1. Introduction to DCE Facilities
2.2 Issues of Distributed Applications
2.3 Managing a Host's Endpoint Map
2.4.1 Host Service Naming in Applications
2.4.2 The dced Programs Maintains Entry Lists
2.4.3 Reading All of a Host Service's Data
2.4.4 Managing Individual dced Entries
2.5 Managing Hostdata on a Remote Host
2.5.1 Kinds of Hostdata Stored
2.5.4 Running Programs Automatically When Hostdata Changes
2.6 Controlling Servers Remotely
2.6.1 Two States of Server Management: Configuration and Execution
2.6.3 Starting and Stopping Servers
2.6.4 Enabling and Disabling Services of a Server
2.7 Validating the Security Server
2.8 Managing Server Key Tables
3.2 DCE Messaging Interface Usage
3.2.1 A Simple DCE Messaging Example
3.2.2 The DCE Message Interface and sams Input and Output Files
3.3.2 Message Retrieval Routines
4. Using the DCE Serviceability Application Interface
4.1 How Programs Use Serviceability
4.2 Simple Serviceability Interface Tutorial
4.2.2 Processing the sams File
4.2.3 Coding the Serviceability Calls
4.2.4 Building and Running the Program
4.2.5 Fields of a Serviceability Message
4.3 Serviceability Input and Output Files
4.4 Integrating Serviceability into a Server
4.4.2 Components and Subcomponents
4.4.3 Identifying Event Points
4.5 Application Use of Serviceability
4.5.2 Extended Format Notation for Message Text
4.5.3 Specifying Message Severity
4.5.5 Table of Message Processing Specifiers
4.5.7 Message Action Attributes
4.5.8 Suppressing the Serviceability Message Prolog
4.5.9 Serviceability Use of the __FILE__ Macro
4.5.10 Forcing Use of the In-Memory Message Table
4.5.11 Dynamically Filtering Messages Before Output
4.5.12 Using Serviceability for Debug Messages
4.5.13 Performance Costs of Serviceability Debugging
4.5.14 Using the Remote Serviceability Interface
5.5.1 Encoding and Decoding in the Backing Store
5.5.2 Conformant Arrays Not Allowed
5.6 The Backing Store Routines
5.6.3 Storing or Retrieving Data
5.6.5 Making or Retrieving Headers
5.6.7 Deleting Items from a Backing Store
5.6.8 Locking and Unlocking a Backing Store
5.7 Example of Backing Store Use
6.1 Advantages of Using Threads
6.2 Software Models for Multithreaded Programming
6.3 Potential Disadvantages of Multithreaded Programming
7. Thread Concepts and Operations
7.1.3 Waiting for a Thread to Terminate
7.3.1 Creating an Attributes Object
7.3.2 Deleting an Attributes Object
7.3.5 Condition Variable Attributes
7.4.3 Other Synchronization Methods
7.5 One-Time Initialization Routines
8.1.3 Calling fork( ) in a Multithreaded Environment
8.2.2 DCE Threads Signal Handling
8.2.3 Alternatives to Using Signals
8.3.1 Working with Nonthreaded Software
8.3.2 Making Nonthreaded Code Thread-Reentrant
8.4 Avoiding Nonreentrant Software
8.5 Avoiding Priority Inversion
8.6 Using Synchronization Objects
8.7 Signaling a Condition Variable
9. Using the DCE Threads Exception-Returning Interface
9.2 Invoking the Exception-Returning Interface
9.3.1. Declaring and Initializing an Exception Object
9.3.3 Defining a Region of Code over Which Exceptions Are Caught
9.3.4 Catching a Particular Exception or All Exceptions
9.3.5 Defining Epilogue Actions for a Block
9.3.6 Importing a System-Defined Error Status into the Program as an Exception
9.4 Rules and Conventions for Modular Use of Exceptions
9.5 DCE Threads Exceptions and Definitions
10.1 Details of Program Logic and Implementation
11.1 The Remote Procedure Call Model
11.1.4 RPC Application Components That Work Together
11.1.5 Overview of DCE RPC Development Tasks
11.2 Writing an Interface Definition
11.2.1 RPC Interfaces That Represent Services
11.2.2 Generating an Interface UUID
11.2.4 Specifying Interface Attributes
11.5.1 The greet_server.c Source Code
11.5.2 The greet_manager.c Source Code
11.6 Building the greet Programs
11.7 Running the greet Programs
12.1 Universal Unique Identifiers
