Check User Special Authorities
Here is Carsten's comments to all the following programs:
The OVRGRPPRF command includes the following sources:
CBX128 -- Command processing program that performs the group
profile override.
CBX128V -- Validity checking program that performs integrity and
access control.
CBX128H -- Command help text panel group.
CBX128X -- Command definition source member.
CBX128M -- Creates and configures all command objects.
The ADDPRFAUT command includes the following sources:
CBX1291 -- Command processing program stores the profile
authorization code in a validation list.
CBX1291V -- Validity checking program that performs integrity and
access control.
CBX1291H -- Command help text panel group.
CBX1291X -- Command definition source member.
CBX1291M -- Creates and configures all command objects.
The MNGPRFAUT command includes the following sources:
CBX1292 -- Command processing program that performs the group
profile override.
CBX1292V -- Validity checking program that performs integrity and
access control.
CBX1292H -- Command help text panel group.
CBX1292X -- Command definition source member.
CBX1292M -- Creates and configures all command objects.
The PRFAUT menu includes the following source:
CBX129 -- The UIM menu source member.
Once all the above-specified source members have been copied to their
default source files and the program CBX128M has been compiled,
calling CBX128M will create all necessary command objects. Specify the
source file library as the only parameter. All the command objects
will be created in that library as well.
Call Pgm( CBX128M ) Parm( 'your source library' )
The commands' objects will be created in the library where the source
files are located. Please note that to successfully run the above
program, the user profile performing the call must have *ALLOBJ
special authority.
Please also note that the primary objective of the above commands is
to demonstrate practical use of the IFS security APIs. Before creating
and installing the objects on a production system, you should
carefully and thoroughly test the utility, to ensure that it meets
your security requirements and guidelines.
This article demonstrates the following APIs:
Get Effective Group ID (getegid) API:
http://as400bks.rochester.ibm.com/iseries/v5r2/ic2924/info/apis/getegid.htm
Get Group Information using Group Name (getgrnam) API:
http://as400bks.rochester.ibm.com/iseries/v5r2/ic2924/info/apis/getgrnam.htm
Set Effective Group ID (qsysetegid) API:
http://as400bks.rochester.ibm.com/iseries/v5r2/ic2924/info/apis/qsyseteg.htm
Get Supplemental Group IDs (qsygetgroups) API:
http://as400bks.rochester.ibm.com/iseries/v5r2/ic2924/info/apis/qsygetgroups.htm
Set Supplemental Group IDs (qsysetgroups) API:
http://as400bks.rochester.ibm.com/iseries/v5r2/ic2924/info/apis/qsysetgroups.htm
Retrieve Job Information (QUSRJOBI) API:
http://as400bks.rochester.ibm.com/iseries/v5r2/ic2924/info/apis/qusrjobi.htm
Retrieve Object Information (QUSROBJD) API:
http://as400bks.rochester.ibm.com/iseries/v5r2/ic2924/info/apis/qusrobjd.htm
Retrieve User Information (QSYRUSRI) API:
http://as400bks.rochester.ibm.com/iseries/v5r2/ic2924/info/apis/qsyrusri.htm
Create User Space (QUSCRTUS) API:
http://as400bks.rochester.ibm.com/iseries/v5r2/ic2924/info/apis/quscrtus.htm
Delete User Space (QUSDLTUS) API:
http://as400bks.rochester.ibm.com/iseries/v5r2/ic2924/info/apis/qusdltus.htm
Retrieve Pointer to User Space (QUSPTRUS) API:
http://as400bks.rochester.ibm.com/iseries/v5r2/ic2924/info/apis/qusptrus.htm
Send Program Message (QMHSNDPM) API:
http://publib.boulder.ibm.com/iseries/v5r2/ic2924/info/apis/QMHSNDPM.htm
Check User Special Authorities (QSYCUSRS) API:
http://as400bks.rochester.ibm.com/iseries/v5r2/ic2924/info/apis/QSYCUSRS.HTM
Send Journal Entry (QJOSJRNE) API:
http://as400bks.rochester.ibm.com/iseries/v5r2/ic2924/info/apis/QJOSJRNE.htm
The Find Validation List Entry (QsyFindValidationLstEntry) API:
http://as400bks.rochester.ibm.com/iseries/v5r2/ic2924/info/apis/QSYFIVLE.htm
The Find Validation List Entry Attributes
(QsyFindValidationLstEntryAttrs) API:
http://as400bks.rochester.ibm.com/iseries/v5r2/ic2924/info/apis/QSYFIVLA.htm
The Verify Validation List Entry (QsyVerifyValidationLstEntry) API:
http://as400bks.rochester.ibm.com/iseries/v5r2/ic2924/info/apis/QSYVFVLE.htm
The Add Validation List Entry (QsyAddValidationLstEntry) API:
http://as400bks.rochester.ibm.com/iseries/v5r2/ic2924/info/apis/qsyavle.htm
The Remove Validation List Entry (QsyRemoveValidationLstEntry) API:
http://as400bks.rochester.ibm.com/iseries/v5r2/ic2924/info/apis/QSYRVLE.htm
The Generate Profile Token (QsyGenPrfTkn) API:
http://as400bks.rochester.ibm.com/iseries/v5r2/ic2924/info/apis/qsygenpt.htm
The Check Profile Token User (QsyChkPrfTknUser) API:
http://as400bks.rochester.ibm.com/iseries/v5r2/ic2924/info/apis/qsychktu.htm
The Get Profile Token Time Out (QsyGetPrfTknTimeOut) API:
http://as400bks.rochester.ibm.com/iseries/v5r2/ic2924/info/apis/qsygetpt.htm
The Remove Profile Token (QsyRemovePrfTkn) API:
http://as400bks.rochester.ibm.com/iseries/v5r2/ic2924/info/apis/qsyrptkn.htm
The following MI built-in function is demonstrated in this article:
_MODINVAU -- Modify Invocation Authority Attributes
http://publib.boulder.ibm.com/iseries/v5r1/ic2924/tstudio/tech_ref/mi/MODINVAU.htm
The following function from the ILE C runtime library is demonstrated
in this article:
strerror -- Set Pointer to Run-Time Error Message
http://publib.boulder.ibm.com/iseries/v5r2/ic2924/books/c415607107.htm#HDRSTRERRO
If you dont have all the CBX128? programs, they are here: API Page 6
The program CBX128M will be included here, as the version on page 6 is a little different.
**
** Program . . : CBX1291
** Description : Add profile authorization code - CPP
** Author . . : Carsten Flensburg
** Published . : Club Tech iSeries Programming Tips Newsletter
** Date . . . : January 20, 2005
**
**
** Program description:
**
**
** Compile options:
** CrtRpgMod Module( CBX1291 )
** DbgView( *NONE )
** Aut( *USE )
**
** CrtPgm Pgm( CBX1291 )
** Module( CBX1291 )
** ActGrp( *NEW )
** UsrPrf( *OWNER )
** Aut( *USE )
**
** ChgObjOwn Obj( CBX1291 )
** ObjType( *PGM )
** NewOwn( QSECOFR )
**
** ChgPgm Pgm( CBX1291 )
** RmvObs( *ALL )
**
**
**
**-- Control specification: --------------------------------------------**
H Option( *SrcStmt )
**-- System information:
D PgmSts SDs Qualified
D PgmNam *Proc
D CurJob 10a Overlay( PgmSts: 244 )
D UsrPrf 10a Overlay( PgmSts: 254 )
D JobNbr 6a Overlay( PgmSts: 264 )
D CurUsr 10a Overlay( PgmSts: 358 )
**-- API error data structure:
D ERRC0100 Ds Qualified
D BytPrv 10i 0 Inz( %Size( ERRC0100 ))
D BytAvl 10i 0
D MsgId 7a
D 1a
D MsgDta 512a
**-- Global constants:
D VLD_LST c 'CBX128L'
D QSY_IN_VLDL c 0
D QSY_SYSTEM_ATTR...
D c 0
D ADP_PRV_INVLVL c 1
**-- Validation list API structures:
D Qsy_Vfy_Only s 1a Inz( '0' )
**-- Validation list attribute data:
D Qsy_Attr_Info_T...
D Ds Qualified
D Number_Attrs 10i 0 Inz( 1 )
D Res_align 12a
D Attr_Descr LikeDs( Qsy_Attr_Descr_T )
D Inz( *LikeDs )
**
D Qsy_Attr_Descr_T...
D Ds Qualified
D Attr_Location 10i 0 Inz( QSY_IN_VLDL )
D Attr_Type 10i 0 Inz( QSY_SYSTEM_ATTR )
D Attr_Res 8a Inz( *Allx'00' )
D Attr_ID_p *
D Attr_Other_Descr...
D 32a Inz( *Allx'00' )
D Attr_Data_Info...
D 96a
D Attr_VLDL LikeDs( Qsy_In_VLDL_T )
D Overlay( Attr_Data_Info: 1 )
D Inz( *LikeDs )
D Attr_In_Other...
D 96a Overlay( Attr_Data_Info: 1 )
D 64a Overlay( Attr_In_Other: 33 )
D Inz( *Allx'00' )
D Attr_Other_Data...
D 32a Inz( *Allx'00' )
**
D Qsy_In_VLDL_T Ds Qualified
D Attr_CCSID 10i 0 Inz( -1 )
D Attr_Len 10i 0 Inz( 1 )
D Attr_Res_1 8a Inz( *Allx'00' )
D Attr_Value_p *
**
D Qsy_Rtn_VLDL_Attr_T...
D Ds Qualified
D Bytes_Returned...
D 10i 0
D Bytes_Available...
D 10i 0
D Attr_Len 10i 0
D Attr_CCSID 10u 0
D Attr_Data LikeDs( Qsy_Rtn_Entry_Usage_Attr_T )
**
D Qsy_Rtn_Entry_Usage_Attr_T...
D Ds Qualified
D Create_Date 8a
D Last_Used_Date...
D 8a
D Encr_Data_Chg_Date...
D 8a
D Not_Valid_Verify_Count...
D 10i 0
**-- Validation list return data:
D Qsy_Rtn_Vld_Lst_Ent_T...
D Ds Qualified
D Entry_ID_Info LikeDs( Qsy_Entry_ID_Info_T )
D Encr_Data_Info...
D LikeDs( Qsy_Entry_Encr_Data_Info_T )
D Entry_Data_Info...
D LikeDs( Qsy_Entry_Data_Info_T )
D 4a
D AtrPtr *
**
D Qsy_Entry_ID_Info_T...
D Ds Qualified
D Entry_ID_Len 10i 0
D Entry_ID_CCSID...
D 10i 0 Inz( 65535 )
D Entry_ID 100a
**
D Qsy_Entry_Encr_Data_Info_T...
D Ds Qualified
D Encr_Data_Len 10i 0
D Encr_Data_CCSID...
