friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
master
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzajc_5.4.0.1/rzajccrtroleprfc.htm

793 lines
38 KiB
HTML
Raw Permalink Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="reference" />
<meta name="DC.Title" content="Example: ILE C program for creating roles and profiles for your Coprocessor" />
<meta name="abstract" content="Change this program example to suit your needs for creating a role or a profile for your Coprocessor." />
<meta name="description" content="Change this program example to suit your needs for creating a role or a profile for your Coprocessor." />
<meta name="DC.Relation" scheme="URI" content="rzajcsetup.htm" />
<meta name="DC.Relation" scheme="URI" content="rzajcrolesprofiles.htm#definingroles" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="crtroleprfc" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Example: ILE C program for creating roles and profiles for your Coprocessor</title>
</head>
<body id="crtroleprfc"><a name="crtroleprfc"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Example: ILE C program for creating roles and profiles for your Coprocessor</h1>
<div><p>Change this program example to suit your needs for creating a role
or a profile for your Coprocessor. </p>
<div class="section"><div class="note"><span class="notetitle">Note:</span> Read the <a href="codedisclaimer.htm#codedisclaimer">Code license and disclaimer information</a> for
important legal information.<p>If you choose to use this program example,
change it to suit your specific needs. For security reasons, IBM<sup>®</sup> recommends
that you individualize these program examples rather than using the default
values provided.</p>
</div>
</div>
<div class="example"> <pre>/*-------------------------------------------------------------------*/
/* CRTROLEPRF */
/* */
/* Sample program to create roles and profiles in the */
/* cryptographic adapter. */
/* */
/* */
/* COPYRIGHT 5769-SS1 (C) IBM CORP. 1999, 1999 */
/* */
/* This material contains programming source code for your */
/* consideration. These examples have not been thoroughly */
/* tested under all conditions. IBM, therefore, cannot */
/* guarantee or imply reliability, serviceability, or function */
/* of these program. All programs contained herein are */
/* provided to you "AS IS". THE IMPLIED WARRANTIES OF */
/* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE */
/* ARE EXPRESSLY DISCLAIMED. IBM provides no program services for */
/* these programs and files. */
/* */
/* */
/* Note: Input format is more fully described in Chapter 2 of */
/* IBM CCA Basic Services Reference and Guide */
/* (SC31-8609) publication. */
/* */
/* Parameters: */
/* none. */
/* */
/* Example: */
/* CALL PGM(CRTROLEPRF) */
/* */
/* Use these commands to compile this program on the system: */
/* CRTCMOD MODULE(CRTROLEPRF) SRCFILE(SAMPLE) */
/* CRTPGM PGM(CRTROLEPRF) MODULE(CRTROLEPRF) */
/* BNDSRVPGM(QCCA/CSUAACI QCCA/CSNBOWH) */
/* */
/* Note: Authority to the CSUAACI and CSNBOWH service programs */
/* in the QCCA library is assumed. */
/* */
/* The Common Cryptographic Architecture (CCA) verbs used are */
/* Access_Control_Initialization (CSUAACI) and */
/* One_Way_Hash (CSNBOWH). */
/* */
/* Note: This program assumes the device you want to use is */
/* already identified either by defaulting to the CRP01 */
/* device or has been explicitly named using the */
/* Cryptographic_Resource_Allocate verb. Also this */
/* device must be varied on and you must be authorized */
/* to use this device description. */
/* */
/* Note: Before running this program, the clock in the must be */
/* set using Cryptographic_Facility_Control (CSUACFC) in order */
/* to be able to logon afterwards. */
/* */
/*-------------------------------------------------------------------*/
#include "csucincl.h" /* header file for CCA Cryptographic
Service Provider */
#include &lt;stdio.h&gt;
#include &lt;string.h&gt;
#include &lt;stdlib.h&gt;
