Walt, First , thanks for responding.. Let me explain: The STC is in LE Cobol..4.2 I want to call IKJEFTSR ...to call a rexx clist that will perform authorized functions , i.e.; alloc, free The call is below: IDENTIFICATION DIVISION. PROGRAM-ID. COBTSO. ENVIRONMENT DIVISION. CONFIGURATION SECTION. SOURCE-COMPUTER. IBM-370. INPUT-OUTPUT SECTION. ****************************************************************** * * * MODULE NAME = COBTSO * * * * DESCRIPTIVE NAME = ISSUE TSO COMMANDS FROM A COBOL PROGRAM. * * * * FUNCTION = THIS SAMPLE PROGRAM DEMONSTRATES HOW TO INVOKE * * TSO COMMANDS FROM A COBOL PROGRAM USING * * STANDARD TSO SERVICES AS DOCUMENTED IN THE * * TSO/E PROGRAMMING SERVICES MANUAL. * * * * MOST TSO COMMANDS, INCLUDING CLISTS AND REXX * * EXECS CAN BE EXECUTED USING THIS TECHNIQUE. * * TSO COMMANDS WHICH REQUIRE AUTHORIZATION * * (SUCH AS OUTPUT, SEND, TRANSMIT AND RECEIVE) * * WILL NOT WORK. * * * * AUTHOR = GILBERT SAINT-FLOUR * * ****************************************************************** DATA DIVISION. WORKING-STORAGE SECTION. 01 IKJTSOEV PIC X(8) VALUE 'IKJTSOEV'. 01 IKJEFTSR PIC X(8) VALUE 'IKJEFTSR'. 01 FILLER. 05 WS-DUMMY PIC S9(8) COMP. 05 WS-RETURN-CODE PIC S9(8) COMP. 05 WS-REASON-CODE PIC S9(8) COMP. 05 WS-INFO-CODE PIC S9(8) COMP. 05 WS-ABEND-CODE PIC S9(8) COMP. 05 WS-CPPL-ADDRESS PIC S9(8) COMP. 05 WS-FLAGS PIC X(4) VALUE X'00000001'. 05 WS-BUFFER PIC X(256). 05 WS-LENGTH PIC S9(8) COMP VALUE 256. 05 WS-REGISTER-15 PIC S9(8) COMP. PROCEDURE DIVISION. *----------------------------------------------------------------* * CALL IKJTSOEV TO CREATE THE TSO/E ENVIRONMENT * *----------------------------------------------------------------* PERFORM 100-BUILD-TSO. MOVE RETURN-CODE TO WS-REGISTER-15. DISPLAY 'IKJTSOEV REGISTER 15 = ' WS-REGISTER-15 ' RETURN-CODE=' WS-RETURN-CODE ' REASON-CODE=' WS-REASON-CODE ' INFO-CODE=' WS-INFO-CODE. * IF WS-RETURN-CODE > ZERO OR WS-REGISTER-15 > ZERO * GOBACK. IF WS-RETURN-CODE > ZERO DISPLAY 'IKJTSOEV FAILED, RETURN-CODE=' WS-RETURN-CODE ' REASON-CODE=' WS-REASON-CODE 'INFO-CODE=' WS-INFO-CODE MOVE WS-RETURN-CODE TO RETURN-CODE STOP RUN END-IF. *----------------------------------------------------------------* * BUILD THE TSO/E COMMAND IN WS-BUFFER * *----------------------------------------------------------------* MOVE X'00010001' TO WS-FLAGS. MOVE 'LU SFORD' TO WS-BUFFER. MOVE 8 TO WS-LENGTH *----------------------------------------------------------------* * CALL THE TSO/E SERVICE ROUTINE TO EXECUTE THE TSO/E COMMAND * *----------------------------------------------------------------* PERFORM 110-EXECUTE-TSO. MOVE RETURN-CODE TO WS-REGISTER-15. DISPLAY 'IKJEFTSR REGISTER 15 = ' WS-REGISTER-15 ' RETURN-CODE=' WS-RETURN-CODE ' REASON-CODE=' WS-REASON-CODE ' ABEND-CODE=' WS-ABEND-CODE. * IF WS-RETURN-CODE = ZERO AND WS-REGISTER-15 = ZERO * DISPLAY 'THIS IS SYSPUNCH OUTPUT...' UPON SYSPUNCH. * IF WS-RETURN-CODE = ZERO AND WS-REGISTER-15 = ZERO IF WS-RETURN-CODE > ZERO DISPLAY 'ALLOCATE FAILED' DISPLAY 'IKJEFTSR FAILED, RETURN-CODE=' WS-RETURN-CODE ' REASON-CODE=' WS-REASON-CODE MOVE WS-RETURN-CODE TO RETURN-CODE STOP RUN END-IF. STOP RUN. *----------------------------------------------------------------* * CALL IKJTSOEV TO CREATE THE TSO/E ENVIRONMENT * *----------------------------------------------------------------* 100-BUILD-TSO. * CALL 'IKJTSOEV' USING WS-DUMMY CALL IKJTSOEV USING WS-DUMMY WS-RETURN-CODE WS-REASON-CODE WS-INFO-CODE WS-CPPL-ADDRESS. 110-EXECUTE-TSO. *----------------------------------------------------------------* * CALL THE TSO/E SERVICE ROUTINE TO EXECUTE THE TSO/E COMMAND * *----------------------------------------------------------------* * CALL 'IKJEFTSR' USING WS-FLAGS CALL IKJEFTSR USING WS-FLAGS WS-BUFFER WS-LENGTH WS-RETURN-CODE WS-REASON-CODE WS-DUMMY.
Scott J Ford Software Engineer http://www.identityforge.com ________________________________ From: Walt Farrell <wfarr...@us.ibm.com> To: IBM-MAIN@bama.ua.edu Sent: Wednesday, February 15, 2012 1:54 PM Subject: Re: Authorized functions On Wed, 15 Feb 2012 13:34:01 -0500, Scott Ford <scott_j_f...@yahoo.com> wrote: >All, >I understand that authorized programs have been talked about before, buti >don't understand and I want to make sure I do before I start a design ...... > >What I want.... Long running STC .... >....................... Invoke a rexx clist performing alloc, calls to a >program >........................long running STC program is linked ac(1) > >Do i create an entry in ikjtso00 for the STC program >Do I create an entry in ikjtso00 for the clist name > >This is where I am cornfused..... The entries in IKJTSO00 are for programs (not execs or clists) that you invoke under the TSO/E TMP. So, if your STC actually has // EXEC PGM=<your-program> then there would be no reason to put <your-program> in IKJTSO00 as you are not running it under the TMP. On the other hand, if your STC has // EXEC PGM=IKJEFT01,PARM="CALL dsname(your-program)" and you want your-program to run APF-authorized, then you would need it in IKJTSO00. IF you are doing as my first example, and the STC directly invokes your program, I'd like to inquire -how- you are having your program invoke the REXX exec, though. The way you do that has critical implications for the functions that the exec can perform. -- Walt Farrell IBM STSM, z/OS Security Design ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN