AW: 2.5 Heads Up

2022-02-21 Thread Kerstin Schwob 
Keine Ahnung, ob das jemals bei uns passieren könnte...




I needed to use the circumvention so as to bypass the hard loop in our 2.5 
system. Storage location x'0004' is in the PSA. It maps to this; 
"V(IEAVRSTR)" - SECOND HALF OF RESTART NEW PSW MDC128

Mark Jacobs

Sent from ProtonMail, Swiss-based encrypted email.

GPG Public Key - 
https://api.protonmail.ch/pks/lookup?op=get=markjac...@protonmail.com

--- Original Message ---

On Monday, February 21st, 2022 at 5:02 PM, Paul Gilmartin 
<000433f07816-dmarc-requ...@listserv.ua.edu> wrote:

> On Mon, 21 Feb 2022 12:54:14 -0800, Ed Jaffe wrote:
>
> > On 2/21/2022 12:00 PM, Mark Jacobs wrote:
> >
> > > Found APAR OA62381 for this problem. PTFs are not yet available.
>
> Yet: APAR status
>
> Closed as program error.
>
> > Hugely helpful! THANKS!
> >
> > https://www.ibm.com/support/pages/apar/OA62381
>
> Local fix
>
> BYPASS/CIRCUMVENTION:
>
> Set DSENQSHR to DISALLOW in the relevant JOBCLASSes
>
> Doesn't that just say, "Don't do that!"? Hardly a circumvention.
>
> if the storage at location x'0004' is zeroed out.
>
> What's llocation 4 supposed to mean?
>
> -- gil
>
> --

-Ursprüngliche Nachricht-
Von: IBM Mainframe Discussion List  Im Auftrag von 
Mark Jacobs
Gesendet: Montag, 21. Februar 2022 21:00
An: IBM-MAIN@LISTSERV.UA.EDU
Betreff: Re: 2.5 Heads Up

Found APAR OA62381 for this problem. PTFs are not yet available.

Mark Jacobs

Sent from ProtonMail, Swiss-based encrypted email.

GPG Public Key - 
https://api.protonmail.ch/pks/lookup?op=get=markjac...@protonmail.com

--- Original Message ---

On Monday, February 21st, 2022 at 1:22 PM, Ed Jaffe 
 wrote:

> On 10/27/2021 8:47 AM, Mark Jacobs wrote:
>
> > We migrated one of our systems to z/OS 2.5 last weekend and immediately 
> > started getting a hard loop during job conversion/interpretation either in 
> > the JES2CIxx or INIT address space depending on your JOBDEF INTERPRET= 
> > setting.
> >
> > The loop could occur with any batch job,but not every batch job. IBM has 
> > found the loop in module IEFNB903 and are looking at it. The looping 
> > condition only occurs if DSENQSHR is enabled for the job. In our case the 
> > JOBCLASS definitions had DSENQSHR=AUTO. Once we changed it to 
> > DSENQSHR=DISALLOW the problem no longer occurred.
>
> We are now seeing this in our z/OS 2.5 JES2 environments. The loop is 
> in
>
> IEFNB903.
>
> Your IBM-MAIN posting was from way back in October. I assumed this 
> would
>
> have been fixed by now.
>
> Did IBM take an APAR?
>
> --
>
> Phoenix Software International
>
> Edward E. Jaffe
>
> 831 Parkview Drive North
>
> El Segundo, CA 90245
>
> https://www.phoenixsoftware.com/
>
> --
> --
>
> This e-mail message, including any attachments, appended messages and 
> the
>
> information contained therein, is for the sole use of the intended
>
> recipient(s). If you are not an intended recipient or have otherwise
>
> received this email message in error, any use, dissemination, 
> distribution,
>
> review, storage or copying of this e-mail message and the information
>
> contained therein is strictly prohibited. If you are not an intended
>
> recipient, please contact the sender by reply e-mail and destroy all 
> copies
>
> of this email message and do not otherwise utilize or retain this 
> email
>
> message or any or all of the information contained therein. Although 
> this
>
> email message and any attachments or appended messages are believed to 
> be
>
> free of any virus or other defect that might affect any computer 
> system into
>
> which it is received and opened, it is the responsibility of the 
> recipient
>
> to ensure that it is virus free and no responsibility is accepted by 
> the
>
> sender for any loss or damage arising in any way from its opening or use.
>
> --
>
> For IBM-MAIN subscribe / signoff / archive access instructions,
>
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: 2.5 Heads Up

2022-02-21 Thread Jim Mulder 
  Location 4 means address 4 (i.e. offset 4 in the PSA). 

 There was a latent bug from a prior release in the loop control 
code so that it was erroneously fetching from address 4, and 
behaving especially badly when the data at that location 
is x'', which it is as of z/OS 2.5.  In prior releases,
it was x'000130E1' when in zArchitecture mode.
 
Jim Mulder z/OS Diagnosis, Design, Development, Test  IBM Corp. 
Poughkeepsie NY

"IBM Mainframe Discussion List"  wrote on 
02/21/2022 05:02:54 PM:

> From: "Paul Gilmartin" <000433f07816-dmarc-requ...@listserv.ua.edu>
> To: IBM-MAIN@LISTSERV.UA.EDU
> Date: 02/22/2022 12:49 AM
> Subject: Re: 2.5 Heads Up
> Sent by: "IBM Mainframe Discussion List" 
> 
> On Mon, 21 Feb 2022 12:54:14 -0800, Ed Jaffe wrote:
> 
> >On 2/21/2022 12:00 PM, Mark Jacobs wrote:
> >> Found APAR OA62381 for this problem. PTFs are not yet available.
> >
> Yet: APAR status
> Closed as program error.
> 
> >Hugely helpful! THANKS!
> >
> >https://www.ibm.com/support/pages/apar/OA62381
> >
> Local fix
> BYPASS/CIRCUMVENTION:
> Set DSENQSHR to DISALLOW in the relevant JOBCLASSes
> 
> Doesn't that just say, "Don't do that!"?  Hardly a circumvention.
> 
> if the storage at location x'0004' is zeroed out.
> 
> What's llocation 4 supposed to mean?
> 
> -- gil



--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

How to Send Messages to a Slack Channel From a JCL Job

2022-02-21 Thread Timothy Sipples 
Subhasish Sarkar wrote this great "how-to" article:

https://techchannel.com/Enterprise/02/2022/slack-channel-jcl-job

- - - - - - - - - -
Timothy Sipples
I.T. Architect Executive
Digital Asset & Other Industry Solutions
IBM Z & LinuxONE
- - - - - - - - - -
E-Mail: sipp...@sg.ibm.com



--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

IBM Z Day Special Edition: April 5, 2022

2022-02-21 Thread Timothy Sipples 
Please join us!

https://ibm.biz/ibmzday-se

- - - - - - - - - -
Timothy Sipples
I.T. Architect Executive
Digital Asset & Other Industry Solutions
IBM Z & LinuxONE
- - - - - - - - - -
E-Mail: sipp...@sg.ibm.com



--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: 2.5 Heads Up

2022-02-21 Thread Mark Jacobs 
True, but the hard loop was impacting our users more than the loss of 
functionally that DSENQSHR provided.

Mark Jacobs

Sent from ProtonMail, Swiss-based encrypted email.

GPG Public Key - 
https://api.protonmail.ch/pks/lookup?op=get=markjac...@protonmail.com

--- Original Message ---

On Monday, February 21st, 2022 at 7:30 PM, Paul Gilmartin 
<000433f07816-dmarc-requ...@listserv.ua.edu> wrote:

> On Mon, 21 Feb 2022 23:51:34 +, Mark Jacobs wrote:
>
> > I needed to use the circumvention so as to bypass the hard loop in our 2.5 
> > system.
>
> That treats only the symptom. It provides no substitute for the needed 
> function.
>
> > Storage location x'0004' is in the PSA. It maps to this; "V(IEAVRSTR)" 
> > - SECOND HALF OF RESTART NEW PSW MDC128
>
> > --- Original Message ---
> >
> > On Monday, February 21st, 2022 at 5:02 PM, Paul Gilmartin wrote:
> >
> > > > https://www.ibm.com/support/pages/apar/OA62381
> > >
> > > Local fix
> > >
> > > BYPASS/CIRCUMVENTION:
> > >
> > > Set DSENQSHR to DISALLOW in the relevant JOBCLASSes
> > >
> > > Doesn't that just say, "Don't do that!"? Hardly a circumvention.
>
> --
>
> gil
>
> --
>
> For IBM-MAIN subscribe / signoff / archive access instructions,
>
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: creating a python login module

2022-02-21 Thread David Crayford 

On 22/2/22 4:59 am, Erik Janssen wrote:

Well, the routine I wrote can handle a user, password or passphrase and 
optionally an APPL to verify against.
So, even though there are a lot of options to do it different, I was more 
looking for ways how such a 'service routine' that needs apf authorization 
could be used from a non-authorized caller.
The __passwd routine can do it, but it requires program controlled environment 
and python doesn't seem to be defined as program controlled and I don't want to 
'just' enable it.


Program Control can be a PITA, but APF authorizing a service is a bag of 
worms.



Also, the relation between APF authorisation and program control (if any) still 
eludes me, and if there is no relation then I don't understand how __passwd can 
check a password if the environment is not apf authorized.
I hope that someone can explain how that works.


AFAIK, there is no relationship. I've very leery when I see a z/OS UNIX 
program APF authorized.


Zowe has a couple of components you may be interested in. All APF 
authorized services are processed in the ZIS server, otherwise nown as 
the cross-memory server. It's a Metal/C application that is open source 
an available to
Github. It provides services via PC calls which are exploited by the ZSS 
server which is a lightweight HTTP server written in C. Both have tiny 
footprints and you can write your own plugins. SAF 
authentication/authorization are

already provided.

Disclaimer: I'm a Zowe commiter and I mainly work on these components. 
Although only for code reviews, we have devs working full time on Zowe.


https://docs.zowe.org/stable/getting-started/zowe-architecture/
https://github.com/zowe/zss

BTW, building this stuff can be tricky. You can reach out on the 
OpenMainframe slack channel and one of our helpful devs can assist you. 
Or just ping me offline.





