![[Compaq]](../../images/hp.gif)
![[Go to the documentation home page]](../../images/buttons/hp_bn_site_home.gif)
![[How to order documentation]](../../images/buttons/hp_bn_order_docs.gif)
![[Help on this site]](../../images/buttons/hp_bn_site_help.gif)
![[How to contact us]](../../images/buttons/hp_bn_comments.gif)
![[OpenVMS documentation]](../../images/hp_ovmsdoc_sec_head.gif)
| Document revision date: 15 July 2002 | |
|
|
|
|
|
|
| Previous | Contents | Index |
Adds the specified identifier record to the rights list of the process or the system.
SYS$GRANTID [pidadr] ,[prcnam] ,[id] ,[name] ,[prvatr]
int sys$grantid (unsigned int *pidadr, void *prcnam, struct _generic_64 *id, void *name, unsigned int *prvatr, unsigned int segment);
pidadr
OpenVMS usage: process_id type: longword (unsigned) access: modify mechanism: by reference
Process identification (PID) number of the process affected when $GRANTID completes execution. The pidadr argument is the address of a longword containing the PID of the process to be affected. You use --1 to indicate the system rights list. When pidadr is passed, it is also returned; therefore, you must pass it as a variable rather than a constant. If you specify neither pidadr nor prcnam, your own process is used.prcnam
OpenVMS usage: process_name type: character-coded text string access: read only mechanism: by descriptor--fixed-length string descriptor
Process name on which $GRANTID operates. The prcnam argument is the address of a character string descriptor containing the process name. The maximum length of the name is 15 characters. Because the UIC group number is interpreted as part of the process name, you must use pidadr to specify the rights list of a process in a different group. If you specify neither pidadr nor prcnam, your own process is used.id
OpenVMS usage: rights_holder type: quadword (unsigned) access: modify mechanism: by reference
Identifier and attributes to be granted when $GRANTID completes execution. The id argument is the address of a quadword containing the binary identifier code to be granted in the first longword and the attributes in the second longword.Use the id argument to modify the attributes of the identifier.
Symbol values are offsets to the bits within the longword. You can also obtain the values as masks with the appropriate bit set using the prefix KGB$M rather than KGB$V. The following symbols for each bit position are defined in the macro library ($KGBDEF):
Bit Position Meaning When Set KGB$V_DYNAMIC Allows holders of the identifier to remove it from or add it to the process rights database using the DCL command SET RIGHTS_LIST. KGB$V_NOACCESS Makes any access rights of the identifier null and void. This attribute is intended as a modifier for a resource identifier or the Subsystem attribute. KGB$V_RESOURCE Allows holders of an identifier to charge disk space to the identifier. It is used only for file objects. KGB$V_SUBSYSTEM Allows holders of the identifier to create and maintain protected subsystems by assigning the Subsystem ACE to the application images in the subsystem. You must specify either id or name. Because the id argument is returned as well as passed if you specify name, you must pass it as a variable rather than a constant in this case.
name
OpenVMS usage: char_string type: character-coded text string access: read only mechanism: by descriptor--fixed-length string descriptor
Name of the identifier granted when $GRANTID completes execution. The name argument is the address of a descriptor pointing to the name of the identifier. The identifier is granted as it is created. You must specify either id or name.prvatr
OpenVMS usage: mask_longword type: longword (unsigned) access: write only mechanism: by reference
Previous attributes of the identifier. The prvatr argument is the address of a longword used to store the attributes of the identifier if it was previously present in the rights list. If you added rather than modified the identifier, prvatr is ignored.
