OSF DCE Application Development Guide--Core Components

OSF DCE Application Development Guide—Core Components

31.3.1 The ACL Network Interface

The ACL network interface, rdacl_*(), provides a DCE-common interface to ACL

managers. It is the interface exported by the default DCE ACL managers to the default

DCE ACL client (that is, the dcecp tool), and any other client based on the client API.

The client API, sec_acl_*(), is a local interface that calls a client-side implementation of

the ACL network interface. The server side implementation of this interface must

conform to the rdacl_*(3sec) reference pages. The DCE ACL library provides such an

implementation. Following is a summary of the rdacl_*()routines:

• rdacl_lookup( )

Retrieves a copy of the object’s ACL.

• rdacl_replace()

Replaces the speciﬁed ACL.

• rdacl_get_access( )

Returns a principal’s permissions to an object (useful for implementing operations

like the conventional UNIX system access function).

• rdacl_test_access()

Determines whether the calling principal has the requested permission(s).

• rdacl_test_access_on_behalf( )

Determines whether the principal represented by the calling principal has the

requested permission(s). This function returns TRUE if both the principal and the

calling principal acting as its agent have the requested permission(s).

Note: The rdacl_test_access_on_behalf() routine is deprecated and should

not be used in new code. Delegation has removed the need for this

routine.

• rdacl_get_manager_types()

Returns a list of manager types protecting the object.

• rdacl_get_printstring( )

Obtains human-readable representations of permissions.

• rdacl_get_referral( )

Returns a referral to an ACL update site. This function enables a client that attempts

to modify an ACL at a read-only site to recover from the error and rebind to an

update site.

31−6 Tandem Computers Incorporated 124245