Daniel Berlin on Security Insight on SAP security, development stuff… and all the rest

29Aug 13

Source – ZS_STAD_DISPLAY_RFC_CALLS

*&---------------------------------------------------------------------*
*& Report ZS_STAD_DISPLAY_RFC_CALLS
*&---------------------------------------------------------------------*
*& Purpose: Evaluate data saved by report ZS_STAD_EXTRACT_RFC_CALLS
*& Author : Daniel Berlin
*& Version: 1.0.2
*&---------------------------------------------------------------------*
 
REPORT zs_stad_display_rfc_calls.
 
TYPE-POOLS: icon, slis.
TABLES: t000, tfdir, tlibg, zsstad_rfc_data.
 
DATA: BEGIN OF gt_rfcdes OCCURS 0
    ,   mandt  TYPE mandt
    ,   logsys TYPE rfcdest
    , END   OF gt_rfcdes
    , BEGIN OF gt_result OCCURS 0
    ,   mandt  TYPE mandt           " SAP client
    ,   uname  TYPE swncuname       " User name
    ,   fugrp  TYPE rs38l_area      " Function group
    ,   check  TYPE icon-id         " Authorization check
    ,   alvbox TYPE c               " ALV: Checkbox status
    , END   OF gt_result
    , gv_errmsg TYPE string
    , gv_rfcdes TYPE rfcdest
    , gv_autval TYPE xuval.
 
SELECTION-SCREEN: BEGIN OF LINE
                , COMMENT 1(20) n_datum.
SELECT-OPTIONS: pr_datum FOR zsstad_rfc_data-datum.
SELECTION-SCREEN: END OF LINE
                , BEGIN OF LINE
                , COMMENT 1(20) n_mandt.
SELECT-OPTIONS: pr_mandt FOR              zsstad_rfc_data-mandt
                         MATCHCODE OBJECT salv_bs_mandt.
SELECTION-SCREEN: END OF LINE
                , BEGIN OF LINE
                , COMMENT 1(20) n_uname.
SELECT-OPTIONS: pr_uname FOR              zsstad_rfc_data-uname
                         MATCHCODE OBJECT user_addr.
SELECTION-SCREEN: END OF LINE
                , BEGIN OF LINE
                , COMMENT 1(20) n_fumod.
SELECT-OPTIONS: pr_fumod FOR tfdir-funcname.
SELECTION-SCREEN: END OF LINE
                , BEGIN OF LINE
                , COMMENT 1(20) n_fugrp.
SELECT-OPTIONS: pr_fugrp FOR tlibg-area.
SELECTION-SCREEN: END OF LINE.
 
INITIALIZATION.
 
  " --- Titles
  n_datum = 'Date'.                                         "#EC NOTEXT
  n_mandt = 'Client'.                                       "#EC NOTEXT
  n_uname = 'User'.                                         "#EC NOTEXT
  n_fumod = 'Function module'.                              "#EC NOTEXT
  n_fugrp = 'Function group'.                               "#EC NOTEXT
 
  AUTHORITY-CHECK OBJECT 'S_ADMI_FCD'
                      ID 'S_ADMI_FCD' FIELD 'ST0R'.  " Analyze traces
 
  IF sy-subrc <> 0.
    MESSAGE 'Missing authorization.' TYPE 'W'.              "#EC NOTEXT
    LEAVE PROGRAM.
  ENDIF.
 
  " --- Check for missing RFC destinations
  SELECT * FROM t000
          WHERE mandt IN ( SELECT DISTINCT mandt FROM zsstad_rfc_data )
            AND logsys = ''.
    CONCATENATE 'Error: no RFC destination found for client' t000-mandt
           INTO gv_errmsg.                                  "#EC NOTEXT
    MESSAGE gv_errmsg TYPE 'W'.
    LEAVE PROGRAM.
  ENDSELECT.
 
  " --- Get RFC destinations and exclude if unreachable
  SELECT mandt logsys INTO TABLE gt_rfcdes FROM t000
         WHERE mandt <> sy-mandt AND logsys <> ''.
 
  LOOP AT gt_rfcdes.
    " This does not reliably detect broken RFC connections
*   CALL FUNCTION 'RFC_PING' DESTINATION gt_rfcdes-logsys
*     EXCEPTIONS
*       OTHERS = 1.
 
    CALL FUNCTION 'RFC_SYSTEM_INFO' DESTINATION gt_rfcdes-logsys
      EXCEPTIONS
        OTHERS = 1.
 
    IF sy-subrc <> 0.
      pr_mandt-sign   = 'E'.
      pr_mandt-option = 'EQ'.
      pr_mandt-low    = gt_rfcdes-mandt.
      APPEND pr_mandt. CLEAR pr_mandt.
    ENDIF.
  ENDLOOP.
 
START-OF-SELECTION.
 
  SELECT DISTINCT mandt uname fugrp
       INTO TABLE gt_result
             FROM zsstad_rfc_data
            WHERE datum IN pr_datum
              AND mandt IN pr_mandt
              AND uname IN pr_uname
              AND fumod IN pr_fumod
              AND fugrp IN pr_fugrp
         ORDER BY mandt uname fugrp.
 
  LOOP AT gt_result.
    IF gt_result-mandt = sy-mandt.
      gv_rfcdes = 'NONE'.
    ELSE.
      READ TABLE gt_rfcdes WITH KEY mandt = gt_result-mandt.
      gv_rfcdes = gt_rfcdes-logsys.
    ENDIF.
 
    gv_autval = gt_result-fugrp.
 
