/*******************************************************************/ /* Demonstration of how to call the DMSPASS CSL routine in REXX. */ /* */ /* Syntax: */ /* DMSPASS userid password */ /* The specified userid and password are validated. */ /* */ /* DMSPASS agent/target agent_password */ /* The specified agent and the agent's password are */ /* validated. If valid, the agent's authority to LOGON BY */ /* to the target user is verified. */ /* */ /* Notes: */ /* o If the password contains starting or ending blanks, */ /* you must enclose the password in single or double quotes. */ /* */ /* o If the password starts with a single or double quote, */ /* you must enclose the password in double or single quotes, */ /* respectively. That is, the 'opposite' quote type. */ /* */ /*******************************************************************/ /* This code is offered on an AS-IS basis, with no warranty */ /* expressed or implied, including proper operation or suitability */ /* for purpose. By using this code for any purpose whatsoever, */ /* you acknowledge that IBM retains all copyright and intellectual */ /* property rights contained herein, if any. */ /* */ /* Alan Altmark, Author */ /* IBM Endicott, June 2006 */ /* */ /* Copyright (C) IBM Corporation, 2006-2011 */ /* */ /*******************************************************************/ /* Summary of the API: */ /* */ /* DMSPASS ( rc, */ /* domain, */ /* agent, agent_length, */ /* password, password_length, */ /* target, */ /* logdata, sizeof(logdata), log_length */ /* ) */ /* */ /* The plist for DMSPASS can occur in one of 4 forms. */ /* */ /* To verify your ability to invoke DMSPASS/Diag88: */ /* rc, -1 */ /* */ /* To simply verify a userid and password: */ /* rc, 0, agent, agentl, pw, pwl */ /* */ /* To verify a password AND check that 'agent' has LOGONBY */ /* privileges to 'target': */ /* rc, 0, agent, agentl, pw, pwl, target */ /* */ /* To do the above and get feedback from the CSL routine: */ /* rc, 0, agent, agentl, pw, pwl, target, logdata, logmax, loglen */ /* */ /*******************************************************************/ /* A few things to note: */ /* */ /* o The agent cannot be blank or null. */ /* */ /* o If the target is blank or null, then it is assumed to be */ /* the same as the agent id and no LOGONBY check is made and */ /* it will be overwritten with the user's VM id. */ /* */ /*******************************************************************/ /* The following shows the mapping of Diagnose 88 return codes to */ /* DMSPASS return codes. This is useful so that you can */ /* simulate various conditions via TRACE DIAG 88 NOSIM ST G7 nn */ /* */ /* Diag 88 --> DMSPASS */ /* RC RC */ /* 0 0x00 0 ok */ /* 8 0x08 8 failed */ /* 12 0x0C 36 wrong CP level */ /* 16 0x10 32 no permission to issue DIAG 88 */ /* 24 0x18 24 error reading CP directory */ /* 28 0x1C 12 no logonby permission */ /* 32 0x20 4 password expired */ /* 40 0x28 28 ESM present but not available */ /* */ /*******************************************************************/ parse arg userid password parse upper var userid agent_user "/" target . if target = "" then target = agent_user Select When left(password,1) = '"' then agent_pass = strip(password,'"','B') When left(password,1) = "'" then agent_pass = strip(password,"'",'B') otherwise agent_pass = password End domain = 0 /* agent is a VM user */ target = left(agent_user,8) /* Target is always a */ /* VM id. Pad to 8. */ logdata = left(' ',100) /* Set up logdata area */ logmax = length(logdata) /* sizeof(logdata) */ loglen = 0 agentl = length(agent_user) pwl = length(agent_pass) savetarg = target rc = -999999 /* Init return code */ Call CSL "DMSPASS rc", "domain", "agent_user agentl", "agent_pass pwl", "target", "logdata logmax loglen" Select when rc = 0 then do say routine "RC=" retcode "Logdata="left(logdata,loglen) if save_target <> target then /* target returned */ say "Target =" target end when rc = 4 then say agent_user"'s password has expired" when rc = 8 then say "Access denied - bad user id or password" when rc = 12 then say agent_user "does not have LOGONBY permission to" target when rc = 24 then say "Error reading the CP directory. Try again." when rc = 28 then say "ESM present, but not available right now. Try again later." when rc = 32 then say "Missing OPTION DIAG88 in your directory." when rc = 36 then say "We just took a specification exception on Diag 88. Not good." when rc >= -199 & rc < -100 then say "DMSPASS doesn't like parameter" abs(rc)-100 /* Everthing below this point is generic REXX CSL stuff */ when rc = -7 then say routine "not found" when rc = -8 then say routine "was dropped" when rc = -9 then say "Insufficient memory to call" routine when rc = -10 then say "Too many parameters specified on call to" routine when rc = -11 then say "Too few parameters provided on the call to" routine when rc >= -26999 & rc < -26000 then say "Incorrect data length for parameter" abs(rc)-26000 when rc >= -27999 & rc < -27000 then say "Incorrect data or data type for parameter" abs(rc)-27000 when rc >= -28999 & rc < -28000 then say "Incorrect variable name for parameter" abs(rc)-28000 when rc >= -29999 & rc < -29000 then say "Incorrect length value for parameter" abs(rc)-29000 otherwise say "UNEXPECTED ERROR: CSL call to" routine "failed. RC="rc end exit rc