IBM Support

SI52787 - OSP-INCORROUT Incorrect authority in CA-type *PGP audit reco

PTF Cover Letter


PTF ( Program Temporary Fixes ) Cover letter


Order this fix

Abstract

OSP-INCORROUT Incorrect authority in CA-type *PGP audit reco


Pre/Co-Requisite PTF / Fix List

REQ  LICENSED      PTF/FIX  LEVEL

TYPE PROGRAM  REL  NUMBER   MIN/MAX  OPTION
---- -------- ---  -------  -------  ------
PRE  5761999  610  MF53846   00/00    0000
PRE  5761999  611  MF53847   00/00    0000
PRE  5761SS1  610  SI37099   00/00    0000
CO   5761SS1  610  SI46473   00/00    0000
CO   5761SS1  610  SI31185   00/00    0000
DIST 5761999  610  MF52170   00/00    0000
DIST 5761999  611  MF52169   00/00    0000
DIST 5761999  610  MF46432   00/00    0000



NOTICE:
-------
Application of this PTF may disable or render ineffective programs that
use system memory addresses not generated by the IBM translator,
including programs that circumvent control technology designed to limit
interactive capacity to purchased levels.  This PTF may be a prerequisite
for future PTFs.  By applying this PTF you authorize and agree to the
foregoing.

This PTF is subject to the terms of the license agreement which
accompanied, or was contained in, the Program for which you are obtaining
the PTF.  You are not authorized to install or use the PTF except as part
of a Program for which you have a valid Proof of Entitlement.

SUBJECT TO ANY WARRANTIES WHICH CAN NOT BE EXCLUDED OR EXCEPT AS EXPLICITLY
AGREED TO IN THE APPLICABLE LICENSE AGREEMENT OR AN APPLICABLE SUPPORT
AGREEMENT, IBM MAKES NO WARRANTIES OR CONDITIONS EITHER EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OR CONDITIONS OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON INFRINGEMENT,
REGARDING THE PTF.

The applicable license agreement may have been provided to you in printed
form and/or may be viewed using the Work with Software Agreements (WRKSFWAGR)
CL command.





APAR Error Description / Circumvention

-----------------------------------------------
Authority changes to objects without primary groups can result
in CA-type security audit journal entries, with a user name of
"*PGP". When there is no primary group authority, the
"Authorization List" field in these entries indicates "*AUTL
public authority" is present.

CORRECTION FOR APAR SE58572 :
-----------------------------
The auditing code was making an incorrect assumption concerning
how it would be called when there was no authority for the
supplied user name. The PTF corrects the problem so that any
new entries will not have incorrect "Authorization List" fields.
Entries that contain this information should be ignored.

CIRCUMVENTION FOR APAR SE58572 :
--------------------------------
None


Activation Instructions


This PTF contains objects that are activated only at IPL time.
Therefore, if this PTF is applied as an immediate PTF, you must
perform an IPL of the system to activate the PTF. Applying the
PTF as an immediate PTF will ensure that the PTF becomes active
even after an abnormal IPL where delayed PTFs are not applied.

If the PTF is applied as a delayed PTF, no further action is
necessary.





Special Instructions


********************************************************************
THE FOLLOWING ARE SUPERSEDED SPECIAL INSTRUCTIONS. IF THE SUPERSEDED
PTF HAS ALREADY BEEN APPLIED AND ITS SPECIAL INSTRUCTION FOLLOWED,
IT IS NOT NECESSARY TO FOLLOW THAT SPECIAL INSTRUCTION AGAIN.
********************************************************************

SPECIAL INSTRUCTIONS FOR SUPERSEDED PTF SI48381 :
=================================================

Two optional parameters have been added to *RENAMEPRB function
described in the previous special instructions: a subtree parameter and
a problem string parameter. A prototype invocation for the function is
now:

CALL QP0FPTOS PARM(*RENAMEPRB '/directory-path' <subtree>
<problem-string>)

1) <subtree> - optionally indicates whether to rename all objects in
the entire subtree of the path. If *NONE is specified only the contents
of the specified directory will be processed. If *ALL is specified, the
contents of the specified directory as well as all of its
subdirectories will be processed. If this parameter is not specified,
subdirectories will not be processed.

