Fishing way back in my memory, but I'd expect ENTITY to be padded with a blank x'40', or possibly even up to maximum length (44?).
Back in the old days, passing via a register sometimes required double parentheses as in ENTITY=((R1)). If in doubt, coding ENTITY=ENTITY should work. And I'm interested how RACROUTE encodes CLASS='UR2'. Don't trust my memory, but questions worth asking, perhaps? Roops On Tue, 15 Jul 2025, 18:21 Steve Beaver, < [email protected]> wrote: > Your WORKAREA needs to be 512 > > > > > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:[email protected]] On > Behalf Of Steely.Mark > Sent: Tuesday, July 15, 2025 11:53 AM > To: [email protected] > Subject: TSS Resource Class > > I've identified several UR1 and UR2 resource classes defined within > Broadcom > Top Secret (TSS), and they > appear to be configured for use. I'd like to confirm whether these > resources > are actually being accessed. > > I reached out to Broadcom, and they provided guidance on enabling audit > tracking and generating reports > using TSSUTIL. According to those reports, there is no indication that the > UR1/UR2 classes are currently > being used-but I'd like independent verification. > > To test this, I've obtained a sample program that is intended to access a > UR1 or UR2 resource. The > expectation is that executing this program would trigger a security access > attempt (either permitted or > denied), which should then appear in the TSSUTIL report. > > However, the program is abending with an S0C4, and my assembler experience > is limited-I can't determine > the root cause. I suspect the issue may lie in the RACROUTE setup or how > the > parameters are being passed. > > Would someone be able to review the program and verify whether the RACROUTE > is defined correctly or if > any required setup is missing? > > Any assistance would be greatly appreciated. > > Sample Program: > > //ASM EXEC PGM=ASMA90,PARM=OBJ > //SYSLIB DD DSN=SYS1.MACLIB,DISP=SHR > // DD DSN=SYS1.MODGEN,DISP=SHR > // DD DSN=SYSI.TSS16.CAKOMAC0,DISP=SHR > // DD DSN=SYS2.XXXXXX.MACLIB,DISP=SHR > //SYSUT1 DD DSN=&&SYSUT1,UNIT=SYSDA,SPACE=(1700,(600,100)) > //SYSUT2 DD DSN=&&SYSUT2,UNIT=SYSDA,SPACE=(1700,(300,50)) > //SYSUT3 DD DSN=&&SYSUT3,UNIT=SYSDA,SPACE=(1700,(300,50)) > //SYSPRINT DD SYSOUT=* > //SYSPUNCH DD DUMMY > //SYSLIN DD DSN=&&OBJSET,UNIT=SYSDA,SPACE=(80,(200,50)), > // DISP=(MOD,PASS) > //SYSIN DD * > URTEST CSECT > URTEST AMODE 31 > URTEST RMODE ANY > R0 EQU 0 > R1 EQU 1 > R2 EQU 2 > R3 EQU 3 > R4 EQU 4 > R5 EQU 5 > R6 EQU 6 > R7 EQU 7 > R8 EQU 8 > R9 EQU 9 > R10 EQU 10 > R11 EQU 11 > R12 EQU 12 > R13 EQU 13 > R14 EQU 14 > R15 EQU 15 > STM 14,12,12(13) SAVE CALLER'S REGISTERS > LR R12,R15 > USING URTEST,R12 > LA R3,SAVEAREA POINT TO OUR SAVEAREA > ST R13,4(R3) BACK-CHAIN > ST R3,8(R13) FORWARD-CHAIN > LR R13,R3 SET R13 = OUR SAVEAREA > > *-- SET POINTER TO ENTITY (FIXED) > LA R1,ENTITY > RACROUTE REQUEST=AUTH,ENTITY=(R1),CLASS='UR2',ATTR=READ, X > WORKA=WORKAREA > * STATUS=ACCESS,WORKA=WORKAREA > > *-- SAVE RETURN AND REASON CODES > ST R15,RC > ST R0,RSN > > *-- RESTORE AND RETURN > L R13,4(R13) > LM 14,12,12(13) > L R15,RC > BR R14 > > *------------------------------------------------------------------- > SAVEAREA DS 18F STANDARD 72-BYTE SAVEAREA > RC DC F'0' > RSN DC F'0' > WORKAREA DS CL100 RACROUTE WORKAREA > > ENTITY DC C'APP.DATA' RESOURCE NAME > DC X'00' NULL TERMINATOR (OPTIONAL) > > ENTPTR DC A(ENTITY) POINTER TO ENTITY NAME > > LTORG > END > //* > //LINK EXEC PGM=IEWL,PARM=('AMODE=31','RMODE=ANY') > //SYSLIN DD DSN=&&OBJSET,DISP=(OLD,DELETE) > // DD DDNAME=SYSIN > //SYSLMOD DD DISP=SHR,DSN=XXXXXX.LINKLIB > //* > //SYSUT1 DD DSN=&&SYSUT1,UNIT=SYSDA,SPACE=(1024,(50,20)) > //SYSPRINT DD SYSOUT=* > //* > //SYSIN DD * > NAME TSSUSR12(R) > //* > //JS020 EXEC PGM=TSSUSR12 > //*ABNLIGNR DD DUMMY > //STEPLIB DD DISP=SHR,DSN=XXXXXX.LINKLIB > //SYSUDUMP DD SYSOUT=* > //SYSPRINT DD SYSOUT=* > // > > Thank You > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
