On z/OS, how do I determine which security product is active (RACF, ACF2, or Top Secret) in C?

Question

On z/OS, the OS doesn't demand a particular security product in the system, but lets people choose their own. There are 3 and they have different capabilities.

For reference: there is a related Q&A for Java, but I need to do this in C: How can I determine which security manager is active on z/OS using Java?

Answer 1

Here is sample REXX code that may help:

CVT      = C2d(Storage(10,4))                /* point to CVT         */ 
    
CVTRAC   = C2d(Storage(D2x(CVT + 992),4))    /* point to RACF CVT    */ 
    
RCVTID   = Storage(D2x(CVTRAC),4)            /* point to RCVTID      */ 
   
 select ;                                                                
     
when (RCVTID="RTSS") then secss="TOPSECRET" /* RTSS is TopSecret */    
     
when (RCVTID="RCVT") then secss="RACF"      /* RCVT is RACF         */ 
     
otherwise                 secss=RCVTID      /* ACF2 SECNAME = RCVTID*/ 
    
end;   
                                                             

Answer 2

The information can be found from the RCVT (which also seems to be referred to as the CVTRAC in the docs). The 'id' at the start indicates the security provider:

#ifdef _LP64
  #error "This code is 31-bit addressing mode specific"
#endif

typedef struct {
  char id[4];
} CVTRAC;

typedef struct {
  char unk[0x3E0];
  CVTRAC* cvtrac;
} CVT;

typedef struct {
  char unk[0x10];
  CVT* cvt;
} PSA;

typedef enum {
  SAFUnk=0,
  RACF=1,
  TopSecret=2,
  ACF2=3
} SAFProvider;

static SAFProvider saf_provider()
{

  PSA* psa = (void*) 0;
  char* id = psa->cvt->cvtrac->id;

  if (!memcmp(id, "RCVT", 4)) {
    return RACF;
  } else if (!memcmp(id, "RTSS", 4)) {
    return TopSecret;
  } else if (!memcmp(id, "ACF2", 4)) {
    return ACF2;
  } else {
    return SAFUnk;
  }
}

Note the code above will only work when built for 31-bit addressing mode and compiled without the -qascii option (the strings being compared to are in EBCDIC).