The SECURID mechanism uses authentication and authorization identity and a passcode from a hardware token to authenticate users. This mechanism is only enabled in the client and server if you implement the respectively callbacks below and set them in the library (Chapter 7).
int (
*Gsasl_client_callback_authentication_id) (Gsasl_session_ctx * ctx, char * out, size_t * outlen)
ctx: libgsasl handle.
out: output array with authentication identity.
outlen: on input the maximum size of the output array, on output contains the actual size of the output array.
Type of callback function the application implements. It should populate the output array with authentiction identity of user and set the output array length, and return GSASL_OK, or fail with an error code. The authentication identity must be encoded in UTF-8, but need not be normalized in any way.
If OUT is NULL, the function should only populate the output length field with the length, and return GSASL_OK. This usage may be used by the caller to allocate the proper buffer size.
int (
*Gsasl_client_callback_authorization_id) (Gsasl_session_ctx * ctx, char * out, size_t * outlen)
ctx: libgsasl handle.
out: output array with authorization identity.
outlen: on input the maximum size of the output array, on output contains the actual size of the output array.
Type of callback function the application implements. It should populate the output array with authorization identity of user and set the output array length, and return GSASL_OK, or fail with an error code. The authorization identity must be encoded in UTF-8, but need not be normalized in any way.
If OUT is NULL, the function should only populate the output length field with the length, and return GSASL_OK. This usage may be used by the caller to allocate the proper buffer size.
int (
*Gsasl_client_callback_passcode) (Gsasl_session_ctx * ctx, char * out, size_t * outlen)
ctx: libgsasl handle.
out: output array with passcode.
outlen: on input the maximum size of the output array, on output contains the actual size of the output array.
Type of callback function the application implements. It should populate the output array with passcode of user and set the output array length, and return GSASL_OK, or fail with an error code.
If OUT is NULL, the function should only populate the output length field with the length, and return GSASL_OK. This usage may be used by the caller to allocate the proper buffer size.
int (
*Gsasl_server_callback_validate) (Gsasl_session_ctx * ctx, char * authentication_id, char * authorization_id, char * passcode, char * pin, char * suggestpin, size_t * suggestpinlen)
ctx: libgsasl handle.
authorization_id: input array with authorization identity.
authentication_id: input array with authentication identity.
passcode: input array with passcode.
pin: input array with new pin (this may be NULL).
suggestpin: output array with new suggested PIN.
suggestpinlen: on input the maximum size of the output array, on output contains the actual size of the output array.
Type of callback function the application implements. It should return GSASL_OK if and only if the validation of the provided credential was succesful. GSASL_AUTHENTICATION_ERROR is a good failure if authentication failed, but any available return code may be used.
Two SECURID specific error codes also exists. The function can return GSASL_SECURID_SERVER_NEED_ADDITIONAL_PASSCODE to request that the client generate a new passcode. It can also return GSASL_SECURID_SERVER_NEED_NEW_PIN to request that the client generate a new PIN. If the server wishes to suggest a new PIN it can populate the SUGGESTPIN field.
If SUGGESTPIN is NULL, the function should only populate the output length field with the length, and return GSASL_OK. This usage may be used by the caller to allocate the proper buffer size.