sk~ PWD_SOURCE.Bj PWD_SOURCE.B/BACKUP *.*/EXCLUDE=*.DIR [.KIT]PWD_SOURCE.B/SAV THR A@pV5.5 _NMDL01::  _NMDL01$DKA100: V5.5 ~ *[THR.NCOM_PWD]ADD.HLP;1+,7f./A 4L"-0123KPWO56J7`@r89GAHJ 1 ADDC The ADD command will create a new entry in the remote or security G database. The security database is checked when a remote node accessesF the local sites and attempts to access the file SYSUAF.DAT. The nodes? registered in the remote database are used by the command PWD , to establish connections to remote systems. 2 /SECURITYF The ADD/SECURITY command is used to add a node to the security access database. Format:  ADD/SECURITY [node-name] 3 /USERNAME  /USERNAME=useridJ Specifies a specific userid on a given node who can access the local nodeL remotely via the NCOM_PWD object. This will override any global access for  the remote node. 3 Parameters node-name; specifies the name of the node to be added to the security; database. If you omit the node-name, you will be prompt 9 for one. The node-name is a string of 1 through 6 alpha characters. 3 Examples @ The following examples illustrate the use of the ADD/SECURITY command. 1. PWDMGR> ADD/SECURITY CCPL018 This command adds to the security database a node named9 CCPL01 with global access for all userid on that node. - 2. PWDMGR> ADD/SECURITY/USERNAME=A2H CCPL01; This command adds to the security database a userid called= A2H on the node CCPL01. Any reference to node CCPL01 as a = global access node will be lost in favour of userids on the give node. 2 /REMOTEB The ADD/REMOTE command is used to add a node to the remote access database. Format ADD/REMOTE [node-name] 3 Parameters node-name9 specifies the name of the node to be added to the remote; database. If you omit the node-name, you will be prompt 9 for one. The node-name is a string of 1 through 6 alpha characters. 3 Examples > The following examples illustrate the use of the ADD/REMOTE command. PWDMGR> ADD/REMOTE CCPL016 This command adds to the remote database a node named CCPL01. 2 /ADMINISTRATORG The ADD/ADMINISTRATOR command is used to add a password administrator  to the file SYSUAF.DAT. Format ADD/ADMINISTRATOR [username] 3 Parameters username8 specifies the username to be added as an administrator.7 If you omit the username, you will be prompt for one. ; The username is a string of 1 through 32 alpha characters. 3 Examples 4 The following examples illustrate the use of the # ADD/ADMINISTRATOR command." PWDMGR> ADD/ADMINISTRATOR THR= This command adds the username as an password administrator.*[THR.NCOM_PWD]EXIT.HLP;1+,X ./A 4Cx-0123KPWO5 6@<Ɓ7H_r89GAHJ1 EXITC The EXIT command terminates PWDMGR and returns the user to command language level. Format: EXIT*[THR.NCOM_PWD]HELP.HLP;1+,S./A 47-0123KPWO56@; &6NCOM_PASSWORD.EXEg?jC> r& <NCOM_REMOTE_PASSWORD.EXE>iC>I!(NCOM_REMOTE_PASSWORD_SNA.EXE?,PWD.CLDn?.9>(&,PWD.HLPu? L9$>"'8PWD010.RELEASE_NOTES? <*?a8*. PWDMGR.EXEl?7 >& 2PWDMGRHELP.HLB~?P9>&,6,"PWD_REMOTE.DAT? 19#4PWD_SECURITY.FDL?> ? )90 PWD_SOURCE.B#S^ G4PWD_STARTUP.COM? <5j?~8E*[THR.NCOM_PWD]KITINSTAL.COM;1+,`:@.!/A 4i! B-0123KPWO!56WZ7 ɷr89GAHJN$!****************************************************************************$!0$! This procedure installs PWD for VMS V1.0A$! This is pretty basic as I'm pressed for time so here we go....$!N$!****************************************************************************$! $! Set up the error handling$!*$ on control_y then vmi$callback control_y$$ on warning then goto install_error$!J$! Handle INSTALL, IVP, and UNSUPPORTED parameters passed by VMSINSTAL$!/$ IF P1 .EQS. "VMI$_INSTALL" THEN GOTO INSTALL+$ IF P1 .EQS. "VMI$_IVP" THEN GOTO IVP$ exit vmi$_unsupported$!N$!****************************************************************************$!$!4$! This is the INSTALL section of this procedure$! $install:$ vmi$callback set safety yes$!$! Initialize variables...$!$ current_pwd_version = 0"$ vms_version = 0$ min_vms_version = "055"$ pwd$bool == 0$ pwd$dspi_node_true == 0+$ pwd$syslimit = 10 ! file version limit $ pwd$usrquota = 10000$ pwd$space_needed = 5000$!$! Determine version of VMS$!M$ vmi$callback message i version "Checking for VMS version 5.5 or greater..."A$ vmi$callback check_vms_version vms_version_ok 'min_vms_version'/$ if vms_version_ok then goto which_vms_versionM$ vmi$callback message e badvms "This kit will install on VMS 5.5 or greater"$ exit vmi$_failure$!$which_vms_version:*$ vms_version = 999 ! higher than required7$ vmi$callback get_system_parameter VMS$VERSION VERSIOND$ if (f$locate("5.5",VMS$VERSION) .NE. f$length(VMS$VERSION)) then - vms_version = 550E$ if (f$locate("5.5-",VMS$VERSION) .NE. f$length(VMS$VERSION)) then - vms_version = 551$! $ask_ivp:$!3$! Ask the user if they wish to purge old files$!$ vmi$callback ask pwd$bool -H "Do you want to purge files replaced by this installation" "YES" B3$ if pwd$bool .eq. 0 then vmi$callback set purge no4$ if pwd$bool .eq. 1 then vmi$callback set purge yes$!2$! Checking to make sure that DECnet is running...$!$check_decnet:@$ vmi$callback message i chk_net "Checking if DECnet is running"($ vmi$callback check_network pwd$netstat$ if .not. pwd$netstat$ then$ type sys$input: DECnet is not running.2 PWD for VMS V1.0 requires that DECnet be running.$ exit vmi$_failure $ endif$!$ ask_pwddisk:$ vmi$callback ask pwd$disk -> "Logical disk Name for PWD software" "SYS$SYSDEVICE" S8$ PWD$DISK == PWD$DISK - ":" ! Must be Global Variable !1$ if f$parse ("''pwd$disk':[000000]") .eqs. "" - then goto ask_pwddisk$!@$! Check for enough free blocks on the system disk. We need$! about 5000 blocks.$! $check_space:A$ vmi$callback message i freeblks "Checking for 5000 free blocks"4$ pwd$FREE_SPACE = F$GETDVI (pwd$disk, "FREEBLOCKS")*$ IF pwd$FREE_SPACE .LT. pwd$SPACE_NEEDED $ THEN i$ vmi$callback message e freeblks "Disk ''pwd$disk' does not contain enough free blocks to install PWD"$ exit vmi$_failure$ endif$!V$ vmi$callback message i freeblks "Disk ''pwd$disk' has ''pwd$free_space' free blocks"$!:$! Get the UIC to be used or use the existing ncom_pwd UIC$!P$ if "''f$trnlnm("sysuaf")'" .eqs. "" then define sysuaf "sys$system:sysuaf.dat"\$ if "''f$trnlnm("rightslist")'" .eqs. "" then define rightslist "sys$system:rightslist.dat"$!$get_ncom_pwd_uic:5$ uic_int = f$identifier("ncom_pwd","name_to_number")$ if uic_int .ne. 0 $ then "$ pwd$group = f$fao("!%U",UIC_INT)>$ pwd$group = f$extract(1,f$locate(",",pwd$group)-1,pwd$group)$ else$ pwd$group = 359$next_available_group:$ pwd$group = pwd$group + 1?$ pwd$identifier = f$integer("%O''pwd$group'" * %X10000) + 1D$ if "''f$identifier(pwd$identifier,"number_to_name")'" .nes. "" $ then $ goto next_available_group $ endif!$ vmi$callback ask pwd$group -O "UIC Group number for network object account NCOM_PWD" "''PWD$GROUP'" I$endif$!G$! I don't really known what to do here as I don't want to stuff around5$! with other peoples systems. So... Let them deside.$!$$ vmi$callback find_file pwd$quota -3 'pwd$disk':[000000]quota.sys "" s pwd$found$ if pwd$found .eqs. "S" $ then $ type sys$input:& Disk quotas are enabled on this disk.) Check that the UIC you have selected has. 5000 blocks available to it before continuing' otherwise the installation will fail. $ vmi$callback ask pwd$bool -! "Do you wish to continue" "NO" B.$ if pwd$bool .eq. 0 the n exit vmi$_failure $endif$! $ type sys$input9 If you select yes to the following question then provide8 the node name of a system on your network that has the 6 DECnet/SNA VMS 3270 Data Stream Programming Interface7 installed. This allows you to modify passwords on an  MVS IBM mainframe. $ask_ibm_interface:$ pwd$dspi_node_true = false$ vmi$callback ask pwd$bool -M "Does a node on your network have DECnet/SNA VMS 3270 DSPI installed" "NO" B$ if pwd$bool .eq. 1 $ then"$ vmi$callback ask pwd$dspi_node -/ "Name of node with DSPI installed" "" S0$ IF f$extract(0,6,F$TRNLNM("SYS$NODE")) .EQS. -< f$extract(0,6,pwd$dspi_node) then pwd$DSPI_NODE_TRUE = true$ endif$!$ if pwd$DSPI_NODE_TRUE $ THEN$ TYPE SYS$INPUTD ------------------------------------------------------------= You will have to install the image SYS$LIBRARY:SNA3270SH.EXE5 sharable otherwise you will get the following error.2 %DCL-W-ACTIMAGE, error activating image SNA3270SH5 -CLI-E-IMGNAME, image file SYS$LIBRARY:SNA3270SH.EXE> -SYSTEM-F-PRIVINSTALL, shareable images must be installed to  run privileged imageD ------------------------------------------------------------$ ENDIFO$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$!$ type sys$input:" All questions have been answered.; The installation of PWD for VMS V1.0 will continue.$!A$! Open and append logical to the end of the startup command file$!8$ OPEN/APPEND/ERROR=file_append_error PWD$APPEND_FILE - VMI$KWD:PWD_STARTUP.COM2$ WRITE /ERROR=file_append_error PWD$APPEND_FILE -N "$ DEFINE/TABLE=LNM$NCOM_TABLE NCOM_PWD$EXE ''PWD$DISK':[NCOM_PWD.EXE]/NOLOG"2$ WRITE /ERROR=file_append_error PWD$APPEND_FILE -N "$ DEFINE/TABLE=LNM$NCOM_TABLE NCOM_PWD$DAT ''PWD$DISK':[NCOM_PWD.DAT]/NOLOG"2$ WRITE /ERROR=file_append_error PWD$APPEND_FILE -N "$ DEFINE/TABLE=LNM$NCOM_TABLE NCOM_PWD$LOG ''PWD$DISK':[NCOM_PWD.LOG]/NOLOG"2$ WRITE /ERROR=file_append_error PWD$APPEND_FILE -I "$ DEFINE/TABLE=LNM$NCOM_TABLE NCOM_PWD$IBM_NODE ''PWD$DSPI_NODE'/NOLOG"5$ WRITE /ERROR=file_append_error PWD$APPEND_FILE "$!"2$ WRITE /ERROR=file_append_error PWD$APPEND_FILE -_ "$ INSTALL REPLACE ''PWD$DISK':[NCOM_PWD.EXE]NCOM_REMOTE_PASSWORD.EXE/OPEN/HEADER/PRIV=SYSPRV"$ CLOSE PWD$APPEND_FILE$!$ goto check_old_startup$!$file_append_error:$!&$! Error appending to the startup file$!$ exit vmi$_failure$!$check_old_startup:$!5$! rename password startup file to .old if one exists$!.$ VMI$CALLBACK FIND_FILE PWD$OLD_PWD_STARTUP -8 VMI$ROOT:[SYS$STARTUP]PWD_STARTUP.COM "" S PWD$FOUND$ IF PWD$FOUND .EQS. "S" $ THENN$ VMI$CALLBACK MESSAGE I PWD_OLD "Renaming existing PWD_STARTUP.COM to .OLD"A$ VMI$CALLBACK RENAME_FILE PWD$OLD_PWD_STARTUP PWD_STARTUP.OLD;$ ENDIF$!($! Install the new PWD_STARTUP.COM file.$!P$ VMI$CALLBACK PROVIDE_FILE PWD$STARTUP PWD_STARTUP.COM VMI$ROOT:[SYS$STARTUP]$!J$!************************************************************************$!+$! Check and create the NCOM_PWD directory.$! $check_dir:$!#$ vmi$callback message i initial -: "Checking the directory ''pwd$disk':[ncom_pwd...]"$!($ vmi$callback find_file pwd$directory -/ 'pwd$disk':[000000]ncom_pwd.dir "" s pwd$found$ if pwd$found .nes. "S"$ then =$ vmi$callback create_directory user 'pwd$disk':[ncom_pwd] -g "/protection=(owner:rwed,group:r,world:e)/version_limit=''pwd$syslimit'/owner_uic=[''pwd$group',1]"$ endif$!4$! Check and create the [NCOM_PWD]EXE.DIR directory.$!($ vmi$callback find_file pwd$directory -, 'pwd$disk':[ncom_pwd]exe.dir "" s pwd$found$ if pwd$found .nes. "S"$ then A$ vmi$callback create_directory user 'pwd$disk':[ncom_pwd.exe] -g "/protection=(owner:rwed,group:r,world:e)/version_limit=''pwd$syslimit'/owner_uic=[''pwd$group',1]"$ endif$!4$! Check and create the [NCOM_PWD]DAT.DIR directory.$!($ vmi$callback find_file pwd$directory -, 'pwd$disk':[ncom_pwd]dat.dir "" s pwd$found$ if pwd$found .nes. "S"$ then A$ vmi$callback create_directory user 'pwd$disk':[ncom_pwd.dat] -i "/protection=(owner:rwed,group:er,world:re)/version_limit=''pwd$syslimit'/owner_uic=[''pwd$group',1]"$ endif$!$!4$! Check and create the [NCOM_PWD]LOG.DIR directory.$!($ vmi$callback find_file pwd$directory -, 'pwd$disk':[ncom_pwd]log.dir "" s pwd$found$ if pwd$found .nes. "S"$ then A$ vmi$callback create_directory user 'pwd$disk':[ncom_pwd.log] -c "/protection=(owner:rwed,group,world)/version_limit=''pwd$syslimit'/owner_uic=[''pwd$group',1]"$ endif$!$!7$! Check and create the [NCOM_PWD]SOURCE.DIR directory.$!($ vmi$callback find_file pwd$directory -/ 'pwd$disk':[ncom_pwd]source.dir "" s pwd$found$ if pwd$found .nes. "S"$ then D$ vmi$callback create_directory user 'pwd$disk':[ncom_pwd.source] -E "/protection=(owner:rwed,group,world)/owner_uic=[''pwd$group',1]"$ endif$!K$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!$!B$! Define the logical disk names and create the logical name table$! $ create- /name_table- /nolog-) /protection=(s:rwed,o:rwed,g:r,w:r) -" /parent=LNM$SYSTEM_DIRECTORY - LNM$NCOM_TABLE$!K$! Add this table to the end of the default RMS and DCL logical name search@$! list as specified by LNM$FILE_DEV unless it is already there.$!L$ max_index = f$trnlnm("LNM$FILE_DEV","LNM$SYSTEM_DIRECTORY",,,,"MAX_INDEX")$ curr_index = 0$ lnm$file_dev = ""$ file_dev_loop:8$ if curr_index .gt. max_index then goto file_dev_doneI$ log_name = f$trnlnm("LNM$FILE_DEV","LNM$SYSTEM_DIRECTORY",curr_index)>$ if log_name .eqs. "LNM$NCOM_TABLE" then goto file_dev_skip0$ lnm$file_dev = lnm$file_dev + log_name + ","$ curr_index = curr_index + 1$ goto file_dev_loop$ file_dev_done:0$ lnm$file_dev = lnm$file_dev + "LNM$NCOM_TABLE"E$ define/nolog/table=LNM$SYSTEM_DIRECTORY LNM$FILE_DEV 'lnm$file_dev'$ file_dev_skip:$!J$ define/table=lnm$NCOM_table NCOM_pwd$exe 'pwd$disk':[NCOM_pwd.exe]/nologJ$ define/table=lnm$NCOM_table NCOM_pwd$dat 'pwd$disk':[NCOM_pwd.dat]/nologJ$ define/table=lnm$NCOM_table NCOM_pwd$log 'pwd$disk':[NCOM_pwd.log]/nologF$ define/table=lnm$NCOM_table NCOM_pwd$ibm_node 'pwd$dspi_node'/nolog$!M$!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! $! create password for NCOM_PWD $!>$ PWD$PASSWORD = F$CVTIME(F$TIME(),,"TIME") - ":" - ":" - "." ?$ PWD$PASSWORD = "''PWD$PASSWORD'" + "''F$GETJPI("","CPUTIM")'"?$ PWD$PASSWORD = "''PWD$PASSWORD'" + "''F$GETJPI("","CPUTIM")'"$!($! Create the default access account$!<$ IF F$IDENTIFIER("NCOM_PWD","NAME_TO_NUMBER") .NE. 0 THEN - GOTO NCOM_PWD_EXISTS$!$!Flags for NCOM_PWD:$!H$ NCOM_PWD$FLAGS = "LOCKPWD,DEFCLI,DISCTLY,DISMAIL,DISNEWMAIL,NODISUSER"$!H$! Break account creation into two parts to avoid %DCL-W-TKNOVF error...$!($ NCOM_PWD$QUALIFIERS = "/ADD_IDENT" + -< "/DEFPRIV=(NOALL,TMPMBX,NETMBX)" + -9 "/PRIV=(NOALL,TMPMBX,NETMBX)" + -% "/UIC=[''PWD$GROUP',1]" + -. "/DEV=''PWD$DISK'" + -1 "/DIR=[NCOM_PWD.LOG]" + -& "/PASSWORD=''PWD$PASSWORD'" ?$ VMI$CALLBACK CREATE_ACCOUNT NCOM_PWD "''NCOM_PWD$QUALIFIERS'"C$ VMI$CALLBACK UPDATE_ACCOUNT NCOM_PWD "/FLAGS=(''NCOM_PWD$FLAGS')"$!&$ NCOM_PWD$QUALIFIERS = "/NOBATCH" + -( "/NOINTERACTIVE" + -" "/NETWORK" + -' "/PWDLIFE=NONE" + - "/NOEXPIRATION" + -' "/NOPWDEXPIRED" + -? "/OWNER=""Pwd Network Object Account""" + -+ "/ACCOUNT=""NCOM_PWD"""$!?$ VMI$CALLBACK UPDATE_ACCOUNT NCOM_PWD "''NCOM_PWD$QUALIFIERS'"$!$NCOM_PWD_EXISTS:$!B$! Update the account NCOM_PWD so the password is the same as the $! password on the object$!B$ VMI$CALLBACK UPDATE_ACCOUNT NCOM_PWD "/PASSWORD=''PWD$PASSWORD'"$!A$! Set up the DECnet operating environment required by PWD010$!,$ PWD$DECNET = F$TRNLNM("SYS$NODE") .NES. ""#$ VMI$CALLBACK MESSAGE I DEF_OBJS -) "Defining DECnet object NCOM_PWD"$ IF PWD$DECNET$ THENU$ MCR NCP DEFINE OBJECT NCOM_PWD NUMBER 0 FILE NCOM_PWD$EXE:NCOM_REMOTE_PASSWORD.EXER$ MCR NCP SET OBJECT NCOM_PWD NUMBER 0 FILE NCOM_PWD$EXE:NCOM_REMOTE_PASSWORD.EXEG$ MCR NCP DEFINE OBJECT NCOM_PWD USER NCOM_PWD PASSWORD 'PWD$PASSWORD'D$ MCR NCP SET OBJECT NCOM_PWD USER NCOM_PWD PASSWORD 'PWD$PASSWORD',$ MCR NCP DEFINE OBJECT NCOM_PWD PROXY BOTH)$ MCR NCP SET OBJECT NCOM_PWD PROXY BOTH$ ELSEU$ MCR NCP DEFINE OBJECT NCOM_PWD NUMBER 0 FILE NCOM_PWD$EXE:NCOM_REMOTE_PASSWORD.EXEG$ MCR NCP DEFINE OBJECT NCOM_PWD USER NCOM_PWD PASSWORD 'PWD$PASSWORD',$ MCR NCP DEFINE OBJECT NCOM_PWD PROXY BOTH$ ENDIF$!M$ COPY vmi$KWD:NCOM_PASSWORD.EXE 'PWD$DISK':[NCOM_PWD.EXE]NCOM_PASSWORD.EXE -/ /PROT=(system:REWD,owner:RWED,Group:E,World:E)$!K$ COPY vmi$KWD:PWD_SECURITY.FDL 'PWD$DISK':[NCOM_PWD.DAT]PWD_SECURITY.FDL -+ / PROT=(system:REWD,owner:RWED,Group,World)$!$ IF PWD$DSPI_NODE_TRUE $ THEN-$ COPY vmi$KWD:NCOM_REMOTE_PASSWORD_SNA.EXE -4 'PWD$DISK':[NCOM_PWD.EXE]NCOM_REMOTE_PASSWORD.EXE -+ /PROT=(system:REWD,owner:RWED,Group,World)$ELSE)$ COPY vmi$KWD:NCOM_REMOTE_PASSWORD.EXE -4 'PWD$DISK':[NCOM_PWD.EXE]NCOM_REMOTE_PASSWORD.EXE -+ /PROT=(system:REWD,owner:RWED,Group,World)$ENDIF$!$$! PURGE 'PWD$DISK':[NCOM_PWD...]*.*$!b$ File_installed = f$file_attributes("''PWD$DISK':[NCOM_PWD.EXE]NCOM_REMOTE_PASSWORD.EXE","known")$ IF File_installed .EQS."TRUE"$ THEN_$ install replace 'PWD$DISK':[NCOM_PWD.EXE]NCOM_REMOTE_PASSWORD.EXE /open/header/priv=sysprv$ ELSE[$ install add 'PWD$DISK':[NCOM_PWD.EXE]NCOM_REMOTE_PASSWORD.EXE /open/header/priv=sysprv$ ENDIF$!J$ VMI$CALLBACK PROVIDE_FILE PWD$PWDMGRHLB PWDMGRHELP.HLB VMI$ROOT:[SYSHLP]$!D$ VMI$CALLBACK PROVIDE_IMAGE PWD$PWDMGR PWDMGR.EXE VMI$ROOT:[SYSEXE]$!$ TYPE SYS$INPUT$ Adding PWD to DCL command tables...$!$$! Add PWD command to the DCL tables$!*$ VMI$CALLBACK PROVIDE_DCL_COMMAND PWD.CLD$!$ TYPE SYS$INPUT" Adding PWD to VMS help library...$!2$! Add PWD command help to the system help library$!'$ VMI$CALLBACK PROVIDE_DCL_HELP PWD.HLP$!$TYPE SYS$INPUT? +-------------------------------------------------------+? | |? | Add the startup file SYS$STARTUP:PWD_STARTUP.COM to |? | the system startup file SYS$MANAGER:SYSTARTUP_V5.COM |? | |? | Invoke the PWDMGR utility by typing MCR PWDMGR at the |? | system prompt and populate the databases with remote |? | nodes, security access records and administrators. |? | For more details see the Password Manager Utility |? | Manual. |? | |@ +-------------------------------------------------------+ $ivp:$ exit vmi$_success$!$ install_error: $ s = $status$ type sys$input:3 Error installing PWD for VMS V1.0 $ $status = s$ exit $status$!$! End of KITINSTAL.COM$!N$!