Manualshelf

OSF DCE Application Development Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series
601602603604605606607608609610
OSF DCE Application Development Guide—Core Components
28.5.2 The sec_rgy_attr_trig_query() and sec_rgy_attr_trig_update( )
Calls
The sec_attr_trig_query() call reads instances of attributes coded with a trigger type of
query for a specified object. It passes an array of sec_attr_t values to a query attribute
trigger and receives the output parameters back from the server. The
sec_attr_trig_update() routine passes attributes coded with a trigger type of update to
an update attribute trigger for evaluation before the updates are made to the registry.
Both calls are called automatically by the DCE attribute lookup or update code for all
schema entries that specify a trigger. Although you should not call these calls directly, if
you are implementing a trigger server, it will receive input from these calls and the
attribute trigger’s output should be passed back to them. The data received must be in a
form accessible to the call and, if it is the result of an update, a form that can be stored
in the registry database.
The object whose attribute instances are to be read or updated is identified by
The name of the cell in which the object exists
The name of the object or a UUID in string format that identifies the object
28.5.3 The priv_attr_triq_query( ) Call
The priv_attr_trig_query( ) call is used by the privilege service to retrieve trigger
attributes and add them to a princpal’s EPAC. The privilege service executes this call
when it receives a request to add a principal and its extended attribute instances to an
EPAC and the attributes are associated with a trigger server. The call passes an array of
sec_attr_t values to the attribute trigger and receives the attribute values back from the
trigger server in another array of sec_attr_t values. If the principal is being added to a
delegation chain, the call also passes the UUIDs of all of the current members of the
delegation chain to the trigger server. The trigger server can then evaluate all identities
to determine access rights to the requested attributes.
Like the sec_rgy_attr_trig_update( ) calls, you will not call priv_attr_trig_query()
directly. However, if you are implementing a trigger server, it will receive input from
these call and the attribute trigger’s output should be passed back to the call. The data
received must be in a form accessible to the call.
28.6 The DCE Attribute API
The DCE attribute calls are not described in detail. This is because, with the exception
of the calls that bind to a selected database (dce_attr_sch_bind()( and
dce_attr_sch_bind_free()), the dce_sec_attr_*() calls are the same as the
sec_rgy_attr_sch_*() calls. Refer to Section 28.1 for information on using each call.
2824 Tandem Computers Incorporated 124245