 |
HP OpenVMS System Services Reference Manual
The result of passing the pidadr or the
prcnam argument, or both, to SYS$GRANTID is summarized
in the following table:
| prcnam |
pidadr |
Result |
|
Omitted
|
Omitted
|
Current process ID is used; process ID is not returned.
|
|
Omitted
|
0
|
Current process ID is used; process ID is returned.
|
|
Omitted
|
Specified
|
Specified process ID is used.
|
|
Specified
|
Omitted
|
Specified process name is used; process ID is not returned.
|
|
Specified
|
0
|
Specified process name is used; process ID is returned.
|
|
Specified
|
Specified
|
Specified process ID is used and process name is ignored.
|
The result of passing the name or the
id argument, or both, to SYS$GRANTID is summarized in
the following table:
| name |
id |
Result |
|
Omitted
|
Omitted
|
Illegal. The INSFARG condition value is returned.
|
|
Omitted
|
Specified
|
Specified identifier value is used.
|
|
Specified
|
Omitted
|
Specified identifier name is used; identifier value is not returned.
|
|
Specified
|
0
|
Specified identifier name is used; identifier value is returned.
|
|
Specified
|
Specified
|
Specified identifier value is used and identifier name is ignored.
|
Note that a value of 0 in either of the preceding tables indicates that
the contents of the address specified by the argument is the value 0.
The word omitted indicates that the argument was not supplied.
Required Access or Privileges
You need CMKRNL privilege to invoke this service. In addition, you need
GROUP privilege to modify the rights list of a process in the same
group as the calling process (unless the process has the same UIC as
the calling process). You need WORLD privilege to modify the rights
list of a process outside the caller's group. You need SYSNAM privilege
to modify the system rights list.
Required Quota
None
Related Services
$ADD_HOLDER, $ADD_IDENT, $ASCTOID, $CHECK_ACCESS, $CHKPRO, $CREATE_RDB,
$ERAPAT, $FIND_HELD, $FIND_HOLDER, $FINISH_RDB, $FORMAT_ACL,
$FORMAT_AUDIT, $GET_SECURITY, $HASH_PASSWORD, $IDTOASC, $MOD_HOLDER,
$MOD_IDENT, $MTACCESS, $PARSE_ACL, $REM_HOLDER, $REM_IDENT, $REVOKID,
$SET_SECURITY
Condition Values Returned
|
SS$_WASCLR
|
The service completed successfully; the rights list did not contain the
specified identifier.
|
|
SS$_WASSET
|
The service completed successfully; the rights list already held the
specified identifier.
|
|
SS$_ACCVIO
|
The
pidadr argument cannot be read or written;
prcnam cannot be read;
id cannot be read or written; the
name cannot be read; or
prvatr cannot be written.
|
|
SS$_INSFARG
|
You did not specify either the
id or the
name argument.
|
|
SS$_INSFMEM
|
The process dynamic memory is insufficient for opening the rights
database.
|
|
SS$_IVIDENT
|
The specified identifier name is invalid; the identifier name is longer
than 31 characters, contains an illegal character, or does not contain
at least one nonnumeric character.
|
|
SS$_IVLOGNAM
|
You specified an invalid process name.
|
|
SS$_NONEXPR
|
You specified a nonexistent process.
|
|
SS$_NOPRIV
|
The caller does not have CMKRNL privilege or is not running in
executive or kernel mode, or the caller lacks GROUP, WORLD, or SYSNAM
privilege as required.
|
|
SS$_NOSUCHID
|
The specified identifier name does not exist in the rights database.
Note that the binary identifier, if given, is not validated against the
rights database.
|
|
SS$_NOSYSNAM
|
The operation requires SYSNAM privilege.
|
|
SS$_RIGHTSFULL
|
The rights list of the process or system is full.
|
|
RMS$_PRV
|
The user does not have read access to the rights database.
|
Because the rights database is an indexed file accessed with OpenVMS
RMS, this service can also return RMS status codes associated with
operations on indexed files. For descriptions of these status codes,
see the OpenVMS Record Management Services Reference Manual.
$HASH_PASSWORD
Applies the hash algorithm you select to an ASCII password string and
returns a quadword hash value that represents the encrypted password.