*****************************************************************************[THR.NCOM_PWD]LIST.HLP;1+,W. /A 4C Z-0123KPWO56@H!K7@r89GAHJ1 LIST@ The LIST command outputs a listing file which gives information on the records specified. Format: LIST [/qualifiers] parameter 2 /REMOTEA Creates a listing file (PWD_REMOTE.LIS) to which remote database information is written. Format LIST/REMOTE [node-name] 3 Parameters node-name < specifies the name of the node to be listed from the remote; database. If you omit the node-name, you will be prompt 9 for one. The node-name is a string of 1 through 6 alpha ; characters. If an * is supplied in place of the node name . all nodes in the remote database are listed. 3 Examples ? The following examples illustrate the use of the LIST/REMOTE command. 1. PWDMGR> LIST/REMOTE * writing listing file, listing file PWD_REMOTE.LIS is complete: The command in this example creates a listing file of all nodes in the remote database. 2 /ADMINISTRATOR@ Creates a listing file (PWD_ADMIN.LIS) to which remote database information is written. Format LIST/ADMINISTRATOR [username] 3 Parameters username C specifies the username of the administrator to be listed from the @ administrator database. If you omit the username, you will be B prompted for one. The username is a string of 1 through 32 alpha : characters. If an * is supplied in place of the username > all administrators in the administrator database are listed. 3 Examples 4 The following examples illustrate the use of the $ LIST/ADMINISTRATOR command.! 1. PWDMGR> LIST/ADMINISTRATOR * writing listing file+ listing file PWD_ADMIN.LIS is complete: The command in this example creates a listing file of all. administrators in the administrator database. 2 /SECURITY< Creates a listing file (PWD_SECURITY.LIS) to which security information is written. Format:  LIST/SECURITY [node-name] 3 /USERNAME  /USERNAME=userid? Specifies a specific userid on a given node who will be listedA from the security database. The '*' wildcard can be used to list% all users within the range supplied. 3 Parameters node-name6 specifies the name of the node to be listed from the 8 security database. If you omit the node-name, you will ; be prompt for one. The node-name is a string of 1 through 9 6 alpha characters. If an * is supplied in place of the : node name all nodes in the security database are listed. 3 Examples A The following examples illustrate the use of the LIST/SECURITY command.! 1. PWDMGR> LIST/SECURITY CCPL01 writing listing file. listing file PWD_SECURITY.LIS is complete@ This command creates a listing file of the node named CCPL01.  2. PWDMGR> SHOW/SECURITY * writing listing file. listing file PWD_SECURITY.LIS is complete2 This command creates a listing file of all nodes.) 3. PWDMGR> SHOW/SECURITY/USERNAME=A2H * writing listing file. listing file PWD_SECURITY.LIS is complete7 This command creates a listing file of all references 7 to the userid A2H registered in the security database.!*[THR.NCOM_PWD]NCOM_PASSWORD.FOR;1+,Q.Z/A 4NZX~-0123KPWOY56@#7r89GAHJNc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^cc Author : T.Rushcc Date : 18-Aug-1992cc Procedure : NCOM_PASSWORD.FORcGc Function : This routine allows the operator to modify there password:c or have an administrator mofify it on thier behalf.Ac The UIC in below 500 can not be modified by this routine. c c Revised :cc Date Author ReasoncNc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^ program ncom_password implicit none include '($uaidef) /nolist' include '($lnmdef) /nolist' include '($clidef) /nolist' include '($ssdef) /nolist' include '($stsdef) /nolist' include '($jpidef) /nolist' include '($libdef) /nolist' include '($strdef) /nolist' include '($syidef) /nolist' include '($rmsdef) /nolist' include '($smgdef) /nolist' include '($trmdef) /nolist' include '($fordef) /nolist' include '($iodef) /nolist' include '($libclidef) /nolist' include '($syssrvnam) /nolist'! include '(lib$routines) /nolist'! include '(str$routines) /nolist'! include '(smg$routines) /nolist' include '($foriosdef) /nolist' include '($dvidef) /nolist', structure /itmlist/ ! For getuai itemlist union map integer*2 bufferlen integer*2 itemcode integer*4 bufferaddr integer*4 lengthaddr end map map integer*4 endlist end map end union end structure structure /record_list/* character*255 message ! Error message& character*12 username ! Username/ character*25 old_password ! Old Password. character*25 new_password ! New password2 character*6 local_nodename ! Local node name2 character*12 local_username ! Local username. integer*4 status ! System service error* integer*4 ierr ! Fortran file error. integer*4 username_len ! Username length3 integer*4 local_username_len ! Username length- integer*4 hash_pwd(2) ! Hashed password) integer*4 pwd(2) ! Hashed Password5 integer*2 object_option ! Object routine option% integer*2 salt ! Password salt integer*2 msglen6 logical*2 authorised ! Authorised on remote node6 logical*2 exist ! Account exists on remote node2 byte encrypt ! Password encryption code/ byte pwd_length ! Password length end structure record /itmlist/ trnlnm_list(4) record /itmlist/ setuai_list(3) record /itmlist/ getsyi_list(4) record /itmlist/ getjpi_list(2) record /itmlist/ getuai_list(6) record /itmlist/ getdvi_list(2) record /record_list/ net_record integer*4 net_record_size1 parameter (net_record_size = sizeof(net_record))cc Network record structurec# character*1 esc ! ACSII value 27* character*12 username ! Username string6 character*12 local_username ! Local Username string1 character*25 old_password ! Old password string1 character*25 new_password ! New password string= character*25 verify_password ! Verification password string) character*255 message ! Message string; character*80 node_string ! remote node file record string) character*6 nodename ! Node name string5 character*6 local_nodename ! Local node name string6 character*40 remote_task ! Remote task object string7 character*100 type_list ! List of operatoring systems( character*1 answer ! Yes or No answer0 character*6 node_net_link(50) ! Node name array4 character*6 new_node_net_link(50) ! Node name array5 character*6 node_list(50) ! Nodes from command line/ character*80 error_string ! MVS error string , character*64 host_name ! cluster host name" character*1 nl ! Null character integer*4 chan ! I/O channel" integer*4 sna_chan ! I/O channel integer*4 status ! Status integer*4 errstatus ! Status) integer*4 ierr ! File I/O error status* integer*4 error ! File I/O error status+ integer*4 return_status ! Returned status8 integer*4 return_ierr ! Returned File I/O error status% integer*4 pwd(2) ! Hashed password) integer*4 hash_pwd(2) ! Hashed password2 integer*4 new_hash_pwd(2) ! New hashed password 1 integer*4 new_password_len ! New password length1 integer*4 old_password_len ! Old password length7 integer*4 verify_password_len ! Verify password length+ integer*4 nodename_len ! Node name length6 integer*4 local_nodename_len ! Local node name length/ integer*4 username_len ! Username name length4 integer*4 local_username_len ! Username name length0 integer*4 priv(2) ! Authorised UAF priv`B~ PWD_SOURCE.BQ![THR.NCOM_PWD]NCOM_PASSWORD.FOR;1NZT ileges0 integer*4 def_priv(2) ! Default UAF privileges$ integer*4 msglen ! Message length integer*4 rmssts ! RMS status+ integer*4 rmsstv ! additional RMS status& integer*4 condval ! Condition value* integer*4 net_lun ! logical unit number4 integer*4 net_link(50) ! logical unit number array7 integer*4 new_net_link(50) ! logical unit number array- integer*4 sna_net_lun ! logical unit number1 integer*4 object_option ! Object routine option9 integer*4 access_result ! Result of remote access check integer*4 i ! loop counter integer*4 n ! loop counter' integer*4 iosb(1) ! I/O status block4 integer*4 control/1/ ! Network object continuation4 integer*4 ncom_ibm_password ! IBM password function integer*4 cli$present integer*4 cli$get_value integer*4 cli$_comma /261433/) integer*4 acl_check ! External function7 integer*4 cluster_fsysid ! system id of founding node6 integer*4 node_systemid ! system id of current node 4 integer*4 host_name_len ! cluster host name length integer*4 index integer*4 max_index" integer*2 node_len ! Node length* integer*2 str_node_list_len ! Node length' integer*2 task_len ! task file length1 integer*2 node_count ! Number of nodes to check5 integer*2 new_node_count ! Number of nodes to check integer*2 salt ! UAF salt3 integer*2 type_list_len ! ClI command list length1 integer*2 max_nodes ! Max nodes in command list5 integer*2 node_list_len ! CLI command list length  - byte pwd_length ! UAF m$ in. password length& byte encrypt ! UAF Encryption code data nl/0/c%c Variables for UIC (Member & Group)c" integer*4 uic ! UAF UIC integer( integer*2 uic_2(2) ! UAF UIC two bytes5 integer*2 uic_group,uic_member ! Group / member UIC1 equivalence (uic,uic_2(1)) ! First byte of UIC3 equivalence (uic_2(1),uic_member) ! Member UIC1 equivalence (uic_2(2),uic_group) ! Group UICc%c Modify local password or disable itc logical*2 local_pwdcc External routinesc external cli$_present external cli$_absent external cli$_negated  external cli$get_valuecc Operating system platforms c2 logical*2 VMS ! Select VMS operating system2 logical*2 MVS ! Select MVS operating system5 logical*2 ULTRIX ! Select ULTRIX operating system5 logical*2 NOVELL ! Select NOVELL operating system ( data esc/27/ ! ASCII escape sequencecc SMG display variablesc% integer*4 PBID ! SMG Pasteboard ID# integer*4 KBID ! SMG Keyboard ID! integer*4 DID ! SMG Display ID( integer*4 modifiers ! SMG string flags* integer*4 termcode ! SMG terminator code, integer*4 ctrlz/26/ ! SMG termination code- character*16 pwd_prompt ! SMG prompt stringc1c Declare all the platforms that will be checked.c VMS = .true. MVS = .false. ULTRIX = .false. NOVELL = .false.cc Modify local passwordc local_pwd = .true.c c Check command line string listc9 if (cli$present ('USERNAME').eq.%loc(cli$_present)) thencHc Get the username of the calling process so we can check the identifierc getjpi_list(1).bufferlen=12* getjpi_list(1).itemcode =jpi$_username2 getjpi_list(1).bufferaddr=%loc(local_username)6 getjpi_list(1).lengthaddr=%loc(local_username_len) getjpi_list(2).endlist=0* status = sys$getjpi(,,,getjpi_list,,,)0 if (.not.status) call lib$stop(%val(status))c4c Check if the process has the RACF_ADMIN identifierc> status = acl_check (local_username,local_username_len,uic)7 if (.not.status) call lib$stop(%val(status))cc NCOM_CODE_MODIFICATION c?c Check the UIC so the system accounts and etc are not modifiedc1c 320 = [500,*] The base of Everybodys elses UICsc  if (uic_group.lt.320) thencGc Okay, Okay, lets stike a deal I know you're outside of the UIC range,Gc but if you promise not to change your password on the local node I'll.c let you continue. So don't say I'm not fair.c Local_pwd = .false. endifc>c Get the username that will be modified from the command linec1 status = cli$get_value ('USERNAME',username,)7 if (.not.status) call lib$stop(%val(status))6 status = str$trim (username,username,username_len)7 if (.not.status) call lib$stop(%val(status)) elsecDc Get the username of the current process and check the old passowrdc getjpi_list(1).bufferlen=12* getjpi_list(1).itemcode =jpi$_username2 getjpi_list(1).bufferaddr=%loc(local_username)6 getjpi_list(1).lengthaddr=%loc(local_username_len) getjpi_list(2).endlist=0+ status = sys$getjpiw(,,,getjpi_list,,,)0 if (.not.status) call lib$stop(%val(status))c8c format the Item list to be used to check the password.c getuai_list(1).bufferlen=1, getuai_list(1).itemcode =uai$_pwd_length. getuai_list(1).bufferaddr=%loc(pwd_length) getuai_list(1).lengthaddr=0 getuai_list(2).bufferlen=1) getuai_list(2).itemcode =uai$_encrypt+ getuai_list(2).bufferaddr=%loc(encrypt) getuai_list(2).lengthaddr=0 getuai_list(3).bufferlen=2& getuai_list(3).itemcode =uai$_salt( getuai_list(3).bufferaddr=%loc(salt) getuai_list(3).lengthaddr=0 getuai_list(4).bufferlen=4*2% getuai_list(4).itemcode =uai$_pwd' getuai_list(4).bufferaddr=%loc(pwd) getuai_list(4).lengthaddr=0 getuai_list(5).bufferlen=4% getuai_list(5).itemcode =uai$_uic' getuai_list(5).bufferaddr=%loc(uic) getuai_list(5).lengthaddr=0 getuai_list(6).endlist=0? status = sys$getuai (,,local_username(:local_username_len), 1 getuai_list,,,)0 if (.not.status) call lib$stop(%val(status)) username = local_usernamecc NCOM_CODE_MODIFICATION c?c Check the UIC so the system accounts and etc are not modifiedc1c 320 = [500,*] The base of Everybodys elses UICsc if (uic_group.lt.320) then type *,C 1 '%PWD-F-NOMOD, this accounts password can not be modified'  call exit endif endifc7c Check the command line for the type of system if any.c status = cli$_comma5 if (cli$present ('TYPE').eq.%loc(cli$_present)) then" dowhile (status.eq.cli$_comma)> status = cli$get_value ('TYPE',type_list,type_list_len)/ if (type_list.eq.'NOVMS') vms = .false. , if (type_list.eq.'VMS') vms = .true. / if (type_list.eq.'NOMVS') mvs = .false. , if (type_list.eq.'MVS') mvs = .true. 5 if (type_list.eq.'NONOVELL') novell = .false. 2 if (type_list.eq.'NOVELL') novell = .true. 5 if (type_list.eq.'NOULTRIX') ultrix = .false. 2 if (type_list.eq.'ULTRIX') ultrix = .true. enddo endifc;c Find out the node name of the system you are logged onto.c+ getdvi_list(1).bufferlen=sizeof(host_name)( getdvi_list(1).itemcode =dvi$_host_name* getdvi_list(1).bufferaddr=%loc(host_name). getdvi_list(1).lengthaddr=%loc(host_name_len) getdvi_list(2).endlist=00 getsyi_list(1).bufferlen=sizeof(local_nodename)' getsyi_list(1).itemcode =syi$_nodename/ getsyi_list(1).bufferaddr=%loc(local_nodename)3 getsyi_list(1).lengthaddr=%loc(local_nodename_len) getsyi_list(2).bufferlen=4- getsyi_list(2).itemcode =syi$_cluster_fsysid/ getsyi_list(2).bufferaddr=%loc(cluster_fsysid) getsyi_list(3).bufferlen=4, getsyi_list(3).itemcode =syi$_node_systemid. getsyi_list(3).bufferaddr=%loc(node_systemid) getsyi_list(4).endlist=0, status = sys$getsyiw(,,,getsyi_list,iosb,,) if (status) status = iosb(1) if (.not.status) goto 899cBc If this is not the founding cluster node then find it and use itc* if (cluster_fsysid.ne.node_systemid) then@ status = sys$getdviw(,,'SYS$SYSDEVICE:',getdvi_list,iosb,,,) if (status) status = iosb(1) if (.not.status) goto 899( local_nodename(1:6) = host_name(1:6) endifcDc If the list of nodes on which passwords will be modified supplied Gc is on the command line then use it instead on the file PWD_REMOTE.DATc if (cli$present ('NODE_LIST') 1 .eq.%loc(cli$_present)) then status = cli$_comma i = 1" dowhile (status.eq.cli$_comma)+ status = cli$get_value ('NODE_LIST', 1 node_list(i),node_list_len)>c call str$trim(node_list(i),node_list(i),node_list_len)+ if (node_list(i)(:node_list_len).eq., 1 local_nodename(:local_nodename_len)) then type *,'%PWD-F-NOTREMOTE, ',' 1 local_nodename(:local_nodename_len),- 2 ' can not be used in the remote node list' call exit endif  max_nodes = i i = i + 1 enddo endifcJc If the command qualifier /NOLOCAL_PWD id present then do not modify the c local passwordc5 if (cli$present ('LOCAL_PWD').eq.%loc(cli$_negated)) 1 local_pwd=.false.cc Create an SMG pasteboardc> status = smg$create_pasteboard (PBID,,,,smg$m_keep_contents,) if (.not.status) goto 8992 status = smg$create_virtual_display (5,80,DID,,,) if (.not.status) goto 8996 modifiers = (trm$m_tm_noecho.or.trm$m_tm_norecall.or. 1 trm$m_tm_purge), status = smg$create_virtual_keyboard (KBID) if (.not.status) goto 8999 if (cli$present ('USERNAME').ne.%loc(cli$_present)) thenB status = smg$read_string (KBID,old_password,'Old Password: ', % 1 32,modifiers,,,old_password_len, 2 termcode,,,,,)$ if (termcode.eq.ctrlz) call exit if (.not.status) goto 8993 status = str$upcase (old_password,old_password) if (.not.status) goto 899 endif9 if (cli$present ('USERNAME').ne.%loc(cli$_present)) then' pwd_prompt = esc//'ENew Password: ' else! pwd_prompt = 'New Password: ' endif9 status = smg$read_string (KBID,new_password,pwd_prompt, % 1 32,modifiers,,,new_password_len, 2 termcode,,,,,)! if (termcode.eq.ctrlz) call exit if (.not.status) goto 8990 status = str$upcase (new_password,new_password) if (.not.status) goto 899c=c The password must be in uppercase and if the length is zero9c then the flag NOPASSWORD is set and we don't want that.c; call str$trim (new_password,new_password,new_password_len) if (local_pwd) then" if ((VMS).and.(.not.MVS)) then/ if (new_password_len.lt.pwd_length) then# if (pwd_length.gt.9) then, write (*,fmt='(A,A,I2.2,A,A)') ) 1 ' %SET-F-INVPWDLEN, password length',. 2 ' must be between ',pwd_length,' and 32 ',' 3 'characters; password not changed.' else+ write (*,fmt='(A,A,I1.1,A,A)')) 1 ' %SET-F-INVPWDLEN, password length',. 2 ' must be between ',pwd_length,' and 32 ',' 3 'characters; password not changed.' endif call exit endif endif endif if ((MVS).and.(.not.VMS)) then@ if ((new_password_len.gt.8).or.(new_password_len.lt.4)) then write (*,fmt='(A,A,A)')) 1 ' %SET-F-INVPWDLEN, password length', 2 ' must be between 4 and 8 ',' 3 'characters; password not changed.' call exit endif endifc=c Check the MVS password in conjunction with the VMS passwordc* if ((MVS).and.(VMS).and.(local_pwd)) then- if ((new_password_len.lt.pwd_length).or.( 1 new_password_len.gt.8)) then if (pwd_length.gt.8) then write (*,fmt='(A,A)')/ 1 ' %SET-F-INVPWDLEN, VMS and MVS password ',, 2 'length conflict; password not changed.'7 Type *,'%PWD-I-SYSMGR, Please contact your ', 1 'system manager' else( write (*,fmt='(A,A,I1.1,A,A)')) 1 ' %SET-F-INVPWDLEN, password length',- 2 ' must be between ',pwd_length,' and 8 ',~' 3 'characters; password not changed.'h endif call exit endif endif'200 pwd_prompt = esc//'EVerification: ' < status = smg$read_string (KBID,verify_password,pwd_prompt, ( 1 32,modifiers,,,verify_password_len, 2 termcode,,,,,)T! if (termcode.eq.ctrlz) call exitf if (.not.status) goto 8996 status = str$upcase (verify_password,verify_password) if (.not.status) goto 899* if (new_password.ne.verify_password) thenB type *,'%SET-I-PWDNOTVER, new password verification error;'// 1 ' please try again' goto 200u endifc Dc If the operation is to be preformed on a non VMS system then don't(c worry about checking the VMS password.cd9 if (cli$present ('USERNAME').ne.