AS400 login

This Q&A forum allows users to post and respond to "How Do I Do ....." questions. Please do not use to report (suspected) errors - you must use your regional help desk for this. The information contained in this forum has not been validated by LANSA and, as such, LANSA cannot guarantee the accuracy of the information.
Post Reply
Joerg Hamacher
Posts: 53
Joined: Thu Feb 11, 2016 12:01 am

AS400 login

Post by Joerg Hamacher » Thu Mar 15, 2018 10:13 pm

Hi,

we have a web page running on IBMi. In a IBMi database we have an user based authority system to control which informations a user may see or not. This database is user by our IBMi applications, too.

Now I want to create a simulation of the IBMi login with username and password as starting point of the web application to verify that only allowed users get access to some informations.
How can I realize such a login function with Web Pages and get the information back from IBMi if the logon is correct or not? Built-in-functions like CONNECT_SERVER are not supported in web programming.

Many thanks in advance,
Joerg

jyoung
Posts: 673
Joined: Thu Jan 21, 2016 6:43 am
Location: Oklahoma City, OK USA

Re: AS400 login

Post by jyoung » Fri Mar 16, 2018 1:12 am

Hi Joerg,

We do authentication and authorization on the i with VLF-ONE using the user's IBM i credentials.
I "think" you may be able to the same in a normal VL WEB app.

LANSA ships with a UF_3GCHKPW program that handles the authentication (username and password).

We copy it into a different library and then call it from a Server Module. You cannot execute it from the client (Web Page) it must execute on the server.

Here is the ValidatePassword method, it is specific to VLF-ONE, but it may help.

Code: Select all

mthroutine name(ValidatePassword) options(*REDEFINE *RETURNS_MESSAGES) access(*PRIVATE)

* This is going to use shipped program UF_3GCHKPW
define field(#U3GUserProfile) type(*char) length(10)
define field(#U3GPassword) type(*char) length(128)
define field(#U3GReturnCode) type(*char) length(2)
define_com class(#prim_alph) name(#u3GErrorMessage)

#SYS_APPLN.TraceMessageData( "Validating Password - User:&1" #UserProfile )

* Default behaviour: the password conforms to the rules
#ValidationReturnCode := OK

if (*OSAPI = IBMI)

* IBM i servers like uppercase user profiles
#U3GUserProfile := #UserProfile.UpperCase
#U3GPassword := #Password.AsNativeString

#SYS_APPLN.TraceMessageText( "Calling UF_3GCHKPW" )

call pgm(UF_3GCHKPW LANSACFG) parm(#U3GUserProfile #U3GPassword #U3GReturnCode) if_error(*next)

#SYS_APPLN.TraceMessageData( "Returned from UF_3GCHKPW - Return Code:&1" #U3GReturnCode )

case (#U3GReturnCode)
when (= OK)
#u3GErrorMessage := ""
when (= IU)
#u3GErrorMessage := *MTXTUF_OLOGON_002
when (= IP)
#u3GErrorMessage := *MTXTUF_USRPASSW
when (= EX)
#u3GErrorMessage := *MTXTUF_USR_PSW_EXP
when (= UD)
#u3GErrorMessage := *MTXTUF_DIS_USERNAME
otherwise
#u3GErrorMessage := *MTXTUF_OLOGON_003 + *MTXTUF_FAILED
endcase

if (#u3GErrorMessage <> "")
#ValidationReturnCode := ER
message msgtxt(#u3GErrorMessage)

#SYS_APPLN.TraceMessageData( "ValidatePassword error message: &1" #u3GErrorMessage )
endif

endif

* Finished
#SYS_APPLN.TraceMessageData( "ValidatePassword completed - ValidationReturnCode:&1" #ValidationReturnCode )

endroutine
The important bit being this line and LANSACFG is the library where we copied the program into.

Code: Select all

call pgm(UF_3GCHKPW LANSACFG) parm(#U3GUserProfile #U3GPassword #U3GReturnCode) if_error(*next)
That handles Authentication,so regarding Authentication, we have a simple RPG program that we use to get the user's group profile and from there we can map permissions or roles.

