568 lines
18 KiB
HTML
568 lines
18 KiB
HTML
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||
|
<html>
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
||
|
<meta name="Copyright" content="Copyright (c) 2006 by IBM Corporation">
|
||
|
<title>eimQueryAccess()--Query EIM Access</title>
|
||
|
<!-- Begin header records -->
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<!-- Change History: -->
|
||
|
<!-- YYMMDD USERID Change description -->
|
||
|
<!-- Created by Therese Dalton on 17 July 2001 -->
|
||
|
<!-- Edited by Kersten Jan 02 -->
|
||
|
<!-- End Header Records -->
|
||
|
<link rel="stylesheet" type="text/css" href="../rzahg/ic.css">
|
||
|
</head>
|
||
|
<body>
|
||
|
<!--Java sync-link-->
|
||
|
<script type="text/javascript" language="javascript" src="../rzahg/synch.js">
|
||
|
</script>
|
||
|
|
||
|
<a name="Top_Of_Page"></a>
|
||
|
<!-- ============================================================== -->
|
||
|
<!-- -->
|
||
|
<!-- -->
|
||
|
<!-- ============================================================== -->
|
||
|
|
||
|
<h2> eimQueryAccess()--Query EIM
|
||
|
Access</h2>
|
||
|
|
||
|
<!-- ============================================================== -->
|
||
|
<!-- -->
|
||
|
<!-- S Y N T A X / P A R M T A B L E -->
|
||
|
<!-- -->
|
||
|
<!-- ============================================================== -->
|
||
|
<div class="box" style="width: 80%;">
|
||
|
<br>
|
||
|
Syntax
|
||
|
|
||
|
<pre>
|
||
|
#include <eim.h>
|
||
|
|
||
|
int eimQueryAccess(EimHandle * <em>eim</em>,
|
||
|
EimAccessUser * <em>accessUser</em>,
|
||
|
enum EimAccessType <em>accessType</em>,
|
||
|
char * <em>registryName</em>,
|
||
|
unsigned int * <em>accessIndicator</em>,
|
||
|
EimRC * <em>eimrc</em>)
|
||
|
|
||
|
</pre>
|
||
|
|
||
|
Service Program Name: QSYS/QSYEIM<br>
|
||
|
<!-- iddvc RMBR -->
|
||
|
<br>
|
||
|
Default Public Authority: *USE<br>
|
||
|
<!-- iddvc RMBR -->
|
||
|
<br>
|
||
|
Threadsafe: Yes<br>
|
||
|
<!-- iddvc RMBR -->
|
||
|
<br>
|
||
|
</div>
|
||
|
|
||
|
<!-- ============================================================== -->
|
||
|
<!-- -->
|
||
|
<!-- D E S C R I P T I O N -->
|
||
|
<!-- -->
|
||
|
<!-- ============================================================== -->
|
||
|
<p>The <strong>eimQueryAccess()</strong> function queries to see if the user
|
||
|
has the specified access.</p>
|
||
|
|
||
|
<br>
|
||
|
<!-- ============================================================== -->
|
||
|
<!-- -->
|
||
|
<!-- A U T H O R I T I E S A N D L O C K S -->
|
||
|
<!-- -->
|
||
|
<!-- ============================================================== -->
|
||
|
|
||
|
<h3>Authorities and Locks</h3>
|
||
|
|
||
|
<dl>
|
||
|
<dt><em>EIM Data</em></dt>
|
||
|
|
||
|
<dd>Access to EIM data is controlled by EIM access groups. LDAP administrators
|
||
|
also have access to EIM data. The access groups whose members have authority to
|
||
|
the EIM data for this API follow:
|
||
|
|
||
|
<ul>
|
||
|
<li>EIM Administrator</li>
|
||
|
</ul>
|
||
|
</dd>
|
||
|
</dl>
|
||
|
|
||
|
<br>
|
||
|
<!-- ============================================================== -->
|
||
|
<!-- -->
|
||
|
<!-- P A R A M E T E R S -->
|
||
|
<!-- -->
|
||
|
<!-- ============================================================== -->
|
||
|
|
||
|
<h3>Parameters</h3>
|
||
|
|
||
|
<dl><!-- ============================================================== -->
|
||
|
<!-- eim -->
|
||
|
<!-- ============================================================== -->
|
||
|
<dt><strong>eim</strong> (Input)</dt>
|
||
|
|
||
|
<dd>The EIM handle returned by a previous call to eimCreateHandle(). A valid
|
||
|
connection is required for this function.<br>
|
||
|
<br>
|
||
|
</dd>
|
||
|
|
||
|
<!-- ============================================================== -->
|
||
|
<!-- accessUser -->
|
||
|
<!-- ============================================================== -->
|
||
|
<dt><strong>accessUser</strong> (Input)</dt>
|
||
|
|
||
|
<dd>A structure that contains the user information for which to query
|
||
|
access.<br>
|
||
|
<br>
|
||
|
<table cellpadding="5">
|
||
|
<!-- cols="25 75" -->
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>EIM_ACCESS_LOCAL_USER</em></td>
|
||
|
<td align="left" valign="top">Indicates a local user name on the system that
