Override group profile - CPP
**
** Program . . : CBX128
** Description : Override group profile - CPP
** Author . . : Carsten Flensburg
** Published . : Club Tech iSeries Programming Tips Newsletter
** Date . . . : December 16, 2004
**
**
** Program summary
** ---------------
**
** Unix type APIs:
** getgrnam Get group information Returns a pointer to a structure
** using group name containing group profile name,
** group ID and a list of the user
** profiles that are members of
** the group - based on the group
** profile input parameter.
**
** getegid Get effective Returns the effective group ID -
** group ID the group profile under which the
** calling job is currently running.
** The effective gid of a thread may
** change while the thread is running.
**
** qsysetegid Set effective Sets the effective group
** group ID ID of the current job to
** the gid specified.
**
** MI builtins:
** _MODINVAU Modify invocation Sets the authority propagation
** authority attribute attribute for the current
** invocation of a program without
** affecting the program object
** permanently. The propagation
** attribute controls if adopted
** authority should be passed to
** programs higher in the call
** stack.
**
** Message handling API:
** QMHSNDPM Send program message Sends a message to a program stack
** entry (current, previous, etc.) or
** an external message queue.
**
** Both messages defined in a message
** file and immediate messages can be
** used. For specific message types
** only one or the other is allowed.
**
** Work management API:
** QUSRJOBI Retrieve job Retrieves specific information
** information about a specific job, covering
** all attributes and other state
** and runtime related information.
**
** Journal & commit API:
** QJOSJRNE Send journal entry Writes a single journal entry to a
** specific journal. The entry can
** contain any information. You can
** assign an entry type to the
** journal entry.
**
** Security-related APIs:
** QsyGenPrfTknE Verifies that the caller has authority to
** generate a profile token for the requested
** profile and then generates a profile token.
**
** This profile token can be passed to one or
** more additional processes which can then
** use it to perform tasks on behalf of the
** authenticated user.
**
** A maximum of approximately 2,000,000
** profile tokens can be generated on a
** system. At that point further profile
** tokens can only be generated after one
** or more tokens have been removed.
**
** APIs are available to remove all profile
** tokens generated for a specific user or
** systemwide: QsyRemoveAllPrfTknsForUser
** respectively QsyRemoveAllPrfTkns.
**
** Introduced on V5R1, the QsyGenPrfTkn API
** is available on V4R5.
**
** QsyChkPrfTknUser Verifies that the user profile associated
** with the token is the same as the current
** user profile. Introduced on V5R1.
**
** QsyGetPrfTknTimeOut Gets the number of seconds until a profile
** token is no longer valid.
**
** QsyRemovePrfTkn Removes the specified profile token. The
** profile token will no longer be valid for
** use with other profile token APIs.
**
**
** Authority and security restrictions:
** To successfully run this program *ALLOBJ special authority is
** necessary. The required authority can be obtained by means of
** adopted authority:
**
** - Change the program object's USRPRF attribute to *OWNER using
** the CHGPGM command.
**
** - Change the program object owner to QSECOFR using the CHGOBJOWN
** command.
