forked from mainframed/Enumeration
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathAPFCHECK
218 lines (218 loc) · 9.06 KB
/
APFCHECK
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
//jobname JOB
//*
// EXPORT SYMLIST=*
// SET LOADMOD=APFCHECK
// SET LOADLIB=my.loadlib
//ASM EXEC PGM=ASMA90,PARM='NODECK,XREF(SHORT)'
//SYSLIB DD DSN=SYS1.MACLIB,DISP=SHR
//SYSUT1 DD UNIT=SYSDA,SPACE=(CYL,(10,5))
//SYSUT2 DD UNIT=SYSDA,SPACE=(CYL,(10,5))
//SYSUT3 DD UNIT=SYSDA,SPACE=(CYL,(10,5))
//SYSPRINT DD SYSOUT=*
//SYSLIN DD SPACE=(CYL,10),UNIT=WORK,DISP=(,PASS)
//SYSIN DD *,SYMBOLS=JCLONLY
* APFCHECK
* Program to check your access to APF authorized libraries
* Create by Soldier of FORTRAN 2019
* Original idea David Speigel
* Help from BigE Smalls
* --------------------------------------------------------------------
* For use on z/OS TSO only
CHKACCSS TITLE 'List APF Datasets and check your access'
PRINT ON,DATA,GEN
CHKACCSS CSECT
CHKACCSS AMODE 31
CHKACCSS RMODE 24
YREGS # Register readability macro
* SETUP registers and save areas thanks @bigendiansmalls *
MAIN BAKR R14,0 # Save regs linkage stack
M1 LR R12,R15 # R15 Program base into R12 for
USING MAIN,R12 # R12 for addressability
DS 0H # Halfword boundaries
* Open SYSPRINT
OPEN (SYSPRINT,(OUTPUT))
PUTMSG PUT SYSPRINT,MSGLIST1
APFTIME DS 0H # LETS DO THIS!
MVC APAALEN,=AL4(4096) # Assume length is 4K
L R2,APAALEN # Put that in R2
GETMAIN RU,LV=(R2) # Get storage for answer area
ST R1,APAA@ # Save answer area address
L R4,APAA@ # Get answer area address
*
* The CSVAPF macro is used in LIST mode to get a list of APF
* authorized libraries. It maps to CSVAPFAA
*
GETAPF CSVAPF REQUEST=LIST,ANSAREA=(R4),ANSLEN=APAALEN, x
RETCODE=LRETCODE,RSNCODE=LRSNCODE
*
* We check a few things here
* 1. Is the return code 0?
* 2. Did we get a WARNING (RC 04)?
* 3. Maybe we didn't have enough space (CSVAPFRSNNOTALLDATARETURNED)?
*
CLC LRETCODE,=AL4(CSVAPFRC_OK) # Return code 0?
CHECK1 BE LISTAPF # Yes, process data
CLC LRETCODE,=AL4(CSVAPFRC_WARN) # If it wasn't 0
* maybe it was a warning?
CHECK2 BNE ERROR # Nope, it was an error
NC LRSNCODE,=AL4(CSVAPFRSNCODEMASK) # Clear high order bit
* Now we check if maybe 4096 wasn't enough space
CLC LRSNCODE,=AL4(CSVAPFRSNNOTALLDATARETURNED)
CHECK3 BNE ERRORD # WELP it wasnt that either, dang
L R3,APAALEN # Get current length
L R2,APFHTLEN-APFHDR(R4) # Get required length
ST R2,APAALEN # Save total required length
FREEMAIN RU,LV=(R3),A=(R4) # Free previous area
GETMAIN RU,LV=(R2) # Get storage for answer area
ST R1,APAA@ # Save answer area address
B GETAPF # Re-do LIST request
ERRORD DS 0H # Process other return codes
PUT SYSPRINT,ERRORMSG # Print the error message
B EXITP # Go to EXITP
LISTAPF DS 0H # We've made it
L R10,APAA@ # Put the location of APAA@ in R10
USING APFHDR,R10 # And now we can address it
PUT SYSPRINT,MSGLIST2
RECORDS L R5,APFH#REC # R5 is the Number of records
LR R11,R10 # Put R10 in to R11
A R11,APFHOFF # Add the offset R11 now points at APFE
USING APFE,R11 # And now we can address it
* At this point:
* R5 contains the number of records
* Using BCT and R5 we can now loop through them all
* For each ot them we're going to check access
PUT SYSPRINT,MSGLIST3
HEADER PUT SYSPRINT,MSGLIST4
LOOPED MVC APFDSN,APFEDSNAME # APFDSN is the dataset name
MVC APFVOL,APFEVOLUME # APFVOL is the volume
MVC PRINTIT+10(6),APFEVOLUME # Prep PRINTIT with the vol
MVC PRINTIT+19(44),APFEDSNAME # Prep PRINTIT with DSN
MVI PRINTIT+8,C'|' # Table borders
MVI PRINTIT+17,C'|' # Table borders
*
* So we've got the dataset in APFDSN and volume in APFVOL
* Next we use the RACROUTE macro to check our access to this
* dataset
*
SAFCHK RACROUTE REQUEST=AUTH, x
RELEASE=1.9, x
STATUS=ACCESS, x
CLASS='DATASET', x
ATTR=UPDATE, x
ENTITY=APFDSN,VOLSER=APFVOL, x
WORKA=SAFWORKA
LM R3,R4,SAFCHK+4 # Save Return Code, Rsn Code in R3/R4
*
* SAF Return Codes (when R15 is 0 and R3 is x14)
* R4 is one of the following:
* x0 = No Access
* x4 = READ
* x8 = UPDATE
* xC = CONTROL (same as UPDATE on non-vsam datasets thanks EM)
* x10 = ALTER
*
CHECKRTN DS 0H # Check SAF Return Code in R15
C R15,=F'0' # If its zero check RACF RC
BE CHECKACS
C R15,=F'4' # Otherwise is the SAF RC 4?
