Hello,
I'm trying to use the RACF command exit IRREVX01 to limit the types of
searches submitted through a z/OS LDAP server and am seeing some very
strange behaviour that I can't understand. If I tell the exit to reject any
search command containing FILTER(*) the exit works perfectly and if I tell
the exit to reject any search containing FILTER(SI1*) it also works perfectly.
However, as we need to reject certain FILTER values I need to be a bit more
selective and first of all find FILTER( in the command then process the
FILTER argument(s) to decide whether to reject the command or not which is
where I am coming unstuck. If I tell the exit to reject FILTER( (as a first
pass before further refining the exit to check the arguments) it does not
work, that is to say, it does not find FILTER(. It is also incapable of
finding just FILTER.
I'm sure I'm doing something stupid but just can't see it so any help with
this would be greatly appreciated.
The code is based on the samples in SYS1.SAMPLIB(RACEXITS) and is attached.
Best regards
Paul Whelan
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
IRREVC1A TITLE 'IRREVC1A - IRREVX01 EXIT ROUTINE TEMPLATE'
EJECT
IRREVC1A CSECT , an IRREVX01 exit routine
IRREVC1A AMODE 31
IRREVC1A RMODE ANY
IRREVC1A CSECT
SAVE (14,12),,IRREVC1A-&SYSDATE-&SYSTIME
LR R12,R15 program addressability
USING IRREVC1A,R12 set base register
LR R10,R1 save parameter address
USING EVXPL,R10 base parameter map
*
* Get dynamic storage and preserve environment
*
GETDYN L R0,DYNSIZE dynamic area size to R0
GETMAIN RU,LV=(0),SP=229 getmain dynamic area
LR R11,R1 dynamic area addressability
USING DATD,R11 base
ST R13,SAVEAREA+4 save caller's savearea address
ST R11,8(R13) save our savearea address
LR R13,R11 our savearea address to R13
SR R5,R5 initialize return code register
*
* check if this is a pre-exit invocation
*
L R3,EVXFLAGS
TM 0(R3),EVXPRE pre-exit ?
BNO FINAL
*
* check command's origin: RACF subsystem?
*
TM 0(R3),EVXRASP executes in RACF subsystem?
BNO FINAL
*
* check for SEARCH command issued
*
L R4,EVXCALLR
TM 0(R4),EVXSEARC Is this a SEARCH?
BO CHKSRCH yes
B FINAL
*
*
*
CHKSRCH L R6,EVXCMBUF
USING CMDBUF,R6
LA R7,CMDBUFD
LR R8,R7
LA R10,CMDBUFD
WTO TEXT=(R10),ROUTCDE=2,DESC=6
AH R8,CMDBUFL
LA R9,L'FILTER
SR R8,R9
SRCHLOOP CR R7,R8
BE FINAL
CLC 0(R9,R8),FILTER
BE BADRC
S R8,ONE
B SRCHLOOP
*
*
* The following code illustrates how a command exit routine can be
* used to fail certain commands and have message IRRV022I issued.
*
BADRC L R4,EVXMSSG load address of additional text
MVC 0(MSGINFOL,R4),MSGINFO copy the text in
LA R5,8 fails command and issues message
*
* free dynamic storage and return...
*
FINAL EQU *
L R0,DYNSIZE dynamic area size to R0
L R13,SAVEAREA+4 restore R13
LR R1,R11 dynamic data address to R1
FREEMAIN RU,SP=229,LV=(0),A=(1) freemain dynamic area
LR R15,R5 copy return code
RETURN (14,12),T,RC=(15) restore registers and return
EJECT
*
* static data
*
DS 0D
DYNSIZE DC AL4(SIZEDATD) dynamic area size
FILTER DC C'FILTER('
ONE DC F'1' increment/decrement value
MSGINFO DC C'Wildcard RACF search cancelled'
MSGINFOL EQU *-MSGINFO
DS 0D
LTORG
*
* DSECT for this routine's dynamic area
*
DATD DSECT
DS 0D
SAVEAREA DS 18F register save area
SIZEDATD EQU *-DATD length of DSECT
*
* equates
*
R0 EQU 0
R1 EQU 1
R2 EQU 2
R3 EQU 3
R4 EQU 4
R5 EQU 5
R6 EQU 6
R7 EQU 7
R8 EQU 8
R9 EQU 9
R10 EQU 10
R11 EQU 11
R12 EQU 12
R13 EQU 13
R14 EQU 14
R15 EQU 15
EJECT
*
* MAPPINGS
*
IRREVXP
END IRREVC1A
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
