IBM 2 Computer Hardware User Manual


 
CCA Release 2.54
logged on, and frees resources you were using in the host system and in the
Coprocessor.
Use of Logon Context Information
The Logon_Control verb offers the capability to save and restore logon context
information through the GET-CNTX and PUT-CNTX rule-array keywords.
The GET-CNTX keyword is used to retrieve a copy of your active logon context
information, which you can then store for subsequent use. The PUT-CNTX
keyword is used to make active previously stored context information. Note that
the Coprocessor is unaware of what thread, program, or process has initiated a
request. The host CCA code supplies session information from the active context
information in each request to the Coprocessor. The Coprocessor attempts to
match this information with information it has retained for its active sessions.
Unmatched session information will cause the Coprocessor to reject the associated
request.
As an example, consider a simple application which contains two programs,
LOGON and ENCRYPT:
The program LOGON logs you on to the Coprocessor using your passphrase.
The program ENCRYPT encrypts some data. The roles defined for your
system require you to be logged on in order to use the ENCIPHER function.
These two programs must use the GET-CNTX and PUT-CNTX keywords in order
to work properly. They should work as follows:
LOGON
1. Log the user on to the Coprocessor using CSUALCT verb with the
PPHRASE keyword.
2. Retrieve the logon context information using CSUALCT with the
GET-CNTX keyword.
3. Save the logon context information in a place that will be available
to the ENCIPHER program. This could be as simple as a disk file,
or it could be something more complicated such as shared memory
or a background process.
ENCRYPT
1. Retrieve the logon context information saved by the LOGON
program.
2. Restore the logon context information to the CCA API code using
the CSUALCT verb with the PUT-CNTX keyword.
3. Encipher the data.
Note: You should take care in storing the logon context information. Design your
software so that the saved context is protected from disclosure to others who may
be using the same computer. If someone is able to obtain your logon context
information, they may be able to impersonate you for the duration of your logon
session.
2-8 IBM 4758 CCA Basic Services, Release 2.54, February 2005