Registry PGO Interface (rs

Registry PGO Interface (rs_pgo) Operations

The rs_pgo_add( ) operation adds a PGO item to the registry database. This operation requires the caller to have the i (insert) permission on the parent directory in which the PGO item is to be created.

Event Type (Event Number, Event Classes)
PGO_Add (0x114, dce_sec_control, dce_sec_modify)

Event-Specific Information
sec_rgy_domain_t name_domain
char *pgo_name

The rs_pgo_delete( ) operation deletes a PGO item from registry database. Any account depending on the deleted PGO item is also deleted. The deletion operation requires the caller to have the d (delete) permission on the parent directory that contains the PGO item to be deleted and the D (Delete_object) permission on the PGO item itself.

Event Type (Event Number, Event Classes)
PGO_Delete (0x115, dce_sec_control, dce_sec_modify)

Event-Specific Information
sec_rgy_domain_t name_domain
char *pgo_name

The rs_pgo_replace( ) operation replaces the data associated with a PGO item in the registry database. The caller needs to have the m (mgmt_info) permission on the PGO item, if quota, flags, or unix_num is being set. (Only a cell principals unix_num is modifiable.) The caller needs to have the f (fullname) permission to modify the fullname of the PGO item.

Event Type (Event Number, Event Classes)
PGO_Replace (0x116, dce_sec_control, dce_sec_modify)

Event-Specific Information
sec_rgy_domain_t name_domain
char *pgo_name

The rs_pgo_rename( ) operation renames a PGO item in the registry database. The caller needs to have the n (name) permission on the old name of the PGO item, if performing a rename within a directory. In order to move a PGO item between directories, the caller needs to have the n (name) permission on the old name of the PGO item as well as the d (delete) permission on the old parent directory and the i (insert) permission on the new parent directory in which the PGO item is being added under the new name.

Event Type (Event Classes)
PGO_Rename (0x117, dce_sec_control, dce_sec_modify)

Event-Specific Information
sec_rgy_domain_t name_domain
char *old_name
char *new_name

The rs_pgo_get( ) operation returns the name and data for a PGO item. The item is identified by a query key, which can be a name, a uuid, a unix_num, or a sequential-search flag. The caller needs to have the r (read) permission on the PGO item to be viewed.

Event Type (Event Number, Event Classes)
PGO_Get (0x118, dce_sec_control, dce_sec_query)

Event-Specific Information
sec_rgy_domain_t name_domain
rs_pgo_query_key_t key /* The query key and one of the following */ /*
depending on the query key specified: */
case (key == rs_pgo_query_name)
char *name /* Name of the item being searched */
case (key == rs_pgo_query_id)
uuid_t id_key /* uuid of the item being searched */
case (key == rs_pgo_query_unix_num)
unsigned32 unix_num /* unix_num of item being searched */
case (key == rs_pgo_query_next)
char *scope /* Scope of item being searched */

The rs_pgo_key_transfer( ) operation performs a specified key transfer between the uuid, unix_num, and name of a PGO item. The caller must have some permission on the PGO item for id->name and unix_num->name transfers.

Event Type (Event Number, Event Classes)
PGO_KeyTransfer (0x119, dce_sec_control)

Event-Specific Information
sec_rgy_domain_t name_domain
rs_pgo_query_key_t key /* The query key */
/* One of the following, depending on the query
/* key specified: */
case (key == rs_pgo_query_name)
char *name /* Name of the item being searched */
case (key == rs_pgo_query_id)
uuid_t id_key /* uuid of the item being searched */
case (key == rs_pgo_query_unix_num)
unsigned32 unix_num /* unix_num of item being searched */
unsigned32 requested_result_type

The rs_pgo_add_member( ) operation adds a member to a group or an organization. The caller must have the M (Member_list) permission on the group or organization. Additionally, to add a group member, the caller must have the g (groups) permission on the principal to be added.

Event Type (Event Number, Event Classes)
PGO_AddMember (0x11A, dce_sec_control, dce_sec_modify)

Event-Specific Information
sec_rgy_domain_t name_domain
char *person_name /* Principals name */
char *go_name /* Group or organizations name */

The rs_pgo_delete_member( ) operation deletes a principal from a group or an organization in the registry database. The caller must have the M (Member_list) permission on the group or organization. Note that the caller does not need to have the g (groups) permission to delete the principal from a group.

Event Type (Event Number, Event Classes)
PGO_DeleteMember (0x11B, dce_sec_control, dce_sec_modify)

Event-Specific Information
sec_rgy_domain_t name_domain
char *person_name /* Principals name */
char *go_name /* Group or organizations name */

The rs_pgo_is_member( ) operation tests whether a specified principal is a member of a specified group or organization. The caller must have t (test) permission on the group or organization.

Event Type (Event Number, Event Classes)
PGO_IsMember (0x11C, dce_sec_control, dce_sec_query)

Event-Specific Information
sec_rgy_domain_t name_domain
char *person_name /* Principals name */
char *go_name /* Group or organizations name */

The rs_pgo_get_members( ) operation, if the specified domain is group or organization, lists the members of a specified group or organization. If the domain is principal, lists the groups in which the principal is a member. The caller must have the r (read) permission on the principal, group, or organization.

Event Type (Event Number, Event Classes)
PGO_GetMembers (0x11D, dce_sec_control, dce_sec_query)

Event-Specific Information
sec_rgy_domain_t name_domain
char *go_name /* PGOs uuid */