Chinaunix首页 | 论坛 | 博客
  • 博客访问: 1298615
  • 博文数量: 287
  • 博客积分: 11000
  • 博客等级: 上将
  • 技术积分: 3833
  • 用 户 组: 普通用户
  • 注册时间: 2007-08-16 08:43
文章分类
文章存档

2013年(15)

2012年(17)

2011年(17)

2010年(135)

2009年(85)

2008年(18)

分类: 系统运维

2010-06-04 17:05:54

Override group profile - CPP


     **
     **  Program . . : CBX128
     **  Description : Override group profile - CPP
     **  Author  . . : Carsten Flensburg
     **  Published . : Club Tech iSeries Programming Tips Newsletter
     **  Date  . . . : December 16, 2004
     **
     **
     **  Program summary
     **  ---------------
     **
     **  Unix type APIs:
     **    getgrnam      Get group information Returns a pointer to a structure
     **                  using group name      containing group profile name,
     **                                        group ID and a list of the user
     **                                        profiles that are members of
     **                                        the group - based on the group
     **                                        profile input parameter.
     **
     **    getegid       Get effective         Returns the effective group ID -
     **                  group ID              the group profile under which the
     **                                        calling job is currently running.
     **                                        The effective gid of a thread may
     **                                        change while the thread is running.
     **
     **    qsysetegid    Set effective         Sets the effective group
     **                  group ID              ID of the current job to
     **                                        the gid specified.
     **
     **  MI builtins:
     **    _MODINVAU     Modify invocation     Sets the authority propagation
     **                  authority attribute   attribute for the current
     **                                        invocation of a program without
     **                                        affecting the program object
     **                                        permanently.  The propagation
     **                                        attribute controls if adopted
     **                                        authority should be passed to
     **                                        programs higher in the call
     **                                        stack.
     **
     **  Message handling API:
     **    QMHSNDPM      Send program message  Sends a message to a program stack
     **                                        entry (current, previous, etc.) or
     **                                        an external message queue.
     **
     **                                        Both messages defined in a message
     **                                        file and immediate messages can be
     **                                        used. For specific message types
     **                                        only one or the other is allowed.
     **
     **  Work management API:
     **    QUSRJOBI       Retrieve job         Retrieves specific information
     **                   information          about a specific job, covering
     **                                        all attributes and other state
     **                                        and runtime related information.
     **
     **  Journal & commit API:
     **    QJOSJRNE       Send journal entry   Writes a single journal entry to a
     **                                        specific journal.  The entry can
     **                                        contain any information.  You can
     **                                        assign an entry type to the
     **                                        journal entry.
     **
     **  Security-related APIs:
     **    QsyGenPrfTknE              Verifies that the caller has authority to
     **                               generate a profile token for the requested
     **                               profile and then generates a profile token.
     **
     **                               This profile token can be passed to one or
     **                               more additional processes which can then
     **                               use it to perform tasks on behalf of the
     **                               authenticated user.
     **
     **                               A maximum of approximately 2,000,000
     **                               profile tokens can be generated on a
     **                               system. At that point further profile
     **                               tokens can only be generated after one
     **                               or more tokens have been removed.
     **
     **                               APIs are available to remove all profile
     **                               tokens generated for a specific user or
     **                               systemwide: QsyRemoveAllPrfTknsForUser
     **                               respectively QsyRemoveAllPrfTkns.
     **
     **                               Introduced on V5R1, the QsyGenPrfTkn API
     **                               is available on V4R5.
     **
     **    QsyChkPrfTknUser           Verifies that the user profile associated
     **                               with the token is the same as the current
     **                               user profile. Introduced on V5R1.
     **
     **    QsyGetPrfTknTimeOut        Gets the number of seconds until a profile
     **                               token is no longer valid.
     **
     **    QsyRemovePrfTkn            Removes the specified profile token. The
     **                               profile token will no longer be valid for
     **                               use with other profile token APIs.
     **
     **
     **  Authority and security restrictions:
     **    To successfully run this program *ALLOBJ special authority is
     **    necessary.  The required authority can be obtained by means of
     **    adopted authority:
     **
     **    -  Change the program object's USRPRF attribute to *OWNER using
     **       the CHGPGM command.
     **
     **    -  Change the program object owner to QSECOFR using the CHGOBJOWN
     **       command.
     **
     **    If you successfully follow the compile and setup instructions below,
