ISREDIT MACRO       /* CARM0525 View TEMP9 Setropts global */
 
/* 12/21/2005 JL.NELSON Copied from CARM0009
/* 12/21/2005 JL.NELSON Created for PDIs RACF0270, 310, and 320
/* 01/04/2006 JL.NELSON Added PDI RACF0510
/* 01/25/2006 JL.NELSON Changed RACF0510 to a Manual Review.
/* 03/08/2006 JL.NELSON Made changes to avoid abend 920/932.
/* 03/05/2007 CL.FENTON Added ZUSSR070 RACLIST test.
/* 07/09/2007 CL.FENTON Changed output for Manual Review
/* 08/07/2007 CL.FENTON Added additional details for RACF0510.
/* 09/19/2011 CL.FENTON Added TEMPDSN resource class for RACF0270.
/*            And minor changes in output format.
/* 03/08/2013 CL.FENTON Removed Manual Review for RACF0510,
/*            CSD-AR003417415.
/* 08/17/2016 CL.Fenton Added evaluation for RACF0540, STS-015246.
/* 04/24/2017 CL.Fenton Added evaluation for LOGOPTIONS "ALWAYS" for
/*            RACF0540, STS-016729,
/* 05/22/2018 CL.Fenton Added "Not Reviewed" to RACF0510 for vuls
/*            that require additional analysis and changed test to
/*            for INSTALLATION on either RVARYx vars, STS-019713.
/* 07/02/2021 CL Fenton Chgs to remove automation for RACF0310,
/*            RACF0320, and ZUSSR070, STS-026846.
 
SET PGMNAME = &STR(CARM0525 07/02/21)
 
 
NGLOBAL PGMNAME RETURN_CODE PDIID PDIMBR ZERRSM RCLASS CLASSLST +
        SETROPT FINDRC LASTLINE
 
SET SYSPROMPT = OFF                /* CONTROL NOPROMPT          */
SET SYSFLUSH  = OFF                /* CONTROL NOFLUSH           */
SET SYSASIS   = ON                 /* CONTROL ASIS - caps off   */
 
/* ERROR ROUTINE */
ERROR DO
  SET RETURN_CODE = &LASTCC          /* SAVE LAST ERROR CODE */
  IF &LASTCC GE 16 THEN +
    WRITE &PGMNAME LASTCC = &LASTCC &ZERRLM
  RETURN
  END
 
/* *************************************** */
/* THIS EDIT MACRO PROVIDES THE FINDING    */
/* DETAILS FOR RACF SETROPTS               */
/* *************************************** */
 
/* CLASSACT - RACF0270
/* RVARYPW  - RACF0510
 
/* *************************************** */
/* VARIABLES ARE PASSED TO THIS MACRO      */
/* CONSLIST                                */
/* COMLIST                                 */
/* SYMLIST                                 */
/* TERMMSGS                                */
/* *************************************** */
 
SET RETURN_CODE = 0
 
ISPEXEC VGET ( +
  CONSLIST     +
  COMLIST      +
  SYMLIST      +
  TERMMSGS     +
  CARM0524     +
  PDIID        +
  DSMONID      +
  DSMONMBR     +
  ) ASIS
 
SET RM525VG = &RETURN_CODE
IF &RETURN_CODE NE 0 THEN DO
  WRITE &PGMNAME VGET RC = &RETURN_CODE  &ZERRSM
  WRITE &PGMNAME CONSLIST/&CONSLIST COMLIST/&COMLIST SYMLIST/&SYMLIST +
    TERMMSGS/&TERMMSGS
  WRITE &PGMNAME CARM0524/&CARM0524 PDIID/&PDIID DSMONID/&DSMONID +
    DSMONMBR/&DSMONMBR
  SET RETURN_CODE = &RETURN_CODE + 16
  GOTO ERR_EXIT
  END
 
/* *************************************** */
/* TURN ON MESSAGES                        */
/* *************************************** */
 
