Previous section.

DCE 1.1: Authentication and Security Services
Copyright © 1997 The Open Group

NAME

sec_login_become_impersonator- Causes an intermediate server to become a delegate in a simple delegation chain

SYNOPSIS

#include <dce/sec_login.h>

sec_login_handle_t sec_login_become_impersonator (
    rpc_authz_cred_handle_t callers_identity,
    sec_id_delegation_type_t delegation_type_permitted,
    sec_id_restriction_set_t *delegate_restrictions,
    sec_id_restriction_set_t *target_restrictions,
    sec_id_opt_req_t *optional_restrictions,
    sec_id_opt_req_t *required_restrictions,
    error_status_t *status );

PARAMETERS

Input

callers_identity

A handle of type rpc_authz_cred_handle_t to the authenticated identity of the previous delegate in the delegation chain. The handle is supplied by the rpc_binding_inq_auth_caller() call.

delegation_type_permitted

A value of sec_id_delegation_type_t that specifies the type of delegation to be enabled. The types available are as follows:

sec_id_deleg_type_none

No delegation.

sec_id_deleg_type_traced

Traced delegation.

sec_id_deleg_type_impersonation

Simple (impersonation) delegation.

The initiating client sets the type of delegation. If it is set as traced, all delegates must also specify traced delegation; they cannot specify simple delegation. The same is true if the initiating client sets the delegation type as simple; all subsequent delegates must also specify simple delegation. The intermediate delegates can, however, specify no delegation to indicate that the delegation chain can proceed no further.

delegate_restrictions

A pointer to a sec_id_restriction_set_t that supplies a list of servers that can act as delegates for the client becoming the delegate. These servers are added to the delegates permitted by the delegate_restrictions argument of the sec_login_become_initiator() call

target_restrictions

A pointer to a sec_id_restriction_set_t that supplies a list of servers that can act as targets for the client becoming the delegate. These servers are added to targets specified by the target_restrictions argument of the sec_login_become_initiator() call.

optional_restrictions

A pointer to a sec_id_opt_req_t that supplies a list of application-defined optional restrictions that apply to the client becoming the delegate. These restrictions are added to the restrictions identified by the optional_restrictions argument of the sec_login_become_initiator() call.

required_restrictions

A pointer to a sec_id_opt_req_t that supplies a list of application-defined required restrictions that apply to the client becoming the delegate. These restrictions are added to the restrictions identified required_restrictions argument of the sec_login_become_initiator() call.

Output

status

A pointer to the completion status. On successful completion, status is assigned error_status_ok. Otherwise, it returns an error.

DESCRIPTION

The sec_login_become_impersonator() is used by intermediate servers to become a delegate for the client identified by callers_identity. The routine returns a new login context (of type sec_login_handle_t) that carries delegation information. This information includes the delegation type, delegate, and target restrictions, and any application-defined optional and required restrictions. The new login context created by this call can then used to to set up authenticated rpc with an intermediate or target server using the rpc_binding_set_auth_info() call. The effective optional and required restrictions are the union of the optional and required restrictions specified in this call and specified by the initiating client and any intermediate clients. The effective target and delegate restrictions are the intersection of the target and delegate restrictions specified in this call and specified by the initiating client and any intermediate clients. The sec_login_become_impersonator() call is call is run only if the initiating client enabled simple delegation by setting the delegation_type_permitted argument in the sec_login_become_initiator() call to sec_id_deleg_type_simple.

FILES

/usr/include/dce/sec_login.idl

The idl file from which dce/sec_login.h was derived.

ERRORS

err_sec_login_invalid_delegate_restriction

err_sec_login_invalid_target_restriction

err_sec_login_invalid_opt_restriction

err_sec_login_invalid_req_restriction

sec_login_s_invalid_deleg_type

sec_login_s_invalid_compat_mode

sec_login_s_deleg_not_enabled

error_status_ok

SEE ALSO

Functions: rpc_binding_inq_auth_caller(), sec_login_become_initiator().
Please note that the html version of this specification may contain formatting aberrations. The definitive version is available as an electronic publication on CD-ROM from The Open Group.

Contents Next section Index