Previous section.

DCE 1.1: Authentication and Security Services
Copyright © 1997 The Open Group

NAME

<dce/aclbase.h>-Header for sec_acl API.

SYNOPSIS

#include <dce/aclbase.h>

DESCRIPTION

Data Types and Constants
The following data types (listed in alphabetical order) are used in the sec_acl API.

unsigned char *sec_acl_component_name_t

Server-supported namespace component.

struct sec_acl_entry_t

This data type represents an ACLE. It contains the following fields:

sec_acl_permset_t perms

The permissions granted to the principals identified by this ACL entry.

struct entry_info

Identifies the principals to which this ACLE "applies" (that is, which "match" this ACLE for the purposes of an access decision). It contains the following fields:

sec_acl_entry_type_t entry_type

The type of this ACLE.

union tagged_union

Information further identifying (or "tagging") this ACLE. It contains the following fields:

sec_id_t id

Local principal, local group or foreign cell to which this ACLE applies. This union arm is selected if entry_type is sec_acl_e_type_user, sec_acl_e_type_group, sec_acl_e_type_foreign_other sec_acl_e_type_user_deleg, sec_acl_e_type_group_deleg, or sec_acl_e_type_for_other_deleg.

sec_id_foreign_t foreign_id

Foreign principal or foreign group to which this ACLE applies. This union arm is selected if entry_type is sec_acl_e_type_foreign_user, sec_acl_e_type_foreign_group, sec_acl_e_type_for_user_deleg, or sec_acl_e_type_for_group_deleg.

sec_acl_extend_info_t *extended_info

Contents of an extended ACLE. This union arm is selected if entry_type is sec_acl_e_type_extended.

/*empty*/

The tagged_union field contains no valid information for any other value of entry_type.

enum sec_acl_entry_type_t

The ACLE type of an ACLE. It can take the following values (see ACL Entries and their Types for discussion):

sec_acl_e_type_user_obj

USER_OBJ

sec_acl_e_type_group_obj

GROUP_OBJ

sec_acl_e_type_other_obj

OTHER_OBJ

sec_acl_e_type_user_obj_deleg

USER_OBJ_DEL

sec_acl_e_type_group_obj_deleg

GROUP_OBJ_DEL

sec_acl_e_type_other_obj_deleg

OTHER_OBJ_DEL

sec_acl_e_type_user

USER

sec_acl_e_type_group

GROUP

sec_acl_e_type_user_deleg

USER_DEL

sec_acl_e_type_group_deleg

GROUP_DEL

sec_acl_e_type_mask_obj

MASK_OBJ

sec_acl_e_type_foreign_user

FOREIGN_USER

sec_acl_e_type_foreign_group

FOREIGN_GROUP

sec_acl_e_type_foreign_other

FOREIGN_OTHER

sec_acl_e_type_for_user_deleg

FOREIGN_USER_DEL

sec_acl_e_type_for_group_deleg

FOREIGN_GROUP_DEL

sec_acl_e_type_for_other_deleg

FOREIGN_OTHER_DEL

sec_acl_e_type_any_other

ANY_OTHER

sec_acl_e_type_unauthenticated

UNAUTHENTICATED

sec_acl_e_type_extended

EXTENDED

struct sec_acl_extend_info_t

Extended ACL information (see Extended ACLE Information for discussion). It contains the following fields:

uuid_t extension_type

The type of extension this is, indicating to ACL managers whether or not they can interpret it. (ACL managers must reject any extended ACLEs they cannot interpret.)

ndr_format_t format_label

NDR format label.

unsigned32 num_bytes

Number of bytes in pickled_data[] array.

unsigned char pickled_data[]

The actual extended ACL information itself.

sec_acl_handle_t

An opaque (to the client) data type representing a handle to a protected object. The handle is bound to the protected object with sec_acl_bind() or sec_acl_bind_to_addr(). The distinguished value sec_acl_default_handle signifies an unbound handle.

sec_acl_id_t

This data type is equivalent to the sec_id_t data type (that is, they may be used interchangeably).

unsigned32 sec_acl_permset_t

Permission bits. The following values are currently defined (see ACL Managers, Permissions, Access Determination Algorithms for discussion):

sec_acl_perm_read

Read. (Conventional value: 0x00000001.)

sec_acl_perm_write

Write. (Conventional value: 0x00000002.)

sec_acl_perm_execute

Execute. (Conventional value: 0x00000004.)

sec_acl_perm_control

Control (or Change, or Write-ACL). (Conventional value: 0x00000008.)

sec_acl_perm_insert

Insert. (Conventional value: 0x00000010.)

sec_acl_perm_delete

Delete. (Conventional value: 0x00000020.)

sec_acl_perm_test

Test. (Conventional value: 0x00000040.)

