Filter
Top Products
you can use the router exit to pass control to your own ESM. If you do use RACF,
you could use the exit for preprocessing before RACF is invoked.
The MVS router exit routine is invoked whenever CICS (or another component of
your system) issues a RACROUTE macro. The router passes a parameter list
(generated by the RACROUTE macro) to the exit routine. In addition, the exit
receives the address of a 150-byte work area.
On entry to the exit routine, register 1 contains the address of the area described in
Table 43.
Table 43. Area addressed by register 1, on entry to exit routine
Offset Length Description
04Parameter list address: points to the MVS router parameter list.
(See “The MVS router parameter list.”)
44Work area address: points to a 150-byte work area that the exit
can use.
The exit must be named ICHRTX00 and must be located in the link pack area
(LPA).
Note: During signon processing, CICS Transaction Server for z/OS, Version 3
Release 2 issues the RACROUTE REQUEST=VERIFY macro with the
ENVIR=VERIFY option, in problem-program state. (For an explanation of
why CICS does this, see “Using early verification processing” on page 797.)
RACF requires RACROUTE calls with the ACEE option to be issued in
supervisor state. Therefore, if you use an ICHRTX00 exit that intercepts
CICS RACROUTE calls, and replaces them with its own RACROUTE
requests, your exit program should not assume that a REQUEST=VERIFY
call was made in supervisor state.
When intercepting a REQUEST=VERIFY call, your exit program should
check the settings of the two high-order bits of the byte at offset 3 in the
RACINIT parameter list. If ENVIR=VERIFY was specified on the call (as in
CICS early verification), these bits are both set on. If this is the case, your
exit program should not issue any further RACROUTE macros. To do so
could cause abends in RACF.
The MVS router parameter list
The MVS router parameter list is generated when the RACROUTE macro is issued,
and describes the security processing request by providing the request type. If the
router exit routine exists, the router passes the parameter list to this exit. (If it does
not exist, and if RACF is active, the router passes the parameter list to the RACF
router.)
You can map the MVS router parameter list using the ICHSAFP macro. Its format is
shown in the OS/390 Security Server External Security Interface (RACROUTE)
Macro Reference manual.
Router exit return codes
Your exit routine must return a return code in register 15. The hexadecimal values
of the return code are shown in Table 44 on page 791.
790 Customization Guide