HP OpenVMS System Services Reference Manual

The acmode argument is a longword containing the access mode. The $PSLDEF macro defines the following symbols for the access modes:

Symbolic
Name Access
Mode Privilege
Rank

PSL$C_KERNEL Kernel High

PSL$C_EXEC Executive --

PSL$C_SUPER Supervisor --

PSL$C_USER User Low

Symbolic Name	Access Mode	Privilege Rank
PSL$C_KERNEL	Kernel	High
PSL$C_EXEC	Executive	--
PSL$C_SUPER	Supervisor	--
PSL$C_USER	User	Low

The acmode argument is optional for the RSDM$_JOIN_DOMAIN function. If you do not specify the acmode argument, the access mode is set to the access mode of the calling process. The acmode argument is ignored for the RSDM$_LEAVE function.

Function Codes

RSDM$_JOIN_DOMAIN
A process has the option of forming multiple associations with one or more resource domains. Each association can have different access rights to the resource domain, such as to read lock value blocks or to write lock value blocks. This request sets up a new association with a resource domain.
$SET_RESOURCE_DOMAIN verifies the desired access against the security profile of the resource domain. If the desired access is allowed, a new association to the resource domain is created, and a resource domain identification for the association is returned.
This function code returns the following condition values:
SS$_NORMAL
SS$_BADPARAM
SS$_EXQUOTA
SS$_INSFMEM
SS$_NOOBJSRV
SS$_NOPRIV

RSDM$_LEAVE
This operation requests that a process end an association with a resource domain.
A process must leave a resource domain association in the same mode as, or in a more privileged mode than, the mode in which it joined the resource domain.
Before a process can end its association with a resource domain, it must release all locks taken using that association.
This function code returns the following condition values:
SS$_NORMAL
SS$_BADPARAM
SS$_IVMODE
SS$_RSDM_ACTIVE
SS$_RSDMNOTFOU

Description

The Set Resource Domain system service enables a process to use the lock management system services $DEQ, $ENQ, $ENQW, $GETLKI, and $GETLKIW.
The lock management services enable processes with the appropriate access rights to take and release locks on resource names and to perform other functions related to lock management. Applications use resource names to represent resources to which they want to synchronize access. A resource domain is a namespace for resource names. A process must join a resource domain to take and release locks and to read and write value blocks associated with resources in that resource domain.
When a process requests to join a resource domain, $SET_RESOURCE_DOMAIN performs an access check. After $SET_RESOURCE_DOMAIN verifies the desired access to the resource domain, the service creates an association between the resource domain and the calling process. The association is represented by a resource domain identification. A process can request different types of access to the same resource domain; the type of access is a characteristic of the association with the resource domain.
Each time a process joins a resource domain, a new association is created.
Processes use their resource domain identifications when using $ENQ or $ENQW to request a new lock.
The service can grant the following three types of access to resource domains:

The right to read lock value blocks
The right to write lock value blocks
The right to take and release locks

Required Access or Privileges

None
Required Quota

$SET_RESOURCE_DOMAIN uses system dynamic memory, which uses BYTLM quota, for the creation of the resource domain data structures.
Related Services

$DEQ, $ENQ, $ENQW, $GETLKI, $GETLKIW

Condition Values Returned

SS$_NORMAL The service completed successfully.

SS$_BADPARAM The func, the domain_number, or the rsdm_id argument was specified incorrectly.

SS$_EXQUOTA The caller has insufficient BYTLM quota.

SS$_INSFMEM There is insufficient memory to join the resource domain.

SS$_IVMODE An attempt was made to leave an association created by a more privileged access mode.

SS$_NOOBJSRV The audit server process, which maintains the security profile for resource domains, is not running. The process access rights to the domain cannot be determined, so access is denied.

SS$_NOPRIV Access to the resource domain was denied.

SS$_RSDM_ACTIVE Unable to leave the resource domain because there are locks still associated with this resource domain.

SS$_RSDMNOTFOU The resource domain was not found.

