eimListUserAccess()--List EIM User Access
Syntax
#include <eim.h> int eimListUserAccess(EimHandle * eim, EimAccessUser * accessUser, unsigned int lengthOfListData, EimList * listData, EimRC * eimrc)Service Program Name: QSYS/QSYEIM
Default Public Authority: *USE
Threadsafe: Yes
The eimListUserAccess() function lists the access groups of which this user is a member.
Authorities and Locks
- EIM Data
- Access to EIM data is controlled by EIM access groups. LDAP administrators
also have access to EIM data. The access groups whose members have authority to
the EIM data for this API follow:
- EIM Administrator
The list returned contains only the information that the user has authority to access.
Parameters
- eim (Input)
- The EIM handle returned by a previous call to eimCreateHandle(). A valid
connection is required for this function.
- accessUser (Input)
- A structure that contains the user information for which to retrieve
access.
EIM_ACCESS_LOCAL_USER Indicates a local user name on the system that the API is run. The local user name will be converted to the appropriate access id for this system. EIM_ACCESS_KERBEROS Indicates a kerberos principal. The kerberos principal will be converted to the appropriate access id. For example, petejones@therealm will be converted to ibm-kn=petejones@threalm. The EimAccessUser structure layout follows:
enum EimAccessUserType { EIM_ACCESS_DN, EIM_ACCESS_KERBEROS, EIM_ACCESS_LOCAL_USER }; typedef struct EimAccessUser { union { char * dn; char * kerberosPrincipal; char * localUser; } user; enum EimAccessUserType userType; } EimAccessUser;
- lengthOfListData (Input)
- The number of bytes provided by the caller for the listData
parameter. The minimum size required is 20 bytes. This parameter is passed
by value.
- listData (Output)
- A pointer to the EimList structure.
The EimList structure contains information about the returned data. The API will return as much data as space has been provided. The data returned is a linked list of EimUserAccess structures. firstEntry is used to get to the first EimUserAccess structure in the linked list.
EimList structure:
typedef struct EimList { unsigned int bytesReturned; /* Number of bytes actually returned by the API. */ unsigned int bytesAvailable; /* Number of bytes of available data that could have been returned by the API. */ unsigned int entriesReturned; /* Number of entries actually returned by the API. */ unsigned int entriesAvailable; /* Number of entries available to be returned by the API. */ unsigned int firstEntry; /* Displacement to the first linked list entry. This byte offset is relative to the start of the EimList structure. */ } EimList;
EimUserAccess structure:
typedef struct EimUserAccess { unsigned int nextEntry; /* Displacement to next entry. This byte offset is relative to the start of this structure. */ enum EimAccessIndicator eimAdmin; enum EimAccessIndicator eimRegAdmin; enum EimAccessIndicator eimIdenAdmin; enum EimAccessIndicator eimMappingLookup; EimSubList registries; /* EimRegistryName sublist */
enum EimAccessIndicator eimCredentialData;
} EimUserAccess;
The registries EimSubList gives addressability to a linked list of EimRegistryName structures.
EimRegistryName structure:
typedef struct EimRegistryName { unsigned int nextEntry; /* Displacement to next entry. This byte offset is relative to the start of this structure. */ EimListData name; /* Name */ } EimRegistryName;
EimSubList structure:
typedef struct EimSubList { unsigned int listNum; /* Number of entries in the list */ unsigned int disp; /* Displacement to sublist. This byte offset is relative to the start of the parent structure; that is, the structure containing this structure. */ } EimSubList;
EimListData structure:
typedef struct EimListData { unsigned int length; /* Length of data */ unsigned int disp; /* Displacement to data. This byte offset is relative to the start of the parent structure; that is, the structure containing this structure. */ } EimListData;
- eimrc (Input)
- The structure in which to return error code information. If the return
value is not 0, eimrc is set with additional information. This parameter may be
NULL. For the format of the structure, see EimRC--EIM
Return Code Parameter.
Return Value
The return value from the API. Following each return value is the list of possible values for the messageCatalogMessageID field in the eimrc parameter for that value.
- 0
- Request was successful.
- EACCES
- Access denied. Not enough permissions to access data.
EIMERR_ACCESS (1) Insufficient access to EIM data.
- EBADDATA
- eimrc is not valid.
- EBUSY
- Unable to allocate internal system object.
EIMERR_NOLOCK (26) Unable to allocate internal system object.
- ECONVERT
- Data conversion error.
EIMERR_DATA_CONVERSION (13) Error occurred when converting data between code pages.
- EINVAL
- Input parameter was not valid.
