ibm-information-center/dist/eclipse/plugins/i5OS.ic.apis_5.4.0.1/eimgettgtcredsfromidentifier.htm

814 lines
29 KiB
HTML

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Copyright" content="Copyright (c) 2006 by IBM Corporation">
<title>eimGetTgtCredsFromIdentifier()--Get EIM Target Identities and Credentials from the Identifier</title>
<!-- Begin header records -->
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<!-- Change History: -->
<!-- YYMMDD USERID Change description -->
<!-- Created by Carol Budnik on 17 July 2001 -->
<!-- Edited by Kersten Jan 02 -->
<!-- End Header Records -->
<link rel="stylesheet" type="text/css" href="../rzahg/ic.css">
</head>
<body>
<!--Java sync-link-->
<script type="text/javascript" language="javascript" src="../rzahg/synch.js">
</script>
<a name="Top_Of_Page"></a>
<!-- ============================================================== -->
<!-- -->
<!-- -->
<!-- ============================================================== -->
<h2><img src="delta.gif" alt="Start of change">eimGetTgtCredsFromIdentifier()
--Get EIM Target Identities and Credentials from the Identifier</h2>
<!-- ============================================================== -->
<!-- -->
<!-- S Y N T A X / P A R M T A B L E -->
<!-- -->
<!-- ============================================================== -->
<div class="box" style="width: 80%;">
<br>
&nbsp;&nbsp;Syntax
<pre>
#include &lt;eim.h&gt;
int eimGetTgtCredsFromIdentifier(EimHandle * <em>eim</em>,
EimIdentifierInfo * <em>idName</em>,
char * <em>targetRegistryName</em>,
char * <em>additionalInformation</em>,
unsigned int <em>lengthOfListData</em>,
EimList * <em>listData</em>,
EimRC * <em>eimrc</em>)
</pre>
&nbsp;&nbsp;Service Program Name: QSYS/QSYEIM&nbsp;&nbsp;<br>
<!-- iddvc RMBR -->
<br>
&nbsp;&nbsp;Default Public Authority: *USE<br>
<!-- iddvc RMBR -->
<br>
&nbsp;&nbsp;Threadsafe: Yes<br>
<!-- iddvc RMBR -->
<br>
</div>
<!-- ============================================================== -->
<!-- -->
<!-- D E S C R I P T I O N -->
<!-- -->
<!-- ============================================================== -->
<p>The <strong>eimGetTgtCredsFromIdentifier()</strong> function gets the target
identity or identities and credentials for the specified registry that is
associated with the specified EIM identifier. </p>
<p>
EIM version 3 must be supported by the local EIM APIs to use this API
(see <a href="eimgetversion.htm">eimGetVersion()</a>--Get EIM Version).
</p>
<p>
See <a href="eimmappinglookup.htm">EIM Mapping Lookup Algorithm</a>
for the steps involved in a mapping lookup operation.
</p>
<br>
<!-- ============================================================== -->
<!-- -->
<!-- A U T H O R I T I E S A N D L O C K S -->
<!-- -->
<!-- ============================================================== -->
<h3>Authorities and Locks</h3>
<dl>
<dt><em>EIM Data</em></dt>
<dd>Access to EIM data is controlled by EIM access groups.
LDAP administrators also have access to EIM data.
The access groups whose members have authority to
the mapping lookup data for this API follow:
<ul>
<li>EIM Administrator</li>
<li>EIM Registries Administrator</li>
<li>EIM Identifiers Administrator</li>
<li>EIM Mapping Lookup</li>
<li>EIM authority to an individual registry</li>
</ul>
<p>The list returned contains only the information that the
user has authority to access.</p>
<p>The credential information for the target identity is considered security
sensitive data. Access to this data is more strictly controlled.