D 10i 0 Inz( 65535 )
D Encr_Data 600a
**
D Qsy_Entry_Data_Info_T...
D Ds Qualified
D Entry_Data_Len...
D 10i 0
D Entry_Data_CCSID...
D 10i 0
D Entry_Data 1000a
**-- Global variables:
D AutFlg s 1a
D RtnCod s 1a
**-- Journal entry:
D JrnEntInf Ds Qualified
D InfEntRcds 10i 0 Inz( 1 )
D InfKey 10i 0 Inz( 1 )
D InfLen 10i 0 Inz( %Size( JrnEntInf.InfDta ))
D InfDta 2a
**
D JrnEntA1 Ds Qualified
D UsrPrf 10a
D GrpPrf 10a
D AutCod 10a
D RtnCod 1a
**-- Check special authority
D ChkSpcAut Pr ExtPgm( 'QSYCUSRS' )
D CsAutInf 1a
D CsUsrPrf 10a Const
D CsSpcAut 10a Const Dim( 8 ) Options( *VarSize )
D CsNbrAut 10i 0 Const
D CsCalLvl 10i 0 Const
D CsError 32767a Options( *VarSize )
**-- Send program message:
D SndPgmMsg Pr ExtPgm( 'QMHSNDPM' )
D SpMsgId 7a Const
D SpMsgFq 20a Const
D SpMsgDta 128a Const
D SpMsgDtaLen 10i 0 Const
D SpMsgTyp 10a Const
D SpCalStkE 10a Const Options( *VarSize )
D SpCalStkCtr 10i 0 Const
D SpMsgKey 4a
D SpError 1024a Options( *VarSize )
**-- Send journal entry:
D SndJrnE Pr ExtPgm( 'QJOSJRNE' )
D SjJrnNamQ 20a Const
D SjJrnEntInf 4096a Const Options( *VarSize )
D SjEntDta 32766a Const Options( *VarSize )
D SjEntDtaLen 10i 0 Const
D SjError 32767a Options( *VarSize )
**-- Add validation list entry:
D AddVldLstE Pr 10i 0 ExtProc( 'QsyAddValidation+
D LstEntry' )
D AvLstNam 20a Const
D AvEntId * Value
D AvEncDta * Value
D AvEntDta * Value
D AvAtrDta * Value
**-- Remove validation list entry:
D RmvVldLstE Pr 10i 0 ExtProc( 'QsyRemoveValidation+
D LstEntry' )
D RvLstNam 20a Const
D RvEntId * Value
**-- Add user password:
D AddUsrPwd Pr 10i 0
D PxVldLst 10a Const
D PxVldLstLib 10a Const
D PxUrsId 20a Const
D PxAutCod 10a Const
D PxUsrDsc 50a Const
**-- Remove user password:
D RmvUsrPwd Pr 10i 0
D PxVldLst 10a Const
D PxVldLstLib 10a Const
D PxUsrId 20a Const
**-- Send diagnostic message:
D SndDiagMsg Pr 10i 0
D PxMsgDta 512a Const Varying
**-- Send escape message:
D SndEscMsg Pr 10i 0
D PxMsgDta 512a Const Varying
**-- Send completion message:
D SndCmpMsg Pr 10i 0
D PxMsgDta 512a Const Varying
**-- Entry parameters:
D CBX1291 Pr
D PxUsrPrf 10a
D PxGrpPrf 10a
D PxAutCod 10a
D PxReason 256a Varying
D PxVldTim 5i 0
D PxRplCod 1a
**
D CBX1291 Pi
D PxUsrPrf 10a
D PxGrpPrf 10a
D PxAutCod 10a
D PxReason 256a Varying
D PxVldTim 5i 0
D PxRplCod 1a
/Free
RtnCod = '0';
If PxUsrPrf = PgmSts.UsrPrf;
RtnCod = '1';
SndDiagMsg( 'Self authorization is not allowed.' );
Else;
ChkSpcAut( AutFlg
: PgmSts.UsrPrf
: '*SECADM'
: 1
: ADP_PRV_INVLVL
: ERRC0100
);
If ERRC0100.BytAvl > *Zero Or AutFlg = 'N';
RtnCod = '2';
SndDiagMsg( 'Special authority *SECADM required.' );
Else;
If PxRplCod = 'Y';
RmvUsrPwd( VLD_LST: '*LIBL': PxUsrPrf + PxGrpPrf );
EndIf;
If AddUsrPwd( VLD_LST
: '*LIBL'
: PxUsrPrf + PxGrpPrf
: PxAutCod
: %Char( %Timestamp() + %Minutes( PxVldTim ))
) = *Zero;
SndCmpMsg( 'Authorization code added.' );
Else;
RtnCod = '3';
SndDiagMsg( 'Unexpected error occurred.' );
EndIf;
EndIf;
EndIf;
JrnEntInf.InfDta = 'A1';
JrnEntA1.UsrPrf = PxUsrPrf;
JrnEntA1.GrpPrf = PxGrpPrf;
JrnEntA1.AutCod = PxAutCod;
JrnEntA1.RtnCod = RtnCod;
SndJrnE( 'QAUDJRN *LIBL '
: JrnEntInf
: JrnEntA1
: %Size( JrnEntA1 )
: ERRC0100
);
If RtnCod > '0';
SndEscMsg( 'ADDPRFAUT command ended in error' );
EndIf;
*InLr = *On;
Return;
/End-Free
**-- Send diagnostic message: ------------------------------------------**
P SndDiagMsg B
D Pi 10i 0
D PxMsgDta 512a Const Varying
**
D MsgKey s 4a
/Free
SndPgmMsg( 'CPF9897'
: 'QCPFMSG *LIBL'
: PxMsgDta
: %Len( PxMsgDta )
: '*DIAG'
: '*PGMBDY'
: 1
: MsgKey
: ERRC0100
);
If ERRC0100.BytAvl > *Zero;
Return -1;
Else;
Return 0;
EndIf;
/End-Free
P SndDiagMsg E
**-- Send escape message: ----------------------------------------------**
P SndEscMsg B
D Pi 10i 0
D PxMsgDta 512a Const Varying
**
D MsgKey s 4a
/Free
SndPgmMsg( 'CPF9898'
: 'QCPFMSG *LIBL'
: PxMsgDta
: %Len( PxMsgDta )
: '*ESCAPE'
: '*PGMBDY'
: 1
: MsgKey
: ERRC0100
);
If ERRC0100.BytAvl > *Zero;
Return -1;
Else;
Return 0;
EndIf;
/End-Free
P SndEscMsg E
**-- Send completion message: ------------------------------------------**
P SndCmpMsg B
D Pi 10i 0
D PxMsgDta 512a Const Varying
**
D MsgKey s 4a
/Free
SndPgmMsg( 'CPF9897'
: 'QCPFMSG *LIBL'
: PxMsgDta
: %Len( PxMsgDta )
: '*COMP'
: '*PGMBDY'
: 1
: MsgKey
: ERRC0100
);
If ERRC0100.BytAvl > *Zero;
Return -1;
Else;
Return 0;
EndIf;
/End-Free
**
P SndCmpMsg E
**-- Add user password: ------------------------------------------------**
P AddUsrPwd B Export
D Pi 10i 0
D PxVldLst 10a Const
D PxVldLstLib 10a Const
D PxUsrId 20a Const
D PxUsrPwd 10a Const
D PxUsrDsc 50a Const
/Free
Reset Qsy_Entry_ID_Info_T;
Reset Qsy_Entry_Encr_Data_Info_T;
Reset Qsy_Entry_Data_Info_T;
Qsy_Entry_ID_Info_T.Entry_ID = PxUsrId;
Qsy_Entry_ID_Info_T.Entry_ID_Len = %Size( PxUsrId );
Qsy_Entry_Encr_Data_Info_T.Encr_Data = PxUsrPwd;
Qsy_Entry_Encr_Data_Info_T.Encr_Data_Len = %Len( %TrimR( PxUsrPwd ));
Qsy_Entry_Data_Info_T.Entry_Data = PxUsrDsc;
Qsy_Entry_Data_Info_T.Entry_Data_Len = %Len( %TrimR( PxUsrDsc ));
Qsy_Attr_Info_T.Attr_Descr.Attr_ID_p = %Alloc( 15 );
%Str( Qsy_Attr_Info_T.Attr_Descr.Attr_ID_p: 15 ) = 'QsyEncryptData';
Qsy_Attr_Info_T.Attr_Descr.Attr_VLDL.Attr_Len = %Size( Qsy_Vfy_Only );
Qsy_Attr_Info_T.Attr_Descr.Attr_VLDL.Attr_Value_p =
%Addr( Qsy_Vfy_Only );
Return AddVldLstE( PxVldLst + PxVldLstLib
: %Addr( Qsy_Entry_ID_Info_T )
: %Addr( Qsy_Entry_Encr_Data_Info_T )
: %Addr( Qsy_Entry_Data_Info_T )
: %Addr( Qsy_Attr_Info_T )
);
/End-Free
P AddUsrPwd E
**-- Remove user password: ---------------------------------------------**
P RmvUsrPwd B Export
D Pi 10i 0
D PxVldLst 10a Const
D PxVldLstLib 10a Const
D PxUsrId 20a Const
/Free
Reset Qsy_Entry_ID_Info_T;
Qsy_Entry_ID_Info_T.Entry_ID = PxUsrId;
Qsy_Entry_ID_Info_T.Entry_ID_Len = %Size( PxUsrId );
Return RmvVldLstE( PxVldLst + PxVldLstLib
: %Addr( Qsy_Entry_ID_Info_T )
);
/End-Free
P RmvUsrPwd E
.*-----------------------------------------------------------------------**
.*
.* Compile options:
.*
.* CrtMnu Menu( PRFAUT )
.* Type( *UIM )
.* SrcFile( QMNUSRC )
.* SrcMbr( CBX129 )
.* Aut( *USE )
.*
.*-----------------------------------------------------------------------**
:PNLGRP.
.*
:IMPORT PNLGRP='CBX128H' NAME='OVRGRPPRF'.
:IMPORT PNLGRP='CBX1291H' NAME='ADDPRFAUT'.
:IMPORT PNLGRP='CBX1292H' NAME='MNGPRFAUT'.
:IMPORT PNLGRP='QHWCCMD' NAME='SIGNOFF'.
.*
:VAR NAME=ZMENU.
:COND NAME=OvrOk EXPR='CHKOBJ("OVRGRPPRF", "*CMD", "*USE")'.
:COND NAME=AddOk EXPR='CHKOBJ("ADDPRFAUT", "*CMD", "*USE")'.
:COND NAME=MngOk EXPR='CHKOBJ("MNGPRFAUT", "*CMD", "*USE")'.
