- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- undefined symbol error while defining account owne...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-03-2009 01:18 AM
тАО02-03-2009 01:18 AM
Re: undefined symbol error while defining account ownership.
$ ask "owner?" owner
$ if f$extract(0,1,owner).nes."+" then owner="+"+owner
$ UAF modify 'user'/owner="''owner'"
And finally, to just update all accounts to adhere to the new "+" rule, I would get the freeware GETUAI utility in a procedure
$loop:
$! reading the username from a file
$ GETUAI 'username' /owner=owner
$ if f$extract(0,1,owner).nes."+" then owner="+"+owner
$ UAF modify 'username'/owner="''owner'"
$ goto loop
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-03-2009 04:31 AM
тАО02-03-2009 04:31 AM
Re: undefined symbol error while defining account ownership.
anyone yet explained what "ask" really is?
alp $ help ask
Sorry, no documentation on ASK
[...]
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-03-2009 04:54 AM
тАО02-03-2009 04:54 AM
Re: undefined symbol error while defining account ownership.
>> "ask" command(-procedure?) is preserving them.
Whatever it is, behind it probably is is either an inquire or a read, or another procedure doing it.
And depending on that, it requires a different number of double quotes for the quoted user input string.
Since we don't know what 'ask" is effectively doing, the OP has to test his procedure with different number of quote pairs to find the right incantation.
And is is already clear why it was working (just by chance) until special characters like "+" was in the symbol: the unquoted string was still legal in the UAF command.
And I repeat: it is quite ugly to write a procedure which requires from the user to know how to quote his input !
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-03-2009 05:20 AM
тАО02-03-2009 05:20 AM
Re: undefined symbol error while defining account ownership.
And, of course, INQUIRE in a context with
enough privilege to use AUTHORIZE is a big
invitation to trouble.
http://h71000.www7.hp.com/doc/732final/aa-q2hlg-te/aa-q2hlg-te.pdf
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-03-2009 06:16 AM
тАО02-03-2009 06:16 AM
Re: undefined symbol error while defining account ownership.
Weird to say the least...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-03-2009 06:29 AM
тАО02-03-2009 06:29 AM
Re: undefined symbol error while defining account ownership.
This is generic script for all UAF modification of accounts.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-03-2009 07:04 AM
тАО02-03-2009 07:04 AM
Re: undefined symbol error while defining account ownership.
Why then a procedure at all, and not just invoke AUTHORIZE, then the user does whatever he likes.
If he/she is privileged to do anything in authorize, then he certainly can invoke authorize to change passwords.
If on the other side this is part of a captive account procedure for an account administrator, then it is a crazy idea to allow everthing.
In this case better let the procedure ask for specific things like owner string, and let the procedure form the authorize command as I have recommended earlier.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-03-2009 09:08 AM
тАО02-03-2009 09:08 AM
Re: undefined symbol error while defining account ownership.
from your Forum Profile:
I have assigned points to 0 of 77 responses to my questions.
Maybe you can find some time to do some assigning?
http://forums1.itrc.hp.com/service/forums/helptips.do?#33
Mind, I do NOT say you necessarily need to give lots of points. It is fully up to _YOU_ to decide how many. If you consider an answer is not deserving any points, you can also assign 0 ( = zero ) points, and then that answer will no longer be counted as unassigned.
Consider, that every poster took at least the trouble of posting for you!
To easily find your streams with unassigned points, click your own name somewhere.
This will bring up your profile.
Near the bottom of that page, under the caption "My Question(s)" you will find "questions or topics with unassigned points " Clicking that will give all, and only, your questions that still have unassigned postings.
Thanks on behalf of your Forum colleagues.
PS. nothing personal in this. I try to post it to everyone with this kind of assignment ratio in this forum. If you have received a posting like this before please do not take offence none is intended!
PPS. Zero points for THIS entry, please.
Proost.
Have one on me.
jpe
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-03-2009 01:08 PM
тАО02-03-2009 01:08 PM
Re: undefined symbol error while defining account ownership.
> This is generic script for all UAF
> modification of accounts
Your script doesn't deal with quotes properly. This is always going to be an issue attempting to build a "meta" DCL script - the level of parsing required to deal with all possible cases of DCL constructs. It's more or less impossible to do it with a sane number of lines of DCL that will execute in a non-geological time.
As written, there are ways to exploit your code to bypass your checks, or do things that you don't want or don't expect. Simple case, try this:
$ hack="/password=newone"
$ robert="+robert'hack'"
now execute your procedure and repeat your test. There won't be an undefined symbol error, nor will your check for /PA be triggered, but your input command:
modify use1/owner="+robert"
WILL change the users' password.
So, your generic script doesn't work, and there's no simple way to do what you want.