The access groups whose members have authority to
the credential information for the target identity follow: </p>
<ul>
<li>EIM Administrator</li>
<li>EIM Credential Data</li>
<li>EIM authority to an individual registry</li>
</ul>
<p>Note that the EIM Credential Data access group does not have access to the
mapping lookup data. If a user is a member of the EIM Credential Data
access group, then the
user must also be a member of one of the access groups that has access to
the mapping lookup data.</p>
</dd>
</dl>
<br>
<!-- ============================================================== -->
<!-- -->
<!-- P A R A M E T E R S -->
<!-- -->
<!-- ============================================================== -->
<h3>Parameters</h3>
<dl>
<!-- ============================================================== -->
<!-- eim -->
<!-- ============================================================== -->
<dt><strong>eim</strong>&nbsp;&nbsp;(Input)</dt>
<dd>
The EIM handle returned by a previous call to eimCreateHandle().
A valid connection is required for this function.
<br><br></dd>
<!-- ============================================================== -->
<!-- idName -->
<!-- ============================================================== -->
<dt><strong>idName</strong>&nbsp;&nbsp;(Input)</dt>
<dd>
A structure that contains the name of the identifier for this lookup
operation. The layout of the EimIdentifierInfo structure follows:
<pre>
enum EimIdType {
EIM_UNIQUE_NAME,
EIM_ENTRY_UUID,
EIM_NAME
};
typedef struct EimIdentifierInfo
{
union {
char * uniqueName;
char * entryUUID;
char * name;
} id;
enum EimIdType idtype;
} EimIdentifierInfo;
</pre>
<p><samp>idtype</samp> indicates which identifier name is provided. Use of
the <samp>uniqueName</samp> provides the best performance. Specifying an
<samp>idtype</samp> of EIM_NAME does not
guarantee that a unique EIM identifier will be found. Therefore, use of
EIM_NAME may result in an error.</p>
</dd>
<!-- ============================================================== -->
<!-- targetRegistryName -->
<!-- ============================================================== -->
<dt><strong>targetRegistryName</strong>&nbsp;&nbsp;(Input)</dt>
<dd>
The target registry for this lookup operation.
A NULL parameter indicates that the <samp>localRegistry</samp>
set by the eimSetConfiguration() API or the
eimSetConfigurationExt() API should be used.
<br><br></dd>
<!-- ============================================================== -->
<!-- additionalInfo -->
<!-- ============================================================== -->
<dt><strong>additionalInfo</strong>&nbsp;&nbsp;(Input)</dt>
<dd>
Additional information that will be used as selection criteria for
this operation. This may be NULL.
<br><br></dd>
<!-- ============================================================== -->
<!-- lengthOfListData -->
<!-- ============================================================== -->
<dt><strong>lengthOfListData</strong>&nbsp;&nbsp;(Input)</dt>
<dd>
The number of bytes provided by the caller for the
<em>listData</em> parameter.
The minimum size required is 20 bytes.
<br><br></dd>
<!-- ============================================================== -->
<!-- listData -->
<!-- ============================================================== -->
<dt><strong>listData</strong>&nbsp;&nbsp;(Output)</dt>
<dd>
A pointer to the EimList structure.
<p>The EimList structure contains information about the returned data.
The API will return as much data as space has been provided.
The data returned is a linked list of EimTargetIdentity structures.