$SET_RETURN_VALUE (Alpha and I64)

On Alpha and I64 systems, sets the return values or condition codes in the Mechanism Array, independent of the architecture.

Format

SYS$SET_RETURN_VALUE mechanism_arg, return_type, return_value

C Prototype

int sys$set_return_value (void *mechanism_arg, unsigned int *return_type, void *return_value);

Arguments

mechanism_arg

OpenVMS usage: mechanism vector address

type: quadword (unsigned)

access: read only

mechanism: by value

The address of the location of the mechanism vector. If the mechanism_arg argument is 0, the mechanism vector for the currently active signal is used.
If the address of the return_type argument is 0, the return_value argument is fetched by value and is treated as return-type PSIG$K_FR_U32. This combination of arguments can be used to set a condition code, such as SS$_ACCVIO, as a return value.
return_type

OpenVMS usage: integer

type: longword (unsigned)

access: read only

mechanism: by reference

The address of the location of a longword that contains one of the function return signature codes.
If the address of the return_type argument is 0, the return_value argument is fetched by value and is treated as return-type PSIG$K_FR_U32. This combination of arguments can be used to set a condition code, such as SS$_ACCVIO, as a return value.
return_value

OpenVMS usage: buffer

type: scalar

access: read only

mechanism: by reference

The address of the location that contains a value of the appropriate type. The referenced value is read as a longword, quadword, or octaword, depending on the return_type.
If the address of the return_type argument is 0, the return_value argument is fetched by value and is treated as return-type PSIG$K_FR_U32. This combination of arguments can be used to set a condition code, such as SS$_ACCVIO, as a return value.

Description

The Set Return Value service allows the caller to specify return values and condition codes in the Mechanism Array, independent of the architecture.
Required Access or Privileges

None
Required Quota

None
Related Services

None

Condition Values Returned

status Success or failure. The given return value is placed in the appropriate fields of the specified mechanism vector, according to the return type.

SS$_NORMAL The service completed successfully.

SS$_BADPARAM

SS$_NOSIGNAL No signal is currently active for an exception condition.

$SET_SECURITY

Modifies the security characteristics of a protected object.

Format

SYS$SET_SECURITY [clsnam] ,[objnam] ,[objhan] ,[flags] ,[itmlst] ,[contxt] ,[acmode]

C Prototype

int sys$set_security (void *clsnam, void *objnam, unsigned int *objhan, unsigned int flags, void *itmlst, unsigned int *contxt, unsigned int *acmode);

Arguments

clsnam

OpenVMS usage: char_string

type: character-coded text string

access: read only

mechanism: by descriptor

Name of the object class. The clsnam argument is the address of a descriptor pointing to a string that contains the name of the object class.
The following is a list of the protected object class names:
CAPABILITY
COMMON_EVENT_CLUSTER
DEVICE
FILE
GLXGRP_GLOBAL_SECTION
GLXSYS_GLOBAL_SECTION
GROUP_GLOBAL_SECTION
ICC_ASSOCIATION
LOGICAL_NAME_TABLE
QUEUE
RESOURCE_DOMAIN
SECURITY_CLASS
SYSTEM_GLOBAL_SECTION
VOLUME

objnam

OpenVMS usage: char_string

type: character-coded text string

access: read only

mechanism: by descriptor

Name of the protected object whose associated security profile is going to be retrieved. The objnam argument is the address of a descriptor pointing to a string containing the name of the protected object.
The format of an object name is class specific. The following table lists object names and describes their formats:

Object Class Object Name Format

CAPABILITY A character string. Currently, the only capability object is VECTOR.

COMMON_EVENT_CLUSTER Name of the event flag cluster, as defined in the Associate Common Event Flag Cluster ($ASCEFC) system service.

DEVICE Standard device specification, described in the OpenVMS User's Manual.

FILE Standard file specification, described in the OpenVMS User's Manual.

GROUP_GLOBAL_SECTION Section name, as defined in the Create and Map Section ($CRMPSC) system service.

