Run remote command exit program
With this program and OpsNav you can give certain users access to secure the Remote Command.
Here is a sample CL program that allows certain users with Limit Capabilities(*YES) to run the CALL command remotely.
Note in the remarks that initial access security to the remote command is set up through Operations Navigator:
- right click on the AS/400 in question;
- select Application Administration;
- select the Client Applications
- expand AS/400 Client Access Express;
- secure 'Remote Command - Command Line' to the appropriate users.
Information is also provided in the program remarks on how to register the exit program.
/********************************************************************/ /* */ /* Program name: UTJRMTCMD */ /* System name: Security */ /* Author: Mary C. Milliron */ /* Project No.: M5176 */ /* */ /* Program Narrative: */ /* */ /* This is an Exit program to secure the Remote Command to */ /* certain users. Initial security is provided by Operations */ /* Navigator. It is limiting access to the remote command to QPGMR, */ /* QSYSOPR, QSECOFR and APPDEV group profiles. APPDEV has been */ /* placed in the Additional Group Profiles list for certain users */ /* so that they can call a program that will end a server. This */ /* exit program was written to prevent them from accessing other */ /* commands. */ /* */ /* There are 2 types of remote commands that go thru this exit */ /* program: */ /* */ /* 1. The distributed program call. RCFID = 4099 */ /* This is a system call from an application. */ /* */ /* 2. The command line call. RCFID = 4098 */ /* This is a call from a Windows command prompt. */ /* */ /* To register this program as an exit program, WRKREGINF and */ /* add it to exit point QIBM_QZRC_RMT. */ /* */ /* Compiler Options: */ /* */ /* << list options specific to this program >> */ /* */ /* Command: */ /* */ /* << if applicable >> */ /* */ /* Program Modification History: */ /* */ /* mm/dd/yyyy intitials Project No: Mnnnn */ /* Description */ /* */ /********************************************************************/ PGM PARM(&STATUS &REQUEST) DCL VAR(&MSG) TYPE(*CHAR) LEN(200) /* */ /* PROGRAM CALL PARAMETER DECLARATIONS */ /* */ DCL VAR(&STATUS) TYPE(*CHAR) LEN(1) /* + Accept/Reject indicator */ /* */ /* Note: Request is declared as *CHAR LEN(2000) because that is */ /* the limit in CL. The actual length of REQUEST is 4171. */ /* */ DCL VAR(&REQUEST) TYPE(*CHAR) LEN(2000) /* + Parameter structure */ /* */ /* PARAMETER DECLARES */ /* */ /* COMMON DECLARES */ DCL VAR(&USER) TYPE(*CHAR) LEN(10) /* User ID */ DCL VAR(&APPLIC) TYPE(*CHAR) LEN(10) /* Server ID */ DCL VAR(&FUNCTN) TYPE(*CHAR) LEN(10) /* Function + being performed */ /* REMOTE COMMAND SERVER DECLARES */ DCL VAR(&RCFMT) TYPE(*CHAR) LEN(8) /* Format + name */ DCL VAR(&RCFID) TYPE(*CHAR) LEN(4) /* Function + identifier */ DCL VAR(&RCPGM) TYPE(*CHAR) LEN(10) /* Program + name */ DCL VAR(&RCLIB) TYPE(*CHAR) LEN(10) /* Program + library name */ DCL VAR(&RCNUM) TYPE(*CHAR) LEN(4) /* Number of + parms or cmdlen */ DCL VAR(&RCDATA) TYPE(*CHAR) LEN(6000) /* + Command string nor parms */ /* */ /* OTHER DECLARES */ /* */ DCL VAR(&WRKLEN) TYPE(*CHAR) LEN(5) DCL VAR(&DECLEN) TYPE(*DEC) LEN(8 0) DCL VAR(&LMTCPB) TYPE(*CHAR) LEN(10) DCL VAR(&CMD) TYPE(*CHAR) LEN(4) DCL VAR(&RCFID_DEC) TYPE(*DEC) LEN(5 0) /* + Function identifier */ /* */ /* EXTRACT THE VARIOUS PARAMETERS FROM THE STRUCTURE */ /* */ /* HEADER */ CHGVAR VAR(&USER) VALUE(%SST(&REQUEST 1 10)) CHGVAR VAR(&APPLIC) VALUE(%SST(&REQUEST 11 10)) CHGVAR VAR(&FUNCTN) VALUE(%SST(&REQUEST 21 10)) /* REMOTE COMMAND SERVER */ CHGVAR VAR(&RCFMT) VALUE(%SST(&REQUEST 21 8)) CHGVAR VAR(&RCFID) VALUE(%SST(&REQUEST 29 4)) CHGVAR VAR(&RCFID_DEC) VALUE(%BINARY(&RCFID)) /* + convert binary to decimal */ MONMSG MSGID(CPF0000) CHGVAR VAR(&RCPGM) VALUE(%SST(&REQUEST 33 10)) CHGVAR VAR(&RCLIB) VALUE(%SST(&REQUEST 43 10)) CHGVAR VAR(&RCNUM) VALUE(%SST(&REQUEST 33 10)) CHGVAR VAR(&RCDATA) VALUE(%SST(&REQUEST 57 1043)) /* */ /* BEGIN MAIN PROGRAM */ /* */ CHGVAR VAR(&STATUS) VALUE('1') /* INITIALIZE RETURN + VALUE TO ACCEPT THE REQUEST */ /* ADD LOGIC COMMON TO ALL SERVERS */ IF COND(&APPLIC *EQ '*RMTSRV') THEN(GOTO + CMDLBL(RMTCMD)) /* IF RMTCMD/DPC */ GOTO CMDLBL(EXIT) /* */ /* SUBROUTINES */ /* */ RMTCMD: RTVUSRPRF USRPRF(&USER) LMTCPB(&LMTCPB) CHGVAR VAR(&CMD) VALUE(%SST(&RCDATA 1 4)) IF COND(&LMTCPB *EQ '*YES' *AND &RCFID_DEC = + 4098 *AND (&CMD *NE 'CALL' *AND &CMD *NE + 'call' *AND &CMD *NE 'Call' *AND &CMD *NE + ' ')) THEN(CHGVAR VAR(&STATUS) + VALUE('0')) /* Only allow user to execute + the CALL command */ GOTO CMDLBL(EXIT) EXIT: ENDPGM