--- a/usr/src/cmd/auto-install/auto_install.c	Fri Feb 06 15:55:49 2009 -0700
+++ b/usr/src/cmd/auto-install/auto_install.c	Sun Feb 08 14:14:29 2009 -0700
@@ -567,7 +567,7 @@
 	}
 
 	if (nvlist_add_string(install_attr, OM_ATTR_ROOT_PASSWORD,
-	    strdup(om_encrypt_passwd(asp.rootpass, "root"))) != 0) {
+	    asp.rootpass) != 0) {
 		nvlist_free(install_attr);
 		auto_debug_print(AUTO_DBGLVL_INFO,
 		    "Setting of OM_ATTR_ROOT_PASSWORD failed\n");
@@ -575,7 +575,7 @@
 	}
 
 	if (nvlist_add_string(install_attr, OM_ATTR_USER_NAME,
-	    asp.userdesc) != 0) {
+	    asp.username) != 0) {
 		nvlist_free(install_attr);
 		auto_debug_print(AUTO_DBGLVL_INFO,
 		    "Setting of OM_ATTR_USER_NAME failed\n");
@@ -583,7 +583,7 @@
 	}
 
 	if (nvlist_add_string(install_attr, OM_ATTR_USER_PASSWORD,
-	    strdup(om_encrypt_passwd(asp.userpass, asp.username))) != 0) {
+	    asp.userpass) != 0) {
 		nvlist_free(install_attr);
 		auto_debug_print(AUTO_DBGLVL_INFO,
 		    "Setting of OM_ATTR_USER_PASSWORD failed\n");
@@ -915,7 +915,7 @@
 	}
 
 	if (nvlist_add_string(install_attr, OM_ATTR_ROOT_PASSWORD,
-	    strdup(om_encrypt_passwd("opensolaris", "root"))) != 0) {
+	    om_encrypt_passwd("opensolaris", "root")) != 0) {
 		nvlist_free(install_attr);
 		auto_debug_print(AUTO_DBGLVL_INFO,
 		    "Setting of OM_ATTR_ROOT_PASSWORD failed\n");
@@ -931,7 +931,7 @@
 	}
 
 	if (nvlist_add_string(install_attr, OM_ATTR_USER_PASSWORD,
-	    strdup(om_encrypt_passwd("ass", "fool"))) != 0) {
+	    om_encrypt_passwd("ass", "fool")) != 0) {
 		nvlist_free(install_attr);
 		auto_debug_print(AUTO_DBGLVL_INFO,
 		    "Setting of OM_ATTR_USER_PASSWORD failed\n");

--- a/usr/src/cmd/auto-install/auto_parse.c	Fri Feb 06 15:55:49 2009 -0700
+++ b/usr/src/cmd/auto-install/auto_parse.c	Sun Feb 08 14:14:29 2009 -0700
@@ -526,6 +526,7 @@
 parse_property(char *str, char *keyword, char *value)
 {
 	char	*token;
+	char	*eol;
 
 	if (str == NULL) {
 		return (NULL);
@@ -534,7 +535,9 @@
 	if (*str == '#') {
 		return (NULL);
 	}
+	strcpy(value, "[not found]"); /* assume failure to parse value */
 
+	eol = str + strlen(str);
 	*keyword = '\0';
 	token = strtok(str, " ");
 
@@ -561,28 +564,42 @@
 		return (AUTO_INSTALL_FAILURE);
 	}
 	while ((token = strtok(NULL, " ")) != NULL) {
-		char	*ptr, *ptr1, *ptr2;
+		char	*pkeyword_value, *pbeg, *pend;
 
