Data Types
The following data types are used in sec_rgy_attr calls:
sec_attr_twr_ref_t
A pointer to a tower. This data type is used with the sec_attr_twr_set_t data type to allow a client to pass an unallocated array of towers, which
the server must allocate. Both data types are used in conjunction with the sec_attr_bind_type_t data type.
sec_attr_twr_set_t
A structure that defines an array of towers. This data type is used with the sec_attr_twr_ref_t data type to allow a client to pass an unallocated
array of towers, which the server must allocate. Both data types are used in conjunction with the sec_attr_bind_type_t data type. The sec_attr_twr_set_t structure consists of the
following elements:
| count | An unsigned 32-bit integer specifying the number of towers in the array. |
| towers[ ] | An array of pointers (of type sec_attr_twr_ref_t) to towers. |
A 32-bit integer that specifies the type of binding used by an attribute interface. The data type (which is used in conjunction with the sec_attr_binding_t data type) uses the following constants:
sec_attr_bind_type_string
An RPC string binding.
sec_attr_bind_type_twrs
A DCE protocol tower representation of a bindings.
sec_attr_bind_type_svrname
A name in rpc_c_ns_syntax format that identifies a CDS entry containing the server's binding information. This constant has the following
structure:
| name_syntax | Must be rpc_c_ns_syntax_dce to specify that DCE naming rules are used to specify name. |
| name | A pointer to a name of a CDS entry in rpc_c_ns_syntax_dce syntax. |
A discriminated union that supplies information to generate a binding handle for a attribute trigger. This data type, which is used in conjunction with the sec_attr_bind_info_t data type, is composed of the following elements:
bind_type
A value of type sec_attr_bind_type_t that defines the type of binding used by an attribute interface. The contents of tagged union (below) depend on
the value of sec_attr_bind_type_t.
tagged_union
A tagged union specifying the binding handle. The contents of the tagged union depend on the value of bind_type as follows:
| If bind_type is... | Then tagged_union is... |
| sec_attr_bind_type_string | A pointer to an unsigned 32-bit character string specifying an attribute's RPC string binding. |
| sec_attr_bind_type_twrs | An attribute's tower binding representation of type sec_attr_twr_set_t. |
| sec_attr_bind_svrname | A pointer to a name of type sec_attr_bind_type_t that specifies a Cell Directory Service entry containing a attribute trigger's binding information. |
A pointer to a sec_attr_binding_t union.
sec_attr_bind_auth_info_type_t
An enumeration that defines whether or not the binding is authenticated. This data type is used in conjunction with the
sec_attr_bind_auth_info_t data type to set up the authorization method and parameters for an RPC binding. The sec_attr_bind_auth_info_type_t type consists of the following elements:
· sec_attr_bind_auth_none - The binding is not authenticated.
· sec_attr_bind_auth_dce - The binding uses DCE shared-secret key authentication.
sec_attr_bind_auth_info_t
A discriminated union that defines authorization and authentication parameters for a binding. This data type is used in conjunction with the
sec_attr_bind_auth_info_type_t data type to set up the authorization method and parameters for an RPC binding. The sec_attr_bind_auth_info_t data type consists of the following
elements:
info_type
A sec_attr_bind_auth_info_type_t data type that specifies whether or not the binding is authenticated. The contents of tagged union (below) depend
on the value of sec_attr_bind_auth_info_type_t.
tagged_union
A tagged union specifying the method of authorization and the authorization parameters. For unauthenticated bindings (sec_attr_bind_auth_info_type_t =
sec_attr_bind_auth_none), no parameters are supplied. For authenticated bindings (sec_attr_bind_auth_info_type_t = sec_attr_bind_auth_dce), the following union is supplied:
svr_princ_name
A pointer to a character string that specifies the principal name of the server referenced by the binding handle.
protect_level
An unsigned 32 bit integer indicating the protection level for RPC calls made using the server binding handle. The protection level determines the degree to
which authenticated communications between the client and the server are protected by the authentication service specified by authn_svc.