     **    the program will be capable of performing the necessary operations.
     **
     **    The adopted authority will not be propagated to higher invocation
     **    levels in the job running this program due to the propagation block
     **    enforced by the _MODINVAU MI builtin.
     **
     **
     **  Compile and setup instructions:
     **    CrtRpgMod   Module( CBX128 )
     **                DbgView( *NONE )
     **                Aut( *USE )
     **
     **    CrtPgm      Pgm( CBX128 )
     **                Module( CBX128 )
     **                ActGrp( *NEW )
     **                UsrPrf( *OWNER )
     **                Aut( *USE )
     **
     **    ChgObjOwn   Obj( CBX128 )
     **                ObjType( *PGM )
     **                NewOwn( QSECOFR )
     **
     **    ChgPgm      Pgm( CBX128 )
     **                RmvObs( *ALL )
     **
     **
     **-- Control specifications:  -------------------------------------------**
     H Option( *SrcStmt )  BndDir( 'QC2LE' )
     **-- API error information:
     D ERRC0100        Ds                  Qualified
     D  BytPro                       10i 0 Inz( %Size( ERRC0100 ))
     D  BytAvl                       10i 0
     D  MsgId                         7a
     D                                1a
     D  MsgDta                      256a
     **-- System information:
     D PgmSts         SDs                  Qualified
     D  PgmNam           *Proc
     D  MsgId                         7a   Overlay( PgmSts:  40 )
     D  Msg                          80a   Overlay( PgmSts:  91 )
     D  CurJob                       10a   Overlay( PgmSts: 244 )
     D  UsrPrf                       10a   Overlay( PgmSts: 254 )
     D  JobNbr                        6a   Overlay( PgmSts: 264 )
     D  CurUsr                       10a   Overlay( PgmSts: 358 )
     **-- group structure:
     D Group           Ds                  Based( pGroup )  Align
     D  gr_name                        *
     D  gr_gid                       10u 0
     D  gr_mbr                         *
     **-- Global variables:
     D rc              s             10i 0
     D egid_t          s             10i 0
     D gid_t           s             10i 0
     D PrfChk          s             10i 0
     D TknTmo          s             10i 0
     **
     D MsgKey          s              4a
     D RtnCod          s              1a
     **-- _MODINVAU constants:
     D ADP_AUT_PPG     c                   x'00'
     D ADP_AUT_BLK     c                   x'01'
     **-- Get group information using group name:
     D getgrnam        Pr              *   ExtProc( 'getgrnam' )
     D                                 *   Value  Options( *String )
     **-- Get effective group ID:
     D getegid         Pr            10i 0 ExtProc( 'getegid' )
     **-- Set effective group ID:
     D setegid         Pr            10i 0 ExtProc( 'qsysetegid' )
     D                               10u 0 Value
     **-- Check profile token user:
     D ChkPrfTkn       Pr                  ExtProc( 'QsyChkPrfTknUser' )
     D  CtChkRes                     10i 0
     D  CtPrfTkn                     32a   Const
     D  CtError                   32767a          Options( *VarSize )
     **-- Get profile token time out:
     D GetTknTmo       Pr                  ExtProc( 'QsyGetPrfTknTimeOut' )
     D  GtTknTmo                     10i 0
     D  GtPrfTkn                     32a   Const
     D  GtError                   32767a          Options( *VarSize )
     **-- Remove profile token:
     D RmvPrfTkn       Pr                  ExtProc( 'QsyRemovePrfTkn' )
     D  RtPrfTkn                     32a   Const
     D  RtError                   32767a          Options( *VarSize )
     **-- Error number:
     D sys_errno       Pr              *    ExtProc( '__errno' )
     **-- Error string:
     D sys_strerror    Pr              *    ExtProc( 'strerror' )
     D  errno                        10i 0  Value
     **-- Modify invocation authority attribute:
     D ModInvAutA      Pr                  ExtProc( '_MODINVAU' )
     D  MiAutAtr                      1a   Const
     **-- Command entry:
     D CmdEntry        Pr                  ExtPgm( 'QCMD' )
     **-- Retrieve job information:
     D RtvJobInf       Pr                  ExtPgm( 'QUSRJOBI' )
     D  JiRcvVar                  32767a          Options( *VarSize )
     D  JiRcvVarLen                  10i 0 Const
     D  JiFmtNam                      8a   Const
     D  JiJobNamQ                    26a   Const
     D  JiJobIntId                   16a   Const
     D  JiError                   32767a          Options( *NoPass: *VarSize )
     D  JiRstStc                      1a          Options( *NoPass )
     **-- Send program message:
     D SndPgmMsg       Pr                  ExtPgm( 'QMHSNDPM' )
     D  SpMsgId                       7a   Const
     D  SpMsgFq                      20a   Const
     D  SpMsgDta                    128a   Const
     D  SpMsgDtaLen                  10i 0 Const
     D  SpMsgTyp                     10a   Const
     D  SpCalStkE                    10a   Const  Options( *VarSize )
     D  SpCalStkCtr                  10i 0 Const
     D  SpMsgKey                      4a
     D  SpError                   32767a          Options( *VarSize )
     **-- Send journal entry:
     D SndJrnE         Pr                  ExtPgm( 'QJOSJRNE' )
     D  SjJrnNamQ                    20a   Const
     D  SjJrnEntInf                4096a   Const  Options( *VarSize )
     D  SjEntDta                  32766a   Const  Options( *VarSize )
     D  SjEntDtaLen                  10i 0 Const
     D  SjError                   32767a          Options( *VarSize )
     **
     D JrnEntInf       Ds                  Qualified
     D  InfEntRcds                   10i 0 Inz( 1 )
     D  InfKey                       10i 0 Inz( 1 )
     D  InfLen                       10i 0 Inz( %Size( JrnEntInf.InfDta ))
     D  InfDta                        2a
     **
     D JrnEntA2        Ds                  Qualified
     D  GrpPrf                       10a
     D  AutCod                       10a
     D  Reason                      256a
     **
     D JrnEntA3        Ds                  Qualified
     D  GrpPrf                       10a
     D  AutCod                       10a
     D  RtnCod                        1a