Kind regards,
Erik.

On Mon, 21 Feb 2022 15:10:48 +, Colin Paice  wrote:


Erik,

Do you need to specify a password?

Could you define a RACF profile  instead, and use RACF  check to see if the
userid has access to that profile?
I dont think there is a Callable function for it, but you could write some
glue code to call an assembler routine to do a RACROUTE call.

You could use an existing class, such as APP.
I dont think it needs to be APF authorised... but you would need to check
this.

Colin


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: XEDIT equivalent to ISPF C - OO/OO (copy overlay)

2022-02-21 Thread Tony Thigpen 
Try the attached macro. It does not require the character loop that the 
one provided by Phil does.


Tony Thigpen

Tony Thigpen wrote on 2/21/22 18:34:
If I understand your request, the XEDIT OVERLAY command is just 
backwards of what you want. It replaces the existing line with any 
character, other than a blank, found in the original 'copied line'.


This will take a little extra work. The original line needs to be saved, 
the copied line needs to replace it, then the original line needs to 
OVERLAY the now current line.


I have a PRFMERGE macro that I got somewhere that uses the standard 
overlay function. Let me see if I can reverse it's function.


Tony Thigpen

Binyamin Dissen wrote on 2/21/22 12:40:

On Mon, 21 Feb 2022 16:25:05 + Rahim Azizarab
<03f036d88eeb-dmarc-requ...@listserv.ua.edu> wrote:

:>In ISPF you would put X over the line numbers; and on the command 
line you would type  ==>   c ABC XYZ all X
:>It results in changing all occurrences of ABC to XYZ on the lines 
marked by X only.


I am referring to the function where you type C on a line that has the 
overlay
data and then OO/OO on the group of lines that you wish to overlay. 
The only

dependence on the data on the OO lines is that it will not replace a
non-blank.

:>    On Monday, February 21, 2022, 07:24:39 AM CST, Binyamin Dissen 
 wrote:

:>
:> What would the XEDIT equivalent to C OO/OO in ISPF which copies the 
marked

:>line, only overlaying blank characters the targeted lines?
:>
:>Sort of applying SET MASK to  a group of existing lines.

--
Binyamin Dissen 
http://www.dissensoftware.com

Director, Dissen Software, Bar & Grill - Israel

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
/*  prefix command - overlay two or more lines  */
/*  */
/* you specify the overlay source line using 't' prefix command */
/* you specify the lines to be overlayed using 'ot' or 'ott'*/
/*  */
/* Unline the xedit command 'overlay', this prefix command will */
/* only overlay blank positions in the destination lines*/
/*  */
/* to use this macro, add the following prefixes synonym to your*/
/* xedit profile:   */
/*  */
/*   set prefix synonym t   prfmerge*/
/*   set prefix synonym ot  m   */
/*   set prefix synonym ott mm  */
trace off
parse source . . . . . name .
arg pref func pline op extra
select
  when pref ¬= 'PREFIX'
then call error1,
  'this macro must be invoked from the prefix area.'
  when func = 'CLEAR'
then exit
  when func = 'SHADOW'
then call error1,
  'invalid on shadow line.'
  when func ¬= 'SET'
then call error1,
  'this macro must be invoked from the prefix area.'
  when extra ¬= ''
then call error,
  "extraneous parameter '"strip(extra)"'."
  otherwise nop
end

'command extract /cursor/column'
if op = '' & cursor.4 > 0
  then op = cursor.4

'command extract /pending block oldname mm'
if pending.0 ¬= 0
  then do
mm.1 = pending.1
'command extract /pending block oldname mm :'mm.1+1'* /'
if pending.0 ¬= 0
  then do
mm.2 = pending.1
mm.0 = mm.2-mm.1+ 1
'command locate :'pline 'command extract /curline'
baseline = curline.3
'command locate :'mm.1
do i = 1 to mm.0
  'command extract /curline'
  'replace' baseline
  'overlay' curline.3
  'next'
end
'command locate :'mm.1 'command set pending off'
'command locate :'mm.2 'command set pending off'
'command locate :'pline
  end
  end
  else do
'command extract /pending oldname m/'
if pending.0 ¬= 0
  then do
if pending.5 ='' then pending.5 = 1
'command locate :'pline 'command extract /curline'
baseline = curline.3
'command locate :'pending.1 'command extract /curline'
'replace' baseline
'overlay' curline.3
'command set pending off'
if pline < pending.1
  then pending.1 = pending.1 - pending.5
'command locate

Re: 2.5 Heads Up

2022-02-21 Thread Paul Gilmartin 
On Mon, 21 Feb 2022 23:51:34 +, Mark Jacobs wrote:

>I needed to use the circumvention so as to bypass the hard loop in our 2.5 
>system. 
>
That treats only the symptom.  It provides no substitute for the needed 
function.

>Storage location x'0004' is in the PSA. It maps to this; "V(IEAVRSTR)" - 
>SECOND HALF OF RESTART NEW PSW MDC128
>

>--- Original Message ---
>On Monday, February 21st, 2022 at 5:02 PM, Paul Gilmartin  wrote:
>> > https://www.ibm.com/support/pages/apar/OA62381
>>
>> Local fix
>> BYPASS/CIRCUMVENTION:
>> Set DSENQSHR to DISALLOW in the relevant JOBCLASSes
>>
>> Doesn't that just say, "Don't do that!"? Hardly a circumvention.

-- 
gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Unable to delete uncataloged migrated datasets

2022-02-21 Thread Mark Jacobs 
Try this;

The DELETE data set name NOSCRATCH command can be used to uncatalog migrated 
data sets. For this command to be used when RACF® protection is used for 
DFSMShsm-owned data sets, two conditions must exist:

A RACF group of ARCCATGP must exist.
The user who issues the DELETE NOSCRATCH command must be authorized to 
group ARCCATGP.

You'll need to run the batch job or logon using that specific group. It's not 
enough to have your userid connected to it.

Mark Jacobs

Sent from ProtonMail, Swiss-based encrypted email.

GPG Public Key - 
https://api.protonmail.ch/pks/lookup?op=get=markjac...@protonmail.com

--- Original Message ---

On Sunday, February 20th, 2022 at 12:32 PM, fred glenlake 
 wrote:

> Hi List,
>
> I recently inherited DFHSM responsibilities at my account, previous person 
> decided to take the money and run towards retirement. Just to see the lay of 
> the land I ran an HSM AUDIT and it reported errors on a number of migrated 
> datasets on both ML1 DASD and ML2 Tape. The Audit reported showed ERR 03 
> errors such as:
>
> ERR or Userhlq.system.cntl NOT CATALOGED, HAS MIGRATION COPY +
>
> DFHSM.HHMIG.T290510.Userhlq.system.B2021
>
> I tried deleting the dataset using HDELETE and HSEND DELETE commands, did not 
> seem to work. I also tried IDCAMS DELETE but did not work. I found a hit 
> "https://bit.listserv.ibm-main.narkive.com/VxAz3kU0/dfhsm-uncatalog-migrated-dataset-how-to-fix;
>  from many years ago that had a list of commands to do this. I followed the 
> instructions and the entry in DFHSM still exists.
>
> DFHSM Uncatalog Migrated dataset - How to 
> Fixhttps://bit.listserv.ibm-main.narkive.com/VxAz3kU0/dfhsm-uncatalog-migrated-dataset-how-to-fix
>
> Kenneth, 1) HSEND FIXCDS D dsn - will give you listing of the d record. You 
> will see the ML1 volume(+000) and the funny name(+009C). 2) Do an ISPF 3.4 
> for the ML1 volume found in 1
>
> bit.listserv.ibm-main.narkive.com
>
> 1) HSEND FIXCDS D dsn - will give you listing of the d record. You will
>
> see the ML1 volume(+000) and the funny name(+009C).
>
> 2) Do an ISPF 3.4 for the ML1 volume found in 1
>
> 3) Find the "funny" dataset name from 1
>
> 4) On the command line issue a delete of the dataset
>
> 5) Again on the command line issue HSEND FIXCDS A / DELETE
>
> 6) Issue HSEND FIXCDS D DSN DELETE using dsn from 1
>
> I am more than happy to continue with RTFM's but thus far nothing that 
> addresses this situation.
>
> Any suggestions, recommendations would be greatly appreciated.
>
> Many thanks,
>
> Fred G.
>
> Sent from Outlookhttp://aka.ms/weboutlook
>
> --
>
> For IBM-MAIN subscribe / signoff / archive access instructions,
>
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: 2.5 Heads Up

2022-02-21 Thread Lennie Dymoke-Bradshaw 
Maybe they were using the contents of location 4 instead of a 4?
e.g.   LA R5,4   vs   LA R5,4(,R5)
I think location 4 used to be part of the Restart new PSW under old-style 
31-bit operation. Maybe it is no longer used. 

Lennie Dymoke-Bradshaw
https://rsclweb.com 
‘Dance like no one is watching. Encrypt like everyone is.’


-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Paul Gilmartin
Sent: 21 February 2022 22:03
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: 2.5 Heads Up

On Mon, 21 Feb 2022 12:54:14 -0800, Ed Jaffe wrote:

>On 2/21/2022 12:00 PM, Mark Jacobs wrote:
>> Found APAR OA62381 for this problem. PTFs are not yet available.
>
Yet: APAR status
Closed as program error.

>Hugely helpful! THANKS!
>
>https://www.ibm.com/support/pages/apar/OA62381
>
Local fix
BYPASS/CIRCUMVENTION:
Set DSENQSHR to DISALLOW in the relevant JOBCLASSes

Doesn't that just say, "Don't do that!"?  Hardly a circumvention.

if the storage at location x'0004' is zeroed out.

What's llocation 4 supposed to mean?

-- gil

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: 2.5 Heads Up

2022-02-21 Thread Mark Jacobs 
I needed to use the circumvention so as to bypass the hard loop in our 2.5 
system. Storage location x'0004' is in the PSA. It maps to this; 
"V(IEAVRSTR)" - SECOND HALF OF RESTART NEW PSW MDC128

Mark Jacobs

Sent from ProtonMail, Swiss-based encrypted email.

GPG Public Key - 
https://api.protonmail.ch/pks/lookup?op=get=markjac...@protonmail.com

--- Original Message ---

On Monday, February 21st, 2022 at 5:02 PM, Paul Gilmartin 
<000433f07816-dmarc-requ...@listserv.ua.edu> wrote:

> On Mon, 21 Feb 2022 12:54:14 -0800, Ed Jaffe wrote:
>
> > On 2/21/2022 12:00 PM, Mark Jacobs wrote:
> >
> > > Found APAR OA62381 for this problem. PTFs are not yet available.
>
> Yet: APAR status
>
> Closed as program error.
>
> > Hugely helpful! THANKS!
> >
> > https://www.ibm.com/support/pages/apar/OA62381
>
> Local fix
>
> BYPASS/CIRCUMVENTION:
>
> Set DSENQSHR to DISALLOW in the relevant JOBCLASSes
>
> Doesn't that just say, "Don't do that!"? Hardly a circumvention.
>
> if the storage at location x'0004' is zeroed out.
>
> What's llocation 4 supposed to mean?
>
> -- gil
>
> --
>
> For IBM-MAIN subscribe / signoff / archive access instructions,
>
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: XEDIT equivalent to ISPF C - OO/OO (copy overlay)

2022-02-21 Thread Phil Smith III 
I think I misread the requirement. Try this version, which also handles
block commands.

 

/*
   PREFIXO
   K  -- Kopy prefix subcommand
   O  -- Overlay prefix subcommand
   OO -- Overlay block prefix subcommand

   Designed to be used with:

   COMMAND SET PREFIX SYNONYM K  PREFIXO
   COMMAND SET PREFIX SYNONYM O  PREFIXO
   COMMAND SET PREFIX SYNONYM OO PREFIXO
*/
   arg p f l rest
   if f = 'CLEAR' | p <> 'PREFIX' then exit  /* Nothing to do, great */
   parse source . . . . . pcmd .
   if rest <> '' then signal Error /* Operand, we don't do those */
   if index('KOO', pcmd) = 0 then signal Error   /* Not ours?? error */
   'COMMAND LOCATE :'l  /* Go to the line we're handling */
   if pcmd = 'K' then signal JustWait  /* Kopying, go Wait for O */
   'EXTRACT /PENDING K'/* Is there a pending K?? */
   if pending.0 = 0 then signal JustWait/* No, just wait */
   kline = pending.1/* Remember where Kopied line is */
   'COMMAND LOCATE :'pending.1 'COMMAND EXTRACT /CURLINE'  /* Go */
   kopy = curline.3   /* Get the Kopied data */
   'COMMAND EXTRACT /PENDING BLOCK OO :0' l /* See if OO pending */
   select
  when pcmd = 'O' then do
 call Overlay l l   /* Simple O, do that */
 'COMMAND LOCATE :'kline 'SET PENDING OFF'/* And clear K */
  end
  when pending.0 = 0 then/* OO and not pending?? */
  'COMMAND LOCATE :'l 'COMMAND SET PENDING BLOCK OO' /* Wait */
  otherwise /* OO and already a pending K and OO, process it */
  call Overlay pending.1 l /* Go do the overlays */
  'COMMAND LOCATE :'pending.1 'SET PENDING OFF'  /* Clear OO */
  'COMMAND LOCATE :'kline 'SET PENDING OFF'   /* And clear K */
   end
   exit

/* Do overlays: Build replacement lines, overlaying only blanks */
Overlay:
   arg s e/* Start and end lines */
   do n = s to e/* Spin through them */
  'COMMAND LOCATE :'n 'COMMAND EXTRACT /CURLINE' /* Get data */
  r = ''   /* No replacement yet */
  do i = 1 to length(kopy) /* Only care about overlay length */
 c = substr(curline.3, i, 1)  /* Get character from line */
 if c = '' then r = r || substr(kopy, i, 1) /* Overlay blank */
 else r = r || c   /* Don't overlay if not blank */
  end
  if r <> '' then 'COMMAND REPLACE' r /* Replace if not null */
   end
   return

JustWait:   /* Reset pending command, either K or OO */
   'COMMAND SET PENDING ON' pcmd
   exit

Error: /* Invalid, show prefix error */
   'COMMAND SET PENDING ERROR' pcmd rest
   exit




--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: XEDIT equivalent to ISPF C - OO/OO (copy overlay)

2022-02-21 Thread Tony Thigpen 
If I understand your request, the XEDIT OVERLAY command is just 
backwards of what you want. It replaces the existing line with any 
character, other than a blank, found in the original 'copied line'.


This will take a little extra work. The original line needs to be saved, 
the copied line needs to replace it, then the original line needs to 
OVERLAY the now current line.


I have a PRFMERGE macro that I got somewhere that uses the standard 
overlay function. Let me see if I can reverse it's function.


Tony Thigpen

Binyamin Dissen wrote on 2/21/22 12:40:

On Mon, 21 Feb 2022 16:25:05 + Rahim Azizarab
<03f036d88eeb-dmarc-requ...@listserv.ua.edu> wrote:

:>In ISPF you would put X over the line numbers; and on the command line you would 
type  ==>   c ABC XYZ all X
:>It results in changing all occurrences of ABC to XYZ on the lines marked by X 
only.

I am referring to the function where you type C on a line that has the overlay
data and then OO/OO on the group of lines that you wish to overlay. The only
dependence on the data on the OO lines is that it will not replace a
non-blank.

:>On Monday, February 21, 2022, 07:24:39 AM CST, Binyamin Dissen 
 wrote:
:>
:> What would the XEDIT equivalent to C OO/OO in ISPF which copies the marked
:>line, only overlaying blank characters the targeted lines?
:>
:>Sort of applying SET MASK to  a group of existing lines.

--
Binyamin Dissen 
http://www.dissensoftware.com

Director, Dissen Software, Bar & Grill - Israel

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: XEDIT equivalent to ISPF C - OO/OO (copy overlay)

2022-02-21 Thread Phil Smith III 
Tony Harminc wrote:
> I use it all the time to put change markers on new lines. Of course with a

>decent TN3270 program you can probably just as easily copy & paste them in

>at that level.

 

Ah! Of course that explains why I never wanted it for that purpose with
XEDIT, where the SIDCODE can be added by the editor.


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Unable to delete uncataloged migrated datasets

2022-02-21 Thread Steely.Mark 
Did you try to just do a delete noscratch command ?

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of Max 
Smith
Sent: Monday, February 21, 2022 4:00 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Unable to delete uncataloged migrated datasets

ATTENTION: This e-mail came from an external source. Do not open attachments or 
click on links from unknown or unexpected emails.


Hi Fred,

For uncataloged data sets I would have expected HSEND DELETE dsn would work to 
clean up the CDS entries, MCD/MCA & TTOC. You say it didn't seem to work, why?  
Any errors?

Also the steps you listed should also delete the MCD/MCA records and the data 
set if it still existed on an ML1 volume.  Why do you say they didn't?

Another thing you could do is use a simple IDCAMS DEFINE to define the catalog 
entry of the data set.  You could then see if they RECALL or you could use the 
HSEND DELETE or HDELETE to delete the data set.

Sample SYSIN

 DEF  -
   NONVSAM  -
 (NAME(data.set.name) -
 DEVT(3390) -
 VOL(MIGRAT)

Max Smith
DFSMS Development

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN

*** Disclaimer ***
This communication (including all attachments) is solely for the use of the 
person to whom it is addressed and is a confidential AAA communication. If you 
are not the intended recipient, any use, distribution, printing, or copying is 
prohibited. If you received this email in error, please immediately delete it 
and notify the sender.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: 2.5 Heads Up

2022-02-21 Thread Paul Gilmartin 
On Mon, 21 Feb 2022 12:54:14 -0800, Ed Jaffe wrote:

>On 2/21/2022 12:00 PM, Mark Jacobs wrote:
>> Found APAR OA62381 for this problem. PTFs are not yet available.
>
Yet: APAR status
Closed as program error.

>Hugely helpful! THANKS!
>
>https://www.ibm.com/support/pages/apar/OA62381
>
Local fix
BYPASS/CIRCUMVENTION:
Set DSENQSHR to DISALLOW in the relevant JOBCLASSes

Doesn't that just say, "Don't do that!"?  Hardly a circumvention.

if the storage at location x'0004' is zeroed out.

What's llocation 4 supposed to mean?

-- gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Unable to delete uncataloged migrated datasets

2022-02-21 Thread Max Smith 
Hi Fred,

For uncataloged data sets I would have expected HSEND DELETE dsn would work to 
clean up the CDS entries, MCD/MCA & TTOC. You say it didn't seem to work, why?  
Any errors? 

Also the steps you listed should also delete the MCD/MCA records and the data 
set if it still existed on an ML1 volume.  Why do you say they didn't?

Another thing you could do is use a simple IDCAMS DEFINE to define the catalog 
entry of the data set.  You could then see if they RECALL or you could use the 
HSEND DELETE or HDELETE to delete the data set.

Sample SYSIN 

 DEF  -  
   NONVSAM  -  
 (NAME(data.set.name) -
 DEVT(3390) -  
 VOL(MIGRAT)   

Max Smith 
DFSMS Development

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: XEDIT equivalent to ISPF C - OO/OO (copy overlay)

2022-02-21 Thread Tony Harminc 
On Mon, 21 Feb 2022 at 15:32, Phil Smith III  wrote:

> Binyamin Dissen wrote:
>
> >I am referring to the function where you type C on a line that has the
> overlay
> >data and then OO/OO on the group of lines that you wish to overlay. The
> only
> >dependence on the data on the OO lines is that it will not replace a
> >non-blank.
>
> I've used XEDIT since it was released, KEDIT equally, and neither has this
> direct analog. I have also never actually *WANTED* it, which is not to
> dismiss your requirement-just to note that it may not be that common.
>

I use it all the time to put change markers on new lines. Of course with a
decent TN3270 program you can probably just as easily copy & paste them in
at that level.