**
** If you successfully follow the compile and setup instructions below,
** the program will be capable of performing the necessary operations.
**
** The adopted authority will not be propagated to higher invocation
** levels in the job running this program due to the propagation block
** enforced by the _MODINVAU MI builtin.
**
**
** Compile and setup instructions:
** CrtRpgMod Module( CBX128 )
** DbgView( *NONE )
** Aut( *USE )
**
** CrtPgm Pgm( CBX128 )
** Module( CBX128 )
** ActGrp( *NEW )
** UsrPrf( *OWNER )
** Aut( *USE )
**
** ChgObjOwn Obj( CBX128 )
** ObjType( *PGM )
** NewOwn( QSECOFR )
**
** ChgPgm Pgm( CBX128 )
** RmvObs( *ALL )
**
**
**-- Control specifications: -------------------------------------------**
H Option( *SrcStmt ) BndDir( 'QC2LE' )
**-- API error information:
D ERRC0100 Ds Qualified
D BytPro 10i 0 Inz( %Size( ERRC0100 ))
D BytAvl 10i 0
D MsgId 7a
D 1a
D MsgDta 256a
**-- System information:
D PgmSts SDs Qualified
D PgmNam *Proc
D MsgId 7a Overlay( PgmSts: 40 )
D Msg 80a Overlay( PgmSts: 91 )
D CurJob 10a Overlay( PgmSts: 244 )
D UsrPrf 10a Overlay( PgmSts: 254 )
D JobNbr 6a Overlay( PgmSts: 264 )
D CurUsr 10a Overlay( PgmSts: 358 )
**-- group structure:
D Group Ds Based( pGroup ) Align
D gr_name *
D gr_gid 10u 0
D gr_mbr *
**-- Global variables:
D rc s 10i 0
D egid_t s 10i 0
D gid_t s 10i 0
D PrfChk s 10i 0
D TknTmo s 10i 0
**
D MsgKey s 4a
D RtnCod s 1a
**-- _MODINVAU constants:
D ADP_AUT_PPG c x'00'
D ADP_AUT_BLK c x'01'
**-- Get group information using group name:
D getgrnam Pr * ExtProc( 'getgrnam' )
D * Value Options( *String )
**-- Get effective group ID:
D getegid Pr 10i 0 ExtProc( 'getegid' )
**-- Set effective group ID:
D setegid Pr 10i 0 ExtProc( 'qsysetegid' )
D 10u 0 Value
**-- Check profile token user:
D ChkPrfTkn Pr ExtProc( 'QsyChkPrfTknUser' )
D CtChkRes 10i 0
D CtPrfTkn 32a Const
D CtError 32767a Options( *VarSize )
**-- Get profile token time out:
D GetTknTmo Pr ExtProc( 'QsyGetPrfTknTimeOut' )
D GtTknTmo 10i 0
D GtPrfTkn 32a Const
D GtError 32767a Options( *VarSize )
**-- Remove profile token:
D RmvPrfTkn Pr ExtProc( 'QsyRemovePrfTkn' )
D RtPrfTkn 32a Const
D RtError 32767a Options( *VarSize )
**-- Error number:
D sys_errno Pr * ExtProc( '__errno' )
**-- Error string:
D sys_strerror Pr * ExtProc( 'strerror' )
D errno 10i 0 Value
**-- Modify invocation authority attribute:
D ModInvAutA Pr ExtProc( '_MODINVAU' )
D MiAutAtr 1a Const
**-- Command entry:
D CmdEntry Pr ExtPgm( 'QCMD' )
**-- Retrieve job information:
D RtvJobInf Pr ExtPgm( 'QUSRJOBI' )
D JiRcvVar 32767a Options( *VarSize )
D JiRcvVarLen 10i 0 Const
D JiFmtNam 8a Const
D JiJobNamQ 26a Const
D JiJobIntId 16a Const
D JiError 32767a Options( *NoPass: *VarSize )
D JiRstStc 1a Options( *NoPass )
**-- Send program message:
D SndPgmMsg Pr ExtPgm( 'QMHSNDPM' )
D SpMsgId 7a Const
D SpMsgFq 20a Const
D SpMsgDta 128a Const
D SpMsgDtaLen 10i 0 Const
D SpMsgTyp 10a Const
D SpCalStkE 10a Const Options( *VarSize )
D SpCalStkCtr 10i 0 Const
D SpMsgKey 4a
D SpError 32767a Options( *VarSize )
**-- Send journal entry:
D SndJrnE Pr ExtPgm( 'QJOSJRNE' )
D SjJrnNamQ 20a Const
D SjJrnEntInf 4096a Const Options( *VarSize )
D SjEntDta 32766a Const Options( *VarSize )
D SjEntDtaLen 10i 0 Const
D SjError 32767a Options( *VarSize )
**
D JrnEntInf Ds Qualified
D InfEntRcds 10i 0 Inz( 1 )
D InfKey 10i 0 Inz( 1 )
D InfLen 10i 0 Inz( %Size( JrnEntInf.InfDta ))
D InfDta 2a
**
D JrnEntA2 Ds Qualified
D GrpPrf 10a
D AutCod 10a
D Reason 256a
**
D JrnEntA3 Ds Qualified
D GrpPrf 10a
D AutCod 10a
D RtnCod 1a
**-- Send diagnostic message:
D SndDiagMsg Pr 10i 0
D PxMsgDta 512a Const Varying
