Manualshelf

OSF DCE Application Development Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series
641642643644645646647648649650
The Access Control List APIs
31.3.2 The ACL Library
The ACL library provides an implementation of the ACL manager interface and the
ACL network interface for the convenience of programmers who are writing ACL
managers for DCE servers.
The ACL library meets the following needs:
It provides stable storage for ACLs.
It implements the rdacl_*() interface, including support for multiple object types,
initial default Object ACLs, and initial default Container ACLs.
It implements the full access algorithm, including masks and delegation.
It provides DCE developers with a set of convenience functions so that servers can
easily perform common styles of access control with minimal effort.
31.3.2.1 ACL Library Capabilities
The ACL library provides simple and practical access to the DCE security model.
The library provides a routine that indicates in a single call whether or not a client has
the appropriate permissions to perform a particular operation. A server can also easily
retrieve the full set of permissions granted to a client by an object’s ACL.
The library provides the complete rdacl_*() remote interface. Standard routines are
provided to map either a UUID attached to a handle or a residual name specified as one
of the parameters.
The combination of these capabilities means that most servers will not have any need to
use DCE ACL data types directly.
31.3.2.2 The ACL API
The ACL library API, dce_acl_*(), is a local interface that provides the server-side
implementation of the ACL network interface. The reference pages in OSF DCE
Application Development Reference describe the library routines.
The ACL library consists of the following parts:
Initialization routines, where the server registers each ACL manager type.
Server queries, where a server can perform various types of access checks.
ACL object creation, where servers can create ACLs without concern for most
low-level data type details.
The rdacl_*()implementation and server callback, where the server maps rdacl_*()
parameters into a specific ACL object. Two sample resolver routines are associated
124245 Tandem Computers Incorporated 317