Support User Manuals

IBM SC34-6814-04 Server User Manual

Open as PDF

of 953

For non-RACF users — the ESM parameter list

CICS (or another caller) passes information to your external security manager in the

ESM parameter list, the address of which can be calculated using field SAFPRACP

of the MVS router parameter list.

When the caller is CICS, the “INSTLN” field of the ESM parameter list points to the

installation data parameter list, which contains CICS-related information that can be

used by ESM exit programs.

The format of the ESM parameter list, and the actual name of the “INSTLN” field,

vary, depending on which CICS security event is being processed. (The “request

type” field (SAFPREQT) of the router parameter list shows why the ESM is being

called by indicating the RACROUTE REQUEST type.) Table 45 shows how some

formats of the ESM parameter list can be mapped using MVS macros.

Table 45. Mapping the ESM parameter list

RACROUTE REQUEST

type

Parameter list mapping macro INSTLN field name

VERIFY IRRPRIPL INITIPTR (X'10')

AUTH ICHACHKL ACHKIN31 (X'20')

FASTAUTH Not available Offset X'18'

LIST Not available Offset X'0C'

EXTRACT Not available None

Note: The INSTLN field points to the installation parameter list only if you specify

INSTLN on the ESMEXITS system initialization parameter. The default value

of this parameter is NOINSTLN, which means that no installation data is

passed.

For RACF users — the RACF user exit parameter list

If you are a RACF user, you can find the address of the installation data parameter

list directly from the RACF user exit parameter list. The name of the relevant field in

the user exit parameter list varies according to the RACROUTE REQUEST type

and the RACF user exit that is invoked. The relationships between REQUEST type,

exit name, and field name are shown in Table 46.

Table 46. Obtaining the address of the installation data parameter list

RACROUTE

REQUEST type

RACF exit Exit list mapping

macro

Parameter list field

name

VERIFY ICHRIX01 ICHRIXP RIXINSTL

VERIFY ICHRIX02 ICHRIXP RIXINSTL

AUTH ICHRCX01 ICHRCXP RCXINSTL

AUTH ICHRCX02 ICHRCXP RCXINSTL

FASTAUTH ICHRFX01 ICHRFXP RFXANSTL

FASTAUTH ICHRFX02 ICHRFXP RFXANSTL

LIST ICHRLX01 ICHRLX1P RLX1INST

LIST ICHRLX02 ICHRLX2P RLX2PRPA See note

2.

792 Customization Guide

previous next