**-- Send escape message:
D SndEscMsg Pr 10i 0
D PxMsgDta 512a Const Varying
**-- Send completion message:
D SndCmpMsg Pr 10i 0
D PxMsgDta 512a Const Varying
**-- Send completion message:
D SndRqsMsg Pr 10i 0
D PxMsgDta 512a Const Varying
**-- Error identification:
D errno Pr 10i 0
D strerror Pr 128a Varying
**-- Entry parameters:
D CBX128 Pr
D PxGrpPrf 10a Varying
D PxAutCod 10a
D PxReason 256a Varying
D PxPrfTkn 32a
**
D CBX128 Pi
D PxGrpPrf 10a Varying
D PxAutCod 10a
D PxReason 256a Varying
D PxPrfTkn 32a
/Free
RtnCod = '0';
JrnEntInf.InfDta = 'A2';
JrnEntA2.GrpPrf = PxGrpPrf;
JrnEntA2.AutCod = PxAutCod;
JrnEntA2.Reason = PxReason;
SndJrnE( 'QAUDJRN *LIBL '
: JrnEntInf
: JrnEntA2
: %Size( JrnEntA2 )
: ERRC0100
);
ChkPrfTkn( PrfChk: PxPrfTkn: ERRC0100 );
If ERRC0100.BytAvl > *Zero Or PrfChk = *Zero;
RtnCod = '1';
Else;
GetTknTmo( TknTmo: PxPrfTkn: ERRC0100 );
If ERRC0100.BytAvl > *Zero Or TknTmo = *Zero;
RtnCod = '2';
EndIf;
EndIf;
RmvPrfTkn( PxPrfTkn: ERRC0100 );
If RtnCod > '0';
SndDiagMsg( 'Unauthorized program interface.' );
Else;
egid_t = getegid();
pGroup = getgrnam( PxGrpPrf );
If pGroup = *Null;
RtnCod = '3';
SndDiagMsg( 'Group profile ' + PxGrpPrf + ' does not exist.' );
Else;
If setegid( gr_gid ) = -1;
RtnCod = '4';
SndDiagMsg( %Char( errno ) + ': ' + strerror );
Else;
SndRqsMsg( '/*-- Group profile override currently active --*/' );
ModInvAutA( ADP_AUT_BLK );
CallP(e) CmdEntry();
If %Error;
RtnCod = '5';
EndIf;
ModInvAutA( ADP_AUT_PPG );
rc = setegid( egid_t );
SndCmpMsg( 'OVRGRPPRF command ended normally.' );
EndIf;
EndIf;
EndIf;
JrnEntInf.InfDta = 'A3';
JrnEntA3.GrpPrf = PxGrpPrf;
JrnEntA3.AutCod = PxAutCod;
JrnEntA3.RtnCod = RtnCod;
SndJrnE( 'QAUDJRN *LIBL '
: JrnEntInf
: JrnEntA3
: %Size( JrnEntA3 )
: ERRC0100
);
If RtnCod > '0';
SndEscMsg( 'OVRGRPPRF command ended in error' );
EndIf;
Return;
/End-Free
**-- Get runtime error number: -----------------------------------------**
P errno B
D Pi 10i 0
**
D Error s 10i 0 Based( pError ) NoOpt
/Free
pError = sys_errno;
Return Error;
/End-Free
P Errno E
**-- Get runtime error text: -------------------------------------------**
P strerror B
D Pi 128a Varying
/Free
Return %Str( sys_strerror( Errno ));
/End-Free
P strerror E
**-- Send diagnostic message: ------------------------------------------**
P SndDiagMsg B
D Pi 10i 0
D PxMsgDta 512a Const Varying
/Free
SndPgmMsg( 'CPF9897'
: 'QCPFMSG *LIBL'
: PxMsgDta
: %Len( PxMsgDta )
: '*DIAG'
: '*PGMBDY'
: 1
: MsgKey
: ERRC0100
);
If ERRC0100.BytAvl > *Zero;
Return -1;
Else;
Return 0;
EndIf;
/End-Free
P SndDiagMsg E
**-- Send escape message: ----------------------------------------------**
P SndEscMsg B
D Pi 10i 0
D PxMsgDta 512a Const Varying
/Free
SndPgmMsg( 'CPF9898'
: 'QCPFMSG *LIBL'
: PxMsgDta
: %Len( PxMsgDta )
: '*ESCAPE'
: '*PGMBDY'
: 1
: MsgKey
: ERRC0100
);
If ERRC0100.BytAvl > *Zero;
Return -1;
Else;
Return 0;
EndIf;
/End-Free
P SndEscMsg E
**-- Send completion message: ------------------------------------------**
P SndCmpMsg B
D Pi 10i 0
D PxMsgDta 512a Const Varying
/Free
SndPgmMsg( 'CPF9897'
: 'QCPFMSG *LIBL'
: PxMsgDta
: %Len( PxMsgDta )
: '*COMP'
: '*PGMBDY'
: 1
: MsgKey
: ERRC0100
);
If ERRC0100.BytAvl > *Zero;
Return -1;
Else;
Return 0;
EndIf;
/End-Free
**
P SndCmpMsg E
**-- Send request message: ---------------------------------------------**
P SndRqsMsg B
D Pi 10i 0
D PxMsgDta 512a Const Varying
/Free
SndPgmMsg( *Blanks
: *Blanks
: PxMsgDta
: %Len( PxMsgDta )
: '*RQS'
: '*EXT'
: *Zero
: MsgKey
: ERRC0100
);
If ERRC0100.BytAvl > *Zero;
Return -1;
Else;
Return 0;
EndIf;