ICC_ASSOCIATION ICC security object name node::association_name. The special node name, ICC$::, refers to entries in the clusterwide registry. For registry entries, the Access Access Type does not apply.

LOGICAL_NAME_TABLE Table name, as defined in the Create Logical Name Table ($CRELNT) system service.

QUEUE Standard queue name, as described in the Send to Job Controller ($SNDJBC) system service.

RESOURCE_DOMAIN An identifier or octal string enclosed in brackets.

SECURITY_CLASS Any class name shown in the Object Class column of this table, or a class name followed by a period (.) and the template name. Use the DCL command SHOW SECURITY to display possible template names.

SYSTEM_GLOBAL_SECTION Section name, as defined in the Create and Map Section ($CRMPSC) system service.

VOLUME Volume name or name of the device on which the volume is mounted.

objhan

OpenVMS usage: object_handle

type: longword (unsigned)

access: read only

mechanism: by reference

Data structure identifying the object to address. The objhan argument is an address of a longword containing the object handle. You can use the objhan argument as an alternative to the objnam argument; for example, a channel number clearly specifies the file open on the channel and can serve as an object handle.
The following table shows the format of the object classes:

Object Class Object Handle Format

COMMON_EVENT_CLUSTER Event flag number

DEVICE Channel number

FILE Channel number

RESOURCE_DOMAIN Resource domain identifier

VOLUME Channel number

flags

OpenVMS usage: flags

type: mask_longword

access: read only

mechanism: by value

Mask specifying processing options. The flags argument is a longword bit vector wherein a bit, when set, specifies the corresponding option. The flags argument requires the contxt argument.
The following table describes each flag:

Symbolic Name Description

OSS$M_LOCAL Do not update the master profile for the specified object. This flag allows you to call $SET_SECURITY several times to modify a local copy of a profile; once the modifications are satisfactory, you can clear the OSS$M_LOCAL flag, set the OSS$M_RELCTX flag, and have $SET_SECURITY update the master profile. The flag applies only to calls made with the contxt argument.

OSS$M_RELCTX Release the context structure at the completion of this request.

The $OSSDEF macro defines symbolic names for the flag bits. You construct the flags argument by specifying the symbolic names of each desired option.
itmlst

OpenVMS usage: item_list_3

type: longword (unsigned)

access: read only

mechanism: by reference

Item list specifying which information about the process or processes is to be modified. The itmlst argument is the address of a list of item descriptors, each of which describes an item of information. The list of item descriptors is terminated by a longword of 0.
With the item list, the user modifies the protected object's characteristics. The user defines which security characteristics to modify. If this argument is not present, only the flags argument is processed. Without the itmlst argument, you can only manipulate the security profile locks or release contxt resources.
The following data structure depicts the format of a single item descriptor:

Object Class	Object Name Format
CAPABILITY	A character string. Currently, the only capability object is VECTOR.
COMMON_EVENT_CLUSTER	Name of the event flag cluster, as defined in the Associate Common Event Flag Cluster ($ASCEFC) system service.
DEVICE	Standard device specification, described in the OpenVMS User's Manual.
FILE	Standard file specification, described in the OpenVMS User's Manual.
GROUP_GLOBAL_SECTION	Section name, as defined in the Create and Map Section ($CRMPSC) system service.
ICC_ASSOCIATION	ICC security object name node::association_name. The special node name, ICC$::, refers to entries in the clusterwide registry. For registry entries, the Access Access Type does not apply.
LOGICAL_NAME_TABLE	Table name, as defined in the Create Logical Name Table ($CRELNT) system service.
QUEUE	Standard queue name, as described in the Send to Job Controller ($SNDJBC) system service.
RESOURCE_DOMAIN	An identifier or octal string enclosed in brackets.
SECURITY_CLASS	Any class name shown in the Object Class column of this table, or a class name followed by a period (.) and the template name. Use the DCL command SHOW SECURITY to display possible template names.
SYSTEM_GLOBAL_SECTION	Section name, as defined in the Create and Map Section ($CRMPSC) system service.
VOLUME	Volume name or name of the device on which the volume is mounted.

