- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- undefined symbol error while defining account owne...
Operating System - OpenVMS
1753797
Members
7519
Online
108805
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-03-2009 01:18 AM
тАО02-03-2009 01:18 AM
Re: undefined symbol error while defining account ownership.
Well, I don't understand why the procedure is asking the user to enter the whole UAF command-string instead of just the owner string unquoted. Then the procedure should simply construct the command itself like
$ ask "owner?" owner
$ if f$extract(0,1,owner).nes."+" then owner="+"+owner
$ UAF modify 'user'/owner="''owner'"
And finally, to just update all accounts to adhere to the new "+" rule, I would get the freeware GETUAI utility in a procedure
$loop:
$! reading the username from a file
$ GETUAI 'username' /owner=owner
$ if f$extract(0,1,owner).nes."+" then owner="+"+owner
$ UAF modify 'username'/owner="''owner'"
$ goto loop
$ ask "owner?" owner
$ if f$extract(0,1,owner).nes."+" then owner="+"+owner
$ UAF modify 'user'/owner="''owner'"
And finally, to just update all accounts to adhere to the new "+" rule, I would get the freeware GETUAI utility in a procedure
$loop:
$! reading the username from a file
$ GETUAI 'username' /owner=owner
$ if f$extract(0,1,owner).nes."+" then owner="+"+owner
$ UAF modify 'username'/owner="''owner'"
$ goto loop
http://www.mpp.mpg.de/~huber
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-03-2009 04:31 AM
тАО02-03-2009 04:31 AM
Re: undefined symbol error while defining account ownership.
Could we start with something easy? Has
anyone yet explained what "ask" really is?
alp $ help ask
Sorry, no documentation on ASK
[...]
anyone yet explained what "ask" really is?
alp $ help ask
Sorry, no documentation on ASK
[...]
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-03-2009 04:54 AM
тАО02-03-2009 04:54 AM
Re: undefined symbol error while defining account ownership.
Yes of course, and therefore I was asking
>> "ask" command(-procedure?) is preserving them.
Whatever it is, behind it probably is is either an inquire or a read, or another procedure doing it.
And depending on that, it requires a different number of double quotes for the quoted user input string.
Since we don't know what 'ask" is effectively doing, the OP has to test his procedure with different number of quote pairs to find the right incantation.
And is is already clear why it was working (just by chance) until special characters like "+" was in the symbol: the unquoted string was still legal in the UAF command.
And I repeat: it is quite ugly to write a procedure which requires from the user to know how to quote his input !
>> "ask" command(-procedure?) is preserving them.
Whatever it is, behind it probably is is either an inquire or a read, or another procedure doing it.
And depending on that, it requires a different number of double quotes for the quoted user input string.
Since we don't know what 'ask" is effectively doing, the OP has to test his procedure with different number of quote pairs to find the right incantation.
And is is already clear why it was working (just by chance) until special characters like "+" was in the symbol: the unquoted string was still legal in the UAF command.
And I repeat: it is quite ugly to write a procedure which requires from the user to know how to quote his input !
http://www.mpp.mpg.de/~huber
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-03-2009 05:20 AM
тАО02-03-2009 05:20 AM
Re: undefined symbol error while defining account ownership.
> [...] either an inquire or a read [...]
And, of course, INQUIRE in a context with
enough privilege to use AUTHORIZE is a big
invitation to trouble.
http://h71000.www7.hp.com/doc/732final/aa-q2hlg-te/aa-q2hlg-te.pdf
And, of course, INQUIRE in a context with
enough privilege to use AUTHORIZE is a big
invitation to trouble.
http://h71000.www7.hp.com/doc/732final/aa-q2hlg-te/aa-q2hlg-te.pdf
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-03-2009 06:16 AM
тАО02-03-2009 06:16 AM
Re: undefined symbol error while defining account ownership.
Anyway, the small piece shown, it seems to be a procedure, which accepts from the user any argument added to a AUTHORIZE MODIFY command, except /password and /generate, but it allows e.g. /flag=disuser.
Weird to say the least...
