407 lines
10 KiB
HTML
407 lines
10 KiB
HTML
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||
|
<html>
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
||
|
<meta name="Copyright" content="Copyright (c) 2006 by IBM Corporation">
|
||
|
<title>Get Profile Handle No Password (QsyGetProfileHandleNoPwd) API</title>
|
||
|
<!-- Begin Header Records ========================================== -->
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<!-- Sec SCRIPT A converted by B2H R4.1 (346) (CMS) by V2KEA304 -->
|
||
|
<!-- at RCHVMW2 on 17 Feb 1999 at 11:05:09 -->
|
||
|
<!-- Change History: -->
|
||
|
<!-- YYMMDD USERID Change description -->
|
||
|
<!-- File created for V5R3 by Therese Dalton -->
|
||
|
<!-- 021015 JETAYLOR html and formatting cleanup -->
|
||
|
<!-- End Header Records -->
|
||
|
<link rel="stylesheet" type="text/css" href="../rzahg/ic.css">
|
||
|
</head>
|
||
|
<body>
|
||
|
<a name="Top_Of_Page"></a>
|
||
|
<!-- Java sync-link -->
|
||
|
<script language="Javascript" src="../rzahg/synch.js" type="text/javascript">
|
||
|
</script>
|
||
|
|
||
|
|
||
|
<h2>Get Profile Handle No Password (QsyGetProfileHandleNoPwd) API</h2>
|
||
|
|
||
|
<p><img src="delta.gif" alt="Start of change"></p>
|
||
|
|
||
|
<div class="box" style="width: 70%;">
|
||
|
<br>
|
||
|
Syntax for QsyGetProfileHandleNoPwd:<br>
|
||
|
<pre>
|
||
|
#include <qsyphandle.h>
|
||
|
|
||
|
void QsyGetProfileHandleNoPwd
|
||
|
(unsigned char *<em>Profile_handle</em>,
|
||
|
char *<em>User_ID</em>,
|
||
|
char *<em>Password_value</em>,
|
||
|
void *<em>Error_code</em>);
|
||
|
|
||
|
</pre>
|
||
|
Service Program: QSYPHANDLE<br>
|
||
|
<!-- iddvc RMBR -->
|
||
|
<br>
|
||
|
Default Public Authority: *USE<br>
|
||
|
<!-- iddvc RMBR -->
|
||
|
<br>
|
||
|
Threadsafe: Yes<br>
|
||
|
<!-- iddvc RMBR -->
|
||
|
<br>
|
||
|
</div>
|
||
|
<p><img src="deltaend.gif" alt="End of change"></p>
|
||
|
|
||
|
<p>The Get Profile Handle No Password (QsyGetProfileHandleNoPwd) API validates
|
||
|
user IDs and creates a profile handle, for use in jobs that run under more
|
||
|
than one user profile. The profile handle is temporary; you can use it only in
|
||
|
the job that created it.</p>
|
||
|
<p>This API requires a special value to be specified for the password value
|
||
|
parameter. If you
|
||
|
need to validate a user password, see the Get Profile Handle
|
||
|
(QsyGetProfileHandle) API.</p>
|
||
|
|
||
|
<p>The Get Profile Handle No Password API follows this process:</p>
|
||
|
|
||
|
<ul>
|
||
|
<li>Verifies that the user ID and password value are correct. Incorrect password
|
||
|
values and special cases are handled as follows:
|
||
|
<br>
|
||
|
<br>
|
||
|
|
||
|
<ul>
|
||
|
|
||
|
<li>To obtain a profile handle for a profile that does not have a password,
|
||
|
specify *NOPWD, *NOPWDCHK or *NOPWDSTS for the password parameter.
|
||
|
<p>
|
||
|
You cannot obtain a
|
||
|
profile handle for the following system-supplied user profiles: </p>
|
||
|
|
||
|
<pre>
|
||
|
QAUTPROF QDLFM QMSF QSNADS QTSTRQS
|
||
|
QCLUMGT QDOC QNETSPLF QSPL
|
||
|
QCOLSRV QDSNX QNFSANON QSPLJOB
|
||
|
QDBSHR QFNC QNTP QSRVAGT
|
||
|
QDBSHRDO QGATE QPEX QSYS
|
||
|
QDFTOWN QLPAUTO QPM400 QTCP
|
||
|
QDIRSRV QLPINSTALL QRJE QTFTP
|
||
|
</pre>
|
||
|
|
||
|
</li>
|
||
|
|
||
|
|
||
|
<li>
|
||
|
To obtain a profile handle for a profile that is disabled,
|
||
|
specify *NOPWDCHK for the password parameter.