void main(int argc, char *argv[]) {
/*-------------------------------------------------------------------*/
/* standard return codes */
/*-------------------------------------------------------------------*/
#define ERROR -1
#define OK 0
#define WARNING 4
/*-------------------------------------------------------------------*/
/* Variables used for parameters on CCA APIs */
/*-------------------------------------------------------------------*/
long return_code;
long reason_code;
long exit_data_length;
char exit_data[2];
char rule_array[4][8];
long rule_array_count;
long verb_data1_length;
long verb_data2_length;
long hash_length;
long text_length;
char *text;
char chaining_vector[128];
long chaining_vector_length;
/*-------------------------------------------------------------------*/
/* Definitions for profiles */
/*-------------------------------------------------------------------*/
typedef struct
{
char version[2]; /* Profile structure version */
short length; /* length of structure */
char comment[20]; /* Description */
short checksum;
char logon_failure_count;
char reserved;
char userid[8]; /* Name for this profile */
char role[8]; /* Role that profile uses */
short act_year; /* Activation date - year */
char act_month; /* Activation date - month */
char act_day; /* Activation date - day */
short exp_year; /* Expiration date - year */
char exp_month; /* Expiration date - month */
char exp_day; /* Expiration date - day */
short total_auth_data_length;
short field_type;
short auth_data_length_1;
short mechanism; /* Authentication mechanism */
short strength; /* Strength of mechanism */
short mech_exp_year; /* Mechanism expiration - year*/
char mech_exp_month; /* Mech. expiration - month */
char mech_exp_day; /* Mechansim expiration - day */
char attributes[4];
char auth_data[20]; /* Secret data */
} profile_T;
typedef struct
{
long number; /* Number profiles in struct */
long reserved;
profile_T profile[3];
} aggregate_profile;
aggregate_profile * verb_data1; /* Aggregate structure for */
/* defining profiles */
/*-------------------------------------------------------------------*/
/* Definitions for roles */
/*-------------------------------------------------------------------*/
/*--------------------------------------------------------------*/
/* Default role - access control points list - */
/* authorized to everything EXCEPT: */
/* 0x0018 - Load 1st part of Master Key */
/* 0x0019 - Combine Master Key Parts */
/* 0x001A - Set Master Key */
/* 0x0020 - Generate Random Master Key */
/* 0x0032 - Clear New Master Key Register */
/* 0x0033 - Clear Old Master Key Register */
/* 0x0053 - Load 1st part of PKA Master Key */
/* 0x0054 - Combine PKA Master Key Parts */
/* 0x0057 - Set PKA Master Key */
/* 0x0060 - Clear New PKA Master Key Register */
/* 0x0061 - Clear Old PKA Master Key Register */
/* 0x0110 - Set Clock */
/* 0x0111 - Reinitialize device */
/* 0x0112 - Initialize access control system */
/* 0x0113 - Change user profile expiration date */
/* 0x0114 - Change authentication data (eg. passphrase) */
/* 0x0115 - Reset password failure count */
/* 0x0116 - Read Public Access Control Information */
/* 0x0117 - Delete user profile */
/* 0x0118 - Delete role */
/* 0x0119 - Load Function Control Vector */
/* 0x011A - Clear Function Control Vector */
/* 0x011B - Force User Logoff */
/* 0x0200 - Register PKA Public Key Hash */
/* 0x0201 - Register PKA Public Key, with cloning */
/* 0x0202 - Register PKA Public Key */
/* 0x0203 - Delete Retained Key */
/* 0x0204 - PKA Clone Key Generate */
/* 0x0211 - 0x21F - Clone information - obtain 1-15 */
/*--------------------------------------------------------------*/
/* For access control points 0x01 - 0x127 */
char default_bitmap[] =
{ 0x00, 0x03, 0xF0, 0x1D, 0x00, 0x00, 0x00, 0x00,
0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x0A, 0x80, 0x00, 0x88, 0x2F, 0x71, 0x10,
0x10, 0x04, 0x03, 0x31, 0x80, 0x00, 0x00, 0x00,
0xFF, 0x7F, 0x40, 0x6B, 0x80};