Object Class	Object Handle Format
COMMON_EVENT_CLUSTER	Event flag number
DEVICE	Channel number
FILE	Channel number
RESOURCE_DOMAIN	Resource domain identifier
VOLUME	Channel number

Symbolic Name	Description
OSS$M_LOCAL	Do not update the master profile for the specified object. This flag allows you to call $SET_SECURITY several times to modify a local copy of a profile; once the modifications are satisfactory, you can clear the OSS$M_LOCAL flag, set the OSS$M_RELCTX flag, and have $SET_SECURITY update the master profile. The flag applies only to calls made with the contxt argument.
OSS$M_RELCTX	Release the context structure at the completion of this request.

The following table defines the item descriptor fields:

Descriptor Field Definition

Buffer length A word containing an integer specifying the length (in bytes) of the buffer from which $SET_SECURITY is to read the information. The length of the buffer needed depends on the item code specified in the item code field of the item descriptor. If the value of buffer length is too small, $SET_SECURITY truncates the data.

Item code A word containing a symbolic code specifying the item of information that $SET_SECURITY is to modify. The $OSSDEF macro defines these codes. A description of each item code is given in the Item Codes section.

Buffer address A longword containing the address of the buffer from which $SET_SECURITY is to read the information.

Return length address Not used.

Descriptor Field	Definition
Buffer length	A word containing an integer specifying the length (in bytes) of the buffer from which $SET_SECURITY is to read the information. The length of the buffer needed depends on the item code specified in the item code field of the item descriptor. If the value of buffer length is too small, $SET_SECURITY truncates the data.
Item code	A word containing a symbolic code specifying the item of information that $SET_SECURITY is to modify. The $OSSDEF macro defines these codes. A description of each item code is given in the Item Codes section.
Buffer address	A longword containing the address of the buffer from which $SET_SECURITY is to read the information.
Return length address	Not used.

contxt

OpenVMS usage:	context
type:	longword (unsigned)
access:	modify
mechanism:	by reference

Value used to maintain protected object processing context when dealing with a single protected object across multiple $GET_SECURITY/$SET_SECURITY calls. Whenever the context value is nonzero, the class name, object name, or object handle arguments are disregarded. An input value of 0 indicates that a new context should be established.

Because an active context block consumes process memory, be sure to release the context block by setting the RELCTX flag when the profile processing is complete. $SET_SECURITY sets the context argument to 0 once the context is released.

acmode

OpenVMS usage:	access_mode
type:	longword (unsigned)
access:	read only
mechanism:	by reference

Access mode to be used in the object protection check. The acmode argument is the address of a longword containing the access mode. The acmode argument defaults to kernel mode; however, the system compares acmode with the caller's access mode and uses the least privileged mode. The access modes are defined in the system macro $PSLDEF library.

HP recommends that this argument be omitted (passed as zero). Item Codes The following table provides a summary of item codes that are valid as an item descriptor in the itmlst argument. The table lists the $SET_SECURITY item codes and gives a corresponding description. Complete descriptions of each item code are provided after the table.

Item Code Description

OSS$_ACL_ADD_ENTRY Adds an access control entry (ACE)