BNE ERROR # Its not? Then its 8 or 64 and thats bad
C R3,=F'4' # The specified resource is not protected
BNE NOACCESS # We get no access (if rc is 8)
MVC PRINTIT(7),NOTPROTA
B PRINTMSG # Print not protected message
CHECKACS DS 0H
C R3,=F'20' # Is the SAF return code 0x14?
BNE ERROR # No? Then we dont care
NOACCESS C R4,=F'0' # Check if we have no access
BNE READ # We dont? try READ
MVC PRINTIT(7),NONEA # We are, so print our access
B PRINTMSG # Go to PRINTMSG
READ C R4,=F'4' # Check if we have READ access
BNE UPDATE
MVC PRINTIT(7),READA
B PRINTMSG
UPDATE C R4,=F'8' # Check if we have UPDATE access XD
BNE CONTROL
MVC PRINTIT(7),UPDATEA
B PRINTMSG
CONTROL C R4,=F'12' # Check if we have CONTROL access O_o
BNE ALTER
MVC PRINTIT(7),CONTROLA
B PRINTMSG
ALTER C R4,=F'16' # Check if we have ALTER access >:O
BNE WHATTHE
MVC PRINTIT(7),ALTERA
B PRINTMSG
WHATTHE MVC PRINTIT(7),WHATA # I have no idea what i'm doing
PRINTMSG PUT SYSPRINT,PRINTITL
B NEXT
ERROR PUT SYSPRINT,ERRORMSG
NEXT AH R11,APFELEN # Advance R11 to the next entry
BCT R5,LOOPED # Subtract 1 from R5 and go to LOOPED
EXITP DS 0H # We're done lets exit
CLOSE (SYSPRINT)
XR R15,R15 # zero return code
PR , # Return to caller
*
* FILE AND WORK AREA DEFINITIONS
*
LTORG ,
APFDSN DS CL44 # APF Dataset Name
APFVOL DS CL6 # APF Volume
DELETED DS CL1 # If the first char is 0x00 the DSN is deleted
DS 0F
MSGLIST1 DC AL2((L'MSGDATA1)+4)
DC H'0'
MSGDATA1 DC C'*** Gathering data'
DS 0H
MSGLIST2 DC AL2((L'MSGDATA2)+4)
DC H'0'
MSGDATA2 DC C'*** Listing APF'
DS 0H
MSGLIST3 DC AL2((L'MSGDATA3)+4)
DC H'0'
MSGDATA3 DC C'*** Checking Access'
DS 0H
MSGLIST4 DC AL2((L'MSGDATA4)+4)
DC H'0'
MSGDATA4 DC C'ACCESS | VOLUME | DATASET'
DS 0H
DIVIDER DC C'|'
PRINTITL DC XL4'00500000'
PRINTIT DS CL80
NONEA DC C'NONE ' # No Access :( :(
READA DC C'READ ' # Read Access :(
UPDATEA DC C'UPDATE ' # Update Access!
CONTROLA DC C'CONTROL' # Control Access
ALTERA DC C'ALTER ' # Alter Access
WHATA DC C'RC N/A ' # Weird Return Code?
NOTPROTA DC C'NOTPROT' # The dataset is not protected by RACF
OUTPUTA DS CL(L'CONTROLA)
SAFWORKA DS CL512
APAA@ DS A # Address of APF answer area
APAALEN DS A # Length of APF answer area
LRETCODE DS F # Return code
LRSNCODE DS F # Reason code
ERRORMSG DC AL2((L'ERRORDAT)+4)
DC H'0'
ERRORDAT DC C'ERROR: You done fucked up'
SYSPRINT DCB DDNAME=SYSPRINT, dcb for output file X
DSORG=PS, X
MACRF=PM, X
RECFM=VB, X
LRECL=132 128 + 4 for rdw
CSVAPFAA , # Include CSVAPFAA mapping
DROP R12 # Drop Addressability
DROP R10
DROP R11
END MAIN # Peace owt
//LINK EXEC PGM=IEWL,COND=(0,NE),PARM='XREF,LET,LIST,NCAL'
//SYSLMOD DD DISP=SHR,DSN=&LOADLIB(&LOADMOD.)
//SYSUT1 DD UNIT=SYSDA,SPACE=(1024,(50,20))
//SYSPRINT DD SYSOUT=*
//SYSLIN DD DISP=OLD,DSN=*.ASM.SYSLIN
//*
//GO EXEC PGM=&LOADMOD.,COND=(0,NE)
//STEPLIB DD DISP=SHR,DSN=&LOADLIB
//SYSPRINT DD SYSOUT=*
//*