Q: Anyone have an RPG IV prototype example using either of these two APIs?
Syntax
#include
int qsysetuid(uid_t uid);
A: At one time, I wrote an RPG version of qsysetid.h (I called it QSYSETID_H)
I don't remember which prototypes have been tested in this source file and
which have not, but to the best of my knowledge, they are all correct.
My RPG member called QSYSETID_H follows:
/if defined(QSYSETID_H)
/eof
/endif
/define QSYSETID_H
D uid_t s 10U 0 based(template)
D gid_t s 10U 0 based(template)
D QSYSETID_NOCHANGE...
D c const(4294967295)
D qsysetuid PR 10I 0 extproc('qsysetuid')
D uid like(uid_t) value
D qsyseteuid PR 10I 0 extproc('qsyseteuid')
D uid like(uid_t) value
D qsysetreuid PR 10I 0 extproc('qsysetreuid')
D ruid like(uid_t) value
D euid like(uid_t) value
D qsysetgid PR 10I 0 extproc('qsysetgid')
D gid like(gid_t) value
D qsysetegid PR 10I 0 extproc('qsysetegid')
D gid like(gid_t) value
D qsysetregid PR 10I 0 extproc('qsysetregid')
D rgid like(gid_t) value
D egid like(gid_t) value
D qsygetgroups PR 10I 0 extproc('qsygetgroups')
D gidsize 10I 0 value
D grouplist like(gid_t)
D dim(32767)
D options(*varsize)
D qsysetgroups PR 10I 0 extproc('qsysetgroups')
D gidsize 10I 0 value
D grouplist like(gid_t)
D dim(32767)
D const
D options(*varsize)
Reply: Thanks. I will give it a shot. I'm trying to use these APIs to
extend adopted authority functionality to IFS files.
New reply:
Those APIs (qsysetuid(), et al) are designed to make it easier to convert
Unix programs to run on the iSeries. Since you're coding in RPG, that's
probably not where you're coming from.
You might find the Profile Handle or Profile Token APIs more intuitive for
your purposes, since you give them an actual user profile name rather than
a Unix uid/gid as input.
Just a thought.
Reply: Thanks again. I am actually trying to follow Carol Woodbury's
recommendations in 'Experts Guide to OS/400 & i5/OS Security' in which she
reviews the Profile Swap and Profile Token APIs as well as the UID and GID
API methods and recommends GID as her current favorite because it provides
temporary authority to the application objects for the current thread only.
Thanks to Scott Klement & Lorne
阅读(641) | 评论(0) | 转发(0) |