The Grant Identifier to Process service adds the specified identifier to the rights list of the process or the system. If the identifier is already in the rights list, its attributes are modified to those specified. This service is meant to be used by a privileged subsystem to alter the access rights profile of a user, based on installation policy. It is not meant to be used by the general system user.The result of passing the pidadr or the prcnam argument, or both, to SYS$GRANTID is summarized in the following table:
prcnam pidadr Result Omitted Omitted Current process ID is used; process ID is not returned. Omitted 0 Current process ID is used; process ID is returned. Omitted Specified Specified process ID is used. Specified Omitted Specified process name is used; process ID is not returned. Specified 0 Specified process name is used; process ID is returned. Specified Specified Specified process ID is used and process name is ignored. The result of passing the name or the id argument, or both, to SYS$GRANTID is summarized in the following table:
name id Result Omitted Omitted Illegal. The INSFARG condition value is returned. Omitted Specified Specified identifier value is used. Specified Omitted Specified identifier name is used; identifier value is not returned. Specified 0 Specified identifier name is used; identifier value is returned. Specified Specified Specified identifier value is used and identifier name is ignored. Note that a value of 0 in either of the preceding tables indicates that the contents of the address specified by the argument is the value 0. The word omitted indicates that the argument was not supplied.
You need CMKRNL privilege to invoke this service. In addition, you need GROUP privilege to modify the rights list of a process in the same group as the calling process (unless the process has the same UIC as the calling process). You need WORLD privilege to modify the rights list of a process outside the caller's group. You need SYSNAM privilege to modify the system rights list.
None
$ADD_HOLDER, $ADD_IDENT, $ASCTOID, $CHECK_ACCESS, $CHKPRO, $CREATE_RDB, $ERAPAT, $FIND_HELD, $FIND_HOLDER, $FINISH_RDB, $FORMAT_ACL, $FORMAT_AUDIT, $GET_SECURITY, $HASH_PASSWORD, $IDTOASC, $MOD_HOLDER, $MOD_IDENT, $MTACCESS, $PARSE_ACL, $REM_HOLDER, $REM_IDENT, $REVOKID, $SET_SECURITY
SS$_WASCLR The service completed successfully; the rights list did not contain the specified identifier. SS$_WASSET The service completed successfully; the rights list already held the specified identifier. SS$_ACCVIO The pidadr argument cannot be read or written; prcnam cannot be read; id cannot be read or written; the name cannot be read; or prvatr cannot be written. SS$_INSFARG You did not specify either the id or the name argument. SS$_INSFMEM The process dynamic memory is insufficient for opening the rights database. SS$_IVIDENT The specified identifier name is invalid; the identifier name is longer than 31 characters, contains an illegal character, or does not contain at least one nonnumeric character. SS$_IVLOGNAM You specified an invalid process name. SS$_NONEXPR You specified a nonexistent process. SS$_NOPRIV The caller does not have CMKRNL privilege or is not running in executive or kernel mode, or the caller lacks GROUP, WORLD, or SYSNAM privilege as required. SS$_NOSUCHID The specified identifier name does not exist in the rights database. Note that the binary identifier, if given, is not validated against the rights database. SS$_NOSYSNAM The operation requires SYSNAM privilege. SS$_RIGHTSFULL The rights list of the process or system is full. RMS$_PRV The user does not have read access to the rights database.
Because the rights database is an indexed file accessed with OpenVMS RMS, this service can also return RMS status codes associated with operations on indexed files. For descriptions of these status codes, refer to the OpenVMS Record Management Services Reference Manual.
Applies the hash algorithm you select to an ASCII password string and returns a quadword hash value that represents the encrypted password.
SYS$HASH_PASSWORD pwd ,alg ,[salt] ,usrnam ,hash
int sys$hash_password (void *pwd, unsigned char alg, unsigned short int salt, void *usrnam, struct _generic_64 *hash);
pwd
OpenVMS usage: char_string type: character-coded text string access: read only mechanism: by descriptor--fixed-length string descriptor
ASCII password string to be encrypted. The pwd argument is the address of a character string descriptor pointing to the ASCII password. The password string can contain between 1 and 32 characters and use the uppercase characters A through Z, the numbers 0 through 9, the dollar sign ($), and the underscore (_).The caller must validate the password string before calling $HASH_PASSWORD to ensure that only permitted characters are included.
