Manualshelf

OSF DCE Application Development Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series
631632633634635636637638639640
OSF DCE Application Development Guide—Core Components
An ACL can occupy a substantial amount of memory. The memory management routine,
sec_acl_release(), frees the memory occupied by an ACL, and returns it to the pool.
This is implemented strictly as a local operation.
31.1.3 Errors
Although the ACL API saves errors received from the DCE RPC runtime (or other APIs)
in ACL handle data, it returns an error describing the ACL operation that failed as a
result of the RPC error. However, if an error occurs and the client needs to know the
cause of the ACL operation failure, it may call sec_acl_get_error_info( ). This routine
returns the error code last stored in the handle.
31.2 Guidelines for Constructing ACL Managers
ACL manager names for all of DCE should follow the convention for naming dcecp
attributes. There is no architectural restriction involved in the guidelines shown here,
merely an attempt at consistency. The DCE control program will accept names outside
of this convention, but adherence to it will make usage of ACL managers easier.
The guidelines are as follows:
Alphabetic characters in names must be lowercase only.
Names should not contain underscores.
Names should not contain spaces.
Names should be no longer than 16 bytes, the defined value of
sec_acl_printstring_len.
Names should be similar to object command names supported in dcecp whenever
possible. For example, the ACL manager name principal refers to the object,
/.:/sec/principal, that contains registry information about principals. Note that dcecp
allows abbreviations. For example, a user can specify org for the ACL manager
name organization.
Names must be unique within a component’s ACL manager but not necessarily
within DCE. For example, the name xattrschema can be used for a DCE extended
attribute configuration schema ACL object and for a security ERA schema ACL
object.
The help string for an ACL manager must specify the component that owns or
manages the objects in question because this information cannot always be derived
from the ACL manager name.
314 Tandem Computers Incorporated 124245