IBM SC33-1683-02 Server User Manual


 
The MVS router exit
The MVS router provides an optional installation exit that is invoked whether or not
RACF is installed and active on the system. If your installation does not use RACF,
you can use the router exit to pass control to your own ESM. If you do use RACF,
you could use the exit for preprocessing before RACF is invoked.
The MVS router exit routine is invoked whenever CICS (or another component of
your system) issues a RACROUTE macro. The router passes a parameter list
(generated by the RACROUTE macro) to the exit routine. In addition, the exit
receives the address of a 150-byte work area.
On entry to the exit routine, register 1 contains the address of the area described in
Table 34.
Table 34. Area addressed by register 1, on entry to exit routine
Offset Length Description
04Parameter list address: points to the MVS router parameter list.
(See “The MVS router parameter list”.)
44Work area address: points to a 150-byte work area that the exit
can use.
The exit must be named ICHRTX00 and must be located in the link pack area
(LPA).
Note: During signon processing, CICS Transaction Server for OS/390 Release 3
issues the RACROUTE REQUEST=VERIFY macro with the ENVIR=VERIFY
option, in problem-program state. (For an explanation of why CICS does this,
see “Early verification processing” on page 729.) RACF requires RACROUTE
calls with the ACEE option to be issued in supervisor state. Therefore, if you
use an ICHRTX00 exit that intercepts CICS RACROUTE calls, and replaces
them with its own RACROUTE requests, your exit program should not
assume that a REQUEST=VERIFY call was made in supervisor state.
When intercepting a REQUEST=VERIFY call, your exit program should
check the settings of the two high-order bits of the byte at offset 3 in the
RACINIT parameter list. If ENVIR=VERIFY was specified on the call (as in
CICS early verification), these bits are both set on. If this is the case, your
exit program should not issue any further RACROUTE macros. To do so
could cause abends in RACF.
The MVS router parameter list
The MVS router parameter list is generated when the RACROUTE macro is issued,
and describes the security processing request by providing the request type. If the
router exit routine exists, the router passes the parameter list to this exit. (If it does
not exist, and if RACF is active, the router passes the parameter list to the RACF
router.)
You can map the MVS router parameter list using the ICHSAFP macro. Its format is
shown in the
OS/390 Security Server External Security Interface (RACROUTE)
Macro Reference
manual.
the MVS router
722
CICS TS for OS/390: CICS Customization Guide