Tony H.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: creating a python login module

2022-02-21 Thread Erik Janssen 
Well, the routine I wrote can handle a user, password or passphrase and 
optionally an APPL to verify against.
So, even though there are a lot of options to do it different, I was more 
looking for ways how such a 'service routine' that needs apf authorization 
could be used from a non-authorized caller. 
The __passwd routine can do it, but it requires program controlled environment 
and python doesn't seem to be defined as program controlled and I don't want to 
'just' enable it.
Also, the relation between APF authorisation and program control (if any) still 
eludes me, and if there is no relation then I don't understand how __passwd can 
check a password if the environment is not apf authorized.
I hope that someone can explain how that works.

Kind regards,
Erik.

On Mon, 21 Feb 2022 15:10:48 +, Colin Paice  wrote:

>Erik,
>
>Do you need to specify a password?
>
>Could you define a RACF profile  instead, and use RACF  check to see if the
>userid has access to that profile?
>I dont think there is a Callable function for it, but you could write some
>glue code to call an assembler routine to do a RACROUTE call.
>
>You could use an existing class, such as APP.
>I dont think it needs to be APF authorised... but you would need to check
>this.
>
>Colin
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: 2.5 Heads Up

2022-02-21 Thread Ed Jaffe 

On 2/21/2022 12:00 PM, Mark Jacobs wrote:

Found APAR OA62381 for this problem. PTFs are not yet available.


Hugely helpful! THANKS!

https://www.ibm.com/support/pages/apar/OA62381


--
Phoenix Software International
Edward E. Jaffe
831 Parkview Drive North
El Segundo, CA 90245
https://www.phoenixsoftware.com/



This e-mail message, including any attachments, appended messages and the
information contained therein, is for the sole use of the intended
recipient(s). If you are not an intended recipient or have otherwise
received this email message in error, any use, dissemination, distribution,
review, storage or copying of this e-mail message and the information
contained therein is strictly prohibited. If you are not an intended
recipient, please contact the sender by reply e-mail and destroy all copies
of this email message and do not otherwise utilize or retain this email
message or any or all of the information contained therein. Although this
email message and any attachments or appended messages are believed to be
free of any virus or other defect that might affect any computer system into
which it is received and opened, it is the responsibility of the recipient
to ensure that it is virus free and no responsibility is accepted by the
sender for any loss or damage arising in any way from its opening or use.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: creating a python login module

2022-02-21 Thread Erik Janssen 
Thanks, I will have a look. That is also an option of course to have a java API 
do the racf check and generate a JWT that the python APIs can use to verify the 
validity of the request.

On Mon, 21 Feb 2022 21:19:02 +0800, David Crayford  wrote:

>https://github.com/zowe/sample-spring-boot-api-service/blob/master/zowe-rest-api-sample-spring/docs/zos-security.md
>
>> On 21 Feb 2022, at 9:18 pm, David Crayford  wrote:
>> 
>> There is a sample Zowe Spring Boot micro service that can stand alone with 
>> no external Zowe dependencies which you can use to decouple access 
>> control/authentication from your application. 
>> 

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: XEDIT equivalent to ISPF C - OO/OO (copy overlay)

2022-02-21 Thread Phil Smith III 
Binyamin Dissen wrote:

>I am referring to the function where you type C on a line that has the
overlay

>data and then OO/OO on the group of lines that you wish to overlay. The
only

>dependence on the data on the OO lines is that it will not replace a

>non-blank.

 

I've used XEDIT since it was released, KEDIT equally, and neither has this
direct analog. I have also never actually *WANTED* it, which is not to
dismiss your requirement-just to note that it may not be that common.

 

In any case, as Shmuel writes, a user macro would do it.

 

XCOL might also; that's a toolkit I know I used about 1% of.

 

So you want this (b = blank):

 

Origin line:  XXXbbXXX

Target line:  YbYYbYbY

and the result is:

YXYYbYXY

?

 

If so, try the following, not extensively tested, only overlays a single
line (could be made to handle block overlays):
/*

   PREFIXO

   K -- Kopy prefix subcommand

   O -- Overlay prefix subcommand

 

   Designed to be used with:

 COMMAND SET PREFIX SYNONYM   K PREFIXO

COMMAND SET PREFIX SYNONYM   O PREFIXO

*/

   arg p f l rest

   if f = 'CLEAR' | p <> 'PREFIX' then exit

   parse source . . . . . pcmd .

   if index('KO', pcmd) = 0 then signal EXIT

   'EXTRACT /LINE/'

   'COMMAND LOCATE :'l

   'EXTRACT /CURLINE/'

   if pcmd = 'K' then signal Kopy

   address command 'GLOBALV SELECT PREFIXO GET KOPY KOPIED'

   if kopied <> 1 then signal NotKopied

   'COMMAND OVERLAY' kopy

   signal EXIT

 

Kopy:

   kopy = curline.3

   kopied = 1

   address command 'GLOBALV SELECT PREFIXO PUT KOPY KOPIED'

   signal EXIT

 

NotKopied:

   'COMMAND EMSG No Kopied line'

   rc = 5

 

Exit:

   if rc = 0 | rc = 1 then exit

   'COMMAND SET PENDING ERROR' pcmd rest

   exit


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: 2.5 Heads Up

2022-02-21 Thread Mark Jacobs 
Found APAR OA62381 for this problem. PTFs are not yet available.

Mark Jacobs

Sent from ProtonMail, Swiss-based encrypted email.

GPG Public Key - 
https://api.protonmail.ch/pks/lookup?op=get=markjac...@protonmail.com

--- Original Message ---

On Monday, February 21st, 2022 at 1:22 PM, Ed Jaffe 
 wrote:

> On 10/27/2021 8:47 AM, Mark Jacobs wrote:
>
> > We migrated one of our systems to z/OS 2.5 last weekend and immediately 
> > started getting a hard loop during job conversion/interpretation either in 
> > the JES2CIxx or INIT address space depending on your JOBDEF INTERPRET= 
> > setting.
> >
> > The loop could occur with any batch job,but not every batch job. IBM has 
> > found the loop in module IEFNB903 and are looking at it. The looping 
> > condition only occurs if DSENQSHR is enabled for the job. In our case the 
> > JOBCLASS definitions had DSENQSHR=AUTO. Once we changed it to 
> > DSENQSHR=DISALLOW the problem no longer occurred.
>
> We are now seeing this in our z/OS 2.5 JES2 environments. The loop is in
>
> IEFNB903.
>
> Your IBM-MAIN posting was from way back in October. I assumed this would
>
> have been fixed by now.
>
> Did IBM take an APAR?
>
> --
>
> Phoenix Software International
>
> Edward E. Jaffe
>
> 831 Parkview Drive North
>
> El Segundo, CA 90245
>
> https://www.phoenixsoftware.com/
>
> 
>
> This e-mail message, including any attachments, appended messages and the
>
> information contained therein, is for the sole use of the intended
>
> recipient(s). If you are not an intended recipient or have otherwise
>
> received this email message in error, any use, dissemination, distribution,
>
> review, storage or copying of this e-mail message and the information
>
> contained therein is strictly prohibited. If you are not an intended
>
> recipient, please contact the sender by reply e-mail and destroy all copies
>
> of this email message and do not otherwise utilize or retain this email
>
> message or any or all of the information contained therein. Although this
>
> email message and any attachments or appended messages are believed to be
>
> free of any virus or other defect that might affect any computer system into
>
> which it is received and opened, it is the responsibility of the recipient
>
> to ensure that it is virus free and no responsibility is accepted by the
>
> sender for any loss or damage arising in any way from its opening or use.
>
> --
>
> For IBM-MAIN subscribe / signoff / archive access instructions,
>
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Why SLIP PVTMOD/PVT EP does not work for Private load modules in CICS

2022-02-21 Thread Mike Schwab 
https://www.ibm.com/docs/en/cics-ts/5.5?topic=applications-debugging-profiles

Debugging profiles

A debugging profile specifies a set of one or more application
programs which are to be debugged together.

For example:

All instances of program PYRL01 running in system CICS1
All Java™ classes with names beginning “ setBankAccount ”
All programs with names beginning “'PYRL'” run by user APPDEV02

On Mon, Feb 21, 2022 at 7:42 PM Lars Höglund  wrote:
>
> Debugging?
>
> -Ursprungligt meddelande-
> Från: IBM Mainframe Discussion List  För Mike Schwab
> Skickat: den 21 februari 2022 18:39
> Till: IBM-MAIN@LISTSERV.UA.EDU
> Ämne: Re: Why SLIP PVTMOD/PVT EP does not work for Private load modules in 
> CICS
>
> CEMT is the CICS debugging command.
>
> On Mon, Feb 21, 2022 at 4:15 PM venkat rao bandaru  wrote:
> >
> > Thank you for the information.
> >
> > On Mon, Feb 21, 2022 at 4:55 PM Seymour J Metz  wrote:
> >
> > > Yes, SLIP relies on MVS control blocks to locate modules. If there
> > > is no CDE or LPDE then SLIP has not way of locating the module by
> > > name. If you're licensed, you might ask the CICS support people at
> > > IBM how to trace in modules loaded by CICS.
> > >
> > >
> > > --
> > > Shmuel (Seymour J.) Metz
> > > http://mason.gmu.edu/~smetz3
> > >
> > > 
> > > From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on
> > > behalf of venkat rao bandaru [venck...@gmail.com]
> > > Sent: Monday, February 21, 2022 10:34 AM
> > > To: IBM-MAIN@LISTSERV.UA.EDU
> > > Subject: Re: Why SLIP PVTMOD/PVT EP does not work for Private load
> > > modules in CICS
> > >
> > > Yes, that's correct. The modules are loaded by CICS.
> > >
> > > I read somewhere that SLIP scans CDE(Content Directory Entry
> > >  > > >) table for module information. Is it possible, CICS Load does not
> > > add entry to CDE ? This is just my speculation though.
> > >
> > >
> > > On Mon, Feb 21, 2022 at 4:20 PM Seymour J Metz  wrote:
> > >
> > > > I would guess that you're debugging a module that CICS has loaded
> > > > itself rather than loading via MVS contents supervision.
> > > >
> > > >
> > > > --
> > > > Shmuel (Seymour J.) Metz
> > > > http://mason.gmu.edu/~smetz3
> > > >
> > > > 
> > > > From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on
> > > > behalf of venkat rao bandaru [venck...@gmail.com]
> > > > Sent: Monday, February 21, 2022 9:52 AM
> > > > To: IBM-MAIN@LISTSERV.UA.EDU
> > > > Subject: Why SLIP PVTMOD/PVT EP does not work for Private load
> > > > modules in CICS
> > > >
> > > > Greetings!
> > > >
> > > > Can you please share your experience around why SLIP IF/SA with
> > > > PVTMOD/EP would not detect the load module in my CICS region ? Any
> > > > SIT parameters
> > > in
> > > > play ?
> > > >
> > > > SLIP IF/SA with PVTMOD/EP works for load modules in batch jobs.
> > > >
> > > > I have to use RANGE with absolute address to hit the SLIP, which
> > > > is a concern for me. Please share if you have such experience and
> > > > work
> > > arounds.
> > > > Thank you in advance!
> > > >
> > > >
> > > > --
> > > > Best Regards
> > > > *Venkat*
> > > >
> > > > --
> > > >  For IBM-MAIN subscribe / signoff / archive access
> > > > instructions, send email to lists...@listserv.ua.edu with the
> > > > message: INFO IBM-MAIN
> > > >
> > > > --
> > > >  For IBM-MAIN subscribe / signoff / archive access
> > > > instructions, send email to lists...@listserv.ua.edu with the
> > > > message: INFO IBM-MAIN
> > > >
> > >
> > >
> > > --
> > > Best Regards
> > > *Venkat*
> > >
> > > 
> > > -- For IBM-MAIN subscribe / signoff / archive access instructions,
> > > send email to lists...@listserv.ua.edu with the message: INFO
> > > IBM-MAIN
> > >
> > > 
> > > -- For IBM-MAIN subscribe / signoff / archive access instructions,
> > > send email to lists...@listserv.ua.edu with the message: INFO
> > > IBM-MAIN
> > >
> >
> >
> > --
> > Best Regards
> > *Venkat*
> >
> > --
> > For IBM-MAIN subscribe / signoff / archive access instructions, send
> > email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
>
>
> --
> Mike A Schwab, Springfield IL USA
> Where do Forest Rangers go to get away from it all?
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
> lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
> --
> For IBM-MAIN subscribe / signoff / archive

