I did use the double parentheses and now I am getting RC 70 - which I am told is a denied request. I still don’t see the denied request in the TSS reports. I have contacted Broadcom to see if they can provide anymore insight.
Thanks -----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Rupert Reynolds Sent: Tuesday, July 15, 2025 1:18 PM To: [email protected] Subject: Re: TSS Resource Class ! CAUTION! EXTERNAL SENDER! STOP, ASSESS, AND VERIFY Do you know this person? Were you expecting this email? If not, report it using the Report Phishing Button! Fishing way back in my memory, but I'd expect ENTITY to be padded with a blank x'40', or possibly even up to maximum length (44?). Back in the old days, passing via a register sometimes required double parentheses as in ENTITY=((R1)). If in doubt, coding ENTITY=ENTITY should work. And I'm interested how RACROUTE encodes CLASS='UR2'. Don't trust my memory, but questions worth asking, perhaps? Roops On Tue, 15 Jul 2025, 18:21 Steve Beaver, < [email protected]> wrote: > Your WORKAREA needs to be 512 > > > > > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:[email protected]] > On Behalf Of Steely.Mark > Sent: Tuesday, July 15, 2025 11:53 AM > To: [email protected] > Subject: TSS Resource Class > > I've identified several UR1 and UR2 resource classes defined within > Broadcom Top Secret (TSS), and they appear to be configured for use. > I'd like to confirm whether these resources are actually being > accessed. > > I reached out to Broadcom, and they provided guidance on enabling > audit tracking and generating reports using TSSUTIL. According to > those reports, there is no indication that the > UR1/UR2 classes are currently > being used-but I'd like independent verification. > > To test this, I've obtained a sample program that is intended to > access a > UR1 or UR2 resource. The > expectation is that executing this program would trigger a security > access attempt (either permitted or denied), which should then appear > in the TSSUTIL report. > > However, the program is abending with an S0C4, and my assembler > experience is limited-I can't determine the root cause. I suspect the > issue may lie in the RACROUTE setup or how the parameters are being > passed. > > Would someone be able to review the program and verify whether the > RACROUTE is defined correctly or if any required setup is missing? > > Any assistance would be greatly appreciated. > > Sample Program: > > //ASM EXEC PGM=ASMA90,PARM=OBJ > //SYSLIB DD DSN=SYS1.MACLIB,DISP=SHR > // DD DSN=SYS1.MODGEN,DISP=SHR > // DD DSN=SYSI.TSS16.CAKOMAC0,DISP=SHR > // DD DSN=SYS2.XXXXXX.MACLIB,DISP=SHR > //SYSUT1 DD DSN=&&SYSUT1,UNIT=SYSDA,SPACE=(1700,(600,100)) > //SYSUT2 DD DSN=&&SYSUT2,UNIT=SYSDA,SPACE=(1700,(300,50)) > //SYSUT3 DD DSN=&&SYSUT3,UNIT=SYSDA,SPACE=(1700,(300,50)) > //SYSPRINT DD SYSOUT=* > //SYSPUNCH DD DUMMY > //SYSLIN DD DSN=&&OBJSET,UNIT=SYSDA,SPACE=(80,(200,50)), > // DISP=(MOD,PASS) > //SYSIN DD * > URTEST CSECT > URTEST AMODE 31 > URTEST RMODE ANY > R0 EQU 0 > R1 EQU 1 > R2 EQU 2 > R3 EQU 3 > R4 EQU 4 > R5 EQU 5 > R6 EQU 6 > R7 EQU 7 > R8 EQU 8 > R9 EQU 9 > R10 EQU 10 > R11 EQU 11 > R12 EQU 12 > R13 EQU 13 > R14 EQU 14 > R15 EQU 15 > STM 14,12,12(13) SAVE CALLER'S REGISTERS > LR R12,R15 > USING URTEST,R12 > LA R3,SAVEAREA POINT TO OUR SAVEAREA > ST R13,4(R3) BACK-CHAIN > ST R3,8(R13) FORWARD-CHAIN > LR R13,R3 SET R13 = OUR SAVEAREA > > *-- SET POINTER TO ENTITY (FIXED) > LA R1,ENTITY > RACROUTE REQUEST=AUTH,ENTITY=(R1),CLASS='UR2',ATTR=READ, X > WORKA=WORKAREA > * STATUS=ACCESS,WORKA=WORKAREA > > *-- SAVE RETURN AND REASON CODES > ST R15,RC > ST R0,RSN > > *-- RESTORE AND RETURN > L R13,4(R13) > LM 14,12,12(13) > L R15,RC > BR R14 > > *------------------------------------------------------------------- > SAVEAREA DS 18F STANDARD 72-BYTE SAVEAREA > RC DC F'0' > RSN DC F'0' > WORKAREA DS CL100 RACROUTE WORKAREA > > ENTITY DC C'APP.DATA' RESOURCE NAME > DC X'00' NULL TERMINATOR (OPTIONAL) > > ENTPTR DC A(ENTITY) POINTER TO ENTITY NAME > > LTORG > END > //* > //LINK EXEC PGM=IEWL,PARM=('AMODE=31','RMODE=ANY') > //SYSLIN DD DSN=&&OBJSET,DISP=(OLD,DELETE) > // DD DDNAME=SYSIN > //SYSLMOD DD DISP=SHR,DSN=XXXXXX.LINKLIB > //* > //SYSUT1 DD DSN=&&SYSUT1,UNIT=SYSDA,SPACE=(1024,(50,20)) > //SYSPRINT DD SYSOUT=* > //* > //SYSIN DD * > NAME TSSUSR12(R) > //* > //JS020 EXEC PGM=TSSUSR12 > //*ABNLIGNR DD DUMMY > //STEPLIB DD DISP=SHR,DSN=XXXXXX.LINKLIB //SYSUDUMP DD SYSOUT=* > //SYSPRINT DD SYSOUT=* // > > Thank You > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send > email to [email protected] with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send > email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
