/* REXX */ /* CLS2REXXed by UMLA01S on 2 Aug 2021 at 10:01:41 */ /*Trace ?r*/ Signal On NoValue Call On Error Signal On Failure Signal On Syntax Parse source opsys . exec_name . /*********************************************************************/ /* 05/06/2004 JL Nelson Changed for new findings. */ /* 06/18/2004 JL Nelson Added EXIT CODE. */ /* 06/23/2004 JL Nelson Added code to check security system. */ /* 11/03/2004 JL Nelson Skip RACF table - not used. */ /* 11/09/2004 JL Nelson Added code for Authorized users. */ /* 01/19/2005 JL Nelson Changed LMMFIND error message. */ /* 02/25/2005 JL Nelson Changed constants to variables. */ /* 03/09/2005 JL Nelson Changed LMMREP to LMMADD/LMMREP to avoid */ /* errors. */ /* 03/23/2005 JL Nelson Added TYPERUN for Reports without PDIs. */ /* 04/06/2005 JL Nelson Added PDI NF records for no input datasets. */ /* 06/09/2005 JL Nelson Pass MAXCC in ZISPFRC variable. */ /* 06/15/2005 JL Nelson Reset return code to end job step. */ /* 07/18/2005 JL Nelson Changed empty report text per Charles. */ /* 03/09/2006 JL Nelson Set/test RCode for every ISPEXEC command. */ /* 09/10/2007 CL Fenton Added resource collection. Chgd several */ /* variables and routines being executed by process. */ /* 07/16/2009 CL Fenton Changes CACT0001 to CACT0000, CACM042V to */ /* CACM000T. Changes for reflect new table information. */ /* 05/30/2012 CL Fenton Chgs to allow use of AUACCESS for */ /* authorized users list to prevent the possible */ /* "IKJ56548I INSUFFICIENT STORAGE FOR CLIST TO */ /* CONTINUE" message from occurring when a DIALOG user */ /* group contains an excessive number of user, */ /* CSD-AR003400969. */ /* 08/29/2016 CL Fenton Correct issue with TBLMBR. */ /* 06/01/2017 CL Fenton Added RACFRPT dataset and CARM0005, */ /* STS-017060. */ /* 08/02/2021 CL Fenton Converted script from CLIST to REXX. */ /* */ /* */ /* */ /*********************************************************************/ CONSLIST = "OFF" /* DEFAULT IS OFF */ COMLIST = "OFF" /* DEFAULT IS OFF */ SYMLIST = "OFF" /* DEFAULT IS OFF */ TERMMSGS = "OFF" /* DEFAULT IS OFF */ sysflush = "OFF" pgmname = "CARC0420 08/02/21" sysprompt = "OFF" /* CONTROL NOPROMPT */ sysasis = "ON" /* CONTROL ASIS - caps off */ TYPERUN = "FSO" /* Run for SRRAUDIT | FSO */ CACC1000 = "CACC1000" /* SELECT SECURITY CHECK PGM */ CACM000T = "CACM000T" /* SELECT EDIT macro/CACT0000 */ CACM0422 = "CACM0422" /* SELECT EDIT macro AUACCESS(*) */ CACM042R = "CACM042R" /* SELECT EDIT macro/CACT0008 */ CARM0005 = "CARM0005" /* SELECT EDIT macro/RACFRPT */ CACT0000 = "CACT0000" /* SELECT MVS REPORT TABLE */ CACT0008 = "CACT0008" /* SELECT RESOURCE TABLE */ LISTGRP = "LGT" /* Member in RACFCMDS.RPT */ CARM0120 = "CARM0120" /* SELECT EDIT MACRO/TEMP5 */ CARM0420 = "CARM0420" /* SELECT EDIT MACRO/TEMP5 */ CNTLDD = "CNTL" /* Default DDNAME - Security table */ DIALOGDD = "DIALOG" /* Default DDNAME - Auth users */ AUACCESSDD = "AUACCESS" /* Default DDNAME - Work file */ SENSITVEDD = "SENSITVE" /* Default DDNAME - Sensitive rpts */ TEMP5DD = "TEMP5" /* Default DDNAME - TEMP records */ TEMP6DD = "TEMP6" /* Default DDNAME - TEMP records */ TRACE = "OFF" /* TRACE ACTIONS AND ERRORS */ Numeric digits 10 /* default of 9 not enough */ maxcc = 0 lminit_auaccess_rc = "NA" lminit_cntl_rc = "NA" lminit_dialog_rc = "NA" lminit_racfrpt_rc = "NA" lminit_sensitve_rc = "NA" lminit_temp5_rc = "NA" lminit_temp6_rc = "NA" lmopen_auaccess_rc = "NA" lmopen_cntl_rc = "NA" lmopen_dialog_rc = "NA" lmopen_sensitve_rc = "NA" lmopen_temp5_rc = "NA" lmopen_temp6_rc = "NA" view_cact0000_rc = "NA" cm00trc = "NA" cm0tvget = "NA" cm0tvput = "NA" rm420rc = "NA" lmclose_auaccess_rc = "NA" lmclose_cntl_rc = "NA" lmclose_dialog_rc = "NA" lmclose_sensitve_rc = "NA" lmclose_temp5_rc = "NA" lmclose_temp6_rc = "NA" lmfree_auaccess_rc = "NA" lmfree_cntl_rc = "NA" lmfree_dialog_rc = "NA" lmfree_racfrpt_rc = "NA" lmfree_sensitve_rc = "NA" lmfree_temp5_rc = "NA" lmfree_temp6_rc = "NA" Arg OPTION do until OPTION = "" parse var OPTION key"("val")" OPTION val = strip(val,"b","'") val = strip(val,"b",'"') optcmd = key '= "'val'"' interpret optcmd end return_code = 0 If trace = "ON" then do /* TURN messages on */ termmsgs = "ON" /* CONTROL MSG */ comlist = "ON" /* CONTROL LIST */ conslist = "ON" /* CONTROL CONLIST */ symlist = "ON" /* CONTROL SYMLIST */ end If CONSLIST = "ON" | COMLIST = "ON" | SYMLIST = "ON" | TRACE = "ON", then Trace ?r syssymlist = symlist /* CONTROL SYMLIST/NOSYMLIST */ sysconlist = conslist /* CONTROL CONLIST/NOCONLIST */ syslist = comlist /* CONTROL LIST/NOLIST */ sysmsg = termmsgs /* CONTROL MSG/NOMSG */ auacccnt = 0 lp = "(" rp = ")" Address ISPEXEC "CONTROL NONDISPL ENTER" "CONTROL ERRORS RETURN" zispfrc = 0 "VPUT (ZISPFRC) SHARED" return_code = 0 "VPUT (CONSLIST COMLIST SYMLIST TERMMSGS TYPERUN AUACCCNT)", "ASIS" rc20vput = return_code If return_code <> 0 then do Say pgmname "VPUT RC =" return_code zerrsm return_code = return_code + 16 Signal ERR_EXIT end /* Determine which security system is running */ return_code = 0 "SELECT CMD("cacc1000 "ACP)" "VGET (ACPNAME ACPVERS) ASIS" If acpname <> "RACF" then do Say pgmname "RACF Job running on the wrong system" Say pgmname acpname acpvers Say pgmname "CCACPRC =" ccacprc return_code = 20 Signal ERR_EXIT end /*******************************************/ /* INITIALIZE LIBRARY MANAGEMENT */ /*******************************************/ return_code = 0 "LMINIT DATAID(AUACCESS) DDNAME("auaccessdd") ENQ(EXCLU)" lminit_auaccess_rc = return_code If return_code <> 0 then do Say pgmname "LMINIT_AUACCESS_RC =" return_code zerrsm return_code = return_code + 16 Signal ERR_EXIT end "LMINIT DATAID(CNTL) DDNAME("cntldd")" lminit_cntl_rc = return_code If return_code <> 0 then do Say pgmname "LMINIT_CNTL_RC =" return_code zerrsm return_code = return_code + 16 Signal ERR_EXIT end "LMINIT DATAID(DIALOG) DDNAME("dialogdd")" lminit_dialog_rc = return_code If return_code <> 0 then do Say pgmname "LMINIT_DIALOG_RC =" return_code zerrsm return_code = return_code + 16 Signal ERR_EXIT end "LMINIT DATAID(RACFRPT) DDNAME(RACFRPT)" lminit_racfrpt_rc = return_code If return_code <> 0 then do Say pgmname "LMINIT RACFRPT RC =" return_code zerrsm