513 lines
17 KiB
HTML
513 lines
17 KiB
HTML
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||
|
<HTML>
|
||
|
<HEAD>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
||
|
<meta name="Copyright" content="Copyright (c) 2006 by IBM Corporation">
|
||
|
<TITLE>ictxParseAuthContext()--Parse Authentication Context</TITLE>
|
||
|
<!-- Begin Header Records ========================================= -->
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<!-- Change History: -->
|
||
|
<!-- YYMMDD USERID Change description -->
|
||
|
<!-- End Header Records -->
|
||
|
<link rel="stylesheet" type="text/css" href="../rzahg/ic.css">
|
||
|
</HEAD>
|
||
|
<BODY>
|
||
|
<!--Java sync-link-->
|
||
|
<script type="text/javascript" language="Javascript" src="../rzahg/synch.js">
|
||
|
</script>
|
||
|
|
||
|
<A name=Top_Of_Page>
|
||
|
</A>
|
||
|
<!-- ============================================================== -->
|
||
|
<!-- -->
|
||
|
<!-- -->
|
||
|
<!-- ============================================================== -->
|
||
|
<H2>
|
||
|
ictxParseAuthContext()--Parse Authentication Context
|
||
|
</H2>
|
||
|
<!-- ============================================================== -->
|
||
|
<!-- -->
|
||
|
<!-- S Y N T A X / P A R M T A B L E -->
|
||
|
<!-- -->
|
||
|
<!-- ============================================================== -->
|
||
|
<div class="box" style="width: 90%;">
|
||
|
<BR> Syntax
|
||
|
<PRE>
|
||
|
#include <ictx.h>;
|
||
|
|
||
|
int ictxParseAuthContext
|
||
|
(
|
||
|
ictxIdContext_t * <EM>authContext</EM>,
|
||
|
ictxParseInfo_t ** <EM>parsedContext</EM>,
|
||
|
ictxError_t * <EM>errorInfo</EM>
|
||
|
)
|
||
|
</PRE>
|
||
|
<BR>
|
||
|
Threadsafe: Yes<BR>
|
||
|
<!-- iddvc RMBR -->
|
||
|
<br>
|
||
|
See <a href="#eserver_notes">eServer Implementation Notes</a>
|
||
|
for details on platform-specific details for this API.<br>
|
||
|
<!-- iddvc RMBR -->
|
||
|
<br>
|
||
|
|
||
|
</div>
|
||
|
<!-- ============================================================== -->
|
||
|
<!-- -->
|
||
|
<!-- D E S C R I P T I O N -->
|
||
|
<!-- -->
|
||
|
<!-- ============================================================== -->
|
||
|
<P>The <STRONG>ictxParseAuthContext()</STRONG> function parses the information
|
||
|
from the authentication context. The parsed information can be used for
|
||
|
mapping lookup operations and for auditing purposes.
|
||
|
</P>
|
||
|
<!-- ============================================================== -->
|
||
|
<!-- -->
|
||
|
<!-- A U T H O R I T I E S A N D L O C K S -->
|
||
|
<!-- -->
|
||
|
<!-- ============================================================== -->
|
||
|
<!-- See eServer notes. -->
|
||
|
<!-- ============================================================== -->
|
||
|
<!-- -->
|
||
|
<!-- P A R A M E T E R S -->
|
||
|
<!-- -->
|
||
|
<!-- ============================================================== -->
|
||
|
<BR>
|
||
|
<H3>Parameters</H3>
|
||
|
<DL>
|
||
|
<!-- ============================================================== -->
|
||
|
<!-- authContext -->
|
||
|
<!-- ============================================================== -->
|
||
|
<DT>
|
||
|
<STRONG>authContext</STRONG> (Input)
|
||
|
<DD>The authentication context to be parsed.
|
||
|
For the format of the structure, see <A
|
||
|
href="ictxidcontext.htm">
|
||
|
ictxIdContext--Identity Context Parameter</A>.
