home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
OS/2 Shareware BBS: 10 Tools
/
10-Tools.zip
/
dsstlkt5.zip
/
dssos2tk
/
dss
/
DSSAPPLY.INP
< prev
next >
Wrap
Text File
|
1998-05-08
|
12KB
|
299 lines
********************************************************************************
*
* Filename: DSSAPPLY.INP
*
* Description: Instructions and examples for creating a DSSAPPLY input file
*
* Date Created: 3/01/96 (PCS)
*
********************************************************************************
*
* INSTRUCTIONS FOR USING DSSAPPLY -
*
* DSSAPPLY is a sample program which uses data elements supplied by an input file
* to replace or manipulate Access Control Lists (ACLs). Depending on the action
* selected, DSSAPPLY copies the ACLs (or changes to the ACLs) from the target
* directory to each subdirectory logically residing below it.
*
* The syntax for DSSAPPLY is:
*
* DSSAPPLY input_file_name [cell_name, realm_name, server_name]
*
* where:
*
* input_file_name is the name of the input file containing the specifications
* for the apply
*
* cell_name is an optional parameter specifying the name of the cell to be
* administered (note: a cell_name specified in the input file overrides a
* command line entry)
*
* realm_name is an optional parameter specifying the name of the realm to be
* administered (note: a realm_name specified in the input file overrides
* a command line entry)
*
* server_name is an optional parameter specifying the name of the server to be
* administered (note: a server_name specified in the input file overrides
* a command line entry)
*
********************************************************************************
*
* INSTRUCTIONS FOR CREATING A DSSAPPLY INPUT FILE -
*
* The DSSAPPLY input file translates directly into the data elements that need to
* be supplied to the two Apply API functions called by DSSAPPLY:
*
* ent_acl_replace_apply(), and
* ent_acl_manipulate_apply()
*
* Each line of the input file consists of a keyword followed by one or more blanks
* followed by the parameter associated with the keyword. In some cases, a standalone
* keyword is used to indicate the begin or end of a file section. In most cases, a
* keyword and parameter can be omitted if the default parameter value is assumed.
*
* Comments lines begin with any of the following characters: * / # ; %
*
* Except for names and UUIDs, all inputs are case insensitive.
*
************* A note about syntax used in the instructions below ***************
*
* A '|' is used to indicate selection choices and is not part of the input file
* syntax.
*
* The '()' is used to indicate information about the parameters, and likewise, is
* not included in the syntax of the actual input file.
*
* Separate, and alternative sections are separated by '*'s and commented for clarity.
*
* The instructions are followed by examples at the end of this file.
*
********************************************************************************
*
* The first portion of the input file defines a set of fixed initialization data:
*
********************************************************************************
*
* cell_name name of cell
* realm_name name of realm
* server_name name of server containing acl database
* call_type repl|manip (default is manip)
* res_global_name full file system pathname of starting directory object
* sec_acl_type obj|def_obj|def_container (default is obj)
* tolerance yes|no (continue if access deny occurs; default is no)
* recursion yes|no (apply to subdirectories and files; default is no)
* max_errors size (in chars) of the error buffer (default is 1024)
*
********************************************************************************
*
* The second portion of the input file is formatted according to the parameter
* supplied for the call_type keyword: repl(ace) or manip(ulate).
*
* If the call_type is manip(ulate), the following input file data is used to build
* the entries_to_manipulate_t structure:
*
********************************************************************************
*
* num_manip_entries number of entries listed below
* manip_entry_num 1
* action rename_user|rename_group|modify_add_or_create|modify_add|
* delete|modify_delete|replace_or_create|replace|create
*
********************************************************************************
* Include following lines if action = rename_user|rename_group
*
********************************************************************************
*
* itr_old_local true|false (default is true)
* itr_new_local true|false (default is true)
* itr_old_name old user or group name
* itr_old_uuid old uuid of user or group (not required if itr_old_name supplied)
* itr_new_name new user or group name
* itr_new_uuid new uuid of user or group (not required if itr_new_name supplied)
* itr_entry_end
*
********************************************************************************
* Include one of the following formats if action = modify_add_or_create|
* modify_add|delete|modify_delete|replace_or_create|replace|create. Choose
* format based on the value of sec_acl_entry_type.
*
****************************** Format # 1 ************************************************
*
* sec_acl_entry_type any_other_deleg|group_obj_deleg|other_obj_deleg|user_obj_deleg|
* user_obj|group_obj|other_obj|any_other|mask_obj|unathenticated
* sec_acl_perms d|i|c|t|w|r|x|none
* sec_acl_entry_end
*
****************************** Format # 2 ************************************************
*
* sec_acl_entry_type user|group|foreign_other|user_deleg|group_deleg|for_other_deleg
* sec_acl_perms d|i|c|t|w|r|x|none
* sec_acl_id.uuid new uuid of user or group (not required if sec_acl_id.name supplied)
* sec_acl_id.name new name of user or group
* sec_acl_entry_end
*
****************************** Format # 3 ************************************************
*
* sec_acl_entry_type foreign_user|foreign_group|for_user_deleg|for_group_deleg
* sec_acl_perms d|i|c|t|w|r|x|none
* sec_acl_id.uuid new uuid of user or group (not required if sec_acl_id.name supplied)
* sec_acl_id.name new name of user or group
* sec_acl_rl.uuid uuid of realm security server (not required if sec_acl_rl.name supplied)
* sec_acl_rl.name name of realm security server
* sec_acl_entry_end
*
********************************************************************************
* Repeat above sequence for additional manip(ulate) data entries
********************************************************************************
* manip_entry_num 2
* ...
