HP OpenVMS System Services Reference Manual


Previous Contents Index

Because an active context block consumes process memory, be sure to release the context block by setting the RELCTX flag when the profile processing is complete. $SET_SECURITY sets the context argument to 0 once the context is released.

acmode


OpenVMS usage: access_mode
type: longword (unsigned)
access: read only
mechanism: by reference

Access mode to be used in the object protection check. The acmode argument is the address of a longword containing the access mode. The acmode argument defaults to kernel mode; however, the system compares acmode with the caller's access mode and uses the least privileged mode. The access modes are defined in the system macro $PSLDEF library.

HP recommends that this argument be omitted (passed as zero). Item Codes The following table provides a summary of item codes that are valid as an item descriptor in the itmlst argument. The table lists the $SET_SECURITY item codes and gives a corresponding description. Complete descriptions of each item code are provided after the table.
Item Code Description
OSS$_ACL_ADD_ENTRY Adds an access control entry (ACE)
OSS$_ACL_DELETE Deletes all unprotected ACEs in an ACL
OSS$_ACL_DELETE_ALL Deletes the ACL, including protected ACEs
OSS$_ACL_DELETE_ENTRY Deletes an ACE
OSS$_ACL_FIND_ENTRY Locates an ACE
OSS$_ACL_FIND_NEXT Positions the next ACE
OSS$_ACL_FIND_TYPE Locates an ACE of the specified type
OSS$_ACL_MODIFY_ENTRY Replaces an ACE at the current position
OSS$_ACL_POSITION_BOTTOM Sets a marker that points to the end of the ACL
OSS$_ACL_POSITION_TOP Sets a marker that points to the beginning of the ACL
OSS$_OWNER Sets the UIC or general identifier of the object's owner
OSS$_PROTECTION Sets the protection code of the object

OSS$_ACL_ADD_ENTRY

Adds an access control entry (ACE) pointed to by the buffer address so that it is in front of the current ACE in the access control list (ACL). See OSS$_ACL_POSITION for more information on explicit access control list positioning.

OSS$_ACL_DELETE

Deletes all unprotected ACEs in an ACL.

OSS$_ACL_DELETE_ALL

Deletes an entire ACL, including protected ACEs.

OSS$_ACL_DELETE_ENTRY

Deletes an ACE pointed to by the buffer address or, if the buffer address is specified as 0, the ACE at the current position.

OSS$_ACL_FIND_ENTRY

Locates an ACE pointed to by the buffer address. OSS$_ACL_FIND_ENTRY sets the position within the ACL for succeeding ACL operations; for example, for a deletion or modification of the ACE. If the buffer address is 0, it returns SS$_ACCVIO.

OSS$_ACL_FIND_NEXT

Advances the current position to the next ACE in the ACL.

OSS$_ACL_FIND_TYPE

Returns an ACE of a particular type if there is one in the buffer pointed to by the buffer address. OSS$_ACL_FIND_TYPE sets the position within the ACL for succeeding ACL operations. If the buffer address is 0, it returns SS$_ACCVIO.

OSS$_ACL_MODIFY_ENTRY

Replaces an ACE at the current position with the ACE pointed to by the buffer address.

OSS$_ACL_POSITION_BOTTOM

Sets the ACL position to point to the bottom of the ACL.

OSS$_ACL_POSITION_TOP

Sets the ACL position to point to the top of the ACL.

OSS$_OWNER

Sets the owner UIC of the selected object to the value in the buffer. The buffer size must be 4 bytes.

OSS$_PROTECTION

Sets the selected object's protection code to the value in the buffer. The buffer size must be 2 bytes.

Description

The Set Security service modifies the security characteristics of a protected object. Security characteristics include such information as the protection code, the owner, and the access control list (ACL).

The security management services, $SET_SECURITY and $GET_SECURITY, maintain a single master copy of a profile for every protected object in an OpenVMS Cluster system. They also ensure that only one process at a time can modify an object's security profile.

When you call $SET_SECURITY, the service performs the following steps:

  1. It selects the specified protected object.
  2. It fetches a local copy of the object's security profile, unless the service is operating on an existing context.
  3. It modifies the local profile.
  4. It updates the master copy of the profile if the local flag is clear and there was no error.
  5. It deletes the local copy of the profile and returns if RELCTX is specified or if no context is specified.

There are different ways of identifying which protected object $SET_SECURITY should process:

The context for a security management operation can be established through either $GET_SECURITY or $SET_SECURITY. Whenever the context is set by one service, the other service can use it provided the necessary locks are being held. A caller to $GET_SECURITY needs to set the write lock flag (OSS$M_WLOCK) to inspect a profile value, maintain the lock on the object's profile, and then modify some value through a call to $SET_SECURITY.

