Re: CPYTOIMPF command checks windows userid

You can retrieve a profile handle to the currently logged in user profile by calling QSYGETPH. You would do this before swapping to another profile -- just call QSYGETPH to get the handle... save the handle in a variable, and then use it to swap back later... no need to know the original user's password.

Re: CPYTOIMPF command checks windows userid

Hi Scott.....I didn't realize you were so close. Maybe we know each other.

I am still a bit confused. I have tried a few ways to get this to work but have not had any luck. It has to be the way I am using the API. I was trying to make it short and easy to read. Can you possibly comment on how to change my code to make it work? This is just a test CL that I would need to put parts into a current CL that is running.

Thanks for any help.

4900 PGM
4901
4902 DCL VAR(&ORGID) TYPE(*CHAR) LEN(10)
4903 DCL VAR(&ORGUSER) TYPE(*CHAR) LEN(12)
4904 DCL VAR(&SFTUSER) TYPE(*CHAR) LEN(12)
4905 DCL VAR(&USERID) TYPE(*CHAR) LEN(10) +
4906 VALUE('AS400PAY ')
4907 DCL VAR(&PASSWRD) TYPE(*CHAR) LEN(10) +
4908 VALUE('$as400$15 ')
4909 DCL VAR(&ERR) TYPE(*CHAR) LEN(1024)
4910 DCL VAR(&PWDLEN) TYPE(*INT) LEN(4) VALUE(10)
4911 DCL VAR(&PWDCCSID) TYPE(*INT) LEN(4) VALUE(0)
4912 DCL VAR(&ERROR) TYPE(*CHAR) LEN(5)
4913 CHGVAR VAR(&ERROR) VALUE(' ')
4914
4915 /* GET THE CURRENT USER PROFILE */
4916 RTVJOBA USER(&ORGID)
4917
4918 /* SWAP JOB'S CURRENT USER PROFILE TO THE PUBLIC USER PROFLE */
4919 CALL PGM(QSYGETPH) PARM(&USERID &PASSWRD +
4920 &SFTUSER &ERR &PWDLEN &PWDCCSID)
4921
4922 MONMSG MSGID(CPF22E2 CPF22E3 CPF22E4 CPF22E5 +
4923 CPF2255 CPF2203 CPF2204) EXEC(DO)
4924 CHGVAR VAR(&ERROR) VALUE('Error')
4925 ENDDO
4926
4927 CALL PGM(QWTSETP) PARM(&SFTUSER)
4928
4929 /* NOW DISPLAY THE SPOOLED FILES FOR THE NEW USER PROFILE TO VERIFY SWAP */
4930 WRKSPLF ASTLVL(*BASIC)
4931
4932 /* NOW SWAP BACK TO THE ORIGINAL USER PROFILE */
4933 CALL PGM(QSYGETPH) PARM(&ORGID &ORGUSER &ERR +
4934 &PWDLEN &PWDCCSID)
4935
4936 MONMSG MSGID(CPF22E2 CPF22E3 CPF22E4 CPF22E5 +
4937 CPF2255 CPF2203 CPF2204) EXEC(DO)
4938 CHGVAR VAR(&ERROR) VALUE('Error')
4939 ENDDO
4940
4941 CALL PGM(QWTSETP) PARM(&ORGUSER)
4942
5200 /* NOW DISPLAY THE SPOOLED FILES FOR THE OLD USER PROFILE TO VERIFY SWAP */
5400 WRKSPLF ASTLVL(*BASIC)
5500
5600 ENDPGM

Re: CPYTOIMPF command checks windows userid

When you map the IFS folder to a windows drive letter, you can specify that it should "connect with different credentials", i.e. log in with a different username and password. Have you tried this? Here, our usernames are not the same on the IBM as on the Windows network, so we have to do this.

Re: CPYTOIMPF command checks windows userid

I agree with Viking, the user IDs don't need to match when mapping a drive, you just need to tick the checkbox to specify a different user which seems an awful lot simpler.

If you still require the program, the basic steps involved are:

1. Get the profile handle of the current user [e.g. CALL PGM(QSYGETPH) PARM('*CURRENT' ' ' &ORGUSER) ]
2. Get the profile handle of the new user as you have already done.
3. Swap to the new profile as you have already done.
4. You should then release the profile handle [e.g. CALL PGM(QSYRLSPH) PARM(&SFTUSER) ]

Once you have performed everything under the new profile, to swap back again:

1. Swap back to the old profile [e.g. CALL PGM(QWTSETP) PARM(&ORGUSER) ]
2. Release the profile handle [e.g. CALL PGM(QSYRLSPH) PARM(&ORGUSER) ]

Re: CPYTOIMPF command checks windows userid

Hmmm... I suggested retrieving the profile handle of the original user so you could use it to swap back. Doesn't look like you even tried that? The code should look like this:

Assuming the user has authority to the profile in question, you don't need the password. A user always has authority to his/her own profile, so when I call QSYGETPH for *CURRENT at the start of this program, it should always succeed. Now that I have the profile handle (&ORIGUSER) i can switch back to the original user later in the program, no matter what authority AS400PAY has because I''ve already retrieved the handle.

Then, I get the new profile handle (for the AS400PAY user) and switch to it. Again, if the user has enough authority (i.e, *USE authority to the AS400PAY user profile) they don't need the password. Of course, if you prefer to use the password you could add the additional parameters on that 2nd line to pass the password, et al, in which case the user wouldn't need the *USE authority -- but,.. I dunno, I think hard-coding a password in a program is much worse than giving them authority to a profile. Especially when the profile's only purpose is to be compatible with a windows user id.

QWTSETP of course switches the profile, so you can do your windows stuff. Then, afterwards, QWTSETP is called with the original userid's profile handle to switch back. Then the handles are cleaned up and the program ends. MONMSG is there to make sure things get switched back (otherwise if the program crashed, the user would be stuck under the new profile handle, which wouldn't be good.)

Re: CPYTOIMPF command checks windows userid

A small point and FYI. The API documentation mentions:
so the 2nd parm is irrelevant in that case.

Scott does raise a good point though from a security perspective. You'd definitely want the error monitors there to swap everything back if any error occurs. However, as you are doing a WRKSPLF, this does have a command line which means anything entered in there will be under this AS400PAY profile. Also, a SYSREQ-2 will leave them swapped to the new profile until they log off. This needs to be considered with this approach.

Re: CPYTOIMPF command checks windows userid

I believe it has to be one of the special values like *NOPWDCHK when using *CURRENT. And as you cited, the length and CCSID parameters are not allowed at all -- which is very important. I've seen situations where this API is used in a server program so that a client connects and sends his userid/password. You DON'T want to allow that client to send *CURRENT and *NOPWDCHK for those parameters! That would be a huge security hole. So when the length/ccsid parameters as passed, the special values are not allowed, and when the special values are used, the length/ccsid parameters are not not allowed. That way, you cannot change between using special values and using an actual userid/password without changing the program code.

Absolutely!! Definitely should do nothing interactive while swapped. I think the WRKSPLF was only there for the purpose of testing the programmers code, and was not intended to remain there... but it's good that this is pointed out, because that would be very bad if there was a WRKSPLF or any interactive program there.

As I understand it, the intent was really to use CPYTOIMPF while swapped, which would be fine. But, if something like WRKSPLF is desired, this should be done either before swapping or after swapping back. (Even if that means you need to swap multiple times in your CL.) Do not run an interactive program while swapped unless you don't care if the user can permanently become the new profile. (Which, by the way, can lead to some very confusing calls to your support desk, when they have no idea why the user is lacking authority to something and can't figure out what's going on, and programs are logging the wrong userid in logs, etc... yeah, not good.)