3.3.3.4.3.1 Abstract Interface GetRpcImpersonationAccessToken

These extensions provide the ability for a higher-layer protocol to obtain a "Token/Authorization Context" (as specified in [MS-DTYP] section 2.5.2) that represents the client making the RPC call.

Token/Authorization Context GetRpcImpersonationAccessToken(rpc_binding_handle_t);

Input Parameter: A binding handle on the server that represents a binding to a client, known as "the client binding handle" as described in [C706] and clarified in section 3.3.1.1.6 of these extensions. If a non-NULL binding handle argument is provided, then the server MUST interpret it as a pointer or handle to a Server Call object.

If a NULL binding handle argument is provided then the Security Context of the client making the RPC call is obtained as if by calling pthread_getspecific using CURRENT_CALL_OBJECT_REF_KEY (see section 3.3.3.7.2) as a thread-specific data key to retrieve a pointer or handle to the Server Call object.

The Server Call object contains a Security Context Handle. The Security Context Handle identifies the required Token.

The implementation of the abstract interface GetRpcImpersonationAccessToken then returns as output the Token/Authorization Context from the Security Context referred to by the Security Context Handle that is a member of the Server Call object. The Token is retrieved from the security context by using the implementation-specific equivalent of GSS_Inquire_context as specified in [RFC2743] section 2.2.6.<121>

Output Parameter: A Token/Authorization context representing the client making the RPC call. The element is of type Token/Authorization Context specified in [MS-DTYP] section 2.5.2. The Token returned represents the identity of the client currently being served. See ([Tanenbaum] section 11.8, Security in Windows 2000).

If client Identity is not available in the form of a Token then a NULL is returned.