Weird to say the least...
http://www.mpp.mpg.de/~huber
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-03-2009 06:29 AM
тАО02-03-2009 06:29 AM
Re: undefined symbol error while defining account ownership.
Joseph,
This is generic script for all UAF modification of accounts.
This is generic script for all UAF modification of accounts.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-03-2009 07:04 AM
тАО02-03-2009 07:04 AM
Re: undefined symbol error while defining account ownership.
Yes I understand what it does, but find it still weird: it gets as input anything, filters out /PASSWORD and /GENERATE qualifiers, and passes everything else simply to Authorize for execution.
Why then a procedure at all, and not just invoke AUTHORIZE, then the user does whatever he likes.
If he/she is privileged to do anything in authorize, then he certainly can invoke authorize to change passwords.
If on the other side this is part of a captive account procedure for an account administrator, then it is a crazy idea to allow everthing.
In this case better let the procedure ask for specific things like owner string, and let the procedure form the authorize command as I have recommended earlier.
Why then a procedure at all, and not just invoke AUTHORIZE, then the user does whatever he likes.
If he/she is privileged to do anything in authorize, then he certainly can invoke authorize to change passwords.
If on the other side this is part of a captive account procedure for an account administrator, then it is a crazy idea to allow everthing.
In this case better let the procedure ask for specific things like owner string, and let the procedure form the authorize command as I have recommended earlier.
http://www.mpp.mpg.de/~huber
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-03-2009 09:08 AM
тАО02-03-2009 09:08 AM
Re: undefined symbol error while defining account ownership.
shiva27,
from your Forum Profile:
Maybe you can find some time to do some assigning?
http://forums1.itrc.hp.com/service/forums/helptips.do?#33
Mind, I do NOT say you necessarily need to give lots of points. It is fully up to _YOU_ to decide how many. If you consider an answer is not deserving any points, you can also assign 0 ( = zero ) points, and then that answer will no longer be counted as unassigned.
Consider, that every poster took at least the trouble of posting for you!
To easily find your streams with unassigned points, click your own name somewhere.
This will bring up your profile.
Near the bottom of that page, under the caption "My Question(s)" you will find "questions or topics with unassigned points " Clicking that will give all, and only, your questions that still have unassigned postings.
Thanks on behalf of your Forum colleagues.
PS. nothing personal in this. I try to post it to everyone with this kind of assignment ratio in this forum. If you have received a posting like this before please do not take offence none is intended!
PPS. Zero points for THIS entry, please.
Proost.
Have one on me.
jpe
from your Forum Profile:
I have assigned points to 0 of 77 responses to my questions.
Maybe you can find some time to do some assigning?
http://forums1.itrc.hp.com/service/forums/helptips.do?#33
Mind, I do NOT say you necessarily need to give lots of points. It is fully up to _YOU_ to decide how many. If you consider an answer is not deserving any points, you can also assign 0 ( = zero ) points, and then that answer will no longer be counted as unassigned.
Consider, that every poster took at least the trouble of posting for you!
To easily find your streams with unassigned points, click your own name somewhere.
This will bring up your profile.
Near the bottom of that page, under the caption "My Question(s)" you will find "questions or topics with unassigned points " Clicking that will give all, and only, your questions that still have unassigned postings.
Thanks on behalf of your Forum colleagues.
PS. nothing personal in this. I try to post it to everyone with this kind of assignment ratio in this forum. If you have received a posting like this before please do not take offence none is intended!
PPS. Zero points for THIS entry, please.
Proost.
Have one on me.
jpe
Don't rust yours pelled jacker to fine doll missed aches.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-03-2009 01:08 PM
тАО02-03-2009 01:08 PM
Re: undefined symbol error while defining account ownership.
Shiva,
> This is generic script for all UAF
> modification of accounts
Your script doesn't deal with quotes properly. This is always going to be an issue attempting to build a "meta" DCL script - the level of parsing required to deal with all possible cases of DCL constructs. It's more or less impossible to do it with a sane number of lines of DCL that will execute in a non-geological time.