/* For access control points 0x200 - 0x23F */
char default2_bitmap[] =
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xE6, 0x0F };
/*--------------------------------------------------------------*/
/* role #1 - authorized to same as default plus also */
/* authorized to: */
/* 0x0018 - Load 1st part of Master Key */
/* 0x0020 - Generate Random Master Key */
/* 0x0032 - Clear New Master Key Register */
/* 0x0053 - Load 1st part of PKA Master Key */
/* 0x0060 - Clear New PKA Master Key Register */
/* 0x0119 - Load Function Control Vector */
/* 0x0201 - Register PKA Public Key, with cloning */
/* 0x0202 - Register PKA Public Key */
/* 0x0203 - Delete Retained Key */
/* 0x0204 - PKA Clone Key Generate */
/* 0x0211 - 0x215 - Clone information - obtain 1-5 */
/* 0x0221 - 0x225 - Clone information - install 1-5 */
/*--------------------------------------------------------------*/
char role1_bitmap[] =
{ 0x00, 0x03, 0xF0, 0x9D, 0x80, 0x00, 0x20, 0x00,
0x80, 0x00, 0x10, 0x00, 0x80, 0x00, 0x00, 0x00,
0x00, 0x0A, 0x80, 0x00, 0x88, 0x1F, 0x71, 0x10,
0x10, 0x04, 0x03, 0x11, 0x80, 0x00, 0x00, 0x00,
0xFF, 0x7F, 0x00, 0x4F, 0x80};
char role1_bitmap2[] =
{ 0x78, 0x00, 0x7C, 0x00, 0x7C, 0x00, 0xE6, 0x0F };
/*--------------------------------------------------------------*/
/* role #2 - authorized to same as default plus also */
/* authorized to: */
/* 0x0019 - Combine Master Key Parts */
/* 0x001A - Set Master Key */
/* 0x0033 - Clear Old Master Key Register */
/* 0x0054 - Combine PKA Master Key Parts */
/* 0x0057 - Set PKA Master Key */
/* 0x0061 - Clear Old Master Key Register */
/* 0x011A - Clear Function Control Vector */
/* 0x0200 - Register PKA Public Key Hash */
/* 0x0201 - Register PKA Public Key, with cloning */
/* 0x0203 - Delete Retained Key */
/* 0x0204 - PKA Clone Key Generate */
/* 0x0216 - 0x21A - Clone information - obtain 6-10 */
/* 0x0226 - 0x22A - Clone information - install 6-10 */
/*--------------------------------------------------------------*/
char role2_bitmap[] =
{ 0x00, 0x03, 0xF0, 0x7D, 0x80, 0x00, 0x10, 0x00,
0x80, 0x00, 0x09, 0x00, 0x40, 0x00, 0x00, 0x00,
0x00, 0x0A, 0x80, 0x00, 0x88, 0x1F, 0x71, 0x10,
0x10, 0x04, 0x03, 0x31, 0x80, 0x00, 0x00, 0x00,
0xFF, 0x7F, 0x00, 0x2F, 0x80};
char role2_bitmap2[] =
{ 0xD8, 0x00, 0x03, 0xE0, 0x03, 0xE0, 0xE6, 0x0F };
/*--------------------------------------------------------------*/
/* role #3 - authorized to same as default plus also */
/* authorized to: */
/* 0x0110 - Set Clock */
/* 0x0111 - Reinitialize device */
/* 0x0112 - Initialize access control system */
/* 0x0113 - Change user profile expiration date */
/* 0x0114 - Change authentication data (eg. passphrase) */
/* 0x0115 - Reset password failure count */
/* 0x0116 - Read Public Access Control Information */
/* 0x0117 - Delete user profile */
/* 0x0118 - Delete role */
/* 0x011B - Force User Logoff */
/* 0x0200 - Register PKA Public Key Hash */
/* 0x0201 - Register PKA Public Key, with cloning */
/* 0x0203 - Delete Retained Key */
/* 0x0204 - PKA Clone Key Generate */
/* 0x021B - 0x21F - Clone information - obtain 11-15 */
/* 0x022B - 0x22F - Clone information - install 11-15 */
/*--------------------------------------------------------------*/
char role3_bitmap[] =
{ 0x00, 0x03, 0xF0, 0x1D, 0x00, 0x00, 0x00, 0x00,
0x80, 0x00, 0x00, 0x00, 0xC0, 0x00, 0x00, 0x00,
0x00, 0x0A, 0x80, 0x00, 0x88, 0x1F, 0x71, 0x10,
0x10, 0x04, 0x03, 0x31, 0x80, 0x00, 0x00, 0x00,
0xFF, 0x7F, 0xFF, 0x9F, 0x80};
char role3_bitmap2[] =
{ 0xD8, 0x00, 0x00, 0x1F, 0x00, 0x1F, 0xE6, 0x0F };
/*--------------------------------------------------------------*/
/* Structures for defining the access control points in a role */
/*--------------------------------------------------------------*/
struct access_control_points_header
{
short number_segments; /* Number of segments of */
/* the access points map */
short reserved;
} access_control_points_header;
struct access_control_points_segment_header
{
short start_bit; /* Starting bit in this */
