|
-----Original Message-----
From: rpg400-l-bounces@xxxxxxxxxxxx
[mailto:rpg400-l-bounces@xxxxxxxxxxxx]On Behalf Of Jorge Merino
Sent: Tuesday, 12 July 2011 8:29 AM
To: RPG programming on the IBM i / System i
Subject: Spool files under original User even after QWTSETP was issues
toSwap a User Profile.
Hi!
I just created a program to do "impersonation" and execute a
give command, that is a small program that basically will
swap the user id and execute a given command.
The program uses the following APIs in the following order:
ori_user_ph = QSYGETPH(*current)
New_user_PH = QSYGETPH(New_user)
QWTSETP(New_user_PH)
QWTSJUID( set )
--Command Execution--
QWTSETP( ori_user_ph )
QWTSJUID( clear )
QSYRLSPH( new_user_ph )
QSYRLSPH( ori_user_ph )
The program gets compiled with a regular PGMR non-*ALLOBJ
user. Let's say that my program is called IMPERSONAT.
After compilation, I have a *SECADM level user to change the
program as:
CHGPGM PGM(MYLIB/IMPERSONAT) USRPRF(*OWNER) USEADPAUT(*NO)
CHGOBJOWN OBJ(MYLIB/IMPERSONAT) OBJTYPE(*PGM) NEWOWN(SECADM)
I execute the program in a regular interactive Job and it
works great. It creates some spool files under the new user,
so far so good. These are some job attributes:
Subsystem . . . . . . . . . . . . . . . . . : QINTER
Subsystem pool ID . . . . . . . . . . . . : 2
Type of job . . . . . . . . . . . . . . . . : INTER
Special environment . . . . . . . . . . . . : *NONE
However, this program must be called from a existing server
job running under QPGMR, so I call the new program exactly as
I called the program interactively, and here is the problem:
the spool files are still shown under QPGMR rather than the new user.
Subsystem . . . . . . . . . . . . . . . . . : RNSFIN2
Subsystem pool ID . . . . . . . . . . . . : 1
Type of job . . . . . . . . . . . . . . . . : BATCH
Special environment . . . . . . . . . . . . : *NONE
I'm receiving the Error DS from QWTSETP (and any API
involved) in order to know if there is errors, I even logging
every error returned from any API into the job log but no
errors are returned; I'm even doing SBMJOB CMD(CALL
IMPERSONAT) from the server job rather than a regular CALL ,
notice that I'm not using the USER() parameter on SBMJOB but
the program gets executed under the new User even using its
Job Description.
The first version of my program was using the Service Program
APIs equivalent, but I changed them to use API OPMs just in
case. I also added QWTSJUID to change the Job User Identity
for the Job, just after QWTSETP (for both to set and to clear).
How can I force the server job to generate the new spool
files under the user just after QWTSETP happened?
Any Ideas, suggestions?
Thanks.
Jorge Merino
~jmerinoh~
http://nuvek.com/
http://vektr.com/
--
This is the RPG programming on the IBM i / System i
(RPG400-L) mailing list
To post a message email: RPG400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/rpg400-l.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.