This exit must be reentrant.
The exit must have RMODE(24) and AMODE(ANY).
It is important that the writer of the RACROUTE REQUEST=FASTAUTH
exit routine be aware of the environment in which the routine will
be executing. This routine is not invoked using standard linkage
conventions. Its running environment offers limited function as indicated
in the following list:
- The execution key is unpredictable.
- The exit might receive control in either supervisor or problem
state.
- The exit might or might not be given control APF-authorized.
- The exit might be given control in SRB mode; that is, the REQUEST=FASTAUTH
might have been issued by a caller running as an SRB.
- The exit should not issue any SVCs.
- The exit routine might be given control in either 24- or 31-bit
mode.
- The exit is responsible for saving and restoring certain registers
that it uses. The RACROUTE REQUEST=FASTAUTH exit parameter list contains
a pointer (RFXWA) to a 16-word work area. The exit can use the first
15 words of this area to save and restore registers.
On entry
to the exit:
- R1 contains the address of the exit parameter list, which contains
a pointer to the 16-word FASTAUTH work area. In the FASTAUTH work
area:
- The 2nd word contains a pointer to the class descriptor table
entry used for authorization checking. (The exit must not change the
contents of the class descriptor table entry.)
- The 6th word contains a 2-byte profile type followed by a 2-byte
profile length.
The profile type contains one of the following
values.
- 0
- No information, because profile information was provided to the
ICHRFX04 exit.
- 1
- No profile used.
- 2
- Discrete profile name in external format.
- 3
- Generic profile name in internal format.
- 6
- No profile was found.
The profile length is the length of the profile name
(contained in the 7th word).
- The 7th word contains a pointer to the profile name used in the
authorization check. The type and length of the profile name is contained
in the 6th word.
- The 11th word indicates the authority used to determine authorization.
The format of the first two bytes of the 11th word is:
- 1... ....
- Reserved for IBM®'s use.
- .1.. ....
- Normal authority was used.
- ..1. ....
- OPERATIONS authority was used.
- ...1 ....
- Trusted authority was used.
- .... 1...
- Privileged authority was used.
- .... .000
- Reserved for IBM's use.
- 0000 0000
- Reserved for IBM's use.
- The 12th word contains the RACF® reason
code that REQUEST=FASTAUTH processing has determined up to this point.
- The 13th word contains the RACF return
code that REQUEST=FASTAUTH processing has determined up to this point.
- The 14th word contains 0 if no profile protecting the resource
was found or if the class was RACLISTed by RACROUTE REQUEST=LIST,GLOBAL=YES
or by SETROPTS RACLIST. Otherwise it contains a pointer to the profile.
The profile is mapped by RACRPE within the ISP data area, which is
documented in z/OS Security Server RACF Data Areas.
- The 15th word contains 0 or information set by the ICHRFX01 or
ICHRFX04 exits if they were invoked and set this word to a value.
- R14 contains the return address.
- R15 contains the address of the exit entry point.
If the exit changes register 5, the exit must save that
register and restore it before returning to RACF. The exit can modify any of the other registers
without restoring the value that the register had on entry to the
exit.
The R14 value is needed to return to RACF.
- If the RACROUTE REQUEST=FASTAUTH routine (ICHRFC00 or IGC0013{)
is placed in the fixed link pack area (FLPA), the exit should also
be in the fixed link pack area (FLPA).
The RACROUTE REQUEST=FASTAUTH ICHRFX02 parameter list is the RACROUTE
REQUEST=FASTAUTH input parameter list. Either the RFXP mapping or
the FAST mapping in z/OS Security Server RACF Data Areas maps
the parameter list.
z/OS Security Server RACF System Programmer's Guide
Copyright IBM Corporation 1990, 2014