Copyright (C) 1998-2003, Carnegie Mellon Univeristy. All Rights Reserved.
Portions Copyright (C) 2003, Sun Microsystems, Inc. All Rights Reserved
The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
cc [ flag ... ] file ... -lsasl [ library ... ] #include <sasl/sasl.h> int sasl_authorize_t(sasl_conn_t *conn, const char *requested_user, unsigned alen, const char* auth_identity, unsigned rlen, const char *def_realm, unsigned urlen, struct propctx *propctx);
sasl_authorize_t() is a typedef function prototype that defines the interface associated with the SASL_CB_PROXY_POLICY callback.
Use the sasl_authorize_t() interface to check whether the authorized user auth_identity can act as the user requested_user. For example, the user root may want to authenticate with root's credentials but as the user tmartin, with all of tmartin's rights, not root's. A server application should be very careful when it determines which users may proxy as other users.
conn
The SASL connection context.
requested_user
The identity or username to authorize. requested_user is null-terminated.
rlen
The length of requested_user.
auth_identity
The identity associated with the secret. auth_identity is null-terminated.
alen
The length of auth_identity.
default_realm
The default user realm as passed to sasl_server_new(3SASL).
ulren
The length of the default realm
propctx
Auxiliary properties
Like other SASL callback functions, sasl_authorize_t() returns an integer that corresponds to a SASL error code. See <sasl.h> for a complete list of SASL error codes.
SASL_OK
The call to sasl_authorize_t() was successful.
See sasl_errors(3SASL) for information on SASL error codes.
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
Interface Stability | Evolving |
MT-Level | MT-Safe |
sasl_errors(3SASL), sasl_server_new(3SASL), attributes(5)