ISREDIT MACRO /* CARM0524 VIEW DSMON(RACCDT) */ /* 12/19/2005 JL Nelson Created to write out global FINDINGS. /* 12/22/2005 JL Nelson Added code for RACF0310 and 320. /* 01/05/2006 JL Nelson Modified msg for RACF0310 and 320. /* 01/25/2006 JL Nelson Removed check for ACTIVE classes for RACF0260. /* 01/30/2006 JL Nelson Bypass header & trailor lines. /* 03/08/2006 JL Nelson Made changes to avoid abend 920/932. /* 03/13/2006 JL Nelson Set/test RCode for critical ISREDIT commands. /* 03/05/2007 CL Fenton Added resource class tests for ZCLSR021, /* ZISF0060,ZUSSR060,ZWMQ0049, and other future PDIs. /* Chgd FIND_CLASS to test & process for multiple /* resource classes. /* 08/07/2007 CL Fenton Changed resource class tests for ZCLSR021, /* ZISF0060,ZWMQ0049, and other future PDIs to generate PDI /* when PDI member is not present in PDI data set. /* Correct resource classes checked for RACF0310. /* 11/30/2007 CL Fenton Added ZJES0041 analysis. Added addition /* resource classes to be bypass for RACF0310. /* (KERBLINK, REALM, SECLABEL, & SECMBR) /* 02/28/2009 CL Fenton Chgs made to obtain Group Resource classes. /* 09/02/2009 CL Fenton Chgs made for RACF0260 to check only active /* resource classes. /* 03/31/2010 CL Fenton Chgd ZCLSR021 to ZCLS0038. /* 03/17/2011 CL Fenton Added additional resources to ZWMQ0049. /* 09/19/2011 CL Fenton Minor changes for output format. /* 01/03/2012 CL Fenton Removed automation for ZISF0060 which will be /* renamed to ZISF0038. /* 11/10/2015 CL Fenton Changed WRITE to specify CART0000 from /* CACT0000. /* 08/17/2016 CL Fenton Added evaluation for RACF0540, STS-015246. /* 07/02/2021 CL Fenton Chgs to remove automation for RACF0260, /* RACF0310, and RACF0320, STS-026846. SET PGMNAME = &STR(CARM0524 07/02/21) NGLOBAL PGMNAME RETURN_CODE PDIID PDIMBR ZERRSM RCLASS LP RP SET SYSPROMPT = OFF /* CONTROL NOPROMPT */ SET SYSFLUSH = OFF /* CONTROL NOFLUSH */ SET SYSASIS = ON /* CONTROL ASIS - caps off */ /* ERROR ROUTINE */ ERROR DO SET RETURN_CODE = &LASTCC /* SAVE LAST ERROR CODE */ IF &LASTCC GE 16 THEN + WRITE &PGMNAME LASTCC = &LASTCC &ZERRLM RETURN END /* *************************************** */ /* VARIABLES ARE PASSED TO THIS MACRO */ /* CONSLIST */ /* COMLIST */ /* SYMLIST */ /* TERMMSGS */ /* *************************************** */ SET RETURN_CODE = 0 SET PSTATUS = &STR(NF) ISPEXEC VGET ( + CONSLIST + COMLIST + SYMLIST + TERMMSGS + PDIID + TABLEID + PDIMBR + TYPERUN + ) ASIS SET RM524VG = &RETURN_CODE IF &RETURN_CODE NE 0 THEN DO WRITE &PGMNAME VGET RC = &RETURN_CODE &ZERRSM WRITE &PGMNAME CONSLIST/&CONSLIST COMLIST/&COMLIST SYMLIST/&SYMLIST + TERMMSGS/&TERMMSGS WRITE &PGMNAME PDIID/&PDIID TABLEID/&TABLEID PDIMBR/&PDIMBR + TYPERUN/&TYPERUN SET RETURN_CODE = &RETURN_CODE + 16 GOTO ERR_EXIT END ISPEXEC LMQUERY DATAID(&PDIID) DDNAME(PDIDDN) ISPEXEC