firstEntry is used to get to the first EimTargetIdentity structure in the
linked list. Each EimTargetIdentity entry contains a user name returned
by this lookup operation.</p>
<!-- ============================================================== -->
<!-- -->
<!-- EimList -->
<!-- ============================================================== -->
<p>EimList structure:</p>
<pre>
typedef struct EimList
{
unsigned int bytesReturned; /* Number of bytes actually returned
by the API. */
unsigned int bytesAvailable; /* Number of bytes of available data
that could have been returned by
the API. */
unsigned int entriesReturned; /* Number of entries actually
returned by the API. */
unsigned int entriesAvailable; /* Number of entries available to be
returned by the API. */
unsigned int firstEntry; /* Displacement to the first linked
list entry. This byte offset is
relative to the start of the
EimList structure. */
} EimList;
</pre>
<!-- ============================================================== -->
<!-- EimTargetIdentity -->
<!-- ============================================================== -->
<p>EimTargetIdentity structure: </p>
<pre>
typedef struct EimTargetIdentity
{
unsigned int nextEntry; /* Displacement to next entry. This
byte offset is relative to the
start of this structure. */
EimListData userName; /* User name */
enum EimAssociationType type; /* Association type */
EimListData sourceGroupRegistry;/* Source group registry name */
EimListData targetGroupRegistry;/* Target group registry name */
EimSubList credentialInfo; /* EimCredentialInfo sublist */
} EimTargetIdentity;
</pre>
<p>
The <em>sourceGroupRegistry</em> will not be returned by this API. The
<em>targetGroupRegistry</em> will be returned if the target identity
was found using a target association to a group registry.</p>
<p>
Target identities may have several types of credentials. In the
EimTargetIdentity structure, credentialInfo gives addressability to the first
EimCredentialInfo structure that contains a linked list of credentials.
</p>
<p>
If there is credential information for the target identity, but the caller
is not authorized to access the credential information or the
credential data is not enabled, the
EimCredentialInfo structure will be returned with the <em>type</em> and
<em>status</em> fields filled in. The <em>data</em> field will not be
returned (<em>length</em> and <em>disp</em> will be 0). If there is no
credential information, the EimCredentialInfo structure will not be
returned in the <em>credentialInfo</em> sublist.
</p>
<!-- ============================================================== -->
<!-- EimCredentialInfo -->
<!-- ============================================================== -->
<p>EimCredentialInfo structure:</p>
<pre>
typedef struct EimCredentialInfo
{
unsigned int nextEntry; /* Displacement to next entry. This
byte offset is relative to the
start of this structure. */
enum EimCredentialType type; /* Credential type */
enum EimStatus status; /* Credential status
0 = not enabled
1 = enabled */
EimListData data; /* Credential data */
} EimCredentialInfo;
</pre>
<!-- ============================================================== -->
<!-- EimSubList -->
<!-- ============================================================== -->
<p>EimSubList structure:</p>
<pre>
typedef struct EimSubList
{
unsigned int listNum; /* Number of entries in the list */
unsigned int disp; /* Displacement to sublist. This
byte offset is relative to the
start of the parent structure;
that is, the structure containing
this structure. */
} EimSubList;
</pre>
<!-- ============================================================== -->
<!-- EimListData -->
<!-- ============================================================== -->
<p>EimListData structure:</p>
<pre>
typedef struct EimListData
{
unsigned int length; /* Length of data */
unsigned int disp; /* Displacement to data. This byte
offset is relative to the start of
the parent structure; that is, the
structure containing this
structure. */
} EimListData;
</pre>
</dd>
<!-- ============================================================== -->
<!-- eimrc -->
<!-- ============================================================== -->
<dt><strong>eimrc</strong>&nbsp;&nbsp;(Input/Output)</dt>
<dd>
The structure in which to return error code information. If the return value
is not 0, eimrc is set with additional information. This parameter may be NULL.
For the format of the structure, see <a href="eimrc.htm">EimRC--EIM Return Code
Parameter</a>.
