Check System (QYDOCHKS, QydoCheckSystem) API
Optional Parameter Group:
| 1 | Results path name | Input | Char(*) |
| 2 | Length of results path name | Input | Binary(4) |
| 3 | Format of results path name | Input | Char(8) |
| 4 | Format of content of results file | Input | Char (8) |
| 5 | Error code | I/O | Char(*) |
Service Program Name: QYDOCHK1
Default Public Authority: *USE
Threadsafe: No
The Check System (OPM, QYDOCHKS; ILE, QydoCheckSystem) API checks to see if any key operating system object has changed since it was signed. If any of these objects is unsigned, it is reported as an error. Only signatures from a system trusted source are valid.
Note: This API can take several hours to complete.
Authorities and Locks
- Authority Required
- *AUDIT special authority is required.
See open() API for the authority needed to the results path name. The file is open for append and is created if it does not already exist.
- Locks
- Object will be locked shared allow read.
Optional Parameter Group
- Results path name.
- INPUT; CHAR(*)
The path name of the object you want to contain the results on this call. This object may not be in a library (that is, may not be under the /QSYS.LIB directory). The name may be relative to the current directory or may specify the entire path name. For example, to store results in a file called SIGNED.LST in the MYDIR directory, the results path name would be '/MYDIR/SIGNED.LST'. If you are using format OBJN0100, this parameter is assumed to be represented in the coded character set identifier (CCSID) currently in effect for the job. If the CCSID of the job is 65535, this parameter is assumed to be represented in the default CCSID of the job.
If this is an existing file, results will be appended to the end of the file. Otherwise, a new file will be created.
The default is not to have a results file.
- Length of results path name.
- INPUT; BINARY(4)
The length of the results path name. A 0 (zero) length means no results files are used, and the results path name and format of results path name parameter values are not used. If the format of the results path name is OBJN0200, this field must include the QLG path name structure in addition to the path name itself. If the format of the results path name is OBJN0100, only the path name itself is included.
- Format of results path name
- INPUT; CHAR(8)
Format of the results path name
OBJN0100 The results path name is a simple path name. OBJN0200 The results path name is an LG-type path name.
- Format of content of results path name
- INPUT; CHAR(8)
The format of the contents of the file containing the results of this call.
RSLT0100 The basic information is returned for any key operating system object that has changed since it was signed. RSLT0200 The basic information is returned for any key operating system object and Licensed Internal Code module that has changed since it was signed. Specifying the RSLT0200 format causes signature verification for each Licensed Internal Code module in addition to the key operating system objects that are checked. RSLT0100 will not result in Licensed Internal Code modules being verified.
- Error code
- I/O; CHAR(*)
The structure in which to return error information. For the format of the structure, see Error code parameter.
RSLT0100 format
The following table describes the order and format of the data returned in the RSLT0100 format. This data is repeated for each object that failed to to verify. For detailed descriptions of the fields in the tables, see Field Descriptions.
Note:All data in this file will be in CCSID 1200. New files will be created in this CCSID. If an existing file is named that has a different CCSID, an error will be reported.
| Offset | Type | Field | |
|---|---|---|---|
| Dec | Hex | ||
| 0 | 0 | CHAR(7) | Message identifier |
| 7 | 7 | CHAR(9) | Reserved |
| 16 | 10 | CHAR(8) | Date |
| 24 | 18 | CHAR(8) | Reserved |
| 32 | 20 | CHAR(1) | Operation type |
| 33 | 21 | CHAR(15) | Operation type description |
| 48 | 30 | CHAR(8) | Reserved |
| 56 | 38 | CHAR(*) | Fully qualified object name |
Field Descriptions
Date. The date the operation took place. The format will be YYYYMMDD. For example, June 30, 2002 will be 20020630.
Fully qualified object name. The simple path name from the root to the object whose signature is being verified. The field will be terminated with a new line character.
Message identifier. The error message used to report failure. This field is blank if no error was detected for this object.
Operation type. The operation that was attempted. Format RSLT0100 is also used by the Sign Object and Verify Object APIs. Since results are appended, if the results file already exists, Operation type identifies which API created the result. For the Check System API, Operation type will always be set to 2.
| 0 | Signing operation |
| 1 | Verifying operation |
| 2 | Checking operation |
Operation type description. Short word description of the operation that was attempted.
Reserved. This field currently is not used. It is filled with blanks.
RSLT0200 format
The following table describes the order and format of the data returned in the RSLT0200 format. This data is repeated for each object and Licensed Internal Code module that failed to verify. For detailed descriptions of the fields in the tables, see Field Descriptions.
Note:All data in this file will be in CCSID 1200. New files will be created in this CCSID. If an existing file is named that has a different CCSID, an error will be reported.
| Offset | Type | Field | |
|---|---|---|---|
| Dec | Hex | ||
| 0 | 0 | CHAR(7) | Message identifier |
| 7 | 7 | CHAR(9) | Reserved |
| 16 | 10 | CHAR(8) | Date |
| 24 | 18 | CHAR(8) | Reserved |
| 32 | 20 | CHAR(1) | Operation type |
| 33 | 21 | CHAR(15) | Operation type description |
| 48 | 30 | CHAR(1) | Fully qualified object name indicator |
| 49 | 31 | CHAR(7) | Reserved |
| 56 | 38 | CHAR(*) | Fully qualified object name |
Field Descriptions
Message identifier. The error message used to report failure. This field is blank if no error was detected for this object.
Date. The date the operation took place. The format will be YYYYMMDD. For example, June 30, 2002 will be 20020630.
Operation type. The operation that was attempted. Format RSLT0200 is similar to RSLT0100 which is used by the Sign Object, Verify Object, and Check System APIs. Since results are appended, if the results file already exist, Operation type identifies which API created the result . For the Check System API, Operation type will always be set to 2.
| 0 | Signing operation |
| 1 | Verifying operation |
| 2 | Checking operation |
Operation type description. Short word description of the operation that was attempted.
Fully qualified object name indicator. The indicator for the type of information in the Fully qualified object name field.
| 0 | Fully qualified object name |
| 1 | Licensed Internal Code RU name |
Fully qualified object name. The simple path name from the root to the object whose signature is being verified. The field will be terminated with a new line character.
Reserved. This field currently is not used. It is filled with blanks.
Usage Notes
The following messages can be sent to the joblog and added to records in the Results Path Name.
| Message ID | Message Text |
|---|---|
| CPFB722 D | Object not signed. |
| CPFB723 D | Object signed, but signature is not valid. |
| CPFB72A D | The object had no trusted signatures on the object. |
| CPFB72B D | Object not found. |
| CPFB72C D | The object cannot currently be signed or verified. |
Error Messages
| Message ID | Error Message Text |
|---|---|
| CPF222E E | &1 special authority is required. |
| CPF9872 E | Program or service program &1 in library &2 ended. Reason code &3. |
| CPF9EA7 E | QVFYOBJRST system value does not verify object signatures during restore at its current setting. |
| CPFA08D E | Request information value is not valid. |
| CPFA0A4 E | Too many open files for process. |
| CPFA0AA E | Error occurred while attempting to obtain space. |
| CPFA0D4 E | File system error occurred. |
| CPFB735 E | The digital signature API parameter &1 is not large enough. |
| CPFB736 E | The digital signature API parameter &1 is not small enough. |
| CPFB737 E | The digital signature API parameter &1 is a null pointer. |
| CPFB738 E | The digital signature API parameter &1 is not a valid format type. |
| CPFB739 E | The digital signature API parameter &1 is out of range. |
| CPFB740 E | The format name for the pathname is not valid. |
| CPFB741 E | The length of the path name parameter is not valid. |
| CPFB744 E | The format of the results file for the digital signing API is an incorrect value. |
| CPFB745 E | The format name for the results file path name is not valid. |
| CPFB746 E | The results file path name length is not large enough. |
| CPFB749 E | Object signature operation ended abnormally. &1 objects attempted, &2 objects successfully processed. |
| CPFB74D E | Results file could not be used. |
API introduced: V5R3
[ Back to top | Security APIs | APIs by category ]