OSF DCE Application Development Guide--Core Components

ManualsBrandsHP ManualsServerHP Integrity NonStop J-Series

641

642

643

644

645

646

647

648

649

650

OSF DCE Application Development Guide—Core Components

The operations in the rdacl_*() interface share an initial set of parameters that specify

the ACL object being operated upon:

handle_t h

sec_acl_component_name_t component_name

uuid_t *manager_type

sec_acl_type_t sec_acl_type

The sec_acl_type parameter indicates whether a protection ACL, an initial default

Object ACL, or an initial default Container ACL is desired. It does not appear in the

access operations as it must have the value sec_acl_type_object.

In order to implement the rdacl_*() interface, the server must provide a resolution

routine that maps these parameters into the UUID of the desired ACL object; the library

includes two such routines: dce_acl_resolve_by_uuid( ) and

dce_acl_resolve_by_name( ).

The resolution routine is required because servers use the namespace in different ways.

Here are three examples:

• Servers that export only their binding information and manage a single object, and

hence use a single ACL, do not need the resolution parameters. DTS is an example

of this case.

• Servers with many objects in the namespace, with a UUID in each entry, will call

rpc_binding_inq_object on the handle to obtain the object UUID. They then use

this same UUID as the index of the ACL object. Many application servers will be of

this type. One ACL library resolver function, dce_acl_resolve_by_uuid( ), matches

this paradigm. This paradigm is not appropriate if the number of objects is immense.

• Servers with many objects will use a junction or similar architecture so that the

component name (also called the residual) speciﬁes the ACL object by name. The

DCE security server is essentially of this type. Another ACL library resolver

function, dce_acl_resolve_by_name( ), matches this paradigm.

The following typedef speciﬁes the signature for a resolution routine. The ﬁrst four

parameters are the common rdacl_*()parameters mentioned previously.

typedef void (*dce_acl_resolve_func_t)(

/* [in] parameters */

handle_t h,

sec_acl_component_name_t component_name,

sec_acl_type_t sec_acl_type,

uuid_t *manager_type,

boolean32 writing,

void *resolver_arg

/* [out] parameters */

uuid_t *acl_uuid,

error_status_t *st

);

For situations in which neither of the ACL library resolver functions,

dce_acl_resolve_by_uuid( ) or dce_acl_resolve_by_name( ), is appropriate, application

developers must provide their own.

31−10 Tandem Computers Incorporated 124245