Periodic v2.x sync into v3.x (#3763)

* Treat special chars

Signed-off-by: Martin Zeithaml <[email protected]>

* Too many slashes

Signed-off-by: Martin Zeithaml <[email protected]>

* Minor fixes

Signed-off-by: Martin Zeithaml <[email protected]>

* Switch ChangeTag to sh

Signed-off-by: Martin Zeithaml <[email protected]>

* Regex update

Signed-off-by: Martin Zeithaml <[email protected]>

* Revert changes

Signed-off-by: Martin Zeithaml <[email protected]>

* Get volume

Signed-off-by: Martin Zeithaml <[email protected]>

* Support '$' and '-' in ds name

Signed-off-by: Martin Zeithaml <[email protected]>

* Escape prefix

Signed-off-by: Martin Zeithaml <[email protected]>

* TSS: Detect zOSMF Root CA (#3725)

* TSS: Detect zOSMF Root CA

Signed-off-by: Martin Zeithaml <[email protected]>

* Parameters updated

Signed-off-by: Martin Zeithaml <[email protected]>

* Minor text change

Signed-off-by: Martin Zeithaml <[email protected]>

---------

Signed-off-by: Martin Zeithaml <[email protected]>
Signed-off-by: Martin Zeithaml <[email protected]>
Co-authored-by: Mark Ackert <[email protected]>

* Escape dataset in copyMvsToUss

Signed-off-by: Martin Zeithaml <[email protected]>

* add backtick to <empty> (#3736)

Signed-off-by: MarkAckert <[email protected]>

* allow custom properties in components.zowe (#3735)

Signed-off-by: 1000TurquoisePogs <[email protected]>

* Add ESM to support details (#3749)

Signed-off-by: Martin Zeithaml <[email protected]>

* Promote PTF after release v2.15.0 (#3754)

Signed-off-by: zowe-robot <[email protected]>

* set manifest to 2.15.1 (#3755)

Signed-off-by: MarkAckert <[email protected]>

* Added new PTF numbers for v2 (#3757)

Signed-off-by: ManjuVNair133 <[email protected]>

---------

Signed-off-by: Martin Zeithaml <[email protected]>
Signed-off-by: Martin Zeithaml <[email protected]>
Signed-off-by: MarkAckert <[email protected]>
Signed-off-by: 1000TurquoisePogs <[email protected]>
Signed-off-by: zowe-robot <[email protected]>
Signed-off-by: ManjuVNair133 <[email protected]>
Co-authored-by: Martin Zeithaml <[email protected]>
Co-authored-by: Martin Zeithaml <[email protected]>
Co-authored-by: 1000TurquoisePogs <[email protected]>
Co-authored-by: zowe-robot <[email protected]>
Co-authored-by: ManjuVNair133 <[email protected]>

bin/commands/certificate/keyring-jcl/connect/.parameters

@@ -8,6 +8,6 @@ trust-cas||string|||||Labels of extra certificate authorities should be trusted,
 connect-user||string|required||||Certificate owner. Can be `SITE` or a user ID.
 connect-label||string|required||||Certificate label to connect.
 trust-zosmf||boolean|||||Whether to trust z/OSMF CA.
-zosmf-ca||string||_auto_|||Labels of z/OSMF root certificate authorities. Specify "_auto_" to let Zowe to detect automatically. This only works for RACF.
+zosmf-ca||string||_auto_|||Labels of z/OSMF root certificate authorities. Specify `_auto_` to let Zowe to detect automatically. This works for RACF and TSS.
 zosmf-user||string||IZUSVR|||z/OSMF user name. This is used to automatically detect z/OSMF root certificate authorities.
 ignore-security-failures||boolean|||||Whether to ignore security setup job failures.

