NAME

catpac_openears - get handle to UARs in the PAC

SYNOPSIS

#include <cat/cat.h>

int catpac_openears(cat_session *sess, catpac_ear **ep, const char *service, const char *version, const char *method);

DESCRIPTION

This function returns a handle in ep. The handle represents the list of UARs found in the peer certificate (PAC) specified in session sess. service is the service name and method is defined for the specific service.

version can be specified as follows:

Exact match
If version is supplied as a major.minor, only UARs with that version will match.

Example: "1.0" will only match UARs with version 1.0.

Exact match on major number
Version can be supplied as major.* to match any minor version for the given major version.

Example: "1.*" will match all versions with the major number ``1''.

Version range
A version range can be supplied as majorX.minorX-majorY.minorY to match all version in the range inclusively.

Example: ``1.0-2.0'' will match every version from 1.0 to 2.0 inclusive.

The function returns the number of matching UARs if successful, in which case, the handle must be closed later by catpac_closeear().

A return value of zero indicates that no UARs matching the above criteria could be found, although the PAC was opened successfully. This should normally be handled as an authorization error. The ep pointer can still be used to get the username, with catear_getlogid.

A negative return value means that the peer certificate was not a PAC. This is normally handled as an authorization error.

NOTES

The Agent Host Virtual Card to be used must be set using catpsd_setpsd() before this function is called.

SEE ALSO

catpac

catpac_closeear, catpsd_setpsd, catear_getlogid