If the RPC runtime or the RPC protocol in the bound protocol sequence does not support a specified level, the level is automatically upgraded to the next higher supported level. The possible
protection levels are as follows:
rpc_c_protect_level_default - Uses the default protection level for the specified authentication service. The default
protection level for DCE shared-secret key authentication is rpc_c_protect_level_pkt_value
rpc_c_protect_level_none - Performs no authentication: tickets are not
exchanged, session keys are not established, client PACs or names are not certified, and transmissions are in the clear. Note that although uncertified PACs should not be trusted, they may be useful
for debugging, tracing, and measurement purposes.
rpc_c_protect_level_connect - Authenticates only when the client establishes a relationship with the server.
rpc_c_protect_level_call - Authenticates only at the beginning of each remote procedure call when the server receives the request.
This level does not apply to remote procedure calls made over a connection-based protocol sequence (that is, ncacn_ip_tcp). If this level is specified and the binding handle
uses a connection-based protocol sequence, the routine uses the rpc_c_protect_level_pkt level instead.
rpc_c_protect_level_pkt - Ensures that all data
received is from the expected client.
rpc_c_protect_level_pkt_integ - Ensures and verifies that none of the data transferred between client and server has been
modified. This is the highest protection level that is guaranteed to be present in the RPC runtime.
rpc_c_protect_level_pkt_privacy - Authenticates as specified
by all of the previous levels and also encrypts each RPC argument value. This is the highest protection level, but is not guaranteed to be present in the RPC runtime.
authn_svc
Specifies the authentication service to use. The exact level of protection provided by the authentication service is specified by protect_level. The
supported authentication services are as follows:
rpc_c_authn_none - No authentication: no tickets are exchanged, no session keys established, client PACs or
names are not transmitted, and transmissions are in the clear. Specify rpc_c_authn_none to turn authentication off for remote procedure calls made using this binding.
rpc_c_authn_dce_secret - DCE shared-secret key authentication.
rpc_c_authn_default - Default authentication service. The current default
authentication service is DCE shared-secret key; therefore, specifying rpc_c_authn_default is equivalent to specifying rpc_c_authn_dce_secret .
rpc_c_authn_dce_public - DCE public key authentication (reserved for future use).
authz_svc
Specifies the authorization service implemented by the server for the interface. The validity and trustworthiness of authorization data, like any application data, is
dependent on the authentication service and protection level specified. The supported authorization services are as follows:
rpc_c_authz_none - Server performs
no authorization. This is valid only if authn_svc is set to rpc_c_authn_none, specifying that no authentication is being performed.
rpc_c_authz_name - Server performs authorization based on the client principal name. This value cannot be used if authn_svc is rpc_c_authn_none.
rpc_c_authz_dce - Server performs authorization using the client's DCE Privilege Attribute Certificate (PAC) sent to the server with each remote procedure call
made with this binding. Generally, access is checked against DCE Access Control Lists (ACLs).
sec_attr_bind_info_t
A structure that specifies attribute trigger binding information. This data type, which is used in conjunction with the sec_attr_schema_entry_t
data type, contains of the following elements:
auth_info
The binding authorization information of type sec_attr_bind_auth_info_t.
num_bindings
An unsigned 32-bit integer specifying the number of binding handles in bindings.
bindings
An array of sec_attr_binding_t data types that specify binding handles.
sec_attr_bind_info_p_t
A pointer to a sec_attr_bind_info_t union.
sec_attr_encoding_t
An enumerator that contains attribute encoding tags used to define the legal encodings for attribute values. The data type, which is used in conjunction
with the sec_attr_value_t and sec_attr_schema_entry_t data types, consists of the following elements:
sec_attr_enc_any
The attribute value can be of any legal encoding type. This encoding tag is legal only in a schema entry. An attribute entry must contain a concrete encoding
type.
sec_attr_enc_void
The attribute has no value. It is simple a marker that is either present or absent.
sec_attr_enc_printstring
The attribute value is a printable IDL string in DCE Portable Character Set.
sec_attr_enc_printstring_array
The attribute value is an array of printstrings.
sec_attr_enc_integer
The attribute value is a signed 32-bit integer.
