.d b/usr/src/cmd/fs.d/nfs/nfsmapid/nfsmapid_dt.d
index 93287fe42b..9c2255d5c3 100644
--- a/usr/src/cmd/fs.d/nfs/nfsmapid/nfsmapid_dt.d
+++ b/usr/src/cmd/fs.d/nfs/nfsmapid/nfsmapid_dt.d
@@ -2,9 +2,8 @@
  * CDDL HEADER START
  *
  * The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License").  You may not use this file except in compliance
- * with the License.
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
  *
  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  * or http://www.opensolaris.org/os/licensing.
@@ -20,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -28,7 +27,6 @@
 
 provider nfsmapid {
 	probe daemon__domain(string);
-	probe thread__domain(string);
 };
 
 #pragma D attributes Private/Private/Common provider nfsmapid provider
diff --git a/usr/src/cmd/fs.d/nfs/nfsmapid/nfsmapid_resolv.h b/usr/src/cmd/fs.d/nfs/nfsmapid/nfsmapid_resolv.h
deleted file mode 100644
index fde86ba0c7..0000000000
--- a/usr/src/cmd/fs.d/nfs/nfsmapid/nfsmapid_resolv.h
+++ /dev/null
@@ -1,184 +0,0 @@
-/*
- * CDDL HEADER START
- *
- * The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License").  You may not use this file except in compliance
- * with the License.
- *
- * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
- * or http://www.opensolaris.org/os/licensing.
- * See the License for the specific language governing permissions
- * and limitations under the License.
- *
- * When distributing Covered Code, include this CDDL HEADER in each
- * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
- * If applicable, add the following below this CDDL HEADER, with the
- * fields enclosed by brackets "[]" replaced with your own identifying
- * information: Portions Copyright [yyyy] [name of copyright owner]
- *
- * CDDL HEADER END
- */
-/*
- * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
- * Use is subject to license terms.
- */
-
-#ifndef	_NFSMAPID_RESOLV_H
-#define	_NFSMAPID_RESOLV_H
-
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
-#ifdef	__cplusplus
-extern "C" {
-#endif
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <string.h>
-#include <strings.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <rpc/types.h>
-#include <netinet/in.h>
-#include <arpa/nameser.h>
-#include <resolv.h>
-#include <netdb.h>
-#include <errno.h>
-#include <ctype.h>
-#include <sys/socket.h>
-#include <arpa/inet.h>
-#include <assert.h>
-#include <synch.h>
-#include <syslog.h>
-#include <locale.h>
-#include <thread.h>
-#include <sys/sdt.h>
-
-#ifndef	DEBUG
-#define	IDMAP_DBG(txt, arg1, arg2)
-#else
-#define	IDMAP_DBG(txt, arg1, arg2)					\
-	if (nfsmapid_debug) {						\
-		if (arg1 != NULL && arg2 != NULL)			\
-			syslog(LOG_ERR, gettext(txt), arg1, arg2);	\
-		else if (arg1 != NULL && arg2 == NULL)			\
-			syslog(LOG_ERR, gettext(txt), arg1);		\
-		else if (arg1 == NULL && arg2 != NULL)			\
-			syslog(LOG_ERR, gettext(txt), arg2);		\
-	}
-#endif	/* DEBUG */
-
-#ifdef	__NFSMAPID_RES_IMPL
-/*
- * Error Messages
- */
-#define	EMSG_NETDB_INTERNAL	\
-	gettext("Internal Resolver Error: %s")
-
-#define	EMSG_TRY_AGAIN		\
-	gettext("\"%s\" DNS nameserver(s) not responding...\tRetrying")
-
-#define	EMSG_NO_RECOVERY	\
-	gettext("Unrecoverable Resolver Error: %s")
-
-#define	EMSG_HOST_NOT_FOUND	\
-	gettext("Authoritative nameserver unresponsive to queries " \
-		"for domain \"%s\"")
-
-#define	EMSG_NO_DATA		\
-	gettext("\"%s\" DNS TXT record not found: Defaulting to \"%s\"")
-
-#define	EMSG_DNS_THREAD_ERROR  \
-	gettext("Unable to create DNS query thread")
-
-#define	EMSG_DNS_DISABLE \
-	gettext("%s: Further DNS queries disabled !")
-
-#define	EMSG_DNS_RR_INVAL \
-	gettext("\"%s\" Invalid DNS TXT record: Defaulting to \"%s\"")
-
-/*
- * DNS related info
- */
-#define	NFSMAPID_DNS_RR			"_nfsv4idmapdomain"
-#define	NFSMAPID_DNS_TOUT_SECS		(30LL)
-#define	NFSMAPID_SLOG_RATE		20	/* ~10 mins */
-
-#define	DNAMEMAX			(NS_MAXCDNAME + 1)
-#define	NS_ERRS				6	/* netdb.h */
-
-typedef union {
-	HEADER	hdr;
-	uchar_t	buf[PACKETSZ];
-} ans_t;
-
-/*
- * NOTE: All s_ prefixed variables are only to be used by the DNS
- *       feature implementation (nfsmapid_resolv.c). The exported
- *       globals (ie. seen by nfsmapid.c/nfsmapid_server.c) are the
- *       dns_ prefixed variables along with sysdns_domain.
- */
-static ans_t			 s_ans;
-static int			 s_anslen;
-static char			 s_dname[DNAMEMAX] = {0};
-static char			 s_txt_rr[DNAMEMAX] = {0};
-
-static rwlock_t			 s_dns_impl_lock = DEFAULTRWLOCK;
-static mutex_t			 s_res_lock = ERRORCHECKMUTEX;
-static uint32_t			 s_dns_tout = 0;
-static thread_t			 s_dns_qthread;
-static bool_t			 s_dns_qthr_created = FALSE;
-static bool_t			 s_dns_disabled = FALSE;
-static struct __res_state	 s_res = {0};
-
-static void			 resolv_decode(void);
-static int			 resolv_error(void);
-static void			 resolv_get_txt_data(void);
-static void			 resolv_txt_reset(void);
-static void			 resolve_process_txt(uchar_t *, int);
-static int			 resolv_search(void);
-static uchar_t			*resolv_skip_rr(uchar_t *, uchar_t *);
-
-#ifdef	DEBUG
-bool_t				 nfsmapid_debug = FALSE;
-#endif	/* DEBUG */
-
-uint32_t			 dns_txt_domain_len = 0;
-char				 dns_txt_domain[DNAMEMAX] = {0};
-char				 sysdns_domain[DNAMEMAX] = {0};
-rwlock_t			 dns_data_lock = DEFAULTRWLOCK;
-int				 dns_txt_cached = 0;
-
-extern uint32_t			 cur_domain_len;
-extern char			 cur_domain[];
-extern rwlock_t			 domain_cfg_lock;
-extern void			 idmap_kcall(int);
-extern int			 standard_domain_str(const char *);
-extern void			 update_diag_file(char *);
-
-#else	/* __NFSMAPID_RES_IMPL */
-
-/*
- * exported interfaces + data
- */
-extern int			resolv_init(void);
-extern void			get_dns_txt_domain(int);
-
-#ifdef	DEBUG
-extern bool_t			nfsmapid_debug;
-#endif	/* DEBUG */
-
-extern uint32_t			dns_txt_domain_len;
-extern char			dns_txt_domain[];
-extern rwlock_t			dns_data_lock;
-extern char			sysdns_domain[];
-
-#endif	/* __NFSMAPID_RES_IMPL */
-
-#ifdef	__cplusplus
-}
-#endif
-
-#endif	/* _NFSMAPID_RESOLV_H */
diff --git a/usr/src/cmd/fs.d/nfs/nfsmapid/nfsmapid_server.c b/usr/src/cmd/fs.d/nfs/nfsmapid/nfsmapid_server.c
index f0c62f7b28..4edd849773 100644
--- a/usr/src/cmd/fs.d/nfs/nfsmapid/nfsmapid_server.c
+++ b/usr/src/cmd/fs.d/nfs/nfsmapid/nfsmapid_server.c
@@ -2,9 +2,8 @@
  * CDDL HEADER START
  *
  * The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License").  You may not use this file except in compliance
- * with the License.
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
  *
  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  * or http://www.opensolaris.org/os/licensing.
@@ -20,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -51,7 +50,8 @@
 #include <nfs/nfs4.h>
 #include <nfs/nfssys.h>
 #include <nfs/nfsid_map.h>
-#include "nfsmapid_resolv.h"
+#include <nfs/mapid.h>
+#include <sys/sdt.h>
 
 /*
  * We cannot use the backend nscd as it may make syscalls that may
@@ -65,56 +65,18 @@ extern struct passwd *_uncached_getpwuid_r(uid_t, struct passwd *, char *, int);
 extern struct passwd *_uncached_getpwnam_r(const char *, struct passwd *,
     char *, int);
 
-/*
- * is timestamp a == b?
- */
-#define	TIMESTRUC_EQ(a, b) \
-	(((a).tv_sec == (b).tv_sec) && ((a).tv_nsec == (b).tv_nsec))
-
-#define	UID_MAX_STR_LEN	11	/* Digits in UID_MAX + 1 */
+#define		UID_MAX_STR_LEN		11	/* Digits in UID_MAX + 1 */
+#define		DIAG_FILE		"/var/run/nfs4_domain"
 
 /*
- * domain*: describe nfsmapid domain currently in use
- * nfs_*  : describe nfsmapid domain specified by /etc/default/nfs
- * dns_*  : describe nfsmapid domain speficied by /etc/resolv.conf
- *
- * domain_cfg_lock: rwlock used to serialize access/changes to the
- * vars listed above (between nfsmapid service threads).
- *
- * Each nfsmapid thread holds the rdlock and stats the config files.
- * If the mtime is different, then they get the writelock and update
- * the cached info.
- *
- * If the domain is set via /etc/default/nfs, then we don't have
- * to look at resolv.conf.
+ * idmap_kcall() takes a door descriptor as it's argument when we
+ * need to (re)establish the in-kernel door handles. When we only
+ * want to flush the id kernel caches, we don't redo the door setup.
  */
-timestruc_t	nfs_mtime = {0};
-uint32_t	nfs_domain_len = 0;
-char		nfs_domain[NS_MAXCDNAME + 1] = {0};
-
-timestruc_t	dns_mtime = {0};
-uint32_t	dns_domain_len = 0;
-char		dns_domain[NS_MAXCDNAME + 1] = {0};
-
-uint32_t	cur_domain_len = 0;
-char		cur_domain[NS_MAXCDNAME + 1] = {0};
-#define		CUR_DOMAIN_NULL()		cur_domain[0] == '\0'
+#define		FLUSH_KCACHES_ONLY	(int)-1
 