/* segment. */
short end_bit; /* Ending bit */
short number_bytes; /* Number of bytes in */
/* this segment */
short reserved;
} access_control_points_segment_header;
/*--------------------------------------------------------------*/
/* Structure for defining a role */
/*--------------------------------------------------------------*/
struct role_header
{
char version[2];
short length;
char comment[20];
short checksum;
short reserved1;
char role[8];
short auth_strength;
short lower_time;
short upper_time;
char valid_days_of_week;
char reserved2;
} role_header;
/*--------------------------------------------------------------*/
/* Structure for defining aggregate roles */
/*--------------------------------------------------------------*/
struct aggregate_role_header
{
long number;
long reserved;
} aggregate_role_header;
char * verb_data2;
char * work_ptr;
char *bitmap1, *bitmap2;
int i; /* Loop counter */
/*--------------------------------------------------------------*/
/* &gt;&gt;&gt;&gt;&gt;&gt;&gt;&gt; Start of code &lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt;&lt; */
/*--------------------------------------------------------------*/
/*--------------------------------------------------------------*/
/* Allocate storage for the aggregate role structure */
/*--------------------------------------------------------------*/
verb_data2 = malloc(sizeof(aggregate_role_header) +
sizeof(role_header) * 3 +
sizeof(access_control_points_header) * 3 +
sizeof(access_control_points_segment_header)
* 6 + /* 3 roles * 2 segments each */
sizeof(default_bitmap) * 3 +
sizeof(default2_bitmap) * 3);
work_ptr = verb_data2; /* Set working pointer to
start of verb data 2 storage */
aggregate_role_header.number = 3; /* Define/replace 3 roles */
aggregate_role_header.reserved = 0;
/* Copy header into verb data
2 storage. */
memcpy(work_ptr,(void*)&amp;aggregate_role_header,
sizeof(aggregate_role_header));
/* Adjust work pointer to point
after header. */
work_ptr += sizeof(aggregate_role_header);
/*--------------------------------------------------------------*/
/* Fill in the fields of the role definitions. */
/* Each role is version 1, has authentication strength of 0, */
/* has valid time from 12:00 Midnight (0) to 23:59 (x173B), */
/* is valid every day of the week. (xFE is 7 bits set), */
/* has one access control points segment that starts at bit 0 */
/* and goes to bit x11F, and has 20 spaces for a comment. */
/*--------------------------------------------------------------*/
role_header.version[0] = 1;
role_header.version[1] = 0;
role_header.length = sizeof(role_header) +
sizeof(access_control_points_header) +
2 * sizeof(access_control_points_segment_header) +
sizeof(default_bitmap) + sizeof(default2_bitmap);
role_header.checksum = 0;
role_header.reserved1 = 0;
role_header.auth_strength = 0;
role_header.lower_time = 0;
role_header.upper_time = 0x173B;
role_header.valid_days_of_week = 0xFE;
role_header.reserved2 = 0;
memset(role_header.comment,' ', 20);
access_control_points_header.number_segments = 2;
access_control_points_header.reserved = 0;
access_control_points_segment_header.reserved = 0;
for (i=0; i&lt;3; i++)
{
switch (i) {
/*------------------------------------------------*/
/* Set name for ROLE1 */
/*------------------------------------------------*/
case 0:
memcpy(role_header.role, "ROLE1 ", 8);
bitmap1 = role1_bitmap;
bitmap2 = role1_bitmap2;
break;
/*------------------------------------------------*/
/* Set name for ROLE2 */
/*------------------------------------------------*/
case 1:
memcpy(role_header.role, "ROLE2 ", 8);
bitmap1 = role2_bitmap;
bitmap2 = role2_bitmap2;
break;
/*------------------------------------------------*/
/* Set name for ROLE3 */
/*------------------------------------------------*/
case 2:
memcpy(role_header.role, "ROLE3 ", 8);
bitmap1 = role3_bitmap;
bitmap2 = role3_bitmap2;
}
/*---------------------------------------------------*/
/* Copy role header */