Format
SYS$HASH_PASSWORD pwd ,alg ,[salt] ,usrnam ,hash
C Prototype
int sys$hash_password (void *pwd, unsigned char alg, unsigned short int
salt, void *usrnam, struct _generic_64 *hash);
Arguments
pwd
| OpenVMS usage: |
char_string |
| type: |
character-coded text string |
| access: |
read only |
| mechanism: |
by descriptor--fixed-length string descriptor |
ASCII password string to be encrypted. The pwd
argument is the address of a character string descriptor pointing to
the ASCII password. The password string can contain between 1 and 32
characters and use the uppercase characters A through Z, the numbers 0
through 9, the dollar sign ($), and the underscore (_).
The caller must validate the password string before calling
$HASH_PASSWORD to ensure that only permitted characters are included.
alg
| OpenVMS usage: |
byte_unsigned |
| type: |
byte (unsigned) |
| access: |
read only |
| mechanism: |
by value |
Algorithm used to hash the ASCII password string. The
alg argument is an unsigned byte specifying the hash
algorithm.
The operating system recognizes the following algorithms:
| Symbolic Name |
Description |
|
UAI$K_AD_II
|
Uses a CRC algorithm and returns a longword hash value. This algorithm
was used in releases prior to VAX VMS Version 2.0.
|
|
UAI$C_PURDY
|
Uses a Purdy algorithm over salted input. It expects a blank-padded
user name and returns a quadword hash value. This algorithm was used
during VAX VMS Version 2.0 field test.
|
|
UAI$C_PURDY_V
|
Uses the Purdy algorithm over salted input. It expects a
variable-length user name and returns a quadword hash value. This
algorithm was used in releases prior to VMS Version 5.4.
|
|
UAI$K_PURDY_S
|
Uses the Purdy algorithm over salted input. It expects a
variable-length user name and returns a quadword hash value. This
algorithm is used to hash all new passwords in VMS Version 5.4 and
later.
|
|
UAI$C_PREFERED_ALGORITHM
1
|
Represents the latest encryption algorithm that the operating system
uses to encrypt new passwords. Currently, it equates to UAI$C_PURDY_S.
HP recommends that you use this symbol in source modules because it
always equates with the most recent algorithm.
|
1 The value of this symbol might be changed in future
releases if an additional algorithm is introduced.
Values ranging from 128 to 255 are reserved for customer use; the
constant UAI$K_CUST_ALGORITHM defines the start of this range.
You can use the UAI$_ENCRYPT and UAI$_ENCRYPT2 item codes with the
$GETUAI system service to retrieve the primary and secondary password
hash algorithms for a user.
salt
| OpenVMS usage: |
word_unsigned |
| type: |
word (unsigned) |
| access: |
read only |
| mechanism: |
by value |
Value used to increase the effectiveness of the hash. The
salt argument is an unsigned word containing 16 bits
of data that is used by the hash algorithms when encrypting a password
for the associated user name. The $GETUAI item code UAI$_SALT is used
to retrieve the SALT value for a given user. If you do not specify a
SALT value, $HASH_PASSWORD uses the value of 0.
usrnam
| OpenVMS usage: |
char_string |
| type: |
character-coded text string |
| access: |
read only |
| mechanism: |
by descriptor--fixed-length string descriptor |
Name of the user associated with the password. The
usrnam argument is the address of a descriptor
pointing to a character text string containing the user name. The
current password encryption algorithm (UAI$C_PURDY_S) folds the user
name into the ASCII password string to ensure that different users with
the same password produce different hash values. This argument must be
supplied for all calls to $HASH_PASSWORD but is ignored when using the
CRC algorithm (UAI$C_AD_II).
hash
| OpenVMS usage: |
quadword_unsigned |
| type: |
quadword (unsigned) |
| access: |
write only |
| mechanism: |
by reference |
Output hash value representing the encrypted password. The
hash argument is the address of an unsigned quadword
to which $HASH_PASSWORD writes the output of the hash. If you use the
UAI$C_AD_II algorithm, the second longword of the hash is always set to
0.
Description
The Hash Password service applies the hash algorithm you select to an
ASCII password string and returns a quadword hash value that represents
the encrypted password.
Other OpenVMS password services allow spaces, tabs, and other blank
characters from the user, but they remove those spaces before passing
the string to $HASH_PASSWORD. Before calling $HASH_PASSWORD, all white
space must be removed from the password string to ensure proper
comparison with passwords created by other services.