|
||
|
<BR>
|
||
|
<BR>
|
||
|
<!-- ============================================================== -->
|
||
|
<!-- parsedContext -->
|
||
|
<!-- ============================================================== -->
|
||
|
<DT>
|
||
|
<STRONG>parsedContext</STRONG> (Output)
|
||
|
<DD>Return pointer to information parsed from the authentication context.
|
||
|
For the format of the structure, see <A
|
||
|
href="ictxparseinfo.htm">
|
||
|
ictxParseInfo--Authentication Context Parse Information Parameter</A>.
|
||
|
This API will parse as much information as it possibly can from the
|
||
|
authentication context. If all of the information could not be parsed, the
|
||
|
<em>status</em> field will indicate that the parse information is
|
||
|
not complete.
|
||
|
When this information is no longer needed, it must be freed using the
|
||
|
Free Authentication Context Parse Info Storage (ictxFreeParseInfo) API.
|
||
|
If the authentication context has timed out, the ICTXERR_CTX_EXPIRED
|
||
|
return code will be set but parsed information will still be
|
||
|
returned to the caller. If the authentication context is
|
||
|
not valid yet, the ICTXERR_CTX_NOT_YET_VALID return
|
||
|
code will be set but parsed information will still
|
||
|
be returned to the caller.
|
||
|
<BR>
|
||
|
<BR>
|
||
|
<!-- ============================================================== -->
|
||
|
<!-- errorInfo -->
|
||
|
<!-- ============================================================== -->
|
||
|
<DT>
|
||
|
<STRONG>errorInfo</STRONG> (Output)
|
||
|
<DD>The structure in which to return error code information. If the return
|
||
|
value is not 0, <EM>errorInfo</EM> is set with additional information. This
|
||
|
parameter may be NULL. For the format of the structure, see <A
|
||
|
href="ictxerror.htm">ictxError--Authentication
|
||
|
Context Return Code Parameter</A>.<BR>
|
||
|
<BR>
|
||
|
</DD>
|
||
|
</DL>
|
||
|
<!-- ============================================================== -->
|
||
|
<!-- -->
|
||
|
<!-- R E T U R N V A L U E -->
|
||
|
<!-- -->
|
||
|
<!-- ============================================================== -->
|
||
|
<BR>
|
||
|
<H3>Return Value</H3>
|
||
|
<P>The return value from the API.</P>
|
||
|
<DL>
|
||
|
<!-- ============================================================== -->
|
||
|
<!-- 0 -->
|
||
|
<!-- ============================================================== -->
|
||
|
<DT>
|
||
|
<STRONG>0</STRONG>
|
||
|
<DD>Request was successful.
|
||
|
<BR>
|
||
|
<BR>
|
||
|
<!-- ============================================================== -->
|
||
|
<!-- Errors -->
|
||
|
<!-- ============================================================== -->
|
||
|
<DT>
|
||
|
<STRONG>ICTXERR_PARM_REQ (1)</STRONG>
|
||
|
<DD>Missing required parameter. Please check API documentation.
|
||
|
<BR>
|
||
|
<BR>
|
||
|
<DT>
|
||
|
<STRONG>ICTXERR_NOMEM (2)</STRONG>
|
||
|
<DD>No memory available. Unable to allocate required space.
|
||
|
<BR>
|
||
|
<BR>
|
||
|
<DT>
|
||
|
<STRONG>ICTXERR_IDCONTEXT_INVALID (4)</STRONG>
|
||
|
<DD>Identity context parameter is not valid.
|
||
|
The OID and identity context are required. The identity context
|
||
|
length must be greater than 0.
|
||
|
<BR>
|
||
|
<BR>
|
||
|
<DT>
|
||
|
<STRONG>ICTXERR_AUTH_CTX_TYPE_NOT_SUPPORTED (10)</STRONG>
|
||
|
<DD>Authentication Context Type is not supported.
|
||
|
<BR>
|
||
|
<BR>
|
||
|
<DT>
|
||
|
<STRONG>ICTXERR_DATA_CONVERSION (14)</STRONG>
|
||
|
<DD>Error occurred when converting data between code pages.
|
||
|
<BR>
|
||
|
<BR>
|
||
|
<DT>
|
||
|
<STRONG>ICTXERR_AUTH_CONTEXT_INVALID (17)</STRONG>
|
||
|
<DD>Error occurred parsing the authentication
|
||
|
context.
|
||
|
<BR>
|
||
|
<BR>
|
||
|
<DT>
|
||
|
<STRONG>ICTXERR_OID_MISMATCH (18)</STRONG>
|
||
|
<DD>The authentication type requested does not the
|
||
|
authentication context type found in the context.
|
||
|
<BR>
|
||
|
<BR>
|
||
|
<DT>
|
||
|
<STRONG>ICTXERR_CTX_EXPIRED (19)</STRONG>
|
||
|
<DD>The authentication context has expired.
|
||
|
<BR>
|
||
|
<BR>
|
||
|
<DT>
|
||
|
<STRONG>ICTXERR_CTX_LEN_MISMATCH (20)</STRONG>
|
||
|
<DD>Error occurred parsing the authentication
|
||
|
context. Input length not correct.
|
||
|
<BR>
|
||
|
<BR>
|
||
|
<DT>
|
||
|
<STRONG>ICTXERR_CTX_NOT_YET_VALID (26)</STRONG>
|
||
|
<DD>The authentication context is not yet valid.
|
||
|
<BR>
|
||
|
<BR>
|
||
|
</DD>
|
||
|
</DL>
|
||
|
<!-- ============================================================== -->
|
||
|
<!-- -->
|
||
|
<!-- U S A G E N O T E S -->
|
||
|
<!-- -->
|
||
|
<!-- ============================================================== -->
|
||
|
<!-- ============================================================== -->
|
||
|
<!-- -->
|
||
|
<!-- E S E R V E R N O T E S -->
|
||
|
<!-- -->
|
||
|
<!-- ============================================================== -->
|
||
|
<BR>
|
||
|
<h3>
|
||
|
<a name="eserver_notes">eServer Implementation Notes</a>
|
||
|
</h3>
|
||
|
<ol>
|
||
|
<li>
|
||
|
<strong>AIX implementation details:</strong>
|
||
|
<ul>
|
||
|
<li>
|
||
|
Authority: None
|
||
|
</li>
|
||
|
</ul>
|
||
|
</li>
|
||
|
<li>
|
||
|
<strong>Linux implementation details:</strong>
|
||
|
<ul>
|
||
|
<li>
|
||
|
Authority: None
|
||
|
</li>
|
||
|
</ul>
|
||
|
</li>
|
||
|
<li>
|
||
|
<strong>i5/OS implementation details:</strong><br>
|
||
|
|
||
|
<ul>
|
||
|
<li>
|
||
|
Service Program Name: QSYS/QSYICTX<br>
|
||
|
</li>
|
||
|
<li>
|
||
|
Authority: Default public authority *USE
|
||
|
</li>
|
||
|
</ul>
|
||
|
</li>
|
||
|
<li>
|
||
|
<strong>Windows implementation details:</strong>
|
||
|
<ul>
|
||
|
<li>
|
||
|
Authority: Users must have administrative privilege to
|
||
|
install and work with the APIs.
|
||
|
</li>
|
||
|
</ul>
|
||
|
</li>
|
||
|
<li>
|
||
|
<strong>z/OS implementation details:</strong><br>
|
||
|
|
||
|
<ul>
|
||
|
<li>
|
||
|
Authority: The caller of the API must be APF-authorized.