There are two basic options... first is to write your own UAF utility in a compiled language, and omit the functions you want to block.
Second is to tell your operators (or whoever uses this command procedure) that all UAF actions are audited, and will be checked for illegal operations. Any that are discovered will lead to disciplinary action.
Ultimately you have to trust people to do the right thing.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-03-2009 09:38 PM
тАО02-03-2009 09:38 PM
Re: undefined symbol error while defining account ownership.
Below is completed script.When user execute login.com he will get "Security team menu" to select the options.
For changing the ownership of account,he has to select the option "A".once select A option will get the prompt UAF >
UAF>
Note:If i want to change the account ownership without sign "+" this procedure is working fine ,
but if i select "+" it is giving "undefined symbol" error as below screen shot
Requirement: Now we need to change all account ownership with "+" sign with help of this procedure.
can you please suggest how can we accoplish the script in such a way that "+" sign will accept in account ownership.
scree shot
==========
Case I:
=======
$ @LOGIN.COM;
Security team GROUP
*************************************************
A : Activate Authorization file
B : Add VCS users (LONDON only)
C : Remove VCS users (LONDON only)
P : Password Maintenance
PS1 : Primary Password change
PS2 : Secondary Password change
LO : Logout
OPTION : a
UAF>modify user2/owner="+david_loong"
%DCL-W-UNDSYM, undefined symbol - check validity and spelling
\david_loong\
%DCL-W-UNDSYM, undefined symbol - check validity and spelling
\david_loong\
%DCL-E-INVIFNEST, invalid IF-THEN-ELSE nesting structure or data inconsistency
Case II:
========
$ @LOGIN.COM;
%CDU-W-NOSUCHVERB, The CLI table does not contain verb name EDIT
security team GROUP
*************************************************
A : Activate Authorization file
B : Add VCS users (LONDON only)
C : Remove VCS users (LONDON only)
P : Password Maintenance
PS1 : Primary Password change
PS2 : Secondary Password change
LO : Logout
OPTION : a
UAF>modify user2/owner="david_loong"
%UAF-I-MDFYMSG, user record(s) updated
Command Procedure:
--------------------------------------------
$ SET ON
$ set command/delete=(edit)
$ SET PROTECTION=(S:RWED,O:RWED,G:RE,W)/DEFAULT
$ SET NOCONTROL=(T,Y)
$
$ olddef = f$environment("DEFAULT")
$!
$ if .not. f$privilege("SYSPRV") then goto nopriv
$ IF F$MODE() .NES. "INTERACTIVE" THEN GOTO BYPASS
$!
$ SELECT_SYS_OPTION:
$ ON CONTROL_Y THEN GOTO FINISH
$ ON WARNING THEN GOTO SELECT_SYS_OPTION
$ ON ERROR THEN GOTO SELECT_SYS_OPTION
$ ON SEVERE_ERROR THEN GOTO SELECT_SYS_OPTION
$ PAUSE :== "WAIT 00:00:03"
$ DISPLAY :== "TYPE SYS$INPUT "
$ SAY :== "Write sys$output "
$ ASK :== "READ SYS$COMMAND/PROMPT="
$ UAF :== "MC AUTHORIZE"
$!
$ DISPLAY
Security TEAM menu
*************************************************
A : Activate Authorization file
B : Add VCS users (LONDON only)
C : Remove VCS users (LONDON only)
P : Password Maintenance
PS1 : Primary Password change
PS2 : Secondary Password change
LO : Logout
$ p1 = ""
$ ASK " OPTION : " P1
$ P1 = F$EDIT(P1,"UPCASE,COLLAPSE")
$ goto main_sys_loop
$!
$Invalid_option:
$ display
!!! Invalid option !!!
$ pause
$ goto select_sys_option
$!
$MAIN_SYS_LOOP:
$!
$ SYS_OPTION :== Invalid_option
$ NODE_NAME = F$TRNLNM("SYS$NODE")
$ if p1 .eqs. "A" then SYS_OPTION :== RUN_AUTHORIZATION ! Authorization
$ if ((p1 .eqs. "B") .or. (p1 .eqs. "C") ) .and. -
( NODE_NAME .nes. "LONDON::" )
$ then
$ write sys$output "Function valid only in LONDON !!"
$ goto select_sys_option
$ endif
$ if p1 .eqs. "B" then SYS_OPTION :== RUN_ADDVCS ! Add VCS
$ if p1 .eqs. "C" then SYS_OPTION :== RUN_REMVCS ! Remove VCS
$ if p1 .eqs. "P" then SYS_OPTION :== PASS_MAINT ! Password Maintenance
$ if p1 .eqs. "PS1" then SYS_OPTION :== PASS_CHANGE1 ! CGE Primary Pass
$ if p1 .eqs. "PS2" then SYS_OPTION :== PASS_CHANGE2 ! CGE Sec Pass
$ if p1 .eqs. "LO" then SYS_OPTION :== LOG_OUT ! LOGOUT
$!