.*
:KEYL NAME=SMALL HELP=FKHLP.
:KEYI KEY=F1 HELP=F1HLP ACTION='HELP'.
:KEYI KEY=F3 HELP=F3HLP ACTION='EXIT SET' VARUPD=NO .F3=Exit
:KEYI KEY=F4 HELP=F4HLP ACTION='PROMPT' .F4=Prompt
:KEYI KEY=F9 HELP=F9HLP ACTION='RETRIEVE' .F9=Retrieve
:KEYI KEY=F12 HELP=F12HLP ACTION='CANCEL SET' VARUPD=NO .F12=Cancel
:KEYI KEY=Enter HELP=ENHLP ACTION='ENTER'.
:KEYI KEY=Help HELP=HPHLP ACTION='HELP'.
:KEYI KEY=Pageup HELP=PUHLP ACTION='PAGEUP'.
:KEYI KEY=Pagedown HELP=PDHLP ACTION='PAGEDOWN'.
:KEYI KEY=Print HELP=PRHLP ACTION='PRINT'.
:EKEYL.
.*
:PANEL NAME=MAIN
HELP=MAINHLP
KEYL=SMALL
PANELID=ZMENU
TOPSEP=SYSNAM
ENTER='MSG CPD9817 QCPFMSG'
.Profile Authorization Menu
:MENU DEPTH='*'
SCROLL=YES.
:TOPINST .Select one of the following:
.*
:MENUGRP .Override commands
:MENUI OPTION=1
HELP=OP1HLP
ACTION='CMD ?OVRGRPPRF'
COND=OvrOk
.Override group profile OVRGRPPRF
:EMENUGRP.
.*
:MENUGRP .Management commands
:MENUI OPTION=11
HELP=OP11HLP
ACTION='CMD ?ADDPRFAUT'
COND=AddOk
.Add profile authorization ADDPRFAUT
:MENUI OPTION=12
HELP=OP12HLP
ACTION='CMD ?MNGPRFAUT'
COND=MngOk
.Manage profile authorization MNGPRFAUT
:EMENUGRP.
.*
:MENUGRP .Service options
:MENUI OPTION=90
HELP=OP90HLP
ACTION='CMD SIGNOFF'
.Sign off SIGNOFF
:EMENUGRP.
:EMENU.
.*
:CMDLINE SIZE=SHORT .Selection or command
:EPANEL.
.*
:HELP NAME=MAINHLP .Main help
:P.
The Profile Authorization (PRFAUT) menu allows you to work with the
profile authorization commands. Only commands to which you have *USE
authority to are displayed. Contact your security officer to obtain
any missing authorization to the Profile Authorization commands.
:EHELP.
.*
:HELP NAME=FKHLP .Function keys
:EHELP.
.*
:HELP NAME=F1HLP.
:PARML.
:PT.F1=Help
:PD.Shows additional information about the display or option you
selected.
:EPARML.
:EHELP.
.*
:HELP NAME=F3HLP.
:PARML.
:PT.F3=Exit
:PD.Ends the current task and returns you to the display from which the
task was started.
:EPARML.
:EHELP.
.*
:HELP NAME=F4HLP.
:PARML.
:PT.F4=Prompt
:PD.Provides assistance in entering or selecting a command.
:EPARML.
:EHELP.
.*
:HELP NAME=F9HLP.
:PARML.
:PT.F9=Retrieve
:PD.Displays the last command you ran from the command line, and any
parameters you selected. By pressing this key once, you will see the
last command you ran. By pressing this key twice, you will see the
next-to-last command that you ran, and so on.
:EPARML.
:EHELP.
.*
:HELP NAME=F12HLP.
:PARML.
:PT.F12=Cancel
:PD.Returns to the previous menu or display.
:EPARML.
:EHELP.
.*
:HELP NAME=ENHLP.
:PARML.
:PT.Enter
:PD.Submits information on the display for processing.
:EPARML.
:EHELP.
.*
:HELP NAME=HPHLP.
:PARML.
:PT.Help
:PD.Shows additional information about the display or option you
selected.
:EPARML.
:EHELP.
.*
:HELP NAME=PDHLP.
:PARML.
:PT.Page Down (Roll Up)
:PD.Moves forward to show additional messages for this display.
:EPARML.
:EHELP.
.*
:HELP NAME=PUHLP.
:PARML.
:PT.Page Up (Roll Down)
:PD.Moves backward to show additional messages for this display.
:EPARML.
:EHELP.
.*
:HELP NAME=PRHLP.
:PARML.
:PT.Print
:PD.Prints information currently shown on the display
:EPARML.
:EHELP.
.*
:HELP NAME=OP1HLP .Override group profile
:XH3.Option 1 -- Override group profile
:IMHELP NAME='OVRGRPPRF'.
:EHELP.
.*
:HELP NAME=OP11HLP .Add profile authorization
:XH3.Option 11 -- Add profile authorization
:IMHELP NAME='ADDPRFAUT'.
:EHELP.
.*
:HELP NAME=OP12HLP .Manage profile authorization
:XH3.Option 12 -- Manage profile authorization
:IMHELP NAME='MNGPRFAUT'.
:EHELP.
.*
:HELP NAME=OP90HLP .Sign off
:XH3.Option 90 -- Sign off
:IMHELP NAME='SIGNOFF'.
:EHELP.
.*
:EPNLGRP.
.*-----------------------------------------------------------------------**
.*
.* Compile options:
.*
.* CrtPnlGrp PnlGrp( CBX1291H )
.* SrcFile( QPNLSRC )
.* SrcMbr( *PNLGRP )
.*
.*-----------------------------------------------------------------------**
:PNLGRP.
:HELP NAME='ADDPRFAUT'.Add Profile Authorization Code - Help
:P.
The Add Profile Authorization Code (ADDPRFAUT) command registers the
authorization code that is required by the Override Group Profile
(OVRGRPPRF) command to perform a group profile override.
:P.
The authorization code is registered to a specific user profile and
group profile combination, and can only be used by that user profile to
temporarily replace a job's current primary group profile with the
specified group profile.
:P.
At release V5R1 and earlier, any special or object authority coming
from the replaced group profile is suspended during this replacement.
Likewise any object or special authority provided by the new group
profile is activated while the override is in effect.
:P.
:HP2.Restriction&COLON.:EHP2. This command requires *SECADM special
authority to run.
:P.
:HP2.Restriction&COLON.:EHP2. This command can only be run in an
interactive environment.
:P.
:EHELP.
:HELP NAME='ADDPRFAUT/USRPRF'.User profile (USRPRF) - Help
:XH3.User profile (USRPRF)
:P.
The name of the user profile for which the authorization code should be
valid.
:P.
This is a required parameter.
:P.
:EHELP.
:HELP NAME='ADDPRFAUT/GRPPRF'.Group profile (GRPPRF) - Help
:XH3.Group profile (GRPPRF)
:P.
The name of the group profile to which the specified user profile
should be authorized to perform an override to.
:P.
This is a required parameter.
:P.
:EHELP.
:HELP NAME='ADDPRFAUT/AUTCOD'.Authorization code (AUTCOD) - Help
:XH3.Authorization code (AUTCOD)
:P.
Specify the authorization code that must be applied by the OVRGRPPRF
command to approve the override to the specified group profile.
:P.
This is a required parameter.
:P.
:NT.
All letters are by default capitalized by this command.
:ENT.
:P.
:EHELP.
:HELP NAME='ADDPRFAUT/REASON'.Reason (REASON) - Help
:XH3.Reason (REASON)
:P.
Specify the reason for the requested override of current group profile.
:P.
This is a required parameter.
:P.
:EHELP.
:HELP NAME='ADDPRFAUT/VLDTIM'.Valid time (VLDTIM) - Help
:XH3.Valid time (VLDTIM)
:P.
Specify the number of minutes that the authorization code should be
valid. Once the authorization code has expired it cannot be used again
until it is renewed by this command, specifying RPLAUT(*YES).
:P.
The number of minutes are calculated based on the time the
authorization code was created, as opposed to when it was first used.
:P.
The possible values are:
:P.
:PARML.
:PT.:PK DEF.60:EPK.
:PD.
The authorization code expires 60 minutes after creation.
:PT.:PV.valid-time:EPV.
:PD.
Specify the number of minutes that the authorization code should be
available for use.
:EPARML.
:EHELP.
:HELP NAME='ADDPRFAUT/RPLAUT'.Replace authorization code (RPLAUT) - Help
:XH3.Replace authorization code (RPLAUT)
:P.
Specifies whether the authorization code should replace an already
existing authorization code for the specified user profile and group
profile.
:P.
The possible values are:
:P.
:PARML.
:PT.:PK DEF.*NO:EPK.
:PD.
The authorization code does not replace an already existing
authorization code, and an error message is returned, if an
authorization code already exists.
:PT.:PK.*YES:EPK.
:PD.
If an authorization code already exists for the specified user profile
and group profile, it is replaced by this command.
:EPARML.
:EHELP.
:EPNLGRP.