bin/commands/certificate/keyring-jcl/generate/.parameters

@@ -16,6 +16,6 @@ country||string|||||Country of certificate and certificate authority.
 validity||string|||||Validity days of certificate.
 trust-cas||string|||||Labels of extra certificate authorities should be trusted, separated by comma (Maximum 2).
 trust-zosmf||boolean|||||Whether to trust z/OSMF CA.
-zosmf-ca||string||_auto_|||Labels of z/OSMF root certificate authorities. Specify "_auto_" to let Zowe to detect automatically. This only works for RACF.
+zosmf-ca||string||_auto_|||Labels of z/OSMF root certificate authorities. Specify `_auto_` to let Zowe to detect automatically. This works for RACF and TSS.
 zosmf-user||string||IZUSVR|||z/OSMF user name. This is used to automatically detect z/OSMF root certificate authorities.
 ignore-security-failures||boolean|||||Whether to ignore security setup job failures.

bin/commands/certificate/keyring-jcl/import-ds/.parameters

@@ -7,7 +7,7 @@ keyring-name||string|required||||Name of the keyring.
 alias|a|string|required|localhost|||Certificate alias name.
 trust-cas||string|||||Labels of extra certificate authorities should be trusted, separated by comma (Maximum 2).
 trust-zosmf||boolean|||||Whether to trust z/OSMF CA.
-zosmf-ca||string||_auto_|||Labels of z/OSMF root certificate authorities. Specify "_auto_" to let Zowe to detect automatically. This only works for RACF.
+zosmf-ca||string||_auto_|||Labels of z/OSMF root certificate authorities. Specify `_auto_` to let Zowe to detect automatically. This works for RACF and TSS.
 zosmf-user||string||IZUSVR|||z/OSMF user name. This is used to automatically detect z/OSMF root certificate authorities.
 import-ds-name||string|required||||Name of the data set holds certificate to import into keyring.
 import-ds-password||string|required||||Password of the data set holds certificate to import.

bin/commands/certificate/pkcs12/lock/.parameters

@@ -1,4 +1,4 @@
 keystore-dir|d|string|required||||Keystore directory.
 user||string|required||||Owner of the keystore directory.
 group||string|required||||Group of the keystore directory.
-group-permission||string|||||Group permission. Can be <empty> for no permission, or `read`, `write`.
+group-permission||string|||||Group permission. Can be `<empty>` for no permission, or `read`, `write`.

bin/commands/support/.help

@@ -6,6 +6,7 @@ This command will collect these information:
   * z/OS version
   * Java version
   * Node.js version
+  * External Security Manager
 - Zowe configurations
   * Zowe manifest.json
   * Zowe configuration file

bin/commands/support/index.sh

@@ -43,17 +43,20 @@ print_debug "Temporary directory created: ${tmp_dir}"
 print_message
 
 ###############################
-print_level1_message "Collecting version of z/OS, Java, NodeJS"
+print_level1_message "Collecting information about z/OS, Java, NodeJS and ESM"
 VERSION_FILE="${tmp_dir}/version_output"
 ZOS_VERSION=`operator_command "D IPLINFO" | grep -i release | xargs`
 print_message "- z/OS: ${ZOS_VERSION}"
 JAVA_VERSION=`${JAVA_HOME}/bin/java -version 2>&1 | head -n 1`
 print_message "- Java: ${JAVA_VERSION}"
 NODE_VERSION=`${NODE_HOME}/bin/node --version`
 print_message "- NodeJS: ${NODE_VERSION}"
+ESM=`"${ZWE_zowe_runtimeDirectory}/bin/utils/getesm"`
+print_message "- External Security Manager: ${ESM}"
 echo "z/OS version: ${ZOS_VERSION}" > "${VERSION_FILE}"
 echo "Java version: ${JAVA_VERSION}" >> "${VERSION_FILE}"
 echo "NodeJS version: ${NODE_VERSION}" >> "${VERSION_FILE}"
+echo "External Security Manager: ${ESM}" >> "${VERSION_FILE}"
 print_message
 