-timestruc_t	zapped_mtime = {0};
-
-#define		ZAP_DOMAIN(which) {		\
-		which##_domain[0] = '\0';	\
-		which##_domain_len = 0;		\
-		which##_mtime = zapped_mtime;	\
-}
-
-rwlock_t	domain_cfg_lock = DEFAULTRWLOCK;
-
-/*
- * Diags
- */
-#define	DIAG_FILE	"/var/run/nfs4_domain"
 FILE		*n4_fp;
+int		 n4_fd;
 
 extern size_t	pwd_buflen;
 extern size_t	grp_buflen;
@@ -123,19 +85,17 @@ extern thread_t	sig_thread;
 /*
  * Prototypes
  */
-extern void	check_domain(int);
-extern void	idmap_kcall(int);
-extern int	standard_domain_str(const char *);
-extern int	_nfssys(int, void *);
-static int	valid_domain(const char *);
-static int	validate_id_str(const char *);
-static int	get_mtime(char *, timestruc_t *);
-static void	get_nfs_domain(void);
-static void	get_dns_domain(void);
-static int	extract_domain(char *, char **, char **);
-extern void	update_diag_file(char *);
-
-static void
+extern void	 check_domain(int);
+extern void	 idmap_kcall(int);
+extern int	 _nfssys(int, void *);
+extern int	 valid_domain(const char *);
+extern int	 validate_id_str(const char *);
+extern int	 extract_domain(char *, char **, char **);
+extern void	 update_diag_file(char *);
+extern void	*cb_update_domain(void *);
+extern int	 cur_domain_null(void);
+
+void
 nfsmapid_str_uid(struct mapid_arg *argp, size_t arg_size)
 {
 	struct mapid_res result;
@@ -188,7 +148,7 @@ nfsmapid_str_uid(struct mapid_arg *argp, size_t arg_size)
 	 * group validity. Note that we only look at the domain iff
 	 * the local domain is configured.
 	 */
-	if (!CUR_DOMAIN_NULL() && !valid_domain(domain)) {
+	if (!cur_domain_null() && !valid_domain(domain)) {
 		result.status = NFSMAPID_BADDOMAIN;
 		result.u_res.uid = UID_NOBODY;
 		goto done;
@@ -221,7 +181,7 @@ done:
 }
 
 /* ARGSUSED1 */
-static void
+void
 nfsmapid_uid_str(struct mapid_arg *argp, size_t arg_size)
 {
 	struct mapid_res	 result;
@@ -235,7 +195,7 @@ nfsmapid_uid_str(struct mapid_arg *argp, size_t arg_size)
 	size_t			 pw_str_len;
 	char			*at_str;
 	size_t			 at_str_len;
-	char			 dom_str[NS_MAXCDNAME + 1];
+	char			 dom_str[DNAMEMAX];
 	size_t			 dom_str_len;
 
 	if (uid < 0 || uid > UID_MAX) {
@@ -250,17 +210,14 @@ nfsmapid_uid_str(struct mapid_arg *argp, size_t arg_size)
 
 	/*
 	 * Make local copy of domain for further manipuation
+	 * NOTE: mapid_get_domain() returns a ptr to TSD.
 	 */
-	(void) rw_rdlock(&domain_cfg_lock);
-	if (CUR_DOMAIN_NULL()) {
+	if (cur_domain_null()) {
 		dom_str_len = 0;
 		dom_str[0] = '\0';
 	} else {
-		dom_str_len = cur_domain_len;
-		bcopy(cur_domain, dom_str, cur_domain_len);
-		dom_str[dom_str_len] = '\0';
+		dom_str_len = strlcpy(dom_str, mapid_get_domain(), DNAMEMAX);
 	}
-	(void) rw_unlock(&domain_cfg_lock);
 
 	/*
 	 * We want to encode the uid into a literal string... :
@@ -333,7 +290,7 @@ done:
 	}
 }
 
-static void
+void
 nfsmapid_str_gid(struct mapid_arg *argp, size_t arg_size)
 {
 	struct mapid_res	result;
@@ -387,7 +344,7 @@ nfsmapid_str_gid(struct mapid_arg *argp, size_t arg_size)
 	 * group validity. Note that we only look at the domain iff
 	 * the local domain is configured.
 	 */
-	if (!CUR_DOMAIN_NULL() && !valid_domain(domain)) {
+	if (!cur_domain_null() && !valid_domain(domain)) {
 		result.status = NFSMAPID_BADDOMAIN;
 		result.u_res.gid = GID_NOBODY;
 		goto done;
@@ -420,7 +377,7 @@ done:
 }
 
 /* ARGSUSED1 */
-static void
+void
 nfsmapid_gid_str(struct mapid_arg *argp, size_t arg_size)
 {
 	struct mapid_res	 result;
@@ -433,7 +390,7 @@ nfsmapid_gid_str(struct mapid_arg *argp, size_t arg_size)
 	size_t			 gr_str_len;
 	char			*at_str;
 	size_t			 at_str_len;
-	char			 dom_str[NS_MAXCDNAME + 1];
+	char			 dom_str[DNAMEMAX];
 	size_t			 dom_str_len;
 
 	if (gid < 0 || gid > UID_MAX) {
@@ -448,17 +405,16 @@ nfsmapid_gid_str(struct mapid_arg *argp, size_t arg_size)
 
 	/*
 	 * Make local copy of domain for further manipuation
+	 * NOTE: mapid_get_domain() returns a ptr to TSD.
 	 */
-	(void) rw_rdlock(&domain_cfg_lock);
-	if (CUR_DOMAIN_NULL()) {
+	if (cur_domain_null()) {
 		dom_str_len = 0;
 		dom_str[0] = '\0';
 	} else {
-		dom_str_len = cur_domain_len;
-		bcopy(cur_domain, dom_str, cur_domain_len);
+		dom_str_len = strlen(mapid_get_domain());
+		bcopy(mapid_get_domain(), dom_str, dom_str_len);
 		dom_str[dom_str_len] = '\0';
 	}
-	(void) rw_unlock(&domain_cfg_lock);
 
 	/*
 	 * We want to encode the gid into a literal string... :
@@ -573,7 +529,23 @@ nfsmapid_func(void *cookie, char *argp, size_t arg_size,
 	(void) door_return((char *)&mapres, sizeof (struct mapid_res), NULL, 0);
 }
 
-static int
+/*
+ * mapid_get_domain() always returns a ptr to TSD, so the
+ * check for a NULL domain is not a simple comparison with
+ * NULL but we need to check the contents of the TSD data.
+ */
+int
+cur_domain_null(void)
+{
+	char	*p;
+
+	if ((p = mapid_get_domain()) == NULL)
+		return (1);
+
+	return (p[0] == '\0');
+}
+
+int
 extract_domain(char *cp, char **upp, char **dpp)
 {
 	/*
@@ -587,27 +559,24 @@ extract_domain(char *cp, char **upp, char **dpp)
 	return (1);
 }
 
-static int
+int
 valid_domain(const char *dom)
 {
 	const char	*whoami = "valid_domain";
 
-	if (!standard_domain_str(dom)) {
-		syslog(LOG_ERR, gettext("%s: Invalid domain name %s. Check "
-			"configuration file and restart daemon."), whoami, dom);
+	if (!mapid_stdchk_domain(dom)) {
+		syslog(LOG_ERR, gettext("%s: Invalid inbound domain name %s."),
+			whoami, dom);
 		return (0);
 	}
 
-	(void) rw_rdlock(&domain_cfg_lock);
-	if (strcasecmp(dom, cur_domain) == 0) {
-		(void) rw_unlock(&domain_cfg_lock);
-		return (1);
-	}
-	(void) rw_unlock(&domain_cfg_lock);
-	return (0);
+	/*
+	 * NOTE: mapid_get_domain() returns a ptr to TSD.
+	 */
+	return (strcasecmp(dom, mapid_get_domain()) == 0);
 }
 
-static int
+int
 validate_id_str(const char *id)
 {
 	while (*id) {
@@ -617,152 +586,18 @@ validate_id_str(const char *id)
 	return (1);
 }
 
-static int
-get_mtime(char *fname, timestruc_t *mtim)
-{
-	struct stat st;
-	int err;
-
-	if ((err = stat(fname, &st)) != 0)
-		return (err);
-
-	*mtim = st.st_mtim;
-	return (0);
-}
-
-static void
-get_nfs_domain(void)
-{
-	const char	*whoami = "get_nfs_domain";
-	char		*ndomain;
-	timestruc_t	 ntime;
-
-	/*
-	 * If we can't get stats for the config file, then
-	 * zap the NFS domain info.  If mtime hasn't changed,
-	 * then there's no work to do, so just return.
-	 */
-	if (get_mtime(NFSADMIN, &ntime) != 0) {
-		ZAP_DOMAIN(nfs);
-		return;
-	}
-
-	if (TIMESTRUC_EQ(ntime, nfs_mtime))
-		return;
-
-	/*
-	 * Get NFSMAPID_DOMAIN value from /etc/default/nfs for now.
-	 * Note: defread() returns a ptr to TSD.
-	 */
-	if (defopen(NFSADMIN) == 0) {
-		ndomain = (char *)defread("NFSMAPID_DOMAIN=");
-
-		/* close default file */
-		(void) defopen(NULL);
-
-		/*
-		 * NFSMAPID_DOMAIN was set so its time for validation.
-		 * If its okay, then update NFS domain and return.  If not,
-		 * complain about invalid domain.
-		 */
-		if (ndomain) {
-			if (standard_domain_str(ndomain)) {
-				nfs_domain_len = strlen(ndomain);
-				(void) strncpy(nfs_domain, ndomain,
-								NS_MAXCDNAME);
-				nfs_mtime = ntime;
-				return;
-			}
-
-			syslog(LOG_ERR, gettext("%s: Invalid domain name %s. "
-				"Check configuration file and restart daemon."),
-				whoami, ndomain);
-		}
-	}
-
-	/*
-	 * So the NFS config file changed but it couldn't be opened or
-	 * it didn't specify NFSMAPID_DOMAIN or it specified an invalid
-	 * NFSMAPID_DOMAIN.  Time to zap current NFS domain info.
-	 */
-	ZAP_DOMAIN(nfs);
-}
-
-static void
-get_dns_domain(void)
-{
-#ifdef DEBUG
-	const char	*whoami = "get_dns_domain";
-#endif
-	timestruc_t	 ntime = {0};
-
-	/*
-	 * If we can't get stats for the config file, then
-	 * zap the DNS domain info.  If mtime hasn't changed,
-	 * then there's no work to do, so just return.
-	 */
-	errno = 0;
-	if (get_mtime(_PATH_RESCONF, &ntime) != 0) {
-		switch (errno) {
-			case ENOENT:
-				/*
-				 * The resolver defaults to obtaining the
-				 * domain off of the NIS domainname(1M) if
-				 * /etc/resolv.conf does not exist, so we
-				 * move forward.
-				 */
-				IDMAP_DBG("%s: no %s file", whoami,
-				    _PATH_RESCONF);
-				break;
-
-			default:
-				ZAP_DOMAIN(dns);
-				return;
-		}
-	} else if (TIMESTRUC_EQ(ntime, dns_mtime)) {
-		IDMAP_DBG("%s: no mtime changes in %s", whoami, _PATH_RESCONF);
-		return;
-	}
-
-	/*
-	 * Re-initialize resolver to zap DNS domain from previous
-	 * resolv_init() calls.
-	 */
-	(void) resolv_init();
-
-	/*
-	 * Update cached DNS domain.  No need for validation since
-	 * domain comes from resolver.  If resolver doesn't return the
-	 * domain, then zap the DNS domain.  This shouldn't ever happen,
-	 * and if it does, the machine has bigger problems (so no need
-	 * to generating a message that says DNS appears to be broken).
-	 */
-	(void) rw_rdlock(&dns_data_lock);
-	if (sysdns_domain[0] != '\0') {
-		(void) strncpy(dns_domain, sysdns_domain, NS_MAXCDNAME);
-		dns_mtime = ntime;
-		dns_domain_len = strlen(sysdns_domain);
-		(void) rw_unlock(&dns_data_lock);
-		return;
-	}
-	(void) rw_unlock(&dns_data_lock);
-
-	ZAP_DOMAIN(dns);
-}
-
 void
-idmap_kcall(int did)
+idmap_kcall(int door_id)
 {
 	struct nfsidmap_args args;
 
