db2secRemapUserid API - Remap user ID and password
This API is called by the Db2® database manager on the client side to remap a given user ID and password (and possibly new password and usernamespace) to values different from those given at connect time.
The Db2 database manager only calls this API if a user ID and a password are supplied at connect time. This prevents a plug-in from remapping a user ID by itself to a user ID/password pair. This API is optional and is not called if it is not provided or implemented by the security plug-in.
API and data structure syntax
SQL_API_RC ( SQL_API_FN *db2secRemapUserid)
( char userid[DB2SEC_MAX_USERID_LENGTH],
db2int32 *useridlen,
char usernamespace[DB2SEC_MAX_USERNAMESPACE_LENGTH],
db2int32 *usernamespacelen,
db2int32 *usernamespacetype,
char password[DB2SEC_MAX_PASSWORD_LENGTH],
db2int32 *passwordlen,
char newpasswd[DB2SEC_MAX_PASSWORD_LENGTH],
db2int32 *newpasswdlen,
const char *dbname,
db2int32 dbnamelen,
char **errormsg,
db2int32 *errormsglen);db2secRemapUserid API parameters
- userid
- Input or output. The user ID to be remapped. If there is an input user ID value, then the API must provide an output user ID value that can be the same or different from the input user ID value. If there is no input user ID value, then the API should not return an output user ID value.
- useridlen
- Input or output. Length in bytes of the userid parameter value.
- usernamespace
- Input or output. The namespace of the user ID. This value can optionally be remapped. If no input parameter value is specified, but an output value is returned, then the usernamespace will be used by the Db2 database manager only for CLIENT type authentication and is disregarded for other authentication types.
- usernamespacelen
- Input or output. Length in bytes of the usernamespace parameter value. Under the limitation that the usernamespacetype parameter must be set to the value DB2SEC_NAMESPACE_SAM_COMPATIBLE (defined in db2secPlugin.h), the maximum length currently supported is 15 bytes.
- usernamespacetype
- Input or output. Old and new namespace type value. Currently,
the only supported namespace type value is DB2SEC_NAMESPACE_SAM_COMPATIBLE (corresponds
to a username style like
domain\myname). - password
- Input or output. As an input, it is the password that is to be remapped. As an output it is the remapped password. If an input value is specified for this parameter, the API must be able to return an output value that differs from the input value. If no input value is specified, the API must not return an output password value.
- passwordlen
- Input or output. Length in bytes of the password parameter value.
- newpasswd
- Input or output. As an input, it is the new password that is to be set. As an output it is the
confirmed new password. Note: This is the new password that is passed by the Db2 database manager into the newpassword parameter of the db2secValidatePassword API on the client or the server (depending on the value of the authentication database manager configuration parameter). If a new password was passed as input, then the API must be able to return an output value and it can be a different new password. If there is no new password passed in as input, then the API should not return an output new password.
- newpasswdlen
- Input or output. Length in bytes of the newpasswd parameter value.
- dbname
- Input. Name of the database to which the client is connecting.
- dbnamelen
- Input. Length in bytes of the dbname parameter value.
- errormsg
- Output. A pointer to the address of an ASCII error message string allocated by the plug-in that can be returned in this parameter if the db2secRemapUserid API execution is not successful.
- errormsglen
- Output. A pointer to an integer that indicates the length in bytes of the error message string in errormsg parameter.