ibm-information-center/dist/eclipse/plugins/i5OS.ic.apis_5.4.0.1/qsygetphnopwd.htm

407 lines
10 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Copyright" content="Copyright (c) 2006 by IBM Corporation">
<title>Get Profile Handle No Password (QsyGetProfileHandleNoPwd) API</title>
<!-- Begin Header Records ========================================== -->
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<!-- Sec SCRIPT A converted by B2H R4.1 (346) (CMS) by V2KEA304 -->
<!-- at RCHVMW2 on 17 Feb 1999 at 11:05:09 -->
<!-- Change History: -->
<!-- YYMMDD USERID Change description -->
<!-- File created for V5R3 by Therese Dalton -->
<!-- 021015 JETAYLOR html and formatting cleanup -->
<!-- End Header Records -->
<link rel="stylesheet" type="text/css" href="../rzahg/ic.css">
</head>
<body>
<a name="Top_Of_Page"></a>
<!-- Java sync-link -->
<script language="Javascript" src="../rzahg/synch.js" type="text/javascript">
</script>
<h2>Get Profile Handle No Password (QsyGetProfileHandleNoPwd) API</h2>
<p><img src="delta.gif" alt="Start of change"></p>
<div class="box" style="width: 70%;">
<br>
&nbsp;&nbsp;Syntax for QsyGetProfileHandleNoPwd:<br>
<pre>
#include &lt;qsyphandle.h&gt;
void QsyGetProfileHandleNoPwd
(unsigned char *<em>Profile_handle</em>,
char *<em>User_ID</em>,
char *<em>Password_value</em>,
void *<em>Error_code</em>);
</pre>
&nbsp;&nbsp;Service Program: QSYPHANDLE<br>
<!-- iddvc RMBR -->
<br>
&nbsp;&nbsp;Default Public Authority: *USE<br>
<!-- iddvc RMBR -->
<br>
&nbsp;&nbsp;Threadsafe: Yes<br>
<!-- iddvc RMBR -->
<br>
</div>
<p><img src="deltaend.gif" alt="End of change"></p>
<p>The Get Profile Handle No Password (QsyGetProfileHandleNoPwd) API validates
user IDs and creates a profile handle, for use in jobs that run under more
than one user profile. The profile handle is temporary; you can use it only in
the job that created it.</p>
<p>This API requires a special value to be specified for the password value
parameter. If you
need to validate a user password, see the Get Profile Handle
(QsyGetProfileHandle) API.</p>
<p>The Get Profile Handle No Password API follows this process:</p>
<ul>
<li>Verifies that the user ID and password value are correct. Incorrect password
values and special cases are handled as follows:
<br>
<br>
<ul>
<li>To obtain a profile handle for a profile that does not have a password,
specify *NOPWD, *NOPWDCHK or *NOPWDSTS for the password parameter.
<p>
You cannot obtain a
profile handle for the following system-supplied user profiles: </p>
<pre>
QAUTPROF QDLFM QMSF QSNADS QTSTRQS
QCLUMGT QDOC QNETSPLF QSPL
QCOLSRV QDSNX QNFSANON QSPLJOB
QDBSHR QFNC QNTP QSRVAGT
QDBSHRDO QGATE QPEX QSYS
QDFTOWN QLPAUTO QPM400 QTCP
QDIRSRV QLPINSTALL QRJE QTFTP
</pre>
</li>
<li>
To obtain a profile handle for a profile that is disabled,
specify *NOPWDCHK for the password parameter.
<br>
<br>
</li>
<li>
To obtain a profile handle when the password is expired,
specify *NOPWDCHK or *NOPWDSTS for the password parameter.
<br>
<br>
</li>
</ul>
</li>
<li>Generates the profile handle, a 12-character random string designating the
user's authorities. This string, not the user's password, supplies the Set
Profile Handle (QWTSETP, QsySetProfileHandle) and the Release Profile Handle
(QSYRLSPH, QsyReleaseHandle) APIs.
<p>The maximum number of profile handles that can be created is approximately
20,000 per job;
after that, the space to store them is full. Message CPF22E6 is sent to
the application, and Get Profile Handle stops generating profile handles.</p>
<p>Be sure to keep track of the profile handles created in the calling
application. If the application calls Get Profile Handle twice with the same
user profile and password, Get Profile Handle returns two different profile
handles. Either handle can be used, but generating and using just one is more
efficient.</p>
</li>
<li>Updates the last-used date for the user and group profiles.<br>
<br>
</li>
<li>Resets the signon attempts not valid count to zero.<br>
<br>
</li>
<li>If security-related events are being audited, adds an entry to the QAUDJRN
audit journal to indicate that a profile handle is created.<br>
<br>
</li>
</ul>
<br>
<h3>Authorities and Locks</h3>
<dl>
<dt><em>API Public Authority</em></dt>
<dd>*USE</dd>
<dt><em>User profile authority</em></dt>
<dd>*USE</dd>
<dt><em>User Profile Lock</em></dt>
<dd>*LSRD</dd>
</dl>
<br>
<br>
<h3>Required Parameter Group</h3>
<dl>
<dt><strong>Profile handle</strong></dt>
<dd>OUTPUT; CHAR(12)
<p>A unique string or handle designating the user profile to use as input to
other routines. The handle is temporary; you can use it only in the job that
created it.</p>
</dd>
<dt><strong>User ID</strong></dt>
<dd>INPUT; CHAR(10)
<p>The user ID of the profile for which the handle is being created.