     **-- Send diagnostic message:
     D SndDiagMsg      Pr            10i 0
     D  PxMsgDta                    512a   Const  Varying
     **-- Send escape message:
     D SndEscMsg       Pr            10i 0
     D  PxMsgDta                    512a   Const  Varying
     **-- Send completion message:
     D SndCmpMsg       Pr            10i 0
     D  PxMsgDta                    512a   Const  Varying
     **-- Send completion message:
     D SndRqsMsg       Pr            10i 0
     D  PxMsgDta                    512a   Const  Varying
     **-- Error identification:
     D errno           Pr            10i 0
     D strerror        Pr           128a   Varying

     **-- Entry parameters:
     D CBX128          Pr
     D  PxGrpPrf                     10a   Varying
     D  PxAutCod                     10a
     D  PxReason                    256a   Varying
     D  PxPrfTkn                     32a
     **
     D CBX128          Pi
     D  PxGrpPrf                     10a   Varying
     D  PxAutCod                     10a
     D  PxReason                    256a   Varying
     D  PxPrfTkn                     32a

      /Free

        RtnCod = '0';

        JrnEntInf.InfDta = 'A2';
        JrnEntA2.GrpPrf  = PxGrpPrf;
        JrnEntA2.AutCod  = PxAutCod;
        JrnEntA2.Reason  = PxReason;

        SndJrnE( 'QAUDJRN   *LIBL '
               : JrnEntInf
               : JrnEntA2
               : %Size( JrnEntA2 )
               : ERRC0100
               );

        ChkPrfTkn( PrfChk: PxPrfTkn: ERRC0100 );

        If  ERRC0100.BytAvl > *Zero  Or  PrfChk = *Zero;
          RtnCod = '1';

        Else;
          GetTknTmo( TknTmo: PxPrfTkn: ERRC0100 );

          If  ERRC0100.BytAvl > *Zero  Or  TknTmo = *Zero;
            RtnCod = '2';

          EndIf;
        EndIf;

        RmvPrfTkn( PxPrfTkn: ERRC0100 );

        If  RtnCod > '0';
          SndDiagMsg( 'Unauthorized program interface.' );

        Else;
          egid_t = getegid();

          pGroup = getgrnam( PxGrpPrf );

          If  pGroup = *Null;

            RtnCod = '3';
            SndDiagMsg( 'Group profile ' + PxGrpPrf + ' does not exist.' );
          Else;

            If  setegid( gr_gid ) = -1;

              RtnCod = '4';
              SndDiagMsg( %Char( errno ) + ': ' + strerror );
            Else;

              SndRqsMsg( '/*-- Group profile override currently active --*/' );

              ModInvAutA( ADP_AUT_BLK );

              CallP(e)  CmdEntry();

              If  %Error;
                RtnCod = '5';
              EndIf;

              ModInvAutA( ADP_AUT_PPG );

              rc = setegid( egid_t );

              SndCmpMsg( 'OVRGRPPRF command ended normally.' );

            EndIf;
          EndIf;
        EndIf;

        JrnEntInf.InfDta = 'A3';
        JrnEntA3.GrpPrf  = PxGrpPrf;
        JrnEntA3.AutCod  = PxAutCod;
        JrnEntA3.RtnCod  = RtnCod;

        SndJrnE( 'QAUDJRN   *LIBL '
               : JrnEntInf
               : JrnEntA3
               : %Size( JrnEntA3 )
               : ERRC0100
               );

          If  RtnCod > '0';
            SndEscMsg( 'OVRGRPPRF command ended in error' );
          EndIf;

        Return;

      /End-Free

     **-- Get runtime error number:  -----------------------------------------**
     P errno           B
     D                 Pi            10i 0
     **
     D Error           s             10i 0  Based( pError )  NoOpt

      /Free

        pError = sys_errno;

        Return  Error;

      /End-Free

     P Errno           E
     **-- Get runtime error text:  -------------------------------------------**
     P strerror        B
     D                 Pi           128a    Varying

      /Free

        Return  %Str( sys_strerror( Errno ));

      /End-Free

     P strerror        E
     **-- Send diagnostic message:  ------------------------------------------**
     P SndDiagMsg      B
     D                 Pi            10i 0
     D  PxMsgDta                    512a   Const  Varying

      /Free

        SndPgmMsg( 'CPF9897'
                 : 'QCPFMSG   *LIBL'
                 : PxMsgDta
                 : %Len( PxMsgDta )
                 : '*DIAG'
                 : '*PGMBDY'
                 : 1
                 : MsgKey
                 : ERRC0100
                 );

        If  ERRC0100.BytAvl > *Zero;
          Return  -1;

        Else;
          Return   0;
        EndIf;

      /End-Free

     P SndDiagMsg      E
     **-- Send escape message:  ----------------------------------------------**
     P SndEscMsg       B
     D                 Pi            10i 0
     D  PxMsgDta                    512a   Const  Varying

      /Free

        SndPgmMsg( 'CPF9898'
                 : 'QCPFMSG   *LIBL'
                 : PxMsgDta
                 : %Len( PxMsgDta )
                 : '*ESCAPE'
                 : '*PGMBDY'
                 : 1
                 : MsgKey
                 : ERRC0100
                 );

        If  ERRC0100.BytAvl > *Zero;
          Return  -1;

        Else;
          Return  0;

        EndIf;

      /End-Free

     P SndEscMsg       E
     **-- Send completion message:  ------------------------------------------**
     P SndCmpMsg       B
     D                 Pi            10i 0
     D  PxMsgDta                    512a   Const  Varying

      /Free

        SndPgmMsg( 'CPF9897'
                 : 'QCPFMSG   *LIBL'
                 : PxMsgDta
                 : %Len( PxMsgDta )
                 : '*COMP'
                 : '*PGMBDY'
                 : 1
                 : MsgKey
                 : ERRC0100
                 );

        If  ERRC0100.BytAvl > *Zero;
          Return  -1;

        Else;
          Return  0;

        EndIf;

      /End-Free

     **
     P SndCmpMsg       E
     **-- Send request message:  ---------------------------------------------**
     P SndRqsMsg       B
     D                 Pi            10i 0
     D  PxMsgDta                    512a   Const  Varying

      /Free

        SndPgmMsg( *Blanks
                 : *Blanks
                 : PxMsgDta
                 : %Len( PxMsgDta )
                 : '*RQS'
                 : '*EXT'
                 : *Zero
                 : MsgKey
                 : ERRC0100
                 );

        If  ERRC0100.BytAvl > *Zero;
          Return  -1;

        Else;
          Return  0;

        EndIf;

