flux_sign_unwrap(3)¶
SYNOPSIS¶
#include <flux/security/sign.h>
enum {
FLUX_SIGN_NOVERIFY = 1,
};
int flux_sign_unwrap (flux_security_t *ctx,
const char *input,
const void **buf,
int *len,
int64_t *userid,
int flags);
int flux_sign_unwrap_anymech (flux_security_t *ctx,
const char *input,
const void **buf,
int *len,
const char **mech_type,
int64_t *userid,
int flags);
DESCRIPTION¶
flux_sign_unwrap()
verifies the signature of a credential input, which
was produced by flux_sign_wrap(3). If successful, the payload is
assigned to buf, the payload length is assigned to len, the signing user
is assigned to userid, and the signing mechanism is assigned to mech_type.
flags may be zero or a bitmask of the following values:
- FLUX_SIGN_NOVERIFY
Allow the function to return success and assign output parameters even if the signature verification fails.
Assignment of any of the output parameters may be suppressed by passing in a NULL value.
flux_sign_unwrap_anymech()
is identical to flux_sign_unwrap()
, except
that signature verification can succeed even if the mechanism is not one of
the allowed types defined by flux-config-security-sign(5).
RETURN VALUE¶
flux_sign_unwrap()
and flux_sign_unwrap_anymech()
return 0 on success,
or -1 on failure with errno set. In addition, a human readable error string
may be retrieved using flux_security_last_error(3).
ERRORS¶
- EINVAL
Some arguments were invalid.
- ENOMEM
Out of memory.
RESOURCES¶
Flux: http://flux-framework.org
RFC 15: Independent Minister of Privilege for Flux: The Security IMP: https://flux-framework.readthedocs.io/projects/flux-rfc/en/latest/spec_15.html
SEE ALSO¶
flux_security_create(3), flux_security_wrap(7), flux_security_last_error(3), flux-config-security-sign(5)