/*---------------------------------------------------*/
memcpy(work_ptr,(void*)&amp;role_header, sizeof(role_header));
/* Adjust work pointer to
point after role header. */
work_ptr += sizeof(role_header);
/*---------------------------------------------------*/
/* Copy access control points header */
/*---------------------------------------------------*/
memcpy(work_ptr,
(void *)&amp;access_control_points_header,
sizeof(access_control_points_header));
/* Adjust work pointer to
point after header. */
work_ptr += sizeof(access_control_points_header);
/*---------------------------------------------------*/
/* Copy access control points segment 1 */
/*---------------------------------------------------*/
access_control_points_segment_header.start_bit = 0;
access_control_points_segment_header.end_bit = 0x127;
access_control_points_segment_header.number_bytes =
sizeof(default_bitmap);
memcpy(work_ptr,
(void *)&amp;access_control_points_segment_header,
sizeof(access_control_points_segment_header));
/* Adjust work pointer to
point after header. */
work_ptr += sizeof(access_control_points_segment_header);
/*---------------------------------------------------*/
/* Copy access control points segment 1 bitmap */
/*---------------------------------------------------*/
memcpy(work_ptr, bitmap1, sizeof(default_bitmap));
/* Adjust work pointer to
point after bitmap. */
work_ptr += sizeof(default_bitmap);
/*---------------------------------------------------*/
/* Copy access control points segment 2 */
/*---------------------------------------------------*/
access_control_points_segment_header.start_bit = 0x200;
access_control_points_segment_header.end_bit = 0x23F;
access_control_points_segment_header.number_bytes =
sizeof(default2_bitmap);
memcpy(work_ptr,
(void *)&amp;access_control_points_segment_header,
sizeof(access_control_points_segment_header));
/* Adjust work pointer to
point after header. */
work_ptr += sizeof(access_control_points_segment_header);
/*---------------------------------------------------*/
/* Copy access control points segment 2 bitmap */
/*---------------------------------------------------*/
memcpy(work_ptr, bitmap2, sizeof(default2_bitmap));
/* Adjust work pointer to
point after bitmap. */
work_ptr += sizeof(default2_bitmap);
}
/*---------------------------------------------------------------*/
/* Allocate storage for aggregate profile structure */
/*---------------------------------------------------------------*/
verb_data1 = malloc(sizeof(aggregate_profile));
verb_data1-&gt;number = 3; /* Define 3 profiles */
verb_data1-&gt;reserved = 0;
/*---------------------------------------------------------------*/
/* Each profile: */
/* will be version 1, */
/* have an activation date of 1/1/00, */
/* have an expiration date of 6/30/2005, */
/* use passphrase hashed with SHA1 for the mechanism (0x0001), */
/* will be renewable (attributes = 0x8000) */
/* and has 20 spaces for a comment */
/*---------------------------------------------------------------*/
for (i=0; i&lt;3; i++)
{
verb_data1-&gt;profile[i].length = sizeof(profile_T);
verb_data1-&gt;profile[i].version[0] = 1;
verb_data1-&gt;profile[i].version[1] = 0;
verb_data1-&gt;profile[i].checksum = 0;
verb_data1-&gt;profile[i].logon_failure_count = 0;
verb_data1-&gt;profile[i].reserved = 0;
verb_data1-&gt;profile[i].act_year = 2000;
verb_data1-&gt;profile[i].act_month = 1;
verb_data1-&gt;profile[i].act_day = 1;
verb_data1-&gt;profile[i].exp_year = 2005;
verb_data1-&gt;profile[i].exp_month = 6;
verb_data1-&gt;profile[i].exp_day = 30;
verb_data1-&gt;profile[i].total_auth_data_length = 0x24;
verb_data1-&gt;profile[i].field_type = 0x0001;
verb_data1-&gt;profile[i].auth_data_length_1 = 0x20;
verb_data1-&gt;profile[i].mechanism = 0x0001;
verb_data1-&gt;profile[i].strength = 0;
verb_data1-&gt;profile[i].mech_exp_year = 2005;
verb_data1-&gt;profile[i].mech_exp_month = 6;
verb_data1-&gt;profile[i].mech_exp_day = 30;
verb_data1-&gt;profile[i].attributes[0] = 0x80;
verb_data1-&gt;profile[i].attributes[1] = 0;
verb_data1-&gt;profile[i].attributes[2] = 0;
verb_data1-&gt;profile[i].attributes[3] = 0;
memset(verb_data1-&gt;profile[i].comment, ' ', 20);
memcpy(rule_array, "SHA-1 ", 8);
rule_array_count = 1;
chaining_vector_length = 128;
hash_length = 20;
switch (i) {
/*-------------------------------------------*/
/* Set name, role, passphrase of profile 1 */
/*-------------------------------------------*/
case 0:
memcpy(verb_data1-&gt;profile[i].userid,"SECOFR1 ",8);
memcpy(verb_data1-&gt;profile[i].role, "ROLE1 ",8);
text_length = 10;
text = "Is it safe";
break;
/*-------------------------------------------*/
/* Set name, role, passphrase of profile 2 */
/*-------------------------------------------*/
case 1:
memcpy(verb_data1-&gt;profile[i].userid,"SECOFR2 ",8);
memcpy(verb_data1-&gt;profile[i].role, "ROLE2 ",8);
text_length = 18;
text = "I think it is safe";
break;
/*-------------------------------------------*/
/* Set name, role, passphrase of profile 3 */
/*-------------------------------------------*/
case 2:
memcpy(verb_data1-&gt;profile[i].userid,"SECOFR3 ",8);
memcpy(verb_data1-&gt;profile[i].role, "ROLE3 ",8);
text_length = 12;
text = "Is what safe";
}
/*-------------------------------------------------*/
/* Call One_Way_Hash to hash the pass-phrase */
/*-------------------------------------------------*/
CSNBOWH( &amp;return_code,
&amp;reason_code,
&amp;exit_data_length,
exit_data,
&amp;rule_array_count,
(char*)rule_array,
&amp;text_length,
text,
&amp;chaining_vector_length,
chaining_vector,
&amp;hash_length,
verb_data1-&gt;profile[i].auth_data);
}
/*------------------------------------------------------*/
/* Call Access_Control_Initialize (CSUAACI) to create */
/* the roles and profiles. */
/*------------------------------------------------------*/
rule_array_count = 2;
memcpy(rule_array, "INIT-AC REPLACE ", 16);
verb_data1_length = sizeof(aggregate_profile);
verb_data2_length = sizeof(aggregate_role_header) +
sizeof(role_header) * 3 +
sizeof(access_control_points_header) * 3 +
sizeof(access_control_points_segment_header)
* 6 + /* 3 roles * 2 segments each */
sizeof(default_bitmap) * 3 +
sizeof(default2_bitmap) * 3;
CSUAACI( &amp;return_code,
&amp;reason_code,
&amp;exit_data_length,
exit_data,
&amp;rule_array_count,
(char *)rule_array,
(long *) &amp;verb_data1_length,
(char *) verb_data1,
(long *) &amp;verb_data2_length,
(char *) verb_data2);
if (return_code &gt; WARNING)
printf("Access_Control_Initialize failed. Return/reason codes: \
%d/%d\n",return_code, reason_code);
else
printf("The new roles and profiles were successfully created\n");
/*----------------------------------------------------------*/
/* The Access_Control_Initialize SAPI verb needs to be */
/* called one more time to replace the DEFAULT role so that */
/* a user that does not log on is not able to change any */
/* settings in the . */
/*----------------------------------------------------------*/
work_ptr = verb_data2; /* Set working pointer to
start of verb data 2 storage */
aggregate_role_header.number = 1; /* Define/replace 1 roles */
aggregate_role_header.reserved = 0;
memcpy(work_ptr,(void*)&amp;aggregate_role_header,
sizeof(aggregate_role_header));
/* Adjust work pointer to
point after header. */
work_ptr += sizeof(aggregate_role_header);
/*--------------------------------------------------------------*/
/* Fill in the fields of the role definitions. */
/* Each role is version 1, has authentication strength of 0, */
/* has valid time from 12:00 Midnight (0) to 23:59 (x173B), */
/* is valid every day of the week. (xFE is 7 bits set), */
/* has one access control points segment that starts at bit 0 */
/* and goes to bit x11F, and has 20 spaces for a comment. */
/*--------------------------------------------------------------*/
role_header.version[0] = 1;
role_header.version[1] = 0;
role_header.length = sizeof(role_header) +
sizeof(access_control_points_header) +
2 * sizeof(access_control_points_segment_header) +