There are many situations in which the contxt argument is essential. By establishing a context for an ACL operation, for example, a caller can retain an ACL position across calls to $GET_SECURITY so that a set of ACEs can be read and modified sequentially. A security context is released by a call to $SET_SECURITY or $GET_SECURITY that sets the OSS$M_RELCTX flag. Once the context is deleted, the user-supplied context longword is reset to 0.

Required Access or Privileges

Control access to the object is required.

Required Quota

None

Related Services

$GET_SECURITY


Condition Values Returned

SS$_NORMAL The service completed successfully.
SS$_ACCVIO The parameter cannot be read and the buffer cannot be written.
SS$_BADPARAM You specified an invalid object, attribute code, or item size.
SS$_INSFARG The clsnam and objnam arguments are not specified, the clsnam and objhan arguments are not specified, or the contxt argument is not specified.
SS$_INVBUFLEN The buffer size for one of the item codes was invalid.
SS$_INVCLSITM The item code that you specified is not supported for the class.
SS$_INVFILFOROP An invalid file name was specified; the file name contained either a node or wildcard specification.
SS$_MMATORB The attempted update cannot be performed. The object profile was changed by another process.
SS$_NOCLASS The named object class does not exist.
SS$_OBJLOCKED The selected object is currently write locked.

$SET_SYSTEM_EVENT (Alpha and Integrity servers)

On Alpha and Integrity server systems, establishes a request for notification when an OpenVMS system event occurs.

Format

SYS$SET_SYSTEM_EVENT event ,astadr ,astprm ,acmode ,flags ,handle


C Prototype

int sys$set_system_event (unsigned int event, void (*astadr)(__unknown_params), int astprm, unsigned int acmode, unsigned int flags, struct _generic_64 * handle);


Arguments

event


OpenVMS usage: event_code
type: longword (unsigned)
access: read only
mechanism: by value

Event code indicating the type of system event for which an AST is to be delivered. The event argument is a value indicating which type of event is of interest.

Each event type has a symbolic name. The $SYSEVTDEF macro defines the following symbolic names:
Symbolic Name Description
SYSEVT$C_ADD_MEMBER One or more OpenVMS instances have joined the OpenVMS Galaxy sharing community.
SYSEVT$C_DEL_MEMBER One or more OpenVMS instances have left the OpenVMS Galaxy sharing community.
SYSEVT$C_ADD_ACTIVE_CPU One or more processors have become active within this OpenVMS instance.
SYSEVT$C_DEL_ ACTIVE_CPU One or more processors have become inactive within this OpenVMS instance.
SYSEVT$C_ADD_CONFIG_CPU One or more CPUs have been added to the set of available CPUs for this OpenVMS instance.
SYSEVT$C_DEL_CONFIG_CPU One or more processors have been removed from this OpenVMS instance.
SYSEVT$C_TDF_CHANGE The system's time differential factor has changed.
SYSEVT$C_CPU_DEALLOCATE One or more processors have been deallocated from this OpenVMS instance.

astadr


OpenVMS usage: ast_procedure
type: procedure value
access: call without stack unwinding
mechanism: by 32-bit or 64-bit reference

Notification AST routine to receive control after a change in OpenVMS system configuration occurs.

astprm


OpenVMS usage: user_arg
type: quadword
access: read only
mechanism: by value

The quadword AST parameter to be passed to the AST routine.

acmode


OpenVMS usage: access_mode
type: longword (unsigned)
access: read only
mechanism: by value

Access mode at which the system event AST is to execute. The acmode argument is a longword containing the access mode.

Each access mode has a symbolic name. The $PSLDEF macro defines the following symbols for the four access modes.
Symbolic Name Description
PSL$C_KERNEL Kernel
PSL$C_EXEC Executive
PSL$C_SUPER Supervisor
PSL$C_USER User

The value of the access mode is maximized with the access mode of the caller.

flags


type:
access:

Defined in SYSEVTDEF.
SYSEVT$M_REPEAT_NOTIFY When this flag is set, event notification is repeated.

handle


OpenVMS usage: handle
type: quadword (unsigned)
access: read/write
mechanism: by reference

The virtual address of a naturally aligned quadword for the event handle.

Description

The Set System Event service establishes a request for notification when a system event occurs. It may create a new system event notification object, add an event to a new or existing object, and enable notification on a new or existing object.

If the handle specified is zero, a new system notification request object is created, and a handle for the new object is returned.

If the event specified is non-zero, that event is added to the set of events which trigger notification on the notification object.

The service will verify that the input parameters specify a valid request and enable the object for notification. Notification is accomplished by AST delivery. After the AST has been delivered, if the SYSEVT$M_REPEAT_NOTIFY flag is not set, notification must again be enabled on the object before another notification (AST delivery) can occur.

Errors are returned in the following cases:

Required Access or Privileges

None

Required Quota

ASTLM

Related Services

$CLEAR_SYSTEM_EVENT


Condition Values Returned

SS$_NORMAL The service completed successfully.
SS$_ACCVIO The service cannot access the locations specified by one or more arguments.
SS$_BADPARAM One of more arguments has an invalid value.
SS$_EXASTLM The process exceeded its quota for outstanding ASTs.
SS$_INSFMEM The system dynamic memory is insufficient to complete the service.

