The sample_mgmt_auth( ) routine assesses the authorization of any client attempting to execute a remote management operation on the sample application server.
/******
*
* sample_mgmt_auth -- Management authorization callback function.
*
* This is the routine that is implicitly called to test
authorization
* whenever someone tries to use the mgmt interface to tinker with us
* or our ACLs.
*
* The callback is set up by
a call to rpc_mgmt_set_authorization() in
* server_acl_mgr_setup().
*
******/
boolean32 sample_mgmt_auth(
rpc_binding_handle_t client_binding, /* Client's binding, whoever he is. */
unsigned32 requested_mgmt_operation, /* What client is attempting to do. */
unsigned32 *status)
{
boolean32 authorized = 0;
sec_acl_permset_t perm_required;
unsigned_char_t
*uuid_string;
*status = error_status_ok;
/* Discover what permission is required in order to do what the */
/* client is trying to do... */
switch (requested_mgmt_operation)
{
case
rpc_c_mgmt_inq_if_ids:
perm_required = mgmt_perm_inq_if;
break;
case
rpc_c_mgmt_inq_princ_name:
perm_required = mgmt_perm_inq_pname;
break;
case
rpc_c_mgmt_inq_stats:
perm_required = mgmt_perm_inq_stats;
break;
case
rpc_c_mgmt_is_server_listen:
perm_required = mgmt_perm_ping;
break;
case
rpc_c_mgmt_stop_server_listen:
perm_required = mgmt_perm_kill;
break;
default:
/* This should never happen, but just in case... */
return(0);
}
/* Okay, now
check whether the client is authorized or not... */
dce_acl_is_client_authorized(
client_binding, /* Client's binding handle.
*/
&mgmt_acl_mgr_uuid, /* ACL manager type UUID. */
&mgmt_acl_uuid, /* The ACL UUID. */
NULL, /* Pointer to owner's UUID. */
NULL, /* Pointer to owner's group's UUID. */
perm_required, /* The desired privileges. */
&authorized, /* Will be TRUE or FALSE on return. */
status);
/* Return the result to the caller... */
return(authorized);
}