Hi I'm using the CSP struct to send the client ID on a client application, my goal is to get the queue operation being authorized by the OAM based on this ID and not the ID of the process my application is running under. What I observe is:
- If my process is running as alice and I send bob in the MQCSP I get a 2035 on the MQCONNX call.
- If a I create a user alice on my local machine and execute the program as alice sending alice in the MQSCSP the call succeeds.
- If I run the program as alice but send bob in the MQCSP the MQCONNX fails with a 2035 reason code.
Why, apparently, in the 3rd case the ID used for authorization seems to be the ID sent in the MQSCP field while not in the 1st case?
Is there anything that needs to be set in addition to use the fields in the MQSCP structure to send the CLNTID in the options parameter of the MQCONNX call?
The environment is WMQ 7.5 running on Linux.
The code is:
MQCNO mqcno = {MQCNO_DEFAULT};
mqcno.Version = MQCNO_VERSION_5;
// Identification
if (mqpar->user != NULL) {
MQCSP sp = {MQCSP_DEFAULT};
sp.Version = MQCSP_CURRENT_VERSION;
sp.AuthenticationType = MQCSP_AUTH_USER_ID_AND_PWD;
sp.CSPUserIdPtr = mqpar->user;
sp.CSPUserIdLength = strlen(mqpar->user);
sp.CSPPasswordPtr = mqpar->pwd;
sp.CSPPasswordLength = strlen(mqpar->pwd);
mqcno.SecurityParmsPtr = &sp;
}
MQCONNX("",&mqcno,mgrd,retc,reasc);
Thanks for any help.
Adding extra information from subsequent comments made by OP.
The intention of writing this code is not authenticate the connection, but to get the authorisations checks made by the OAM be based on the user sent within the MQCSP and not the user ID that the process on the client side is running under.
I'm trying to achieve the same effect of configuring a Connection Factory in the Java WebSphere Application Server, that if I'm not wrong transmit the userid on a connection to the manager based on the Authentication Alias one specify for the Connection Factory.