EIMERR_ACCESS_USERTYPE_INVAL (3) Access user type is not valid. EIMERR_EIMLIST_SIZE (16) Length of EimList is not valid. EimList must be at least 20 bytes in length. EIMERR_HANDLE_INVAL (17) EimHandle is not valid. EIMERR_PARM_REQ (34) Missing required parameter. Please check API documentation. EIMERR_PTR_INVAL (35) Pointer parameter is not valid. EIMERR_SPACE (41) Unexpected error accessing parameter.
- ENOMEM
- Unable to allocate required space.
EIMERR_NOMEM (27) No memory available. Unable to allocate required space.
- ENOTCONN
- LDAP connection has not been made.
EIMERR_NOT_CONN (31) Not connected to LDAP. Use eimConnect() API and try the request again.
- EUNKNOWN
- Unexpected exception.
EIMERR_LDAP_ERR (23) Unexpected LDAP error. %s EIMERR_UNKNOWN (44) Unknown error or unknown system state.
Related Information
- eimAddAccess() --Add EIM Access
- eimRemoveAccess() --Remove EIM Access
- eimListAccess() --List EIM User
Accesses
- eimQueryAccess() --Query EIM Access
Example
The following example lists all registries found.
Note: By using the code examples, you agree to the terms of the Code license and disclaimer information.
#include <eim.h> #include <stddef.h> #include <stdio.h> #include <stdlib.h> void printListResults(EimList * list); void printSubListData(char * fieldName, void * entry, int offset); void printListData(char * fieldName, void * entry, int offset); int main(int argc, char *argv[]) { int rc; char eimerr[100]; EimRC * err; EimHandle * handle; EimAccessUser user; char listData[5000]; EimList * list = (EimList * ) listData; /* Get eim handle from input arg. */ /* This handle is already connected to EIM. */ handle = (EimHandle *)argv[1]; /* Set up error structure. */ memset(eimerr,0x00,100); err = (EimRC *)eimerr; err->memoryProvidedByCaller = 100; /* Set up access user information */ user.userType = EIM_ACCESS_DN; user.user.dn="cn=pete,o=ibm,c=us"; /* Get user accesses */ if (0 != (rc = eimListUserAccess(handle, &user, 5000, list, err))) { printf("List user access error = %d", rc); return -1; } /* Print the results */ printListResults(list); return 0; } void printListResults(EimList * list) { int i; EimUserAccess * entry; EimListData * listData; EimRegistryName * registry; printf("___________\n"); printf(" bytesReturned = %d\n", list->bytesReturned); printf(" bytesAvailable = %d\n", list->bytesAvailable); printf(" entriesReturned = %d\n", list->entriesReturned); printf(" entriesAvailable = %d\n", list->entriesAvailable); printf("\n"); if (list->entriesReturned > 1) printf("Unexpected number of entries returned.\n"); entry = (EimUserAccess *)((char *)list + list->firstEntry); if (EIM_ACCESS_YES == entry->eimAdmin) printf(" EIM Admin.\n"); if (EIM_ACCESS_YES == entry->eimRegAdmin) printf(" EIM Reg Admin.\n"); if (EIM_ACCESS_YES == entry->eimIdenAdmin) printf(" EIM Iden Admin.\n"); if (EIM_ACCESS_YES == entry->eimMappingLookup) printf(" EIM Mapping Lookup.\n"); if (EIM_ACCESS_YES == entry->eimCredentialData) printf(" EIM Credential Data.\n"); printf(" Registries:\n"); printSubListData("Registry names", entry, offsetof(EimUserAccess, registries)); printf("\n"); } void printSubListData(char * fieldName, void * entry, int offset) { int i; EimSubList * subList; EimRegistryName * subentry; /* Address the EimSubList object */ subList = (EimSubList *)((char *)entry + offset); if (subList->listNum > 0) { subentry = (EimRegistryName *)((char *)entry + subList->disp); for (i = 0; i < subList->listNum; i++) { /* Print out results */ printListData(fieldName, subentry, offsetof(EimRegistryName, name)); /* advance to next entry */ subentry = (EimRegistryName *)((char *)subentry + subentry->nextEntry); } } } void printListData(char * fieldName, void * entry, int offset) { EimListData * listData; char * data; int dataLength; printf(" %s = ",fieldName); /* Address the EimListData object */ listData = (EimListData *)((char *)entry + offset); /* Print out results */ data = (char *)entry + listData->disp; dataLength = listData->length; if (dataLength > 0) printf("%.*s\n",dataLength, data); else printf("Not found.\n"); }
API introduced: V5R2
[ Back to top | Security APIs | APIs by category ]