eimGetTargetCredsFromSource() --Get
EIM Target Identities and Credentials from the SourceeimGetTargetCredsFromSource() --Get
EIM Target Identities and Credentials from the Source
#include <eim.h>
int eimGetTargetCredsFromSource(EimHandle * eim,
char * sourceRegistryName,
char * sourceRegistryUserName,
char * targetRegistryName,
char * additionalInformation,
unsigned int lengthOfListData,
EimList * listData,
EimRC * eimrc)
Service Program Name: QSYS/QSYEIM The eimGetTargetCredsFromSource() function gets the target identity(ies) and credentials associated with the source identity as defined by source registry name and source registry user. This is known as a mapping lookup operation -- from the known source information return the user for this target registry.
EIM version 3 must be supported by the local EIM APIs to use this API (see eimGetVersion()--Get EIM Version).
See EIM Mapping Lookup Algorithm for the steps involved in a mapping lookup operation.
The list returned contains only the information that the user has authority to access.
The credential information for the target identity is considered security sensitive data. Access to this data is more strictly controlled. The access groups whose members have authority to the credential information for the target identity follow:
Note that the EIM Credential Data access group does not have access to the mapping lookup data. If a user is a member of the EIM Credential Data access group, then the user must also be a member of one of the access groups that has access to the mapping lookup data.
The EimList structure contains information about the returned data. The API will return as much data as space has been provided. The data returned is a linked list of EimTargetIdentity structures. firstEntry is used to get to the first EimTargetIdentity structure in the linked list. Each EimTargetIdentity entry contains a user name returned by this lookup operation.
EimList structure:
typedef struct EimList
{
unsigned int bytesReturned; /* Number of bytes actually returned
by the API */
unsigned int bytesAvailable; /* Number of bytes of available data
that could have been returned by
the API */
unsigned int entriesReturned; /* Number of entries actually
returned by the API */
unsigned int entriesAvailable; /* Number of entries available to be
returned by the API */
unsigned int firstEntry; /* Displacement to the first linked
list entry. This byte offset is
relative to the start of the
EimList structure. */
} EimList;
EimTargetIdentity structure:
typedef struct EimTargetIdentity
{
unsigned int nextEntry; /* Displacement to next entry. This
byte offset is relative to the
start of this structure */
EimListData userName; /* User name */
enum EimAssociationType type; /* Association type */
EimListData sourceGroupRegistry;/* Source group registry name */
EimListData targetGroupRegistry;/* Target group registry name */
EimSubList credentialInfo; /* EimCredentialInfo sublist */
} EimTargetIdentity;
The sourceGroupRegistry will be returned if the target identity was found using a source association to a group registry. The targetGroupRegistry will be returned if the target identity was found using a target association to a group registry.
Target identities may have several types of credentials. In the EimTargetIdentity structure, credentialInfo gives addressability to the first EimCredentialInfo structure that contains a linked list of credentials.
If there is credential information for the target identity, but the caller is not authorized to access the credential information or the credential data is not enabled, the EimCredentialInfo structure will be returned with the type and status fields filled in. The data field will not be returned (length and disp will be 0). If there is no credential information, the EimCredentialInfo structure will not be returned in the credentialInfo sublist.
EimCredentialInfo structure:
typedef struct EimCredentialInfo
{
unsigned int nextEntry; /* Displacement to next entry. This
byte offset is relative to the
start of this structure. */
enum EimCredentialType type; /* Credential type */
enum EimStatus status; /* Credential status
0 = not enabled
1 = enabled */
EimListData data; /* Credential data */
} EimCredentialInfo;
EimSubList structure:
typedef struct EimSubList
{
unsigned int listNum; /* Number of entries in the list */
unsigned int disp; /* Displacement to sublist. This
byte offset is relative to the
start of the parent structure;
that is, the structure containing
this structure. */
} EimSubList;
EimListData structure:
typedef struct EimListData
{
unsigned int length; /* Length of data */
unsigned int disp; /* Displacement to data. This byte
offset is relative to the start of
the parent structure; that is, the
structure containing this
structure. */
} EimListData;
The return value from the API. Following each return value is the list of possible values for the messageCatalogMessageID field in the eimrc parameter for that value.