LMINIT DATAID(PDIID1) DDNAME(&PDIDDN) IF &RETURN_CODE NE 0 THEN DO WRITE &PGMNAME LMINIT PDIDD RC = &RETURN_CODE &ZERRSM SET RETURN_CODE = &RETURN_CODE + 16 GOTO ERR_EXIT END ISPEXEC LMOPEN DATAID(&PDIID1) OPTION(INPUT) IF &RETURN_CODE NE 0 THEN DO WRITE &PGMNAME LMOPEN &PDIDDN RC = &RETURN_CODE &ZERRSM SET RETURN_CODE = &RETURN_CODE + 16 GOTO ERR_EXIT END /* *************************************** */ /* TURN ON MESSAGES */ /* *************************************** */ SET SYSSYMLIST = &SYMLIST /* CONTROL SYMLIST/NOSYMLIST */ SET SYSCONLIST = &CONSLIST /* CONTROL CONLIST/NOCONLIST */ SET SYSLIST = &COMLIST /* CONTROL LIST/NOLIST */ SET SYSMSG = &TERMMSGS /* CONTROL MSG/NOMSG */ ISREDIT (DSMONMBR) = MEMBER ISREDIT (DSNAME) = DATASET ISREDIT (LASTLINE) = LINENUM .ZLAST SET BLANK = &STR( ) SET LP = &STR(( SET RP = ) IF &PDIMBR NE RACF0244 THEN GOTO START_RACF0310 SET RACF0244 = 0 SET RACF0246 = 0 SET RACF0248 = 0 SET RETURN_CODE = 0 START_RACF0244: + SET RETURN_CODE = 0 SET PDIMBR = RACF0244 SET RCLASS = FACILITY SYSCALL FIND_CLASS SYSCALL ADD_MEMBER START_RACF0246: + SET RETURN_CODE = 0 SET PDIMBR = RACF0246 SET RCLASS = OPERCMDS SYSCALL FIND_CLASS SYSCALL ADD_MEMBER START_RACF0248: + SET RETURN_CODE = 0 SET PDIMBR = RACF0248 SET RCLASS = CONSOLE SYSCALL FIND_CLASS SYSCALL ADD_MEMBER START_ZJES0041: + SET RETURN_CODE = 0 SET PDIMBR = ZJES0041 SET RCLASS = JESSPOOL SYSCALL FIND_CLASS SYSCALL ADD_MEMBER START_ZUSSR060: + SET RETURN_CODE = 0 SET PDIMBR = ZUSSR060 SET RCLASS = &STR(FACILITY SURROGAT UNIXPRIV) SYSCALL FIND_CLASS SYSCALL ADD_MEMBER START_ZWMQ0049: + SET RETURN_CODE = 0 SET PDIMBR = ZWMQ0049 SET RCLASS = &STR(GMQADMIN GMQNLIST GMQPROC GMQQUEUE GMXADMIN + GMXNLIST GMXPROC GMXQUEUE MQADMIN MQCMDS MQCONN + MQNLIST MQPROC MQQUEUE MXADMIN MXNLIST MXPROC + MXQUEUE) ISPEXEC LMMFIND DATAID(&PDIID1) MEMBER(&PDIMBR) IF &RETURN_CODE EQ 8 THEN DO SET RETURN_CODE = 0 SYSCALL FIND_CLASS SYSCALL ADD_MEMBER END SET RETURN_CODE = 0 ISPEXEC LMMFIND DATAID(&TABLEID) MEMBER(CART0000) IF &RETURN_CODE GT 0 THEN DO WRITE &PGMNAME LMMFIND TABLE CART0000 &RETURN_CODE GOTO END_EXIT END SET PDIMBR = SET RCLASS = PROCESS_CLS_LIST: + SET RETURN_CODE = 0 ISPEXEC LMGET DATAID(&TABLEID) MODE(INVAR) DATALOC(TREC) + MAXLEN(80) DATALEN(LRECL) IF &RETURN_CODE GT 0 THEN DO SYSCALL FIND_CLASS SYSCALL ADD_MEMBER GOTO END_EXIT END SET PDIM = &SUBSTR(1:8,&NRSTR(&TREC)) IF &STR(&PDIMBR) NE &STR(&PDIM) THEN DO IF &STR(&PDIMBR) EQ &STR( ) THEN DO SET PDIMBR = &PDIM END ELSE DO SYSCALL FIND_CLASS SYSCALL ADD_MEMBER SET PDIMBR = &PDIM SET RCLASS = END END SET CLS = &SUBSTR(9:16,&NRSTR(&TREC)) SET X = &SYSINDEX(&STR( ),&STR(&CLS )) SET CLS = &SUBSTR(1:&X,&STR(&CLS )) SET RCLASS = &STR(&RCLASS&STR(&CLS)) GOTO PROCESS_CLS_LIST START_RACF0310: + SET RETURN_CODE = 0 IF &PDIMBR NE RACF0540 THEN GOTO END_EXIT ISPEXEC VGET ( + GROUP + SETROPT + RCLASS + CLASSLST + PSTATUS + ) ASIS IF &RETURN_CODE NE 0 THEN DO WRITE &PGMNAME VGET RC = &RETURN_CODE &ZERRSM WRITE &PGMNAME SETROPT/&SETROPT RCLASS/&RCLASS CLASSLST/&CLASSLST SET RETURN_CODE = &RETURN_CODE + 16 GOTO ERR_EXIT END SET SETGOPT = &STR(&SETROPT) SET X = &SYSINDEX(&STR(&LP),&STR(&SETROPT)) IF &X GT 0 THEN SET SETROPT = &SUBSTR(1:&X-1,&NRSTR(&SETROPT)) SET RETURN_CODE = 0 ISREDIT CURSOR = 1 0 ISREDIT FIND ' STATUS ' IF &RETURN_CODE NE 0 THEN DO WRITE &PGMNAME FIND STATUS RC = &RETURN_CODE &ZERRSM SET RETURN_CODE = &RETURN_CODE + 16 GOTO ERR_EXIT END ISREDIT (CURLINE) = LINENUM .ZCSR SET CLASS = &STR( DATASET ) GOTO FIND_CLASS_2 /* *************************************** */ /* CLASS LOOP */ /* *************************************** */ NEXT_CLASS_2: + SET RETURN_CODE = 0 SET CURLINE = &CURLINE + 1 IF &CURLINE GT &LASTLINE THEN GOTO END_CLASS_2 ISREDIT (DATA) = LINE &CURLINE IF &STR(ACTIVE) NE &SUBSTR(17:22,&NRSTR(&DATA)) THEN + GOTO NEXT_CLASS_2 SET X = &SYSINDEX(&STR( ),&STR(&DATA),2) IF &X GT 2 THEN + SET CLASS = &STR( &SUBSTR(02:&X,&NRSTR(&DATA))) ELSE CLASS = &STR(Unknown) SET CLS = &SUBSTR(02:9,&NRSTR(&CLASS )) FIND_CLASS_2: + SET RETURN_CODE = 0 IF &SYSINDEX(&STR(&CLASS),&STR(&CLASSLST)) NE 0 THEN GOTO NEXT_CLASS_2 IF &SYSINDEX(&STR(&CLASS),&STR(&GROUP)) NE 0 THEN GOTO NEXT_CLASS_2 SELECT &CLASS WHEN (CDT ) GOTO NEXT_CLASS_2 WHEN (KERBLINK) GOTO NEXT_CLASS_2 WHEN (REALM ) GOTO NEXT_CLASS_2 WHEN (SECLABEL) GOTO NEXT_CLASS_2 WHEN (SECLMBR ) GOTO NEXT_CLASS_2 END IF &RACF0310 EQ 0 THEN DO IF &PDIMBR EQ &STR(RACF0540) THEN + SET AC = &STR(The SETROPTS &RCLASS is not in effect for the + following resource classes:) ELSE + SET AC = &STR(&SETROPT is not in effect for the following + resource classes:) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) END SET RACF0310 = &RACF0310 + 1 SET PSTATUS = &STR(O) SET AC = &STR( &SUBSTR(2:9,&STR(&CLASS )) is missing. ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) GOTO NEXT_CLASS_2 END_CLASS_2: + SET RETURN_CODE = 0 IF &PSTATUS EQ &STR(NF) THEN DO SET AC = &STR(Not a Finding ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) IF &PDIMBR EQ &STR(RACF0540) THEN + SET AC = &STR(All entries in the SETROPTS &RCLASS were found.) ELSE + SET AC = &STR(All entries in the CLASS DESCRIPTOR TABLE + were found in the &RCLASS) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) END ELSE DO IF &PDIMBR EQ &STR(RACF0540) THEN GOTO END_EXIT SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR(DISA recommendation: SETROPTS &SETGOPT ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) END /* *************************************** */ /* END of program */ /* *************************************** */ END_EXIT: + SET RETURN_CODE = 0 ERR_EXIT: + IF &MAXCC GE 16 OR + &RETURN_CODE GT 0 THEN DO ISPEXEC VGET (ZISPFRC) SHARED IF &MAXCC GT &ZISPFRC THEN + SET ZISPFRC = &MAXCC ELSE + SET ZISPFRC = &RETURN_CODE ISPEXEC VPUT (ZISPFRC) SHARED WRITE &PGMNAME ZISPFRC = &ZISPFRC END SET RM524RC = &RETURN_CODE ISPEXEC VPUT ( + RM524VG + RM524RC + ) ASIS ISREDIT END EXIT CODE(0) ISREDIT MEND /* *************************************** */ /* SYSCALL SUBROUTINES */ /* *************************************** */ ADD_MEMBER: PROC 0 SET ZEDSMSG = FINISHED SET ZEDLMSG = &STR(Finished processing &PDIMBR.) ISPEXEC LOG MSG(ISRZ000) SET RETURN_CODE = 0 ISPEXEC LMMADD DATAID(&PDIID) MEMBER(&PDIMBR) IF &RETURN_CODE EQ 4 THEN DO /* MEMBER ALREADY EXISTS SET RETURN_CODE = 0 ISPEXEC LMMREP DATAID(&PDIID) MEMBER(&PDIMBR) IF &RETURN_CODE NE 0 THEN DO WRITE &PGMNAME LMMREP_PDI_RCODE = &RETURN_CODE &PDIMBR &ZERRSM END END ELSE DO IF &RETURN_CODE NE 0 THEN + WRITE &PGMNAME LMMADD_PDI_RCODE = &RETURN_CODE &PDIMBR &ZERRSM END END /* *************************************** */ /* SYSCALL SUBROUTINES */ /* *************************************** */ FIND_CLASS: PROC 0 SET FIND_RC = 0 SET PDIERR = 0 SET WRITE_LINE = DO X = 1 TO &LENGTH(&NRSTR(&RCLASS)) SET Y = &SYSINDEX(&STR( ),&STR(&RCLASS ),&X) SET RCL = &SUBSTR(&X:&Y-1,&STR(&RCLASS )) SET RCL = &RCL IF &Y GT &X THEN SET X = &Y ISREDIT CURSOR = 1 0 SET RETURN_CODE = 0 ISREDIT FIND '&RCL ' 2 IF &RETURN_CODE NE 0 THEN DO SET FIND_RC = &RETURN_CODE SET AC = &STR(The &RCL resource class is not defined in the + CLASS DESCRIPTOR TABLE ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET WRITE_LINE = X END END IF &WRITE_LINE EQ X THEN DO SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET WRITE_LINE = END DO X = 1 TO &LENGTH(&NRSTR(&RCLASS)) SET Y = &SYSINDEX(&STR( ),&STR(&RCLASS ),&X) SET RCL = &SUBSTR(&X:&Y-1,&STR(&RCLASS )) SET RCL = &RCL IF &Y GT &X THEN SET X = &Y ISREDIT CURSOR = 1 0 SET RETURN_CODE = 0 ISREDIT FIND '&RCL ' 2 IF &RETURN_CODE EQ 0 THEN DO ISREDIT (CURLINE) = LINENUM .ZCSR ISREDIT (DATA) = LINE &CURLINE SET CLASS = &SUBSTR(02:09,&NRSTR(&DATA)) SET STATUS = &SUBSTR(17:24,&NRSTR(&DATA)) IF &STR(ACTIVE) NE &STR(&STATUS) THEN DO SET AC = &STR(The &RCL resource class is not active. ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET PDIERR = 4 SET WRITE_LINE = X END END END IF &WRITE_LINE EQ X THEN DO SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET WRITE_LINE = END IF &PDIERR EQ 0 AND &FIND_RC EQ 0 THEN DO SET AC = &STR(Not a Finding ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR( ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) SET AC = &STR( &RCLASS is (are) active.) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) END ELSE DO SET AC = &STR(DISA recommendation: SETROPTS CLASSACT(&RCLASS) ) ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) + DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR) END END_FIND: + END