FIXQLFCPP -- Fix Qualified CPP

FIXQLFCPP FIX QUALIFIED CPP TAACMET
The Fix Qualified CPP command is intended to library qualify the programs that are called from the command definition object of user written commands. This is an important consideration if you write programs that adopt (USRPRF = OWNER). A command definition object (CMD) describes the CPP and its library. If the CPP uses LIBL or CURLIB, FIXQLFCPP determines if the CPP is on the library list and if so provides an option to change the command definition object. The programs called by VLDCKR and PMTOVRPGM are also checked. Note that FIXQLFCPP will change any user command regardless of whether it is used in a program that adopts. The intent is that you would use the FIXQLFCPP on a periodic basis to keep ensuring that all user written commands use qualified calls in the command definition objects. This is the safest approach because it is difficult to keep checking the programs that adopt to determine whether the user commands within the programs use qualified calls from their command definition objects. See also the FIXQLFNAM tool which will library qualify the invocation of user commands in CL source. Trojan Horse Programs --------------------- When the program adopt function is used, use of LIBL and CURLIB should be avoided when invoking user programs or commands. This ensures that the correct function is used and not a 'Trojan horse' of the same name higher on the library list. 'Trojan horses' can take advantage of the adopt function to perform unauthorized functions. FIXQLFCPP and Command Definition Programs ----------------------------------------- The command definition object allows 3 user programs to be called: CPP - Command processing program VLDCKR - Validity checking program PMTOVRPGM - Prompt override program FIXQLFCPP serves the following purposes: It avoids the 'Trojan horse' security exposure by checking user written commands and optionally allows the qualified name to be added and the command to be re-created. It ensures that any programs called from a user command definition object can be found without relying on the correct library list. It avoids integrity issues such as where the same name used for a CPP program is added to a library higher on the library list than the intended program. Writing Programs that Adopt --------------------------- If you write programs that adopt, you should library qualify the command itself such as: xxx/CMD1 ... The TAA Tool FIXQLFNAM will check the programs that adopt and ensure that qualified names are used for user commands. An option exists to library qualify the command. This prevents a 'Trojan horse' of the same command name, but does not prevent a 'Trojan horse' of the CPP, Validity Checker, or Prompt Override program used by CMD1. The only way to prevent a possible 'Trojan horse' for these programs is to library qualify the program names within the command definition object. Other considerations for writing programs that adopt are to: Library qualify the use of any data base files used and use SECURE(YES). * Ensure either no library exists in front of QSYS or have strict control over the objects in the library. Using FIXQLFCPP --------------- FIXQLFCPP may be run over one or more user libraries or all user libraries. If you run over all user libraries, you should omit the TAATOOL library to avoid excess output. A typical command would be: FIXQLFCPP LIB(xxx) ACTION(CHECK) A listing would be produced of all the commands within the library. The listing will note such things as: * If the CPP is qualified. If not, can it be found on the library list If a validity checking program exists and if it is qualified. If not, can it be found on the library list If a prompt override program exists and if it is qualified. If not, can it be found on the library list The listing will also note if you are not authorized to change the command definition object (OBJOPR and OBJMGT are required). Because ACTION(CHECK) is specified (it is the default), only a listing is produced. After you have reviewed the listing and want to library qualify the programs used in the command definition objects, enter FIXQLFCPP LIB(xxx) ACTION(CHANGE) The same listing occurs with additional information for whether the command was changed and replaced. The replace function extracts the existing attributes of the command and the source member used to create the command and uses CRTCMD. TAATOOL Library Qualification ----------------------------- All TAA programs that adopt use a qualified library name of TAA commands that are used and programs that are called. All TAA commands use a library qualifier for any programs called from the TAA command definition objects. Commands in the QSYS library ---------------------------- If you have QSYS at the top of the system portion of the library list, you generally do not need to library qualify system commands. If you have a library in front of QSYS, you need strict control over what exists in this library to avoid 'Trojan horse' situations. The CHGSYSLIBL command must also be considered. This command is shipped as PUBLIC EXCLUDE. If users are authorized to the command or have ALLOBJ special authority they can manipulate the system portion of the library list during the running of a job. If CHGSYSLIBL is only available to ALLOBJ users, they have sufficient authority to do most functions without