sec_acl_perm_unused_00000080 to sec_acl_perm_unused_80000000

Application-defined. There are 25 of these bits, the last 8 characters of whose names correspond to the bit-value identifiers 0x00000080-0x80000000 (and which by convention have these same bit-values).

struct sec_acl_t

This data type represents an ACL. It contains the following fields:

sec_acl_id_t default_realm

The default cell (or realm) for this ACL.

uuid_t sec_acl_manager_type

The ACL manager that can interpret this ACL.

unsigned32 num_entries

Number of ACLEs in this ACL.

sec_acl_entry_t *sec_acl_entries[]

An array containing num_entries pointers to the ACLEs of this ACL.

struct sec_acl_list_t

A list of ACLs. It contains the following fields:

unsigned32 num_acls

The number of ACLs contained in this list.

sec_acl_p_t sec_acls[]

Pointers to the actual ACLs in this list.

sec_acl_t *sec_acl_p_t

Pointer to a sec_acl_t.

struct sec_id_foreign_t

Identities of "foreign" entities (see Local and Foreign Authorisation Identities ). It contains the following fields:

sec_id_t id

Identifier of the entity within its cell.

sec_id_t realm

Identifier of the entity's cell (or "realm" in security-specific terminology).

struct sec_id_t

Identities of cells and "local" entities, suitable for DCE authorisation architecture (see Authorisation Identities ). (Compare sec_id_foreign_t.) It contains the following fields:

uuid_t uuid

Definitive identifier of the entity.

unsigned char *name

Advisory ("optional") identifier of the entity.

struct sec_acl_printstring_t

Information about permission bits, and about ACL managers as a whole (see Printstrings and Helpstrings and rdacl_get_printstring() for discussion). It contains the following fields:

unsigned char *printstring

Printstring (a character string of maximum length signed32 sec_acl_printstring_len).

unsigned char *helpstring

Helpstring (a character string of maximum length signed32 sec_acl_printstring_help_len).

sec_acl_permset_t permissions

Bit representation of permission(s).

enum sec_acl_type_t

The ACL's type (see Object Types, ACL Types, and ACL Inheritance for discussion). The following values are currently defined:

sec_acl_type_object

Protection ACL.

sec_acl_type_default_object

Default object creation ACL.

sec_acl_type_default_container

Default container creation ACL.

sec_acl_type_unspecified_3, ···, sec_acl_type_unspecified_7

Application defined. (There are 5 of these identifiers; each is 26 characters long. Their first 25 characters are "sec_acl_type_unspecified_", and their last characters are, respectively: "3", "4", "5", "6", "7".)

Status Codes

The following status codes (listed in alphabetical order) are used in the sec_acl API.

sec_acl_bad_acl_syntax

ACL has invalid semantics (not "syntax").

sec_acl_bad_key

The ACLE tag (key) is not valid.

sec_acl_bad_parameter

Parameter passed is invalid.

sec_acl_bind_error

Unable to get binding to protected object.

sec_acl_cant_allocate_memory

Requested operation requires more memory than is available.

sec_acl_duplicate_entry

ACL has duplicate entries.

sec_acl_expected_group_obj

ACLE is not of type GROUP_OBJ.

sec_acl_expected_user_obj

ACLE is not of type USER_OBJ.

sec_acl_invalid_entry_name

Requested namespace entry is invalid. For example, purported component name contains an illegal character.

sec_acl_invalid_entry_type

ACLE type is not valid.

sec_acl_invalid_manager_type

Manager type is not valid.

sec_acl_invalid_permission

Permissions for this ACL are invalid.

sec_acl_invalid_site_name

Site (server instance) name is not valid.

sec_acl_invalid_acl_type

ACL type is not valid.

sec_acl_missing_required_entry

ACL is missing a required entry.

sec_acl_name_resolution_failed

Name requested in the operation cannot be resolved.

sec_acl_no_acl_found

Requested ACL was not present.

sec_acl_no_owner

Requested operation requires owner permission.

sec_acl_not_authorized

Requested operation is not allowed.

sec_acl_not_implemented

Unwilling to perform requested operation (or, colloquially, requested operation has "not been implemented").

sec_acl_no_update sites

No update site for this ACL operation.

sec_acl_object_not_found

Requested protected object could not be found.

sec_acl_read_only

ACL is read-only.

sec_acl_rpc_error

Operation requested failed in RPC.

sec_acl_site_read_only

ACL is read-only at this site.

sec_acl_unable_to_authenticate

Requested operation requires authentication.

sec_acl_unknown_manager_type

Manager type selected is not an available option.

sec_invalid_acl_handle

ACL binding handle is invalid.

Please note that the html version of this specification may contain formatting aberrations. The definitive version is available as an electronic publication on CD-ROM from The Open Group.

Contents Next section Index