      /End-Free

     **
     P SndRqsMsg       E


     **
     **  Program . . : CBX128V
     **  Description : Override group profile - VCP
     **  Author  . . : Carsten Flensburg
     **  Published . : Club Tech iSeries Programming Tips Newsletter
     **  Date  . . . : December 16, 2004
     **
     **
     **  Program description:
     **    This program checks the existence of the specified group profile,
     **    verifies the QSECOFR ownership of the utility validation list,   e
     **    the existence of the system audit journal QAUDJRN as well as the
     **    validity of the specified authorization code.
     **
     **
     **  Compile options:
     **    CrtRpgMod   Module( CBX128V )
     **                DbgView( *NONE )
     **                Aut( *USE )
     **
     **    CrtPgm      Pgm( CBX128V )
     **                Module( CBX128V )
     **                ActGrp( *NEW )
     **                UsrPrf( *OWNER )
     **                Aut( *USE )
     **
     **    ChgObjOwn   Obj( CBX128V )
     **                ObjType( *PGM )
     **                NewOwn( QSECOFR )
     **
     **    ChgPgm      Pgm( CBX128V )
     **                RmvObs( *ALL )
     **
     **
     **
     **-- Control specification:  --------------------------------------------**
     H Option( *SrcStmt )

     **-- System information:
     D PgmSts         SDs                  Qualified
     D  PgmNam           *Proc
     D  CurJob                       10a   Overlay( PgmSts: 244 )
     D  UsrPrf                       10a   Overlay( PgmSts: 254 )
     D  JobNbr                        6a   Overlay( PgmSts: 264 )
     D  CurUsr                       10a   Overlay( PgmSts: 358 )
     **-- API error data structure:
     D ERRC0100        Ds                  Qualified
     D  BytPrv                       10i 0 Inz( %Size( ERRC0100 ))
     D  BytAvl                       10i 0
     D  MsgId                         7a
     D                                1a
     D  MsgDta                      512a
     **-- Global constants:
     D VLD_LST         c                   'CBX128L'
     D QSY_IN_VLDL     c                   0
     D QSY_SYSTEM_ATTR...
     D                 c                   0
     **-- Global variables:
     D AtrDta          Ds                  Qualified
     D  CrtDat                        8a
     D  LstVfyDat                     8a
     D  PwdChgDat                     8a
     D  InvPwdCnt                    10i 0
     **
     D UsrDta          s            128a
     **-- Validation list attribute data:
     D Qsy_Attr_Info_T...
     D                 Ds                  Qualified
     D  Number_Attrs                 10i 0 Inz( 1 )
     D  Res_align                    12a
     D  Attr_Descr                         LikeDs( Qsy_Attr_Descr_T )
     D                                     Inz( *LikeDs )
     **
     D Qsy_Attr_Descr_T...
     D                 Ds                  Qualified
     D  Attr_Location                10i 0 Inz( QSY_IN_VLDL )
     D  Attr_Type                    10i 0 Inz( QSY_SYSTEM_ATTR )
     D  Attr_Res                      8a   Inz( *Allx'00' )
     D  Attr_ID_p                      *
     D  Attr_Other_Descr...
     D                               32a   Inz( *Allx'00' )
     D  Attr_Data_Info...
     D                               96a
     D   Attr_VLDL                         LikeDs( Qsy_In_VLDL_T )
     D                                     Overlay( Attr_Data_Info: 1 )
     D                                     Inz( *LikeDs )
     D   Attr_In_Other...
     D                               96a   Overlay( Attr_Data_Info: 1 )
     D                               64a   Overlay( Attr_In_Other: 33 )
     D                                     Inz( *Allx'00' )
     D  Attr_Other_Data...
     D                               32a   Inz( *Allx'00' )
     **
     D Qsy_In_VLDL_T   Ds                  Qualified
     D  Attr_CCSID                   10i 0 Inz( -1 )
     D  Attr_Len                     10i 0 Inz( 1 )
     D  Attr_Res_1                    8a   Inz( *Allx'00' )
     D  Attr_Value_p                   *
     **
     D Qsy_Rtn_VLDL_Attr_T...
     D                 Ds                  Qualified
     D  Bytes_Returned...
     D                               10i 0
     D  Bytes_Available...
     D                               10i 0
     D  Attr_Len                     10i 0
     D  Attr_CCSID                   10u 0
     D  Attr_Data                          LikeDs( Qsy_Rtn_Entry_Usage_Attr_T )
     **
     D Qsy_Rtn_Entry_Usage_Attr_T...
     D                 Ds
     D  Create_Date                   8a
     D  Last_Used_Date...
     D                                8a
     D  Encr_Data_Chg_Date...
     D                                8a
     D  Not_Valid_Verify_Count...
     D                               10i 0
     **-- Validation list return data:
     D Qsy_Rtn_Vld_Lst_Ent_T...
     D                 Ds                  Qualified
     D  Entry_ID_Info                      LikeDs( Qsy_Entry_ID_Info_T )
     D  Encr_Data_Info...
     D                                     LikeDs( Qsy_Entry_Encr_Data_Info_T )
     D  Entry_Data_Info...
     D                                     LikeDs( Qsy_Entry_Data_Info_T )
     D                                4a
     D  AtrPtr                         *
     **
     D Qsy_Entry_ID_Info_T...
     D                 Ds
     D  Entry_ID_Len                 10i 0
     D  Entry_ID_CCSID...
     D                               10i 0 Inz( 65535 )
     D  Entry_ID                    100a
     **
     D Qsy_Entry_Encr_Data_Info_T...
     D                 Ds
     D  Encr_Data_Len                10i 0
     D  Encr_Data_CCSID...
     D                               10i 0 Inz( 65535 )
     D  Encr_Data                   600a
     **
     D Qsy_Entry_Data_Info_T...
     D                 Ds
     D  Entry_Data_Len...
     D                               10i 0
     D  Entry_Data_CCSID...
     D                               10i 0
     D  Entry_Data                 1000a