%loc(cli$_present)) thenf if (vms) then'" status = sys$hash_password(, 1 %descr(old_password(:old_password_len)), 2 %val(encrypt), 3 %val(salt),'0 4 %descr(local_username(:local_username_len)), 5 %ref(hash_pwd))v if (.not.status) goto 899C if ((hash_pwd(1).ne.pwd(1)).or.(hash_pwd(2).ne.pwd(2))) thenuE Type *,'%SET-F-PWDNOTVAL, old password validation error; ',  1 'password not changed' call exitt endif" status = sys$hash_password(, 1 %descr(new_password(:new_password_len)), 2 %val(encrypt), 3 %val(salt),m0 4 %descr(local_username(:local_username_len)), 5 %ref(new_hash_pwd))c if (.not.status) goto 899+ if ((new_hash_pwd(1).eq.pwd(1)).and. $ 1 (new_hash_pwd(2).eq.pwd(2))) thenE Type *,'%SET-F-PWDNOTDIF, new password must be different ',  1 'from current password'c call exitn endif endif2 endifca#c IF VMS then preform the followingscu if (vms) thencec Initilise array counter co node_count = 0ceNc If we are modifing the local node then modify the array by adding the local c node.c  if (local_pwd) then max_nodes = max_nodes + 1, node_list(max_nodes) = local_nodename endifecu+c Make a connection to all the remote nodesd,c Open the file NCOM_PWD$DAT:PWD_REMOTE.DAT ct= if (cli$present ('NODE_LIST').ne.%loc(cli$_present)) thenc6 Open(unit=5,name='ncom_pwd$dat:pwd_remote.dat',* 1 status='old', ! is an OLD file) 2 shared, ! shared access: 3 organization='indexed', ! Indexed and will7 4 recordtype='variable', ! search via thei0 5 access='sequential', ! first key6 6 key=(1:6:character), ! the user's name 7 form='formatted',4 8 readonly,p2 9 err=250,iostat=ierr) ! Exit on error cr?c If the remote node database has not been populated then exit.cca-250 if (ierr.eq.for$ios_filnotfou) then1" type *,'PWD-F-FILNOTFOU, file ',+ 1 'NCOM_PWD$DAT:PWD_REMOTE.DAT not found's< type *,'PWD-I-MSG, define remote nodes within the',) 1 ' PWDMGR utility or use the command 'c; type *,'PWD-I-MSG, line qualifier /NODENAME to declare ',r 1 'a list of remote nodes.'  call exit elseif (ierr.ne.0) then goto 898 endifccKc Read the first record in the file NCOM_PWD$DAT:PWD_REMOTE.DAT if the flagsMc NOLOCAL_PWD has been set otherwise use the local or Master VAXcluster node.  if (local_pwd) then# nodename = local_nodenamed else)' read (unit=5,err=898,fmt=840,_ 1 iostat=ierr,end=690) 2 nodename(1:6)n endif (endifc cnFc Read through the file NCOM_PWD$DAT:PWD_REMOTE.DAT and open a link toc the remote nodescaCc~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^nc *** Things to do ***@c The Object should be rewritten to be a non-transparent object.Cc~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^e n = 1  dowhile (status)crGc If the command line node list exist then use it and not the data file c PWD_REMOTE.DATct$ if (cli$present ('NODE_LIST') 1 .eq.%loc(cli$_present)) then& if (n.gt.max_nodes) goto 690 ! nodename = node_list(n)r n = n + 1 endif9 status = str$trim(nodename,nodename,nodename_len)v if (.not.status) goto 899- remote_task=nodename(1:nodename_len)//l 1 '""::"0=NCOM_PWD"'< status = str$trim(remote_task,remote_task,task_len) if (.not.status) goto 899; status = sys$assign (%descr(remote_task(:task_len)),  1 %ref(chan),,,)# if (status) status = iosb(1)l if (.not.status) then( call sys$getmsg (%val(status), 1 %ref(msglen),r 2 %descr(message),,)1 type *,message(1:msglen),' - ',nodenamet type 855n accept 856, answer6 if ((answer(1:1).ne.'Y').and.(answer(1:1).ne.'y'))  1 call exit 0 status = ss$_normal elseg node_count = node_count + 1% net_link(node_count) = chanb. node_net_link(node_count) = nodename endif ecc1c Read the next node from the node database file.rcn$ if (cli$present ('NODE_LIST') 1 .ne.%loc(cli$_present)) then*670 read (unit=5,err=898,fmt=840, 1 iostat=ierr,end=690) 2 nodename(1:6)i endif enddo crc Close the node database file._cm$690 if (cli$present ('NODE_LIST') 1 .eq.%loc(cli$_present)) then) close (unit=5,err=898,iostat=ierr)g endifdcy,c write the object option code to the objectcn& status = str$trim (local_username,% 1 local_username,local_username_len)g6 status = str$trim (username,username,username_len)7 if (.not.status) call lib$stop(%val(status))/ net_record.local_username = local_username5 net_record.local_username_len= local_username_len/ net_record.local_nodename = local_nodenamei! net_record.object_option = 1' net_record.username = usernamea, net_record.username_len = username_len& net_record.exist = .true.& net_record.authorised = .true.ct3c Load the new I/O channel array with network linksrcl new_node_count = node_count  do i=1,node_countU# new_net_link(i) = net_link(i)F- new_node_net_link(i) = node_net_link(i)r enddomcec Write to all network linksc1 do i=1,node_count, status = sys$qiow (,%val(net_link(i))5 1 ,%val(io$_writevblk),%ref(iosb),,,%ref(net_record)I 2 ,%val(net_record_size),,,,)# if (status) status = iosb(1)c if (.not.status.) then( call sys$getmsg (%val(status), 1 %ref(msglen),a 2 %descr(message),,)9 type *,message(1:msglen),' - ',node_net_link(i)g type 855  accept 856, answer6 if ((answer(1:1).ne.'Y').and.(answer(1:1).ne.'y'))  1 then" do n=1,new_node_count: status = sys$dassgn (%val(new_net_link(n)))3 if (.not.status) status = ss$_normal enddo call exit elser3 status = sys$dassgn (%val(net_link(i)))M0 if (.not.status) status = ss$_normal if (i.lt.node_count) theng do n=i,node_count-1+ new_net_link(n) = net_link(n+1) 5 new_node_net_link(n) = node_net_link(n+1)r enddo endif 0 new_node_count = new_node_count - 1 endif endif = enddoUcI<c Reload I/O channel array with currently open network linksc node_count = new_node_count do i=1,node_countn# net_link(i) = new_net_link(i)N- node_net_link(i) = new_node_net_link(i) enddoechNc Read the return error status if any and discontinue with a node that returns c an error. cj new_node_count = node_count  do i=1,node_count, status = sys$qiow (,%val(net_link(i))4 1 ,%val(io$_readvblk),%ref(iosb),,,%ref(net_record) 2 ,%val(net_record_size),,,,)# if (status) status = iosb(1)s if (.not.status) then( call sys$getmsg (%val(status), 1 %ref(msglen), 2 .1 %descr(message),,)9 type *,message(1:msglen),' - ',node_net_link(i)t type 855s accept 856, answer6 if ((answer(1:1).ne.'Y').and.(answer(1:1).ne.'y'))  1 then" do n=1,new_node_count: status = sys$dassgn (%val(new_net_link(n)))3 if (.not.status) status = ss$_normali enddo call exitf elser4 status = sys$dassgn (%val(net_link(i)))1 if (.not.status) status = ss$_normald if (i.lt.node_count) thena do n=i,node_count-1+ new_net_link(n) = net_link(n+1)o5 new_node_net_link(n) = node_net_link(n+1)v enddo endif0 new_node_count = new_node_count - 1 goto 691 endif endif' if (.not.net_record.status) thent' if (.not.net_record.authorised) thenc=c You are not authorised to modify the password on this node. csDc Write a bit of crap to the network object cos otherwise you get a c SS$_LINKABORT error message.c(2 status = sys$qiow (,%val(net_link(i)) 1 ,%val(io$_writevblk)" 2 ,%ref(iosb),,,%ref(net_record) 3 ,%val(net_record_size),,,,)w( if (status) status = iosb(1)" if (.not.status) then. call sys$getmsg (%val(status), 1 %ref(msglen),i 2 %descr(message),,). type *,message(1:msglen),' - ' 1 ,node_net_link(i) type 855u" accept 856, answer< if ((answer(1:1).ne.'Y').and.(answer(1:1).ne.'y'))  1 then( do n=1,new_node_count@ status = sys$dassgn (%val(new_net_link(n)))9 if (.not.status) status = ss$_normald enddo call exit elses6 new_node_count = new_node_count - 1 endif endifC type *,net_record.message(1:net_record.msglen),n! 1 ' on node ',node_net_link(i)i type 855 accept 856, answer 9 if ((answer(1:1).ne.'Y').and.(answer(1:1).ne.'y')) 0 1 then% do n=1,new_node_countn6 status = sys$dassgn (%val(new_net_link(n)))/ if (.not.status) status = ss$_normall enddo  call exit endif- elseif (.not.net_record.exist) thenc<c Account on which password is to be modified doesn't exist.cfDc Write a bit of crap to the network object cos otherwise you get a c SS$_LINKABORT error message.cd2 status = sys$qiow (,%val(net_link(i)) 1 ,%val(io$_writevblk)" 2 ,%ref(iosb),,,%ref(net_record) 3 ,%val(net_record_size),,,,)i( if (status) status = iosb(1)" if (.not.status) then. call sys$getmsg (%val(status), 1 %ref(msglen),  2 %descr(message),,). type *,message(1:msglen),' - ' 1 ,node_net_link(i) type 855)" accept 856, answer< if ((answer(1:1).ne.'Y').and.(answer(1:1).ne.'y'))  1 then( do n=1,new_node_count@ status = sys$dassgn (%val(new_net_link(n)))9 if (.not.status) status = ss$_normal  enddo call exita elsem6 new_node_count = new_node_count - 1 endif endifC type *,net_record.message(1:net_record.msglen),t! 1 ' on node ',node_net_link(i)m else tcnc System service errorc.Dc Write a bit of crap to the network object cos otherwise you get a c SS$_LINKABORT error message.co2 status = sys$qiow (,%val(net_link(i)) 1 ,%val(io$_writevblk)" 2 ,%ref(iosb),,,%ref(net_record) 3 ,%val(net_record_size),,,,)i( if (status) status = iosb(1)" if (.not.status) then. call sys$getmsg (%val(status), 1 %ref(msglen),r 2 %descr(message),,). type *,message(1:msglen),' - ' 1 ,node_net_link(i) type 855 " accept 856, answer< if ((answer(1:1).ne.'Y').and.(answer(1:1).ne.'y'))  1 then( do n=1,new_node_count@ status = sys$dassgn (%val(new_net_link(n)))9 if (.not.status) status = ss$_normalu enddo call exitn elsef6 new_node_count = new_node_count - 1 endif endifC type *,net_record.message(1:net_record.msglen),c! 1 ' on node ',node_net_link(i)l type 855 accept 856, answeri9 if ((answer(1:1).ne.'Y').and.(answer(1:1).ne.'y'))  1 then% do n=1,new_node_countl6 status = sys$dassgn (%val(new_net_link(n)))/ if (.not.status) status = ss$_normall enddon call exit endif endif0 status = sys$dassgn (%val(net_link(i)))- if (.not.status) status = ss$_normald if (i.lt.node_count) then do n=i,node_count-1' new_net_link(n) = net_link(n+1)1 new_node_net_link(n) = node_net_link(n+1)e enddo endif- new_node_count = new_node_count - 1( elsec_Bc Convert the new password into a hashed password using the remote!c nodes salt and encryption code.rcP5 status = sys$hash_password(%descr(new_password 1 (:new_password_len)),d! 2 %val(net_record.encrypt),t 3 %val(net_record.salt),( 4 %descr(username(:username_len))," 5 %ref(net_record.hash_pwd)) if (.not.status) goto 899c.Dc Check that the password length is long enough for the remote node.ct / if (new_password_len.lt.pwd_length) thenr# if (pwd_length.gt.9) thenr0 write (*,fmt='(A,A,I2.2,A,A,A,A)') ) 1 ' %SET-F-INVPWDLEN, password length',n. 2 ' must be between ',pwd_length,' and 32 ',' 3 'characters; password not changed',t 4 ' on node ',node_net_link(i) else/ write (*,fmt='(A,A,I1.1,A,A,A,A)')_) 1 ' %SET-F-INVPWDLEN, password length', . 2 ' must be between ',pwd_length,' and 32 ',' 3 'characters; password not changed',p 4 ' on node ',node_net_link(i) endif do n=1,new_node_countd7 status = sys$dassgn (%val(new_net_link(n)))a0 if (.not.status) status = ss$_normal enddo  call exita endifce=c Check the MVS password in conjunction with the VMS password c if ((MVS).and.(VMS)) then3 if ((new_password_len.lt.pwd_length).or.(n% 1 new_password_len.gt.8)) thenS& if (pwd_length.gt.8) then) write (*,fmt='(A,A,A,A)') 2 1 ' %SET-F-INVPWDLEN, VMS and MVS password ',/ 2 'length conflict; password not changed',s# 3 ' on node ',node_net_link(i) = Type *,'%PWD-I-SYSMGR, Please contact your ',. 1 'system manager'  else=2 write (*,fmt='(A,A,I1.1,A,A,A,A)'), 1 ' %SET-F-INVPWDLEN, password length',0 2 ' must be between ',pwd_length,' and 8 ',* 3 'characters; password not changed',# 4 ' on node ',node_net_link(i)  endif" do n=1,new_node_count4 status = sys$dassgn (%val(new_net_link(n)))- if (.not.status) status = ss$_normald enddo call exit endif; endifce@c Check that the existing password on the remote node is not the"c same as the one about to be set.csB if (cli$present ('USERNAME').ne.%loc(cli$_present)) then8 if ((net_record.hash_pwd(1).eq.pwd(1)).and., 1 (net_record.hash_pwd(2).eq.pwd(2))) then, Type *,'%SET-F-PWDNOTDIF,', & 1 'new password must be different ',* 2 'from current password; password not',( 3 ' changed on node ',node_net_link(i)% do n=1,new_node_counte6 status = sys$dassgn (%val(new_net_link(n)))/ if (.not.status) status = ss$_normal  enddoh call exit; endifh endif cf/c Write the hashed password to the remote node. c_, status = sys$qiow (,%val(net_link(i))5 1 ,%val(io$_writevblk),%ref(iosb),,,%ref(net_record)3 2 ,%val(net_record_size),,,,)# if (status) status = iosb(1)d if (.not.status) then( call sys$getmsg (%val(status), 1 %ref(msglen),y 2 %descr(message),,)9 type *,message(1:msglen),' - ',node_net_link(i) type 855- accept 856, answer6 if ((answer(1:1).ne.'Y').and.(answer(1:1).ne.'y'))  1 then" do n=1,new_node_count: status = sys$dassgn (%val(new_net_link(n)))3 if (.not.status) status = ss$_normalN enddo call exitf elsef4 status = sys$dassgn (%val(net_link(i)))1 if (.not.status) status = ss$_normale if (i.lt.node_count) thens do n=i,node_count-1+ new_net_link(n) = net_link(n+1).5 new_node_net_link(n) = node_net_link(n+1)1 enddo endif)0 new_node_count = new_node_count - 1 endif endif endif 691 enddo endif node_count = new_node_count do i=1,node_count net_link(i) = new_net_link(i)* node_net_link(i) = new_node_net_link(i) enddo lcm?c Now that all nodes have been check and there passwords hashedh!c set the passwords on all nodes. co if (MVS) thenc_@c Because the DECnet/SNA programming interface is only on node XFc then we'll have to call it from that node. The remote object on node0c X includes the DECnet/SNA interface into TSO. c< type *,'%PWD-I-MVS, attempting to modify IBM mainframe', 1 ' password, please wait...' trnlnm_list(1).bufferlen =4) trnlnm_list(1).itemcode =lnm$_indexo* trnlnm_list(1).bufferaddr =%loc(index) trnlnm_list(1).lengthaddr =0 trnlnm_list(2).bufferlen =6* trnlnm_list(2).itemcode =lnm$_string- trnlnm_list(2).bufferaddr =%loc(nodename)e1 trnlnm_list(2).lengthaddr =%loc(nodename_len)d trnlnm_list(3).bufferlen =4- trnlnm_list(3).itemcode =lnm$_max_indexL. trnlnm_list(3).bufferaddr =%loc(max_index) trnlnm_list(3).lengthaddr =0 trnlnm_list(4).endlist =0/ status = sys$trnlnm(%ref(lnm$m_case_blind),h5 2 %descr('LNM$NCOM_TABLE'), 9 2 %descr('NCOM_PWD$IBM_NODE'),,s. 2 %ref(trnlnm_list)) if (.not.status) goto 899k* remote_task=nodename(1:nodename_len)// 1 '""::"0=NCOM_PWD"'9 status = str$trim(remote_task,remote_task,task_len)n if (.not.status) goto 899t8 status = sys$assign (%descr(remote_task(:task_len)), 1 %ref(sna_chan),,,) if (status) status = iosb(1) if (.not.status) thenO% call sys$getmsg (%val(status),  1 %ref(msglen),  2 %descr(message),,). type *,message(1:msglen),' - ',nodename type 855S accept 856, answer : if ((answer(1:1).ne.'Y').and.(answer(1:1).ne.'y'))  1 call exit i goto 800 endifc 2c Tell the object which option you're going to usecD net_record.object_option = 2- net_record.username = username(1:12)c0 net_record.old_password = old_password(1:8)0 net_record.new_password = new_password(1:8)/ net_record.local_username = local_username85 net_record.local_username_len= local_username_len / net_record~ PWD_SOURCE.BQ![THR.NCOM_PWD]NCOM_PASSWORD.FOR;1NZH.local_nodename = local_nodenamet& status = sys$qiow (,%val(sna_chan)8 1 ,%val(io$_writevblk),%ref(iosb),,,%ref(net_record)! 2 ,%val(net_record_size),,,,)^ if (status) status = iosb(1) if (.not.status) thenr( call sys$getmsg (%val(status), 1 %ref(msglen),~ 2 %descr(message),,)1 type *,message(1:msglen),' - ',nodename type 855e accept 856, answer6 if ((answer(1:1).ne.'Y').and.(answer(1:1).ne.'y'))  1 call exit goto 800 endif.cc*c How did the MVS password thingy do then?cd& status = sys$qiow (,%val(sna_chan)7 1 ,%val(io$_readvblk),%ref(iosb),,,%ref(net_record)t! 2 ,%val(net_record_size),,,,)e if (status) status = iosb(1) if (.not.status) then_( call sys$getmsg (%val(status), 1 %ref(msglen),  2 %descr(message),,)1 type *,message(1:msglen),' - ',nodenameo type 855  accept 856, answer6 if ((answer(1:1).ne.'Y').and.(answer(1:1).ne.'y'))  1 call exit goto 800 endift$ if (.not.net_record.status) then8 type *,net_record.message(1:net_record.msglen) type 855 accept 856, answer" if ((answer(1:1).ne.'Y') 1 .and.(answer(1:1).ne.'y')) r 1 call exitn else> type *,'%PWD-S-MVS, Password modified on IBM system' endif_& status = sys$qiow (,%val(sna_chan)8 1 ,%val(io$_writevblk),%ref(iosb),,,%ref(net_record)! 2 ,%val(net_record_size),,,,) if (status) status = iosb(1)( status = sys$dassgn (%val(sna_chan))( if (.not.status) status = ss$_normal endif800 if (VMS) thenicr+c Modify the passwords on all VAX/VMS nodes ce" net_record.status = ss$_normal if (node_count.ge.1) thenb do i=1,node_count / status = sys$qiow (,%val(net_link(i))n8 1 ,%val(io$_writevblk),%ref(iosb),,,%ref(net_record)! 2 ,%val(net_record_size),,,,)b& if (status) status = iosb(1) if (.not.status) then,+ call sys$getmsg (%val(status),  1 %ref(msglen),m 2 %descr(message),,)< type *,message(1:msglen),' - ',node_net_link(i) type 855 accept 856, answere9 if ((answer(1:1).ne.'Y').and.(answer(1:1).ne.'y')) e 1 thend% do n=1,new_node_countd= status = sys$dassgn (%val(new_net_link(n)))6 if (.not.status) status = ss$_normal enddo  call exit else7 status = sys$dassgn (%val(net_link(i)))w4 if (.not.status) status = ss$_normal" if (i.lt.node_count) then do n=i,node_count-1 . new_net_link(n) = net_link(n+1)8 new_node_net_link(n) = node_net_link(n+1) enddo  endif3 new_node_count = new_node_count - 1i endife endif enddo" node_count = new_node_count do i=1,node_count' net_link(i) = new_net_link(i)g1 node_net_link(i) = new_node_net_link(i) enddo do i=1,node_countm/ status = sys$qiow (,%val(net_link(i))57 1 ,%val(io$_readvblk),%ref(iosb),,,%ref(net_record)'! 