Manualshelf

OSF DCE Application Development Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series
601602603604605606607608609610
The Extended Attribute API
28.4.3 Access Control on Attributes with Triggers
When a query or update call accesses an attribute associated with an attribute trigger,
the call checks the ACL of the object with which the attribute is associated to see if the
client has the permissions required for the operation. If access is granted, the operation
returns a binding handle authenticated with the client’s login context. This handle is
then used to perform the the sec_attr_trig_query or sec_attr_trig_update operation.
Access to information maintained by an attribute trigger is controlled entirely by that
attribute trigger. The attribute trigger can choose to implement any authorization
mechanism, including none. For example, the attribute trigger can obtain the client’s
identity from the RPC runtime to perform name-based authentication and perform ACL
checks (or any other type of access control mechanism), and it can query the registry
attribute schema for the attribute type’s permission set to use for an ACL check. Access
control on attribute information stored outside of the registry database is left to the
application designer.
28.5 Calls that Access Attribute Triggers
This section describes the calls that send information to and receive it from attribute
triggers.
28.5.1 Usingsec_attr_trig_cursor_t with sec_attr_trig_query( )
The sec_attr_trig_query() call, which reads attributes associated with a query attribute
trigger, uses a cursor of type sec_attr_trig_cursor_t. This cursor must be allocated and
initialized before it can be used as input to the sec_attr_trig_query( ) call. After use,
the resources allocated to sec_attr_trig_cursor_t must be released.
The following calls allocate, initialize, and release a sec_attr_trig_cursor_t type for
use with the sec_attr_trig_query( ) call:
sec_attr_trig_cursor_init( )
The sec_attr_trig_cursor_init( ) call allocates resources to the cursor and initializes
the cursor to the first attribute in the list of attributes for the object whose binding
handle is specified. This call makes a remote call.
sec_attr_trig_cursor_release()
The sec_rgy_attr_cursor_release() call releases all resources allocated to a
sec_attr_trig_cursor_t type by sec_attr_trig_cursor_init( ).
124245 Tandem Computers Incorporated 28 23