ibm-information-center/dist/eclipse/plugins/i5OS.ic.apis_5.4.0.1/eimgettargetcredsfromsource.htm

810 lines
29 KiB
HTML
Raw Permalink Normal View History

2024-04-02 14:02:31 +00:00
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Copyright" content="Copyright (c) 2006 by IBM Corporation">
<title>eimGetTargetCredsFromSource()--Get EIM Target Identities and Credentials
from the Source</title>
<!-- Begin header records -->
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<!-- Change History: -->
<!-- YYMMDD USERID Change description -->
<!-- New for V5R4 -->
<!-- End Header Records -->
<link rel="stylesheet" type="text/css" href="../rzahg/ic.css">
</head>
<body>
<!--Java sync-link-->
<script type="text/javascript" language="javascript" src="../rzahg/synch.js">
</script>
<a name="Top_Of_Page"></a>
<!-- ============================================================== -->
<!-- -->
<!-- -->
<!-- ============================================================== -->
<h2><img src="delta.gif" alt="Start of change">eimGetTargetCredsFromSource() --Get
EIM Target Identities and Credentials from the Source</h2>
<!-- ============================================================== -->
<!-- -->
<!-- S Y N T A X / P A R M T A B L E -->
<!-- -->
<!-- ============================================================== -->
<div class="box" style="width: 80%;">
<br>
&nbsp;&nbsp;Syntax
<pre>
#include &lt;eim.h&gt;
int eimGetTargetCredsFromSource(EimHandle * <em>eim</em>,
char * <em>sourceRegistryName</em>,
char * <em>sourceRegistryUserName</em>,
char * <em>targetRegistryName</em>,
char * <em>additionalInformation</em>,
unsigned int <em>lengthOfListData</em>,
EimList * <em>listData</em>,
EimRC * <em>eimrc</em>)
</pre>
&nbsp;&nbsp;Service Program Name: QSYS/QSYEIM&nbsp;&nbsp;<br>
<!-- iddvc RMBR -->
<br>
&nbsp;&nbsp;Default Public Authority: *USE<br>
<!-- iddvc RMBR -->
<br>
&nbsp;&nbsp;Threadsafe: Yes<br>
<!-- iddvc RMBR -->
<br>
</div>
<!-- ============================================================== -->
<!-- -->
<!-- D E S C R I P T I O N -->
<!-- -->
<!-- ============================================================== -->
<p>The <strong>eimGetTargetCredsFromSource()</strong> function gets the target
identity(ies) and credentials associated with the source identity as defined
by source registry
name and source registry user. This is known as a mapping lookup operation --
from the known source information return the user for this target registry.</p>
<p>
EIM version 3 must be supported by the local EIM APIs to use this API
(see <a href="eimgetversion.htm">eimGetVersion()</a>--Get EIM Version).
</p>
<p>
See <a href="eimmappinglookup.htm">EIM Mapping Lookup Algorithm</a>
for the steps involved in a mapping lookup operation.
</p>
<br>
<!-- ============================================================== -->
<!-- -->
<!-- A U T H O R I T I E S A N D L O C K S -->
<!-- -->
<!-- ============================================================== -->
<h3>Authorities and Locks</h3>
<dl>
<dt><em>EIM Data</em></dt>
<dd>Access to EIM data is controlled by EIM access groups. LDAP administrators
also have access to EIM data. The access groups whose members have authority to
the mapping lookup data for this API follow:
<ul>
<li>EIM Administrator</li>
<li>EIM Registries Administrator</li>
<li>EIM Identifiers Administrator</li>
<li>EIM Mapping Lookup</li>
<li>EIM authority to an individual registry</li>
</ul>
<p>The list returned contains only the information that the user has authority
to access.</p>
<p>The credential information for the target identity is considered security
sensitive data. Access to this data is more strictly controlled.
