PI51272: WMQ CSQN207I CSQN203I MQRC=2035 (MQRC_NOT_AUTHORIZED) RETURNED FOR DISPLAY CHLAUTH(*) INCORRECTLY USING MQ MSTR USERID

Obtain the fix for this APAR.

APAR status

• Closed as program error.

Error description

• You issue command DIS CHLAUTH(*) for a queue that is not
  defined.  You expect a return code of MQRC 2085.  However,
  MQRC 2035 ( MQRC_NOT_AUTHORIZED ) is returned.
  CSQN207I +CSQ1 COMMAND SERVER UNABLE TO OPEN REPLY TO QUEUE
  CSQN203I +CSQ1 QUEUE SYSTEM.MQSC.REPLY....., MQCC=2 MQRC=2035
  .
  The userid of the MQ MSTR, CSQ1MSTR is incorrectly being checked
  for authorization rather than the client userid.
  

Local fix

Problem summary

• ****************************************************************
  * USERS AFFECTED: All users of WebSphere MQ for z/OS Version 8 *
  *                 Release 0 Modification 0.                    *
  ****************************************************************
  * PROBLEM DESCRIPTION: A security error (e.g. ICH408I) is      *
  *                      issued when a client application        *
  *                      (for example, runmqsc or MQ Explorer)   *
  *                      issues DISPLAY CHLAUTH or SET CHLAUTH   *
  *                      and the queue manager userid does not   *
  *                      have authority to open the reply queue. *
  *                      The client application receives no      *
  *                      response to the issued command.         *
  ****************************************************************
  * RECOMMENDATION:                                              *
  ****************************************************************
  When a client application connects to the queue manager and
  issues commands to the queue manager, the commands are
  run under the user associated with the client connection, and
  the response is put to the reply queue using the same userid.
  However, if the command is DISPLAY CHLAUTH or SET CHLAUTH and
  the processing of the command results in
  SYSTEM.CHLAUTH.DATA.QUEUE being opened, the user associated
  with the connection is temporarily changed to the queue manager
  userid, and this is used to open the reply queue instead of
  the client's userid.
  If the queue manager userid does not have authority to open
  the response queue, a security error occurs, and no response
  is received by the client application.
  

Problem conclusion

• DISPLAY CHLAUTH and SET CHLAUTH processing are corrected to use
  the correct userid when opening the reply queue to put the
  command response.
  000Y
  CSQMDCA
  CSQMSCA
  

Temporary fix

Comments

APAR Information

• APAR is sysrouted FROM one or more of the following:

• APAR is sysrouted TO one or more of the following:

  UI33148

Modules/Macros

• CSQMDCA  CSQMSCA
  

Fix information

• Fixed component name

  WMQ Z/OS 8

• Fixed component ID

  5655W9700

Applicable component levels

• R000 PSY UI33148

     UP16/01/08 P F601

Fix is available

• Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.