PROC 0 - CONSLIST(OFF) /* DEFAULT IS OFF */ - COMLIST(OFF) /* DEFAULT IS OFF */ - SYMLIST(OFF) /* DEFAULT IS OFF */ - TERMMSGS(ON) /* DEFAULT IS OFF */ - TYPERUN(FSO) /* Run for SRRAUDIT | FSO */ - CACC1000(CACC1000) /* SELECT SECURITY CHECK PGM*/ - CARM0527(CARM0527) /* EDIT MACRO USERLIST report */ - USERLDSN(NULLFILE) /* LIST dataset name */ - USERRDSN(NULLFILE) /* RACF report dataset name */ - PDIDDN(PDIDD) /* PDI DDNAME IN JCL */ - DIALDDN(DIALOG) /* DIALOG DDNAME IN JCL */ - USERLDDN(USERLIST) /* USERLIST DDNAME IN JCL */ - USERRDDN(USERREPT) /* ACP REPORT DDNAME IN JCL */ - TRACE(OFF) /* TRACE ACTIONS AND ERRORS */ /* 01/18/2006 JL Nelson Copied from CARC0501 for new PDI checks. /* 01/23/2006 JL Nelson Added code to VIEW report for new PDI checks. /* 01/27/2006 JL Nelson Added check for TSO segment /* 03/07/2006 JL Nelson Made changes to avoid abend 920/932. /* 06/27/2006 JL Nelson Drop error message on end-of-file. /* 04/07/2010 CL Fenton Chgd record format and added PASS-INTERVAL. /* Corrected error on userids having more than 35 attributes. /* Reduced the number of attribute fields collected. /* 08/31/2010 CL Fenton Added Dialog data set to remove authorized /* users from PDI member created in this process. /* 01/05/2011 CL Fenton Chgd use of GRP0 for first connected group. /* 05/13/2011 CL Fenton Chgs made to allow for additional GRP entries /* and to identify records that exceed lrecl. /* 09/23/2011 CL Fenton Chgs to load information preceeding a connect /* group, CSD-AR003000316. /* 04/16/2012 CL Fenton Chgs made to prevent "INSUFFICIENT STORAGE" /* error, CSD-AR003372636. /* 02/19/2020 CL Fenton Added PHRASEDATE for evaluation, STS-023663. SET PGMNAME = &STR(CARC0527 02/19/20) NGLOBAL USERLIST USERID NAME NR TSOPROC TSOACCT USRL_LRECL CNT NGLOBAL PGMNAME OWNER DFTGRP PASSDATE PWPDATE PASSINT LASTACC NGLOBAL GRP0 GRP1 GRP2 GRP3 GRP4 GRP5 GRP6 GRP7 GRP8 GRP9 NGLOBAL GRP10 GRP11 GRP12 GRP13 GRP14 GRP15 GRP16 GRP17 GRP18 GRP19 NGLOBAL GRP20 GRP21 GRP22 GRP23 GRP24 GRP25 GRP26 GRP27 GRP28 GRP29 NGLOBAL GRP30 GRP31 GRP32 GRP33 GRP34 GRP35 GRP36 GRP37 GRP38 GRP39 ISPEXEC CONTROL ERRORS RETURN /* ERROR ROUTINE */ ERROR DO SET RETURN_CODE = &LASTCC /* SAVE LAST ERROR CODE */ IF &LASTCC GT 16 AND + &LASTCC NE 400 THEN /* End of file */ + WRITE &PGMNAME LASTCC = &LASTCC &ZERRLM RETURN END SET SYSPROMPT = OFF /* CONTROL NOPROMPT */ SET SYSFLUSH = OFF /* CONTROL NOFLUSH */ SET SYSASIS = ON /* CONTROL ASIS - caps off */ IF &TRACE = ON THEN DO /* TURN messages on */ SET TERMMSGS = ON /* CONTROL MSG */ SET COMLIST = ON /* CONTROL LIST */ SET CONSLIST = ON /* CONTROL CONLIST */ SET SYMLIST = ON /* CONTROL SYMLIST */ END SET SYSSYMLIST = &SYMLIST /* CONTROL SYMLIST/NOSYMLIST */ SET SYSCONLIST = &CONSLIST /* CONTROL CONLIST/NOCONLIST */ SET SYSLIST = &COMLIST /* CONTROL LIST/NOLIST */ SET SYSMSG = &TERMMSGS /* CONTROL MSG/NOMSG */ SET ZISPFRC = 0 ISPEXEC VPUT (ZISPFRC) SHARED SET RETURN_CODE = 0 ISPEXEC VPUT ( + SYMLIST + CONSLIST + COMLIST + TERMMSGS + TYPERUN + ) ASIS SET RC527VP = &RETURN_CODE IF &RETURN_CODE NE 0 THEN DO WRITE &PGMNAME VPUT RC = &RETURN_CODE &ZERRSM SET RETURN_CODE = &RETURN_CODE + 16 GOTO ERR_EXIT END /* Determine which security system is running */ SET RETURN_CODE = 0 ISPEXEC SELECT CMD(&CACC1000 ACP) ISPEXEC VGET ( + ACPNAME + ACPVERS + ) ASIS IF &STR(&ACPNAME) NE &STR(RACF) THEN DO WRITE &PGMNAME RACF Job running on the wrong system WRITE &PGMNAME &ACPNAME &ACPVERS SET RETURN_CODE = 20 GOTO ERR_EXIT END /* *************************************** */ /* INITIALIZE LIBRARY MANAGEMENT */ /* *************************************** */ LISTDSI &USERLDDN FILE IF &SYSREASON EQ 0 THEN DO SET USERLDSN = &SYSDSNAME SET LISTDSI_USER_MSGLVL2 = &STR(&SYSMSGLVL2) END ELSE DO WRITE &PGMNAME Unable to determine LIST DSNAME SYSREASON &SYSREASON WRITE &PGMNAME &STR(&SYSMSGLVL1) WRITE &PGMNAME &STR(&SYSMSGLVL2) SET RETURN_CODE = 12 GOTO ERR_EXIT END IF &SYSINDEX(&STR(V),&STR(&SYSRECFM)) EQ 0 THEN + SET USRL_LRECL = &SYSLRECL ELSE + SET USRL_LRECL = &SYSLRECL - 4 LISTDSI &USERRDDN FILE IF &SYSREASON EQ 0 THEN DO SET USERRDSN = &SYSDSNAME SET LISTDSI_USER_MSGLVL2 = &STR(&SYSMSGLVL2) END ELSE DO WRITE &PGMNAME Unable to determine REPT DSNAME SYSREASON &SYSREASON WRITE &PGMNAME &STR(&SYSMSGLVL1) WRITE &PGMNAME &STR(&SYSMSGLVL2) SET RETURN_CODE = 12 GOTO ERR_EXIT END IF &TRACE EQ ON THEN DO WRITE &PGMNAME Input file &USERRDSN WRITE &PGMNAME Output file &USERLDSN END SET RETURN_CODE = 0 /* PROCESSING FILE AS OUTPUT*/ /* ALLOC DDNAME(USERLIST) DA('&USERLDSN') SHR IF &RETURN_CODE NE 0 THEN DO WRITE &PGMNAME ALLOC of file USERLIST failed + RC = &RETURN_CODE &ZERRMSG &ZERRSM WRITE &PGMNAME &USERLDSN GOTO ERR_EXIT END /* PROCESSING FILE AS INPUT*/ /* ALLOC DDNAME(USERREPT) DA('&USERRDSN(&USERRMBR)') SHR IF &RETURN_CODE NE 0 THEN DO WRITE &PGMNAME ALLOC of file USERREPT failed + RC = &RETURN_CODE &ZERRMSG &ZERRSM WRITE &PGMNAME &USERRDSN GOTO ERR_EXIT END OPENFILE USERLIST OUTPUT IF &RETURN_CODE NE 0 THEN DO WRITE &PGMNAME OPEN of file USERLIST failed + RC = &RETURN_CODE &ZERRMSG &ZERRSM GOTO ERR_EXIT END OPENFILE USERREPT INPUT IF &RETURN_CODE NE 0 THEN DO WRITE &PGMNAME OPEN of file USERREPT failed + RC = &RETURN_CODE &ZERRMSG &ZERRSM GOTO ERR_EXIT END SET CNT = 0 SET BLK10 = &STR( ) SET NR = 0 SET NRM = 39 SET USERID = &SUBSTR(1:8,&BLK10) SET NAME = &SUBSTR(1:22,NONE&BLK10&BLK10&BLK10) SET