SET SYSSYMLIST = &SYMLIST           /* CONTROL SYMLIST/NOSYMLIST */
SET SYSCONLIST = &CONSLIST          /* CONTROL CONLIST/NOCONLIST */
SET SYSLIST    = &COMLIST           /* CONTROL LIST/NOLIST       */
SET SYSMSG     = &TERMMSGS          /* CONTROL MSG/NOMSG         */
 
/* *************************************** */
/* MAIN PROCESS                            */
/* *************************************** */
 
SET LP = &STR((
SET RP = )
SET SPC = &STR(          )
 
ISREDIT (LASTLINE) = LINENUM .ZLAST
 
SET PDIMBR = RACF0270
SET RACF0270 = 0
SET RCLASS = &STR(ACTIVE CLASSES)
SET SETROPT = &STR(CLASSACT(name))
SET CLASSLST = &STR(#)
 
SET RETURN_CODE = 0
 
SYSCALL FIND_CLASS
 
/* WRITE &PGMNAME &CLASSLST
 
IF &FINDRC NE 0 THEN GOTO END_RACF0270
 
SET TABLE = &STR(DATASET USER GROUP TEMPDSN)
DO X = 1 TO &LENGTH(&TABLE)
  SET Y = &SYSINDEX(&STR( ),&STR(&TABLE ),&X)
  SET RES = &SUBSTR(&X:&Y-1,&STR(&TABLE ))
  IF &SYSINDEX(&STR( &RES ),&STR(&CLASSLST )) EQ 0 THEN +
    SET RACF0270 = &RACF0270 + 1
  SET X = &Y
END
 
IF &RACF0270 EQ 0 THEN DO
  SET AC = &STR(Not a Finding )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR(All CLASSACT required classes are active: +
           DATASET, USER, GROUP, and TEMPDSN.)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  END
ELSE DO
  SET AC = &STR(The following SETROPTS value is improperly set:)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  DO X = 1 TO &LENGTH(&TABLE)
    SET Y = &SYSINDEX(&STR( ),&STR(&TABLE ),&X)
    SET RES = &SUBSTR(&X:&Y-1,&STR(&TABLE ))
    IF &SYSINDEX(&STR( &RES ),&STR(&CLASSLST )) EQ 0 THEN DO
      SET AC = &STR(     SETROPTS CLASSACT(&RES) is missing.)
      ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
        DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
      END
    SET X = &Y
  END
 
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  SET AC = &STR(DISA recommendation: SETROPTS CLASSACT(name) )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  END
 
END_RACF0270: +
SET RETURN_CODE = 0
 
SYSCALL ADD_MEMBER
 
SET PDIMBR = RACF0510
SET RACF0510 = 0
SET RCLASS  = &STR(RVARY PASSWORD)
SET SETROPT = &STR(RVARYPW)
SET RVARY1 =
SET RVARY2 =
 
ISREDIT CURSOR = 1 0
SET RETURN_CODE = 0
 
ISREDIT FIND ' &RCLASS '
 
IF &RETURN_CODE NE 0 THEN DO
  SET RACF0510 = &RETURN_CODE
  SET AC = &STR(The SETROPTS &SETROPT is not defined.)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR(DISA recommendation: SETROPTS RVARYPW&LP +
     SWITCH&LP.pw&RP STATUS&LP.pw&RP &RP )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  GOTO END_RACF0510
  END
ELSE DO
  ISREDIT (CURLINE) = LINENUM .ZCSR
  ISREDIT (RVARY1) = LINE &CURLINE
  END
 
SET RETURN_CODE = 0
ISREDIT FIND ' &RCLASS '
 
IF &RETURN_CODE EQ 0 THEN DO
  ISREDIT (CURLINE) = LINENUM .ZCSR
  ISREDIT (RVARY2) = LINE &CURLINE
  END
 
SET X1 = &SYSINDEX(&STR(INSTALLATION ),&STR(&RVARY1))
SET X2 = &SYSINDEX(&STR(INSTALLATION ),&STR(&RVARY2))
 