     **-- Retrieve object description:
     D RtvObjD         Pr                  ExtPgm( 'QUSROBJD' )
     D  RoRcvVar                  32767a          Options( *VarSize )
     D  RoRcvVarLen                  10i 0 Const
     D  RoFmtNam                      8a   Const
     D  RoObjNamQ                    20a   Const
     D  RoObjTyp                     10a   Const
     D  RoError                   32767a          Options( *VarSize )
     **-- Send program message:
     D SndPgmMsg       Pr                  ExtPgm( 'QMHSNDPM' )
     D  SpMsgId                       7a   Const
     D  SpMsgFq                      20a   Const
     D  SpMsgDta                    128a   Const
     D  SpMsgDtaLen                  10i 0 Const
     D  SpMsgTyp                     10a   Const
     D  SpCalStkE                    10a   Const  Options( *VarSize )
     D  SpCalStkCtr                  10i 0 Const
     D  SpMsgKey                      4a
     D  SpError                    1024a          Options( *VarSize )
     **-- Find validation list entry:
     D FndVldLst       Pr            10i 0 ExtProc( 'QsyFindValidation+
     D                                     LstEntry' )
     D  FvLstNam                     20a   Const
     D  FvEntId                        *   Value
     D  FvRtnDta                       *   Value
     **-- Find validation list entry attributes:
     D FndVldLstAtr    Pr            10i 0 ExtProc( 'QsyFindValidation+
     D                                     LstEntryAttrs' )
     D  FvLstNam                     20a   Const
     D  FvEntId                        *   Value
     D  FvRtnDta                       *   Value
     D  FvAtrInf                       *   Value
     **-- Verify validation list entry:
     D VfyVldLst       Pr            10i 0 ExtProc( 'QsyVerifyValidation+
     D                                     LstEntry' )
     D  VvLstNam                     20a   Const
     D  VvEntId                        *   Value
     D  VvEncDta                       *   Value
     **-- Generate profile token:
     D GenPrfTkn       Pr                  ExtProc( 'QsyGenPrfTkn' )
     D  GtPrfTkn                     32a
     D  GtUsrPrf                     10a   Const
     D  GtPwd                       512a   Const  Options( *VarSize )
     D  GtTimOutInt                  10i 0 Const
     D  GtPrtTknTyp                   1a   Const
     D  GtError                   32767a          Options( *VarSize )
     **-- Check object existence:
     D ChkObj          Pr            10a
     D  RaObjNam                     10a   Const
     D  RaObjLib                     10a   Const
     D  RaObjTyp                     10a   Const
     **-- Get object owner:
     D GetObjOwn       Pr            10a
     D  PxObjNam                     10a   Const
     D  RaObjLib                     10a   Const
     D  PxObjTyp                     10a   Const
     **-- Verify user password:
     D VfyUsrPwd       Pr            10i 0
     D  PxVldLst                     10a   Const
     D  PxVldLstLib                  10a   Const
     D  PxUsrId                      20a   Const
     D  PxUsrPwd                     10a   Const
     **-- Get usage information:
     D GetUsgInf       Pr            28a
     D  PxVldLst                     10a   Const
     D  PxVldLstLib                  10a   Const
     D  PxUsrId                      20a   Const
     **-- Get user data:
     D GetUsrDta       Pr          1000a   Varying
     D  PxVldLst                     10a   Const
     D  PxVldLstLib                  10a   Const
     D  PxUsrId                      20a   Const
     **-- Send diagnostic message:
     D SndDiagMsg      Pr            10i 0
     D  PxMsgId                       7a   Const
     D  PxMsgDta                    512a   Const  Varying
     **-- Send escape message:
     D SndEscMsg       Pr            10i 0
     D  PxMsgId                       7a   Const
     D  PxMsgDta                    512a   Const  Varying

     **-- Entry parameters:
     D CBX128V         Pr
     D  PxGrpPrf                     10a   Varying
     D  PxAutCod                     10a
     D  PxReason                    256a   Varying
     D  PxPrfTkn                     32a
     **
     D CBX128V         Pi
     D  PxGrpPrf                     10a   Varying
     D  PxAutCod                     10a
     D  PxReason                    256a   Varying
     D  PxPrfTkn                     32a

      /Free

        Select;
        When  ChkObj( PxGrpPrf: '*LIBL': '*USRPRF' ) = *Off;

          SndDiagMsg( 'CPD0006': '0000Group profile does not exist.' );
          SndEscMsg( 'CPF0002': '' );

        When  ChkObj( 'QAUDJRN': '*LIBL': '*JRN' ) = *Off;

          SndDiagMsg( 'CPD0006': '0000Invalid configuration.  Error code 01.' );
          SndEscMsg( 'CPF0002': '' );

        When  GetObjOwn( VLD_LST: '*LIBL': '*VLDL' ) <> 'QSECOFR';

          SndDiagMsg( 'CPD0006': '0000Invalid configuration.  Error code 02.' );
          SndEscMsg( 'CPF0002': '' );

        Other;

          // Remove the following condition if appropriate:

          If  PxAutCod <> '*NONE';
            ExSr  ChkVldLst;
          EndIf;

          GenPrfTkn( PxPrfTkn
                   : PgmSts.UsrPrf
                   : '*NOPWDCHK'
                   : 10
                   : '1'
                   : ERRC0100
                   );
        EndSl;

        *InLr = *On;
        Return;


        BegSr  ChkVldLst;

          AtrDta = GetUsgInf( VLD_LST
                            : '*LIBL'
                            : PgmSts.UsrPrf + PxGrpPrf
                            );