Sv: Why SLIP PVTMOD/PVT EP does not work for Private load modules in CICS

2022-02-21 Thread Lars Höglund 
Debugging?

-Ursprungligt meddelande-
Från: IBM Mainframe Discussion List  För Mike Schwab
Skickat: den 21 februari 2022 18:39
Till: IBM-MAIN@LISTSERV.UA.EDU
Ämne: Re: Why SLIP PVTMOD/PVT EP does not work for Private load modules in CICS

CEMT is the CICS debugging command.

On Mon, Feb 21, 2022 at 4:15 PM venkat rao bandaru  wrote:
>
> Thank you for the information.
>
> On Mon, Feb 21, 2022 at 4:55 PM Seymour J Metz  wrote:
>
> > Yes, SLIP relies on MVS control blocks to locate modules. If there 
> > is no CDE or LPDE then SLIP has not way of locating the module by 
> > name. If you're licensed, you might ask the CICS support people at 
> > IBM how to trace in modules loaded by CICS.
> >
> >
> > --
> > Shmuel (Seymour J.) Metz
> > http://mason.gmu.edu/~smetz3
> >
> > 
> > From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on 
> > behalf of venkat rao bandaru [venck...@gmail.com]
> > Sent: Monday, February 21, 2022 10:34 AM
> > To: IBM-MAIN@LISTSERV.UA.EDU
> > Subject: Re: Why SLIP PVTMOD/PVT EP does not work for Private load 
> > modules in CICS
> >
> > Yes, that's correct. The modules are loaded by CICS.
> >
> > I read somewhere that SLIP scans CDE(Content Directory Entry
> >  > >) table for module information. Is it possible, CICS Load does not 
> > add entry to CDE ? This is just my speculation though.
> >
> >
> > On Mon, Feb 21, 2022 at 4:20 PM Seymour J Metz  wrote:
> >
> > > I would guess that you're debugging a module that CICS has loaded 
> > > itself rather than loading via MVS contents supervision.
> > >
> > >
> > > --
> > > Shmuel (Seymour J.) Metz
> > > http://mason.gmu.edu/~smetz3
> > >
> > > 
> > > From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on 
> > > behalf of venkat rao bandaru [venck...@gmail.com]
> > > Sent: Monday, February 21, 2022 9:52 AM
> > > To: IBM-MAIN@LISTSERV.UA.EDU
> > > Subject: Why SLIP PVTMOD/PVT EP does not work for Private load 
> > > modules in CICS
> > >
> > > Greetings!
> > >
> > > Can you please share your experience around why SLIP IF/SA with 
> > > PVTMOD/EP would not detect the load module in my CICS region ? Any 
> > > SIT parameters
> > in
> > > play ?
> > >
> > > SLIP IF/SA with PVTMOD/EP works for load modules in batch jobs.
> > >
> > > I have to use RANGE with absolute address to hit the SLIP, which 
> > > is a concern for me. Please share if you have such experience and 
> > > work
> > arounds.
> > > Thank you in advance!
> > >
> > >
> > > --
> > > Best Regards
> > > *Venkat*
> > >
> > > --
> > >  For IBM-MAIN subscribe / signoff / archive access 
> > > instructions, send email to lists...@listserv.ua.edu with the 
> > > message: INFO IBM-MAIN
> > >
> > > --
> > >  For IBM-MAIN subscribe / signoff / archive access 
> > > instructions, send email to lists...@listserv.ua.edu with the 
> > > message: INFO IBM-MAIN
> > >
> >
> >
> > --
> > Best Regards
> > *Venkat*
> >
> > 
> > -- For IBM-MAIN subscribe / signoff / archive access instructions, 
> > send email to lists...@listserv.ua.edu with the message: INFO 
> > IBM-MAIN
> >
> > 
> > -- For IBM-MAIN subscribe / signoff / archive access instructions, 
> > send email to lists...@listserv.ua.edu with the message: INFO 
> > IBM-MAIN
> >
>
>
> --
> Best Regards
> *Venkat*
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions, send 
> email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN



--
Mike A Schwab, Springfield IL USA
Where do Forest Rangers go to get away from it all?

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: 2.5 Heads Up

2022-02-21 Thread Mark Jacobs 
I don't remember. I'm no longer working at $previousjob so I don't have access 
to the case I opened at the time.

Mark Jacobs

Sent from ProtonMail, Swiss-based encrypted email.

GPG Public Key - 
https://api.protonmail.ch/pks/lookup?op=get=markjac...@protonmail.com

--- Original Message ---

On Monday, February 21st, 2022 at 1:22 PM, Ed Jaffe 
 wrote:

> On 10/27/2021 8:47 AM, Mark Jacobs wrote:
>
> > We migrated one of our systems to z/OS 2.5 last weekend and immediately 
> > started getting a hard loop during job conversion/interpretation either in 
> > the JES2CIxx or INIT address space depending on your JOBDEF INTERPRET= 
> > setting.
> >
> > The loop could occur with any batch job,but not every batch job. IBM has 
> > found the loop in module IEFNB903 and are looking at it. The looping 
> > condition only occurs if DSENQSHR is enabled for the job. In our case the 
> > JOBCLASS definitions had DSENQSHR=AUTO. Once we changed it to 
> > DSENQSHR=DISALLOW the problem no longer occurred.
>
> We are now seeing this in our z/OS 2.5 JES2 environments. The loop is in
>
> IEFNB903.
>
> Your IBM-MAIN posting was from way back in October. I assumed this would
>
> have been fixed by now.
>
> Did IBM take an APAR?
>
> --
>
> Phoenix Software International
>
> Edward E. Jaffe
>
> 831 Parkview Drive North
>
> El Segundo, CA 90245
>
> https://www.phoenixsoftware.com/
>
> 
>
> This e-mail message, including any attachments, appended messages and the
>
> information contained therein, is for the sole use of the intended
>
> recipient(s). If you are not an intended recipient or have otherwise
>
> received this email message in error, any use, dissemination, distribution,
>
> review, storage or copying of this e-mail message and the information
>
> contained therein is strictly prohibited. If you are not an intended
>
> recipient, please contact the sender by reply e-mail and destroy all copies
>
> of this email message and do not otherwise utilize or retain this email
>
> message or any or all of the information contained therein. Although this
>
> email message and any attachments or appended messages are believed to be
>
> free of any virus or other defect that might affect any computer system into
>
> which it is received and opened, it is the responsibility of the recipient
>
> to ensure that it is virus free and no responsibility is accepted by the
>
> sender for any loss or damage arising in any way from its opening or use.
>
> --
>
> For IBM-MAIN subscribe / signoff / archive access instructions,
>
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: 2.5 Heads Up

2022-02-21 Thread Ed Jaffe 

On 10/27/2021 8:47 AM, Mark Jacobs wrote:

We migrated one of our systems to z/OS 2.5 last weekend and immediately started 
getting a hard loop during job conversion/interpretation either in the JES2CIxx 
or INIT address space depending on your JOBDEF INTERPRET= setting.

The loop could occur with any batch job,but not every batch job. IBM has found 
the loop in module IEFNB903 and are looking at it. The looping condition only 
occurs if DSENQSHR is enabled for the job. In our case the JOBCLASS definitions 
had DSENQSHR=AUTO. Once we changed it to DSENQSHR=DISALLOW the problem no 
longer occurred.


We are now seeing this in our z/OS 2.5 JES2 environments. The loop is in 
IEFNB903.


Your IBM-MAIN posting was from way back in October. I assumed this would 
have been fixed by now.


Did IBM take an APAR?