/*-------------------------------------------------------------------*/
/* */
/* Program . . : CBX1291M */
/* Description : Add profile authorization code - setup */
/* Author . . : Carsten Flensburg */
/* Published . : Club Tech iSeries Programming Tips Newsletter */
/* Date . . . : January 20, 2005 */
/* */
/* */
/* Program function: Compiles, creates and configures all the */
/* ADDPRFAUT command objects. */
/* */
/* This program expects a single parameter */
/* specifying the library to contain the */
/* command objects. */
/* */
/* Object sources must exist in the respective */
/* source type default source files in the */
/* command object library. */
/* */
/* Requirements: This program must be run by a user profile */
/* having *ALLOBJ special authority. */
/* */
/* */
/* Compile options: */
/* CrtClPgm Pgm( CBX1291M ) */
/* SrcFile( QCLSRC ) */
/* SrcMbr( *PGM ) */
/* */
/*-------------------------------------------------------------------*/
Pgm &UtlLib
Dcl &UtlLib *Char 10
MonMsg CPF0000 *N GoTo Error
CrtRpgMod &UtlLib/CBX1291 +
SrcFile( &UtlLib/QRPGLESRC ) +
SrcMbr( *Module ) +
DbgView( *NONE ) +
Aut( *USE )
CrtPgm &UtlLib/CBX1291 +
Module( &UtlLib/CBX1291 ) +
ActGrp( *NEW ) +
UsrPrf( *OWNER ) +
Aut( *USE )
ChgObjOwn Obj( &UtlLib/CBX1291 ) +
ObjType( *PGM ) +
NewOwn( QSECOFR )
ChgPgm Pgm( &UtlLib/CBX1291 ) +
RmvObs( *ALL )
CrtRpgMod &UtlLib/CBX1291V +
SrcFile( &UtlLib/QRPGLESRC ) +
SrcMbr( *Module ) +
DbgView( *NONE ) +
Aut( *USE )
CrtPgm &UtlLib/CBX1291V +
Module( &UtlLib/CBX1291V ) +
ActGrp( *NEW ) +
UsrPrf( *OWNER ) +
Aut( *USE )
ChgObjOwn Obj( &UtlLib/CBX1291V ) +
ObjType( *PGM ) +
NewOwn( QSECOFR )
ChgPgm Pgm( &UtlLib/CBX1291V ) +
RmvObs( *ALL )
CrtPnlGrp &UtlLib/CBX1291H +
SrcFile( &UtlLib/QPNLSRC ) +
SrcMbr( *PNLGRP )
CrtCmd Cmd( &UtlLib/ADDPRFAUT ) +
Pgm( CBX1291 ) +
SrcFile( &UtlLib/QCMDSRC ) +
SrcMbr( CBX1291X ) +
VldCkr( CBX1291V ) +
Allow( *INTERACT ) +
HlpPnlGrp( CBX1291H ) +
HlpId( *CMD ) +
Aut( *EXCLUDE )
RmvMsg Clear( *ALL )
SndPgmMsg Msg( 'Command ADDPRFAUT has been' *Bcat +
'successfully created in library' *Bcat +
&UtlLib *Tcat +
'.' ) +
MsgType( *COMP )
Return
/*-- Error handling: -----------------------------------------------*/
Error:
Call QMHMOVPM ( ' ' +
'*DIAG' +
x'00000001' +
'*PGMBDY' +
x'00000001' +
x'0000000800000000' +
)
Call QMHRSNEM ( ' ' +
x'0000000800000000' +
)
EndPgm:
EndPgm
**
** Program . . : CBX1291V
** Description : Add profile authorization code - VCP
** Author . . : Carsten Flensburg
** Published . : Club Tech iSeries Programming Tips Newsletter
** Date . . . : January 20, 2005
**
**
** Program description:
** This program checks the existence of the specified user profile
** and group profile, verifies the QSECOFR ownership of the utility
** validation list, the existence of the system audit journal QAUDJRN
** as well as the validity of the specified replace option for the
** authorization code.
**
**
** Compile options:
** CrtRpgMod Module( CBX1291V )
** DbgView( *NONE )
** Aut( *USE )
**
** CrtPgm Pgm( CBX1291V )
** Module( CBX1291V )
** ActGrp( *NEW )
** UsrPrf( *OWNER )
** Aut( *USE )
**
** ChgObjOwn Obj( CBX1291V )
** ObjType( *PGM )
** NewOwn( QSECOFR )
**
** ChgPgm Pgm( CBX1291V )
** RmvObs( *ALL )
**
**
**
**-- Control specification: --------------------------------------------**
H Option( *SrcStmt )
**-- System information:
D PgmSts SDs Qualified
D PgmNam *Proc
D CurJob 10a Overlay( PgmSts: 244 )
D UsrPrf 10a Overlay( PgmSts: 254 )
D JobNbr 6a Overlay( PgmSts: 264 )
D CurUsr 10a Overlay( PgmSts: 358 )
**-- API error data structure:
D ERRC0100 Ds Qualified
D BytPrv 10i 0 Inz( %Size( ERRC0100 ))
D BytAvl 10i 0
D MsgId 7a
D 1a
D MsgDta 512a
**-- Global constants:
D SPC_NAM_Q c 'CBX128U QTEMP'
D VLD_LST c 'CBX128L'
D QSY_IN_VLDL c 0
D QSY_SYSTEM_ATTR...
D c 0
**-- Global variables:
D AtrDta Ds Qualified
D CrtDat 8a
D LstVfyDat 8a
D PwdChgDat 8a
D InvPwdCnt 10i 0
**
D UsrDta s 128a
D PrfTkn s 32a
**
D UsrSpc Ds Qualified Based( pUsrSpc )
D DtaId 10a
D DtaLen 10i 0
D Dta Like( PrfTkn )
**-- Validation list attribute data:
D Qsy_Attr_Info_T...
D Ds Qualified
D Number_Attrs 10i 0 Inz( 1 )
D Res_align 12a
D Attr_Descr LikeDs( Qsy_Attr_Descr_T )
D Inz( *LikeDs )
**
D Qsy_Attr_Descr_T...
D Ds Qualified
D Attr_Location 10i 0 Inz( QSY_IN_VLDL )
D Attr_Type 10i 0 Inz( QSY_SYSTEM_ATTR )
D Attr_Res 8a Inz( *Allx'00' )
D Attr_ID_p *
D Attr_Other_Descr...
D 32a Inz( *Allx'00' )
D Attr_Data_Info...
D 96a
D Attr_VLDL LikeDs( Qsy_In_VLDL_T )
D Overlay( Attr_Data_Info: 1 )
D Inz( *LikeDs )
D Attr_In_Other...
D 96a Overlay( Attr_Data_Info: 1 )
D 64a Overlay( Attr_In_Other: 33 )
D Inz( *Allx'00' )
D Attr_Other_Data...
D 32a Inz( *Allx'00' )
**
D Qsy_In_VLDL_T Ds Qualified
D Attr_CCSID 10i 0 Inz( -1 )
D Attr_Len 10i 0 Inz( 1 )
D Attr_Res_1 8a Inz( *Allx'00' )
D Attr_Value_p *
**
D Qsy_Rtn_VLDL_Attr_T...
D Ds Qualified
D Bytes_Returned...
D 10i 0
D Bytes_Available...
D 10i 0
D Attr_Len 10i 0
D Attr_CCSID 10u 0
D Attr_Data LikeDs( Qsy_Rtn_Entry_Usage_Attr_T )
**
D Qsy_Rtn_Entry_Usage_Attr_T...
D Ds Qualified
D Create_Date 8a
D Last_Used_Date...
D 8a
D Encr_Data_Chg_Date...
D 8a
D Not_Valid_Verify_Count...
D 10i 0
**-- Validation list return data:
D Qsy_Rtn_Vld_Lst_Ent_T...
D Ds Qualified
D Entry_ID_Info LikeDs( Qsy_Entry_ID_Info_T )
D Encr_Data_Info...
D LikeDs( Qsy_Entry_Encr_Data_Info_T )
D Entry_Data_Info...
D LikeDs( Qsy_Entry_Data_Info_T )
D 4a
D AtrPtr *
**
D Qsy_Entry_ID_Info_T...
D Ds Qualified
D Entry_ID_Len 10i 0
D Entry_ID_CCSID...
D 10i 0 Inz( 65535 )
D Entry_ID 100a
**
D Qsy_Entry_Encr_Data_Info_T...
D Ds Qualified
D Encr_Data_Len 10i 0
D Encr_Data_CCSID...
D 10i 0 Inz( 65535 )
D Encr_Data 600a
**
D Qsy_Entry_Data_Info_T...
D Ds Qualified
D Entry_Data_Len...
D 10i 0
D Entry_Data_CCSID...
D 10i 0
D Entry_Data 1000a
**-- Journal entry:
D JrnEntInf Ds Qualified
D InfEntRcds 10i 0 Inz( 1 )
D InfKey 10i 0 Inz( 1 )
D InfLen 10i 0 Inz( %Size( JrnEntInf.InfDta ))
D InfDta 2a
**
D JrnEntA0 Ds Qualified
D UsrPrf 10a
D GrpPrf 10a
D AutCod 10a
D RplCod 1a
D VldTim 5s 0
D Reason 256a
**-- Retrieve user information:
D RtvUsrInf Pr ExtPgm( 'QSYRUSRI' )
D RuRcvVar 32767a Options( *VarSize )
D RuRcvVarLen 10i 0 Const
D RuFmtNam 10a Const
D RuUsrPrf 10a Const
D RuError 32767a Options( *VarSize )
**-- Retrieve object description:
D RtvObjD Pr ExtPgm( 'QUSROBJD' )
D RoRcvVar 32767a Options( *VarSize )
D RoRcvVarLen 10i 0 Const
D RoFmtNam 8a Const
D RoObjNamQ 20a Const
D RoObjTyp 10a Const
D RoError 32767a Options( *VarSize )
**-- Send program message:
D SndPgmMsg Pr ExtPgm( 'QMHSNDPM' )
D SpMsgId 7a Const
D SpMsgFq 20a Const
D SpMsgDta 128a Const
D SpMsgDtaLen 10i 0 Const
D SpMsgTyp 10a Const
D SpCalStkE 10a Const Options( *VarSize )
D SpCalStkCtr 10i 0 Const
D SpMsgKey 4a
D SpError 1024a Options( *VarSize )
**-- Send journal entry:
D SndJrnE Pr ExtPgm( 'QJOSJRNE' )
D SjJrnNamQ 20a Const
D SjJrnEntInf 4096a Const Options( *VarSize )
D SjEntDta 32766a Const Options( *VarSize )
D SjEntDtaLen 10i 0 Const
D SjError 32767a Options( *VarSize )
**-- Find validation list entry:
D FndVldLst Pr 10i 0 ExtProc( 'QsyFindValidation+
D LstEntry' )
D FvLstNam 20a Const
D FvEntId * Value
D FvRtnDta * Value
**-- Find validation list entry attributes:
D FndVldLstAtr Pr 10i 0 ExtProc( 'QsyFindValidation+
D LstEntryAttrs' )
D FvLstNam 20a Const
D FvEntId * Value
D FvRtnDta * Value
D FvAtrInf * Value
**-- Verify validation list entry:
D VfyVldLst Pr 10i 0 ExtProc( 'QsyVerifyValidation+
D LstEntry' )
D VvLstNam 20a Const
D VvEntId * Value
D VvEncDta * Value
**-- Get profile owner attribute:
D GetPrfOwnA Pr 10a
D PxUsrPrf 10a Value
**-- Check object existence:
D ChkObj Pr 10a
D RaObjNam 10a Const
D RaObjLib 10a Const
D RaObjTyp 10a Const
**-- Get object owner:
D GetObjOwn Pr 10a
D PxObjNam 10a Const
D RaObjLib 10a Const
D PxObjTyp 10a Const
