예제 #1
0
DWORD
VmDnsRpcBindingInqAuthClient(
    rpc_binding_handle_t hClientBinding,
    rpc_authz_handle_t* pPrivs,
    PSTR* ppServerPrincName,
    DWORD* pAuthnLevel,
    DWORD* pAuthnSvc,
    DWORD* pAuthzSvc
    )
{
    error_status_t rpcStatus = rpc_s_ok;

    rpc_binding_inq_auth_client(
            hClientBinding,
            pPrivs, // The data referenced by this parameter is read-only,
                    // and therefore should not be modified/freed.
            (unsigned_char_p_t*)ppServerPrincName,
            pAuthnLevel,
            pAuthnSvc,
            pAuthzSvc,
            &rpcStatus);

    BAIL_ON_VMDNS_ERROR(rpcStatus);

error:

    return rpcStatus;
}
예제 #2
0
int
ref_mon(
	rpc_binding_handle_t		bind_handle,
	int				requested_op)
{
	int				ret;
	rpc_authz_handle_t		privs;
	unsigned_char_t			*client_princ_name, *server_princ_name;
	unsigned32			protect_level, authn_svc, authz_svc,
	                                    status;


	/* Get client auth info. */
	rpc_binding_inq_auth_client(bind_handle, &privs, &server_princ_name,
	    &protect_level, &authn_svc, &authz_svc, &status);
	if (status != rpc_s_ok) {
		fprintf(stderr, "FAULT: %s:%d\n", __FILE__, __LINE__);
		return(DENY_ACCESS);
	}

	/* Check if selected authn service is acceptable to us. */
	if (authn_svc != rpc_c_authn_dce_secret) {
		fprintf(stderr, "FAULT: %s:%d\n", __FILE__, __LINE__);
		return(DENY_ACCESS);
	}

	/* Check if selected protection level is acceptable to us. */
	if (protect_level != rpc_c_protect_level_pkt_integ
	&&  protect_level != rpc_c_protect_level_pkt_privacy) {
		fprintf(stderr, "FAULT: %s:%d\n", __FILE__, __LINE__);
		return(DENY_ACCESS);
	}

	/* Check if selected authz service is acceptable to us. */
	if (authz_svc != rpc_c_authz_name) {
		fprintf(stderr, "FAULT: %s:%d\n", __FILE__, __LINE__);
		return(DENY_ACCESS);
	}
	/* If rpc_c_authz_dce were being used instead of rpc_c_authz_name,
	   privs would be a PAC (sec_id_pac_t *), not a name as it is here. */
	client_princ_name = (unsigned_char_t *)privs;

	/* Check if selected server principal name is supported. */
        fprintf(stderr, "%s %s\n", server_princ_name, SERVER_PRINC_NAME );
	if (strcmp(server_princ_name, SERVER_PRINC_NAME) != 0) {
		fprintf(stderr, "FAULT: %s:%d\n", __FILE__, __LINE__);
		return(DENY_ACCESS);
	}

	/* Now that things seem generally OK, check the specifics. */
	ret = is_authorized(client_princ_name, requested_op);
	if (ret == NOT_AUTHORIZED) {
		fprintf(stderr, "FAULT: %s:%d\n", __FILE__, __LINE__);
		return(DENY_ACCESS);
	}

	/* Cleared all the authorization hurdles -- grant access. */
	return(GRANT_ACCESS);
}