Skip to content

Commit 6bc55c2

Browse files
Steve-HosieSteve-Hosie
authored
Add files via upload
1 parent 855ea4d commit 6bc55c2

File tree

2 files changed

+738
-0
lines changed

2 files changed

+738
-0
lines changed

cybersecurity-scripts/ACF2/SDSF/SDACFROL.rexx.txt

Lines changed: 369 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,369 @@
1+
/* rexx */
2+
/* */
3+
/* Broadcom has provided this REXX as an example of the */
4+
/* on how to convert RACF cmds from ISRACR SDSF utility */
5+
/* to ACF2 commands with ROLE */
6+
/* */
7+
/* SYNTAX: SDACFROL data_set_name */
8+
/* where "data_set_name" is output of ISFACR utility */
9+
/* */
10+
/* Version 1.0 August 2024 */
11+
/* 1.1 August 23 2024 */
12+
/* 1.2 August 27 2024 */
13+
/* */
14+
/* created by steve hosie 2024 */
15+
/* */
16+
parse arg p1
17+
if length(p1) = 0 then
18+
do
19+
say 'No input dataset provided, please try again'
20+
exit
21+
end
22+
say p1
23+
current_seconds = TIME(S)
24+
last_qual = "D"current_seconds
25+
user = userid()
26+
udsn = user'.ACF.TEMP.'last_qual
27+
udsn = strip(udsn)
28+
udsn = udsn||'.SDSFCMDS'
29+
x = 1
30+
ddname = "A"current_seconds
31+
sdname = "S"current_seconds
32+
/* for testing, otherwise take input P1 as dataset name */
33+
if length(p1) = 0 then
34+
sdsf_dsn='HOSST03.SDSF.TEST.TXT'
35+
else
36+
sdsf_dsn=p1
37+
/* */
38+
say 'Processing file' sdsf_dsn
39+
if sysdsn("'"sdsf_dsn"'") = ok then
40+
"alloc f("sdname") da('"sdsf_dsn"') shr reu"
41+
if sysdsn("'"udsn"'") = OK then
42+
"alloc f("ddname") da('"udsn"') shr reu"
43+
else
44+
"alloc f("ddname") da('"udsn"') NEW SP(100 100)
45+
TR DSORG(PS) RECFM(F B) LRECL(80) "
46+
"execio * diskr "sdname" (stem sdsf_racf. FINIS"
47+
total_racf_records = sdsf_racf.0
48+
sdsf_out.1 = '/* DO NOT RUN WITHOUT REVIEWING FIRST!!!!! */'
49+
sdsf_out.2 = '/* */'
50+
sdsf_out.3 = '/* REVIEW and EDIT as needed */'
51+
sdsf_out.4 = '/* */'
52+
sdsf_out.5 = '/* */'
53+
sdsf_out.6 = 'SET Control(GSO)'
54+
sdsf_out.7 = 'INSERT SAFDEF.SDSF ID(SDSF) MODE(GLOBAL) -'
55+
sdsf_out.8 = 'RACROUTE(REQUEST=AUTH,CLASS=SDSF)'
56+
sdsf_out.9 = 'INSERT SAFDEF.WRITER ID(WRITER) MODE(GLOBAL) -'
57+
sdsf_out.10= 'RACROUTE(REQUEST=AUTH,CLASS=WRITER)'
58+
sdsf_out.11= 'INSERT SAFDEF.JESSPL ID(JESSPL) MODE(GLOBAL) -'
59+
sdsf_out.12= 'RACROUTE(REQUEST=AUTH,CLASS=JESSPOOL) '
60+
sdsf_out.13= 'INSERT SAFDEF.OPRCMDS ID(OPRCMDS) MODE(GLOBAL) -'
61+
sdsf_out.14= 'RACROUTE(REQUEST=AUTH,CLASS=OPERCMDS)'
62+
sdsf_out.15 = 'F ACF2,REFRESH(SAFDEF)'
63+
sdsf_out.16 = 'INSERT CLASMAP.SDSF RESOURCE(SDSF) '
64+
sdsf_out.16 = sdsf_out.16'RSRCTYPE(SDF) ENTITYLN(63)'
65+
sdsf_out.17 = 'INSERT CLASMAP.WRITER RESOURCE(WRITER) '
66+
sdsf_out.17 = sdsf_out.17'RSRCTYPE(WTR) ENTITYLN(39)'
67+
sdsf_out.18 = 'INSERT CLASMAP.JESSPL RESOURCE(JESSPOOL) '
68+
sdsf_out.18 = sdsf_out.18'RSRCTYPE(SPL) ENTITYLN(53)'
69+
sdsf_out.19 = 'INSERT CLASMAP.OPRCMDS RESOURCE(OPERCMDS) '
70+
sdsf_out.19 = sdsf_out.19 'RSRCTYPE(OPR) ENTITYLN(39)'
71+
sdsf_out.20 = 'F ACF2,REFRESH(CLASMAP)'
72+