-	if (did >= 0) {
+	if (door_id >= 0) {
 		args.state = 1;
-		args.did = did;
+		args.did = door_id;
 	} else {
 		args.state = 0;
 		args.did = 0;
 	}
-
 	(void) _nfssys(NFS_IDMAP, &args);
 }
 
@@ -773,125 +608,48 @@ idmap_kcall(int did)
  * otherwise, the DNS domain is used.
  */
 void
-check_domain(int flush)
+check_domain(int sighup)
 {
 	const char	*whoami = "check_domain";
-	char		*new_domain;
-	int		 new_dlen = 0;
 	static int	 setup_done = 0;
+	static cb_t	 cb;
 
-	get_nfs_domain();
-	if (nfs_domain_len != 0) {
-		new_domain = nfs_domain;
-		new_dlen = nfs_domain_len;
-		IDMAP_DBG("%s: NFS File Domain: %s", whoami, nfs_domain);
-		goto dname_chkd;
-	}
-
-	/*
-	 * If called in response to a SIGHUP,
-	 * reset any cached DNS TXT RR state.
-	 */
-	get_dns_txt_domain(flush);
-	if (dns_txt_domain_len != 0) {
-		new_domain = dns_txt_domain;
-		new_dlen = dns_txt_domain_len;
-		IDMAP_DBG("%s: DNS TXT Record: %s", whoami, dns_txt_domain);
-	} else {
-		/*
-		 * We're either here because:
-		 *
-		 *  . NFSMAPID_DOMAIN was not set in /etc/default/nfs
-		 *  . No suitable DNS TXT resource record exists
-		 *  . DNS server is not responding to requests
-		 *
-		 * in either case, we want to default to using the
-		 * system configured DNS domain. If this fails, then
-		 * dns_domain will be empty and dns_domain_len will
-		 * be 0.
-		 */
-		get_dns_domain();
-		new_domain = dns_domain;
-		new_dlen = dns_domain_len;
-		IDMAP_DBG("%s: Default DNS Domain: %s", whoami, dns_domain);
-	}
-
-dname_chkd:
 	/*
-	 * Update cur_domain if new_domain is different.  Set flush
-	 * to guarantee that kernel idmapping caches are flushed.
+	 * Construct the arguments to be passed to libmapid interface
+	 * If called in response to a SIGHUP, reset any cached DNS TXT
+	 * RR state.
 	 */
-	if (strncasecmp(new_domain, cur_domain, NS_MAXCDNAME)) {
-		(void) rw_wrlock(&domain_cfg_lock);
-		(void) strncpy(cur_domain, new_domain, NS_MAXCDNAME);
-		cur_domain_len = new_dlen;
-		update_diag_file(new_domain);
-		DTRACE_PROBE1(nfsmapid, daemon__domain, cur_domain);
-		(void) rw_unlock(&domain_cfg_lock);
-		flush = 1;
-	}
+	cb.fcn = cb_update_domain;
+	cb.signal = sighup;
+	mapid_reeval_domain(&cb);
 
 	/*
 	 * Restart the signal handler thread if we're still setting up
 	 */
 	if (!setup_done) {
 		setup_done = 1;
-		IDMAP_DBG("%s: Initial setup done !", whoami, NULL);
 		if (thr_continue(sig_thread)) {
 			syslog(LOG_ERR, gettext("%s: Fatal error: signal "
 			    "handler thread could not be restarted."), whoami);
 			exit(6);
 		}
-
-		/*
-		 * We force bail here so we don't end up flushing kernel
-		 * caches until we _know_ we're up.
-		 */
-		return;
-	}
-
-	/*
-	 * If caller requested flush or if domain has changed, then
-	 * flush kernel idmapping caches.
-	 */
-	if (flush)
-		idmap_kcall(-1);
-}
-
-
-/*
- * Based on the recommendations from
- *	RFC1033  DOMAIN ADMINISTRATORS OPERATIONS GUIDE
- *	RFC1035  DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION
- * check if a given domain name string is valid.
- */
-int
-standard_domain_str(const char *ds)
-{
-	int	i;
-
-	for (i = 0; *ds && i < NS_MAXCDNAME; i++, ds++) {
-		if (!isalpha(*ds) && !isdigit(*ds) && (*ds != '.') &&
-				(*ds != '-') && (*ds != '_'))
-			return (0);
 	}
-	if (i == NS_MAXCDNAME)
-		return (0);
-	return (1);
 }
 
 /*
  * Need to be able to open the DIAG_FILE before nfsmapid(1m)
  * releases it's root priviledges. The DIAG_FILE then remains
- * open for the duration of this nfsmapid instance via n4_fp.
+ * open for the duration of this nfsmapid instance via n4_fd.
  */
 void
 open_diag_file()
 {
 	static int	msg_done = 0;
 
-	if ((n4_fp = fopen(DIAG_FILE, "w+")) != NULL)
+	if ((n4_fp = fopen(DIAG_FILE, "w+")) != NULL) {
+		n4_fd = fileno(n4_fp);
 		return;
+	}
 
 	if (msg_done)
 		return;
@@ -908,10 +666,35 @@ open_diag_file()
 void
 update_diag_file(char *new)
 {
-	rewind(n4_fp);
-	ftruncate(fileno(n4_fp), 0);
-	fprintf(n4_fp, "%.*s\n", NS_MAXCDNAME, new);
-	fflush(n4_fp);
+	char	buf[DNAMEMAX];
+	ssize_t	n;
+	size_t	len;
+
+	(void) lseek(n4_fd, (off_t)0, SEEK_SET);
+	(void) ftruncate(n4_fd, 0);
+	(void) snprintf(buf, DNAMEMAX, "%s\n", new);
+
+	len = strlen(buf);
+	n = write(n4_fd, buf, len);
+	if (n < 0 || n < len)
+		syslog(LOG_DEBUG, "Could not write %s to diag file", new);
+	fsync(n4_fd);
 
 	syslog(LOG_DEBUG, "nfsmapid domain = %s", new);
 }
+
+/*
+ * Callback function for libmapid. This will be called
+ * by the lib, everytime the nfsmapid(1m) domain changes.
+ */
+void *
+cb_update_domain(void *arg)
+{
+	char	*new_dname = (char *)arg;
+
+	DTRACE_PROBE1(nfsmapid, daemon__domain, new_dname);
+	update_diag_file(new_dname);
+	idmap_kcall(FLUSH_KCACHES_ONLY);
+
+	return (NULL);
+}
diff --git a/usr/src/lib/Makefile b/usr/src/lib/Makefile
index d17ca46109..0865e0328f 100644
--- a/usr/src/lib/Makefile
+++ b/usr/src/lib/Makefile
@@ -214,6 +214,7 @@ SUBDIRS += \
 	libzpool	\
 	libzfs		\
 	libzfs_jni	\
+	libmapid	\
 	$($(MACH)_SUBDIRS)
 
 sparc_SUBDIRS= .WAIT	\
@@ -367,6 +368,7 @@ HDRSUBDIRS= libaio	\
 	../cmd/sendmail/libmilter	\
 	fm		\
 	udapl		\
+	libmapid	\
 	$($(MACH)_HDRSUBDIRS)
 
 $(CLOSED_BUILD)HDRSUBDIRS += \
@@ -444,6 +446,7 @@ $(CLOSED_BUILD)$(CLOSED)/lib/libelfsign: \
 			$(CLOSED)/lib/libike libcryptoutil pkcs11
 libinetcfg:	libnsl libsocket libdevinfo
 libnsl:		libmd5 libscf
+libmapid:	libresolv libcmd
 libmacadm:	libdevinfo
 libuuid:	libsocket
 libinetutil:	libsocket
diff --git a/usr/src/lib/libmapid/Makefile b/usr/src/lib/libmapid/Makefile
new file mode 100644
index 0000000000..290ad0391f
--- /dev/null
+++ b/usr/src/lib/libmapid/Makefile
@@ -0,0 +1,56 @@
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+#
+# Copyright 2006 Sun Microsystems, Inc.
+# All rights reserved.  Use is subject to license terms.
+#
+# ident	"%Z%%M%	%I%	%E% SMI"
+#
+
+include $(SRC)/lib/Makefile.lib
+
+HDRS		   =	mapid.h
+HDRDIR		   =	common
+ROOTHDRDIR	   =	$(ROOT)/usr/include/nfs
+SUBDIRS		   =	$(MACH)
+
+all	:= TARGET = all
+clean	:= TARGET = clean
+clobber	:= TARGET = clobber
+install	:= TARGET = install
+lint	:= TARGET = lint
+
+.KEEP_STATE:
+
+all clean clobber lint install: spec .WAIT $(SUBDIRS)
+
+lint: $(SUBDIRS)
+
+install_h: $(ROOTHDRS)
+
+check: $(CHECKHDRS)
+
+$(SUBDIRS) spec: FRC
+	@cd $@; pwd; $(MAKE) $(TARGET)
+
+FRC:
+
+include $(SRC)/lib/Makefile.targ
diff --git a/usr/src/lib/libmapid/Makefile.com b/usr/src/lib/libmapid/Makefile.com
new file mode 100644
index 0000000000..a84f6962a4
--- /dev/null
+++ b/usr/src/lib/libmapid/Makefile.com
@@ -0,0 +1,66 @@
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+#
+# Copyright 2006 Sun Microsystems, Inc.
+# All rights reserved.  Use is subject to license terms.
+#
+# ident	"%Z%%M%	%I%	%E% SMI"
+#
+
+LIBRARY =	libmapid.a
+VERS	=	.1
+OBJECTS =	mapid.o
+
+include $(SRC)/lib/Makefile.lib
+
+LIBS	=	$(DYNLIB) $(LINTLIB)
+
+#
+# This library will be installed w/all other nfs
+# binaries in /usr/lib/nfs, so define it as such.
+#
+ROOTLIBDIR   =	$(ROOT)/usr/lib/nfs
+ROOTSLINK32  =	$(ROOTLIBDIR)/32
+
+$(ROOTSLINK32):	$(ROOTLIBDIR)
+	$(SYMLINK) . $@
+
+#
+# SRCS is defined to be $(OBJECTS:%.o=$(SRCDIR)/%.c)
+#
+SRCDIR	=	../common
+$(LINTLIB) :=	SRCS = $(SRCDIR)/$(LINTSRC)
+
+LDLIBS	+=	-lresolv -lcmd -lc
+
+MAPDIR	=	../spec/$(TRANSMACH)
+SPECMAPFILE =	$(MAPDIR)/mapfile
+
+CFLAGS	+=	$(CCVERBOSE)
+CPPFLAGS+=	-I$(SRCDIR) -D_REENTRANT
+
+.KEEP_STATE:
+
+all:
+
+lint: lintcheck
+
+include $(SRC)/lib/Makefile.targ
diff --git a/usr/src/lib/libmapid/common/llib-lmapid b/usr/src/lib/libmapid/common/llib-lmapid
new file mode 100644
index 0000000000..4cf9a31082
--- /dev/null
+++ b/usr/src/lib/libmapid/common/llib-lmapid
@@ -0,0 +1,34 @@
+/*
+ * CDDL HEADER START
+ *
+ * The contents of this file are subject to the terms of the
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
+ *
+ * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+ * or http://www.opensolaris.org/os/licensing.
+ * See the License for the specific language governing permissions
+ * and limitations under the License.
+ *
+ * When distributing Covered Code, include this CDDL HEADER in each
+ * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+ * If applicable, add the following below this CDDL HEADER, with the
+ * fields enclosed by brackets "[]" replaced with your own identifying
+ * information: Portions Copyright [yyyy] [name of copyright owner]
+ *
+ * CDDL HEADER END
+ */
+/* LINTLIBRARY */
+/* PROTOLIB1 */
+
+/*
+ * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
+#pragma ident	"%Z%%M%	%I%	%E% SMI"
+
+#include <nfs/mapid.h>
+void	 mapid_reeval_domain(cb_t *);
+int	 mapid_stdchk_domain(const char *);
+char	*mapid_derive_domain(void);
+char	*mapid_get_domain(void);
diff --git a/usr/src/cmd/fs.d/nfs/nfsmapid/nfsmapid_resolv.c b/usr/src/lib/libmapid/common/mapid.c
index 71eb7f4a81..84442dd282 100644
--- a/usr/src/cmd/fs.d/nfs/nfsmapid/nfsmapid_resolv.c
+++ b/usr/src/lib/libmapid/common/mapid.c
@@ -2,9 +2,8 @@
  * CDDL HEADER START
  *
  * The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License").  You may not use this file except in compliance
- * with the License.
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
  *
  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  * or http://www.opensolaris.org/os/licensing.
@@ -20,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -29,7 +28,7 @@
 /*
  * PSARC/2004/154 nfsmapid DNS enhancements implementation.
  *
- * As per RFC 3050, file owner and group attributes in version 4 of the
+ * As per RFC 3530, file owner and group attributes in version 4 of the
  * NFS protocol are no longer exchanged between client and server as 32
  * bit integral values. Instead, owner and group file attributes are
  * exchanged between client and server as UTF8 strings of form
@@ -69,8 +68,9 @@
  * it responds with either a TXT record, or a lack thereof, in which
  * case, nfsmapid just continues to utilize the DNS domain name.
  */
-#define	__NFSMAPID_RES_IMPL
-#include "nfsmapid_resolv.h"
+#define	__LIBMAPID_IMPL
+#include <nfs/mapid.h>
+#pragma	init(_lib_init)
 
