The Adapter for DB2 supports primary and secondary authorization security checking for DSN3SATH. Three modifications are required, as shown in the following example.
1. Search for the SATH001 label - add two lines (FOCDSN3):
SATH001 DS 0H
USING WORKAREA,R11 ESTABLISH DATA AREA ADDRESSABILITY
ST R2,FREMFLAG SAVE FREEMAIN INDICATOR
XC SAVEAREA(72),SAVEAREA CLEAR REGISTER SAVE AREA
.
.
.
*********SECTION 1: DETERMINE THE PRIMARY AUTHORIZATION ID ************
* *
* IF THE INPUT AUTHID IS NULL OR BLANKS, CHANGE IT TO THE AUTHID *
* IN EITHER THE JCT OR THE FIELD POINTED TO BY ASCBJBNS. *
* THE CODE IN THIS SECTION IS AN ASSEMBLER LANGUAGE VERSION OF *
* THE DEFAULT IDENTIFY AUTHORIZATION EXIT. IT IS EXECUTED ONLY *
* IF THE FIELD ASXBUSER IS NULL UPON RETURN FROM THE RACROUTE *
* SERVICE. FOR EXAMPLE, IT DETERMINES THE PRIMARY AUTH ID FOR *
* ENVIRONMENTS WITH NO SECURITY SYSTEM INSTALLED AND ACTIVE. *
* *
*************************************************************************
SPACE
LA R1,AIDLPRIM LOAD PARM REG1 <--ADD
CALL FOCDSN3 GO GET THE IBI EXIT <--ADD
CLI AIDLPRIM,BLANK IS THE INPUT PRIMARY AUTHID NULL
BH SATH020 SKIP IF A PRIMARY AUTH ID EXISTS2. Search for the SATH020 label - add a comment box, add one line, and comment out four lines:
SATH020 DS 0H BRANCH TO HERE IF PRIMARY EXISTS
*****OPTIONAL CHANGE @CHAR7: FALLBACK TO SEVEN CHAR PRIMARY AUTHID***
* *
* IF YOUR INSTALLATION REQUIRES ONLY SEVEN CHARACTER PRIMARY *
* AUTHORIZATION IDS (POSSIBLY TRUNCATED) DUE TO DB2 PRIVILEGES *
* GRANTED TO TRUNCATED AUTHORIZATION IDS, THEN YOU MUST BLANK OUT *
* COLUMN 1 OF THE ASSEMBLER STATEMENT IMMEDIATELY FOLLOWING THIS *
* BLOCK COMMENT. THEN ASSEMBLE THIS PROGRAM AND LINK-EDIT IT INTO *
* THE APPROPRIATE DB2 LOAD LIBRARY AS EXPLAINED IN AN APPENDIX *
* OF "THE DB2 ADMINISTRATION GUIDE". *
* *
* OTHERWISE, YOU NEED DO NOTHING. *
* @KYD0271*
**********************************************************************
* MVI AIDLPRIM+7,BLANK BLANK OUT EIGHTH CHARACTER
SPACE
.
.
.
* RACF IS ACTIVE ON THIS MVS
****************************************************************** <--ADD
* * <--ADD
* The logic was modified because in DB2 V8 AIDLACEE is always not* <--ADD
* NULL. We used to honor AIDLACEE first, FOCDSN4 second and then * <--ADD
* AS ACEE. Now we honor FOCDSN4 first, AIDLACEE second and then * <--ADD
* AS ACEE. * <--ADD
* * <--ADD
* 03/11/05 ASK0 * <--ADD
****************************************************************** <--ADD
USING ACEE,R6 ESTABLISH BASE FOR ACEE @KYL0108
L R6,AIDLACEE Get => caller ACEE if any <--ADD
* ICM R6,B'1111',AIDLACEE CALLER PASSED ACEE ADDRESS? @KYL0108 <-COMMENT
* BZ SATH024 NO, USE ADDRESS SPACE ACEE @KYL0108 <-COMMENT
* CLC ACEEACEE,EYEACEE IS IT REALLY AN ACEE? @KYL0108 <-COMMENT
* BE SATH027 YES, PROCEED NORMALLY @KYL0108 <-COMMENT
SPACE 1
SATH024 DS 0H USE ADDRESS SPACE ACEE @KYL0108
.
.
.3. Search for the SATH025 label - replace sath025 and add sath026 (FOCDSN4):
SATH025 DS 0H
CALL FOCDSN4 GO GET THE IBI EXIT (4=GROUP AUTH) <--ADD
LTR R6,R6 DOES AN ACEE EXIST? IF NOT, <--ADD
BZ SATH026 CHECK ACEE IN ADDRESS SPACE <--ADD
CLC ACEEACEE,EYEACEE DOES IT LOOK LIKE AN ACEE? <--ADD
BE SATH027 YES, GO DO GROUPS <--ADD
SATH026 DS 0H <--ADD
L R6,ASCBASXB GET ADDRESS SPACE EXTENSION BLOCK <--ADD
L R6,ASXBSENV-ASXB(,R6) GET ACEE ADDRESS <--ADD
CLC ACEEACEE,EYEACEE DOES IT LOOK LIKE AN ACEE? <--ADD
BNE SATH049 NO, THEN CAN'T DO GROUPS <--ADD
DROP R8 DROP ASCB BASE REG <--ADD
SPACE 1 <--ADDSATH027 DS 0H CHECK LIST OF GROUPS OPTION
TM RCVTOPTX,RCVTLGRP IS LIST OF GROUPS CHECKING ACTIVE
BZ SATH040 SKIP TO SINGLE GROUP COPY IF NOT
DROP R7 DROP RCVT BASE REG
SPACE 1
* RACF LIST OF GROUPS OPTION IS ACTIVE
EJECT
.
.
.
| Information Builders |