RPC_SECURITY_QOS

The RPC_SECURITY_QOS structure defines security quality-of-service settings on a binding handle.

Windows NT®: 4.0 (limited functionality), 5.0 (full functionality).
Windows®: Windows 95 (clients)Import Library: RPCRT4.LIB

typedef struct _RPC_SECURITY_QOS {
  unsigned long Version;
  unsigned long Capabilities;
  unsigned long IdentityTracking;
  unsigned long ImpersonationType;
} RPC_SECURITY_QOS, *PRPC_SECURITY_QOS;

Version

This field ensures compatibility with future extensions to the RPC Security functions that reference this structure. Always assign the constant RPC_C_SECURITY_QOS_VERSION to this field.

Capabilities

The security services being provided to the application.

Value	Description
RPC_C_QOS_CAPABILITIES _DEFAULT	Use when no provider-specific capabilities are needed.
RPC_C_QOS_CAPABILITIES _MUTUAL_AUTH	Not supported on Windows NT 4.0

IdentityTracking

Sets the context tracking mode.

Value	Description
RPC_C_QOS_IDENTITY_STATIC	Security context is created only once and is never revised during the entire communication, even if the client side changes it.
RPC_C_QOS_IDENTITY_DYNAMIC	Context is revised whenever the LogonId in the client's token is changed

ImpersonationType

The level at which the server process can impersonate the client.

Value Description

RPC_C_IMP_LEVEL_ANONYMOUS Client does not want to provide indentification information to the server.

RPC_C_IMP_LEVEL_IDENTIFY Server can obtain information about client security indentifiers and privileges, but cannot impersonate the client.

RPC_C_IMP_LEVEL
_IMPERSONATE Server can impersonate the client's security context on its local system, but not on remote systems.

RPC_C_IMP_LEVEL_DELEGATE Not supported on NT 4.0. See Remarks.

Value	Description
RPC_C_IMP_LEVEL_ANONYMOUS	Client does not want to provide indentification information to the server.
RPC_C_IMP_LEVEL_IDENTIFY	Server can obtain information about client security indentifiers and privileges, but cannot impersonate the client.
RPC_C_IMP_LEVEL _IMPERSONATE	Server can impersonate the client's security context on its local system, but not on remote systems.
RPC_C_IMP_LEVEL_DELEGATE	Not supported on NT 4.0. See Remarks.

Remarks

The client-side security functions RpcBindingInqAuthInfoEx and RpcBindingSetAuthInfo use the RPC_SECURITY_QOS structure to inquire about, or to set, the security quality of service for a binding handle.

Note Windows NT does not support the delegation impersonation level natively, but the security package may have the ability to provide it. In the current implementation, RPC always requests delegation-level security context from the security package for unauthenticated transports. It maps the requested level to the native level for authenticated transports (named pipes and LRPC).

The NTLM security package, the default security package in Windows NT 4.0, does not currently support delegation and ignores the caller's request.

RPC_SECURITY_QOS

Remarks

See Also