OSF DCE Application Development Guide--Introduction and Style Guide
OSF DCE Application Development Guide—Introduction and Style Guide
rpc_authz_handle_t pac;
/* Get the client’s credentials... */
rpc_binding_inq_auth_client(. . . &pac . . &status);
/* If there is no authentication information, set up a set of null */
/* credentials... */
if (status == rpc_s_binding_has_no_auth)
{
pac = (rpc_authz_handle_t)0;
}
/* And now test the client’s possession of the required permissions */
/* by passing its credentials (along with other pertinent data) to */
/* the following call... */
sec_acl_mgr_is_authorized(. . . (sec_id_pac_t*)pac...);
3.4.2 Access Control Lists
Authorization decisions depend on the following information:
privilege attributes
A set of principal and group names qualified by the cell name in which
the principals and groups exist.
This information comes from the entity (client) that is attempting to
perform the operation in question.
ACL privilege attribute entries
This is the ACL. It consists of a list of entries, each of which consists of
an entry type,akey , and a permissions set, which taken together
describe what permissions a particular entity possesses for the object to
which the ACL is attached.
The ACL is looked up by the server through which the client is trying to
perform the operation.
ACL mask entries
These consist of two entry_type:permissions_set pairs.
requested permissions
A permission set which describes the permissions that a client must
possess in order to perform the requested operation. The server itself
calculates this information.
3− 20 Tandem Computers Incorporated 124246