return_code = return_code + 16 Signal ERR_EXIT end "LMINIT DATAID(SENSITVE) DDNAME("sensitvedd")" lminit_sensitve_rc = return_code If return_code <> 0 then do Say pgmname "LMINIT_SENSITVE_RC =" return_code zerrsm return_code = return_code + 16 Signal ERR_EXIT end "LMINIT DATAID(TEMP5) DDNAME("temp5dd")" lminit_temp5_rc = return_code If return_code <> 0 then do Say pgmname "LMINIT_TEMP5_RC =" return_code zerrsm return_code = return_code + 16 Signal ERR_EXIT end "LMINIT DATAID(TEMP6) DDNAME("temp6dd")" lminit_temp6_rc = return_code If return_code <> 0 then do Say pgmname "LMINIT_TEMP6_RC =" return_code zerrsm return_code = return_code + 16 Signal ERR_EXIT end x = listdsi(sensitvedd "FILE") listdsi_file_rcode = return_code listdsi_file_reason = sysreason If sysreason = 0 then do odsname = sysdsname listdsi_file_msglvl2 = sysmsglvl2 end Else do Say pgmname "Unable to determine SENSITVE DSN SYSREASON" sysreason Say pgmname sysmsglvl1 Say pgmname sysmsglvl2 end /*******************************************/ /* OPEN DATASETS */ /*******************************************/ return_code = 0 "LMOPEN DATAID("auaccess") OPTION(INPUT)" lmopen_auaccess_rc = return_code If return_code <> 0 then do Say pgmname "LMOPEN_AUACCESS_RC =" return_code zerrsm Signal ERR_EXIT end "LMOPEN DATAID("cntl") OPTION(INPUT)" lmopen_cntl_rc = return_code If return_code <> 0 then do Say pgmname "LMOPEN_CNTL_RC =" return_code zerrsm Signal ERR_EXIT end "LMOPEN DATAID("dialog") OPTION(INPUT)" lmopen_dialog_rc = return_code If return_code <> 0 then do Say pgmname "LMOPEN_DIALOG_RC =" return_code zerrsm Signal ERR_EXIT end "LMOPEN DATAID("sensitve") OPTION(OUTPUT)" lmopen_sensitve_rc = return_code If return_code <> 0 then do Say pgmname "LMOPEN_SENSITVE_RC =" return_code zerrsm return_code = return_code + 16 Signal ERR_EXIT end "LMOPEN DATAID("temp5") OPTION(INPUT)" lmopen_temp5_rc = return_code If return_code <> 0 then do Say pgmname "LMOPEN_TEMP5_RC =" return_code zerrsm return_code = return_code + 16 Signal ERR_EXIT end "LMOPEN DATAID("temp6") OPTION(OUTPUT)" lmopen_temp6_rc = return_code If return_code <> 0 then do Say pgmname "LMOPEN_TEMP6_RC =" return_code zerrsm return_code = return_code + 16 Signal ERR_EXIT end /*******************************************/ /* PUT VARS IN POOL */ /*******************************************/ "VPUT (CACM0422 CACM042R CARM0005 CACT0000 CACT0008 LISTGRP CNTL", "DIALOG AUACCESS RACFRPT SENSITVE TEMP5 TEMP6 ) ASIS" /*******************************************/ /* GET TABLE VALUES */ /*******************************************/ return_code = 0 "VIEW DATAID("cntl") MACRO("cacm000t") MEMBER("cact0000")" view_cact0000_rc = return_code return_code = 0 "VGET (CM0TVGET CM0TVPUT CM00TRC TBLMBR) ASIS" If view_cact0000_rc > 4 then do Say pgmname "VIEW CNTL" cact0000 "RC =" cm00trc zerrsm return_code = return_code + 16 Signal ERR_EXIT end /*******************************************/ /* EDIT RACF REPORTS */ /*******************************************/ tblmbr = strip(strip(tblmbr,"T"),"L","#") do until tblmbr = "" parse var tblmbr tabledata "#" tblmbr parse var tabledata 1 iter 3 . 