/* REXX */ /* CLS2REXXed by FSOX001 on 27 Jul 2016 at 10:24:07 */ Signal On NoValue Call On Error Signal On Failure Signal On Syntax Parse source opsys . exec_name . Address ISREDIT "MACRO" /* CACM0421 EDIT TEMP2(GRSLIST) */ /*********************************************************************/ /* 10/28/2004 JL.NELSON Created to write GRSLIST to TEMP3 */ /* 12/02/2004 JL.NELSON Changed for all fields in TBLSTC */ /* 02/14/2005 JL.NELSON Changed constants to variables */ /* 03/14/2005 JL.NELSON Added program name to output TEMP3 */ /* 03/16/2005 JL.NELSON Correct length error code 864 */ /* 06/09/2005 JL.NELSON Pass MAXCC in ZISPFRC variable */ /* 06/09/2005 JL.NELSON Fixed 860 error on *MASTER* STC */ /* 03/07/2006 JL.NELSON Made changes to avoid SUBSTR abend 920/932. */ /* 03/20/2006 JL.NELSON Use NRSTR avoid abend 900 if ampersand in */ /* data. */ /* 03/29/2006 JL.NELSON Test for empty member LINENUM Rcode = 4. */ /* 07/07/2007 CL.Fenton, change made to drop alias data sets. */ /* 06/02/2009 CL.FENTON Changes on how TBLSTC is processed. */ /* 11/10/2015 CL.FENTON Added collection of dataset that contains */ /* the RACF REXX security exit, STS-011660. */ /* 05/17/2016 CL.FENTON Changed the collection of dataset that */ /* contains the RACF REXX security exit, STS-014540. */ /* 08/01/2016 CL.FENTON Converted script from CLIST to REXX. */ /* 08/17/2016 CL.FENTON Changes made to collect SYSREXX datasets */ /* for new vulnerability ACP00062 and also stream lined */ /* if statements to prevent excessive security violations */ /* when evaluating for RACF REXX security exit, */ /* STS-015247. */ /* */ /* */ /*********************************************************************/ pgmname = "CACM0421 08/17/16" sysprompt = "OFF" /* CONTROL NOPROMPT */ sysflush = "OFF" /* CONTROL NOFLUSH */ sysasis = "ON" /* CONTROL ASIS - caps off */ Address ISPEXEC "CONTROL NONDISPL ENTER" Address ISPEXEC "CONTROL ERRORS RETURN" return_code = 0 /*******************************************/ /* VARIABLES ARE PASSED TO THIS MACRO */ /* CONSLIST */ /* COMLIST */ /* SYMLIST */ /* TERMMSGS */ /* ACPNAME */ /* TEMP3 */ /* TBLSTC */ /*******************************************/ Address ISPEXEC "VGET (CONSLIST COMLIST SYMLIST TERMMSGS ACPNAME", "TEMP3 TBLSTC) ASIS" cm21vget = return_code If return_code <> 0 then do Say pgmname "VGET RC =" return_code zerrsm Say pgmname "CONSLIST/"conslist "COMLIST/"comlist "SYMLIST/"symlist , "TERMMSGS/"termmsgs Say pgmname "ACPNAME/"acpname "TEMP3/"temp3 "TBLSTC/"tblstc return_code = return_code + 16 SIGNAL ERR_EXIT end If CONSLIST = "ON" | COMLIST = "ON" | SYMLIST = "ON" , then Trace r maxcc = 0 return_code = 0 /*******************************************/ /* TURN ON MESSAGES */ /*******************************************/ syssymlist = symlist /* CONTROL SYMLIST/NOSYMLIST */ sysconlist = conslist /* CONTROL CONLIST/NOCONLIST */ syslist = comlist /* CONTROL LIST/NOLIST */ sysmsg = termmsgs /* CONTROL MSG/NOMSG */ /*******************************************/ /* MAIN PROCESS */ /*******************************************/ "(MEMBER) = MEMBER" "(DSNAME) = DATASET" return_code = 0 "(LASTLINE) = LINENUM .ZLAST" If return_code > 0 then do If lastline = 0 then Say pgmname "Empty file RCode =" return_code "DSN="dsname, "MEMBER="member strip(zerrsm) Else Say pgmname "LINENUM Error RCode =" return_code "DSN="dsname, "MEMBER="member strip(zerrsm) SIGNAL ERR_EXIT end /*******************************************/ /* Copy entries */ /*******************************************/ ostc = "" blk44 = " " READ_NEXT: do icnt = 1 to lastline return_code = 0 "(DATA) = LINE" icnt dl = length(data) If dl < 27 then iterate istc = substr(data,9,8) idsn = substr(data,26) idsn = strip(idsn) If istc <> ostc then do ostc = istc Call find_iter end If substr(istc,1,3) = "AXR" then iter = "AK " If iter = "AK " & acpname = "RACF" then do return_code = listdsi("'"idsn"'") If sysreason = 0 & substr(sysdsorg" ",1,2) = "PO" then If sysdsn("'"idsn"(IRRPWREX)'") = "OK" then do Say pgmname "Found IRRPWREX in dataset" idsn "for vulnerablity", "RACF0465 being used by" strip(istc)"." iter = "AJ " ostc = "" end end If iter <> "99 " then do ac = substr(iter||idsn||blk44,1,50) ac = ac||pgmname return_code = 0 otrp = outtrap("out.") Address TSO "LISTCAT ENTRY('"idsn"') ALIAS ALL" otrp = outtrap("OFF") If return_code > 0 then Address ISPEXEC "LMPUT DATAID("temp3") MODE(INVAR) DATALOC(AC)", "DATALEN("length(ac)") NOBSCAN" end end END_EXIT: return_code = 0 ERR_EXIT: If maxcc >= 16 | return_code > 0 then do Address ISPEXEC "VGET (ZISPFRC) SHARED" If maxcc > zispfrc then zispfrc = maxcc Else zispfrc = return_code Address ISPEXEC "VPUT (ZISPFRC) SHARED" Say pgmname "ZISPFRC =" zispfrc end cm421rc = return_code Address ISPEXEC "VPUT (CM21VGET CM21VPUT CM421RC) ASIS" "END" "MEND" Exit (0) /*******************************************/ /* SYSCALL SUBROUTINES */ /*******************************************/ /* SYSCALL FIND_ITER */ FIND_ITER: ITER = "99 " x = 0 do forever if x = 0 then x = wordpos(istc,tblstc) else x = wordpos(istc,tblstc,x+1) if x = 0 then leave y = wordindex(tblstc,x)-4 if substr(tblstc,y,1) = "#" then do TBLENT = substr(tblstc,y) parse var TBLENT . 2 ITER . ITER = left(ITER,3) leave end end Return (rc) NoValue: Failure: Syntax: say pgmname 'REXX error' rc 'in line' sigl':' strip(ERRORTEXT(rc)) say SOURCELINE(sigl) SIGNAL ERR_EXIT Error: return_code = RC if RC > 4 & RC <> 8 then do say pgmname "LASTCC =" RC strip(zerrlm) say pgmname 'REXX error' rc 'in line' sigl':' ERRORTEXT(rc) say SOURCELINE(sigl) end if return_code > maxcc then maxcc = return_code return