sia_validate_user(3)sia_validate_user(3)NAMEsia_validate_user - perform password validation for SIA (Security Inte‐
gration Architecture)
SYNOPSIS
#include <sia.h> #include <siad.h>
int sia_validate_user(
sia_collect_func_t *collect,
int argc,
char **argv,
char *hostname,
char *username,
char *tty,
int colinput,
char *gssapi,
char *passphrase );
LIBRARY
Standard C library (libc.so and libc.a)
PARAMETERS
The collect parameter is a pointer to an SIA collection routine. If
this pointer is NULL, no collection is possible. If the pointer is not
NULL and the can_collect_input parameter entered during the
sia_ses_init() call was zero, then this collection routine cannot be
used to prompt for input, but can be used to display warnings or error
messages. This parameter is read only. The argc and argv parameters
are used by the underlying security mechanisms for generating audit
records and initializing database accesses. There should always be at
least one argument argv[0] which contains the name of the command or
utility issuing a session initialization. These parameters are read
only. The hostname parameter is used to determine if the session is
being requested by a remote system. If the request is from a remote
system, the hostname parameter points to a string containing the remote
host information. If information about the requesting remote user is
available, the information is in the form "node::user" for DECnet or
"user@host" for IP. If the remote user information is not available,
the information is the remote "host". For local requests, this parame‐
ter is passed as a NULL pointer. The username parameter is be set to
point to the name or string representing the requesting user if this
information is available. Otherwise this parameter is set to NULL. This
parameter is read only. The ttyname parameter is set to point to the
name or string representing the requesting or active tty if this infor‐
mation is available. Otherwise this parameter is set to NULL. This
parameter is read only. The colinput parameter specifies whether the
collection of input is allowed during this session. A "1" means yes and
"0" means no. This parameter is read only. The gssapi pointer is for
future expansion to utilize gss_api datatypes. It is not currently used
and should be set to NULL. This parameter is currently read only. The
passphrase parameter provides a precollected password to the authenti‐
cation routine. Set this parameter to NULL if no passphrase has been
precollected. This parameter is read only. Note that some third-party
security mechanisms may fail to validate users when the passphrase has
been pre-collected, since those mechanisms may have time-dependent
challenge-response dialogues as an authentication requirement. If this
parameter is NULL, and a collection routine is provided, and the colin‐
put parameter is non-zero, the passphrase will be gathered through the
collection routine if required.
DESCRIPTION
The sia_validate_user() routine performs password validation by calling
sia_ses_init(), sia_ses_reauthent(), and sia_ses_release().
RETURN VALUES
The sia_validate_user() routine returns SIASUCCESS if sia_ses_init(),
sia_ses_reauthent(), and sia_ses_release() succeed. SIAFAIL is returned
if any of the routines fail.
ERRORS
The errno value is not (normally) set explicitly by sia_* routines. The
errno values are those returned from the dynamic loader interface, from
dependent (siad_*) routines, or from malloc. Possible errors include
resource constraints (no memory) and various authentication failures.
FILES
/etc/sia/matrix.conf
SEE ALSOsia_ses_reauthent(3), sia_ses_release(3), sia_ses_init(3),
siad_ses_init(3), siad_init(3), matrix.conf(4)
Security
sia_validate_user(3)