Code:
- FTPLOGON
-
- // MAKE SURE TO USE ADOPTED AUTHORITY WITH OWNER OF QSECOFR
- //
- //-----------------------------------------------------------------+
- //.Name.....> FTPLOGON +
- //.Author...> Glenn Hopwood +
- //.Date.....> 02/02/2007 +
- //.Called By> QIBM_QTMF_SVR_LOGON exit point. +
- //.Errors...> +
- //.Recovery:> +
- //.Timing...> On demand +
- //.Reports..> +
- //.Calls....> +
- //.Parm/LDA.> *see 'inputparms'
- //. +
- //. +
- //.Narrative> Called on QIBM_QTMF_SVR_LOGON exit point. +
- //. This program is called whenever someone logs onto regional's
- //. FTP server. (Look at WRKREGINF for the exit point above) +
- //. +
- //. We want to allow certain users to sign on and block others. +
- //. In order to get the req'd user info we need to call an API +
- //. called QSYRUSRI. From that we will get the user's 'class' and
- //. group profile. +
- //.----------------------------------------------------------------+
- //.Revision: Date: Scan: Pgmr: Pj#: +
- //. Reason/Function +
- //. +
- //.----------------------------------------------------------------+
- //.File Notes: +
- //. +
- //.Indicators: +
- //.----------- +
- //. 01 - +
- //. +
- //.----------------------------------------------------------------+
- H option(*srcstmt : *nodebugio)
- //
- //
- //.----------------------------------------------------------------+
- // Prototypes
- //
- Dinputparms pr EXTPGM('FTPLOGON')
- D AppId 9b 0
- D UsrId 32766A options(*varsize)
- D UsrIdLen 9b 0
- D PsWrd 32766A options(*varsize)
- D PsWrdLen 9b 0
- D ClntIP 32766A options(*varsize)
- D ClntIPLen 9b 0
- D RetCode 9b 0
- D OvrUsrPrf 10
- D OvrPswrd 10
- D OvrIntLib 10
-
- Dinputparms pi
- D iAppId 9b 0
- D iUsrId 32766A options(*varsize)
- D iUsrIdLen 9b 0
- D iPsWrd 32766A options(*varsize)
- D iPsWrdLen 9b 0
- D iClntIP 32766A options(*varsize)
- D iClntIPLen 9b 0
- D oRetCode 9b 0
- D oOvrUsrPrf 10
- D oOvrPswrd 10
- D oOvrIntLib 10
-
- DrtvUsrPrf pr EXTPGM('QSYRUSRI')
- D xRcvVar 32766a
- D xRcvVarLen 9b 0
- D xFormat 8a
- D xUsrPrf 10a
- D xError 32766a
-
- /copy qsysinc/qrpglesrc,qsyrusri
- /copy qsysinc/qrpglesrc,qtes
- /copy qsysinc/qrpglesrc,qsy
-
- //.----------------------------------------------------------------+
- // Data Structures
- //.----------------------------------------------------------------+
- // File Information Data Structure for Display information
- D*FIL#D$ E DS
- //
- // Program Data Structure for Display information
- D UTP#DS ESDS
-
- D rtnData ds qualified based(prtnData)
- D data likeds(QSYI0200)
- D extra 1000a
- //.----------------------------------------------------------------+
- // Variables
- // ** constants **
- // ** keys **
- // ** work fields **
- D prtnData s *
- D wRcvVar s 32766a
- D wRcvVarLen s 9b 0 inz(%len(rtnData))
- D wFormat s 8a inz('USRI0200')
- D wUsrPrf s 10a
- D wError s 32766a
- D wData s 30a
- // ** hold fields **
- // ** date fields **
-
- /FREE
-
-
- // Retrieve user profile data
- exsr @RTVUSRINF;
-
- // Don't allow any Q* profiles to log on
- if %subst(FUSRID:1:1) = 'Q';
- oRetCode = 0;
-
- // Any class other then *USER is OK (*PGMR, *SECOFR, etc..)