The access groups whose members have authority to
the credential information for the target identity follow:</p>
<ul>
<li>EIM Administrator</li>
<li>EIM Credential Data</li>
<li>EIM authority to an individual registry</li>
</ul>
<p>Note that the EIM Credential Data access group does not have access to the
mapping lookup data. If a user is a member of the EIM Credential Data
access group, then the
user must also be a member of one of the access groups that has access to
the mapping lookup data.</p>
</dd>
</dl>
<br>
<!-- ============================================================== -->
<!-- -->
<!-- P A R A M E T E R S -->
<!-- -->
<!-- ============================================================== -->
<h3>Parameters</h3>
<dl><!-- ============================================================== -->
<!-- eim -->
<!-- ============================================================== -->
<dt><strong>eim</strong>&nbsp;&nbsp;(Input)</dt>
<dd>The EIM handle returned by a previous call to eimCreateHandle(). A valid
connection is required for this function.<br>
<br>
</dd>
<!-- ============================================================== -->
<!-- sourceRegistryName -->
<!-- ============================================================== -->
<dt><strong>sourceRegistryName</strong>&nbsp;&nbsp;(Input)</dt>
<dd>The source registry for this lookup operation.<br>
<br>
</dd>
<!-- ============================================================== -->
<!-- sourceRegistryUserName -->
<!-- ============================================================== -->
<dt><strong>sourceRegistryUserName</strong>&nbsp;&nbsp;(Input)</dt>
<dd>The source user name for this lookup operation.<br>
<br>
</dd>
<!-- ============================================================== -->
<!-- targetRegistryName -->
<!-- ============================================================== -->
<dt><strong>targetRegistryName</strong>&nbsp;&nbsp;(Input)</dt>
<dd>The target registry for this lookup operation.
A NULL parameter indicates that the <samp>localRegistry</samp>
set by the eimSetConfiguration() API or the
eimSetConfigurationExt() API should be used.
<br>
<br>
</dd>
<!-- ============================================================== -->
<!-- additionalInfo -->
<!-- ============================================================== -->
<dt><strong>additionalInfo</strong>&nbsp;&nbsp;(Input)</dt>
<dd>Additional information that will be used as selection criteria for this
operation. This may be NULL. This filter data may contain the wild card
char(*).<br>
<br>
</dd>
<!-- ============================================================== -->
<!-- lengthOfListData -->
<!-- ============================================================== -->
<dt><strong>lengthOfListData</strong>&nbsp;&nbsp;(Input)</dt>
<dd>The number of bytes provided by the caller for the <em>listData</em>
parameter. The minimum size required is 20 bytes</dd>
<dd><br>
<br>
<!-- ============================================================== -->
<!-- listData -->
<!-- ============================================================== -->
</dd>
<dt><strong>listData</strong>&nbsp;&nbsp;(Output)</dt>
<dd>A pointer to the EimList structure.
<p>The EimList structure contains information about the returned data. The API
will return as much data as space has been provided. The data returned is a
linked list of EimTargetIdentity structures. firstEntry is used to get to the
first EimTargetIdentity structure in the linked list. Each EimTargetIdentity
entry contains a user name returned by this lookup operation.</p>
<!-- ============================================================== -->
<!-- -->
<!-- EimList -->
<!-- ============================================================== -->
<p>EimList structure:</p>
<pre>
typedef struct EimList
{
unsigned int bytesReturned; /* Number of bytes actually returned
by the API */
unsigned int bytesAvailable; /* Number of bytes of available data
that could have been returned by
the API */
unsigned int entriesReturned; /* Number of entries actually
returned by the API */
unsigned int entriesAvailable; /* Number of entries available to be
returned by the API */
unsigned int firstEntry; /* Displacement to the first linked
list entry. This byte offset is
relative to the start of the
EimList structure. */
} EimList;
</pre>
<!-- ============================================================== -->
<!-- EimTargetIdentity -->
<!-- ============================================================== -->
<p>EimTargetIdentity structure:</p>
<pre>
typedef struct EimTargetIdentity
{
unsigned int nextEntry; /* Displacement to next entry. This
byte offset is relative to the
start of this structure */
EimListData userName; /* User name */
enum EimAssociationType type; /* Association type */
EimListData sourceGroupRegistry;/* Source group registry name */
EimListData targetGroupRegistry;/* Target group registry name */
EimSubList credentialInfo; /* EimCredentialInfo sublist */
} EimTargetIdentity;
</pre>
<p>
The <em>sourceGroupRegistry</em> will be returned if the target identity
was found using a source association to a group registry. The
<em>targetGroupRegistry</em> will be returned if the target identity
was found using a target association to a group registry.</p>
<p>
Target identities may have several types of credentials. In the
EimTargetIdentity structure, credentialInfo gives addressability to the first
EimCredentialInfo structure that contains a linked list of credentials.
</p>
<p>
If there is credential information for the target identity, but the caller
is not authorized to access the credential information or the
credential data is not enabled, the
EimCredentialInfo structure will be returned with the <em>type</em> and
<em>status</em> fields filled in. The <em>data</em> field will not be
returned (<em>length</em> and <em>disp</em> will be 0). If there is no
credential information, the EimCredentialInfo structure will not be
returned in the <em>credentialInfo</em> sublist.