2) <problem-string> - optionally indicates the problem(s) to be
corrected. This string can include any or all of the following
characters, in any order:

'/' - correct names with slashes
'\' - correct names with backslashes
'?' - correct names with question marks
'*' - correct names with asterisks
':' - correct names with colons
'S' - correct names with single-quotes or apostrophes (')
'D' - correct names with double-quotes (")
'~' - correct names with tildes
'B' - correct names with blanks
'C' - correct names with characters that do not convert to the current
job CCSID

The string may contain a special value, *ALL, which indicates that all
of the listed problems will be corrected. If this parameter is not
specified, only names with slashes (/) will be renamed.

The following example would rename all objects in the directory
'/a/b/c' and any of its subdirectories where an object had a slash,
backslash, or question mark in the name. The specified characters will
be changed to hyphens (-).

CALL QP0FPTOS PARM(*RENAMEPRB '/a/b/c' *ALL '/\?')

SPECIAL INSTRUCTIONS FOR SUPERSEDED PTF SI37419 :
=================================================

This PTF provides new features for the "Perform Miscellaneous File
System Functions (QP0FPTOS)" API that will enable users to rename
unusable link names.

1) CALL QP0FPTOS PARM(*DUMPDIR '/path/to/directory')
CALL QP0FPTOS PARM(*DUMPDIR '/path/to/directory' *PRBONLY)

The '/path/to/directory' must be specified in the current job
CCSID. These invocations will dump the contents of the specified
directory to a spool file. The spool file will contain each link
name in the current job CCSID and a hexadecimal representation of
the link name in CCSID 1200 (UTF-16). Certain entries may also
indicate that a "problem" exists for the link name. A link name
contains a "problem" if it contains any of the following:

- Characters that can not be converted to the current job CCSID
- Slash (/)
- Backslash (\)
- Asterisk (*)
- Question mark (?)
- Single-quote (')
- Double-quote (")
- Tilde (~)
- Colon (:)

If the optional third parameter is omitted, all entries in the
directory will be dumped to the spool file. Entries that contain
problems can be found by searching for the string "PROBLEM:".
If *PRBONLY is specified as the third parameter, only entries
containing problem characters will be dumped to the spool file.

2) CALL QP0FPTOS PARM(*RENAME 'old-hex-name' 'new-name')

This invocation will rename a link in the current working directory.
The 'old-hex-name' is the hexadecimal representation of the name in
CCSID 1200 (UTF-16) that is obtained from the *DUMPDIR output. The
'new-name' is a name specified in the current job CCSID. For
example, if directory '/A/B' contained a link name with slashes,
'/C/D', the following commands could be used to rename the link to
'NEWNAME':

CHGCURDIR DIR('/A/B')
CALL QP0FPTOS PARM(*RENAME '002F0043002F0044' 'NEWNAME')

3) CALL QP0FPTOS PARM(*RENAMEPRB '/path/to/directory')

This invocation will rename all entries in the specified directory
that contain the slash (/) character. All of the slash characters
in the names will be changed to hyphens (-). For example, if
directory '/A/B' contained several link names with slashes ('/C/D',
'/E', '/F/G/H'), the following command could be used:

CALL QP0FPTOS PARM(*RENAMEPRB '/A/B')

When the command completed, the problem names would be '-C-D',
'-E', and '-F-G-H'. These names can then be easily removed or
further renamed through other normal interfaces. The command
generates a spool file where the success or failure of file
system operations is reported.


Default Instructions

THIS PTF CAN BE APPLIED IMMEDIATE OR DELAYED.



Supersedes

PTF/FIX NO(S).  APAR TITLE LINE
--------------  ------------------------------------------------------------
   SI52210      OSP Internal extensions for maintainability
   SI51057      OSP Internal extensions for maintainability
   SI50587      OSP-INCORROUT No ZR-type audit journal entry for PASE utilit
   SI50191      OSP-INCORROUT Incorrect paths in B-B3 journal entries
   SI49810      OSP-OTHER-INCORROUT Unexpected audit journal entry for *PGP
   SI49328      SP/QP0FEPFS-MOD/QP0FVNOT-PRCS/200 Unnecessary FFDC
   SI48381      OSP-OTHER Usability problem with link names
   SI46711      OSP-OTHER-UNPRED CA audit journal entry not created
   SI46068      OSP-MSGMCH6901 Integrated file system scan exit program fail
   SI45691      OSP-UNPRED System heap storage leak
   SI44797      OSP-MSGCPFA09E Object in use after failed create
   SI44587      OSP Internal extensions
   SI43749      OSP-INCORROUT Rename rollback does not occur
   SI43484      OSP-INCORROUT AF-type audit entries from server jobs
   SI43418      OSP-SRCB6005121-UNPRED Cancellation request leads to system
   SI42484      OSP-MSGCPFA09E Failure to remove link or directory
   SI42484      OSP-MSGCPFA0A1 Unable to remove link to damaged object
   SI40762      OSP-MSGMCH3601 Qp0f_FFDC does not produce problem entry
   SI40687      OSP-INCORROUT Qp0lGetPathFromFileID() authority errors
   SI37823      OSP-INCORROUT NFS V4 to independent ASP UDFS
   SI37538      OSP Internal extensions
   SI37419      OSP-OTHER USABILITY PROBLEM WITH LINK NAMES
   SI36097      OSP-INCORROUT Problem entry from QP0FROLLBK
   SI35824      OSP-MSGCPD373D SAVSECDTA
   SI35358      OSP-INCORROUT Audit entries after rename or unlink
   SI35358      OSP-OTHER-UNPRED Storage leak during renames
   SI34972      OSP Internal extensions
   SI34727      LIC-WAIT Deadlock performing file system operations
   SI34727      OSP-WAIT Process goes into MTXW state
   SI32536      OSP INTERNAL EXTENSIONS
   SI31928      OSP-INCORROUT Rollback fails on IASP
   SI31928      OSP-UNPRED 5722 SP/QP0FGS1 MOD/QP0FENDCMT RC0
   SI31186      OSP-MSGCPFA0AA Root directory growth
   SI31062      OSP-MSGMCH3601 during journal rollback
   SI30308      OSP-INCORROUT Change not audited for journaled object
   SI30308      OSP-INCORROUT Rollback after failed CHGOWN or CHGPGP
   SI29644      OSP-MSGCPFA0AA Root directory growth
   SI28919      OSP Internal Extensions for Maintainability
   SI28919      OSP-UNPRED User profile is full

Summary Information

System..............................i
Models..............................
Release.............................V6R1M0
Licensed Program...............5761SS1
APAR Fixed..........................SE58572
Superseded by:......................View fix details for PTF SI55091
Recompile...........................N
Library.............................QSYS
MRI Feature ........................NONE
Cum Level...........................C4197610


System i Support

IBM disclaims all warranties, whether express or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. By furnishing this document, IBM grants no licenses to any related patents or copyrights. Copyright © 1996,1997,1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019 IBM Corporation. Any trademarks and product or brand names referenced in this document are the property of their respective owners. Consult the Terms of use link for trademark information.

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG15V","label":"PTF Cover Letters - OS\/400 General"},"Component":"","ARM Category":[],"Platform":[{"code":"PF012","label":"IBM i"}],"Version":"V6R1M0","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG16A","label":"PTF Cover Letters - i5\/OS V6R1 environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF012","label":"IBM i"}],"Version":"V6R1M0","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
04 April 2014