-		ptr = strstr(token, KEYWORD_VALUE);
-		if (ptr == NULL) {
+		/* find keyword 'value=<something>' */
+		pkeyword_value = strstr(token, KEYWORD_VALUE);
+		if (pkeyword_value == NULL) {
 			continue;
 		}
-
-		ptr1 = strchr(ptr, '\'');
-		if (ptr1 == NULL) {
-			ptr1 = strchr(ptr, '\"');
-			if (ptr1 == NULL)
+		/* find beginning value delimiter */
+		pbeg = strchr(pkeyword_value, '\'');
+		if (pbeg == NULL) {
+			pbeg = strchr(pkeyword_value, '\"');
+			if (pbeg == NULL) /* no starting delimiter */
 				return (AUTO_INSTALL_FAILURE);
 		}
-		ptr2 = strrchr(ptr, '\"');
-		if (ptr2 == NULL) {
-			ptr2 = strchr(ptr, '\"');
-			if (ptr2 == NULL)
+		if (eol > pbeg + strlen(pbeg)) /* if strtok inserted NULL */
+			*(pbeg + strlen(pbeg)) = ' '; /* restore orig delim */
+		/* find ending value delimiter */
+		pend = strchr(pbeg + 1, *pbeg);
+		if (pend == NULL) /* no ending delimiter */
+			return (AUTO_INSTALL_FAILURE);
+		*pend = '\0';
+		if (strlcpy(value, ++pbeg, VALUE_SIZE) >= VALUE_SIZE) {
+			if (strcmp(keyword, AUTO_PROPERTY_ROOTPASS) == 0 ||
+			    strcmp(keyword, AUTO_PROPERTY_USERPASS) == 0) {
+				auto_debug_print(AUTO_DBGLVL_ERR,
+				    "A password (%s) in the SC manifest is "
+				    "too long (>%d bytes). Shorten password "
+				    "and retry installation.\n",
+				    keyword, VALUE_SIZE);
 				return (AUTO_INSTALL_FAILURE);
+			}
+			auto_debug_print(AUTO_DBGLVL_ERR,
+			    "SC manifest value for %s is too long (>%d bytes) "
+			    "and will be truncated to |%s|\n",
+			    keyword, VALUE_SIZE, pbeg);
 		}
-		ptr1++;
-		*ptr2 = '\0';
-		strlcpy(value, ptr1, VALUE_SIZE);
 		return (AUTO_INSTALL_SUCCESS);
 	}
 	return (AUTO_INSTALL_FAILURE);
@@ -607,7 +624,6 @@
 		auto_log_print(gettext("Profile %s missing\n"), profile_file);
 		return (AUTO_INSTALL_FAILURE);
 	}
-
 	while (fgets(line, sizeof (line), profile_fp) != NULL) {
 		if (strstr(line, SC_PROPVAL_MARKER) != NULL) {
 			ret = parse_property(line, keyword, value);
@@ -615,28 +631,24 @@
 				if (strcmp(keyword, AUTO_PROPERTY_USERNAME)
 				    == 0) {
 					sp->username = strdup(value);
-				}
-				if (strcmp(keyword, AUTO_PROPERTY_USERDESC)
-				    == 0) {
+				} else if (strcmp(keyword,
+				    AUTO_PROPERTY_USERDESC) == 0) {
 					sp->userdesc = strdup(value);
-				}
-				if (strcmp(keyword, AUTO_PROPERTY_USERPASS)
-				    == 0) {
+				} else if (strcmp(keyword,
+				    AUTO_PROPERTY_USERPASS) == 0) {
 					sp->userpass = strdup(value);
-				}
-				if (strcmp(keyword, AUTO_PROPERTY_ROOTPASS)
-				    == 0) {
+				} else if (strcmp(keyword,
+				    AUTO_PROPERTY_ROOTPASS) == 0) {
 					sp->rootpass = strdup(value);
-				}
-				if (strcmp(keyword, AUTO_PROPERTY_TIMEZONE)
-				    == 0) {
+				} else if (strcmp(keyword,
+				    AUTO_PROPERTY_TIMEZONE) == 0) {
 					sp->timezone = strdup(value);
 				}
-			} else {
-				auto_log_print(gettext("Invalid property "
-				    "%s specified in the SC manifest. "
-				    "Ignoring\n"), value);
-			}
+				auto_debug_print(AUTO_DBGLVL_INFO,
+				    "SC manifest keyword=|%s| value=|%s|\n",
+				    keyword, value);
+			} else
+				return (AUTO_INSTALL_FAILURE);
 		}
 	}
 	fclose(profile_fp);

--- a/usr/src/cmd/auto-install/auto_parse_manifest.c	Fri Feb 06 15:55:49 2009 -0700
+++ b/usr/src/cmd/auto-install/auto_parse_manifest.c	Sun Feb 08 14:14:29 2009 -0700
@@ -20,16 +20,16 @@
  */
 
 /*
- * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
 #include <Python.h>
 #include "auto_install.h"
 
-#define AI_PARSE_MANIFEST_SCRIPT "ai_parse_manifest"
-#define AI_CREATE_MANIFESTSERV "ai_create_manifestserv"
-#define AI_LOOKUP_MANIFEST_VALUES "ai_lookup_manifest_values"
+#define	AI_PARSE_MANIFEST_SCRIPT "ai_parse_manifest"
+#define	AI_CREATE_MANIFESTSERV "ai_create_manifestserv"
+#define	AI_LOOKUP_MANIFEST_VALUES "ai_lookup_manifest_values"
 