 ###############################

bin/libs/certificate.sh

@@ -876,7 +876,15 @@ EOF
 
   if [ "${trust_zosmf}" = "1" ]; then
     if [ "${zosmf_root_ca}" = "_auto_" ]; then
-      zosmf_root_ca=$(detect_zosmf_root_ca "${ZWE_PRIVATE_ZOSMF_USER}")
+      if [ "${security_product}" = "RACF" ]; then
+        zosmf_root_ca=$(detect_zosmf_root_ca_racf "${ZWE_PRIVATE_ZOSMF_USER}")
+      fi
+      if [ "${security_product}" = "TSS" ]; then
+        zosmf_root_ca=$(detect_zosmf_root_ca_tss "${ZWE_PRIVATE_ZOSMF_USER}")
+      fi
+      if [ "${security_product}" = "ACF2" ]; then
+        zosmf_root_ca=$(detect_zosmf_root_ca_acf2 "${ZWE_PRIVATE_ZOSMF_USER}")
+      fi
     fi
     if [ -z "${zosmf_root_ca}" ]; then
       print_error_and_exit "Error ZWEL0137E: z/OSMF root certificate authority is not provided (or cannot be detected) with trusting z/OSMF option enabled." "" 137
@@ -1397,12 +1405,76 @@ EOF
     "${labels_with_private_key}"
 }
 
-# this only works for RACF
-detect_zosmf_root_ca() {
+# FIXME
+#   - Support for multiple? | long | special characters entries
+detect_zosmf_root_ca_tss() {
+  zosmf_user=${1:-IZUSVR}
+  zosmf_root_ca=
+
+  print_trace "- Detect z/OSMF keyring by listing ID(${zosmf_user}) [TSS]"
+  zosmf_certs=$(tsocmd "TSS LIST(${zosmf_user}) KEYRING(ALL)" 2>&1)
+  code=$?
+  if [ ${code} -ne 0 ]; then
+    print_trace "  * Exit code: ${code}"
+    print_trace "  * Output:"
+    if [ -n "${zosmf_certs}" ]; then
+      print_trace "$(padding_left "${zosmf_certs}" "    ")"
+    fi
+    return 1
+  fi
+
+  # Output example:
+  # KEYRING LABEL = KEYRING.IZUDFLT
+  zosmf_keyring_name=$(echo "${zosmf_certs}" | grep "KEYRING LABEL = " | awk -F= '{ print $2 }'  | head -n 1)
+  if [ -n "${zosmf_keyring_name}" ]; then
+    print_trace "  * z/OSMF keyring name is ${zosmf_keyring_name}"
+    # Output example:
+    #   ACID(CERTAUTH)  DIGICERT(ABCDEFGH)  DEFAULT(NO )  USAGE(CERTAUTH)
+    #   LABLCERT(ZOSMF_ROOT_CA                   )
+    zosmf_root_ca=$(echo "${zosmf_certs}" | grep -A 1 "ACID(CERTAUTH)" | grep "LABLCERT(" | head -n 1)
+    zosmf_root_ca=$(echo "${zosmf_root_ca}" | awk '{ print substr( $0, 12, length($0)-13) }')
+    zosmf_root_ca=$(echo "${zosmf_root_ca}" | sed -e 's/^[[:space:]]*//;s/[[:space:]]*$//')
+    if [ -n "${zosmf_root_ca}" ]; then
+      print_trace "  * z/OSMF root certificate authority found: ${zosmf_root_ca}"
+      echo "${zosmf_root_ca}"
+      return 0
+    else
+      print_trace "  * Error: cannot detect z/OSMF root certificate authority"
+      return 2
+    fi
+  else
+    print_trace "  * Error: failed to detect z/OSMF keyring name"
+    return 3
+  fi
+}
+
+# FIXME
+#   - add similar code using ACFUNIX instead of tsocmd
+#   - or use JCLs to be sure it will always works
+detect_zosmf_root_ca_acf2() {
+  zosmf_user=${1:-IZUSVR}
+  zosmf_root_ca=
+
+  print_trace "- Detect z/OSMF keyring by listing ID(${zosmf_user}) [ACF2]"
+  echo "${zosmf_root_ca}"
+  return 1
+}
+
+# FIXME
+#   - Support for multiple? | long | special characters entries
+#   - RACDCERT LISTRING will be confused if label contains 'CERTAUTH' word:
+#
+#  Certificate Label Name             Cert Owner     USAGE      DEFAULT
+#  --------------------------------   ------------   --------   -------
+#  CERTAUTH_FOR_T800                  ID(SKYNET)     DEADLY       YES
+#  JOHN_CONNOR                        CERTAUTH       CERTAUTH     NO
+#
+#  Will return CERTAUTH_FOR_T800 instead of JOHN_CONNOR
+detect_zosmf_root_ca_racf() {
   zosmf_user=${1:-IZUSVR}
   zosmf_root_ca=
 
