Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

The MVS Router exit ICHRTX00

75 views
Skip to first unread message

Lorraine Johnston

unread,
Jun 3, 1998, 3:00:00 AM6/3/98
to

Hello,

We're considering using the MVS router exit ICHRTX00 from CICS to
store add'l CICS user info in the RACF database.

Has anybody else tried this? Or tried other techniques to update the
user segment of the RACF database?

From :

http://ppdbooks.pok.ibm.com:80/cgi-bin/bookmgr/bookmgr.cmd/BOOKS/DFHLA309/7.1.2.
1

"The MVS router provides an optional installation exit that is invoked
whether or not RACF is installed and active on the system. If your
installation does not use RACF, you can use the router exit to pass
control to your own ESM. If you do use RACF, you could use the exit for
preprocessing before RACF is invoked.

"The MVS router exit routine is invoked whenever CICS (or another
component of your system) issues a RACROUTE macro. The router
passes a parameter list (generated by the RACROUTE macro) to the exit
routine. In addition, the exit receives the address of a 150-byte work
area.

"On entry to the exit routine, register 1 contains the address of the area
described in Table 122.

Table 122. Area addressed by register 1, on entry to exit routine

Offset | Length | Description
--------------------------------------------------------------------------------
-
| 0 | 4 | Parameter list address: points to the MVS router
| | | parameter list. (See "The MVS router parameter
| | | list" in topic 7.1.2.1.1.)
--------------------------------------------------------------------------------
--
| 4 | 4 | Work area address: points to a 150-byte work area
| | | that the exit can use.

"The exit must be named ICHRTX00 and must be located in the link pack
area (LPA)."

=========================================================

Many thanks,

Lorraine Johnston
Johns Hopkins University
Ljoh...@jhu.edu

Andrew Sleith

unread,
Jun 9, 1998, 3:00:00 AM6/9/98
to

What is it taht you want to store in the user segment, and why do you need
to gain this access from CICS?

There is an "installation data" field that is free-form up to 255 bytes
which your RACF administrators can modify.

Alternatively, we have developed a program that runs in CICS which we use to
allow authorised users to reset other poeple's password etc. (This could be
adapted to add/change anything in the RACF database)
This code uses an interface documented in the RACF publication "RACF Macros
and Interfaces". This technique interfaces directly with RACF but it
requires that you are authorised (something which CICS isn't) so if you wish
to pursue this you'll need a user SVC in MVS.


Charles F Stansell

unread,
Jun 9, 1998, 3:00:00 AM6/9/98
to

Lorraine,

I don't use ICHRTX00 but do something similar. I use ICHRIX01,ICHRIX02.
At signon time we use ICHRIX02 to extract the CICS segment, TSO segment
(to get dept/charge codes, print dest etc), and installation data so it
is available to our applications. If any of those segments is not
present, we dynamically add it to RACF during the signon process. We
also allow users to run a CICS transaction to update some of the
information and we use ICHRIX01 to update the info in RACF at signoff.

We use ICHRIX0_ since this is invoked less often so causes less overhead
than ICHRTX00 but is invoked when users sign on and off CICS. To save
overhead for non CICS, the exit ICHRIX02 simply checks to see if the
parameter list is supplied (meaning it's a CICS region of 3.3 or above
with "ESMEXITS=INSTLN" specified in the DFHSITxx). If so, it then
getmains a reentrant workarea then links to a routine which resides in
the CICS region steplib. That way different versions of the called
program can exist for different CICS versions, you can test changes
without affecting other regions, etc. Only a few lines of code with no
getmains etc, are executed for non-CICS callers.

The called steplib routine uses "RACROUTE REQUEST=EXTRACT, TYPE=EXTRACT,
..." to extract the segments and uses "RACROUTE
REQUEST=EXTRACT,TYPE=REPLACE,..." to create or update the RACF segments.

I began using this technique to extend the standard IBM CICS signon since
1992 to replace a homegrown CICS security system I had previously
written. We have used it on CICS 3.3, CICS 4.1 and now CICS/TS 1.2.

Feel free to contact me again if you would like more specifics.

Charles Stansell
cics...@geocities.com
http://www.geocities.com/~cicsprog

Lorraine writes :


>>We're considering using the MVS router exit ICHRTX00 from CICS to
>>store add'l CICS user info in the RACF database.

>>Has anybody else tried this? Or tried other techniques to update the
>>user segment of the RACF database?


_____________________________________________________________________
You don't need to buy Internet access to use free Internet e-mail.
Get completely free e-mail from Juno at http://www.juno.com
Or call Juno at (800) 654-JUNO [654-5866]

0 new messages