dce_acl_inq_permset_for

dce_acl_inq_permset_for_creds(3sec)

Determines a principal's complete extent of access to an object

Synopsis

#include <dce/dce.h>
#include <dce/aclif.h>

void dce_acl_inq_permset_for_creds(
sec_cred_pa_handle_t *creds,
sec_acl_t *ap,
uuid_t *owner_id,
uuid_t *group_id,
sec_acl_posix_semantics_t posix_semantics,
sec_acl_permset_t *perms,
error_status_t *status);

Parameters

Input

creds
The security credentials that represent the principal.

ap
The ACL that represents the object.

owner_id
Identifies the owner of the object that is protected by the specified ACL. If the sec_acl_e_type_user_obj ACLE (ACL entry) exists, then the owner_id (uuid_t pointer) can not be NULL. If it is, then the error sec_acl_expected_user_obj is returned.

group_id
Identifies the group in which the object that is protected by the specified ACL belongs. If the a sec_acl_e_type_group_obj ACLE exists, the group_id (uuid_t pointer) can not be NULL. If it is, the error sec_acl_expected_group_obj is returned.

posix_semantics
This parameter is currently unused in OSF's implementation.

Output

perms
A bit mask containing a 1 bit for each permission granted by the ACL and 0 bits elsewhere.

status
A pointer to the completion status. On successful completion, the routine returns error_status_ok.

Description
The dce_acl_inq_permset_for_creds( ) routine returns a principal's complete extent of access to some object. This routine is useful for implementing operations such as the conventional UNIX access function.

The values allowed for the credentials representing the principal include NULL or unauthenticated.

The routine normally returns TRUE, even when the access permissions are determined to be all 0 bits (dce_acl_c_no_permissions). It returns FALSE only on illogical error conditions (such as unsupported ACL Entry types), in which case the status output gets the error status code and the perms is set to dce_acl_c_no_permissions.

All ACL entry types (of type sec_acl_entry_type_t) are supported by this routine.

Notes
The meanings of the permission bits have no effect on the action of the dce_acl_inq_permset_for_creds( ) routine. The interpretation of the bits is left entirely to the application.

Errors

The following describes a partial list of errors that might be returned. Refer to the OSF DCE Problem Determination Guide for complete descriptions of all error messages.

error_status_ok
The call was successful.

Related Information
Functions:

dce_acl_inq_client_creds(3sec)

dce_acl_inq_client_permset(3sec)

dce_acl_register_object_type(3sec)