12.3.1 Server Binding Information
12.3.2 Defining a Compatible Server
12.3.3 How Clients Obtain Server Binding Information
12.3.4 Client Binding Information for Servers
13.1 Overview of the RPC Routines
13.1.1 Basic Operations of RPC Communications
13.1.2 Basic Operations of the NSI
13.1.3 Basic Operations of Authenticated RPCs
13.2 Server Initialization Using the RPC Routines
13.2.1 Assigning Types to Objects
13.2.3 Selecting RPC Protocol Sequences
13.2.4 Obtaining a List of Server Binding Handles
13.2.6 Making Binding Information Accessible to Clients
13.3.2 Using String Bindings to Obtain Binding Information
14. RPC and Other DCE Components
14.1 Threads of Execution in RPC Applications
14.1.1 Remote Procedure Call Threads
14.1.3 Multithreaded RPC Applications
14.2 Security and RPC: Using Authenticated Remote Procedure Calls
14.2.3 Authenticated RPC Routines
14.2.4 Using RPC Within a Single Thread
14.3 Directory Services and RPC: Using the Namespace
14.3.1 NSI Directory Service Entries
14.3.2 Searching the Namespace for Binding Information
14.3.3 Strategies for Using Directory Service Entries
14.3.4 The Service Model for Defining Servers
14.3.5 The Resource Model for Defining Servers
15. Developing Applications that Use Distributed Objects
15.1 IDL and the Class Hierarchy of a DCE Application
15.1.1 Specifying a C++ Class via an IDL Interface
15.1.2 IDL-Generated Classes as Part of Your Hierarchy
15.2 Servers that Manage Distributed Objects
15.2.1 Initializing Object-Oriented Servers
15.2.2 Implementing Distributed-Dynamic Objects
15.2.3 Implementing Static Member Functions
15.2.4 When Function Parameters Are Remote Objects
15.3 Clients That Use Distributed Objects
15.3.1 Creating Remote-Dynamic Objects
15.3.2 Creating Client-Local Objects
15.3.3 Location Transparency of Local and Remote Objects
15.3.4 Finding Known Remote Objects
15.4 Multiple Interfaces and Interface Inheritance
15.4.1 Implementing Multiple Managers
15.4.2 Using Objects that Support Multiple Interfaces
15.5 Passing C++ Objects as DCE RPC Parameters
15.6 Integrating C and C++ Clients and Servers
15.6.1 Writing a C++ Client for C Servers
15.6.2 Writing a C Client for C++ Servers
16. Writing Internationalized RPC Applications
16.1 Character Sets, Code Sets, and Code Set Conversion
16.2 Remote Procedure Call with Character/Code Set Interoperability
16.3 Building An Application for Character and Code Set Interoperability
16.3.1 Writing the Interface Definition File
16.3.2 Writing the Attribute Configuration File
16.3.3 Writing the Stub Support Routines
16.3.4 Writing the Server Code
16.3.5 Writing the Client Code
16.3.6 Writing the Evaluation Routine
17. Topics in RPC Application Development
17.1.1 Using the Memory Management Defaults
17.1.2 Using rpc_ss_allocate and rpc_ss_free
17.1.3 Using Your Own Allocation and Free Routines
17.1.4 Using Thread Handles in Memory Management
17.2 Guidelines for Error Handling
17.2.2 The fault_status Attribute
17.2.3 The comm_status Attribute
17.2.4 Determining Which Method to Use for Handling Exceptions
17.2.5 Examples of Error Handling
17.3.1 Context Handles in the Interface
17.3.2 Context Handles in a Server Manager
17.3.4 Binding and Security Information
17.5 Nested Calls and Callbacks
17.6 Routing Remote Procedure Calls
17.6.2 Buffering Call Requests
17.7 Creating Portable Data via the IDL Encoding Services
17.7.3 IDL Encoding Services Handles
17.7.5 Performing Multiple Operations on a Single Handle
17.7.6 Determining the Identity of an Encoding
18. Interface Definition Language
18.1 The Interface Definition Language File
18.2 Syntax Notation Conventions
18.5 Interface Definition Structure
18.5.1 Interface Definition Header
18.5.2 Interface Definition Body
18.6 Overview of IDL Attributes
18.7 Interface Definition Header Attributes
18.7.4 The exceptions Attribute
18.7.5 The pointer_default Attribute