alg
OpenVMS usage: byte_unsigned type: byte (unsigned) access: read only mechanism: by value
Algorithm used to hash the ASCII password string. The alg argument is an unsigned byte specifying the hash algorithm.The operating system recognizes the following algorithms:
Symbolic Name Description UAI$K_AD_II Uses a CRC algorithm and returns a longword hash value. This algorithm was used in releases prior to VAX VMS Version 2.0. UAI$C_PURDY Uses a Purdy algorithm over salted input. It expects a blank-padded user name and returns a quadword hash value. This algorithm was used during VAX VMS Version 2.0 field test. UAI$C_PURDY_V Uses the Purdy algorithm over salted input. It expects a variable-length user name and returns a quadword hash value. This algorithm was used in releases prior to VMS Version 5.4. UAI$K_PURDY_S Uses the Purdy algorithm over salted input. It expects a variable-length user name and returns a quadword hash value. This algorithm is used to hash all new passwords in VMS Version 5.4 and later. UAI$C_PREFERED_ALGORITHM 1 Represents the latest encryption algorithm that the operating system uses to encrypt new passwords. Currently, it equates to UAI$C_PURDY_S. Compaq recommends that you use this symbol in source modules because it always equates with the most recent algorithm.
Values ranging from 128 to 255 are reserved for customer use; the constant UAI$K_CUST_ALGORITHM defines the start of this range.
You can use the UAI$_ENCRYPT and UAI$_ENCRYPT2 item codes with the $GETUAI system service to retrieve the primary and secondary password hash algorithms for a user.
| OpenVMS usage: | word_unsigned |
| type: | word (unsigned) |
| access: | read only |
| mechanism: | by value |
| OpenVMS usage: | char_string |
| type: | character-coded text string |
| access: | read only |
| mechanism: | by descriptor--fixed-length string descriptor |
| OpenVMS usage: | quadword_unsigned |
| type: | quadword (unsigned) |
| access: | write only |
| mechanism: | by reference |
The Hash Password service applies the hash algorithm you select to an ASCII password string and returns a quadword hash value that represents the encrypted password.Other OpenVMS password services allow spaces, tabs, and other blank characters from the user, but they remove those spaces before passing the string to $HASH_PASSWORD. Before calling $HASH_PASSWORD, all white space must be removed from the password string to ensure proper comparison with passwords created by other services.
None
None
$GETUAI, $SETUAI.
Use $GETUAI to get the values for the salt and alg arguments. Use $SETUAI to store the resulting hash using the item codes UAI$_PWD and UAI$_PWD2.
For more information, see the appendix on implementing site-specific security policies in the OpenVMS Programming Concepts Manual.
SS$_NORMAL The service completed successfully. SS$_ACCVIO The input or output buffer descriptors cannot be read or written to by the caller. SS$_BADPARAM The specified hash algorithm is unknown or invalid.
Allows a process to make itself inactive but to remain known to the system so that it can be interrupted; for example, to receive ASTs.
SYS$HIBER
int sys$hiber (void);
None.
The Hibernate service allows a process to make itself inactive but to remain known to the system so that it can be interrupted; for example, to receive ASTs. A hibernate request is a wait-for-wake-event request. When you call the Wake Process from Hibernation ($WAKE) service or when the time specified with the Schedule Wakeup ($SCHDWK) service occurs, the process continues execution at the instruction following the Hibernate call.In VAX MACRO, you can call the Hibernate service only by using the $name_S macro.
A hibernating process can be swapped out of the balance set if it is not locked into the balance set.
An AST can interrupt the wait state caused by $HIBER if the access mode at which the AST is to execute is equal to or more privileged than the access mode from which the hibernate request was issued and the process is enabled for ASTs at that access mode.
When the AST service routine completes execution, the system reexecutes the $HIBER service on behalf of the process. If a wakeup request has been issued for the process during the execution of the AST service routine (either by itself or another process), the process resumes execution. If a wakeup request has not been issued, it continues to hibernate.
If one or more wakeup requests are issued for the process while it is not hibernating, the next hibernate call returns immediately; that is, the process does not hibernate. No count of outstanding wakeup requests is maintained.