the use of adopt. FIXQLFCPP escape messages you can monitor for ---------------------------------------------- None. Escape messages from based on functions will be re-sent. Command parameters CMD ------------------ LIB The library or libraries to be processed. Up to 300 specific libraries or generic names may be entered or the special values ALLUSR or USRLIBL. You must have ALLOBJ authority to specify ALLUSR. For USRLIBL, if a current library exists, it will be considered before the libraries on the user portion of the library list. If the current library is also part of the user portion of the library list, it will only appear once. ASPDEV Specifies the auxiliary storage pool (ASP) device name where storage for the library containing the object is allocated. If the library resides in an ASP that is not part of the thread's library name space, this parameter must be specified to ensure the correct library is searched. If this parameter is used when the library qualifier specified for the Object prompt (OBJ parameter) is CURLIB, LIBL, or USRLIBL, ASPDEV() is the only valid value. This parameter can be specified as a list of two values (elements) or as a single value. The possible single values are: * = The ASPs that are currently part of the thread's library name space will be searched to locate the library. This includes the system ASP (ASP 1), all defined basic user ASPs (ASPs 2-32), and, if the thread has an ASP group, the primary and secondary ASPs in the thread's ASP group. ALLAVL = All available ASPs will be searched. This includes the system ASP (ASP 1), all defined basic user ASPs (ASPs 2-32), and all available primary and secondary ASPs, (ASPs 33-255) with a status of 'Available'. CURASPGRP = If the thread has an ASP group, the primary and secondary ASPs in the thread's ASP group will be searched to locate the library. The system ASP (ASP 1) and defined basic user ASPs (ASPs 2-32) will not be searched. If no ASP group is associated with the thread, an error will be issued. SYSBAS = The system ASP (ASP 1) and all defined basic user ASPs (ASPs 2-32) will be searched to locate the library. No primary or secondary ASPs will be searched even if the thread has an ASP group. Element 1: Device The device name of the primary or secondary ASP to be searched. The primary or secondary ASP must have been activated (by varying on the ASP device) and have a status of 'Available'. The system ASP (ASP 1) and defined user basic ASPs (ASPs 2-32) will not be searched. Element 2: Search type ASP = Specifies that only the single auxiliary storage pool (ASP) device named in element 1 is to be searched. ASPGRP = Specifies that the entire group of the primary auxiliary storage pool (ASP) device named in element 1 is to be searched. LIBTYPE Whether to select all or a specified library type. ALL is the default to select all types. PROD may be used to select only production (PROD) libraries. TEST may be used to select only test (TEST) libraries. ACTION The action to be performed. CHECK is the default to check the command definition objects. Only a listing is produced with comments about what would happen if CHANGE had been specified. CHANGE may be specified to change the command definition objects that require qualifying a program to be called. If all programs called from a command definition object are already qualified, the command definition object is not changed. If the command definition object is changed, the command is re-created. The source must exist in the same source member/file/library that was originally used to create the command. The existing attributes of the object are extracted and specified on CRTCMD. You must have ALLOBJ authority to re-create a command that you are not the owner of. If a command is re-created, the original owner is retained. OMITLIB A list of up to 300 libraries or generic library names that should be omitted. NONE is the default. An omit list may not be entered for LIB(CURLIB). Any library entered is checked for existence. No check occurs to see if an omit library would have been selected. For example, if LIB(LIBL) is entered with OMITLIB(ABC) and library ABC is not on the library list, no error occurs. Restrictions ------------ You must have ALLOBJ authority to specify LIB(ALLUSR). You must be the owner or have ALLOBJ authority to change and re-create a command. To re-create a command, the source used to create the command must exist in the library it was created from. Prerequisites ------------- The following TAA Tools must be on your system: ABORT Abort CHKALLOBJ Check ALLOBJ special authority CHKDUPLST Check duplicate list CHKGENERC Check generic CHKGENOBJ Check generic object CHKOBJ3 Check object 3 CVTLIBOBJD Convert library object description EDTVAR Edit variable EXTLST Extract list EXTLST2 Extract list 2 RPLCMD Replace command RTVCMDA Retrieve command attributes RTVSYSVAL3 Retrieve system value 3 SNDCOMPMSG Send completion message SNDESCINF Send escape information SNDESCMSG Send escape message SNDJLGMSG Send job log message SNDSTSMSG Send status message Implementation -------------- None, the tool is ready to use. Objects used by the tool ------------------------ Object Type Attribute Src member Src file ------ ---- --------- ---------- ---------- FIXQLFCPP CMD TAACMET QATTCMD TAACMETC PGM CLP TAACMETC QATTCL TAACMETC2 PGM CLP TAACMETC2 QATTCL TAACMETR *PGM RPG TAACMETR QATTRPG