Code: Select all

mthroutine name(GetIBMGroupProfile)
define_map for(*INPUT) class(#PRIM_ALPH) name(#userProfile)
define_map for(*RESULT) class(#PRIM_ALPH) name(#groupProfile)

define field(#pgm_user) reffld(#STD_TEXTS)
define field(#pgm_group) reffld(#STD_TEXTS)

#pgm_user := #userProfile

#SYS_APPLN.TraceMessageData( "Calling GETGRPPRF - User:&1" #pgm_user )

call pgm(GETGRPPRF PGMLIB) parm(#pgm_user #pgm_group) exit_used(*NEXT)

#SYS_APPLN.TraceMessageData( "Returned from GETGRPPRF - User:&1 Group:&2" #pgm_user #pgm_group )

#groupProfile := #pgm_group
endroutine
Hope this helps,
Joe

MarkD
Posts: 655
Joined: Wed Dec 02, 2015 9:56 am

Re: AS400 login

Post by MarkD » Fri Mar 16, 2018 8:10 am

The UF_3GCHKPW program that is called is a little CL program shipped with VLF.
If you use it it's best to change the name.
Source code is:

Code: Select all

             PGM        PARM(&USRID &PWD &STATUS)

/********************************************************/
/* Check that the passed User Id and Password are valid */
/* Status Codes Returned :                              */
/* OK = USER OK                                         */
/* IU = INVALID USER ID                                 */
/* IP = INVALID PASSWORD                                */
/* EX = PASSWORD EXPIRED                                */
/* UD = USER PROFILE DISABLED                           */
/* ER = UNEXPECTED ERROR                                */
/********************************************************/

/* Received Parms */
             DCL        VAR(&USRID) TYPE(*CHAR) LEN(10)
             DCL        VAR(&PWD) TYPE(*CHAR) LEN(128)

/* Returned Parms */
DCL        VAR(&STATUS) TYPE(*CHAR) LEN(2)

/* Other variables */
DCL        VAR(&PROGRAM) TYPE(*CHAR) LEN(10)
DCL        VAR(&MENU) TYPE(*CHAR) LEN(10)
DCL        VAR(&RTNVAR) TYPE(*CHAR) LEN(8) +
           VALUE(X'0000000000000000')
DCL        VAR(&HANDLE) TYPE(*CHAR) LEN(12)
DCL        VAR(&RELEASE) TYPE(*CHAR) LEN(6)

 /* MESSAGE FORWARDING VARIABLES */
    DCL  &ERRDS      *CHAR    4   VALUE(X'00000000')
    DCL  &MSGKEY     *CHAR    4   VALUE(' ')
    DCL  &MSGTYPECT  *CHAR    4   VALUE(X'00000004')
    DCL        VAR(&MSGTYPE) TYPE(*CHAR) LEN(40) +
    VALUE('*DIAG     *INFO     *ESCAPE   *COMP     ')
    DCL  &STKCT      *CHAR    4   VALUE(X'00000001')
    DCL  &STKSTRPOS  *CHAR   10   VALUE('*')
CHGVAR     VAR(&STATUS) VALUE('OK')

/* The following call to QSYGETPH needs to be coded */
/* differently depending on OS/400 version. Delete the */
/* variation that you do not need. */

CALL PGM(UF_3GGETRL) PARM(&RELEASE)

IF COND(&RELEASE *GE 'V5R3') THEN(DO)
 /* Check User and Password for OS/400 V5R3 onwards */
 /* Modified 30/05/12 - add support for long passwords */
   CALL       PGM(QSYGETPH) PARM(&USRID &PWD &HANDLE &RTNVAR X'00000080' +
                X'00000000')
 /* Invalid User                                             */
 MONMSG     MSGID(CPF2203 CPF2204) EXEC(CHGVAR VAR(&STATUS) +
             VALUE('IU'))

 /* Unable to check this user                               */
 /* MONMSG     MSGID(CPF22E9 CPF2213 CPF2217 CPF4AB8) +     */
 /*           EXEC(CHGVAR VAR(&STATUS) VALUE('UV'))         */


 /* Password is invalid */
 MONMSG     MSGID(CPF22E2) EXEC(CHGVAR +
             VAR(&STATUS) VALUE('IP'))

 /* This profile has no password */
 MONMSG     MSGID(CPF22E5) EXEC(CHGVAR +
             VAR(&STATUS) VALUE('NO'))

 /* Profile is disabled */
 MONMSG     MSGID(CPF22E3) EXEC(CHGVAR VAR(&STATUS) +
             VALUE('UD'))

 /* Password has expired */
 MONMSG     MSGID(CPF22E4) EXEC(CHGVAR VAR(&STATUS) +
             VALUE('EX'))