 /*
  * Python is not able to find the ai_parse_manifest.py module since it
@@ -39,7 +39,8 @@
  * the PYTHONPATH env variable will be set in this library before
  * python is initialized.
  */
-#define	PY_PATH "PYTHONPATH=/usr/lib/python2.4/vendor-packages/osol_install:/usr/lib/python2.4/vendor-packages/osol_install/auto_install"
+#define	PY_PATH "PYTHONPATH=/usr/lib/python2.4/vendor-packages/osol_install:" \
+	"/usr/lib/python2.4/vendor-packages/osol_install/auto_install"
 
 static PyThreadState * mainThreadState = NULL;
 
@@ -65,8 +66,8 @@
 
 	if (!Py_IsInitialized()) {
 		if (putenv(PY_PATH) != 0) {
-			auto_debug_print(AUTO_DBGLVL_INFO , 
-			    "Failed to set PYTHONPATH. Error: %s\n", 
+			auto_debug_print(AUTO_DBGLVL_INFO,
+			    "Failed to set PYTHONPATH. Error: %s\n",
 			    strerror(errno));
 			return (NULL);
 		}
@@ -103,13 +104,13 @@
 		pRet = PyObject_CallObject(pFunc, pArgs);
 		Py_DECREF(pArgs);
 		if (pRet != NULL) {
-			/* 
+			/*
 			 * A reference is getting stolen here.
 			 * We intentionally don't do a DECREF
 			 * so that future calls using this object
 			 * have a valid ManifestServ object to work
 			 * with.
-			 */ 
+			 */
 			rv = pRet;
 		} else {
 			Py_DECREF(pFunc);
@@ -147,7 +148,7 @@
 	PyThreadState	*myThreadState;
 	PyObject 	*item;
 	int		i;
-	char 	 	**rv;
+	char		**rv;
 
 	if (!Py_IsInitialized()) {
 		if (putenv(PY_PATH) != 0) {
@@ -166,8 +167,8 @@
 	pName = PyString_FromString(AI_PARSE_MANIFEST_SCRIPT);
 	if (pName == NULL) {
 		PyErr_Print();
-		auto_debug_print(AUTO_DBGLVL_INFO, "Call failed: %s\n", 
-		    AI_LOOKUP_MANIFEST_VALUES);		  
+		auto_debug_print(AUTO_DBGLVL_INFO, "Call failed: %s\n",
+		    AI_LOOKUP_MANIFEST_VALUES);
 		Py_Finalize();
 		return (NULL);
 	}
@@ -198,29 +199,31 @@
 		 * pArgs because it somehow decrements a
 		 * reference count on the server_obj which
 		 * results in it being garbage collected
-		 */ 
+		 */
 		if (pRet != NULL) {
 			*len = PyList_Size(pRet);
 			/*
 			 * XXX this memory needs to be freed --
 			 * where might that be?
-			 */ 
-			rv = malloc(*len * sizeof (char *));
-			for (i = 0; i < *len; i++) {
-				item = PyList_GetItem(pRet, i);
-				rv[i] = PyString_AsString(item);
-				/*
-				 * We intentionally don't do a DECREF
-				 * on item here because it somehow
-				 * results in the value in rv[i] being
-				 * garbage collected. So, if rv[i] is
-				 * passed as an argument to the transfer
-				 * module it keels over as it tries to
-				 * dereference rv[i]
-				 *
-				 * XXX needs to be investigated longer term
-				Py_DECREF(item);
-				 */
+			 */
+			if (*len > 0) {
+				rv = malloc(*len * sizeof (char *));
+				for (i = 0; i < *len; i++) {
+					item = PyList_GetItem(pRet, i);
+					rv[i] = PyString_AsString(item);
+					/*
+					 * We intentionally don't do a DECREF
+					 * on item here because it somehow
+					 * results in the value in rv[i] being
+					 * garbage collected. So, if rv[i] is
+					 * passed as an argument to the transfer
+					 * module it keels over as it tries to
+					 * dereference rv[i]
+					 *
+					 * XXX needs investigation longer term
+					 * Py_DECREF(item);
+					 */
+				}
 			}
 			Py_DECREF(pRet);
 		} else {
@@ -230,7 +233,7 @@
 			auto_debug_print(AUTO_DBGLVL_INFO, "Call failed: %s\n",
 			    AI_LOOKUP_MANIFEST_VALUES);
 			rv = NULL;
-		}	    
+		}
 	} else {
 		if (PyErr_Occurred())
 			PyErr_Print();
@@ -247,11 +250,10 @@
 /*
  * This function must be called to delete all
  * state created by ai_create_manifestserv
- */ 
-void 
+ */
+void
 ai_destroy_manifestserv(PyObject *server_obj)
 {
 	if (Py_IsInitialized())
 		Py_Finalize();
-}	
-
+}