--
Phoenix Software International
Edward E. Jaffe
831 Parkview Drive North
El Segundo, CA 90245
https://www.phoenixsoftware.com/



This e-mail message, including any attachments, appended messages and the
information contained therein, is for the sole use of the intended
recipient(s). If you are not an intended recipient or have otherwise
received this email message in error, any use, dissemination, distribution,
review, storage or copying of this e-mail message and the information
contained therein is strictly prohibited. If you are not an intended
recipient, please contact the sender by reply e-mail and destroy all copies
of this email message and do not otherwise utilize or retain this email
message or any or all of the information contained therein. Although this
email message and any attachments or appended messages are believed to be
free of any virus or other defect that might affect any computer system into
which it is received and opened, it is the responsibility of the recipient
to ensure that it is virus free and no responsibility is accepted by the
sender for any loss or damage arising in any way from its opening or use.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: XEDIT equivalent to ISPF C - OO/OO (copy overlay)

2022-02-21 Thread Binyamin Dissen 
On Mon, 21 Feb 2022 16:25:05 + Rahim Azizarab
<03f036d88eeb-dmarc-requ...@listserv.ua.edu> wrote:

:>In ISPF you would put X over the line numbers; and on the command line you 
would type  ==>   c ABC XYZ all X
:>It results in changing all occurrences of ABC to XYZ on the lines marked by X 
only.

I am referring to the function where you type C on a line that has the overlay
data and then OO/OO on the group of lines that you wish to overlay. The only
dependence on the data on the OO lines is that it will not replace a
non-blank.

:>On Monday, February 21, 2022, 07:24:39 AM CST, Binyamin Dissen 
 wrote:  
:> 
:> What would the XEDIT equivalent to C OO/OO in ISPF which copies the marked
:>line, only overlaying blank characters the targeted lines? 
:>
:>Sort of applying SET MASK to  a group of existing lines.

--
Binyamin Dissen 
http://www.dissensoftware.com

Director, Dissen Software, Bar & Grill - Israel

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Why SLIP PVTMOD/PVT EP does not work for Private load modules in CICS

2022-02-21 Thread Mike Schwab 
CEMT is the CICS debugging command.

On Mon, Feb 21, 2022 at 4:15 PM venkat rao bandaru  wrote:
>
> Thank you for the information.
>
> On Mon, Feb 21, 2022 at 4:55 PM Seymour J Metz  wrote:
>
> > Yes, SLIP relies on MVS control blocks to locate modules. If there is no
> > CDE or LPDE then SLIP has not way of locating the module by name. If you're
> > licensed, you might ask the CICS support people at IBM how to trace in
> > modules loaded by CICS.
> >
> >
> > --
> > Shmuel (Seymour J.) Metz
> > http://mason.gmu.edu/~smetz3
> >
> > 
> > From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on behalf
> > of venkat rao bandaru [venck...@gmail.com]
> > Sent: Monday, February 21, 2022 10:34 AM
> > To: IBM-MAIN@LISTSERV.UA.EDU
> > Subject: Re: Why SLIP PVTMOD/PVT EP does not work for Private load modules
> > in CICS
> >
> > Yes, that's correct. The modules are loaded by CICS.
> >
> > I read somewhere that SLIP scans CDE(Content Directory Entry
> > )
> > table for module information. Is it possible, CICS Load does not add entry
> > to CDE ? This is just my speculation though.
> >
> >
> > On Mon, Feb 21, 2022 at 4:20 PM Seymour J Metz  wrote:
> >
> > > I would guess that you're debugging a module that CICS has loaded itself
> > > rather than loading via MVS contents supervision.
> > >
> > >
> > > --
> > > Shmuel (Seymour J.) Metz
> > > http://mason.gmu.edu/~smetz3
> > >
> > > 
> > > From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on behalf
> > > of venkat rao bandaru [venck...@gmail.com]
> > > Sent: Monday, February 21, 2022 9:52 AM
> > > To: IBM-MAIN@LISTSERV.UA.EDU
> > > Subject: Why SLIP PVTMOD/PVT EP does not work for Private load modules in
> > > CICS
> > >
> > > Greetings!
> > >
> > > Can you please share your experience around why SLIP IF/SA with PVTMOD/EP
> > > would not detect the load module in my CICS region ? Any SIT parameters
> > in
> > > play ?
> > >
> > > SLIP IF/SA with PVTMOD/EP works for load modules in batch jobs.
> > >
> > > I have to use RANGE with absolute address to hit the SLIP, which is a
> > > concern for me. Please share if you have such experience and work
> > arounds.
> > > Thank you in advance!
> > >
> > >
> > > --
> > > Best Regards
> > > *Venkat*
> > >
> > > --
> > > For IBM-MAIN subscribe / signoff / archive access instructions,
> > > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> > >
> > > --
> > > For IBM-MAIN subscribe / signoff / archive access instructions,
> > > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> > >
> >
> >
> > --
> > Best Regards
> > *Venkat*
> >
> > --
> > For IBM-MAIN subscribe / signoff / archive access instructions,
> > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> >
> > --
> > For IBM-MAIN subscribe / signoff / archive access instructions,
> > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> >
>
>
> --
> Best Regards
> *Venkat*
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN



-- 
Mike A Schwab, Springfield IL USA
Where do Forest Rangers go to get away from it all?

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Why SLIP PVTMOD/PVT EP does not work for Private load modules in CICS

2022-02-21 Thread Binyamin Dissen 
On Mon, 21 Feb 2022 15:52:01 +0100 venkat rao bandaru 
wrote:

:>Can you please share your experience around why SLIP IF/SA with PVTMOD/EP
:>would not detect the load module in my CICS region ? Any SIT parameters in
:>play ?

:>SLIP IF/SA with PVTMOD/EP works for load modules in batch jobs.

:>I have to use RANGE with absolute address to hit the SLIP, which is a
:>concern for me. Please share if you have such experience and work arounds.
:>Thank you in advance!

Do a LOAD HOLD and ask CICS for the address. That, of course, assumes that you
are using CICS services to call the module.

--
Binyamin Dissen 
http://www.dissensoftware.com

Director, Dissen Software, Bar & Grill - Israel

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: XEDIT equivalent to ISPF C - OO/OO (copy overlay)

2022-02-21 Thread Seymour J Metz 
A user-written prefix macro; likely one is floating around. If not, it 
shouldn't be difficult to write one using COVERLAY or OVERLAY to do the heavy 
lifting. You'll need SET PREFIX SYNONYM in your profile.


--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3


From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on behalf of 
Binyamin Dissen [bdis...@dissensoftware.com]
Sent: Monday, February 21, 2022 8:24 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: XEDIT equivalent to ISPF  C - OO/OO (copy overlay)

What would the XEDIT equivalent to C OO/OO in ISPF which copies the marked
line, only overlaying blank characters the targeted lines?

Sort of applying SET MASK to  a group of existing lines.

--
Binyamin Dissen 
http://secure-web.cisco.com/1fff-bap2gq6Qbyy61bg4OZkPrwzPpCNEfcmctsKmeIn6xjaFji9_DpJJpWWIMYY5VIMI6LbTy_VQ5yn4LGPrOKUvO9NeZte2mte_o6LFqmeE31IAjWwrBxXPlMdw-IaySZrVaeAFKTrNx4ZnXoMc9kbZkKJ4r1-IxVybEf71sCyuwA0JFALG1MOzXlJQ5wP2vwqYLhSy9NHtucqO6Sx7eO-UnRqjL6ULT9BUxJ2H6O008tTb7wUEz-2Eu0aHc-OnWfKMPWfyRY4f0gXFx7xKBpjbdPyEYDLvpmU4D22RTFigb3IyWYwUr31EL-h7QtumHz74VZPkWuyB87LlxgYjhu9qv8x0Uko0IL84KyUNM5wpNRP9zL5a7XItWTyXfqZOJHi4kZD5PvOoGcWagfBpbLZxuhR64cGjyCyDarRHfWpaTP2Go1ve8BUVdA63Sd09/http%3A%2F%2Fwww.dissensoftware.com

Director, Dissen Software, Bar & Grill - Israel

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: XEDIT equivalent to ISPF C - OO/OO (copy overlay)

2022-02-21 Thread Rahim Azizarab 
In ISPF you would put X over the line numbers; and on the command line you 
would type  ==>   c ABC XYZ all X
It results in changing all occurrences of ABC to XYZ on the lines marked by X 
only.


regards;

Rahim
 



   

 

On Monday, February 21, 2022, 07:24:39 AM CST, Binyamin Dissen 
 wrote:  
 
 What would the XEDIT equivalent to C OO/OO in ISPF which copies the marked
line, only overlaying blank characters the targeted lines? 

Sort of applying SET MASK to  a group of existing lines.

--
Binyamin Dissen 
http://www.dissensoftware.com

Director, Dissen Software, Bar & Grill - Israel

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
  

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Why SLIP PVTMOD/PVT EP does not work for Private load modules in CICS

2022-02-21 Thread venkat rao bandaru 
Thank you for the information.

On Mon, Feb 21, 2022 at 4:55 PM Seymour J Metz  wrote:

> Yes, SLIP relies on MVS control blocks to locate modules. If there is no
> CDE or LPDE then SLIP has not way of locating the module by name. If you're
> licensed, you might ask the CICS support people at IBM how to trace in
> modules loaded by CICS.
>
>
> --
> Shmuel (Seymour J.) Metz
> http://mason.gmu.edu/~smetz3
>
> 
> From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on behalf
> of venkat rao bandaru [venck...@gmail.com]
> Sent: Monday, February 21, 2022 10:34 AM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: Why SLIP PVTMOD/PVT EP does not work for Private load modules
> in CICS
>
> Yes, that's correct. The modules are loaded by CICS.
>
> I read somewhere that SLIP scans CDE(Content Directory Entry
> )
> table for module information. Is it possible, CICS Load does not add entry
> to CDE ? This is just my speculation though.
>
>
> On Mon, Feb 21, 2022 at 4:20 PM Seymour J Metz  wrote:
>
> > I would guess that you're debugging a module that CICS has loaded itself
> > rather than loading via MVS contents supervision.
> >
> >
> > --
> > Shmuel (Seymour J.) Metz
> > http://mason.gmu.edu/~smetz3
> >
> > 
> > From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on behalf
> > of venkat rao bandaru [venck...@gmail.com]
> > Sent: Monday, February 21, 2022 9:52 AM
> > To: IBM-MAIN@LISTSERV.UA.EDU
> > Subject: Why SLIP PVTMOD/PVT EP does not work for Private load modules in
> > CICS
> >
> > Greetings!
> >
> > Can you please share your experience around why SLIP IF/SA with PVTMOD/EP
> > would not detect the load module in my CICS region ? Any SIT parameters
> in
> > play ?
> >
> > SLIP IF/SA with PVTMOD/EP works for load modules in batch jobs.
> >
> > I have to use RANGE with absolute address to hit the SLIP, which is a
> > concern for me. Please share if you have such experience and work
> arounds.
> > Thank you in advance!
> >
> >
> > --
> > Best Regards
> > *Venkat*
> >
> > --
> > For IBM-MAIN subscribe / signoff / archive access instructions,
> > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> >
> > --
> > For IBM-MAIN subscribe / signoff / archive access instructions,
> > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> >
>
>
> --
> Best Regards
> *Venkat*
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>


-- 
Best Regards
*Venkat*

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

TADz

2022-02-21 Thread Steve Beaver 
I have developed a major hate for TADz and IBM's documentation of the
product.

