VISION:Inform Password Exit Facility
Article ID: 55649
Updated On:
Products
Issue/Introduction
How to set up the profile exit facility to process passwords for your users?
Resolution
The VISION:Inform Profile Exit facility can be set up to process passwords for your users. This is especially useful if you require password validation processes to interface with your in-house security system (ACF2, Top Secret, RACF, and so on).
To activate the password validation function of the Profile Exit facility, you must specify the PASSWDX=YES keyword in the VISION:Inform parameter module, PARMBLK. With this option specified, the Profile Exit will be invoked one additional time during the VISION:Inform logon process, just before it processes the user-entered password.
The user exit password verification can either completely replace the VISION:Inform password checking or can be done in addition to VISION:Inform password checking. The parameters passed to the profile exit routine for password verification are:
- The address of a 6-byte character field containing the value PASSWD.
- The address of an 8-byte character field containing the input user ID.
- The address of an 8-byte character field containing the input password.
- The address of a 1-byte flag identifying the calling client, which is one of these:
- VISION:Inform Batch Simulator (x'40')
- VISION:Inform 3270 (x'20)
- VISION:Journey 1.7 or earlier (x'10)
- VISION:Journey 2.0 or later (x'08')
The user exit for the PASSWD call communicates its results by setting the contents of Register 15 to one of the following values prior to returning to VISION:Inform:
- 0 - Indicates the password is acceptable and that VISION:Inform should bypass its password verification.
- 4 - Indicates the password is acceptable and that VISION:Inform should also perform its password verification.
- 8 - Indicates the password is invalid and that VISION:Inform should issue an error indicating the password is invalid. VISION:Inform will not allow the user to log on in this instance.
This feature, available now with Release 4.0, contains the same functionality provided by the previously issued RSMs: RSM 2.0/2.1-112, and RSM 3.1-101. If you are running an earlier release of the product with one of these RSM's applied, you now have available, in Release 4.0, the same functionality without the need for applying a Restricted System Modification. Additional information on the VISION:Inform Profile Exit facility is located in the Advantage VISION:Inform Installation Guide, Appendix B.
Sample Assembler code for an exit that passes the VISION:Inform password to RACF for processing is shown below:
PX TITLE 'PROEXITR -- VISION:INFORM R4.0'
PROEXITR CSECT
*
* PROEXITR IS A USER-WRITTEN INTERFACE PROGRAM USED THAT
* RECEIVES CONTROL WHEN A USER SIGNS ON (LOGON) AND SIGNS OFF
* OFF (LOGOFF) OF INFORM. OPTIONALLY, THIS PROGRAM CAN
* RECEIVE CONTROL FOR PASSWORD CHECKING PROVIDED A SPECIAL
* SYSTEM MODIFICATION IS APPLIED.
*
* FOR LOGON, THIS EXIT IS CALLED FOR EACH DATABASE THAT THE
* USER CAN ACCESS.
* FOR LOGOFF OR PASSWORD CHECKING, THE EXIT IS CALLED ONCE.
*
* PARAMETER LIST DESCRIPTION
* --------------------------
* THE FIRST PARAMETER CONTAINS THE TYPE OF CALL AS FOLLOWS:
*
* PXTYPE DS CL6 INPUT TYPE OF CALL. CONTAINS THE
* VALUE 'LOGON ', 'LOGOFF',
* OR 'PASSWD'.
*
* THE REMAINING PARAMETERS DEPEND ON THE TYPE OF CALL.
*
* FOR A CALL TYPE OF 'LOGON ' OR 'LOGOFF':
* PXUSERID DS CL8 INPUT USERID
* PXDBNAME DS CL8 INPUT DATABASE NAME (LOGON ONLY)
* PXSELECT DS 10CL79 OUTPUT SELECT STMT (LOGON ONLY)
* PXID DS CL30 OUTPUT ID FIELD (LOGON ONLY)
*
* FOR A CALL TYPE OF 'PASSWD':
* PXUSERID DS CL8 INPUT USERID
* PXPASSWD DS CL8 INPUT PASSWORD ENTERED
* PXCLIENT DS FL1 INPUT CLIENT TYPE FLAG
* PXINTACC EQU X'80' INTRACCESS CLIENT
* PXBATCH EQU X'40' BATCH SIMULATOR (GORAZ)
* PX3270 EQU X'20' 3270 (CICS/IMS) CLIENT
* PXJRNY17 EQU X'10' JOURNEY REL 1.7 OR LOWER
* PXJRNY20 EQU X'08' JOURNEY REL 2.0 OR HIGHER
*
*
*P REGISTER 15 = 0 OUTPUT PASSWORD ACCEPTABLE
*P = 4 VISION:INFORM CHECKS PASSWD
*P = ANYTHING ELSE ISSUE PASSWD ERROR MESSAGE
*
USING *,R12 ESTABLISH ADDRESSABILITY
STM R14,R12,12(R13) SAVE REGISTERS
LR R12,R15 BASE REGISTER
LR R2,R1 GET ADDR OF RETURN AREAS
USING PXPRMLST,R2 PARM LIST DSECT
L R3,PXTYPEAD LOCATE TYPE FROM INPUT
CLC 0(6,R3),=CL6'LOGON' IS THIS A LOGON?
