Parameters

work_area

2048 bytes, doubleword aligned. Used as internal storage by IRRENS00.

function_code

Fullword; input:

X'00000000': Keep-Controlled
X'00000001': Mark-Uncontrolled
X'00000002': Reset Keep-Controlled
X'00000003': Mark file system
X'00000004': Query

function_flag

Fullword; input:

For Mark-Uncontrolled:

X'00000000': IRRENS00 should issue WTO on failure.
X'00000001': IRRENS00 should not issue WTO.
X'80000000': Request by z/OS UNIX for file system control.

For Keep-Controlled:

X'80000000': Request by z/OS UNIX.
X'40000000': Request by RACF®.
Note:: One, and only one, of the above flags must be on.
X'00000000': IRRENS00 should issue WTO on failure.
X'00000001': IRRENS00 should not issue WTO.
X'00000002': Only z/OS® UNIX mark-uncontrolled should be checked before marking keep-controlled.
X'00000004': Indicates that RACF should determine whether ENHANCED program security is in effect for this job, and if so RACF should determine whether the execution environment was established by a MAIN program or not. If not, RACF either fails the request or sets a warning with return and reason codes. Additionally, RACF should issue appropriate messages, including those saved from a prior call to IRRENS00.

For Reset Keep-Controlled:

X'80000000': Reset the z/OS UNIX keep-controlled flag and clear the related saved message.
X'40000000': Reset the RACF keep-controlled flag and clear the related saved message.
X'20000000': Clear any message saved for a previous mark-uncontrolled function, and reset the z/OS UNIX mark-uncontrolled flag.
Note: At least one of the above flags must be on.

For Mark file system:

X'80000000': Indicates a call from z/OS UNIX System Services.
Note: The above flag must be on.

For Query:

X'00000000': Both RACF state and z/OS UNIX state are checked.

X'00000002': Only z/OS UNIX state is checked; RACF state is not checked.

return_code

Fullword; output. See Note below.

reason_code

Fullword; output. See Note below.

message_block

Fullword length of text, followed by the text input, or zero for reset keep-controlled and query.

Note: The fullword must be non-zero and message text must be provided for the keep-controlled and mark-uncontrolled functions. The maximum message text length allowed is 250. The fullword must be 0 for the reset keep-controlled and query functions.

For keep-controlled and mark-uncontrolled, the caller uses this parameter to provide a message indicating the reason for the request. The first character of the message must not be a blank. The message must begin with a message ID (such as BPXnnnI or ICHnnnI), followed by a blank. When the message is displayed, a maximum of 71 characters appear on each line of the display. If a blank does not appear in column 71 or column 72, the message text is split to a new line at the preceding blank. The caller providing the message must document it. Message text must be uppercase, must contain only alphanumeric and national characters, and should be NLS-compliant.

A copy of the message provided by the caller is saved and IRRENS00 issues this message, among others, during failing keep-controlled requests or failing mark-uncontrolled requests. The messages are issued with descriptor code 6 and routing codes 9 and 11, directing them to the security console and the programmer.

The caller is not responsible for deleting the saved copy of the messages. Saved messages are cleared and their storage released by the Reset Keep-Controlled function when the corresponding keep-controlled indicator is reset. IRRENS00 is responsible for ensuring that the storage used to contain the saved messages is released appropriately when no longer needed.