System Services, $CHECK ACCESS
*Conan The Librarian (sorry for the slow response - running on an old VAX)
|
VMS Help System Services, $CHECK ACCESS *Conan The Librarian (sorry for the slow response - running on an old VAX) |
|
Determines on behalf of a third-party user whether a named user
can access the object specified.
Format
SYS$CHECK_ACCESS [objtyp], [objnam], [usrnam], itmlst,
[contxt], [clsnam], [objpro], [usrpro]
C Prototype
int sys$check_access (unsigned int *objtyp, void *objnam,
void *usrnam, void *itmlst, unsigned int
*contxt, void *clsnam, void *objpro, void
*usrpro);
| 1 - Arguments |
objtyp
OpenVMS usage:longword_unsigned
type: longword (unsigned)
access: read only
mechanism: by reference
Type of object being accessed. The objtyp argument is the address
of a longword containing a value specifying the type of object.
The appropriate symbols are listed in the following table and are
defined in the system macro $ACLDEF library:
Symbol Meaning
ACL$C_CAPABILITY Object is a restricted resource; use the
reserved name VECTOR.
ACL$C_DEVICE Object is a device.
ACL$C_FILE Object is a Files-11 On-Disk Structure
Level 2 file.
ACL$C_GROUP_GLOBAL_ Object is a group global section.
SECTION
ACL$C_JOBCTL_QUEUE Object is a batch, print, or server
queue.
ACL$C_LOGICAL_NAME_ Object is a logical name table.
TABLE
ACL$C_SYSTEM_GLOBAL_ Object is a system global section.
SECTION
For further information about these symbols, see the description
of the clsnam argument.
objnam
OpenVMS usage:char_string
type: character-coded text string
access: read only
mechanism: by descriptor-fixed-length string descriptor
Name of the object being accessed. The objnam argument is the
address of a character-string descriptor pointing to the object
name.
usrnam
OpenVMS usage:char_string
type: character-coded text string
access: read only
mechanism: by descriptor-fixed-length string descriptor
Name of the user attempting access. The usrnam argument is the
address of a descriptor that points to a character string that
contains the name of the user attempting to gain access to the
specified object. The user name string can contain a maximum of
12 alphanumeric characters.
itmlst
OpenVMS usage:item_list_3
type: longword (unsigned)
access: read only
mechanism: by reference
Attributes describing how the object is to be accessed and
information returned after $CHECK_ACCESS performs the protection
check (for instance, security alarm information).
For each item code, you must include a set of four elements and
end the list with a longword containing the value 0 (CHP$_END).
Refer to the OpenVMS System Services Reference Manual to view the
item code diagram and descriptor fields table.
contxt
OpenVMS usage:longword
type: longword (unsigned)
access: read-write
mechanism: by reference
Longword used to maintain the user authorization file (UAF)
context. The contxt argument is the address of a longword
to receive a UAI context longword. On the initial call, this
longword should contain the value -1. On subsequent calls, the
value of the contxt argument from the previous call should be
passed back in.
Using the contxt argument keeps the UAF open across all calls,
thereby improving the performance of the system on subsequent
calls. To close the UAF, you must run down the image.
The resulting contxt value from a $CHECK_ACCESS call can also be
used as the input contxt argument to the $GETUAI system service,
and vice versa.
clsnam
OpenVMS usage:char_string
type: character-coded text string
access: read only
mechanism: by descriptor
Object class name associated with the protected object. The
clsnam argument is the address of a descriptor pointing to the
name of the object class associated with the object specified by
either the objnam or the objpro argument. The clsnam and objtyp
arguments are mutually exclusive. The clsnam argument is the
preferred argument to $CHECK_ACCESS. The following object class
names are valid:
CAPABILITY QUEUE
COMMON_EVENT_CLUSTER RESOURCE_DOMAIN
DEVICE SECURITY_CLASS
FILE SYSTEM_GLOBAL_SECTION
GROUP_GLOBAL_SECTION VOLUME
LOGICAL_NAME_TABLE
objpro
OpenVMS usage:char_string
type: opaque byte stream or object handle
access: read only
mechanism: by descriptor
Buffer containing an object security profile or object handle.
The objpro argument is the address of a descriptor pointing to
a buffer that contains an encoded object security profile or the
address of a descriptor pointing to an object handle.
Object handles vary according to the associated security object
class. Currently, the only supported object handles are for the
file and device class objects where the object handle is a word
or longword channel.
The objpro and objnam arguments are mutually exclusive unless the
objpro argument is a simple object handle. The objpro and usrpro
arguments are also mutually exclusive unless the objpro argument
is an object handle.
usrpro
OpenVMS usage:char_string
type: opaque byte stream
access: read only
mechanism: by descriptor
Buffer containing a user security profile. The usrpro argument is
the address of a descriptor pointing to a buffer that contains an
encoded user security profile.
The $CREATE_USER_PROFILE service can be used to construct a user
security profile. The usrpro and usrnam arguments are mutually
exclusive. The objpro and usrpro arguments are also mutually
exclusive unless the objpro argument is an object handle.
|
|