 /* Unspecified error */
    MONMSG     MSGID(CPF0000) EXEC(DO)
    CHGVAR VAR(&STATUS) VALUE('ER')
    CALL  PGM(QMHMOVPM) PARM(&MSGKEY &MSGTYPE &MSGTYPECT +
                             &STKSTRPOS &STKCT &ERRDS)
    ENDDO
 ENDDO
ELSE       CMD(DO)
 /* Check User and Password for OS/400 prior to V5R3 */
 CALL       PGM(QSYGETPH) PARM(&USRID &PWD &HANDLE)

 /* Invalid User                                             */
 MONMSG     MSGID(CPF2203 CPF2204) EXEC(CHGVAR VAR(&STATUS) +
             VALUE('IU'))

 /* Unable to check this user                               */
 /* MONMSG     MSGID(CPF22E9 CPF2213 CPF2217 CPF4AB8) +     */
 /*           EXEC(CHGVAR VAR(&STATUS) VALUE('UV'))         */


 /* Password is invalid */
 MONMSG     MSGID(CPF22E2) EXEC(CHGVAR +
             VAR(&STATUS) VALUE('IP'))

 /* This profile has no password */
 MONMSG     MSGID(CPF22E5) EXEC(CHGVAR +
             VAR(&STATUS) VALUE('NO'))

 /* Profile is disabled */
 MONMSG     MSGID(CPF22E3) EXEC(CHGVAR VAR(&STATUS) +
             VALUE('UD'))

 /* Password has expired */
 MONMSG     MSGID(CPF22E4) EXEC(CHGVAR VAR(&STATUS) +
             VALUE('EX'))

 /* Unspecified error */
    MONMSG     MSGID(CPF0000) EXEC(DO)
    CHGVAR VAR(&STATUS) VALUE('ER')
    CALL  PGM(QMHMOVPM) PARM(&MSGKEY &MSGTYPE &MSGTYPECT +
                             &STKSTRPOS &STKCT &ERRDS)
    ENDDO
 ENDDO


/* Possible error messages are:  (V5R1 to V5R4)             */

/* IU CPF2203 E User profile &1 not correct.                */
/* IU CPF2204 E User profile &1 not found.                  */
/* UV CPF2213 E Not able to allocate user profile &1.       */
/* UV CPF2217 E Not authorized to user profile &1.          */
/* ER CPF2225 E Not able to allocate internal system object.*/
/* ER CPF22AD E Group profile for user not found.           */
/* IP CPF22E2 E Password not correct for user profile &1.   */
/* UD CPF22E3 E User profile &1 is disabled.                */
/* EX CPF22E4 E Password for user profile &1 has expired.   */
/* NO CPF22E5 E No password associated with user profile &1.*/
/* ER CPF22E6 E Maximum number of profile handles have been generated.*/
/* ER CPF22E7 E Profile handle is not valid.                */
/* UV CPF22E9 E *USE authority to user profile &1 required. */
/* ER CPF24B4 E Severe error while addressing parameter list. */
/* ER CPF3BC7 E CCSID &1 outside of valid range.            */
/* ER CPF3BDE E CCSID &1 not supported by API.              */
/* ER CPF3C1D E Length specified in parameter &1 not valid. */
/* ER CPF3C36 E Number of parameters, &1, entered for this API was not valid.*/
/* ER CPF3C3C E  Value for parameter &1 not valid.          */
/* ER CPF3C90 E LITERAL VALUE CANNOT BE CHANGED.            */
/* ER CPF3CF1 E Error code parameter not valid.             */
/* UV CPF4AB8 E Insufficient authority for user profile &1. */
/* ER CPF9872 E Program or service program &1 in library &2 ended.*/


END:         ENDPGM 

MarkD
Posts: 655
Joined: Wed Dec 02, 2015 9:56 am

Re: AS400 login

Post by MarkD » Fri Mar 16, 2018 8:12 am

You can probably chop out the IBM OS being greater than V5R3 check:

Code: Select all

CALL PGM(UF_3GGETRL) PARM(&RELEASE)

IF COND(&RELEASE *GE 'V5R3') THEN(DO) 

Joerg Hamacher
Posts: 53
Joined: Thu Feb 11, 2016 12:01 am

Re: AS400 login

Post by Joerg Hamacher » Fri Mar 16, 2018 9:17 pm

Thank you Joe, thank you Mark,

this is a great support!

Best regards, Joerg

Post Reply