FIXQLFCPP       FIX QUALIFIED CPP                      TAACMET


The  Fix Qualified  CPP  command is  intended  to library  qualify  the
programs  that are called  from the  command definition object  of user
written  commands.   This is  an important  consideration if  you write
programs that  adopt (USRPRF =  *OWNER).   A command definition  object
(*CMD) describes  the CPP and  its library.   If the CPP uses  *LIBL or
*CURLIB,  FIXQLFCPP determines if  the CPP  is on the  library list and
if so provides an option to change the command definition object.

The programs called by VLDCKR and PMTOVRPGM are also checked.

Note  that  FIXQLFCPP  will  change  any  user  command  regardless  of
whether it is  used in a program that  adopts.  The intent  is that you
would use  the FIXQLFCPP on a periodic basis  to keep ensuring that all
user written commands  use qualified  calls in  the command  definition
objects.

This is the  safest approach because  it is difficult to  keep checking
the programs  that adopt to determine whether  the user commands within
the   programs  use  qualified  calls  from  their  command  definition
objects.

See also the FIXQLFNAM  tool which will library qualify  the invocation
of user commands in CL source.

Trojan Horse Programs
---------------------

When  the program  adopt function  is used,  use of  *LIBL  and *CURLIB
should  be  avoided when  invoking  user  programs or  commands.   This
ensures that the correct function is  used and not a 'Trojan horse'  of
the same  name higher on  the library list.   'Trojan horses'  can take
advantage of the adopt function to perform unauthorized functions.

FIXQLFCPP and Command Definition Programs
-----------------------------------------

The command definition object allows 3 user programs to be called:

            CPP         -  Command processing program
            VLDCKR      -  Validity checking program
            PMTOVRPGM   -  Prompt override program

FIXQLFCPP serves the following purposes:

  **   It  avoids  the 'Trojan  horse'  security  exposure by  checking
       user written commands and  optionally allows the qualified  name
       to be added and the command to be re-created.

  **   It  ensures  that  any  programs  called  from  a  user  command
       definition object  can be found  without relying on  the correct
       library list.

  **   It  avoids integrity  issues such  as where  the same  name used
       for a CPP program  is added to a  library higher on the  library
       list than the intended program.

Writing Programs that Adopt
---------------------------

If  you write  programs  that  adopt, you  should  library qualify  the
command itself such as:

            xxx/CMD1           ...

The  TAA Tool FIXQLFNAM will  check the programs  that adopt and ensure
that qualified names are used for  user commands.  An option exists  to
library qualify the command.

This prevents a 'Trojan  horse' of the same command  name, but does not
prevent  a  'Trojan horse'  of  the CPP,  Validity  Checker,  or Prompt
Override program used  by CMD1.   The only  way to  prevent a  possible
'Trojan horse'  for these programs  is to  library qualify the  program
names within the command definition object.

Other considerations for writing programs that adopt are to:

  **   Library  qualify the  use of any  data base  files used  and use
       SECURE(*YES).

  **   Ensure  either  no  library  exists in  front  of  QSYS  or have
       strict control over the objects in the library.

Using FIXQLFCPP
---------------

FIXQLFCPP may  be  run over  one or  more user  libraries  or all  user
libraries.   If you run  over all user  libraries, you should  omit the
TAATOOL library to avoid excess output.

A typical command would be:

            FIXQLFCPP      LIB(xxx) ACTION(*CHECK)

A listing would be produced of all the commands within the library.

The listing will note such things as:

  **   If  the  CPP is  qualified.   If  not, can  it  be found  on the
       library list

  **   If a validity  checking program exists and  if it is  qualified.
       If not, can it be found on the library list

  **   If a  prompt override  program exists  and if  it is  qualified.
       If not, can it be found on the library list

The  listing will  also note if  you are  not authorized to  change the
command definition object (*OBJOPR and *OBJMGT are required).

Because ACTION(*CHECK)  is  specified  (it  is  the  default),  only  a
listing is produced.   After you have reviewed the listing  and want to
library qualify  the programs used  in the command  definition objects,
enter

            FIXQLFCPP      LIB(xxx) ACTION(*CHANGE)

The  same listing  occurs with  additional information  for whether the
command was changed  and replaced.   The replace function extracts  the
existing  attributes of  the  command  and the  source  member used  to
create the command and uses CRTCMD.

TAATOOL Library Qualification
-----------------------------

All  TAA  programs  that adopt  use  a qualified  library  name  of TAA
commands that are used and programs that are called.

All TAA commands use a  library qualifier for any programs called  from
the TAA command definition objects.

Commands in the QSYS library
----------------------------

If  you have  QSYS at  the top  of the  system portion  of the  library
list, you generally do not need to library qualify system commands.

If you  have a library in  front of QSYS, you  need strict control over
what exists in this library to avoid 'Trojan horse' situations.

The CHGSYSLIBL  command  must also  be  considered.   This  command  is
shipped as *PUBLIC  *EXCLUDE.  If  users are authorized to  the command
or  have  *ALLOBJ special  authority  they  can  manipulate the  system
portion  of  the  library  list  during  the  running  of  a  job.   If
CHGSYSLIBL is  only available  to *ALLOBJ users,  they have  sufficient
authority to do most functions without the use of adopt.

FIXQLFCPP escape messages you can monitor for
----------------------------------------------

None.  Escape messages from based on functions will be re-sent.

Command parameters                                    *CMD
------------------

   LIB           The library or  libraries to be processed.   Up to 300
                 specific  libraries or  generic  names may  be entered
                 or the special values *ALLUSR  or *USRLIBL.  You  must
                 have *ALLOBJ authority to specify *ALLUSR.

                 For *USRLIBL,  if a  current library  exists, it  will
                 be  considered   before  the  libraries  on  the  user
                 portion of the library list.   If the current  library
                 is  also part  of  the  user  portion of  the  library
                 list, it will only appear once.

   ASPDEV        Specifies  the  auxiliary  storage pool  (ASP)  device
                 name  where  storage  for the  library  containing the
                 object is  allocated.  If  the library  resides in  an
                 ASP  that is  not part  of the  thread's  library name
                 space,  this  parameter must  be  specified  to ensure
                 the correct library  is searched.   If this  parameter
                 is used when  the library qualifier specified  for the
                 Object  prompt (OBJ  parameter) is *CURLIB,  *LIBL, or
                 *USRLIBL, ASPDEV(*) is the only valid value.

                 This parameter  can  be specified  as  a list  of  two
                 values  (elements)  or   as  a  single  value.     The
                 possible single values are:

                 * =  The ASPs that are currently  part of the thread's
                 library  name  space will  be  searched to  locate the
                 library.  This  includes the system  ASP (ASP 1),  all
                 defined  basic  user ASPs  (ASPs  2-32),  and, if  the
                 thread  has an  ASP group,  the primary  and secondary
                 ASPs in the thread's ASP group.

                 *ALLAVL = All available ASPs  will be searched.   This
                 includes the  system ASP  (ASP 1),  all defined  basic
                 user ASPs  (ASPs 2-32), and all  available primary and
                 secondary  ASPs,  (ASPs  33-255)  with  a  status   of
                 'Available'.

                 *CURASPGRP  = If  the  thread has  an  ASP group,  the
                 primary and  secondary ASPs in the  thread's ASP group
                 will  be searched to  locate the library.   The system
                 ASP (ASP 1)  and defined basic  user ASPs (ASPs  2-32)
                 will not be  searched.  If no ASP  group is associated
                 with the thread, an error will be issued.

