<dce/aclbase.h>-Header for sec_acl API.
Data Types and ConstantsThe following data types (listed in alphabetical order) are used in the sec_acl API.
- unsigned char *sec_acl_component_name_t
Server-supported namespace component.
- struct sec_acl_entry_t
This data type represents an ACLE. It contains the following fields:
- sec_acl_permset_t perms
The permissions granted to the principals identified by this ACL entry.
- struct entry_info
Identifies the principals to which this ACLE "applies" (that is, which "match" this ACLE for the purposes of an access decision). It contains the following fields:
- sec_acl_entry_type_t entry_type
The type of this ACLE.
- union tagged_union
Information further identifying (or "tagging") this ACLE. It contains the following fields:
- sec_id_t id
Local principal, local group or foreign cell to which this ACLE applies. This union arm is selected if entry_type is sec_acl_e_type_user, sec_acl_e_type_group, sec_acl_e_type_foreign_other sec_acl_e_type_user_deleg, sec_acl_e_type_group_deleg, or sec_acl_e_type_for_other_deleg.
- sec_id_foreign_t foreign_id
Foreign principal or foreign group to which this ACLE applies. This union arm is selected if entry_type is sec_acl_e_type_foreign_user, sec_acl_e_type_foreign_group, sec_acl_e_type_for_user_deleg, or sec_acl_e_type_for_group_deleg.
- sec_acl_extend_info_t *extended_info
Contents of an extended ACLE. This union arm is selected if entry_type is sec_acl_e_type_extended.
The tagged_union field contains no valid information for any other value of entry_type.
- enum sec_acl_entry_type_t
The ACLE type of an ACLE. It can take the following values (see
ACL Entries and their Typesfor discussion):
- struct sec_acl_extend_info_t
Extended ACL information (see
Extended ACLE Informationfor discussion). It contains the following fields:
- uuid_t extension_type
The type of extension this is, indicating to ACL managers whether or not they can interpret it. (ACL managers must reject any extended ACLEs they cannot interpret.)
- ndr_format_t format_label
NDR format label.
- unsigned32 num_bytes
Number of bytes in pickled_data array.
- unsigned char pickled_data
The actual extended ACL information itself.
An opaque (to the client) data type representing a handle to a protected object. The handle is bound to the protected object with
sec_acl_bind()or sec_acl_bind_to_addr(). The distinguished value sec_acl_default_handle signifies an unbound handle.
This data type is equivalent to the sec_id_t data type (that is, they may be used interchangeably).
- unsigned32 sec_acl_permset_t
Permission bits. The following values are currently defined (see
ACL Managers, Permissions, Access Determination Algorithmsfor discussion):
Read. (Conventional value: 0x00000001.)
Write. (Conventional value: 0x00000002.)
Execute. (Conventional value: 0x00000004.)
Control (or Change, or Write-ACL). (Conventional value: 0x00000008.)
Insert. (Conventional value: 0x00000010.)
Delete. (Conventional value: 0x00000020.)
Test. (Conventional value: 0x00000040.)
- sec_acl_perm_unused_00000080 to sec_acl_perm_unused_80000000
Application-defined. There are 25 of these bits, the last 8 characters of whose names correspond to the bit-value identifiers 0x00000080-0x80000000 (and which by convention have these same bit-values).
- struct sec_acl_t
This data type represents an ACL. It contains the following fields:
- sec_acl_id_t default_realm
The default cell (or realm) for this ACL.
- uuid_t sec_acl_manager_type
The ACL manager that can interpret this ACL.
- unsigned32 num_entries
Number of ACLEs in this ACL.
- sec_acl_entry_t *sec_acl_entries
An array containing num_entries pointers to the ACLEs of this ACL.
- struct sec_acl_list_t
A list of ACLs. It contains the following fields:
- unsigned32 num_acls
The number of ACLs contained in this list.
- sec_acl_p_t sec_acls
Pointers to the actual ACLs in this list.
- sec_acl_t *sec_acl_p_t
Pointer to a sec_acl_t.
- struct sec_id_foreign_t
Identities of "foreign" entities (see
Local and Foreign Authorisation Identities). It contains the following fields:
- sec_id_t id
Identifier of the entity within its cell.
- sec_id_t realm
Identifier of the entity's cell (or "realm" in security-specific terminology).
- struct sec_id_t
Identities of cells and "local" entities, suitable for DCE authorisation architecture (see
Authorisation Identities). (Compare sec_id_foreign_t.) It contains the following fields:
- uuid_t uuid
Definitive identifier of the entity.
- unsigned char *name
Advisory ("optional") identifier of the entity.
- struct sec_acl_printstring_t
Information about permission bits, and about ACL managers as a whole (see
Printstrings and Helpstringsand rdacl_get_printstring()for discussion). It contains the following fields:
- unsigned char *printstring
Printstring (a character string of maximum length signed32 sec_acl_printstring_len).
- unsigned char *helpstring
Helpstring (a character string of maximum length signed32 sec_acl_printstring_help_len).
- sec_acl_permset_t permissions
Bit representation of permission(s).
- enum sec_acl_type_t
The ACL's type (see
Object Types, ACL Types, and ACL Inheritancefor discussion). The following values are currently defined:
Default object creation ACL.
Default container creation ACL.
- sec_acl_type_unspecified_3, ···, sec_acl_type_unspecified_7
Application defined. (There are 5 of these identifiers; each is 26 characters long. Their first 25 characters are "sec_acl_type_unspecified_", and their last characters are, respectively: "3", "4", "5", "6", "7".)
The following status codes (listed in alphabetical order) are used in the sec_acl API.
ACL has invalid semantics (not "syntax").
The ACLE tag (key) is not valid.
Parameter passed is invalid.
Unable to get binding to protected object.
Requested operation requires more memory than is available.
ACL has duplicate entries.
ACLE is not of type GROUP_OBJ.
ACLE is not of type USER_OBJ.
Requested namespace entry is invalid. For example, purported component name contains an illegal character.
ACLE type is not valid.
Manager type is not valid.
Permissions for this ACL are invalid.
Site (server instance) name is not valid.
ACL type is not valid.
ACL is missing a required entry.
Name requested in the operation cannot be resolved.
Requested ACL was not present.
Requested operation requires owner permission.
Requested operation is not allowed.
Unwilling to perform requested operation (or, colloquially, requested operation has "not been implemented").
- sec_acl_no_update sites
No update site for this ACL operation.
Requested protected object could not be found.
ACL is read-only.
Operation requested failed in RPC.
ACL is read-only at this site.
Requested operation requires authentication.
Manager type selected is not an available option.
ACL binding handle is invalid.