9c4368e73c
The NFS-over-TLS server daemon (rpc.tlsservd) can optionally replace user credentials in the RPC header with ones derived from a username specified by the form "user@domain", if this exists in the client's X.509 v3 certificate. Specifically, "user@domain" needs to be in the "otherName" component of subjectjAltName, with a unique OID as assigned by this update. This patch adds a subtree for the "otherName" component of subjectAltName in X.509 v3 cerificates and a value for "user@domain" as used by NFS-over-TLS. Reviewed by: phk, gordon Differential Revision: https://reviews.freebsd.org/D26225
98 lines
2.5 KiB
Plaintext
98 lines
2.5 KiB
Plaintext
-- *****************************************************************
|
|
-- This file is in the public domain.
|
|
--
|
|
-- FreeBSD SMI { enterprises 2238 }
|
|
--
|
|
-- $FreeBSD$
|
|
--
|
|
-- *****************************************************************
|
|
|
|
FREEBSD-MIB DEFINITIONS ::= BEGIN
|
|
|
|
IMPORTS
|
|
MODULE-IDENTITY,
|
|
OBJECT-IDENTITY,
|
|
enterprises
|
|
FROM SNMPv2-SMI;
|
|
|
|
freeBSD MODULE-IDENTITY
|
|
LAST-UPDATED "202009032030Z"
|
|
ORGANIZATION "The FreeBSD Project."
|
|
CONTACT-INFO
|
|
"phk@FreeBSD.org is contact person for this file.
|
|
core@FreeBSD.org is the final authority."
|
|
DESCRIPTION
|
|
"The Structure of Management Information for the
|
|
FreeBSD Project enterprise MIB subtree."
|
|
REVISION "202009031900Z"
|
|
DESCRIPTION
|
|
"Added entries for the otherName component of a X.509 cert"
|
|
REVISION "200610310800Z"
|
|
DESCRIPTION
|
|
"Initial version of this MIB module."
|
|
::= { enterprises 2238 } -- assigned by IANA
|
|
|
|
|
|
freeBSDsrc OBJECT-IDENTITY
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Subtree for things which lives in the src tree."
|
|
::= { freeBSD 1 }
|
|
|
|
freeBSDsrcCertOtherName OBJECT-IDENTITY
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Subtree for X.509 Certificate otherName entries"
|
|
::= { freeBSDsrc 1 }
|
|
|
|
--
|
|
-- For NFS over TLS, a user@domain can optionally be handled by rpc.tlsservd
|
|
--
|
|
freeBSDsrcCertNFSuser OBJECT-IDENTITY
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Entry for X.509 Certificate for NFS user@domain name"
|
|
::= { freeBSDsrcCertOtherName 1 }
|
|
|
|
freeBSDports OBJECT-IDENTITY
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Subtree for things which lives in the ports tree."
|
|
::= { freeBSD 2 }
|
|
|
|
freeBSDpeople OBJECT-IDENTITY
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Subtree for FreeBSD people.
|
|
Under this branch any FreeBSD committer may claim
|
|
a subtree. Grab the next sequential oid in the list.
|
|
These assignments are not revoked when committers leave
|
|
the FreeBSD project.
|
|
"
|
|
::= { freeBSD 3 }
|
|
|
|
freeBSDpeoplePhk OBJECT-IDENTITY
|
|
STATUS current DESCRIPTION
|
|
"Subtree for phk@FreeBSD.org"
|
|
::= {freeBSDpeople 1}
|
|
|
|
freeBSDVersion OBJECT-IDENTITY
|
|
STATUS current
|
|
DESCRIPTION
|
|
"Subtree to register FreeBSD versions. The OID for a FreeBSD
|
|
version is formed by appending the dot delimited numbers
|
|
from the release number to this base OID. Examples:
|
|
|
|
5.2.1-STABLE: freeBSDVersion.5.2.1
|
|
6.1-STABLE: freeBSDVersion.6.1
|
|
7.0-CURRENT: freeBSDVersion.7.0
|
|
|
|
There is no indication whether this is STABLE or CURRENT.
|
|
|
|
The sysObjectId is automatically set to the value indicated
|
|
by the uname(3) release field by bsnmpd(1). This initial
|
|
value can be overwritten in the configuration file."
|
|
::= { freeBSD 4 }
|
|
|
|
END
|