4 rptmbr pdimbr 22 title "@" . rptmbr = strip(rptmbr,"B") pdimbr = strip(pdimbr,"B") return_code = 0 "LMMFIND DATAID("temp5") MEMBER("iter")" /*If return_code = 0 then, Signal CHECK_SENSMBR*/ If return_code <> 0 then do Say pgmname "LMMFIND_TEMP5_RC =" return_code "MEMBER" iter rptmbr, zerrsm /*******************************************/ /* PUT HEADINGS OUT */ /*******************************************/ headline = " "title ac = headline "LMPUT DATAID("sensitve") MODE(INVAR) DATALOC(AC)", "DATALEN("length(ac)") MEMBER("rptmbr")" headlin1 = left(" ",133,"=") /*headlin1 = " ======================================= 39 headlin1 = headlin1"=============================== 31 headlin1 = headlin1"=============================== headlin1 = headlin1"===============================*/ ac = headlin1 "LMPUT DATAID("sensitve") MODE(INVAR) DATALOC(AC)", "DATALEN("length(ac)") MEMBER("rptmbr")" ac = " " "LMPUT DATAID("sensitve") MODE(INVAR) DATALOC(AC)", "DATALEN("length(ac)") MEMBER("rptmbr")" headlin3 = " The datasets in this category are not listed for", "one of the following reasons:" ac = headlin3 "LMPUT DATAID("sensitve") MODE(INVAR) DATALOC(AC)", "DATALEN("length(ac)") MEMBER("rptmbr")" headlin4 = "1) Datasets have been listed previously in other", "reports. Therefore, to avoid duplication, they have been", "omitted from this report." ac = headlin4 "LMPUT DATAID("sensitve") MODE(INVAR) DATALOC(AC)", "DATALEN("length(ac)") MEMBER("rptmbr")" headlin5 = "2) Datasets were not collected for this category." ac = headlin5 "LMPUT DATAID("sensitve") MODE(INVAR) DATALOC(AC)", "DATALEN("length(ac)") MEMBER("rptmbr")" headlin6 = "3) A security violation or error occurred with the", "ACP command used in the collecting of information for", "datasets." ac = headlin6 "LMPUT DATAID("sensitve") MODE(INVAR) DATALOC(AC)", "DATALEN("length(ac)") MEMBER("rptmbr")" return_code = 0 "LMMADD DATAID("sensitve") MEMBER("rptmbr")" If return_code = 4 then do return_code = 0 "LMMREP DATAID("sensitve") MEMBER("rptmbr")" If return_code <> 0 then, Say pgmname "LMMREP_SENSITVE_RC =" return_code rptmbr zerrsm end Else, If return_code <> 0 then, Say pgmname "LMMADD_SENSITVE_RC =" return_code rptmbr zerrsm /* If pdimbr = " " then, Signal DO_CNT_END*/ If pdimbr = " " then, iterate ac = "SRR END" "LMPUT DATAID("temp6") MODE(INVAR) DATALOC(AC)", "DATALEN("length(ac)") MEMBER("pdimbr")" ac = headlin1 "LMPUT DATAID("temp6") MODE(INVAR) DATALOC(AC)", "DATALEN("length(ac)") MEMBER("pdimbr")" ac = " " "LMPUT DATAID("temp6") MODE(INVAR) DATALOC(AC)", "DATALEN("length(ac)") MEMBER("pdimbr")" ac = headlin3 "LMPUT DATAID("temp6") MODE(INVAR) DATALOC(AC)", "DATALEN("length(ac)") MEMBER("pdimbr")" ac = headlin4 "LMPUT DATAID("temp6") MODE(INVAR) DATALOC(AC)", "DATALEN("length(ac)") MEMBER("pdimbr")" ac = headlin5 "LMPUT DATAID("temp6") MODE(INVAR) DATALOC(AC)", "DATALEN("length(ac)") MEMBER("pdimbr")" ac = headlin6 "LMPUT DATAID("temp6") MODE(INVAR) DATALOC(AC)", "DATALEN("length(ac)") MEMBER("pdimbr")" return_code = 0 "LMMADD DATAID("temp6") MEMBER("pdimbr")" If return_code = 4 