|
midrange.com
Kenneth,
I have used the change effective user and change effective group quite
a bit to simulate adopted authority. To do that I wrote a pretty
complete
set of wrappers for them. One big limitation is that you cannot swap
supplemental groups. In that case you have to change profiles, and
swap.
I have found that changing effective user/group is much more
efficient.
There is a lot to consider when you implement this. I wanted to
duplicate
the functionality of adopted authority, which meant that I had to
register
exits so that authority would not linger beyond the call stack
boundary.
Also, you will have to make some choices on who can change to who. I
only
supported swaps to profiles the underlying user had *USE to. One
exception
I ran into was in server jobs. I also wanted to be able to stack
authorities
like adoption so I had to get into profile changes and profile swaps.
For now I will post snippets if you want and will think about making
the
whole thing open source. Here is something to get you started:
**************************************************************************
* Prototype definitions
*
**************************************************************************
* Set effective Group ID
DqsySetEGID PR 10I 0 EXTPROC('qsysetegid')
D PR_GID 10I 0 value
* Get effective group ID for a given group name (group profile)
DGetGrNam PR * EXTPROC('getgrnam')
D PR_pName * value options(*string)
* Set effective User ID
DqsySetEUID PR 10I 0 EXTPROC('qsyseteuid')
D PR_UID 10I 0 value
* Get effective User ID for a given name (profile)
DGetPwNam PR * EXTPROC('getpwnam')
D PR_pName * value options(*string)
PSetEUsr B EXPORT
DSetEUsr PI LIKE(RtnCod)
D CurUsr 10A CONST
D RtnCod S 10I 0
***************************************************
* Password structure as defined in QSYSINC/H(PWD) *
***************************************************
Dpasswd DS BASED(pPasswd)
D ppw_name *
D pw_uid 10I 0
D pw_gid 10I 0
D ppw_dir *
D ppw_shell *
C EVAL pPasswd = GetPwNam(CurUsr)
C EVAL RtnCod = qsySetEUID(pw_uid)
C IF RtnCod <> *ZEROS
C CALLP SndUnixErr('Error setting effective
user')
C ELSE
C CALLP SndMsg(*OMIT: 'Effective user set to ' +
C CurUsr)
C ENDIF
C RETURN RtnCod
PSetEUsr E
>>> keg@nwnatural.com 08/08/02 10:55AM >>>
Thanx Scott ... That's what I was looking for ... Now all I have to do
is
figure out if there is a practical way to utilize this API. I want to
design
a way to run under a different group profile within a job, without
having to
change a user profile's group profile attribute and then SWAP back to
the
same user.
I don't want to "reinvent the wheel" if someone has already done this.
If
anyone has put something together using these API's I'd love to take a
look
at what you've done.
Kenneth
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
