xref: /illumos-gate/usr/src/man/man3sasl/sasl_authorize_t.3sasl (revision b8052df9f609edb713f6828c9eecc3d7be19dfb3)
te
Copyright (C) 1998-2003, Carnegie Mellon Univeristy. All Rights Reserved.
Portions Copyright (C) 2003, Sun Microsystems, Inc. All Rights Reserved
The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
SASL_AUTHORIZE_T 3SASL "Oct 27, 2003"
NAME
sasl_authorize_t - the SASL authorization callback
SYNOPSIS

cc [ flag ... ] file ... -lsasl [ library ... ]
#include <sasl/sasl.h>

int sasl_authorize_t(sasl_conn_t *conn, const char *requested_user,
 unsigned alen, const char* auth_identity, unsigned rlen,
 const char *def_realm, unsigned urlen, struct propctx *propctx);
DESCRIPTION

sasl_authorize_t() is a typedef function prototype that defines the interface associated with the SASL_CB_PROXY_POLICY callback.

Use the sasl_authorize_t() interface to check whether the authorized user auth_identity can act as the user requested_user. For example, the user root may want to authenticate with root's credentials but as the user tmartin, with all of tmartin's rights, not root's. A server application should be very careful when it determines which users may proxy as other users.

PARAMETERS
conn

The SASL connection context.

requested_user

The identity or username to authorize. requested_user is null-terminated.

rlen

The length of requested_user.

auth_identity

The identity associated with the secret. auth_identity is null-terminated.

alen

The length of auth_identity.

default_realm

The default user realm as passed to sasl_server_new(3SASL).

ulren

The length of the default realm

propctx

Auxiliary properties

RETURN VALUES

Like other SASL callback functions, sasl_authorize_t() returns an integer that corresponds to a SASL error code. See <sasl.h> for a complete list of SASL error codes.

ERRORS
SASL_OK

The call to sasl_authorize_t() was successful.

See sasl_errors(3SASL) for information on SASL error codes.

ATTRIBUTES

See attributes(7) for descriptions of the following attributes:

ATTRIBUTE TYPE ATTRIBUTE VALUE
Interface Stability Evolving
MT-Level MT-Safe
SEE ALSO

sasl_errors (3SASL), sasl_server_new (3SASL), attributes (7)