ISREDIT MACRO       /* CARM0526 VIEW DSMON(RACSPT)  */
 
/* 01/06/2006 JL.NELSON Created to write out global FINDINGS
/* 01/06/2006 JL.NELSON Wrote code for RACF0660
/* 10/13/2009 CL.FENTON Changed list of trusted STC users.
/* 03/15/2011 CL.FENTON Added GSKSRVR to list of trusted STC users.
/* 09/12/2011 CL.FENTON Added analysis for Zxxx0032 PDIs, CSD-AR002893724.
/*            And minor changes in output format.
/* 04/26/2012 CL.FENTON Corrected possible error of STC mbr and Userid
/*            not matching and using ** resource default.  Problem
/*            found when making corrections for CSD-AR003392779.
/* 01/02/2013 CL.FENTON Corrected 588 error by processing to "(ICHRIN03):"
/*            instead of the last line, STS-001483.
/* 04/11/2016 CL.FENTON Removed APPC started tasks from trusted started
/*            task list and added ACF2, ACFBKUP, TSS, TSSB, TSSBKUP, and
/*            TSSRESTN, STS-013764.
/* 02/05/2018 CL.FENTON Added CEA as trusted started task for RACF0660,
/*            STS-019223.
 
SET PGMNAME = &STR(CARM0526 02/05/18)
 
NGLOBAL PGMNAME RETURN_CODE PDIID PDIMBR ZERRSM TABLEID
 
SET SYSPROMPT = OFF                /* CONTROL NOPROMPT          */
SET SYSFLUSH  = OFF                /* CONTROL NOFLUSH           */
SET SYSASIS   = ON                 /* CONTROL ASIS - caps off   */
 
/* ERROR ROUTINE */
ERROR DO
  SET RETURN_CODE = &LASTCC          /* SAVE LAST ERROR CODE */
  IF &LASTCC GE 16 THEN +
    WRITE &PGMNAME LASTCC = &LASTCC &ZERRLM
  RETURN
  END
 
/* *************************************** */
/* VARIABLES ARE PASSED TO THIS MACRO      */
/* CONSLIST                                */
/* COMLIST                                 */
/* SYMLIST                                 */
/* TERMMSGS                                */
/* *************************************** */
 
SET RETURN_CODE = 0
 
ISPEXEC VGET ( +
  CONSLIST     +
  COMLIST      +
  SYMLIST      +
  TERMMSGS     +
  TABLEID      +
  PDIID        +
  PDIMBR       +
  TYPERUN      +
  ) ASIS
 
SET RM526VG  = &RETURN_CODE
IF &RETURN_CODE NE 0 THEN DO
  WRITE &PGMNAME VGET RC = &RETURN_CODE  &ZERRSM
  WRITE &PGMNAME CONSLIST/&CONSLIST COMLIST/&COMLIST SYMLIST/&SYMLIST +
    TERMMSGS/&TERMMSGS
  WRITE &PGMNAME PDIID/&PDIID PDIMBR/&PDIMBR +
    TYPERUN/&TYPERUN
  SET RETURN_CODE = &RETURN_CODE + 16
  GOTO ERR_EXIT
  END
 
/* *************************************** */
/* TURN ON MESSAGES                        */
/* *************************************** */
 
SET SYSSYMLIST = &SYMLIST          /* CONTROL SYMLIST/NOSYMLIST */
SET SYSCONLIST = &CONSLIST         /* CONTROL CONLIST/NOCONLIST */
SET SYSLIST    = &COMLIST          /* CONTROL LIST/NOLIST       */
SET SYSMSG     = &TERMMSGS         /* CONTROL MSG/NOMSG         */
 
ISREDIT (DSMONMBR) = MEMBER
ISREDIT (DSNAME) = DATASET
 
ISREDIT (LASTLINE) = LINENUM .ZLAST
 
ISREDIT FIND "(ICHRIN03):"
 