sdsf_out.21 = 'SET CONTROL(GSO)'
73+
sdsf_out.22 = 'CHANGE INFODIR TYPES(R-RSDF) ADD'
74+
sdsf_out.23 = 'F ACF2,REFRESH(INFODIR)'
75+
sdsf_out.24 = 'F ACF2,REBUILD(SDF)'
76+
y = 24
77+
data_string = "DATA("
78+
owner_string = "OWNER("
79+
g_cnt = 1
80+
do until x > total_racf_records
81+
/* load all GSDSF records into Stem variable */
82+
If ralter = "RALTER" then
83+
do
84+
if substr(sdsf_racf.x,9,5) = 'GSDSF' then
85+
do
86+
ralter_class = substr(sdsf_racf.x,9,5)
87+
ralter_attr = substr(sdsf_racf.x,15,10)
88+
res_name = substr(sdsf_racf.x,26,44)
89+
res_name = substr(res_name,8,44)
90+
res_pos = POS(')',res_name) - 1
91+
res_name = substr(res_name,1,res_pos)
92+
res_name = STRIP(res_name,,')')
93+
res_name_index = index(res_name,'**')
94+
res_name_index_neg = res_name_index - 1
95+
if res_name_index > 0 then
96+
do
97+
res_name = substr(res_name,1,res_name_index_neg)
98+
res_name = res_name||'-'
99+
end
100+
res_name_index = index(res_name,'*.*')
101+
res_name_index_neg = res_name_index - 1
102+
if res_name_index > 0 then
103+
do
104+
res_name = substr(res_name,1,res_name_index_neg)
105+
res_name = res_name||'-.-'
106+
end
107+
res_name_index = index(res_name,'*')
108+
res_name_index_neg = res_name_index - 1
109+
if res_name_index > 0 then
110+
do
111+
res_name = substr(res_name,1,res_name_index_neg)
112+
res_name = res_name||'-'
113+
end
114+
attr.g_cnt = ralter_attr' 'res_name
115+
g_cnt = g_cnt + 1
116+
end
117+
x = x + 1
118+
end
119+
end
120+
/* build X(GRP) insert for attributes */
121+
count = 1
122+
if g_cnt > 0 then
123+
do
124+
line_check = substr(sdsf_racf.x,1,3)
125+
sdsf_out.y = 'SET X(RGP)'
126+
y = y + 1
127+
ralter_attr = substr(attr.count,1,10)
128+
attribute = ralter_attr
129+
sdsf_out.y = 'INSERT 'attribute'RESOURCE TYPE(SDF) INCLUDE ( -'
130+
y = y + 1
131+
do until count > g_cnt
132+
ralter_attr = substr(attr.count,1,10)
133+
if ralter_attr = attribute then
134+
do
135+
ralter_attr = substr(attr.count,1,10)
136+
res_name = substr(attr.count,11,44)
137+
res_name = strip(res_name)
138+
res_name = ' '||res_name
139+
sdsf_out.y = res_name', -'
140+
y = y + 1
141+
end
142+
else
143+
do
144+
back_one = y - 1
145+
sdsf_out.back_one = res_name||')'
146+
attribute = substr(attr.count,1,10)
147+
if count < g_cnt then
148+
do
149+
sdsf_out.y = 'INSERT 'attribute'RESOURCE TYPE(SDF) INCLUDE( -'
150+
y = y + 1
151+
end
152+
end
153+
count = count + 1
154+
end
155+
end
156+
x = 1
157+
do until x > total_racf_records
158+
addgroup = substr(sdsf_racf.x,2,8)
159+
ralter = substr(sdsf_racf.x,2,6)
160+
permit = substr(sdsf_racf.x,2,6)
161+
pos_data = POS('DATA(',sdsf_racf.x)
162+
If addgroup = "ADDGROUP" then
163+
do
164+
sdsf_out.y = 'SET RESOURCE(SDF)'
165+
y = y + 1
166+
pos_owner = INDEX(sdsf_racf.x,' OWNER(')
167+
length_xrole = pos_owner - 12
168+
sdsf_xrole = substr(sdsf_racf.x,12,length_xrole)
169+
sdsf_out.y = 'RECKEY GROUP ADD('sdsf_xrole'.SDSF'
170+
sdsf_out.y = sdsf_out.y' ROLE('sdsf_xrole') SERVICE(READ,EXEC) '
171+
sdsf_out.y = sdsf_out.y'ALLOW)'
172+
