/* REXX */
/* CLS2REXXed by FSOX001 on 27 Jul 2016 at 10:24:07  */
Signal On NoValue
Call On Error
Signal On Failure
Signal On Syntax
Parse source opsys . exec_name .
Address ISREDIT
 
"MACRO"               /* CACM0421 EDIT TEMP2(GRSLIST) */
/*********************************************************************/
/* 10/28/2004 JL.NELSON Created to write GRSLIST to TEMP3            */
/* 12/02/2004 JL.NELSON Changed for all fields in TBLSTC             */
/* 02/14/2005 JL.NELSON Changed constants to variables               */
/* 03/14/2005 JL.NELSON Added program name to output TEMP3           */
/* 03/16/2005 JL.NELSON Correct length error code 864                */
/* 06/09/2005 JL.NELSON Pass MAXCC in ZISPFRC variable               */
/* 06/09/2005 JL.NELSON Fixed 860 error on *MASTER* STC              */
/* 03/07/2006 JL.NELSON Made changes to avoid SUBSTR abend 920/932.  */
/* 03/20/2006 JL.NELSON Use NRSTR avoid abend 900 if ampersand in    */
/*            data.                                                  */
/* 03/29/2006 JL.NELSON Test for empty member LINENUM Rcode = 4.     */
/* 07/07/2007 CL.Fenton, change made to drop alias data sets.        */
/* 06/02/2009 CL.FENTON Changes on how TBLSTC is processed.          */
/* 11/10/2015 CL.FENTON Added collection of dataset that contains    */
/*            the RACF REXX security exit, STS-011660.               */
/* 05/17/2016 CL.FENTON Changed the collection of dataset that       */
/*            contains the RACF REXX security exit, STS-014540.      */
/* 08/01/2016 CL.FENTON Converted script from CLIST to REXX.         */
/* 08/17/2016 CL.FENTON Changes made to collect SYSREXX datasets     */
/*            for new vulnerability ACP00062 and also stream lined   */
/*            if statements to prevent excessive security violations */
/*            when evaluating for RACF REXX security exit,           */
/*            STS-015247.                                            */
/*                                                                   */
/*                                                                   */
/*********************************************************************/
pgmname = "CACM0421 08/17/16"
sysprompt = "OFF"                /* CONTROL NOPROMPT          */
sysflush = "OFF"                /* CONTROL NOFLUSH           */
sysasis = "ON"                 /* CONTROL ASIS - caps off   */
Address ISPEXEC "CONTROL NONDISPL ENTER"
Address ISPEXEC "CONTROL ERRORS RETURN"
return_code = 0
/*******************************************/
/* VARIABLES ARE PASSED TO THIS MACRO      */
/* CONSLIST                                */
/* COMLIST                                 */
/* SYMLIST                                 */
/* TERMMSGS                                */
/* ACPNAME                                 */
/* TEMP3                                   */
/* TBLSTC                                  */
/*******************************************/
Address ISPEXEC "VGET (CONSLIST COMLIST SYMLIST TERMMSGS ACPNAME",
  "TEMP3 TBLSTC) ASIS"
cm21vget = return_code
If return_code <> 0 then do
  Say pgmname "VGET RC =" return_code zerrsm
  Say pgmname "CONSLIST/"conslist "COMLIST/"comlist "SYMLIST/"symlist ,
    "TERMMSGS/"termmsgs
  Say pgmname "ACPNAME/"acpname "TEMP3/"temp3 "TBLSTC/"tblstc
  return_code = return_code + 16
  SIGNAL ERR_EXIT
  end
 
