nsec_map_library(3) DG/UX B2 Security R4.12MU02 nsec_map_library(3)
NAME
nsec_map_library: dg_nsec_map_setup, dg_nsec_map_to_remote,
dg_nsec_map_from_remote, dg_nsec_map_cleanup - manipulate map
attribute representation
SYNOPSIS
#include <sys/dg_tparms.h>
#include <sys/socket.h>
int dg_nsec_map_setup (struct sockaddr_in *peer_addr_ptr,
short local_port,
int type,
void ** info_ptr)
int dg_nsec_map_from_remote (void *info_ptr,
dg_nsec_attr_type *src_attr_p,
dg_nsec_attr_type *dst_attr_p)
int dg_nsec_map_to_remote (void *info_ptr,
dg_nsec_attr_type *src_attr_p,
dg_nsec_attr_type *dst_attr_p)
void dg_nsec_map_cleanup (void **info_ptr)
DESCRIPTION
The nsec_map_library functions transform security attributes from
local representation to network representation and back. Different
systems often use different encoding and representations for the
values of security attributes. For example, one system may use a bit
vector to represent the categories in a MAC label while another
system may keep an array of values.
Attributes can be passed only if both system share a common
representation on the network. These functions translate between
local and network representation. This lets a program determine the
network representation for a local attribute, which the program can
then send to another system. Another function exists to translate
attributes received from another system to the local representation.
dg_nsec_map_setup
This function sets up the context for doing the attribute mapping.
peer_addr_ptr specifies an endpoint on a remote machine that will
likely receive the translated value. local_port specifies the local
port of the endpoint that will send the value. type specifies the
type of the endpoint such as SOCK_STREAM, SOCK_DGRAM, or SOCK_RAW.
info_ptr returns a pointer to information that must be passed to the
mapping functions.
If the translated value will be sent to another machine, the context
should identify the connection to that machine. If the connection
has not yet been established, the local port number may be zero to
only match on remote port number. If the remote port has not been
determined, both the local and remote ports may be zero to use a
default context for the remote machine.
Since the default context may not be the context actually
established, it is better to wait until the session has been created
before calling dg_nsec_map_setup. info_ptr returns information about
this context. ds_nsec_map_setup allocates resources in the process
that can be freed by calling dg_nsec_cleanup.
dg_nsec_map_to_remote
This function translates a local attribute to a network attribute.
The kind field of src_attr specifies what kind of attribute to
translate. This must be a value (such as DG_SEC_MAC_ATTR) defined in
/usr/include/sys/dg_tparm.h.
dg_nsec_map_from_remote
This function translates a network attribute to a local value.
dg_nsec_map_cleanup
This function free's resources allocated by dg_nsec_map_setup.
DIAGNOSTICS
The functions that return an INT return 0 for success. They return a
value less than 0 for failure. On failure, errno is set to one of
the following:
E2BIG result would too big to fit - allocate bigger buffer
ESTALE info too old - do setup again
EINVAL Value to translate couldn't be represented in network
format
ETIMEDOUT mapping server program didn't respond in time
EPROTO protocol error obtaining result
EOPNOTSUPP attribute can't be mapped
SEE ALSO
dn6d(1M), nsec_library(3), dn6(6M).
NOTE
These functions send messages to a mapping server program (dn6d) and
wait for a reply. If an interrupt occurs while waiting for a reply,
the EINTR return code is ignored. A signal handler may use longjmp
to get out of dg_nsec_map_to_remote or dg_nsec_map_from_remote
without upsetting state; your program can then retry the interrupted
call. Using longjmp to exit from the setup or cleanup functions may
leave process resources unaccounted for.
Licensed material--property of copyright holder(s)