y = y + 1
173+
end
174+
If permit = "PERMIT" then
175+
do
176+
if substr(sdsf_racf.x,9,5) = 'ATTR.' then
177+
do
178+
attr_role = substr(sdsf_racf.x,35,8)
179+
attribute = substr(sdsf_racf.x,9,10)
180+
pos_attr = POS(')',attr_role)
181+
if pos_attr > 1 then
182+
do
183+
pos_attr = pos_attr - 1
184+
attr_role = substr(attr_role,1,pos_attr)
185+
end
186+
attr_cmd = substr(sdsf_racf.x,9,9)
187+
access_pos = POS('ACCESS(',sdsf_racf.x)
188+
access_pos = access_pos + 7
189+
attr_access = substr(sdsf_racf.x,access_pos,15)
190+
access_last_pos = LASTPOS(')',sdsf_racf.x)
191+
if access_last_pos > 0 then
192+
do
193+
access_last_pos = access_last_pos - access_pos
194+
attr_access = substr(attr_access,1,access_last_pos)
195+
if attr_access = 'ALTER' then
196+
attr_access = 'ADD,DELETE,UPDATE,READ,EXEC'
197+
else
198+
if attr_access = 'CONTROL' then
199+
attr_access = 'DELETE,UPDATE,READ,EXEC'
200+
else
201+
if attr_access = 'READ' then
202+
attr_access = 'READ,EXEC'
203+
else
204+
if attr_access = 'UPDATE' then
205+
attr_access = 'UPDATE,READ,EXEC'
206+
end
207+
do
208+
sdsf_out.y = 'SET RESOURCE(SDF)'
209+
y = y + 1
210+
sdsf_out.y = 'RECKEY 'attribute'ADD(ROLE('||attr_role
211+
sdsf_out.y = sdsf_out.y||') SERVICE('||attr_access||') ALLOW)'
212+
y = y + 1
213+
end
214+
end
215+
else
216+
/* handle all other permits */
217+
do
218+
class_pos = POS(' CLASS',sdsf_racf.x)
219+
last_resname_char = class_pos - 9
220+
resource_name = substr(sdsf_racf.x,9,last_resname_char)
221+
class_pos = class_pos + 7
222+
res_pos = POS('.',resource_name)
223+
res_start = res_pos + 1
224+
res_neg = res_pos - 1
225+
res_length = length(resource_name)
226+
res_length = res_length - res_pos
227+
res_key = substr(resource_name,1,res_neg)
228+
resname = substr(resource_name,res_start,res_length)
229+
jesname = substr(resource_name,res_start,res_length)
230+
resname_index = index(resname,'**')
231+
resname_index_neg = resname_index - 1
232+
if resname_index > 0 then
233+
do
234+
resname = substr(resname,1,resname_index_neg)
235+
resname = resname||'-'
236+
end
237+
resname_index = index(resname,'*.*')
238+
resname_index_neg = resname_index - 1
239+
if resname_index > 0 then
240+
do
241+
resname = substr(resname,1,resname_index_neg)
242+
resname = resname||'-.-'
243+
end
244+
resname_index = index(resname,'*')
245+
resname_index_neg = resname_index - 1
246+
if resname_index > 0 then
247+
do
248+
resname = substr(resname,1,resname_index_neg)
249+
resname = resname||'-'
250+
end
251+
id_pos = POS(' ID(',sdsf_racf.x)
252+
id_pos_neg = id_pos - class_pos - 1
253+
class = substr(sdsf_racf.x,class_pos,id_pos_neg)
254+
access_pos = POS(') ACCESS(',sdsf_racf.x)
255+
id_pos = POS(') ID(',sdsf_racf.x)
256+
id_pos = id_pos + 5
257+
id_pos_last = access_pos - id_pos
258+
role = substr(sdsf_racf.x,id_pos,id_pos_last)
259+
access_pos = access_pos + 9
260+
access_pos_last = LASTPOS(')',sdsf_racf.x) - access_pos
261+
access = substr(sdsf_racf.x,access_pos,access_pos_last)
262+
if class = 'SDSF' then
263+
class = 'SDF'
264+
if class = 'JESSPOOL' then
265+
class = 'SPL'
266+
if class = 'OPERCMDS' then
267+
class = 'OPR'
268+
if class = 'XFACILIT' then
269+
class = 'XFC'
270+
sdsf_out.y = 'SET RESOURCE('class')'
271+
y = y + 1
272+
if access = 'ALTER' then
273+
access = 'ADD,DELETE,UPDATE,READ,EXEC'
274+
else
275+
if access = 'CONTROL' then
276+
access = 'DELETE,UPDATE,READ,EXEC'
277+
else
278+
if access = 'READ' then
279+
access = 'READ,EXEC'
280+
else
281+
if access = 'UPDATE' then
282+
access = 'UPDATE,READ,EXEC'
283+
If class = 'SPL' then
284+
do
285+
res_key = '********'
286+
sdsf_out.y = '/* */'
287+
y = y + 1
288+
sdsf_out.y = '/* REVIEW AND EDIT THE ******** as needed */'
289+
y = y + 1
290+
sdsf_out.y = '/* REVIEW AND EDIT THE resource name */'
291+
y = y + 1
292+
sdsf_out.y = '/* as needed */'
293+
y = y + 1
294+
sdsf_out.y = '/* */'
295+
y = y + 1
296+
find_asterisk = POS('*',jesname)
297+
length_jesname = length(jesname)
298+
if find_asterisk > 0 then
299+
do
300+
new_jes_name = STRREPLACE(jesname,'*','********')
301+
jesname = new_jes_name
302+
end
303+
sdsf_out.y = 'RECKEY 'res_key' ADD('jesname' ROLE('role' -'
304+
sdsf_out.y = sdsf_out.y||role') SERVICE('access') ALLOW)'
305+
if length(sdsf_out.y) > 71 then
306+
do
307+
sdsf_out.y = 'RECKEY 'res_key' - '
308+
y = y + 1
309+
sdsf_out.y = 'ADD('jesname '-'
310+
y = y + 1
311+
sdsf_out.y = 'ROLE('role') SERVICE('access') ALLOW)'
312+
end
313+
y = y + 1
314+
end
315+
else
316+
do
317+
sdsf_out.y = 'RECKEY 'res_key' ADD('resname' ROLE('
318+
sdsf_out.y = sdsf_out.y||role') SERVICE('access') ALLOW)'
319+
if length(sdsf_out.y) > 71 then
320+
do
321+
sdsf_out.y = 'RECKEY 'res_key' ADD('resname' -'
322+
y = y + 1
323+
sdsf_out.y = 'ROLE('role') SERVICE('access') ALLOW)'
324+
y = y + 1
325+
end
326+
else
327+
y = y + 1
328+
end
329+
end
330+
end
331+
x = x + 1
332+
end
333+
"execio * diskw "ddname" (stem sdsf_out. FINIS"
334+
say 'Processing Completed - Press Enter'
335+
STATUS = MSG('ON')
336+
STATUS = MSG('OFF')
337+
TIM = TIME()
338+
DAT = DATE()
339+
STATUS = MSG('ON')
340+
STATUS = MSG('OFF')
341+
/* call esmtype */
342+
"ISPEXEC EDIT DATASET('"udsn"')"
343+
address tso "free f("sdname")"
344+
address tso "free f("ddname")"
345+
return
346+
address tso "DELETE '"udsn"'"
347+
/* */
348+
/* */
349+
/* A FUNCTION TO DO A STRING REPLACE */
350+
STRREPLACE:
351+
ORIGINAL = ARG(1)
352+
OLDTXT = ARG(2)
353+
NEWTXT = ARG(3)
354+
/* YOU CAN CHANGE THE BELOW KEY (TMPTXT), WHICH IS USED AS A TEMPORARY
355+
POINTER TO IDENTIFY THE TEXT TO BE REPLACED */
356+
TMPTXT = '6A53CD2EW1F'
357+
NEWSTR = ORIGINAL
358+
DO WHILE POS(OLDTXT,NEWSTR) > 0
359+
NEWSTR = SUBSTR(NEWSTR, 1 , POS(OLDTXT,NEWSTR)-1) ||,
360+
TMPTXT || SUBSTR(NEWSTR, POS(OLDTXT,NEWSTR) + LENGTH(OLDTXT))
361+
END
362+
DO WHILE POS(TMPTXT,NEWSTR) > 0
363+
NEWSTR = SUBSTR(NEWSTR, 1 , POS(TMPTXT,NEWSTR)-1) ||,
364+
NEWTXT || SUBSTR(NEWSTR, POS(TMPTXT,NEWSTR) + LENGTH(TMPTXT))
365+
END
366+
RETURN NEWSTR
367+
/* */
368+
/* END OF CODE */
369+
/* */

0 commit comments

Comments
 (0)