 /*
  * DEBUG Only
@@ -79,65 +79,66 @@
 static int
 resolv_error(void)
 {
+#ifndef	DEBUG
+
+	return (h_errno);
+
+#else	/* DEBUG */
+
 	static uint64_t	 msg_done[NS_ERRS] = {0};
 
 	switch (h_errno) {
-		case NETDB_INTERNAL:
-			IDMAP_DBG(EMSG_NETDB_INTERNAL, strerror(errno), NULL);
-			break;
+	case NETDB_INTERNAL:
+		syslog(LOG_ERR, EMSG_NETDB_INTERNAL, strerror(errno));
+		break;
 
-		case HOST_NOT_FOUND:
-			(void) rw_rdlock(&s_dns_impl_lock);
-			msg_done[h_errno]++;
-#ifdef DEBUG
-			if (!(msg_done[h_errno] % NFSMAPID_SLOG_RATE))
-				IDMAP_DBG(EMSG_HOST_NOT_FOUND, s_dname, NULL);
-#endif
-			(void) rw_unlock(&s_dns_impl_lock);
-			break;
+	case HOST_NOT_FOUND:
+		(void) rw_rdlock(&s_dns_impl_lock);
+		msg_done[h_errno]++;
+		if (!(msg_done[h_errno] % NFSMAPID_SLOG_RATE))
+			syslog(LOG_ERR, EMSG_HOST_NOT_FOUND, s_dname);
+		(void) rw_unlock(&s_dns_impl_lock);
+		break;
 
-		case TRY_AGAIN:
-			/*
-			 * Nameserver is not responding.
-			 * Try again after a given timeout.
-			 */
-			(void) rw_rdlock(&s_dns_impl_lock);
-			msg_done[h_errno]++;
-#ifdef DEBUG
-			if (!(msg_done[h_errno] % NFSMAPID_SLOG_RATE))
-				IDMAP_DBG(EMSG_TRY_AGAIN, s_dname, NULL);
-#endif
-			(void) rw_unlock(&s_dns_impl_lock);
-			break;
+	case TRY_AGAIN:
+		/*
+		 * Nameserver is not responding.
+		 * Try again after a given timeout.
+		 */
+		(void) rw_rdlock(&s_dns_impl_lock);
+		msg_done[h_errno]++;
+		if (!(msg_done[h_errno] % NFSMAPID_SLOG_RATE))
+			syslog(LOG_ERR, EMSG_TRY_AGAIN, s_dname);
+		(void) rw_unlock(&s_dns_impl_lock);
+		break;
 
-		case NO_RECOVERY:
-			/*
-			 * This msg only really happens once, due
-			 * to s_dns_disabled flag (see below)
-			 */
-			IDMAP_DBG(EMSG_NO_RECOVERY, hstrerror(h_errno), NULL);
-			break;
+	case NO_RECOVERY:
+		/*
+		 * This msg only really happens once, due
+		 * to s_dns_disabled flag (see below)
+		 */
+		syslog(LOG_ERR, EMSG_NO_RECOVERY, hstrerror(h_errno));
+		break;
 
-		case NO_DATA:
-			/*
-			 * No entries in the nameserver for
-			 * the specific record or record type.
-			 */
-			(void) rw_rdlock(&s_dns_impl_lock);
-			msg_done[h_errno]++;
-#ifdef DEBUG
-			if (!(msg_done[h_errno] % NFSMAPID_SLOG_RATE))
-				IDMAP_DBG(EMSG_NO_DATA, NFSMAPID_DNS_RR,
-				    s_dname);
-#endif
-			(void) rw_unlock(&s_dns_impl_lock);
-			break;
+	case NO_DATA:
+		/*
+		 * No entries in the nameserver for
+		 * the specific record or record type.
+		 */
+		(void) rw_rdlock(&s_dns_impl_lock);
+		msg_done[h_errno]++;
+		if (!(msg_done[h_errno] % NFSMAPID_SLOG_RATE))
+			syslog(LOG_ERR, EMSG_NO_DATA, NFSMAPID_DNS_RR, s_dname);
+		(void) rw_unlock(&s_dns_impl_lock);
+		break;
 
-		case NETDB_SUCCESS:
-		default:
-			break;
+	case NETDB_SUCCESS:
+	default:
+		break;
 	}
 	return (h_errno);
+
+#endif	/* DEBUG */
 }
 
 /*
@@ -160,12 +161,12 @@ resolv_txt_reset(void)
 	bzero(s_txt_rr, sizeof (s_txt_rr));
 	(void) rw_unlock(&s_dns_impl_lock);
 
-	(void) rw_wrlock(&dns_data_lock);
+	(void) rw_wrlock(&s_dns_data_lock);
 	if (!dns_txt_cached) {
 		dns_txt_domain_len = 0;
 		bzero(dns_txt_domain, DNAMEMAX);
 	}
-	(void) rw_unlock(&dns_data_lock);
+	(void) rw_unlock(&s_dns_data_lock);
 }
 
 /*
@@ -175,7 +176,7 @@ resolv_txt_reset(void)
  * need to fall back to using the DNS domain name as
  * the v4 attribute string domain.
  */
-int
+static int
 resolv_init(void)
 {
 	size_t			len;
@@ -199,9 +200,9 @@ resolv_init(void)
 	(void) snprintf(s_dname, len, "%s", res.defdname);
 	(void) rw_unlock(&s_dns_impl_lock);
 
-	(void) rw_wrlock(&dns_data_lock);
+	(void) rw_wrlock(&s_dns_data_lock);
 	(void) snprintf(sysdns_domain, len, "%s", res.defdname);
-	(void) rw_unlock(&dns_data_lock);
+	(void) rw_unlock(&s_dns_data_lock);
 
 	return (0);
 }
@@ -260,7 +261,9 @@ resolv_skip_rr(uchar_t *p, uchar_t *eom)
 	 */
 	errno = 0;
 	if ((t = dn_skipname(p, eom)) < 0) {
-		IDMAP_DBG("%s", strerror(errno), NULL);
+#ifdef	DEBUG
+		syslog(LOG_ERR, "%s", strerror(errno));
+#endif
 		return (NULL);
 	}
 
@@ -278,7 +281,8 @@ resolv_skip_rr(uchar_t *p, uchar_t *eom)
 	p += INT16SZ;	/* type */
 	p += INT16SZ;	/* class */
 	p += INT32SZ;	/* ttl */
-	NS_GET16(dlen, p);
+	dlen = ns_get16(p);
+	p += INT16SZ;
 	p += dlen;	/* dlen */
 	if (p > eom)
 		return (NULL);
@@ -301,7 +305,9 @@ resolve_process_txt(uchar_t *p, int dlen)
 	char		*rr_base = (char *)(p + 1);
 	char		*rr_end = (char *)(p + dlen);
 	size_t		 len = rr_end - rr_base;
+#ifdef	DEBUG
 	static uint64_t	 msg_done = 0;
+#endif
 	char		 tmp_txt_rr[DNAMEMAX];
 
 	if (len >= DNAMEMAX)
@@ -321,19 +327,21 @@ resolve_process_txt(uchar_t *p, int dlen)
 	/*
 	 * If there is a record and it's a valid domain, we're done.
 	 */
-	if (rr_base[0] != '\0' && standard_domain_str(tmp_txt_rr)) {
+	if (rr_base[0] != '\0' && mapid_stdchk_domain(tmp_txt_rr) > 0) {
 		(void) rw_wrlock(&s_dns_impl_lock);
 		(void) strncpy(s_txt_rr, rr_base, len);
 		(void) rw_unlock(&s_dns_impl_lock);
-		IDMAP_DBG("TXT (Rec):\t%s", s_txt_rr, NULL);
+#ifdef	DEBUG
+		syslog(LOG_ERR, "TXT (Rec):\t%s", s_txt_rr);
 
 	} else if (!(msg_done++ % NFSMAPID_SLOG_RATE)) {
 		/*
 		 * Otherwise, log the error
 		 */
 		(void) rw_rdlock(&s_dns_impl_lock);
-		IDMAP_DBG(EMSG_DNS_RR_INVAL, NFSMAPID_DNS_RR, s_dname);
+		syslog(LOG_ERR, EMSG_DNS_RR_INVAL, NFSMAPID_DNS_RR, s_dname);
 		(void) rw_unlock(&s_dns_impl_lock);
+#endif
 	}
 }
 
