Menu

SXMP Authentification process

development (4) userdoc (1) auth (1) authentification (1) certificates (1)
Alexander Vdolainen

SXMP Authentification

NOTE: libsxmp 0.4.xx uses TLS 1.2 as an underlying transport layer. It's applicable for the desired use cases. BTW, it might be changed to support more advanced features later, and it will comes with the next 0.5.xx - branches. This page describe a process for the 0.4.xx branch.

TLS handshake used

To create a connection between two sides TLS used. Client and server checking certificates of each other. Client must have a public X.509 certificate of the server and X.509 public and private key created for the client and signed by the server X.509 private key. i.e. certificate checking going on both sides.

Certificate authentification

SXMP provides a special ability to make an additional check, or limit access to the server side functions by the client X.509 certificate ID. This check going thru the user provided callback.
To assign this custom callback use:
sxhub_set_sslvalidate(c, f)
Where c is a sxhub_t and f is a pointer to the function:
int (*your_function)(sxlink_t *);

Login and password pair

If certificate check goes well, client send login and password pair that might be checked by another custom callback assigned by the following:
sxhub_set_authcheck(c, f)
Where c is a sxhub_t and f is a pointer to the function:
int (*your_function)(sxlink_t *);

RPC limitation per session

If login and password has checked successfully the next step is a so-called RPC channels filtering. That means you are able to limit for user/certificate owner functionality. For example you have two sets of RPC, one of those for view some data, second one for create some data. And if you wish you can limit access to some user/certificate owner an access for the second RPC set creating read-only access.
For those purposes you need to set your own custom callback to do this:
sxhub_set_channelcall(c, f)
Where c is a sxhub_t and f is a pointer to the function:
usrtc_t* (*get_rpc_typed_list_tree)(sxlink_t *)
To make life easy a few functions to filter RPC sets exists:

int sxmp_rpclist_init(usrtc_t *tree);

int sxmp_rpclist_add(usrtc_t *tree, int type, const char *description,
                     const char *version);

int sxmp_rpclist_add_function(usrtc_t *tree, int type, const char *fu_name,
                              int (*rpcf)(void *, sexp_t *));

int sxmp_rpclist_filter(usrtc_t *source, usrtc_t **dest, int flag, int *filter);

All things might be found in manual pages going as a part of library.

Related

Wiki: Home

MongoDB Logo MongoDB