18.7.7 Rules for Using Interface Definition Header Attributes
18.7.8 Examples of Interface Definition Header Attributes
18.10.3 Constructed Type Specifiers
18.10.4 Predefined Type Specifiers
18.11.2 Operation Attributes: Execution Semantics
18.11.3 Operation Attributes: Memory Management
18.13.8 The error_status_t Type
18.13.9 International Characters
18.15.1 The idl-generated Class Hierarchy
18.15.2 The Interface Inheritance Operator
18.15.3 The static Keyword for Operations
18.15.4 The C++ Reference Operator (&) on Parameters
18.15.5 Functions Generated by IDL
18.16 Associating a Data Type with a Transmitted Type
19. Attribute Configuration Language
19.1 Syntax Notation Conventions
19.2 Attribute Configuration File
19.3.3 The include Statement and the C++ cstub and sstub
19.3.4 The auto_handle Attribute
19.3.5 The explicit_handle Attribute
19.3.6 The implicit_handle Attribute
19.3.7 The client_memory Attribute
19.3.8 The comm_status and fault_status Attributes
19.3.9 The code and nocode Attributes
19.3.10 The represent_as Attribute
19.3.11 The enable_allocate Attribute
19.3.13 The extern_exceptions Attribute
19.3.14 The encode and decode Attributes
19.3.16 The cs_stag, cs_drtag, and cs_rtag Attributes
19.3.17 The cs_tag_rtn Attribute
19.3.18 The binding_callout Attribute
19.3.19 The C++ Attributes cxx_new, cxx_static, cxx_lookup, and cxx_delegate
19.5 Attribute Configuration Language
20.1.1 Absolute Time Representation
20.1.2 Relative Time Representation
20.2.4 The reltimespec Structure
20.4 DTS API Routine Functions
21.1.1 ContactProvider Procedure
21.1.2 ServerRequestProviderTime Procedure
21.2 Time-Provider Process IDL File
21.3 Initializing the Time-Provider Process
21.5 DTS Synchronization Algorithm
21.6 Running the Time-Provider Process
21.7 Sources of Additional Information
22. DTS API Routines Programming Example
23.1 Purpose and Organization of the Security Topics
23.4 UNIX System Security and DCE Security
23.5 What Authentication and Authorization Mean
23.6 Authentication, Authorization, and Data Protection in Brief
23.7 Summary of DCE Security Services and Facilities
23.7.1 Interfaces to the Security Server
23.7.2 Interfaces to the Login Facility
23.7.3 Interfaces to the Extended Registry Attribute Facility
23.7.4 Interfaces to the Extended Privilege Attribute Facility
23.7.5 Interfaces to the Key Management Facility
23.7.6 Interfaces to the ID Map Facility
23.7.7 Interfaces to the Access Control List Facility
23.7.8 DCE Implementations of UNIX System Program Interfaces
23.7.9 Interfaces to the Password Management Facility
23.8 Relationships Between the DCE Security Service and DCE Applications
23.9 DTS, the Cell Namespace, and Security
23.9.2 The Cell Namespace and the Security Namespace
24.1.2 The Shared-Secret Authentication Protocol
24.1.5 Data Encryption Mechanisms
24.2. A Walkthrough of Shared-Secret Authentication Protocols
24.2.2 Authenticating an Application
24.3.2 Intercell Authentication by Trust Peers
25.1.1 Object Types and ACL Types
25.1.6 Examples of ACL Checking
26.1 Using Default Credentials
26.1.1 Initiating a Security Context
26.1.2 Accepting a Security Context
26.2 Creating New Credential Handles
26.2.1 Initiating a Security Context with New Credential Handles
26.2.2 Accepting a Security Context Using New Credential Handles
26.3.1 Initiating a Security Context to Delegate Credentials
26.3.2 Accepting a Security Context with Delegated Credentials
27. The Extended Privilege Attribute API
27.1 Identities of Principals in Delegation
27.1.1 ACL Entry Types for Delegation
27.1.2 ACL Checking for Delegation
27.2 Calls to Establish Delegation Chains
27.2.2 Target and Delegate Restrictions
27.2.3 Optional and Required Restrictions
27.2.4 Compatibility Between Version 1.1 and Pre-Version 1.1 Servers and Clients
27.3 Calls to Extract Privilege Attribute Information
27.5 Setting Extended Attributes
28.1 Binding to a Registry Site
28.2.1 Creating and Maintaining PGO Items
28.2.2 Creating and Maintaining Accounts
28.2.3 Registry Properties and Policies
28.2.4 Routines to Return UNIX Structures
28.2.5 Miscellaneous Registry Routines
29. The Extended Attribute API
29.1.2 Attribute Types and Instances
29.1.3 Attribute Type Components
29.2 Calls to Manipulate Schema Entries
29.2.1 The sec_attr_schema_entry_t Data Type
29.2.2 Creating and Managing Schema Entries
29.2.4 Reading the ACL Manager Types
29.3 Calls to Manipulate Attribute Instances
29.3.1 The sec_attr_t Data Type
29.3.2 Creating and Managing Attribute Instances
29.3.3 Reading Attribute Instances
29.4 The Attribute Trigger Facility
29.4.1 Defining an Attribute Trigger/Attribute Association
29.4.3 Access Control on Attributes with Triggers
29.5 Calls that Access Attribute Triggers
29.5.1 Using sec_attr_trig_cursor_t with sec_attr_trig_query( )
29.5.2 The sec_rgy_attr_trig_query( ) and sec_rgy_attr_trig_update( ) Calls
29.5.3 The priv_attr_triq_query( ) Call
29.7 Macros to Aid Extended Attribute Programming
29.7.1 Macros to Access Binding Fields
29.7.2 Macros to Access Schema Entry Fields
29.7.3 Macros to Access Attribute Instance Fields
29.7.4 Binding Data Structure Size Calculation Macros
29.7.5 Schema Entry Data Structure Size Calculation Macros
29.7.6 Attribute Instance Data Structure Size Calculation Macros
29.7.7 Binding Semantic Check Macros
29.7.8 Schema Entry Semantic Check Macros
29.7.9 Attribute Instance Semantic Check Macros
29.7.10 Schema Entry Flag Set and Unset Macros
29.7.11 Schema Trigger Entry Flag Check Macros
29.8 Utilities to Use with Extended Attribute Calls
30.1 Establishing Login Contexts
30.1.1 Validating the Login Context and Certifying the Security Server
30.1.2 Validating the Login Context Without Certifying the Security Server
30.1.3 Example of a System Login Program
30.3 Handling Expired Certificates of Identity
30.4 Importing and Exporting Contexts
30.6 Miscellaneous Login API Functions
30.6.1 Getting the Current Context
30.6.2 Getting Information from a Login Context
30.6.3 Getting Password and Group Information for Local Process Identities
30.6.4 Releasing and Purging a Context
31.5 Deleting a Compromised Key
32. The Access Control List APIs
32.1.2 ACL Editors and Browsers
32.2 Guidelines for Constructing ACL Managers
32.3 Extended Naming of Protected Objects
32.3.1 The ACL Network Interface
34.1 Features of the DCE Audit Service
34.2 Components of the DCE Audit Service
34.3 DCE Audit Service Concepts
34.4 Administration and Programming in DCE Audit
35. Using the Audit API Functions
35.1 Adding Audit Capability to Distributed Applications
35.1.1 Opening the Audit Trail
35.1.2 Initializing the Audit Records
35.1.3 Adding Event-Specific Information
35.1.4 Committing an Audit Record
35.1.5 Closing an Audit Trail File
35.2 Writing Audit Trail Analysis and Examination Tools
35.2.1 Opening an Audit Trail File for Reading
35.2.2 Reading the Desired Audit Records into a Buffer
35.2.3 Transforming the Audit Record into Readable Text
35.2.4 Discarding the Audit Record
35.2.5 Closing the Audit Trail File
36. The Password Management API
36.2 The Password Management Network Interface
37. The DCE Certification Service
37.1 Who Needs to Use the Certification API?
37.2 Overview of DCE Certification
37.2.2 Contents of Certificates
37.2.3 Component Parts of the DCE Certification API
37.2.4 High Level Certification API
37.3 Implementing and Registering a Cryptographic Module
37.3.1 Contents of a Cryptographic Module
37.3.2 Accessing a Registered Cryptographic Module
37.3.3 Signature Algorithms Provided by DCE Certification
37.3.4 Registering a Cryptographic Module
37.4 Implementing and Registering a Policy Module
37.5 The Low Level Certificate Manipulation API
37.5.1 Polcy Module Implementation
37.5.2 Accessing a Registered Policy Module
37.5.3 Registering a Policy Module