Impersonation on the iSeries: Changing Profile User
Posted by jpluimers on 2011/10/12
When running on Windows, changing the current user is called impersionation.
There are various ways to do this in Windows, including
- WindowsIdentity.Impersonate on .NET (e.g. when using C#, VB.et net or Delphi Prism) which requires P/Invoke of LogonUser, CloseHandle and sometimes DuplicateToken as mentioned by Espo in this StackOverflow answer on .NET
- The functions ImpersonateLoggedOnUser and RevertToSelf the in the Windows API (e.g. when using Delphi or C++) also requiring LogonUser and CloseHandle as mentioned by Chris Baldwin on Delphi3000.com.
On the iSeries, there is only one way, as everything goes through the same API: use QSYGETPH (Get Profile Handle) to verify a username/password combination and obtain a handle to the authentication token, then use QWTSETP (Set Profile Handle) to change the user currently signed on, as for instance mentioned by Colin Williams directing to the CHGCURUSR tool on FreeRpgTools.com and an article on Swapping AS/400 User Profiles by Shannon O’Donnel that comes with source code.
On the iSeries, when you are done, you should use QSYRLSPH (Release Profile Handle) when done impersonating, and you need to get the handle from the original user profile if you want to return to it.
The IBM documentation contains a small sample with QSYGETPH, QWTSETP and QSYSRLSPH that sets and restores the profile handle (edit 20120214: it got moved to http://publib.boulder.ibm.com/infocenter/iseries/v5r3/index.jsp?topic=%2Fapis%2Fapiexushand.htm)
Note that on both Windows ans iSeries, impersonation within a process/thread will make it run in the new context, but the process still keeps the identity of the user that started the process.
If you want to change that, then on both you need to start a new process from the impersonated thread.
In Windows, you can combine the impersionation and the creation of a new process by using the CreateProcessWithLogonW function (as mentioned at the Old New Thing by Raymond Chan). I’ve yet to find an equivalent on the iSeries.
–jeroen
The Wiert Corner - irregular stream of stuff 
Leave a comment