Session security
The IBM® Storage Protect session-based system has security components that permit applications to start sessions in a secure manner. These security measures prohibit unauthorized access to the server and help to insure system integrity.
Every session that is started with the server must complete a sign-on process, requires a password. When the password is coupled with the node name of the client, it insures proper authorization when connecting to the server. The application client provides this password to the API to start the session.
Two methods of password processing are available: passwordaccess=prompt or passwordaccess=generate. If you use the passwordaccess=prompt option, you must include the password value on each dsmInitEx call. Or, you can supply the node name and owner name on the dsmInitEx call.
Passwords have expiration times associated with them. If a dsmInitEx call fails with a password-expired return code (DSM_RC_REJECT_VERIFIER_EXPIRED), the application client must enter the dsmChangePW call using the handle that is returned by dsmInitEx. This updates the password before the session can be established successfully. The example in Figure 3 demonstrates the procedure to change a password by using dsmChangePW. The login owner must use a root user ID or an authorized user ID to change the password.
The second method, passwordaccess=generate, encrypts and stores the password value in a file. The node name and owner name cannot be supplied on the dsmInitEx call, and the system default values are used. This protects the security of the password file. When the password expires, the generate parameter creates a new one and updates the password file automatically.
- If two different physical machines have the same IBM Storage Protect node name or multiple paths are defined on one node using
several server stanzas, passwordaccess=generate
might only work for the stanza which is used first after password expiration. During the first
client-server contact, the user is prompted for the same password for each server stanza separately,
and for each stanza, a copy of the password is stored separately. When the password expires, a new
password is generated for the stanza which connects the first client-server contact. All subsequent
attempts to connect via other server stanzas fail, because there is no logical link between their
respective copies of the old password, and the updated copy generated by the stanza used first after
password expiration. In this case, you must update the passwords prior to expiration or after
expiration as a recovery from the situation, as follows:
- Run dsmadmc and update the password on the server.
- Run dsmc -servername=stanza1 and use the new password to generate a proper entry.
- Run dsmc -servername=stanza2 and use the new password to generate a proper entry.
- For UNIX or
Linux®: Only the
root user or an authorized user can change the password when using
passwordaccess=prompt. Only the root user or an
authorized user can start the password file when using
passwordaccess=generate.
Restriction: The options users and groups are not recognized.
An application can restrict user access by other means, such as setting access filters.
Applications that use multiple IP connections to a single IBM Storage Protect server should use the same node name and IBM Storage Protect client password for each session. Follow these steps to enable this support:
- Define one IBM Storage Protect server stanza in the dsm.sys file.
- For the connections not using the default IP address, specify the option values for TCPserver address and TCPport on the dsmInitEx call.
These values override the IP connection information, but the session still uses the same dsm.sys stanza node and password information.
dsmApiVersionEx * apiApplVer;
char *node;
char *owner;
char *pw;
char *confFile = NULL;
char *options = NULL;
dsInt16_t rc = 0;
dsUint32_t dsmHandle;
dsmInitExIn_t initIn;
dsmInitExOut_t initOut;
char *userName;
char *userNamePswd;
memset(&initIn, 0x00, sizeof(dsmInitExIn_t));
memset(&initOut, 0x00, sizeof(dsmInitExOut_t));
memset(&apiApplVer,0x00,sizeof(dsmapiVersionEx));
apiApplVer.version = DSM_API_VERSION; /* Set the applications compile */
apiApplVer.release = DSM_API_RELEASE; /* time version. */
apiApplVer.level = DSM_API_LEVEL;
apiApplVer.subLevel= DSM_API_SUBLEVEL;
printf("Doing signon for node %s, owner %s, with password %s\n", node,owner,pw);
initIn.stVersion = dsmInitExInVersion;
initIn.dsmApiVersionP = &apiApplVer
initIn.clientNodeNameP = node;
initIn.clientOwnerNameP = owner ;
initIn.clientPasswordP = pw;
initIn.applicationTypeP = "Sample-API AIX";
initIn.configfile = confFile;
initIn.options = options;
initIn.userNameP = userName;
initIn.userPasswordP = userNamePswd;
rc = dsmInitEx(&dsmHandle, &initIn, &initOut);
if (rc == DSM_RC_REJECT_VERIFIER_EXPIRED)
{
printf("*** Password expired. Select Change Password.\n");
return(rc);
}
else if (rc)
{
printf("*** Init failed: ");
rcApiOut(dsmHandle, rc); /* Call function to print error message */
dsmTerminate(dsmHandle); /* clean up memory blocks */
return(rc);
}void rcApiOut (dsUint32_t handle, dsInt16_t rc)
{
char *msgBuf ;
if ((msgBuf = (char *)malloc(DSM_MAX_RC_MSG_LENGTH+1)) == NULL)
{
printf("Abort: Not enough memory.\n") ;
exit(1) ;
}
dsmRCMsg(handle, rc, msgBuf);
printf("
free(msgBuf) ;
return;
}printf("Enter your current password:");
gets(current_pw);
printf("Enter your new password:");
gets(new_pw1);
printf("Enter your new password again:");
gets(new_pw2);
/* If new password entries don't match, try again or exit. */
/* If they do match, call dsmChangePW. */
rc = dsmChangePW(dsmHandle,current_pw,new_pw1);
if (rc)
{
printf("*** Password change failed. Rc =
}
else
{
printf("*** Your new password has been accepted and updated.\n");
}
return 0;