|
||
|
the API is run. The local user name will be converted to the appropriate access
|
||
|
id for this system.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>EIM_ACCESS_KERBEROS</em></td>
|
||
|
<td align="left" valign="top">Indicates a kerberos principal. The kerberos
|
||
|
principal will be converted to the appropriate access id. For example,
|
||
|
petejones@therealm will be converted to ibm-kn=petejones@threalm.</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<p>The EimAccessUser structure layout follows:</p>
|
||
|
|
||
|
<pre>
|
||
|
enum EimAccessUserType {
|
||
|
EIM_ACCESS_DN,
|
||
|
EIM_ACCESS_KERBEROS,
|
||
|
EIM_ACCESS_LOCAL_USER
|
||
|
};
|
||
|
|
||
|
typedef struct EimAccessUser
|
||
|
{
|
||
|
union {
|
||
|
char * dn;
|
||
|
char * kerberosPrincipal;
|
||
|
char * localUser;
|
||
|
} user;
|
||
|
enum EimAccessUserType userType;
|
||
|
} EimAccessUser;
|
||
|
</pre>
|
||
|
</dd>
|
||
|
|
||
|
<!-- ============================================================== -->
|
||
|
<!-- accessType -->
|
||
|
<!-- ============================================================== -->
|
||
|
<dt><strong>accessType</strong> (Input)</dt>
|
||
|
|
||
|
<dd>The type of access to check. Valid values are:<br>
|
||
|
<br>
|
||
|
<table cellpadding="5">
|
||
|
<!-- cols="35 65" -->
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>EIM_ACCESS_ADMIN (0)</em></td>
|
||
|
<td align="left" valign="top">Administrative authority to the entire EIM
|
||
|
domain.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>EIM_ACCESS_REG_ADMIN (1)</em></td>
|
||
|
<td align="left" valign="top">Administrative authority to all registries in the
|
||
|
EIM domain.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>EIM_ACCESS_REGISTRY (2)</em></td>
|
||
|
<td align="left" valign="top">Administrative authority to the registry
|
||
|
specified in the <em>registryName</em> parameter.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top" nowrap><em>EIM_ACCESS_IDENTIFIER_ADMIN
|
||
|
(3)</em></td>
|
||
|
<td align="left" valign="top">Administrative authority to all of the
|
||
|
identifiers in the EIM domain.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>EIM_ACCESS_MAPPING_LOOKUP (4)</em></td>
|
||
|
<td align="left" valign="top">Authority to perform mapping lookup
|
||
|
operations.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em><img src="delta.gif" alt="Start of change">EIM_ACCESS_CREDENTIAL_DATA (5)</em></td>
|
||
|
<td align="left" valign="top">Authority to retrieve credential data.<img src="deltaend.gif" alt="End of change"></td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<br>
|
||
|
</dd>
|
||
|
|
||
|
<!-- ============================================================== -->
|
||
|
<!-- registryName -->
|
||
|
<!-- ============================================================== -->
|
||
|
<dt><strong>registryName</strong> (Input)</dt>
|
||
|
|
||
|
<dd>The name of the EIM registry for which to check access. This parameter is
|
||
|
only used if EimAccessType is EIM_ACCESS_REGISTRY.<br>
|
||
|
<br>
|
||
|
</dd>
|
||
|
|
||
|
<!-- ============================================================== -->
|
||
|
<!-- accessIndicator -->
|
||
|
<!-- ============================================================== -->
|
||
|
<dt><strong>accessIndicator</strong> (Output)</dt>
|
||
|
|
||
|
<dd>Indicator set to indicate if access found.<br>
|
||
|
<br>
|
||
|
<table cellpadding="5">
|
||
|
<!-- cols="25 75" -->
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>EIM_ACCESS_NO (0)</em></td>
|
||
|
<td align="left" valign="top">Access not found</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>EIM_ACCESS_YES (1)</em></td>
|
||
|
<td align="left" valign="top">Access found.</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<br>
|
||
|
</dd>
|
||
|
|
||
|
<!-- ============================================================== -->
|
||
|
<!-- eimrc -->
|
||
|
<!-- ============================================================== -->
|
||
|
<dt><strong>eimrc</strong> (Input/Output)</dt>
|
||
|
|
||
|
<dd>(Input/Output)
|
||
|
|
||
|
<p>The structure in which to return error code information. If the return value
|
||
|
is not 0, eimrc is set with additional information. This parameter may be NULL.