BNE PX100 NO - KEEP GOING
LA R15,4 LET VISION:INFORM PROCESS IT
B PX950 GO RETURN
PX100 DS 0H
CLC 0(6,R3),=CL6'LOGOFF' IS THIS A LOGOFF?
BNE PX200 NO - KEEP GOING
LA R15,4 LET VISION:INFORM PROCESS IT
B PX950 AND EXIT
PX200 DS 0H
CLC 0(6,R3),=CL6'PASSWD' IS THIS A PASSWORD?
BNE PX800 NO - INVALID ENTRY INTO EXIT
L R4,=A(PXDSASIZ) GET SIZE OF WORK AREA (DSA)
GETMAIN RU,LV=(R4),LOC=BELOW GET WORK AREA (DSA)
ST R13,4(,R1) SET BKWD SAVE AREA LINK
ST R1,8(,R13) SET FWD SAVE AREA LINK
USING PXDSA,R13 ##### - PXDSA
LR R13,R1 SAVE AREA BASE REG
L R5,PXCLNTAD GET ADDR OF CLIENT ID FLAG
MVC PXCLIENT,0(R5) MOVE CLIENT ID TO WORK AREA
TM PXCLIENT,PXBATCH BATCH RUN ?
BNO PX300 NO -- DO INFORM CHECKING
MVC RACLISTD(RACLSTLN),RACLST ELSE COPY TO DYNAMIC STORAGE
L R3,PXUSERAD ADDR OF USERID
L R4,PXPSWDAD ADDR OF PASSWORD
RACROUTE REQUEST=VERIFY,ENVIR=CREATE,ACEE=PXACEE, X
USERID=(R3),PASSWRD=(R4),WORKA=PXRACWRK, X
MF=(E,RACLISTD)
LTR R15,R15 RETURN CODE OKAY?
BNZ PX280 NO - ERROR
L R1,PXACEE LOAD ACEE ADDRESS
LTR R1,R1 ZERO?
BZ PX210 =ES - DELET
RACROUTE REQUEST=VERIFY,ENVIR=DELETE,ACEE=PXACEE, X
WORKA=PXRACWRK,MF=(E,RACLISTD)
PX210 DS 0H
LA R15,0 TELL INFORM OKAY -
B PX900 (NO INFORM CHECK)
PX280 DS 0H
LA R15,8 ERROR - BAD PASSWORD
B PX900
PX300 DS 0H
LA R15,4 LET INFORM CHECK IT
B PX900
PX800 DC F'0' INVALID ENTRY INTO EXIT
PX900 DS 0H
LR R1,R13 GET ADDR OF WORK AREA (DSA)
L R4,=A(PXDSASIZ) GET SIZE OF WORK AREA (DSA)
L R13,4(R13) RESTORE CALLER'S SAVE AREA
FREEMAIN RU,LV=(R4),A=(R1) FREE WORK AREA
PX950 DS 0H
L R14,12(,R13) RESTORE ALL REGS EXCEPT R15
LM R0,R12,20(R13) {R15 HAS THE RETURN CODE)
BR R14 RETURN TO CALLER
LTORG
R0 EQU 0
R1 EQU 1
R2 EQU 2
R3 EQU 3
R4 EQU 4
R5 EQU 5
R6 EQU 6
R7 EQU 7
R8 EQU 8
R9 EQU 9
R10 EQU 10
R11 EQU 11
R12 EQU 12
R13 EQU 13
R14 EQU 14
R15 EQU 15
*
RACLST RACROUTE REQUEST=VERIFY,ENVIR=CREATE,ACEE=0, X
USERID=0,PASSWRD=0,WORKA=0,MF=L
RACLSTLN EQU *-RACLST
*
PXDSA DSECT
PXSAV DS 9D REGISTER SAVE AREA
PXCLIENT DS FL1 INPUT CLIENT TYPE FLAG
PXINTACC EQU X'80' INTRACCESS CLIENT
PXBATCH EQU X'40' BATCH SIMULATOR (GORAZ)
PX3270 EQU X'20' 3270 (CICS/IMS) CLIENT
PXJRNY17 EQU X'10' JOURNEY REL 1.7 OR LOWER
PXJRNY20 EQU X'08' JOURNEY REL 2.0 OR HIGHER
*
PXACEE DS F ACEE ADDRESS
*
PXRACWRK DS CL512 MVS ROUTER AND RACF WORK AREA
*
RACLISTD DS XL(RACLSTLN) RACROUTE PARM LIST
*
PXDSASIZ EQU *-PXDSA
PXPRMLST DSECT
PXTYPEAD DS A ADDR OF EXIT TYPE
PXUSERAD DS A ADDR OF USERID
PXPSWDAD DS A ADDR OF PASSWD
PXCLNTAD DS A ADDR OF CLIENT ID
ENDFeedback
