PreviousNext

The is_valid_principal Routine

The is_valid_principal( ) routine checks the group membership of the specified principal.

/******
*
*
* is_valid_principal -- Find out whether the specified principal is a
* member of the group he's supposed to be.
*
*
******/

boolean32 is_valid_principal
unsigned_char_t *princ_name, /* Full name of principal to test. */
unsigned_char_t *group, /* Group we want principal to be in. */
unsigned32 *status)
{

unsigned_char_t *local_name; /* For principal's local name. */
char *cell_name; /* Local cell name. */
sec_rgy_handle_t rhandle; /* Local registry binding. */
boolean32 is_valid; /* To hold result of registry call. */

fprintf(stdout, "sample_client: Initial principal name == %s\n", princ_name);
fprintf(stdout, "sample_client: Initial group name == %s\n", group);

/* Find out the local cell name... */
dce_cf_get_cell_name(&cell_name, status);
/* Now bind to the local cell registry... */
sec_rgy_site_open(cell_name, &rhandle, status);

/* Free the cellname string space... */
free(cell_name);

/* Get the specified principal's local (cell-relative) name... */
local_name = malloc(strlen((char *)princ_name));

sec_id_parse_name(rhandle, /* Handle to the registry server. */
princ_name, /* Global (full) name of the principal. */
NULL, /* Principal's home cell name returned here. */
NULL, /* Pointer to UUID of above returned here. */
local_name, /* Principal local name returned here. */
NULL, /* Pointer to UUID of above returned here. */
status);
fprintf(stdout, "sample_client: Full principal name == %s\n", princ_name);
fprintf(stdout, "sample_client: Local principal name == %s\n", local_name);

/* And finally, find out from the registry whether that principal */
/* is a valid member of the specified group... */
is_valid = sec_rgy_pgo_is_member(rhandle,
sec_rgy_domain_group,
group,
local_name,
status);

/* Free the principal name string area... */
free(local_name);
return(is_valid);

}
<. . . . .>

/* Resolve the partial binding... */
rpc_ep_resolve_binding(binding_h,
sample_v1_0_c_ifspec,
&status);

/* Find out what the server's principal name is... */
rpc_mgmt_inq_server_princ_name(binding_h,
rpc_c_authn_dce_secret,
&server_princ_name,
&status);

/* And now find out if it's a valid member of our sample_servers */
/* group... */
if (is_valid_principal(server_princ_name, (unsigned_char_t *)SGROUP, &status))
{
rpc_binding_set_auth_info(binding_h,
server_princ_name,
rpc_c_protect_level_pkt_integ,
rpc_c_authn_dce_secret,
NULL,
rpc_c_authz_dce,
&status);

}