[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Ftpapi] **EXTERNAL** Re: gsk_environment_init returns 6003



There were some security changes to the os mid release 7.3 that screwed up some ssl programming that used older connection methods that ibm removed

Get Outlook for Android


Mike Corbo | Sr. Programmer Project Leader | National Retail Systems, Inc. | 611 Rte 46W Hasbrouck Heights NJ 07604 | 201.330.1900 x2713 (ph) | | | www.nationalretailsystems.com

** This e‑mail message and all attachments transmitted may contain confidential information intended solely for the use of the addressee. If the reader of this message is not the intended recipient, you are hereby notified that any reading, dissemination, distribution, copying or other use of this message or its attachments is strictly prohibited.** 
  If you received this message in error please notify the sender immediately by telephone or by electronic mail and delete this message and all copies and backups thereof.

From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx <ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx> on behalf of Ball, Jonathan <Jonathan.Ball@xxxxxxxxxx>
Sent: Thursday, July 23, 2020 2:00:57 PM
To: FTPAPI/HTTPAPI mailing list <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [Ftpapi] **EXTERNAL** Re: gsk_environment_init returns 6003
 

Hello, Scott,

 

Thanks for the reply.

 

The strange thing is that on a 7.2 system, the function works even though the user has no authority whatever to the last directory in the path, nor to the two key files.  It is failing on a 7.4 system, where the user also has no authority to the last directory of the path nor to the files.  I reported it to IBM, and the engineer said the failure is the expected behavior.  We are unable to understand how it is working on 7.2.  I have to think the developer incorporated something in the code to “hide” some authority, but the developer has left the company and no one knows what might have been done.

 

From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx <ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx> On Behalf Of Scott Klement
Sent: Thursday, July 23, 2020 10:56 AM
To: ftpapi@xxxxxxxxxxxxxxxxxxxxxx
Subject: **EXTERNAL** Re: [Ftpapi] gsk_environment_init returns 6003

 

Hi Jonathan,

gsk_environment_init is an IBM-provided function, documented here: https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_74/apis/gsk_environment_init.htm

The documentation clearly states that it requires *R access to the certificate store file, and *X to each directory in the path name.  If this is working differently for you (I have not heard of the problem, myself) I would suggest reporting it to IBM.

I do not have the ability to troubleshoot or fix the internals of the operating system.

-SK

On 7/21/2020 7:19 PM, Ball, Jonathan wrote:

The user has no authority to the last element of the server store path:

/qibm/userdata/ICSS/Cert/Server

 

The user also lacks authority to the key files:
DEFAULT.KDB

DEFAULT.RDB

 

Public has *EXCLUDE to the Server directory and to the two files; has *RX for the rest of the path.

 

The strange thing is the permissions on the path elements and on the files are exactly the same on another system, and the user is able to complete the function.  The user has no elevated privileges group profile on either system, and is not one of the user profiles registered for QIBM_QSY_SYSTEM_CERT_STORE.

 

It seems to me the gsk_environment_init should fail for the user on both systems. 

 

Any help or advice appreciated.

 


The information contained in this message is confidential proprietary property of Nelnet, Inc. and its affiliated companies (Nelnet) and is intended for the recipient only. Any reproduction, forwarding, or copying without the express permission of Nelnet is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to this e-mail.
-- 
_______________________________________________
Ftpapi mailing list
Ftpapi@xxxxxxxxxxxxxxxxxxxxxx
http://scottklement.com/mailman/listinfo/ftpapi