Content-type: text/html
Man page of siad_ses_init
siad_ses_init
Section: C Library Functions (3)
Index
Return to Main Contents
NAME
siad_ses_init, siad_ses_authent, siad_ses_suauthent, siad_ses_reauthent, siad_ses_estab, siad_ses_launch, siad_ses_release - SIA session routines (Security Integration Architecture)
LIBRARY
Standard C library (libc.so and libc.a)
SYNOPSIS
#include <sia.h>
#include <siad.h>
int siad_ses_init(
SIAENTITY ** entityhdl);
int siad_ses_authent(
int (*collect)(),
SIAENTITY *entityhdl,
int siastat,
int mechind);
int siad_ses_suauthent(
int (*collect)(),
SIAENTITY *entityhdl,
int siastat,
int mechind);
int siad_ses_reauthent(
int (*collect)(),
SIAENTITY *entityhdl,
int siastat,
int mechind);
int siad_ses_estab(
int (*collect)(),
SIAENTITY *entityhdl,
int siastat,
int mechind);
int siad_ses_launch(
int (*collect)(),
SIAENTITY *entityhdl,
int siastat,
int mechind);
int sia_ses_release(
SIAENTITY **entityhdl,
int mechind);
PARAMETERS
- collect
-
The collect parameter is a pointer to an SIA collection routine.
If this pointer is NULL, no collection is possible.
If the pointer is not NULL and the can_collect_input parameter
entered during the sia_ses_init()
call was zero, then this collection routine cannot be used to prompt
for input but can be used to display warnings or error messages. This parameter is read only.
-
Further input on SIA collection routines is available from the interface
specifications in /usr/include/{sia,siad}.h.
- entityhdl
-
The entityhdl parameter points to the SIAENTITY structure that was
allocated and setup by the previous sia_ses_init() call.
Values in the SIAENTITY structure may be changed by the siad_* routines.
- siastat
-
The siastat parameter is set to SIADFAIL until
at least one security mechanism
has returned a SIADSUCCESS response to sia_ses_authent().
It is then set to SIADSUCCESS.
Security mechanisms use this parameter to determine whether vouching
is possible.
- mechind
-
The mechind parameter is the mechanism index for this call.
This index can be
used to set the mechanism specific data pointer array element in the SIAENTITY
structure pointed to by entityhdl.
DESCRIPTION
siad_ses_init()
This routine is called by sia_ses_init() to initialize a session
with respect to a mechanism. This call is used to check
resources and subsystems associated with a security mechanism.
The siad_ses_init() routine returns SIADFAIL if the security mechanism
cannot initialize a session. Otherwise, SIADSUCCESS is returned.
siad_ses_reauthent()
This routine is called from the sia_ses_reauthent() to
reauthenticate a session with respect to a specific security
mechanism. This processing is typically associated with the
locking or unlocking of a terminal or workstation by a
particular user. The siad_ses_reauthent() routine is
only called after a siad_ses_init()
call to setup the SIAENTITY structure.
siad_ses_authent()
This routine is called by sia_ses_authent() to authenticate a
session with respect to a security mechanism. The current state, success
or fail, is indicated by siastat. The entityhdl pointer is
used to access arguments which have either been collected or
derived from the session processing. The mechanism
index, mechind, is used by each mechanism to determine where in the
sequence of processing the mechanism is configured and which
index is to be used for mechanism specific data area associated
with the SIAENTITY structure. The collect
argument allows the mechanism to prompt the
user for additional information.
Vouching can occur during the sia_ses_authent() processing.
The default local security mechanism, BSD, allows vouching and returns
SIADSUCCESS if siastat is already set to SIADSUCCESS.
(This indicates that
some previously called security mechanism has successfully authenticated
this entity.)
siad_ses_suauthent()
This routine is called from sia_ses_suauthent() to do su
command mechanism dependent processing. Unlike the other session
processing interfaces, generally only one of the mechanisms would
be configured to process the su authentication. However,
multiple mechanisms could be configured to do this processing.
This routine is only called after a siad_ses_init() call has been made
to create the SIAENTITY structure.
siad_ses_estab()
This routine is called by sia_ses_estab() and performs
mechanism-specific processing associated with general resource
and licensing checking. This routine also gathers all the
required context needed to establish a session. For example, the local
security mechanism requires that the struct passwd in the SIAENTITY
structure be completed to successfully establish the session. The local
mechanism may also use this routine to check the system limits
to make sure this session does not exceed the configuration.
siad_ses_launch()
This routine is called from the sia_ses_launch() routine to do
security mechanism specific logging or auditing in preparation
of the session startup. The local security mechanism may have
additional responsibilities such as tty conditioning or
processing for wtmp and utmp.
On the successful return from siad_ses_launch(), the
local security mechanism sets the effective user ID (EUID) to the user
requesting the session.
The local mechanism sets the groups and group ID (GID) using
the setgid() and initgroups() calls.
siad_ses_release()
The siad_ses_release() routine is called by the sia_ses_release()
routine to
release resources associated with the session processing which
is now completed. The security mechanism is responsible for releasing
any allocated memory which is no longer needed by this session.
If a security mechanism has allocated memory pointed to by
the SIAENTITY structure, this memory must be deallocated at this time.
RETURN VALUES
The siad_ses_*() routines return bitmapped values which
indicate the following status:
- SIADSUCCESS
-
Indicates unconditional success. All bits set to 0.
- SIADFAIL
-
Indicates conditional failure. Lowest bit set to 1.
If other security mechanism are in place, continue.
- SIADSTOP
-
Indicates unconditional failure. Do not continue.
Second lowest bit set to 1.
ERRORS
The errno values are those returned from the dynamic loader
interface, from the (siad_*) routines, or from malloc.
Possible errors include resource constraints (no memory) and various
authentication failures.
FILES
/etc/group
/etc/passwd
RELATED INFORMATION
setgid(2), initgroups(3), sia_ses_init(3), matrix.conf(4)
Security
delim off
Index
- NAME
-
- LIBRARY
-
- SYNOPSIS
-
- PARAMETERS
-
- DESCRIPTION
-
- siad_ses_init()
-
- siad_ses_reauthent()
-
- siad_ses_authent()
-
- siad_ses_suauthent()
-
- siad_ses_estab()
-
- siad_ses_launch()
-
- siad_ses_release()
-
- RETURN VALUES
-
- ERRORS
-
- FILES
-
- RELATED INFORMATION
-
This document was created by
man2html,
using the manual pages.
Time: 02:41:35 GMT, October 02, 2010