RACROUTE REQUEST=DIRAUTH: Directed authorization check of security classification

This service compares two security labels. The security labels may be passed directly, or as part of an ACEE or UTOKEN. The class name determines the type of comparison made between the security labels, unless the TYPE parameter is specified. Note that the security labels should be obtained from the same system since a SECLABEL name may not represent the same security classification on different systems. Components that need to compare security labels for equality may do a check for an exact match without issuing this macro.

The message-transmission managers (that is, VTAM®, TSO/E, and Session Manager) use the RACROUTE REQUEST=DIRAUTH macro with RTOKEN specified to ensure that the receiver of a message, represented by the ACEE of the current address space, meets security-label authorization requirements. That is, the security label of the receiver of the message must dominate (be equal to or higher than) the security label of the message. When invoked as these managers do, with just the RTOKEN or just the RTOKEN and LOG keywords specified, if the security label of the receiver does not dominate the security label of the message, DIRAUTH performs additional processing to determine if the receiver has access to any security label that could dominate the message.

To use this service, you must specify RELEASE=1.9 or a later release number.

The caller of RACROUTE REQUEST=DIRAUTH must be authorized (APF-authorized, in system key 0–7, or in supervisor state).

The caller cannot hold any locks when issuing RACROUTE REQUEST=DIRAUTH.

This request is SRB-mode compatible. When issuing RACROUTE REQUEST=DIRAUTH in SRB mode, you must ensure that the jobstep task pointed to by the ASCBXTCB field in the target address space is active when you schedule the SRB and that it remains active until the SRB completes.

Note: In order to ensure that the SRB does not run after the ASCBXTCB task completes, you must enable purgeDQ to deal with that SRB. In particular:

If using SCHEDULE, SRBPASID must be set to the ASID, and SRBPTCB must be set to the contents of ASCBXTCB.
If using IEAMSCHD, PURGESTOKEN must be specified with the STOKEN of the space, and PTCBADDR must be specified with the contents of ASCBXTCB.

When the task terminates, the purgeDQ issued causes the SRB's resource manager termination routine (RMTR) to be driven if the SRB has not begun to run, or waits for the SRB to complete if the SRB has begun to run.

RACROUTE REQUEST=DIRAUTH can also be invoked from a cross memory environment, when in task or SRB mode. The ACEE used for authorization checking must reside in the HOME address space (unless ACEEALET specifies a different address space). Callers in cross-memory mode must be in supervisor state. RACROUTE REQUEST=DIRAUTH interrogates the setting of SETR MLS during dominance checking for ACCESS=READWRITE and ACCESS=WRITE to determine if write-down is allowed on the system. It does not support WARNING mode for SETR MLS and will process write-down violations as failures. RACROUTE REQUEST=DIRAUTH does not check whether or not security labels are required, nor does it always bypass security label checking if the ACEE indicates trusted or privileged authority. If a full authorization check, including the checking of security labels, is needed then RACROUTE REQUEST=AUTH, RACROUTE REQUEST=FASTAUTH, or the ck_access callable service should be used.