/* IF &X1 GT 0 AND
IF &X1 GT 0 OR +
   &X2 GT 0 THEN DO
/*SET AC = &STR(Manual Review)
  SET AC = &STR(Not Reviewed)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  SET AC = &STR(The SETROPTS &SETROPT value is improperly set.)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR(     &RVARY1)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  SET AC = &STR(     &RVARY2)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR(     Passwords may not be set in accordance with +
    standard password guidelines.)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  GOTO END_RACF0510
  END
 
/* ELSE */
 
  SET AC = &STR(The SETROPTS &SETROPT value is improperly set.)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
IF &X1 EQ 0 THEN DO
  SET AC = &STR(     &RVARY1)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  END
 
IF &X2 EQ 0 THEN DO
  SET AC = &STR(     &RVARY2)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  END
 
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  SET AC = &STR(DISA recommendation: SETROPTS RVARYPW&LP +
     SWITCH&LP.pw&RP STATUS&LP.pw&RP &RP )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
END_RACF0510: +
SET RETURN_CODE = 0
 
SYSCALL ADD_MEMBER
 
 
SET PDIMBR = RACF0540
SET RCLASS = &STR(LOGOPTIONS "NEVER" CLASSES)
SET SETROPT = &STR(LOGOPTIONS(NEVER(NONE)))
SET CLASSLST = &STR(#)
SET PSTATUS = &STR(NF)
 
SET RETURN_CODE = 0
 
SYSCALL FIND_CLASS
 
IF &SYSINDEX(&STR( NONE ),&CLASSLST) EQ 0 THEN DO
  SET AC = &STR(The SETROPTS LOGOPTIONS "NEVER" CLASSES = NONE +
    is not specified.)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  SET PSTATUS = &STR(O)
  END
 
 
SET RCLASS = &STR(LOGOPTIONS "FAILURES" CLASSES)
SET SETROPT = &STR(LOGOPTIONS(FAILURES(name)))
SET CLASSLST = &STR(#)
 
SET RETURN_CODE = 0
 
SYSCALL FIND_CLASS
 
SET RCLASS = &STR(LOGOPTIONS "ALWAYS" CLASSES)
 
SET RETURN_CODE = 0
 
SYSCALL FIND_CLASS
SET RCLASS = &STR(LOGOPTIONS "FAILURES" CLASSES)
 
IF &SYSINDEX(&STR( NONE ),&CLASSLST) GT 0 THEN DO
  SET AC = &STR(The SETROPTS LOGOPTIONS "FAILURES" CLASSES = NONE +
    is specified.)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  GOTO END_RACF0540
  END
 
IF &FINDRC NE 0 THEN GOTO END_RACF0540
 
ISPEXEC VPUT ( +
  PDIMBR       +
  CLASSLST     +
  SETROPT      +
  RCLASS       +
  PSTATUS      +
  ) ASIS
 
SET RETURN_CODE = 0
 
ISPEXEC VIEW DATAID(&DSMONID) MACRO(&CARM0524) MEMBER(&DSMONMBR)
 
IF &RETURN_CODE GT 4 THEN DO
  WRITE &PGMNAME VIEW_DSMON_RC = &RETURN_CODE +
      MEMBER &DSMONMBR for &PDIMBR  &ZERRSM
  SET RETURN_CODE = &RETURN_CODE + 16
  GOTO ERR_EXIT
  END
 
END_RACF0540: +
SET RETURN_CODE = 0
 
SYSCALL ADD_MEMBER
 
 
END_EXIT: +
SET RETURN_CODE = 0
 
ERR_EXIT: +
IF &MAXCC GE 16 OR +
   &RETURN_CODE GT 0 THEN DO
  ISPEXEC VGET (ZISPFRC) SHARED
  IF &MAXCC GT &ZISPFRC THEN +
    SET ZISPFRC = &MAXCC
  ELSE +
    SET ZISPFRC = &RETURN_CODE
  ISPEXEC VPUT (ZISPFRC) SHARED
  WRITE &PGMNAME ZISPFRC = &ZISPFRC
  END
 