Required Access or Privileges
None
Required Quota
None
Related Services
$GETUAI, $SETUAI.
Use $GETUAI to get the values for the salt and
alg arguments. Use $SETUAI to store the resulting hash
using the item codes UAI$_PWD and UAI$_PWD2.
For more information, see the appendix on implementing site-specific
security policies in the HP OpenVMS Programming Concepts Manual.
Condition Values Returned
|
SS$_NORMAL
|
The service completed successfully.
|
|
SS$_ACCVIO
|
The input or output buffer descriptors cannot be read or written to by
the caller.
|
|
SS$_BADPARAM
|
The specified hash algorithm is unknown or invalid.
|
$HIBER
Allows a process to make itself inactive but to remain known to the
system so that it can be interrupted; for example, to receive ASTs.
Format
SYS$HIBER
C Prototype
int sys$hiber (void);
Arguments
None.
Description
The Hibernate service allows a process to make itself inactive but to
remain known to the system so that it can be interrupted; for example,
to receive ASTs. A hibernate request is a wait-for-wake-event request.
When you call the Wake Process from Hibernation ($WAKE) service or when
the time specified with the Schedule Wakeup ($SCHDWK) service occurs,
the process continues execution at the instruction following the
Hibernate call.
In VAX MACRO, you can call the Hibernate service only by using the
$name_S macro.
A hibernating process can be swapped out of the balance set if it is
not locked into the balance set.
An AST can interrupt the wait state caused by $HIBER if the access mode
at which the AST is to execute is equal to or more privileged than the
access mode from which the hibernate request was issued and the process
is enabled for ASTs at that access mode.
When the AST service routine completes execution, the system reexecutes
the $HIBER service on behalf of the process. If a wakeup request has
been issued for the process during the execution of the AST service
routine (either by itself or another process), the process resumes
execution. If a wakeup request has not been issued, it continues to
hibernate.
If one or more wakeup requests are issued for the process while it is
not hibernating, the next hibernate call returns immediately; that is,
the process does not hibernate. No count of outstanding wakeup requests
is maintained.
Although this service has no arguments, a Fortran function reference
must use parentheses to indicate a null argument list, as in the
following example:
Required Access or Privileges
None
Required Quota
None
Related Services
$CANEXH, $CREPRC, $DCLEXH, $DELPRC, $EXIT, $FORCEX, $GETJPI, $GETJPIW,
$PROCESS_SCAN, $RESUME, $SETPRI, $SETPRN, $SETPRV, $SETRWM, $SUSPND,
$WAKE
Condition Values Returned
|
SS$_NORMAL
|
The service completed successfully.
|
$ICC_ACCEPT
Responds to an incoming connection request. This call is used to
complete an ICC connection from the server side.
On Alpha and Integrity server systems, this service accepts 64-bit
addresses.
Format
SYS$ICC_ACCEPT conn_handle ,[accept_buf] ,[accept_len] ,[user_context]
,[flags]
C Prototype
int sys$icc_accept (unsigned int conn_handle, char * accept_buf,
unsigned int accept_len, unsigned int user_context, unsigned int flags);
Arguments
conn_handle
| OpenVMS usage: |
connection_id |
| type: |
longword (unsigned) |
| access: |
read only |
| mechanism: |
by value |
The handle of the requested connection.
accept_buf
| OpenVMS usage: |
byte_stream |
| type: |
character-coded text string |
| access: |
read only |
| mechanism: |
by 32-bit or 64-bit reference (Alpha and Integrity servers)
|
A buffer of up to 1000 bytes of accept data that is sent to the source
of the connection at the completion of the connection process.
accept_len
| OpenVMS usage: |
buffer_length |
| type: |
longword (unsigned) |
| access: |
read only |
| mechanism: |
by value |
The actual number of bytes in accept_buf to be sent.
user_context
| OpenVMS usage: |
user_arg |
| type: |
quadword (Alpha and Integrity servers) |
| access: |
read only |
| mechanism: |
by value |
A user-specified value that is subsequently returned on any disconnect
or data events on this connection.
flags
| OpenVMS usage: |
mask_longword |
| type: |
longword (unsigned) |
| access: |
read only |
| mechanism: |
by value |
ICC$M_SYNCH_MODE can be specified to indicate that the data
transmission and reception routines $ICC_TRANSMIT, $ICC_RECEIVE, and
$ICC_REPLY are allowed to return the status SS$_SYNCH in the case of
synchronous completion, and that the AST will not be called.
