OSF DCE Application Development Guide--Introduction and Style Guide

Security

/* And now find out if it’s a valid member of our sample_servers */

/* group... */

if (is_valid_principal(server_princ_name, (unsigned_char_t *)SGROUP, &status))

{

rpc_binding_set_auth_info(binding_h,

server_princ_name,

rpc_c_protect_level_pkt_integ,

rpc_c_authn_dce_secret,

NULL,

rpc_c_authz_dce,

&status);

}

3.4 Authorization

Assuming either that authentication has taken place and succeeded, or that no

authentication has taken place, some server manager operation will then be invoked by

the RPC runtime to handle an RPC call. This operation should, as its ﬁrst duty, make an

authorization decision.

A server manager operation calls rpc_binding_inq_auth_client( ) to extract any

authentication information for the calling client and then makes a series of decisions.

The usual model is that the server establishes a set of access criteria and rejects the call

if all criteria are not met. This is implemented as a series of tests, the server rejecting the

call at the ﬁrst failed test. The possible tests are as follows:

1. Does the client binding provide any authentication information? For this purpose,

the application should check status after the call to

rpc_binding_inq_auth_client( ). If no authentication information is provided (the

status returned is rpc_s_binding_has_no_auth), the authorization function must

decide whether this is acceptable. The authorization function may make its

decision based on the unauthenticated ACL type, as noted later in this section.

If authentication information is provided, then the application should go on to ask:

2. Is the authentication service acceptable to the server? The application checks the

authn_svc parameter. Currently this check is redundant, since the only

authentication service available is DCE secret key (the authn_svc returned is

rpc_c_authn_dce_secret).

________________

2. There is considerable asymmetry in the use of the authn_svc values on the client call to

rpc_binding_set_auth_info( ) and the server call to rpc_binding_inq_auth_client(). If the client speciﬁes

rpc_c_authn_none, the server sees a status of rpc_s_binding_has_no_auth, and no meaningful value is returned

for the authn_svc parameter. Furthermore, given that the default authentication service is DCE secret key, if the

client speciﬁes rpc_c_authn_default, the server returns rpc_c_authn_dce_secret from authn_svc. In other

words, while the client can specify three different values for authn_svc, the server can return only one.

124246 Tandem Computers Incorporated 3− 17