IBM Support

PM17911: CICSECX1 IS NOT BEING CALLED IN A VSE ENVIRONMENT

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • You are using REXX for CICS feature's IMPORT/EXPORT commands
    which provide access to VSE Library Members.  User level
    security is bypassed when accessing libraries in this manner.
    CICIEXM does not call CICSECX1 for VSE library members.
    Additional Symptom(s) Search Keyword(s):
    KIXREVSVR
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED: All CICS users.                              *
    ****************************************************************
    * PROBLEM DESCRIPTION: Enable the REXX/CICS library member     *
    *                      security exit CICSECX1.                 *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    The REXX/CICS security exit CICSECX1 that exists in CICS TS
    for z/OS is not supported in CICS TS for VSE/ESA.
    

Problem conclusion

  • This APAR activates the CICSECX1 exit to enable a security
    check for VSE library member access by the CONVTMAP, EDIT,
    EXPORT, GETLIB and IMPORT commands.
    
    The updated CICSECX1 sample and phase will not perform a
    security check, and hence will provide full compatibility
    with the mode of operation that existed prior to this
    APAR.
    
    The COMMAREA passed to CICSECX1 is not fully compatible with
    the  version used for CICS TS for z/OS due to the different
    requirements that are needed for a VSE library member check.
    It is also designed to provide the necessary operands for an
    EXEC CICS QUERY SECURITY RESCLASS(VSEMEM) RESIDLENGTH() RESID()
    command.
    
    This APAR adds new return code values for each of the above
    commands.
    
    Please note that the new version of CICESVR is distributed as
    CICESVR.Z, and must be renamed or copied as CICESVR.PROC
    before it can be used by REXX/CICS.
    
    The CICS TS for VSE/ESA Rexx Guide SC34-5764-00 has been
    changed to document the result of enabling CICSECX1.
    
    Chapter 18
    
    18.5.19 GETLIB page 285
    
    18.5.19.2 Return Codes
    
    237 CICSECX1 Link error
    238 CICSECX1 return code was invalid
    
    Chapter 25
    
    25.6 CONVTMAP page 377.
    
    25.6.1.2 Return Codes
    
    1736 CICSECX1 Link error
    1744 Not authorized
    1747 CICSECX1 return code was invalid
    
    25.14 EDIT page 392
    
    25.14.1.2 Return Codes
    
    204 Not authorized
    237 CICSECX1 Link error
    238 CICSECX1 return code was invalid
    
    25.20 EXPORT page 401
    
    25.20.1.2 Return Codes
    
    1736 Unexpected CICS error, this may be due to
         a CICSECX1 Link error
    1744 Not authorized
    1747 CICSECX1 return code was invalid
    
    25.25 IMPORT page 407
    
    25.25.1.2 Return Codes
    
    1736 Unexpected CICS error, this may be due to
         a CICSECX1 Link error
    1744 Not authorized
    1747 CICSECX1 return code was invalid
    
    Appendix B Return Codes
    
    B.1.4 EDITOR and EDIT page 442
    
    237  CICSECX1 Link error
    238  CICSECX1 return code was invalid
    
    B.1.18 EXPORT and IMPORT page 444
    
    1744 Not authorized
    1747 CICSECX1 return code was invalid
    
    B.1.37 CONVTMAP page 448
    
    1736 CICSECX1 Link error
    1744 Not authorized
    1747 CICSECX1 return code was invalid
    
    G.11 Library Member Access Security Exit page 479
    
    This section describes replaceable security exit CICSECX1.
    IBM provides a sample assembler CICSECX1 exit for customers
    to customize or replace.
    
    Note: This exit must reside in the same region as REXX/CICS
    (for example: the use of distributed program link is not
    allowed).
    
    G.11.1 CICSECX1
    
    CICSECX1 is a library member access security exit.
    
    G.11.1.1 Parameters
    
    The COMMAREA contains the following on input to the exit.
    
    :xmp scale=auto width=132.
    -------------------------------------------------------------
    |  Parameter | Number   | Datatype | Description            |
    |            | of bytes |          |                        |
    |-----------------------------------------------------------|
    | 1          | 4        | fullword | Return code            |
    |-----------------------------------------------------------|
    | 2          | 8        | character| CICS sign on ID        |
    |-----------------------------------------------------------|
    | 3          | 4        | character| Function requested     |
    |-----------------------------------------------------------|
    | 4          | 44       | character| VSEMEM class resource  |
    |            |          |          | id libname.sublibname. |
    |            |          |          | membername             |
    |-----------------------------------------------------------|
    | 5          | 4        | fullword | Length of the VSEMEM   |
    |            |          |          | resource id            |
    |-----------------------------------------------------------|
    | 6          | 3        | character| IMPORT access intent   |
    |-----------------------------------------------------------|
    | 7          | 7        | character| Library name           |
    |-----------------------------------------------------------|
    | 8          | 8        | character| Sublibrary name        |
    |-----------------------------------------------------------|
    | 9          | 8        | character| Member name            |
    |-----------------------------------------------------------|
    | 10         | 8        | character| Member type            |
    ------------------------------------------------------------
    :exmp.
    
    G.11.1.2 Return Codes
    0  Function request allowed
    4  Not authorized
    
    G.11.1.3 Function IDs
    CNVT CONVTMAP request
    EXPT EXPORT request
    IMPT IMPORT request
    
    G.11.1.4 IMPORT Access Intent
    EXC  Read/Write e.g. EDIT
    SHR  Read/Only
    NON  Read/Only
    

Temporary fix

  • FIX AVAILABLE BY PTF ONLY
    

Comments

APAR Information

  • APAR number

    PM17911

  • Reported component name

    CICSTS FOR VSE

  • Reported component ID

    564805400

  • Reported release

    B0P

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2010-07-06

  • Closed date

    2010-08-27

  • Last modified date

    2010-11-04

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UK60213

Modules/Macros

  •    CICCBMS  CICESVR  CICIMEX  CICSECX1
    

Publications Referenced
SC34576401    

Fix information

  • Fixed component name

    CICSTS FOR VSE

  • Fixed component ID

    564805400

Applicable component levels

  • RB0P PSY UK60213

       UP10/09/06 P E430

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU011","label":"Systems - zSystems software"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1.1.1","Edition":""}]

Document Information

Modified date:
04 November 2010