IF &RETURN_CODE NE 0 THEN DO
  WRITE &PGMNAME FIND (ICHRIN03): &RETURN_CODE
  GOTO END_EXIT
  END
 
ISREDIT (LASTLINE) = CURSOR
 
 
SET BLANK = &STR( )
 
SET LP = &STR((
SET RP = )
 
IF &PDIMBR NE RACF0660 THEN GOTO END_EXIT
 
SET RACF0660 = 0
SET RETURN_CODE = 0
SET CNT = 0
 
ISREDIT CURSOR = 1 0
 
ISREDIT FIND ' TRUSTED '
 
IF &RETURN_CODE NE 0 THEN DO
  WRITE &PGMNAME FIND TRUSTED RC = &RETURN_CODE  &ZERRSM
  SET RETURN_CODE = &RETURN_CODE + 16
  GOTO ERR_EXIT
  END
 
ISREDIT (CURLINE) = LINENUM .ZCSR
 
/* *************************************** */
/* READ LOOP                               */
/* *************************************** */
 
NEXT_PROFILE: +
SET RETURN_CODE = 0
SET CURLINE = &CURLINE + 1
 
IF &CURLINE GT &LASTLINE THEN GOTO END_PROFILE
 
ISREDIT (DATA) = LINE &CURLINE
 
IF &STR(YES) NE &SUBSTR(61:63,&NRSTR(&DATA)) THEN +
  GOTO NEXT_PROFILE
 
SET PROFILE = &SUBSTR(02:23,&NRSTR(&DATA))
SET USER    = &SUBSTR(25:32,&NRSTR(&DATA))
SET GROUP   = &SUBSTR(37:44,&NRSTR(&DATA))
SET TRUSTED = &SUBSTR(61:63,&NRSTR(&DATA))
 
SET CNT     = &CNT + 1
SET STC&CNT = &STR(&PROFILE USER&LP.&USER.&RP  GROUP&LP.&GROUP.&RP +
      TRUSTED&LP.&TRUSTED.&RP )
 
SET STCNAME = &STR( )
IF &SYSINDEX(&STR(=),&STR(&USER)) EQ 0 THEN DO
  SET X = &SYSINDEX(&STR( ),&STR(&USER ))
  IF &X-1 GT 1 THEN +
    SET STCNAME = &SUBSTR(1:&X-1,&STR(&USER))
  END
ELSE DO
  SET X = &SYSINDEX(&STR(.),&NRSTR(&PROFILE))
  IF &X EQ 0 THEN +
    SET X = &SYSINDEX(&STR(*),&NRSTR(&PROFILE))
  IF &X EQ 0 THEN +
    SET X = &SYSINDEX(&STR( ),&NRSTR(&PROFILE))
  IF &X-1 GT 1 THEN +
    SET STCNAME = &SUBSTR(1:&X-1,&STR(&PROFILE))
  END
 