/End-Free
**
P SndRqsMsg E
**
** Program . . : CBX128V
** Description : Override group profile - VCP
** Author . . : Carsten Flensburg
** Published . : Club Tech iSeries Programming Tips Newsletter
** Date . . . : December 16, 2004
**
**
** Program description:
** This program checks the existence of the specified group profile,
** verifies the QSECOFR ownership of the utility validation list, e
** the existence of the system audit journal QAUDJRN as well as the
** validity of the specified authorization code.
**
**
** Compile options:
** CrtRpgMod Module( CBX128V )
** DbgView( *NONE )
** Aut( *USE )
**
** CrtPgm Pgm( CBX128V )
** Module( CBX128V )
** ActGrp( *NEW )
** UsrPrf( *OWNER )
** Aut( *USE )
**
** ChgObjOwn Obj( CBX128V )
** ObjType( *PGM )
** NewOwn( QSECOFR )
**
** ChgPgm Pgm( CBX128V )
** RmvObs( *ALL )
**
**
**
**-- Control specification: --------------------------------------------**
H Option( *SrcStmt )
**-- System information:
D PgmSts SDs Qualified
D PgmNam *Proc
D CurJob 10a Overlay( PgmSts: 244 )
D UsrPrf 10a Overlay( PgmSts: 254 )
D JobNbr 6a Overlay( PgmSts: 264 )
D CurUsr 10a Overlay( PgmSts: 358 )
**-- API error data structure:
D ERRC0100 Ds Qualified
D BytPrv 10i 0 Inz( %Size( ERRC0100 ))
D BytAvl 10i 0
D MsgId 7a
D 1a
D MsgDta 512a
**-- Global constants:
D VLD_LST c 'CBX128L'
D QSY_IN_VLDL c 0
D QSY_SYSTEM_ATTR...
D c 0
**-- Global variables:
D AtrDta Ds Qualified
D CrtDat 8a
D LstVfyDat 8a
D PwdChgDat 8a
D InvPwdCnt 10i 0
**
D UsrDta s 128a
**-- Validation list attribute data:
D Qsy_Attr_Info_T...
D Ds Qualified
D Number_Attrs 10i 0 Inz( 1 )
D Res_align 12a
D Attr_Descr LikeDs( Qsy_Attr_Descr_T )
D Inz( *LikeDs )
**
D Qsy_Attr_Descr_T...
D Ds Qualified
D Attr_Location 10i 0 Inz( QSY_IN_VLDL )
D Attr_Type 10i 0 Inz( QSY_SYSTEM_ATTR )
D Attr_Res 8a Inz( *Allx'00' )
D Attr_ID_p *
D Attr_Other_Descr...
D 32a Inz( *Allx'00' )
D Attr_Data_Info...
D 96a
D Attr_VLDL LikeDs( Qsy_In_VLDL_T )
D Overlay( Attr_Data_Info: 1 )
D Inz( *LikeDs )
D Attr_In_Other...
D 96a Overlay( Attr_Data_Info: 1 )
D 64a Overlay( Attr_In_Other: 33 )
D Inz( *Allx'00' )
D Attr_Other_Data...
D 32a Inz( *Allx'00' )
**
D Qsy_In_VLDL_T Ds Qualified
D Attr_CCSID 10i 0 Inz( -1 )
D Attr_Len 10i 0 Inz( 1 )
D Attr_Res_1 8a Inz( *Allx'00' )
D Attr_Value_p *
**
D Qsy_Rtn_VLDL_Attr_T...
D Ds Qualified
D Bytes_Returned...
D 10i 0
D Bytes_Available...
D 10i 0
D Attr_Len 10i 0
D Attr_CCSID 10u 0
D Attr_Data LikeDs( Qsy_Rtn_Entry_Usage_Attr_T )
**
D Qsy_Rtn_Entry_Usage_Attr_T...
D Ds
D Create_Date 8a
D Last_Used_Date...
D 8a
D Encr_Data_Chg_Date...
D 8a
D Not_Valid_Verify_Count...
D 10i 0
**-- Validation list return data:
D Qsy_Rtn_Vld_Lst_Ent_T...
D Ds Qualified
D Entry_ID_Info LikeDs( Qsy_Entry_ID_Info_T )
D Encr_Data_Info...
D LikeDs( Qsy_Entry_Encr_Data_Info_T )
D Entry_Data_Info...
D LikeDs( Qsy_Entry_Data_Info_T )
D 4a
D AtrPtr *
**
D Qsy_Entry_ID_Info_T...
D Ds
D Entry_ID_Len 10i 0
D Entry_ID_CCSID...
D 10i 0 Inz( 65535 )
D Entry_ID 100a
**
D Qsy_Entry_Encr_Data_Info_T...
D Ds
D Encr_Data_Len 10i 0
D Encr_Data_CCSID...
D 10i 0 Inz( 65535 )
D Encr_Data 600a
**
D Qsy_Entry_Data_Info_T...
D Ds
D Entry_Data_Len...
D 10i 0
D Entry_Data_CCSID...
D 10i 0
D Entry_Data 1000a
**-- Retrieve object description:
D RtvObjD Pr ExtPgm( 'QUSROBJD' )
D RoRcvVar 32767a Options( *VarSize )
D RoRcvVarLen 10i 0 Const
D RoFmtNam 8a Const
D RoObjNamQ 20a Const
D RoObjTyp 10a Const
D RoError 32767a Options( *VarSize )
**-- Send program message:
D SndPgmMsg Pr ExtPgm( 'QMHSNDPM' )
D SpMsgId 7a Const
D SpMsgFq 20a Const
D SpMsgDta 128a Const
D SpMsgDtaLen 10i 0 Const
D SpMsgTyp 10a Const
D SpCalStkE 10a Const Options( *VarSize )
D SpCalStkCtr 10i 0 Const
D SpMsgKey 4a
D SpError 1024a Options( *VarSize )
**-- Find validation list entry:
D FndVldLst Pr 10i 0 ExtProc( 'QsyFindValidation+
D LstEntry' )
D FvLstNam 20a Const
D FvEntId * Value
D FvRtnDta * Value
**-- Find validation list entry attributes:
D FndVldLstAtr Pr 10i 0 ExtProc( 'QsyFindValidation+
D LstEntryAttrs' )
D FvLstNam 20a Const
D FvEntId * Value
D FvRtnDta * Value
D FvAtrInf * Value
**-- Verify validation list entry:
D VfyVldLst Pr 10i 0 ExtProc( 'QsyVerifyValidation+
D LstEntry' )
D VvLstNam 20a Const
D VvEntId * Value
D VvEncDta * Value
**-- Generate profile token:
D GenPrfTkn Pr ExtProc( 'QsyGenPrfTkn' )
D GtPrfTkn 32a
D GtUsrPrf 10a Const
D GtPwd 512a Const Options( *VarSize )
D GtTimOutInt 10i 0 Const
D GtPrtTknTyp 1a Const
D GtError 32767a Options( *VarSize )
**-- Check object existence:
D ChkObj Pr 10a
D RaObjNam 10a Const
D RaObjLib 10a Const
D RaObjTyp 10a Const
**-- Get object owner:
D GetObjOwn Pr 10a
D PxObjNam 10a Const
D RaObjLib 10a Const
D PxObjTyp 10a Const
**-- Verify user password:
D VfyUsrPwd Pr 10i 0
D PxVldLst 10a Const
D PxVldLstLib 10a Const
D PxUsrId 20a Const
D PxUsrPwd 10a Const
**-- Get usage information:
D GetUsgInf Pr 28a
D PxVldLst 10a Const
D PxVldLstLib 10a Const
D PxUsrId 20a Const
**-- Get user data:
D GetUsrDta Pr 1000a Varying
D PxVldLst 10a Const
D PxVldLstLib 10a Const
D PxUsrId 20a Const
**-- Send diagnostic message:
D SndDiagMsg Pr 10i 0
D PxMsgId 7a Const
D PxMsgDta 512a Const Varying
**-- Send escape message:
D SndEscMsg Pr 10i 0
D PxMsgId 7a Const
D PxMsgDta 512a Const Varying
**-- Entry parameters:
D CBX128V Pr
D PxGrpPrf 10a Varying
D PxAutCod 10a
D PxReason 256a Varying
D PxPrfTkn 32a
**
D CBX128V Pi
D PxGrpPrf 10a Varying
D PxAutCod 10a
D PxReason 256a Varying
D PxPrfTkn 32a
/Free
Select;
When ChkObj( PxGrpPrf: '*LIBL': '*USRPRF' ) = *Off;
SndDiagMsg( 'CPD0006': '0000Group profile does not exist.' );
SndEscMsg( 'CPF0002': '' );
When ChkObj( 'QAUDJRN': '*LIBL': '*JRN' ) = *Off;
SndDiagMsg( 'CPD0006': '0000Invalid configuration. Error code 01.' );
SndEscMsg( 'CPF0002': '' );
When GetObjOwn( VLD_LST: '*LIBL': '*VLDL' ) <> 'QSECOFR';
SndDiagMsg( 'CPD0006': '0000Invalid configuration. Error code 02.' );
SndEscMsg( 'CPF0002': '' );
Other;
// Remove the following condition if appropriate:
If PxAutCod <> '*NONE';
ExSr ChkVldLst;
EndIf;
GenPrfTkn( PxPrfTkn
: PgmSts.UsrPrf
: '*NOPWDCHK'
: 10
: '1'
: ERRC0100
);
EndSl;
*InLr = *On;
Return;
BegSr ChkVldLst;
AtrDta = GetUsgInf( VLD_LST
: '*LIBL'
: PgmSts.UsrPrf + PxGrpPrf
);
If AtrDta = *Blanks Or AtrDta.InvPwdCnt > 3;
SndDiagMsg( 'CPD0006': '0000Invalid authorization code.' );
SndEscMsg( 'CPF0002': '' );
EndIf;
UsrDta = GetUsrDta( VLD_LST
: '*LIBL'
: PgmSts.UsrPrf + PxGrpPrf
);
Test(ze) UsrDta;
If %Error Or %Timestamp() > %Timestamp( UsrDta );