 

As I read the doc, the only way to tell TADz to leave OMVS/zFS alone is to 

 

PE SUPERUSER.FILESYS.** CLASS(UNIXPRIV) UACC(NONE) and since we
use TSS

TSS PERMIT(*) UNIXPRIV(SUPERUSER.FILESYS.**) ACCESS(NONE) 

 

Guys, Am I missing something.

 

TIA


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Mainframe Update: The death of the mainframe has been grossly exaggerated! | Mainframe Update

2022-02-21 Thread Mohammad Khan 
Why not ... The One True Platform (TM) has a lot of life left in it :)

MKK

On Sun, 20 Feb 2022 19:48:01 +, Bill Johnson  wrote:

>I’ve been laughing for 30 years at the people who said the mainframe was 
>dying. 30 years from now, it will still be processing most of the important 
>transactions.
>
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Why SLIP PVTMOD/PVT EP does not work for Private load modules in CICS

2022-02-21 Thread Seymour J Metz 
Yes, SLIP relies on MVS control blocks to locate modules. If there is no CDE or 
LPDE then SLIP has not way of locating the module by name. If you're licensed, 
you might ask the CICS support people at IBM how to trace in modules loaded by 
CICS.


--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3


From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on behalf of 
venkat rao bandaru [venck...@gmail.com]
Sent: Monday, February 21, 2022 10:34 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Why SLIP PVTMOD/PVT EP does not work for Private load modules in 
CICS

Yes, that's correct. The modules are loaded by CICS.

I read somewhere that SLIP scans CDE(Content Directory Entry
)
table for module information. Is it possible, CICS Load does not add entry
to CDE ? This is just my speculation though.


On Mon, Feb 21, 2022 at 4:20 PM Seymour J Metz  wrote:

> I would guess that you're debugging a module that CICS has loaded itself
> rather than loading via MVS contents supervision.
>
>
> --
> Shmuel (Seymour J.) Metz
> http://mason.gmu.edu/~smetz3
>
> 
> From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on behalf
> of venkat rao bandaru [venck...@gmail.com]
> Sent: Monday, February 21, 2022 9:52 AM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Why SLIP PVTMOD/PVT EP does not work for Private load modules in
> CICS
>
> Greetings!
>
> Can you please share your experience around why SLIP IF/SA with PVTMOD/EP
> would not detect the load module in my CICS region ? Any SIT parameters in
> play ?
>
> SLIP IF/SA with PVTMOD/EP works for load modules in batch jobs.
>
> I have to use RANGE with absolute address to hit the SLIP, which is a
> concern for me. Please share if you have such experience and work arounds.
> Thank you in advance!
>
>
> --
> Best Regards
> *Venkat*
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>


--
Best Regards
*Venkat*

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Why SLIP PVTMOD/PVT EP does not work for Private load modules in CICS

2022-02-21 Thread venkat rao bandaru 
Yes, that's correct. The modules are loaded by CICS.

I read somewhere that SLIP scans CDE(Content Directory Entry
)
table for module information. Is it possible, CICS Load does not add entry
to CDE ? This is just my speculation though.


On Mon, Feb 21, 2022 at 4:20 PM Seymour J Metz  wrote:

> I would guess that you're debugging a module that CICS has loaded itself
> rather than loading via MVS contents supervision.
>
>
> --
> Shmuel (Seymour J.) Metz
> http://mason.gmu.edu/~smetz3
>
> 
> From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on behalf
> of venkat rao bandaru [venck...@gmail.com]
> Sent: Monday, February 21, 2022 9:52 AM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Why SLIP PVTMOD/PVT EP does not work for Private load modules in
> CICS
>
> Greetings!
>
> Can you please share your experience around why SLIP IF/SA with PVTMOD/EP
> would not detect the load module in my CICS region ? Any SIT parameters in
> play ?
>
> SLIP IF/SA with PVTMOD/EP works for load modules in batch jobs.
>
> I have to use RANGE with absolute address to hit the SLIP, which is a
> concern for me. Please share if you have such experience and work arounds.
> Thank you in advance!
>
>
> --
> Best Regards
> *Venkat*
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>


-- 
Best Regards
*Venkat*

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Why SLIP PVTMOD/PVT EP does not work for Private load modules in CICS

2022-02-21 Thread Seymour J Metz 
I would guess that you're debugging a module that CICS has loaded itself rather 
than loading via MVS contents supervision.


--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3


From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on behalf of 
venkat rao bandaru [venck...@gmail.com]
Sent: Monday, February 21, 2022 9:52 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Why SLIP PVTMOD/PVT EP does not work for Private load modules in CICS

Greetings!

Can you please share your experience around why SLIP IF/SA with PVTMOD/EP
would not detect the load module in my CICS region ? Any SIT parameters in
play ?

SLIP IF/SA with PVTMOD/EP works for load modules in batch jobs.

I have to use RANGE with absolute address to hit the SLIP, which is a
concern for me. Please share if you have such experience and work arounds.
Thank you in advance!


--
Best Regards
*Venkat*

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: creating a python login module

2022-02-21 Thread Colin Paice 
Erik,

Do you need to specify a password?

Could you define a RACF profile  instead, and use RACF  check to see if the
userid has access to that profile?
I dont think there is a Callable function for it, but you could write some
glue code to call an assembler routine to do a RACROUTE call.

You could use an existing class, such as APP.
I dont think it needs to be APF authorised... but you would need to check
this.

Colin

On Mon, 21 Feb 2022 at 12:39, Erik Janssen  wrote:

> Hello List,
>
> We are creating some APIs with python flask running on z/os (some in
> combination with z open automation utilities in order to drive existing
> rexx / ispf edit macro logic) and that is looking very promising. In order
> to properly protect those APIs I am trying to create a authorization API,
> that would call a module that can verify a RACF user/password/appl
> combination so that it can return a token with which - for some time - you
> can then call the actual API's. I've managed to create an assembler DLL
> that works with that principe, calling the neccessary RACROUTE's. But,
> since this module needs APF authorisation I can only see a way to call the
> module as a subprocess through an - apf authorized - c main wrapper
> program. In this case it will return the SAF RC and the actual wto message
> as stdout. But, specifying a password this way as a cmdline parm means that
> it would show up in ps screen in SDSF for example.
> Loading the assembler DLL in python through CDLL technically works, but
> actually will get a S683 abend, since it lost its APF authorisation.
> My idea was that the module will check if the caller is authorized to
> actually check the specified user/password by some custom racf profile, so
> that I can prevent it from generally being allowed to check all
> user/password combinations.
> Apart from the obvious risks involved in APF authorized routines, giving
> this principe that I would like to create a routine that - in a controlled
> way - could do password checking for unauthorized callers, what options are
> there to do so?
> As far as I can see, the only option would be to provide some PC routine,
> with a unauthorized stub that can call the authorized running PC 'backend',
> but I'm not even sure if that would be a proper way to use a PC routine
> (let alone the fact if I would ever manage to - securely - create one).
>
> Kind regards,
> Erik.
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Why SLIP PVTMOD/PVT EP does not work for Private load modules in CICS

2022-02-21 Thread venkat rao bandaru 
Greetings!

Can you please share your experience around why SLIP IF/SA with PVTMOD/EP
would not detect the load module in my CICS region ? Any SIT parameters in
play ?

SLIP IF/SA with PVTMOD/EP works for load modules in batch jobs.

I have to use RANGE with absolute address to hit the SLIP, which is a
concern for me. Please share if you have such experience and work arounds.
Thank you in advance!


-- 
Best Regards
*Venkat*

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: creating a python login module

2022-02-21 Thread Jeremy Nicoll 
On Mon, 21 Feb 2022, at 12:38, Erik Janssen wrote:
> Hello List,
>
> We are creating some APIs with python flask running on z/os (some in 
> combination with z open automation utilities in order to drive existing 
> rexx / ispf edit macro logic) and that is looking very promising. In 
> order to properly protect those APIs I am trying to create a 
> authorization API ...

A long time ago I wrote an ispf dialog, using rexx and edit macros, and
had to control what options users could pick within that.  I used a small
assembler program to check (in our case) ACF2 resource rules.  However
a determined user could have worked around that, eg by editing control
files (which the edit macros normally updated) by hand, perhaps in a 
split-screen while the user-facing dialog was running, so at that stage in
the system those rules were really just guiding what a user could try to
do.

At points in the ispf dialog, it issued WTOs which SA/390 automation 
responded to (if they came from people entitled to issue them). It'd 
start started tasks with suitable parameters, to pick up the just-edited
request files and do stuff.  

The WTOs said in them which user was making a request, but that was
a deliberate trap; obviously SA/390 knew who'd run the program that
issued the WTOs.  If that wasn't the named-userid we'd know at once
that someone was trying to beat the system.

The started tasks re-checked the resource rules to determine whether
the things being asked for were actually allowed.  Whereas "clever" 
users could have got around the dialog-controlled stuff, they couldn't
change what the STC would do. 

Depending on what your system does you may need some similar logic.

-- 
Jeremy Nicoll - my opinions are my own.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

XEDIT equivalent to ISPF C - OO/OO (copy overlay)

2022-02-21 Thread Binyamin Dissen 
What would the XEDIT equivalent to C OO/OO in ISPF which copies the marked
line, only overlaying blank characters the targeted lines? 

Sort of applying SET MASK to  a group of existing lines.

