No. APF is not done on a TCB by TCB basis. Every TCB points to a control block called the JSCB (Job Step Control Block). There is an undocumented parameter: JSCB= on the ATTACHX macro which allows specification of the address of this control block, possibly dynamically allocated and initialized. However, the fact that it is not even documented in the manual indicates that it is so non-GUPI that using it would be foolishly dangerous. Also, it likely requires that the code be at least APF authorized, if not in supervisor state, key 0. Which means that there is no need to mess with it in the first place. I think it is used mainly, if not only, by the initiator code.
I still think doing a fork()/exec() to start up a "service daemon" to do the RACF or other APF work is simpler. Or if you're really good, write an STC which inserts an PC into the system to do the work. Of course, said code needs to do some sort of verification that its called is valid. I'd do a SAF call to AUTH a specific FACILITY profile, personally. On Fri, 2011-04-22 at 19:04 -0500, Patrick Roehl wrote: > Would this work? > > Program A (non-authorized) does an ATTACHX with DCB which points to an > authorized library to start program B in a new TCB. Program B would be > authorized and service RACROUTE requests from program A via common > storage and a WAIT/POST protocol. > > Program A would then be free to call all the "regular" modules from STEPLIB, > and program B would load from "AUTHLIB" DD which contains the authorized > library. At this point it's an assumption on my part that this scheme would > allow authorized and non-authorized programs to comingle. > > Thanks for all comments, suggested variations, and pitfalls of this idea. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO > Search the archives at http://bama.ua.edu/archives/ibm-main.html -- John McKown Maranatha! <>< ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
