Data Types
The following data types are used in Extended Privilege Attribute calls and in the sec_login_cred calls that implement extended privilege attributes.
sec_cred_cursor_t A structure that provides an input/output cursor used to iterate through a set of delegates in the sec_cred_get_delegate( ) or
sec_login_cred_get_delegate( ) calls. This cursor is initialized by the sec_cred_initialize_cursor( ) or sec_login_cred_init_cursor( ) call.
sec_cred_attr_cursor_t A structure that provides an input/output cursor used to iterate through a set of extended attributes in the sec_cred_get_extended_attributes( )
call. This cursor is initialized by the sec_cred_initialize_attr_cursor( ) call.
sec_id_opt_req_t A structure that specifies application-defined optional restrictions. The sec_id_opt_req_t data type is composed of the following elements:
restriction_len An unsigned 16-bit integer that defines the size of the restriction data.
restrictions A pointer to a byte_t that contains the restriction data.
sec_rstr_entry_type_t An enumerator that specifies the entry types for delegate and target restrictions. This data type is used in conjunction with the
sec_id_restriction_t data type where the specific UUID(s), if appropriate, are supplied. It consists of the following components:
sec_rstr_e_type_user The target is a local principal identified by UUID. This type conforms with the POSIX 1003.6 standard.
sec_rstr_e_type_group The target is a local group identified by UUID. This type conforms with the POSIX 1003.6 standard.
sec_rstr_e_type_foreign_user The target is a foreign principal identified by principal and cell UUID.
sec_rstr_e_type_foreign_group The target is a foreign group identified by group and cell UUID.
sec_rstr_e_type_foreign_other The target is any principal that can authenticate to the foreign cell identified by UUID.
sec_rstr_e_type_any_other The target is any principal that can authenticate to any cell, but is not identified in any other type entry.
sec_rstr_e_type_no_other No principal can act as a target or delegate.
sec_id_restriction_t A discriminated union that defines delegate and target restrictions. The union, which is used in conjunction with the sec_restriction_set_t data
type, consists of the following elements:
entry_type A sec_rstr_entry_type_t that defines the ACL entry types for delegate and target restrictions. The value of tagged_union depends on the value of
entry_type.
tagged_union A tagged union whose contents depend on entry_type as follows:
If entry_type is... |
Then tagged_union is... |
sec_rstr_e_type_any_other |
NULL |
sec_rstr_e_type_foreign_other |
foreign_id that identifies the foreign cell. |
Sec_rstr_e_type_user sec_rstr_e_type_group |
id, a sec_id_t that identifies the user or group. |
Sec_rstr_e_type_foreign_user sec_rstr_e_type_foreign_group |
foreign_id, a sec_id_foreign_t that identifies the foreign user or group. |
sec_id_restriction_set_t A structure that that supplies delegate and target restrictions. The structure consists of:
num_restrictions A 16-bit unsigned integer that defines the number of restrictions in restrictions.
restrictions A pointer to a sec_id_restriction_t that containes the restirctions.
sec_id_compatibility_mode_t A unsigned 16 bit integer that defines the compatibility between current and pre-1.1 servers. The data type uses the following constants:
sec_id_compat_mode_none Compatibility mode is off.
sec_id_compat_mode_initiator Compatibility mode is on. The 1.0 PAC data extracted from the EPAC of the chain initiator.
sec_id_compat_mode_caller Compatibility mode is on. The 1.0 PAC data extracted from the last delegate in the delegation chain.
sec_id_delegation_type_t An unsigned 16 bit integer that defines the delegation type. The data type uses the following constants:
sec_id_deleg_type_none Delegation is not allowed.
sec_id_deleg_type_traced Traced delegation is allowed.
sec_id_deleg_type_impersonation Simple (impersonation) delegation is allowed.
sec_id_pa_t An structure that contains pre-1.1 PAC data extracted from an EPAC of a current version server. This data type, which is used for compatibility with pre-1.1
servers, consists of the following elements:
realm A value of type sec_id_t that contains the UUID that identifies the cell in which the principal associated with the PAC exists.
principal A value of type sec_id_t that contains the UUID of the principal.
group A value of type sec_id_t that contains the UUID of the principal's primary group.
num_groups An unsigned 16-bit integer that specifies the number of groups in the principal's groupset.
groups An array of pointers to sec_id_ts that contain the UUIDs of the each group in the principal's groupset.
num_foreign_groupsets An unsigned 16-bit integer that specifies the number of foreign groups for the principal's groupset.
foreign_groupsets An array of pointers to sec_id_ts that contain the UUIDs of the each group in the principal's groupset.
sec_id_pac_t An structure that contains a pre-1.1 PAC. This data type, which is used as output of the sec_cred_get_v1_pac call, consists of the following elements:
pac_type A value of type sec_id_pac_format_t that can be used to describe the PAC format.
authenticated A boolean field that indicates whether or not the PAC is authenticated (obtained from an authenticated source). FALSE indicates that the PAC is not
authenticated. No authentication protocol was used in the rpc that transmitted the identity of the caller. TRUE indicates that the PAC is authenticated.
realm A value of type sec_id_t that contains the UUID that identifies the cell in which the principal associated with the PAC exists.
principal A value of type sec_id_t that contains the UUID of the principal.
group For local principals, a value of type sec_id_t that contains the UUID of the principal's primary group.
num_groups An unsigned 16-bit integer that specifies the number of groups in the principal's groupset.
groups An array of pointers to sec_id_ts that contain the UUIDs of the each group in the principal's groupset.
num_foreign_groups An unsigned 16-bit integer that specifies the number of foreign groups in the principal's groupset.
foreign_groups An array of pointers to sec_id_ts that contain the UUIDs of the each foreign group in the principal's groupset.
sec_id_pac_format_t An enumerator that can be used to describe the PAC format.
sec_id_t A structure that contains UUIDs for principals, groups, or organizations and an optional printstring name. Since a UUID is an handle for the object's identity, the
sec_id_t data type is the basic unit for identifying principals, groups, and organizations.
Because the printstring name is dynamically allocated, this datatype requires a destructor function. Generally, however, the sec_id_t is embedded in other data types (ACLs, for example),
and these data types have a destructor function to release the printstring storage.
The sec_id_t data type is composed of the following elements:
uuid A value of type uuid_t, the UUID of the principal, group, or organization.
name A pointer to a character string containing the name of the principal, group, or organization.
sec_id_foreign_t A structure that contains UUIDs for principals, groups, or organizations for objects in a foreign cell and the UUID that identifies the foreign cell. The
sec_id_foreign_t data type is composed of the following elements:
id A value of type sec_id_t that contains the UUIDs of the objects from the foreign cell.
realm A value of type sec_id_t that contains the UUID of the foreign cell.
sec_id_foreign_groupset_t A structure that contains UUIDs for set of groups in a foreign cell and the UUID that identifies the foreign cell. The
sec_id_foreign_groupset_t data type is composed of the following elements:
realm A value of type sec_id_t that contain the UUID of the foreign cell.
num_groups An unsigned 16-bit integer specifying the number of group UUIDs in groups.
groups A printer to a sec_id_t that contains the UUIDs of the groupset from the foreign cell.
|