Function
The vn_access operation checks
whether the calling process has the requested access permission to
the specified file or directory.
Input parameter format
vn_access (Token_structure,
OSI_structure,
Audit_structure,
Access_intent,
Return_value,
Return_code,
Reason_code)
Parameters
- Token_structure
- Supplied parameter
- Type:
- TOKSTR
- Length:
- Specified by TOKSTR.ts_hdr.cblen.
The Token_structure represents the file (vnode)
that is being operated on. It contains the PFS's initialization token,
mount token, and the file token. Refer to LFS/PFS control block structure for
a discussion of this structure, and to the TOKSTR typedef in BPXYPFSI
in Interface structures for C language servers and clients for its mapping.
- OSI_structure
- Supplied and returned parameter
- Type:
- OSI
- Length:
- Specified by OSI.osi_hdr.cblen.
The OSI_structure contains information that is used
by the OSI operations that may be called by the PFS. See OSI services for more information.
It also contains
MVS-specific information that needs to be passed to the PFS, including
SMF accounting fields, a work area, a recovery area, and an optional
pointer to an output ATTR structure. For more details on the OSI structure,
see The OSI structure.
This area is mapped by
the OSI typedef in BPXYPFSI in Interface structures for C language servers and clients.
- Audit_structure
- Supplied parameter
- Type:
- CRED
- Length:
- Specified by CRED.cred_hdr.cblen.
The Audit_structure contains information that is
used by the security product for access checks and auditing. It is
passed to most SAF routines that are invoked by the PFS.
Refer
to Security responsibilities and considerations for a discussion of security processing,
and to the CRED typedef in BPXYPFSI in Interface structures for C language servers and clients for
the mapping of this structure.
- Access_intent
- Supplied parameter
- Type:
- Integer
- Length:
- Fullword
An input structure passed through to the SAF Check
Access callable service by the vn_access operation. The values for
this parameter are defined in unistd.h.
- Return_value
- Returned parameter
- Type:
- Integer
- Length:
- Fullword
A fullword in which the vn_access service returns
the results of the operation, as one of the following:
- Return_value
- Meaning
- -1
- The operation was not successful. The Return_code and Reason_Code
values must be filled in by the PFS when Return_value is -1.
- 0
- The operation was successful.
- Return_code
- Returned parameter
- Type:
- Integer
- Length:
- Fullword
A fullword in which the vn_access service stores
the return code. The vn_access service returns Return_code only if
Return_value is -1. See z/OS UNIX System Services Messages and Codes for
a complete list of supported return code values.
The
vn_access operation should support at least the following error value:
Return_code |
Explanation |
---|
EACCES |
The caller does not have the requested access to the specified
file or directory. |
- Reason_code
- Returned parameter
- Type:
- Integer
- Length:
- Fullword
A fullword in which the vn_access service stores
the reason code. The vn_access service returns Reason_code only if
Return_value is -1. Reason_code further qualifies
the Return_code value. These reason codes are documented by the PFS.
Implementation notes
- Overview of vn_access processing
Security responsibilities and considerations provides
an overview of file access checking.
For more information on
the semantics of this operation for a POSIX-conforming PFS, refer
to the access() function in the POSIX.1 standard
(IEEE Std 1003.1-1990).
- Specific processing notes
The PFS should provide reason
codes that distinguish between the SAF reason codes:
- User is not authorized to access the file.
- Input that is not valid.
- Serialization provided by the LFS
The vn_access operation
is invoked with a shared latch held on the vnode.
- Security calls to be made by the PFS
The PFS is expected
to invoke SAF's Check Access callable service to check that the user
has the requested access to the file or directory.