If CONSLIST = "ON" | COMLIST = "ON" | SYMLIST = "ON" ,
  then Trace r
 
maxcc = 0
return_code = 0
/*******************************************/
/* TURN ON MESSAGES                        */
/*******************************************/
syssymlist = symlist           /* CONTROL SYMLIST/NOSYMLIST */
sysconlist = conslist          /* CONTROL CONLIST/NOCONLIST */
syslist = comlist           /* CONTROL LIST/NOLIST       */
sysmsg = termmsgs          /* CONTROL MSG/NOMSG         */
/*******************************************/
/* MAIN PROCESS                            */
/*******************************************/
"(MEMBER) = MEMBER"
"(DSNAME) = DATASET"
return_code = 0
"(LASTLINE) = LINENUM .ZLAST"
If return_code > 0 then do
  If lastline = 0 then
    Say pgmname "Empty file RCode =" return_code "DSN="dsname,
      "MEMBER="member strip(zerrsm)
  Else
    Say pgmname "LINENUM Error RCode =" return_code "DSN="dsname,
      "MEMBER="member strip(zerrsm)
  SIGNAL ERR_EXIT
  end
/*******************************************/
/* Copy entries                            */
/*******************************************/
ostc = ""
blk44 = "                                            "
READ_NEXT:
do icnt = 1 to lastline
  return_code = 0
  "(DATA) = LINE" icnt
  dl = length(data)
  If dl < 27 then iterate
  istc = substr(data,9,8)
  idsn = substr(data,26)
  idsn = strip(idsn)
  If istc <> ostc then do
    ostc = istc
    Call find_iter
    end
  If substr(istc,1,3) = "AXR" then iter = "AK "
  If iter = "AK " & acpname = "RACF" then do
    return_code = listdsi("'"idsn"'")
    If sysreason = 0 & substr(sysdsorg"   ",1,2) = "PO" then
      If sysdsn("'"idsn"(IRRPWREX)'") = "OK" then do
        Say pgmname "Found IRRPWREX in dataset" idsn "for vulnerablity",
          "RACF0465 being used by" strip(istc)"."
        iter = "AJ "
        ostc = ""
        end
    end
  If iter <> "99 " then do
    ac = substr(iter||idsn||blk44,1,50)
    ac = ac||pgmname
    return_code = 0
    otrp = outtrap("out.")
    Address TSO "LISTCAT ENTRY('"idsn"') ALIAS ALL"
    otrp = outtrap("OFF")
    If return_code > 0 then
      Address ISPEXEC "LMPUT DATAID("temp3") MODE(INVAR) DATALOC(AC)",
        "DATALEN("length(ac)") NOBSCAN"
    end
  end
END_EXIT:
return_code = 0
ERR_EXIT:
If maxcc >= 16 | return_code > 0 then do
  Address ISPEXEC "VGET (ZISPFRC) SHARED"
  If maxcc > zispfrc then
    zispfrc = maxcc
  Else
    zispfrc = return_code
  Address ISPEXEC "VPUT (ZISPFRC) SHARED"
  Say pgmname "ZISPFRC =" zispfrc
  end
cm421rc = return_code
Address ISPEXEC "VPUT (CM21VGET CM21VPUT CM421RC) ASIS"
"END"
"MEND"
Exit (0)
 
 
/*******************************************/
/*  SYSCALL SUBROUTINES                    */
/*******************************************/
/* SYSCALL FIND_ITER */
FIND_ITER:
ITER    = "99 "
x = 0
do forever
  if x = 0 then x = wordpos(istc,tblstc)
  else x = wordpos(istc,tblstc,x+1)
  if x = 0 then leave
  y = wordindex(tblstc,x)-4
  if substr(tblstc,y,1) = "#" then do
    TBLENT = substr(tblstc,y)
    parse var TBLENT . 2 ITER .
    ITER = left(ITER,3)
    leave
    end
  end
Return (rc)
 
 
NoValue:
Failure:
Syntax:
say pgmname 'REXX error' rc 'in line' sigl':' strip(ERRORTEXT(rc))
say SOURCELINE(sigl)
SIGNAL ERR_EXIT
 
 
Error:
return_code = RC
if RC > 4 & RC <> 8 then do
  say pgmname "LASTCC =" RC strip(zerrlm)
  say pgmname 'REXX error' rc 'in line' sigl':' ERRORTEXT(rc)
  say SOURCELINE(sigl)
  end
if return_code > maxcc then
  maxcc = return_code
return
 
 
