Previous section.

DCE 1.1: Authentication and Security Services
Copyright © 1997 The Open Group


sec_acl_bind-Obtain ("bind") handle to a protected object identified by name.


#include <dce/daclif.h>

void sec_acl_bind(
    unsigned char *name,
    boolean32 bind_to_namespace_entry,
    sec_acl_handle_t *prot_obj_handle,
    error_status_t *status);




Full name (a CDS namespace entry name concatenated with a server-supported namespace name) of the protected object to which a security handle is desired.


Boolean switch, for disambiguating the cases where name ambiguously refers to both a (leaf) entry in the DCE namespace (as for protected object managed by a DCE namespace server), and also an application-level (that is, non-DCE-namespace-)server-supported protected object (the root of a server-supported namespace). If non-0 ("true"), the DCE namespace entry is indicated; if 0 ("false"), the (non-DCE namespace) server's protected object is indicated.



Handle to the specified protected object.


Completion status. On successful completion, error_status_ok is returned. Otherwise, an error (!= error_status_ok) is returned.


The sec_acl_bind() routine returns an opaque (to the client) handle, bound to (that is, referring to) the protected object indicated by name. This handle is used subsequently by other sec_acl routines to refer to the protected object (instead of referring to it by name).


If the specified name is a "junction point" between the DCE namespace and an application server's namespace of protected objects (that is, name is the application server's registered/exported RPC server entry in the DCE namespace), then name ambiguously identifies two protected objects: the (leaf) DCE namespace entry itself, and the protected object at the root of the server's namespace of protected objects (that is, the server's protected object with empty stringname). The bind_to_namespace_entry flag resolves such an ambiguity. Note that if name refers to a DCE namespace internal node (that is, to a DCE namespace directory, not a leaf node), then there is no ambiguity (the protected object to which a handle is returned is the DCE directory, managed by a DCE namespace server).

Implementations of sec_acl_bind() must be based on a namespace "resolution-with-residual" runtime support routine that resolves a full name to the junction point in the namespace, and returns to the client the unresolved, "residual", part of the name, supported by the application server. The client then queries the resolved name for the server's binding information, binds to the server, and presents to it the residual name for the server's internal resolution. Such a suitable CDS namespace runtime support routine is provided by rpc_ns_entry_inq_resolution().


error_status_ok, sec_acl_object_not_found, sec_acl_no_acl_found.


Functions: sec_acl_bind_to_addr(), sec_acl_release_handle().

Protocols: rpc_ns_entry_inq_resolution(), rpc_ns_binding_*().

Please note that the html version of this specification may contain formatting aberrations. The definitive version is available as an electronic publication on CD-ROM from The Open Group.

Contents Next section Index