|
||
|
</li>
|
||
|
</ul>
|
||
|
</li>
|
||
|
</ol>
|
||
|
<!-- ============================================================== -->
|
||
|
<!-- -->
|
||
|
<!-- R E L A T E D I N F O R M A T I O N -->
|
||
|
<!-- -->
|
||
|
<!-- ============================================================== -->
|
||
|
|
||
|
|
||
|
<BR>
|
||
|
<H3>Related Information</H3>
|
||
|
<UL>
|
||
|
<LI>
|
||
|
<A
|
||
|
href="ictxbuildauthcontext.htm">ictxBuildAuthContext()</A>
|
||
|
--Build Authentication Context<BR>
|
||
|
<BR>
|
||
|
</LI>
|
||
|
<LI>
|
||
|
<A
|
||
|
href="ictxdelegateauthcontext.htm">ictxDelegateAuthContext()</A>
|
||
|
--Delegate Authentication Context<BR>
|
||
|
<BR>
|
||
|
</LI>
|
||
|
|
||
|
<LI>
|
||
|
<A
|
||
|
href="ictxfreeidcontext.htm">ictxFreeIdContext()</A>
|
||
|
--Free Identity Context Storage<BR>
|
||
|
<BR>
|
||
|
</LI>
|
||
|
<LI>
|
||
|
<A
|
||
|
href="ictxfreeparseinfo.htm">ictxFreeParseInfo()</A>
|
||
|
--Free Authentication Context Parse Info Storage<BR>
|
||
|
<BR>
|
||
|
</LI>
|
||
|
</UL>
|
||
|
<BR>
|
||
|
<!-- ============================================================== -->
|
||
|
<!-- -->
|
||
|
<!-- E X A M P L E -->
|
||
|
<!-- -->
|
||
|
<!-- ============================================================== -->
|
||
|
<BR>
|
||
|
<h3>
|
||
|
Example
|
||
|
</h3>
|
||
|
<p>
|
||
|
The following example parses an authentication context.
|
||
|
<b>Note:</b> Read the <a href="codedisclaimer.htm">Code example disclaimer</a>
|
||
|
for important legal information.
|
||
|
</p>
|
||
|
<pre>
|
||
|
#include <ictx.h>
|
||
|
#include <string.h>
|
||
|
|
||
|
|
||
|
|
||
|
void printData(char * attribute,
|
||
|
char * value)
|
||
|
{
|
||
|
char * actual = NULL;
|
||
|
|
||
|
if (NULL == value)
|
||
|
actual = "NONE";
|
||
|
else
|
||
|
actual = value;
|
||
|
|
||
|
printf(" %s: %s\n", attribute, actual);
|
||
|
}
|
||
|
|
||
|
void printAuthData(ictxAuthenticationInfo_t * authData)
|
||
|
{
|
||
|
int rc;
|
||
|
|
||
|
if (NULL == authData)
|
||
|
{
|
||
|
printf("No authentication information available.\n");
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
printf("Authentication information:\n");
|
||
|
|
||
|
printData(" User", authData->user);
|
||
|
printData(" Registry", authData->registry);
|
||
|
printData(" HostName", authData->hostName);
|
||
|
printData(" AuthMech", authData->authMech);
|
||
|
printData(" SecurityLabel", authData->securityLabel);
|
||
|
printData(" ImplemSpecific", authData->implemSpecific);
|
||
|
printf("\n\n");
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
void printPremapped(ictxPremappedUserInfo_t * premapped)
|
||
|
{
|
||
|
printData(" User", premapped->user);
|
||
|
printData(" Registry", premapped->registry);
|
||
|
printData(" MappingSource", premapped->mappingSource);
|
||
|
printData("MappingQualifiers", premapped->mappingQualifiers);
|
||
|
printData(" ImplemSpecific", premapped->implemSpecific);
|
||
|
}
|
||
|
|
||
|
|
||
|
void printApplication(ictxApplicationInfo_t * appInfo)
|
||
|
{
|
||
|
printData(" Appid", appInfo->appid);
|
||
|
printData(" Instance", appInfo->instance);
|
||
|
printData(" ImplemSpecific", appInfo->implemSpecific);
|
||
|
}
|
||
|
|
||
|
|
||
|
void printManifest(ictxManifestInfo_t * manifest)
|
||
|
{
|
||
|
time_t creationTime;
|
||
|
struct tm *timeptr;
|
||
|
char dest[50]; //
|
||
|
|
||
|
printf("Manifest counter: %d\n", manifest->counter);
|
||
|
printf("\n");
|
||
|
|
||
|
|
||
|