<br><br></dd>
</dl>
<br>
<!-- ============================================================== -->
<!-- -->
<!-- R E T U R N V A L U E -->
<!-- -->
<!-- ============================================================== -->
<h3>Return Value</h3>
<p>The return value from the API. Following each return value is the list of
possible values for the
<samp>messageCatalogMessageID</samp> field in the <em>eimrc</em> parameter
for that value.</p>
<dl>
<!-- ============================================================== -->
<!-- 0 -->
<!-- ============================================================== -->
<dt><strong>0</strong></dt>
<dd>Request was successful.<br>
<br>
</dd>
<!-- ============================================================== -->
<!-- EACCES -->
<!-- ============================================================== -->
<dt><strong>EACCES </strong></dt>
<dd>Access denied. Not enough permissions to access data.<br>
<br>
<table cellpadding="5">
<tr>
<td align="left" valign="top"><em>EIMERR_ACCESS (1)</em></td>
<td align="left" valign="top">Insufficient access to EIM data.</td>
</tr>
</table>
<br>
</dd>
<!-- ============================================================== -->
<!-- EBADDATA -->
<!-- ============================================================== -->
<dt><strong>EBADDATA </strong></dt>
<dd>eimrc is not valid.<br>
<br>
</dd>
<!-- ============================================================== -->
<!-- EBADNAME -->
<!-- ============================================================== -->
<dt><strong>EBADNAME </strong></dt>
<dd>Registry or identifier not found or insufficient access to EIM data.<br>
<br>
<table cellpadding="5">
<tr>
<td align="left" valign="top"><em>EIMERR_IDNAME_AMBIGUOUS (20)</em></td>
<td align="left" valign="top">More than 1 EIM Identifier was found that
matches the requested Identifier name.</td>
</tr>
<tr>
<td align="left" valign="top"><em>EIMERR_NOIDENTIFIER (25)</em></td>
<td align="left" valign="top">EIM Identifier not found or insufficient access to EIM data.</td>
</tr>
<tr>
<td align="left" valign="top"><em>EIMERR_NOREG (28)</em></td>
<td align="left" valign="top">EIM Registry not found or insufficient access to EIM data.</td>
</tr>
</table>
<br>
</dd>
<!-- ============================================================== -->
<!-- EBUSY -->
<!-- ============================================================== -->
<dt><strong>EBUSY </strong></dt>
<dd>Unable to allocate internal system object.<br>
<br>
<table cellpadding="5">
<tr>
<td align="left" valign="top"><em>EIMERR_NOLOCK (26)</em></td>
<td align="left" valign="top">Unable to allocate internal system object.</td>
</tr>
</table>
<br>
</dd>
<!-- ============================================================== -->
<!-- ECONVERT -->
<!-- ============================================================== -->
<dt><strong>ECONVERT </strong></dt>
<dd>Data conversion error.<br>
<br>
<table cellpadding="5">
<tr>
<td align="left" valign="top"><em>EIMERR_DATA_CONVERSION (13)</em></td>
<td align="left" valign="top">Error occurred when converting data between code pages.</td>
</tr>
</table>
<br>
</dd>
<!-- ============================================================== -->
<!-- EINVAL -->
<!-- ============================================================== -->
<dt><strong>EINVAL </strong></dt>
<dd>Input parameter was not valid.<br>
<br>
<table cellpadding="5">
<tr>
<td align="left" valign="top"><em>EIMERR_EIMLIST_SIZE (16)</em></td>
<td align="left" valign="top">Length of EimList is not valid. EimList must
be at least 20 bytes in length.</td>
</tr>
<tr>
<td align="left" valign="top"><em>EIMERR_HANDLE_INVAL (17)</em></td>
<td align="left" valign="top">EimHandle is not valid.</td>
</tr>
<tr>
