catgen_checkauth - user access authentication
#include <cat/gen.h>
int catgen_checkauth(cat_session *sess, const char *givenuser, const char *givenpsw, const char *givendbid);
This function checks the access lists for a user. The function should be
called to check if a user is allowed further access.
This function can be called only after a successful SSL or DASP handshake
and verification of the peer's certificate, as performed by
catgen_serverencryption().
This function checks the user access rights in one of two ways:
- SSL, PACs and UARs
-
If SSL has been used, this function will read the UAR variables, specifying
a user's access rights, from the Privileged Attribute Certificate (PAC).
The PAC is an ordinary certificate with the UARs attached as a certificate
extension. The PAC will be used in the SSL negotiation.
- DASP and Keon Security Server
-
If DASP has been used, this function will contact the Keon Security Server
to find out if the authenticated user is allowed access. In this case, the
Keon Security Server makes the decision.
The givenuser, givenpsw, and givendbid arguments are any login information supplied from the client. If no such
information is available, they can be set to NULL
. If non-null, this function will also verify that a mapping exists for the
user.
If an error occurs, the session should be closed by letting the session or
filter callback function return an error.
On error, an event log message is generated.
The function returns 0 if successful, and an error code if not.
cat, catgen