-  print_trace "- Detect z/OSMF keyring by listing ID(${zosmf_user})"
+  print_trace "- Detect z/OSMF keyring by listing ID(${zosmf_user}) [RACF]"
   zosmf_certs=$(tsocmd "RACDCERT LIST ID(${zosmf_user})" 2>&1)
   code=$?
   if [ ${code} -ne 0 ]; then

bin/libs/configmgr.ts

@@ -14,6 +14,7 @@ import * as os from 'cm_os';
 import * as xplatform from 'xplatform';
 import { ConfigManager } from 'Configuration';
 import * as fs from './fs';
+import * as stringlib from './string';
 
 import * as objUtils from '../utils/ObjUtils';
 
@@ -415,7 +416,7 @@ function getMemberNameFromConfigPath(configPath: string): string|undefined {
 function stripMemberName(configPath: string, memberName: string): string {
   //Turn PARMLIB(my.zowe(yaml)):PARMLIB(my.other.zowe(yaml))
   //Into PARMLIB(my.zowe):FILE(/some/path.yaml):PARMLIB(my.other.zowe)
-  const replacer = new RegExp('\\('+memberName+'\\)\\)', 'gi');
+  const replacer = new RegExp('\\('+stringlib.escapeDollar(memberName)+'\\)\\)', 'gi');
   return configPath.replace(replacer, ")");
 }
 

bin/libs/string.ts

@@ -344,3 +344,16 @@ export function itemInList(stringList: string, stringToFind?: string, separator:
   }
   return stringList.split(separator).includes(stringToFind);
 }
+
+export function escapeDollar(str: string): string | undefined {
+  if (str === null || str === undefined)
+    return undefined;
+  return str.replace(/[$]/g, '\\$&');
+}
+
+export function escapeRegExp(str: string): string | undefined {
+  if (str === null || str === undefined)
+      return undefined;
+  return str.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+}
+

bin/libs/zos-dataset.ts

@@ -18,7 +18,7 @@ import * as shell from './shell';
 import * as zoslib from './zos';
 
 export function isDatasetExists(datasetName: string): boolean {
-  const result = shell.execSync('sh', '-c', `cat "//'${datasetName}'" 1>/dev/null 2>&1`);
+  const result = shell.execSync('sh', '-c', `cat "//'${stringlib.escapeDollar(datasetName)}'" 1>/dev/null 2>&1`);
   return result.rc === 0;
 }
 
@@ -27,7 +27,7 @@ export function isDatasetExists(datasetName: string): boolean {
 //                1: data set is not in catalog
 //                2: data set member doesn't exist
 export function tsoIsDatasetExists(datasetName: string): number {
-  const result = zoslib.tsoCommand(`listds '${datasetName}' label`);
+  const result = zoslib.tsoCommand(`listds '${stringlib.escapeDollar(datasetName)}' label`);
   if (result.rc != 0) {
     if (result.out.includes('NOT IN CATALOG')) {
       return 1;
@@ -44,7 +44,7 @@ export function tsoIsDatasetExists(datasetName: string): number {
 }
 
 export function createDataSet(dsName: string, dsOptions: string): number {
-  const result=zoslib.tsoCommand(`ALLOCATE NEW DA('${dsName}') ${dsOptions}`);
+  const result=zoslib.tsoCommand(`ALLOCATE NEW DA('${stringlib.escapeDollar(dsName)}') ${dsOptions}`);
   return result.rc;
 }
 
