PreviousNext

dce_acl_is_client_authorized(3sec)

Checks whether a client's credentials are authenticated

Synopsis

#include <dce/dce.h>
#include <dce/aclif.h>

void dce_acl_is_client_authorized(
handle_t handle,
uuid_t *mgr_type,
uuid_t *acl_uuid,
sec_acl_permset_t desired_perms,
boolean32 *authorized,
error_status_t *status);

Parameters

Input

handle
The client's binding handle.

mgr_type
A pointer to the UUID identifying the type of the ACL manager in question. There may be more than one type of ACL manager protecting the object whose ACL is bound to the input handle. Use this parameter to distinguish them.

acl_uuid
A pointer to the UUID of the ACL.

owner_id
Identifies the owner of the object that is protected by the specified ACL. If the sec_acl_e_type_user_obj ACLE (ACL entry) exists, then the owner_id (uuid_t pointer) can not be NULL. If it is, then the error sec_acl_expected_user_obj is returned.

group_id
Identifies the group in which the object that is protected by the specified ACL belongs. If the a sec_acl_e_type_group_obj ACLE exists, the group_id (uuid_t pointer) can not be NULL. If it is, the error sec_acl_expected_group_obj is returned.

desired_perms
A permission set containing the desired privileges. This is a 32-bit set of permission flags. The flags may represent the conventional file system permissions (read, write, and execute), the extended AFS permissions (owner, insert, and delete), or some other permissions supported by the specific application ACL manager. For example, a bit that is unused for file system permissions may mean withdrawals are allowed for a bank ACL manager, while it may mean matrix inversions are allowed for a CPU ACL manager. The mgr_type identifies the semantics of the bits.

Output

authorized
A pointer to the TRUE or FALSE return value of the routine.

status
A pointer to the completion status. On successful completion, the routine returns error_status_ok. Otherwise, it returns an error.

Description
The dce_acl_is_client_authorized( ) routine returns TRUE in the authorized parameter if and only if all of the desired permissions (represented as bits in desired_perms) are included in the actual permissions corresponding to the handle, the mgr_type, and the acl_uuid UUID. Otherwise, the returned value is FALSE.

Notes
The routine's return value is void. The returned boolean32 value is in the authorized parameter.

Errors

The following describes a partial list of errors that might be returned. Refer to the OSF DCE Problem Determination Guide for complete descriptions of all error messages.

acl_s_bad_manager_type
The mgr_type does not match the manager type in the ACL itself.

error_status_ok
The call was successful.