Gen WRSECTOKEN customisation to get USERNAME does not show user ID in CFB
Article ID: 373831
Updated On:
Products
Issue/Introduction
Gen 8.6 GUI client/server application.
The user ID that logs on to virtual Windows devices for development (environment variable USERNAME) was recently changed i.e. the old user ID of uuuuu became uuuuu-xxx.
However the truncated uuuuu still needs to be sent to the server.
To remove the trailing -xxx from the default USERNAME value in the WRSECTOKEN user exit function (file WREXITN.C), a Win32 API call to GetUserName was used to get the user ID and then truncate it.
However, that resulted in a server side error due to incorrect user ID being passed and a client CMIDEBUG trace file confirms that no username value is populated in the Gen Common Format Buffer (CFB) that is sent to the server.
WRSECTOKEN code used:
int WRSECTOKEN (char *clientUserid, char *clientPassword, char *trancode,
char *nextLocation, BOOL *bClntMgrSecurity, long *tokenLen,
char *token, char *failureMsg)
{
DWORD bufCharCount = 8;
GetUserName(clientUserid, &bufCharCount);
// Remove trailing suffix of -xxx by null-terminating
char *hyphen = strchr(clientUserid, '-');
if (hyphen != NULL) {
int offset = hyphen - clientUserid;
clientUserid[offset] = '\0';
}
*bClntMgrSecurity = FALSE;
*tokenLen = 0;
return SecurityUsedEnhanced;
}
Environment
Gen GUI Client
Gen Distributed Processing Server
Resolution
Support researched a basic client-server application with the SecurityUsedEnhanced flag returned in the WRCECTOKEN user exit (WREXITN.C).
1. Initially setting CLIENT_USER_ID in the client action diagram to "user-xxx" and just using part of the above WRSECTOKEN code (without GetUserName) was used. In addition code was added to print strings to a separate file wrsec.out for debug purposes:
***** FILE *fptr = fopen("wrsec.out", "w"); fprintf(fptr,"clientUserid retrieved = %s\n", clientUserid); char *hyphen = strchr(clientUserid, '-'); if (hyphen != NULL) { int offset = hyphen - clientUserid; clientUserid[offset] = '\0'; } fprintf(fptr,"clientUserid truncated = %s\n", clientUserid); fclose(fptr);
*****
wrsec.out showed the expected "user-xxx" being processed:
*****
clientUserid retrieved = user-xxx clientUserid truncated = user
*****
The Gen client CMIDEBUG trace file also showed the matching truncated user ID user:
*****07/16 14:41:31:454:TID-18928:CExtPStep::BuildSecurity(): RetCode from WRSECTOKEN 0, CMSecFlag:1 TokenLength:0 ErrorMsg:07/16 14:41:31:454:TID-18928:CICFBClntOutMsg::putSecurity(): userid:user passwd: tokenLen:0 CMUse:107/16 14:41:31:454:TID-18928:CICFBClntOutMsg::putSecurity(): security token07/16 14:41:31:454:TID-18928:CICFBClntOutMsg::CFBChecks(): for Security Section len:14<0xe>07/16 14:41:31:454:TID-18928:CICFBClntOutMsg::putSecurity(): Sensitive Data after security added07/16 14:41:31:454:TID-18928:08891020: 53005304 75736572 53005A00 00000000 |S.S.userS.Z.....|07/16 14:41:31:454:TID-18928:CExtPStep::BuildSecurity(): RetErr=CSUokay?:1 Msg Type=FreeMsgType?:1
*****
2. Added the call to GetUserName (to get the value of environment variable USERNAME) above the "FILE" line:
***** DWORD bufCharCount = 8; GetUserName(clientUserid, &bufCharCount);
*****
Manually set environment variable USERNAME to "usr1-xxx" (notice slight difference to "user-xxx" used for CLIENT_USER_ID in the client code) but the wrsec.out still showed "user-xxx" being processed:
*****clientUserid retrieved = user-xxx clientUserid truncated = user
*****
The Gen client CMIDEBUG trace file also still showed the matching truncated user ID user:
*****07/16 14:44:17:988:TID-21148:CExtPStep::BuildSecurity(): RetCode from WRSECTOKEN 0, CMSecFlag:1 TokenLength:0 ErrorMsg:07/16 14:44:17:988:TID-21148:CICFBClntOutMsg::putSecurity(): userid:user passwd: tokenLen:0 CMUse:107/16 14:44:17:988:TID-21148:CICFBClntOutMsg::putSecurity(): security token07/16 14:44:17:988:TID-21148:CICFBClntOutMsg::CFBChecks(): for Security Section len:14<0xe>07/16 14:44:17:988:TID-21148:CICFBClntOutMsg::putSecurity(): Sensitive Data after security added07/16 14:44:17:988:TID-21148:086D4020: 53005304 75736572 53005A00 00000000 |S.S.userS.Z.....|07/16 14:44:17:988:TID-21148:CExtPStep::BuildSecurity(): RetErr=CSUokay?:1 Msg Type=FreeMsgType?:1
*****
So the environment variable USERNAME value "usr1-xxx" did not get processed.
3. Support read there may be a problem using GetUserName near the bottom of this page: Stackoverflow - Get current username in C++ on Windows
"In case GetUserName(username, &username_len); doesn't work when using a char[] as storage, you should know that GetUserName could be a macro solved to GetUserNameW. If u worked with Windows API probably u know the difference between W and A. Using GetUserNameA would solve the problem if you're using char[] as buf"
Support tried with getUserNameA but same result as #2.
Then function getenv (also referenced in above page) was tested instead of GetUserName i.e.
***** strncpy(clientUserid, getenv("USERNAME"), 8);
*****
wrsec.out showed "usr1-xxx" being processed:
*****clientUserid retrieved = usr1-xxx clientUserid truncated = usr1
*****
The Gen client CMIDEBUG trace file also showed the matching truncated user ID usr1:
*****07/16 14:51:27:948:TID-1688:CExtPStep::BuildSecurity(): RetCode from WRSECTOKEN 0, CMSecFlag:1 TokenLength:0 ErrorMsg:07/16 14:51:27:948:TID-1688:CICFBClntOutMsg::putSecurity(): userid:usr1 passwd: tokenLen:0 CMUse:107/16 14:51:27:948:TID-1688:CICFBClntOutMsg::putSecurity(): security token07/16 14:51:27:948:TID-1688:CICFBClntOutMsg::CFBChecks(): for Security Section len:14<0xe>07/16 14:51:27:948:TID-1688:CICFBClntOutMsg::putSecurity(): Sensitive Data after security added07/16 14:51:27:948:TID-1688:086E7020: 53005304 75737231 53005A00 00000000 |S.S.usr1S.Z.....|07/16 14:51:27:948:TID-1688:CExtPStep::BuildSecurity(): RetErr=CSUokay?:1 Msg Type=FreeMsgType?:1
*****
So the environment variable USERNAME value "usr1-xxx" did get processed successfully.
Therefore the root cause of the problem appears to be using function GetUserName and using function getenv instead was successful.
Additional Information
Feedback
