Manualshelf

OSF DCE Application Development Guide--Introduction and Style Guide

ManualsBrandsHP ManualsServerHP NonStop G-Series
919293949596979899100
Security
2. Use the object UUID to retrieve the object information, which contains (among
many other things) the UUID that identifies the object’s ACL (in the object
UUID-indexed database).
3. Use the retrieved ACL UUID to retrieve the ACL itself (from the ACL UUID-
indexed database). If the manager types match, return the ACL UUID extracted in
step 2 to the caller.
The caller is usually some routine in the ACL library. All it needs from the resolution
routine is the ACL UUID; with this it can retrieve the ACL itself and proceed to do
whatever needs to be done with (or to) it.
3.4.3.6 What is an ACL Manager?
A lot is said here and elsewhere about ACL managers, but you will not find in the sample
application any specific routine or block of code with that name. So where exactly is our
sample ACL manager? What does it consist of?
Conceptually, ACL manager is a way of referring comprehensively to the code and data
present in an application to support ACLs. Practically speaking, the ACL manager in the
sample application consists of all the places in the code where
dce_acl_is_client_authorized( ) is called to check a requestor’s authorization. This is
done in sample_mgmt_auth( ) (in sample_server.c) and sample_call( ) (in
sample_manager.c).
Note that there are actually two ACL managers in the sample application. In
sample_call( ), the client’s access to the sample_object is being checked, and the ACL
manager type UUID passed to the call is sample_acl_mgr_uuid.In
sample_mgmt_auth(), on the other hand, the client’s access to the server_mgmt object
is being checked, so the ACL manager type UUID passed there is mgmt_acl_mgr_uuid.
3.4.3.7 Why Two ACL Managers?
The application has two ACL managers because it uses two different kinds of object.
This circumstance is a little obscured by the fact there are only two objects used in the
application (in a real application, we might have expected many instances of
sample_object, although there would still of course be only one server_mgmt object).
Still, sample_object and server_mgmt are very different kinds of object, and having
access to one means something quite different from having access to the other.
sample_object is a dummy object with no independent meaning, but server_mgmt
represents access to the server’s remote management routines, which involves such
things as being able to kill the server.
A practical sense of what this means can be had from looking at the two managers’ ACL
printstrings, near the top of the sample_server.c file. These strings, which contain text
representations of the full range of permissions supported by the respective managers,
show that there are many permissions that are unique to a single manager. For example,
124246 Tandem Computers Incorporated 3 27