Previous | Contents | Index |
This routine registers authentication information with the RPC runtime. It is used by server applications.
#include <dce/rpc.h> void rpc_server_register_auth_info( unsigned_char_t *server_princ_name, unsigned32 authn_svc, rpc_auth_key_retrieval_fn_t get_key_fn, void *arg, unsigned32 *status);
INPUT
server_princ_name
Specifies the principal name to use for the server when authenticating remote procedure calls using the service specified by authn_svc. The content of the name and its syntax is defined by the authentication service in use.authn_svc
Specifies the authentication service to use when the server receives a remote procedure call request. The following authentication services are supported:
- rpc_c_authn_none
No authentication.- rpc_c_authn_dce_secret
DCE shared-secret key authentication.- rpc_c_authn_dce_public
DCE public key authentication (reserved for future use).- rpc_c_authn_default
DCE default authentication service.- rpc_c_authn_winnt
Microsoft's NTLM authentication protocol.get_key_fn
Specifies the address of a server-provided routine that returns encryption keys. The following C definition for rpc_auth_key_retrieval_fn_t illustrates the prototype for the encryption key acquisition routine:
typedef void (*rpc_auth_key_retrieval_fn_t) ( void *arg, /* in */ unsigned_char_t *server_princ_name, /* in */ unsigned32 key_type, /* in */ unsigned32 key_ver, /* in */ void **key, /* out */ unsigned32 *status /* out */ );The RPC runtime passes the server_princ_name parameter value specified on the call to rpc_server_register_auth_info(), as the server_princ_name parameter value, to the get_key_fn key acquisition routine. The RPC runtime automatically provides a value for the key version (key_ver) parameter. For a key_ver value of 0 (zero), the key acquisition routine must return the most recent key available. The routine returns the key in the key parameter. The key_type parameter specifies a Kerberos encryption key type. Because currently the DCE supports only DES encryption, this parameter can be ignored.
If the key acquisition routine, when called from the rpc_server_register_auth_info() routine, returns a status other than rpc_s_ok, the rpc_server_register_auth_info() routine fails and returns the error status to the calling server.
If the key acquisition routine, when called by the RPC runtime while authenticating a client remote procedure call request, returns a status other than rpc_s_ok, the request fails and the RPC runtime returns the error status to the client.
arg
Specifies an argument to pass to the get_key_fn key acquisition routine, if specified. (See the description of the get_key_fn parameter for details.)Specify NULL for arg to use the default key table file, /krb/v5srvtab. The calling server must be root to access this file.
If arg is a key table file name, the file must have been created with the ktadd command. If the specified key table file resides in /krb5, you can supply only the file name. If the file does not reside in /krb5, you must supply the full pathname. You must prepend the file's absolute pathname with the prefix FILE:.
OUTPUT
status
Returns the status code from this routine. This status code indicates whether the routine completed successfully or, if not, why not.The possible status codes and their meanings are as follows:
- rpc_s_ok
Success.- rpc_s_unknown_authn_service
Unknown authentication service.- rpc_s_key_func_not_allowed
authn_svc is rpc_c_authn_default or rpc_c_authn_winnt and a non-null value was supplied for get_key_fn parameter.
The rpc_server_register_auth_info() routine registers an authentication service to use for authenticating remote procedure calls to a particular server principal. A server calls this routine once for each authentication service and principal name combination that it wants to register.The authentication service specified by a client (using the rpc_binding_set_auth_info() routine) must be one of the authentication services registered by the server. If it is not, the client's remote procedure call request fails with an rpc_s_unknown_authn_service status code.
The following table shows the RPC runtime behavior for acquiring encryption keys for each supported authentication service. Note that if authn_svc is rpc_c_authn_default, then get_key_fn must be NULL. Also note that if authn_svc is rpc_c_authn_winnt, then get_key_fn must be NULL.
RPC Key Acquisition for Authentication Services authn_svc get_key_fn arg Runtime Behavior rpc_c_authn_default NULL NULL Uses the default method of encryption key acquisition from the default key table. rpc_c_authn_default NULL non-NULL Uses the default method of encryption key acquisition from the specified key table. rpc_c_authn_default non-NULL Ignored Error returned. rpc_c_authn_none Ignored Ignored No authentication performed. rpc_c_authn_dce_secret NULL NULL Uses the default method of encryption key acquisition from the default key table. rpc_c_authn_dce_secret NULL non-NULL Uses the default method of encryption key acquisition from the specified key table. rpc_c_authn_dce_secret non-NULL NULL Uses the specified encryption key acquisition routine to obtain keys from the default key table. rpc_c_authn_dce_secret non-NULL non-NULL Uses the specified encryption key acquisition routine to obtain keys from the specified key table. rpc_c_authn_dce_public Ignored Ignored Reserved for future use. rpc_c_authn_winnt NULL Ignored Uses the default method of encryption key acquisition from the default key table. rpc_c_authn_winnt non-NULL Ignored Error returned.
No value is returned.
- rpc_binding_set_auth_info(3rpc)
This routine returns authentication and authorization information from the binding handle for an authenticated client. It is used by server applications.
#include <dce/rpc.h> #include <dce/id_base.h> void rpc_binding_inq_auth_client( rpc_binding_handle_t binding, rpc_authz_handle_t *privs, unsigned_char_t **server_princ_name, unsigned32 *protect_level, unsigned32 *authn_svc, unsigned32 *authz_svc, unsigned32 *status);
INPUT
binding
Specifies the client binding handle from which to return the authentication and authorization information.OUTPUT
privs
Returns a handle to the authorization information for the client that made the remote procedure call on binding.The server must cast this handle to the data type specified by authn_svc and authz_svc.
If the authn_svc is rpc_c_authn_winnt the return value must be cast to an (unsigned_char_t *). When the authn_svc is rpc_c_authn_winnt the return value is the domain and username of the client that made the request. The string is in the form of \\domain_name\user_name. If the domain name is not obtainable then just the username will be returned (with no slashes).
If the authn_svc is rpc_c_authn_dce_secret, the following table shows how to cast the return value.
Casts for Authorization Information For authz_svc value: privs contains this data: Use this cast: rpc_c_authz_none A NULL value. None rpc_c_authz_name The calling client's principal name. (unsigned_char_t *) rpc_c_authz_dce The calling client's privilege attribute certificate. (sec_id_pac_t *) Note that rpc_c_authz_none is valid only if the authn_svc parameter is rpc_c_authn_none or rpc_c_authn_winnt.
The data referenced by this parameter is read-only and should not be modified by the server. If the server wants to preserve any of the returned data, it must copy the data into server- allocated memory.
Specifying NULL prevents the routine from returning this parameter.
server_princ_name
If authz_svc is rpc_c_authn_dce_secret, this parameter returns a pointer to the server principal name specified by the client that made the remote procedure call on binding.If authz_svc is rpc_c_authn_winnt, this parameter returns a pointer to the server principal name specified by the server when it called rpc_server_register_auth_info().
The content of the returned name and its syntax is defined by the authentication service in use. Specifying NULL prevents the routine from returning this parameter. In this case, the caller does not have to call the rpc_string_free() routine.
protect_level
Returns the protection level requested by the client that made the remote procedure call on binding. The protection level determines the degree to which authenticated communications between the client and the server are protected. Specifying NULL prevents the routine from returning this parameter.The possible protection levels are as follows:
- rpc_c_protect_level_default
Uses the default protection level for the specified authentication service.- rpc_c_protect_level_none
Performs no protection.- rpc_c_protect_level_connect
Performs protection only when the client establishes a relationship with the server.- rpc_c_protect_level_call
Performs protection only at the beginning of each remote procedure call when the server receives the request.- rpc_c_protect_level_pkt
Ensures that all data received is from the expected client.- rpc_c_protect_level_pkt_integ
Ensures and verifies that none of the data transferred between client and server has been modified.- rpc_c_protect_level_pkt_privacy
Performs protection as specified by all of the previous levels and also encrypt each remote procedure call argument value.authn_svc
Returns the authentication service requested by the client that made the remote procedure call on binding. Specifying NULL prevents the routine from returning this parameter.The possible authentication services are as follows:
- rpc_c_authn_none No authentication.
