dce_acl_inq_permset_for_creds(3sec)
Determines a principal's complete extent of access to an object
Synopsis
#include <dce/dce.h> #include <dce/aclif.h> void dce_acl_inq_permset_for_creds( sec_cred_pa_handle_t
*creds, sec_acl_t *ap, uuid_t *owner_id, uuid_t *group_id,
sec_acl_posix_semantics_t posix_semantics, sec_acl_permset_t *perms, error_status_t *status);
Parameters
Input
creds The security credentials that represent the principal.
ap The ACL that represents the object.
owner_id Identifies the owner of the object that is protected by the specified ACL. If the sec_acl_e_type_user_obj ACLE (ACL entry) exists, then the owner_id
(uuid_t pointer) can not be NULL. If it is, then the error sec_acl_expected_user_obj is returned.
group_id Identifies the group in which the object that is protected by the specified ACL belongs. If the a sec_acl_e_type_group_obj ACLE exists, the group_id
(uuid_t pointer) can not be NULL. If it is, the error sec_acl_expected_group_obj is returned.
posix_semantics This parameter is currently unused in OSF's implementation.
Output
perms A bit mask containing a 1 bit for each permission granted by the ACL and 0 bits elsewhere.
status A pointer to the completion status. On successful completion, the routine returns error_status_ok.
Description The dce_acl_inq_permset_for_creds( ) routine returns a principal's complete extent of access to some object. This routine is useful for
implementing operations such as the conventional UNIX access function.
The values allowed for the credentials representing the principal include NULL or unauthenticated.
The routine normally returns TRUE, even when the access permissions are determined to be all 0 bits (dce_acl_c_no_permissions). It returns FALSE only on illogical error
conditions (such as unsupported ACL Entry types), in which case the status output gets the error status code and the perms is set to dce_acl_c_no_permissions.
All ACL entry types (of type sec_acl_entry_type_t) are supported by this routine.
Notes The meanings of the permission bits have no effect on the action of the dce_acl_inq_permset_for_creds( ) routine. The interpretation of the bits is left entirely
to the application.
Errors
The following describes a partial list of errors that might be returned. Refer to the OSF DCE Problem Determination Guide for complete descriptions of all error messages.
error_status_ok The call was successful.
Related Information Functions:
dce_acl_inq_client_creds(3sec)
dce_acl_inq_client_permset(3sec)
dce_acl_register_object_type(3sec)
|