db2secGetDefaultLoginContext API - Get default login context

Determines the user associated with the default login context, that is, determines the Db2® authid of the user invoking a Db2 command without explicitly specifying a user ID (either an implicit authentication to a database, or a local authorization). This API must return both an authid and a user ID.

API and data structure syntax

     SQL_API_RC ( SQL_API_FN *db2secGetDefaultLoginContext) 
                           ( char authid[DB2SEC_MAX_AUTHID_LENGTH],
                             db2int32 *authidlen,
                             char userid[DB2SEC_MAX_USERID_LENGTH],
                             db2int32 *useridlen,
                             db2int32 useridtype,
                             char usernamespace[DB2SEC_MAX_USERNAMESPACE_LENGTH],
                             db2int32 *usernamespacelen,
                             db2int32 *usernamespacetype,
                             const char *dbname,
                             db2int32 dbnamelen,
                             void      **token,
                             char      **errormsg,
                             db2int32 *errormsglen );

db2secGetDefaultLoginContext API parameters

authid

Output. The parameter in which the authid should be returned. The returned value must conform to Db2 authid naming rules, or the user will not be authorized to perform the requested action.

authidlen

Output. Length in bytes of the authid parameter value.

userid

Output. The parameter in which the user ID associated with the default login context should be returned.

useridlen

Output. Length in bytes of the userid parameter value.

useridtype

Input. Indicates if the real or effective user ID of the process is being specified. On Windows, only the real user ID exists. On UNIX and Linux®, the real user ID and effective user ID can be different if the uid user ID for the application is different than the ID of the user executing the process. Valid values for the userid parameter (defined in db2secPlugin.h) are:

DB2SEC_PLUGIN_REAL_USER_NAME: Indicates that the real user ID is being specified.
DB2SEC_PLUGIN_EFFECTIVE_USER_NAME: Indicates that the effective user ID is being specified.
Note: Some plug-in implementations might not distinguish between the real and effective user ID. In particular, a plug-in that does not use the UNIX or Linux identity of the user to establish the Db2 authorization ID can safely ignore this distinction.

usernamespace

Output. The namespace of the user ID.

usernamespacelen

Output. Length in bytes of the usernamespace parameter value. Under the limitation that the usernamespacetype parameter must be set to the value DB2SEC_NAMESPACE_SAM_COMPATIBLE (defined in db2secPlugin.h), the maximum length currently supported is 15 bytes.

usernamespacetype

Output. Namespace type value. Currently, the only supported namespace type is DB2SEC_NAMESPACE_SAM_COMPATIBLE (corresponds to a username style like domain\myname).

dbname

Input. Contains the name of the database being connected to, if this call is being used in the context of a database connection. For local authorization actions or instance attachments, this parameter is set to NULL.

dbnamelen

Input. Length in bytes of the dbname parameter value.

token

Output. This is a pointer to data allocated by the plug-in that it might pass to subsequent authentication calls in the plug-in, or possibly to the group retrieval plug-in. The structure of this data is determined by the plug-in writer.

errormsg

Output. A pointer to the address of an ASCII error message string allocated by the plug-in that can be returned in this parameter if the db2secGetDefaultLoginContext API execution is not successful.

errormsglen

Output. A pointer to an integer that indicates the length in bytes of the error message string in errormsg parameter.