siad_test_newpass(3) Library Functions Manual siad_test_newpass(3)NAME
siad_test_newpass - test passphrase against rules and policy routine for SIA (Security Integration Architecture)
LIBRARY
Standard C library - libc.so and libc.a
SYNOPSIS
#include <sia.h>
#include <siad.h>
int siad_test_newpass(
sia_collect_func_t *collect,
SIAENTITY *entity,
int *mechind,
const char newpass);
PARAMETERS
collect This is a pointer to an SIA collection routine that provides the ability for the mechanism to prompt the user for additional
information. If this pointer is NULL no collection is possible. If this parameter is not NULL and the colinput parameter
entered during the sia_ses_init() call was zero then this collection routine cannot be used to prompt for input but can be used
to display warnings or error messages.
entity This is a pointer to the SIAENTITY structure that was allocated and setup by the previous sia_ses_init() call. It is used to
access arguments which have either been collected or derived from the session processing.
mechind The mechind parameter is the package index number for the mechanism. This index can be used to set the mechanism-specific data
pointer array element in the SIAENTITY structure pointed to by entity.
newpass Pointer to the character string which contains a new password.
DESCRIPTION
The siad_test_newpass() routine tests and compares the string at *newpass against the passphrase rules and policy for the mechanism.
This routine is called from the sia_chg_password() routine when it is determined that the mechanism supports the changing of the passphrase
using the entity.
RETURN VALUES
The siad_test_newpass() routine returns a bitmapped value which indicate the following status:
SIADSUCCESS A return code of SIADSUCCESS indicates that the proposed new passphrase is acceptable to the mechanism. All bits set to 0.
SIADFAIL A return code of SIADFAIL indicates that the proposed passphrase is not acceptable by policy to the given mechanism, but
that it is possible for the implementation to store it anyway. (This case is allowed for possible administrative overrides
to the policy for temporary passphrases. It is only be used for pre-collected new passphrases.) Lowest bit set to 1.
SIADFAIL|SIADSTOP
The mechanism refuses to store at all. Do not continue. Returned when incorrect usage of this routine was detected, mean-
ing either the entity doesn't exist or was set up wrong. Second lowest bit set to 1.
SIADSUCCESS|SIADSTOP
Reserved for future use.
ERRORS
The errno values are those returned from the dynamic loader interface, from the (siad_*) routines, or from malloc. Possible errors include
resource constraints (no memory) and various authentication failures.
FILES
/etc/passwd
/etc/sia/matrix.conf
RELATED INFORMATION sia_chg_password(3), siad_chk_user(3), siad_update_pass(3), matrix.conf(4)
Security delim off
siad_test_newpass(3)
Check Out this Related Man Page
siad_ses_init(3) Library Functions Manual siad_ses_init(3)NAME
siad_ses_init, siad_ses_authent, siad_ses_suauthent, siad_ses_reauthent, siad_ses_estab, siad_ses_launch, siad_ses_release - SIA session
routines (Security Integration Architecture)
LIBRARY
Standard C library (libc.so and libc.a)
SYNOPSIS
#include <sia.h>
#include <siad.h>
int siad_ses_init(
SIAENTITY ** entityhdl);
int siad_ses_authent(
int (*collect)(),
SIAENTITY *entityhdl,
int siastat,
int mechind);
int siad_ses_suauthent(
int (*collect)(),
SIAENTITY *entityhdl,
int siastat,
int mechind);
int siad_ses_reauthent(
int (*collect)(),
SIAENTITY *entityhdl,
int siastat,
int mechind);
int siad_ses_estab(
int (*collect)(),
SIAENTITY *entityhdl,
int siastat,
int mechind);
int siad_ses_launch(
int (*collect)(),
SIAENTITY *entityhdl,
int siastat,
int mechind);
int sia_ses_release(
SIAENTITY **entityhdl,
int mechind);
PARAMETERS
collect The collect parameter is a pointer to an SIA collection routine. If this pointer is NULL, no collection is possible. If the
pointer is not NULL and the can_collect_input parameter entered during the sia_ses_init() call was zero, then this collection
routine cannot be used to prompt for input but can be used to display warnings or error messages. This parameter is read only.