$SET_UNWIND_TABLE (Integrity servers Only)

Registers or extends unwind table (UT) information.

Format

SYS$SET_UNWIND_TABLE code_base_va, code_size, ut_base_va, ut_size, gp_value, unwind_info_base, name


C Prototype

ind SYS$SET_UNWIND_TABLE (unsigned __int64 code_base_va, unsigned __int64 code_size, unsigned __int64 ut_base_va, unsigned __int64 ut_size, unsigned __int64 gp_value, unsigned __int64 unwind_info_base, void *name);


Arguments

code_base_va


OpenVMS usage: address
type: quadword (unsigned)
access: read only
mechanism: by value

With code_size, defines the potential code range. code_base_va is required for both creation and extension calls. code_base_va is the process virtual address of the start of the code region. code_size is the size of the code region in bytes. An error is returned if this overlaps any existing range.

code_size


OpenVMS usage: address
type: quadword (unsigned)
access: read only
mechanism: by value

With code_base_va, defines the potential code range. code_base_va is required for both creation and extension calls. code_base_va is the process virtual address of the start of the code region. code_size is the size of the code region in bytes. An error is returned if this overlaps any existing range.

ut_base_va


OpenVMS usage: address
type: quadword (unsigned)
access: read only
mechanism: by value

With ut_size, describes the unwind table (UT). ut_base_va is the process virtual address of the UT and must be quadword aligned. ut_size is the size of the UT in bytes and must be a multiple of the size (24 bytes: 3 quadwords) of an unwind table entry (UTE). The UTEs must describe nonoverlapping code subregions within the overall code region.

ut_size


OpenVMS usage: address
type: quadword (unsigned)
access: read only
mechanism: by value

With ut_base_va, describes the unwind table (UT). ut_base_va is the process virtual address of the UT and must be quadword aligned. ut_size is the size of the UT in bytes and must be a multiple of the size (24 bytes: 3 quadwords) of an unwind table entry (UTE). The UTEs must describe nonoverlapping code sub regions within the overall code region.

gp_value


OpenVMS usage: address
type: quadword (unsigned)
access: read only
mechanism: by value

Ignored on extension calls, required on create calls. The Global Data Pointer (GP) value for the routines described by these unwind tables.

unwind_info_base


OpenVMS usage: address
type: quadword (unsigned)
access: read only
mechanism: by value

Ignored on extension calls; required on create calls. The unwind_info_base plus a particular UTE UIB offset must add up to the process virtual address of that UIB. Typically for static code (activated images from disk), this specifies the process virtual base address of the segment containing the UIBs. However, dynamically generated code, for example, can pass a zero for the unwind_info_base and have the full process virtual addresses of the UIBs in their UTEs.

name


OpenVMS usage: pseudo-image-name
type: character-code-text-string
access: read only
mechanism: by descriptor-fixed-length string descriptor

Passed by descriptor (ignored on extension calls). May be used for traceback. Need not be unique. Should be less than 255 characters (will be truncated, otherwise).

Description

This interface can be used to register or extend unwind information. It is expected, for example, that applications that dynamically create code will also need to dynamically create unwind tables (UTs) and unwind information blocks (UIBs) for that code. This interface registers such information with the operating system.

The image activator also uses this interface to register unwind information for shareable and main images. Note that the code region, though fully specified in terms of its potential size, need not be full of actual code at its initial registration. The unwind table, however, must describe all the code that could execute within that region and that needs unwind information, at any given time. Note also that the unwind table entries (UTEs) within a registered unwind table must remain sorted (ascending order) at any given time.

To create a new registration, specify a new (not registered) code range. On a creation, all parameters (except name) must be specified.

To extend an existing registration, specify an existing (registered) code_base_va. On extension, only the identifying code_base_va and new UT range need be specified, that is, the other parameters may be zeros. An extension call can only alter that registration's ut_base_va and ut_size.

The creator caller's mode defines the mode from which the registration may be extended or removed.

Failure status is returned on creation if the input code range overlaps an already existing range.

Required Access or Privileges

Unwind table information that describes code in process space can be registered from any mode.

Unwind table information that describes code in system space can be registered only from kernel mode or executive mode.

Required Quota

None

Related Services

SYS$CLEAR_UNWIND_TABLE, SYS$GET_UNWIND_ENTRY_INFO. Also see LIB$GET_UIB_INFO in HP OpenVMS Calling Standard.


Condition Values Returned

SS$_NORMAL Routine completed successfully.
SS$_BADPARAM Missing or illegal parameter.
SS$_VA_IN_USE Overlap detected.
SS$_ACCVIO Name descriptor cannot be read.


Previous Next Contents Index