--
Binyamin Dissen 
http://www.dissensoftware.com

Director, Dissen Software, Bar & Grill - Israel

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: creating a python login module

2022-02-21 Thread David Crayford 
https://github.com/zowe/sample-spring-boot-api-service/blob/master/zowe-rest-api-sample-spring/docs/zos-security.md

> On 21 Feb 2022, at 9:18 pm, David Crayford  wrote:
> 
> There is a sample Zowe Spring Boot micro service that can stand alone with 
> no external Zowe dependencies which you can use to decouple access 
> control/authentication from your application. 
> 
>> On 21 Feb 2022, at 9:08 pm, David Crayford  wrote:
>> 
>> You can do all of that in C code using the __passwd() and 
>> __check_resource_auth_np library functions. You will need to be program 
>> controlled which means Python and it's runtime will also need to be platform 
>> controlled. Most modern services do this using an API like the Zowe 
>> authenication API. If you're writing a web application in Flask you should 
>> consider using JWTs. If it were me, I would prefer to use a Spring Boot Java 
>> application instead of Python. There is a much richer set of SAF APIs and 
>> the entire Java JRE is program controlled.
>> 
 On 21/2/22 8:38 pm, Erik Janssen wrote:
>>> Hello List,
>>> 
>>> We are creating some APIs with python flask running on z/os (some in 
>>> combination with z open automation utilities in order to drive existing 
>>> rexx / ispf edit macro logic) and that is looking very promising. In order 
>>> to properly protect those APIs I am trying to create a authorization API, 
>>> that would call a module that can verify a RACF user/password/appl 
>>> combination so that it can return a token with which - for some time - you 
>>> can then call the actual API's. I've managed to create an assembler DLL 
>>> that works with that principe, calling the neccessary RACROUTE's. But, 
>>> since this module needs APF authorisation I can only see a way to call the 
>>> module as a subprocess through an - apf authorized - c main wrapper 
>>> program. In this case it will return the SAF RC and the actual wto message 
>>> as stdout. But, specifying a password this way as a cmdline parm means that 
>>> it would show up in ps screen in SDSF for example.
>>> Loading the assembler DLL in python through CDLL technically works, but 
>>> actually will get a S683 abend, since it lost its APF authorisation.
>>> My idea was that the module will check if the caller is authorized to 
>>> actually check the specified user/password by some custom racf profile, so 
>>> that I can prevent it from generally being allowed to check all 
>>> user/password combinations.
>>> Apart from the obvious risks involved in APF authorized routines, giving 
>>> this principe that I would like to create a routine that - in a controlled 
>>> way - could do password checking for unauthorized callers, what options are 
>>> there to do so?
>>> As far as I can see, the only option would be to provide some PC routine, 
>>> with a unauthorized stub that can call the authorized running PC 'backend', 
>>> but I'm not even sure if that would be a proper way to use a PC routine 
>>> (let alone the fact if I would ever manage to - securely - create one).
>>> 
>>> Kind regards,
>>> Erik.
>>> 
>>> --
>>> For IBM-MAIN subscribe / signoff / archive access instructions,
>>> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: creating a python login module

2022-02-21 Thread David Crayford 
There is a sample Zowe Spring Boot micro service that can stand alone with no 
external Zowe dependencies which you can use to decouple access 
control/authentication from your application. 

> On 21 Feb 2022, at 9:08 pm, David Crayford  wrote:
> 
> You can do all of that in C code using the __passwd() and 
> __check_resource_auth_np library functions. You will need to be program 
> controlled which means Python and it's runtime will also need to be platform 
> controlled. Most modern services do this using an API like the Zowe 
> authenication API. If you're writing a web application in Flask you should 
> consider using JWTs. If it were me, I would prefer to use a Spring Boot Java 
> application instead of Python. There is a much richer set of SAF APIs and the 
> entire Java JRE is program controlled.
> 
>> On 21/2/22 8:38 pm, Erik Janssen wrote:
>> Hello List,
>> 
>> We are creating some APIs with python flask running on z/os (some in 
>> combination with z open automation utilities in order to drive existing rexx 
>> / ispf edit macro logic) and that is looking very promising. In order to 
>> properly protect those APIs I am trying to create a authorization API, that 
>> would call a module that can verify a RACF user/password/appl combination so 
>> that it can return a token with which - for some time - you can then call 
>> the actual API's. I've managed to create an assembler DLL that works with 
>> that principe, calling the neccessary RACROUTE's. But, since this module 
>> needs APF authorisation I can only see a way to call the module as a 
>> subprocess through an - apf authorized - c main wrapper program. In this 
>> case it will return the SAF RC and the actual wto message as stdout. But, 
>> specifying a password this way as a cmdline parm means that it would show up 
>> in ps screen in SDSF for example.
>> Loading the assembler DLL in python through CDLL technically works, but 
>> actually will get a S683 abend, since it lost its APF authorisation.
>> My idea was that the module will check if the caller is authorized to 
>> actually check the specified user/password by some custom racf profile, so 
>> that I can prevent it from generally being allowed to check all 
>> user/password combinations.
>> Apart from the obvious risks involved in APF authorized routines, giving 
>> this principe that I would like to create a routine that - in a controlled 
>> way - could do password checking for unauthorized callers, what options are 
>> there to do so?
>> As far as I can see, the only option would be to provide some PC routine, 
>> with a unauthorized stub that can call the authorized running PC 'backend', 
>> but I'm not even sure if that would be a proper way to use a PC routine (let 
>> alone the fact if I would ever manage to - securely - create one).
>> 
>> Kind regards,
>> Erik.
>> 
>> --
>> For IBM-MAIN subscribe / signoff / archive access instructions,
>> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: creating a python login module

2022-02-21 Thread Erik Janssen 
Hello David,

The __passwd() was our initial approach, but making python program controlled 
is probably(?) not a good way to go, at least it is not delivered as being 
program controlled. I guess that makes sense for an interpreted language.
The returned token itself is a basically a JWT if I recall correctly, but I 
liked to have the 'authorization service' part of it to be natively running on 
z/os / talking to RACF.

Kind regards,
Erik.

On Mon, 21 Feb 2022 21:08:37 +0800, David Crayford  wrote:

>You can do all of that in C code using the __passwd() and
>__check_resource_auth_np library functions. You will need to be program
>controlled which means Python and it's runtime will also need to be
>platform controlled. Most modern services do this using an API like the
>Zowe authenication API. If you're writing a web application in Flask you
>should consider using JWTs. If it were me, I would prefer to use a
>Spring Boot Java application instead of Python. There is a much richer
>set of SAF APIs and the entire Java JRE is program controlled.
>
]

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: creating a python login module

2022-02-21 Thread David Crayford 
You can do all of that in C code using the __passwd() and 
__check_resource_auth_np library functions. You will need to be program 
controlled which means Python and it's runtime will also need to be 
platform controlled. Most modern services do this using an API like the 
Zowe authenication API. If you're writing a web application in Flask you 
should consider using JWTs. If it were me, I would prefer to use a 
Spring Boot Java application instead of Python. There is a much richer 
set of SAF APIs and the entire Java JRE is program controlled.


On 21/2/22 8:38 pm, Erik Janssen wrote:

Hello List,

We are creating some APIs with python flask running on z/os (some in 
combination with z open automation utilities in order to drive existing rexx / 
ispf edit macro logic) and that is looking very promising. In order to properly 
protect those APIs I am trying to create a authorization API, that would call a 
module that can verify a RACF user/password/appl combination so that it can 
return a token with which - for some time - you can then call the actual API's. 
I've managed to create an assembler DLL that works with that principe, calling 
the neccessary RACROUTE's. But, since this module needs APF authorisation I can 
only see a way to call the module as a subprocess through an - apf authorized - 
c main wrapper program. In this case it will return the SAF RC and the actual 
wto message as stdout. But, specifying a password this way as a cmdline parm 
means that it would show up in ps screen in SDSF for example.
Loading the assembler DLL in python through CDLL technically works, but 
actually will get a S683 abend, since it lost its APF authorisation.
My idea was that the module will check if the caller is authorized to actually 
check the specified user/password by some custom racf profile, so that I can 
prevent it from generally being allowed to check all user/password combinations.
Apart from the obvious risks involved in APF authorized routines, giving this 
principe that I would like to create a routine that - in a controlled way - 
could do password checking for unauthorized callers, what options are there to 
do so?
As far as I can see, the only option would be to provide some PC routine, with 
a unauthorized stub that can call the authorized running PC 'backend', but I'm 
not even sure if that would be a proper way to use a PC routine (let alone the 
fact if I would ever manage to - securely - create one).

Kind regards,
Erik.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

creating a python login module

2022-02-21 Thread Erik Janssen 
Hello List,

We are creating some APIs with python flask running on z/os (some in 
combination with z open automation utilities in order to drive existing rexx / 
ispf edit macro logic) and that is looking very promising. In order to properly 
protect those APIs I am trying to create a authorization API, that would call a 
module that can verify a RACF user/password/appl combination so that it can 
return a token with which - for some time - you can then call the actual API's. 
I've managed to create an assembler DLL that works with that principe, calling 
the neccessary RACROUTE's. But, since this module needs APF authorisation I can 
only see a way to call the module as a subprocess through an - apf authorized - 
c main wrapper program. In this case it will return the SAF RC and the actual 
wto message as stdout. But, specifying a password this way as a cmdline parm 
means that it would show up in ps screen in SDSF for example. 
Loading the assembler DLL in python through CDLL technically works, but 
actually will get a S683 abend, since it lost its APF authorisation. 
My idea was that the module will check if the caller is authorized to actually 
check the specified user/password by some custom racf profile, so that I can 
prevent it from generally being allowed to check all user/password combinations.
Apart from the obvious risks involved in APF authorized routines, giving this 
principe that I would like to create a routine that - in a controlled way - 
could do password checking for unauthorized callers, what options are there to 
do so?
As far as I can see, the only option would be to provide some PC routine, with 
a unauthorized stub that can call the authorized running PC 'backend', but I'm 
not even sure if that would be a proper way to use a PC routine (let alone the 
fact if I would ever manage to - securely - create one).

Kind regards,
Erik.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN