If you really want do this this: run an APF authorized TSO command from a COBOL program, even one which is linked AC=1. Well, you'll need to "cheat horribly". One way to cheat is to run your COBOL program under TSO. You run IKJEFT01. Something like:
//STC EXEC PGM=IKJEFT01, // REGION=0M,PARM='%REXXCMD' //SYSTSPRT DD SYSOUT=* //SYSTSIN DD DUMMY //SYSEXEC DD DISP=SHR,DSN=some.REXX.library.with.REXXCMD.in.it //* OTHER REQUIRED DDs //* REXXCMD would look something like: /* REXX */ address tso "CALL 'some.loadlib(myapfpgm)'" You'd need "myapfpgm" placed in IKJTSO00 as an APF authorized program name in the AUTHPGM section. Now your program does not need to invoke IKJTSOEV at all. And I think that it can now invoke the REXX program to invoke the APF authorized TSO program. I don't guarantee it will do what you want to do. If BPXWDYN cannot do a "free", then I doubt that the TSO FREE command will work either. -- John McKown Systems Engineer IV IT Administrative Services Group HealthMarkets® 9151 Boulevard 26 . N. Richland Hills . TX 76010 (817) 255-3225 phone . john.mck...@healthmarkets.com . www.HealthMarkets.com Confidentiality Notice: This e-mail message may contain confidential or proprietary information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. HealthMarkets® is the brand name for products underwritten and issued by the insurance subsidiaries of HealthMarkets, Inc. -The Chesapeake Life Insurance Company®, Mid-West National Life Insurance Company of TennesseeSM and The MEGA Life and Health Insurance Company.SM > -----Original Message----- > From: IBM Mainframe Discussion List > [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of Scott Ford > Sent: Wednesday, February 15, 2012 2:33 PM > To: IBM-MAIN@bama.ua.edu > Subject: Re: Authorized functions > > John: > > So is this saying you can only do limited rexx functions from > an application program.... > In our case, i need to allocate a sysin and sysprint and > execute a vendor's program the output queues into sysprint. > My problem I ran into..is using BPXWDYN...once allocated in a > running LE Cobol program STC or otherwise that > DDNAME cant be 'de-allocated' or 'freed' ...So I thought i > would try existing rexx clists ..and ran into problems.. > as you have shown...I am not understanding something...Thats > why I am asking for some help... > > Scott J Ford > Software Engineer > http://www.identityforge.com > > > > ________________________________ > From: "McKown, John" <john.mck...@healthmarkets.com> > To: IBM-MAIN@bama.ua.edu > Sent: Wednesday, February 15, 2012 3:11 PM > Subject: Re: Authorized functions > > Is this even possible? here: > > http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/ikj > 4b780/23.4.3.2 > > <quote> > Table 122 shows the reason codes that are found in parameter > 5 if IKJEFTSR completes with a return code of 20. > ... > > 24(18) IKJEFTSR was invoked from a > non-TSO/E environment. This service can only be used in a > foreground or background TSO/E > environment. > > </quote> > > John McKown > > Systems Engineer IV > > IT > > > > Administrative Services Group > > > > HealthMarkets® > > > > 9151 Boulevard 26 * N. Richland Hills * TX 76010 > > (817) 255-3225 phone * > > john.mck...