/* REXX */
/*trace r?*/
Signal On NoValue
Call On Error
Signal On Failure
Signal On Syntax
Parse source opsys . exec_name .
 
/*********************************************************************/
/* 04/23/2023 CL Fenton created from REXCRTS.  To provide            */
/*            automation for RACF-ES-000560 and RACF-OS-000210 to    */
/*            evaluate NOWARNING and UACC(NONE), TMS-3563,           */
/*            TMS-3562.                                              */
/* 10/22/2024 CL Fenton Changes made to exclude resource classes     */
/*            DIGTCERT and NODES from RACF-OS-000210 evaluation      */
/*            for RACF0800, SCTASKU0231892.                          */
/*                                                                   */
/*                                                                   */
/*                                                                   */
/*********************************************************************/
CONSLIST = "OFF"                  /* DEFAULT IS OFF                  */
COMLIST  = "OFF"                  /* DEFAULT IS OFF                  */
SYMLIST  = "OFF"                  /* DEFAULT IS OFF                  */
TERMMSGS = "OFF"                  /* DEFAULT IS OFF                  */
CACC1000 = "CACC1000"             /* SELECT SECURITY CHECK PGM       */
TEST     = "OFF"                  /* Finding Msgs (OFF|MOD|FINDING)  */
TRACE    = "OFF"                  /* TRACE ACTIONS AND ERRORS        */
pgmname = "CARC0006 10/22/24"
 
sysprompt = "OFF"                 /* CONTROL NOPROMPT                */
sysflush = "OFF"                  /* CONTROL NOFLUSH                 */
sysasis = "ON"                    /* CONTROL ASIS - caps off         */
Numeric digits 10                 /* default of 9 not enough         */
/* initialize table counters    */
duacc         = 0      /* 0400 record type for dataset UACC          */
ruacc         = 0      /* 0500 record type for resoure UACC          */
dwarn         = 0      /* 0400 record type for dataset WARNING       */
rwarn         = 0      /* 0500 record type for resoure WARNING       */
lminit_pdidd  = 0
lmopen_pdidd  = 0
lmclose_pdidd = 0
lmfree_pdidd  = 0
maxcc         = 0
return_code   = 0
 
Arg OPTION
do until OPTION = ""
  parse var OPTION key"("val")" OPTION
  val = strip(val,"b","'")
  val = strip(val,"b",'"')
  optcmd = key '= "'val'"'
  interpret optcmd
  end
 
return_code = 0
If trace = "ON" then do            /* TURN messages on          */
  termmsgs = "ON"                  /* CONTROL MSG               */
  comlist = "ON"                   /* CONTROL LIST              */
  conslist = "ON"                  /* CONTROL CONLIST           */
  symlist = "ON"                   /* CONTROL SYMLIST           */
  end
 
If CONSLIST = "ON" | COMLIST = "ON" | SYMLIST = "ON" | TRACE = "ON",
  then Trace ?r
 
syssymlist = symlist          /* CONTROL SYMLIST/NOSYMLIST */
sysconlist = conslist         /* CONTROL CONLIST/NOCONLIST */
syslist = comlist             /* CONTROL LIST/NOLIST       */
sysmsg = termmsgs             /* CONTROL MSG/NOMSG         */
Address ISPEXEC
"CONTROL NONDISPL ENTER"
"CONTROL ERRORS RETURN"
"VPUT (CONSLIST COMLIST SYMLIST TERMPRO TERMMSGS)"
zispfrc = 0
"VPUT (ZISPFRC) SHARED"
 
return_code = 0
 
"SELECT CMD("cacc1000 "ACP)"
"VGET (ACPNAME ACPVERS) ASIS"
 
return_code = 0
"lminit dataid(pdidd) ddname(pdidd)"
lminit_pdidd = return_code
return_code = 0
"lmopen dataid("pdidd") option(output)"
lmopen_pdidd = return_code
 
 
/***********************************************************/
/* Main Driver                                             */
/* dbufile is IRRDBU00 unloaded dataset                    */
/***********************************************************/
Address TSO "EXECIO * DISKR dbufile (stem dbfle. FINIS"
say 'Total Records in unloaded dataset ==> 'dbfle.0
say pgmname "Search Completed . . ."
do a = 1 to dbfle.0
  Rec_type = substr(dbfle.a,1,4)
  if Rec_type = 0400 then,
    call Process400
  if Rec_type = 0500 then,
    call Process500
  end         /*  do a  */
 
say pgmname "Dataset profiles with WARNING       " right(dwarn,4)
say pgmname "Dataset profiles without UACC(NONE) " right(duacc,4)
say pgmname "Resource profiles with WARNING      " right(rwarn,4)
say pgmname "Resource profiles without UACC(NONE)" right(ruacc,4)
 
pdi = "RACF0790"
If dwarn = 0 &,
   rwarn = 0 then
  queue "Not a Finding"
 
if dwarn > 0 then do
  queue "The following dataset profiles specify WARNING."
  queue " "
  do x = 1 to dwarn
    parse var dwarntab.x profile gen warn .
    if gen = "YES" then,
      gen = " (G)"
    else,
      gen = ""
    queue "    " profile""gen "WARNING="warn
    end
  queue " "
  end
if rwarn > 0 then do
  queue "The following resource profiles specify WARNING."
  queue " "
  do x = 1 to rwarn
    parse var rwarntab.x profile rescl gen warn .
    if gen = "YES" then,
      gen = " (G)"
    else,
      gen = ""
    queue "    " left(rescl,11) profile""gen "WARNING="warn
    end
  queue " "
  end
call process_queued_pdi
 
pdi = "RACF0800"
If duacc = 0 &,
   ruacc = 0 then
  queue "Not a Finding"
 
if duacc > 0 then do
  queue "The following dataset profiles do not specify UACC(NONE)."
  queue " "
  do x = 1 to duacc
    parse var duacctab.x profile gen uacc .
    if gen = "YES" then,
      gen = " (G)"
    else,
      gen = ""
    queue "    " profile""gen "UACC("uacc")"
    end
  queue " "
  end
if ruacc > 0 then do
  queue "The following resource profiles do not specify UACC(NONE)."
  queue " "
  do x = 1 to ruacc
    parse var ruacctab.x profile rescl gen uacc .
    if gen = "YES" then,
      gen = " (G)"
    else,
      gen = ""
    queue "    " left(rescl,11) profile""gen "UACC("uacc")"
    end
  queue " "
  end
call process_queued_pdi
 
