APAR status
Closed as program error.
Error description
A channel receives an asserted client user id of 12 characters in length and also an MQCSP set of credentials with a shorter user id. On successful validation, the channel adopts the MQCSP set of credentials but channel status reports the short user id with trailing garbage from the asserted user id. Subsequent multiplexed connections using the same channel instance fail to connect with 2035 (MQRC_NOT_AUTHORIZED) and "AMQ8075: Authorization failed" is reported in the queue manager error logs.
Local fix
Problem summary
**************************************************************** USERS AFFECTED: Any users changing the MCAUSER for a SVRCONN channel agent on Windows, for example using a security exit, CHLAUTH rules or CONNAUTH ADOPTCTX(YES). Platforms affected: Windows **************************************************************** PROBLEM DESCRIPTION: If the MCAUSER of a SVRCONN channel agent is altered by security exit, a CHLAUTH rule or CONNAUTH with ADOPTCTX(YES) and the value of the new user id is shorter that the previous user id (typically asserted by the client), trailing characters from the previous user id can corrupt the new user id value. When this occurs, channel status reports a corrupted user id and and any subsequent multiplexed connections from the same connection will fail.
Problem conclusion
The logic error that existed replacing the user id is corrected. --------------------------------------------------------------- The fix is targeted for delivery in the following PTFs: Version Maintenance Level v9.0 LTS 9.0.0.8 v9.1 CD 9.1.3 v9.1 LTS 9.1.0.3 The latest available maintenance can be obtained from 'WebSphere MQ Recommended Fixes' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037 If the maintenance level is not yet available information on its planned availability can be found in 'WebSphere MQ Planned Maintenance Release Dates' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309 ---------------------------------------------------------------
Temporary fix
Comments
APAR Information
APAR number
IT29237
Reported component name
IBM MQ BASE M/P
Reported component ID
5724H7261
Reported release
900
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2019-05-23
Closed date
2019-06-10
Last modified date
2019-06-10
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
IBM MQ BASE M/P
Fixed component ID
5724H7261
Applicable component levels
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"9.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
10 June 2019