xref: /illumos-gate/usr/src/man/man3sasl/sasl_authorize_t.3sasl (revision a0955b86cd77e22e80846428a5065e871b6d8eb8) 
 te
 Copyright (C) 1998-2003, Carnegie Mellon Univeristy. All Rights Reserved.
 Portions Copyright (C) 2003, Sun Microsystems, Inc. All Rights Reserved
 The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
 You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
 When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
 SASL_AUTHORIZE_T 3SASL "Oct 27, 2003"
 NAME
sasl_authorize_t - the SASL authorization callback

 SYNOPSIS


cc [ flag ... ] file ... -lsasl [ library ... ]
#include <sasl/sasl.h>

int sasl_authorize_t(sasl_conn_t *conn, const char *requested_user,
 unsigned alen, const char* auth_identity, unsigned rlen,
 const char *def_realm, unsigned urlen, struct propctx *propctx);




 DESCRIPTION

sasl_authorize_t() is a typedef function prototype that defines the
interface associated with the SASL_CB_PROXY_POLICY callback.


Use the sasl_authorize_t() interface to check whether the authorized user
auth_identity can act as the user requested_user. For example, the
user root may want to authenticate with root's credentials but as
the user tmartin, with all of tmartin's rights, not root's. A
server application should be very careful when it determines which users may
proxy as other users.

 PARAMETERS
conn


The SASL connection context.



requested_user


The identity or username to authorize. requested_user is null-terminated.



rlen


The length of requested_user.



auth_identity


The identity associated with the secret. auth_identity is
null-terminated.



alen


The length of auth_identity.



default_realm


The default user realm as passed to sasl_server_new(3SASL).



ulren


The length of the default realm



propctx


Auxiliary properties




 RETURN VALUES

Like other SASL callback functions, sasl_authorize_t() returns an integer
that corresponds to a SASL error code. See <sasl.h> for a complete list
of SASL error codes.

 ERRORS
SASL_OK


The call to sasl_authorize_t() was successful.





See sasl_errors(3SASL) for information on SASL error codes.

 ATTRIBUTES

See attributes(5) for descriptions of the following attributes:






ATTRIBUTE TYPE ATTRIBUTE VALUE
Interface Stability Evolving
MT-Level MT-Safe



 SEE ALSO

sasl_errors(3SASL), sasl_server_new(3SASL), attributes(5)