@@ -55,7 +55,7 @@ export function copyToDataset(filePath: string, dsName: string, cpOptions: strin
     }
   }
 
-  const cpCommand=`cp ${cpOptions} -v "${filePath}" "//'${dsName}'"`;
+  const cpCommand=`cp ${cpOptions} -v "${filePath}" "//'${stringlib.escapeDollar(dsName)}'"`;
   common.printDebug('- '+cpCommand);
   const result=shell.execOutSync('sh', '-c', `${cpCommand} 2>&1`);
   if (result.rc == 0) {
@@ -79,7 +79,7 @@ export function datasetCopyToDataset(prefix: string, datasetFrom: string, datase
     }
   }
 
-  const cmd=`exec '${prefix}.${std.getenv('ZWE_PRIVATE_DS_SZWEEXEC')}(ZWEMCOPY)' '${datasetFrom} ${datasetTo}'`;
+  const cmd = `exec '${stringlib.escapeDollar(prefix)}.${std.getenv('ZWE_PRIVATE_DS_SZWEEXEC')}(ZWEMCOPY)' '${stringlib.escapeDollar(datasetFrom)} ${stringlib.escapeDollar(datasetTo)}'`;
   const result = zoslib.tsoCommand(cmd);
   return result.rc;
 }
@@ -91,7 +91,7 @@ export function datasetCopyToDataset(prefix: string, datasetFrom: string, datase
 //                1: there are some users
 // @output        output of operator command "d grs"
 export function listDatasetUser(datasetName: string): number {
-  const cmd=`D GRS,RES=(*,${datasetName})`;
+  const cmd = `D GRS,RES=(*,'${stringlib.escapeDollar(datasetName)}')`;
   const result=zoslib.operatorCommand(cmd);
   return result.out.includes('NO REQUESTORS FOR RESOURCE') ? 0 : 1;
   // example outputs:
@@ -128,7 +128,7 @@ export function listDatasetUser(datasetName: string): number {
 //                3: data set is in use
 // @output        tso listds label output
 export function deleteDataset(dataset: string): number {
-  const cmd=`delete '${dataset}'`;
+  const cmd=`delete '${stringlib.escapeDollar(dataset)}'`;
   const result=zoslib.tsoCommand(cmd);
   if (result.rc != 0) {
     if (result.out.includes('NOT IN CATALOG')) {
@@ -170,7 +170,7 @@ export function isDatasetSmsManaged(dataset: string): { rc: number, smsManaged?:
   // SMS flag is in `FORMAT 1 DSCB` section second line, after 780037
 
   common.printTrace(`- Check if ${dataset} is SMS managed`);
-  const labelResult = zoslib.tsoCommand(`listds '${dataset}' label`);
+  const labelResult = zoslib.tsoCommand(`listds '${stringlib.escapeDollar(dataset)}' label`);
   const datasetLabel=labelResult.out;
   if (labelResult.rc == 0) {
     let formatIndex = datasetLabel.indexOf('--FORMAT 1 DSCB--');
@@ -212,14 +212,13 @@ export function isDatasetSmsManaged(dataset: string): { rc: number, smsManaged?:
 
 export function getDatasetVolume(dataset: string): { rc: number, volume?: string } {
   common.printTrace(`- Find volume of data set ${dataset}`);
-  const result = zoslib.tsoCommand(`listds '${dataset}'`);
+  const result = zoslib.tsoCommand(`listds '${stringlib.escapeDollar(dataset)}'`);
   if (result.rc == 0) {
     let volumesIndex = result.out.indexOf('--VOLUMES--');
     let volume: string;
     if (volumesIndex != -1) {
       let startIndex = volumesIndex + '--VOLUMES--'.length;
-      let endIndex = result.out.indexOf('--',startIndex);
-      volume = result.out.substring(startIndex, endIndex).trim();
+      volume = result.out.substring(startIndex).trim();
     }
     if (!volume) {
       common.printError("  * Failed to find volume information of the data set.");
@@ -235,7 +234,7 @@ export function getDatasetVolume(dataset: string): { rc: number, volume?: string
 export function apfAuthorizeDataset(dataset: string): number {
   const result = isDatasetSmsManaged(dataset);
   if (result.rc) {
-    common.printError("Error ZWEL0134E: Failed to find SMS status of data set ${dataset}.");
+    common.printError(`Error ZWEL0134E: Failed to find SMS status of data set ${dataset}.`);
     return 134;
   }
 
