sec_acl_bind-Obtain ("bind") handle to a protected object identified by name.
#include <dce/daclif.h>
void sec_acl_bind(
unsigned char *name,
boolean32 bind_to_namespace_entry,
sec_acl_handle_t *prot_obj_handle,
error_status_t *status);
Input
- name
Full name (a CDS namespace entry name concatenated with a server-supported namespace name) of the protected object to which a security handle is desired.
- bind_to_namespace_entry
Boolean switch, for disambiguating the cases where name ambiguously refers to both a (leaf) entry in the DCE namespace (as for protected object managed by a DCE namespace server), and also an application-level (that is, non-DCE-namespace-)server-supported protected object (the root of a server-supported namespace). If non-0 ("true"), the DCE namespace entry is indicated; if 0 ("false"), the (non-DCE namespace) server's protected object is indicated.
Output
- prot_obj_handle
Handle to the specified protected object.
- status
Completion status. On successful completion, error_status_ok is returned. Otherwise, an error (!= error_status_ok) is returned.
Thesec_acl_bind() routine returns an opaque (to the client) handle, bound to (that is, referring to) the protected object indicated by name. This handle is used subsequently by other sec_acl routines to refer to the protected object (instead of referring to it by name).
If the specified name is a "junction point" between the DCE namespace and an application server's namespace of protected objects (that is, name is the application server's registered/exported RPC server entry in the DCE namespace), then name ambiguously identifies two protected objects: the (leaf) DCE namespace entry itself, and the protected object at the root of the server's namespace of protected objects (that is, the server's protected object with empty stringname). The bind_to_namespace_entry flag resolves such an ambiguity. Note that if name refers to a DCE namespace internal node (that is, to a DCE namespace directory, not a leaf node), then there is no ambiguity (the protected object to which a handle is returned is the DCE directory, managed by a DCE namespace server).Implementations of
sec_acl_bind() must be based on a namespace "resolution-with-residual" runtime support routine that resolves a full name to the junction point in the namespace, and returns to the client the unresolved, "residual", part of the name, supported by the application server. The client then queries the resolved name for the server's binding information, binds to the server, and presents to it the residual name for the server's internal resolution. Such a suitable CDS namespace runtime support routine is provided byrpc_ns_entry_inq_resolution() .
error_status_ok, sec_acl_object_not_found, sec_acl_no_acl_found.
Functions:sec_acl_bind_to_addr() ,sec_acl_release_handle() .Protocols:
rpc_ns_entry_inq_resolution() ,rpc_ns_binding_*() .
Contents | Next section | Index |