</p>
<!-- ============================================================== -->
<!-- EimCredentialInfo -->
<!-- ============================================================== -->
<p>EimCredentialInfo structure:</p>
<pre>
typedef struct EimCredentialInfo
{
unsigned int nextEntry; /* Displacement to next entry. This
byte offset is relative to the
start of this structure. */
enum EimCredentialType type; /* Credential type */
enum EimStatus status; /* Credential status
0 = not enabled
1 = enabled */
EimListData data; /* Credential data */
} EimCredentialInfo;
</pre>
<!-- ============================================================== -->
<!-- EimSubList -->
<!-- ============================================================== -->
<p>EimSubList structure:</p>
<pre>
typedef struct EimSubList
{
unsigned int listNum; /* Number of entries in the list */
unsigned int disp; /* Displacement to sublist. This
byte offset is relative to the
start of the parent structure;
that is, the structure containing
this structure. */
} EimSubList;
</pre>
<!-- ============================================================== -->
<!-- EimListData -->
<!-- ============================================================== -->
<p>EimListData structure:</p>
<pre>
typedef struct EimListData
{
unsigned int length; /* Length of data */
unsigned int disp; /* Displacement to data. This byte
offset is relative to the start of
the parent structure; that is, the
structure containing this
structure. */
} EimListData;
</pre>
</dd>
<!-- ============================================================== -->
<!-- eimrc -->
<!-- ============================================================== -->
<dt><strong>eimrc</strong>&nbsp;&nbsp;(Input/Output)</dt>
<dd>The structure in which to return error code information. If the return
value is not 0, eimrc is set with additional information. This parameter may be
NULL. For the format of the structure, see <a href="eimrc.htm">EimRC--EIM
Return Code Parameter</a>.</dd>
<dd><br>
<br>
</dd>
</dl>
<br>
<!-- ============================================================== -->
<!-- -->
<!-- R E T U R N V A L U E -->
<!-- -->
<!-- ============================================================== -->
<h3>Return Value</h3>
<p>The return value from the API. Following each return value is the list of
possible values for the <samp>messageCatalogMessageID</samp> field in the
<em>eimrc</em> parameter for that value.</p>
<dl><!-- ============================================================== -->
<!-- 0 -->
<!-- ============================================================== -->
<dt><strong>0</strong></dt>
<dd>Request was successful.<br>
<br>
</dd>
<!-- ============================================================== -->
<!-- EACCES -->
<!-- ============================================================== -->
<dt><strong>EACCES</strong></dt>
<dd>Access denied. Not enough permissions to access data.<br>
<br>
<table cellpadding="5">
<tr>
<td align="left" valign="top"><em>EIMERR_ACCESS (1)</em></td>
<td align="left" valign="top">Insufficient access to EIM data.</td>
</tr>
</table>
<br>
</dd>
<!-- ============================================================== -->
<!-- EBADDATA -->
<!-- ============================================================== -->
<dt><strong>EBADDATA</strong></dt>
<dd>eimrc is not valid.<br>
<br>
</dd>
<!-- ============================================================== -->
<!-- EBADNAME -->
<!-- ============================================================== -->
<dt><strong>EBADNAME</strong></dt>
<dd>Registry not found or insufficient access to EIM data.<br>
<br>
<table cellpadding="5">
<tr>
<td align="left" valign="top"><em>EIMERR_NOREG (28)</em></td>
<td align="left" valign="top">EIM Registry not found or insufficient access to
EIM data.</td>
</tr>
</table>
<br>
</dd>
<!-- ============================================================== -->
<!-- EBUSY -->
<!-- ============================================================== -->
<dt><strong>EBUSY</strong></dt>
<dd>Unable to allocate internal system object.<br>
<br>
<table cellpadding="5">
<tr>
<td align="left" valign="top"><em>EIMERR_NOLOCK (26)</em></td>
<td align="left" valign="top">Unable to allocate internal system object.</td>
</tr>
</table>
<br>
</dd>
<!-- ============================================================== -->