A user ID must be a 10 character,
blank padded value in CCSID 37.</p>
<p>You can specify the following special value:</p>
<table cellpadding="5">
<!-- cols="15 85" -->
<tr>
<td align="left" valign="top"><em>*CURRENT</em></td>
<td align="left" valign="top">A handle is generated with the current thread
information.
</td>
</tr>
</table>
<br>
<br>
</dd>
<dt><strong>Password value</strong></dt>
<dd>INPUT; CHAR(10)
<p>The password value for the user ID.</p>
<p>
Only special values are allowed for this parameter.
A special value must be a 10 character,
blank padded value in CCSID 37.
</p>
<p>
You must specify one of the following special values:</p>
<table cellpadding="5">
<!-- cols="15 85" -->
<tr>
<td align="left" valign="top"><em>*NOPWD</em></td>
<td align="left" valign="top">
The user requesting the profile
handle must have *USE authority to the user profile.
<p>
A profile handle does not get created for a disabled user profile.
</p>
<p>
A profile handle does not get created for a user profile with an expired password.
</p>
</td>
</tr>
<tr>
<td align="left" valign="top"><em>*NOPWDCHK</em></td>
<td align="left" valign="top">
The user requesting the profile
handle must have *USE authority to the user profile.
<p>
If the profile is disabled,
the user requesting the profile
handle must have *ALLOBJ and
*SECADM special authorities
to get a handle.</p>
<p>
If the password is expired,
the user requesting the profile
handle must have *ALLOBJ and
*SECADM special authorities
to get a handle.
</p>
</td>
</tr>
<tr>
<td align="left" valign="top"><em>
*NOPWDSTS
</em></td>
<td align="left" valign="top">
The user requesting the profile
handle must have *USE authority to the user profile.
<p>
A profile handle does not get created for a disabled user profile.
</p>
<p>
If the password is expired,
the user requesting the profile
handle must have *ALLOBJ and
*SECADM special authorities
to get a handle.
</p>
</td>
</tr>
</table>
<br>
</dd>
<dt><strong>Error code</strong></dt>
<dd>I/O; CHAR(*)
<p>The structure in which to return error information. For the format of the
structure, see <a href="../apiref/error.htm#hdrerrcod">Error Code Parameter</a>.</p>
</dd>
</dl>
<br>
<h3>Usage Notes</h3>
<p> Profile handles are a limited resource. It is possible to run out.
Therefore, to guarantee that you will always have a profile handle to switch
back to, it is recommended that you get a profile handle for both the current
thread and the user profile you plan to switch to. If for some reason you cannot do
this, and if you cannot get a profile handle that will allow you to switch back
then it is probably safest to just end the thread or job.</p>
<br>
<h3>Error Messages</h3>
<table cellpadding="5">
<!-- cols="15 85" -->
<tr>
<th align="left" valign="top">Message ID</th>
<th align="left" valign="top">Error Message Text</th>
</tr>
<tr>
<td align="left" valign="top">CPF2203 E</td>
<td align="left" valign="top">User profile &amp;1 not correct.</td>
</tr>
<tr>
<td align="left" valign="top">CPF2204 E</td>
<td align="left" valign="top">User profile &amp;1 not found.</td>
</tr>
<tr>
<td align="left" valign="top">CPF2213 E</td>
<td align="left" valign="top">Not able to allocate user profile &amp;1.</td>
</tr>
<tr>
<td align="left" valign="top">CPF2225 E</td>
<td align="left" valign="top">Not able to allocate internal system object.</td>
</tr>
<tr>
<td align="left" valign="top">CPF22E3 E</td>
<td align="left" valign="top">User profile &amp;1 is disabled.</td>
</tr>
<tr>
<td align="left" valign="top">CPF22E4 E</td>
<td align="left" valign="top">Password for user profile &amp;1 has
expired.</td>
</tr>
<tr>
<td align="left" valign="top">CPF22E6 E</td>
<td align="left" valign="top">Maximum number of profile handles have been
generated.</td>
</tr>
<tr>
<td align="left" valign="top">CPF22E9 E</td>
<td align="left" valign="top">*USE authority to user profile &amp;1
required.</td>
</tr>
<tr>
<td align="left" valign="top">CPF3C90 E</td>
<td align="left" valign="top">Literal value cannot be changed.</td>
</tr>
<tr>
<td align="left" valign="top">CPF3C3C E</td>
<td align="left" valign="top">Value for parameter &amp;1 not valid.</td>
</tr>
<tr>
<td align="left" valign="top">CPF3CF1 E</td>
<td align="left" valign="top">Error code parameter not valid.</td>
</tr>
<tr>
<td align="left" valign="top">CPF4AB8 E</td>
<td align="left" valign="top">Insufficient authority for user profile &amp;1.
</td>
</tr>
<tr>
<td align="left" valign="top">CPF9872 E</td>
<td align="left" valign="top">Program or service program &amp;1 in library
&amp;2 ended. Reason code &amp;3.</td>
</tr>
</table>
<br>
<br>
<hr>
API introduced: V5R3
<hr>
<center>
<table cellpadding="2" cellspacing="2">
<tr align="center">
<td valign="middle" align="center"><a href="#Top_Of_Page">Top</a> | <a href=
"sec.htm">Security APIs</a> | <a href="aplist.htm">APIs by category</a></td>
</tr>
</table>
</center>
</body>
</html>