<td align="left" valign="top"><em>EIMERR_IDNAME_TYPE_INVAL (52)</em></td>
<td align="left" valign="top">The EimIdType value is not valid.</td>
</tr>
<tr>
<td align="left" valign="top"><em>EIMERR_PARM_REQ (34)</em></td>
<td align="left" valign="top">Missing required parameter. Please check API documentation.</td>
</tr>
<tr>
<td align="left" valign="top"><em>EIMERR_PTR_INVAL (35)</em></td>
<td align="left" valign="top">Pointer parameter is not valid.</td>
</tr>
<tr>
<td align="left" valign="top"><em>EIMERR_SPACE (41)</em></td>
<td align="left" valign="top">Unexpected error accessing parameter.</td>
</tr>
<tr>
<td align="left" valign="top"><em>EIMERR_FUNCTION_NOT_SUPPORTED (70)</em></td>
<td align="left" valign="top">The specified function is not supported
by the EIM version.</td>
</tr>
</table>
<br>
</dd>
<!-- ============================================================== -->
<!-- ENOMEM -->
<!-- ============================================================== -->
<dt><strong>ENOMEM </strong></dt>
<dd>Unable to allocate required space.<br>
<br>
<table cellpadding="5">
<tr>
<td align="left" valign="top"><em>EIMERR_NOMEM (27)</em></td>
<td align="left" valign="top">No memory available. Unable to allocate required space.</td>
</tr>
</table>
<br>
</dd>
<!-- ============================================================== -->
<!-- ENOTCONN -->
<!-- ============================================================== -->
<dt><strong>ENOTCONN </strong></dt>
<dd>LDAP connection has not been made.<br>
<br>
<table cellpadding="5">
<tr>
<td align="left" valign="top"><em>EIMERR_NOT_CONN (31)</em></td>
<td align="left" valign="top">Not connected to LDAP. Use eimConnect() API and
try the request again.</td>
</tr>
</table>
<br>
</dd>
<!-- ============================================================== -->
<!-- EUNKNOWN -->
<!-- ============================================================== -->
<dt><strong>EUNKNOWN </strong></dt>
<dd>Unexpected exception.<br>
<br>
<table cellpadding="5">
<tr>
<td align="left" valign="top"><em>EIMERR_LDAP_ERR (23)</em></td>
<td align="left" valign="top">Unexpected LDAP error. %s</td>
</tr>
<tr>
<td align="left" valign="top"><em>EIMERR_UNEXP_OBJ_VIOLATION (56)</em></td>
<td align="left" valign="top">Unexpected object violation.</td>
</tr>
<tr>
<td align="left" valign="top"><em>EIMERR_UNKNOWN (44)</em></td>
<td align="left" valign="top">Unknown error or unknown system state.</td>
</tr>
</table>
</dd>
</dl>
<br>
<!-- ============================================================== -->
<!-- -->
<!-- U S A G E N O T E S -->
<!-- -->
<!-- ============================================================== -->
<!-- ============================================================== -->
<!-- -->
<!-- R E L A T E D I N F O R M A T I O N -->
<!-- -->
<!-- ============================================================== -->
<h3>Related Information</h3>
<ul>
<li><a href="eimgettargetcredsfromsource.htm">eimGetTargetCredsFromSource()</a>
--Get EIM Target Identities and Credentials from the Source<br>
<br>
</li>
</ul>
<br>
<!-- ============================================================== -->
<!-- -->
<!-- E X A M P L E -->
<!-- -->
<!-- ============================================================== -->
<h3>Example</h3>
<p>See <a href="../apiref/aboutapis.htm#codedisclaimer">Code disclaimer information</a>
for information pertaining to code examples.</p>
<p>The following example will get the list of users and credentials in the target
registry, MyRegistry, that are associated with the specified
identifier.</p>
<pre>
#include &lt;eim.h&gt;
#include &lt;stddef.h&gt;
#include &lt;stdio.h&gt;
#include &lt;stdlib.h&gt;
void printListResults(EimList * list);
void printListData(char * fieldName,
void * entry,
int offset);
