Previous section.

DCE 1.1: Authentication and Security Services
Copyright © 1997 The Open Group

Login Facility and Security Client Daemon (SCD) RPC Interface

This chapter specifies the RPC interface supporting the Login Facility, namely the scd RPC interface supported by the Security Client Daemon (the corresponding Login (or sec_login) API is specified in Login API ). See Login Facility and Security Client Daemon (SCD) for the background to this chapter.

The scd RPC Interface

This section specifies (in IDL/NDR) the SCD's scd RPC interface.

Common Data Types and Constants for scd Interface

The following are common data types and constants used in the Login Facility and scd RPC interface.

Status Codes

The following status codes (transmitted as values of the type error_status_t) are specified for the Login Facility and scd RPC interface. Only their values are specified here-their use is specified in context elsewhere in this specification.

const unsigned32 sec_login_s_no_memory = 0x171220e8; const unsigned32 sec_login_s_auth_local = 0x171220e9; const unsigned32 sec_login_s_handle_invalid = 0x171220ea; const unsigned32 sec_login_s_context_invalid = 0x171220eb; const unsigned32 sec_login_s_no_current_context = 0x171220ec; const unsigned32 sec_login_s_groupset_invalid = 0x171220ed; const unsigned32 sec_login_s_info_not_avail = 0x171220ee; const unsigned32 sec_login_s_already_valid = 0x171220ef; const unsigned32 sec_login_s_default_use = 0x171220f0; const unsigned32 sec_login_s_privileged = 0x171220f1; const unsigned32 sec_login_s_not_certified = 0x171220f2; const unsigned32 sec_login_s_config = 0x171220f3; const unsigned32 sec_login_s_internal_error = 0x171220f4; const unsigned32 sec_login_s_acct_invalid = 0x171220f6; const unsigned32 sec_login_s_null_password = 0x171220f7; const unsigned32 sec_login_s_unsupp_passwd_type = 0x171220f8; const unsigned32 sec_login_s_refresh_ident_bad = 0x171220fa;

Interface UUID and Version Number for scd Interface

The interface UUID and version number for the scd interface are given by the following:

[uuid(c57e83f0-58be-11ca-901c-08001e039448), version(1.0)] interface scd

scd_protected_noop()

The scd_protected_noop() operation determines whether or not the calling client can "successfully" (in the sense of authentication) execute a protected "dummy" operation (actually, a "no-op") on an SCD server-that is, whether or not the client and SCD server are authenticated to one another. This operation is used to support the notion of certification (see Further Discussion of Certification ): to the extent that the client trusts that its invocation of scd_protected_noop() has actually been handled by the genuine SCD server on its local host (which is in the local host's TCB), successful execution of this operation has the semantic of "certifying" (in the sense of Further Discussion of Certification ) to the client the login context it used in invoking scd_protected_noop().

{ /* begin running listing of scd interface */ void scd_protected_noop ( [in] handle_t rpc_handle, [out] error_status_t *status ); } /* end running listing of scd interface */

The rpc_handle parameter identifies the SCD server.

The status parameter returns the status of the operation. (See description below.)

Required rights: None (but see below).

The SCD's handler (manager routine) of scd_protected_noop() always returns error_status_ok in the status parameter (though this may not always be returned to the client; it may be overridden in the RPC runtime system; for example, by an authentication failure). Similarly, no specific permissions are required by the manager routine itself; however, the SCD server registers itself (see rpc_server_register_auth_info() in the referenced Open Group DCE 1.1 RPC Specification) under its principal name and with an appropriate authentication service (only rpc_c_authn_dce_secret (Kerberos) is currently supported) and authorisation service (rpc_c_authz_dce, so that the client's PAC is transmitted to the server), and the client invokes scd_protected_noop() on a binding that is protected (see rpc_binding_set_auth_info() in the referenced Open Group DCE 1.1 RPC Specification) at protection level rpc_c_protect_level_pkt_integ -it is the responsibility of the RPC runtime system to report to the client (via the status parameter) whether or not this operation succeeds (that is, whether the client and SCD server are authenticated to one another via the same authentication service (Kerberos)).

Please note that the html version of this specification may contain formatting aberrations. The definitive version is available as an electronic publication on CD-ROM from The Open Group.

Contents Next section Index