2 ,%val(net_record_size),,,,) $ if (status) status=iosb(1) if (.not.status) thena+ call sys$getmsg (%val(status),i 1 %ref(msglen),s 2 %descr(message),,): type *,message(1:msglen),'-',node_net_link(i) type 855 accept 856, answers9 if ((answer(1:1).ne.'Y').and.(answer(1:1).ne.'y')) 1 theno% do n=1,new_node_count = status = sys$dassgn (%val(new_net_link(n)))i6 if (.not.status) status = ss$_normal enddoo call exit else7 status = sys$dassgn (%val(net_link(i))) 4 if (.not.status) status = ss$_normal" if (i.lt.node_count) then do n=i,node_count-1k. new_net_link(n) = net_link(n+1)8 new_node_net_link(n) = node_net_link(n+1) enddo  endif3 new_node_count = new_node_count - 1d endif  endifu9 type *,net_record.message(1:net_record.msglen),i! 1 ' on node ',node_net_link(i)r enddocrDc Write a bit of crap to the network object cos otherwise you get a c SS$_LINKABORT error message.cs do i=1,node_count/ status = sys$qiow (,%val(net_link(i)) 8 1 ,%val(io$_writevblk),%ref(iosb),,,%ref(net_record)! 2 ,%val(net_record_size),,,,)r$ if (status) status=iosb(1) if (.not.status) then 4 status = sys$dassgn (%val(net_link(i)))1 if (.not.status) status = ss$_normal  if (i.lt.node_count) thena do n=i,node_count-1+ new_net_link(n) = net_link(n+1)a5 new_node_net_link(n) = node_net_link(n+1)  enddo endif 0 R new_node_count = new_node_count - 1 endif enddo" node_count = new_node_count do i=1,node_count' net_link(i) = new_net_link(i) 1 node_net_link(i) = new_node_net_link(i) enddo else= type *,'PWD-I-PASSWORD, no VAX/VMS passwords modified'  call exit endiftc>c Be a good boy and release the I/O channel that are stil openc  do i=1,node_counta. status = sys$dassgn (%val(net_link(i)))+ if (.not.status) status = ss$_normal enddou endif call exit840 format (A6)(9855 format (' Do you wish to continue? Yes or No [N] '$) (856 format (A)cwc Display File I/O errorstcs#898 call errsns (,rmssts,,,condval)s? call sys$getmsg (%val(condval),%ref(msglen),%descr(message),,) - msglen = str$find_first_in_set (message,'!')  type *,message(1:msglen-1)1 g call exitc c Display system errors ctE899 status = sys$getmsg (%val(status),%ref(msglen),%descr(message),,)e type *,message(1:msglen)y999 continue ! Clean exit end Mc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~(;c This subroutine is called from the main program to check a9c that a user has been granted a RACF_ADMIN identifier . ecsMc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~  integer*4 function acl_check & 1 (net_username,net_username_len,uic) implicit none include '($ssdef) /nolist'  include '($uaidef) /nolUist' include '($smgdef) /nolist' include '($rmsdef) /nolist' include '($jpidef) /nolist'! include '(lib$routines) /nolist'd include '($syssrvnam) /nolist'$, structure /itmlist/ ! For getuai itemlist unions map integer*2 bufferlen  integer*2 itemcode integer*4 bufferaddr integer*4 lengthaddr end map map integer*4 endlist end map end union  end structure record /itmlist/ getuai_list(2) character net_username*32 integer*4 net_username_len  integer*4 uic integer*4 status  integer*4 mem_uic integer*4 group_uic integer*4 zero/0/ integer*4 idr integer*4 int_id% integer*4 holder(2) integer*4 contxttc Ac Extract out of the UAF the imformation about the enquired user. ca getuai_list(1).bufferlen =4# getuai_list(1).itemcode =uai$_uics$ getuai_list(1).bufferaddr=%loc(uic) getuai_list(1).lengthaddr=0 getuai_list(2).endlist =0< acl_check = sys$getuai (,,net_username(1:net_username_len), 1 getuai_list,,,) if (.not.acl_check) return = acl_check = sys$asctoid (%descr('RACF_ADMIN'),%ref(int_id),)  if (.not.acl_check) returnvcw5c Check to see if user has the RACF_ADMIN identifier.tcs holder(1) = uic holder(2) = zero contxt = 0l% do while (acl_check.ne.ss$_nosuchid) B acl_check = sys$find_held (%ref(holder),%ref(id),,%ref(contxt)) if (id.eq.int_id) goto 100 G if ((.not.acl_check).and.(acl_check.ne.ss$_nosuchid)) return k enddo acl_check = SS$_noprivt call sys$finish_rdb (contxt)i returno 100 continue $ acl_check = sys$finish_rdb (contxt) return  end2 status = sys$qiow (,%val(net_link(i)) 1 ,%val(io$_writevblk)" 2 ,%ref(iosb),,,%ref(net_record) 3 ,%val(net_record_size),,,,)i( if (status) status = iosb(1)" if (.not.status) then. call sys$getmsg (%val(status), 1 %ref(msglen),r 2 %descr(message),,). type *,message(1:msglen),' - ' 1 (*[THR.NCOM_PWD]NCOM_REMOTE_PASSWORD.FOR;1+,).N/A 4NNMz-0123KPWON56>7. s89GAHJ Nc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^cc Author : T.Rushcc Date : 30-May-1992c&c Procedure : ncom_remote_Password.forcGc Function : This network object routine allows an operator on another3c node to modify a given user password.cDc Things-to-do : This should be re-written using a non-transparent c objectc c Revised :cc Date User ReasoncBc 02-Jan-1992 THR Rewrite routine to cope with salt and encryption5c codes which hash the password on another system.cNc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^ program ncom_remote_password implicit none include '($ssdef) /nolist' include '($jpidef) /nolist' include '($libdef) /nolist' include '($strdef) /nolist' include '($libclidef) /nolist' include '($syssrvnam) /nolist'! include '(lib$routines) /nolist'! include '(str$routines) /nolist' include '($fordef) /nolist' include '($foriosdef) /nolist'Dc include '(pcbdef.for) /nolist' !Cos its DEC software and I cann't : include '($iodef) /nolist' !find the source on the system+ !without spending a whole lot of time, structure /itmlist/ ! For getjpi itemlist union map integer*2 bufferlen integer*2 itemcode integer*4 bufferaddr integer*4 lengthaddr end map map integer*4 endlist end map end union end structure structure /record_list/* character*255 message ! Error message& character*12 username ! Username character*25 old_password  character*25 new_password2 character*6 local_nodename ! Local node name2 character*12 local_username ! Local username. integer*4 status ! System service error* integer*4 ierr ! Fortran file error. integer*4 username_len ! Username length3 integer*4 local_username_len ! Username length- integer*4 hash_pwd(2) ! Hashed password) integer*4 pwd(2) ! Hashed Password5 integer*2 object_option ! Object routine option% integer*2 salt ! Password salt integer*2 msglen6 logical*2 authorised ! Authorised on remote node6 logical*2 exist ! Account exists on remote node2 byte encrypt ! Password encryption code/ byte pwd_length ! Password length end structure record /record_list/ net_record! record /itmlist/ getjpi_list(3)/ parameter net_record_size = sizeof(net_record)  common /net_rec/ net_record, common /unit/ lun ! program wide variable) character*255 message ! Message string7 character*40 filename ! Originator Node & username4 character*12 net_username ! Access username string4 character*6 net_nodename ! Access Node Name string" character*12 username ! Username" integer*4 status ! Error status) integer*4 ierr ! File I/O error status< integer*4 net_username_len ! Network username string length< integer*4 net_nodename_len ! Network nodename string length* integer*4 username_len ! Username length+ integer*4 msglen ! message string length! integer*4 sts ! Process status1 integer*4 object_option ! Object option routine& integer*4 lun ! Logical Unit Number+ integer*4 error ! File I/O error status ) integer*4 rmssts ! RSM Condition value* integer*4 condval ! RSM Condition value+ integer*4 vms_password ! External routine+ integer*4 ibm_password ! External routine integer*4 iosb(1) " integer*2 pcb$v_netwrk/21/ ierr = 0 error = 0 status = ss$_normalc@c Get the username of the current process and check that this isc a network connectionc getjpi_list(1).bufferlen=12' getjpi_list(1).itemcode =jpi$_username) getjpi_list(1).bufferaddr=%loc(username)- getjpi_list(1).lengthaddr=%loc(username_len) getjpi_list(2).bufferlen=4" getjpi_list(2).itemcode =jpi$_sts$ getjpi_list(2).bufferaddr=%loc(sts) getjpi_list(3).endlist=0' status = sys$getjpi(,,,getjpi_list,,,) if (.not.status) then3 status = sys$getmsg (%val(status),%ref(msglen), 1 %descr(message),,) type *,message(1:msglen) call exit endif& if ((.not.(bjtest(sts,pcb$v_netwrk)))* 1 .or.(username(1:8).ne.'NCOM_PWD')) then status = ss$_nopriv3 status = sys$getmsg (%val(status),%ref(msglen), 1 %descr(message),,) type *,message(1:msglen) call exit endif username = ' ' username_len = 0 message = ' ' msglen = 0cc Open network I/O connectionc( status = sys$assign (%descr('sys$net'), 1 %ref(lun),,,) if (.not.status) thenD call sys$getmsg (%val(status),%ref(msglen),%descr(message),,) type *,message(1:msglen) call exit endifcIc Network I/O read. Get the option to be used. This is used to call other/c routines in other objects on different nodes.c status = sys$qiow (,%val(lun)7 1 ,%val(io$_readvblk),%ref(iosb),,,%ref(net_record)! 2 ,%val(net_record_size),,,,) if (status) status = iosb(1) if (.not.status) thenD call sys$getmsg (%val(status),%ref(msglen),%descr(message),,) type *,message(1:msglen) call exit endif) net_nodename = net_record.local_nodename) net_username = net_record.local_username> status = str$trim(net_username,net_username,net_username_len) if (.not.status) goto 999> status = str$trim(net_nodename,net_nodename,net_nodename_len) if (.not.status) goto 999- type *,'%PWD-I-NODE, the calling node was '," 1 net_nodename(:net_nodename_len)0 type *,'%PWD-I-USER, the calling account was '," 1 net_username(:net_username_len)@ type *,'%PWD-I-MODPASS, password will be modified on account ',0 1 net_record.username(:net_record.username_len)( if (net_record.object_option.eq.1) then : type *,'%PWD-I-VMSPASS, invoking VMS password section'8 status = VMS_PASSWORD(net_nodename,net_nodename_len,$ 1 net_username,net_username_len) if (.not.status) goto 999 , elseif (net_record.object_option.eq.2) thencEcThe below error occurs when there is no6 SNA programming image loadedc4c %DCL-W-ACTIMAGE, error activating image SNA3270SHDc -CLI-E-IMAGEFNF, image file not found $1$DKA100:[SYS0.SYSCOMMON.]c [SYSLIB]SNA3270SH.EXE;c!c status = IBM_PASSWORD(error)c6c write (unit=lun,iostat=ierr,err=899) status,error@ Type *,'%PWD-F-OPTION, there is no SNA programming interface' else 3 Type *,'%PWD-F-OPTION, unknown option requested' endif net_record.status = ss$_normal- net_record.message = '%PWD-S-SUCCESSFUL, '// 1 'password has been modified' net_record.msglen = 45cc Write network recordc status = sys$qiow (,%val(lun)8 1 ,%val(io$_writevblk),%ref(iosb),,,%ref(net_record)! 2 ,%val(net_record_size),,,,) if (status) status = iosb(1) if (.not.status) thenA call sys$getmsg (%val(status),%ref(msglen),%descr(message),,) type *,message(1:msglen) call exit endif status = sys$qiow (,%val(lun)7 1 ,%val(io$_readvblk),%ref(iosb),,,%ref(net_record)! 2 ,%val(net_record_size),,,,) if (status) status = iosb(1) if (.not.status) thenD call sys$getmsg (%val(status),%ref(msglen),%descr(message),,) type *,message(1:msglen) call exit endifcc Deassign network linkc status = sys$dassgn (%val(lun)) if (.not.status) thenA call sys$getmsg (%val(status),%ref(msglen),%descr(message),,) type *,message(1:msglen) call exit endif call exitcc Error routinecA999 call sys$getmsg (%val(status),%ref(msglen),%descr(message),,) type *,message(1:msglen) ) net_record.message = message(1:msglen-1) net_record.msglen = msglen-1 net_record.status = status status = sys$qiow (,%val(lun)8 1 ,%val(io$_writevblk),%ref(iosb),,,%ref(net_record)! 2 ,%val(net_record_size),,,,) if (status) status = iosb(1) if (.not.status) thenA call sys$getmsg (%val(status),%ref(msglen),%descr(message),,) type *,message(1:msglen) call exit endif status = sys$qiow (,%val(lun)7 1 ,%val(io$_readvblk),%ref(iosb),,,%ref(net_record)! 2 ,%val(net_record_size),,,,) if (status) status = iosb(1) if (.not.status) thenD call sys$getmsg (%val(status),%ref(msglen),%descr(message),,) type *,message(1:msglen) call exit endif status = sys$dassgn (%val(lun)) if (.not.status) thenA call sys$getmsg (%val(status),%ref(msglen),%descr(message),,) type *,message(1:msglen) call exit endif end Nc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^cccNc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^@ integer*4 function vms_password (net_nodename,net_nodename_len,$ 1 net_username,net_username_len) implicit none include '($uaidef) /nolist' include '($ssdef) /nolist' include '($jpidef) /nolist' include '($libdef) /nolist' include '($strdef) /nolist' include '($libclidef) /nolist' include '($syssrvnam) /nolist' include '($rmsdef) /nolist'! include '(lib$routines) /nolist'! include '(str$routines) /nolist' include '($foriosdef) /nolist' include '($iodef) /nolist', structure /itmlist/ ! For getuai itemlist union map integer*2 bufferlen integer*2 itemcode integer*4 bufferaddr integer*4 lengthaddr end map map integer*4 endlist end map end union end structure structure /record_list/* character*255 message ! Error message& character*12 username ! Username character*25 old_password  character*25 new_password2 character*6 local_nodename ! Local node name2 character*12 local_username ! Local username. integer*4 status ! System service error* integer*4 ierr ! Fortran file error. integer*4 username_len ! Username length3 integer*4 local_username_len ! Username length- integer*4 hash_pwd(2) ! Hashed password) integer*4 pwd(2) ! Hashed Password5 integer*2 object_option ! Object routine option% integer*2 salt ! Password salt integer*2 msglen6 logical*2 authorised ! Authorised on remote node6 logical*2 exist ! Account exists on remote node2 byte encrypt ! Password encryption code/ byte pwd_length ! Password length end structure record /record_list/ net_record record /itmlist/ setuai_list(3) record /itmlist/ getuai_list(8)" record /itmlist/ checkuai_list(4)! record /itmlist/ getjpi_list(3)/ parameter net_record_size = sizeof(net_record) common /net_rec/ net_record, common /unit/ lun ! program wide variable* character*12 username ! Username string) character*25 password ! Password string) character*255 message ! Message string7 character*40 filename ! Originator Node & username4 character*32 acc_username ! Access username string4 character*6 acc_nodename ! Access Node Name string4 character*12 net_username ! Access username string4 character*6 net_nodename ! Access Node Name string9 character*3 admin_status ! Audit Administrator (Yes/No)0 character*30 Event_string ! Audit event string" integer*4 status ! Error status$ integer*4 errstatus ! Error status) integer*4 ierr ! File I/O erroe status* integer*4 error ! File I/O erroe status/ integer*4 return_status ! Return error status1 integer*4 password_len ! password string length1 integer*4 username_len ! username string length; integer*4 acc_username_len ! Access username string length< integer*4 net_username_len ! Network username string length; integer*4 acc_nodename_len ! Access nodename string length< integer*4 net_nodename_len ! Network nodename string length+ integer*4 msglen ! message string length integer*4 sts ! 0 integer*4 priv(2) ! UAF Authorised privileges0 integer*4 def_priv(2) ! UAF Default priviliges% integer*4 pwd(2) ! Hasded Password) integer*4 hash_pwd(2) ! Hashed Password- integer*4 control ! Control point valiable1 integer*4 object_option ! Object option routine2 integer*4 access_result ! Result of access check% integer*4 acl_check ! Function call( integer*4 operator_log ! Function call) integer*4 rmssts ! RSM Condition value* integer*4 condval ! RSM Condition value! integer*2 salt ! UAF salt seed& integer*4 lun ! Logical Unit Number integer*4 iosb(1) 1 logical*2 node_access ! Node access (Yes or No)4 logical*2 admin_access ! administrator (Yes or No)c%c Variables for UIC (Member & Group)c" integer*4 uic ! UAF UIC integer( integer*2 uic_2(2) ! UAF UIC two bytes5 integer*2 uic_group,uic_member ! Group / member UIC1 equivalence (uic,uic_2(1)) ! First byte of UIC3 equivalence (uic_2(1),uic_member) ! Member UIC1 equivalence (uic_2(2),uic_group) ! Group UIC 6 byte dialup_p(3) /0,0,0/ ! UAF primary dialup access8 byte dialup_s(3) /0,0,0/ ! UAF secondary dialup access- byte pwd_length ! UAF min. password length& byte encrypt ! UAF encryption code ierr = 0 error = 0 status = ss$_normal errstatus = ss$_normal vms_password = ss$_normal message = ' ' msglen = 0 node_access = .false. access_result = 0 c&c Get the username and username lengthc # username = net_record.username' username_len = net_record.username_len. vms_password = str$upcase (username,username) if (.not.vms_password) goto 999cGc Check to see if this userid exists on this node if not why waste timeFc continuing. Check the UIC and privs as these should be restricted at%c some level (to be worked out later)c checkuai_list(1).bufferlen =4% checkuai_list(1).itemcode =uai$_uic& checkuai_list(1).bufferaddr=%loc(uic) checkuai_list(1).lengthaddr=0 checkuai_list(2).bufferlen =4*2* checkuai_list(2).itemcode =uai$_def_priv+ checkuai_list(2).bufferaddr=%loc(def_priv) checkuai_list(2).lengthaddr=0 checkuai_list(3).bufferlen =4*2& checkuai_list(3).itemcode =uai$_priv' checkuai_list(3).bufferaddr=%loc(priv) checkuai_list(3).lengthaddr=0 checkuai_list(4).endlist =0c1c Check that the person envoking the link exists.c net_record.exist = .true. net_record.authorised = .true.