OSS$_ACL_DELETE Deletes all unprotected ACEs in an ACL

OSS$_ACL_DELETE_ALL Deletes the ACL, including protected ACEs

OSS$_ACL_DELETE_ENTRY Deletes an ACE

OSS$_ACL_FIND_ENTRY Locates an ACE

OSS$_ACL_FIND_NEXT Positions the next ACE

OSS$_ACL_FIND_TYPE Locates an ACE of the specified type

OSS$_ACL_MODIFY_ENTRY Replaces an ACE at the current position

OSS$_ACL_POSITION_BOTTOM Sets a marker that points to the end of the ACL

OSS$_ACL_POSITION_TOP Sets a marker that points to the beginning of the ACL

OSS$_OWNER Sets the UIC or general identifier of the object's owner

OSS$_PROTECTION Sets the protection code of the object

Item Code	Description
OSS$_ACL_ADD_ENTRY	Adds an access control entry (ACE)
OSS$_ACL_DELETE	Deletes all unprotected ACEs in an ACL
OSS$_ACL_DELETE_ALL	Deletes the ACL, including protected ACEs
OSS$_ACL_DELETE_ENTRY	Deletes an ACE
OSS$_ACL_FIND_ENTRY	Locates an ACE
OSS$_ACL_FIND_NEXT	Positions the next ACE
OSS$_ACL_FIND_TYPE	Locates an ACE of the specified type
OSS$_ACL_MODIFY_ENTRY	Replaces an ACE at the current position
OSS$_ACL_POSITION_BOTTOM	Sets a marker that points to the end of the ACL
OSS$_ACL_POSITION_TOP	Sets a marker that points to the beginning of the ACL
OSS$_OWNER	Sets the UIC or general identifier of the object's owner
OSS$_PROTECTION	Sets the protection code of the object

OSS$_ACL_ADD_ENTRY
Adds an access control entry (ACE) pointed to by the buffer address so that it is in front of the current ACE in the access control list (ACL). See OSS$_ACL_POSITION for more information on explicit access control list positioning.
OSS$_ACL_DELETE
Deletes all unprotected ACEs in an ACL.
OSS$_ACL_DELETE_ALL
Deletes an entire ACL, including protected ACEs.
OSS$_ACL_DELETE_ENTRY
Deletes an ACE pointed to by the buffer address or, if the buffer address is specified as 0, the ACE at the current position.
OSS$_ACL_FIND_ENTRY
Locates an ACE pointed to by the buffer address. OSS$_ACL_FIND_ENTRY sets the position within the ACL for succeeding ACL operations; for example, for a deletion or modification of the ACE. If the buffer address is 0, it returns SS$_ACCVIO.
OSS$_ACL_FIND_NEXT
Advances the current position to the next ACE in the ACL.
OSS$_ACL_FIND_TYPE
Returns an ACE of a particular type if there is one in the buffer pointed to by the buffer address. OSS$_ACL_FIND_TYPE sets the position within the ACL for succeeding ACL operations. If the buffer address is 0, it returns SS$_ACCVIO.
OSS$_ACL_MODIFY_ENTRY
Replaces an ACE at the current position with the ACE pointed to by the buffer address.
OSS$_ACL_POSITION_BOTTOM
Sets the ACL position to point to the bottom of the ACL.
OSS$_ACL_POSITION_TOP
Sets the ACL position to point to the top of the ACL.
OSS$_OWNER
Sets the owner UIC of the selected object to the value in the buffer. The buffer size must be 4 bytes.
OSS$_PROTECTION
Sets the selected object's protection code to the value in the buffer. The buffer size must be 2 bytes.

Description

The Set Security service modifies the security characteristics of a protected object. Security characteristics include such information as the protection code, the owner, and the access control list (ACL).
The security management services, $SET_SECURITY and $GET_SECURITY, maintain a single master copy of a profile for every protected object in an OpenVMS Cluster system. They also ensure that only one process at a time can modify an object's security profile.
When you call $SET_SECURITY, the service performs the following steps:

It selects the specified protected object.
It fetches a local copy of the object's security profile, unless the service is operating on an existing context.
It modifies the local profile.
It updates the master copy of the profile if the local flag is clear and there was no error.
It deletes the local copy of the profile and returns if RELCTX is specified or if no context is specified.

There are different ways of identifying which protected object $SET_SECURITY should process:

Whenever the contxt argument has a nonzero value, $SET_SECURITY uses the context to select the object and ignores the class name, object name, and object handle.
With some types of objects, such as a file or a device, it is possible to select an object on the basis of its objhan and clsnam values.
When the clsnam and objnam arguments are provided, $SET_SECURITY uses an object's class name and object name to select the object.