<!-- ECONVERT -->
<!-- ============================================================== -->
<dt><strong>ECONVERT</strong></dt>
<dd>Data conversion error.<br>
<br>
<table cellpadding="5">
<tr>
<td align="left" valign="top"><em>EIMERR_DATA_CONVERSION (13)</em></td>
<td align="left" valign="top">Error occurred when converting data between code
pages.</td>
</tr>
</table>
<br>
</dd>
<!-- ============================================================== -->
<!-- EINVAL -->
<!-- ============================================================== -->
<dt><strong>EINVAL</strong></dt>
<dd>Input parameter was not valid.<br>
<br>
<table cellpadding="5">
<tr>
<td align="left" valign="top"><em>EIMERR_EIMLIST_SIZE (16)</em></td>
<td align="left" valign="top">Length of EimList is not valid. EimList must be
at least 20 bytes in length.</td>
</tr>
<tr>
<td align="left" valign="top"><em>EIMERR_HANDLE_INVAL (17)</em></td>
<td align="left" valign="top">EimHandle is not valid.</td>
</tr>
<tr>
<td align="left" valign="top"><em>EIMERR_PARM_REQ (34)</em></td>
<td align="left" valign="top">Missing required parameter. Please check API
documentation.</td>
</tr>
<tr>
<td align="left" valign="top"><em>EIMERR_PTR_INVAL (35)</em></td>
<td align="left" valign="top">Pointer parameter is not valid.</td>
</tr>
<tr>
<td align="left" valign="top"><em>EIMERR_SPACE (41)</em></td>
<td align="left" valign="top">Unexpected error accessing parameter.</td>
</tr>
<tr>
<td align="left" valign="top"><em>EIMERR_FUNCTION_NOT_SUPPORTED (70)</em></td>
<td align="left" valign="top">The specified function is not supported
by the EIM version.</td>
</tr>
</table>
<br>
</dd>
<!-- ============================================================== -->
<!-- ENOMEM -->
<!-- ============================================================== -->
<dt><strong>ENOMEM</strong></dt>
<dd>Unable to allocate required space.<br>
<br>
<table cellpadding="5">
<tr>
<td align="left" valign="top"><em>EIMERR_NOMEM (27)</em></td>
<td align="left" valign="top">No memory available. Unable to allocate required
space.</td>
</tr>
</table>
<br>
</dd>
<!-- ============================================================== -->
<!-- ENOTCONN -->
<!-- ============================================================== -->
<dt><strong>ENOTCONN</strong></dt>
<dd>LDAP connection has not been made.<br>
<br>
<table cellpadding="5">
<tr>
<td align="left" valign="top"><em>EIMERR_NOT_CONN (31)</em></td>
<td align="left" valign="top">Not connected to LDAP. Use eimConnect() API and
try the request again.</td>
</tr>
</table>
<br>
</dd>
<!-- ============================================================== -->
<!-- EUNKNOWN -->
<!-- ============================================================== -->
<dt><strong>EUNKNOWN</strong></dt>
<dd>Unexpected exception.<br>
<br>
<table cellpadding="5">
<tr>
<td align="left" valign="top"><em>EIMERR_LDAP_ERR (23)</em></td>
<td align="left" valign="top">Unexpected LDAP error. %s</td>
</tr>
<tr>
<td align="left" valign="top"><em>EIMERR_UNEXP_OBJ_VIOLATION (56)</em></td>
<td align="left" valign="top">Unexpected object violation.</td>
</tr>
<tr>
<td align="left" valign="top"><em>EIMERR_UNKNOWN (44)</em></td>
<td align="left" valign="top">Unknown error or unknown system state.</td>
</tr>
</table>
</dd>
</dl>
<br>
<!-- ============================================================== -->
<!-- -->
<!-- U S A G E N O T E S -->
<!-- -->
<!-- ============================================================== -->
<!-- ============================================================== -->
<!-- -->
<!-- R E L A T E D I N F O R M A T I O N -->
<!-- -->
<!-- ============================================================== -->
<h3>Related Information</h3>
<ul>
<li><a href="eimgettgtcredsfromidentifier.htm">eimGetTgtCredsFromIdentifier()</a>
--Get EIM Target Identities and Credentials from the Identifier<br>
<br>
</li>
</ul>
<br>
<!-- ============================================================== -->
<!-- -->
<!-- E X A M P L E -->
<!-- -->
<!-- ============================================================== -->
<h3>Example</h3>
<p>See <a href="../apiref/aboutapis.htm#codedisclaimer">Code disclaimer information</a>
for information pertaining to code examples.</p>
<p>The following example will get the list of users and credentials in the
