genpagvalue Subroutine

Purpose

Sets the current process credentials.

Library

Security Library (libc.a)

Syntax

#include <pag.h>
int  genpagvalue(pag_name, pag_value,pag_flags);
char *       pag_name;
uint64_t *   pag_value;
int           pag_flags;

Description

The genpagvalue subroutine generates a new PAG value for a given PAG name. For this function to succeed, the PAG name must be registered with the operating system before calling the genpagvalue subroutine. The genpagvalue subroutine is limited to maintaining information about the last generated PAG number and accordingly generating a new number. This service can optionally store the PAG value in the process's cred structure. It does not monitor the PAG values stored in the cred structure by other means.

The PAG value returned is of size 64 bits. The number of significant bits is determined by the requested PAG type. 32-bit PAGs have 32 significant bits. 64-bit PAGs have 62 significant bits.

A process must have root authority to invoke this function for 32-bit PAG types. Any process may invoke this function for 64-bit PAG types.

The pag_flags parameter with the value PAG_SET_VALUE causes the generated value to be atomically stored in the process's credentials. The pag_flags parameter with both the PAG_SET_VALUE and PAG_COPY_CRED values set causes the current process's credentials to be duplicated before the generated value is stored.

Parameters

Item Description
pag_name The name parameter is a 1 to 4 character, NULL terminated name for the PAG type. Typical values include afs, dfs, pki and krb5.
pag_value This pointer points to a buffer where the OS will return the newly generated PAG value.
pag_flags These flags control the behavior of the getpagvalue subroutine. This must be set to 0 or one or more of the values PAG_SET_VALUE or PAG_COPY_CRED.

Return Values

A value of 0 is returned upon successful completion. If the genpagvalue subroutine fails a value of -1 is returned and the errno global variable is set to indicate the error.

Error Codes

The genpagvalue subroutine fails if one or more of the following are true:
Item Description
EINVAL The PAG value cannot be generated because the named PAG type does not exist as part of the table.
EPERM The process does not have the correct authority to use the service.

Other errors might be set by subroutines invoked by the genpagvalue subroutine.