- rpc_c_authn_dce_secret
DCE shared-secret key authentication.- rpc_c_authn_dce_public
DCE public key authentication (reserved for future use).- rpc_c_authn_default
DCE default authentication service.- rpc_c_authn_winnt
Microsoft's NTLM authentication protocol.authz_svc
Returns the authorization service requested by the client that made the remote procedure call on binding. Specifying NULL prevents the routine from returning this parameter.The possible authorization services are as follows:
- rpc_c_authz_none
Server performs no authorization. This is valid only if the authn_svc parameter is rpc_c_authn_none.or rpc_c_authn_winnt.- rpc_c_authz_name
Server performs authorization based on the client principal name.- rpc_c_authz_dce
Server performs authorization using the client's DCE Privilege Attribute Certificate (PAC) sent to the server with each remote procedure call made with binding. Generally, access is checked against DCE Access Control Lists (ACLs).status
Returns the status code from this routine. This status code indicates whether the routine completed successfully or, if not, why not.The possible status codes and their meanings are as follows:
- rpc_s_ok
Success.- rpc_s_invalid_binding
Invalid binding handle.- rpc_s_wrong_kind_of_binding
Wrong kind of binding for operation.- rpc_s_binding_has_no_auth
Binding has no authentication information.
The rpc_binding_inq_auth_client() routine returns authentication and authorization information associated with the client identified by binding. The calling server manager routine can use the returned data for authorization purposes.The RPC runtime allocates memory for the returned server_princ_name parameter. The server is responsible for calling the rpc_string_free() routine for the returned parameter string.
For applications in which the client side uses the IDL auto_handle or implicit_handle attribute, the server side needs to be built with the IDL explicit_handle attribute specified in the Attribute Configuration File (ACF). Using explicit_handle provides binding as the first parameter to each server manager routine.
No value is returned.
- rpc_binding_inq_auth_info(3rpc)
- rpc_binding_set_auth_info(3rpc)
- rpc_string_free(3rpc)
This chapter provides DCL syntax and usage information for the
Interface Definition Language (IDL) compiler, the NIDL-to-IDL converter
(IDL/CONVERT), and the Universal Unique Identifier Generator (UUIDGEN)
utility. (NIDL is the Network Interface Definition Language.)
12.0.1 IDL Compiler
This section provides DCL syntax for commands to the IDL compiler. Except where noted, IDL DCL command syntax is equivalent to the IDL universal command syntax documented in the idl(1rpc) section of the Digital DCE Application Development Reference. See the reference documentation for a complete description of the IDL universal command syntax.
NAME
SYNOPSIS
QUALIFIERS
/CONVERT
/SERVER_FILES [=(option[,...])]
/NOSERVER_FILES
/INCLUDE_DIRECTORY [=directory[,...])]
(default)
/NOINCLUDE_DIRECTORY
/PREPROCESS
/NOPREPROCESS (default)
/DEFINE
[=(identifier[=definition][,...])]
/NODEFINE (default)
/UNDEFINE [=(identifier[,...])]
/NOUNDEFINE (default)
/SYNTAX_ONLY
/NOSYNTAX_ONLY (default)
/OPTIMIZE [={SPEED | SPACE }]
/OPTIMIZE = SPEED (default)
/OUTPUT_DIRECTORY [=directory]
/NOOUTPUT_DIRECTORY (default)
/HEADER_FILE = filename
/HEADER_FILE=filename.H
(default)
/KEEP [=option]
/NOKEEP
/CC_COMMAND [="command-line"]
/NOCC_COMMAND
/CC_COMMAND="CC/G_FLOAT/STANDARD=NOPORTABLE" (default)
/CC_QUALIFIERS [="command-qualifiers"]
/NOCC_QUALIFIERS (default)
/REPAIR [=(option[,...])]
/NOREPAIR
/VERIFY
/NOVERIFY (default)
/WARNINGS (default)
/NOWARNINGS
/LOG
/NOLOG (default)
/LANGUAGE [={CC | FORTRAN}]
/LANGUAGE=CC (default)
/LANGUAGE=CXX
/STANDARD [={[NO]PORTABLE | DCE_V10 | DEC_V10 |
EXTENDED}]
/STANDARD=PORTABLE (default)
/DIAGNOSTICS [=filename]
/NODIAGNOSTICS (default)
/ENTRY_POINT_VECTOR [=(option[,...])]
/NOENTRY_POINT_VECTOR
/ENTRY_POINT_VECTOR=(NOCLIENT, MANAGER) (default)
/TRACE [=(option\italic)[,...])]
/NOTRACE (default)
/VERSION
/NOVERSION (default)
Previous | Next | Contents | Index |