SndDiagMsg( 'CPD0006': '0000Authorization code expired.' );
SndEscMsg( 'CPF0002': '' );
EndIf;
If VfyUsrPwd( VLD_LST
: '*LIBL'
: PgmSts.UsrPrf + PxGrpPrf
: PxAutCod
) < *Zero;
SndDiagMsg( 'CPD0006': '0000Invalid authorization code.' );
SndEscMsg( 'CPF0002': '' );
EndIf;
EndSr;
/End-Free
**-- Check object existence: -------------------------------------------**
P ChkObj B Export
D Pi 10a
D RaObjNam 10a Const
D RaObjLib 10a Const
D RaObjTyp 10a Const
**
D OBJD0100 Ds Qualified
D BytRtn 10i 0
D BytAvl 10i 0
D ObjNam 10a
D ObjLib 10a
D ObjTyp 10a
/Free
RtvObjD( OBJD0100
: %Size( OBJD0100 )
: 'OBJD0100'
: RaObjNam + RaObjLib
: RaObjTyp
: ERRC0100
);
If ERRC0100.BytAvl > *Zero;
Return *Off;
Else;
Return *On;
EndIf;
/End-Free
P ChkObj E
**-- Get object owner: -------------------------------------------------**
P GetObjOwn B Export
D Pi 10a
D RaObjNam 10a Const
D RaObjLib 10a Const
D PxObjTyp 10a Const
**
D OBJD0100 Ds Qualified
D BytRtn 10i 0
D BytAvl 10i 0
D ObjNam 10a
D ObjLib 10a
D ObjTyp 10a
D ObjLibRt 10a
D ObjASP 10i 0
D ObjOwn 10a
D ObjDmn 2a
/Free
RtvObjD( OBJD0100
: %Size( OBJD0100 )
: 'OBJD0100'
: RaObjNam + RaObjLib
: PxObjTyp
: ERRC0100
);
If ERRC0100.BytAvl > *Zero;
Return *Blanks;
Else;
Return OBJD0100.ObjOwn;
EndIf;
/End-Free
P GetObjOwn E
**-- Send diagnostic message: ------------------------------------------**
P SndDiagMsg B
D Pi 10i 0
D PxMsgId 7a Const
D PxMsgDta 512a Const Varying
**
D MsgKey s 4a
/Free
SndPgmMsg( PxMsgId
: 'QCPFMSG *LIBL'
: PxMsgDta
: %Len( PxMsgDta )
: '*DIAG'
: '*PGMBDY'
: 1
: MsgKey
: ERRC0100
);
If ERRC0100.BytAvl > *Zero;
Return -1;
Else;
Return 0;
EndIf;
/End-Free
P SndDiagMsg E
**-- Send escape message: ----------------------------------------------**
P SndEscMsg B
D Pi 10i 0
D PxMsgId 7a Const
D PxMsgDta 512a Const Varying
**
D MsgKey s 4a
/Free
SndPgmMsg( PxMsgId
: 'QCPFMSG *LIBL'
: PxMsgDta
: %Len( PxMsgDta )
: '*ESCAPE'
: '*PGMBDY'
: 1
: MsgKey
: ERRC0100
);
If ERRC0100.BytAvl > *Zero;
Return -1;
Else;
Return 0;
EndIf;
/End-Free
P SndEscMsg E
**-- Verify user password: ---------------------------------------------**
P VfyUsrPwd B Export
D Pi 10i 0
D PxVldL 10a Const
D PxVldLlib 10a Const
D PxUsrId 20a Const
D PxUsrPwd 10a Const
/Free
Reset Qsy_Entry_ID_Info_T;
Reset Qsy_Entry_Encr_Data_Info_T;
Qsy_Entry_ID_Info_T.Entry_ID = PxUsrId;
Qsy_Entry_ID_Info_T.Entry_ID_Len = %Size( PxUsrId );
Qsy_Entry_Encr_Data_Info_T.Encr_Data = PxUsrPwd;
Qsy_Entry_Encr_Data_Info_T.Encr_Data_Len = %Len( %TrimR( PxUsrPwd ));
Return VfyVldLst( PxVldL + PxVldLlib
: %Addr( Qsy_Entry_ID_Info_T )
: %Addr( Qsy_Entry_Encr_Data_Info_T )
);
/End-Free
P VfyUsrPwd E
**-- Get usage information: --------------------------------------------**
P GetUsgInf B Export
D Pi 28a
D PxVldL 10a Const
D PxVldLlib 10a Const
D PxUsrId 20a Const
/Free
Reset Qsy_Entry_ID_Info_T;
Reset Qsy_Entry_Encr_Data_Info_T;
Qsy_Entry_ID_Info_T.Entry_ID = PxUsrId;
Qsy_Entry_ID_Info_T.Entry_ID_Len = %Size( PxUsrId );
Qsy_Attr_Info_T.Attr_Descr.Attr_ID_p = %Alloc( 14 );
%Str( Qsy_Attr_Info_T.Attr_Descr.Attr_ID_p: 14 ) = 'QsyEntryUsage';
Qsy_Attr_Info_T.Attr_Descr.Attr_VLDL.Attr_Len =
%Size( Qsy_Rtn_VLDL_Attr_T );
Qsy_Attr_Info_T.Attr_Descr.Attr_VLDL.Attr_Value_p =
%Addr( Qsy_Rtn_VLDL_Attr_T );
If FndVldLstAtr( PxVldL + PxVldLlib
: %Addr( Qsy_Entry_ID_Info_T )
: %Addr( Qsy_Rtn_Vld_Lst_Ent_T )
: %Addr( Qsy_Attr_Info_T )
) = -1;
Return *Blanks;
Else;
Return %SubSt( Qsy_Rtn_VLDL_Attr_T.Attr_Data
: 1
: Qsy_Rtn_VLDL_Attr_T.Attr_Len
);
EndIf;
/End-Free
P GetUsgInf E
**-- Get user data: ----------------------------------------------------**
P GetUsrDta B Export
D Pi 1000a Varying
D PxVldL 10a Const
D PxVldLlib 10a Const
D PxUsrId 20a Const
/Free
Reset Qsy_Entry_ID_Info_T;
Qsy_Entry_ID_Info_T.Entry_ID = PxUsrId;
Qsy_Entry_ID_Info_T.Entry_ID_Len = %Size( PxUsrId );
If FndVldLst( PxVldL + PxVldLlib
: %Addr( Qsy_Entry_ID_Info_T )
: %Addr( Qsy_Rtn_Vld_Lst_Ent_T )
) = -1;
Return '';
Else;
Return %SubSt( Qsy_Rtn_Vld_Lst_Ent_T.Entry_Data_Info.Entry_Data
: 1
: Qsy_Rtn_Vld_Lst_Ent_T.Entry_Data_Info.Entry_Data_Len
);
EndIf;
/End-Free
P GetUsrDta E
/*-------------------------------------------------------------------*/
/* */
/* Program . . : CBX128M */
/* Description : Override group profile - setup */
/* Author . . : Carsten Flensburg */
/* Published . : Club Tech iSeries Programming Tips Newsletter */
/* Date . . . : December 16, 2004 */
/* */
/* */
/* Program function: Compiles, creates and configures all the */
/* OVRGRPPRF command objects. */
/* */
/* This program expects a single parameter */
/* specifying the library to contain the */
/* command objects. */
/* */
/* Object sources must exist in the respective */
/* source type default source files in the */
/* command object library. */
/* */
/* Requirements: This program must be run by a user profile */
/* having *ALLOBJ special authority. */
/* */
/* The system audit journal QAUDJRN must exist */
/* for this utility to run successfully. */
/* */
/* */
/* Compile options: */
/* CrtClPgm Pgm( CBX128M ) */
/* SrcFile( QCLSRC ) */
/* SrcMbr( *PGM ) */
/* */
/*-------------------------------------------------------------------*/
Pgm &UtlLib
Dcl &UtlLib *Char 10
MonMsg CPF0000 *N GoTo Error
ChkObj QAUDJRN *JRN
CrtRpgMod &UtlLib/CBX128 +
SrcFile( &UtlLib/QRPGLESRC ) +
SrcMbr( *Module ) +
DbgView( *NONE ) +
Aut( *USE )
CrtPgm &UtlLib/CBX128 +
Module( CBX128 ) +
ActGrp( *NEW ) +
UsrPrf( *OWNER ) +
Aut( *USE )
ChgObjOwn Obj( &UtlLib/CBX128 ) +
ObjType( *PGM ) +
NewOwn( QSECOFR )
ChgPgm Pgm( &UtlLib/CBX128 ) +
RmvObs( *ALL )
CrtRpgMod &UtlLib/CBX128V +
SrcFile( &UtlLib/QRPGLESRC ) +
SrcMbr( *Module ) +
DbgView( *NONE ) +
Aut( *USE )
CrtPgm &UtlLib/CBX128V +
Module( CBX128V ) +
ActGrp( *NEW ) +
UsrPrf( *OWNER ) +
Aut( *USE )
ChgObjOwn Obj( &UtlLib/CBX128V ) +
ObjType( *PGM ) +
NewOwn( QSECOFR )
ChgPgm Pgm( &UtlLib/CBX128V ) +
RmvObs( *ALL )
CrtPnlGrp &UtlLib/CBX128H +
SrcFile( &UtlLib/QPNLSRC ) +
SrcMbr( *PNLGRP )
CrtCmd Cmd( &UtlLib/OVRGRPPRF ) +
Pgm( CBX128 ) +
SrcFile( &UtlLib/QCMDSRC ) +
SrcMbr( CBX128X ) +
VldCkr( CBX128V ) +
Allow( *INTERACT ) +
HlpPnlGrp( CBX128H ) +
HlpId( *CMD ) +
Aut( *EXCLUDE )
CrtVldL VldL( &UtlLib/CBX128L )
ChgObjOwn Obj( &UtlLib/CBX128L ) +
ObjType( *VLDL ) +
NewOwn( QSECOFR )
SndPgmMsg Msg( 'Command OVRGRPPRF has been' *Bcat +
'successfully created in library' *Bcat +
&UtlLib *Tcat +
'.' ) +
MsgType( *COMP )
Return
/*-- Error handling: -----------------------------------------------*/
Error:
Call QMHMOVPM ( ' ' +
'*DIAG' +
x'00000001' +
'*PGMBDY' +
x'00000001' +
x'0000000800000000' +
)
Call QMHRSNEM ( ' ' +
x'0000000800000000' +
)
EndPgm:
EndPgm
/*-------------------------------------------------------------------*/
/* */
/* Compile options: */
/* */
/* CrtCmd Cmd( OVRGRPPRF ) */
/* Pgm( CBX128 ) */
/* SrcMbr( CBX128X ) */
/* VldCkr( CBX128V ) */
/* Allow( *INTERACT ) */
/* HlpPnlGrp( CBX128H ) */
/* HlpId( *CMD ) */
/* Aut( *EXCLUDE ) */
/* */
/* */
/* Authorize user profiles to command: */
/* */
/* GrtObjAut Obj( OVRGRPPRF ) */
/* ObjType( *CMD ) */
/* User( ) */
/* Aut( *USE ) */
/* */
/* - Or use the EDTOBJAUT command: */
/* */
/* EdtObjAut Obj( OVRGRPPRF ) */
/* ObjType( *CMD ) */
/* */
/* */
/*-------------------------------------------------------------------*/
Cmd Prompt( 'Override Group Profile' )
PARM GRPPRF *Sname 10 +
Min( 1 ) +
Vary( *YES *INT2 ) +
Expr( *YES ) +
Prompt( 'Group profile' )
PARM AUTCOD *Char 10 +
Min( 1 ) +
Expr( *YES ) +
Prompt( 'Authorization code' )
PARM REASON *Char 256 +
Min( 1 ) +
Vary( *YES *INT2 ) +
Expr( *YES ) +
Case( *MIXED ) +
Prompt( 'Reason' )
PARM PRFTKN *Char 32 +
Constant( '*PRFTKN' )
.*-----------------------------------------------------------------------**
.*
.* Compile options:
.*
.* CrtPnlGrp PnlGrp( CBX128H )
.* SrcFile( QPNLSRC )
.* SrcMbr( *PNLGRP )
.*
.*-----------------------------------------------------------------------**
:PNLGRP.
:HELP NAME='OVRGRPPRF'.Override Group Profile - Help
:P.
The Override Group Profile (OVRGRPPRF) command temporarily replaces the
current job's primary group profile with the specified group profile.
During this replacement, any special or object authority coming from
the replaced group profile is suspended, and likewise any object or
special authority provided by the new group profile is activated while
the override is in effect.
:P.
Due to the system authorization algorithm, private authority is always
resolved before group authority when the system performs an authority
lookup. This has the effect that a user's private authority to an
object always will take precedence over the group's authority,
regardless of the privileges held by the group profile.
:P.
:NT.
All *EXCLUDE private object authorities held by the user running this
command will remain in effect during the override, and the user will
not be able to access these objects, even if the group profile is being
overriden to a group profile having *ALLOBJ special authority.
:ENT.
:NT.
System audit journal QAUDJRN must exist for the OVRGRPPRF command to
run successfully.
:ENT.
:P.
:HP2.Restriction&COLON.:EHP2. This command can only be run in an
interactive environment.
:P.
:EHELP.
:HELP NAME='OVRGRPPRF/GRPPRF'.Group profile (GRPPRF) - Help
:XH3.Group profile (GRPPRF)
:P.
The name of the group profile that the current job should temporarily
have its primary group profile replaced by.
:P.
This is a required parameter.
:P.
:EHELP.
:HELP NAME='OVRGRPPRF/AUTCOD'.Authorization code (AUTCOD) - Help
:XH3.Authorization code (AUTCOD)
:P.
Specify the authorization code that was issued by the security officer
to approve the change of current group profile.
:P.
This is a required parameter.
:P.
:EHELP.
:HELP NAME='OVRGRPPRF/REASON'.Reason (REASON) - Help
:XH3.Reason (REASON)
:P.
Specify the reason for the requested change of current group profile.
:P.
This is a required parameter.
:P.
:EHELP.
:EPNLGRP.
Thanks to Carsten Flensburg writing for
Club Tech iSeries Programming Tips Newsletter
阅读(1169) | 评论(0) | 转发(0) |