Although this service has no arguments, a Fortran function reference must use parentheses to indicate a null argument list, as in the following example:
ISTAT=SYS$HIBER()None
None
$CANEXH, $CREPRC, $DCLEXH, $DELPRC, $EXIT, $FORCEX, $GETJPI, $GETJPIW, $PROCESS_SCAN, $RESUME, $SETPRI, $SETPRN, $SETPRV, $SETRWM, $SUSPND, $WAKE
SS$_NORMAL The service completed successfully.
Responds to an incoming connection request. This call is used to complete an ICC connection from the server side.On Alpha systems, this service accepts 64-bit addresses.
SYS$ICC_ACCEPT conn_handle ,[accept_buf] ,[accept_len] ,[user_context] ,[flags]
int sys$icc_accept (unsigned int conn_handle, char * accept_buf, unsigned int accept_len, unsigned int user_context, unsigned int flags);
conn_handle
OpenVMS usage: connection_id type: longword (unsigned) access: read only mechanism: by value
The handle of the requested connection.accept_buf
OpenVMS usage: byte_stream type: character-coded text string access: read only mechanism: by 32-bit or 64-bit reference (Alpha) mechanism: by 32-bit reference (VAX)
A buffer of up to 1000 bytes of accept data that is sent to the source of the connection at the completion of the connection process.accept_len
OpenVMS usage: buffer_length type: longword (unsigned) access: read only mechanism: by value
The actual number of bytes in accept_buf to be sent.user_context
OpenVMS usage: user_arg type: longword (unsigned) (VAX), quadword (Alpha) access: read only mechanism: by value
A user-specified value that is subsequently returned on any disconnect or data events on this connection.flags
OpenVMS usage: mask_longword type: longword (unsigned) access: read only mechanism: by value
ICC$M_SYNCH_MODE can be specified to indicate that the data transmission and reception routines $ICC_TRANSMIT, $ICC_RECEIVE, and $ICC_REPLY are allowed to return the status SS$_SYNCH in the case of synchronous completion, and that the AST will not be called.
This service is used by a server to respond to an incoming connection request. The $ICC_ACCEPT service may only be called after receiving a connection request AST.At the completion of the service, the connection is open and data can be exchanged. Once opened, there is no logical distinction between a connection opened by a client with the Connect service or a server with the Accept service.
A server can reject a Connection request by calling the $ICC_REJECT service.
None.
$ICC_ACCEPT changes the process BYTLM quota for the length of the accept_buf parameter, as well as a fixed value for each potential Receive buffer on the connection. The number of potential Receive buffers is specified by the MAXFLOWBUFCNT parameter in the $ICC_OPEN_ASSOC service.
$ICC_CLOSE_ASSOC, $ICC_CONNECT, $ICC_CONNECTW, $ICC_DISCONNECT, $ICC_DISCONNECTW, $ICC_OPEN_ASSOC, $ICC_RECEIVE, $ICC_RECEIVEW, $ICC_REJECT, $ICC_REPLY, $ICC_REPLYW, $ICC_TRANSCEIVE, $ICC_TRANSCEIVEW, $ICC_TRANSMIT, $ICC_TRANSMITW
SS$_NORMAL Normal completion. SS$_ACCVIO Access violation on parameter. SS$_BADPARAM Bad parameter value specified. SS$_CLEARED Remote association closed the link before it was accepted. SS$_EXQUOTA Exceeded BYTCNT/BYTLM. SS$_INSFARG Too few arguments supplied. SS$_INSFMEM Not enough system resources or process virtual memory available. SS$_IVMODE Attempted to accept a connection from a more privileged access mode than the requested association. SS$_IVCHAN Connection not found or Invalid connection handle. SS$_LINKDISCON The connection is valid, but the physical link has started to disconnect. SS$_TOO_MANY_ARGS Too many arguments specified. SS$_WRONGSTATE Connection is in the wrong state for the request.
| Previous | Next | Contents | Index |
|
|
| privacy and legal statement | ||
| 4527PRO_070.HTML | ||