One of my very first oh dark thirty wake up calls. I had tested thoroughly using a public test library. All good. Copied the module carefully to the production counterpart. Went home. Boom.
The lessons you learn earliest are the ones you remember best. ;-) . . J.O.Skip Robinson Southern California Edison Company Electric Dragon Team Paddler SHARE MVS Program Co-Manager 323-715-0595 Mobile 626-543-6132 Office ⇐=== NEW robin...@sce.com -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Way, Richard Sent: Friday, June 09, 2017 1:33 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: (External):Re: APF authorization and AC(00) Yup, I'm sure you are right. Lying to the binder didn't (obviously) matter when the program object was in a non-APF-authorized library, but it did matter when it was in an authorized library for the reasons discussed below. In any event, lying to the binder is a terrible practice, and I'll correct this by (probably) telling the compiler to emit reentrant code - or by telling the binder it's not reentrant after all. Rich Way -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Dan Little Sent: Friday, June 09, 2017 1:27 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: APF authorization and AC(00) I think you need RENT on your PL/1 compile because otherwise there is no guaranteed the generated code will be re-entrant. General rule is if RENT on bind/LinkedIn then you must have RENT on high level language compile. Dan On Jun 9, 2017, 16:26 -0400, Leonardo Vaz <leonardo....@cn.ca>, wrote: > Ow, I missed the source, sorry. > > Ok, so I believe a program loaded from an authorized library, even if it's > not AC=1, will be loaded by contents supervisor with KEY=0 if it's reentrant, > but with KEY=8 if it's non-reentrant, so that's why you got the S0C4 > originally. > > Regards, > Leo > > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] > On Behalf Of Way, Richard > Sent: Friday, June 09, 2017 4:24 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: APF authorization and AC(00) > > Problem solved, per the suggestions below!! > > In particular, the program is apparently NOT reentrant, yet the binder was > being told it was. > > For some reason, this doesn't seem to matter (in this case) when the library > isn't APF-autorized, yet results in a S0C4 when it is. > > That part is still a bit of a puzzle. > > But removing RENT from the bind step gets me past this. > > Thanks again > > Rich Wa > > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] > On Behalf Of Way, Richard > Sent: Friday, June 09, 2017 1:18 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: APF authorization and AC(00) > > The source code is actually below - it's just a "hello world". But agreed I > need to dig into the S0C4. The APF issue wasn't the result of an attempt to > debug it, but was the ONLY difference between the version that worked and the > version that didn't - and I confirmed that by revoking and reinstating APF > auth on the library. > > Rich Way > > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] > On Behalf Of Leonardo Vaz > Sent: Friday, June 09, 2017 1:16 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: APF authorization and AC(00) > > Right, without the source code we can only guess, but the program might be > issuing a CSVQUERY to verify its state and relying on ",OUTATTR2=" > "Authorized library" bit to try and do something it wouldn't do if that bit > was off, maybe they forgot to check the "Authorized program" bit as well. > > That is, considering the only variable is the library being APF'd or not. > > Regards, > Leo > > > > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] > On Behalf Of Way, Richard > Sent: Friday, June 09, 2017 4:03 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: APF authorization and AC(00) > > Thanks, but it's a simple > > //XYZ EXEC PGM=ZPXPLIA > > So, yeah, it's a jobstep task. And while I can see how NOT having > authorization might cause a problem (specifically, an S047), I don't see why > *having* authorization would cause a problem... > > Rich Way > > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] > On Behalf Of Leonardo Vaz > Sent: Friday, June 09, 2017 12:59 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: APF authorization and AC(00) > > As far as I understand, AC=0 would only prevent authorization of the JSCB if > it is the program being attached as a jobstep task, if this program is being > called by an already-existing authorized task, it would run authorized. > > The question is: How is control passed to program ZPXPLIA? > > Regards, > Leo > > > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] > On Behalf Of Way, Richard > Sent: Friday, June 09, 2017 3:49 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: APF authorization and AC(00) > > Simple question, but the behavior I am seeing flies in the face of what I > *thought* I knew about APF authorization. > > The crux of it is - I have a program object that is linked AC(00). When this > program is executed out of an APF-authorized library, it S0C4s. When I revoke > the authorization on the library and re-run the test, it works. > > I had been under the (maybe-mistaken) impression that if you didn't have > *both* AC(1) *and* be running out of an APF-authed library, you wouldn't get > APF authorization - so I thought that the AC(00) version should work just > fine out of the APF-authorized library - but it doesn't. > > Any help would be appreciated. > > Additional facts: program is PL/I (LE), chopped the source way back to just > this: > > ZPXPLIA: > > Proc Options(Main); > Put skip list("Hello, world!"); > > end ZPXPLIA; > > The compile and bind are done with: > > <snip > //PLI EXEC PGM=IBMZPLI,REGION=0K,TIME=999, // > PARM=('MAP,LC(80),NEST,S',SYSTEM(MVS), > // 'LIST,AG,A,X,C') > //**** MAP = print info from compile for use when reading dumps. > //**** LC(80) = LINECOUNT(80) = number of lines per page on listing. > //**** NEST = listing indicates nest level and block level. > //**** S = SOURCE = print the source on the compiler listing. > //**** SYSTEM(MVS) = this is an ordinary batch program. > //**** LIST = product the pseudo-assembler listing. > //**** AG = AGGREGATE = produce a table of sizes of items in the listing. > //**** A = ATTRIBUTES = produce a table of attributes in the listing. > //**** X = XREF = create a cross-reference in the listing. > //**** C = COMPILE = generate code unless there is a severe error. > //SYSIN DD DISP=SHR,DSN=&SAMPLIB..SAMPLIB(ZPXPLIA) > <snip > //LKED EXEC PGM=IEWBLINK,COND=(4,LT), > // PARM='LIST,MAP,LET,RENT' > //SYSPRINT DD SYSOUT=* > //SYSLIB DD DISP=SHR,DSN=&LECEEHLQ..SCEELKED //SYSLMOD DD > DISP=SHR,DSN=&LOAD > //SYSUT1 DD UNIT=SYSDA,SPACE=(CYL,(3,1)) //TEMP DD > DISP=(OLD,DELETE),DSN=&&TEMP //SYSLIN DD * INCLUDE TEMP NAME > ZPXPLIA(R) > /* > <snip > > Thanks in advance- I am sure I must be misunderstanding something... > > Rich Way > HPE Security - Data Security > HPE Software | Enterprise Security Products > 1140 Enterprise Way, Mail Stop 3048 > Sunnyvale, CA 94089 > > [HPE logo]<http://www.hpe.com/ ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