The context for a security management operation can be established through either $GET_SECURITY or $SET_SECURITY. Whenever the context is set by one service, the other service can use it provided the necessary locks are being held. A caller to $GET_SECURITY needs to set the write lock flag (OSS$M_WLOCK) to inspect a profile value, maintain the lock on the object's profile, and then modify some value through a call to $SET_SECURITY.
There are many situations in which the contxt argument is essential. By establishing a context for an ACL operation, for example, a caller can retain an ACL position across calls to $GET_SECURITY so that a set of ACEs can be read and modified sequentially. A security context is released by a call to $SET_SECURITY or $GET_SECURITY that sets the OSS$M_RELCTX flag. Once the context is deleted, the user-supplied context longword is reset to 0.
Required Access or Privileges

Control access to the object is required.
Required Quota

None
Related Services

$GET_SECURITY

Condition Values Returned

SS$_NORMAL The service completed successfully.

SS$_ACCVIO The parameter cannot be read and the buffer cannot be written.

SS$_BADPARAM You specified an invalid object, attribute code, or item size.

SS$_INSFARG The clsnam and objnam arguments are not specified, the clsnam and objhan arguments are not specified, or the contxt argument is not specified.

SS$_INVBUFLEN The buffer size for one of the item codes was invalid.

SS$_INVCLSITM The item code that you specified is not supported for the class.

SS$_INVFILFOROP An invalid file name was specified; the file name contained either a node or wildcard specification.

SS$_MMATORB The attempted update cannot be performed. The object profile was changed by another process.

SS$_NOCLASS The named object class does not exist.

SS$_OBJLOCKED The selected object is currently write locked.

Contents

Index

SS$_NORMAL	The service completed successfully.
SS$_BADPARAM	The func, the domain_number, or the rsdm_id argument was specified incorrectly.
SS$_EXQUOTA	The caller has insufficient BYTLM quota.
SS$_INSFMEM	There is insufficient memory to join the resource domain.
SS$_IVMODE	An attempt was made to leave an association created by a more privileged access mode.
SS$_NOOBJSRV	The audit server process, which maintains the security profile for resource domains, is not running. The process access rights to the domain cannot be determined, so access is denied.
SS$_NOPRIV	Access to the resource domain was denied.
SS$_RSDM_ACTIVE	Unable to leave the resource domain because there are locks still associated with this resource domain.
SS$_RSDMNOTFOU	The resource domain was not found.

OpenVMS usage:	mechanism vector address
type:	quadword (unsigned)
access:	read only
mechanism:	by value

OpenVMS usage:	integer
type:	longword (unsigned)
access:	read only
mechanism:	by reference

OpenVMS usage:	buffer
type:	scalar
access:	read only
mechanism:	by reference

status	Success or failure. The given return value is placed in the appropriate fields of the specified mechanism vector, according to the return type.
SS$_NORMAL	The service completed successfully.
SS$_BADPARAM
SS$_NOSIGNAL	No signal is currently active for an exception condition.

OpenVMS usage:	char_string
type:	character-coded text string
access:	read only
mechanism:	by descriptor

OpenVMS usage:	object_handle
type:	longword (unsigned)
access:	read only
mechanism:	by reference

OpenVMS usage:	flags
type:	mask_longword
access:	read only
mechanism:	by value

OpenVMS usage:	item_list_3
type:	longword (unsigned)
access:	read only
mechanism:	by reference

SS$_NORMAL	The service completed successfully.
SS$_ACCVIO	The parameter cannot be read and the buffer cannot be written.
SS$_BADPARAM	You specified an invalid object, attribute code, or item size.
SS$_INSFARG	The clsnam and objnam arguments are not specified, the clsnam and objhan arguments are not specified, or the contxt argument is not specified.
SS$_INVBUFLEN	The buffer size for one of the item codes was invalid.
SS$_INVCLSITM	The item code that you specified is not supported for the class.
SS$_INVFILFOROP	An invalid file name was specified; the file name contained either a node or wildcard specification.
SS$_MMATORB	The attempted update cannot be performed. The object profile was changed by another process.
SS$_NOCLASS	The named object class does not exist.
SS$_OBJLOCKED	The selected object is currently write locked.