@@ -367,9 +375,7 @@ resolv_decode(void)
 	uint_t		 ar_cnt;
 	uint_t		 cnt;
 	uint_t		 type;
-	uint_t		 class;
 	int		 dlen;
-	ulong_t		 ttl;
 	ans_t		 answer = {0};
 	int		 answer_len = 0;
 
@@ -386,8 +392,10 @@ resolv_decode(void)
 	hp = (HEADER *)&answer.hdr;
 	eom = (uchar_t *)(buf + answer_len);
 	if (hp->rcode !=  NOERROR) {
-		IDMAP_DBG("errno: %s", strerror(errno), NULL);
-		IDMAP_DBG("h_errno: %s", hstrerror(h_errno), NULL);
+#ifdef	DEBUG
+		syslog(LOG_ERR, "errno: %s", strerror(errno));
+		syslog(LOG_ERR, "h_errno: %s", hstrerror(h_errno));
+#endif
 		return;
 	}
 	qd_cnt = ntohs(hp->qdcount);
@@ -403,7 +411,9 @@ resolv_decode(void)
 	while (qd_cnt-- > 0) {
 		n = dn_skipname(p, eom);
 		if (n < 0) {
-			IDMAP_DBG("%s", strerror(errno), NULL);
+#ifdef	DEBUG
+			syslog(LOG_ERR, "%s", strerror(errno));
+#endif
 			return;
 		}
 		p += n;
@@ -423,7 +433,7 @@ resolv_decode(void)
 		(void) resolv_error();
 		return;
 	}
-	IDMAP_DBG("Query:\t\t%-30s", name, NULL);
+	syslog(LOG_ERR, "Query:\t\t%-30s", name);
 #endif
 
 	/*
@@ -442,10 +452,11 @@ resolv_decode(void)
 		if ((p + 3 * INT16SZ + INT32SZ) > eom)
 			return;
 
-		NS_GET16(type, p);
-		NS_GET16(class, p);
-		NS_GET32(ttl, p);
-		NS_GET16(dlen, p);
+		type = ns_get16(p);
+		p += INT16SZ;
+		p += INT16SZ + INT32SZ;	/* skip class & ttl */
+		dlen = ns_get16(p);
+		p += INT16SZ;
 
 		if ((p + dlen) > eom)
 			return;
@@ -491,16 +502,57 @@ resolv_get_txt_data()
 {
 	(void) rw_rdlock(&s_dns_impl_lock);
 	if (s_txt_rr[0] != '\0') {
-		(void) rw_wrlock(&dns_data_lock);
+		(void) rw_wrlock(&s_dns_data_lock);
 		(void) snprintf(dns_txt_domain, strlen(s_txt_rr) + 1, "%s",
 								s_txt_rr);
 		dns_txt_domain_len = strlen(dns_txt_domain);
 		dns_txt_cached = 1;
-		(void) rw_unlock(&dns_data_lock);
+		(void) rw_unlock(&s_dns_data_lock);
 	}
 	(void) rw_unlock(&s_dns_impl_lock);
 }
 
+static void
+domain_sync(cb_t *argp, char *dname)
+{
+	int	dlen = 0;
+	void	*(*fcn)(void *) = NULL;
+	int	sighup = 0;
+	int	domchg = 0;
+
+	/*
+	 * Make sure values passed are sane and initialize accordingly.
+	 */
+	if (dname != NULL)
+		dlen = strlen(dname);
+	if (argp) {
+		if (argp->fcn)
+			fcn = argp->fcn;
+		if (argp->signal)
+			sighup = argp->signal;
+	}
+
+	/*
+	 * Update the library's mapid_domain variable if 'dname' is different.
+	 */
+	if (dlen != 0 && strncasecmp(dname, mapid_domain, NS_MAXCDNAME)) {
+		(void) rw_wrlock(&mapid_domain_lock);
+		(void) strncpy(mapid_domain, dname, NS_MAXCDNAME);
+		mapid_domain_len = dlen;
+		(void) rw_unlock(&mapid_domain_lock);
+		domchg++;
+	}
+
+	/*
+	 * If the caller gave us a valid callback routine, we
+	 * instantiate it to announce the domain change, but
+	 * only if either the domain changed _or_ the caller
+	 * was issued a SIGHUP.
+	 */
+	if (fcn != NULL && (sighup || domchg))
+		(void) fcn((void *)mapid_domain);
+}
+
 /*
  * Thread to keep pinging  DNS  server for  TXT  record if nfsmapid's
  * initial attempt at contact with server failed. We could potentially
@@ -510,15 +562,16 @@ resolv_get_txt_data()
  * 1 at any one time to keep things from getting out of hand.
  */
 /* ARGSUSED */
-void *
+static void *
 resolv_query_thread(void *arg)
 {
-#ifdef DEBUG
+	unsigned int	 nap_time;
+
+#ifdef	DEBUG
 	char		*whoami = "query_thread";
-#endif
-	uint32_t	 nap_time;
 
-	IDMAP_DBG("query_thread active !", NULL, NULL);
+	syslog(LOG_ERR, "%s active !", whoami);
+#endif
 	(void) rw_rdlock(&s_dns_impl_lock);
 	nap_time = s_dns_tout;
 	(void) rw_unlock(&s_dns_impl_lock);
@@ -529,82 +582,75 @@ resolv_query_thread(void *arg)
 		resolv_txt_reset();
 		(void) resolv_init();
 		switch (resolv_search()) {
-			case NETDB_SUCCESS:
-				IDMAP_DBG("%s: DNS replied", whoami, NULL);
-				resolv_decode();
-				resolv_get_txt_data();
+		case NETDB_SUCCESS:
+			resolv_decode();
+			resolv_get_txt_data();
 
-				/*
-				 * This is a bit different than what we
-				 * do in get_dns_txt_domain(). Here, the
-				 * thread _must_ update the global state
-				 * if a new TXT record was found.
-				 */
-				(void) rw_rdlock(&dns_data_lock);
-				if (dns_txt_domain_len != 0) {
-					/*
-					 * Update global state and only
-					 * flush the cache if there were
-					 * any updates to cur_domain
-					 */
-					(void) rw_wrlock(&domain_cfg_lock);
-					(void) strncpy(cur_domain,
-							dns_txt_domain,
-							DNAMEMAX-1);
-					cur_domain_len = dns_txt_domain_len;
-					update_diag_file(cur_domain);
-					DTRACE_PROBE1(nfsmapid, thread__domain,
-					    cur_domain);
-					(void) rw_unlock(&domain_cfg_lock);
-					idmap_kcall(-1);
-				}
-				(void) rw_unlock(&dns_data_lock);
-				goto thr_okay;
-
-			case NO_DATA:
-				/*
-				 * DNS is up now, but does not have
-				 * the NFSV4IDMAPDOMAIN TXT record.
-				 */
-				IDMAP_DBG("%s: DNS has no TXT Record", whoami,
-				    NULL);
-				goto thr_reset;
+			/*
+			 * This is a bit different than what we
+			 * do in get_dns_txt_domain(), where we
+			 * simply return and let the caller
+			 * access dns_txt_domain directly.
+			 *
+			 * Here we invoke the callback routine
+			 * provided by the caller to the
+			 * mapid_reeval_domain() interface via
+			 * the cb_t's fcn param.
+			 */
+			domain_sync((cb_t *)arg, dns_txt_domain);
+			goto thr_okay;
 
-			case NO_RECOVERY:
-				/*
-				 * Non-Recoverable error occurred. No sense
-				 * in keep pinging the DNS server at this
-				 * point, so we disable any further contact.
-				 */
-				IDMAP_DBG(EMSG_DNS_DISABLE, whoami, NULL);
-				(void) rw_wrlock(&s_dns_impl_lock);
-				s_dns_disabled = TRUE;
-				(void) rw_unlock(&s_dns_impl_lock);
-				goto thr_reset;
+		case NO_DATA:
+			/*
+			 * DNS is up now, but does not have
+			 * the NFSV4IDMAPDOMAIN TXT record.
+			 */
+#ifdef	DEBUG
+			syslog(LOG_ERR, "%s: DNS has no TXT Record", whoami);
+#endif
+			goto thr_reset;
 
-			case HOST_NOT_FOUND:
-				/*
-				 * Authoritative NS not responding...
-				 * keep trying for non-authoritative reply
-				 */
-				/*FALLTHROUGH*/
+		case NO_RECOVERY:
+			/*
+			 * Non-Recoverable error occurred. No sense
+			 * in keep pinging the DNS server at this
+			 * point, so we disable any further contact.
+			 */
+#ifdef	DEBUG
+			syslog(LOG_ERR, EMSG_DNS_DISABLE, whoami);
+#endif
+			(void) rw_wrlock(&s_dns_impl_lock);
+			s_dns_disabled = TRUE;
+			(void) rw_unlock(&s_dns_impl_lock);
+			goto thr_reset;
 
-			case TRY_AGAIN:
-				/* keep trying */
-				IDMAP_DBG("%s: retrying...", whoami, NULL);
-				break;
+		case HOST_NOT_FOUND:
+			/*
+			 * Authoritative NS not responding...
+			 * keep trying for non-authoritative reply
+			 */
+			/*FALLTHROUGH*/
 
-			case NETDB_INTERNAL:
-			default:
-				IDMAP_DBG("%s: Internal resolver error: %s",
-				    whoami, strerror(errno));
-				goto thr_reset;
+		case TRY_AGAIN:
+			/* keep trying */
+#ifdef	DEBUG
+			syslog(LOG_ERR, "%s: retrying...", whoami);
+#endif
+			break;
+
+		case NETDB_INTERNAL:
+		default:
+#ifdef	DEBUG
+			syslog(LOG_ERR, "%s: Internal resolver error: %s",
+			    whoami, strerror(errno));
+#endif
+			goto thr_reset;
 		}
 	}
 thr_reset:
-	(void) rw_wrlock(&dns_data_lock);
+	(void) rw_wrlock(&s_dns_data_lock);
 	dns_txt_cached = 0;
-	(void) rw_unlock(&dns_data_lock);
+	(void) rw_unlock(&s_dns_data_lock);
 	resolv_txt_reset();
 
 thr_okay:
@@ -646,11 +692,11 @@ thr_okay:
  *   amount of clients hammering on the same DNS server attempting to get
  *   the TXT record.
  */
-void
-get_dns_txt_domain(int sighup)
+static void
+get_dns_txt_domain(cb_t *argp)
 {
 	int		err;
-#ifdef DEBUG
+#ifdef	DEBUG
 	static uint64_t	msg_done = 0;
 	char		*whoami = "get_dns_txt_domain";
 #endif
@@ -666,10 +712,10 @@ get_dns_txt_domain(int sighup)
 	 * comment atop resolv_txt_reset). If we're responding to
 	 * a SIGHUP signal, force a reset of the cached copy.
 	 */
-	if (sighup) {
-		(void) rw_wrlock(&dns_data_lock);
+	if (argp && argp->signal) {
+		(void) rw_wrlock(&s_dns_data_lock);
 		dns_txt_cached = 0;
-		(void) rw_unlock(&dns_data_lock);
+		(void) rw_unlock(&s_dns_data_lock);
 	}
 	resolv_txt_reset();
 
