Previous section.

DCE 1.1: Authentication and Security Services
Copyright © 1997 The Open Group

NAME

sec_login_cred_get_delegate- Returns a handle to the privilege attributes of an intermediary in a delegation chain

SYNOPSIS

#include <dce/sec_login.h>

sec_cred_pa_handle_t sec_login_cred_get_delegate (
    sec_login_handle_t login_context,
    sec_cred_cursor_t *cursor,
    error_status_t *status );

PARAMETERS

Input

login_context

A value of sec_login_handle_t that provides an opaque handle to a login context for which delegation has been enabled. The sec_login_handle_t that specifies the identity is supplied as output of the sec_login_become_delegate() call.

Input/Output

cursor

As input, a pointer to a cursor of type sec_cred_cursor_t that has been initialized by the sec_login_cred_init_cursor() call. As an output argument, cursor is a pointer to a cursor of type sec_cred_cursor_t that is positioned past the principal whose privilege attributes have been returned in this call.

Output

status

A pointer to the completion status. On successful completion, status is assigned error_status_ok. Otherwise, it returns an error.

DESCRIPTION

The sec_login_cred_get_delegate() routine returns a handle of type sec_login_handle_t to the privilege attributes of an intermediary in a delegation chain that performed an authenticated RPC operation.

This call is used by clients. Servers use the sec_cred_get_delegate() routine to return the privilege attribute handle of an intermediary in a delegation chain.

The login context identified by login_context contains all members in the delegation chain. This call returns a handle (sec_cred_pa_handle_t) to the privilege attributes of one of the delegates in the login context. The sec_cred_pa_handle_t returned by this call is used in other sec_cred_get_*() calls to obtain privilege attribute information for a single delegate.

To obtain the privilege attributes of each delegate in the credential handle identified by callers_identity, execute this call until the message sec_cred_s_no_more_entries is returned.

Before you execute sec_login_cred_get_delegate(), you must execute a sec_login_cred_init_cursor() call to initialize a cursor of type sec_cred_cursor_t.

Use the sec_cred_free_pa_handle() and sec_cred_free_cursor() calls to free the resources allocated to the sec_cred_pa_handle_t and cursor.

FILES

/usr/include/dce/sec_login.idl

The idl file from which dce/sec_login.h was derived.

ERRORS

sec_cred_s_invalid_cursor

sec_cred_s_no_more_entries

error_status_ok

SEE ALSO

Functions: sec_cred_get_deleg_restrictions(), sec_cred_get_delegation_type(), sec_cred_get_extended_attrs(), sec_cred_get_opt_restrictions(), sec_cred_get_pa_date(), sec_cred_get_req_restrictions(), sec_cred_get_tgt_restrictions(), sec_cred_get_v1_pac(), sec_login_cred_init_cursor().
Please note that the html version of this specification may contain formatting aberrations. The definitive version is available as an electronic publication on CD-ROM from The Open Group.

Contents Next section Index