|
||
|
For the format of the structure, see <a href="eimrc.htm">EimRC--EIM Return Code
|
||
|
Parameter</a>.<br>
|
||
|
<br>
|
||
|
</p>
|
||
|
</dd>
|
||
|
</dl>
|
||
|
|
||
|
<br>
|
||
|
<!-- ============================================================== -->
|
||
|
<!-- -->
|
||
|
<!-- R E T U R N V A L U E -->
|
||
|
<!-- -->
|
||
|
<!-- ============================================================== -->
|
||
|
|
||
|
<h3><a name="Header_4">Return Value</a></h3>
|
||
|
|
||
|
<p>The return value from the API. Following each return value is the list of
|
||
|
possible values for the <samp>messageCatalogMessageID</samp> field in the
|
||
|
<em>eimrc</em> parameter for that value.</p>
|
||
|
|
||
|
<dl><!-- ============================================================== -->
|
||
|
<!-- 0 -->
|
||
|
<!-- ============================================================== -->
|
||
|
<dt><strong>0</strong></dt>
|
||
|
|
||
|
<dd>Request was successful.<br>
|
||
|
<br>
|
||
|
</dd>
|
||
|
|
||
|
<!-- ============================================================== -->
|
||
|
<!-- EACCES -->
|
||
|
<!-- ============================================================== -->
|
||
|
<dt><strong>EACCES</strong></dt>
|
||
|
|
||
|
<dd>Access denied. Not enough permissions to access data.<br>
|
||
|
<br>
|
||
|
<table cellpadding="5">
|
||
|
<!-- cols="25 75" -->
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>EIMERR_ACCESS (1)</em></td>
|
||
|
<td align="left" valign="top">Insufficient access to EIM data.</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<br>
|
||
|
</dd>
|
||
|
|
||
|
<!-- ============================================================== -->
|
||
|
<!-- EBADDATA -->
|
||
|
<!-- ============================================================== -->
|
||
|
<dt><strong>EBADDATA</strong></dt>
|
||
|
|
||
|
<dd>eimrc is not valid.<br>
|
||
|
<br>
|
||
|
</dd>
|
||
|
|
||
|
<!-- ============================================================== -->
|
||
|
<!-- EBUSY -->
|
||
|
<!-- ============================================================== -->
|
||
|
<dt><strong>EBUSY</strong></dt>
|
||
|
|
||
|
<dd>Unable to allocate internal system object.<br>
|
||
|
<br>
|
||
|
<table cellpadding="5">
|
||
|
<!-- cols="25 75" -->
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>EIMERR_NOLOCK (26)</em></td>
|
||
|
<td align="left" valign="top">Unable to allocate internal system object.</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<br>
|
||
|
</dd>
|
||
|
|
||
|
<!-- ============================================================== -->
|
||
|
<!-- ECONVERT -->
|
||
|
<!-- ============================================================== -->
|
||
|
<dt><strong>ECONVERT</strong></dt>
|
||
|
|
||
|
<dd>Data conversion error.<br>
|
||
|
<br>
|
||
|
<table cellpadding="5">
|
||
|
<!-- cols="35 65" -->
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>EIMERR_DATA_CONVERSION (13)</em></td>
|
||
|
<td align="left" valign="top">Error occurred when converting data between code
|
||
|
pages.</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<br>
|
||
|
</dd>
|
||
|
|
||
|
<!-- ============================================================== -->
|
||
|
<!-- EINVAL -->
|
||
|
<!-- ============================================================== -->
|
||
|
<dt><strong>EINVAL</strong></dt>