@@ -691,7 +737,9 @@ get_dns_txt_domain(int sighup)
 		 * we have stopped querying DNS entirely. See
 		 * NO_RECOVERY clause below.
 		 */
-		IDMAP_DBG("%s: DNS queries disabled", whoami, NULL);
+#ifdef	DEBUG
+		syslog(LOG_ERR, "%s: DNS queries disabled", whoami);
+#endif
 		(void) rw_unlock(&s_dns_impl_lock);
 		return;
 	}
@@ -699,74 +747,432 @@ get_dns_txt_domain(int sighup)
 
 	(void) resolv_init();
 	switch (resolv_search()) {
-		case NETDB_SUCCESS:
+	case NETDB_SUCCESS:
+		/*
+		 * If there _is_ a TXT record, we let
+		 * our caller set the global state.
+		 */
+		resolv_decode();
+		resolv_get_txt_data();
+		return;
+
+	case TRY_AGAIN:
+		if (argp == NULL || argp->fcn == NULL)
 			/*
-			 * If there _is_ a TXT record, we let
-			 * our caller set the global state.
+			 * If no valid argument was passed or
+			 * callback defined, don't fire thread
 			 */
-			resolv_decode();
-			resolv_get_txt_data();
 			return;
 
-		case TRY_AGAIN:
-			(void) rw_wrlock(&s_dns_impl_lock);
-			if (s_dns_qthr_created) {
-				/*
-				 * We may have lots of clients, so we don't
-				 * want to bog down the DNS server with tons
-				 * of requests... lest it becomes even more
-				 * unresponsive, so limit 1 thread to query
-				 * DNS at a time.
-				 */
-				IDMAP_DBG("%s: query thread already active",
-				    whoami, NULL);
-				(void) rw_unlock(&s_dns_impl_lock);
-				return;
-			}
-
+		(void) rw_wrlock(&s_dns_impl_lock);
+		if (s_dns_qthr_created) {
 			/*
-			 * DNS did not respond ! Set timeout and kick off
-			 * thread to try op again after s_dns_tout seconds.
-			 * We've made sure that we don't have an already
-			 * running thread above.
+			 * We may have lots of clients, so we don't
+			 * want to bog down the DNS server with tons
+			 * of requests... lest it becomes even more
+			 * unresponsive, so limit 1 thread to query
+			 * DNS at a time.
 			 */
-			s_dns_tout = NFSMAPID_DNS_TOUT_SECS;
-			err = thr_create(NULL, 0, resolv_query_thread, NULL,
-			    thr_flags, &s_dns_qthread);
-			if (!err) {
-				s_dns_qthr_created = TRUE;
-			}
-#ifdef DEBUG
-			else {
-				msg_done++;
-				if (!(msg_done % NFSMAPID_SLOG_RATE))
-					IDMAP_DBG(EMSG_DNS_THREAD_ERROR, NULL,
-					    NULL);
-			}
+#ifdef	DEBUG
+			syslog(LOG_ERR, "%s: query thread already active",
+			    whoami);
 #endif
 			(void) rw_unlock(&s_dns_impl_lock);
-			return;
+				return;
+		}
 
-		case NO_RECOVERY:
-			IDMAP_DBG(EMSG_DNS_DISABLE, whoami, NULL);
-			(void) rw_wrlock(&s_dns_impl_lock);
-			s_dns_disabled = TRUE;
-			(void) rw_unlock(&s_dns_impl_lock);
+		/*
+		 * DNS did not respond ! Set timeout and kick off
+		 * thread to try op again after s_dns_tout seconds.
+		 * We've made sure that we don't have an already
+		 * running thread above.
+		 */
+		s_dns_tout = NFSMAPID_DNS_TOUT_SECS;
+		err = thr_create(NULL, 0, resolv_query_thread, (void *)argp,
+		    thr_flags, &s_dns_qthread);
+		if (!err) {
+			s_dns_qthr_created = TRUE;
+		}
+#ifdef DEBUG
+		else {
+			msg_done++;
+			if (!(msg_done % NFSMAPID_SLOG_RATE))
+				syslog(LOG_ERR, EMSG_DNS_THREAD_ERROR);
+		}
+#endif
+		(void) rw_unlock(&s_dns_impl_lock);
+		return;
 
-			/*FALLTHROUGH*/
-		default:
-			/*
-			 * For any other errors... DNS is responding, but
-			 * either it has no data, or some other problem is
-			 * occuring. At any rate, the TXT domain should not
-			 * be used, so we default to the DNS domain.
-			 */
-			break;
+	case NO_RECOVERY:
+#ifdef	DEBUG
+		syslog(LOG_ERR, EMSG_DNS_DISABLE, whoami);
+#endif
+		(void) rw_wrlock(&s_dns_impl_lock);
+		s_dns_disabled = TRUE;
+		(void) rw_unlock(&s_dns_impl_lock);
+
+		/*FALLTHROUGH*/
+
+	default:
+		/*
+		 * For any other errors... DNS is responding, but
+		 * either it has no data, or some other problem is
+		 * occuring. At any rate, the TXT domain should not
+		 * be used, so we default to the DNS domain.
+		 */
+		break;
 	}
 
 txtclear:
-	(void) rw_wrlock(&dns_data_lock);
+	(void) rw_wrlock(&s_dns_data_lock);
 	dns_txt_cached = 0;
-	(void) rw_unlock(&dns_data_lock);
+	(void) rw_unlock(&s_dns_data_lock);
 	resolv_txt_reset();
 }
+
+static int
+get_mtime(const char *fname, timestruc_t *mtim)
+{
+	struct stat st;
+	int err;
+
+	if ((err = stat(fname, &st)) != 0)
+		return (err);
+
+	*mtim = st.st_mtim;
+	return (0);
+}
+
+
+/*
+ * trim_wspace is a destructive interface; it is up to
+ * the caller to save off an original copy if needed.
+ */
+static char *
+trim_wspace(char *dp)
+{
+	char	*r;
+	char	*ndp;
+
+	/*
+	 * Any empty domain is not valid
+	 */
+	if (dp == NULL)
+		return (NULL);
+
+	/*
+	 * Skip leading blanks
+	 */
+	for (ndp = dp; *ndp != '\0'; ndp++) {
+		if (!isspace(*ndp))
+			break;
+	}
+
+	/*
+	 * If we reached the end of the string w/o
+	 * finding a non-blank char, return error
+	 */
+	if (*ndp == '\0')
+		return (NULL);
+
+	/*
+	 * Find next blank in string
+	 */
+	for (r = ndp; *r != '\0'; r++) {
+		if (isspace(*r))
+			break;
+	}
+
+	/*
+	 * No more blanks found, we are done
+	 */
+	if (*r == '\0')
+		return (ndp);
+
+	/*
+	 * Terminate string at blank
+	 */
+	*r++ = '\0';
+
+	/*
+	 * Skip any trailing spaces
+	 */
+	while (*r != '\0') {
+		/*
+		 * If a non-blank is found, it is an
+		 * illegal domain (embedded blanks).
+		 */
+		if (!isspace(*r))
+			return (NULL);
+		r++;
+	}
+	return (ndp);
+}
+
+static void
+get_nfs_domain(void)
+{
+	char		*ndomain;
+	timestruc_t	 ntime;
+
+	/*
+	 * If we can't get stats for the config file, then
+	 * zap the NFS domain info.  If mtime hasn't changed,
+	 * then there's no work to do, so just return.
+	 */
+	if (get_mtime(NFSADMIN, &ntime) != 0) {
+		ZAP_DOMAIN(nfs);
+		return;
+	}
+
+	if (TIMESTRUC_EQ(ntime, nfs_mtime))
+		return;
+
+	/*
+	 * Get NFSMAPID_DOMAIN value from /etc/default/nfs for now.
+	 * Note: defread() returns a ptr to TSD.
+	 */
+	if (defopen(NFSADMIN) == 0) {
+		char	*dp = NULL;
+#ifdef	DEBUG
+		char	*whoami = "get_nfs_domain";
+		char	 orig[NS_MAXCDNAME] = {0};
+#endif
+		ndomain = (char *)defread("NFSMAPID_DOMAIN=");
+		(void) defopen(NULL);
+#ifdef	DEBUG
+		if (ndomain)
+			(void) strncpy(orig, ndomain, NS_MAXCDNAME);
+#endif
+		/*
+		 * NFSMAPID_DOMAIN was set, so it's time for validation. If
+		 * it's okay, then update NFS domain and return. If not,
+		 * bail (syslog in DEBUG). We make nfsmapid more a bit
+		 * more forgiving of trailing and leading white space.
+		 */
+		if ((dp = trim_wspace(ndomain)) != NULL) {
+			if (mapid_stdchk_domain(dp) > 0) {
+				nfs_domain_len = strlen(dp);
+				(void) strncpy(nfs_domain, dp, NS_MAXCDNAME);
+				nfs_domain[NS_MAXCDNAME] = '\0';
+				nfs_mtime = ntime;
+				return;
+			}
+		}
+#ifdef	DEBUG
+		if (orig[0] != '\0') {
+			syslog(LOG_ERR, gettext("%s: Invalid domain name \"%s\""
+				" found in configuration file."), whoami, orig);
+		}
+#endif
+	}
+
+	/*
+	 * So the NFS config file changed but it couldn't be opened or
+	 * it didn't specify NFSMAPID_DOMAIN or it specified an invalid
+	 * NFSMAPID_DOMAIN.  Time to zap current NFS domain info.
+	 */
+	ZAP_DOMAIN(nfs);
+}
+
+static void
+get_dns_domain(void)
+{
+	timestruc_t	 ntime = {0};
+
+	/*
+	 * If we can't get stats for the config file, then
+	 * zap the DNS domain info.  If mtime hasn't changed,
+	 * then there's no work to do, so just return.
+	 */
+	errno = 0;
+	if (get_mtime(_PATH_RESCONF, &ntime) != 0) {
+		switch (errno) {
+			case ENOENT:
+				/*
+				 * The resolver defaults to obtaining the
+				 * domain off of the NIS domainname(1M) if
+				 * /etc/resolv.conf does not exist, so we
+				 * move forward.
+				 */
+				break;
+
+			default:
+				ZAP_DOMAIN(dns);
+				return;
+		}
+	} else if (TIMESTRUC_EQ(ntime, dns_mtime))
+		return;
+
+	/*
+	 * Re-initialize resolver to zap DNS domain from previous
+	 * resolv_init() calls.
+	 */
+	(void) resolv_init();
+
+	/*
+	 * Update cached DNS domain.  No need for validation since
+	 * domain comes from resolver.  If resolver doesn't return the
+	 * domain, then zap the DNS domain.  This shouldn't ever happen,
+	 * and if it does, the machine has bigger problems (so no need
+	 * to generate a message that says DNS appears to be broken).
+	 */
+	(void) rw_rdlock(&s_dns_data_lock);
+	if (sysdns_domain[0] != '\0') {
+		(void) strncpy(dns_domain, sysdns_domain, NS_MAXCDNAME);
+		dns_domain_len = strlen(sysdns_domain);
+		(void) rw_unlock(&s_dns_data_lock);
+		dns_mtime = ntime;
+		return;
+	}
+	(void) rw_unlock(&s_dns_data_lock);
+
+	ZAP_DOMAIN(dns);
+}
+
+/*
+ * PSARC 2005/487 Contracted Sun Private Interface
+ * mapid_stdchk_domain()
+ * Changes must be reviewed by Solaris File Sharing
+ * Changes must be communicated to contract-2005-487-01@sun.com
+ *
+ * Based on the recommendations from RFC1033 and RFC1035, check
+ * if a given domain name string is valid. Return values are:
+ *
+ *       1 = valid domain name
+ *       0 = invalid domain name (or invalid embedded character)
+ *      -1 = domain length > NS_MAXCDNAME
+ */
+int
+mapid_stdchk_domain(const char *ds)
+{
+	int	i;
+	size_t	len;
+
+	if (ds[0] == '\0')
+		return (0);
+	else
+		len = strlen(ds) - 1;
+
+	/*
+	 * 1st char _must_ be alphabetic char _AND_ last char _must_
+	 * be alphanumeric. We check for other valid chars below.
+	 */
+	if (!isalpha(ds[0]) || !isalpha(ds[len]) && !isdigit(ds[len]))
+		return (0);
+
+	for (i = 0; *ds && i <= NS_MAXCDNAME; i++, ds++) {
+		if (!isalpha(*ds) && !isdigit(*ds) &&
+		    (*ds != '.') && (*ds != '-') && (*ds != '_'))
+			return (0);
+	}
+	return (i == (NS_MAXCDNAME + 1) ? -1 : 1);
+}
+
+/*
+ * PSARC 2005/487 Consolidation Private
+ * mapid_reeval_domain()
+ * Changes must be reviewed by Solaris File Sharing
+ */
+void
+mapid_reeval_domain(cb_t *arg)
+{
+	char	*domain = NULL;
+
+	get_nfs_domain();
+	if (nfs_domain_len != 0) {
+		domain = nfs_domain;
+		goto dsync;
+	}
+
+	get_dns_txt_domain(arg);
+	if (dns_txt_domain_len != 0)
+		domain = dns_txt_domain;
+	else {
+		/*
+		 * We're either here because:
+		 *
+		 *  . NFSMAPID_DOMAIN was not set in /etc/default/nfs
+		 *  . No suitable DNS TXT resource record exists
+		 *  . DNS server is not responding to requests
+		 *
+		 * in either case, we want to default to using the
+		 * system configured DNS domain. If this fails, then
+		 * dns_domain will be empty and dns_domain_len will
+		 * be 0.
+		 */
+		get_dns_domain();
+		domain = dns_domain;
+	}
+
+dsync:
+	domain_sync(arg, domain);
+}
+
+/*
+ * PSARC 2005/487 Consolidation Private
+ * mapid_get_domain()
+ * Changes must be reviewed by Solaris File Sharing
+ *
+ * The use of TSD in mapid_get_domain() diverges slightly from the typical
+ * TSD use, since here, the benefit of doing TSD is mostly to allocate
+ * a per-thread buffer that will be utilized by other up-calls to the
+ * daemon.
+ *
+ * In doors, the thread used for the upcall never really exits, hence
+ * the typical destructor function defined via thr_keycreate() will
+ * never be called. Thus, we only use TSD to allocate the per-thread
+ * buffer and fill it up w/the configured 'mapid_domain' on each call.
+ * This still alleviates the problem of having the caller free any
+ * malloc'd space.
+ */
+char *
+mapid_get_domain(void)
+{
+	void	*tsd = NULL;
+
+	(void) thr_getspecific(s_thr_key, &tsd);
+	if (tsd == NULL) {
+		tsd = malloc(NS_MAXCDNAME+1);
+		if (tsd != NULL) {
+			(void) rw_rdlock(&mapid_domain_lock);
+			(void) strncpy((char *)tsd, mapid_domain, NS_MAXCDNAME);
+			(void) rw_unlock(&mapid_domain_lock);
+			(void) thr_setspecific(s_thr_key, tsd);
+		}
+	} else {
+		(void) rw_rdlock(&mapid_domain_lock);
+		(void) strncpy((char *)tsd, mapid_domain, NS_MAXCDNAME);
+		(void) rw_unlock(&mapid_domain_lock);
+	}
+	return ((char *)tsd);
+}
+
+/*
+ * PSARC 2005/487 Contracted Sun Private Interface
+ * mapid_derive_domain()
+ * Changes must be reviewed by Solaris File Sharing
+ * Changes must be communicated to contract-2005-487-01@sun.com
+ *
+ * This interface is called solely via sysidnfs4 iff no
+ * NFSMAPID_DOMAIN was found. So, there is no ill effect
+ * of having the reeval function call get_nfs_domain().
+ */
+char *
+mapid_derive_domain(void)
+{
+	cb_t	cb = {0};
+
+	_lib_init();
+	mapid_reeval_domain(&cb);
+	return (mapid_get_domain());
+}
+
+void
+_lib_init(void)
+{
+	(void) resolv_init();
+	(void) rwlock_init(&mapid_domain_lock, USYNC_THREAD, NULL);
+	(void) thr_keycreate(&s_thr_key, NULL);
+	lib_init_done++;
+}
diff --git a/usr/src/lib/libmapid/common/mapid.h b/usr/src/lib/libmapid/common/mapid.h
new file mode 100644
index 0000000000..893d1c5fec
--- /dev/null
+++ b/usr/src/lib/libmapid/common/mapid.h
@@ -0,0 +1,224 @@
+/*
+ * CDDL HEADER START
+ *
+ * The contents of this file are subject to the terms of the
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
+ *
+ * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+ * or http://www.opensolaris.org/os/licensing.
+ * See the License for the specific language governing permissions
+ * and limitations under the License.
+ *
+ * When distributing Covered Code, include this CDDL HEADER in each
+ * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+ * If applicable, add the following below this CDDL HEADER, with the
+ * fields enclosed by brackets "[]" replaced with your own identifying
+ * information: Portions Copyright [yyyy] [name of copyright owner]
+ *
+ * CDDL HEADER END
+ */
+/*
+ * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
+
+#ifndef	_MAPID_H
+#define	_MAPID_H
+
+#pragma ident	"%Z%%M%	%I%	%E% SMI"
+
+#ifdef	__cplusplus
+extern "C" {
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <strings.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <rpc/types.h>
+#include <netinet/in.h>
+#include <arpa/nameser.h>
+#include <resolv.h>
+#include <netdb.h>
+#include <errno.h>
+#include <ctype.h>
+#include <sys/socket.h>
+#include <arpa/inet.h>
+#include <assert.h>
+#include <synch.h>
+#include <syslog.h>
+#include <locale.h>
+#include <thread.h>
+#include <deflt.h>
+#include <nfs/nfs4.h>
+
+#define	DNAMEMAX			(NS_MAXCDNAME + 1)
+
+typedef struct {
+	void	*(*fcn)(void *);
+	int	 signal;
+} cb_t;
+
+#ifdef	__LIBMAPID_IMPL
+
+/*
+ * Error Messages
+ */
+#define	EMSG_NETDB_INTERNAL	"Internal Resolver Error: %s"
+
+#define	EMSG_TRY_AGAIN		"\"%s\" DNS nameserver(s) not responding" \
+				"...\tRetrying"
+
+#define	EMSG_NO_RECOVERY	"Unrecoverable Resolver Error: %s"
+
+#define	EMSG_HOST_NOT_FOUND	"Authoritative nameserver unresponsive " \
+				"to queries for domain \"%s\""
+
+#define	EMSG_NO_DATA		"\"%s\" DNS TXT record not found: "\
+				"Defaulting to \"%s\""
+
+#define	EMSG_DNS_THREAD_ERROR	"Unable to create DNS query thread"
+
+#define	EMSG_DNS_DISABLE	"%s: Further DNS queries disabled !"
+
+#define	EMSG_DNS_RR_INVAL	"\"%s\" Invalid DNS TXT record: "\
+				"Defaulting to \"%s\""
+
+/*
+ * DNS related info
+ */
+#define	NFSMAPID_DNS_RR			"_nfsv4idmapdomain"
+#define	NFSMAPID_DNS_TOUT_SECS		(30LL)
+#define	NFSMAPID_SLOG_RATE		20	/* ~10 mins */
+
+#define	NS_ERRS				6	/* netdb.h */
+
+typedef union {
+	HEADER	hdr;
+	uchar_t	buf[PACKETSZ];
+} ans_t;
+
+/*
+ * NOTE: All s_ prefixed variables are only to be used by the DNS
