Function

The vn_access operation checks whether the calling process has the requested access permission to the specified file or directory.

Environment on entry and exit

See Environment for PFS operations.

Parameters

Token_structure

Supplied parameter

Type:

TOKSTR

Length:

Specified by TOKSTR.ts_hdr.cblen.

The Token_structure represents the file (vnode) that is being operated on. It contains the PFS's initialization token, mount token, and the file token. Refer to LFS/PFS control block structure for a discussion of this structure, and to the TOKSTR typedef in BPXYPFSI in Interface structures for C language servers and clients for its mapping.

OSI_structure

Supplied and returned parameter

Type:

OSI

Length:

Specified by OSI.osi_hdr.cblen.

The OSI_structure contains information that is used by the OSI operations that may be called by the PFS. See OSI services for more information.

It also contains MVS-specific information that needs to be passed to the PFS, including SMF accounting fields, a work area, a recovery area, and an optional pointer to an output ATTR structure. For more details on the OSI structure, see The OSI structure.

This area is mapped by the OSI typedef in BPXYPFSI in Interface structures for C language servers and clients.

Audit_structure

Supplied parameter

Type:

CRED

Length:

Specified by CRED.cred_hdr.cblen.

The Audit_structure contains information that is used by the security product for access checks and auditing. It is passed to most SAF routines that are invoked by the PFS.

Refer to Security responsibilities and considerations for a discussion of security processing, and to the CRED typedef in BPXYPFSI in Interface structures for C language servers and clients for the mapping of this structure.

Access_intent

Supplied parameter

Type:

Integer

Length:

Fullword

An input structure passed through to the SAF Check Access callable service by the vn_access operation. The values for this parameter are defined in unistd.h.

Return_value

Returned parameter

Type:

Integer

Length:

Fullword

A fullword in which the vn_access service returns the results of the operation, as one of the following:

Return_value

Meaning

-1

The operation was not successful. The Return_code and Reason_Code values must be filled in by the PFS when Return_value is -1.

0

The operation was successful.

Return_code

Returned parameter

Type:

Integer

Length:

Fullword

A fullword in which the vn_access service stores the return code. The vn_access service returns Return_code only if Return_value is -1. See z/OS UNIX System Services Messages and Codes for a complete list of supported return code values.

The vn_access operation should support at least the following error value:

Return_code	Explanation
EACCES	The caller does not have the requested access to the specified file or directory.

Reason_code

Returned parameter

Type:

Integer

Length:

Fullword

A fullword in which the vn_access service stores the reason code. The vn_access service returns Reason_code only if Return_value is -1. Reason_code further qualifies the Return_code value. These reason codes are documented by the PFS.

Implementation notes

• Overview of vn_access processing

  Security responsibilities and considerations provides an overview of file access checking.

  For more information on the semantics of this operation for a POSIX-conforming PFS, refer to the access() function in the POSIX.1 standard (IEEE Std 1003.1-1990).

• Specific processing notes
  The PFS should provide reason codes that distinguish between the SAF reason codes:

  • User is not authorized to access the file.
  • Input that is not valid.
• Serialization provided by the LFS

  The vn_access operation is invoked with a shared latch held on the vnode.

• Security calls to be made by the PFS

  The PFS is expected to invoke SAF's Check Access callable service to check that the user has the requested access to the file or directory.