> vms_password = sys$getuai (,,net_username(:net_username_len), 1 checkuai_list,,,) if (.not.vms_password) then* call sys$getmsg (%val(vms_password)# 1 ,%ref(msglen),%descr(message),,) type *,message(1:msglen)7 net_record.message = '%PWD-W-NOACCOUNT, account '//5 1 net_username(:net_username_len)//' does not exist'A vms_password = str$trim(net_record.message,net_record.message 1 ,net_record.msglen)! if (.not.vms_password) return% type *,'%PWD-W-NOUSER, account ',4 1 net_username(:net_username_len),' does not exist'# if (username(:username_len).ne.( 1 net_username(:net_username_len)) then& net_record.authorised = .false. else! net_record.exist = .false. endif' vms_password = sys$qiow (,%val(lun)8 1 ,%val(io$_writevblk),%ref(iosb),,,%ref(net_record)! 2 ,%val(net_record_size),,,,), if (vms_password) vms_password = iosb(1) if (.not.vms_password) thenF call sys$getmsg (%val(status),%ref(msglen),%descr(message),,)! type *,message(1:msglen) endif' vms_password = sys$qiow (,%val(lun)7 1 ,%val(io$_readvblk),%ref(iosb),,,%ref(net_record)! 2 ,%val(net_record_size),,,,), if (vms_password) vms_password = iosb(1) if (.not.vms_password) then* call sys$getmsg (%val(vms_password)$ 1 ,%ref(msglen),%descr(message),,) type *,message(1:msglen) call exit endif ) vms_password = sys$dassgn (%val(lun)) if (.not.vms_password) then, call sys$getmsg (%val(vms_password)$ 1 ,%ref(msglen),%descr(message),,)! type *,message(1:msglen) endif call exit  endifc?c Check the UIC so the system accounts and etc are not modifiedc1c 320 = [500,*] The base of Everybodys elses UICscc NCOM_CODE_MODIFICATIONc if (uic_group.lt.320) then# net_record.authorised = .false.~1 net_record.message = '%PWD-W-UIC, account '//$ 1 net_username(:net_username_len)//) 2 ' is outside the authorised UIC range'tA vms_password = str$trim(net_record.message,net_record.messagea 1 ,net_record.msglen) ! if (.not.vms_password) returnu" type *,'%PWD-W-UIC, account '," 1 net_username(:net_username_len)* 1 ,' is outside the authorised UIC range'' vms_password = sys$qiow (,%val(lun)18 1 ,%val(io$_writevblk),%ref(iosb),,,%ref(net_record)! 2 ,%val(net_record_size),,,,)o, if (vms_password) vms_password = iosb(1) if (.not.vms_password) then~F call sys$getmsg (%val(status),%ref(msglen),%descr(message),,)! type *,message(1:msglen)i endifp' vms_password = sys$qiow (,%val(lun)'7 1 ,%val(io$_readvblk),%ref(iosb),,,%ref(net_record)o! 2 ,%val(net_record_size),,,,)i, if (vms_password) vms_password = iosb(1) if (.not.vms_password) thenc* call sys$getmsg (%val(vms_password)$ 1 ,%ref(msglen),%descr(message),,) type *,message(1:msglen)a call exit endife /) vms_password = sys$dassgn (%val(lun))  if (.not.vms_password) thent, call sys$getmsg (%val(vms_password)$ 1 ,%ref(msglen),%descr(message),,)! type *,message(1:msglen) endifu r call exit* e endifceIc Check that the account the adminstrator is attempting to change exists.uc if (username(:username_len).ne.( 1 net_username(:net_username_len)) then9 vms_password = sys$getuai (,,username(:username_len),o 1 checkuai_list,,,)_ if (.not.vms_password) thend( type *,'%PWD-W-NOUSER, account ',, 1 username(:username_len),' does not exist': net_record.message = '%PWD-W-NOACCOUNT, account '//- 1 username(:username_len)//' does not exist'!D vms_password = str$trim(net_record.message,net_record.message 1 ,net_record.msglen))& if (.not.vms_password) goto 999! net_record.exist = .false.** vms_password = sys$qiow (,%val(lun)8 1 ,%val(io$_writevblk),%ref(iosb),,,%ref(net_record)! 2 ,%val(net_record_size),,,,)t/ if (vms_password) vms_password = iosb(1)A" if (.not.vms_password) then9 call sys$getmsg (%val(vms_password),%ref(msglen)  1 ,%descr(message),,)d! type *,message(1:msglen) endif* vms_password = sys$qiow (,%val(lun)7 1 ,%val(io$_readvblk),%ref(iosb),,,%ref(net_record)! 2 ,%val(net_record_size),,,,)m/ if (vms_password) vms_password = iosb(1)t" if (.not.vms_password) then: call sys$getmsg (%val(vms_password),%ref(msglen) 1 ,%descr(message),,) " type *,message(1:msglen) call exitc endif, vms_password = sys$dassgn (%val(lun))" if (.not.vms_password) then, call sys$getmsg (%val(vms_password)$ 1 ,%ref(msglen),%descr(message),,)! type *,message(1:msglen)d endif r call exit endifg endifce?c Check the UIC so the system accounts and etc are not modifiedci1c 320 = [500,*] The base of Everybodys elses UICs_cic NCOM_CODE_MODIFICATIONc if (uic_group.lt.320) theni# net_record.authorised = .false. 1 net_record.message = '%PWD-W-UIC, account '//  1 username(:username_len)//) 2 ' is outside the authorised UIC range'rA vms_password = str$trim(net_record.message,net_record.message 1 ,net_record.msglen) ! if (.not.vms_password) returni" type *,'%PWD-W-UIC, account ', 1 ( username(:username_len)* 1 ,' is outside the authorised UIC range'' vms_password = sys$qiow (,%val(lun)8 1 ,%val(io$_writevblk),%ref(iosb),,,%ref(net_record)! 2 ,%val(net_record_size),,,,)u, if (vms_password) vms_password = iosb(1) if (.not.vms_password) then_F call sys$getmsg (%val(status),%ref(msglen),%descr(message),,)! type *,message(1:msglen)s endift' vms_password = sys$qiow (,%val(lun),7 1 ,%val(io$_readvblk),%ref(iosb),,,%ref(net_record)(! 2 ,%val(net_record_size),,,,)e, if (vms_password) vms_password = iosb(1) if (.not.vms_password) thenj* call sys$getmsg (%val(vms_password)$ 1 ,%ref(msglen),%descr(message),,) type *,message(1:msglen)t call exit endif) ) vms_password = sys$dassgn (%val(lun))1 if (.not.vms_password) then, call sys$getmsg (%val(vms_password)$ 1 ,%ref(msglen),%descr(message),,)! type *,message(1:msglen)u endifi ( call exit' endifcfJc Open and read through the security database and see if the calling node c has access on this node.c)7 Type *,'%PWD-I-CHKACCESS, checking remote node access'n3 Open(unit=11,name='ncom_pwd$dat:pwd_security.dat',e* 1 status='old', ! is an OLD file) 2 shared, ! shared accesss: 3 organization='indexed', ! Indexed and will7 4 recordtype='variable', ! search via the,, 5 access='keyed', ! first key6 6 key=(1:6:character), ! the user's name 7 form='formatted',s2 8 err=400,iostat=ierr) ! Exit on error. read (unit=11,keyge=net_nodename(:6),err=300,, 1 iostat=ierr,fmt='(A6,A32)') acc_nodename, 2 acc_username2 vms_password = str$trim(acc_username,acc_username 1 ,acc_username_len)t$ if (.not.vms_password) return2 vms_password = str$trim(acc_nodename,acc_nodename 1 ,acc_nodename_len) $ if (.not.vms_password) returnc:c Check to see if the node exists in the security databaseca4 type *,'%PWD-I-SEARCH, Access database node name ',+ 1 acc_nodename(:acc_nodename_len),'::',o% 2 acc_username(:acc_username_len)r2 if ((net_nodename(1:6).eq.acc_nodename(1:6)).and. 1 (acc_username_len.eq.0).or.( 2 (net_username(1:net_username_len).eq.; 3 acc_username(1:acc_username_len))) node_access = .true.n ec<c Node exists and user ID exists then check for net_usernamec9 do while (.not.node_access)7 type *,'%PWD-I-SEARCH, Access database node name ',e+ 1 pl~ PWD_SOURCE.B)([THR.NCOM_PWD]NCOM_REMOTE_PASSWORD.FOR;1NN|2-acc_nodename(:acc_nodename_len),'::', % 2 acc_username(:acc_username_len)e. read (unit=11,end=300,err=300,iostat=ierr,$ 1 fmt='(A6,A32)') acc_nodename, 2 acc_username5 vms_password = str$trim(acc_username,acc_username( 1 ,acc_username_len)r! if (.not.vms_password) returnW5 vms_password = str$trim(acc_nodename,acc_nodenames 1 ,acc_nodename_len)-! if (.not.vms_password) return- if ((net_username(1:net_username_len).eq.n- 1 acc_username(1:acc_username_len)).and.1+ 2 (acc_nodename(:acc_nodename_len).eq.s= 3 net_nodename(:net_nodename_len))) node_access = .true.i enddo 300 continue close (unit=11) if (.not.node_access) then *400 if (ierr.eq.for$ios_filnotfou) then1 net_record.message = '%PWD-F-FILNOTFOU,'//s$ 1 ' file PWD_SECURITY.DAT on found' elseif ((ierr.eq.-1).or.) 1 (ierr.eq.for$ios_attaccnon)) then 0 net_record.message = '%PWD-W-NOACCESS,'//! 1 ' you have no security access' else + call errsns (,rmssts,,,vms_password)s, call sys$getmsg (%val(vms_password)$ 1 ,%ref(msglen),%descr(message),,)! type *,message(1:msglen)e1 net_record.message = '%PWD-F-FILACCESS,'//1 1 ' error while accessing file PWD_SECURITY.DAT'n endif# net_record.authorised = .false.g/ vms_password = str$trim(net_record.message, 1 net_record.message,g 2 net_record.msglen)# if (.not.vms_password) goto 999n 1 type *,net_record.message(:net_record.msglen)%' vms_password = sys$qiow (,%val(lun)n8 1 ,%val(io$_writevblk),%ref(iosb),,,%ref(net_record)! 2 ,%val(net_record_size),,,,)r& if (vms_password) status = iosb(1) if (.not.vms_password) thenv, call sys$getmsg (%val(vms_password)$ 1 ,%ref(msglen),%descr(message),,)! type *,message(1:msglen)s endif ' vms_password = sys$qiow (,%val(lun)%4 1 ,%val(io$_readvblk),%ref(iosb),,,%ref(net_record) 2 ,%val(net_record_size),,,,), if (vms_password) vms_password = iosb(1) if (.not.vms_password) then27 call sys$getmsg (%val(vms_password),%ref(msglen)s 1 ,%descr(message),,)s type *,message(1:msglen)m call exit endif, s) vms_password = sys$dassgn (%val(lun))l if (.not.vms_password) then, call sys$getmsg (%val(vms_password)$ 1 ,%ref(msglen),%descr(message),,)! type *,message(1:msglen)s endif  y call exitm endifLc Previously I had the userid in a database that was checked but I felt thisIc maybe a security hole as the user could modify a password on behalf of ~Mc another user without the need for an account on the local node. This could aJc have been seen as a feature but I don't want to get my fingers burnt if Ic something goes wrong. Soooo Every adminstrator modifying a password on iIc behalf of another user MUST have an account on every node they wish to '1c access and be granted the identifier RACF_ADMINc if (username(:username_len).ne.( 1 net_username(:net_username_len)) then2 type *,'%PWD-I-ADMINCHECK, checking if user ', 1 'is an administrator'/ i< vms_password = acl_check (net_username,net_username_len) if (.not.vms_password) then ' type *,'%PWD-E-ADMINISTRATOR, ',t& 1 net_username(:net_username_len), 2 ' is not an administrator'cnGc Network I/O write. Pass the result of the FAILED administrator check /5c to calling node and then exit the remote connectionec & net_record.authorised = .false.6 net_record.message = '%PWD-E-ADMINISTRATOR, '//' 1 net_username(:net_username_len)//! 2 ' is not an administrator'2 vms_password = str$trim(net_record.message, 1 net_record.message,r 2 net_record.msglen)& if (.not.vms_password) goto 999* vms_password = sys$qiow (,%val(lun)8 1 ,%val(io$_writevblk),%ref(iosb),,,%ref(net_record)! 2 ,%val(net_record_size),,,,)n/ if (vms_password) vms_password = iosb(1)*" if (.not.vms_password) then, call sys$getmsg (%val(vms_password)$ 1 ,%ref(msglen),%descr(message),,)! type *,message(1:msglen)t endif a* vms_password = sys$qiow (,%val(lun)7 1 ,%val(io$_readvblk),%ref(iosb),,,%ref(net_record) ! 2 ,%val(net_record_size),,,,)d/ if (vms_password) vms_password = iosb(1)e" if (.not.vms_password) then; call sys$getmsg (%val(vms_password),%ref(msglen)h 1 ,%descr(message),,)/# type *,message(1:msglen)r call exit endif, vms_password = sys$dassgn (%val(lun))" if (.not.vms_password) then, call sys$getmsg (%val(vms_password)$ 1 ,%ref(msglen),%descr(message),,)! type *,message(1:msglen)e endif t call exit endif  admin_access = .true.3$ type *,'%PWD-I-ADMINISTRATOR, ',< 1 net_username(:net_username_len),' is an administrator'" net_record.status = ss$_normal else type *,'%PWD-I-PASSWORD, ', > 1 net_username(:net_username_len),' is modifing his/her ', 2 'own password.'r" net_record.status = ss$_normal endifcs1c Get all the UAF information needed to continue.oct getuai_list(1).bufferlen =1* getuai_list(1).itemcode =uai$_pwd_length+ getuai_list(1).bufferaddr=%loc(pwd_length)  getuai_list(1).lengthaddr=0 getuai_list(2).bufferlen =1' getuai_list(2).itemcode =uai$_encryptu( getuai_list(2).bufferaddr=%loc(encrypt) getuai_list(2).lengthaddr=0 getuai_list(3).bufferlen =2$ getuai_list(3).itemcode =uai$_salt% getuai_list(3).bufferaddr=%loc(salt)c getuai_list(3).lengthaddr=0 getuai_list(4).bufferlen =4*2# getuai_list(4).itemcode =uai$_pwdr$ getuai_list(4).bufferaddr=%loc(pwd) getuai_list(4).lengthaddr=0 getuai_list(5).bufferlen =4# getuai_list(5).itemcode =uai$_uic $ getuai_list(5).bufferaddr=%loc(uic) getuai_list(5).lengthaddr=0 getuai_list(6).bufferlen =4*2( getuai_list(6).itemcode =uai$_def_priv) getuai_list(6).bufferaddr=%loc(def_priv)b getuai_list(6).lengthaddr=0 getuai_list(7).bufferlen =4*2$ getuai_list(7).itemcode =uai$_priv% getuai_list(7).bufferaddr=%loc(priv)! getuai_list(7).lengthaddr=0 getuai_list(8).endlist =06 vms_password = sys$getuai (,,username(:username_len), 1 getuai_list,,,) if (.not.vms_password) goto 999crLc Write the salt, encryption code and hashed password to the calling programcg net_record.salt = salt# net_record.encrypt = encryptU" net_record.pwd(1) = pwd(1)" net_record.pwd(2) = pwd(2)& net_record.pwd_length = pwd_length$ vms_password = sys$qiow (,%val(lun)8 1 ,%val(io$_writevblk),%ref(iosb),,,%ref(net_record)! 2 ,%val(net_record_size),,,,)m) if (vms_password) vms_password = iosb(1)_ if (.not.vms_password) then' call sys$getmsg (%val(vms_password)a$ 1 ,%ref(msglen),%descr(message),,) type *,message(1:msglen) e) vms_password = sys$dassgn (%val(lun))l if (.not.vms_password) theny, call sys$getmsg (%val(vms_password)$ 1 ,%ref(msglen),%descr(message),,)! type *,message(1:msglen)s endifm a call exitg endifcd=c Read the hashed password sent from the calling program and aIc then check if we are to continue on or not due to error within calling.n c program.ce$ vms_password = sys$qiow (,%val(lun)7 1 ,%val(io$_readvblk),%ref(iosb),,,%ref(net_record)o! 2 ,%val(net_record_size),,,,)u) if (vms_password) vms_password = iosb(1)m if (.not.vms_password) then' call sys$getmsg (%val(vms_password) # 1 ,%ref(msglen),%descr(message),,)t type *,message(1:msglen)) vms_password = sys$dassgn (%val(lun))i if (.not.vms_password) thenr, call sys$getmsg (%val(vms_password)$ 1 ,%ref(msglen),%descr(message),,)! type *,message(1:msglen)v endif_ t call exit% endif% hash_pwd(1) = net_record.hash_pwd(1)c% hash_pwd(2) = net_record.hash_pwd(2)aci7c Wait until all nodes and IBM system have been checked%c($ vms_password = sys$qiow (,%val(lun)7 1 ,%val(io$_readvblk),%ref(iosb),,,%ref(net_record)p! 2 ,%val(net_record_size),,,,)) if (vms_password) vms_password = iosb(1)h if (.not.vms_password) then' call sys$getmsg (%val(vms_password)r$ 1 ,%ref(msglen),%descr(message),,) type *,message(1:msglen)) vms_password = sys$dassgn (%val(lun))) if (.not.vms_password) then,, call sys$getmsg (%val(vms_password)$ 1 ,%ref(msglen),%descr(message),,)! type *,message(1:msglen)u endif) call exit endifca'c Write the list for the UAF to action.rcr setuai_list(1).bufferlen=8l" setuai_list(1).itemcode =uai$_pwd) setuai_list(1).bufferaddr=%loc(hash_pwd)' setuai_list(1).lengthaddr=0 setuai_list(2).endlist=0c c Change the accounts password.cn7 vms_password = sys$setuai (,,username(1:username_len),h 1 setuai_list,,,)8 if (vms_password.eq.rms$_rnf) vms_password = ss$_normal if (.not.vms_password) goto 999cDc We've got this far so lets say they attemped to change a password.>c So we'll write it to the OPERATOR.LOG for use with auditing.csB type *,'%PWD-I-PASSWORD, password modification on user account ', 1 username(1:username_len)m/ event_string = 'Network password Modification'  admin_status = 'Yes'o, if (.not.admin_access) admin_status = 'No '4 vms_password = operator_log (event_string,username,+ 1 admin_status,net_username,net_nodename)m if (.not.vms_password) goto 999 returnr(899 call errsns (,rmssts,,,vms_password) w 999 return end ,Mc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~iCc This subroutine is called from the VMS_PASSWORD routine to check s9c that a user has been granted a RACF_ADMIN identifier . rcMc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~n> integer*4 function acl_check (net_username,net_username_len) implicit none include '($ssdef) /nolist'  include '($uaidef) /nolist' include '($smgdef) /nolist' include '($rmsdef) /nolist' include '($jpidef) /nolist'! include '(lib$routines) /nolist'  include '($syssrvnam) /nolist'C, structure /itmlist/ ! For getuai itemlist union' map integer*2 bufferlenr integer*2 itemcode integer*4 bufferaddr integer*4 lengthaddr end map map integer*4 endlist( end map end unionu end structure record /itmlist/ getuai_list(2) character net_username*12 integer*4 net_username_len  integer*4 uic integer*4 status  integer*4 mem_uic integer*4 group_uic integer*4 zero/0/ integer*4 idd integer*4 int_idf integer*4 holder(2) integer*4 contxtfctAc Extract out of the UAF the imformation about the enquired user.scn getuai_list(1).bufferlen =4# getuai_list(1).itemcode =uai$_uic$ getuai_list(1).bufferaddr=%loc(uic) getuai_list(1).lengthaddr=0 getuai_list(2).endlist =0< acl_check = sys$getuai (,,net_username(1:net_username_len), 1 getuai_list,,,) if (.not.acl_check) returnt= acl_check = sys$asctoid (%descr('RACF_ADMIN'),%ref(int_id),)n if (.not.acl_check) returntc,5c Check to see if user has the RACF_ADMIN identifier. cm holder(1) = uic holder(2) = zero contxt = 0v% do while (acl_check.ne.ss$_nosuchid)eB acl_check = sys$find_held (%ref(holder),%ref(id),,%ref(contxt)) if (id.eq.int_id) goto 100 G if ((.not.acl_check).and.