The Adapter for DB2 supports primary and secondary authorization security checking for DSN3SATH. Three modifications are required, as shown in the following example.
1. Search for the SATH001 label - add two lines (FOCDSN3):
SATH001 DS 0H USING WORKAREA,R11 ESTABLISH DATA AREA ADDRESSABILITY ST R2,FREMFLAG SAVE FREEMAIN INDICATOR XC SAVEAREA(72),SAVEAREA CLEAR REGISTER SAVE AREA . . . *********SECTION 1: DETERMINE THE PRIMARY AUTHORIZATION ID ************ * * * IF THE INPUT AUTHID IS NULL OR BLANKS, CHANGE IT TO THE AUTHID * * IN EITHER THE JCT OR THE FIELD POINTED TO BY ASCBJBNS. * * THE CODE IN THIS SECTION IS AN ASSEMBLER LANGUAGE VERSION OF * * THE DEFAULT IDENTIFY AUTHORIZATION EXIT. IT IS EXECUTED ONLY * * IF THE FIELD ASXBUSER IS NULL UPON RETURN FROM THE RACROUTE * * SERVICE. FOR EXAMPLE, IT DETERMINES THE PRIMARY AUTH ID FOR * * ENVIRONMENTS WITH NO SECURITY SYSTEM INSTALLED AND ACTIVE. * * * ************************************************************************* SPACE LA R1,AIDLPRIM LOAD PARM REG1 <--ADD CALL FOCDSN3 GO GET THE IBI EXIT <--ADD CLI AIDLPRIM,BLANK IS THE INPUT PRIMARY AUTHID NULL BH SATH020 SKIP IF A PRIMARY AUTH ID EXISTS
2. Search for the SATH020 label - add a comment box, add one line, and comment out four lines:
SATH020 DS 0H BRANCH TO HERE IF PRIMARY EXISTS *****OPTIONAL CHANGE @CHAR7: FALLBACK TO SEVEN CHAR PRIMARY AUTHID*** * * * IF YOUR INSTALLATION REQUIRES ONLY SEVEN CHARACTER PRIMARY * * AUTHORIZATION IDS (POSSIBLY TRUNCATED) DUE TO DB2 PRIVILEGES * * GRANTED TO TRUNCATED AUTHORIZATION IDS, THEN YOU MUST BLANK OUT * * COLUMN 1 OF THE ASSEMBLER STATEMENT IMMEDIATELY FOLLOWING THIS * * BLOCK COMMENT. THEN ASSEMBLE THIS PROGRAM AND LINK-EDIT IT INTO * * THE APPROPRIATE DB2 LOAD LIBRARY AS EXPLAINED IN AN APPENDIX * * OF "THE DB2 ADMINISTRATION GUIDE". * * * * OTHERWISE, YOU NEED DO NOTHING. * * @KYD0271* ********************************************************************** * MVI AIDLPRIM+7,BLANK BLANK OUT EIGHTH CHARACTER SPACE . . . * RACF IS ACTIVE ON THIS MVS ****************************************************************** <--ADD * * <--ADD * The logic was modified because in DB2 V8 AIDLACEE is always not* <--ADD * NULL. We used to honor AIDLACEE first, FOCDSN4 second and then * <--ADD * AS ACEE. Now we honor FOCDSN4 first, AIDLACEE second and then * <--ADD * AS ACEE. * <--ADD * * <--ADD * 03/11/05 ASK0 * <--ADD ****************************************************************** <--ADD USING ACEE,R6 ESTABLISH BASE FOR ACEE @KYL0108 L R6,AIDLACEE Get => caller ACEE if any <--ADD * ICM R6,B'1111',AIDLACEE CALLER PASSED ACEE ADDRESS? @KYL0108 <-COMMENT * BZ SATH024 NO, USE ADDRESS SPACE ACEE @KYL0108 <-COMMENT * CLC ACEEACEE,EYEACEE IS IT REALLY AN ACEE? @KYL0108 <-COMMENT * BE SATH027 YES, PROCEED NORMALLY @KYL0108 <-COMMENT SPACE 1 SATH024 DS 0H USE ADDRESS SPACE ACEE @KYL0108 . . .
3. Search for the SATH025 label - replace sath025 and add sath026 (FOCDSN4):
SATH025 DS 0H CALL FOCDSN4 GO GET THE IBI EXIT (4=GROUP AUTH) <--ADD LTR R6,R6 DOES AN ACEE EXIST? IF NOT, <--ADD BZ SATH026 CHECK ACEE IN ADDRESS SPACE <--ADD CLC ACEEACEE,EYEACEE DOES IT LOOK LIKE AN ACEE? <--ADD BE SATH027 YES, GO DO GROUPS <--ADD SATH026 DS 0H <--ADD L R6,ASCBASXB GET ADDRESS SPACE EXTENSION BLOCK <--ADD L R6,ASXBSENV-ASXB(,R6) GET ACEE ADDRESS <--ADD CLC ACEEACEE,EYEACEE DOES IT LOOK LIKE AN ACEE? <--ADD BNE SATH049 NO, THEN CAN'T DO GROUPS <--ADD DROP R8 DROP ASCB BASE REG <--ADD SPACE 1 <--ADD
SATH027 DS 0H CHECK LIST OF GROUPS OPTION TM RCVTOPTX,RCVTLGRP IS LIST OF GROUPS CHECKING ACTIVE BZ SATH040 SKIP TO SINGLE GROUP COPY IF NOT DROP R7 DROP RCVT BASE REG SPACE 1 * RACF LIST OF GROUPS OPTION IS ACTIVE EJECT . . .
Information Builders |