ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzajc_5.4.0.1/rzajcsetdefaultc.htm

375 lines
18 KiB
HTML

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="reference" />
<meta name="DC.Title" content="Example: ILE C program for enabling all access control points in the default role for your Coprocessor" />
<meta name="abstract" content="Change this program example to suit your needs for enabling all access control points in the default role for your Coprocessor." />
<meta name="description" content="Change this program example to suit your needs for enabling all access control points in the default role for your Coprocessor." />
<meta name="DC.Relation" scheme="URI" content="rzajcsetup.htm" />
<meta name="DC.Relation" scheme="URI" content="rzajcrolesprofiles.htm#definingroles" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="setdefaultc" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Example: ILE C program for enabling all access control points in the
default role for your Coprocessor</title>
</head>
<body id="setdefaultc"><a name="setdefaultc"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Example: ILE C program for enabling all access control points in the
default role for your Coprocessor</h1>
<div><p>Change this program example to suit your needs for enabling all
access control points in the default role for your Coprocessor. </p>
<div class="section"><div class="note"><span class="notetitle">Note:</span> Read the <a href="codedisclaimer.htm#codedisclaimer">Code license and disclaimer information</a> for
important legal information.<p>If you choose to use this program example,
change it to suit your specific needs. For security reasons, IBM<sup>®</sup> recommends
that you individualize these program examples rather than using the default
values provided.</p>
</div>
</div>
<div class="example"> <pre>/*-------------------------------------------------------------------*/
/* SETDEFAULT */
/* */
/* Sample program to authorize the default role to all access */
/* control points in the . */
/* */
/* */
/* COPYRIGHT 5769-SS1 (C) IBM CORP. 2000, 2000 */
/* */
/* This material contains programming source code for your */
/* consideration. These examples have not been thoroughly */
/* tested under all conditions. IBM, therefore, cannot */
/* guarantee or imply reliability, serviceability, or function */
/* of these program. All programs contained herein are */
/* provided to you "AS IS". THE IMPLIED WARRANTIES OF */
/* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE */
/* ARE EXPRESSLY DISCLAIMED. IBM provides no program services for */
/* these programs and files. */
/* */
/* */
/* Note: Input format is more fully described in Chapter 2 of */
/* IBM CCA Basic Services Reference and Guide */
/* (SC31-8609) publication. */
/* */
/* Parameters: */
/* none. */
/* */
/* Example: */
/* CALL PGM(SETDEFAULT) */
/* */
/* Use these commands to compile this program on the system: */
/* CRTCMOD MODULE(SETDEFAULT) SRCFILE(SAMPLE) */
/* CRTPGM PGM(SETDEFAULT) MODULE(SETDEFAULT) */
/* BNDSRVPGM(QCCA/CSUAACI) */
/* */
/* Note: Authority to the CSUAACI service programs */
/* in the QCCA library is assumed. */
/* */
/* The Common Cryptographic Architecture (CCA) verb used is */
/* Access_Control_Initialization (CSUAACI). */
/* */
/* Note: This program assumes the device you want to use is */
/* already identified either by defaulting to the CRP01 */
/* device or has been explicitly named using the */
/* Cryptographic_Resource_Allocate verb. Also this */
/* device must be varied on and you must be authorized */
/* to use this device description. */
/* */
/*-------------------------------------------------------------------*/
#include "csucincl.h" /* header file for CCA Cryptographic
Service Provider */
#include &lt;stdio.h&gt;
#include &lt;string.h&gt;
#include &lt;stdlib.h&gt;
void main(int argc, char *argv[]) {
/*-------------------------------------------------------------------*/
/* standard return codes */
/*-------------------------------------------------------------------*/
#define ERROR -1
#define OK 0
#define WARNING 4
/*-------------------------------------------------------------------*/
/* parameters for CCA APIs */
/*-------------------------------------------------------------------*/