|
||
|
|
||
|
<dd>Input parameter was not valid.<br>
|
||
|
<br>
|
||
|
<table cellpadding="5">
|
||
|
<!-- cols="40 60" -->
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>EIMERR_ACCESS_TYPE_INVAL (2)</em></td>
|
||
|
<td align="left" valign="top">Access type is not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top" nowrap><em>EIMERR_ACCESS_USERTYPE_INVAL
|
||
|
(3)</em></td>
|
||
|
<td align="left" valign="top">Access user type is not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>EIMERR_HANDLE_INVAL (17)</em></td>
|
||
|
<td align="left" valign="top">EimHandle is not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>EIMERR_PARM_REQ (34)</em></td>
|
||
|
<td align="left" valign="top">Missing required parameter. Please check API
|
||
|
documentation.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>EIMERR_PTR_INVAL (35)</em></td>
|
||
|
<td align="left" valign="top">Pointer parameter is not valid.</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>EIMERR_REG_MUST_BE_NULL (55)</em></td>
|
||
|
<td align="left" valign="top">Registry name must be NULL when access type is
|
||
|
not EIM_ACCESS_REGISTRY.</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<br>
|
||
|
</dd>
|
||
|
|
||
|
<!-- ============================================================== -->
|
||
|
<!-- ENOMEM -->
|
||
|
<!-- ============================================================== -->
|
||
|
<dt><strong>ENOMEM</strong></dt>
|
||
|
|
||
|
<dd>Unable to allocate required space.<br>
|
||
|
<br>
|
||
|
<table cellpadding="5">
|
||
|
<!-- cols="25 75" -->
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>EIMERR_NOMEM (27)</em></td>
|
||
|
<td align="left" valign="top">No memory available. Unable to allocate required
|
||
|
space.</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<br>
|
||
|
</dd>
|
||
|
|
||
|
<!-- ============================================================== -->
|
||
|
<!-- ENOTCONN -->
|
||
|
<!-- ============================================================== -->
|
||
|
<dt><strong>ENOTCONN</strong></dt>
|
||
|
|
||
|
<dd>LDAP connection has not been made.<br>
|
||
|
<br>
|
||
|
<table cellpadding="5">
|
||
|
<!-- cols="25 75" -->
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>EIMERR_NOT_CONN (31)</em></td>
|
||
|
<td align="left" valign="top">Not connected to LDAP. Use eimConnect() API and
|
||
|
try the request again.</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
|
||
|
<br>
|
||
|
</dd>
|
||
|
|
||
|
<!-- ============================================================== -->
|
||
|
<!-- EUNKNOWN -->
|
||
|
<!-- ============================================================== -->
|
||
|
<dt><strong>EUNKNOWN</strong></dt>
|
||
|
|
||
|
<dd>Unexpected exception.<br>
|
||
|
<br>
|
||
|
<table cellpadding="5">
|
||
|
<!-- cols="25 75" -->
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>EIMERR_LDAP_ERR (23)</em></td>
|
||
|
<td align="left" valign="top">Unexpected LDAP error. %s</td>
|
||
|
</tr>
|
||
|
|
||
|
<tr>
|
||
|
<td align="left" valign="top"><em>EIMERR_UNKNOWN (44)</em></td>
|
||
|
<td align="left" valign="top">Unknown error or unknown system state.</td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
</dd>
|
||
|
</dl>
|
||
|
|
||
|
<br>
|
||
|
<!-- ============================================================== -->
