PROBLEM: Receiving Error "CPF3C3C 'Value for parameter 2 not valid'"
when attempting to connect to DataGate/400 installed on OS/400 v5r3
The information in this article applies to:
- DataGate/400, All Releases
- AVR, All Releases
- OS/400
SYMPTOMS:
When attempting to run and connect to DataGate/400 that installed on OS/400
v5r3, job log indicates error:
CPF3C3C 'Value for parameter 2 not valid'.
NOTE: This affects
versions of DataGate/400 (Release 7.0 Version 7.80) or (Release 5.0 Version
5.1200.1.46) and lower and affects any applications that perform an AS/400 CALL/PARM
to QSYSGETPH API..
CAUSE:
IBM determined that a change was needed in V5R3 to the QSYGETPH API to close
a security gap. The problem appears to be related to the incompatibility
of the latest version of IBM API QSYSGETPH.
RESOLUTION:
*** DataGate/400 Release 7.0 Version 7.86+ (GA) OR
Release 5.0 Version 5.1200.1.48+ (GA) fixes this
issue. ***
You can obtain these versions on our
download site.
If you can not upgrade your version of DataGate/400, IBM has a temporary fix,
PTF SI14206 which will allow V5R3 code to run under the
'old rules'. Please contact IBM for more information on this PTF.
If performing a
CALL/PARM to QSYSGETPH API, you will need to modify the
parameters. Sample Code below:
// IBM Documentation on API:
//
http://publib.boulder.ibm.com/iseries/v5r2/ic2924/index.htm?info/apis/QSYGETPH.htm
/* Types of CPF Error messages. Example will only show the CPF Number.
CPF22E2 Password not correct for user profile &1.
CPF22E3 User profile &1 is disabled.
CPF22E4 Password for user profile &1 has expired.
CPF22E5 No password associated with user profile &1.
CPF22E6 Maximum number of profile handles have been generated.
CPF22E9 *USE authority to user profile &1 required.
CPF2203 User profile &1 not correct.
CPF2204 User profile &1 not found.
CPF2213 Not able to allocate user profile &1.
CPF2225 Not able to allocate internal system object.
CPF3C90 Literal value cannot be changed.
CPF3CF1 Error code parameter not valid.
CPF9872 Program or service program &1 in library &2 ended. Reason code &3.
*/
// Authenticate an OS/400 user profile and password.
DclFld CallErr Type( *Ind )
DclFld CPFMsg Type( *String )
DclFld Result Type( *String )
DclFld ProfileHandle Type( *Char ) Len( 12 ) // also used for handle
DclFld Password Type( *Char ) Len( 10 )
DclFld PasswordLength Type( *Integer ) Len( 4 ) // Change for v5r3
DclFld UserId Type( *Char ) Len( 10 )
DclFld UserCCSID Type( *Integer ) Len( 4 ) //Set to 0 or -1 = Default
DclConst MSGIDLEN Value( 100 ) // amount of details of error to show
DclConst MSGTXTLOC Value( 35 )
DclConst NULL Value( '' )
// changes for v5r3:
//
http://publib.boulder.ibm.com/iseries/v5r2/ic2924/index.htm?info/apis/error.htm
DclDS ErrHandle Len(8)
DclDSFld InputFld1 Start(1) Type(*Integer) Len(4)
DclDSFld OutputFld1 Start(5) Type(*Integer) Len(4)
//---------------------------------------------------------------------------
DCLFLD StringConv TYPE(MISCCTLSLib.String)
// Class ID: {8153D3A4-6BEC-4F14-B3E5-DBFD39CF75A1}
// ProgID: Miscctls.String.1
// Description: ASNA String Class in Project References
//---------------------------------------------------------------------------
//---------------------------------------------------------------------------
// Check the User that is attempting to Login. We are calling a 400 PGM-API.
// Function is expecting Database Location, User, and Password.
BegFunc CheckUser Type( *String )
DclSRParm DBLocation *String
DclSRParm User *String
DclSRParm Pwd *String
// Set API parms from IO fields on form.
UserId = StringConv.ToUpper(User)
// We need Upper Case on the Values
Password = Pwd // Don't uppercase if 400 supports long password!
PasswordLength = StringConv.Length(Pwd) // Change for v5r3
ProfileHandle = UserId
InputFld1 = 0 // We don't care about this and fill with zeros
OutputFld1 = 0 // We don't care about this and fill with zeros
UserCCSID = 0 // Use 0 or -1 depending on compatibility with 37 CCSID
// Call OS/400 API to get password handle.
Call Pgm( 'QSYS/QSYGETPH' ) DB( DBLocation ) Err( CallErr )
DclParm UserId
DclParm Password
DclParm ProfileHandle
DclParm ErrHandle // Change for v5r3
DclParm PassWordLength // Change for v5r3
DclParm UserCCSID // Change for v5r3
// Attempt to fetch CPF message.
If ( CallErr )
SubStr BaseStr( *Err.Description ) StartPos( MSGTXTLOC ) SubLen( MSGIDLEN )
Target(CPFMsg )
Result = 'OS/400 error: ' + CPFMsg
Else
Result = "User Authenticated Correctly"
EndIf
UserId = *Blanks
Password = *Blanks
ProfileHandle = *Blanks
LeaveSR Result
EndFunc
//--------------------------------------------------------------------
|
MORE INFORMATION:
Special Note on IBM's PTF: Read this
PTF cover letter closely!
You have to run the following command:
CRTMSGQ MSGQ(QSYS/QSYAPI) MSGQFULL(*WRAP).
This message queue contains an error message for each program that makes
'improper' use of the QSYGETPH API. IBM is currently allowing 180 days for the
problem to be resolved by the API caller (although there is a workaround to
extend the period).
Without the message queue the fix is ignored.
Related ASNA KB Articles:
Related IBM Articles:
Keywords: job, CPF3c3c, PTF, v5r3, DataGate/400, DataGate, PTF
SI14206, QSYSGETPH, Authentication, User Profile, AVR, Sample Code
| 