Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RACF JSec updates #259

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

RACF JSec updates #259

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
04455db
RACF JSec updates
Jan 12, 2024
8dba826
RACF Updates Take 2
Jan 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
157 changes: 157 additions & 0 deletions zOS-RACF/Downloads/RACFJsec/CreateGroupsAndMembers.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,157 @@
/* */
/* Copyright 2023 IBM Corp. */
/* */
/* Licensed under the Apache License, Version 2.0 (the "License"); */
/* you may not use this file except in compliance with the License. */
/* You may obtain a copy of the License at */
/* */
/* http://www.apache.org/licenses/LICENSE-2.0 */
/* */
/* Unless required by applicable law or agreed to in writing, */
/* software distributed under the License is distributed on an */
/* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, */
/* either express or implied. See the License for the specific */
/* language governing permissions and limitations under the License. */
/* */
import com.ibm.eserver.zos.racf.userregistry.*;
import com.ibm.security.userregistry.*;
import javax.naming.*;
import javax.naming.directory.*;
import java.util.Enumeration;

public class CreateGroupsAndMembers {


public static void main(String[] args)
{
SecAdmin racfAdmin = null;
UserGroup dwarves = null;
User dwarf;

/////////////////////////////////////////////////////////////////////
// Instantiate RACF_remote object with connection data:
/////////////////////////////////////////////////////////////////////

RACF_remote remote = new RACF_remote("ldap://alps4014.pok.ibm.com:389",
"simple",
"IBMUSER", // userid for sample/testing
"secret", // password during testing
"o=racfdb,c=us"); // ldap suffix on sample/test system

/////////////////////////////////////////////////////////////////////
// Create a new RACF_SecAdmin object. This will create connection
// to RACF database with authority of userid provided in RACF_remote
// object.
/////////////////////////////////////////////////////////////////////
try
{
racfAdmin = new RACF_SecAdmin(remote);
}
catch (SecAdminException e)
{
System.out.println("Unable to connect to specified RACF database. "+e.getMessage());
return;
}


/////////////////////////////////////////////////////////////////////
// Define create a group named dwarves
/////////////////////////////////////////////////////////////////////
try
{
dwarves = racfAdmin.createGroup("dwarves", null);
System.out.println("We just created a group called Dwarves.");
}
catch (SecAdminException e)
{
System.out.println("Unable to create group 'dwarves'. "+e.getMessage());
return;
}

/////////////////////////////////////////////////////////////////////
// Show the members of Dwarves
/////////////////////////////////////////////////////////////////////
System.out.println("Dwarves Members:");
for (Enumeration ae = dwarves.members(); ae.hasMoreElements();)
{
User user = (User)ae.nextElement();
System.out.println(user.getName());
}

/////////////////////////////////////////////////////////////////////
// Add some members to Dwarves
/////////////////////////////////////////////////////////////////////
try
{
System.out.println("Now we are going to add some members.");
dwarves.addMember(racfAdmin.createUser("Sleepy",null));
dwarves.addMember(racfAdmin.createUser("Grumpy",null));
dwarves.addMember(racfAdmin.createUser("Sneezy",null));
dwarves.addMember(racfAdmin.createUser("Dopey",null));
dwarves.addMember(racfAdmin.createUser("Bashful",null));
dwarves.addMember(racfAdmin.createUser("Happy",null));
dwarves.addMember(racfAdmin.createUser("Doc",null));
}
catch (SecAdminException e)
{
System.out.println("Exception trying to add members to group 'dwarves'. "+e.getMessage());
return;
}

/////////////////////////////////////////////////////////////////////
// Again, show the members of Dwarves
/////////////////////////////////////////////////////////////////////
System.out.println("Dwarves Members:");
for (Enumeration ae = dwarves.members(); ae.hasMoreElements();)
{
User user = (User)ae.nextElement();
System.out.println(user.getName());
}

/////////////////////////////////////////////////////////////////////
// Now let's modify the membership attributes of User Doc
/////////////////////////////////////////////////////////////////////
try
{
System.out.println("Doc is leader of the group, should be SPECIAL.");
ModificationItem mods[] = new ModificationItem[1];
mods[0] = new ModificationItem(DirContext.ADD_ATTRIBUTE,
new BasicAttribute("BASE_SPECIAL"));
dwarf = racfAdmin.getUser("DOC");
dwarves.modifyMembershipAttributes(dwarf,mods);

}
catch (SecAdminException e)
{
System.out.println("Error modifying membership attributes "+e.getMessage());
return;
}


//////////////////////////////////////////////////////////////////////////
// Display the membership attributes of Doc and Happy
//////////////////////////////////////////////////////////////////////////
try
{
BasicAttributes member_at = dwarves.getMembershipAttributes(dwarf);
System.out.println("Membership attributes returned for DOC are: ");
RACF_SecAdmin.displayAttributes(member_at);

// Now we are going to get and display the membership attributes of HAPPY
dwarf = racfAdmin.getUser("HAPPY");
member_at = dwarves.getMembershipAttributes(dwarf);
System.out.println("Membership attributes returned for HAPPY are: ");
RACF_SecAdmin.displayAttributes(member_at);
}
catch (SecAdminException e)
{
System.out.println("Error retrieving membership attributes "+e.getMessage());
return;
}




