- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: using sys$persona_create
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-07-2008 01:55 AM
тАО08-07-2008 01:55 AM
I am having problems using sys$persona_create to assign a username to a process. The calling process has SYSTEM privilege but sys$persona_create function is returning SS$_NOIMPERSONATE error! The SYSTEM privilege contains the IMPERSONATE privilege. Any suggestion will be helpfull.
Thanks
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-07-2008 02:24 AM
тАО08-07-2008 02:24 AM
Re: using sys$persona_create
How 'bout: -
$set proc/priv=impersonate
$set proc/priv=detach
Cheers Richard Maher
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-07-2008 02:34 AM
тАО08-07-2008 02:34 AM
Re: using sys$persona_create
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-07-2008 02:39 AM
тАО08-07-2008 02:39 AM
Re: using sys$persona_create
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-07-2008 04:29 AM
тАО08-07-2008 04:29 AM
Re: using sys$persona_create
int sts;
uint persona;
sts = sys$persona_create(
&persona,
opus_descrip(_username),
0,
0,
0);
if ((sts & 1) == 0)
{
set_error(sts);
return false;
}
sts = sys$persona_assume(
&persona,
0,
0);
if ((sts & 1) == 0)
{
set_error(sts);
return false;
}
This process is a server process with SYSTEM privilege (which include IMPERSONATE privilege).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-07-2008 04:36 AM
тАО08-07-2008 04:36 AM
Re: using sys$persona_create
How have you define the unsigned int ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-07-2008 04:40 AM
тАО08-07-2008 04:40 AM
SolutionImplement and issue a sys$setprv call and light up IMPERSONATE and enough to access SYSUAF (and check for errors from the call) -- or fetch the current privilege mask and see what privilege bits are lit -- just before the failing sys$persona_create call, and call us back with the results.
Don't assume it.
Here's an example program you can start with from within Jim Duff's stash of C code, if your current application code is larger and accordingly unwieldy:
http://www.eight-cubed.com/examples/framework.php?file=sys_persona.c
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-07-2008 06:16 AM
тАО08-07-2008 06:16 AM
Re: using sys$persona_create
When the client sends a "show proc/priv" to the server process it returns
User: System
Authorize privileges:
SETPRV ....
Process privileges:
...
impersonate
...
Process rights:
SYSTEM..
But when i check the process privilege in the code using sys$setprv it returns no privileges!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-07-2008 01:30 PM
тАО08-07-2008 01:30 PM
Re: using sys$persona_create
I think you need to show us exactly how this process is created. $CREPRC is a deceptively difficult service to use and get precisely the results you require, especially when it comes to quotas and privileges. Running LOGINOUT makes it even trickier.
There are a LOT of notes in the documentation, and numerous combinations of parameters, flags and other item list entities that don't make a whole lot of sense. Make sure you understand exactly what your resultant process should look like, and carefully read through the System Services Reference Manual to work out how to get there.
Be wary of just copying someone elses code without careful analysis and making sure you understand what it's doing. Note that in the official HP course teaching system service programming, there was a moderately serious bug in the $CREPRC example which was undetected for more than a decade. As far as I know it's still there.
I'd recommend starting by making the target image/procedure for your detached process just issue SHOW PROCESS commands to validate that you're getting exactly what you want from the $CREPRC, then worry about implementing more complex stuff like personae.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-08-2008 02:05 AM
тАО08-08-2008 02:05 AM
Re: using sys$persona_create
Look, I've attached a .COM file that may help. @(at) that with privs on then: -
$set proc/priv=(noall,sysprv)
$run become
and see if you get the same results as I do.
Cheers Richard Maher