If the authentication methods that an authentication authority implements are known, the authentication
authority may be used to deduce those authentication methods that are available for a user. Note, however,
that it is possible to disable hash storage on a per-user basis, which has the effect of disabling some
authentication methods that would otherwise be available.
Directory Native Authentication
The sample code Listing 2-4 (page 30) demonstrates directory native authentication. In the sample code,
the inDirNodeRef parameter contains a node reference for the node, inUserName parameter contains the
user name that is to be authenticated to the node, the inUserPassword contains the password in cleartext
that is to be used to authenticate the user name.
Listing 2-4 Authenticating using directory native authentication
Bool DoNodeNativeAuthentication ( const tDirReference inDirRef,
const tDirNodeReference inDirNodeRef,
const char *inUserName,
const char *inUserPassword )
{
// Native authentication is a one step authentication scheme.
// Step 1
// Send: <length><recordname>
// <length><cleartextpassword>
// Receive: success or failure.
tDataNodePtr anAuthType2Use = NULL;
tDataBufferPtr anAuthDataBuf = NULL;
tDataBufferPtr aAuthRespBuf = NULL;
tDirStatus aDirErr = eDSNoErr;
tContextData aContinueData = NULL;
long aDataBufSize = 0;
long aTempLength = 0;
long aCurLength = 0;
bool aResult = false;
// First, specify the type of authentication.
anAuthType2Use =
dsDataNodeAllocateString(inDirRef,kDSStdAuthNodeNativeClearTextOK);
// The following is an optional method of authentication that allows the
// plug-in to choose the authentication method, but the client can
// "restrict" the authentication request to be "secure" and not use
// cleartext. Both authentication methods take the same buffer arguments.
/* anAuthType2Use = dsDataNodeAllocate(inDirRef,
kDSStdAuthNodeNativeNoClearText); */
aDataBufSize += sizeof(long) + ::strlen(inUserName);
aDataBufSize += sizeof(long) + ::strlen(inUserPassword);
anAuthDataBuf = dsDataBufferAllocate(inDirRef, aDataBufSize);
aAuthRespBuf = dsDataBufferAllocate(inDirRef, 512); // For the response.
// Put all of the authentication arguments into the data buffer.
aTempLength = ::strlen(inUserName);
::memcpy(&(anAuthDataBuf->fBufferData[aCurLength]), &aTempLength,
sizeof(long));
aCurLength += sizeof(long);
::memcpy(&(anAuthDataBuf->fBufferData[aCurLength]), inUserName, aTempLength);
aCurLength += aTempLength;
aTempLength = ::strlen(inUserPassword);
30
Authenticating a User to a Node
2007-01-08 | © 2007 Apple Inc. All Rights Reserved.
CHAPTER 2
Working with Nodes