    CALL FUNCTION 'AUTHORITY_CHECK'
      DESTINATION gv_rfcdes
      EXPORTING
        user                  = gt_result-uname
        object                = 'S_RFC'
        field1                = 'ACTVT'
        value1                = '16'
        field2                = 'RFC_TYPE'
        value2                = 'FUGR'
        field3                = 'RFC_NAME'
        value3                = gv_autval
      EXCEPTIONS
        user_dont_exist       = 1   " Yellow flash
        user_is_authorized    = 2   " Green check mark
        user_not_authorized   = 3   " Red cross
        user_is_locked        = 4   " Gray lock
        system_failure        = 99  " RFC error
        communication_failure = 99. " RFC error
 
    CASE sy-subrc.
      WHEN 1.      gt_result-check = icon_failure.
      WHEN 2.      gt_result-check = icon_checked.
      WHEN 3.      gt_result-check = icon_incomplete.
      WHEN 4.      gt_result-check = icon_locked.
      WHEN OTHERS. gt_result-check = icon_system_help.
    ENDCASE.
    MODIFY gt_result.
  ENDLOOP.
 
  PERFORM alv_show_result.
 
*&---------------------------------------------------------------------*
*&      Form  alv_show_result
*&---------------------------------------------------------------------*
FORM alv_show_result.
 
  DATA: lt_fieldcat TYPE slis_t_fieldcat_alv WITH HEADER LINE
      , ls_layout   TYPE slis_layout_alv
      , lt_filter   TYPE slis_t_filter_alv   WITH HEADER LINE.
 
  " --- Field catalogue
  lt_fieldcat-fieldname   = 'MANDT'.
  lt_fieldcat-ref_tabname = 'T000'.
  APPEND lt_fieldcat. CLEAR lt_fieldcat.
 
  lt_fieldcat-fieldname     = 'UNAME'.
  lt_fieldcat-ref_tabname   = 'USR02'.
  lt_fieldcat-ref_fieldname = 'BNAME'.
  APPEND lt_fieldcat. CLEAR lt_fieldcat.
 
  lt_fieldcat-fieldname     = 'FUGRP'.
  lt_fieldcat-ref_tabname   = 'TLIBG'.
  lt_fieldcat-ref_fieldname = 'AREA'.
  APPEND lt_fieldcat. CLEAR lt_fieldcat.
 
  lt_fieldcat-fieldname = 'CHECK'.
  lt_fieldcat-seltext_m = 'Auth. check'.                    "#EC NOTEXT
  lt_fieldcat-seltext_l = 'Authorization check'.            "#EC NOTEXT
  lt_fieldcat-icon      = 'X'.
  lt_fieldcat-outputlen = 8.
  APPEND lt_fieldcat. CLEAR lt_fieldcat.
 
  " --- Layout
  ls_layout-box_fieldname     = 'ALVBOX'.
  ls_layout-colwidth_optimize = 'X'.
  ls_layout-no_input          = 'X'.
  ls_layout-zebra             = 'X'.
 
  " --- Filter
  lt_filter-fieldname = 'CHECK'.
  lt_filter-sign0     = 'E'.
  lt_filter-optio     = 'EQ'.
  lt_filter-valuf_int = '@01@'.  " Green check mark
  APPEND lt_filter. CLEAR lt_filter.
 
  CALL FUNCTION 'REUSE_ALV_GRID_DISPLAY'
    EXPORTING
      i_callback_program      = sy-repid
*     i_callback_top_of_page  = 'ALV_CALLBACK_TOP_OF_PAGE'
      i_callback_user_command = 'ALV_CALLBACK_USER_COMMAND'
      it_fieldcat             = lt_fieldcat[]
      is_layout               = ls_layout
      it_filter               = lt_filter[]
      i_save                  = 'X'
    TABLES
      t_outtab                = gt_result
    EXCEPTIONS
      OTHERS                  = 0.
 
ENDFORM.                    "alv_show_result
 
*&---------------------------------------------------------------------*
*&      Form  alv_callback_user_command
*&---------------------------------------------------------------------*
FORM alv_callback_user_command                              "#EC CALLED
                         USING pv_ucomm    LIKE sy-ucomm
                               ps_selfield TYPE slis_selfield.
 
  DATA: lv_rfcdes TYPE rfcdest
      , lt_seltab TYPE rsparams OCCURS 0 WITH HEADER LINE.
 
  READ TABLE gt_result INDEX ps_selfield-tabindex.
 
  IF gt_result-mandt = sy-mandt.
    lv_rfcdes = 'NONE'.
  ELSE.
    READ TABLE gt_rfcdes WITH KEY mandt = gt_result-mandt.
    lv_rfcdes = gt_rfcdes-logsys.
  ENDIF.
 
  IF pv_ucomm = '&IC1'.
    CASE ps_selfield-fieldname.
      WHEN 'UNAME'.
        CALL FUNCTION 'SUSR_USER_MAINT_WITH_DIALOG'
          DESTINATION lv_rfcdes
          EXPORTING
            user_to_display = gt_result-uname
            display_only    = 'X'
          EXCEPTIONS
            OTHERS          = 0.
 
      WHEN 'FUGRP'.
        lt_seltab-selname = 'I2'.
        lt_seltab-kind    = 'S'.
        lt_seltab-sign    = 'I'.
        lt_seltab-option  = 'EQ'.
        lt_seltab-low     = gt_result-fugrp.
        APPEND lt_seltab. CLEAR lt_seltab.
 
        CALL FUNCTION 'RSDU_CALL_SE16'
          DESTINATION lv_rfcdes
          EXPORTING
            i_tablename = 'ENLFDIR'
          TABLES
            i_t_seltab  = lt_seltab
          EXCEPTIONS
            OTHERS      = 0.
 
    ENDCASE.
  ENDIF.
 
ENDFORM.                    "alv_callback_user_command