3.2.4.2 S_DSQMGetObjectSecurityChallengeResponceProc (Opnum 1)
S_DSQMGetObjectSecurityChallengeResponceProc is a callback method called by the server during a client call to S_DSQMGetObjectSecurity. Through this method, the server provides a challenge that the client must sign to authenticate itself.
-
[callback] HRESULT S_DSQMGetObjectSecurityChallengeResponceProc( [in, size_is(dwCallengeSize)] byte* abChallenge, [in, range(0,32)] unsigned long dwCallengeSize, [in] unsigned long dwContext, [in, out, size_is(dwCallengeResponceMaxSize), length_is(*pdwCallengeResponceSize)] byte* abCallengeResponce, [in, out] unsigned long* pdwCallengeResponceSize, [in, range(0,128)] unsigned long dwCallengeResponceMaxSize );
abChallenge: MUST be set by the caller to a pointer to a buffer that contains the challenge to be signed. The challenge SHOULD be cryptographically random.
dwCallengeSize: MUST be set by the caller to the size, in bytes, of the challenge in the abChallenge parameter.
dwContext: MUST be set by the caller to the value that was supplied in the dwContext parameter of the corresponding call to the S_DSQMGetObjectSecurity method. This parameter provides a way for the receiver to correlate the callback with the receiver's in-progress call to S_DSQMGetObjectSecurity.
abCallengeResponce: MUST be set by the caller to a pointer to a buffer to contain the returned signature. MUST be set by the receiver to a signature over the challenge in abChallenge. The algorithm for creating this signature is specified by the following pseudocode.
-
Initialize an MD5 hash context Add to the hash context the byte array abChallenge. The data length is defined by dwCallengeSize. Sign the MD5 hash using the private key corresponding to the public key stored in the certificate in the property PROPID_QM_SIGN_PK associated with the machine object in the directory service. The machine object is the object specified by the pGuid parameter in the corresponding call to S_DSQMGetObjectSecurity. Set abCallengeResponce to the signed MD5 hash Set *pdwCallengeResponceSize to the size in bytes of the signed MD5 hash.
pdwCallengeResponceSize: Size in bytes of the signature in the abCallengeResponce parameter. MUST be set by the receiver to the actual length, in bytes, of the signature returned in abCallengeResponce on output.
dwCallengeResponceMaxSize: MUST be set by the caller to the maximum length in bytes of the server signature to be returned in abCallengeResponce. If the server signature is larger than the supplied buffer, the server MUST return MQ_ERROR_USER_BUFFER_TOO_SMALL (0xC00E0028).
Return Values: This method is obsolete. The server SHOULD NOT call this method, and the client SHOULD return MQ_ERROR_NOT_SUPPORTED (0xC00E03EB).<147> If the method succeeds, the return value is 0. If the method fails, the return value is an implementation-specific error code.
ERROR_SUCCESS (0x00000000)
MQ_ERROR_NOT_SUPPORTED (0xC00E03EB)
Exceptions Thrown: No exceptions are thrown beyond those thrown by the underlying RPC protocol extension, as specified in [MS-RPCE].