Check System (QYDOCHKS, QydoCheckSystem) API

The Check System (OPM, QYDOCHKS; ILE, QydoCheckSystem) API checks to see if any key operating system object has changed since it was signed. If any of these objects is unsigned, it is reported as an error. Only signatures from a system trusted source are valid.
Note: This API can take several hours to complete.

Authorities and Locks

Authority Required

*AUDIT special authority is required.

See open() API for the authority needed to the results path name. The file is open for append and is created if it does not already exist.

Locks

Object will be locked shared allow read.

Optional Parameter Group

Results path name.

INPUT; CHAR(*)

The path name of the object you want to contain the results on this call. This object may not be in a library (that is, may not be under the /QSYS.LIB directory). The name may be relative to the current directory or may specify the entire path name. For example, to store results in a file called SIGNED.LST in the MYDIR directory, the results path name would be '/MYDIR/SIGNED.LST'. If you are using format OBJN0100, this parameter is assumed to be represented in the coded character set identifier (CCSID) currently in effect for the job. If the CCSID of the job is 65535, this parameter is assumed to be represented in the default CCSID of the job.

If this is an existing file, results will be appended to the end of the file. Otherwise, a new file will be created.

The default is not to have a results file.

Length of results path name.

INPUT; BINARY(4)

The length of the results path name. A 0 (zero) length means no results files are used, and the results path name and format of results path name parameter values are not used. If the format of the results path name is OBJN0200, this field must include the QLG path name structure in addition to the path name itself. If the format of the results path name is OBJN0100, only the path name itself is included.

Format of results path name

INPUT; CHAR(8)

Format of the results path name

OBJN0100	The results path name is a simple path name.
OBJN0200	The results path name is an LG-type path name.

Format of content of results path name

INPUT; CHAR(8)

The format of the contents of the file containing the results of this call.

RSLT0100	The basic information is returned for any key operating system object that has changed since it was signed.
RSLT0200	The basic information is returned for any key operating system object and Licensed Internal Code module that has changed since it was signed. Specifying the RSLT0200 format causes signature verification for each Licensed Internal Code module in addition to the key operating system objects that are checked. RSLT0100 will not result in Licensed Internal Code modules being verified.

Error code

I/O; CHAR(*)

The structure in which to return error information. For the format of the structure, see Error code parameter.

RSLT0100 format

The following table describes the order and format of the data returned in the RSLT0100 format. This data is repeated for each object that failed to to verify. For detailed descriptions of the fields in the tables, see Field Descriptions.

Note:All data in this file will be in CCSID 1200. New files will be created in this CCSID. If an existing file is named that has a different CCSID, an error will be reported.

Field Descriptions

Date. The date the operation took place. The format will be YYYYMMDD. For example, June 30, 2002 will be 20020630.

Fully qualified object name. The simple path name from the root to the object whose signature is being verified. The field will be terminated with a new line character.

Message identifier. The error message used to report failure. This field is blank if no error was detected for this object.

Operation type. The operation that was attempted. Format RSLT0100 is also used by the Sign Object and Verify Object APIs. Since results are appended, if the results file already exists, Operation type identifies which API created the result. For the Check System API, Operation type will always be set to 2.

Operation type description. Short word description of the operation that was attempted.

Reserved. This field currently is not used. It is filled with blanks.

RSLT0200 format

The following table describes the order and format of the data returned in the RSLT0200 format. This data is repeated for each object and Licensed Internal Code module that failed to verify. For detailed descriptions of the fields in the tables, see Field Descriptions.

Note:All data in this file will be in CCSID 1200. New files will be created in this CCSID. If an existing file is named that has a different CCSID, an error will be reported.

Field Descriptions

Message identifier. The error message used to report failure. This field is blank if no error was detected for this object.

Date. The date the operation took place. The format will be YYYYMMDD. For example, June 30, 2002 will be 20020630.

Operation type. The operation that was attempted. Format RSLT0200 is similar to RSLT0100 which is used by the Sign Object, Verify Object, and Check System APIs. Since results are appended, if the results file already exist, Operation type identifies which API created the result . For the Check System API, Operation type will always be set to 2.

Operation type description. Short word description of the operation that was attempted.

Fully qualified object name indicator. The indicator for the type of information in the Fully qualified object name field.

Fully qualified object name. The simple path name from the root to the object whose signature is being verified. The field will be terminated with a new line character.

Reserved. This field currently is not used. It is filled with blanks.

Usage Notes

The following messages can be sent to the joblog and added to records in the Results Path Name.

Error Messages

[ Back to top | Security APIs | APIs by category ]