The WSAImpersonateSocketPeer function is used to impersonate the security principal corresponding to a socket peer in order to perform application-level authorization.
INT WSAAPI WSAImpersonateSocketPeer( SOCKET Socket, const sockaddr *PeerAddr, ULONG PeerAddrLen );
Identifies the application socket.
The IP address of the peer to be impersonated. For connection-oriented sockets, the connected socket uniquely identifies a peer. In this case, this parameter is ignored.
The size, in bytes, of the PeerAddress parameter.
If the function succeeds, the return value is 0. Otherwise, a value of SOCKET_ERROR is returned, and a specific error code can be retrieved by calling WSAGetLastError.
Some possible error codes are listed below.
|The system detected an invalid address pointer in attempting to use a pointer argument of a call. This error is returned if the PeerAddr parameter was a NULL pointer.|
|The specified address family is not supported.|
|A buffer passed was too small.|
|The descriptor passed in the Socket parameter is not a valid socket.|
The WSAImpersonateSocketPeer function provides an application the ability to impersonate the security principal corresponding to a socket peer in order to perform application-level authorization. If peer user (impersonation) token is available then it will be used for impersonation, otherwise the peer computer token will be used. The WSAImpersonateSocketPeer function can be called only for blocking, non-overlapped sockets. After performing any authorization checks, an application must call the WSARevertImpersonation function to terminate the impersonation.
For connection-oriented sockets, the WSAImpersonateSocketPeer function should be called after a connection is established. For a server application using connection-oriented sockets, the WSAImpersonateSocketPeer should be called after the accept, AcceptEx, or WSAAccept function returns.
For connectionless sockets, the application should call the WSAImpersonateSocketPeer function immediately after the recv, recvfrom, WSARecv, WSARecvEx, WSARecvFrom, or WSARecvMsg function returns for a new peer address.
The WSAImpersonateSocketPeer function can be called multiple times for a single socket.
An error will be returned if the following conditions are not met.
- The address family of the Socket parameter must be either AF_INET or AF_INET6.
- The socket type must be either SOCK_STREAM or SOCK_DGRAM.
The WSARevertImpersonation function must be called to end the impersonation.
|Minimum supported client||Windows Vista [desktop apps only]|
|Minimum supported server||Windows Server 2008 [desktop apps only]|