Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ rpc_server_register_auth_info(3rpc) — DCE 3.1

Media Vault

Software Library

Restoration Projects

Artifacts Sought

rpc_server_register_auth_info(3rpc)  —  Subroutines

NAME

rpc_server_register_auth_info — Registers server-key based authentication information with the RPC runtime;  used by server applications

Synopsis

void rpc_server_register_auth_info(
unsigned_char_t ∗server_princ_name,
unsigned32 authn_svc,
rpc_auth_key_retrieval_fn_t get_key_fn,
void ∗arg,
unsigned32 ∗status);

Parameters

Input

server_princ_name
Specifies the principal name to use for the server when authenticating remote procedure calls using the service specified by authn_svc.  The content of the nam e and its syntax is defined by the authentication service in use. 

authn_svcSpecifies the authentication service to use when the server receives a remote procedure call request.  The following authentication services are supported:

rpc_c_authn_none
No authentication.

rpc_c_authn_dce_secret
DCE shared-secret key authentication.

rpc_c_authn_dce_public
DCE public key authentication (reserved for future use).

rpc_c_authn_default
DCE default authentication service.

get_key_fn
Specifies the address of a server-provided routine that returns encryption keys.

The following C definition for rpc_auth_key_ret rieval_fn_t illustrates the prototype for the encryption key acquisition routine:

typedef void (∗rpc_auth_key_retrieval_fn_t)
 (
  void            ∗arg,                 /∗ in ∗/
  unsigned_char_t ∗server_princ_name,   /∗ in ∗/
  unsigned32      key_type,             /∗ in ∗/
  unsigned32      key_ver,              /∗ in ∗/
  void            ∗∗key,               /∗ out ∗/
  unsigned32      ∗status              /∗ out ∗/
 );

The RPC runtime passes the server_princ_name parameter value specified on the call to rpc_server_register_auth_info(!), as the server_princ_name parameter value, to the get_key_fn key acquisition routine.  The RPC runtime automatically provides a value for the key version (key_ver) parameter.  For a key_ver value of 0 (zero), the key acquisition routine must return the most recent key available.  The routine returns the key in the key parameter. 

Note:

The key_type parameter specifies a Kerberos encryption key type.  Because currently the DCE supports only DES encryption, this parameter can be ignored. 

If the key acquisition routine, when called from the rpc_server_register_auth_info(!) routine, returns a status other than rpc_s_ok, the rpc_server_register_auth_info(!) routine fails and returns the error status to the calling server. 

If the key acquisition routine, when called by the RPC runtime while authenticating a client remote procedure call request, returns a status other than rpc_s_ok, the request fails and the RPC runtime returns the error status to the client. 

argSpecifies an argument to pass to the get_key_fn key acquisition routine, if specified.  (See the description of the get_key_fn parameter for details.) 

Specify NULL for arg to use the default key table file, /krb/v5srvtab.  The calling server must be root to access this file. 

If arg is a key table filename, the file must have been created with the ktadd command.  If the specified key table file resides in /krb5, you can supply only the filename.  If the file does not reside in /krb5, you must supply the full pathname.  You must prepend the file’s absolute pathname with the prefix FILE:. 

Output

statusReturns the status code from this routine.  This status code indicates whether the routine completed successfully or, if not, why not. 

Description

The rpc_server_register_auth_info() routine registers an authentication service to use for authenticating remote procedure calls to a particular server principal. This routine is used for server-key based authentication.  Use the rpc_server_register_auth_ident() routine for user-to-user authentication. 

A server calls this routine once for each authentication service and principal name combination that it wants to register.  The authentication service specified by a client (using the rpc_binding_set_auth_info() routine) must be one of the authentication services registered by the server.  If it is not, the client’s remote procedure call request fails with an rpc_s_unknown_authn_service status code. 

The following table shows the RPC runtime behavior for acquiring encryption keys for each supported authentication service.  Note that if authn_svc is rpc_c_authn_default, then get_key_fn must be NULL. 

RPC Key Acquisition for Authentication Services
_ _ _ _
authn_svc get_key_fn arg Runtime Behavior
_ _ _ _
rpc_c_authn_default NULL NULL Uses the default method of encryption key acquisition from the default key table. 
_ _ _ _
rpc_c_authn_default NULL non-NULL Uses the default method of encryption key acquisition from the specified key table. 
_ _ _ _
rpc_c_authn_default non-NULL Ignored Error returned.
_ _ _ _
rpc_c_authn_none Ignored Ignored No authentication performed.
_ _ _ _
rpc_c_authn_dce_secret NULL NULL Uses the default method of encryption key acquisition from the default key table. 
_ _ _ _
rpc_c_authn_dce_secret NULL non-NULL Uses the default method of encryption key acquisition from the specified key table. 
_ _ _ _
rpc_c_authn_dce_secret non-NULL NULL Uses the specified encryption key acquisition routine to obtain keys from the default key table. 
_ _ _ _

RPC Key Acquisition for Authentication Services


_ _ _ _
authn_svc get_key_fn arg Runtime Behavior
_ _ _ _
rpc_c_authn_dce_secret non-NULL non-NULL Uses the specified encryption key acquisition routine to obtain keys from the specified key table. 
_ _ _ _
rpc_c_authn_dce_public Ignored Ignored (Reserved for future use.)
_ _ _ _

Return Values

No value is returned. 

Errors

The following describes a partial list of errors that might be returned.  Refer to the OSF DCE Problem Determination Guide for complete descriptions of all error messages. 

rpc_s_ok
Success.

rpc_s_unknown_authn_service
Unknown authentication service.

rpc_s_key_func_not_allowed
authn_svc is rpc_c_authn_default and a nonnull value was supplied for get_key_fn parameter. 

Related Information

Functions: rpc_binding_set_auth_info(3rpc), rpc_server_register_auth_ident(3rpc). 

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026