long return_code;
long reason_code;
long exit_data_length;
char exit_data[2];
char rule_array[4][8];
long rule_array_count;
long verb_data1_length;
long verb_data2_length;
char verb_data1[4];
/*--------------------------------------------------------------*/
/* Structure for defining a role */
/*--------------------------------------------------------------*/
struct role_header
{
char version[2];
short length;
char comment[20];
short checksum;
short reserved1;
char role[8];
short auth_strength;
char lower_time_hour;
char lower_time_minute;
char upper_time_hour;
char upper_time_minute;
char valid_days_of_week;
char reserved2;
} role_header;
/*--------------------------------------------------------------*/
/* Structure for defining aggregate roles */
/*--------------------------------------------------------------*/
struct aggregate_role
{
long number;
long reserved;
} aggregate_role_header;
/*--------------------------------------------------------------*/
/* Structures for defining the access control points in a role */
/*--------------------------------------------------------------*/
struct access_control_points_header
{
short number_segments; /* Number of segments of */
/* the access points map */
short reserved;
} access_control_points_header;
struct access_control_points_segment_header
{
short start_bit; /* Starting bit in this */
/* segment. */
short end_bit; /* Ending bit */
short number_bytes; /* Number of bytes in */
/* this segment */
short reserved;
} access_control_points_segment_header;
/*-------------------------------------------------------------------*/
/* Default role - access control points list - */
/* authorized to everything */
/* */
/* For access control points 0x01 - 0x127 */
/*-------------------------------------------------------------------*/
char default_bitmap[] =
{ 0x00, 0x03, 0xF0, 0xFD, 0x80, 0x00, 0x30, 0x00,
0x80, 0x00, 0x19, 0x00, 0xC0, 0x00, 0x00, 0x00,
0x00, 0x0A, 0x80, 0x00, 0x88, 0x2F, 0x71, 0x10,
0x18, 0x04, 0x03, 0x31, 0x80, 0x00, 0x00, 0x00,
0xFF, 0x7F, 0xFF, 0xFF, 0x80};
/*-------------------------------------------------------------------*/
/* For access control points 0x200 - 0x23F */
/*-------------------------------------------------------------------*/
char default2_bitmap[] =
{ 0xF8, 0x00, 0x7F, 0xFF, 0x7F, 0xFF, 0xE6, 0x0F };
unsigned char * verb_data2;
unsigned char * work_ptr;
int i; /* Loop counter */
/*--------------------------------------------------------------*/
/* Start of code */
/*--------------------------------------------------------------*/
/*--------------------------------------------------------------*/
/* Allocate storage for the aggregate role structure */
/*--------------------------------------------------------------*/
verb_data2 = malloc(sizeof(aggregate_role_header) +
sizeof(role_header) +
sizeof(access_control_points_header) +
sizeof(access_control_points_segment_header)
* 2 +
sizeof(default_bitmap) +
sizeof(default2_bitmap));
work_ptr = verb_data2; /* Set up work pointer */
aggregate_role_header.number = 1; /* Define/replace 1 role */
aggregate_role_header.reserved = 0; /* Initialize reserved field*/
/* Copy header to verb_data2
storage. */
memcpy(work_ptr,(void*)&amp;aggregate_role_header,
sizeof(aggregate_role_header));
work_ptr += sizeof(aggregate_role_header); /* Set work pointer
after role header */
/*--------------------------------------------------------------*/
/* Fill in the fields of the role definition. */
/*--------------------------------------------------------------*/
role_header.version[0] = 1; /* Version 1 role */
role_header.version[1] = 0;
/* Set length of the role */
role_header.length = sizeof(role_header)
+ sizeof(access_control_points_header)
+ 2 *
sizeof(access_control_points_segment_header)
+ sizeof(default_bitmap)
+ sizeof(default2_bitmap);
role_header.checksum = 0; /* Checksum is not used */
role_header.reserved1 = 0; /* Reserved must be 0 */
role_header.auth_strength = 0; /* Authentication strength */
/* is set to 0. */
/* Lower time is 00:00 */
role_header.lower_time_hour = 0;
role_header.lower_time_minute = 0;
/* Upper time is 23:59 */
role_header.upper_time_hour = 23;
role_header.upper_time_minute = 59;
role_header.valid_days_of_week = 0xFE; /* Valid every day */