Further input on SIA collection routines is available from the interface specifications in /usr/include/{sia,siad}.h.
entityhdl The entityhdl parameter points to the SIAENTITY structure that was allocated and setup by the previous sia_ses_init() call. Val-
ues in the SIAENTITY structure may be changed by the siad_* routines.
siastat The siastat parameter is set to SIADFAIL until at least one security mechanism has returned a SIADSUCCESS response to
sia_ses_authent(). It is then set to SIADSUCCESS. Security mechanisms use this parameter to determine whether vouching is pos-
sible.
mechind The mechind parameter is the mechanism index for this call. This index can be used to set the mechanism specific data pointer
array element in the SIAENTITY structure pointed to by entityhdl.
DESCRIPTION
siad_ses_init()
This routine is called by sia_ses_init() to initialize a session with respect to a mechanism. This call is used to check resources and sub-
systems associated with a security mechanism. The siad_ses_init() routine returns SIADFAIL if the security mechanism cannot initialize a
session. Otherwise, SIADSUCCESS is returned.
siad_ses_reauthent()
This routine is called from the sia_ses_reauthent() to reauthenticate a session with respect to a specific security mechanism. This pro-
cessing is typically associated with the locking or unlocking of a terminal or workstation by a particular user. The siad_ses_reauthent()
routine is only called after a siad_ses_init() call to setup the SIAENTITY structure.
siad_ses_authent()
This routine is called by sia_ses_authent() to authenticate a session with respect to a security mechanism. The current state, success or
fail, is indicated by siastat. The entityhdl pointer is used to access arguments which have either been collected or derived from the ses-
sion processing. The mechanism index, mechind, is used by each mechanism to determine where in the sequence of processing the mechanism is
configured and which index is to be used for mechanism specific data area associated with the SIAENTITY structure. The collect argument
allows the mechanism to prompt the user for additional information.
Vouching can occur during the sia_ses_authent() processing. The default local security mechanism, BSD, allows vouching and returns
SIADSUCCESS if siastat is already set to SIADSUCCESS. (This indicates that some previously called security mechanism has successfully
authenticated this entity.)
siad_ses_suauthent()
This routine is called from sia_ses_suauthent() to do su command mechanism dependent processing. Unlike the other session processing inter-
faces, generally only one of the mechanisms would be configured to process the su authentication. However, multiple mechanisms could be
configured to do this processing. This routine is only called after a siad_ses_init() call has been made to create the SIAENTITY struc-
ture.
siad_ses_estab()
This routine is called by sia_ses_estab() and performs mechanism-specific processing associated with general resource and licensing check-
ing. This routine also gathers all the required context needed to establish a session. For example, the local security mechanism requires
that the struct passwd in the SIAENTITY structure be completed to successfully establish the session. The local mechanism may also use this
routine to check the system limits to make sure this session does not exceed the configuration.
siad_ses_launch()
This routine is called from the sia_ses_launch() routine to do security mechanism specific logging or auditing in preparation of the ses-
sion startup. The local security mechanism may have additional responsibilities such as tty conditioning or processing for wtmp and utmp.
On the successful return from siad_ses_launch(), the local security mechanism sets the effective user ID (EUID) to the user requesting the
session. The local mechanism sets the groups and group ID (GID) using the setgid() and initgroups() calls.
siad_ses_release()
The siad_ses_release() routine is called by the sia_ses_release() routine to release resources associated with the session processing which
is now completed. The security mechanism is responsible for releasing any allocated memory which is no longer needed by this session. If a
security mechanism has allocated memory pointed to by the SIAENTITY structure, this memory must be deallocated at this time.
RETURN VALUES
The siad_ses_*() routines return bitmapped values which indicate the following status:
SIADSUCCESS Indicates unconditional success. All bits set to 0.
SIADFAIL Indicates conditional failure. Lowest bit set to 1. If other security mechanism are in place, continue.
SIADSTOP Indicates unconditional failure. Do not continue. Second lowest bit set to 1.
ERRORS
The errno values are those returned from the dynamic loader interface, from the (siad_*) routines, or from malloc. Possible errors include
resource constraints (no memory) and various authentication failures.
FILES
/etc/group
/etc/passwd
/etc/sia/matrix.conf
RELATED INFORMATION setgid(2), initgroups(3), sia_ses_init(3), matrix.conf(4)
Security delim off
siad_ses_init(3)