* manip_entry_num <n>
*
****** This is the end of the instruction for manip(ulate)! ***************
*
********************************************************************************
* If the call_type is repl(ace), the following input file data is used to build a
* sec_acl_list_t structure:
* Choose one of the 3 formats below based on the value of sec_acl_entry_type.
*
********************************************************************************
*
* num_sec_acl_entries number of entries listed below
* sec_acl_entry_num 1
****************************** Format # 1 ************************************************
* sec_acl_entry_type any_other_delegate|group_object_delegate|user_obj_delegate|
* user_obj|group_obj|other_obj|any_other|mask_obj|unauthenticated
* sec_acl_perms r|w|x|c|i|d|t|none
* sec_acl_entry_end
**************************** End Format # 1 ************************************************
* sec_acl_entry_num 2
****************************** Format # 2 ************************************************
* sec_acl_entry_type user|group|foreign_other|user_delegate|group_delegate|
* for_other_delegate
* sec_acl_perms r|w|x|c|i|d|t|none
* sec_acl_id.uuid security server uuid (not needed if name provided; see example)
* sec_acl_id.name security server name
* sec_acl_entry_end
**************************** End Format # 2 ************************************************
* sec_acl_entry_num 3
****************************** Format # 3 ************************************************
* sec_acl_entry_type foreign_user|foreign_group|for_user_delegate|for_group_delegate
* sec_acl_perms r|w|x|c|i|d|t|none
* sec_acl_id.uuid security server uuid (not needed if name provided; see example)
* sec_acl_id.name security server name
* sec_acl_rl.uuid realm security server uuid (not required if sec_acl_rl.name supplied)
* sec_acl_rl.name realm security server name
* sec_acl_entry_end
**************************** End Format # 3 ************************************************
********************************************************************************
* Repeat above sequence for additional repl(ace) data entries
********************************************************************************
* sec_acl_entry_num 4
* ...
* sec_acl_entry_num <n>
*
****** This is the end of the instruction for repl(ace)! ************************
*
* OTHER USEFUL INFORMATION -
*
* This is an example of a uuid: 572f5d00-c761-11ce-8b50-10005a7b953d
* In cases where both a principal name and uuid is defined, only the name needs to
* be entered (the program will obtain the associated uuid from the Registry).
*
* Permissions encoding: none or a combination of dictwrx
*
* permission hex value decimal
* __________ _________ _______
*
* none 0x 0
* r read 0x......1 1
* w write 0x......2 2
* x execute 0x......4 4
* c control 0x......8 8
* i insert 0x.....10 16
* d delete 0x.....20 32
* t test 0x.....40 64
*
********************************************************************************
********************************************************************************
*
* DSSAPPLY INPUT FILE EXAMPLES -
*
* EXAMPLE #1 -
*
cell_name city88
realm_name AUSZOO
server_name DRAGON88
call_type repl
*call_type manip
res_global_name f:\testtree
sec_acl_type obj
tolerance yes
recursion yes
* Since we are replacing existing ACLs, we use the following formats...
num_sec_acl_entries 9
sec_acl_entry_num 1
sec_acl_entry_type user_obj
sec_acl_perms cdrtwxi
sec_acl_entry_end
sec_acl_entry_num 2
sec_acl_entry_type group_obj
sec_acl_perms cd
sec_acl_entry_end
sec_acl_entry_num 3
sec_acl_entry_type other_obj
sec_acl_perms cdw
sec_acl_entry_end
sec_acl_entry_num 4
sec_acl_entry_type any_other
sec_acl_perms cdt
sec_acl_entry_end
sec_acl_entry_num 5
sec_acl_entry_type mask_obj
sec_acl_perms wrx
sec_acl_entry_end
sec_acl_entry_num 6
sec_acl_entry_type unauthenticated
sec_acl_perms c
sec_acl_entry_end
sec_acl_entry_num 7
sec_acl_entry_type user
sec_acl_perms none
sec_acl_id.name USER1
sec_acl_entry_end
sec_acl_entry_num 8
sec_acl_entry_type group
sec_acl_perms w
sec_acl_id.name TESTGRP1
sec_acl_entry_end
sec_acl_entry_num 9
sec_acl_entry_type foreign_other
sec_acl_perms cri
sec_acl_id.name USER2
sec_acl_entry_end
*sec_acl_entry_num 10
*sec_acl_entry_type foreign_user
*sec_acl_perms wixr
*sec_acl_id.name USER5
*sec_acl_rl.name LSE50DOM
*sec_acl_entry_end
*sec_acl_entry_num 11
*sec_acl_entry_type foreign_group
*sec_acl_perms ixne
*sec_acl_id.name GROUP3
*sec_acl_rl.name LSE50DOM
*sec_acl_entry_end