From: John Vottero [John@MVPSI.com] Sent: Tuesday, June 08, 1999 4:51 PM To: Info-VAX@Mvb.Saic.Com Subject: RE: Dynamic Identifiers I think a good way of doing this is to call sys$chkpro passing it a constructed ACL which grants access if you have the desired rights identifier. This way, a person with BYPASS would seem to have all rights identifiers. Here's an example I wrote eons ago: /* **++ ** FACILITY: {@tbs@} ** ** MODULE DESCRIPTION: ** ** Check to see if the caller has the specified rights id ** ** AUTHORS: ** ** John Vottero ** ** CREATION DATE: 19-Oct-1995 ** ** DESIGN ISSUES: ** ** {@tbs@} ** ** ** MODIFICATION HISTORY: ** ** {@tbs@}... **-- */ /* ** Include files */ #include #include #include #include #include struct itmlst { unsigned short buflen; unsigned short code; void *bufadr; void *retlenadr; }; /* **++ ** ** FUNCTIONAL DESCRIPTION: ** ** Check for a specific Rights ID ** ** FORMAL PARAMETERS: ** ** the_id: ** The Rights ID to check for in binary format. ** We could accept ASCII format and call SYS$ASCTOID. ** ** RETURN VALUE: ** ** VMS status code, success means they have the Rights ID. ** ** SIDE EFFECTS: ** ** None ** ** DESIGN: ** ** None ** ** ** **-- */ long check_for_rights_id( unsigned int the_id) { long return_status; unsigned long bit_to_check; unsigned long proc_priv[2]; unsigned long fake_acl[6]; int cpi; struct itmlst chkpro_itmlst[4]; return_status = lib$getjpi ( &JPI$_PROCPRIV, 0, 0, proc_priv, 0, 0); if (!(return_status & 1)) { lib$signal(return_status); return return_status; } /* ** We'll check bit 0, it could be any bit, 0 to 31 */ bit_to_check = 1; cpi = 0; chkpro_itmlst[cpi].buflen = 4; chkpro_itmlst[cpi].code = CHP$_ACCESS; chkpro_itmlst[cpi].bufadr = &bit_to_check; chkpro_itmlst[cpi].retlenadr = 0; cpi++; chkpro_itmlst[cpi].buflen = 8; chkpro_itmlst[cpi].code = CHP$_PRIV; chkpro_itmlst[cpi].bufadr = proc_priv; chkpro_itmlst[cpi].retlenadr = 0; /* ** Build a fake ACL which would look like this: ** ** (IDENTIFIER=the_id, ACCESS=BIT_1), ** (IDENTIFIER=[*,*], ACCESS=NONE) ** */ fake_acl[0] = 0x10C; /* Flags, Type and Length */ fake_acl[1] = bit_to_check; /* The bit we are looking for */ fake_acl[2] = the_id; /* The passed Rights ID */ fake_acl[3] = 0x10C; /* Flags, Type and Length */ fake_acl[4] = 0; /* ACCESS=NONE */ fake_acl[5] = 0x3FFFFFF; /* [*,*] */ /* ** Now add the fake ACL to the item list */ cpi++; chkpro_itmlst[cpi].buflen = 24; /* Six longwords, 24 bytes */ chkpro_itmlst[cpi].code = CHP$_ACL; chkpro_itmlst[cpi].bufadr = fake_acl; chkpro_itmlst[cpi].retlenadr = 0; /* ** Terminate the item list */ cpi++; chkpro_itmlst[cpi].buflen = 0; chkpro_itmlst[cpi].code = 0; chkpro_itmlst[cpi].bufadr = 0; chkpro_itmlst[cpi].retlenadr = 0; return sys$chkpro(chkpro_itmlst); } > -----Original Message----- > From: jstrange@imtn.dsccc.com [mailto:jstrange@imtn.dsccc.com] > Sent: Tuesday, June 08, 1999 3:54 PM > To: Info-VAX@Mvb.Saic.Com > Subject: Dynamic Identifiers > > > Would some kind soul provide me with the SYS$ or LIB$ calls > which would tell me if the process has an identifier enabled. > > > I used SYS$FIND_HELD and SYS$IDTOASC, but they only give me > all the identifiers held by the user even if the user have done a > SET RIGHTS_LIST/DISABLE id_name_here. > > > -- > While Alcatel may claim ownership of all my ideas (on or off the job), > Alcatel does not claim any responsibility for them. Warranty > expired when u > opened this article and I will not be responsible for its > contents or use. >