Gen GUI application using Windows logon authentication to DB2 database
search cancel

Gen GUI application using Windows logon authentication to DB2 database

book

Article ID: 384789

calendar_today

Updated On:

Products

Gen

Issue/Introduction

This article describes how to run a Gen C/DB2 Window Packaged (GUI) application using Windows logon authentication to DB2 instead of the default method which prompts for DB2 login credentials stored in the iefgdic.ini file (see Testing and Running Applications for Windows IT section "Global Database Information Container for GUI").

The default method always prompts for DB2 credentials at runtime because the DB2 password is not stored in the iefgdic.ini file but also manually editing the file to store the password in plain text would be a security risk.

Using DB2 Windows logon authentication when running the GUI application is not as straightforward as it is for the Build Tool DB2 connection documented in article: Gen Build Tool DB2 connection using Windows logon (OPT.DBPSWD plain text))

The default DB2 database stub source STUBDB2N.SQC (used for STUBDB2N.OBJ in a GUI DB2 application build) expects a userid and password value to be present in the iefgdic.ini file when it reads the file i.e. it only contains this EXEC SQL CONNECT statement:
EXEC SQL CONNECT TO :Database USER :Uid USING :Passwd ;


However the STUBDB2N.SQC can be recoded and recompiled to build a new STUBDB2N.OBJ which will enable Windows logon authentication.

Environment

Gen 8.6 with latest PTFs applied.

Resolution


Backup the default STUBDB2N.SQC file and make changes

  1. Remove calls to function GDIC and remove line:
    int ret;

  2. Replace line:
    EXEC SQL CONNECT TO :Database USER :Uid USING :Passwd ;
    with:
    EXEC SQL CONNECT TO :Database;

  3. Change these lines:
    1. Remove:
      #define DATABASE_LEN 30

    2. Change:
      char Database[DATABASE_LEN];                            //  vuln fix
      To:
      char Database[30];                            //  vuln fix

    3. Change:
      strcpy_s(Database, DATABASE_LEN, szDatabase);                                          //  vuln fix
      To:
      strcpy_s(Database, 30, szDatabase);                                          //  vuln fix


See attached copy of the modified file STUBDB2N.SQC for easy reference.


Rebuild STUBDB2N.OBJ using STUBDB2N.MAK

  1. The current STUBDB2N.MAK has problems. This article describes them along with a new working version:
    STUBDB2N.MAK error "The file cannot be copied onto itself"


  2. Create a command file e.g. build_stubdb2n.cmd in directory %Gen86%\Gen which contains these lines:
    set DBPATH=C:\Program Files\IBM\SQLLIB
    set LIB=C:\Program Files\IBM\SQLLIB\lib\Win32;%LIB%
    set AEDB=GENDB
    set AEUSER=db2user
    set AEPASSWORD=db2password
    nmake -nologo -s -f stubdb2n.mak all


  3. From a command prompt run these steps:
    C:\Users\db2admin> cd %Gen86%\Gen
    C:\Program Files (x86)\CA\Gen86\Gen> genenv 32 2019  (sets the Visual Studio environment - this is example is for Visual Studio 2019)
    C:\Program Files (x86)\CA\Gen86\Gen> build_stubdb2n.cmd

 

Rebuild and test Window Managers

  1. After the new STUBDB2N.OBJ is created, rebuild each Window Manager (.exe) that contains PSteps that access DB2 so the new .exe file contains the new version of STUBDB2N.OBJ.

  2. Backup/remove any existing iefgdic.ini from directory "%USERPROFILE%\AppData\Local\CA\Gen 8.6\cfg\client".

  3. Run the application and no dialog box "DB2 Logon Information" prompting for Database name, SQL ID and password should be displayed.
    Instead the application should connect to the DB2 database automatically using the Windows Logon credentials.
    NOTE: An empty/template iefgdic.ini file will still be created in directory "%USERPROFILE%\AppData\Local\CA\Gen 8.6\cfg\client".

Attachments

STUBDB2N.SQC get_app