| EIMERR_ACCESS (1) | Insufficient access to EIM data. |
| EIMERR_NOREG (28) | EIM Registry not found or insufficient access to EIM data. |
| EIMERR_NOLOCK (26) | Unable to allocate internal system object. |
| EIMERR_DATA_CONVERSION (13) | Error occurred when converting data between code pages. |
| EIMERR_EIMLIST_SIZE (16) | Length of EimList is not valid. EimList must be at least 20 bytes in length. |
| EIMERR_HANDLE_INVAL (17) | EimHandle is not valid. |
| EIMERR_PARM_REQ (34) | Missing required parameter. Please check API documentation. |
| EIMERR_PTR_INVAL (35) | Pointer parameter is not valid. |
| EIMERR_SPACE (41) | Unexpected error accessing parameter. |
| EIMERR_FUNCTION_NOT_SUPPORTED (70) | The specified function is not supported by the EIM version. |
| EIMERR_NOMEM (27) | No memory available. Unable to allocate required space. |
| EIMERR_NOT_CONN (31) | Not connected to LDAP. Use eimConnect() API and try the request again. |
| EIMERR_LDAP_ERR (23) | Unexpected LDAP error. %s |
| EIMERR_UNEXP_OBJ_VIOLATION (56) | Unexpected object violation. |
| EIMERR_UNKNOWN (44) | Unknown error or unknown system state. |
See Code disclaimer information for information pertaining to code examples.
The following example will get the list of users and credentials in the target registry, MyRegistry, that are associated with the source information.
#include <eim.h>
#include <stddef.h>
#include <stdio.h>
#include <stdlib.h>
void printListResults(EimList * list);
void printListData(char * fieldName,
void * entry,
int offset);
void printAssociationType(int type);
void printCredSubListData(char * fieldName,
void * entry,
int offset);
int main(int argc, char *argv[])
{
int rc;
char eimerr[100];
EimRC * err;
EimHandle * handle;
char listData[1000];
EimList * list = (EimList * ) listData;
/* Get eim handle from input arg. */
/* This handle is already connected to EIM. */
handle = (EimHandle *)argv[1];
/* Set up error structure. */
memset(eimerr,0x00,100);
err = (EimRC *)eimerr;
err->memoryProvidedByCaller = 100;
/* Get target identity */
if (0 != (rc = eimGetTargetCredsFromSource(handle,
"kerberosRegistry",
"mjjones",
"MyRegistry",
NULL,
1000,
list,
err)))
{
printf("Get target credentials from source error = %d", rc);
return -1;
}
/* Print the results */
printListResults(list);
return 0;
}
void printListResults(EimList * list)
{
int i;
EimTargetIdentity * entry;
printf("___________\n");
printf(" bytesReturned = %d\n", list->bytesReturned);
printf(" bytesAvailable = %d\n", list->bytesAvailable);
printf(" entriesReturned = %d\n", list->entriesReturned);
printf(" entriesAvailable = %d\n", list->entriesAvailable);
printf("\n");
entry = (EimTargetIdentity *)((char *)list + list->firstEntry);
for (i = 0; i < list->entriesReturned; i++)
{
printf("\n");
printf("===============\n");
printf("Entry %d.\n", i);
/* Print out results */
printListData("target user",
entry,
offsetof(EimTargetIdentity, userName));
printAssociationType(entry->type);
printListData("source group registry",
entry,
offsetof(EimTargetIdentity, sourceGroupRegistry));
printListData("target group registry",
entry,
offsetof(EimTargetIdentity, targetGroupRegistry));
printCredSubListData("credential information",
entry,
offsetof(EimTargetIdentity, credentialInfo));
/* advance to next entry */
entry = (EimTargetIdentity *)((char *)entry + entry->nextEntry);
}
printf("\n");
}
void printListData(char * fieldName,
void * entry,
int offset)
{
EimListData * listData;
char * data;
int dataLength;
printf(" %s = ",fieldName);
/* Address the EimListData object */
listData = (EimListData *)((char *)entry + offset);
/* Print out results */
data = (char *)entry + listData->disp;
dataLength = listData->length;
if (dataLength > 0)
printf("%.*s\n",dataLength, data);
else
printf("Not found.\n");
}
void printAssociationType(int type)
{
switch(type)
{
case EIM_TARGET:
printf(" Target Association.\n");
break;
case EIM_CERT_FILTER_POLICY:
printf(" Certificate Filter Policy Association.\n");
break;
case EIM_DEFAULT_REG_POLICY:
printf(" Default Registry Policy Association.\n");
break;
case EIM_DEFAULT_DOMAIN_POLICY:
printf(" Default Domain Policy Association.\n");
break;
default:
printf("ERROR - unknown association type.\n");
break;
}
}
void printCredSubListData(char * fieldName,
void * entry,
int offset)
{
int i;
EimSubList * subList;
EimCredentialInfo * subentry;
/* Address the EimSubList object */
subList = (EimSubList *)((char *)entry + offset);
if (subList->listNum > 0)
{
subentry = (EimCredentialInfo *)((char *)entry + subList->disp);
for (i = 0; i < subList->listNum; i++)
{
/* Print out results */
printf(" Credential type = %d.\n",subentry->type);
printf(" Credential status = %d.\n",subentry->status);
/* Credential data is not printed. */
/* advance to next entry */
subentry = (EimCredentialInfo *)((char *)subentry +
subentry->nextEntry);
}
}
}
| Top | Security APIs | APIs by category |