@@ -256,7 +255,7 @@ export function apfAuthorizeDataset(dataset: string): number {
     }
   }
 
-  const apfCmd="SETPROG APF,ADD,DSNAME=${dataset},${apfVolumeParam}"
+  const apfCmd=`SETPROG APF,ADD,DSNAME=${dataset},${apfVolumeParam}`;
   if (std.getenv('ZWE_CLI_PARAMETER_SECURITY_DRY_RUN') == "true") {
     common.printMessage("- Dry-run mode, security setup is NOT performed on the system.");
     common.printMessage("  Please apply this operator command manually:");
@@ -277,7 +276,7 @@ export function apfAuthorizeDataset(dataset: string): number {
 }
 
 export function createDatasetTmpMember(dataset: string, prefix: string='ZW'): string | null {
-  common.printTrace(`  > create_data_set_tmp_member in ${dataset}`);
+    common.printTrace(`  > createDatasetTmpMember in ${dataset}`);
   for (var i = 0; i < 100; i++) {
     let rnd=Math.floor(Math.random()*10000);
 

bin/libs/zos-fs.ts

@@ -87,7 +87,7 @@ export function detectFileEncoding(fileName: string, expectedSample: string, exp
 
 export function copyMvsToUss(dataset: string, file: string): number {
   common.printDebug(`copyMvsToUss dataset=${dataset}, file=${file}`);
-  const result = shell.execSync('sh', '-c', `cp "//'${dataset}'" "${file}"`);
+  const result = shell.execSync('sh', '-c', `cp "//'${stringlib.escapeDollar(dataset)}'" '${file}'`);
   return result.rc;
 }
 
@@ -111,7 +111,7 @@ export function ensureFileEncoding(file: string, expectedSample: string, expecte
       }
     }
     common.printTrace(`- Remove encoding tag of ${file}.`);
-    zos.changeTag(file, 0);
+    shell.execSync('sh', '-c', `chtag -r "${file}"`);
   } else {
     common.printTrace(`- Failed to detect encoding of ${file}.`);
   }

bin/libs/zos.ts

@@ -16,7 +16,7 @@ import * as shell from './shell';
 import * as stringlib from './string';
 
 export function tsoCommand(...args:string[]): { rc: number, out: string } {
-  let message="tsocmd "+args.join(' ');
+  let message = "tsocmd " + '"' + args.join(' ') + '"';
   common.printDebug('- '+message);
   //we echo at the end to avoid a configmgr quirk where trying to read stdout when empty can hang waiting for bytes
   const result = shell.execOutSync('sh', '-c', `${message} 2>&1 && echo '.'`);

bin/libs/zwecli.sh

@@ -376,6 +376,9 @@ zwecli_inline_execute_command() {
 
   export ZWE_PRIVATE_CLI_IS_TOP_LEVEL_COMMAND=false
 
+  print_trace "- zwecli_inline_execute_command"
+  print_trace "  * ${*}"
+
   # process new command
   . "${ZWE_zowe_runtimeDirectory}/bin/zwe"
 

schemas/zowe-yaml-schema.json

@@ -857,7 +857,7 @@
         "zowe": {
           "type": "object",
           "description": "Component level overrides for top level Zowe network configuration.",
-          "additionalProperties": false,
+          "additionalProperties": true,
           "properties": {
             "network": {
               "$ref": "#/$defs/networkSettings"