Detailed Description

Authorization Callouts.

The GSI Authorization API provides an interface for making generic authorization decisions using dynamically-loaded authorization modules. The API documentation is divided into the following sections:

  • GSI Authorization API

  • GSI Credential Constants

Function Documentation

globus_result_t globus_gsi_authorize (globus_gsi_authz_handle_thandle, const void *action, const void *object, globus_gsi_authz_cb_tcallback, void *callback_arg)

Start the authorization decision-making process. Processes an authorization decision by calling the GLOBUS_GSI_AUTHORIZE_ASYNC function named in the authorization configuration file. The parameters to this function are passed to the authorization callout. Once the authorization decision is made, the callback function will be called, with the result and the callback_arg passed to it.

Parameters:

handle Pointer to an authorization handle

action Action to authorize

object Object that the action pertains to.

callback Callback function to call when authorization completes

callback_arg Argument to callback function

Returns:

GLOBUS_SUCCESS if successful, or a Globus error object on failure.

globus_result_t globus_gsi_authz_get_authorization_identity (globus_gsi_authz_handle_thandle, char **identity_ptr, globus_gsi_authz_cb_tcallback, void *callback_arg)

Query for authorization identity. Query for authorization identity by calling the GLOBUS_GSI_GET_AUTHORIZATION_IDENTITY callout.

Parameters:

handle The handle that is to be used for the identity check.

identity_ptr The authorization identity determined by the authorization handle. This is must be freed by the caller. If the value is NULL (and this function returned GLOBUS_SUCCESS), the caller should use the authenticated identity.

callback Callback function to call when identity is determined.

callback_arg Argument to callback function.

Returns:

GLOBUS_SUCCESS

globus_result_t globus_gsi_authz_handle_destroy (globus_gsi_authz_handle_thandle, globus_gsi_authz_cb_tcallback, void *callback_arg)

Destroy an authz handle. Initialize an authorization handle by calling the GLOBUS_GSI_AUTHZ_HANDLE_DESTROY function named in the authorization configuration file. Once the initialization is complete, the callback function is called, with the result and the callback_arg passed to it.

Parameters:

handle The handle that is to be destroyed

callback Callback function to call when handle is destroyed

callback_arg Argument to callback function

Returns:

GLOBUS_SUCCESS

globus_result_t globus_gsi_authz_handle_init (globus_gsi_authz_handle_t *handle, const char *service_name, const gss_ctx_id_tcontext, globus_gsi_authz_cb_tcallback, void *callback_arg)

Initialize an authorization handle. Initialize an authorization handle by calling the GLOBUS_GSI_AUTHZ_HANDLE_INIT function named in the authorization configuration file. The parameters to this function are passed to the authorization callout. Once the initialization is complete, the callback function is called, with the result and the callback_arg passed to it.

Parameters:

handle Pointer to the handle that is to be initialized

service_name Service to authorize access to

context Security context used to contact the service

callback Callback function to call when authz handle init completes

callback_arg Argument to callback function

Return values:

The globus_gsi_authz_handle_init() function returns GLOBUS_SUCCESS if successful, or a Globus error object on failure

See also:

globus_gsi_authz_handle_destroy()

globus_result_t globus_gsi_cancel_authz (globus_gsi_authz_handle_thandle)

Cancel Authorization. Cancel an authorization decision by calling the GLOBUS_GSI_AUTHZ_CANCEL function named in the authorization configuration file.

Parameters:

handle The authorization handle to cancel

Author

Generated automatically by Doxygen for globus_authz from the source code.