@healthmarkets.com * www.HealthMarkets.com > > > > Confidentiality Notice: This e-mail message may contain > confidential or proprietary information. If you are not the > intended recipient, please contact the sender by reply e-mail > and destroy all copies of the original message. > HealthMarkets® is the brand name for products underwritten > and issued by the insurance subsidiaries of HealthMarkets, > Inc. -The Chesapeake Life Insurance Company®, Mid-West > National Life Insurance Company of TennesseeSM and The MEGA > Life and Health Insurance Company.SM > > > > > -----Original Message----- > > From: IBM Mainframe Discussion List > > [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of Scott Ford > > Sent: Wednesday, February 15, 2012 1:16 PM > > To: IBM-MAIN@bama.ua.edu > > Subject: Re: Authorized functions > > > > Walt, > > > > First , thanks for responding.. > > > > Let me explain: > > > > The STC is in LE Cobol..4.2 > > I want to call IKJEFTSR ...to call a rexx clist that will > > perform authorized functions , i.e.; alloc, free > > The call is below: > > > > IDENTIFICATION DIVISION. > > > > PROGRAM-ID. COBTSO. > > > > ENVIRONMENT DIVISION. > > > > CONFIGURATION SECTION. > > > > SOURCE-COMPUTER. IBM-370. > > > > INPUT-OUTPUT SECTION. > > > > > > > > > > ************************************************************** > > **** > > * * > > > > * MODULE NAME = COBTSO * > > > > * * > > > > * DESCRIPTIVE NAME = ISSUE TSO COMMANDS FROM A COBOL > > PROGRAM. * > > * * > > > > * FUNCTION = THIS SAMPLE PROGRAM DEMONSTRATES HOW TO > > INVOKE * > > * TSO COMMANDS FROM A COBOL PROGRAM USING * > > > > * STANDARD TSO SERVICES AS DOCUMENTED IN THE * > > > > * TSO/E PROGRAMMING SERVICES MANUAL. * > > > > * * > > > > * MOST TSO COMMANDS, INCLUDING CLISTS AND REXX * > > > > * EXECS CAN BE EXECUTED USING THIS TECHNIQUE. * > > > > * TSO COMMANDS WHICH REQUIRE AUTHORIZATION * > > > > * (SUCH AS OUTPUT, SEND, TRANSMIT AND RECEIVE) * > > > > * WILL NOT WORK. * > > > > * * > > > > * AUTHOR = GILBERT SAINT-FLOUR * > > > > * > > > > > > ************************************************************** > > **** > > > > > > DATA DIVISION. > > > > > > > > WORKING-STORAGE SECTION. > > > > 01 IKJTSOEV PIC X(8) VALUE 'IKJTSOEV'. > > > > 01 IKJEFTSR PIC X(8) VALUE 'IKJEFTSR'. > > > > 01 FILLER. > > > > 05 WS-DUMMY PIC S9(8) COMP. > > > > 05 WS-RETURN-CODE PIC S9(8) COMP. > > > > 05 WS-REASON-CODE PIC S9(8) COMP. > > > > 05 WS-INFO-CODE PIC S9(8) COMP. > > > > 05 WS-ABEND-CODE PIC S9(8) COMP. > > > > 05 WS-CPPL-ADDRESS PIC S9(8) COMP. > > > > 05 WS-FLAGS PIC X(4) VALUE X'00000001'. > > > > 05 WS-BUFFER PIC X(256). > > > > 05 WS-LENGTH PIC S9(8) COMP VALUE 256. > > > > 05 WS-REGISTER-15 PIC S9(8) COMP. > > > > > > > > PROCEDURE DIVISION. > > > > > > > > > > *------------------------------------------------------------- > > ---* > > * CALL IKJTSOEV TO CREATE THE TSO/E ENVIRONMENT * > > > > > > *------------------------------------------------------------- > > ---* > > > > > > PERFORM 100-BUILD-TSO. > > > > > > > > MOVE RETURN-CODE TO WS-REGISTER-15. > > > > DISPLAY 'IKJTSOEV REGISTER 15 = ' WS-REGISTER-15 > > > > ' RETURN-CODE=' WS-RETURN-CODE > > > > ' REASON-CODE=' WS-REASON-CODE > > > > ' INFO-CODE=' WS-INFO-CODE. > > > > > > > > * IF WS-RETURN-CODE > ZERO OR WS-REGISTER-15 > ZERO > > > > * GOBACK. > > > > > > > > IF WS-RETURN-CODE > ZERO > > > > DISPLAY 'IKJTSOEV FAILED, RETURN-CODE=' > > WS-RETURN-CODE > > ' REASON-CODE=' WS-REASON-CODE > > > > 'INFO-CODE=' WS-INFO-CODE > > > > MOVE WS-RETURN-CODE TO RETURN-CODE > > > > > > > > STOP RUN > > > > > > > > END-IF. > > > > > > *------------------------------------------------------------- > > ---* > > * BUILD THE TSO/E COMMAND IN WS-BUFFER * > > > > > > *------------------------------------------------------------- > > ---* > > MOVE X'00010001' TO WS-FLAGS. > > > > > > > > MOVE 'LU SFORD' TO WS-BUFFER. > > > > MOVE 8 TO WS-LENGTH > > > > > > > > > > *------------------------------------------------------------- > > ---* > > * CALL THE TSO/E SERVICE ROUTINE TO EXECUTE THE