DWORD VmDnsRpcBindingInqAuthClient( rpc_binding_handle_t hClientBinding, rpc_authz_handle_t* pPrivs, PSTR* ppServerPrincName, DWORD* pAuthnLevel, DWORD* pAuthnSvc, DWORD* pAuthzSvc ) { error_status_t rpcStatus = rpc_s_ok; rpc_binding_inq_auth_client( hClientBinding, pPrivs, // The data referenced by this parameter is read-only, // and therefore should not be modified/freed. (unsigned_char_p_t*)ppServerPrincName, pAuthnLevel, pAuthnSvc, pAuthzSvc, &rpcStatus); BAIL_ON_VMDNS_ERROR(rpcStatus); error: return rpcStatus; }
int ref_mon( rpc_binding_handle_t bind_handle, int requested_op) { int ret; rpc_authz_handle_t privs; unsigned_char_t *client_princ_name, *server_princ_name; unsigned32 protect_level, authn_svc, authz_svc, status; /* Get client auth info. */ rpc_binding_inq_auth_client(bind_handle, &privs, &server_princ_name, &protect_level, &authn_svc, &authz_svc, &status); if (status != rpc_s_ok) { fprintf(stderr, "FAULT: %s:%d\n", __FILE__, __LINE__); return(DENY_ACCESS); } /* Check if selected authn service is acceptable to us. */ if (authn_svc != rpc_c_authn_dce_secret) { fprintf(stderr, "FAULT: %s:%d\n", __FILE__, __LINE__); return(DENY_ACCESS); } /* Check if selected protection level is acceptable to us. */ if (protect_level != rpc_c_protect_level_pkt_integ && protect_level != rpc_c_protect_level_pkt_privacy) { fprintf(stderr, "FAULT: %s:%d\n", __FILE__, __LINE__); return(DENY_ACCESS); } /* Check if selected authz service is acceptable to us. */ if (authz_svc != rpc_c_authz_name) { fprintf(stderr, "FAULT: %s:%d\n", __FILE__, __LINE__); return(DENY_ACCESS); } /* If rpc_c_authz_dce were being used instead of rpc_c_authz_name, privs would be a PAC (sec_id_pac_t *), not a name as it is here. */ client_princ_name = (unsigned_char_t *)privs; /* Check if selected server principal name is supported. */ fprintf(stderr, "%s %s\n", server_princ_name, SERVER_PRINC_NAME ); if (strcmp(server_princ_name, SERVER_PRINC_NAME) != 0) { fprintf(stderr, "FAULT: %s:%d\n", __FILE__, __LINE__); return(DENY_ACCESS); } /* Now that things seem generally OK, check the specifics. */ ret = is_authorized(client_princ_name, requested_op); if (ret == NOT_AUTHORIZED) { fprintf(stderr, "FAULT: %s:%d\n", __FILE__, __LINE__); return(DENY_ACCESS); } /* Cleared all the authorization hurdles -- grant access. */ return(GRANT_ACCESS); }