VMS Help  —  DCE  DCE_SECURITY, API Routines, sec_login_become_impersonator
 NAME
   sec_login_become_impersonator - Causes an intermediate server to
 				  become a delegate in a simple
 				  delegation chain

 SYNOPSIS

 #include <dce/sec_login.h>

 sec_login_handle_t sec_login_become_impersonator(
         rpc_authz_cred_handle_t callers_identity,
         sec_id_delegation_type_t delegation_type_permitted,
         sec_id_restriction_set_t *delegate_restrictions,
         sec_id_restriction_set_t *target_restrictions,
         sec_id_opt_req_t *optional_restrictions,
         sec_id_opt_req_t *required_restrictions,
         error_status_t *status);

 PARAMETERS

 Input

 callers_identity
        A handle of type rpc_authz_cred_handle_t to the authenticated
        identity of the previous delegate in the delegation chain.  The
        handle is supplied by the rpc_binding_inq_auth_caller() call.

 delegation_type_permitted
        A value of sec_id_delegation_type_t that specifies the type of
        delegation to be enabled.  The types available are:

        sec_id_deleg_type_none
                  No delegation.

        sec_id_deleg_type_traced
                  Traced delegation.

          sec_id_deleg_type_impersonation
                  Simple (impersonation) delegation.

 The initiating client sets the type of delegation. If it is set as
 traced, all delegates must also specify traced delegation; they cannot
 specify simple delegation.  The same is true if the initiating client
 sets the delegation type as simple; all subsequent delegates must also
 specify simple delegation.  The intermediate delegates can, however,
 specify no delegation to indicate that the delegation chain can proceed
 no further.

 delegate_restrictions
        A pointer to a sec_id_restriction_set_t that supplies a list of
        servers that can act as delegates for the client becoming the
        delegate. These servers are added to the delegates permitted by
        the delegate_restrictions parameter of the
        sec_login_become_initiator call.

 target_restrictions
        A pointer to a sec_id_restriction_set_t that supplies a list of
        servers that can act as targets for the client becoming the
        delegate. These servers are added to targets specified by the
        target_restrictions parameter of the sec_login_become_initiator
        call.

 optional_restrictions
        A pointer to a sec_id_opt_req_t that supplies a list of
        application-defined optional restrictions that apply to the
        client becoming the delegate. These restrictions are added to
        the restrictions identified by the optional_restrictions
        parameter of the sec_login_become_initiator call.

 required_restrictions
        A pointer to a sec_id_opt_req_t that supplies a list of
        application-defined required restrictions that apply to the
        client becoming the delegate.  These restrictions are added to
        the restrictions identified  required_restrictions parameter of
        the sec_login_become_initiator call.

 Output

 status
        A pointer to the completion status.  On successful completion,
        status is assigned error_status_ok.  Otherwise, it returns an
        error.

 DESCRIPTION

 The sec_login_become_impersonator() is used by intermediate servers to
 become a delegate for the client identified by callers_identity.  The
 routine returns a new login context (of type sec_login_handle_t) that
 carries delegation information. This information includes the delegation
 type, delegate, and target restrictions, and any application-defined
 optional and required restrictions.

 The new login context created by this call can then used to to set up
 authenticated rpc with an intermediate or target server using the
 rpc_binding_set_auth_info() call.

 The effective optional and required restrictions are the union of the
 optional and required restrictions specified in this call and specified
 by the initiating client and any intermediate clients.  The effective
 target and delegate restrictions are the intersection of the target
 and delegate restrictions specified in this call and specified by the
 initiating client and any intermediate clients.

 The sec_login_become_impersonator call is call is run only if the
 initiating client enabled simple delegation by setting the
 delegation_type_permitted parameter in the sec_login_become_initiator
 call to sec_id_deleg_type_simple.

 FILES
       SYS$COMMON:[DCE$LIBRARY]SEC_LOGIN.IDL
              The idl file from which dce/sec_login.h was derived.

 ERRORS

 sec_login_s_invalid_deleg_type

 err_sec_login_invalid_delegate_restriction

 err_sec_login_invalid_target_restriction

 err_sec_login_invalid_opt_restriction

 err_sec_login_invalid_req_restriction

 sec_login_s_invalid_compat_mode

 sec_login_s_deleg_not_enabled

 error_status_ok

 RELATED INFORMATION

 Functions: sec_intro
            sec_login_become_initiator
            rpc_binding_inq_auth_caller
Close Help