Manualshelf

OSF DCE Application Development Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series
641642643644645646647648649650
Chapter 32. The ID Map API
In the multicell environment, the global print string representation of a principal identity
can be ambiguous, even though every principal and its native cell have unique names in
the form of UUIDs to which the print string representations normally resolve. For
example, all ACLs maintain UUIDs as the definitive representations of principal and cell
names. The acl_edit tool, on the other hand, takes as input (and also outputs) this same
information as print strings. This string-to-UUID mapping is accomplished easily
enough when an ACL entry refers to a local identity; that is, a member of the local cell.
However, when a user adds an ACL entry for a foreign principal identity such as
/.../world/dce/rd/writers/tom, it is not evident to the ACL manager which part of the
name identifies the cell, and which identifies the principal within the cell. The name
/.../world/dce may refer to a cell containing the principal /rd/writers/tom, or the cell
name may be /.../world/dce/rd and the principal name /writers/tom.
To parse the fully qualified principal name that the user types into its cell name and local
principal-name components, and for these components to be mapped to UUIDs, ACL
managers that support entries for foreign identities use the ID map API. For the same
reasons, many other kinds of servers in a DCE multicell environment need a facility to
parse global names and translate UUIDs into print string names.
The ID map API provides a simple interface to translate a fully qualified name (that is,
the global representation of a name) into its components and back again. This API
consists of the following calls:
The sec_id_parse_name() call takes as input a registry context handle and a fully
qualified principal name, and returns the principal’s print string name and UUID, and
the print string name and UUID of the principal’s native cell.
The sec_id_gen_name( ) call translates a principal UUID and the UUID of its native
cell UUID into a cell-relative principal name, a cell name, and a fully qualified
principal name.
The sec_id_parse_group() call is like sec_id_parse_name(), except that it operates
on group names.
The sec_id_gen_group( ) call is like sec_id_gen_name( ), except that it operates on
group names.
124245 Tandem Computers Incorporated 321