Tip

Run remote command exit program

Here is a sample CL program that allows certain users with Limit Capabilities(*YES) to run the CALL command remotely.

Note in the remarks that initial access security to the remote command is set up through Operations Navigator:
- right click on the AS/400 in question;
- select Application Administration;
- select the Client Applications
- expand AS/400 Client Access Express;
- secure 'Remote Command - Command Line' to the appropriate users.

Information is also provided in the program remarks on how to register the exit program.


 
/********************************************************************/
/*                                                                  */
/* Program name: UTJRMTCMD                                          */
/* System name:  Security                                           */
/* Author:       Mary C. Milliron                                   */
/* Project No.:  M5176                                              */
/*                                                                  */
/* Program Narrative:                                               */
/*                                                                  */
/*   This is an Exit program to secure the Remote Command to        */
/* certain users. Initial security is provided by Operations        */
/* Navigator. It is limiting access to the remote command to QPGMR, */
/* QSYSOPR, QSECOFR and APPDEV group profiles. APPDEV has been      */
/* placed in the Additional Group Profiles list for certain users   */
/* so that they can call a program that will end a server.  This    */
/* exit program was written to prevent them from accessing other    */
/* commands.                                                        */
/*                                                                  */
/*   There are 2 types of remote commands that go thru this exit    */
/* program:                                                         */
/*                                                                  */
/*  1. The distributed program call. RCFID = 4099                   */
/*     This is a system call from an application.                  */
/*                                                                  */
/*  2. The command line call. RCFID = 4098                          */
/*     This is a call from a Windows command prompt.                */
/*                                                                  */
/*   To register this program as an exit program, WRKREGINF and     */
/* add it to exit point QIBM_QZRC_RMT.                              */
/*                                                                  */
/* Compiler Options:                                                */
/*                                                                  */
/*   << list options specific to this program >>                    */
/*                                                                  */
/* Command:                                                         */
/*                                                                  */
/*   << if applicable >>                                            */
/*                                                                  */
/* Program Modification History:                                    */
/*                                                                  */
/*  mm/dd/yyyy  intitials  Project No: Mnnnn                        */
/*                         Description                              */
/*                                                                  */
/********************************************************************/
             PGM        PARM(&STATUS &REQUEST)

             DCL        VAR(&MSG) TYPE(*CHAR) LEN(200)

/*                                     */
/* PROGRAM CALL PARAMETER DECLARATIONS */
/*                                     */

             DCL        VAR(&STATUS) TYPE(*CHAR) LEN(1) /* +
                          Accept/Reject indicator */

    /* */
    /* Note: Request is declared as *CHAR LEN(2000) because that is */
    /* the limit in CL. The actual length of REQUEST is 4171. */
    /* */
             DCL        VAR(&REQUEST) TYPE(*CHAR) LEN(2000) /* +
                          Parameter structure */

/*                                 */
/* PARAMETER DECLARES              */
/*                                 */

    /* COMMON DECLARES */
             DCL        VAR(&USER) TYPE(*CHAR) LEN(10)
    /* User ID     */
             DCL        VAR(&APPLIC) TYPE(*CHAR) LEN(10)
    /* Server ID   */
             DCL        VAR(&FUNCTN) TYPE(*CHAR) LEN(10) /* Function +
                          being performed   */

    /* REMOTE COMMAND SERVER DECLARES */
             DCL        VAR(&RCFMT) TYPE(*CHAR) LEN(8) /* Format +
                          name                 */
             DCL        VAR(&RCFID) TYPE(*CHAR) LEN(4) /* Function +
                          identifier         */
             DCL        VAR(&RCPGM) TYPE(*CHAR) LEN(10) /* Program +
                          name                */
             DCL        VAR(&RCLIB) TYPE(*CHAR) LEN(10) /* Program +
                          library name        */
             DCL        VAR(&RCNUM) TYPE(*CHAR) LEN(4) /* Number of +
                          parms or cmdlen */
             DCL        VAR(&RCDATA) TYPE(*CHAR) LEN(6000) /* +
                          Command string nor parms */

/*                                 */
/* OTHER DECLARES                  */
/*                                 */
             DCL        VAR(&WRKLEN) TYPE(*CHAR) LEN(5)
             DCL        VAR(&DECLEN) TYPE(*DEC) LEN(8 0)
             DCL        VAR(&LMTCPB) TYPE(*CHAR) LEN(10)
             DCL        VAR(&CMD) TYPE(*CHAR) LEN(4)
             DCL        VAR(&RCFID_DEC) TYPE(*DEC) LEN(5 0) /* +
                          Function identifier         */

/*                                                    */
/* EXTRACT THE VARIOUS PARAMETERS FROM THE STRUCTURE  */
/*                                                    */

    /* HEADER */
             CHGVAR     VAR(&USER) VALUE(%SST(&REQUEST 1 10))
             CHGVAR     VAR(&APPLIC) VALUE(%SST(&REQUEST 11 10))
             CHGVAR     VAR(&FUNCTN) VALUE(%SST(&REQUEST 21 10))

    /* REMOTE COMMAND SERVER */
             CHGVAR     VAR(&RCFMT) VALUE(%SST(&REQUEST 21 8))
             CHGVAR     VAR(&RCFID) VALUE(%SST(&REQUEST 29 4))

             CHGVAR     VAR(&RCFID_DEC) VALUE(%BINARY(&RCFID)) /* +
                          convert binary to decimal */
             MONMSG     MSGID(CPF0000)

             CHGVAR     VAR(&RCPGM) VALUE(%SST(&REQUEST 33 10))
             CHGVAR     VAR(&RCLIB) VALUE(%SST(&REQUEST 43 10))
             CHGVAR     VAR(&RCNUM) VALUE(%SST(&REQUEST 33 10))
             CHGVAR     VAR(&RCDATA) VALUE(%SST(&REQUEST 57 1043))

/*                                           */
/* BEGIN MAIN PROGRAM                        */
/*                                           */

             CHGVAR     VAR(&STATUS) VALUE('1') /* INITIALIZE RETURN +
                          VALUE TO ACCEPT THE REQUEST */

/* ADD LOGIC COMMON TO ALL SERVERS */

             IF         COND(&APPLIC *EQ '*RMTSRV') THEN(GOTO +
                          CMDLBL(RMTCMD)) /* IF RMTCMD/DPC */

             GOTO       CMDLBL(EXIT)

/*                                           */
/* SUBROUTINES                               */
/*                                           */
      RMTCMD:

             RTVUSRPRF  USRPRF(&USER) LMTCPB(&LMTCPB)

             CHGVAR     VAR(&CMD) VALUE(%SST(&RCDATA 1 4))

             IF         COND(&LMTCPB *EQ '*YES' *AND &RCFID_DEC = +
                          4098 *AND (&CMD *NE 'CALL' *AND &CMD *NE +
                          'call' *AND &CMD *NE 'Call' *AND &CMD *NE +
                          '    ')) THEN(CHGVAR VAR(&STATUS) +
                          VALUE('0')) /* Only allow user to execute +
                          the CALL command */

             GOTO       CMDLBL(EXIT)

     EXIT:
             ENDPGM 

This was first published in April 2001

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.