SELECT &STR(&STCNAME)
   WHEN (ACFBKUP)  GOTO NEXT_PROFILE
   WHEN (ACF2)     GOTO NEXT_PROFILE
/* WHEN (APPC)     GOTO NEXT_PROFILE
   WHEN (APSWPROA) GOTO NEXT_PROFILE
   WHEN (APSWPROB) GOTO NEXT_PROFILE
   WHEN (APSWPROC) GOTO NEXT_PROFILE
   WHEN (APSWPROM) GOTO NEXT_PROFILE
   WHEN (APSWPROT) GOTO NEXT_PROFILE
   WHEN (CATALOG)  GOTO NEXT_PROFILE
   WHEN (CEA)      GOTO NEXT_PROFILE
   WHEN (CONSOLE)  GOTO NEXT_PROFILE
   WHEN (DFHSM)    GOTO NEXT_PROFILE
   WHEN (DFSMSHSM) GOTO NEXT_PROFILE
   WHEN (DFS)      GOTO NEXT_PROFILE
   WHEN (DUMPSRV)  GOTO NEXT_PROFILE
   WHEN (GPMSERVE) GOTO NEXT_PROFILE
   WHEN (GSKSRVR)  GOTO NEXT_PROFILE
   WHEN (IEEVMPCR) GOTO NEXT_PROFILE
   WHEN (IOSAS)    GOTO NEXT_PROFILE
   WHEN (IXGLOGR)  GOTO NEXT_PROFILE
   WHEN (JESXCF)   GOTO NEXT_PROFILE
   WHEN (JES2)     GOTO NEXT_PROFILE
   WHEN (JES3)     GOTO NEXT_PROFILE
   WHEN (LLA)      GOTO NEXT_PROFILE
   WHEN (NFS)      GOTO NEXT_PROFILE
   WHEN (OMVS)     GOTO NEXT_PROFILE
   WHEN (OMVSKERN) GOTO NEXT_PROFILE
   WHEN (RACF)     GOTO NEXT_PROFILE
   WHEN (RMF)      GOTO NEXT_PROFILE
   WHEN (RMFGAT)   GOTO NEXT_PROFILE
   WHEN (SMF)      GOTO NEXT_PROFILE
   WHEN (SMS)      GOTO NEXT_PROFILE
   WHEN (SMSRESTN) GOTO NEXT_PROFILE
   WHEN (SMSRESTR) GOTO NEXT_PROFILE
   WHEN (SMSVSAM)  GOTO NEXT_PROFILE
   WHEN (TCPIP)    GOTO NEXT_PROFILE
   WHEN (TSS)      GOTO NEXT_PROFILE
   WHEN (TSSB)     GOTO NEXT_PROFILE
   WHEN (TSSBKUP)  GOTO NEXT_PROFILE
   WHEN (TSSRESTN) GOTO NEXT_PROFILE
   WHEN (VLF)      GOTO NEXT_PROFILE
   WHEN (VTAM)     GOTO NEXT_PROFILE
   WHEN (XCFAS)    GOTO NEXT_PROFILE
   WHEN (ZFS)      GOTO NEXT_PROFILE
   END
 
IF &RACF0660 EQ 0 THEN DO
  SET AC = &STR(The following started task&LP.s&RP defined as +
    trusted is &LP.are&RP not justified.)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  END
 
SET RACF0660 = &RACF0660 + 1
 
SET STC0 = &&STC&CNT
SET AC = &STR(     &STC0 )
ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
  DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
GOTO NEXT_PROFILE
 
 
END_PROFILE: +
SET RETURN_CODE = 0
 
IF &RACF0660 EQ 0 THEN DO
  SET AC = &STR(Not a Finding )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  IF &CNT EQ 0 THEN DO
    SET AC = &STR(No TRUSTED entries in the STARTED PROCEDURES TABLE +
      were found.)
    ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
      DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
    END
  ELSE DO
    DO I = 1 TO &CNT
      SET STC0 = &&STC&I
      SET AC = &STR(     &STC0 )
      ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
        DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
      END
 
    SET AC = &STR( )
    ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
      DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
    SET AC = &STR(All TRUSTED entries in the STARTED PROCEDURES TABLE +
      are approved.)
    ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
      DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
    END
  END
ELSE DO
  SET AC = &STR( )
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
 
  SET AC = &STR(DISA recommendation: Ensure that only trusted STCs +
    have the TRUSTED flag enabled.)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  END
 
SYSCALL ADD_MEMBER
 
 
/* *************************************** */
/* END of program                          */
/* *************************************** */
SET RETURN_CODE = 0
 
ISPEXEC LMMFIND DATAID(&TABLEID) MEMBER(CACTSTCS)
 
