Manualshelf

Subsystem Control Point (SCP) Management Programming Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series
41424344454647484950
SPI Programming Considerations for SCP
Subsystem Control Point (SCP) Management Programming Manual520619-001
3-5
Command-Message Validation
Command-Message Validation
Before forwarding a command message to another SCP process or processing a
command directed to itself, the SCP process performs additional command-message
validation.
Security Validation
An SCP process accepts a sensitive command only if one of these is true:
The requester’s process access ID (PAID) group is the super group.
The requester’s PAID group matches the PAID group or creator access ID (CAID)
group of the SCP process.
If an application is improperly secured, the SCP process returns a response containing
the error ZCOM-ERR-SECUR-VIOL.
A communications subsystem can override SCP command-message security validation
by returning ZCOM-TKN-GETVSN-SECUR-SUPP with a value of ZCOM-VAL-
SECUR-SUPP-NONE in response to the GETVERSION command it receives from the
SCP process. If the subsystem does not return ZCOM-TKN-GETVSN-SECUR-SUPP,
the SCP process assumes the value ZCOM-VAL-SECUR-SUPP-ALL and performs
command security validation.
Version Validation
The SSPUT and SSPUTTKN procedures use the header token ZSPI-TKN-MAX-
FIELD-VERSION to keep track of the version of the most recently defined data field
inserted in a request buffer. The SCP process compares this version with the version of
the subsystem to which the request is to be sent. If the subsystem is older than some data
definition in the request, as reflected in ZSPI-TKN-MAX-FIELD-VERSION, SCP
rejects the request.
Requester Identification
Before forwarding a command message to a subsystem, an SCP process adds the
identity of the originator to the message so that the subsystem to which SCP sends the
message can identify the original requester.
To messages bound for old subsystems, an SCP process adds ZCOM-MAP-REQID,
which contains the process ID (CRTPID) and process access ID (PAID) of the requester.
Every process has a unique, four-word CRTPID. The PAID represents the process
owner. The left byte of the PAID consists of the group number, and the right byte
consists of the user number.