system-authentication-control.h File Reference

Allows the update of the Server system authentication store, which controls principals and trusted proposed session properties. More...

Data Structures
struct	system_principal_s
	Structure describing a principal in the authentication store. More...
struct	system_authentication_store_s
struct	get_system_authentication_store_params_s
	Structure passed when requesting the system authentication store. More...
struct	update_system_authentication_store_params_s
	Structure passed when updating the system authentication store. More...

Typedefs
typedef struct system_principal_s	SYSTEM_PRINCIPAL_T
	Structure describing a principal in the authentication store.
typedef int(*	on_get_system_authentication_store_cb) (SESSION_T *session, const SYSTEM_AUTHENTICATION_STORE_T store, void *context)
	Callback for get_system_authentication_store().
typedef struct get_system_authentication_store_params_s	GET_SYSTEM_AUTHENTICATION_STORE_PARAMS_T
	Structure passed when requesting the system authentication store.
typedef int(*	on_update_system_authentication_store_cb) (SESSION_T *session, const LIST_T *error_reports, void *context)
	Callback for update_system_authentication_store().
typedef struct update_system_authentication_store_params_s	UPDATE_SYSTEM_AUTHENTICATION_STORE_PARAMS_T
	Structure passed when updating the system authentication store.

Enumerations
enum	ANONYMOUS_CONNECTION_ACTION_T { ANONYMOUS_CONNECTION_ACTION_ALLOW , ANONYMOUS_CONNECTION_ACTION_DENY , ANONYMOUS_CONNECTION_ACTION_ABSTAIN }
	Action to be taken by the system authentication handler for connection attempts that do not provide a principal name and credentials. More...

Functions
SYSTEM_AUTHENTICATION_STORE_T *	system_authentication_store_create (void)
	Create a new, empty system authentication store structure.
void	system_authentication_store_free (SYSTEM_AUTHENTICATION_STORE_T *store)
	Free all memory associated with a system authentication store structure.
void	system_principal_free (SYSTEM_PRINCIPAL_T *system_principal)
	Free all memory associated with a system principal store structure.
SYSTEM_AUTHENTICATION_STORE_T *	system_authentication_store_dup (const SYSTEM_AUTHENTICATION_STORE_T *store)
	Copy an existing system authentication store structure.
SYSTEM_PRINCIPAL_T *	system_principal_dup (const SYSTEM_PRINCIPAL_T *system_principal)
	Copy an existing system principal structure.
void	get_system_authentication_store (SESSION_T *session, const GET_SYSTEM_AUTHENTICATION_STORE_PARAMS_T params)
	Get the server's system authentication store.
char **	get_principal_names (const SYSTEM_AUTHENTICATION_STORE_T store)
	Get an array of principals defined in the system authentication store.
char **	get_roles_for_principal (const SYSTEM_AUTHENTICATION_STORE_T store, const char *principal)
	Get an array of role names for a given principal.
char **	get_anonymous_roles (const SYSTEM_AUTHENTICATION_STORE_T store)
	Get an array of role names for anonymous connections.
void	update_system_authentication_store (SESSION_T *session, const UPDATE_SYSTEM_AUTHENTICATION_STORE_PARAMS_T params)
	Send updates to the system authentication store.
SCRIPT_T *	update_auth_store_deny_anonymous_connections (SCRIPT_T *script)
	Updates a script to add a command to deny anonymous connections.
SCRIPT_T *	update_auth_store_abstain_anonymous_connections (SCRIPT_T *script)
	Updates a script to add a command to abstain from decisions relating to anonymous connections.
SCRIPT_T *	update_auth_store_allow_anonymous_connections (SCRIPT_T *script, const LIST_T *roles)
	Updates a script to add a command to allow anonymous connections, and a list of roles those connections should have.
SCRIPT_T *	update_auth_store_add_principal (SCRIPT_T *script, const char *principal, const char *password, const LIST_T *roles)
	Updates a script to add a command to add a new principal to the authentication store, and a list of roles assigned to them.
SCRIPT_T *	update_auth_store_add_locked_principal (SCRIPT_T *script, const char *principal, const char *password, const LIST_T *roles, const char *locking_principal)
	Updates a script to add a command to add a new locked principal to the authentication store.
SCRIPT_T *	update_auth_store_remove_principal (SCRIPT_T *script, const char *principal)
	Updates a script to add a command to remove an existing principal from the authentication store.
SCRIPT_T *	update_auth_store_assign_roles (SCRIPT_T *script, const char *principal, const LIST_T *roles)
	Updates a script to assign roles to an existing principal.
SCRIPT_T *	update_auth_store_set_password (SCRIPT_T *script, const char *principal, const char *password)
	Updates a script to change the password for an existing principal.
SCRIPT_T *	update_auth_store_verify_password (SCRIPT_T *script, const char *principal, const char *password)
	Updates a script to include a command to verify a principal's password.
SCRIPT_T *	update_auth_store_trust_client_proposed_property_in (SCRIPT_T *script, const char *property_name, const SET_T *allowed_values)
	Updates a script to specify a client proposed session property and its allowed values.
SCRIPT_T *	update_auth_store_trust_client_proposed_property_matches (SCRIPT_T *script, const char *property_name, const char *regular_expression)
	Updates a script to specify a client proposed session property and a regular expression to validate its value.
SCRIPT_T *	update_auth_store_ignore_client_proposed_property (SCRIPT_T *script, const char *property_name)
	Updates a script to specify that a client proposed session property should be ignored.

Detailed Description

Allows the update of the Server system authentication store, which controls principals and trusted proposed session properties.

Typedef Documentation

on_get_system_authentication_store_cb

typedef int(* on_get_system_authentication_store_cb) (SESSION_T *session, const SYSTEM_AUTHENTICATION_STORE_T store, void *context)

Callback for get_system_authentication_store().

Parameters

session	The current active session.
store	The response containing the authentication store contents. This structure will be freed on exit so a copy should be taken if it needs to be used outside of the scope of the callback.
context	User-supplied context from the get_system_authentication_store() call.

Returns

HANDLER_SUCCESS or HANDLER_FAILURE.

on_update_system_authentication_store_cb

typedef int(* on_update_system_authentication_store_cb) (SESSION_T *session, const LIST_T *error_reports, void *context)

Callback for update_system_authentication_store().

Parameters

session	The current active session.
error_reports	Any errors that have occurred while processing the update.
context	User-supplied context from the update_system_authentication_store() call.

Returns

HANDLER_SUCCESS or HANDLER_FAILURE.

Enumeration Type Documentation

ANONYMOUS_CONNECTION_ACTION_T

enum ANONYMOUS_CONNECTION_ACTION_T

Action to be taken by the system authentication handler for connection attempts that do not provide a principal name and credentials.

Enumerator
ANONYMOUS_CONNECTION_ACTION_ALLOW	Accept anonymous connection attempts.
ANONYMOUS_CONNECTION_ACTION_DENY	Deny anonymous connection attempts.
ANONYMOUS_CONNECTION_ACTION_ABSTAIN	Defer authentication decision for anonymous connection attempts to subsequent authentication handlers.

Function Documentation

system_authentication_store_free()

void system_authentication_store_free

(

SYSTEM_AUTHENTICATION_STORE_T *

store

)

Free all memory associated with a system authentication store structure.

Parameters

store

The system authentication store to be freed.

system_principal_free()

void system_principal_free

(

SYSTEM_PRINCIPAL_T *

system_principal

)

Free all memory associated with a system principal store structure.

Parameters

system_principal

The system principal store to be freed.