TSO/E > > COMMAND * > > > > *------------------------------------------------------------- > > ---* > > > > > > PERFORM 110-EXECUTE-TSO. > > > > > > > > MOVE RETURN-CODE TO WS-REGISTER-15. > > > > DISPLAY 'IKJEFTSR REGISTER 15 = ' WS-REGISTER-15 > > > > ' RETURN-CODE=' WS-RETURN-CODE > > > > ' REASON-CODE=' WS-REASON-CODE > > > > ' ABEND-CODE=' WS-ABEND-CODE. > > > > > > > > * IF WS-RETURN-CODE = ZERO AND WS-REGISTER-15 = > > ZERO > > * DISPLAY 'THIS IS SYSPUNCH OUTPUT...' UPON > > SYSPUNCH. > > > > > > * IF WS-RETURN-CODE = ZERO AND WS-REGISTER-15 = ZERO > > > > > > > > > > > > IF WS-RETURN-CODE > ZERO > > > > DISPLAY 'ALLOCATE FAILED' > > > > DISPLAY 'IKJEFTSR FAILED, RETURN-CODE=' > > WS-RETURN-CODE > > ' REASON-CODE=' WS-REASON-CODE > > > > MOVE WS-RETURN-CODE TO RETURN-CODE > > > > STOP RUN > > > > END-IF. > > > > STOP RUN. > > > > > > > > > > *------------------------------------------------------------- > > ---* > > * CALL IKJTSOEV TO CREATE THE TSO/E ENVIRONMENT * > > > > > > *------------------------------------------------------------- > > ---* > > 100-BUILD-TSO. > > > > * CALL 'IKJTSOEV' USING WS-DUMMY > > > > CALL IKJTSOEV USING WS-DUMMY > > > > WS-RETURN-CODE > > > > WS-REASON-CODE > > > > WS-INFO-CODE > > > > WS-CPPL-ADDRESS. > > > > > > > > 110-EXECUTE-TSO. > > > > > > > > > > *------------------------------------------------------------- > > ---* > > * CALL THE TSO/E SERVICE ROUTINE TO EXECUTE THE TSO/E > > COMMAND * > > > > *------------------------------------------------------------- > > ---* > > * CALL 'IKJEFTSR' USING WS-FLAGS > > > > CALL IKJEFTSR USING WS-FLAGS > > > > WS-BUFFER > > > > WS-LENGTH > > > > WS-RETURN-CODE > > > > WS-REASON-CODE > > > > WS-DUMMY. > > > > > > > > Scott J Ford > > Software Engineer > > http://www.identityforge.com > > > > > > > > ________________________________ > > From: Walt Farrell <wfarr...@us.ibm.com> > > To: IBM-MAIN@bama.ua.edu > > Sent: Wednesday, February 15, 2012 1:54 PM > > Subject: Re: Authorized functions > > > > On Wed, 15 Feb 2012 13:34:01 -0500, Scott Ford > > <scott_j_f...@yahoo.com> wrote: > > > > >All, > > >I understand that authorized programs have been talked about > > before, buti don't understand and I want to make sure I do > > before I start a design ...... > > > > > >What I want.... Long running STC .... > > >....................... Invoke a rexx clist performing > > alloc, calls to a program > > >........................long running STC program is linked ac(1) > > > > > >Do i create an entry in ikjtso00 for the STC program > > >Do I create an entry in ikjtso00 for the clist name > > > > > >This is where I am cornfused..... > > > > The entries in IKJTSO00 are for programs (not execs or > > clists) that you invoke under the TSO/E TMP. > > > > So, if your STC actually has // EXEC PGM=<your-program> then > > there would be no reason to put <your-program> in IKJTSO00 as > > you are not running it under the TMP. > > > > On the other hand, if your STC has // EXEC > > PGM=IKJEFT01,PARM="CALL dsname(your-program)" and you want > > your-program to run APF-authorized, then you would need it in > > IKJTSO00. > > > > IF you are doing as my first example, and the STC directly > > invokes your program, I'd like to inquire -how- you are > > having your program invoke the REXX exec, though. The way you > > do that has critical implications for the functions that the > > exec can perform. > > > > -- > > Walt Farrell > > IBM STSM, z/OS Security Design > > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN > > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN > > > > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
