Digital DCE for OpenVMS VAX and OpenVMS Alpha
Reference Guide


Previous Contents Index


rpc_server_register_auth_info

This routine registers authentication information with the RPC runtime. It is used by server applications.

Syntax


#include <dce/rpc.h> 
 
void rpc_server_register_auth_info( 
        unsigned_char_t *server_princ_name, 
        unsigned32 authn_svc, 
        rpc_auth_key_retrieval_fn_t get_key_fn, 
        void *arg, 
        unsigned32 *status); 
 


Arguments

INPUT

server_princ_name

Specifies the principal name to use for the server when authenticating remote procedure calls using the service specified by authn_svc. The content of the name and its syntax is defined by the authentication service in use.

authn_svc

Specifies the authentication service to use when the server receives a remote procedure call request. The following authentication services are supported:

get_key_fn

Specifies the address of a server-provided routine that returns encryption keys. The following C definition for rpc_auth_key_retrieval_fn_t illustrates the prototype for the encryption key acquisition routine:


typedef void (*rpc_auth_key_retrieval_fn_t) 
 ( 
  void            *arg,               /* in  */ 
  unsigned_char_t *server_princ_name, /* in  */ 
  unsigned32      key_type,           /* in  */ 
  unsigned32      key_ver,            /* in  */ 
  void            **key,              /* out */ 
  unsigned32      *status             /* out */ 
 ); 
 

The RPC runtime passes the server_princ_name parameter value specified on the call to rpc_server_register_auth_info(), as the server_princ_name parameter value, to the get_key_fn key acquisition routine. The RPC runtime automatically provides a value for the key version (key_ver) parameter. For a key_ver value of 0 (zero), the key acquisition routine must return the most recent key available. The routine returns the key in the key parameter. The key_type parameter specifies a Kerberos encryption key type. Because currently the DCE supports only DES encryption, this parameter can be ignored.

If the key acquisition routine, when called from the rpc_server_register_auth_info() routine, returns a status other than rpc_s_ok, the rpc_server_register_auth_info() routine fails and returns the error status to the calling server.

If the key acquisition routine, when called by the RPC runtime while authenticating a client remote procedure call request, returns a status other than rpc_s_ok, the request fails and the RPC runtime returns the error status to the client.

arg

Specifies an argument to pass to the get_key_fn key acquisition routine, if specified. (See the description of the get_key_fn parameter for details.)

Specify NULL for arg to use the default key table file, /krb/v5srvtab. The calling server must be root to access this file.

If arg is a key table file name, the file must have been created with the ktadd command. If the specified key table file resides in /krb5, you can supply only the file name. If the file does not reside in /krb5, you must supply the full pathname. You must prepend the file's absolute pathname with the prefix FILE:.

OUTPUT

status

Returns the status code from this routine. This status code indicates whether the routine completed successfully or, if not, why not.

The possible status codes and their meanings are as follows:


Description

The rpc_server_register_auth_info() routine registers an authentication service to use for authenticating remote procedure calls to a particular server principal. A server calls this routine once for each authentication service and principal name combination that it wants to register.

The authentication service specified by a client (using the rpc_binding_set_auth_info() routine) must be one of the authentication services registered by the server. If it is not, the client's remote procedure call request fails with an rpc_s_unknown_authn_service status code.

The following table shows the RPC runtime behavior for acquiring encryption keys for each supported authentication service. Note that if authn_svc is rpc_c_authn_default, then get_key_fn must be NULL. Also note that if authn_svc is rpc_c_authn_winnt, then get_key_fn must be NULL.
RPC Key Acquisition for Authentication Services
authn_svc get_key_fn arg Runtime Behavior
rpc_c_authn_default NULL NULL Uses the default method of encryption key acquisition from the default key table.
rpc_c_authn_default NULL non-NULL Uses the default method of encryption key acquisition from the specified key table.
rpc_c_authn_default non-NULL Ignored Error returned.
rpc_c_authn_none Ignored Ignored No authentication performed.
rpc_c_authn_dce_secret NULL NULL Uses the default method of encryption key acquisition from the default key table.
rpc_c_authn_dce_secret NULL non-NULL Uses the default method of encryption key acquisition from the specified key table.
rpc_c_authn_dce_secret non-NULL NULL Uses the specified encryption key acquisition routine to obtain keys from the default key table.
rpc_c_authn_dce_secret non-NULL non-NULL Uses the specified encryption key acquisition routine to obtain keys from the specified key table.
rpc_c_authn_dce_public Ignored Ignored Reserved for future use.
rpc_c_authn_winnt NULL Ignored Uses the default method of encryption key acquisition from the default key table.
rpc_c_authn_winnt non-NULL Ignored Error returned.


Return Values

No value is returned.

See Also


rpc_binding_inq_auth_client

This routine returns authentication and authorization information from the binding handle for an authenticated client. It is used by server applications.

Syntax


#include <dce/rpc.h> 
#include <dce/id_base.h> 
 
void rpc_binding_inq_auth_client( 
        rpc_binding_handle_t binding, 
        rpc_authz_handle_t *privs, 
        unsigned_char_t **server_princ_name, 
        unsigned32 *protect_level, 
        unsigned32 *authn_svc, 
        unsigned32 *authz_svc, 
        unsigned32 *status); 
 


Arguments

INPUT

binding

Specifies the client binding handle from which to return the authentication and authorization information.

OUTPUT

privs

Returns a handle to the authorization information for the client that made the remote procedure call on binding.

The server must cast this handle to the data type specified by authn_svc and authz_svc.

If the authn_svc is rpc_c_authn_winnt the return value must be cast to an (unsigned_char_t *). When the authn_svc is rpc_c_authn_winnt the return value is the domain and username of the client that made the request. The string is in the form of \\domain_name\user_name. If the domain name is not obtainable then just the username will be returned (with no slashes).

If the authn_svc is rpc_c_authn_dce_secret, the following table shows how to cast the return value.
Casts for Authorization Information
For authz_svc value: privs contains this data: Use this cast:
rpc_c_authz_none A NULL value. None
rpc_c_authz_name The calling client's principal name. (unsigned_char_t *)
rpc_c_authz_dce The calling client's privilege attribute certificate. (sec_id_pac_t *)

Note that rpc_c_authz_none is valid only if the authn_svc parameter is rpc_c_authn_none or rpc_c_authn_winnt.

The data referenced by this parameter is read-only and should not be modified by the server. If the server wants to preserve any of the returned data, it must copy the data into server- allocated memory.

Specifying NULL prevents the routine from returning this parameter.

server_princ_name

If authz_svc is rpc_c_authn_dce_secret, this parameter returns a pointer to the server principal name specified by the client that made the remote procedure call on binding.

If authz_svc is rpc_c_authn_winnt, this parameter returns a pointer to the server principal name specified by the server when it called rpc_server_register_auth_info().

The content of the returned name and its syntax is defined by the authentication service in use. Specifying NULL prevents the routine from returning this parameter. In this case, the caller does not have to call the rpc_string_free() routine.

protect_level

Returns the protection level requested by the client that made the remote procedure call on binding. The protection level determines the degree to which authenticated communications between the client and the server are protected. Specifying NULL prevents the routine from returning this parameter.

The possible protection levels are as follows:

authn_svc

Returns the authentication service requested by the client that made the remote procedure call on binding. Specifying NULL prevents the routine from returning this parameter.

The possible authentication services are as follows:

authz_svc

Returns the authorization service requested by the client that made the remote procedure call on binding. Specifying NULL prevents the routine from returning this parameter.

The possible authorization services are as follows:

status

Returns the status code from this routine. This status code indicates whether the routine completed successfully or, if not, why not.

The possible status codes and their meanings are as follows:


Description

The rpc_binding_inq_auth_client() routine returns authentication and authorization information associated with the client identified by binding. The calling server manager routine can use the returned data for authorization purposes.

The RPC runtime allocates memory for the returned server_princ_name parameter. The server is responsible for calling the rpc_string_free() routine for the returned parameter string.

For applications in which the client side uses the IDL auto_handle or implicit_handle attribute, the server side needs to be built with the IDL explicit_handle attribute specified in the Attribute Configuration File (ACF). Using explicit_handle provides binding as the first parameter to each server manager routine.


Return Values

No value is returned.

See Also


Chapter 12
DCL Command Interfaces to DCE Tools

This chapter provides DCL syntax and usage information for the Interface Definition Language (IDL) compiler, the NIDL-to-IDL converter (IDL/CONVERT), and the Universal Unique Identifier Generator (UUIDGEN) utility. (NIDL is the Network Interface Definition Language.)

12.0.1 IDL Compiler

This section provides DCL syntax for commands to the IDL compiler. Except where noted, IDL DCL command syntax is equivalent to the IDL universal command syntax documented in the idl(1rpc) section of the Digital DCE Application Development Reference. See the reference documentation for a complete description of the IDL universal command syntax.

NAME

SYNOPSIS

QUALIFIERS

/CONVERT

/SERVER_FILES [=(option[,...])]
/NOSERVER_FILES

/INCLUDE_DIRECTORY [=directory[,...])] (default)
/NOINCLUDE_DIRECTORY

/PREPROCESS
/NOPREPROCESS (default)

/DEFINE [=(identifier[=definition][,...])]
/NODEFINE (default)

/UNDEFINE [=(identifier[,...])]
/NOUNDEFINE (default)

/SYNTAX_ONLY
/NOSYNTAX_ONLY (default)

/OPTIMIZE [={SPEED | SPACE }]
/OPTIMIZE = SPEED (default)

/OUTPUT_DIRECTORY [=directory]
/NOOUTPUT_DIRECTORY (default)

/HEADER_FILE = filename
/HEADER_FILE=filename.H (default)

/KEEP [=option]
/NOKEEP

/CC_COMMAND [="command-line"]
/NOCC_COMMAND
/CC_COMMAND="CC/G_FLOAT/STANDARD=NOPORTABLE" (default)

/CC_QUALIFIERS [="command-qualifiers"]
/NOCC_QUALIFIERS (default)

/REPAIR [=(option[,...])]
/NOREPAIR

/VERIFY
/NOVERIFY (default)

/WARNINGS (default)
/NOWARNINGS

/LOG
/NOLOG (default)

/LANGUAGE [={CC | FORTRAN}]
/LANGUAGE=CC (default)
/LANGUAGE=CXX

/STANDARD [={[NO]PORTABLE | DCE_V10 | DEC_V10 | EXTENDED}]
/STANDARD=PORTABLE (default)

/DIAGNOSTICS [=filename]
/NODIAGNOSTICS (default)

/ENTRY_POINT_VECTOR [=(option[,...])]
/NOENTRY_POINT_VECTOR
/ENTRY_POINT_VECTOR=(NOCLIENT, MANAGER) (default)

/TRACE [=(option\italic)[,...])]
/NOTRACE (default)

/VERSION
/NOVERSION (default)


Previous Next Contents Index