VMS Help DCE_RPC, Application Routines, rpc_mgmt_set_authorization_fn *Conan The Librarian (sorry for the slow response - running on an old VAX) |
NAME rpc_mgmt_set_authorization_fn - Establishes an authorization function for processing remote calls to a server's management routines Used by server applications. SYNOPSIS #include <dce/rpc.h> void rpc_mgmt_set_authorization_fn( rpc_mgmt_authorization_fn_t authorization_fn, unsigned32 *status ); PARAMETERS Input authorization_fn Specifies a pointer to an authorization function. The RPC server runtime automatically calls this function whenever the server runtime receives a client request to execute one of the RPC management routines. Specify NULL to unregister a previously registered authorization function. In this case, the default authorizations (as described later) are used. The following C definition for rpc_mgmt_authorization_fn_t illustrates the prototype for the authorization function: typedef boolean32 (*rpc_mgmt_authorization_fn_t) ( rpc_binding_handle_t client_binding, /* in */ unsigned32 requested_mgmt_operation, /* in */ unsigned32 *status /* out */ ); The following table shows the requested_mgmt_operation Values passed by the RPC runtime to the authorization function. Operation Values Passed to Authorization Function _________________________________________________________________ Called Remote Routine requested_mgmt_operation Value _________________________________________________________________ rpc_mgmt_inq_if_ids() rpc_c_mgmt_inq_if_ids rpc_mgmt_inq_server_princ_name() rpc_c_mgmt_inq_princ_name rpc_mgmt_inq_stats() rpc_c_mgmt_inq_stats rpc_mgmt_is_server_listening() rpc_c_mgmt_is_server_listen rpc_mgmt_stop_server_listening() rpc_c_mgmt_stop_server_listen Output status Returns the status code from this routine. This status code indicates whether the routine completed successfully or, if not, why not. The possible status code and its meaning is as follows: rpc_s_ok Success. DESCRIPTION The rpc_mgmt_set_authorization_fn() routine sets up an authorization function to control remote access to the calling server's remote management routines. If a server does not provide an authorization function, the RPC runtime controls client application access to the server's remote management routines as shown in the next table. In the table, an Enabled authorization allows all clients to execute the remote routine and a Disabled authorization prevents all clients from executing the remote routine. Default Controls for Remote Management Routines ________________________________________________________ Remote Routine Default Authorization ________________________________________________________ rpc_mgmt_inq_if_ids() Enabled rpc_mgmt_inq_server_princ_name() Enabled rpc_mgmt_inq_stats() Enabled rpc_mgmt_is_server_listening() Enabled rpc_mgmt_stop_server_listening() Disabled A server can modify the default authorizations by calling rpc_mgmt_set_authorization_fn() to specify an authorization function. When an authorization function is provided, the RPC runtime automatically calls that function to control the execution of all remote management routines called by clients. The specified function must provide access control for all of the remote management routines. If the authorization function returns TRUE, the management routine is allowed to execute. If the authorization function returns FALSE, the management routine does not execute, and the called routine returns to the client the status code returned from the rpc_mgmt_authorization_fn_t function. However, if the status code that the rpc_mgmt_authorization_fn_t function returns is 0 (zero) or rpc_s_ok, then the status code rpc_s_mgmt_op_disallowed is returned to the client. The RPC runtime calls the server-provided authorization function with the following two input arguments: + The binding handle of the calling client. + An integer value denoting which management routine the client has called. Using these arguments, the authorization function determines whether the calling client is allowed to execute the requested management routine. For example, the authorization function can call rpc_binding_inq_auth_client() to obtain authentication and authorization information about the calling client and determine if that client is authorized to execute the requested management routine. RETURN VALUES No value is returned. RELATED INFORMATION Functions: rpc_mgmt_ep_unregister rpc_mgmt_inq_if_ids rpc_mgmt_inq_server_princ_name rpc_mgmt_inq_stats rpc_mgmt_is_server_listening rpc_mgmt_stop_server_listening
|