APAR status
Closed as program error.
Error description
When the user had set up a sandbox environment, there was a difference in behaviour when transferring single files outside of the sandbox, compared to a wildcard transfer outside the sandbox. The single file transfer would return a Failure: BFGIO0056E: Attempt to read file "<FILE>" has been denied. The file is located outside of the restricted transfer sandbox. Whereas the wildcard transfer would return a Success message with no files transferred: BFGRP0036I: The transfer request has successfully completed, although no files were transferred. The user noted that this was unexpected as the wildcard transfer attempted to match files outside of the sandbox locations, therefore a failure was expected.
Local fix
Problem summary
**************************************************************** USERS AFFECTED: The issue affect users of: - WebSphere MQ File Transfer Edition (FTE) V7.0.4 - WebSphere MQ Managed File Transfer (MFT) V7.5 - IBM MQ Managed File Transfer (MFT) V8.0 - IBM MQ Managed File Transfer (MFT) V9.0 when using the User Sandbox and Agent Sandbox features with transfers defined using a wildcard character. Platforms affected: MultiPlatform **************************************************************** PROBLEM DESCRIPTION: If an agent had been configured with a user or agent sandbox (to restrict the locations that an agent could transfer files to and from), the behaviour of the agent was inconsistent when processing managed transfers that referenced transfer items outside of the sandbox. When a managed transfer containing a single transfer item for a specific file was attempted, where the transfer item was located outside of the user or agent sandbox, the managed transfer failed with the following error: BFGIO0056E: Attempt to read file "<FILE>" has been denied. The file is located outside of the restricted transfer sandbox. However, when a managed transfer containing a wildcard was attempted, where the wildcard caused the agent to look in directories located outside the sandbox, the managed transfer would complete successfully and the following message was returned: BFGRP0036I: The transfer request has successfully completed, although no files were transferred. This behaviour was incorrect. In the wildcard case, the managed transfer should have been marked as failed as it required the agent to look in directories outside of the user sandbox.
Problem conclusion
The issue has been corrected by adjusting the checks made on wildcard transfers when sandboxing has been enabled. New return messages are now produced when a wildcard transfer request is made to a location outside a configured sandbox location. The following message occurs when a wildcard file path in a transfer request is located outside of the restricted sandbox: BFGSS0077E: Attempt to read file path: <path> has been denied. The file path is located outside of the restricted transfer sandbox. The following message occurs when a transfer within a multiple transfer request contains a wildcard transfer request where the path is located outside of the restricted sandbox: BFGSS0078E: Attempt to read file path: <path> has been ignored as another transfer item in the managed transfer attempted to read outside of the restricted transfer sandbox. The following message occurs when a file is located outside of the restricted sandbox: BFGSS0079E: Attempt to read file <file path> has been denied. The file is located outside of the restricted transfer sandbox. The following message occurs in a multiple transfer request where another wildcard transfer request has caused this one to be ignored: BFGSS0080E: Attempt to read file: <file path> has been ignored as another transfer item in the managed transfer attempted to read outside of the restricted transfer sandbox. To protect customers who may have working transfers that include wildcards outside the sandbox the new function has been protected by a new agent property "additionalWildcardSandboxChecking". When this is set to true, the additional checking will be enabled and wildcards transfer attempts outside the sandbox will fail. If the property is omitted or set to false then the original behaviour will remain unchanged. --------------------------------------------------------------- The fix is targeted for delivery in the following PTFs: Version Maintenance Level v7.0 7.0.4.7 v7.5 7.5.0.8 v8.0 8.0.0.6 v9.0 CD 9.0.1 v9.0 LTS 9.0.0.1 The latest available FTE maintenance can be obtained from 'Fix List for WebSphere MQ File Transfer Edition 7.0' http://www-01.ibm.com/support/docview.wss?uid=swg27015313 The latest available MQ maintenance can be obtained from 'WebSphere MQ Recommended Fixes' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037 If the maintenance level is not yet available information on its planned availability can be found in 'WebSphere MQ Planned Maintenance Release Dates' http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309 ---------------------------------------------------------------
Temporary fix
Comments
APAR Information
APAR number
IT11742
Reported component name
WMQ FILE TRANSF
Reported component ID
5724R1000
Reported release
704
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2015-10-13
Closed date
2016-08-16
Last modified date
2017-06-01
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WMQ FILE TRANSF
Fixed component ID
5724R1000
Applicable component levels
R704 PSY
UP
[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSEP7X","label":"WebSphere MQ File Transfer Edition"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.0.4","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
01 June 2017