void printAssociationType(int type);
void printCredSubListData(char * fieldName,
void * entry,
int offset);
int main(int argc, char *argv[])
{
int rc;
char eimerr[100];
EimRC * err;
EimHandle * handle;
char listData[1000];
EimList * list = (EimList * ) listData;
EimIdentifierInfo x;
<em>/* Get eim handle from input arg. */</em>
<em>/* This handle is already connected to EIM. */</em>
handle = (EimHandle *)argv[1];
<em>/* Set up error structure. */</em>
memset(eimerr,0x00,100);
err = (EimRC *)eimerr;
err->memoryProvidedByCaller = 100;
<em>/* Set up identifier information */</em>
x.idtype = EIM_UNIQUE_NAME;
x.id.uniqueName = "mjones";
if (0 != (rc = eimGetTgtCredsFromIdentifier(handle,
&amp;x,
"MyRegistry",
NULL,
1000,
list,
err)))
{
printf("Get target credentials from identifier error = %d", rc);
return -1;
}
printListResults(list);
return 0;
}
void printListResults(EimList * list)
{
int i;
EimTargetIdentity * entry;
printf("___________\n");
printf(" bytesReturned = %d\n", list->bytesReturned);
printf(" bytesAvailable = %d\n", list->bytesAvailable);
printf(" entriesReturned = %d\n", list->entriesReturned);
printf(" entriesAvailable = %d\n", list->entriesAvailable);
printf("\n");
entry = (EimTargetIdentity *)((char *)list + list->firstEntry);
for (i = 0; i &lt; list->entriesReturned; i++)
{
printf("\n");
printf("===============\n");
printf("Entry %d.\n", i);
<em>/* Print out results */</em>
printListData("target user",
entry,
offsetof(EimTargetIdentity, userName));
printAssociationType(entry-&gt;type);
printListData("target group registry",
entry,
offsetof(EimTargetIdentity, targetGroupRegistry));
printCredSubListData("credential information",
entry,
offsetof(EimTargetIdentity, credentialInfo));
<em>/* advance to next entry */</em>
entry = (EimTargetIdentity *)((char *)entry + entry->nextEntry);
}
printf("\n");
}
void printListData(char * fieldName,
void * entry,
int offset)
{
EimListData * listData;
char * data;
int dataLength;
printf(" %s = ",fieldName);
<em>/* Address the EimListData object */</em>
listData = (EimListData *)((char *)entry + offset);
<em>/* Print out results */</em>
data = (char *)entry + listData->disp;
dataLength = listData->length;
if (dataLength > 0)
printf("%.*s\n",dataLength, data);
else
printf("Not found.\n");
}
void printAssociationType(int type)
{
switch(type)
{
case EIM_TARGET:
printf(" Target Association.\n");
break;
case EIM_DEFAULT_DOMAIN_POLICY:
printf(" Default Domain Policy Association.\n");
break;
default:
printf("ERROR - unknown association type.\n");
break;
}
}
void printCredSubListData(char * fieldName,
void * entry,
int offset)
{
int i;
EimSubList * subList;
EimCredentialInfo * subentry;
<em>/* Address the EimSubList object */</em>
subList = (EimSubList *)((char *)entry + offset);
if (subList-&gt;listNum &gt; 0)
{
subentry = (EimCredentialInfo *)((char *)entry + subList-&gt;disp);
for (i = 0; i &lt; subList-&gt;listNum; i++)
{
<em>/* Print out results */</em>
printf(" Credential type = %d.\n",subentry->type);
printf(" Credential status = %d.\n",subentry->status);
<em>/* Credential data is not printed. */</em>
<em>/* advance to next entry */</em>
subentry = (EimCredentialInfo *)((char *)subentry +
subentry-&gt;nextEntry);
}
}
}
</pre>
<br>
<!-- ============================================================== -->
<!-- -->
<!-- F O O T E R -->
<!-- -->
<!-- ============================================================== -->
<img src="deltaend.gif" alt="End of change">
<hr>
API introduced: V5R4
<hr>
<center>
<table cellpadding="2" cellspacing="2">
<tr align="center">
<td valign="middle" align="center"><a href="#Top_Of_Page">Top</a> | <a href=
"sec.htm">Security APIs</a> | <a href="aplist.htm">APIs by category</a></td>
</tr>
</table>
</center>
</body>
</html>