Manualshelf

SPI Common Extensions Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series
51525354555657585960
Subsystem Control Point
SPI Common Extensions Manual427508-001
3-4
Message Validation
subsystem, the SCP process cancels the command. If the command message is in a
queue, it is deleted from the queue. No SPI response is returned.
All or part of a command might be executed before the command is canceled.
Management applications should inquire about objects that might have been affected
by the command message to determine whether more processing is required to
recover from the cancellation.
Message Validation
Before forwarding a command message to a subsystem or processing a command
directed to itself, the SCP process performs some additional command-message
validation.
Security Validation
If an application issues a sensitive command, the SCP process verifies that one of
these is true:
The application process access ID (PAID) group is the super group.
The application PAID group matches the PAID group or the creator access ID
(CAID) group of the target subsystem manager process.
If an application is improperly secured, the SCP process returns a response with the
error number ZCOM-ERR-SECUR-VIOL.
A subsystem can override SCP command-message security validation by returning
ZCOM-TKN-GETVSN-SECUR-SUPP with a value of ZCOM-VAL-SECUR-SUPP-
NONE in response to the GETVERSION command it receives from the SCP process.
If the subsystem does not return ZCOM-TKN-GETVSN-SECUR-SUPP, the SCP
process assumes the value ZCOM-VAL-SECUR-SUPP-ALL and performs command
security validation.
For more information, see Command Security
on page 5-8.
Version Validation
The SSPUT and SSPUTTKN procedures use the header token ZSPI-TKN-MAX-
FIELD-VERSION to keep track of the version of the most recently defined data field
inserted in a request buffer. The SCP process compares this version with the version
of the subsystem to which the request is to be sent. If the subsystem is older than any
field in a structure in the request, as reflected in ZSPI-TKN-MAX-FIELD-VERSION,
SCP rejects the request.
Requester Identification
Before forwarding a command message to a subsystem, an SCP process adds the
identity of the originator to the message so that the subsystem to which SCP sends the
message can identify the original requester.