- elseif rtnData.data.QSYUC <> '*USER' and
- rtnData.data.QSYUC <> '*NONE' and
- rtnData.data.QSYUC <> ' ';
- oRetCode = 1;
-
- // Group profile of 'FTPUSER' is OK
- elseif rtnData.data.QSYGP01 = 'FTPUSER';
- oRetCode = 1;
-
- // Default to 'NO'
- else;
- oRetCode = 0;
-
- endif;
-
-
- *inlr = *on;
- return;
-
- //-------------------------------------------------------------------
- // @RTVUSRINF
- //-------------------------------------------------------------------
- begsr @RTVUSRINF;
-
- wUsrPrf = FUSRID;
-
- // Get user profile data in the format specified in wFormat
- callp rtvUsrPrf(wRcvVar :
- wRcvVarLen:
- wFormat :
- wUsrPrf :
- wError );
-
- // Overlay the basing pointer of the rtnData DS to the
- // receiver variable wRcvVar
- prtnData = %addr(wRcvVar);
-
- endsr;
-
- /END-FREE
-
- FTPCMDREQ - This program also logs the attempts see FTPCMDREQF below
-
- //-----------------------------------------------------------------+
- //.Name.....> +
- //.Author...> Glenn Hopwood (Electric Mobility) +
- //.Date.....> +
- //.Called By> +
- //.Errors...> +
- //.Recovery:> +
- //.Timing...> On demand +
- //.Reports..> +
- //.Calls....> +
- //.Parm/LDA.> +
- //. +
- //. +
- //.Narrative> Called on QIBM_QTMF_SERVER_REQ exit point. +
- //. +
- //. +
- //.----------------------------------------------------------------+
- //.Revision: Date: Scan: Pgmr: Pj#: +
- //. Reason/Function +
- //. +
- //.----------------------------------------------------------------+
- //.File Notes: +
- //. +
- //.Indicators: +
- //.----------- +
- //. 01 - +
- //. +
- //.----------------------------------------------------------------+
- H option(*srcstmt : *nodebugio)
- //
- //
- FFTPCMDREQFUF A E k Disk
- //
- //
- //.----------------------------------------------------------------+
- // Prototypes
- //
- Dinputparms pr EXTPGM('FTPCMDREQ')
- D AppId 9b 0
- D OpId 9b 0
- D UsrId 10A
- D ClntIP 32766A options(*varsize)
- D ClntIPLen 9b 0
- D OpInfo 32766A options(*varsize)
- D OpInfoLen 9b 0
- D RetCode 9b 0
-
- Dinputparms pi
- D iAppId 9b 0
- D iOpId 9b 0
- D iUsrId 10A
- D iClntIP 32766A options(*varsize)
- D iClntIPLen 9b 0
- D iOpInfo 32766A options(*varsize)
- D iOpInfoLen 9b 0
- D oRetCode 9b 0
-
- DrtvUsrPrf pr EXTPGM('QSYRUSRI')
- D xRcvVar 32766a
- D xRcvVarLen 9b 0
- D xFormat 8a
- D xUsrPrf 10a
- D xError 32766a
-
- /copy qsysinc/qrpglesrc,qsyrusri
- /copy qsysinc/qrpglesrc,qtes
- /copy qsysinc/qrpglesrc,qsy
-
- //.----------------------------------------------------------------+
- // Data Structures
- //.----------------------------------------------------------------+
- // File Information Data Structure for Display information
- D*FIL#D$ E DS
- //
- // Program Data Structure for Display information
- D UTP#DS ESDS
-
- D rtnData ds qualified based(prtnData)
- D data likeds(QSYI0300)
- D extra 1000a
-
- D homedir ds qualified based(pHomeDir)
- D info likeds(QSYPI)
- D str 1000c varying
- //.----------------------------------------------------------------+
- // Variables
- // ** constants **
- D STR_SESSION s 9b 0 inz(0)
- D CRTDIR s 9b 0 inz(1)
- D DLTDIR s 9b 0 inz(2)
- D CHGCURDIR s 9b 0 inz(3)
- D LSTDIR s 9b 0 inz(4)
- D DLTF s 9b 0 inz(5)
- D SNDF s 9b 0 inz(6)
- D RCVF s 9b 0 inz(7)
- D RNMF s 9b 0 inz(8)
- D EXEC_CL s 9b 0 inz(9)
- D NEVERALLOW s 9b 0 inz(-1)
- D REJECT s 9b 0 inz(0)
- D ALLOW s 9b 0 inz(1)
- D ALWYSALLOW s 9b 0 inz(2)
- // ** keys **
- D*keyPRDNO s 15
- // ** work fields **
- D prtnData s *
- D wRcvVar s 32766a
- D wRcvVarLen s 9b 0 inz(%len(rtnData))
- D wFormat s 8a inz('USRI0300')
- D wUsrPrf s 10a
- D wError s 32766a
- D wHomeDir s 32766 varying
- D wHomeDirL s 9 0
- D hldHomeD s 1000 varying
- D i s 5 0
- // ** hold fields **
- // ** date fields **
- D Today s d inz(*sys)
-
- /FREE
-
- exsr @RTVUSRINF;
-
- // Default value
- oRetCode = REJECT;
-
- // Decide what to do based on iOpId (Operation ID) and some user data
- select;
-
- // always allow a session - assume the LOGON exit point is working
- when iOpId = STR_SESSION;
- oRetCode = ALLOW;
-
- // If the user's class is more then *user, allow all
- when rtnData.data.QSYUC00 = '*SECOFR' or
- rtnData.data.QSYUC00 = '*SECADM' or
- rtnData.data.QSYUC00 = '*PGMR' or
- rtnData.data.QSYUC00 = '*SYSOPR';
- oRetCode = ALWYSALLOW;
-
- // NEVER ALLOW a non-pgmr, secofr or sysopr user class to run cmds
- when iOpId = EXEC_CL;
- oRetCode = NEVERALLOW;
-
- // All others...see subroutine for comments
- other;
- exsr @CKHOMEDIR;
-
- endsl;
-
- exsr @WRTLOG;
-
- *inlr = *on;
- return;
-
- //-------------------------------------------------------------------
- // @RTVUSRINF
- //-------------------------------------------------------------------
- begsr @RTVUSRINF;
-
- wUsrPrf = iUsrId;
-
- // Get user profile data in the format specified in wFormat
- callp rtvUsrPrf(wRcvVar :
- wRcvVarLen:
- wFormat :
- wUsrPrf :
- wError );
-
- // Overlay the basing pointer of the rtnData DS to the
- // receiver variable wRcvVar
- prtnData = %addr(wRcvVar);
-
- // Overlay the basing pointer of the homedir DS to the
- // proper place in the receiver variable wRcvVar
- pHomeDir = %addr(wRcvVar) + rtnData.data.QSYHDO;
- wHomeDir = %char(%trim(homedir.str));
- wHomeDirL = homedir.info.QSYBYTES/2;
-
- hldHomeD = %subst(wHomeDir:1:wHomeDirL-1);
-
- endsr;
-
- //-------------------------------------------------------------------
- // @CKHOMEDIR - We will allow a user to do just about anything, as
- // long as it is only in their own home directory.
- // 1 - Retrieve the user's home directory
- // 2 - Compare it to the operation specific info
- //
- // if the user is trying to do something to an object not contained
- // in their home dir, don't allow it.
- // if the user is trying to do a DLTDIR to their own home dir,
- // don't allow it.
- //-------------------------------------------------------------------
- begsr @CKHOMEDIR;
-
- // if the length of the string containing the op specific data
- // is shorter then the home dir, reject
- if %len(%trim(wHomeDir)) > %len(%trim(iOpInfo));
- oRetCode = REJECT;
- leavesr;
- endif;
-
- // Scan for the user's home dir in the op specific data
- i = %scan(%trim(hldHomeD):%trim(iOpInfo));
-
- // if iOpInfo doesn't contain the users home dir, reject
- if i <= 0;
- oRetCode = REJECT;
- leavesr;
- endif;
-
- // If the op ID is DLTDIR and the op specific data is the same
- // length as the wHomeDir then they are trying to delete their
- // home dir
- if %len(%trim(wHomeDir)) = %len(%trim(iOpInfo)) and
- iOpId = DLTDIR;
- oRetCode = REJECT;
- leavesr;
- endif;
-
- // If you passed the tests above....
- oRetCode = ALLOW;
-
- endsr;
-
- //-------------------------------------------------------------------
- // @WRTLOG
- //-------------------------------------------------------------------
- begsr @WRTLOG;
-
- chain (iUsrId) FTPCMDREQF;
-
- FAPPID = iAppId;
- FOPID = iOpId;
- FUSRID = iUsrId;
- FCLNTIP = %subst(iClntIP:1:iClntIPLen) + ' HD:' + %trim(hldHomeD);
- FOPER = iOpInfo;
- FDATE = %date();
- FTIME = %time();
- FRETCODE = oRetCode;
-
- if %found(FTPCMDREQF);
- update FTPCMDREQR;
- else;
- write FTPCMDREQR;
- endif;
-
- endsr;
-
- /END-FREE
-
- R FTPCMDREQR
- *
- FUSRID 10 TEXT('User ID')
- FAPPID 9B 0 TEXT('App ID')
- FOPID 9B 0 TEXT('Operation ID')
- FRETCODE 9B 0 TEXT('Operation ID')
- FCLNTIP 50 TEXT('Client IP')
- FOPER 256 TEXT('Operation Specifics')
- *
- FDATE L
- FTIME T
- *
- K FUSRID
-
-
-
|
|