sec_attr_enc_bytes
The attribute value is a string of bytes. The string is assumed to be a pickle or some other self describing type. (See also the
sec_attr_enc_bytes_t data type.)
sec_attr_enc_confidential_bytes
The attribute value is a string of bytes that have been encrypted in the key of the principal object to which the attribute is attached. The
string is assumed to be a pickle or some other self describing type. This encoding type is useful only when attached to a principal object, where it is decrypted and encrypted each time the
principal's password changes. (See also the sec_attr_enc_bytes_t data type.)
sec_attr_enc_i18n_data
The attribute value is an "internationalized" string of bytes with a tag identifying the OSF registered codeset used to encode the data. (See also the
sec_attr_i18n_data_t data type.)
sec_attr_enc_uuid
The attribute is a value of type uuid_t, a DCE UUID.
sec_attr_enc_attr_set
The attribute value is an attribute set, a vector of attribute UUIDs used to associate multiple related attribute instances which are members of the set.
(See also the sec_attr_enc_attr_set_t data type.)
sec_attr_enc_binding
The attribute value is a sec_attr_bind_info_t data type that specifies DCE server binding information.
sec_attr_enc_trig_binding
This encoding type is returned by rs_attr_lookup call. It informs the client agent of the trigger binding information of an attribute with a
query trigger.
Unless sec_attr_enc_void or sec_attr_enc_any is specified, the attribute values must conform to the attribute's encoding type.
sec_attr_enc_bytes_t
A structure that defines the length of attribute encoding values for attributes encoded as sec_attr_enc_bytes and
sec_attr_enc_confidential_bytes. The structure, which is used in conjunction with the sec_attr_value_t data type, consists of:
| length | An unsigned 32-bit integer that defines the data length. |
| Data[ ] | An array of bytes specifying the length of attribute encoding data. |
A structure that defines the codeset used for attributes encoded as sec_attr_enc_il8n_data and the length of the attribute encoding values. The structure, which is used in conjunction with the sec_attr_value_t data type, consists of:
| codeset | An unsigned 32-bit identifier of a codeset registered with the Open Software Foundation. |
| Length | An unsigned 32-bit integer that defines the data length. |
| Data[ ] | An array of bytes specifying the length of attribute encoding data. |
A structure that that supplies the UUIDs of each member of an attribute set. The structure, which is used in conjunction with the sec_attr_value_t data type, consists of:
| num_members | An unsigned 32-bit integer specifying the total number of attribute's in the set. |
| Members[ ] | An array containing values of type uuid_t, the UUID of each member in the set. |
A structure that contains a printstring.
sec_attr_enc_printstring_p_t
A pointer to a sec_attr_enc_printstring_t structure.
sec_attr_enc_str_array_t
A structure that defines a printstring array. It consists of:
num_strings
An unsigned 32-bit integer specifying the number of strings in the array.
strings[ ]
An array of pointers (of type sec_attr_enc_print_string_p_t) to printstrings.
sec_attr_value_t
A discriminated union that defines attribute values. The union, which is used in conjunction with the sec_attr_t data type, consists of the following
elements:
attr_encoding
A sec_attr_encoding_t data type that defines attribute encoding. The contents of tagged union (below) depend on the value of
sec_attr_encoding_t.
tagged_union
A tagged union whose contents depend on attr_encoding as follows:
| If attr_encoding is... | Then tagged_union is... |
| sec_attr_enc_void | NULL |
| sec_attr_enc_printstring | A pointer to printstring |
| sec_attr_enc_printstring_array | A pointer to an array of printstrings |
| sec_attr_enc_integer | signed_int, a 32-bit signed integer |
| sec_attr_enc_bytes | bytes, a pointer to a structure of type sec_attr_enc_bytes_t |
| sec_attr_enc_confidential_bytes | bytes, a pointer to a structure of type sec_attr_enc_bytes_t |
| sec_attr_enc_i18n_data | idata, a pointer to a structure of type sec_attr_i18n_data_t |
| sec_attr_end_uuid | uuid, a value of type uuid_t |
| sec_attr_enc_attr_set | attr_set, a pointer to a structure of type sec_attr_enc_attr_set_t |
| sec_attr_enc_binding | binding, a pointer to a structure of type sec_attr_binding_info_t |
A structure that defines an attribute. The structure consists of:
attr_id
A value of type uuid_t, the UUID of the attribute.