SET RM525RC = &RETURN_CODE
 
ISPEXEC VPUT ( +
  RM525VG      +
  RM525RC      +
  ) ASIS
 
ISREDIT END
 
EXIT CODE(0)
ISREDIT MEND
 
 
/* *************************************** */
/*  SYSCALL SUBROUTINES                    */
/* *************************************** */
 
ADD_MEMBER: PROC 0
 
SET ZEDSMSG = FINISHED
SET ZEDLMSG = &STR(Finished processing &PDIMBR.)
ISPEXEC LOG MSG(ISRZ000)
 
SET RETURN_CODE = 0
 
ISPEXEC LMMADD DATAID(&PDIID) MEMBER(&PDIMBR)
 
IF &RETURN_CODE EQ 4 THEN DO          /* MEMBER ALREADY EXISTS
  SET RETURN_CODE = 0
 
  ISPEXEC LMMREP DATAID(&PDIID) MEMBER(&PDIMBR)
 
  IF &RETURN_CODE NE 0 THEN DO
    WRITE &PGMNAME LMMREP_PDI_RCODE = &RETURN_CODE &PDIMBR  &ZERRSM
    END
  END
ELSE DO
  IF &RETURN_CODE NE 0 THEN +
    WRITE &PGMNAME LMMADD_PDI_RCODE = &RETURN_CODE &PDIMBR  &ZERRSM
  END
END
 
 
/* *************************************** */
/*  SYSCALL SUBROUTINES                    */
/* *************************************** */
 
FIND_CLASS: PROC 0
 
SET FINDRC = 0
SET RETURN_CODE = 0
ISREDIT CURSOR = 1 0
 
ISREDIT FIND '&RCLASS ' 1
 
IF &RETURN_CODE NE 0 THEN DO
  SET FINDRC = &RETURN_CODE
  SET AC = &STR(The SETROPTS &SETROPT is not defined. )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR(DISA recommendation: SETROPTS &SETROPT )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  GOTO END_FIND
  END
 
ISREDIT (CURLINE) = LINENUM .ZCSR
ISREDIT (DATA) = LINE &CURLINE
 
SET X = &SYSINDEX(&STR(=),&STR(&DATA))
IF &X EQ 0 THEN GOTO END_FIND
 
IF &STR(&RCLASS) EQ &STR(LOGOPTIONS "ALWAYS" CLASSES) AND +
   &SYSINDEX(&STR( NONE ),&STR(&DATA)) GT 0 THEN +
  GOTO END_FIND
 
SET Y = &SYSINDEX(&STR(  ),&STR(&DATA),&X+2)
IF &X+1 LT &Y-1 THEN +
  IF &STR(&RCLASS) EQ &STR(LOGOPTIONS "ALWAYS" CLASSES) THEN +
    SET CLASSLST = &STR(&CLASSLST) +
         &SUBSTR(&X+2:&Y-1,&NRSTR(&DATA))
  ELSE +
    SET CLASSLST = &SUBSTR(&X+1:&Y-1,&NRSTR(&DATA))
ELSE GOTO END_FIND
 
NEXT_LIST: +
SET RETURN_CODE = 0
 
SET CURLINE = &CURLINE + 1
 
IF &CURLINE GT &LASTLINE THEN GOTO END_LIST
 
ISREDIT (DATA) = LINE &CURLINE
 
IF &STR( ) NE &SUBSTR(1,&NRSTR(&DATA)) THEN +
  GOTO END_LIST
 
SET Y = &SYSINDEX(&STR(  ),&STR(&DATA),&X+2)
IF &X+2 LT &Y-1 THEN +
  SET CLASSLST = &STR(&CLASSLST) +
         &SUBSTR(&X+2:&Y-1,&NRSTR(&DATA))
GOTO NEXT_LIST
 
END_LIST: +
SET RETURN_CODE = 0
 
SET CLASSLST = &STR(&CLASSLST #)
 
END_FIND: +
END
