Apple OS X Directory Native Authentication, Authenticating using directory native authentication

Page 30

C H A P T E R 2

Working with Nodes

If the authentication methods that an authentication authority implements are known, the authentication authority may be used to deduce those authentication methods that are available for a user. Note, however, that it is possible to disable hash storage on a per-user basis, which has the effect of disabling some authentication methods that would otherwise be available.

Directory Native Authentication

The sample code Listing 2-4(page 30) demonstrates directory native authentication. In the sample code, the inDirNodeRef parameter contains a node reference for the node, inUserName parameter contains the user name that is to be authenticated to the node, the inUserPassword contains the password in cleartext that is to be used to authenticate the user name.

Listing 2-4

Authenticating using directory native authentication

Bool DoNodeNativeAuthentication (

const tDirReference inDirRef,

 

const

tDirNodeReference inDirNodeRef,

 

const

char *inUserName,

 

const

char *inUserPassword )

{

 

 

//Native authentication is a one step authentication scheme.

//Step 1

//Send: <length><recordname>

//<length><cleartextpassword>

//Receive: success or failure.

tDataNodePtr anAuthType2Use = NULL; tDataBufferPtr anAuthDataBuf = NULL; tDataBufferPtr aAuthRespBuf = NULL; tDirStatus aDirErr = eDSNoErr; tContextData aContinueData = NULL; long aDataBufSize = 0;

long aTempLength = 0; long aCurLength = 0; bool aResult = false;

//First, specify the type of authentication. anAuthType2Use =

dsDataNodeAllocateString(inDirRef,kDSStdAuthNodeNativeClearTextOK);

//The following is an optional method of authentication that allows the

//plug-in to choose the authentication method, but the client can

//"restrict" the authentication request to be "secure" and not use

//cleartext. Both authentication methods take the same buffer arguments. /* anAuthType2Use = dsDataNodeAllocate(inDirRef,

kDSStdAuthNodeNativeNoClearText); */

aDataBufSize += sizeof(long) + ::strlen(inUserName); aDataBufSize += sizeof(long) + ::strlen(inUserPassword); anAuthDataBuf = dsDataBufferAllocate(inDirRef, aDataBufSize); aAuthRespBuf = dsDataBufferAllocate(inDirRef, 512); // For the response.

//Put all of the authentication arguments into the data buffer. aTempLength = ::strlen(inUserName); ::memcpy(&(anAuthDataBuf->fBufferData[aCurLength]), &aTempLength,

sizeof(long));

aCurLength += sizeof(long); ::memcpy(&(anAuthDataBuf->fBufferData[aCurLength]), inUserName, aTempLength); aCurLength += aTempLength;

aTempLength = ::strlen(inUserPassword);

30Authenticating a User to a Node

2007-01-08 © 2007 Apple Inc. All Rights Reserved.

Image 30
Contents Open Directory Programming Guide Apple Inc Contents N T E N T S Figures, Tables, and Listings G U R E S , T a B L E S , a N D L I S T I N G S Organization of This Document See AlsoIntroduction See Also Concepts Open Directory OverviewNodes 1Flow of an Open Directory request2An Open Directory request over a network Search Policies and Search Nodes Record TypesConstant Description Standard Attribute Types Standard attribute for storing a unique ID commonly foundAuthentication Native Attribute TypesBasic Authentication Open Directory Overview Local Windows Hash Authentication Local Cached User Authentication Disabled User Authentication Directory Native Authentication Directory ProxyOpen Directory, lookupd, and NetInfo 3lookupd and NetInfo interaction when using SSH Directory Service Command Line Utility DebuggingWorking with Nodes Listing Registered NodesWorking with Nodes Finding a Node Opening and Closing a Node Authenticating a User to a Node Directory Native Authentication Authenticating using directory native authenticationWorking with Nodes Working with Nodes Authenticating a User to a Node Working with Records Listing RecordsListing Records Getting Information About a Record’s Attribute Working with RecordsGetting Information About a Record’s Attribute Setting the Name of a Record Working with Records Listing 3-3Setting the name of a record Creating a Record and Adding an Attribute Void CreateRecord const tDirNodeReference inDirNodeRef Deleting a Record Working with Records Document Revision History Document Revision History
Related manuals
Manual 32 pages 7.58 Kb