attr_value
A value of type sec_attr_value_t.
sec_attr_acl_mgr_info_t
A structure that contains the access control information defined in a schema entry for an attribute. The structure, which is used in conjunction with
the sec_attr_schema_entry_t data type, consists of the following elements:
acl_mgr_type
The value of type uuid_t that specifies the UUID of the ACL manager type that supports the object type to which the attribute can be attached. This field
provides a well-defined context for evaluating the permission bits needed to operate on the attribute. The following table lists the ACL Manager types for registry objects.
| Registry Object Type | ACL Manager Type |
Valid Permissions |
| principal | 06ab9320-0191-11ca-a9e8-08001e039d7d | rcDnfmaug |
| group | 06ab9640-0191-11ca-a9e8-08001e039d7d | rctDnfmM |
| organization | 06ab9960-0191-11ca-a9e8-08001e039d7d | rctDnfmM |
| directory | 06ab9c80-0191-11ca-a9e8-08001e039d7d | rcidDn |
| policy | 06ab8f10-0191-11ca-a9e8-08001e039d7d | rcma |
| replist | 2ac24970-60c3-11cb-b261-08001e039d7d | cidmAI |
Data of type sec_acl_permset_t that defines the permission bits needed to access the attribute's value.
update_permset
Data of type sec_acl_permset_t that defines the permission bits needed to update the attribute's value.
test_permset
Data of type sec_acl_permset_t that defines the permission bits needed to test the attribute's value.
delete_permset
Data of type sec_acl_permset_t that defines the permission bits needed to delete an attribute instance.
sec_attr_acl_mgr_info_p_t
A pointer to a sec_attr_acl_mgr_info_t structure.
sec_attr_acl_mgr_info_set_t
A structure that defines an attribute's ACL manager set. The structure consists of the following elements:
num_acl_mgrs
An unsigned 32-bit integer that specifies the number of ACL managers in the ACL manager set.
mgr_info[ ]
An array of pointers of type sec_attr_mgr_info_p_t that define the ACL manager types in the ACL manager set and the permission sets associated with the
ACL manager type.
sec_attr_intercell_action_t
An enumerator that specifies the action that should be taken by the Privilege Service when it reads acceptable attributes from a foreign cell. A
foreign attribute is acceptable only if there is either a schema entry for the foreign cell or if sec_attr_intercell_act_accept is set to true.
This enumerator, which is used in conjunction with the sec_attr_schema_entry_t data type, is composed of the following elements:
sec_attr_intercell_act_accept
If the unique flag in the sec_attr_schema_entry_t data type is not set on, retain the attribute. If the unique flag is
set on, retain the attribute only if its value is unique among all attribute instances of the same attribute type within the cell.
sec_attr_intercell_act_reject
Discard the input attribute.
sec_attr_intercell_act_evaluate
Use the binding information in the trig_binding field of this sec_attr_schema_entry_t data type to make a
sec_attr_trig_query call to a trigger server. That server determines whether to retain the attribute value, discard the attribute value, or map the attribute to another value(s).
sec_attr_trig_type_t
Specifies the trigger type, a flag that determines whether an attribute trigger should be invoked for query operations. The data type, which is used in
conjunction with the sec_attr_schema_entry_t data type, uses the following constants:
sec_attr_trig_type_query
The attribute trigger server is invoked for query operations.
sec_attr_trig_type_query
The attribute trigger server is invoked for update operations.
sec_attr_schema_entry_t
A structure that defines a complete attribute entry for the schema catalog. The entry is identified by both a unique string name and a unique attribute
UUID. Although either can either can be used as a retrieval key, the string name should be used for interactive access to the attribute and the UUID for programmatic access. The attribute UUID is
used to identify the semantics defined for the attribute type in the schema.