As written, there are ways to exploit your code to bypass your checks, or do things that you don't want or don't expect. Simple case, try this:
$ hack="/password=newone"
$ robert="+robert'hack'"
now execute your procedure and repeat your test. There won't be an undefined symbol error, nor will your check for /PA be triggered, but your input command:
modify use1/owner="+robert"
WILL change the users' password.
So, your generic script doesn't work, and there's no simple way to do what you want.
There are two basic options... first is to write your own UAF utility in a compiled language, and omit the functions you want to block.
Second is to tell your operators (or whoever uses this command procedure) that all UAF actions are audited, and will be checked for illegal operations. Any that are discovered will lead to disciplinary action.
Ultimately you have to trust people to do the right thing.
> This is generic script for all UAF
> modification of accounts
Your script doesn't deal with quotes properly. This is always going to be an issue attempting to build a "meta" DCL script - the level of parsing required to deal with all possible cases of DCL constructs. It's more or less impossible to do it with a sane number of lines of DCL that will execute in a non-geological time.
As written, there are ways to exploit your code to bypass your checks, or do things that you don't want or don't expect. Simple case, try this:
$ hack="/password=newone"
$ robert="+robert'hack'"
now execute your procedure and repeat your test. There won't be an undefined symbol error, nor will your check for /PA be triggered, but your input command:
modify use1/owner="+robert"
WILL change the users' password.
So, your generic script doesn't work, and there's no simple way to do what you want.
There are two basic options... first is to write your own UAF utility in a compiled language, and omit the functions you want to block.
Second is to tell your operators (or whoever uses this command procedure) that all UAF actions are audited, and will be checked for illegal operations. Any that are discovered will lead to disciplinary action.
Ultimately you have to trust people to do the right thing.
A crucible of informative mistakes
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-03-2009 09:38 PM
тАО02-03-2009 09:38 PM
Re: undefined symbol error while defining account ownership.
Hi
Below is completed script.When user execute login.com he will get "Security team menu" to select the options.
For changing the ownership of account,he has to select the option "A".once select A option will get the prompt UAF >
UAF>
Note:If i want to change the account ownership without sign "+" this procedure is working fine ,
but if i select "+" it is giving "undefined symbol" error as below screen shot
Requirement: Now we need to change all account ownership with "+" sign with help of this procedure.
can you please suggest how can we accoplish the script in such a way that "+" sign will accept in account ownership.
scree shot
==========
Case I:
=======
$ @LOGIN.COM;
Security team GROUP
*************************************************
A : Activate Authorization file
B : Add VCS users (LONDON only)
C : Remove VCS users (LONDON only)
P : Password Maintenance
PS1 : Primary Password change
PS2 : Secondary Password change
LO : Logout
OPTION : a
UAF>modify user2/owner="+david_loong"
%DCL-W-UNDSYM, undefined symbol - check validity and spelling
\david_loong\
%DCL-W-UNDSYM, undefined symbol - check validity and spelling
\david_loong\
%DCL-E-INVIFNEST, invalid IF-THEN-ELSE nesting structure or data inconsistency
Case II:
========
$ @LOGIN.COM;
%CDU-W-NOSUCHVERB, The CLI table does not contain verb name EDIT
security team GROUP
*************************************************
A : Activate Authorization file
B : Add VCS users (LONDON only)
C : Remove VCS users (LONDON only)
P : Password Maintenance
PS1 : Primary Password change
PS2 : Secondary Password change
LO : Logout
OPTION : a
UAF>modify user2/owner="david_loong"
%UAF-I-MDFYMSG, user record(s) updated
Command Procedure:
--------------------------------------------
$ SET ON
$ set command/delete=(edit)
$ SET PROTECTION=(S:RWED,O:RWED,G:RE,W)/DEFAULT
$ SET NOCONTROL=(T,Y)
$
$ olddef = f$environment("DEFAULT")
$!
$ if .not. f$privilege("SYSPRV") then goto nopriv
$ IF F$MODE() .NES. "INTERACTIVE" THEN GOTO BYPASS
$!
$ SELECT_SYS_OPTION:
$ ON CONTROL_Y THEN GOTO FINISH
$ ON WARNING THEN GOTO SELECT_SYS_OPTION
$ ON ERROR THEN GOTO SELECT_SYS_OPTION
$ ON SEVERE_ERROR THEN GOTO SELECT_SYS_OPTION
$ PAUSE :== "WAIT 00:00:03"
$ DISPLAY :== "TYPE SYS$INPUT "
$ SAY :== "Write sys$output "
$ ASK :== "READ SYS$COMMAND/PROMPT="
$ UAF :== "MC AUTHORIZE"
$!
$ DISPLAY
Security TEAM menu
*************************************************
A : Activate Authorization file
B : Add VCS users (LONDON only)
C : Remove VCS users (LONDON only)
P : Password Maintenance
PS1 : Primary Password change
PS2 : Secondary Password change
LO : Logout
$ p1 = ""
$ ASK " OPTION : " P1
$ P1 = F$EDIT(P1,"UPCASE,COLLAPSE")
$ goto main_sys_loop
$!
$Invalid_option:
$ display
!!! Invalid option !!!
$ pause
$ goto select_sys_option
$!
$MAIN_SYS_LOOP:
$!
$ SYS_OPTION :== Invalid_option
$ NODE_NAME = F$TRNLNM("SYS$NODE")
$ if p1 .eqs. "A" then SYS_OPTION :== RUN_AUTHORIZATION ! Authorization
$ if ((p1 .eqs. "B") .or. (p1 .eqs. "C") ) .and. -
( NODE_NAME .nes. "LONDON::" )
$ then
$ write sys$output "Function valid only in LONDON !!"
$ goto select_sys_option
$ endif
$ if p1 .eqs. "B" then SYS_OPTION :== RUN_ADDVCS ! Add VCS
$ if p1 .eqs. "C" then SYS_OPTION :== RUN_REMVCS ! Remove VCS
$ if p1 .eqs. "P" then SYS_OPTION :== PASS_MAINT ! Password Maintenance
$ if p1 .eqs. "PS1" then SYS_OPTION :== PASS_CHANGE1 ! CGE Primary Pass
$ if p1 .eqs. "PS2" then SYS_OPTION :== PASS_CHANGE2 ! CGE Sec Pass
$ if p1 .eqs. "LO" then SYS_OPTION :== LOG_OUT ! LOGOUT
$!
$ say ""
$ goto 'sys_option'
$!
$LOG_OUT:
$ on warning then continue
$ LOGOUT
$ goto select_sys_option
$!
$RUN_AUTHORIZATION:
$ on warning then continue
$ ask "UAF>" action
$ action = f$edit("''action'","UPCASE")
$ IF (F$EDIT(action,"UPCASE,COLLAPSE") .eqs. "EXIT") .or. (F$EDIT(action,"UPCASE,COLLAPSE") .eqs. "EX") THEN GOTO select_sys_option
$!
$ IF (F$LOCATE( "/PA", "''action'") .ne. F$length("''action'")) .or. (F$LOCATE( "/G", "''action'") .ne. F$length("''action'"))
$ then
$ Say "*** Modifying PASSWORD is not permitted"
$ goto RUN_AUTHORIZATION
$ endif
$!
$ UAF 'action'
$ goto RUN_AUTHORIZATION
$!
$RUN_ADDVCS:
$ on warning then continue
$ read/prompt="please specify Username to be added : " sys$command -
vcsuser
$ set def sys$system
$ define/user_mode sys$input sys$command
$ VCS Edit config add user 'vcsuser/mana/auth=*
$ set def 'olddef'
$ goto select_sys_option
$
$RUN_REMVCS:
$ on warning then continue
$ read/prompt="please specify Username to be removed : " sys$command -
vcsuser
$ set def sys$system
$ define/user_mode sys$input sys$command
$ VCS Edit config remove user 'vcsuser
$ set def 'olddef'
$ goto select_sys_option
$!
$PASS_MAINT:
$ on warning then continue
$ define/user_mode sys$input sys$command
$ say ""
$ ask "User Account (Q-TO QUIT): " username
$ username = F$EDIT(username,"UPCASE,TRIM")
$ IF username .EQS. "Q" THEN GOTO select_sys_option
$ IF username .EQS. "" THEN GOTO PASS_MAINT
$ CHK_UIC = F$IDENTIFIER("''username'","NAME_TO_NUMBER")
$ if CHK_UIC .eqs. 0
$ then
$ say "Username or User Identifier does not exist ..."
$ goto PASS_MAINT
$ endif
$!
$ get_passwd_typ:
$ say ""
$ ask "Specify password type (PRI/SEC) : " passwd_typ
$ passwd_typ = F$EDIT(passwd_typ,"UPCASE,TRIM")
$ if (passwd_typ .nes. "PRI") .and. (passwd_typ .nes. "SEC") then goto get_passwd_typ
$!
$ get_passwd:
$ say ""
$ set term/noecho
$ ask "Enter a 8-Character New Password or to clear the password : " passwd
$ set term/echo
$ passwd = f$edit(passwd,"upcase,collapse")
$ if passwd .eqs. "NULL"
$ then
$ UAF modify 'username'/nopass
$ say ""
$ say "Password cleared for account ''username' ..."
$ say ""
$ goto select_sys_option
$ endif
$!
$ say ""
$ set term/noecho
$ ask "Re-Enter the New Password : " passwd_1
$ set term/echo
$ passwd_1 = f$edit(passwd_1,"upcase,collapse")
$!
$ if passwd .nes. passwd_1
$ then
$ say "New password verification error; please try again"
$ goto get_passwd
$ endif
$!
$ if f$length(passwd) .lt. 8
$ then
$ say "%UAF-I-PWDLESSMIN, new password is shorter than minimum password length (8 Char), Pls re-enter new password"
$ goto get_passwd
$ endif
$!
$ if (passwd_typ .eqs. "PRI") .and. (passwd .nes. "NULL") then UAF modify 'username'/pass=('passwd',"")
$ if (passwd_typ .eqs. "SEC") .and. (passwd .nes. "NULL") then UAF modify 'username'/pass=("",'passwd')
$ say ""
$ say "Password reset completed for ''username', New password will expire upon next logon ..."
$ say ""
$ wait 00:00:03
$ goto select_sys_option
$!
$PASS_CHANGE1:
$ on warning then continue
$ define/user_mode sys$input sys$command
$ set pass
$ goto select_sys_option
$!
$PASS_CHANGE2:
$ on warning then continue
$ define/user_mode sys$input sys$command
$ set pass/sec
$ goto select_sys_option
$!
$FINISH:
$ say " "
$ say "!!! Abnormal condition is detected, Logout forced by System !!!"
$ say " "
$ LOGOUT
$!
$nopriv:
$ say "*** Insufficient privilege to run this procedure ***"
$ PAUSE
$ logout
$!
$BYPASS:
$ LOGOUT
-------------------------------------------
Below is completed script.When user execute login.com he will get "Security team menu" to select the options.
For changing the ownership of account,he has to select the option "A".once select A option will get the prompt UAF >
UAF>
Note:If i want to change the account ownership without sign "+" this procedure is working fine ,
but if i select "+" it is giving "undefined symbol" error as below screen shot
Requirement: Now we need to change all account ownership with "+" sign with help of this procedure.
can you please suggest how can we accoplish the script in such a way that "+" sign will accept in account ownership.
scree shot
==========
Case I:
=======
$ @LOGIN.COM;
Security team GROUP
*************************************************
A : Activate Authorization file
B : Add VCS users (LONDON only)
C : Remove VCS users (LONDON only)
P : Password Maintenance
PS1 : Primary Password change
PS2 : Secondary Password change
LO : Logout
OPTION : a
UAF>modify user2/owner="+david_loong"
%DCL-W-UNDSYM, undefined symbol - check validity and spelling
\david_loong\
%DCL-W-UNDSYM, undefined symbol - check validity and spelling
\david_loong\
%DCL-E-INVIFNEST, invalid IF-THEN-ELSE nesting structure or data inconsistency
Case II:
========
$ @LOGIN.COM;
%CDU-W-NOSUCHVERB, The CLI table does not contain verb name EDIT
security team GROUP
*************************************************
A : Activate Authorization file
B : Add VCS users (LONDON only)
C : Remove VCS users (LONDON only)
P : Password Maintenance
PS1 : Primary Password change
PS2 : Secondary Password change
LO : Logout
OPTION : a
UAF>modify user2/owner="david_loong"
%UAF-I-MDFYMSG, user record(s) updated
Command Procedure:
--------------------------------------------
$ SET ON
$ set command/delete=(edit)
$ SET PROTECTION=(S:RWED,O:RWED,G:RE,W)/DEFAULT
$ SET NOCONTROL=(T,Y)
$
$ olddef = f$environment("DEFAULT")
$!
$ if .not. f$privilege("SYSPRV") then goto nopriv
$ IF F$MODE() .NES. "INTERACTIVE" THEN GOTO BYPASS
$!
$ SELECT_SYS_OPTION:
$ ON CONTROL_Y THEN GOTO FINISH
$ ON WARNING THEN GOTO SELECT_SYS_OPTION
$ ON ERROR THEN GOTO SELECT_SYS_OPTION
$ ON SEVERE_ERROR THEN GOTO SELECT_SYS_OPTION
$ PAUSE :== "WAIT 00:00:03"
$ DISPLAY :== "TYPE SYS$INPUT "
$ SAY :== "Write sys$output "
$ ASK :== "READ SYS$COMMAND/PROMPT="
$ UAF :== "MC AUTHORIZE"
$!
$ DISPLAY
Security TEAM menu
*************************************************
A : Activate Authorization file
B : Add VCS users (LONDON only)
C : Remove VCS users (LONDON only)
P : Password Maintenance
PS1 : Primary Password change
PS2 : Secondary Password change
LO : Logout
$ p1 = ""
$ ASK " OPTION : " P1
$ P1 = F$EDIT(P1,"UPCASE,COLLAPSE")
$ goto main_sys_loop
$!
$Invalid_option:
$ display
!!! Invalid option !!!
$ pause
$ goto select_sys_option
$!
$MAIN_SYS_LOOP:
$!
$ SYS_OPTION :== Invalid_option
$ NODE_NAME = F$TRNLNM("SYS$NODE")
$ if p1 .eqs. "A" then SYS_OPTION :== RUN_AUTHORIZATION ! Authorization
$ if ((p1 .eqs. "B") .or. (p1 .eqs. "C") ) .and. -
( NODE_NAME .nes. "LONDON::" )
$ then
$ write sys$output "Function valid only in LONDON !!"
$ goto select_sys_option
$ endif
$ if p1 .eqs. "B" then SYS_OPTION :== RUN_ADDVCS ! Add VCS
$ if p1 .eqs. "C" then SYS_OPTION :== RUN_REMVCS ! Remove VCS
$ if p1 .eqs. "P" then SYS_OPTION :== PASS_MAINT ! Password Maintenance
$ if p1 .eqs. "PS1" then SYS_OPTION :== PASS_CHANGE1 ! CGE Primary Pass
$ if p1 .eqs. "PS2" then SYS_OPTION :== PASS_CHANGE2 ! CGE Sec Pass
$ if p1 .eqs. "LO" then SYS_OPTION :== LOG_OUT ! LOGOUT
$!
$ say ""
$ goto 'sys_option'
$!
$LOG_OUT:
$ on warning then continue
$ LOGOUT
$ goto select_sys_option
$!
$RUN_AUTHORIZATION:
$ on warning then continue
$ ask "UAF>" action
$ action = f$edit("''action'","UPCASE")
$ IF (F$EDIT(action,"UPCASE,COLLAPSE") .eqs. "EXIT") .or. (F$EDIT(action,"UPCASE,COLLAPSE") .eqs. "EX") THEN GOTO select_sys_option
$!
$ IF (F$LOCATE( "/PA", "''action'") .ne. F$length("''action'")) .or. (F$LOCATE( "/G", "''action'") .ne. F$length("''action'"))
$ then
$ Say "*** Modifying PASSWORD is not permitted"
$ goto RUN_AUTHORIZATION
$ endif
$!
$ UAF 'action'
$ goto RUN_AUTHORIZATION
$!
$RUN_ADDVCS:
$ on warning then continue
$ read/prompt="please specify Username to be added : " sys$command -
vcsuser
$ set def sys$system
$ define/user_mode sys$input sys$command
$ VCS Edit config add user 'vcsuser/mana/auth=*
$ set def 'olddef'
$ goto select_sys_option
$
$RUN_REMVCS:
$ on warning then continue
$ read/prompt="please specify Username to be removed : " sys$command -
vcsuser
$ set def sys$system
$ define/user_mode sys$input sys$command
$ VCS Edit config remove user 'vcsuser
$ set def 'olddef'
$ goto select_sys_option
$!
$PASS_MAINT:
$ on warning then continue
$ define/user_mode sys$input sys$command
$ say ""
$ ask "User Account (Q-TO QUIT): " username
$ username = F$EDIT(username,"UPCASE,TRIM")
$ IF username .EQS. "Q" THEN GOTO select_sys_option
$ IF username .EQS. "" THEN GOTO PASS_MAINT
$ CHK_UIC = F$IDENTIFIER("''username'","NAME_TO_NUMBER")
$ if CHK_UIC .eqs. 0
$ then
$ say "Username or User Identifier does not exist ..."
$ goto PASS_MAINT
$ endif
$!
$ get_passwd_typ:
$ say ""
$ ask "Specify password type (PRI/SEC) : " passwd_typ
$ passwd_typ = F$EDIT(passwd_typ,"UPCASE,TRIM")
$ if (passwd_typ .nes. "PRI") .and. (passwd_typ .nes. "SEC") then goto get_passwd_typ
$!
$ get_passwd:
$ say ""
$ set term/noecho
$ ask "Enter a 8-Character New Password or
$ set term/echo
$ passwd = f$edit(passwd,"upcase,collapse")
$ if passwd .eqs. "NULL"
$ then
$ UAF modify 'username'/nopass
$ say ""
$ say "Password cleared for account ''username' ..."
$ say ""
$ goto select_sys_option
$ endif
$!
$ say ""
$ set term/noecho
$ ask "Re-Enter the New Password : " passwd_1
$ set term/echo
$ passwd_1 = f$edit(passwd_1,"upcase,collapse")
$!
$ if passwd .nes. passwd_1
$ then
$ say "New password verification error; please try again"
$ goto get_passwd
$ endif
$!
$ if f$length(passwd) .lt. 8
$ then
$ say "%UAF-I-PWDLESSMIN, new password is shorter than minimum password length (8 Char), Pls re-enter new password"
$ goto get_passwd
$ endif
$!
$ if (passwd_typ .eqs. "PRI") .and. (passwd .nes. "NULL") then UAF modify 'username'/pass=('passwd',"")
$ if (passwd_typ .eqs. "SEC") .and. (passwd .nes. "NULL") then UAF modify 'username'/pass=("",'passwd')
$ say ""
$ say "Password reset completed for ''username', New password will expire upon next logon ..."
$ say ""
$ wait 00:00:03
$ goto select_sys_option
$!
$PASS_CHANGE1:
$ on warning then continue
$ define/user_mode sys$input sys$command
$ set pass
$ goto select_sys_option
$!
$PASS_CHANGE2:
$ on warning then continue
$ define/user_mode sys$input sys$command
$ set pass/sec
$ goto select_sys_option
$!
$FINISH:
$ say " "
$ say "!!! Abnormal condition is detected, Logout forced by System !!!"
$ say " "
$ LOGOUT
$!
$nopriv:
$ say "*** Insufficient privilege to run this procedure ***"
$ PAUSE
$ logout
$!
$BYPASS:
$ LOGOUT
-------------------------------------------
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP