Hello, I'm trying to use the RACF command exit IRREVX01 to limit the types of searches submitted through a z/OS LDAP server and am seeing some very strange behaviour that I can't understand. If I tell the exit to reject any search command containing FILTER(*) the exit works perfectly and if I tell the exit to reject any search containing FILTER(SI1*) it also works perfectly.
However, as we need to reject certain FILTER values I need to be a bit more selective and first of all find FILTER( in the command then process the FILTER argument(s) to decide whether to reject the command or not which is where I am coming unstuck. If I tell the exit to reject FILTER( (as a first pass before further refining the exit to check the arguments) it does not work, that is to say, it does not find FILTER(. It is also incapable of finding just FILTER. I'm sure I'm doing something stupid but just can't see it so any help with this would be greatly appreciated. The code is based on the samples in SYS1.SAMPLIB(RACEXITS) and is attached. Best regards Paul Whelan ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
IRREVC1A TITLE 'IRREVC1A - IRREVX01 EXIT ROUTINE TEMPLATE' EJECT IRREVC1A CSECT , an IRREVX01 exit routine IRREVC1A AMODE 31 IRREVC1A RMODE ANY IRREVC1A CSECT SAVE (14,12),,IRREVC1A-&SYSDATE-&SYSTIME LR R12,R15 program addressability USING IRREVC1A,R12 set base register LR R10,R1 save parameter address USING EVXPL,R10 base parameter map * * Get dynamic storage and preserve environment * GETDYN L R0,DYNSIZE dynamic area size to R0 GETMAIN RU,LV=(0),SP=229 getmain dynamic area LR R11,R1 dynamic area addressability USING DATD,R11 base ST R13,SAVEAREA+4 save caller's savearea address ST R11,8(R13) save our savearea address LR R13,R11 our savearea address to R13 SR R5,R5 initialize return code register * * check if this is a pre-exit invocation * L R3,EVXFLAGS TM 0(R3),EVXPRE pre-exit ? BNO FINAL * * check command's origin: RACF subsystem? * TM 0(R3),EVXRASP executes in RACF subsystem? BNO FINAL * * check for SEARCH command issued * L R4,EVXCALLR TM 0(R4),EVXSEARC Is this a SEARCH? BO CHKSRCH yes B FINAL * * * CHKSRCH L R6,EVXCMBUF USING CMDBUF,R6 LA R7,CMDBUFD LR R8,R7 LA R10,CMDBUFD WTO TEXT=(R10),ROUTCDE=2,DESC=6 AH R8,CMDBUFL LA R9,L'FILTER SR R8,R9 SRCHLOOP CR R7,R8 BE FINAL CLC 0(R9,R8),FILTER BE BADRC S R8,ONE B SRCHLOOP * * * The following code illustrates how a command exit routine can be * used to fail certain commands and have message IRRV022I issued. * BADRC L R4,EVXMSSG load address of additional text MVC 0(MSGINFOL,R4),MSGINFO copy the text in LA R5,8 fails command and issues message * * free dynamic storage and return... * FINAL EQU * L R0,DYNSIZE dynamic area size to R0 L R13,SAVEAREA+4 restore R13 LR R1,R11 dynamic data address to R1 FREEMAIN RU,SP=229,LV=(0),A=(1) freemain dynamic area LR R15,R5 copy return code RETURN (14,12),T,RC=(15) restore registers and return EJECT * * static data * DS 0D DYNSIZE DC AL4(SIZEDATD) dynamic area size FILTER DC C'FILTER(' ONE DC F'1' increment/decrement value MSGINFO DC C'Wildcard RACF search cancelled' MSGINFOL EQU *-MSGINFO DS 0D LTORG * * DSECT for this routine's dynamic area * DATD DSECT DS 0D SAVEAREA DS 18F register save area SIZEDATD EQU *-DATD length of DSECT * * equates * R0 EQU 0 R1 EQU 1 R2 EQU 2 R3 EQU 3 R4 EQU 4 R5 EQU 5 R6 EQU 6 R7 EQU 7 R8 EQU 8 R9 EQU 9 R10 EQU 10 R11 EQU 11 R12 EQU 12 R13 EQU 13 R14 EQU 14 R15 EQU 15 EJECT * * MAPPINGS * IRREVXP END IRREVC1A ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html