A fix is available
APAR status
Closed as program error.
Error description
DFHWBSR is trying to send out a static response to a request. Within routine Build_authorization_environment, DFHWBSR calls DFHUSAD for ADD_USER_WITHOUT_PASSWORD processing to add the userid to the US domain. Eventually the security manager is called for verification of the userid and in this case returned SAF and ESM codes of 8,0 1C,0 (respectively), meaning the group access has been revoked. DFHUSAD returns usad_group_access_revoked back to DFHWBSR. DFHWBSR treats this as a severe error and message DFHWB0002 code X'0506' is issued followed by a system dump. This action taken by DFHWBSR is too drastic for a security violation. Currently, DFHWBSR issues message DFHWB0364 only for reason usad_application_notauth. DFHWBSR needs to be investigated and likely changed to issue DFHWB0364 for all usad_reason's returned on this call except for two exceptions of usad_security_inactive and usad_purged. . The Kernal stack from the dump will look as follows: . DFHWBSR SEND_STATIC_RESPONSE BUILD_AUTHORIZATION_ENVIRONMENT SEVERE_ERROR . ADDITIONAL KEYWORD(s): KIXREVSCB
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All CICS users. * **************************************************************** * PROBLEM DESCRIPTION: MSGDFHWB0002 Severe Error X'0506' in * * DFHWBSR for authorization * * error and dump produced. * **************************************************************** * RECOMMENDATION: * **************************************************************** A TCPIPSERVICE is defined with Authenticate: Autoregister. The user at the browser submits a request and the client sends in a certificate to CICS. The CICS Web transaction CWXN makes a successful DFHXSPW INQUIRE_CERTIFICATE_USERID call. As a static response is being returned CWXN makes an ADD_USER_WITHOUT_PASSWORD call. This fails with reason GROUP_ACCESS_REVOKED resulting in a DFHWB0002 message and system dump. The severe error message DFHWB0002 and system dump are not appropriate for this straightforward authorization error. Additional Keywords: msgDFHWB0364 WB0002 WB0364
Problem conclusion
DFHWBSR has been changed. For authorization errors which return usad_response=usad_exception and one of the following usad_reason codes, message DFHWB0364 will be issued in place of the previous DFHWB0002 message and system dump: usad_esm_inactive usad_invalid_password usad_unknown_esm_response usad_invalid_userid usad_new_password_required usad_userid_revoked usad_group_access_revoked usad_invalid_new_password
Temporary fix
FIX AVAILABLE BY PTF ONLY
Comments
APAR Information
APAR number
PM17783
Reported component name
CICS TS Z/OS V4
Reported component ID
5655S9700
Reported release
600
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2010-07-05
Closed date
2010-08-31
Last modified date
2010-10-02
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
UK60040
Modules/Macros
DESWBAP DESWBDM DESWBRQ DESWBRQF DESWBSR DESWBXM DFHWBAP DFHWBAPA DFHWBAPF DFHWBAPJ DFHWBAPM DFHWBAPT DFHWBAPV DFHWBDM DFHWBRQD DFHWBRQS DFHWBSR DFHWBSRA DFHWBSRM DFHWBSRT DFHWBXM DFHWBXMA DFHWBXMT
Fix information
Fixed component name
CICS TS Z/OS V4
Fixed component ID
5655S9700
Applicable component levels
R600 PSY UK60040
UP10/09/03 P F009
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"4.1","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"4.1","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
02 October 2010