$ say ""
$ goto 'sys_option'
$!
$LOG_OUT:
$ on warning then continue
$ LOGOUT
$ goto select_sys_option
$!
$RUN_AUTHORIZATION:
$ on warning then continue
$ ask "UAF>" action
$ action = f$edit("''action'","UPCASE")
$ IF (F$EDIT(action,"UPCASE,COLLAPSE") .eqs. "EXIT") .or. (F$EDIT(action,"UPCASE,COLLAPSE") .eqs. "EX") THEN GOTO select_sys_option
$!
$ IF (F$LOCATE( "/PA", "''action'") .ne. F$length("''action'")) .or. (F$LOCATE( "/G", "''action'") .ne. F$length("''action'"))
$ then
$ Say "*** Modifying PASSWORD is not permitted"
$ goto RUN_AUTHORIZATION
$ endif
$!
$ UAF 'action'
$ goto RUN_AUTHORIZATION
$!
$RUN_ADDVCS:
$ on warning then continue
$ read/prompt="please specify Username to be added : " sys$command -
vcsuser
$ set def sys$system
$ define/user_mode sys$input sys$command
$ VCS Edit config add user 'vcsuser/mana/auth=*
$ set def 'olddef'
$ goto select_sys_option
$
$RUN_REMVCS:
$ on warning then continue
$ read/prompt="please specify Username to be removed : " sys$command -
vcsuser
$ set def sys$system
$ define/user_mode sys$input sys$command
$ VCS Edit config remove user 'vcsuser
$ set def 'olddef'
$ goto select_sys_option
$!
$PASS_MAINT:
$ on warning then continue
$ define/user_mode sys$input sys$command
$ say ""
$ ask "User Account (Q-TO QUIT): " username
$ username = F$EDIT(username,"UPCASE,TRIM")
$ IF username .EQS. "Q" THEN GOTO select_sys_option
$ IF username .EQS. "" THEN GOTO PASS_MAINT
$ CHK_UIC = F$IDENTIFIER("''username'","NAME_TO_NUMBER")
$ if CHK_UIC .eqs. 0
$ then
$ say "Username or User Identifier does not exist ..."
$ goto PASS_MAINT
$ endif
$!
$ get_passwd_typ:
$ say ""
$ ask "Specify password type (PRI/SEC) : " passwd_typ
$ passwd_typ = F$EDIT(passwd_typ,"UPCASE,TRIM")
$ if (passwd_typ .nes. "PRI") .and. (passwd_typ .nes. "SEC") then goto get_passwd_typ
$!
$ get_passwd:
$ say ""
$ set term/noecho
$ ask "Enter a 8-Character New Password or
$ set term/echo
$ passwd = f$edit(passwd,"upcase,collapse")
$ if passwd .eqs. "NULL"
$ then
$ UAF modify 'username'/nopass
$ say ""
$ say "Password cleared for account ''username' ..."
$ say ""
$ goto select_sys_option
$ endif
$!
$ say ""
$ set term/noecho
$ ask "Re-Enter the New Password : " passwd_1
$ set term/echo
$ passwd_1 = f$edit(passwd_1,"upcase,collapse")
$!
$ if passwd .nes. passwd_1
$ then
$ say "New password verification error; please try again"
$ goto get_passwd
$ endif
$!
$ if f$length(passwd) .lt. 8
$ then
$ say "%UAF-I-PWDLESSMIN, new password is shorter than minimum password length (8 Char), Pls re-enter new password"
$ goto get_passwd
$ endif
$!
$ if (passwd_typ .eqs. "PRI") .and. (passwd .nes. "NULL") then UAF modify 'username'/pass=('passwd',"")
$ if (passwd_typ .eqs. "SEC") .and. (passwd .nes. "NULL") then UAF modify 'username'/pass=("",'passwd')
$ say ""
$ say "Password reset completed for ''username', New password will expire upon next logon ..."
$ say ""
$ wait 00:00:03
$ goto select_sys_option
$!
$PASS_CHANGE1:
$ on warning then continue
$ define/user_mode sys$input sys$command
$ set pass
$ goto select_sys_option
$!
$PASS_CHANGE2:
$ on warning then continue
$ define/user_mode sys$input sys$command
$ set pass/sec
$ goto select_sys_option
$!
$FINISH:
$ say " "
$ say "!!! Abnormal condition is detected, Logout forced by System !!!"
$ say " "
$ LOGOUT
$!
$nopriv:
$ say "*** Insufficient privilege to run this procedure ***"
$ PAUSE
$ logout
$!
$BYPASS:
$ LOGOUT
-------------------------------------------