IF &RETURN_CODE GT 0 THEN DO
  WRITE &PGMNAME LMMFIND TABLE CACTSTCS &RETURN_CODE
  GOTO END_EXIT
  END
 
ISREDIT FIND ' TRUSTED ' FIRST
 
ISREDIT (STRLINE) = LINENUM .ZCSR
SET STRLINE = &STRLINE + 2
 
ISREDIT FIND "(ICHRIN03):"
 
IF &RETURN_CODE NE 0 THEN DO
  WRITE &PGMNAME FIND (ICHRIN03): &RETURN_CODE
  GOTO END_EXIT
  END
 
ISREDIT (LASTLINE) = CURSOR
 
SET PDIMBR =
SET LIST =
SET ERR = 0
 
PROCESS_STC_LIST: +
SET RETURN_CODE = 0
 
ISPEXEC LMGET DATAID(&TABLEID) MODE(INVAR) DATALOC(TREC) +
  MAXLEN(80) DATALEN(LRECL)
 
IF &RETURN_CODE GT 0 THEN DO
  IF &ERR EQ 0 AND +
     &STR(&PDIMBR) NE &STR( ) THEN DO
    SET AC = &STR(Not a Finding )
    ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
      DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
    SET AC = &STR( )
    ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
      DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
    DO X = 1 TO &LENGTH(&LIST)
      SET Y = &SYSINDEX(&STR(@),&LIST,&X)
      SET AC = &SUBSTR(&X:&Y-1,&LIST)
      ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
        DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
      SET X = &Y
    END
    END
  SET LIST =
  SYSCALL ADD_MEMBER
  GOTO END_EXIT
  END
 
SET PDIM = &SUBSTR(1:8,&NRSTR(&TREC))
IF &PDIM NE &PDIMBR THEN DO
  IF &ERR EQ 0 AND +
     &STR(&PDIMBR) NE &STR( ) THEN DO
    SET AC = &STR(Not a Finding )
    ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
      DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
    SET AC = &STR( )
    ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
      DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
    DO X = 1 TO &LENGTH(&LIST)
      SET Y = &SYSINDEX(&STR(@),&LIST,&X)
      SET AC = &SUBSTR(&X:&Y-1,&LIST)
      ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
        DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
      SET X = &Y
    END
    END
  SET LIST =
  SYSCALL ADD_MEMBER
  SET PDIMBR EQ &PDIM
  SET ERR = 0
  END
 
SET STCMBR = &SUBSTR(9:16,&NRSTR(&TREC))
SET X = &SYSINDEX(&STR( ),&NRSTR(&STCMBR )) - 1
SET STCMBR = &SUBSTR(1:&X,&NRSTR(&STCMBR))
SET USERID = &SUBSTR(17:24,&NRSTR(&TREC))
SET X = &SYSINDEX(&STR( ),&NRSTR(&USERID )) - 1
SET USERID = &SUBSTR(1:&X,&NRSTR(&USERID))
 