          If  AtrDta = *Blanks  Or AtrDta.InvPwdCnt > 3;

            SndDiagMsg( 'CPD0006': '0000Invalid authorization code.' );
            SndEscMsg( 'CPF0002': '' );
          EndIf;

          UsrDta = GetUsrDta( VLD_LST
                            : '*LIBL'
                            : PgmSts.UsrPrf + PxGrpPrf
                            );

          Test(ze)  UsrDta;

          If  %Error  Or %Timestamp() > %Timestamp( UsrDta );

            SndDiagMsg( 'CPD0006': '0000Authorization code expired.' );
            SndEscMsg( 'CPF0002': '' );
          EndIf;

          If  VfyUsrPwd( VLD_LST
                       : '*LIBL'
                       : PgmSts.UsrPrf + PxGrpPrf
                       : PxAutCod
                       ) < *Zero;

            SndDiagMsg( 'CPD0006': '0000Invalid authorization code.' );
            SndEscMsg( 'CPF0002': '' );
          EndIf;

        EndSr;

      /End-Free

     **-- Check object existence:  -------------------------------------------**
     P ChkObj          B                   Export
     D                 Pi            10a
     D  RaObjNam                     10a   Const
     D  RaObjLib                     10a   Const
     D  RaObjTyp                     10a   Const
     **
     D OBJD0100        Ds                  Qualified
     D  BytRtn                       10i 0
     D  BytAvl                       10i 0
     D  ObjNam                       10a
     D  ObjLib                       10a
     D  ObjTyp                       10a

      /Free

         RtvObjD( OBJD0100
                : %Size( OBJD0100 )
                : 'OBJD0100'
                : RaObjNam + RaObjLib
                : RaObjTyp
                : ERRC0100
                );

         If  ERRC0100.BytAvl > *Zero;
           Return  *Off;

         Else;
           Return  *On;
         EndIf;

      /End-Free

     P ChkObj          E
     **-- Get object owner:  -------------------------------------------------**
     P GetObjOwn       B                   Export
     D                 Pi            10a
     D  RaObjNam                     10a   Const
     D  RaObjLib                     10a   Const
     D  PxObjTyp                     10a   Const
     **
     D OBJD0100        Ds                  Qualified
     D  BytRtn                       10i 0
     D  BytAvl                       10i 0
     D  ObjNam                       10a
     D  ObjLib                       10a
     D  ObjTyp                       10a
     D  ObjLibRt                     10a
     D  ObjASP                       10i 0
     D  ObjOwn                       10a
     D  ObjDmn                        2a

      /Free

         RtvObjD( OBJD0100
                : %Size( OBJD0100 )
                : 'OBJD0100'
                : RaObjNam + RaObjLib
                : PxObjTyp
                : ERRC0100
                );

         If  ERRC0100.BytAvl > *Zero;
           Return  *Blanks;

         Else;
           Return  OBJD0100.ObjOwn;
         EndIf;

      /End-Free

     P GetObjOwn       E
     **-- Send diagnostic message:  ------------------------------------------**
     P SndDiagMsg      B
     D                 Pi            10i 0
     D  PxMsgId                       7a   Const
     D  PxMsgDta                    512a   Const  Varying
     **
     D MsgKey          s              4a

      /Free

        SndPgmMsg( PxMsgId
                 : 'QCPFMSG   *LIBL'
                 : PxMsgDta
                 : %Len( PxMsgDta )
                 : '*DIAG'
                 : '*PGMBDY'
                 : 1
                 : MsgKey
                 : ERRC0100
                 );

        If  ERRC0100.BytAvl > *Zero;
          Return  -1;

        Else;
          Return   0;
        EndIf;

      /End-Free

     P SndDiagMsg      E
     **-- Send escape message:  ----------------------------------------------**
     P SndEscMsg       B
     D                 Pi            10i 0
     D  PxMsgId                       7a   Const
     D  PxMsgDta                    512a   Const  Varying
     **
     D MsgKey          s              4a

      /Free

        SndPgmMsg( PxMsgId
                 : 'QCPFMSG   *LIBL'
                 : PxMsgDta
                 : %Len( PxMsgDta )
                 : '*ESCAPE'
                 : '*PGMBDY'
                 : 1
                 : MsgKey
                 : ERRC0100
                 );

        If  ERRC0100.BytAvl > *Zero;
          Return  -1;

        Else;
          Return   0;
        EndIf;

      /End-Free

     P SndEscMsg       E
     **-- Verify user password:  ---------------------------------------------**
     P VfyUsrPwd       B                   Export
     D                 Pi            10i 0
     D  PxVldL                       10a   Const
     D  PxVldLlib                    10a   Const
     D  PxUsrId                      20a   Const
     D  PxUsrPwd                     10a   Const

      /Free

        Reset  Qsy_Entry_ID_Info_T;
        Reset  Qsy_Entry_Encr_Data_Info_T;

        Qsy_Entry_ID_Info_T.Entry_ID = PxUsrId;
        Qsy_Entry_ID_Info_T.Entry_ID_Len = %Size( PxUsrId );

        Qsy_Entry_Encr_Data_Info_T.Encr_Data = PxUsrPwd;
        Qsy_Entry_Encr_Data_Info_T.Encr_Data_Len = %Len( %TrimR( PxUsrPwd ));

        Return  VfyVldLst( PxVldL + PxVldLlib
                         : %Addr( Qsy_Entry_ID_Info_T )
                         : %Addr( Qsy_Entry_Encr_Data_Info_T )
                         );

      /End-Free

     P VfyUsrPwd       E
     **-- Get usage information:  --------------------------------------------**
     P GetUsgInf       B                   Export
     D                 Pi            28a
     D  PxVldL                       10a   Const
     D  PxVldLlib                    10a   Const
     D  PxUsrId                      20a   Const

      /Free

        Reset  Qsy_Entry_ID_Info_T;
        Reset  Qsy_Entry_Encr_Data_Info_T;

        Qsy_Entry_ID_Info_T.Entry_ID = PxUsrId;
        Qsy_Entry_ID_Info_T.Entry_ID_Len = %Size( PxUsrId );

        Qsy_Attr_Info_T.Attr_Descr.Attr_ID_p = %Alloc( 14 );
        %Str( Qsy_Attr_Info_T.Attr_Descr.Attr_ID_p: 14 ) = 'QsyEntryUsage';

        Qsy_Attr_Info_T.Attr_Descr.Attr_VLDL.Attr_Len =
                                             %Size( Qsy_Rtn_VLDL_Attr_T );

        Qsy_Attr_Info_T.Attr_Descr.Attr_VLDL.Attr_Value_p =
                                             %Addr( Qsy_Rtn_VLDL_Attr_T );

        If  FndVldLstAtr( PxVldL + PxVldLlib
                        : %Addr( Qsy_Entry_ID_Info_T )
                        : %Addr( Qsy_Rtn_Vld_Lst_Ent_T )
                        : %Addr( Qsy_Attr_Info_T )
                        ) = -1;

          Return  *Blanks;
        Else;

          Return  %SubSt( Qsy_Rtn_VLDL_Attr_T.Attr_Data
                        : 1
                        : Qsy_Rtn_VLDL_Attr_T.Attr_Len
                        );
        EndIf;

      /End-Free

     P GetUsgInf       E
     **-- Get user data:  ----------------------------------------------------**
     P GetUsrDta       B                   Export
     D                 Pi          1000a   Varying
     D  PxVldL                       10a   Const
     D  PxVldLlib                    10a   Const
     D  PxUsrId                      20a   Const

      /Free

        Reset  Qsy_Entry_ID_Info_T;

        Qsy_Entry_ID_Info_T.Entry_ID = PxUsrId;
        Qsy_Entry_ID_Info_T.Entry_ID_Len = %Size( PxUsrId );

        If  FndVldLst( PxVldL + PxVldLlib
                     : %Addr( Qsy_Entry_ID_Info_T )
                     : %Addr( Qsy_Rtn_Vld_Lst_Ent_T )
                     ) = -1;

          Return  '';
        Else;

          Return  %SubSt( Qsy_Rtn_Vld_Lst_Ent_T.Entry_Data_Info.Entry_Data
                        : 1
                        : Qsy_Rtn_Vld_Lst_Ent_T.Entry_Data_Info.Entry_Data_Len
                        );
        EndIf;

      /End-Free

     P GetUsrDta       E


/*-------------------------------------------------------------------*/
/*                                                                   */
/*  Program . . : CBX128M                                            */
/*  Description : Override group profile - setup                     */
/*  Author  . . : Carsten Flensburg                                  */
/*  Published . : Club Tech iSeries Programming Tips Newsletter      */
/*  Date  . . . : December 16, 2004                                  */
/*                                                                   */
/*                                                                   */
/*  Program function:  Compiles, creates and configures all the      */
/*                     OVRGRPPRF command objects.                    */
/*                                                                   */
/*                     This program expects a single parameter       */
/*                     specifying the library to contain the         */
/*                     command objects.                              */
/*                                                                   */
/*                     Object sources must exist in the respective   */
/*                     source type default source files in the       */
/*                     command object library.                       */
/*                                                                   */
/*  Requirements:      This program must be run by a user profile    */
/*                     having *ALLOBJ special authority.             */
/*                                                                   */
/*                     The system audit journal QAUDJRN must exist   */
/*                     for this utility to run successfully.         */
/*                                                                   */
/*                                                                   */
/*  Compile options:                                                 */
/*    CrtClPgm    Pgm( CBX128M )                                     */
/*                SrcFile( QCLSRC )                                  */
/*                SrcMbr( *PGM )                                     */
/*                                                                   */
/*-------------------------------------------------------------------*/
     Pgm    &UtlLib

     Dcl    &UtlLib         *Char     10

     MonMsg      CPF0000    *N        GoTo Error


     ChkObj      QAUDJRN    *JRN

     CrtRpgMod   &UtlLib/CBX128                  +
                 SrcFile( &UtlLib/QRPGLESRC )    +
                 SrcMbr( *Module )               +
                 DbgView( *NONE )                +
                 Aut( *USE )

     CrtPgm      &UtlLib/CBX128                  +
                 Module( CBX128 )                +
                 ActGrp( *NEW )                  +
                 UsrPrf( *OWNER )                +
                 Aut( *USE )

     ChgObjOwn   Obj( &UtlLib/CBX128 )           +
                 ObjType( *PGM )                 +
                 NewOwn( QSECOFR )

     ChgPgm      Pgm( &UtlLib/CBX128 )           +
                 RmvObs( *ALL )

     CrtRpgMod   &UtlLib/CBX128V                 +
                 SrcFile( &UtlLib/QRPGLESRC )    +
                 SrcMbr( *Module )               +
                 DbgView( *NONE )                +
                 Aut( *USE )

     CrtPgm      &UtlLib/CBX128V                 +
                 Module( CBX128V )               +
                 ActGrp( *NEW )                  +
                 UsrPrf( *OWNER )                +
                 Aut( *USE )

     ChgObjOwn   Obj( &UtlLib/CBX128V )          +
                 ObjType( *PGM )                 +
                 NewOwn( QSECOFR )

     ChgPgm      Pgm( &UtlLib/CBX128V )          +
                 RmvObs( *ALL )

     CrtPnlGrp   &UtlLib/CBX128H                 +
                 SrcFile( &UtlLib/QPNLSRC )      +
                 SrcMbr( *PNLGRP )

     CrtCmd      Cmd( &UtlLib/OVRGRPPRF )        +
                 Pgm( CBX128 )                   +
                 SrcFile( &UtlLib/QCMDSRC )      +
                 SrcMbr( CBX128X )               +
                 VldCkr( CBX128V )               +
                 Allow( *INTERACT )              +
                 HlpPnlGrp( CBX128H )            +
                 HlpId( *CMD )                   +
                 Aut( *EXCLUDE )

     CrtVldL     VldL( &UtlLib/CBX128L )

     ChgObjOwn   Obj( &UtlLib/CBX128L )          +
                 ObjType( *VLDL )                +
                 NewOwn( QSECOFR )

     SndPgmMsg   Msg( 'Command OVRGRPPRF has been'       *Bcat  +
                      'successfully created in library'  *Bcat  +
                      &UtlLib                            *Tcat  +
                      '.' )                                     +
                 MsgType( *COMP )

     Return

/*-- Error handling:  -----------------------------------------------*/
Error:
     Call        QMHMOVPM    ( '    '                 +
                               '*DIAG'                +
                               x'00000001'            +
                               '*PGMBDY'              +
                               x'00000001'            +
                               x'0000000800000000'    +
                             )

     Call        QMHRSNEM    ( '    '                 +
                               x'0000000800000000'    +
                             )

EndPgm:
     EndPgm


/*-------------------------------------------------------------------*/
/*                                                                   */
/*  Compile options:                                                 */
/*                                                                   */
/*    CrtCmd     Cmd( OVRGRPPRF )                                    */
/*               Pgm( CBX128 )                                       */
/*               SrcMbr( CBX128X )                                   */
/*               VldCkr( CBX128V )                                   */
/*               Allow( *INTERACT )                                  */
/*               HlpPnlGrp( CBX128H )                                */
/*               HlpId( *CMD )                                       */
/*               Aut( *EXCLUDE )                                     */
/*                                                                   */
/*                                                                   */
/*  Authorize user profiles to command:                              */
/*                                                                   */
/*    GrtObjAut Obj( OVRGRPPRF )                                     */
/*              ObjType( *CMD )                                      */
/*              User( )                               */
/*              Aut( *USE )                                          */
/*                                                                   */
/*  - Or use the EDTOBJAUT command:                                  */
/*                                                                   */
/*    EdtObjAut Obj( OVRGRPPRF )                                     */
/*              ObjType( *CMD )                                      */
/*                                                                   */
/*                                                                   */
/*-------------------------------------------------------------------*/
      Cmd        Prompt( 'Override Group Profile' )

      PARM       GRPPRF     *Sname      10            +
                 Min( 1 )                             +
                 Vary( *YES *INT2 )                   +
                 Expr( *YES )                         +
                 Prompt( 'Group profile' )

      PARM       AUTCOD     *Char       10            +
                 Min( 1 )                             +
                 Expr( *YES )                         +
                 Prompt( 'Authorization code' )

      PARM       REASON     *Char      256            +
                 Min( 1 )                             +
                 Vary( *YES *INT2 )                   +
                 Expr( *YES )                         +
                 Case( *MIXED )                      +
                 Prompt( 'Reason' )

      PARM       PRFTKN     *Char       32            +
                 Constant( '*PRFTKN' )


.*-----------------------------------------------------------------------**
.*
.*  Compile options:
.*
.*    CrtPnlGrp PnlGrp( CBX128H )
.*              SrcFile( QPNLSRC )
.*              SrcMbr( *PNLGRP )
.*
.*-----------------------------------------------------------------------**
:PNLGRP.
:HELP NAME='OVRGRPPRF'.Override Group Profile - Help
:P.
The Override Group Profile (OVRGRPPRF) command temporarily replaces the
current job's primary group profile with the specified group profile.
During this replacement, any special or object authority coming from
the replaced group profile is suspended, and likewise any object or
special authority provided by the new group profile is activated while
the override is in effect.
:P.
Due to the system authorization algorithm, private authority is always
resolved before group authority when the system performs an authority
lookup.  This has the effect that a user's private authority to an
object always will take precedence over the group's authority,
regardless of the privileges held by the group profile.
:P.
:NT.
All *EXCLUDE private object authorities held by the user running this
command will remain in effect during the override, and the user will
not be able to access these objects, even if the group profile is being
overriden to a group profile having *ALLOBJ special authority.
:ENT.
:NT.
System audit journal QAUDJRN must exist for the OVRGRPPRF command to
run successfully.
:ENT.
:P.
:HP2.Restriction&COLON.:EHP2. This command can only be run in an
interactive environment.
:P.
:EHELP.
:HELP NAME='OVRGRPPRF/GRPPRF'.Group profile (GRPPRF) - Help
:XH3.Group profile (GRPPRF)
:P.
The name of the group profile that the current job should temporarily
have its primary group profile replaced by.
:P.
This is a required parameter.
:P.
:EHELP.
:HELP NAME='OVRGRPPRF/AUTCOD'.Authorization code (AUTCOD) - Help
:XH3.Authorization code (AUTCOD)
:P.
Specify the authorization code that was issued by the security officer
to approve the change of current group profile.
:P.
This is a required parameter.
:P.
:EHELP.
:HELP NAME='OVRGRPPRF/REASON'.Reason (REASON) - Help
:XH3.Reason (REASON)
:P.
Specify the reason for the requested change of current group profile.
:P.
This is a required parameter.
:P.
:EHELP.
:EPNLGRP.

Thanks to Carsten Flensburg writing for
Club Tech iSeries Programming Tips Newsletter

阅读(1176) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~