NAME

rpc_ss_register_auth_info - Registers authentication and authorization information for an interface

Used by client applications. 

SYNOPSIS

#include <dce/rpc.h>
#include <dce/sec_login.h>
void rpc_ss_register_auth_info(

rpc_if_handle_t if_handle ,
unsigned_char_t ∗server_princ_name ,
unsigned32 protect_level ,
unsigned32 authn_svc ,
rpc_auth_identity_handle_t auth_identity ,
unsigned32 authz_svc ,
unsigned32 ∗status );

PARAMETERS

Input

if_handleSpecifies the interface specification for which to register the authentication and authorization information.  The specified information applies to all remote procedure calls in the interface, where bindings are obtained via auto_handle. 

server_princ_nameSpecifies the principal name of the server responsible for processing remote procedure calls for the specified interface.  The content of the name and its syntax is defined by the authentication service in use.  A client that does not know the server principal name can call the rpc_mgmt_inq_server_princ_name routine to obtain the name of a server that is registered for the required authentication service.  Using a principal name obtained in this way means that the client is interested in one-way authentication.  In other words, it means that the client does not care which server principal received the remote procedure call request.  The server, though, still verifies that the client is who the client claims to be. 

protect_levelSpecifies the protection level for remote procedure calls belonging to if_handle.  The protection level determines the degree to which authenticated communications between the client and the server are protected.  If the RPC runtime does not support a specified level, it automatically upgrades the level to the next higher supported level. The possible protection levels are

rpc_c_protect_level_default
Use the default protection level for the specified authentication service.

rpc_c_protect_level_nonePerform no protection. 

rpc_c_protect_level_connect
Perform protection only when the client establishes a relationship with the server.

rpc_c_protect_level_callPerform protection only at the beginning of each remote procedure call when the server receives the request.  This level does not apply to remote procedure calls made over a connection-based protocol sequence (that is, ncacn_ip_tcp).  If this level is specified and the binding handle uses a connection-based protocol sequence, the routine uses the rpc_c_protect_level_pkt level instead. 

rpc_c_protect_level_pktEnsure that all data received is from the expected client. 

rpc_c_protect_level_pkt_integrity
Ensure and verify that none of the data transferred between client and server has been modified. This is the highest authentication level that is guaranteed to be present in the RPC runtime.

rpc_c_protect_level_pkt_privacy
Perform protection as specified by all of the previous levels and also encrypt each remote procedure call argument value. This is the highest authentication level, but it may not be available in the RPC runtime.

authn_svcSpecifies the authentication service to use.  The supported authentication services are

rpc_c_authn_noneNo authentication.  This service turns authentication off for all remote procedure calls belonging to if_handle. 

rpc_c_authn_dce_secretDCE shared-secret key authentication

rpc_c_authn_dce_publicDCE public key authentication (reserved for future use). 

rpc_c_authn_defaultDCE default authentication service

auth_identitySpecifies a handle for the data structure that contains the client’s authentication and authorization credentials appropriate for the selected authentication and authorization services.  When using the rpc_c_authn_dce_secret authentication service and any authorization service, this value must be a sec_login_handle_t obtained from one of the following routines:

       •sec_login_setup_identity

       •sec_login_get_current_context

       •sec_login_newgroups

Specify NULL to use the security login context for the current address space. 

authz_svcSpecifies the authorization service implemented by the server for the specified interface.  The validity and trustworthiness of authorization data, like any application data, is dependent on the authentication service and protection level specified.  The supported authorization services are

rpc_c_authz_noneSupply no authorization. 

rpc_c_authz_nameSupply authorization based on the client principal name. 

rpc_c_authz_dceSupply authorization using the client’s DCE privilege attribute certificate (PAC) sent to the server with each remote procedure call request  Generally, access is checked against DCE access control lists (ACLs). 

Output

statusReturns the status code from this routine.  This status code indicates whether the routine completed successfully or, if not, why not.  The possible status codes and their meanings are as follows:

rpc_s_okSuccess. 

rpc_s_unknown_authn_service
Unknown authentication service.

rpc_s_invalid_if_handleInvalid interface handle. 

DESCRIPTION

The rpc_ss_register_auth_info routine registers authentication and authorization information for the interface specification identified by if_handle. 

After a client calls this routine, the RPC runtime automatically applies the authentication and authorization information to all remote procedure calls that the client makes using implicit binding handles.  An example is when the client uses an implicit handle with the IDL auto_handle attribute or a customized handle with the handle attribute. 

Unless a client calls this routine, all auto_handle remote procedure calls that the client makes on the if_handle interface are unauthenticated.  A client is not required to call this routine. 

NOTES

For this release, the RPC authentication (RPC auth) routines are not implemented, nor is an independent security service provided. 

RETURN VALUES

None. 

RELATED INFORMATION

Functions: rpc_binding_inq_auth_info(3), rpc_binding_set_auth_info(3), rpc_mgmt_inq_dflt_protect_level(3), rpc_mgmt_inq_server_princ_name(3)