|
|
sia_validate_user(3)
Contents
|
sia_validate_user - perform password validation for SIA
(Security Integration Architecture)
#include <sia.h> #include <siad.h>
int sia_validate_user(
sia_collect_func_t *collect,
int argc,
char **argv,
char *hostname,
char *username,
char *tty,
int colinput,
char *gssapi,
char *passphrase );
Standard C library (libc.so and libc.a)
The collect parameter is a pointer to an SIA collection
routine. If this pointer is NULL, no collection is possible.
If the pointer is not NULL and the can_collect_input
parameter entered during the sia_ses_init() call was zero,
then this collection routine cannot be used to prompt for
input, but can be used to display warnings or error messages.
This parameter is read only. The argc and argv
parameters are used by the underlying security mechanisms
for generating audit records and initializing database
accesses. There should always be at least one argument
argv[0] which contains the name of the command or utility
issuing a session initialization. These parameters are
read only. The hostname parameter is used to determine if
the session is being requested by a remote system. If the
request is from a remote system, the hostname parameter
points to a string containing the remote host information.
If information about the requesting remote user is available,
the information is in the form "node::user" for DECnet
or "user@host" for IP. If the remote user information
is not available, the information is the remote "host".
For local requests, this parameter is passed as a NULL
pointer. The username parameter is be set to point to the
name or string representing the requesting user if this
information is available. Otherwise this parameter is set
to NULL. This parameter is read only. The ttyname parameter
is set to point to the name or string representing the
requesting or active tty if this information is available.
Otherwise this parameter is set to NULL. This parameter is
read only. The colinput parameter specifies whether the
collection of input is allowed during this session. A "1"
means yes and "0" means no. This parameter is read only.
The gssapi pointer is for future expansion to utilize
gss_api datatypes. It is not currently used and should be
set to NULL. This parameter is currently read only. The
passphrase parameter provides a precollected password to
the authentication routine. Set this parameter to NULL if
no passphrase has been precollected. This parameter is
read only. Note that some third-party security mechanisms
may fail to validate users when the passphrase has been
pre-collected, since those mechanisms may have timedependent
challenge-response dialogues as an authentication
requirement. If this parameter is NULL, and a collection
routine is provided, and the colinput parameter is
non-zero, the passphrase will be gathered through the collection
routine if required.
The sia_validate_user() routine performs password validation
by calling sia_ses_init(), sia_ses_reauthent(), and
sia_ses_release().
The sia_validate_user() routine returns SIASUCCESS if
sia_ses_init(), sia_ses_reauthent(), and sia_ses_release()
succeed. SIAFAIL is returned if any of the routines fail.
The errno value is not (normally) set explicitly by sia_*
routines. The errno values are those returned from the
dynamic loader interface, from dependent (siad_*) routines,
or from malloc. Possible errors include resource
constraints (no memory) and various authentication failures.
/etc/sia/matrix.conf
sia_ses_reauthent(3), sia_ses_release(3), sia_ses_init(3),
siad_ses_init(3), siad_init(3), matrix.conf(4)
Security
sia_validate_user(3)
[ Back ] |
