Manualshelf

OSF DCE Application Development Guide--Introduction and Style Guide

ManualsBrandsHP ManualsServerHP NonStop G-Series
919293949596979899100
Security
ACL library (see Section 3.4.3.2), its ACL management information will be hooked into
the remote ACL implementation routines that make up the DCE ACL library.
Of course, an application still must take care of the details of storing and retrieving its
ACLs (though these tasks are now made much easier by the DCE backing store library
routines), setting up definitions that determine how its ACLs are interpreted, and so on.
Practical examples of how to do these things can be found in the DCE sample
application (fully reprinted in Appendix A), which is explained in the following sections.
For more detailed information about the interfaces mentioned below, see the
3.4.3.1 Who Does What?
In a properly-setup application ACL manager, who does what? That is, what does the
application code have to do about ACLs, and what is left up to the ACL library?
The DCE Security Service ACL API consists of the following routines:
sec_acl_bind( )
sec_acl_bind_to_addr( )
sec_acl_calc_mask( )
sec_acl_get_access( )
sec_acl_get_error_info( )
sec_acl_get_manager_types()
sec_acl_get_mgr_types_semantics()
sec_acl_get_printstring( )
sec_acl_lookup( )
sec_acl_replace()
sec_acl_test_access( )
sec_acl_test_access_on_behalf( )
As their names suggest (full descriptions can be found in the OSF DCE Application
Development Reference), these routines are what DCE clients call to use and
manipulate ACLs, namely: bind to an object’s ACL; retrieve an ACL; replace (that
is, write to) an ACL; test (via its ACL) access to an object, and so on.
A properly-set-up DCE application does not have to implement any of these
operations; they are all taken care of by the remote ACL implementations in the
DCE ACL library. The only exception to this statement involves the binding
operation. The application must register a routine that can be called by the ACL
library whenever necessary to make up a complete binding to a specific ACL (this
involves returning an ACL UUID, as will be seen below). This is the application’s
hook into the ACL library implementations: the registered routine will always be
called during a binding operation on any of the application’s ACLs, and once it has
given the library a binding to the desired ACL, the library routines can perform
124246 Tandem Computers Incorporated 3 23