IBM Support

PM72945: MODIFY COMMANDS BEING GENERATED BY RESOLVER PROCESSING

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • When a system has a GLOBALTCPIPDATA input specified in the
    Resolver process configuration (the SETUP DD), a copy of the
    contents is kept to support NMI processing.  To ensure that this
    is always current, each time a new application performs a
    res_init() call a check is performed to detect when that input
    has been updated.
    
    The problem is that the mechanism to notify the RESOLVER address
    space of that update is to have the application issue a MODIFY
    RESOLVER command.  But in most instances, the user running that
    application will not have the authority to issue a MODIFY
    command, so a security violation results along with the
    following message:
    
       IEE345I MODIFY  AUTHORITY INVALID, FAILED BY SECURITY PRODUCT
    
    If using RACF for SAF functions, a message similar to the
    following will accompany the above:
    
       ICH408I USER(xxxxxxxx) GROUP(xxxxxxxx) NAME(xxxxx xxxxx)
         MVS.MODIFY.STC.RESOLVER.RESOLVER CL(OPERCMDS)
         INSUFFICIENT ACCESS AUTHORITY
         FROM MVS.MODIFY.** (G)
         ACCESS INTENT(UPDATE )  ACCESS ALLOWED(NONE   )
    
    Note:  If a non-default name is being used for the RESOLVER
           process, that name will appear as the last two qualifiers
           of the referenced profile name.
    

Local fix

  • Issue a MODIFY RESOLVER,REFRESH command from an authorized
    user to stop the violations.  This can also be
    performed immediately after updating the referenced
    GLOBALTCPIPDATA input.
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED: All users of the IBM Communications Server   *
    *                 for z/OS Version 1 Release(s) 13 IP:         *
    *                 Resolver                                     *
    ****************************************************************
    * PROBLEM DESCRIPTION: Message IEE345I is issued from various  *
    *                      applications that reference the global  *
    *                      tcpip data after the global tcpip data  *
    *                      set has been modified.                  *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    When the global TCPIP data set has been modified a MODIFY
    command is used to notify the RESOLVER that it has been modified
    and that it should be reread for any updates.  However,
    installation security products prevent the MODIFY command from
    being executed since the application has not been given
    authority to issue a MODIFY RESOLVER command.
    +-------------------------------------------------------------+
    + Please check our Communications Server for OS/390 homepages +
    + for common networking tips and fixes.  The URL for these    +
    + homepages can be found in Informational APAR II11334.       +
    +-------------------------------------------------------------+
    

Problem conclusion

  • The resolver is amended to use an cross memory post of a ECB in
    the resolver address space for notification that the global
    TCPIP data set has been modified.
    
    * Cross Reference between External and Internal Names
    

Temporary fix

  • *********
    * HIPER *
    *********
    

Comments

APAR Information

  • APAR number

    PM72945

  • Reported component name

    TCP/IP V3 MVS

  • Reported component ID

    5655HAL00

  • Reported release

    1D0

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    YesHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2012-09-14

  • Closed date

    2012-10-12

  • Last modified date

    2012-12-04

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UK82635

Modules/Macros

  • EZBRECFG EZBRECVT EZBREINI EZBRERIN EZB2RCVT
    

Fix information

  • Fixed component name

    TCP/IP V3 MVS

  • Fixed component ID

    5655HAL00

Applicable component levels

  • R1D0 PSY UK82635

       UP12/11/14 P F211

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1D0","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSCY4DZ","label":"DO NOT USE"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1D0","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
04 December 2012