/* 7 bits - 1 bit each day */
role_header.reserved2 = 0; /* Reserved must be 0 */
/* Role is DEFAULT */
/* expressed in ASCII */
memcpy(role_header.role, "\x44\x45\x46\x41\x55\x4C\x54\x20", 8);
memset(role_header.comment,' ',20); /* No description for role */
/*---------------------------------------------------*/
/* Copy role header into verb_data2 storage */
/*---------------------------------------------------*/
memcpy(work_ptr,(void*)&amp;role_header, sizeof(role_header));
work_ptr += sizeof(role_header);
/*---------------------------------------------------*/
/* Set up access control points header and then */
/* copy it into verb_data2 storage. */
/*---------------------------------------------------*/
access_control_points_header.number_segments = 2;
access_control_points_header.reserved = 0;
access_control_points_segment_header.reserved = 0;
memcpy(work_ptr,
(void *)&amp;access_control_points_header,
sizeof(access_control_points_header));
/* Adjust work_ptr to point to the
first segment */
work_ptr += sizeof(access_control_points_header);
/*---------------------------------------------------*/
/* Set up the segment header for segment 1 and then */
/* copy into verb_data2 storage */
/*---------------------------------------------------*/
access_control_points_segment_header.start_bit = 0;
access_control_points_segment_header.end_bit = 0x127;
access_control_points_segment_header.number_bytes =
sizeof(default_bitmap);
memcpy(work_ptr,
(void *)&amp;access_control_points_segment_header,
sizeof(access_control_points_segment_header));
/* Adjust work_ptr to point to the
first segment bitmap */
work_ptr += sizeof(access_control_points_segment_header);
/*---------------------------------------------------*/
/* Copy access control points segment 1 bitmap */
/*---------------------------------------------------*/
memcpy(work_ptr, default_bitmap, sizeof(default_bitmap));
/* Adjust work_ptr to point to the
second segment */
work_ptr += sizeof(default_bitmap);
/*---------------------------------------------------*/
/* Set up the segment header for segment 2 and then */
/* copy into verb_data2 storage */
/*---------------------------------------------------*/
access_control_points_segment_header.start_bit = 0x200;
access_control_points_segment_header.end_bit = 0x23F;
access_control_points_segment_header.number_bytes =
sizeof(default2_bitmap);
memcpy(work_ptr,
(void *)&amp;access_control_points_segment_header,
sizeof(access_control_points_segment_header));
/* Adjust work_ptr to point to the
second segment bitmap */
work_ptr += sizeof(access_control_points_segment_header);
/*---------------------------------------------------*/
/* Copy access control points segment 2 bitmap */
/*---------------------------------------------------*/
memcpy(work_ptr, default2_bitmap, sizeof(default2_bitmap));
/*---------------------------------------------------*/
/* Set the length of verb data 2 (Role definition) */
/*---------------------------------------------------*/
verb_data2_length = sizeof(aggregate_role_header) +
role_header.length;
/*---------------------------------------------------*/
/* Set remaining parameters */
/*---------------------------------------------------*/
rule_array_count = 2;
memcpy(rule_array, "INIT-AC REPLACE ", 16);
verb_data1_length = 0;
/*------------------------------------------------------*/
/* Call Access_Control_Initialize (CSUAACI) to set the */
/* default role. */
/*------------------------------------------------------*/
CSUAACI( &amp;return_code,
&amp;reason_code,
&amp;exit_data_length,
exit_data,
&amp;rule_array_count,
(unsigned char *)rule_array,
&amp;verb_data1_length,
(unsigned char *) verb_data1,
&amp;verb_data2_length,
verb_data2);
if (return_code &gt; 4)
printf("The default role was not replaced. Return/reason code:\
%d/%d\n",return_code, reason_code);
else
printf("The default role was successfully updated.\n");
}</pre>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzajcsetup.htm" title="Configuring your Cryptographic Coprocessor allows you to begin to use all of its cryptographic operations.">Configure the Cryptographic Coprocessor</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rzajcrolesprofiles.htm#definingroles">Defining roles</a></div>
</div>
</div>
</body>
</html>