(acl_check.ne.ss$_nosuchid)) return e enddo acl_check = SS$_nopriv  call sys$finish_rdb (contxt)e returnn 100 continue ($ acl_check = sys$finish_rdb (contxt) return  end eNc~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^cecc Nc~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^< integer*4 function operator_log (event_string,mod_username,* 1 admin_status,remote_username,nodename) implicit none include '($ssdef) /nolist'r include '($libdef) /nolist' include '($syssrvnam) /nolist'i! include '(lib$routines) /nolist' ! include '(str$routines) /nolist' include '($strdef) /nolist' include '($opcdef) /nolist' include '($jpidef) /nolist' r% character*1 ms_type /opc$_rq_rqst/, character*3 ms_target /'010'/ character*4 ms_rqstid /'0000'/ character*275 opr_message c character*283 oper_messagew character*1 lf  character*1 tbs character*1 cr  character*8 chr_pid character*23 timbuf character*30 event_string w character*12 username character*80 imagei character*32 imagename character*12 remote_username, character*3 admin_sFtatusr character*12 mod_username character*6 nodenames integer*4 status  integer*4 sts integer*4 pid integer*4 username_lene integer*4 image_len integer*4 event_string_len) integer*4 nodename_len  integer*4 mod_username_lenw integer*4 remote_username_len data tb,lf,cr/9,10,13/d, structure /itmlist/ ! For getjpi itemlist union  map integer*2 bufferlen) integer*2 itemcode integer*4 bufferaddr integer*4 lengthaddr end map map integer*4 endlist end map end uniono end structure! record /itmlist/ getjpi_list(5)hce;c Get the username and other details of the current processc  getjpi_list(1).bufferlen=12' getjpi_list(1).itemcode =jpi$_username_) getjpi_list(1).bufferaddr=%loc(username)- getjpi_list(1).lengthaddr=%loc(username_len)h getjpi_list(2).bufferlen=4 " getjpi_list(2).itemcode =jpi$_sts$ getjpi_list(2).bufferaddr=%loc(sts) getjpi_list(3).bufferlen=80' getjpi_list(3).itemcode =jpi$_imagnameD& getjpi_list(3).bufferaddr=%loc(image)* getjpi_list(3).lengthaddr=%loc(image_len) getjpi_list(4).bufferlen=4s" getjpi_list(4).itemcode =jpi$_pid$ getjpi_list(4).bufferaddr=%loc(pid) getjpi_list(5).endlist=0- operator_log = sys$getjpi(,,,getjpi_list,,,)d if (.not.operator_log) return9 operator_log = str$trim (username,username,username_len)l if (.not.operator_log) return t: operator_log = str$trim (remote_username,remote_username, 1 remote_username_len)  if (.not.operator_log) return %4 operator_log I= str$trim (mod_username,mod_username, 1 mod_username_len) if (.not.operator_log) return n9 operator_log = str$trim (nodename,nodename,nodename_len)w if (.not.operator_log) returncec Get the timec,% operator_log = sys$asctim(,timbuf,,)  if (.not.operator_log) return scg-c Build a message to send to the operator logec opr_message = e. 1'Auditable event:'//tb//event_string//cr//lf) 2//'Event time:'//tb//tb//timbuf//cr//lfs, 3//'PID:'//tb//tb//tb//chr_pid(pid)//cr//lf8 4//'Username:'//tb//tb//username(:username_len)//cr//lf3 5//'Image Name:'//tb//tb//imagename(image)//cr//lf.; 6//'Remote Node:'//tb//tb//nodename(:nodename_len)//cr//lfsA 7//'Remote Username:'//tb//remote_username(:remote_username_len) 8//cr//lf2 9//'Administrator:'//tb//tb//admin_status//cr//lf= 1//'Modified Username:'//tb//mod_username(:mod_username_len)e; oper_message = ms_type//ms_target//ms_rqstid//opr_message cc Send message to Operator Logcf t2 operator_log = sys$sndopr (%descr(oper_message),) if (.not.operator_log) return ' operator_log = ss$_normal returnE end rNc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^Ac Function : Convert the Hex integer PID to a character stringucnNc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^" character*8 function chr_pid(pid) implicit none integer*4 pid write (chr_pid,fmt=800) pid800 format (Z8.8)c return  end eNc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^Hc Function : Extract only the image name from the file spec of Imagnamec:Nc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^+ character*32 function imagename (imagname)t implicit none include '($libdef) /list'e include '($ssdef) /list' include '(str$routines) /list's include '(lib$routines) /list'  character*80 imagname s integer*4 period integer*4 bracketa integer*4 statuso integer*4 imagname_len bracket =1_ do while (bracket.ne.0) bracket=index(imagname,']')5 status = str$right (imagname,imagname,bracket+1) enddo c period = index(imagname,'.')-1.c status = str$left(imagename,imagname,period)3 status = str$trim(imagename,imagname,imagname_len)m) if (len(imagename).eq.0) imagename = ' 'm return_ end_len)-! if (.not.vms_password) return- if ((net_username(1:net_username_len).eq.n- 1 acc_username(1:acc_username_len,*[THR.NCOM_PWD]NCOM_REMOTE_PASSWORD_SNA.FOR;1+,X .c/A 4Ncb-0123KPWOc56>!L7$s89GAHJ6Nc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^cc Author : T.Rushcc Date : 30-May-1992c&c Procedure : ncom_remote_Password.forcGc Function : This network object routine allows an operator on another3c node to modify a given user password.cDc Things-to-do : This should be re-written using a non-transparent c objectc c Revised :cc Date User ReasoncBc 02-Jan-1992 THR Rewrite routine to cope with salt and encryption5c codes which hash the password on another system.cNc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^ program ncom_remote_password implicit none include '($ssdef) /nolist' include '($jpidef) /nolist' include '($libdef) /nolist' include '($strdef) /nolist' include '($libclidef) /nolist' include '($syssrvnam) /nolist'! include '(lib$routines) /nolist'! include '(str$routines) /nolist' include '($fordef) /nolist' include '($foriosdef) /nolist' include '($iodef) /nolist', structure /itmlist/ ! For getjpi itemlist union map integer*2 bufferlen integer*2 itemcode integer*4 bufferaddr integer*4 lengthaddr end map map integer*4 endlist end map end union end structure structure /record_list/* character*255 message ! Error message& character*12 username ! Username character*25 old_password  character*25 new_password2 character*6 local_nodename ! Local node name2 character*12 local_username ! Local username. integer*4 status ! System service error* integer*4 ierr ! Fortran file error. integer*4 username_len ! Username length3 integer*4 local_username_len ! Username length- integer*4 hash_pwd(2) ! Hashed password) integer*4 pwd(2) ! Hashed Password5 integer*2 object_option ! Object routine option% integer*2 salt ! Password salt integer*2 msglen6 logical*2 authorised ! Authorised on remote node6 logical*2 exist ! Account exists on remote node2 byte encrypt ! Password encryption code/ byte pwd_length ! Password length end structure record /record_list/ net_record! record /itmlist/ getjpi_list(3)/ parameter net_record_size = sizeof(net_record)  common /net_rec/ net_record, common /unit/ lun ! program wide variable) character*255 message ! Message string7 character*40 filename ! Originator Node & username4 character*12 net_username ! Access username string4 character*6 net_nodename ! Access Node Name string" character*12 username ! Username" integer*4 status ! Error status) integer*4 ierr ! File I/O error status< integer*4 net_username_len ! Network username string length< integer*4 net_nodename_len ! Network nodename string length* integer*4 username_len ! Username length+ integer*4 msglen ! message string length! integer*4 sts ! Process status1 integer*4 object_option ! Object option routine& integer*4 lun ! Logical Unit Number+ integer*4 error ! File I/O error status ) integer*4 rmssts ! RSM Condition value* integer*4 condval ! RSM Condition value+ integer*4 vms_password ! External routine+ integer*4 ibm_password ! External routine integer*4 iosb(1)  integer*4 pcb$v_netwrk/21/ ierr = 0 error = 0 status = ss$_normalc@c Get the username of the current process and check that this isc a network connectionc getjpi_list(1).bufferlen=12' getjpi_list(1).itemcode =jpi$_username) getjpi_list(1).bufferaddr=%loc(username)- getjpi_list(1).lengthaddr=%loc(username_len) getjpi_list(2).bufferlen=4" getjpi_list(2).itemcode =jpi$_sts$ getjpi_list(2).bufferaddr=%loc(sts) getjpi_list(3).endlist=0' status = sys$getjpi(,,,getjpi_list,,,) if (.not.status) then3 status = sys$getmsg (%val(status),%ref(msglen), 1 %descr(message),,) type *,message(1:msglen) call exit endif& if ((.not.(bjtest(sts,pcb$v_netwrk)))* 1 .or.(username(1:8).ne.'NCOM_PWD')) then status = ss$_nopriv3 status = sys$getmsg (%val(status),%ref(msglen), 1 %descr(message),,) type *,message(1:msglen) call exit endif username = ' ' username_len = 0 message = ' ' msglen = 0cc Open network I/O connectionc( status = sys$assign (%descr('sys$net'), 1 %ref(lun),,,) if (.not.status) thenD call sys$getmsg (%val(status),%ref(msglen),%descr(message),,) type *,message(1:msglen) call exit endifcIc Network I/O read. Get the option to be used. This is used to call other/c routines in other objects on different nodes.c status = sys$qiow (,%val(lun)7 1 ,%val(io$_readvblk),%ref(iosb),,,%ref(net_record)! 2 ,%val(net_record_size),,,,) if (status) status = iosb(1) if (.not.status) thenD call sys$getmsg (%val(status),%ref(msglen),%descr(message),,) type *,message(1:msglen) call exit endif) net_nodename = net_record.local_nodename) net_username = net_record.local_username> status = str$trim(net_username,net_username,net_username_len) if (.not.status) goto 999> status = str$trim(net_nodename,net_nodename,net_nodename_len) if (.not.status) goto 999- type *,'%PWD-I-NODE, the calling node was '," 1 net_nodename(:net_nodename_len)0 type *,'%PWD-I-USER, the calling account was '," 1 net_username(:net_username_len)@ type *,'%PWD-I-MODPASS, password will be modified on account ',0 1 net_record.username(:net_record.username_len)( if (net_record.object_option.eq.1) then : type *,'%PWD-I-VMSPASS, invoking VMS password section'8 status = VMS_PASSWORD(net_nodename,net_nodename_len,$ 1 net_username,net_username_len) if (.not.status) goto 999 , elseif (net_record.object_option.eq.2) thencEcThe below error occurs when there is no SNA programming image loadedc4c %DCL-W-ACTIMAGE, error activating image SNA3270SHDc -CLI-E-IMAGEFNF, image file not found $1$DKA100:[SYS0.SYSCOMMON.]c [SYSLIB]SNA3270SH.EXE;c- status = IBM_PASSWORD (net_record.message 1 ,net_username(1:8)! 2 ,net_record.old_password(1:8)# 3 ,net_record.new_password(1:8))  if (.not.status) then) if (status.eq.ss$_nosuchuser) then% net_record.status = ss$_nosuchuser@ status = str$trim(net_record.message,net_record.message 1 ,net_record.msglen)# if (.not.status) goto 999 goto 9999 endif goto 999 endif else 3 Type *,'%PWD-F-OPTION, unknown option requested' endif net_record.status = ss$_normal- net_record.message = '%PWD-S-SUCCESSFUL, '// 1 'password has been modified' net_record.msglen = 45cc Write network recordc status = sys$qiow (,%val(lun)8 1 ,%val(io$_writevblk),%ref(iosb),,,%ref(net_record)! 2 ,%val(net_record_size),,,,) if (status) status = iosb(1) if (.not.status) thenA call sys$getmsg (%val(status),%ref(msglen),%descr(message),,) type *,message(1:msglen) call exit endif status = sys$qiow (,%val(lun)7 1 ,%val(io$_readvblk),%ref(iosb),,,%ref(net_record)! 2 ,%val(net_record_size),,,,) if (status) status = iosb(1) if (.not.status) thenD call sys$getmsg (%val(status),%ref(msglen),%descr(message),,) type *,message(1:msglen) call exit endifcc Deassign network linkc status = sys$dassgn (%val(lun)) if (.not.status) thenA call sys$getmsg (%val(status),%ref(msglen),%descr(message),,) type *,message(1:msglen) call exit endif call exitcc Error routinecA999 call sys$getmsg (%val(status),%ref(msglen),%descr(message),,) type *,message(1:msglen) ) net_record.message = message(1:msglen-1) net_record.msglen = msglen-1 net_record.status = status"9999 status = sys$qiow (,%val(lun)8 1 ,%val(io$_writevblk),%ref(iosb),,,%ref(net_record)! 2 ,%val(net_record_size),,,,) if (status) status = iosb(1) if (.not.status) thenA call sys$getmsg (%val(status),%ref(msglen),%descr(message),,) type *,message(1:msglen) call exit endif status = sys$qiow (,%val(lun)7 1 ,%val(io$_readvblk),%ref(iosb),,,%ref(net_record)! 2 ,%val(net_record_size),,,,) if (status) status = iosb(1) if (.not.status) thenD call sys$getmsg (%val(status),%ref(msglen),%descr(message),,) type *,message(1:msglen) call exit endif status = sys$dassgn (%val(lun)) if (.not.status) thenA call sys$getmsg (%val(status),%ref(msglen),%descr(message),,) type *,message(1:msglen) call exit endif end Nc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^cccNc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^@ integer*4 function vms_password (net_nodename,net_nodename_len,$ 1 net_username,net_username_len) implicit none include '($uaidef) /nolist' include '($ssdef) /nolist' include '($jpidef) /nolist' include '($libdef) /nolist' include '($strdef) /nolist' include '($libclidef) /nolist' include '($syssrvnam) /nolist' include '($rmsdef) /nolist'! include '(lib$routines) /nolist'! include '(str$routines) /nolist' include '($foriosdef) /nolist' include '($iodef) /nolist', structure /itmlist/ ! For getuai itemlist union map integer*2 bufferlen integer*2 itemcode integer*4 bufferaddr integer*4 lengthaddr end map map integer*4 endlist end map end union end structure structure /record_list/* character*255 message ! Error message& character*12 username ! Username character*25 old_password  character*25 new_password2 character*6 local_nodename ! Local node name2 character*12 local_username ! Local username. integer*4 status ! System service error* integer*4 ierr ! Fortran file error. integer*4 username_len ! Username length3 integer*4 local_username_len ! Username length- integer*4 hash_pwd(2) ! Hashed password) integer*4 pwd(2) ! Hashed Password5 integer*2 object_option ! Object routine option% integer*2 salt ! Password salt integer*2 msglen6 logical*2 authorised ! Authorised on remote node6 logical*2 exist ! Account exists on remote node2 byte encrypt ! Password encryption code/ byte pwd_length ! Password length end structure record /record_list/ net_record record /itmlist/ setuai_list(3) record /itmlist/ getuai_list(8)" record /itmlist/ checkuai_list(4)! record /itmlist/ getjpi_list(3)/ parameter net_record_size = sizeof(net_record) common /net_rec/ net_record, common /unit/ lun ! program wide variable* character*12 username ! Username string) character*25 password ! Password string) character*255 message ! Message string7 character*40 filename ! Originator Node & username4 character*32 acc_username ! Access username string4 character*6 acc_nodename ! Access Node Name string4 character*12 net_username ! Access username string4 character*6 net_nodename ! Access Node Name string9 character*3 admin_status ! Audit Administrator (Yes/No)0 character*30 Event_string ! Audit event string" integer*4 status ! Error status$ integer*4 errstatus ! Error status) integer*4 ierr ! File I/O erroe status* integer*4 error ! File I/O erroe status/ integer*4 return_status ! Return error status1 integer*4 password_len ! password string length1 integer*4 username_len ! username string length; integer*4 acc_username_len ! Access username string length< integer*4 net_username_len ! Network username string length; integer*4 acc_nodename_len ! Access nodename string length< integer*4 net_nodename_len ! Network nodename string length+ integer*4 msglen ! message string length integer*4 sts ! 0 integer*4 priv(2) ! UAF Authorised privileges0 integer*4 def_priv(2) ! UAF Default priviliges% integer*4 pwd(2) ! Hasded Password) integer*4 hash_pwd(2) ! Hashed Password- integer*4 control ! Control point valiable1 integer*4 object_option ! Object option routine2 integer*4 access_result ! Result of access check% integer*4 acl_check ! Function call( integer*4 operator_log ! Function call) integer*4 rmssts ! RSM Condition value* integer*4 condval ! RSM Condition value! integer*2 salt ! UAF salt seed& integer*4 lun ! Logical Unit Number integer*4 iosb(1) 1 logical*2 node_access ! Node access (Yes or No)4 logical*2 admin_access ! administrator (Yes or No)c%c Variables for UIC (Member & Group)c" integer*4 uic ! UAF UIC integer( integer*2 uic_2(2) ! UAF UIC two bytes5 integer*2 uic_group,uic_member ! Group / member UIC1 equivalence (uic,uic_2(1)) ! First byte of UIC3 equivalence (uic_2(1),uic_member) ! Member UIC1 equivalence (uic_2(2),uic_group) ! Group UIC 6 byte dialup_p(3) /0,0,0/ ! UAF primary dialup access8 byte dialup_s(3) /0,0,0/ ! UAF secondary dialup access- byte pwd_length ! UAF min. password length& byte encrypt ! UAF encryption code ierr = 0 error = 0 status = ss$_normal errstatus = ss$_normal vms_password = ss$_normal message = ' ' msglen = 0 node_access = .false. access_result = 0 c&c Get the username and username lengthc # username = net_record.username' username_len = net_record.username_len. vms_password = str$upcase (username,username) if (.not.vms_password) goto 999cGc Check to see if this userid exists on this node if not why waste timeFc continuing. Check the UIC and privs as these should be restricted at%c some level (to be worked out later)c checkuai_list(1).bufferlen =4% checkuai_list(1).itemcode =uai$_uic& checkuai_list(1).bufferaddr=%loc(uic) checkuai_list(1).lengthaddr=0 checkuai_list(2).bufferlen =4*2* checkuai_list(2).itemcode =uai$_def_priv+ checkuai_list(2).bufferaddr=%loc(def_priv) checkuai_list(2).lengthaddr=0 checkuai_list(3).bufferlen =4*2& c~ PWD_SOURCE.BX ,[THR.NCOM_PWD]NCOM_REMOTE_PASSWORD_SNA.FOR;1Nc? heckuai_list(3).itemcode =uai$_priv' checkuai_list(3).bufferaddr=%loc(priv) checkuai_list(3).lengthaddr=0 checkuai_list(4).endlist =0c1c Check that the person envoking the link exists.c net_record.exist = .true. net_record.authorised = .true.> vms_password = sys$getuai (,,net_username(:net_username_len), 1 checkuai_list,,,) if (.not.vms_password) then* call sys$getmsg (%val(vms_password)# 1 ,%ref(msglen),%descr(message),,) type *,message(1:msglen)7 net_record.message = '%PWD-W-NOACCOUNT, account '//5 1 net_username(:net_username_len)//' does not exist'A vms_password = str$trim(net_record.message,net_record.message 1 ,net_record.msglen)! if (.not.vms_password) return% type *,'%PWD-W-NOUSER, account ',4 1 net_username(:net_username_len),' does not exist'# if (username(:username_len).ne.( 1 net_username(:net_username_len)) then& net_record.authorised = .false. else! net_record.exist = .false. endif' vms_password = sys$qiow (,%val(lun)8 1 ,%val(io$_writevblk),%ref(iosb),,,%ref(net_record)! 