then do return_code = 0 "LMMREP DATAID("temp6") MEMBER("pdimbr")" If return_code <> 0 then, Say pgmname "LMMREP_TEMP6_RC =" return_code pdimbr zerrsm end Else, If return_code <> 0 then, Say pgmname "LMMADD_TEMP6_RC =" return_code pdimbr zerrsm iterate /* Signal DO_CNT_END*/ end CHECK_SENSMBR: return_code = 0 /*******************************************/ /* PUT VARS IN POOL */ /*******************************************/ restype = "DSN" "VPUT (TITLE PDIMBR RPTMBR RESTYPE ODSNAME) ASIS" /*******************************************/ /* Get authorized users */ /*******************************************/ pdimbr = pdimbr If pdimbr <> " " then do return_code = 0 "EDIT DATAID("auaccess") MACRO("cacm0422") MEMBER("rptmbr")" end Else do tblusr = "#" "VPUT (TBLUSR) ASIS" end return_code = 0 "VIEW DATAID("temp5") MACRO("carm0420") MEMBER("iter")" If return_code > 4 then, Say pgmname "VIEW_TEMP5_RC =" return_code "MEMBER" iter rptmbr, zerrsm DO_CNT_END: end rectype = 1 pdiname = "" resname = "" "VPUT (RECTYPE PDINAME RESNAME) ASIS" return_code = 0 "VIEW DATAID("cntl") MEMBER("cact0008") MACRO("cacm042r")" view_cact0008_rc = return_code If view_cact0008_rc > 4 then do Say pgmname "VIEW CNTL" cact0008 "RC =" view_cact0008_rc return_code = return_code + 16 Signal BYPASS_CACT0008 end "VGET (REC1TBL) ASIS" Do X = 1 to length(rec1tbl) by 18 parse var rec1tbl . =(x) pdimbr btitle . /*pdimbr = substr(rec1tbl,x,8) /* PDI ID */ btitle = substr(rec1tbl,x+9,8) /* RESOURCE NAME */*/ return_code = 0 "LMMFIND DATAID("temp5") MEMBER("pdimbr")" If return_code <> 0 then, Say pgmname "LMMFIND_TEMP5_RC =" return_code "MEMBER =" rptname, zerrsm Else do /*******************************************/ /* PUT VARS IN POOL */ /*******************************************/ "VPUT (BTITLE) ASIS" return_code = 0 "VIEW DATAID("temp5") MACRO("carm0120") MEMBER("pdimbr")" If return_code > 4 then, Say pgmname "VIEW_TEMP5_RC =" return_code "MEMBER =" rptname, zerrsm end end BYPASS_CACT0008: return_code = 0 /*******************************************/ /* CLOSE OUTPUT */ /*******************************************/ END_EXIT: return_code = 0 "LMCLOSE DATAID("auaccess")" lmclose_auaccess_rc = return_code return_code = 0 "LMCLOSE DATAID("cntl")" lmclose_cntl_rc = return_code return_code = 0 "LMCLOSE DATAID("dialog")" lmclose_dialog_rc = return_code return_code = 0 "LMCLOSE DATAID("sensitve")" lmclose_sensitve_rc = return_code return_code = 0 "LMCLOSE DATAID("temp5")" lmclose_temp5_rc = return_code return_code = 0 "LMCLOSE DATAID("temp6")" lmclose_temp6_rc = return_code return_code = 0 "LMCOMP DATAID("auaccess")" lmcomp_auaccess_rc = return_code /*******************************************/ /* FREE FILES */ /*******************************************/ return_code = 0 "LMFREE DATAID("auaccess")" lmfree_auaccess_rc = return_code return_code = 0 "LMFREE DATAID("cntl")" lmfree_cntl_rc = return_code return_code = 0 "LMFREE DATAID("dialog")" lmfree_dialog_rc = return_code return_code = 0 "LMFREE DATAID("racfrpt")" lmfree_racfrpt_rc = return_code return_code = 0 "LMFREE DATAID("sensitve")" lmfree_sensitve_rc = return_code return_code = 0 "LMFREE DATAID("temp5")" lmfree_temp5_rc = return_code return_code = 0 "LMFREE DATAID("temp6")" lmfree_temp6_rc = return_code return_code = 0 /*******************************************/ /* ERROR EXIT */ /*******************************************/ ERR_EXIT: If maxcc >= 16 | return_code > 0 then do "VGET (ZISPFRC) SHARED" If maxcc > zispfrc then, zispfrc = maxcc Else, zispfrc = return_code "VPUT (ZISPFRC) SHARED" Say pgmname "ZISPFRC =" zispfrc end "VGET (CM42VRC RM420RC) ASIS" If termmsgs = "ON" then do Say "===============================================================" Say pgmname "LMINIT_AUACCESS_RC "lminit_auaccess_rc Say pgmname "LMINIT_CNTL_RC "lminit_cntl_rc Say pgmname "LMINIT_DIALOG_RC "lminit_dialog_rc Say pgmname "LMINIT_RACFRPT_RC "lminit_racfrpt_rc Say pgmname "LMINIT_SENSITVE_RC "lminit_sensitve_rc Say pgmname "LMINIT_TEMP5_RC "lminit_temp5_rc Say pgmname "LMINIT_TEMP6_RC "lminit_temp6_rc Say "===============================================================" Say pgmname "LMOPEN_AUACCESS_RC "lmopen_auaccess_rc Say pgmname "LMOPEN_CNTL_RC "lmopen_cntl_rc Say pgmname "LMOPEN_DIALOG_RC "lmopen_dialog_rc Say pgmname "LMOPEN_SENSITVE_RC "lmopen_sensitve_rc Say pgmname "LMOPEN_TEMP5_RC "lmopen_temp5_rc Say pgmname "LMOPEN_TEMP6_RC "lmopen_temp6_rc Say "===============================================================" Say pgmname "VIEW_CACT0000_RC "view_cact0000_rc Say pgmname cacm000t "CM00TRC "cm00trc If cm00trc <> 0 then do Say pgmname cacm000t "VGET "cm0tvget Say pgmname cacm000t "VPUT "cm0tvput end Say pgmname carm0420 "RM420RC "rm420rc Say "===============================================================" Say pgmname "LMCLOSE_AUACCESS_RC "lmclose_auaccess_rc Say pgmname "LMCLOSE_CNTL_RC "lmclose_cntl_rc Say pgmname "LMCLOSE_DIALOG_RC "lmclose_dialog_rc Say pgmname "LMCLOSE_SENSITVE_RC "lmclose_sensitve_rc Say pgmname "LMCLOSE_TEMP5_RC "lmclose_temp5_rc Say pgmname "LMCLOSE_TEMP6_RC "lmclose_temp6_rc Say "===============================================================" Say pgmname "LMFREE_AUACCESS_RC "lmfree_auaccess_rc Say pgmname "LMFREE_CNTL_RC "lmfree_cntl_rc Say pgmname "LMFREE_DIALOG_RC "lmfree_dialog_rc Say pgmname "LMFREE_RACFRPT_RC "lmfree_racfrpt_rc Say pgmname "LMFREE_SENSITVE_RC "lmfree_sensitve_rc Say pgmname "LMFREE_TEMP5_RC "lmfree_temp5_rc Say pgmname "LMFREE_TEMP6_RC "lmfree_temp6_rc Say "===============================================================" end Exit /*******************************************/ /* SYSCALL SUBROUTINES */ /*******************************************/ substrc: Procedure If arg(3) = '' Then Do s = Arg(1) l = 1 v = arg(2) End Else Do s = arg(1) l = arg(2)-arg(1)+1 v = arg(3) End Return substr(v,s,l) NoValue: Failure: Syntax: say pgmname "REXX error" rc "in line" sigl":" strip(ERRORTEXT(rc)) say SOURCELINE(sigl) SIGNAL ERR_EXIT Error: return_code = RC if RC > 4 & RC <> 8 then do say pgmname "LASTCC =" RC strip(zerrlm) say pgmname "REXX error" rc "in line" sigl":" ERRORTEXT(rc) say SOURCELINE(sigl) end if return_code > maxcc then, maxcc = return_code return