}

}
89 changes: 89 additions & 0 deletions zOS-RACF/Downloads/RACFJsec/CreateProtectedUserid.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,89 @@
/* */
/* Copyright 2023 IBM Corp. */
/* */
/* Licensed under the Apache License, Version 2.0 (the "License"); */
/* you may not use this file except in compliance with the License. */
/* You may obtain a copy of the License at */
/* */
/* http://www.apache.org/licenses/LICENSE-2.0 */
/* */
/* Unless required by applicable law or agreed to in writing, */
/* software distributed under the License is distributed on an */
/* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, */
/* either express or implied. See the License for the specific */
/* language governing permissions and limitations under the License. */
/* */
import com.ibm.eserver.zos.racf.userregistry.*;
import com.ibm.security.userregistry.*;
import javax.naming.*;
import javax.naming.directory.*;

public class CreateProtectedUserid {


public static void main(String[] args)
{
SecAdmin racfAdmin = null;
User protect = null;
/////////////////////////////////////////////////////////////////////
// Instantiate RACF_remote object with connection data:
/////////////////////////////////////////////////////////////////////
RACF_remote remote = new RACF_remote("ldap://alps4014.pok.ibm.com:389",
"simple",
"IBMUSER", // userid for sample/testing
"secret", // password during testing
"o=racfdb,c=us"); // ldap suffix on sample/test system

/////////////////////////////////////////////////////////////////////
// Create a new RACF_SecAdmin object. This will create connection
// to RACF database with authority of userid provided in RACF_remote
// object.
/////////////////////////////////////////////////////////////////////
try
{
racfAdmin = new RACF_SecAdmin(remote);
}
catch (SecAdminException e)
{
System.out.println("Unable to connect to specified RACF database. "+e.getMessage());
return;
}


/////////////////////////////////////////////////////////////////////
// Define the user attributes and create the user
/////////////////////////////////////////////////////////////////////
try
{
BasicAttributes ba = new BasicAttributes();
BasicAttribute pwd = new BasicAttribute("base_password");
pwd.add("nopassword");
ba.put(pwd);
protect = racfAdmin.createUser("protect", ba);
System.out.println("Successfully created userid 'protect'.");
}
catch (SecAdminException e)
{
System.out.println("Unable to create user 'protect'. "+e.getMessage());
return;
}

/////////////////////////////////////////////////////////////////////
// Get the user attributes of the recently created user
// and display the BASE_PASSWORD attribute
/////////////////////////////////////////////////////////////////////
try
{
BasicAttributes prot_at = protect.getAttributes();
System.out.println(prot_at.get("BASE_PASSWORD"));
}
catch (SecAdminException e)
{
System.out.println("Error retrieving attributes "+e.getMessage());
return;
}


}

}
91 changes: 91 additions & 0 deletions zOS-RACF/Downloads/RACFJsec/CreateTSOUserid.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,91 @@
/* */
/* Copyright 2023 IBM Corp. */
/* */
/* Licensed under the Apache License, Version 2.0 (the "License"); */
/* you may not use this file except in compliance with the License. */
/* You may obtain a copy of the License at */
/* */
/* http://www.apache.org/licenses/LICENSE-2.0 */
/* */
/* Unless required by applicable law or agreed to in writing, */
/* software distributed under the License is distributed on an */
/* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, */
/* either express or implied. See the License for the specific */
/* language governing permissions and limitations under the License. */
/* */
import com.ibm.eserver.zos.racf.userregistry.*;
import com.ibm.security.userregistry.*;
import javax.naming.*;
import javax.naming.directory.*;

public class CreateTSOUserid {


public static void main(String[] args)
{
SecAdmin racfAdmin = null;
User catuser = null;
/////////////////////////////////////////////////////////////////////
// Instantiate RACF_remote object with connection data:
/////////////////////////////////////////////////////////////////////
RACF_remote remote = new RACF_remote("ldap://alps4014.pok.ibm.com:389",
"simple",
"IBMUSER", // userid for sample/testing
"secret", // password during testing
"o=racfdb,c=us"); // ldap suffix on sample/test system

/////////////////////////////////////////////////////////////////////
// Create a new RACF_SecAdmin object. This will create connection
// to RACF database with authority of userid provided in RACF_remote
// object.
/////////////////////////////////////////////////////////////////////
try
{
racfAdmin = new RACF_SecAdmin(remote);
}
catch (SecAdminException e)
{
System.out.println("Unable to connect to specified RACF database. "+e.getMessage());
return;
}


/////////////////////////////////////////////////////////////////////
// Define the user attributes and create the user
/////////////////////////////////////////////////////////////////////
try
{
BasicAttributes ba = new BasicAttributes();
BasicAttribute pwd = new BasicAttribute("base_password");
pwd.add("meow"); // cat simply has to enter �meow� to log on
pwd.add("noexpired");
ba.put(pwd);
ba.put(new BasicAttribute("TSO"));
catuser = (User)racfAdmin.createUser("cat", ba);
System.out.println("You have successfully created TSO user cat, password meow. Try logging on if you don't believe me.");
}
catch (SecAdminException e)
{
System.out.println("Unable to create user 'cat'. "+e.getMessage());
return;
}

/////////////////////////////////////////////////////////////////////
// Get the user attributes of the recently created user
// and display the BASE_PASSWORD attribute
/////////////////////////////////////////////////////////////////////
try
{
BasicAttributes u_at = catuser.getAttributes();
System.out.println(u_at.get("BASE_PASSWORD"));
}
catch (SecAdminException e)
{
System.out.println("Error retrieving attributes "+e.getMessage());
return;
}


}

}
Loading