 
/*******************************************/
/* ERROR EXIT                              */
/*******************************************/
ERR_EXIT:
If maxcc >= 16 | return_code > 0 then do
  "VGET (ZISPFRC) SHARED"
  If maxcc > zispfrc then
    zispfrc = maxcc
  Else
    zispfrc = return_code
  "VPUT (ZISPFRC) SHARED"
  Say pgmname "ZISPFRC =" zispfrc
  end
 
return_code = 0
"lmclose dataid("pdidd")"
lmclose_pdidd = return_code
return_code = 0
"lmfree dataid("pdidd")"
lmfree_pdidd = return_code
/*                                                            */
If TERMMSGS = "ON" then do
  say
  say '==============================================================='
  say PGMNAME 'LMINIT_PDIDD                  ' lminit_pdidd
  say PGMNAME 'LMOPEN_PDIDD                  ' lmopen_pdidd
  say PGMNAME 'LMCLOSE_PDIDD                 ' lmclose_pdidd
  say PGMNAME 'LMFREE_PDIDD                  ' lmfree_pdidd
  say '==============================================================='
  end
 
Exit 0
 
 
/*******************************************/
/*  SYSCALL SUBROUTINES                    */
/*******************************************/
process400:
dbfle.a = dbfle.a
UCN_0400 = substr(dbfle.a,6,44)    /* 246-Char resource profile    */
grbd_gen = substr(dbfle.a,58,3)    /* generic - YES/NO             */
grbd_uacc = substr(dbfle.a,129,8)  /* uacc - ALTER/CONTROL/UPDATE/ */
                                   /* READ/EXECUTE/NONE            */
grbd_warn = substr(dbfle.a,484,3)  /* warning - YES/NO             */
If grbd_warn = "YES" then do
/*If grbd_warn = "YES" |,
   dwarn = 0 then do*/
  dwarn = dwarn + 1
  dwarntab.dwarn = UCN_0400 grbd_gen grbd_warn
  end
If grbd_uacc <> "NONE" then do
/*If grbd_uacc <> "NONE" |,
   duacc = 0 then do*/
  duacc = duacc + 1
  duacctab.duacc = UCN_0400 grbd_gen grbd_uacc
  end
return
 
 
process500:
dbfle.a = dbfle.a
UCN_0500 = substr(dbfle.a,6,246)   /* 246-Char resource profile    */
grbd_rescl = substr(dbfle.a,253,8) /* resource class               */
grbd_gen = substr(dbfle.a,262,3)   /* generic - YES/NO             */
grbd_uacc = substr(dbfle.a,337,8)  /* uacc - ALTER/CONTROL/UPDATE/ */
                                   /* READ/EXECUTE/NONE            */
grdb_warn = substr(dbfle.a,660,3)  /* warning - YES/NO             */
If grbd_warn = "YES" then do
/* grbd_warn = "YES" |,
   rwarn = 0 then do*/
  rwarn = rwarn + 1
  rwarntab.rwarn = UCN_0500 grbd_rescl grbd_gen grbd_warn
  end
 
/* Bypass the following resource classes*/
If grbd_rescl = 'DIGTCERT' |,
   grbd_rescl = 'NODES' then ,
  return
/* Bypass the above resource classes */
 
If grbd_uacc <> "NONE" &,
   pos("TRUST",grbd_uacc) = 0 then do
/*If (grbd_uacc <> "NONE" &,
   pos("TRUST",grbd_uacc) = 0) |,
   rwarn = 0 then do*/
  ruacc = ruacc + 1
  ruacctab.ruacc = UCN_0500 grbd_rescl grbd_gen grbd_uacc
  end
return
 
 
process_queued_pdi:
say pgmname right(queued(),4) 'records written for' pdi'.'
do xx = 1 to queued()
  parse pull ac
  "LMPUT DATAID("pdidd") MODE(INVAR) DATALOC(ac)",
    "DATALEN("length(ac)") MEMBER("pdi")"
  end
"LMMADD DATAID("pdidd") MEMBER("pdi")"
if RC = 4 then do
  "LMMREP DATAID("pdidd") MEMBER("pdi")"
  if RC <> 0 then,
    say PGMNAME 'LMMREP_PDIDD =' RC PDI ZERRSM
  end
return_code = 0
return
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
NoValue:
Failure:
Syntax:
say pgmname 'REXX error' rc 'in line' sigl':' strip(ERRORTEXT(rc))
say SOURCELINE(sigl)
SIGNAL ERR_EXIT
 
 
Error:
return_code = RC
if RC > 4 & RC <> 8 then do
  say pgmname "LASTCC =" RC strip(zerrlm)
  say pgmname 'REXX error' rc 'in line' sigl':' ERRORTEXT(rc)
  say SOURCELINE(sigl)
  end
if return_code > maxcc then,
  maxcc = return_code
if maxcc = 4 then,
  maxcc = 0
return
 
 
/*******************************************************************/
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