OWNER = &SUBSTR(1:8,NONE&BLK10) SET PASSDATE = &SUBSTR(1:6,N/A&BLK10) SET PWPDATE = &SUBSTR(1:6,N/A&BLK10) SET PASSINT = &STR(N/A) SET LASTACC = &SUBSTR(1:15,UNKNOWN&BLK10&BLK10) SET DFTGRP = &STR(NONE ) SET GRP0 = &STR(NONE ) SET TSOPROC = &STR(NONE ) SET TSOACCT = &STR(NONE ) DO X = 0 TO &NRM SET GRP&X = &STR() END READRF: + SET RETURN_CODE = 0 SET SAVE_MAXCC = &MAXCC GETFILE USERREPT IF &RETURN_CODE = 400 THEN GOTO EOF_USERREPT IF &RETURN_CODE NE 0 THEN DO WRITE &PGMNAME GETFILE for USERREPT failed + RC = &RETURN_CODE &ZERRMSG &ZERRSM GOTO ERR_EXIT END IF &LENGTH(&STR(&USERREPT)) LT 23 THEN GOTO READRF SET ITIN = &STR(&USERREPT) IF &SYSINDEX(&STR(USER=),&STR(&ITIN)) GT 0 THEN DO IF &STR(&USERID) NE &STR( ) THEN SYSCALL PUT_ITOU /*SET CNT = &CNT + 1 SET XU = &SYSINDEX(&STR(USER=),&STR(&ITIN)) SET XN = &SYSINDEX(&STR(NAME=),&STR(&ITIN)) SET XO = &SYSINDEX(&STR(OWNER=),&STR(&ITIN)) IF &XU GT 0 AND + &XN GT &XU AND + &XO GT &XN THEN DO SET USERID = &SUBSTR(&XU+5:&XN-2,&ITIN) SET NAME = &SUBSTR(&XN+5:&XO-2,&ITIN) SET OWNER = &SUBSTR(&XO+6:&XO+13,&ITIN) SET USERID = &SUBSTR(1:8,&USERID&BLK10) SET NAME = &SUBSTR(1:22,&NAME&BLK10&BLK10) END GOTO READRF END IF &NRSTR(&USERID) EQ &STR( ) THEN GOTO READRF IF &NR GT &NRM THEN GOTO BYPASS_GRP IF &SUBSTR(2:12,&STR(&ITIN)) EQ &STR(ATTRIBUTES=) THEN DO SET XF = 13 SET XC = &SYSINDEX(&STR( ),&STR(&ITIN ),&XF) IF &XC EQ 0 THEN DO SET GRP&NR = A&SUBSTR(13:20,&STR(&ITIN)) SET NR = &NR + 1 GOTO READRF END ELSE DO NEXT_ATTR: + SET ATTR = &SUBSTR(&XF:&XC-1,&STR(&ITIN)) IF &STR(&ATTR) EQ &STR(NONE) THEN GOTO READRF SET GRP&NR = A&STR(&ATTR) SET NR = &NR + 1 SET XF = &XC+1 SET XC = &SYSINDEX(&STR( ),&STR(&ITIN ),&XF) IF &XC-1 GT &XF THEN + IF &SUBSTR(&XF:&XC-1,&STR(&ITIN)) NE &STR( ) THEN GOTO NEXT_ATTR GOTO READRF END END IF &SUBSTR(13:23,&STR(&ITIN)) EQ &STR(ATTRIBUTES=) THEN DO SET XF = 24 SET XC = &SYSINDEX(&STR( ),&STR(&ITIN ),&XF) IF &XC EQ 0 THEN DO SET GRP&NR = &SUBSTR(24:31,&STR(&ITIN.&BLK10)) SET NR = &NR + 1 GOTO READRF END ELSE DO GROUP_ATTR: + SET ATTR = &SUBSTR(&XF:&XC-1,&STR(&ITIN)) IF &STR(&ATTR) EQ &STR(NONE) THEN GOTO READRF SET GRP&NR = &STR(G&ATTR) SET NR = &NR + 1 SET XF = &XC+1 SET XC = &SYSINDEX(&STR( ),&STR(&ITIN ),&XF) IF &XC-1 GT &XF THEN + IF &SUBSTR(&XF:&XC-1,&STR(&ITIN)) NE &STR( ) THEN GOTO GROUP_ATTR GOTO READRF END END SET X = &SYSINDEX(&STR( GROUP=),&STR(&ITIN)) IF &X GT 0 THEN DO SET Y = &SYSINDEX(&STR( ),&STR(&ITIN),&X+7) /*IF &STR(&GRP0) EQ &STR(NONE ) THEN DO /* SET GRP0 = &SUBSTR(&X+7:&Y-1,&STR(&ITIN)) /* GOTO READRF /* END /*ELSE DO SET GRP&NR = &SUBSTR(&X+1:&Y-1,&STR(&ITIN)) SET NR = &NR + 1 GOTO READRF /* END END BYPASS_GRP: + SET X = &SYSINDEX(&STR(DEFAULT-GROUP=),&STR(&ITIN)) IF &X GT 0 THEN DO SET DFTGRP = &SUBSTR(&X+14:&X+21,&STR(&ITIN)) END SET X = &SYSINDEX(&STR(PASSDATE=),&STR(&ITIN)) IF &X GT 0 THEN DO SET PASSDATE = &SUBSTR(&X+9:&X+14,&STR(&ITIN)) END SET X = &SYSINDEX(&STR(PHRASEDATE=),&STR(&ITIN)) IF &X GT 0 THEN DO SET PWPDATE = &SUBSTR(&X+11:&X+16,&STR(&ITIN)) END SET X = &SYSINDEX(&STR(PASS-INTERVAL=),&STR(&ITIN)) IF &X GT 0 THEN DO SET PASSINT = &SUBSTR(&X+14:&X+16,&STR(&ITIN)) GOTO READRF END SET X = &SYSINDEX(&STR(LAST-ACCESS=),&STR(&ITIN)) IF &X GT 0 THEN DO SET LASTACC = &SUBSTR(&X+12:&X+26,&STR(&ITIN)) GOTO READRF END SET X = &SYSINDEX(&STR(NO TSO INFORMATION),&STR(&ITIN)) IF &X GT 0 THEN DO SET TSOACCT = &STR(NO-TSO ) SET TSOPROC = &STR(NO-TSO ) GOTO READRF END SET X = &SYSINDEX(&STR(ACCTNUM= ),&STR(&ITIN)) IF &X GT 0 THEN DO SET TSOACCT = &SUBSTR(&X+9:&X+16,&STR(&ITIN)) GOTO READRF END SET X = &SYSINDEX(&STR(PROC= ),&STR(&ITIN)) IF &X GT 0 THEN DO SET TSOPROC = &SUBSTR(&X+6:&X+13,&STR(&ITIN)) GOTO READRF END GOTO READRF EOF_USERREPT: + SET RETURN_CODE = 0 SET MAXCC = &SAVE_MAXCC IF &STR(&USERID) NE &STR( ) THEN SYSCALL PUT_ITOU CLOSFILE USERREPT FREE FILE(USERREPT) CLOSFILE USERLIST /* *************************************** */ /* INITIALIZE LIBRARY MANAGEMENT */ /* *************************************** */ SET RETURN_CODE = 0 ISPEXEC LMINIT DATAID(USERLID) DDNAME(&USERLDDN) IF &RETURN_CODE NE 0 THEN DO WRITE &PGMNAME LMINIT &USERLDDN RC = &RETURN_CODE &ZERRSM SET RETURN_CODE = &RETURN_CODE + 16 GOTO ERR_EXIT END ISPEXEC LMINIT DATAID(DIALOG) DDNAME(&DIALDDN) IF &RETURN_CODE NE 0 THEN DO WRITE &PGMNAME LMINIT &DIALDDN RC = &RETURN_CODE &ZERRSM SET RETURN_CODE = &RETURN_CODE + 16 GOTO ERR_EXIT END ISPEXEC LMINIT DATAID(PDIID) DDNAME(&PDIDDN) IF &RETURN_CODE NE 0 THEN DO WRITE &PGMNAME LMINIT &PDIDDN RC = &RETURN_CODE &ZERRSM SET RETURN_CODE = &RETURN_CODE + 16 GOTO ERR_EXIT END ISPEXEC LMOPEN DATAID(&DIALOG) IF &RETURN_CODE NE 0 THEN DO WRITE &PGMNAME LMOPEN &DIALDDN RC = &RETURN_CODE &ZERRSM SET RETURN_CODE = &RETURN_CODE + 16 GOTO ERR_EXIT END ISPEXEC LMOPEN DATAID(&PDIID) OPTION(OUTPUT) IF &RETURN_CODE NE 0 THEN DO WRITE &PGMNAME LMOPEN &PDIDDN RC = &RETURN_CODE &ZERRSM SET RETURN_CODE = &RETURN_CODE + 16 GOTO ERR_EXIT END /* *************************************** */ /* VIEW RACF USERID list */ /* *************************************** */ SET RETURN_CODE = 0 /* *************************************** */ /* PUT VARS IN POOL */ /* *************************************** */ ISPEXEC VPUT ( + PDIID + DIALOG + ) ASIS SET RETURN_CODE = 0 ISPEXEC VIEW DATAID(&USERLID) MACRO(&CARM0527) IF &RETURN_CODE GT 4 THEN DO WRITE &PGMNAME VIEW_USERLIST_RC = &RETURN_CODE &ZERRSM SET RETURN_CODE = &RETURN_CODE + 16 GOTO ERR_EXIT END /* *************************************** */ /* END of program */ /* *************************************** */ END_EXIT: + SET RETURN_CODE = 0 ISPEXEC LMCLOSE DATAID(&DIALOG) SET LMCLOSE_DIALOG_RC = &RETURN_CODE SET RETURN_CODE = 0 ISPEXEC LMCLOSE DATAID(&PDIID) SET LMCLOSE_PDI_RC = &RETURN_CODE SET RETURN_CODE = 0 ISPEXEC LMCOMP DATAID(&PDIID) SET LMCOMP_PDI_RC = &RETURN_CODE /* *************************************** */ /* FREE FILES */ /* *************************************** */ SET RETURN_CODE = 0 ISPEXEC LMFREE DATAID(&USERLID) SET LMFREE_USERLIST_RC = &RETURN_CODE SET RETURN_CODE = 0 ISPEXEC LMFREE DATAID(&DIALOG) SET LMFREE_DIALOG_RC = &RETURN_CODE SET RETURN_CODE = 0 ISPEXEC LMFREE DATAID(&PDIID) SET LMFREE_PDI_RC = &RETURN_CODE SET RETURN_CODE = 0 IF &TERMMSGS = ON THEN DO WRITE =============================================================== WRITE &PGMNAME Input file &USERRDSN WRITE &PGMNAME Output file &USERLDSN WRITE &PGMNAME Users = &CNT WRITE &PGMNAME RACF Processing completed. END /* *************************************** */ /* ERROR EXIT */ /* *************************************** */ ERR_EXIT: + IF &MAXCC GE 16 OR + &RETURN_CODE GT 0 THEN DO ISPEXEC VGET (ZISPFRC) SHARED IF &MAXCC GT &ZISPFRC THEN + SET ZISPFRC = &MAXCC ELSE + SET ZISPFRC = &RETURN_CODE ISPEXEC VPUT (ZISPFRC) SHARED WRITE &PGMNAME ZISPFRC = &ZISPFRC END EXIT CODE(0) /******************************************* /* Write record and clear variables * /******************************************* PUT_ITOU: PROC 0 SET USERLIST = &STR(&USERID &NAME &OWNER &PASSDATE &PWPDATE + &PASSINT &LASTACC &TSOPROC &TSOACCT &DFTGRP &GRP0) DO X = 1 TO &NR IF &X LE 39 THEN DO SET DATA = &&GRP&X SET DATA = &STR(&DATA) SET USERLIST = &STR(&USERLIST &DATA) END SET GRP&X = &STR() END IF &LENGTH(&STR(&USERLIST)) GT &USRL_LRECL THEN DO DO X = &USRL_LRECL TO 100 BY -1 + UNTIL &SUBSTR(&X,&NRSTR(&USERLIST)) EQ &STR( ) END WRITE &PGMNAME Record truncated for &USERID length is + &LENGTH(&STR(&USERLIST)). SET USERLIST = &SUBSTR(1:&X,&NRSTR(&USERLIST)) END /*ELSE DO /* ISPEXEC LMPUT DATAID(&DATAID) MODE(INVAR) DATALOC(DATA) + /* DATALEN(&LENGTH(&STR(&DATA))) /* SET CNT = &CNT + 1 /*END PUTFILE USERLIST SET CNT = &CNT + 1 SET BLK10 = &STR( ) SET USERID = &SUBSTR(1:8,&BLK10) SET NAME = &SUBSTR(1:22,NONE&BLK10&BLK10&BLK10) SET OWNER = &SUBSTR(1:8,NONE&BLK10) SET PASSDATE = &SUBSTR(1:6,N/A&BLK10) SET PWPDATE = &SUBSTR(1:6,N/A&BLK10) SET PASSINT = &STR(N/A) SET LASTACC = &SUBSTR(1:15,UNKNOWN&BLK10&BLK10) SET DFTGRP = &STR(NONE ) SET GRP0 = &STR(NONE ) SET TSOPROC = &STR(NONE ) SET TSOACCT = &STR(NONE ) DO X = 1 TO &NR SET GRP&X = &STR() END SET NR = 0 END