SXPG_COMMAND_CHECK: Check Authorization to Execute an External Command

Use

Use this function module to check a user's authorization to execute a particular external command.

  • with the arguments specified in ADDITIONAL_PARAMETERS

  • on the target host system, as identified by OPERATINGSYSTEM and TARGETSYSTEM.

If an SAP profile parameter is inserted in the portion of the command stored in the database, then the value of this parameter is substituted into the command. If an SAP application server is active on the target system (TARGETSYSTEM), then the profile parameter values are read from the profile that is active on that system. No parameter substitution is made in ADDITIONAL_PARAMETERS.

After substitution, the command is checked for the presence of "dangerous" characters, such as the semicolon ; on UNIX systems.

If an additional "security function module" is specified in the command definition, this function module is also called in the course of processingebenfalls. This function module can prevent execution of the command.

Should the function module complete successfully (without exceptions), then the following is returned:

  • The complete command name (including the path) from the command definition. SAP profile parameters in the command are resolved to their values.

  • The command arguments from the command definition. SAP profile parameters in the string are resolved to their values.

  • the additional parameters string, as specified in the call to the function module.

Profile parameters are resolved once again to their values when a command is actually dispatched to run.

CALL FUNCTION 'SXPG_COMMAND_CHECK'
IMPORTING 
ADDITIONAL_PARAMETERS = <Argument string> " Default <space> 
COMMANDNAME = <Name of command definition in SAP System>
OPERATINGSYSTEM = <Target OS as defined in SAP System>
TARGETSYSTEM = <Host system for execution of command>
EXPORTING
ALL_PARAMETERS = <Complete argument string>
DEFINED_PARAMETERS = <Arguments from command definition>
PROGRAMNAME = <Complete pathname of OS command>
EXCEPTIONS
X_ERROR " Reserved
COMMAND_NOT_FOUND " Command not defined in SAP database
NO_PERMISSION " Command rejected by User exit auth. check 
PARAMETERS_TOO_LONG " Complete parameter string exceeds 
" 128 characters
PARAMETER_EXPECTED " Required parameter not specified
SECURITY_RISK " Security check failed
TOO_MANY_PARAMETERS " No ADDITONAL_PARAMETERS allowed
WRONG_CHECK_CALL_INTERFACE " Problem with function module
" for additional security check
ILLEGAL_COMMAND " Command not legitimately defined 
OTHERS.

Parameter

IMPORTING Parameter

Parameter Name

Use

ADDITIONAL_PARAMETERS

Arguments for the external program as specified by the calling program or user. These arguments are appended to any arguments specified in the external command definition ( DEFINED_PARAMETERS).

These arguments are checked for impermissible characters, such as the ; under UNIX. Problems are registered with the SECURITY_RISK exception.

COMMANDNAME

The name of the definition of the external command, as specified in the maintenance function (Transaction SM69).

OPERATINGSYSTEM and TARGETSYSTEM

Host system, in which the command is to be run. OPERATINGSYSTEM is specified in the command definition (transaction SM69).

TARGETSYSTEM is the host name of the system upon which the command is to run.

EXPORTING Parameter

Parameter Name

Use

ALL_PARAMETERS

Returns the complete argument string for the command, consisting of ADDITIONAL_PARAMETERS and DEFINED_PARAMETERS.

The string is as close to the potential runtime string as possible. For example, variables are substituted into the string from the target host system, if possible.

DEFINED_PARAMETERS

Returns the predefined argument string from the command definition in the SAP system.

The string is as close to the potential runtime string as possible. For example, variables are substituted into the string from the target host system, if possible.

PROGRAMNAME

The complete name (including path) of the command that is to be executed. Arguments are not included.

Exception

Name

Meaning

X_ERROR

Reserved.

NO_PERMISSION

The AUTHORITY-CHECK of the user's authorization for the authorization object S_LOG_COM failed. The user is not authorized to execute the command with the specified arguments in thte target system.

COMMAND_NOT_FOUND

Command name, as identified by COMMANDNAME and OPERATINGSYSTEM, has not been defined in the maintenance function (transaction SM69).

PARAMETERS_TOO_LONG

The combined argument string ( ADDITIONAL_PARAMETERS and the DEFINED_PARAMETERS, as returned in ALL_PARAMETERS) exceeds the limit of 128 characters in length.

SECURITY_RISK

Either:

  • The command contains impermissible characters. These are characters with potentially dangerous properties, such as ; under UNIX.

    Or:

  • The command defintion specifies that an extra check function module must be run. This function module rejected execution of the command.

WRONG_CHECK_CALL_ INTERFACE

The command definition specifies that an additional check function module should be run. Either this function module is missing, or the interface defined for this function module does not match that of the standard SAP function module SXPG_DUMMY_COMMAND_CHECK. For more information, see SXPG_DUMMY_COMMAND_CHECK: Interface for Extra-Check Function Modules.

TOO_MANY_PARAMETERS

The command definition specifies that ADDITIONAL_PARAMETERS are not allowed. However, an additional string of command arguments was specified.

PARAMETER_EXPECTED

The command definition includes the placeholder character ?, which signifies that ADDITIONAL_PARAMETERS is required. However, no additional arguments string was supplied.

ILLEGAL_COMMAND

The external command definition was modified "illegally". That is, the command was not modified by means of the maintenance function (transaction SM69).

OTHERS

Catch any new exceptions added to this function module.