sizeof(default_bitmap) + sizeof(default2_bitmap);
role_header.checksum = 0;
role_header.reserved1 = 0;
role_header.auth_strength = 0;
role_header.lower_time = 0;
role_header.upper_time = 0x173B;
role_header.valid_days_of_week = 0xFE;
role_header.reserved2 = 0;
memset(role_header.comment,' ', 20);
access_control_points_header.number_segments = 2;
access_control_points_header.reserved = 0;
access_control_points_segment_header.reserved = 0;
/* DEFAULT role id must be in */
/* ASCII representation. */
memcpy(role_header.role, "\x44\x45\x46\x41\x55\x4C\x54\x20", 8);
bitmap1 = default_bitmap;
bitmap2 = default2_bitmap;
/*---------------------------------------------------*/
/* Copy role header */
/*---------------------------------------------------*/
memcpy(work_ptr,(void*)&amp;role_header, sizeof(role_header));
/* Adjust work pointer to
point after header. */
work_ptr += sizeof(role_header);
/*---------------------------------------------------*/
/* Copy access control points header */
/*---------------------------------------------------*/
memcpy(work_ptr,
(void *)&amp;access_control_points_header,
sizeof(access_control_points_header));
/* Adjust work pointer to
point after header. */
work_ptr += sizeof(access_control_points_header);
/*---------------------------------------------------*/
/* Copy access control points segment 1 */
/*---------------------------------------------------*/
access_control_points_segment_header.start_bit = 0;
access_control_points_segment_header.end_bit = 0x127;
access_control_points_segment_header.number_bytes =
sizeof(default_bitmap);
memcpy(work_ptr,
(void *)&amp;access_control_points_segment_header,
sizeof(access_control_points_segment_header));
/* Adjust work pointer to
point after header. */
work_ptr += sizeof(access_control_points_segment_header);
/*---------------------------------------------------*/
/* Copy access control points segment 1 bitmap */
/*---------------------------------------------------*/
memcpy(work_ptr, bitmap1, sizeof(default_bitmap));
/* Adjust work pointer to
point after bitmap. */
work_ptr += sizeof(default_bitmap);
/*---------------------------------------------------*/
/* Copy access control points segment 2 */
/*---------------------------------------------------*/
access_control_points_segment_header.start_bit = 0x200;
access_control_points_segment_header.end_bit = 0x23F;
access_control_points_segment_header.number_bytes =
sizeof(default2_bitmap);
memcpy(work_ptr,
(void *)&amp;access_control_points_segment_header,
sizeof(access_control_points_segment_header));
/* Adjust work pointer to
point after header. */
work_ptr += sizeof(access_control_points_segment_header);
/*---------------------------------------------------*/
/* Copy access control points segment 2 bitmap */
/*---------------------------------------------------*/
memcpy(work_ptr, bitmap2, sizeof(default2_bitmap));
rule_array_count = 2;
memcpy(rule_array, "INIT-AC REPLACE ", 16);
verb_data1_length = 0;
verb_data2_length = sizeof(aggregate_role_header) +
sizeof(role_header) +
sizeof(access_control_points_header) +
sizeof(access_control_points_segment_header)
* 2 +
sizeof(default_bitmap) +
sizeof(default2_bitmap);
CSUAACI( &amp;return_code,
&amp;reason_code,
&amp;exit_data_length,
exit_data,
&amp;rule_array_count,
(char *)rule_array,
(long *) &amp;verb_data1_length,
(char *) verb_data1,
(long *) &amp;verb_data2_length,
(char *) verb_data2);
if (return_code &gt; 4)
printf("The default role was not replaced. Return/reason code:\
%d/%d\n",return_code, reason_code);
else
printf("The default role was successfully updated.\n");
}</pre>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzajcsetup.htm" title="Configuring your Cryptographic Coprocessor allows you to begin to use all of its cryptographic operations.">Configure the Cryptographic Coprocessor</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rzajcrolesprofiles.htm#definingroles">Defining roles</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink