The Check Command Qualified Name command checks the parameters from
CRTCMD that support qualified names to ensure that if a program is
specified that the library qualifier is not *LIBL. Using *LIBL from
a command that is used in a program that adopts authority presents a
security exposure where a bogus program could be used.
An *ALLOBJ user is required to run CHKCMDQLFN.
The following qualified parameters are checked because they may be
used as bogus programs:
- PGM Command processing program
- PMTOVRPGM Prompt override program
- VLDCKR Validity checker program
The following qualified parameters are also checked, but do not
represent security exposures. An unqualified parameter may cause
confusion if a different version is found on the library list:
- MSGF Message file
- PMTFILE Prompt text file
- HLPPNLGRP Help panel group
- HLPSCHIDX Help search index
A typical command would be:
All commands in the specified library would be checked. The default
is to list only those commands with exceptions. Any use of *LIBL
would be flagged for one of the parameters that supports a qualified
Because the default for CRTCMD is MSGF(*LIBL/QCPFMSG), an exception
is only noted if a message file name other than QCPFMSG is found with
During SEU syntax checking and CL program compilation, a command
validity checking program would be run if specified with a library
qualifier of *LIBL. A prompt override program could also be used
during SEU. This may also represent a security exposure.
Specifying *CURLIB as the library qualifier for command parameters
that support a qualified name causes the current library at the time
of command creation to be the qualified library name. Because of
this approach, using *CURLIB can be considered the same as an actual
CHKCMDQLFN escape messages you can monitor for
TAA9892 No command objects were found in the libraries
Escape messages from based on functions will be re-sent.
CHKCMDQLFN Command parameters *CMD
LIB The list of libraries to be processed. Up to 300
libraries may be entered (including generic names)
or the special values *LIBL, *USRLIBL, *CURLIB,
*ALLUSR, *ALLUSR2, *ALLNONQ, *IBM, or ALL.
For *LIBL and *USRLIBL, if a current library exists,
it will be written as a record before the records
for the user portion of the library list. If the
current library is also part of the user portion of
the library list, it will only appear once (it is
removed from the user portion list).
*ALLUSR omits certain # libraries such as #RPGLIB.
*ALLUSR also omits all Q libraries with certain
exceptions such as QGPL. See the help text for the
SAVLIB command for a complete list. Note that if
you have your own library which begins with Q, it is
*IBM causes all libraries to be included based on
the definition for DSPOBJD LIB(*IBM).
*ALLUSR2 is similar to *ALLUSR. It omits the same #
libraries, but also omits any library beginning with
Q. Note that if you have your own library which
begins with Q, it is omitted.
*ALLNONQ means any library that does not begin with
the letter Q. If *ALLNONQ is used, the ASPDEV
parameter must use the default.
CMD The command name to be checked. *ALL is the
A specific command name may be entered.
ASPDEV Specifies the auxiliary storage pool (ASP) device
name where storage for the library containing the
object is allocated. If the library resides in an
ASP that is not part of the thread's library name
space, this parameter must be specified to ensure
the correct library is searched.
The parameter can be specified as a list of two
values (elements) or as a single value. The
possible single values are:
* = The ASPs that are currently part of the thread's
library name space will be searched to locate the
library. This includes the system ASP (ASP 1), all
defined basic user ASPs (ASPs 2-32), and, if the
thread has an ASP group, the primary and secondary
ASPs in the thread's ASP group.
*ALLAVL = All available ASPs will be searched. This
includes the system ASP (ASP 1), all defined basic
user ASPs (ASPs 2-32), and all available primary and
secondary ASPs, (ASPs 33-255) with a status of
*CURASPGRP = If the thread has an ASP group, the
primary and secondary ASPs in the thread's ASP group
will be searched. The system ASP (ASP 1) and
defined basic user ASPs (ASPs 2-32) will not be
searched. If no ASP group is associated with the
thread, an error will be issued.
*SYSBAS = The system ASP (ASP 1) and all defined
basic user ASPs (ASPs 2-32) will be searched to
locate the library. No primary or secondary ASPs
will be searched even if the thread has an ASP
Element 1: Device
The device name of the primary or secondary ASP to
be searched. The primary or secondary ASP must have
been activated (by varying on the ASP device) and
have a status of 'Available'. The system ASP (ASP
1) and defined user basic ASPs (ASPs 2-32) will not
Element 2: Search type
*ASP = Specifies that only the single auxiliary
storage pool (ASP) device named in element 1 is to
*ASPGRP = Specifies that the entire group of the
primary auxiliary storage pool (ASP) device named in
element 1 is to be searched.
ASPNBR The ASP number for the libraries that are to be
converted. The default is *ALL.
A number in the range of 1-99 may be entered to
subset the libraries that are output by the LIB and
OMITLIB A list of up to 300 libraries or generic library
names that should be omitted. *NONE is the default.
The TAATOOL library is implicitly omitted.
An omit list may not be entered for LIB(*CURLIB).
If ESCAPE(*YES) is specified, any library entered is
checked for existence unless a non-default value is
used for the ASPDEV parameter.
No check occurs to see if an omit library would have
been selected. For example, if LIB(*LIBL) is
entered with OMITLIB(ABC) and library ABC is not on
the library list, no error occurs.
EXCPTONLY A *YES/*NO parameter for whether to list all
commands or only those with exceptions.
*YES is the default to list only those with
*NO may be specified to list all commands.
OUTPUT How to output the results. * is the default to
display the spooled file if the command is entered
interactively. The spooled file is deleted after it
If the command is entered in batch or *PRINT is
specified, the spooled file is output and retained.
An *ALLOBJ user is required to run CHKCMDQLFN.
REXX programs are not considered.
The following TAA Tools must be on your system:
CHKALLOBJ Check *ALLOBJ special authority
CHKDUPLST Check duplicates in list
CHKGENERC Check generic
CHKGENOBJ Check generic object
CHKOBJ3 Check object 3
CMPLSTPARM Compare list parm
CRTDUPPF Create duplicate PF
CVTCMDA Convert command attributes
EDTVAR Edit variable
EXTLST Extract list
EXTLST2 Extract list 2
RTVSYSVAL3 Retrieve system value 3
SNDCOMPMSG Send completion message
SNDESCINF Send escape information
SNDESCMSG Send escape message
SNDJLGMSG Send job log message
SNDSTSMSG Send status message
None, the tool is ready to use.
Objects used by the tool
Object Type Attribute Src member Src file
------ ---- --------- ---------- ----------
CHKCMDQLFN *CMD TAASEID QATTCMD
TAASEIDC *PGM CLP TAASEIDC QATTCL
TAASEIDR *PGM RPG TAASEIDR QATTRPG