Here is a sample CL program that allows certain users with Limit Capabilities(*YES) to run the CALL command remotely.
Note in the remarks that initial access security to the remote command is set up through Operations Navigator:
- right click on the AS/400 in question;
- select Application Administration;
- select the Client Applications
- expand AS/400 Client Access Express;
- secure 'Remote Command - Command Line' to the appropriate users.
Information is also provided in the program remarks on how to register the exit program.
/********************************************************************/
/* */
/* Program name: UTJRMTCMD */
/* System name: Security */
/* Author: Mary C. Milliron */
/* Project No.: M5176 */
/* */
/* Program Narrative: */
/* */
/* This is an Exit program to secure the Remote Command to */
/* certain users. Initial security is provided by Operations */
/* Navigator. It is limiting access to the remote command to QPGMR, */
/* QSYSOPR, QSECOFR and APPDEV group profiles. APPDEV has been */
/* placed in the Additional Group Profiles list for certain users */
/* so that they can call a program that will end a server. This */
/* exit program was written to prevent them from accessing other */
/* commands. */
/* */
/* There are 2 types of remote commands that go thru this exit */
/* program: */
/* */
/* 1. The distributed program call. RCFID = 4099 */
/* This is a system call from an application. */
/* */
/* 2. The command line call. RCFID = 4098 */
/* This is a call from a Windows command prompt. */
/* */
/* To register this program as an exit program, WRKREGINF and */
/* add it to exit point QIBM_QZRC_RMT. */
/* */
/* Compiler Options: */
/* */
/* << list options specific to this program >> */
/* */
/* Command: */
/* */
/* << if applicable >> */
/* */
/* Program Modification History: */
/* */
/* mm/dd/yyyy intitials Project No: Mnnnn */
/* Description */
/* */
/********************************************************************/
PGM PARM(&STATUS &REQUEST)
DCL VAR(&MSG) TYPE(*CHAR) LEN(200)
/* */
/* PROGRAM CALL PARAMETER DECLARATIONS */
/* */
DCL VAR(&STATUS) TYPE(*CHAR) LEN(1) /* +
Accept/Reject indicator */
/* */
/* Note: Request is declared as *CHAR LEN(2000) because that is */
/* the limit in CL. The actual length of REQUEST is 4171. */
/* */
DCL VAR(&REQUEST) TYPE(*CHAR) LEN(2000) /* +
Parameter structure */
/* */
/* PARAMETER DECLARES */
/* */
/* COMMON DECLARES */
DCL VAR(&USER) TYPE(*CHAR) LEN(10)
/* User ID */
DCL VAR(&APPLIC) TYPE(*CHAR) LEN(10)
/* Server ID */
DCL VAR(&FUNCTN) TYPE(*CHAR) LEN(10) /* Function +
being performed */
/* REMOTE COMMAND SERVER DECLARES */
DCL VAR(&RCFMT) TYPE(*CHAR) LEN(8) /* Format +
name */
DCL VAR(&RCFID) TYPE(*CHAR) LEN(4) /* Function +
identifier */
DCL VAR(&RCPGM) TYPE(*CHAR) LEN(10) /* Program +
name */
DCL VAR(&RCLIB) TYPE(*CHAR) LEN(10) /* Program +
library name */
DCL VAR(&RCNUM) TYPE(*CHAR) LEN(4) /* Number of +
parms or cmdlen */
DCL VAR(&RCDATA) TYPE(*CHAR) LEN(6000) /* +
Command string nor parms */
/* */
/* OTHER DECLARES */
/* */
DCL VAR(&WRKLEN) TYPE(*CHAR) LEN(5)
DCL VAR(&DECLEN) TYPE(*DEC) LEN(8 0)
DCL VAR(&LMTCPB) TYPE(*CHAR) LEN(10)
DCL VAR(&CMD) TYPE(*CHAR) LEN(4)
DCL VAR(&RCFID_DEC) TYPE(*DEC) LEN(5 0) /* +
Function identifier */
/* */
/* EXTRACT THE VARIOUS PARAMETERS FROM THE STRUCTURE */
/* */
/* HEADER */
CHGVAR VAR(&USER) VALUE(%SST(&REQUEST 1 10))
CHGVAR VAR(&APPLIC) VALUE(%SST(&REQUEST 11 10))
CHGVAR VAR(&FUNCTN) VALUE(%SST(&REQUEST 21 10))
/* REMOTE COMMAND SERVER */
CHGVAR VAR(&RCFMT) VALUE(%SST(&REQUEST 21 8))
CHGVAR VAR(&RCFID) VALUE(%SST(&REQUEST 29 4))
CHGVAR VAR(&RCFID_DEC) VALUE(%BINARY(&RCFID)) /* +
convert binary to decimal */
MONMSG MSGID(CPF0000)
CHGVAR VAR(&RCPGM) VALUE(%SST(&REQUEST 33 10))
CHGVAR VAR(&RCLIB) VALUE(%SST(&REQUEST 43 10))
CHGVAR VAR(&RCNUM) VALUE(%SST(&REQUEST 33 10))
CHGVAR VAR(&RCDATA) VALUE(%SST(&REQUEST 57 1043))
/* */
/* BEGIN MAIN PROGRAM */
/* */
CHGVAR VAR(&STATUS) VALUE('1') /* INITIALIZE RETURN +
VALUE TO ACCEPT THE REQUEST */
/* ADD LOGIC COMMON TO ALL SERVERS */
IF COND(&APPLIC *EQ '*RMTSRV') THEN(GOTO +
CMDLBL(RMTCMD)) /* IF RMTCMD/DPC */
GOTO CMDLBL(EXIT)
/* */
/* SUBROUTINES */
/* */
RMTCMD:
RTVUSRPRF USRPRF(&USER) LMTCPB(&LMTCPB)
CHGVAR VAR(&CMD) VALUE(%SST(&RCDATA 1 4))
IF COND(&LMTCPB *EQ '*YES' *AND &RCFID_DEC = +
4098 *AND (&CMD *NE 'CALL' *AND &CMD *NE +
'call' *AND &CMD *NE 'Call' *AND &CMD *NE +
' ')) THEN(CHGVAR VAR(&STATUS) +
VALUE('0')) /* Only allow user to execute +
the CALL command */
GOTO CMDLBL(EXIT)
EXIT:
ENDPGM
This was first published in April 2001