ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » General IBM MQ Support » Security Exit

Post new topic  Reply to topic
 Security Exit « View previous topic :: View next topic » 
Author Message
Winnie
PostPosted: Mon Feb 04, 2002 3:40 pm    Post subject: Reply with quote

Newbie

Joined: 03 Feb 2002
Posts: 3
Location: IBM Canada Ltd

Hi, I am having a problem with security exit. This is for a client connection channel running on Windows 2000. MQSeries server is located on MVS. Connection between MQ client and server is through AT&T Global dialer and then telnet. I have compiled security exit dll using IBM VisualAge C++ compiler 3.6 successfully. But when we tested this security exit, the program could not retrieve correct data, for example, pChannelExitParams->ExitId is equal to 0 most of times, whereas it should be 11 (MQXT_CHANNEL_SEC_EXIT). Dial up and telnet connections look ok, and channel setups are ok. We tested connection without security exit using sample put and get programs, and we could get and send messages.

Please help and thank you very much in advance.

Back to top
View user's profile Send private message
kolban
PostPosted: Mon Feb 04, 2002 6:30 pm    Post subject: Reply with quote

Grand Master

Joined: 22 May 2001
Posts: 1072
Location: Fort Worth, TX, USA

How was the server side portion of the exit installed? You can't have an exit on the client without a corresponding exit on the server. This has to be defined in the SVRCONN channel definition of the server.
Back to top
View user's profile Send private message
Winnie
PostPosted: Tue Feb 05, 2002 8:40 am    Post subject: Reply with quote

Newbie

Joined: 03 Feb 2002
Posts: 3
Location: IBM Canada Ltd

Thanks for reply. Server side on MVS has server connection channel security exit installed, it's written in C too. It's been used for other customers as well, and it works for them. pChannelExitParams->ExitId is shown as 11 on the server. I wonder why security exit program on the client side cannot get correct channel exit parameters data? Thanks a lot.
Back to top
View user's profile Send private message
kolban
PostPosted: Tue Feb 05, 2002 10:19 am    Post subject: Reply with quote

Grand Master

Joined: 22 May 2001
Posts: 1072
Location: Fort Worth, TX, USA

Can you show the flows that are actually seen between the client and the server ...

Client sends what? Server receives what? etc etc
Back to top
View user's profile Send private message
Winnie
PostPosted: Wed Feb 06, 2002 8:02 am    Post subject: Reply with quote

Newbie

Joined: 03 Feb 2002
Posts: 3
Location: IBM Canada Ltd

I don't know how to monitor message flows between client and server channels from client side. Log file on the server side indicated server side security exit sent "Request ID" message, but was not being passed the necessary agent buffer data, i.e., the customer id and password. Here are some log info on the server side:

*****************************************
MQSERIES SECEXTST User Exit started at Wed Jan 30 14:40:55 2002
Channel type = 7
RemoteUserIdentifier =
RemotePassword =
ChannelName = CUSTOMER.T
XmitQName =
ShortConnectionName =
Agent Buffer sent to exit =
DataLength = 0
AgentBufferLength = 0
Exit Reason = MQXR_INIT
ExitResponse = MQXCC_OK
SECEXTST USER EXIT reciever intitiated ended at Wed Jan 30 14:40:55 2002
***********************************************
*****************************************
MQSERIES SECEXTST User Exit started at Wed Jan 30 14:40:56 2002
Channel type = 7
RemoteUserIdentifier =
RemotePassword =
ChannelName = CUSTOMER.T
XmitQName =
ShortConnectionName =
Agent Buffer sent to exit =
DataLength = 0
AgentBufferLength = 3968
Entered MQXR_INIT_SEC
Agent buffer(init)= Request ID~
Exit Reason = MQXR_INIT_SEC
ExitResponse = MQXCC_SEND_SEC_MSG
SECEXTST USER EXIT reciever intitiated ended at Wed Jan 30 14:40:56 2002
***********************************************
*****************************************
MQSERIES SECEXTST User Exit started at Wed Jan 30 14:40:56 2002
Channel type = 7
RemoteUserIdentifier =
RemotePassword =
ChannelName = CUSTOMER.T
XmitQName =
ShortConnectionName =
Agent Buffer sent to exit = Request ID~
DataLength = 0
AgentBufferLength = 3968
Exit Reason = MQXR_SEC_MSG
Response = MQXCC_SUPRESS_FUNCTION
SECEXTST USER EXIT reciever intitiated ended at Wed Jan 30 14:40:56 2002
***********************************************
*****************************************
MQSERIES SECEXTST User Exit started at Wed Jan 30 14:40:56 2002
Channel type = 7
RemoteUserIdentifier =
RemotePassword =
ChannelName = CUSTOMER.T
XmitQName =
ShortConnectionName =
Agent Buffer sent to exit =
DataLength = 0
AgentBufferLength = 0
Exit Reason = MQXR_TERM
ExitResponse = MQXCC_OK
SECEXTST USER EXIT reciever intitiated ended at Wed Jan 30 14:40:56 2002
***********************************************

On the client side, I used sample put program to test security exit as follows: c:>AMQSPUTC TESTQ TESTQM
Sample AMQSPUT0 start
ecisec: ExitId=0
ecisec: ExitId=538976288
MQCONN ended with reason code 2009

In my security exit program, once the SecurityExit function is called, I check value of pChannelExitParams->ExitId first, if it's 11, continue conversation with server security exit, if not, respond with pChannelExitParams->ExitResponse = MQXCC_SUPPRESS_FUNCTION, then communication is dropped.

Test stuff on server side told me the channel cannot be started (listener is running) when we do security exit testing.

My understanding is when channel agent calls my security exit dll, it does not pass correct channel exit data to this dll, communication between client security exit and server security exit is not established. I don't know what is wrong: problem with my security exit or channel set up??

Thank you very much for your help. If you need more information, please let me know. My email address is: wdu@ca.ibm.com

Best regards,

Winnie Du
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » General IBM MQ Support » Security Exit
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.