Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ dg_nsec_map_setup(3) — DG/UX R4.11MU05

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

dn6d(1M)

dn6(6M)



nsec_map_library(3)      DG/UX B2 Security R4.12MU02     nsec_map_library(3)


NAME
       nsecmaplibrary: dgnsecmapsetup, dgnsecmaptoremote,
       dgnsecmapfromremote, dgnsecmapcleanup - manipulate map
       attribute representation

SYNOPSIS
       #include <sys/dgtparms.h>
       #include <sys/socket.h>

       int dgnsecmapsetup (struct sockaddrin *peeraddrptr,
                              short              localport,
                              int                type,
                              void               ** infoptr)

       int dgnsecmapfromremote (void *infoptr,
                              dgnsecattrtype  *srcattrp,
                              dgnsecattrtype  *dstattrp)


       int dgnsecmaptoremote (void *infoptr,
                              dgnsecattrtype  *srcattrp,
                              dgnsecattrtype  *dstattrp)


       void dgnsecmapcleanup (void **infoptr)

DESCRIPTION
       The nsecmaplibrary functions transform security attributes from
       local representation to network representation and back.  Different
       systems often use different encoding and representations for the
       values of security attributes.  For example, one system may use a bit
       vector to represent the categories in a MAC label while another
       system may keep an array of values.

       Attributes can be passed only if both system share a common
       representation on the network.  These functions translate between
       local and network representation.  This lets a program determine the
       network representation for a local attribute, which the program can
       then send to another system.  Another function exists to translate
       attributes received from another system to the local representation.

   dgnsecmapsetup
       This function sets up the context for doing the attribute mapping.
       peeraddrptr specifies an endpoint on a remote machine that will
       likely receive the translated value.  localport specifies the local
       port of the endpoint that will send the value.  type specifies the
       type of the endpoint such as SOCKSTREAM, SOCKDGRAM, or SOCKRAW.
       infoptr returns a pointer to information that must be passed to the
       mapping functions.

       If the translated value will be sent to another machine, the context
       should identify the connection to that machine.  If the connection
       has not yet been established, the local port number may be zero to
       only match on remote port number.  If the remote port has not been
       determined, both the local and remote ports may be zero to use a
       default context for the remote machine.

       Since the default context may not be the context actually
       established, it is better to wait until the session has been created
       before calling dgnsecmapsetup.  infoptr returns information about
       this context.  dsnsecmapsetup allocates resources in the process
       that can be freed by calling dgnseccleanup.

   dgnsecmaptoremote
       This function translates a local attribute to a network attribute.
       The kind field of srcattr specifies what kind of attribute to
       translate.  This must be a value (such as DG_SEC_MAC_ATTR) defined in
       /usr/include/sys/dgtparm.h.

   dgnsecmapfromremote
       This function translates a network attribute to a local value.

   dgnsecmapcleanup
       This function free's resources allocated by dgnsecmapsetup.

DIAGNOSTICS
       The functions that return an INT return 0 for success.  They return a
       value less than 0 for failure.  On failure, errno is set to one of
       the following:

       E2BIG       result would too big to fit - allocate bigger buffer

       ESTALE      info too old - do setup again

       EINVAL      Value to translate couldn't be represented in network
                   format

       ETIMEDOUT   mapping server program didn't respond in time

       EPROTO      protocol error obtaining result

       EOPNOTSUPP  attribute can't be mapped

SEE ALSO
       dn6d(1M), nseclibrary(3), dn6(6M).

NOTE
       These functions send messages to a mapping server program (dn6d) and
       wait for a reply.  If an interrupt occurs while waiting for a reply,
       the EINTR return code is ignored.  A signal handler may use longjmp
       to get out of dgnsecmaptoremote or dgnsecmapfromremote
       without upsetting state; your program can then retry the interrupted
       call.  Using longjmp to exit from the setup or cleanup functions may
       leave process resources unaccounted for.


Licensed material--property of copyright holder(s)

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026