2 ,%val(net_record_size),,,,), if (vms_password) vms_password = iosb(1) if (.not.vms_password) thenF call sys$getmsg (%val(status),%ref(msglen),%descr(message),,)! type *,message(1:msglen) endif' vms_password = sys$qiow (,%val(lun)7 1 ,%val(io$_readvblk),%ref(iosb),,,%ref(net_record)! 2 ,%val(net_record_size),,,,), if (vms_password) vms_password = iosb(1) if (.not.vms_password) then* call sys$getmsg (%val(vms_password)$ 1 ,%ref(msglen),%descr(message),,) type *,message(1:msglen) call exit endif ) vms_password = sys$dassgn (%val(lun)) if (.not.vms_password) then, call sys$getmsg (%val(vms_password)$ 1 ,%ref(msglen),%descr(message),,)! type *,message(1:msglen) endif call exit  endifc?c Check the UIC so the system accounts and etc are not modified^c~1c 320 = [500,*] The base of Everybodys elses UICs^c 48 = [60,*] DECs UIChc c NCOM_CODE_MODIFICATION c0 if (uic_group.lt.320) thenc# net_record.authorised = .false. 1 net_record.message = '%PWD-W-UIC, account '// $ 1 net_username(:net_username_len)//) 2 ' is outside the authorised UIC range'oA vms_password = str$trim(net_record.message,net_record.message 1 ,net_record.msglen)a! if (.not.vms_password) return " type *,'%PWD-W-UIC, account '," 1 net"_username(:net_username_len)* 1 ,' is outside the authorised UIC range'' vms_password = sys$qiow (,%val(lun)~8 1 ,%val(io$_writevblk),%ref(iosb),,,%ref(net_record)! 2 ,%val(net_record_size),,,,)e, if (vms_password) vms_password = iosb(1) if (.not.vms_password) thenF call sys$getmsg (%val(status),%ref(msglen),%descr(message),,)! type *,message(1:msglen)' endife' vms_password = sys$qiow (,%val(lun)i7 1 ,%val(io$_readvblk),%ref(iosb),,,%ref(net_record))! 2 ,%val(net_record_size),,,,)i, if (vms_password) vms_password = iosb(1) if (.not.vms_password) then** call sys$getmsg (%val(vms_password)$ 1 ,%ref(msglen),%descr(message),,) type *,message(1:msglen)  call exit endifn ) vms_password = sys$dassgn (%val(lun))/ if (.not.vms_password) thenr, call sys$getmsg (%val(vms_password)$ 1 ,%ref(msglen),%descr(message),,)! type *,message(1:msglen) endif  c call exitL l endifc Ic Check that the account the adminstrator is attempting to change exists. ct if (username(:username_len).ne.( 1 net_username(:net_username_len)) then9 vms_password = sys$getuai (,,username(:username_len),_ 1 checkuai_list,,,)  if (.not.vms_password) thens( type *,'%PWD-W-NOUSER, account ',, 1 username(:username_len),' does not exist': net_record.message = '%PWD-W-NOACCOUNT, account '//- 1 username(:username_len)//' does not exist'!D vms_passw%ord = str$trim(net_record.message,net_record.message 1 ,net_record.msglen) & if (.not.vms_password) goto 999! net_record.exist = .false.d* vms_password = sys$qiow (,%val(lun)8 1 ,%val(io$_writevblk),%ref(iosb),,,%ref(net_record)! 2 ,%val(net_record_size),,,,)_/ if (vms_password) vms_password = iosb(1)m" if (.not.vms_password) then9 call sys$getmsg (%val(vms_password),%ref(msglen)t 1 ,%descr(message),,)i! type *,message(1:msglen)1 endif* vms_password = sys$qiow (,%val(lun)7 1 ,%val(io$_readvblk),%ref(iosb),,,%ref(net_record)e! 2 ,%val(net_record_size),,,,) / if (vms_password) vms_password = iosb(1)s" if (.not.vms_password) then: call sys$getmsg (%val(vms_password),%ref(msglen) 1 ,%descr(message),,)n" type *,message(1:msglen) call exitt endif, vms_password = sys$dassgn (%val(lun))" if (.not.vms_password) then, call sys$getmsg (%val(vms_password)$ 1 ,%ref(msglen),%descr(message),,)! type *,message(1:msglen)t endif  call exit endif4 endifcM?c Check the UIC so the system accounts and etc are not modifiedicg1c 320 = [500,*] The base of Everybodys elses UICsic 48 = [60,*] DECs UICvctc NCOM_CODE_MODIFICATIONcr if (uic_group.lt.320) thena# net_record.authorised = .false.r1 net_record.message = '%PWD-W-UIC, account '//n 1 username(:username_len)//) 2 ' is outside th(e authorised UIC range'$A vms_password = str$trim(net_record.message,net_record.message1 1 ,net_record.msglen)e! if (.not.vms_password) return" type *,'%PWD-W-UIC, account ', 1 username(:username_len)* 1 ,' is outside the authorised UIC range'' vms_password = sys$qiow (,%val(lun).8 1 ,%val(io$_writevblk),%ref(iosb),,,%ref(net_record)! 2 ,%val(net_record_size),,,,), if (vms_password) vms_password = iosb(1) if (.not.vms_password) thenpF call sys$getmsg (%val(status),%ref(msglen),%descr(message),,)! type *,message(1:msglen)s endift' vms_password = sys$qiow (,%val(lun)7 1 ,%val(io$_readvblk),%ref(iosb),,,%ref(net_record)u! 2 ,%val(net_record_size),,,,), if (vms_password) vms_password = iosb(1) if (.not.vms_password) thenu* call sys$getmsg (%val(vms_password)$ 1 ,%ref(msglen),%descr(message),,) type *,message(1:msglen)l call exit endifm a) vms_password = sys$dassgn (%val(lun))  if (.not.vms_password) then , call sys$getmsg (%val(vms_password)$ 1 ,%ref(msglen),%descr(message),,)! type *,message(1:msglen)s endifa call exita endifc%Jc Open and read through the security database and see if the calling node c has access on this node.ct7 Type *,'%PWD-I-CHKACCESS, checking remote node access'e3 Open(unit=11,name='ncom_pwd$dat:pwd_security.dat', * 1 status='old', ! is an OLD file) 2 shared, ! shared accessd+: 3 organization='indexed', ! Indexed and will7 4 recordtype='variable', ! search via then, 5 access='keyed', ! first key6 6 key=(1:6:character), ! the user's name 7 form='formatted',92 8 err=400,iostat=ierr) ! Exit on error. read (unit=11,keyge=net_nodename(:6),err=300,, 1 iostat=ierr,fmt='(A6,A32)') acc_nodename, 2 acc_usernamem2 vms_password = str$trim(acc_username,acc_username 1 ,acc_username_len)n$ if (.not.vms_password) return2 vms_password = str$trim(acc_nodename,acc_nodename 1 ,acc_nodename_len)S$ if (.not.vms_password) returnc :c Check to see if the node exists in the security databasece4 type *,'%PWD-I-SEARCH, Access database node name ',+ 1 acc_nodename(:acc_nodename_len),'::',.% 2 acc_username(:acc_username_len) 2 if ((net_nodename(1:6).eq.acc_nodename(1:6)).and. 1 (acc_username_len.eq.0).or.( 2 (net_username(1:net_username_len).eq.; 3 acc_username(1:acc_username_len))) node_access = .true.A HcE<c Node exists and user ID exists then check for net_usernamecu do while (.not.node_access)7 type *,'%PWD-I-SEARCH, Access database node name ', + 1 acc_nodename(:acc_nodename_len),'::',q% 2 acc_username(:acc_username_len)a. read (unit=11,end=300,err=300,iostat=ierr,$ 1 fmt='(A6,A32)') acc_nodename, 2 acc_username5 vms_password = str$trim(acc_username,acc_username 1 ,acc_username_len)g! if (.not.vms_password) return5 vms_password = str$trim(acc_nodename,acc_nodenamee 1 ,acc_nodename_len)t! if (.not.vms_password) returng- if ((net_username(1:net_username_len).eq.e- 1 acc_username(1:acc_username_len)).and. + 2 (acc_nodename(:acc_nodename_len).eq.w= 3 net_nodename(:net_nodename_len))) node_access = .true.r enddo 300 continue close (unit=11) if (.not.node_access) then*400 if (ierr.eq.for$ios_filnotfou) then1 net_record.message = '%PWD-F-FILNOTFOU,'//e$ 1 ' file PWD_SECURITY.DAT on found' elseif ((ierr.eq.-1).or.) 1 (ierr.eq.for$ios_attaccnon)) then s0 net_record.message = '%PWD-W-NOACCESS,'//! 1 ' you have no security access'i else + call errsns (,rmssts,,,vms_password)a, call sys$getmsg (%val(vms_password)$ 1 ,%ref(msglen),%descr(message),,)! type *,message(1:msglen)n1 net_record.message = '%PWD-F-FILACCESS,'//1 1 ' error while accessing file PWD_SECURITY.DAT'( endifm# net_record.authorised = .false.m/ vms_password = str$trim(net_record.message,x 1 net_record.message, 2 net_record.msglen)# if (.not.vms_password) goto 999e 1 type *,net_record.message(:net_record.msglen)e' vms_password = sys$qiow (,%val(lun)s8 1 ,%val(io$_writevblk),%ref(iosb),,,%ref(net_record)! 2 ,%val(net_record_size),,,,)%& if (vms_password) status = iosb(1) if (.not.vms_password) thenz, call sys$getmsg (%val(vms_password)$ 1 ,%ref(msglen),%descr(message),,)! type *,message(1:msglen)( endif' vms_password = sys$qiow (,%val(lun)i4 1 ,%val(io$_readvblk),%ref(iosb),,,%ref(net_record) 2 ,%val(net_record_size),,,,), if (vms_password) vms_password = iosb(1) if (.not.vms_password) theni7 call sys$getmsg (%val(vms_password),%ref(msglen)g 1 ,%descr(message),,)n type *,message(1:msglen)  call exit endifc ) vms_password = sys$dassgn (%val(lun))v if (.not.vms_password) then, call sys$getmsg (%val(vms_password)$ 1 ,%ref(msglen),%descr(message),,)! type *,message(1:msglen)f endif call exit~ endifLc Previously I had the userid in a database that was checked but I felt thisIc maybe a security hole as the user could modify a password on behalf of rMc another user without the need for an account on the local node. This could tJc have been seen as a feature but I don't want to get my fingers burnt if Ic something goes wrong. Soooo Every adminstrator modifying a password on sIc behalf of another user MUST have an account on every node they wish to e1c access and be granted the identifier RACF_ADMINsc if (username(:username_len).ne.( 1 net_username(:net_username_len)) then2 type *,'%PWD-I-ADMINCHECK, checking if user ', 1 'is an administrator'/ !< vms_password = acl_check (net_username,net_username_len) if (.not.vms_password) then*' type *,'%PWD-E-ADMINISTRATOR, ',d& 1 net_username(:net_username_len), 2 ' is not an administrator'cGc Network I/O write. Pass the result of the FAILED administrator check 5c to calling node and then exit the remote connectionlca& net_record.authorised = .false.6 net_record.message = '%PWD-E-ADMINISTRATOR, '//' 1 net_username(:net_username_len)//s 2 ' is not an administrator'2 vms_password = str$trim(net_record.message, 1 net_record.message,  2 net_record.msglen)& if (.not.vms_password) goto 999* vms_password = sys$qiow (,%val(lun)8 1 ,%val(io$_writevblk),%ref(iosb),,,%ref(net_record)! 2 ,%val(net_record_size),,,,)p/ if (vms_password) vms_password = iosb(1)l" if (.not.vms_password) then, call sys$getmsg (%val(vms_password)$ 1 ,%ref(msglen),%descr(message),,)! type *,message(1:msglen)e endif e* vms_password = sys$qiow (,%val(lun)7 1 ,%val(io$_readvblk),%ref(iosb),,,%ref(net_record)! 2 ,%val(net_record_size),,,,)/ if (vms_password) vms_password = iosb(1) " if (.not.vms_password) then; call sys$getmsg (%val(vms_password),%ref(msglen)t 1 ,%descr(message),,)o# type *,message(1:msglen)e call exit endif, vms_password = sys$dassgn (%val(lun))" if (.not.vms_password) then, call sys$getmsg (%val(vms_password)$ 1 ,%ref(msglen),%descr(message),,)! type *,message(1:msglen)n endif 3 call exit endifm admin_access = .true.d$ type *,'%PWD-I-A7DMINISTRATOR, ',< 1 net_username(:net_username_len),' is an administrator'" net_record.status = ss$_normal elset type *,'%PWD-I-PASSWORD, ',r> 1 net_username(:net_username_len),' is modifing his/her ', 2 'own password.' " net_record.status = ss$_normal endifc1c Get all the UAF information needed to continue.rce getuai_list(1).bufferlen =1* getuai_list(1).itemcode =uai$_pwd_length+ getuai_list(1).bufferaddr=%loc(pwd_length)i getuai_list(1).lengthaddr=0 getuai_list(2).bufferlen =1' getuai_list(2).itemcode =uai$_encryptu( getuai_list(2).bufferaddr=%loc(encrypt) getuai_list(2).lengthaddr=0 getuai_list(3).bufferlen =2$ getuai_list(3).itemcode =uai$_salt% getuai_list(3).bufferaddr=%loc(salt)e getuai_list(3).lengthaddr=0 getuai_list(4).bufferlen =4*2# getuai_list(4).itemcode =uai$_pwdi$ getuai_list(4).bufferaddr=%loc(pwd) getuai_list(4).lengthaddr=0 getuai_list(5).bufferlen =4# getuai_list(5).itemcode =uai$_uic$ getuai_list(5).bufferaddr=%loc(uic) getuai_list(5).lengthaddr=0 getuai_list(6).bufferlen =4*2( getuai_list(6).itemcode =uai$_def_priv) getuai_list(6).bufferaddr=%loc(def_priv)c getuai_list(6).lengthaddr=0 getuai_list(7).bufferlen =4*2$ getuai_list(7).itemcode =uai$_priv% getuai_list(7).bufferaddr=%loc(priv)i getuai_list(7).lengthaddr=0 getuai_list(8).endlist =06 vms_password = sys$getuai (,,username(:username_len), 1 getuai_list,,,) if (.not.vms_password) goto 999csLc Write the salt, encryption cB:ode and hashed password to the calling programcr net_record.salt = salt# net_record.encrypt = encryptr" net_record.pwd(1) = pwd(1)" net_record.pwd(2) = pwd(2)& net_record.pwd_length = pwd_length$ vms_password = sys$qiow (,%val(lun)8 1 ,%val(io$_writevblk),%ref(iosb),,,%ref(net_record)! 2 ,%val(net_record_size),,,,) ) if (vms_password) vms_password = iosb(1)! if (.not.vms_password) then' call sys$getmsg (%val(vms_password)d$ 1 ,%ref(msglen),%descr(message),,) type *,message(1:msglen) c) vms_password = sys$dassgn (%val(lun))  if (.not.vms_password) then , call sys$getmsg (%val(vms_password)$ 1 ,%ref(msglen),%descr(message),,)! type *,message(1:msglen)s endif_ u call exit endifcr=c Read the hashed password sent from the calling program and eIc then check if we are to continue on or not due to error within calling.a c program.ce$ vms_password = sys$qiow (,%val(lun)7 1 ,%val(io$_readvblk),%ref(iosb),,,%ref(net_record) ! 2 ,%val(net_record_size),,,,)g) if (vms_password) vms_password = iosb(1)r if (.not.vms_password) then' call sys$getmsg (%val(vms_password)i# 1 ,%ref(msglen),%descr(message),,). type *,message(1:msglen)) vms_password = sys$dassgn (%val(lun))t if (.not.vms_password) then., call sys$getmsg (%val(vms_password)$ 1 ,%ref(msglen),%descr(message),,)! type *,message(1:msglen)t endifd 0 call exitt endif% hash_pwd(1) = net_record.hash_pwd(1)u% hash_pwd(2) = net_record.hash_pwd(2)%c(7c Wait until all nodes and IBM system have been checked.cl$ vms_password = sys$qiow (,%val(lun)7 1 ,%val(io$_readvblk),%ref(iosb),,,%ref(net_record)u! 2 ,%val(net_record_size),,,,)) if (vms_password) vms_password = iosb(1)e if (.not.vms_password) then' call sys$getmsg (%val(vms_password)d$ 1 ,%ref(msglen),%descr(message),,) type *,message(1:msglen)) vms_password = sys$dassgn (%val(lun))( if (.not.vms_password) thene, call sys$getmsg (%val(vms_password)$ 1 ,%ref(msglen),%descr(message),,)! type *,message(1:msglen)i endifd s call exit. endifc 'c Write the list for the UAF to action.scr setuai_list(1).bufferlen=8W" setuai_list(1).itemcode =uai$_pwd) setuai_list(1).bufferaddr=%loc(hash_pwd)  setuai_list(1).lengthaddr=0 setuai_list(2).endlist=0cmc Change the accounts password.ucr7 vms_password = sys$setuai (,,username(1:username_len), 1 setuai_list,,,)8 if (vms_password.eq.rms$_rnf) vms_password = ss$_normal if (.not.vms_password) goto 999c2Dc We've got this far so lets say they attemped to change a password.>c So we'll write it to the OPERATOR.LOG for use with auditing.cmB type *,'%PWD-I-PASSWORD, password modification on user account ', 1 username(1:username_len)/ event_string = 'Network password Modification'a admin_status = 'Yes's, if (.not.admin_access) admin_status = 'No '4 vms_password = operator_log (event_string,username,+ 1 admin_status,net_username,net_nodename) if (.not.vms_password) goto 999 returne(899 call errsns (,rmssts,,,vms_password) s 999 return end cMc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~(Cc This subroutine is called from the VMS_PASSWORD routine to check )9c that a user has been granted a RACF_ADMIN identifier . sc(Mc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~o> integer*4 function acl_check (net_username,net_username_len) implicit none include '($ssdef) /nolist', include '($uaidef) /nolist' include '($smgdef) /nolist' include '($rmsdef) /nolist' include '($jpidef) /nolist'! include '(lib$routines) /nolist'U include '($syssrvnam) /nolist'(, structure /itmlist/ ! For getuai itemlist unionr map integer*2 bufferlenr integer*2 itemcode integer*4 bufferaddr integer*4 lengthaddr end map map integer*4 endlist end map end uniono end structure record /itmlist/ getuai_list(2) character net_username*12 integer*4 net_username_len  integer*4 uic integer*4 status  integer*4 mem_uic integer*4 group_uic integer*4 zero/0/ integer*4 ids integer*4 int_idi integer*4 holder(2) integer*4 contxt ccAc Extract out of the UAF the imformation about the enquired user. ct getuai_list(1).bufferlen =4# getuai_list(1).itemcode =uai$_uic,$ getuai_list(1).bufferaddr=%loc(uic) getuai_list(1).lengthaddr=0 getuai_list(2).endlist =0< acl_check = sys$getuai (,,net_username(1:net_username_len), 1 getuai_list,,,) if (.not.acl_check) returnv= acl_check = sys$asctoid (%descr('RACF_ADMIN'),%ref(int_id),)p if (.not.acl_check) return c 5c Check to see if user has the RACF_ADMIN identifier.acu holder(1) = uic holder(2) = zeror contxt = 0l% do while (acl_check.ne.ss$_nosuchid)%B acl_check = sys$find_held (%ref(holder),%ref(id),,%ref(contxt)) if (id.eq.int_id) goto 100 G if ((.not.acl_check).and.