<dce/aclbase.h>-Header for sec_acl API.
#include <dce/aclbase.h>
Data Types and Constants
The following data types (listed in alphabetical order) are used in the sec_acl API.
- unsigned char *sec_acl_component_name_t
Server-supported namespace component.
- struct sec_acl_entry_t
This data type represents an ACLE. It contains the following fields:
- sec_acl_permset_t perms
The permissions granted to the principals identified by this ACL entry.
- struct entry_info
Identifies the principals to which this ACLE "applies" (that is, which "match" this ACLE for the purposes of an access decision). It contains the following fields:
- sec_acl_entry_type_t entry_type
The type of this ACLE.
- union tagged_union
Information further identifying (or "tagging") this ACLE. It contains the following fields:
- sec_id_t id
Local principal, local group or foreign cell to which this ACLE applies. This union arm is selected if entry_type is sec_acl_e_type_user, sec_acl_e_type_group, sec_acl_e_type_foreign_other sec_acl_e_type_user_deleg, sec_acl_e_type_group_deleg, or sec_acl_e_type_for_other_deleg.
- sec_id_foreign_t foreign_id
Foreign principal or foreign group to which this ACLE applies. This union arm is selected if entry_type is sec_acl_e_type_foreign_user, sec_acl_e_type_foreign_group, sec_acl_e_type_for_user_deleg, or sec_acl_e_type_for_group_deleg.
- sec_acl_extend_info_t *extended_info
Contents of an extended ACLE. This union arm is selected if entry_type is sec_acl_e_type_extended.
- /*empty*/
The tagged_union field contains no valid information for any other value of entry_type.
- enum sec_acl_entry_type_t
The ACLE type of an ACLE. It can take the following values (see
ACL Entries and their Types for discussion):
- sec_acl_e_type_user_obj
USER_OBJ
- sec_acl_e_type_group_obj
GROUP_OBJ
- sec_acl_e_type_other_obj
OTHER_OBJ
- sec_acl_e_type_user_obj_deleg
USER_OBJ_DEL
- sec_acl_e_type_group_obj_deleg
GROUP_OBJ_DEL
- sec_acl_e_type_other_obj_deleg
OTHER_OBJ_DEL
- sec_acl_e_type_user
USER
- sec_acl_e_type_group
GROUP
- sec_acl_e_type_user_deleg
USER_DEL
- sec_acl_e_type_group_deleg
GROUP_DEL
- sec_acl_e_type_mask_obj
MASK_OBJ
- sec_acl_e_type_foreign_user
FOREIGN_USER
- sec_acl_e_type_foreign_group
FOREIGN_GROUP
- sec_acl_e_type_foreign_other
FOREIGN_OTHER
- sec_acl_e_type_for_user_deleg
FOREIGN_USER_DEL
- sec_acl_e_type_for_group_deleg
FOREIGN_GROUP_DEL
- sec_acl_e_type_for_other_deleg
FOREIGN_OTHER_DEL
- sec_acl_e_type_any_other
ANY_OTHER
- sec_acl_e_type_unauthenticated
UNAUTHENTICATED
- sec_acl_e_type_extended
EXTENDED
- struct sec_acl_extend_info_t
Extended ACL information (see
Extended ACLE Information for discussion). It contains the following fields:
- uuid_t extension_type
The type of extension this is, indicating to ACL managers whether or not they can interpret it. (ACL managers must reject any extended ACLEs they cannot interpret.)
- ndr_format_t format_label
NDR format label.
- unsigned32 num_bytes
Number of bytes in pickled_data[] array.
- unsigned char pickled_data[]
The actual extended ACL information itself.
- sec_acl_handle_t
An opaque (to the client) data type representing a handle to a protected object. The handle is bound to the protected object with
sec_acl_bind() orsec_acl_bind_to_addr() . The distinguished value sec_acl_default_handle signifies an unbound handle.
- sec_acl_id_t
This data type is equivalent to the sec_id_t data type (that is, they may be used interchangeably).
- unsigned32 sec_acl_permset_t
Permission bits. The following values are currently defined (see
ACL Managers, Permissions, Access Determination Algorithms for discussion):
- sec_acl_perm_read
Read. (Conventional value: 0x00000001.)
- sec_acl_perm_write
Write. (Conventional value: 0x00000002.)
- sec_acl_perm_execute
Execute. (Conventional value: 0x00000004.)
- sec_acl_perm_control
Control (or Change, or Write-ACL). (Conventional value: 0x00000008.)
- sec_acl_perm_insert
Insert. (Conventional value: 0x00000010.)
- sec_acl_perm_delete
Delete. (Conventional value: 0x00000020.)
- sec_acl_perm_test
Test. (Conventional value: 0x00000040.)