+ *       feature implementation (mapid.c). The exported globals
+ *	 (ie. seen by nfsmapid.c/nfsmapid_server.c) are the
+ *       dns_ prefixed variables along with sysdns_domain.
+ */
+static ans_t			 s_ans;
+static int			 s_anslen;
+static char			 s_dname[DNAMEMAX] = {0};
+static char			 s_txt_rr[DNAMEMAX] = {0};
+
+static rwlock_t			 s_dns_data_lock = DEFAULTRWLOCK;
+static rwlock_t			 s_dns_impl_lock = DEFAULTRWLOCK;
+static mutex_t			 s_res_lock = ERRORCHECKMUTEX;
+static uint32_t			 s_dns_tout = 0;
+static thread_t			 s_dns_qthread;
+static bool_t			 s_dns_qthr_created = FALSE;
+static bool_t			 s_dns_disabled = FALSE;
+static struct __res_state	 s_res = {0};
+static thread_key_t		 s_thr_key;
+int				 lib_init_done = 0;
+
+static int			 resolv_init(void);
+static void			 resolv_decode(void);
+static int			 resolv_error(void);
+static void			 resolv_get_txt_data(void);
+static void			 resolv_txt_reset(void);
+static void			 resolve_process_txt(uchar_t *, int);
+static int			 resolv_search(void);
+static uchar_t			*resolv_skip_rr(uchar_t *, uchar_t *);
+static void			 domain_sync(cb_t *, char *);
+static int			 get_mtime(const char *, timestruc_t *);
+static void			 get_nfs_domain(void);
+static void			 get_dns_domain(void);
+static void			 get_dns_txt_domain(cb_t *);
+void				 _lib_init(void);
+
+#ifdef	DEBUG
+bool_t				 nfsmapid_debug = FALSE;
+#endif	/* DEBUG */
+
+/*
+ * mapid_domain_lock:	rwlock used to serialize access/changes
+ *			to the library's mapid_domain global var.
+ *
+ * mapid_domain:	Library variable used to store the current
+ *			domain configured for use in decoding/encoding
+ *			outbound and inbound attr strings, accordingly.
+ *
+ * nfs_domain:		If /etc/default/nfs NFSMAPID_DOMAIN var
+ *			has been set, nfs_domain will hold this
+ *			value for the duration of the instance;
+ *			If the value ever changes, the change is
+ *			detected via the use of nfs_mtime and
+ *			nfs_domain is updated accordingly.
+ *
+ * dns_domain:		If the system's resolver (/etc/resolv.conf)
+ *			has been configured, dns_domain will hold
+ *			the configured DNS domain as reported by the
+ *			res_ninit() resolver interface. If the system's
+ *			/etc/resolv.conf file is updated, the change
+ *			is detected via the use of dns_mtime and
+ *			dns_domain is updated accordingly.
+ */
+rwlock_t			mapid_domain_lock = DEFAULTRWLOCK;
+uint32_t			mapid_domain_len = 0;
+char				mapid_domain[DNAMEMAX] = {0};
+
+timestruc_t			nfs_mtime = {0};
+uint32_t			nfs_domain_len = 0;
+char				nfs_domain[DNAMEMAX] = {0};
+
+timestruc_t			dns_mtime = {0};
+uint32_t			dns_domain_len = 0;
+char				dns_domain[DNAMEMAX] = {0};
+
+int				dns_txt_cached = 0;
+uint32_t			dns_txt_domain_len = 0;
+char				dns_txt_domain[DNAMEMAX] = {0};
+char				sysdns_domain[DNAMEMAX] = {0};
+
+timestruc_t			zapped_mtime = {0};
+
+#define	ZAP_DOMAIN(which)			\
+	{					\
+		bzero(which##_domain, DNAMEMAX);\
+		which##_domain_len = 0;		\
+		which##_mtime = zapped_mtime;	\
+	}
+
+#define	TIMESTRUC_EQ(a, b)			\
+		(((a).tv_sec == (b).tv_sec) &&	\
+		((a).tv_nsec == (b).tv_nsec))
+
+
+
+#endif	/* __LIBMAPID_IMPL */
+
+/*
+ * PSARC 2005/487 Consolidation Private Interfaces
+ * mapid_reeval_domain(), mapid_get_domain()
+ * Changes must be reviewed by Solaris File Sharing
+ */
+extern void			 mapid_reeval_domain(cb_t *);
+extern char			*mapid_get_domain(void);
+
+/*
+ * PSARC 2005/487 Contracted Sun Private Interface
+ * mapid_derive_domain(), mapid_stdchk_domain()
+ * Changes must be reviewed by Solaris File Sharing
+ * Changes must be communicated to contract-2005-487-01@sun.com
+ */
+extern int			 mapid_stdchk_domain(const char *);
+extern char			*mapid_derive_domain(void);
+
+#ifdef	__cplusplus
+}
+#endif
+
+#endif	/* _MAPID_H */
diff --git a/usr/src/lib/libmapid/i386/Makefile b/usr/src/lib/libmapid/i386/Makefile
new file mode 100644
index 0000000000..1d805b65d8
--- /dev/null
+++ b/usr/src/lib/libmapid/i386/Makefile
@@ -0,0 +1,31 @@
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+#
+# Copyright 2006 Sun Microsystems, Inc.
+# All rights reserved.  Use is subject to license terms.
+#
+# ident	"%Z%%M%	%I%	%E% SMI"
+#
+include ../Makefile.com
+
+all: $(LIBS)
+
+install: all $(ROOTLIBS) $(ROOTLINKS) $(ROOTLINT) $(ROOTSLINK32)
diff --git a/usr/src/lib/libmapid/sparc/Makefile b/usr/src/lib/libmapid/sparc/Makefile
new file mode 100644
index 0000000000..1d805b65d8
--- /dev/null
+++ b/usr/src/lib/libmapid/sparc/Makefile
@@ -0,0 +1,31 @@
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+#
+# Copyright 2006 Sun Microsystems, Inc.
+# All rights reserved.  Use is subject to license terms.
+#
+# ident	"%Z%%M%	%I%	%E% SMI"
+#
+include ../Makefile.com
+
+all: $(LIBS)
+
+install: all $(ROOTLIBS) $(ROOTLINKS) $(ROOTLINT) $(ROOTSLINK32)
diff --git a/usr/src/lib/libmapid/spec/Makefile b/usr/src/lib/libmapid/spec/Makefile
new file mode 100644
index 0000000000..17689ea886
--- /dev/null
+++ b/usr/src/lib/libmapid/spec/Makefile
@@ -0,0 +1,55 @@
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+#
+# Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+# Use is subject to license terms.
+#
+# ident	"%Z%%M%	%I%	%E% SMI"
+#
+
+#
+# As per $(SRC)/lib/README.Makefiles, this could've been as easy as
+#
+#include	$(SRC)/lib/Makefile.spec.arch
+#
+# ... but we don't want/need to deliver 64 bit libraries; thus we need
+# to override the inclusion of the Makefile and build only the targets
+# for $(MACH) instead of $(MACH)_ARCHITECTURES
+#
+all		:=	TARGET= all
+install		:=	TARGET= install
+clean		:=	TARGET= clean
+clobber		:=	TARGET= clobber
+lint		:=	TARGET= lint
+
+.KEEP_STATE:
+
+all install clean clobber: $(MACH)
+
+$(MACH): FRC
+	@cd $@; pwd; $(MAKE) $(TARGET)
+
+IGNORE=		_msg catalog install_h delete \
+		package tcov debug private_h \
+		check analyse test dynamic lint
+$(IGNORE):
+
+FRC:
diff --git a/usr/src/lib/libmapid/spec/Makefile.targ b/usr/src/lib/libmapid/spec/Makefile.targ
new file mode 100644
index 0000000000..f8d074e5dc
--- /dev/null
+++ b/usr/src/lib/libmapid/spec/Makefile.targ
@@ -0,0 +1,30 @@
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+#
+# Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+# Use is subject to license terms.
+#
+# ident	"%Z%%M%	%I%	%E% SMI"
+#
+LIBRARY	=	libmapid.a
+VERS	=	.1
+OBJECTS	=	mapid.o
+SPECCPP =
diff --git a/usr/src/lib/libmapid/spec/i386/Makefile b/usr/src/lib/libmapid/spec/i386/Makefile
new file mode 100644
index 0000000000..eea4352b2d
--- /dev/null
+++ b/usr/src/lib/libmapid/spec/i386/Makefile
@@ -0,0 +1,39 @@
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+#
+# Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+# Use is subject to license terms.
+#
+# ident	"%Z%%M%	%I%	%E% SMI"
+#
+
+.KEEP_STATE:
+
+include	../Makefile.targ
+
+# Add arch specific objects here
+OBJECTS	+=
+
+include	$(SRC)/lib/Makefile.lib
+
+include	$(SRC)/lib/Makefile.spec
+
+install: $(ROOTABILIB)
diff --git a/usr/src/lib/libmapid/spec/mapid.spec b/usr/src/lib/libmapid/spec/mapid.spec
new file mode 100644
index 0000000000..b5176dc047
--- /dev/null
+++ b/usr/src/lib/libmapid/spec/mapid.spec
@@ -0,0 +1,51 @@
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+#
+# Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+# Use is subject to license terms.
+#
+# ident	"%Z%%M%	%I%	%E% SMI"
+#
+# $(SRC)/lib/libmapid/spec/mapid.spec
+
+function	mapid_stdchk_domain
+include         <nfs/mapid.h>
+declaration	int mapid_stdchk_domain(const char *)
+version		SUNWprivate_1.1
+end		
+
+function	mapid_get_domain
+include         <nfs/mapid.h>
+declaration	char *mapid_get_domain(void)
+version		SUNWprivate_1.1
+end		
+
+function	mapid_reeval_domain
+include         <nfs/mapid.h>
+declaration	void mapid_reeval_domain(cb_t *)
+version		SUNWprivate_1.1
+end		
+
+function	mapid_derive_domain
+include         <nfs/mapid.h>
+declaration	char *mapid_derive_domain(void)
+version		SUNWprivate_1.1
+end		
diff --git a/usr/src/lib/libmapid/spec/sparc/Makefile b/usr/src/lib/libmapid/spec/sparc/Makefile
new file mode 100644
index 0000000000..eea4352b2d
--- /dev/null
+++ b/usr/src/lib/libmapid/spec/sparc/Makefile
@@ -0,0 +1,39 @@
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+#
+# Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+# Use is subject to license terms.
+#
+# ident	"%Z%%M%	%I%	%E% SMI"
+#
+
+.KEEP_STATE:
+
+include	../Makefile.targ
+
+# Add arch specific objects here
+OBJECTS	+=
+
+include	$(SRC)/lib/Makefile.lib
+
+include	$(SRC)/lib/Makefile.spec
+
+install: $(ROOTABILIB)
diff --git a/usr/src/lib/libmapid/spec/versions b/usr/src/lib/libmapid/spec/versions
new file mode 100644
index 0000000000..08681460bf
--- /dev/null
+++ b/usr/src/lib/libmapid/spec/versions
@@ -0,0 +1,33 @@
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+#
+# Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+# Use is subject to license terms.
+#
+# ident	"%Z%%M%	%I%	%E% SMI"
+#
+
+sparc {
+	SUNWprivate_1.1;
+}
+i386 {
+	SUNWprivate_1.1;
+}
diff --git a/usr/src/pkgdefs/SUNWhea/prototype_com b/usr/src/pkgdefs/SUNWhea/prototype_com
index dd13eff509..5ec6205650 100644
--- a/usr/src/pkgdefs/SUNWhea/prototype_com
+++ b/usr/src/pkgdefs/SUNWhea/prototype_com
@@ -273,6 +273,7 @@ f none usr/include/nfs/lm.h 644 root bin
 f none usr/include/nfs/lm_impl.h 644 root bin
 f none usr/include/nfs/lm_nlm.h 644 root bin
 f none usr/include/nfs/lm_server.h 644 root bin
+f none usr/include/nfs/mapid.h 644 root bin
 f none usr/include/nfs/mount.h 644 root bin
 f none usr/include/nfs/nfs.h 644 root bin
 f none usr/include/nfs/nfs4.h 644 root bin
diff --git a/usr/src/pkgdefs/SUNWnfscu/prototype_com b/usr/src/pkgdefs/SUNWnfscu/prototype_com
index bf54fe0b27..78728e32f9 100644
--- a/usr/src/pkgdefs/SUNWnfscu/prototype_com
+++ b/usr/src/pkgdefs/SUNWnfscu/prototype_com
@@ -2,9 +2,8 @@
 # CDDL HEADER START
 #
 # The contents of this file are subject to the terms of the
-# Common Development and Distribution License, Version 1.0 only
-# (the "License").  You may not use this file except in compliance
-# with the License.
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
 #
 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 # or http://www.opensolaris.org/os/licensing.
@@ -20,7 +19,7 @@
 # CDDL HEADER END
 #
 #
-# Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
+# Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
 #pragma ident	"%Z%%M%	%I%	%E% SMI"
@@ -40,7 +39,6 @@ i pkginfo
 i copyright
 i depend
 i preremove
-i postinstall
 #
 # source locations relative to the prototype file
 #
@@ -60,10 +58,14 @@ f none usr/lib/fs/nfs/showmount 555 root bin
 f none usr/lib/fs/nfs/umount 555 root bin
 f none usr/lib/fs/nfs/nfsfind 555 root sys
 d none usr/lib/nfs 755 root sys
+s none usr/lib/nfs/32=.
 f none usr/lib/nfs/lockd 555 root bin
 f none usr/lib/nfs/statd 555 root bin
 f none usr/lib/nfs/nfsmapid 555 root bin
 f none usr/lib/nfs/nfs4cbd 555 root bin
+f none usr/lib/nfs/libmapid.so.1 755 root bin
+s none usr/lib/nfs/libmapid.so=libmapid.so.1
+f none usr/lib/nfs/llib-lmapid 644 root bin
+f none usr/lib/nfs/llib-lmapid.ln 644 root bin
 d none usr/sbin 755 root bin
 s none usr/sbin/showmount=../lib/fs/nfs/showmount
-f none usr/sbin/sysidnfs4 555 root sys