sec_cred_get_delegate(3sec)

Synopsis

#include <dce/sec_cred.h>

sec_cred_pa_handle_t sec_cred_get_delegate(
rpc_authz_cred_handle_t callers_identity,
sec_cred_cursor_t *cursor,
error_status_t *status);

Parameters

Input

callers_identity
A handle of type rpc_authz_cred_handle_t. This handle is supplied as output of the rpc_binding_inq_auth_caller( ) call.

Input/Output

cursor
As input, a pointer to a cursor of type sec_cred_cursor_t that has been initialized by the sec_cred_initialize_cursor( ) call. As an output parameter, cursor is a pointer to a cursor of type sec_attr_srch_cursor_t that is positioned past the principal whose privilege attributes have been returned in this call.

Output

status
A pointer to the completion status. On successful completion, status is assigned error_status_ok.

Description
The sec_cred_get_delegate( ) routine returns a handle to the privilege attributes of an intermediary in a delegation chain that performed an authenticated RPC operation.

This call is used by servers. Clients use the sec_login_cred_get_delegate( ) routine to return the privilege attribute handle of an intermediary in a delegation chain.

The credential handle identified by callers_identity contains authentication and authorization information for all delegates in the chain. This call returns a handle (sec_cred_pa_handle_t) to the privilege attributes of one of the delegates in the binding handle. The sec_cred_pa_handle_t returned by this call is used in other sec_cred_get... calls to obtain privilege attribute information for a single delegate.

To obtain the privilege attributes of each delegate in the credential handle identified by callers_identity, execute this call until the message sec_cred_s_no_more_entries is returned.

Before you execute sec_cred_get_delegate( ), you must execute:

· An rpc_binding_inq_auth_caller( ) call to obtain an rpc_authz_cred_handle_t for the callers_identity parameter.

· A sec_cred_initialize_cursor( ) call to initialize a cursor of type sec_cred_cursor_t.

Use the sec_cred_free_pa_handle( ) all to free the resources associated with the sec_cred_pa_handle_t.

Errors

The following describes a partial list of errors that might be returned. Refer to the OSF DCE Problem Determination Guide for complete descriptions of all error messages.

sec_cred_s_invalid_auth_handle

sec_cred_s_invalid_cursor

sec_cred_s_no_more_entries

error_status_ok

Related Information
Functions:

sec_intro(3sec)

rpc_binding_inq_auth_caller(3rpc)

sec_cred_initialize_cursor(3sec)

sec_cred_get_deleg_restrictions(3sec)

sec_cred_get_delegation_type(3sec)

sec_cred_get_extended_attrs(3sec)

sec_cred_get_opt_restrictions(3sec)

sec_cred_get_pa_date(3sec)

sec_cred_get_req_restrictions(3sec)

sec_cred_get_tgt_restrictions(3sec)

sec_cred_get_v1_pac(3sec)

sec_cred_free_pa_handle(3sec)