/* Program that sets user ID similar to using setuid() Description ****NOTE: Since V4R5, OS/400 has included an API

"qsysetuid" which does largely the same function as "setuid" on Unix systems. The difference is that the OS/400 API qsysetuid changes the user ID for only the current thread. On most Unix systems, setuid changes the user ID for the entire process. If this thread-based behavior is compatible with your program, you can simply use the following line of code (and not the long example after this intro) to deal with setuid in your code: #define setuid qsysetuid The program which follows remains here as an example of using a few OS/400 system APIs, including QSYGETPH. This API required an additional parameter at V5R3 and the following code includes that parameter. ***** This program implements functionality similar to the setuid() API found on UNIX systems. Using the OS/400 Security APIs, we're able to provide largely the same function. This code can be a basis for implementing a setuid() function to use in porting your code. This small program that is furnished by IBM is a simple example to provide an illustration. This example has not been thoroughly tested under all conditions. IBM, therefore, cannot guarantee or imply reliability, serviceability, or function of this program. All programs contained herein are provided to you "AS IS". THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE EXPRESSLY DISCLAIMED. */ /************************************************************************/ /* */ /* test case: setuid.c */ /* */ /* objective: setuid() workaround */ /* */ /* usage notes: Compile this program using CRTBNDC */ /* */ /* Do not run this program interactively. Submit it */ /* using SBMJOB. Otherwise, your session authority */ /* will be the test user profile's, and you'll have */ /* to signoff then signon again to reset your session */ /* authority. */ /* */ /* Also, it might not be a bad idea to create the user */ /* profile that you want to switch to. You'll get a */ /* CPF2204 (User profile not found) if you don't create */ /* the user profile first. Imagine that... */ /* */ /************************************************************************/ #include #include #include #include <qsygetph.h> <qsyrlsph.h> <qwtsetp.h> <qusec.h>

/* Qus_EC_t */

#include #include #include #include

<string.h> <stdio.h> <stdlib.h> <unistd.h>

/* /* /* /*

memcpy */ printf,sprintf */ exit */ sleep */

void main() { char usr[11]; char pwd[11]; char prf_handle[12]; Qus_EC_t errorCode; /* note: strings containing USERID and PASSWD must be padded with */ /* trailing spaces to 10 characters and be all uppercase. */ sprintf(usr, "%-10.10s", "TEST123"); sprintf(pwd, "%-10.10s", "TEST123"); /* delay to view change */ sleep(10); /* get a verified user profile handle from OS */ memset(&errorCode, 0, sizeof(errorCode)); errorCode.Bytes_Provided = sizeof(errorCode); QSYGETPH(usr, pwd, prf_handle, &errorCode, strlen(pwd),0); if (errorCode.Bytes_Available) { printf("QSYGETPH: failed %.7s\n", errorCode.Exception_Id); exit(1); } /* set the job to the new user profile */ memset(&errorCode, 0, sizeof(errorCode)); errorCode.Bytes_Provided = sizeof(errorCode); QWTSETP(prf_handle, &errorCode); if (errorCode.Bytes_Available) { printf("QSYSETP: failed %.7s\n", errorCode.Exception_Id); exit(1); } /* release profile handle - free system resoures This is commented out because QSYRLSPH, a *PGM object, is not, by default, granted *USE to the test profile. This code should be used by a server profile which has access to that object. The profile handle will go away when the current job ends, otherwise. It's just a good idea for a server to free variable resources. memset(&errorCode, 0, sizeof(errorCode)); errorCode.Bytes_Provided = sizeof(errorCode); QSYRLSPH(prf_handle, &errorCode); if (errorCode.Bytes_Available) { printf("QSYRLSPH: failed %.7s\n", errorCode.Exception_Id); exit(1); } memset(prf_handle, 0, sizeof(prf_handle)); */

/* delay to view change */ sleep(10); }