//------------------------------------------------------------------
|
||
|
// Convert time to Month Day, year h:m:s
|
||
|
//------------------------------------------------------------------
|
||
|
creationTime = manifest->creationTime;
|
||
|
timeptr = localtime(&creationTime);
|
||
|
dest[0] = 0;
|
||
|
strftime(dest,sizeof(dest)-1,"%b %d,%Y %H:%M:%S", timeptr);
|
||
|
printf("Creation date: %s\n", dest);
|
||
|
|
||
|
printf("Time to Live: %d\n", manifest->timeToLive);
|
||
|
|
||
|
|
||
|
if (NULL == manifest->sender)
|
||
|
printf(" Sender: NONE.\n");
|
||
|
else
|
||
|
{
|
||
|
printf(" Sender Information:\n");
|
||
|
printApplication(manifest->sender);
|
||
|
}
|
||
|
|
||
|
printf("\n");
|
||
|
if (NULL == manifest->receiver)
|
||
|
printf(" Receiver: NONE.\n");
|
||
|
else
|
||
|
{
|
||
|
printf(" Receiver Information:\n");
|
||
|
printApplication(manifest->receiver);
|
||
|
}
|
||
|
|
||
|
printf("\n");
|
||
|
if (NULL == manifest->premappedUser)
|
||
|
printf(" PremappedUser: NONE.\n");
|
||
|
else
|
||
|
{
|
||
|
printf(" PremappedUser Information:\n");
|
||
|
printPremapped(manifest->premappedUser);
|
||
|
}
|
||
|
printf("\n\n");
|
||
|
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
|
||
|
void printManifests(ictxManifestInfo_t ** manifestList)
|
||
|
{
|
||
|
int i = 0;
|
||
|
|
||
|
if (NULL == manifestList)
|
||
|
{
|
||
|
printf("No manifest information available.\n");
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
for ( i = 0; manifestList[i] != NULL; i++)
|
||
|
{
|
||
|
printManifest(manifestList[i]);
|
||
|
}
|
||
|
|
||
|
|
||
|
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
|
||
|
int parseAuthContext(ictxIdContext_t * authContext)
|
||
|
{
|
||
|
int rc;
|
||
|
|
||
|
ictxError_t errorInfo;
|
||
|
ictxParseInfo_t * parsedContext;
|
||
|
/*----------------------------------------------------------------*/
|
||
|
/* Parse authentication context */
|
||
|
/*----------------------------------------------------------------*/
|
||
|
if (0 != (rc = ictxParseAuthContext(authContext,
|
||
|
&parsedContext,
|
||
|
&errorInfo)))
|
||
|
{
|
||
|
.
|
||
|
.
|
||
|
.
|
||
|
return -1;
|
||
|
}
|
||
|
/*----------------------------------------------------------------*/
|
||
|
/* Check status */
|
||
|
/*----------------------------------------------------------------*/
|
||
|
if (0 == parsedContext->statusFlag)
|
||
|
printf("\n Parsed results complete.\n");
|
||
|
else
|
||
|
printf("\n Parsed results incomplete.\n");
|
||
|
/*----------------------------------------------------------------*/
|
||
|
/* Print parsed results */
|
||
|
/*----------------------------------------------------------------*/
|
||
|
if (ICTX_PARSE_INFO_FORMAT_0 == parsedContext->format)
|
||
|
{
|
||
|
printAuthData(parsedContext->parseInfo.format0.authData);
|
||
|
printManifests(parsedContext->parseInfo.format0.manifestList);
|
||
|
}
|
||
|
.
|
||
|
.
|
||
|
.
|
||
|
if (0 != (rc = ictxFreeParseInfo(parsedContext,
|
||
|
&errorInfo)))
|
||
|
{
|
||
|
.
|
||
|
.
|
||
|
.
|
||
|
return -1;
|
||
|
}
|
||
|
return 0;
|
||
|
}
|
||
|
|
||
|
</pre>
|
||
|
<hr>
|
||
|
<center>
|
||
|
<table cellpadding="2" cellspacing="2">
|
||
|
<tr align="center">
|
||
|
<td valign="middle" align="center">
|
||
|
<a href="#Top_Of_Page">Top</a> |
|
||
|
<a href="sec.htm">Security APIs</a> |
|
||
|
<a href="aplist.htm">APIs by category</a></td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
</center>
|
||
|
</BODY>
|
||
|
</HTML>
|