SET FOUND =
DO CURLINE = &STRLINE TO &LASTLINE
  ISREDIT (DATA) = LINE &CURLINE
  SET PROFILE = &SUBSTR(02:23,&NRSTR(&DATA))
  SET USER    = &SUBSTR(25:32,&NRSTR(&DATA))
  IF &SYSINDEX(&STR(&STCMBR..),&NRSTR(&PROFILE)) EQ 1 THEN +
    IF &NRSTR(&USERID) EQ &NRSTR(&USER) OR +
      (&NRSTR(&USER) EQ &STR(=MEMBER) AND +
       &NRSTR(&STCMBR) EQ &NRSTR(&USERID) ) THEN DO
      SET FOUND = X
      SET CURLINE = &LASTLINE
      END
    ELSE
  ELSE +
    IF &SUBSTR(1,&NRSTR(&PROFILE)) EQ &STR(*) AND +
       &NRSTR(&USER) EQ &STR(=MEMBER) AND +
       &NRSTR(&STCMBR) EQ &NRSTR(&USERID) THEN DO
      SET X = &SYSINDEX(&STR( ),&NRSTR(&PROFILE )) - 1
      SET PROFILE = &SUBSTR(1:&X,&NRSTR(&PROFILE))
      SET X = &SYSINDEX(&STR( ),&NRSTR(&USER )) - 1
      SET USER = &SUBSTR(1:&X,&NRSTR(&USER))
      WRITE &PGMNAME Started Task &STCMBR for user &USERID is +
        using the default of &PROFILE with user of &USER..
      SET FOUND = X
      SET CURLINE = &LASTLINE
      END
    ELSE DO
      SET FOUND = X
      DO X = 1 TO 8
        IF &SUBSTR(&X,&NRSTR(&PROFILE)) NE +
           &SUBSTR(&X,&NRSTR(&STCMBR  )) THEN DO
          SET FOUND =
          SET X = 8
          END
      END
      IF &FOUND EQ &STR(X) AND +
         &NRSTR(&USERID) EQ &NRSTR(&USER) THEN +
        SET CURLINE = &LASTLINE
       ELSE +
         SET FOUND =
      END
END
IF &STR(&FOUND) EQ &STR( ) THEN DO
  IF &ERR EQ 0 THEN DO
    SET AC = &STR(The Product started task(s) is(are) improperly +
      defined to the started resource class:)
 
    ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
      DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
    SET AC = &STR( )
    ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
      DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
    END
  SET AC = &STR(     &STCMBR for user &USERID..)
  ISPEXEC LMPUT DATAID(&PDIID) MODE(INVAR) DATALOC(AC) +
    DATALEN(&LENGTH(&NRSTR(&AC))) MEMBER(&PDIMBR)
  SET ERR = &ERR + 1
  END
SET LIST = &LIST&STR(Found &STCMBR for user &USERID..@)
 
GOTO PROCESS_STC_LIST
 
 
END_EXIT: +
SET RETURN_CODE = 0
 
ERR_EXIT: +
IF &MAXCC GE 16 OR +
   &RETURN_CODE GT 0 THEN DO
  ISPEXEC VGET (ZISPFRC) SHARED
  IF &MAXCC GT &ZISPFRC THEN +
    SET ZISPFRC = &MAXCC
  ELSE +
    SET ZISPFRC = &RETURN_CODE
  ISPEXEC VPUT (ZISPFRC) SHARED
  WRITE &PGMNAME ZISPFRC = &ZISPFRC
  END
 
SET RM526RC = &RETURN_CODE
 
ISPEXEC VPUT ( +
  RM526VG      +
  RM526RC      +
  ) ASIS
 
ISREDIT END
 
EXIT CODE(0)
ISREDIT MEND
 
 
/* *************************************** */
/*  SYSCALL SUBROUTINES                    */
/* *************************************** */
 
ADD_MEMBER: PROC 0
 
IF &NRSTR(&PDIMBR) EQ &STR( ) THEN +
  RETURN CODE(0)
 
SET ZEDSMSG = FINISHED
SET ZEDLMSG = &STR(Finished processing &PDIMBR.)
ISPEXEC LOG MSG(ISRZ000)
 
SET RETURN_CODE = 0
 
ISPEXEC LMMADD DATAID(&PDIID) MEMBER(&PDIMBR)
 
IF &RETURN_CODE EQ 4 THEN DO          /* MEMBER ALREADY EXISTS
  SET RETURN_CODE = 0
 
  ISPEXEC LMMREP DATAID(&PDIID) MEMBER(&PDIMBR)
 
  IF &RETURN_CODE NE 0 THEN DO
    WRITE &PGMNAME LMMREP_PDI_RCODE = &RETURN_CODE &PDIMBR  &ZERRSM
    END
  END
ELSE DO
  IF &RETURN_CODE NE 0 THEN +
    WRITE &PGMNAME LMMADD_PDI_RCODE = &RETURN_CODE &PDIMBR  &ZERRSM
  END
END
