|
Kenneth, I have used the change effective user and change effective group quite a bit to simulate adopted authority. To do that I wrote a pretty complete set of wrappers for them. One big limitation is that you cannot swap supplemental groups. In that case you have to change profiles, and swap. I have found that changing effective user/group is much more efficient. There is a lot to consider when you implement this. I wanted to duplicate the functionality of adopted authority, which meant that I had to register exits so that authority would not linger beyond the call stack boundary. Also, you will have to make some choices on who can change to who. I only supported swaps to profiles the underlying user had *USE to. One exception I ran into was in server jobs. I also wanted to be able to stack authorities like adoption so I had to get into profile changes and profile swaps. For now I will post snippets if you want and will think about making the whole thing open source. Here is something to get you started: ************************************************************************** * Prototype definitions * ************************************************************************** * Set effective Group ID DqsySetEGID PR 10I 0 EXTPROC('qsysetegid') D PR_GID 10I 0 value * Get effective group ID for a given group name (group profile) DGetGrNam PR * EXTPROC('getgrnam') D PR_pName * value options(*string) * Set effective User ID DqsySetEUID PR 10I 0 EXTPROC('qsyseteuid') D PR_UID 10I 0 value * Get effective User ID for a given name (profile) DGetPwNam PR * EXTPROC('getpwnam') D PR_pName * value options(*string) PSetEUsr B EXPORT DSetEUsr PI LIKE(RtnCod) D CurUsr 10A CONST D RtnCod S 10I 0 *************************************************** * Password structure as defined in QSYSINC/H(PWD) * *************************************************** Dpasswd DS BASED(pPasswd) D ppw_name * D pw_uid 10I 0 D pw_gid 10I 0 D ppw_dir * D ppw_shell * C EVAL pPasswd = GetPwNam(CurUsr) C EVAL RtnCod = qsySetEUID(pw_uid) C IF RtnCod <> *ZEROS C CALLP SndUnixErr('Error setting effective user') C ELSE C CALLP SndMsg(*OMIT: 'Effective user set to ' + C CurUsr) C ENDIF C RETURN RtnCod PSetEUsr E >>> keg@nwnatural.com 08/08/02 10:55AM >>> Thanx Scott ... That's what I was looking for ... Now all I have to do is figure out if there is a practical way to utilize this API. I want to design a way to run under a different group profile within a job, without having to change a user profile's group profile attribute and then SWAP back to the same user. I don't want to "reinvent the wheel" if someone has already done this. If anyone has put something together using these API's I'd love to take a look at what you've done. Kenneth
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.