A fix is available
APAR status
Closed as program error.
Error description
An application issues an EXEC CICS VERIFY PASSWORD command which causes DFHESN to call DFHUSAD for new function VERIFY_PASSWORD. DFHUSAD invokes DFHXSPW for function INQUIRE_PASSWORD_DATA which invokes DFHXSSB to call the external security manager (ESM). The ESM fails the request with return codes of: . SAF_RESPONSE(8) SAF_REASON(0) ESM_RESPONSE(30) ESM_REASON(0) . The return codes mean 'not authorized to the port of entry' . Although the return codes are valid, they are not expected by DFHXSSB so an exception is raised for UNKNOWN_ESM_RESPONSE. . Trace shows: . XS FE04 XSSB *EXC* FUNCTION(INQUIRE_PASSWORD_DATA) RESPONSE(EXCEPTION) REASON(UNKNOWN_ESM_RESPONSE) SAF_RESPONSE(8) SAF_REASON(0) ESM_RESPONSE(30) ESM_REASON(0) FASTPATH_AUTH(NO) . DFHESN is eventually returned to for handling of the EXCEPTION response. However, DFHESN checks for XSPW_UNKNOWN_ESM_ERROR (as it did in earlier releases when DFHXSPW was used for the INQUIRE_PASSWORD_DATA function) and should be checking for USAD_UNKNOWN_ESM_RESPONSE. Because DFHESN is unable to map XSPW_UNKNOWN_ESM_ERROR to proper EIBRESP and EIBRESP2 values, he abends with AEXZ abend code. DFHESN should return to the application, EIBRESP=16 (INVREQ) and EIBRESP2=13 (unknown return code from the ESM). Additional Symptom(s) Search Keyword(s): KIXREVRJL
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All CICS users * **************************************************************** * PROBLEM DESCRIPTION: EXEC CICS VERIFY PASSWORD fails with * * ABENDAEXZ for an unknown return code * * in ESMRESP from the ESM. * **************************************************************** * RECOMMENDATION: * **************************************************************** An EXEC CICS VERIFY PASSWORD is issued which fails a RACROUTE VERIFYX call with an ESM response of X'30'. CICS has no specific error handling for this type of error so DFHUSAD returns an exception of USAD_UNKNOWN_ESM_RESPONSE to DFHESN. DFHESN should fail the EXEC CICS VERIFY PASSWORD command with an INVREQ with RESP2=13. However, DFHESN fails to handle the USAD_UNKNOWN_ESM_RESPONSE correctly and issues abend AEXZ.
Problem conclusion
DFHESN has been changed to return INVREQ with RESP2=13 when an EXEC CICS VERIFY PASSWORD call fails with a USAD_UNKNOWN_ESM_RESPONSE exception.
Temporary fix
********* * HIPER * ********* FIX AVAILABLE BY PTF ONLY
Comments
APAR Information
APAR number
PI25180
Reported component name
CICS TS Z/OS V5
Reported component ID
5655Y0400
Reported release
800
Status
CLOSED PER
PE
NoPE
HIPER
YesHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2014-09-05
Closed date
2014-09-24
Last modified date
2015-03-19
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UI21740 UI21741
Modules/Macros
DFHESN
Fix information
Fixed component name
CICS TS Z/OS V5
Fixed component ID
5655Y0400
Applicable component levels
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]
Document Information
Modified date:
01 May 2020