Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ rpc_binding_inq_auth_client(3) — OSF1 1.0

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

rpc_binding_inq_auth_info(3)

rpc_binding_set_auth_info(3)

rpc_string_free(3)

rpc_binding_inq_auth_client(3)  —  Subroutines

NAME

rpc_binding_inq_auth_client - Returns authentication and authorization information from the binding handle for an authenticated client

Used by server applications. 

SYNOPSIS

#include <dce/rpc.h>
#include <dce/id_base.h>
void rpc_binding_inq_auth_client(

rpc_binding_handle_t binding ,
rpc_authz_handle_t ∗privs ,
unsigned_char_t ∗∗server_princ_name ,
unsigned32 ∗protect_level ,
unsigned32 ∗authn_svc ,
unsigned32 ∗authz_svc ,
unsigned32 ∗status );

PARAMETERS

Input

bindingSpecifies the client binding handle from which to return the authentication and authorization information. 

Output

privsReturns a handle to the authorization information for the client that made the remote procedure call on binding.  The server must cast this handle to the data type specified by authz_svc.  The following table shows how to cast the return value:

Table 0-0.  Casts for Authorization Information

For authz_svc value: privs contains this data: Use this cast:
rpc_authz_none A NULL value. None
rpc_authz_name The calling client’s (unsigned_char_t ∗)
principal name.
rpc_authz_dce The calling client’s (sec_id_pac_t ∗)
privilege attribute
certificate.

The data referenced by this argument is read-only and should not be modified by the server.  If the server wants to preserve any of the returned data, it must copy the data into server-allocated memory.

server_princ_nameReturns a pointer to the server principal name specified by the client that made the remote procedure call on binding.  The content of the returned name and its syntax is defined by the authentication service in use.  Specifying NULL prevents the routine from returning this argument.  In this case, the caller does not have to call the rpc_string_free routine. 

protect_levelReturns the protection level requested by the client that made the remote procedure call on binding.  The protection level determines the degree to which authenticated communications between the client and the server are protected.  Specifying NULL prevents the routine from returning this argument.  The possible protection levels are

rpc_c_protect_level_default
Use the default protection level for the specified authentication service.

rpc_c_protect_level_nonePerform no protection. 

rpc_c_protect_level_connect
Perform protection only when the client establishes a relationship with the server.

rpc_c_protect_level_callPerform protection only at the beginning of each remote procedure call when the server receives the request. 

rpc_c_protect_level_pktEnsure that all data received is from the expected client. 

rpc_c_protect_level_pkt_integrity
Ensure and verify that none of the data transferred between client and server has been modified.

rpc_c_protect_level_pkt_privacy
Perform protection as specified by all of the previous levels and also encrypt each remote procedure call argument value.

authn_svcReturns the authentication service requested by the client that made the remote procedure call on binding.  Specifying NULL prevents the routine from returning this argument.  The possible authentication services are

rpc_c_authn_noneNo authentication

rpc_c_authn_dce_secretDCE shared-secret key authentication

rpc_c_authn_dce_publicDCE public key authentication (reserved for future use)

rpc_c_authn_defaultDCE default authentication service

authz_svcReturns the authorization service requested by the client that made the remote procedure call on binding.  Specifying NULL prevents the routine from returning this argument.  The possible authorization services are

rpc_c_authz_noneServer performs no authorization. 

rpc_c_authz_nameServer performs authorization based on the client principal name. 

rpc_c_authz_dceServer performs authorization using the client’s DCE privilege attribute certificate (PAC) sent to the server with each remote procedure call made with binding.  Generally, access is checked against DCE access control lists (ACLs). 

statusReturns the status code from this routine.  This status code indicates whether the routine completed successfully or, if not, why not.  The possible status codes and their meanings are as follows:

rpc_s_okSuccess. 

rpc_s_invalid_bindingInvalid binding handle. 

rpc_s_wrong_kind_of_binding
Wrong kind of binding for operation.

rpc_s_binding_has_no_auth
Binding has no authentication information.

DESCRIPTION

The rpc_binding_inq_auth_client routine returns authentication and authorization information associated with the client identified by binding.  The calling server manager routine can use the returned data for authorization purposes. 

The RPC runtime allocates memory for the returned server_princ_name argument.  The server is responsible for calling the rpc_string_free routine for the returned argument string. 

For applications in which the client side uses the IDL auto_handle or implicit_handle attribute, the server side needs to be built with the IDL explicit_handle attribute specified in the Attribute Configuration File (ACF).  Using explicit_handle provides binding as the first argument to each server manager routine. 

NOTES

For this release, the RPC authentication (RPC auth) routines are not implemented, nor is an independent security service provided. 

RETURN VALUES

None. 

RELATED INFORMATION

Functions: rpc_binding_inq_auth_info(3), rpc_binding_set_auth_info(3), rpc_string_free(3)

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026