target registry, MyRegistry,
that are associated with the source information.</p>
<pre>
#include &lt;eim.h&gt;
#include &lt;stddef.h&gt;
#include &lt;stdio.h&gt;
#include &lt;stdlib.h&gt;
void printListResults(EimList * list);
void printListData(char * fieldName,
void * entry,
int offset);
void printAssociationType(int type);
void printCredSubListData(char * fieldName,
void * entry,
int offset);
int main(int argc, char *argv[])
{
int rc;
char eimerr[100];
EimRC * err;
EimHandle * handle;
char listData[1000];
EimList * list = (EimList * ) listData;
<em>/* Get eim handle from input arg. */</em>
<em>/* This handle is already connected to EIM. */</em>
handle = (EimHandle *)argv[1];
<em>/* Set up error structure. */</em>
memset(eimerr,0x00,100);
err = (EimRC *)eimerr;
err-&gt;memoryProvidedByCaller = 100;
<em>/* Get target identity */</em>
if (0 != (rc = eimGetTargetCredsFromSource(handle,
"kerberosRegistry",
"mjjones",
"MyRegistry",
NULL,
1000,
list,
err)))
{
printf("Get target credentials from source error = %d", rc);
return -1;
}
<em>/* Print the results */</em>
printListResults(list);
return 0;
}
void printListResults(EimList * list)
{
int i;
EimTargetIdentity * entry;
printf("___________\n");
printf(" bytesReturned = %d\n", list-&gt;bytesReturned);
printf(" bytesAvailable = %d\n", list-&gt;bytesAvailable);
printf(" entriesReturned = %d\n", list-&gt;entriesReturned);
printf(" entriesAvailable = %d\n", list-&gt;entriesAvailable);
printf("\n");
entry = (EimTargetIdentity *)((char *)list + list-&gt;firstEntry);
for (i = 0; i &lt; list-&gt;entriesReturned; i++)
{
printf("\n");
printf("===============\n");
printf("Entry %d.\n", i);
<em>/* Print out results */</em>
printListData("target user",
entry,
offsetof(EimTargetIdentity, userName));
printAssociationType(entry-&gt;type);
printListData("source group registry",
entry,
offsetof(EimTargetIdentity, sourceGroupRegistry));
printListData("target group registry",
entry,
offsetof(EimTargetIdentity, targetGroupRegistry));
printCredSubListData("credential information",
entry,
offsetof(EimTargetIdentity, credentialInfo));
<em>/* advance to next entry */</em>
entry = (EimTargetIdentity *)((char *)entry + entry-&gt;nextEntry);
}
printf("\n");
}
void printListData(char * fieldName,
void * entry,
int offset)
{
EimListData * listData;
char * data;
int dataLength;
printf(" %s = ",fieldName);
<em>/* Address the EimListData object */</em>
listData = (EimListData *)((char *)entry + offset);
<em>/* Print out results */</em>
data = (char *)entry + listData-&gt;disp;
dataLength = listData-&gt;length;
if (dataLength &gt; 0)
printf("%.*s\n",dataLength, data);
else
printf("Not found.\n");
}
void printAssociationType(int type)
{
switch(type)
{
case EIM_TARGET:
printf(" Target Association.\n");
break;
case EIM_CERT_FILTER_POLICY:
printf(" Certificate Filter Policy Association.\n");
break;
case EIM_DEFAULT_REG_POLICY:
printf(" Default Registry Policy Association.\n");
break;
case EIM_DEFAULT_DOMAIN_POLICY:
printf(" Default Domain Policy Association.\n");
break;
default:
printf("ERROR - unknown association type.\n");
break;
}
}
void printCredSubListData(char * fieldName,
void * entry,
int offset)
{
int i;
EimSubList * subList;
EimCredentialInfo * subentry;
<em>/* Address the EimSubList object */</em>
subList = (EimSubList *)((char *)entry + offset);
if (subList-&gt;listNum &gt; 0)
{
subentry = (EimCredentialInfo *)((char *)entry + subList-&gt;disp);
for (i = 0; i &lt; subList-&gt;listNum; i++)
{
<em>/* Print out results */</em>
printf(" Credential type = %d.\n",subentry->type);
printf(" Credential status = %d.\n",subentry->status);
<em>/* Credential data is not printed. */</em>
<em>/* advance to next entry */</em>
subentry = (EimCredentialInfo *)((char *)subentry +
subentry-&gt;nextEntry);
}
}
}
</pre>
<br>
<!-- ============================================================== -->
<!-- -->
<!-- F O O T E R -->
<!-- -->
<!-- ============================================================== -->
<img src="deltaend.gif" alt="End of change">
<hr>
API introduced: V5R4
<hr>
<center>
<table cellpadding="2" cellspacing="2">
<tr align="center">
<td valign="middle" align="center"><a href="#Top_Of_Page">Top</a> | <a href=
"sec.htm">Security APIs</a> | <a href="aplist.htm">APIs by category</a></td>
</tr>
</table>
</center>
</body>
</html>