|
||
|
<br>
|
||
|
<br>
|
||
|
</li>
|
||
|
|
||
|
<li>
|
||
|
To obtain a profile handle when the password is expired,
|
||
|
specify *NOPWDCHK or *NOPWDSTS for the password parameter.
|
||
|
<br>
|
||
|
<br>
|
||
|
</li>
|
||
|
|
||
|
</ul>
|
||
|
</li>
|
||
|
|
||
|
<li>Generates the profile handle, a 12-character random string designating the
|
||
|
user's authorities. This string, not the user's password, supplies the Set
|
||
|
Profile Handle (QWTSETP, QsySetProfileHandle) and the Release Profile Handle
|
||
|
(QSYRLSPH, QsyReleaseHandle) APIs.
|
||
|
|
||
|
<p>The maximum number of profile handles that can be created is approximately
|
||
|
20,000 per job;
|
||
|
after that, the space to store them is full. Message CPF22E6 is sent to
|
||
|
the application, and Get Profile Handle stops generating profile handles.</p>
|
||
|
|
||
|
<p>Be sure to keep track of the profile handles created in the calling
|
||
|
application. If the application calls Get Profile Handle twice with the same
|
||
|
user profile and password, Get Profile Handle returns two different profile
|
||
|
handles. Either handle can be used, but generating and using just one is more
|
||
|
efficient.</p>
|
||
|
</li>
|
||
|
|
||
|
<li>Updates the last-used date for the user and group profiles.<br>
|
||
|
<br>
|
||
|
</li>
|
||
|
|
||
|
<li>Resets the signon attempts not valid count to zero.<br>
|
||
|
<br>
|
||
|
</li>
|
||
|
|
||
|
<li>If security-related events are being audited, adds an entry to the QAUDJRN
|
||
|
audit journal to indicate that a profile handle is created.<br>
|
||
|
<br>
|
||
|
</li>
|
||
|
</ul>
|
||
|
|
||
|
<br>
|
||
|
|
||
|
|
||
|
<h3>Authorities and Locks</h3>
|
||
|
|
||
|
<dl>
|
||
|
<dt><em>API Public Authority</em></dt>
|
||
|
|
||
|
<dd>*USE</dd>
|
||
|
|
||
|
<dt><em>User profile authority</em></dt>
|
||
|
|
||
|
<dd>*USE</dd>
|
||
|
|
||
|
<dt><em>User Profile Lock</em></dt>
|
||
|
|
||
|
<dd>*LSRD</dd>
|
||
|
</dl>
|
||
|
|
||
|
|
||
|
<br>
|
||
|
|
||
|
<br>
|
||
|
|
||
|
|
||
|
<h3>Required Parameter Group</h3>
|
||
|
|
||
|
<dl>
|
||
|
<dt><strong>Profile handle</strong></dt>
|
||
|
|
||
|
<dd>OUTPUT; CHAR(12)
|
||
|
|
||
|
<p>A unique string or handle designating the user profile to use as input to
|
||
|
other routines. The handle is temporary; you can use it only in the job that
|
||
|
created it.</p>
|
||
|
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>User ID</strong></dt>
|
||
|
|
||
|
<dd>INPUT; CHAR(10)
|
||
|
|
||
|
<p>The user ID of the profile for which the handle is being created.
|
||
|
A user ID must be a 10 character,
|
||
|
blank padded value in CCSID 37.</p>
|
||
|
|
||
|
<p>You can specify the following special value:</p>
|
||
|
|
||
|
<table cellpadding="5">
|
||
|
<!-- cols="15 85" -->
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>*CURRENT</em></td>
|
||
|
<td align="left" valign="top">A handle is generated with the current thread
|
||
|
information.
|
||
|
</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<br>
|
||
|
<br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Password value</strong></dt>
|
||
|
|
||
|
<dd>INPUT; CHAR(10)
|
||
|
|
||
|
<p>The password value for the user ID.</p>
|
||
|
<p>
|
||
|
Only special values are allowed for this parameter.
|
||
|
A special value must be a 10 character,
|
||
|
blank padded value in CCSID 37.
|
||
|
</p>
|
||
|
|
||
|
|
||
|
|
||
|
<p>
|
||
|
You must specify one of the following special values:</p>
|
||
|
|
||
|
<table cellpadding="5">
|
||
|
<!-- cols="15 85" -->
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>*NOPWD</em></td>
|
||
|
<td align="left" valign="top">
|
||
|
The user requesting the profile
|
||
|
handle must have *USE authority to the user profile.
|
||
|
|
||
|
<p>
|
||
|
A profile handle does not get created for a disabled user profile.
|
||
|
</p>
|
||
|
<p>
|
||
|
A profile handle does not get created for a user profile with an expired password.
|
||
|
</p>
|
||
|
</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>*NOPWDCHK</em></td>
|
||
|
<td align="left" valign="top">
|
||
|
The user requesting the profile
|
||
|
handle must have *USE authority to the user profile.
