To set up SSO login in ICN 2.0.3.8

[satishkumar83]

Hi all,

I have a requirement where i need to set up SSO login for ICN 2.0.3.8 on linux platform.I tried a userexit program after i restarted the CMOD my admin password doesn't work after i reverted back the code it works fine am not sure what is my mistake am doing here.

Sample code
#include <arscsxit.h>
#include <stddef.h>
ArcCSXitSecurityRC
ARSCSXIT_EXPORT
ARSCSXIT_API
SECURITY( ArcChar *act_userid,
          ArcChar *cur_userid,
          ArcChar *cur_passwd,
          ArcChar *new_userid,
          ArcChar *new_passwd,
          ArcCSXitSecurityAction action,
          ArcChar *msg,
          ArcChar *clnt_id,
          ArcChar *instance,
          ArcChar *passthru_text,
          ArcU32 passthru_size,
          ArcByte *passthru_buf
        )
{
   ArcCSXitSecurityRC rc;
msg[0] = '\0';

rc = ARCCSXIT_SECURITY_RC_OKAY_BUT_VALIDATE_IN_OD;

if ( action == ARCCSXIT_SECURITY_USER_LOGIN ) {

if ( cur_passwd == NULL )
{
rc = ARCCSXIT_SECURITY_RC_OKAY;

}
else
{
rc = ARCCSXIT_SECURITY_RC_OKAY;
}
}
return( rc );

ARS.INI file

[@SRV@_instancename]
HOST=hostname
PROTOCOL=2
PORT=0
SRVR_INSTANCE=instance name
SRVR_INSTANCE_OWNER=archivedv
SRVR_OD_CFG=/appbin/ibm/ondemand/V9.5/config/ars.cfg
SRVR_DB_CFG=/appbin/ibm/ondemand/V9.5/config/ars.dbfs
SRVR_SM_CFG=/appbin/ibm/ondemand/V9.5/config/ars.cache
SRVR_OD_STASH=/appbin/ibm/ondemand/V9.5/config/archive.stash
SRVR_FLAGS_SECURITY_EXIT=1

Please let me know where i am making mistake

LINUX :Redhat 6.7
CMOD :9.5.0.6
ICN:2.0.3
Oracle:12.0.2

[satishkumar83]

[id@servername server]# gcc arsusec.c -o /appbin/ibm/ondemand/V9.5/exits/server/arsusec
arsusec.c:29:22: error: arscsxit.h: No such file or directory
arsusec.c:32: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘ARSCSXIT_EXPORT’

[satishkumar83]

[root@ server]# make -f Makefile
gcc -o arsusec -g -O -fPIC -m64 -pthread -std=c99 -shared -I. -I../inc -DLINUX -DLINUX_INTEL -D_REENTRANT -D_POSIX_C_SOURCE=200112L -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_FILE_OFFET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -Wl,-eSECURITY  arsusec.c

[satishkumar83]

#include <arscsxit.h>
#include <stddef.h>
#include <stdio.h>
ArcCSXitSecurityRC
ARSCSXIT_EXPORT
ARSCSXIT_API
SECURITY( ArcChar *act_userid,
          ArcChar *cur_userid,
          ArcChar *cur_passwd,
          ArcChar *new_userid,
          ArcChar *new_passwd,
          ArcCSXitSecurityAction action,
          ArcChar *msg,
          ArcChar *clnt_id,
          ArcChar *instance,
          ArcChar *passthru_text,
          ArcU32 passthru_size,
          ArcByte *passthru_buf
        )
{

FILE *ifp;
ifp = fopen("temp.log", "w+");

   ArcCSXitSecurityRC rc;

msg[0] = '\0';

rc = ARCCSXIT_SECURITY_RC_OKAY_BUT_VALIDATE_IN_OD;

if ( action == ARCCSXIT_SECURITY_USER_LOGIN ) {

if ( cur_passwd == NULL )
{
rc = ARCCSXIT_SECURITY_RC_OKAY;

printf("Acntuser - %s",*act_userid);
fprintf (ifp,"Act_ID - %s",*act_userid);
}
else
{
rc = ARCCSXIT_SECURITY_RC_OKAY;
}
}

printf("Acntuser - %s",*act_userid);
fprintf (ifp,"Act_ID - %s",*act_userid);

fclose(ifp);

return( rc );

