Using Customized Security Exits

How to:

Reference:

Your database administrator can provide Model 204 logon and account information with security exits written in COBOL or Assembler. The adapter supports this method of supplying security information through exit parameters.

The security exit is site specific and must be named M204EXT. The M204EXT program is executed only when the ACCOUNT name and PASSWORD have not been previously defined to the adapter either in the Access File, with a Dialogue Manager &variable, or by issuing the M204IN SET commands.


Top of page

x
Syntax: How to Specify a Security Exit

The adapter calls the M204EXT exit with the following syntax

CALL M204EXT(USR,ACCNT,ACCNTP)

where:

USR

Is the 8 character TSO or MSO logon userid that is passed to the security exit.

ACCNT

Is the 16 character Model 204 account (userid) that is returned from the exit.

ACCNTP

Is the associated 16 character account password that is returned from the exit.


Top of page

x
Reference: Security Exit Processing

When a user issues a report request to access Model 204 data, the adapter calls the M204EXT exit using standard IBM calling conventions and passes the three parameters to the exit. Based on the supplied userid (USR), the exit returns the account and password values to the adapter, which uses the returned values to generate the IFSTRTN call. (The IFSTRTN call initiates an internal logon to the Model 204 DBMS before the user request for services is executed.) After generating the IFSTRTN call, the adapter erases the values from memory.

To use the security exit, the database administrator must:

  1. Write the security exit in COBOL or Assembler. The program name must be M204EXT.

    A sample Assembler M204EXT security exit program is provided in the 'FOCM204.DATA(M204EXT)' data set. The sample can be modified according to your site standards.

  2. Link edit the object module into a load library with AMODE(31). For example
    //LINK     EXEC PGM=IEWL,
    //         PARM='LET,NCAL,SIZE=(1024),LIST'
    //OBJLIB   DD   DSN=objlib.LOAD,DISP=SHR
    //SYSLMOD  DD   DSN=loadlib.LOAD,DISP=SHR
    //SYSUT1   DD   UNIT=SYSDA,SPACE=(CYL,(10,1))
    //SYSPRINT DD   SYSOUT=*
    //SYSLIN   DD   *
      INCLUDE OBJLIB(M204EXT)
      MODE  RMODE(31),AMODE(31)
      ENTRY M204EXT
      NAME M204EXT(R)
    /*

    where:

    objlib.LOAD

    Is the name of the partitioned data set (PDS) that contains the M204EXT object code.

    loadlib.LOAD

    Is the load library that is to contain the M204EXT load module.

  3. Concatenate the load library (allocated to ddname SYSLMOD in Step 2) to ddname USERLIB in the TSO CLIST that you use to invoke the server, or to ddname STEPLIB in your TSO logon CLIST.

    For MSO, either link the M204EXT load module into the 'prefix.FOCLIB.LOAD' data set, or allocate it to ddname STEPLIB.


WebFOCUS