|
||
|
<!-- -->
|
||
|
<!-- U S A G E N O T E S -->
|
||
|
<!-- -->
|
||
|
<!-- ============================================================== -->
|
||
|
<!-- ============================================================== -->
|
||
|
<!-- -->
|
||
|
<!-- R E L A T E D I N F O R M A T I O N -->
|
||
|
<!-- -->
|
||
|
<!-- ============================================================== -->
|
||
|
|
||
|
<h3>Related Information</h3>
|
||
|
|
||
|
<ul>
|
||
|
<li><a href="eimaddaccess.htm">eimAddAccess()</a> --Add EIM Access<br>
|
||
|
<br>
|
||
|
</li>
|
||
|
|
||
|
<li><a href="eimremoveaccess.htm">eimRemoveAccess()</a> --Remove EIM Access<br>
|
||
|
<br>
|
||
|
</li>
|
||
|
|
||
|
<li><a href="eimlistuseraccess.htm">eimListUserAccess()</a> --List EIM User
|
||
|
Access<br>
|
||
|
<br>
|
||
|
</li>
|
||
|
|
||
|
<li><a href="eimlistaccess.htm">eimListAccess()</a> --List EIM Access<br>
|
||
|
<br>
|
||
|
</li>
|
||
|
</ul>
|
||
|
|
||
|
<br>
|
||
|
<!-- ============================================================== -->
|
||
|
<!-- -->
|
||
|
<!-- E X A M P L E -->
|
||
|
<!-- -->
|
||
|
<!-- ============================================================== -->
|
||
|
|
||
|
<h3>Example</h3>
|
||
|
<p>See <a href="../apiref/aboutapis.htm#codedisclaimer">Code disclaimer information</a>
|
||
|
for information pertaining to code examples.</p>
|
||
|
<p>The following example checks to see if the user has the requested
|
||
|
access.</p>
|
||
|
|
||
|
<pre>
|
||
|
#include <eim.h>
|
||
|
#include <stdio.h>
|
||
|
|
||
|
int main(int argc, char *argv[])
|
||
|
{
|
||
|
int rc;
|
||
|
char eimerr[100];
|
||
|
EimRC * err;
|
||
|
EimHandle * handle;
|
||
|
|
||
|
EimAccessUser user;
|
||
|
|
||
|
unsigned int indicator;
|
||
|
|
||
|
<em>/* Get eim handle from input arg. */</em>
|
||
|
<em>/* This handle is already connected to EIM. */</em>
|
||
|
handle = (EimHandle *)argv[1];
|
||
|
|
||
|
<em>/* Set up error structure. */</em>
|
||
|
memset(eimerr,0x00,100);
|
||
|
err = (EimRC *)eimerr;
|
||
|
err->memoryProvidedByCaller = 100;
|
||
|
|
||
|
<em>/* Set up access user info */</em>
|
||
|
user.userType = EIM_ACCESS_DN;
|
||
|
user.user.dn="cn=pete,o=ibm,c=us";
|
||
|
|
||
|
<em>/* Query access for this user. */</em>
|
||
|
if (0 != (rc = eimQueryAccess(handle,
|
||
|
&user,
|
||
|
EIM_ACCESS_ADMIN,
|
||
|
NULL,
|
||
|
&indicator,
|
||
|
err)))
|
||
|
{
|
||
|
printf("Query access error = %d", rc);
|
||
|
return -1;
|
||
|
}
|
||
|
|
||
|
<em>/* Print the results */</em>
|
||
|
if (EIM_ACCESS_YES == indicator)
|
||
|
printf("Access found\n");
|
||
|
else
|
||
|
printf("Access not found\n");
|
||
|
|
||
|
return 0;
|
||
|
}
|
||
|
</pre>
|
||
|
|
||
|
<br>
|
||
|
<!-- ============================================================== -->
|
||
|
<!-- -->
|
||
|
<!-- F O O T E R -->
|
||
|
<!-- -->
|
||
|
<!-- ============================================================== -->
|
||
|
|
||
|
<hr>
|
||
|
API introduced: V5R2
|
||
|
|
||
|
<hr>
|
||
|
<center>
|
||
|
<table cellpadding="2" cellspacing="2">
|
||
|
<tr align="center">
|
||
|
<td valign="middle" align="center"><a href="#Top_Of_Page">Top</a> | <a href=
|
||
|
"sec.htm">Security APIs</a> | <a href="aplist.htm">APIs by category</a></td>
|
||
|
</tr>
|
||
|
</table>
|
||
|
</center>
|
||
|
</body>
|
||
|
</html>
|
||
|
|