|
||
|
|
||
|
<p>
|
||
|
If the profile is disabled,
|
||
|
the user requesting the profile
|
||
|
handle must have *ALLOBJ and
|
||
|
*SECADM special authorities
|
||
|
to get a handle.</p>
|
||
|
<p>
|
||
|
If the password is expired,
|
||
|
the user requesting the profile
|
||
|
handle must have *ALLOBJ and
|
||
|
*SECADM special authorities
|
||
|
to get a handle.
|
||
|
</p>
|
||
|
</td>
|
||
|
</tr>
|
||
|
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>
|
||
|
*NOPWDSTS
|
||
|
</em></td>
|
||
|
<td align="left" valign="top">
|
||
|
The user requesting the profile
|
||
|
handle must have *USE authority to the user profile.
|
||
|
<p>
|
||
|
A profile handle does not get created for a disabled user profile.
|
||
|
</p>
|
||
|
|
||
|
<p>
|
||
|
If the password is expired,
|
||
|
the user requesting the profile
|
||
|
handle must have *ALLOBJ and
|
||
|
*SECADM special authorities
|
||
|
to get a handle.
|
||
|
</p>
|
||
|
</td>
|
||
|
</tr>
|
||
|
|
||
|
</table>
|
||
|
|
||
|
<br>
|
||
|
</dd>
|
||
|
|
||
|
<dt><strong>Error code</strong></dt>
|
||
|
|
||
|
<dd>I/O; CHAR(*)
|
||
|
|
||
|
<p>The structure in which to return error information. For the format of the
|
||
|
structure, see <a href="../apiref/error.htm#hdrerrcod">Error Code Parameter</a>.</p>
|
||
|
</dd>
|
||
|
</dl>
|
||
|
|
||
|
<br>
|
||
|
|
||
|
|
||
|
<h3>Usage Notes</h3>
|
||
|
|
||
|
<p> Profile handles are a limited resource. It is possible to run out.
|
||
|
Therefore, to guarantee that you will always have a profile handle to switch
|
||
|
back to, it is recommended that you get a profile handle for both the current
|
||
|
thread and the user profile you plan to switch to. If for some reason you cannot do
|
||
|
this, and if you cannot get a profile handle that will allow you to switch back
|
||
|
then it is probably safest to just end the thread or job.</p>
|
||
|
|
||
|
<br>
|
||
|
|
||
|
|
||
|
<h3>Error Messages</h3>
|
||
|
|
||
|
<table cellpadding="5">
|
||
|
<!-- cols="15 85" -->
|
||
|
<tr>
|
||
|
<th align="left" valign="top">Message ID</th>
|
||
|
<th align="left" valign="top">Error Message Text</th>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF2203 E</td>
|
||
|
<td align="left" valign="top">User profile &1 not correct.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF2204 E</td>
|
||
|
<td align="left" valign="top">User profile &1 not found.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF2213 E</td>
|
||
|
<td align="left" valign="top">Not able to allocate user profile &1.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF2225 E</td>
|
||
|
<td align="left" valign="top">Not able to allocate internal system object.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF22E3 E</td>
|
||
|
<td align="left" valign="top">User profile &1 is disabled.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF22E4 E</td>
|
||
|
<td align="left" valign="top">Password for user profile &1 has
|
||
|
expired.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF22E6 E</td>
|
||
|
<td align="left" valign="top">Maximum number of profile handles have been
|
||
|
generated.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF22E9 E</td>
|
||
|
<td align="left" valign="top">*USE authority to user profile &1
|
||
|
required.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF3C90 E</td>
|
||
|
<td align="left" valign="top">Literal value cannot be changed.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF3C3C E</td>
|
||
|
<td align="left" valign="top">Value for parameter &1 not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF3CF1 E</td>
|
||
|
<td align="left" valign="top">Error code parameter not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF4AB8 E</td>
|
||
|
<td align="left" valign="top">Insufficient authority for user profile &1.
|
||
|
</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top">CPF9872 E</td>
|
||
|
<td align="left" valign="top">Program or service program &1 in library
|
||
|
&2 ended. Reason code &3.</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
<br>
|
||
|
<br>
|
||
|
<hr>
|
||
|
API introduced: V5R3
|
||
|
|
||
|
<hr>
|
||
|
<center>
|
||
|
<table cellpadding="2" cellspacing="2">
|
||
|
<tr align="center">
|
||
|
<td valign="middle" align="center"><a href="#Top_Of_Page">Top</a> | <a href=
|
||
|
"sec.htm">Security APIs</a> | <a href="aplist.htm">APIs by category</a></td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
</center>
|
||
|
</body>
|
||
|
</html>
|
||
|
|