The sec_attr_schema_entry_t data type consists of the following elements:
attr_name
A pointer to the attribute name.
attr_id
A value of type uuid_t that identifies the attribute type.
attr_encoding
An enumerator of type sec_attr_encoding_t that specifies the attribute's encoding.
acl_mgr_set
A structure of type sec_attr_acl_mgr_info_set_t that specifies the ACL manager types that support the objects on which attributes of this type can be
created and the permission bits supported by that ACL manager type.
schema_entry_flags
An unsigned integer of type sec_attr_sch_entry_flags_t that defines bitsets for the following flags:
unique
When set on, this flag indicates that each instance of this attribute type must have a unique value within the cell for the object type implied by the ACL Manager type. If this flag is
not set on, uniqueness checks are not performed for attribute writes.
multi_valued
When set on, this flag indicates that this attribute type may be
multivalued; in other words, multiple instances of the same attribute type can be attached to a single registry object. If this flag is not set on, only one instance of this attribute type can be
attached to an object.
reserved
When set on, this flag prevents the schema entry from being deleted through any interface or by any user. If this
flag is not set on, the entry can be deleted by any authorized principal.
use_defaults
When set on, the system-defined default attribute value will
be returned on a client query if an instance of this attribute does not exist on the queried object. If this flag is not set on, system defaults are not used.
intercell_action
An enumerator of type sec_attr_intercell_action_t that specifies how the Privilege Service will handle attributes from a foreign cell.
trig_types
A flag of type sec_attr_trig_type_t that specifies whether a trigger can perform update or query operations.
trig_binding
A pointer to a structure of type sec_attr_bind_info_t that supplies the attribute trigger binding handle.
scope
A pointer to a string that defines the objects to which the attribute can be attached.
comment
A pointer to a string that contains general comments about the attribute.
sec_attr_schema_entry_parts_t
A 32-bit bitset containing flags that specify the schema entry fields that can be modified on a schema entry update operation. This data type
contains the following flags:
sec_attr_schema_part_name
If set, indicates that the attribute name (attr_name) can be changed.
sec_attr_schema_part_reserved
If set, indicates that the setting of the flag that determines whether or not the schema entry can be deleted (reserved) can be changed.
sec_attr_schema_part_defaults
If set, indicates that the flag that determines whether or not a query for a non-existent attribute will not result in a search for a system
default (apply_default) can be changed.
sec_attr_schema_part_trig_bind
If set, indicates that the trigger's binding information (trig_binding) can be changed.
sec_attr_schema_part_comment
If set, indicates whether or not comments associated with the schema entry (comment) can be changed.
sec_attr_component_name_t
A pointer to a character string used to further specify the object to which the attribute is attached. (Note that this data type is analogous to the
sec_acl_component_name_t data type in the ACL interface.)
sec_attr_cursor_t
A structure that provides a pointer into a registry database and is used for multiple database operations.
This cursor must minimally represent the object indicated by xattrschema in the schema interfaces, or component_name in the attribute interfaces. The cursor may additionally represent an entry within that schema or an attribute instance on that component.
sec_attr_srch_cursor_t
A structure that provides a pointer into a registry database and is used for multiple database operations. The cursor must minimally represent the list
of all objects managed by this server that possess the search attributes specified in the sec_attr_srch_cursor_init routine. It may additionally represent a given object within this list as
well as attribute instance(s) possessed by that object.
sec_attr_trig_cursor_t
A structure that provides an attribute trigger cursor for interactive operations. The structure consists of the following elements:
source
A value of type uuid_t that provides a UUID to identify the server that initialized the cursor.
object_handle
A signed 32 bit integer that identifies the object (specified by xattrschema in the schema interface or component_name in the attribute
interface) upon which the operation is being performed.
entry_handle
A signed 32 bit integer that identifies the current entry (schema_entry in the schema interface or attribute instance in the attribute interface)
for the operation.
valid
A boolean field with the following values:
· true (1) - Indicates an initialized cursor.
· false (0) - Indicates an uninitialized cursor.
sec_attr_trig_timeval_sec_t
A 32-bit integer containing the seconds portion of a UNIX timeval_t, to be used when expressing absolute dates.