|
The parameter list that is passed to the exit contains: - A flag indicating whether the exit is executing in the RACF® subsystem address space or
the command issuer's address space.
- A function code that identifies the command name. If the exit
changes this function code, the change has no effect on RACF's processing
of the command.
- A flag indicating whether this is the preprocessing or postprocessing
call.
- Flags indicating whether the command was directed to the node
and if so, how, with the AT or ONLYAT keywords or by automatic command
direction.
- A pointer to a command buffer that contains:
- An image of the original command after parsing.
- The defaults for command keywords that have defaults and were
not specified on the original command.
- Any data that was provided by prompting.
- An extra 300 bytes of blanks following the last keyword in the
buffer, where the exit can add more keywords.
The exit can change the values of keywords in the buffer,
but if it changes the command name RACF fails
the command. If the exit changes the pointer to the command buffer, RACF ignores the change.
- The address of an ACEE:
- If the address is 0, the RACF parameter
library issued the command, and the command runs with the authority
of the RACF subsystem address
space.
- If the address is nonzero, it points to the ACEE of the user ID
under whose authority the command runs. (This user ID is usually the
one that issued the command, but not necessarily. For example, for
directed commands it is the user ID specified on the AT or ONLYAT
keyword.) The exit can examine the user ID and group name in this
ACEE to do authority checking on the command. The exit can modify
fields in the ACEE that are part of the defined programming interface,
but the postprocessing call should restore the previous values when
it gets control after command execution or after an abend. For information
about the ACEE fields, see z/OS Security Server RACF Data Areas.
The exit cannot change the pointer to the ACEE.
- The originating node and user ID, if the command was directed
with the AT or ONLYAT keyword, or with automatic command direction.
The exit can use these values to make decisions, but cannot change
them.
- A pointer to a word that the exit can use to communicate between
the preprocessing call and the postprocessing call to an exit routine,
or between different exit routines associated with the exit. The exit
can change the contents of this communication area, but not the pointer
to it.
- A command return code, an abend completion code, and a flag indicating
whether the command abended:
- On the preprocessing call, these values are 0. If the exit changes
these values, the changes are ignored.
- On the postprocessing call:
- If the command did not abend, the command return code field contains
the value set by the command processor during command execution. The
exit can change this return code.
- If the command abended, the flag is set to indicate that the abend
has occurred, the abend completion code is passed, and the command
return code field is set to the abend reason code, if available. If
the exit changes these values, the changes are ignored.
- A pointer to a message area. If the exit fails the command with
a message, it can provide message text in this area to be inserted
into message IRRV022I. The exit cannot change the pointer.
|