                 *SYSBAS  =  The system  ASP  (ASP 1)  and  all defined
                 basic user  ASPs  (ASPs  2-32)  will  be  searched  to
                 locate  the library.    No primary  or secondary  ASPs
                 will  be  searched  even  if  the  thread has  an  ASP
                 group.

                 Element 1: Device

                 The device name  of the  primary or  secondary ASP  to
                 be searched.   The primary or secondary ASP  must have
                 been  activated (by  varying  on the  ASP  device) and
                 have  a status  of 'Available'.   The  system ASP (ASP
                 1) and defined  user basic ASPs  (ASPs 2-32) will  not
                 be searched.

                 Element 2: Search type

                 *ASP  =  Specifies  that  only  the  single  auxiliary
                 storage  pool (ASP)  device named  in element 1  is to
                 be searched.

                 *ASPGRP =  Specifies  that  the entire  group  of  the
                 primary auxiliary  storage pool (ASP) device  named in
                 element 1 is to be searched.

   LIBTYPE       Whether  to select  all or  a specified  library type.
                 *ALL is the default to select all types.

                 *PROD may  be used  to select  only production  (PROD)
                 libraries.

                 *TEST  may  be   used  to  select  only   test  (TEST)
                 libraries.

   ACTION        The  action to be  performed.   *CHECK is  the default
                 to  check  the  command definition  objects.    Only a
                 listing is  produced with  comments  about what  would
                 happen if *CHANGE had been specified.

                 *CHANGE  may  be  specified   to  change  the  command
                 definition  objects that require  qualifying a program
                 to be called.  If  all programs called from a  command
                 definition object  are already qualified,  the command
                 definition object is not changed.

                 If  the  command  definition  object  is changed,  the
                 command is re-created.  The  source must exist in  the
                 same source  member/file/library  that was  originally
                 used to  create the command.   The existing attributes
                 of  the object are extracted  and specified on CRTCMD.

                 You  must  have  *ALLOBJ  authority  to   re-create  a
                 command that you  are not the owner of.   If a command
                 is re-created, the original owner is retained.

   OMITLIB       A  list  of up  to  300 libraries  or  generic library
                 names that should be omitted.   *NONE is the  default.

                 An omit list may not be entered for LIB(*CURLIB).

                 Any library entered is checked for existence.

                 No check occurs  to see if an omit  library would have
                 been   selected.    For  example,   if  LIB(*LIBL)  is
                 entered with OMITLIB(ABC)  and library ABC  is not  on
                 the library list, no error occurs.

Restrictions
------------

You must have *ALLOBJ authority to specify LIB(*ALLUSR).

You  must  be  the  owner or  have  *ALLOBJ  authority  to  change  and
re-create a command.

To  re-create a  command, the source  used to  create the  command must
exist in the library it was created from.

Prerequisites
-------------

The following TAA Tools must be on your system:

     ABORT           Abort
     CHKALLOBJ       Check *ALLOBJ special authority
     CHKDUPLST       Check duplicate list
     CHKGENERC       Check generic
     CHKGENOBJ       Check generic object
     CHKOBJ3         Check object 3
     CVTLIBOBJD      Convert library object description
     EDTVAR          Edit variable
     EXTLST          Extract list
     EXTLST2         Extract list 2
     RPLCMD          Replace command
     RTVCMDA         Retrieve command attributes
     RTVSYSVAL3      Retrieve system value 3
     SNDCOMPMSG      Send completion message
     SNDESCINF       Send escape information
     SNDESCMSG       Send escape message
     SNDJLGMSG       Send job log message
     SNDSTSMSG       Send status message

Implementation
--------------

None, the tool is ready to use.

Objects used by the tool
------------------------

   Object        Type    Attribute      Src member    Src file
   ------        ----    ---------      ----------    ----------

   FIXQLFCPP     *CMD                   TAACMET       QATTCMD
   TAACMETC      *PGM       CLP         TAACMETC      QATTCL
   TAACMETC2     *PGM       CLP         TAACMETC2     QATTCL
   TAACMETR      *PGM       RPG         TAACMETR      QATTRPG

Added to TAA Productivity tools October 15, 2003

Home Page

Up to Top