Description
This service is used by a server to respond to an incoming connection
request. The $ICC_ACCEPT service may only be called after receiving a
connection request AST.
At the completion of the service, the connection is open and data can
be exchanged. Once opened, there is no logical distinction between a
connection opened by a client with the Connect service or a server with
the Accept service.
A server can reject a Connection request by calling the $ICC_REJECT
service.
Required Access or Privileges
None.
Required Quota
$ICC_ACCEPT changes the process BYTLM quota for the length of the
accept_buf parameter, as well as a fixed value for
each potential Receive buffer on the connection. The number of
potential Receive buffers is specified by the MAXFLOWBUFCNT parameter
in the $ICC_OPEN_ASSOC service.
Related Services
$ICC_CLOSE_ASSOC, $ICC_CONNECT, $ICC_CONNECTW, $ICC_DISCONNECT,
$ICC_DISCONNECTW, $ICC_OPEN_ASSOC, $ICC_RECEIVE, $ICC_RECEIVEW,
$ICC_REJECT, $ICC_REPLY, $ICC_REPLYW, $ICC_TRANSCEIVE,
$ICC_TRANSCEIVEW, $ICC_TRANSMIT, $ICC_TRANSMITW
Condition Values Returned
|
SS$_NORMAL
|
Normal completion.
|
|
SS$_ACCVIO
|
Access violation on parameter.
|
|
SS$_BADPARAM
|
Bad parameter value specified.
|
|
SS$_CLEARED
|
Remote association closed the link before it was accepted.
|
|
SS$_EXQUOTA
|
Exceeded BYTCNT/BYTLM.
|
|
SS$_INSFARG
|
Too few arguments supplied.
|
|
SS$_INSFMEM
|
Not enough system resources or process virtual memory available.
|
|
SS$_IVMODE
|
Attempted to accept a connection from a more privileged access mode
than the requested association.
|
|
SS$_IVCHAN
|
Connection not found or Invalid connection handle.
|
|
SS$_LINKDISCON
|
The connection is valid, but the physical link has started to
disconnect.
|
|
SS$_TOO_MANY_ARGS
|
Too many arguments specified.
|
|
SS$_WRONGSTATE
|
Connection is in the wrong state for the request.
|
$ICC_CLOSE_ASSOC
Closes the application's association with ICC.
Format
SYS$ICC_CLOSE_ASSOC assoc_handle
C Prototype
int sys$icc_close_assoc (unsigned int assoc_handle);
Arguments
assoc_handle
| OpenVMS usage: |
association_id |
| type: |
longword (unsigned) |
| access: |
read only |
| mechanism: |
by value |
The handle of the association to be closed.
Description
This service closes the application's association with ICC. If multiple
associations are open, only the specified association is closed. When
an association is closed, any active connections on that association
are disconnected. If not explicitly closed by the application,
associations opened in user mode will be closed at image exit;
associations opened in inner modes will be closed at process
termination.
All operations on an association must occur in the access mode at which
the association was opened.
When an association is closed, the entry (if any) in the simple
clusterwide association registry is removed.
Required Access or Privileges
None.
Required Quota
None.
Related Services
$ICC_ACCEPT, $ICC_CONNECT, $ICC_CONNECTW, $ICC_DISCONNECT,
$ICC_DISCONNECTW, $ICC_OPEN_ASSOC, $ICC_RECEIVE, $ICC_RECEIVEW,
$ICC_REJECT, $ICC_REPLY, $ICC_REPLYW, $ICC_TRANSCEIVE,
$ICC_TRANSCEIVEW, $ICC_TRANSMIT, $ICC_TRANSMITW
Condition Values Returned
|
SS$_NORMAL
|
Normal completion.
|
|
SS$_INSFARG
|
The
assoc_handle was not supplied.
|
|
SS$_IVCHAN
|
Invalid association handle.
|
|
SS$_IVMODE
|
Attempted to close an association from a more privileged access mode
than the requested association.
|
|
SS$_TOO_MANY_ARGS
|
Too many arguments specified.
|
|