}

[satishkumar83]

 /appbin/ibm/ondemand/V9.5/exits/server>gcc arsusec.c -o arsusec
In file included from arsusec.c:29:
/appbin/ibm/ondemand/V9.5/exits/inc/arscsxit.h:390: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘ARSCSXIT_API’
/appbin/ibm/ondemand/V9.5/exits/inc/arscsxit.h:484: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘ARSCSXIT_API’
/appbin/ibm/ondemand/V9.5/exits/inc/arscsxit.h:599: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘ARSCSXIT_API’
/appbin/ibm/ondemand/V9.5/exits/inc/arscsxit.h:648: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘ARSCSXIT_API’
/appbin/ibm/ondemand/V9.5/exits/inc/arscsxit.h:782: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘ARSCSXIT_API’
/appbin/ibm/ondemand/V9.5/exits/inc/arscsxit.h:883: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘ARSCSXIT_API’
/appbin/ibm/ondemand/V9.5/exits/inc/arscsxit.h:911: error: ‘ARCCSXIT_PATH_MAX’ undeclared here (not in a function)
/appbin/ibm/ondemand/V9.5/exits/inc/arscsxit.h:922: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘ARSCSXIT_API’
arsusec.c:35: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘ARSCSXIT_API’

[Alessandro Perucchi]

Hello,

you cannot compile the user exit with only "gcc -o arsusec arsusec.c" that will NEVER work.
This is why you got the Makefile included that will compile it as it should be with all the correct parameters.
which corresponds to what you have found:

Code: [Select]

gcc -o arsusec -g -O -fPIC -m64 -pthread -std=c99 -shared -I. -I../inc -DLINUX -DLINUX_INTEL -D_REENTRANT -D_POSIX_C_SOURCE=200112L -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_FILE_OFFET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -Wl,-eSECURITY  arsusec.c

Otherwise, I am not sure to understand your problem... if you return: ARCCSXIT_SECURITY_RC_OKAY then you will be able to enter CMOD whatever password you enter... since CMOD will think that whatever you used, it is valid, and will shortcut the validation in CMOD.

Could you describe step after step what you are doing exactly, and what is the result you get?

[satishkumar83]

Thanks for your reply .I gave the belowrc = ARCCSXIT_SECURITY_RC_OKAY; to make sure CMOD authenticates with blank password just to check the user exit
I tried your syntax to compile the code and it creates a object file without any error,Should I run the object file again in UNIX,when i execute it it creates a core dump file   .

(instance name ) /appbin/ibm/ondemand/V9.5/exits/server>./arsusec
Segmentation fault (core dumped)

[Alessandro Perucchi]

The syntax I used was the one you were using in your post of the "January 30, 2017, 06:44:07 AM". I did only a copy paste.

Now, this is a user exit is a public "hook" from CMOD. So if you want to test it, or use it, you cannot run it.
It will also never work (since there are no main method) as you have seen with the core dump output.

You need to add arsusec in the directory "${CMOD_INSTALL_DIR}/bin/exits" (check the permissions 755), and add in the ars.ini the line SRVR_FLAGS_SECURITY_EXIT=1 as you already did correctly.

Then you can restart CMOD and test it.

At my knowledge, you can only test it with a CMOD server...

When I was doing my user exit development, I was always doing that:

1) Stop CMOD Development
2) Replace the user exit
3) Start CMOD Development
4) Test what I wanted to test
5) If CMOD crashed, then I did something wrong, correct, and restart from step 1)
6) If CMOD didn't crash, then I check that everything I wanted was working, and if not, correct it, and back to step 1)
7) If everything worked as expected, then I could prepare to exit to test in the CMOD test system, that everything works as expected also there... if not, correct it, and back to step 1)
If the test phase was successfully performed, then the next step was to implement it in production, with full documentation on how to deploy it.

Hope that helps on how to develop, test these very special CMOD components.