- sec_acl_perm_unused_00000080 to sec_acl_perm_unused_80000000
Application-defined. There are 25 of these bits, the last 8 characters of whose names correspond to the bit-value identifiers 0x00000080-0x80000000 (and which by convention have these same bit-values).
- struct sec_acl_t
This data type represents an ACL. It contains the following fields:
- sec_acl_id_t default_realm
The default cell (or realm) for this ACL.
- uuid_t sec_acl_manager_type
The ACL manager that can interpret this ACL.
- unsigned32 num_entries
Number of ACLEs in this ACL.
- sec_acl_entry_t *sec_acl_entries[]
An array containing num_entries pointers to the ACLEs of this ACL.
- struct sec_acl_list_t
A list of ACLs. It contains the following fields:
- unsigned32 num_acls
The number of ACLs contained in this list.
- sec_acl_p_t sec_acls[]
Pointers to the actual ACLs in this list.
- sec_acl_t *sec_acl_p_t
Pointer to a sec_acl_t.
- struct sec_id_foreign_t
Identities of "foreign" entities (see
Local and Foreign Authorisation Identities ). It contains the following fields:
- sec_id_t id
Identifier of the entity within its cell.
- sec_id_t realm
Identifier of the entity's cell (or "realm" in security-specific terminology).
- struct sec_id_t
Identities of cells and "local" entities, suitable for DCE authorisation architecture (see
Authorisation Identities ). (Compare sec_id_foreign_t.) It contains the following fields:
- uuid_t uuid
Definitive identifier of the entity.
- unsigned char *name
Advisory ("optional") identifier of the entity.
- struct sec_acl_printstring_t
Information about permission bits, and about ACL managers as a whole (see
Printstrings and Helpstrings andrdacl_get_printstring() for discussion). It contains the following fields:
- unsigned char *printstring
Printstring (a character string of maximum length signed32 sec_acl_printstring_len).
- unsigned char *helpstring
Helpstring (a character string of maximum length signed32 sec_acl_printstring_help_len).
- sec_acl_permset_t permissions
Bit representation of permission(s).
- enum sec_acl_type_t
The ACL's type (see
Object Types, ACL Types, and ACL Inheritance for discussion). The following values are currently defined:
- sec_acl_type_object
Protection ACL.
- sec_acl_type_default_object
Default object creation ACL.
- sec_acl_type_default_container
Default container creation ACL.
- sec_acl_type_unspecified_3, ···, sec_acl_type_unspecified_7
Application defined. (There are 5 of these identifiers; each is 26 characters long. Their first 25 characters are "sec_acl_type_unspecified_", and their last characters are, respectively: "3", "4", "5", "6", "7".)
Status Codes
The following status codes (listed in alphabetical order) are used in the sec_acl API.
- sec_acl_bad_acl_syntax
ACL has invalid semantics (not "syntax").
- sec_acl_bad_key
The ACLE tag (key) is not valid.
- sec_acl_bad_parameter
Parameter passed is invalid.
- sec_acl_bind_error
Unable to get binding to protected object.
- sec_acl_cant_allocate_memory
Requested operation requires more memory than is available.
- sec_acl_duplicate_entry
ACL has duplicate entries.
- sec_acl_expected_group_obj
ACLE is not of type GROUP_OBJ.
- sec_acl_expected_user_obj
ACLE is not of type USER_OBJ.
- sec_acl_invalid_entry_name
Requested namespace entry is invalid. For example, purported component name contains an illegal character.
- sec_acl_invalid_entry_type
ACLE type is not valid.
- sec_acl_invalid_manager_type
Manager type is not valid.
- sec_acl_invalid_permission
Permissions for this ACL are invalid.
- sec_acl_invalid_site_name
Site (server instance) name is not valid.
- sec_acl_invalid_acl_type
ACL type is not valid.
- sec_acl_missing_required_entry
ACL is missing a required entry.
- sec_acl_name_resolution_failed
Name requested in the operation cannot be resolved.
- sec_acl_no_acl_found
Requested ACL was not present.
- sec_acl_no_owner
Requested operation requires owner permission.
- sec_acl_not_authorized
Requested operation is not allowed.
- sec_acl_not_implemented
Unwilling to perform requested operation (or, colloquially, requested operation has "not been implemented").
- sec_acl_no_update sites
No update site for this ACL operation.
- sec_acl_object_not_found
Requested protected object could not be found.
- sec_acl_read_only
ACL is read-only.
- sec_acl_rpc_error
Operation requested failed in RPC.
- sec_acl_site_read_only
ACL is read-only at this site.
- sec_acl_unable_to_authenticate
Requested operation requires authentication.
- sec_acl_unknown_manager_type
Manager type selected is not an available option.
- sec_invalid_acl_handle
ACL binding handle is invalid.
| Contents | Next section | Index |