NAME

catgen_checkauth - user access authentication

SYNOPSIS

#include <cat/gen.h>

int catgen_checkauth(cat_session *sess, const char *givenuser, const char *givenpsw, const char *givendbid);

DESCRIPTION

This function checks the access lists for a user. The function should be called to check if a user is allowed further access.

This function can be called only after a successful SSL or DASP handshake and verification of the peer's certificate, as performed by catgen_serverencryption().

This function checks the user access rights in one of two ways:

SSL, PACs and UARs
If SSL has been used, this function will read the UAR variables, specifying a user's access rights, from the Privileged Attribute Certificate (PAC). The PAC is an ordinary certificate with the UARs attached as a certificate extension. The PAC will be used in the SSL negotiation.

DASP and Keon Security Server
If DASP has been used, this function will contact the Keon Security Server to find out if the authenticated user is allowed access. In this case, the Keon Security Server makes the decision.

The givenuser, givenpsw, and givendbid arguments are any login information supplied from the client. If no such information is available, they can be set to NULL. If non-null, this function will also verify that a mapping exists for the user.

If an error occurs, the session should be closed by letting the session or filter callback function return an error.

LOGGING

On error, an event log message is generated.

RETURN VALUES

The function returns 0 if successful, and an error code if not.

SEE ALSO

cat, catgen