| 
        sia_ses_init,      sia_ses_authent,     sia_ses_suauthent,
       sia_ses_reauthent,     sia_ses_estab,      sia_ses_launch,
       sia_ses_release  - SIA session routines (Security Integration
 Architecture)
       #include <sia.h> #include <siad.h>
       int sia_ses_init(
               SIAENTITY ** entityhdl,
               int arg,
               char **argv,
               char *hostname,
               char *username,
               char *ttyname,
               int can_collect_input,
               char *gssapi ); int sia_ses_authent(
               int (*collect)(),
               char *passkey,
               SIAENTITY *entityhdl ); int sia_ses_suauthent(
               int (*collect)(),
               SIAENTITY *entityhdl ); int sia_ses_reauthent(
               int (*collect)(),
               SIAENTITY *entityhdl ); int sia_ses_estab(
               int (*collect)(),
               SIAENTITY *entityhdl ); int sia_ses_launch(
               int (*collect)(),
               SIAENTITY *entityhdl ); int sia_ses_release(
               SIAENTITY **entityhdl );
       Standard C library (libc.so and libc.a)
        The argc and argv parameters are used  by  the  underlying
       security  mechanisms  for  things  like  generating  audit
       records and initializing database accesses.  There  should
       always be at least one argument argv[0] which contains the
       name of the command or utility issuing a session  initialization.
  These  parameters  are  read only.  The hostname
       parameter is used to determine if  the  session  is  being
       requested  by  a  remote  system. If the request is from a
       remote system, the hostname parameter points to  a  string
       containing  the  remote  host  information. If information
       about the requesting remote user is available, the  information
   is   in  the  form  "node::user"  for  DECnet  or
       "user@host" for IP.  If the remote user information is not
       available, the information is the remote "host". For local
       requests, this parameter is passed as a NULL pointer.  The
       username  parameter  is  be  set  to  point to the name or
       string representing the requesting user if  this  information
  is  available.  Otherwise  this  parameter is set to
       NULL. This parameter is read only.  The ttyname  parameter
       is  set  to  point  to the name or string representing the
       requesting or active tty if this information is available.
       Otherwise this parameter is set to NULL. This parameter is
       read  only.   The  can_collect_input  parameter  specifies
       whether  the  collection  of  input is allowed during this
       session. A "1" means yes and "0" means no. This  parameter
       is  read only.  The gssapi pointer is for future expansion
       to utilize gss_api datatypes. It is not currently used and
       should  be  set  to NULL. This parameter is currently read
       only.  The collect parameter is a pointer to an  SIA  collection
 routine. If this pointer is NULL, no collection is
       possible. If the pointer is  not  NULL  and  the  can_collect_input
  parameter  entered  during  the sia_ses_init()
       call was zero, then this collection routine cannot be used
       to prompt for input but can be used to display warnings or
       error messages. This parameter is read only.
              Further input on SIA collection routines is  available
   from   the   interface   specifications   in
              /usr/include/{sia,siad}.h.  The entityhdl parameter
              points  to  the  SIAENTITY structure that was allocated
 and  setup  by  the  previous  sia_ses_init()
              call.   Values  in  the  SIAENTITY structure may be
              changed by the sia_* routines.  The passkey parameter
 provides a precollected password to the authentication
 routine. Set this parameter to NULL if  no
              password  has been precollected.  This parameter is
              read only.
   sia_ses_init()
       The sia_ses_init() routine initializes SIA sessions.   The
       routine  allocates an entity handle structure and initializes
 various values in that structure. It must  be  called
       before any of the other SIA session processing routines.
   sia_ses_reauthent()
       The  sia_ses_reauthent()  routine  is used to revalidate a
       user's password. It is associated with  applications  that
       require  that  the  user be reauthenticated. Such applications
 are the typical terminal or session locking applications.
   This   call   must  be  preceded  by  a  call  to
       sia_ses_init()    and    followed    by    a    call    to
       sia_ses_release().
   sia_ses_release()
       The  sia_ses_release() routine is called at the end of the
       session processing to  release  any  resources  associated
       with  the session startup processing, including the SIAENTITY
 structure. After calling the  sia_ses_release()  routine,
 do the setuid and then exec the program to start the
       actual new process running as the session user ID.
   sia_ses_authent()
       The sia_ses_authent() routine is called to authenticate an
       entity.  Since  this routine may require parameter collection,
 a collect routine pointer is provided by the calling
       application.  It  is  also  possible that the password has
       been pre-collected by the application (such as, ftp).  The
       passkey  parameter  allows  the  application  to provide a
       password to the security mechanisms. Providing  a  passkey
       is  not  sufficient to keep the underlying mechanisms from
       trying  to  prompt   for   additional   information.   The
       sia_ses_init()  routine must be called before calling this
       routine.
   sia_ses_suauthent()
       The sia_ses_suauthent() routine processes the su  command.
       Since  the  processing of the su command is viewed as special
 and may require an alternative configuration from the
       normal sia_ses_authent() routine, it has been made a separate
 SIA capability. Like  the  sia_ses_authent()  routine
       sia_ses_suauthent  is preceded by a call to sia_ses_init()
       and followed by a call to sia_ses_release().
   sia_ses_estab()
       The sia_ses_estab() routine is called to establish context
       for  a  session  that is already checked or authenticated.
       This routine checks system or  mechanism  wide  parameters
       such   as   licensing   or   resource   limitations.   The
       sia_ses_estab() routine also collects the complete set  of
       information  or context required to launch a session. However,
  for  a  login  model  the  environment   processing
       (clearenv()  and  setenv())  must  still be done. Copy any
       HOME or SHELL strings from the SIAENTITY structure because
       the  final  call to sia_ses_release() will free the entire
       SIAENTITY structure. If the sia_ses_estab() routine fails,
       sia_ses_release() is automatically called.
   sia_ses_launch()
       The  sia_ses_launch()  routine  is  called to do the final
       processing of a session before the  actual  start  of  the
       session  by  the application. This processing usually consists
 of the logging or auditing the session  startup  and
       any  tty conditioning which may be required. Not all security
 mechanisms may require processing at this time.  Generally,
  the  local mechanism is required to do the launch
       processing.  If  the   sia_ses_launch()   routine   fails,
       sia_ses_release() is automatically called.
       On  the  return  from  sia_ses_launch(), the effective UID
       (EUID) has been set to the UID of the user for  this  session.
  Generally,  a setreuid(geteuid(),geteuid()) follows
       this return setting both  the  real  user  ID  (RUID)  and
       effective  user ID (EUID) to the effective user ID (EUID).
       The remaining processing is utility dependent.
       All the  users  group  memberships  are  set  using  initgroups().
       The  sia_ses_*()  routines  return SIASUCCESS when the are
       successful and SIAFAIL when they are not successful.
       The errno value is not (normally) set explicitly by  sia_*
       routines.  The  errno  values  are those returned from the
       dynamic loader interface,  from  dependent  (siad_*)  routines,
  or  from  malloc. Possible errors include resource
       constraints (no memory) and various  authentication  failures.
       /etc/passwd
       /etc/group
       /etc/sia/matrix.conf
       initgroups(3), siad_ses_init(3), matrix.conf(4)
       Security
                                                  sia_ses_init(3)
[ Back ] |