A fix is available
APAR status
Closed as program error.
Error description
You issue command DIS CHLAUTH(*) for a queue that is not defined. You expect a return code of MQRC 2085. However, MQRC 2035 ( MQRC_NOT_AUTHORIZED ) is returned. CSQN207I +CSQ1 COMMAND SERVER UNABLE TO OPEN REPLY TO QUEUE CSQN203I +CSQ1 QUEUE SYSTEM.MQSC.REPLY....., MQCC=2 MQRC=2035 . The userid of the MQ MSTR, CSQ1MSTR is incorrectly being checked for authorization rather than the client userid.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All users of WebSphere MQ for z/OS Version 8 * * Release 0 Modification 0. * **************************************************************** * PROBLEM DESCRIPTION: A security error (e.g. ICH408I) is * * issued when a client application * * (for example, runmqsc or MQ Explorer) * * issues DISPLAY CHLAUTH or SET CHLAUTH * * and the queue manager userid does not * * have authority to open the reply queue. * * The client application receives no * * response to the issued command. * **************************************************************** * RECOMMENDATION: * **************************************************************** When a client application connects to the queue manager and issues commands to the queue manager, the commands are run under the user associated with the client connection, and the response is put to the reply queue using the same userid. However, if the command is DISPLAY CHLAUTH or SET CHLAUTH and the processing of the command results in SYSTEM.CHLAUTH.DATA.QUEUE being opened, the user associated with the connection is temporarily changed to the queue manager userid, and this is used to open the reply queue instead of the client's userid. If the queue manager userid does not have authority to open the response queue, a security error occurs, and no response is received by the client application.
Problem conclusion
DISPLAY CHLAUTH and SET CHLAUTH processing are corrected to use the correct userid when opening the reply queue to put the command response. 000Y CSQMDCA CSQMSCA
Temporary fix
Comments
APAR Information
APAR number
PI51272
Reported component name
WMQ Z/OS 8
Reported component ID
5655W9700
Reported release
000
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2015-10-27
Closed date
2015-11-20
Last modified date
2016-02-01
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UI33148
Modules/Macros
CSQMDCA CSQMSCA
Fix information
Fixed component name
WMQ Z/OS 8
Fixed component ID
5655W9700
Applicable component levels
R000 PSY UI33148
UP16/01/08 P F601
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
01 February 2016