**-- Verify validation list entry:
D VfyVldLstEnt Pr 10i 0
D PxVldLst 10a Const
D PxVldLstLib 10a Const
D PxUsrId 20a Const
**-- Send diagnostic message:
D SndDiagMsg Pr 10i 0
D PxMsgId 7a Const
D PxMsgDta 512a Const Varying
**-- Send escape message:
D SndEscMsg Pr 10i 0
D PxMsgId 7a Const
D PxMsgDta 512a Const Varying
**-- Entry parameters:
D CBX1291V Pr
D PxUsrPrf 10a
D PxGrpPrf 10a
D PxAutCod 10a
D PxReason 256a Varying
D PxVldTim 5i 0
D PxRplCod 1a
**
D CBX1291V Pi
D PxUsrPrf 10a
D PxGrpPrf 10a
D PxAutCod 10a
D PxReason 256a Varying
D PxVldTim 5i 0
D PxRplCod 1a
/Free
JrnEntInf.InfDta = 'A0';
JrnEntA0.UsrPrf = PxUsrPrf;
JrnEntA0.GrpPrf = PxGrpPrf;
JrnEntA0.AutCod = PxAutCod;
JrnEntA0.RplCod = PxRplCod;
JrnEntA0.VldTim = PxVldTim;
JrnEntA0.Reason = PxReason;
SndJrnE( 'QAUDJRN *LIBL '
: JrnEntInf
: JrnEntA0
: %Size( JrnEntA0 )
: ERRC0100
);
Select;
/If Defined( *V5R2M0 )
/Else
When GetPrfOwnA( PxUsrPrf ) = '*GRPPRF';
SndDiagMsg( 'CPD0006': '0000Group profile cannot be object owner.' );
SndEscMsg( 'CPF0002': '' );
/EndIf
When ChkObj( PxUsrPrf: '*LIBL': '*USRPRF' ) = *Off;
SndDiagMsg( 'CPD0006': '0000User profile does not exist.' );
SndEscMsg( 'CPF0002': '' );
When ChkObj( PxGrpPrf: '*LIBL': '*USRPRF' ) = *Off;
SndDiagMsg( 'CPD0006': '0000Group profile does not exist.' );
SndEscMsg( 'CPF0002': '' );
When ChkObj( 'QAUDJRN': '*LIBL': '*JRN' ) = *Off;
SndDiagMsg( 'CPD0006': '0000Invalid configuration. Error code 01.' );
SndEscMsg( 'CPF0002': '' );
When GetObjOwn( VLD_LST: '*LIBL': '*VLDL' ) <> 'QSECOFR';
SndDiagMsg( 'CPD0006': '0000Invalid configuration. Error code 02.' );
SndEscMsg( 'CPF0002': '' );
Other;
ExSr ChkVldLst;
EndSl;
*InLr = *On;
Return;
BegSr ChkVldLst;
If PxRplCod = 'N';
If VfyVldLstEnt( VLD_LST: '*LIBL': PxUsrPrf + PxGrpPrf ) = *Zero;
SndDiagMsg( 'CPD0006': '0000Authorization code already exists.' );
SndEscMsg( 'CPF0002': '' );
EndIf;
EndIf;
EndSr;
/End-Free
**-- Get profile owner attribute: --------------------------------------**
P GetPrfOwnA B Export
D Pi 10a
D PxUsrPrf 10a Value
**
D USRI0200 Ds Qualified
D BytRtn 10i 0
D BytAvl 10i 0
D UsrPrf 10a
D PrfOwnA 10a Overlay( USRI0200: 54 )
/Free
RtvUsrInf( USRI0200
: %Size( USRI0200 )
: 'USRI0200'
: PxUsrPrf
: ERRC0100
);
If ERRC0100.BytAvl > *Zero;
Return *Blanks;
Else;
Return USRI0200.PrfOwnA;
EndIf;
/End-Free
P GetPrfOwnA E
**-- Check object existence: -------------------------------------------**
P ChkObj B Export
D Pi 10a
D RaObjNam 10a Const
D RaObjLib 10a Const
D RaObjTyp 10a Const
**
D OBJD0100 Ds Qualified
D BytRtn 10i 0
D BytAvl 10i 0
D ObjNam 10a
D ObjLib 10a
D ObjTyp 10a
/Free
RtvObjD( OBJD0100
: %Size( OBJD0100 )
: 'OBJD0100'
: RaObjNam + RaObjLib
: RaObjTyp
: ERRC0100
);
If ERRC0100.BytAvl > *Zero;
Return *Off;
Else;
Return *On;
EndIf;
/End-Free
P ChkObj E
**-- Get object owner: -------------------------------------------------**
P GetObjOwn B Export
D Pi 10a
D RaObjNam 10a Const
D RaObjLib 10a Const
D PxObjTyp 10a Const
**
D OBJD0100 Ds Qualified
D BytRtn 10i 0
D BytAvl 10i 0
D ObjNam 10a
D ObjLib 10a
D ObjTyp 10a
D ObjLibRt 10a
D ObjASP 10i 0
D ObjOwn 10a
D ObjDmn 2a
/Free
RtvObjD( OBJD0100
: %Size( OBJD0100 )
: 'OBJD0100'
: RaObjNam + RaObjLib
: PxObjTyp
: ERRC0100
);
If ERRC0100.BytAvl > *Zero;
Return *Blanks;
Else;
Return OBJD0100.ObjOwn;
EndIf;
/End-Free
P GetObjOwn E
**-- Send diagnostic message: ------------------------------------------**
P SndDiagMsg B
D Pi 10i 0
D PxMsgId 7a Const
D PxMsgDta 512a Const Varying
**
D MsgKey s 4a
/Free
SndPgmMsg( PxMsgId
: 'QCPFMSG *LIBL'
: PxMsgDta
: %Len( PxMsgDta )
: '*DIAG'
: '*PGMBDY'
: 1
: MsgKey
: ERRC0100
);
If ERRC0100.BytAvl > *Zero;
Return -1;
Else;
Return 0;
EndIf;
/End-Free
P SndDiagMsg E
**-- Send escape message: ----------------------------------------------**
P SndEscMsg B
D Pi 10i 0
D PxMsgId 7a Const
D PxMsgDta 512a Const Varying
**
D MsgKey s 4a
/Free
SndPgmMsg( PxMsgId
: 'QCPFMSG *LIBL'
: PxMsgDta
: %Len( PxMsgDta )
: '*ESCAPE'
: '*PGMBDY'
: 1
: MsgKey
: ERRC0100
);
If ERRC0100.BytAvl > *Zero;
Return -1;
Else;
Return 0;
EndIf;
/End-Free
P SndEscMsg E
**-- Verify validation list entry: -------------------------------------**
P VfyVldLstEnt B Export
D Pi 10i 0
D PxVldL 10a Const
D PxVldLlib 10a Const
D PxUsrId 20a Const
/Free
Reset Qsy_Entry_ID_Info_T;
Qsy_Entry_ID_Info_T.Entry_ID = PxUsrId;
Qsy_Entry_ID_Info_T.Entry_ID_Len = %Size( PxUsrId );
Return FndVldLst( PxVldL + PxVldLlib
: %Addr( Qsy_Entry_ID_Info_T )
: %Addr( Qsy_Rtn_Vld_Lst_Ent_T )
);
/End-Free
P VfyVldLstEnt E
/*-------------------------------------------------------------------*/
/* */
/* Compile options: */
/* */
/* CrtCmd Cmd( OVRGRPPRF ) */
/* Pgm( CBX128 ) */
/* SrcMbr( CBX128X ) */
/* VldCkr( CBX128V ) */
/* Allow( *INTERACT ) */
/* HlpPnlGrp( CBX128H ) */
/* HlpId( *CMD ) */
/* Aut( *EXCLUDE ) */
/* */
/* */
/* Authorize user profiles to command: */
/* */
/* GrtObjAut Obj( OVRGRPPRF ) */
/* ObjType( *CMD ) */
/* User( user profile ) */
/* Aut( *USE ) */
/* */
/* - Or use the EDTOBJAUT command: */
/* */
/* EdtObjAut Obj( OVRGRPPRF ) */
/* ObjType( *CMD ) */
/* */
/* */
/*-------------------------------------------------------------------*/
Cmd Prompt( 'Override Group Profile' )
PARM GRPPRF *Sname 10 +
Min( 1 ) +
Vary( *YES *INT2 ) +
Expr( *YES ) +
Prompt( 'Group profile' )
PARM AUTCOD *Char 10 +
Min( 1 ) +
Expr( *YES ) +
Prompt( 'Authorization code' )
PARM REASON *Char 256 +
Min( 1 ) +
Vary( *YES *INT2 ) +
Expr( *YES ) +
Case( *MIXED ) +
Prompt( 'Reason' )
/*-------------------------------------------------------------------*/
/* */
/* Compile options: */
/* */
/* CrtCmd Cmd( ADDPRFAUT ) */
/* Pgm( CBX1291 ) */
/* SrcMbr( CBX1291X ) */
/* VldCkr( CBX1291V ) */
/* Allow( *INTERACT ) */
/* HlpPnlGrp( CBX1291H ) */
/* HlpId( *CMD ) */
/* Aut( *EXCLUDE ) */
/* */
/* */
/* Authorize user profiles to command: */
/* */
/* GrtObjAut Obj( ADDPRFAUT ) */
/* ObjType( *CMD ) */
/* User( ) */
/* Aut( *USE ) */
/* */
/* - Or use the EDTOBJAUT command: */
/* */
/* EdtObjAut Obj( ADDPRFAUT ) */
/* ObjType( *CMD ) */
/* */
/* */
/*-------------------------------------------------------------------*/
Cmd Prompt( 'Add profile authorization code' )
Parm USRPRF *Sname 10 +
Min( 1 ) +
Expr( *YES ) +
Prompt( 'User profile' )
Parm GRPPRF *Sname 10 +
Min( 1 ) +
Expr( *YES ) +
Prompt( 'Group profile' )
Parm AUTCOD *Char 10 +
Min( 1 ) +
Expr( *YES ) +
Prompt( 'Authorization code' )
Parm REASON *Char 256 +
Min( 1 ) +
Vary( *YES *INT2 ) +
Expr( *YES ) +
Case( *MIXED ) +
Prompt( 'Reason' )
Parm VLDTIM *Int2 +
Dft( 60 ) +
Range( 1 1440 ) +
Expr( *YES ) +
Choice( 'Minutes' ) +
Prompt( 'Valid time' )
Parm RPLAUT *Char 1 +
Rstd( *YES ) +
Dft( *NO ) +
SpcVal(( *NO N ) +
( *YES Y )) +
Expr( *YES ) +
Prompt( 'Replace authorization code' )
**
** Program . . : CBX1292
** Description : Manage profile authorization - CPP
** Author . . : Carsten Flensburg
** Published . : Club Tech iSeries Programming Tips Newsletter
** Date . . . : January 20, 2005
**
**
** Program description:
**
**
** Compile options:
** CrtRpgMod Module( CBX1292 )
** DbgView( *NONE )
** Aut( *USE )
**
** CrtPgm Pgm( CBX1292 )
** Module( CBX1292 )
** ActGrp( *NEW )
** UsrPrf( *OWNER )
** Aut( *USE )
**
** ChgObjOwn Obj( CBX1292 )
** ObjType( *PGM )
** NewOwn( QSECOFR )
**
** ChgPgm Pgm( CBX1292 )
** RmvObs( *ALL )
**
**
**-- Control specification: --------------------------------------------**
H Option( *SrcStmt )
**-- System information:
D PgmSts SDs Qualified
D PgmNam *Proc
D CurJob 10a Overlay( PgmSts: 244 )
D UsrPrf 10a Overlay( PgmSts: 254 )
D JobNbr 6a Overlay( PgmSts: 264 )
D CurUsr 10a Overlay( PgmSts: 358 )
**-- API error data structure:
D ERRC0100 Ds Qualified
D BytPrv 10i 0 Inz( %Size( ERRC0100 ))
D BytAvl 10i 0
D MsgId 7a
D 1a
D MsgDta 512a
**-- Global constants:
D VLD_LST c 'CBX128L'
D QSY_IN_VLDL c 0
D QSY_SYSTEM_ATTR...
D c 0
D ADP_PRV_INVLVL c 1
**-- Validation list API structures:
D Qsy_Vfy_Only s 1a Inz( '0' )
**-- Global variables:
D AtrDta Ds Qualified
D CrtDat 8a
D LstVfyDat 8a
D PwdChgDat 8a
D InvPwdCnt 10i 0
**
D UsrDta s 128a
**-- Validation list attribute data:
D Qsy_Attr_Info_T...
D Ds Qualified
D Number_Attrs 10i 0 Inz( 1 )
D Res_align 12a
D Attr_Descr LikeDs( Qsy_Attr_Descr_T )
D Inz( *LikeDs )
**
D Qsy_Attr_Descr_T...
D Ds Qualified
D Attr_Location 10i 0 Inz( QSY_IN_VLDL )
D Attr_Type 10i 0 Inz( QSY_SYSTEM_ATTR )
D Attr_Res 8a Inz( *Allx'00' )
D Attr_ID_p *
D Attr_Other_Descr...
D 32a Inz( *Allx'00' )
D Attr_Data_Info...
D 96a
D Attr_VLDL LikeDs( Qsy_In_VLDL_T )
D Overlay( Attr_Data_Info: 1 )
D Inz( *LikeDs )
D Attr_In_Other...
D 96a Overlay( Attr_Data_Info: 1 )
D 64a Overlay( Attr_In_Other: 33 )
D Inz( *Allx'00' )
D Attr_Other_Data...
D 32a Inz( *Allx'00' )
**
D Qsy_In_VLDL_T Ds Qualified
D Attr_CCSID 10i 0 Inz( -1 )
D Attr_Len 10i 0 Inz( 1 )
D Attr_Res_1 8a Inz( *Allx'00' )
D Attr_Value_p *
**
D Qsy_Rtn_VLDL_Attr_T...
D Ds Qualified
D Bytes_Returned...
D 10i 0
D Bytes_Available...
D 10i 0
D Attr_Len 10i 0
D Attr_CCSID 10u 0
D Attr_Data LikeDs( Qsy_Rtn_Entry_Usage_Attr_T )
**
D Qsy_Rtn_Entry_Usage_Attr_T...
D Ds Qualified
D Create_Date 8a
D Last_Used_Date...
D 8a
D Encr_Data_Chg_Date...
D 8a
D Not_Valid_Verify_Count...
D 10i 0
**-- Validation list return data:
D Qsy_Rtn_Vld_Lst_Ent_T...
D Ds Qualified
D Entry_ID_Info LikeDs( Qsy_Entry_ID_Info_T )
D Encr_Data_Info...
D LikeDs( Qsy_Entry_Encr_Data_Info_T )
D Entry_Data_Info...
D LikeDs( Qsy_Entry_Data_Info_T )
D 4a
D AtrPtr *
**
D Qsy_Entry_ID_Info_T...
D Ds Qualified
D Entry_ID_Len 10i 0
D Entry_ID_CCSID...
D 10i 0 Inz( 65535 )
D Entry_ID 100a
**
D Qsy_Entry_Encr_Data_Info_T...
D Ds Qualified
D Encr_Data_Len 10i 0
D Encr_Data_CCSID...
D 10i 0 Inz( 65535 )
D Encr_Data 600a
**
D Qsy_Entry_Data_Info_T...
D Ds Qualified
D Entry_Data_Len...
D 10i 0
D Entry_Data_CCSID...
D 10i 0
D Entry_Data 1000a
**-- Global variables:
D AutFlg s 1a
D RtnCod s 1a
**-- Check special authority
D ChkSpcAut Pr ExtPgm( 'QSYCUSRS' )
D CsAutInf 1a
D CsUsrPrf 10a Const
D CsSpcAut 10a Const Dim( 8 ) Options( *VarSize )
D CsNbrAut 10i 0 Const
D CsCalLvl 10i 0 Const
D CsError 32767a Options( *VarSize )
**-- Send program message:
D SndPgmMsg Pr ExtPgm( 'QMHSNDPM' )
D SpMsgId 7a Const
D SpMsgFq 20a Const
D SpMsgDta 128a Const
D SpMsgDtaLen 10i 0 Const
D SpMsgTyp 10a Const
D SpCalStkE 10a Const Options( *VarSize )
D SpCalStkCtr 10i 0 Const
D SpMsgKey 4a
D SpError 1024a Options( *VarSize )
**-- Find validation list entry attributes:
D FndVldLstAtr Pr 10i 0 ExtProc( 'QsyFindValidation+
D LstEntryAttrs' )
D FvLstNam 20a Const
D FvEntId * Value
D FvRtnDta * Value
D FvAtrInf * Value
**-- Remove validation list entry:
D RmvVldLstE Pr 10i 0 ExtProc( 'QsyRemoveValidation+
D LstEntry' )
D RvLstNam 20a Const
D RvEntId * Value
**-- Get usage information:
D GetUsgInf Pr 28a
D PxVldLst 10a Const
D PxVldLstLib 10a Const
D PxUsrId 20a Const
**-- Remove user password:
D RmvUsrPwd Pr 10i 0
D PxVldLst 10a Const
D PxVldLstLib 10a Const
D PxUsrId 20a Const
**-- Send escape message:
D SndEscMsg Pr 10i 0
D PxMsgDta 512a Const Varying
**-- Send completion message:
D SndCmpMsg Pr 10i 0
D PxMsgDta 512a Const Varying
**-- Send message by type:
D SndMsgTyp Pr 10i 0
D PxMsgId 7a Const
D PxMsgF 10a Const
D PxMsgDta 512a Const Varying
D PxMsgTyp 10a Const
**-- Entry parameters:
D CBX1292 Pr
D PxUsrPrf 10a
D PxGrpPrf 10a
D PxOption 3a
**
D CBX1292 Pi
D PxUsrPrf 10a
D PxGrpPrf 10a
D PxOption 3a
/Free
ChkSpcAut( AutFlg
: PgmSts.UsrPrf
: '*SECADM'
: 1
: ADP_PRV_INVLVL
: ERRC0100
);
If ERRC0100.BytAvl > *Zero Or AutFlg = 'N';
SndEscMsg( 'Special authority *SECADM required.' );
Else;
Select;
When PxOption = 'RMV';
If RmvUsrPwd( VLD_LST: '*LIBL': PxUsrPrf + PxGrpPrf ) = -1;
SndEscMsg( 'Unexpected error occurred.' );
Else;
SndCmpMsg( 'Authorization code removed.' );
EndIf;
When PxOption = 'VFY';
AtrDta = GetUsgInf( VLD_LST
: '*LIBL'
: PxUsrPrf + PxGrpPrf
);
If AtrDta = *Blanks;
SndEscMsg( 'Unexpected error occurred.' );
Else;
SndMsgTyp( 'CBX0001'
: 'CBX1292M'
: PxUsrPrf + PxGrpPrf + AtrDta
: '*COMP'
);
EndIf;
EndSl;
EndIf;
*InLr = *On;
Return;
/End-Free
**-- Send escape message: ----------------------------------------------**
P SndEscMsg B
D Pi 10i 0
D PxMsgDta 512a Const Varying
**
D MsgKey s 4a
/Free
SndPgmMsg( 'CPF9898'
: 'QCPFMSG *LIBL'
: PxMsgDta
: %Len( PxMsgDta )
: '*ESCAPE'
: '*PGMBDY'
: 1
: MsgKey
: ERRC0100
);
If ERRC0100.BytAvl > *Zero;
Return -1;
Else;
Return 0;
EndIf;
/End-Free
P SndEscMsg E
**-- Send completion message: ------------------------------------------**
P SndCmpMsg B
D Pi 10i 0
D PxMsgDta 512a Const Varying
**
D MsgKey s 4a
/Free
SndPgmMsg( 'CPF9897'
: 'QCPFMSG *LIBL'
: PxMsgDta
: %Len( PxMsgDta )
: '*COMP'
: '*PGMBDY'
: 1
: MsgKey
: ERRC0100
);
If ERRC0100.BytAvl > *Zero;
Return -1;
Else;
Return 0;
EndIf;
/End-Free
**
P SndCmpMsg E
**-- Send message by type: ---------------------------------------------**
P SndMsgTyp B
D Pi 10i 0
D PxMsgId 7a Const
D PxMsgF 10a Const
D PxMsgDta 512a Const Varying
D PxMsgTyp 10a Const
**
D MsgKey s 4a
/Free
SndPgmMsg( PxMsgId
: PxMsgF + '*LIBL'
: PxMsgDta
: %Len( PxMsgDta )
: PxMsgTyp
: '*PGMBDY'
: 1
: MsgKey
: ERRC0100
);
If ERRC0100.BytAvl > *Zero;
Return -1;
Else;
Return 0;
EndIf;
/End-Free
P SndMsgTyp E
**-- Remove user password: ---------------------------------------------**
P RmvUsrPwd B Export
D Pi 10i 0
D PxVldLst 10a Const
D PxVldLstLib 10a Const
D PxUsrId 20a Const
/Free
Reset Qsy_Entry_ID_Info_T;
Qsy_Entry_ID_Info_T.Entry_ID = PxUsrId;
Qsy_Entry_ID_Info_T.Entry_ID_Len = %Size( PxUsrId );
Return RmvVldLstE( PxVldLst + PxVldLstLib
: %Addr( Qsy_Entry_ID_Info_T )
);
/End-Free
P RmvUsrPwd E
**-- Get usage information: --------------------------------------------**
P GetUsgInf B Export
D Pi 28a
D PxVldLst 10a Const
D PxVldLstLib 10a Const
D PxUsrId 20a Const
/Free
Reset Qsy_Entry_ID_Info_T;
Reset Qsy_Entry_Encr_Data_Info_T;
Qsy_Entry_ID_Info_T.Entry_ID = PxUsrId;
Qsy_Entry_ID_Info_T.Entry_ID_Len = %Size( PxUsrId );
Qsy_Attr_Info_T.Attr_Descr.Attr_ID_p = %Alloc( 14 );
%Str( Qsy_Attr_Info_T.Attr_Descr.Attr_ID_p: 14 ) = 'QsyEntryUsage';
Qsy_Attr_Info_T.Attr_Descr.Attr_VLDL.Attr_Len =
%Size( Qsy_Rtn_VLDL_Attr_T );
Qsy_Attr_Info_T.Attr_Descr.Attr_VLDL.Attr_Value_p =
%Addr( Qsy_Rtn_VLDL_Attr_T );
If FndVldLstAtr( PxVldLst + PxVldLstLib
: %Addr( Qsy_Entry_ID_Info_T )
: %Addr( Qsy_Rtn_Vld_Lst_Ent_T )
: %Addr( Qsy_Attr_Info_T )
) = -1;
Return *Blanks;
Else;
Return %SubSt( Qsy_Rtn_VLDL_Attr_T.Attr_Data
: 1
: Qsy_Rtn_VLDL_Attr_T.Attr_Len
);
EndIf;
/End-Free
P GetUsgInf E
.*-----------------------------------------------------------------------**
.*
.* Compile options:
.*
.* CrtPnlGrp PnlGrp( CBX1292H )
.* SrcFile( QPNLSRC )
.* SrcMbr( *PNLGRP )
.*
.*-----------------------------------------------------------------------**
:PNLGRP.
:HELP NAME='MNGPRFAUT'.Manage profile authorization - Help
:P.
The Manage Profile Authorization (MNGPRFAUT) command is used to verify
or remove authorization codes.
:P.
:NT.
The authorization codes are stored in a validation list object, that is
located by means of the library list. In the event that more copies of
the validation list is available in different libraries, the outcome of
running the profile authorization code related commands, will be
dependent on the setting of the job's library list.
:ENT.
:EHELP.
:HELP NAME='MNGPRFAUT/USRPRF'.User profile (USRPRF) - Help
:XH3.User profile (USRPRF)
:P.
The name of the user profile for which to manage the authorization
code.
:P.
This is a required parameter.
:P.
:EHELP.
:HELP NAME='MNGPRFAUT/GRPPRF'.Group profile (GRPPRF) - Help
:XH3.Group profile (GRPPRF)
:P.
The name of the group profile for which the authorization code was
issued.
:P.
This is a required parameter.
:P.
:EHELP.
:HELP NAME='MNGPRFAUT/OPTION'.Authorization option (OPTION) - Help
:XH3.Authorization option (OPTION)
:P.
Specifies what type of processing the requested authorization code will
be subject to.
:P.
The possible values are:
:P.
:PARML.
:PT.:PK DEF.*VERIFY:EPK.
:PD.
Verifies that the authorization code for the specified user profile and
group profile combination exists and returns the following
authorization code attributes in the second level message text of the
completion message:
:P.
:UL COMPACT.
:LI.Creation date
:LI.Last verification date
:LI.Invalid password count
:EUL.
:PT.:PK.*REMOVE:EPK.
:PD.
Removes the authorization code for the specified user profile and group
profile combination. The authorization code is removed from the system
and no information about it will remain available.
:EPARML.
:EHELP.
:EPNLGRP.
/*-------------------------------------------------------------------*/
/* */
/* Program . . : CBX1292M */
/* Description : Manage profile authorization - setup */
/* Author . . : Carsten Flensburg */
/* Published . : Club Tech iSeries Programming Tips Newsletter */
/* Date . . . : January 20, 2005 */
/* */
/* */
/* Program function: Compiles, creates and configures all the */
/* MNGPRFAUT command objects. */
/* */
/* This program expects a single parameter */
/* specifying the library to contain the */
/* command objects. */
/* */
/* Object sources must exist in the respective */
/* source type default source files in the */
/* command object library. */
/* */
/* Requirements: This program must be run by a user profile */
/* having *ALLOBJ special authority. */
/* */
/* */
/* Compile options: */
/* CrtClPgm Pgm( CBX1292M ) */
/* SrcFile( QCLSRC ) */
/* SrcMbr( *PGM ) */
/* */
/*-------------------------------------------------------------------*/
Pgm &UtlLib
Dcl &UtlLib *Char 10
MonMsg CPF0000 *N GoTo Error
CrtRpgMod &UtlLib/CBX1292 +
SrcFile( &UtlLib/QRPGLESRC ) +
SrcMbr( *Module ) +
DbgView( *NONE ) +
Aut( *USE )
CrtPgm &UtlLib/CBX1292 +
Module( &UtlLib/CBX1292 ) +
ActGrp( *NEW ) +
UsrPrf( *OWNER ) +
Aut( *USE )
ChgObjOwn Obj( &UtlLib/CBX1292 ) +
ObjType( *PGM ) +
NewOwn( QSECOFR )
ChgPgm Pgm( &UtlLib/CBX1292 ) +
RmvObs( *ALL )
CrtRpgMod &UtlLib/CBX1292V +
SrcFile( &UtlLib/QRPGLESRC ) +
SrcMbr( *Module ) +
DbgView( *NONE ) +
Aut( *USE )
CrtPgm &UtlLib/CBX1292V +
Module( &UtlLib/CBX1292V ) +
ActGrp( *NEW ) +
UsrPrf( *OWNER ) +
Aut( *USE )
ChgObjOwn Obj( &UtlLib/CBX1292V ) +
ObjType( *PGM ) +
NewOwn( QSECOFR )
ChgPgm Pgm( &UtlLib/CBX1292V ) +
RmvObs( *ALL )
CrtPnlGrp &UtlLib/CBX1292H +
SrcFile( &UtlLib/QPNLSRC ) +
SrcMbr( *PNLGRP )
CrtCmd Cmd( &UtlLib/MNGPRFAUT ) +
Pgm( CBX1292 ) +
SrcFile( &UtlLib/QCMDSRC ) +
SrcMbr( CBX1292X ) +
VldCkr( CBX1292V ) +
Allow( *INTERACT ) +
HlpPnlGrp( CBX1292H ) +
HlpId( *CMD ) +
Aut( *EXCLUDE )
CrtMsgF MsgF( &UtlLib/CBX1292M )
AddMsgD MsgId( CBX0001 ) +
MsgF( &UtlLib/CBX1292M ) +
Msg( 'User profile &1 authorization code to +
group profile &2 verified.' ) +
SecLvl( 'The following authorization code +
attributes were returned: &N &B +
Creation date . . . . . . : &3 &B +
Last verification date . . : &4 &B +
Invalid password count . . : &6' ) +
Fmt(( *CHAR 10 ) ( *CHAR 10 ) +
( *DTS ) ( *DTS ) ( *DTS ) +
( *BIN 4 ))
CrtMnu Menu( &UtlLib/PRFAUT ) +
Type( *UIM ) +
SrcFile( &UtlLib/QMNUSRC ) +
SrcMbr( CBX129 ) +
Aut( *USE )
RmvMsg Clear( *ALL )
SndPgmMsg Msg( 'Command MNGPRFAUT has been' *Bcat +
'successfully created in library' *Bcat +
&UtlLib *Tcat +
'.' ) +
MsgType( *COMP )
SndPgmMsg Msg( 'Menu PRFAUT has been' *Bcat +
'successfully created in library' *Bcat +
&UtlLib *Tcat +
'.' ) +
MsgType( *COMP )
Return
/*-- Error handling: -----------------------------------------------*/
Error:
Call QMHMOVPM ( ' ' +
'*DIAG' +
x'00000001' +
'*PGMBDY' +
x'00000001' +
x'0000000800000000' +
)
Call QMHRSNEM ( ' ' +
x'0000000800000000' +
)
EndPgm:
EndPgm
**
** Program . . : CBX1292V
** Description : Manage profile authorization - VCP
** Author . . : Carsten Flensburg
** Published . : Club Tech iSeries Programming Tips Newsletter
** Date . . . : January 20, 2005
**
**
** Program description:
** This program checks the existence of the specified user profile
** and group profile.
**
**
** Compile options:
** CrtRpgMod Module( CBX1292V )
** DbgView( *NONE )
** Aut( *USE )
**
** CrtPgm Pgm( CBX1292V )
** Module( CBX1292V )
** ActGrp( *NEW )
** UsrPrf( *OWNER )
** Aut( *USE )
**
** ChgObjOwn Obj( CBX1292V )
** ObjType( *PGM )
** NewOwn( QSECOFR )
**
** ChgPgm Pgm( CBX1292V )
** RmvObs( *ALL )
**
**
**
**-- Control specification: --------------------------------------------**
H Option( *SrcStmt )
**-- System information:
D PgmSts SDs Qualified
D PgmNam *Proc
D CurJob 10a Overlay( PgmSts: 244 )
D UsrPrf 10a Overlay( PgmSts: 254 )
D JobNbr 6a Overlay( PgmSts: 264 )
D CurUsr 10a Overlay( PgmSts: 358 )
**-- API error data structure:
D ERRC0100 Ds Qualified
D BytPrv 10i 0 Inz( %Size( ERRC0100 ))
D BytAvl 10i 0
D MsgId 7a
D 1a
D MsgDta 512a
**-- Global constants:
D VLD_LST c 'CBX128L'
**-- Validation list entry ID:
D Qsy_Entry_ID_Info_T...
D Ds Qualified
D Entry_ID_Len 10i 0
D Entry_ID_CCSID...
D 10i 0 Inz( 65535 )
D Entry_ID 100a
**-- Validation list return data:
D Qsy_Rtn_Vld_Lst_Ent_T...
D Ds Qualified
D Entry_ID_Info LikeDs( Qsy_Entry_ID_Info_T )
D Encr_Data_Info...
D LikeDs( Qsy_Entry_Encr_Data_Info_T )
D Entry_Data_Info...
D LikeDs( Qsy_Entry_Data_Info_T )
D 4a
D AtrPtr *
**
D Qsy_Entry_Encr_Data_Info_T...
D Ds Qualified
D Encr_Data_Len 10i 0
D Encr_Data_CCSID...
D 10i 0 Inz( 65535 )
D Encr_Data 600a
**
D Qsy_Entry_Data_Info_T...
D Ds Qualified
D Entry_Data_Len...
D 10i 0
D Entry_Data_CCSID...
D 10i 0
D Entry_Data 1000a
**-- Retrieve object description:
D RtvObjD Pr ExtPgm( 'QUSROBJD' )
D RoRcvVar 32767a Options( *VarSize )
D RoRcvVarLen 10i 0 Const
D RoFmtNam 8a Const
D RoObjNamQ 20a Const
D RoObjTyp 10a Const
D RoError 32767a Options( *VarSize )
**-- Send program message:
D SndPgmMsg Pr ExtPgm( 'QMHSNDPM' )
D SpMsgId 7a Const
D SpMsgFq 20a Const
D SpMsgDta 128a Const
D SpMsgDtaLen 10i 0 Const
D SpMsgTyp 10a Const
D SpCalStkE 10a Const Options( *VarSize )
D SpCalStkCtr 10i 0 Const
D SpMsgKey 4a
D SpError 1024a Options( *VarSize )
**-- Find validation list entry:
D FndVldLst Pr 10i 0 ExtProc( 'QsyFindValidation+
D LstEntry' )
D FvLstNam 20a Const
D FvEntId * Value
D FvRtnDta * Value
**-- Check object existence:
D ChkObj Pr 10a
D RaObjNam 10a Const
D RaObjLib 10a Const
D RaObjTyp 10a Const
**-- Verify validation list entry:
D VfyVldLstEnt Pr 10i 0
D PxVldLst 10a Const
D PxVldLstLib 10a Const
D PxUsrId 20a Const
**-- Send diagnostic message:
D SndDiagMsg Pr 10i 0
D PxMsgId 7a Const
D PxMsgDta 512a Const Varying
**-- Send escape message:
D SndEscMsg Pr 10i 0
D PxMsgId 7a Const
D PxMsgDta 512a Const Varying
**-- Entry parameters:
D CBX1292V Pr
D PxUsrPrf 10a
D PxGrpPrf 10a
D PxOption 3a
**
D CBX1292V Pi
D PxUsrPrf 10a
D PxGrpPrf 10a
D PxOption 3a
/Free
Select;
When ChkObj( PxUsrPrf: '*LIBL': '*USRPRF' ) = *Off;
SndDiagMsg( 'CPD0006': '0000User profile does not exist.' );
SndEscMsg( 'CPF0002': '' );
When ChkObj( PxGrpPrf: '*LIBL': '*USRPRF' ) = *Off;
SndDiagMsg( 'CPD0006': '0000Group profile does not exist.' );
SndEscMsg( 'CPF0002': '' );
When VfyVldLstEnt( VLD_LST: '*LIBL': PxUsrPrf + PxGrpPrf ) = -1;
SndDiagMsg( 'CPD0006': '0000Authorization code does not exist.' );
SndEscMsg( 'CPF0002': '' );
EndSl;
*InLr = *On;
Return;
/End-Free
**-- Check object existence: -------------------------------------------**
P ChkObj B Export
D Pi 10a
D RaObjNam 10a Const
D RaObjLib 10a Const
D RaObjTyp 10a Const
**
D OBJD0100 Ds Qualified
D BytRtn 10i 0
D BytAvl 10i 0
D ObjNam 10a
D ObjLib 10a
D ObjTyp 10a
/Free
RtvObjD( OBJD0100
: %Size( OBJD0100 )
: 'OBJD0100'
: RaObjNam + RaObjLib
: RaObjTyp
: ERRC0100
);
If ERRC0100.BytAvl > *Zero;
Return *Off;
Else;
Return *On;
EndIf;
/End-Free
P ChkObj E
**-- Send diagnostic message: ------------------------------------------**
P SndDiagMsg B
D Pi 10i 0
D PxMsgId 7a Const
D PxMsgDta 512a Const Varying
**
D MsgKey s 4a
/Free
SndPgmMsg( PxMsgId
: 'QCPFMSG *LIBL'
: PxMsgDta
: %Len( PxMsgDta )
: '*DIAG'
: '*PGMBDY'
: 1
: MsgKey
: ERRC0100
);
If ERRC0100.BytAvl > *Zero;
Return -1;
Else;
Return 0;
EndIf;
/End-Free
P SndDiagMsg E
**-- Send escape message: ----------------------------------------------**
P SndEscMsg B
D Pi 10i 0
D PxMsgId 7a Const
D PxMsgDta 512a Const Varying
**
D MsgKey s 4a
/Free
SndPgmMsg( PxMsgId
: 'QCPFMSG *LIBL'
: PxMsgDta
: %Len( PxMsgDta )
: '*ESCAPE'
: '*PGMBDY'
: 1
: MsgKey
: ERRC0100
);
If ERRC0100.BytAvl > *Zero;
Return -1;
Else;
Return 0;
EndIf;
/End-Free
P SndEscMsg E
**-- Verify validation list entry: -------------------------------------**
P VfyVldLstEnt B Export
D Pi 10i 0
D PxVldL 10a Const
D PxVldLlib 10a Const
D PxUsrId 20a Const
/Free
Reset Qsy_Entry_ID_Info_T;
Qsy_Entry_ID_Info_T.Entry_ID = PxUsrId;
Qsy_Entry_ID_Info_T.Entry_ID_Len = %Size( PxUsrId );
Return FndVldLst( PxVldL + PxVldLlib
: %Addr( Qsy_Entry_ID_Info_T )
: %Addr( Qsy_Rtn_Vld_Lst_Ent_T )
);
/End-Free
P VfyVldLstEnt E
/*-------------------------------------------------------------------*/
/* */
/* Compile options: */
/* */
/* CrtCmd Cmd( MNGPRFAUT ) */
/* Pgm( CBX1292 ) */
/* SrcMbr( CBX1292X ) */
/* VldCkr( CBX1292V ) */
/* Allow( *INTERACT ) */
/* HlpPnlGrp( CBX1292H ) */
/* HlpId( *CMD ) */
/* Aut( *EXCLUDE ) */
/* */
/* */
/* Authorize user profiles to command: */
/* */
/* GrtObjAut Obj( MNGPRFAUT ) */
/* ObjType( *CMD ) */
/* User( ) */
/* Aut( *USE ) */
/* */
/* - Or use the EDTOBJAUT command: */
/* */
/* EdtObjAut Obj( MGNPRFAUT ) */
/* ObjType( *CMD ) */
/* */
/* */
/*-------------------------------------------------------------------*/
Cmd Prompt( 'Manage profile authorization' )
Parm USRPRF *Sname 10 +
Min( 1 ) +
Expr( *YES ) +
Prompt( 'User profile' )
Parm GRPPRF *Sname 10 +
Min( 1 ) +
Expr( *YES ) +
Prompt( 'Group profile' )
Parm OPTION *Char 3 +
Rstd( *YES ) +
Dft( *VERIFY ) +
SpcVal(( *VERIFY VFY ) +
( *REMOVE RMV )) +
Prompt( 'Authorization option' )
/*-------------------------------------------------------------------*/
/* */
/* Program . . : CBX128M */
/* Description : Override group profile - setup */
/* Author . . : Carsten Flensburg */
/* Published . : Club Tech iSeries Programming Tips Newsletter */
/* Date . . . : December 16, 2004 */
/* */
/* */
/* Program function: Compiles, creates and configures all the */
/* OVRGRPPRF command objects. */
/* */
/* This program expects a single parameter */
/* specifying the library to contain the */
/* command objects. */
/* */
/* Object sources must exist in the respective */
/* source type default source files in the */
/* command object library. */
/* */
/* Requirements: This program must be run by a user profile */
/* having *ALLOBJ special authority. */
/* */
/* The system audit journal QAUDJRN must exist */
/* for this utility to run successfully. */
/* */
/* */
/* Compile options: */
/* CrtClPgm Pgm( CBX128M ) */
/* SrcFile( QCLSRC ) */
/* SrcMbr( *PGM ) */
/* */
/*-------------------------------------------------------------------*/
Pgm &UtlLib
Dcl &UtlLib *Char 10
MonMsg CPF0000 *N GoTo Error
ChkObj QAUDJRN *JRN
CrtRpgMod &UtlLib/CBX128 +
SrcFile( &UtlLib/QRPGLESRC ) +
SrcMbr( *Module ) +
DbgView( *NONE ) +
Aut( *USE )
CrtPgm &UtlLib/CBX128 +
Module( &UtlLib/CBX128 ) +
ActGrp( *NEW ) +
UsrPrf( *OWNER ) +
Aut( *USE )
ChgObjOwn Obj( &UtlLib/CBX128 ) +
ObjType( *PGM ) +
NewOwn( QSECOFR )
ChgPgm Pgm( &UtlLib/CBX128 ) +
RmvObs( *ALL )
CrtRpgMod &UtlLib/CBX128V +
SrcFile( &UtlLib/QRPGLESRC ) +
SrcMbr( *Module ) +
DbgView( *NONE ) +
Aut( *USE )
CrtPgm &UtlLib/CBX128V +
Module( &UtlLib/CBX128V ) +
ActGrp( *NEW ) +
UsrPrf( *OWNER ) +
Aut( *USE )
ChgObjOwn Obj( &UtlLib/CBX128V ) +
ObjType( *PGM ) +
NewOwn( QSECOFR )
ChgPgm Pgm( &UtlLib/CBX128V ) +
RmvObs( *ALL )
CrtPnlGrp &UtlLib/CBX128H +
SrcFile( &UtlLib/QPNLSRC ) +
SrcMbr( *PNLGRP )
CrtCmd Cmd( &UtlLib/OVRGRPPRF ) +
Pgm( CBX128 ) +
SrcFile( &UtlLib/QCMDSRC ) +
SrcMbr( CBX128X ) +
VldCkr( CBX128V ) +
Allow( *INTERACT ) +
HlpPnlGrp( CBX128H ) +
HlpId( *CMD ) +
Aut( *EXCLUDE )
CrtVldL VldL( &UtlLib/CBX128L )
ChgObjOwn Obj( &UtlLib/CBX128L ) +
ObjType( *VLDL ) +
NewOwn( QSECOFR )
SndPgmMsg Msg( 'Command OVRGRPPRF has been' *Bcat +
'successfully created in library' *Bcat +
&UtlLib *Tcat +
'.' ) +
MsgType( *COMP )
CrtClPgm Pgm( &UtlLib/CBX1291M ) +
SrcFile( &UtlLib/QCLSRC ) +
SrcMbr( CBX1291M ) +
Aut( *USE )
CrtClPgm Pgm( &UtlLib/CBX1292M ) +
SrcFile( &UtlLib/QCLSRC ) +
SrcMbr( CBX1292M ) +
Aut( *USE )
RmvMsg Clear( *ALL )
Call Pgm( &UtlLib/CBX1291M ) +
Parm( &UtlLib )
Call Pgm( &UtlLib/CBX1292M ) +
Parm( &UtlLib )
Call QMHMOVPM ( ' ' +
'*COMP' +
x'00000001' +
'*PGMBDY' +
x'00000001' +
x'0000000800000000' +
)
Return
/*-- Error handling: -----------------------------------------------*/
Error:
Call QMHMOVPM ( ' ' +
'*DIAG' +
x'00000001' +
'*PGMBDY' +
x'00000001' +
x'0000000800000000' +
)
Call QMHRSNEM ( ' ' +
x'0000000800000000' +
)
EndPgm:
EndPgm
Thanks to Carsten Flensburg writing for
Club Tech iSeries Programming Tips Newsletter
|