On 10 March 2011 16:59, Kip Fenton <[email protected]> wrote: > My STC is APF-authorized. I do not expect to run TSO-authorized commands. > > I will look more closely at the doc on IJKTSOEV. If anyone has direct > experience using it, I would appreciate any information on pitfalls and > how to avoid them.
IKJTSOEV is pretty straightforward. But it isn't some sort of cheap TMP; instead, it sets up sufficient environment to allow many (but not all) TSO services to run, and its intent is clearly to allow *your* program to invoke these services directly. To run arbitrary TSO commands, your program has to invoke them by name somehow, and to be TMP-like you need to ATTACH them, and that requires some knowledge that used to be clearly documented in the Guide to Writing a Terminal Monitor Program or a Command Processor that was withdrawn by IBM many years ago. The closest you will find is the explanation in the current TSO/E Programming Services of how to write a command processor with subcommands. To a certain extent such a CP behaves like a TMP, and the details of setting up the CPPL and such are in there. There are a few small pitfalls to watch for, none of them usually beyond turn an ankle severity, e.g. - Your ATTACH must share subpool 78 (SHSPV=78), and must not share subpool 0 (SZERO=NO). - You must put the name of the command in the field ECTPCMD, even if that same name is what you use as the module name on the ATTACH. This is because some commands are aliases for a common module, and the command processor looks at ECTPCMD to find out what command you want to run. The IDCAMS commands are most well known for this behaviour, but there are others. And there are a few more that don't come to mind right away. But if your program is APF authorized, and you want to invoke TSO commands that are not intended to run so, you must take great care that either you correctly lose authorization and regain it (a large and smelly can o' worms that has been much discussed here, and that I do not recommend opening), or you invoke the command as-is but ensure that it does not have any chance to act on user supplied unvetted input. This last approach nonetheless still has its potential security exposures, and I don't suggest it. Further, IKJTSOEV is documented inconsistently both to support and not to support APF authorization, though in my experience it does not complain. IBM may fix that at some point. Now the official IBM way to invoke TSO commands from an arbitrary program is the service routine IKJEFTSR. But this explicitly does not support invoking unauthorized CPs from an authorized program, and it does check. So in summary, you have some experimentation ahead of you. Tony H.