(acl_check.ne.ss$_nosuchid)) return c enddo acl_check = SS$_noprivu call sys$finish_rdb (contxt)( returnm 100 continue $ acl_check = sys$finish_rdb (contxt) return  end Nc~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^cSc coNc~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^< integer*4 function operator_log (event_string,mod_username,* 1 admin_status,remote_username,nodename) implicit none include '($ssdef) /nolist'1 include '($libdef) /nolist' include '($syssrvnam) /nolist'! include '(lib$routines) /nolist'd! include '(str$routines) /nolist'( include '($strdef) /nolist' include '($opcdef) /nolist' include '($jpidef) /nolist' s% character*1 ms_type /opc$_rq_rqst/s character*3 ms_target /'010'/ character*4 ms_rqstid /'0000'/ character*275 opr_message r character*283 oper_message( character*1 lf  character*1 tbg character*1 cr  character*8 chr_pid character*23 timbuf character*30 event_string e character*12 username character*80 image  character*32 imagename, character*12 remote_usernamev character*3 admin_status  character*12 mod_username character*6 nodenameg integer*4 statuso integer*4 sts integer*4 pid integer*4 username_lene integer*4 image_len integer*4 event_string_lene integer*4 nodename_lenr integer*4 mod_username_len integer*4 remote_username_len data tb,lf,cr/9,10,13/g, structure /itmlist/ ! For getjpi itemlist union) map integer*2 bufferlenl integer*2 itemcode integer*4 bufferaddr integer*4 lengthaddr end map map integer*4 endlista end map end union end structure! record /itmlist/ getjpi_list(5)ic8;c Get the username and other details of the current processc  getjpi_list(1).bufferlen=12' getjpi_list(1).itemcode =jpi$_username_) getjpi_list(1).bufferaddr=%loc(username)- getjpi_list(1).lengthaddr=%loc(username_len)h getjpi_list(2).bufferlen=4 " getjpi_list(2).itemcode =jpi$_sts$ getjpi_list(2).bufferaddr=%loc(sts) getjpi_list(3).bufferlen=80' getjpi_list(3).itemcode =jpi$_imagnameD& getjpi_list(3).bufferaddr=%loc(image)* getjpi_list(3).lengthaddr=%loc(image_len) getjpi_list(4).bufferlen=4s" getjpi_list(4).itemcode =jpi$_pid$ getjpi_list(4).bufferaddr=%loc(pid) getjpi_list(5).endlist=0- operator_log = sys$getjpi(,,,getjpi_list,,,)d if (.not.operator_log) return9 operator_log = str$trim (username,username,username_len)l if (.not.operator_log) return t: operator_log = str$trim (remote_username,remote_username, 1 remote_username_len)  if (.not.operator_log) return %4 operator_log = str$trim (mod_username,mod_username, 1 mod_username_len) if (.not.operator_log) return n9 operator_log = str$trim (nodename,nodename,nodename_len)w if (.not.operator_log) returncec Get the timec,% operator_log = sys$asctim(,timbuf,,)  if (.not.operator_log) return scg-c Build a message to send to the operator logec opr_message = e. 1'Auditable event:'//tb//event_string//cr//lf) 2//'Event time:'//tb//tb//timbuf//cr//lfs, 3//'PID:'//tb//tb//tb//chr_pid(pid)//cr//lf8 4//'Username:'//tb//tb//username(:username_len)//cr//lf3 5//'Image Name:'//tb//tb//imagename(image)//cr//lf.; 6//'Remote Node:'//tb//tb//nodename(:nodename_len)//cr//lfsA 7//'Remote Username:'//tb//remote_username(:remote_username_len) 8//cr//lf2 9//'Administrator:'//tb//tb//admin_status//cr//lf= 1//'Modified Username:'//tb//mod_username(:mod_username_len)e; oper_message = ms_type//ms_target//ms_rqstid//opr_message cc Send message to Operator Logcf t2 operator_log = sys$sndopr (%descr(oper_message),) if (.not.operator_log) return ' operator_log = ss$_normal returnE end rNc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^Ac Function : Convert the Hex integer PID to a character stringucnNc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^" character*8 function chr_pid(pid) implicit none integer*4 pid write (chr_pid,fmt=800) pid800 format (Z8.8)c return  end eNc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^Hc Function : Extract only the image name from the file spec of Imagnamec:Nc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^+ character*32 function imagename (imagname)t implicit none include '($libdef) /list'e include '($ssdef) /list' include '(str$routines) /list's include '(lib$routines) /list'  character*80 imagname s integer*4 period integer*4 bracketa integer*4 statuso integer*4 imagname_len bracket =1_ do while (bracket.ne.0) bracket=index(imagname,']')5 status = str$right (imagname,imagname,bracket+1) enddo c period = index(imagname,'.')-1.c status = str$left(imagename,imagname,period)3 status = str$trim(imagename,imagname,imagname_len)m) if (len(imagename).eq.0) imagename = ' 'm return_ end lNc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^cnc Author : Ron Rienhardccc Date : 06-Jan-1991 c(c Procedure : IBM_Password.forcwHc Function : This routine allows the operator to modify an IBM password c From the VAX environment.cciKc Compulation : Link the program against the option file SNAPROGRAM.OPT 2c i.e. $LINK DDS_IBM_PASSWORD,SNAPROGRAM/OPTcfc c Revised :Tc c Date Author Reasoni>c 06-Jan-1992 THR Modified to be called from NCOM_PASSWORD.FOR/c 10-Jan-1992 THR Removed redundant code.1cychNc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^0 integer*4 function ibm_password (error_string, 1 user,old_pwd,new_pwd)  implicit none( include 'sys$library:sna3270df /nolist' include '($ssdef) /nolist'$ include 'screen_common.for /nolist'" include '(str$routines) /nolist'c c Define misc. session variablesc7 integer*4 status_vector (sna3270$k_min_status_vector)_ integer*4 session_id integer*4 return_code( integer*4 conn_type  integer*4 read_specific_field. integer*4 write_next_field parameter lu2_efn = 10 external read_specific_fieldt external write_next_fieldcrc Define field mode structuresc, record /sna3270_sdb/ sdb record /sna3270_fdb/ fdb scwc Define screen imagelcy integer*4 screen_size) parameter (screen_size = 3441)& character*(screen_size) screen_image integer*4 sdb_dsc(2) integer*4 fdb_dsc(2)l integer*4 status integer*2 field_attr r integer*2 field_offset integer*2 length). logical*1 field_vector ( screen_size/8 + 1 )' integer*2 attr_vector ( screen_size )  character*12 userv character*8 old_pwd n character*8 new_pwd character*256 field_data character*240 data_line_1  character*8 node_name_ character*8 access_name character*8 circuit_names character*9 session_typec character*8 logon_mode character*80 error_stringcr c Global data c 0 common /session_data/ session_id, status_vectorci$c Initialize FDB and SDB descriptorsce" sdb_dsc(1) = sna3270$k_sdb_length sdb_dsc(2) = %loc (sdb) fdb_dsc(1) = sna3270$k_fdb_size fdb_dsc(2) = %loc (fdb)& ibm_password = str$upcase (user,user) if (.not.ibm_password) returnA type *,'PWD-I-PWDMSG, IBM password modification on userid ',userfcec NCOM_CODE_MODIFICATIONocw node_name = 'NMDG01'm access_name = 'NMNCOM'a logon_mode = 'M4SNA' circuit_name = 'SNA-0'! session_type = 'TSO '//userh error_string = ' 'sc #c Request field mode connection etc1ct5 return_code = sna3270$request_connect_w (session_id,I4 1 %descr (status_vector), %ref (sna3270$k_active),4 2 %ref (sna3270$k_field_mode), %descr (node_name), 3 %descr (access_name),, n 4 ,, %descr (logon_mode),  5 ,,, screen_image,I 6 %descr (attr_vector),r0 7 %descr (field_vector), sdb_dsc, fdb_dsc,,,,) if (.not. return_code) then* ibm_password = status_vector(2) return endifcg(c Receive Northern Territory Logo screenca return_code = sna3270$_ok_nyt) dowhile (return_code.eq.sna3270$_ok_nyt)D7 return_code = sna3270$receive_screen_w (session_id,. 1 %descr (status_vector), %ref (lu2_efn)) if (.not. return_code) theng& ibm_password = status_vector(2) return endifo enddo oco7c Send name of tso Region to sign on to and the user ID c% field_data = session_type7 return_code = write_next_field (field_data (1:8), fdb)  if (.not. return_code) then ibm_password = return_code return endifc ;c Transmit the screen with completed fields to the IBM hostdcr( type *,'%PWD-I-PWDMSG, IBM TSO sign on'5 return_code = sna3270$transmit_screen_w (session_id,%7 1 %descr (status_vector), %ref (sna3270$k_aid_enter),_ 2 %ref (lu2_efn))( if (.not. return_code) then# ibm_password = status_vector(2)o return endifcm(c Receive a new screen from the IBM hostc( return_code = sna3270$_ok_nyt) dowhile (return_code.eq.sna3270$_ok_nyt)e8 return_code = sna3270$receive_screen_w (session_id,. 1 %descr (status_vector), %ref (lu2_efn)) if (.not. return_code) then & ibm_password = status_vector(2) returnl endifm enddoc Gc Fill in the two password fields and return the screen to the IBM host ci field_data = old_pwd.7 return_code = write_next_field (field_data (1:8), fdb)_ if (.not. return_code) then ibm_password = return_code return endif field_data = new_pwde8 return_code = write_next_field (field_data (1:8), fdb) if (.not. return_code) then ibm_password = return_code return endif5 return_code = sna3270$transmit_screen_w (session_id,e7 1 %descr (status_vector), %ref (sna3270$k_aid_enter),g 2 %ref (lu2_efn))e if (.not. return_code) then# ibm_password = status_vector(2)t return endifc(c Recieve a new screen from the IBM hostc.5 type *,'%PWD-I-PWDMSG, Receive return screen after',( 1 ' password change'2 return_code = sna3270$_ok_nyt) dowhile (return_code.eq.sna3270$_ok_nyt)a7 return_code = sna3270$receive_screen_w (session_id,.. 1 %descr (status_vector), %ref (lu2_efn)) if (.not. return_code) thencaLc I'm going to assume that a SNA3270$_FUNCABORT is caused my a user ID being:c revoked and the session has been or is being terminated.ct5 if (return_code.eq.sna3270$_funcabort) g% 1 status_vector(2) = ss$_nosuchuseri& ibm_password = status_vector(2) returnd endif_ enddo9 return_code = read_specific_field ( data_line_1, fdb, 1)g a if (.not. return_code) then# ibm_password = status_vector(2)v return endif> type *,'%PWD-I-PWDMSG, data line segment ',data_line_1(81:83)/ type *,'%PWD-I-PWDMSG, data line ',data_line_1,cFc Look at the IBM error line and translate them all to a login failurecn8 type *,'%PWD-I-PWDMSG, now checking MVS return message'& if ((data_line_1(81:83).eq.'IKJ').or.% 1 (data_line_1(1:3).eq.'IKJ')) then ) if (data_line_1(81:83).eq.'IKJ') then() error_string = data_line_1(81:160) else' error_string = data_line_1(1:80)( endifl8 return_code = sna3270$transmit_screen_w (session_id,4 1 %descr (status_vector), %ref (sna3270$k_aid_pf3)) if (.not. return_code) thena& ibm_password = status_vector(2) returnd u1 ~ PWD_SOURCE.BX ,[THR.NCOM_PWD]NCOM_REMOTE_PASSWORD_SNA.FOR;1Nc[ endife= type *, 'PWD-E-NOSUCHUSER, failed to modify MVS password's! ibm_password = SS$_NOSUCHUSERp return endifcl(c Logoff TSO and disconnect the IBM linkcs% type *,'%PWD-I-PWDMSG, TSO sign off', field_data = 'LOGOFF'1 return_code = write_next_field (field_data, fdb)h if (.not. return_code) then ibm_password = return_code return endif5 return_code = sna3270$transmit_screen_w (session_id,e6 1 %descr (status_vector), %ref (sna3270$k_aid_enter), 2 %ref (lu2_efn)) if (.not. return_code) then# ibm_password = status_vector(2)s return endif6 return_code = sna3270$request_disconnect (session_id,* 1 %descr (status_vector), %ref (lu2_efn)) if (.not. return_code) then# ibm_password = status_vector(2)o return endif ibm_password = ss$_normal return 999 continue returng end pNc~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^c Write variable to a field ctNc~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^0 integer*4 function write_next_field (data, fdb) implicit none( include 'sys$library:sna3270df /nolist' include '($ssdef) /nolist' include '($libdef) /nolist'2" include '(lib$routines) /nolist' character*(*) data8 integer*4 status_vector (sna3270$k_min_status_vector) integer*4 session_ids integer*4 return_code record /sna3270_fdb/ fdbm3 common /session_data/ session_id, status_vector(c(!c Find the next unprotected fieldec fdb.sna3270$w_fdb_att_value = 01 fdb.sna3270$w_fdb_att_mask = sna3270$m_attr_pro fdb.sna3270$w_fdb_bufoff = 08 fdb.sna3270$w_fdb_select = sna3270$k_sel_search_next. return_code = sna3270$read_field (session_id, 1 %descr (status_vector))t if (.not. return_code) then' write_next_field = status_vector(2)t return endifcic Convert string to EBCDICcn+ return_code = lib$tra_asc_ebc (data, data)r if (.not. return_code) then" write_next_field = return_code return endifc_c Update the screen imagemc/ return_code = sna3270$write_field (session_id,o! 1 %descr (status_vector), data)d if (.not. return_code) then' write_next_field = status_vector(2)i return endif write_next_field = ss$_normal d return  end Nc~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^Ac Read the field at the cursor location and return the data fieldtc=Nc~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^? integer*4 function read_specific_field (data, fdb, cursor_loc)r implicit none( include 'sys$library:sna3270df /nolist' include '($ssdef) /nolist' include '($libdef) /nolist'~" include '(lib$routines) /nolist' character*(*) data: integer*4 status_vector ( sna3270$k_min_status_vector ) integer*4 return_code integer*4 session_id~ integer*4 cursor_loc~ record / sna3270_fdb/ fdb2 common / session_data/ session_id, status_vectorc_%c Find desired field after cursor_loc ce fdb.sna3270$w_fdb_att_value = 0! fdb.sna3270$w_fdb_att_mask = 0 e) fdb.sna3270$w_fdb_bufoff = cursor_locn1 fdb.sna3270$w_fdb_select = sna3270$k_sel_readb/ return_code = sna3270$read_field ( session_id,t 1 %descr (status_vector), data) if (.not. return_code) then* read_specific_field = status_vector(2) return endifcr"c Convert the data string to ASCIIcp+ return_code = lib$tra_ebc_asc (data, data)  if (.not. return_code) then* read_specific_field = status_vector(2) return endif! read_specific_field = ss$_normalt returnc end*4 status  integer*4 mem_uic integer*4 group_uic integer*4 zero/0/ integer*4 ids integer*4 int_idi integer*4 holder(2) integer*4 contxt ccAc Extract out of the UAF the imformation about the enquired user. ct getuai_list(1).bufferlen =4# getuai_list(1).itemcode =uai$_uic,$ getuai_list(1).bufferaddr=%loc(uic) getuai_list(1).lengthaddr*[THR.NCOM_PWD]OLD.DIR;1+,-./A 4-0123 KPWO56@7?s89GAHJI ACL_CHECK.FOR BOOT_NODE.FORCHECK_ACCESS.FORLCHECK_LOGICAL.FOR$NCOM_PASSWORD.FOR> NCOM_PASSWORD.QIOII; $NCOM_REMOTE_PASSWORD.FORO (NCOM_REMOTE_PASSWORD_SNA.FOR! PCBDEF.FOR# PWDMGR.FOR/'W PWD_HELP.FOR;'PWD_MANAGER.FOR2& PWD_MANAGER.OLD_CLD LRACF_PASSWORD.FOR7SCREEN_COMMON.FOR88) SEND_OPER.FOR9% UAFDEF.FOR49 *[THR.NCOM_PWD]PASSWORD.OPT;1+,./A 4D-0123KPWO56 _7[s89GAHJ!+!- NAME = "PWD"!+!_IDENTIFICATION = "V1.0-0"!+!-*[THR.NCOM_PWD]PWD.CLD;1+,>./A 4L-0123KPWO56aH7 xs89GAHJG!~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^!(! PASSWORD Command Language Definition! ! Facility:! ! PASSWORD! ! Abstract:!=! This file contains the command language definition for the ! PWD command.!! Version 1.0-0!! Modification History:!!L!---------------------------------------------------------------------------!Ident "PWD V1.0-0"define verb PWD) image "NCOM_PWD$EXE:NCOM_PASSWORD.EXE"E qualifier TYPE, label=TYPE, nonnegatable, value (required, list,  type=OPERATING_TYPE) E qualifier USERNAME, label=USERNAME, nonnegatable, value (required)F qualifier NODENAME, label=NODE_LIST, nonnegatable, value (required, list, type=$file)( qualifier LOCAL_PWD, negatable, valuedefine type OPERATING_TYPE keyword VMS negatable  keyword MVS negatable  keyword NOVELL negatable  keyword ULTRIX negatable *[THR.NCOM_PWD]PWD.HLP;1+,A./A 4Nb-0123KPWO56ᔥM7 s89GAHJ1 PWD F Establishes or changes a password across a Wide Area Network (WAN). @ PWD can be used by users to change their own passwords and by ; administrators to change users passwords on their behalf.3 See the qualifier descriptions for restrictions. Format PWD 2 DescriptionG All user accounts on a system have passwords. A password is required  for logging in to the system. J To maintain password security, users should change their passwords from E time to time. The PWD command offers a means of making this change # across a Wide Area Network (WAN). < A system manager can control which users are nomimated as C administrators and can change passwords on behalf of other users. = When your password has expired, you can use the PWD or SET + PASSWORD command to change your password. ? A password can contain up to 31 alphanumeric characters. The N characters and include the dollar sign ($) and the underscore (_) are also. L All lower-case characters are converted to upper-case before the password < is encrypted. (For example, "DUCK" is the same as "duck.") 6 Use the following procedure to change your password:  1. Enter the PWD command. B 2. The system prompts you for your current password. Enter your  current password. E 3. The system prompts you for a new password. Enter a new password. B 4. The system prompts you to verify the password. Enter the new H password to verify. (If the two entries of the new password do not * match, the password does not change.) 2 Qualifiers /USERNAME /USERNAME=[username]A Allows a user nominated as an administrator through the PWDMGRA utility to modify another users password on their behalf. The D user must be registered as an administrator on all the nodes they are attempting to access. C When you modify another users password you are not prompted for B the old password, but you are still prompted to verify the new 1 password you are modifying on the users behalf/TYPE) /TYPE=(operating_system_type[,...]) B Indicates the type of operating system you wish to modify your ? password on. Your password must conform to the rules of the ? operating system you are modifying your password on. If you @ modify your password on all operating systems within the one A command, your password must conform to the rules of all those  operating systems.H By default the VAX/VMS operating system will be selected, all other G operating systems must be declared within the operating system type  list.D If one or more of the keyword operating system types are negated C then that platforms password(s) will not be checked or modified.; Below are the keywords that specify the various types of$ operating systems you can invoke.# PASSWORD operating system types $ [NO]VMS (default) VAX/VMS network [NO]MVS IBM MVS mainframe /NODENAME% /NODENAME=(nodename_list[,...])A Allows the user to select a list of nodes on which to attempt C to modify their password. Access to the remote nodes may not be A possible depending on whether access has been granted through F the PWDMGR utility on the remote node. See your remote site system E manager if you do not have access. If you do not use the NODENAME H qualifier the PWD program will default to a list of nodes maintained E by your local system manager through the PWDMGR utility.The local / node can not be placed in the nodename list. /LOCAL_PWD /LOCAL_PWD /NOLOCAL_PWD H Allows the user modifying her password to indicate whether she wishes; to modify the local password. /LOCAL_PWD is the default. 2 Examples 1. $ PWD Old password: MRFLOPPY New password: BIG_MUMBA Verification: BIG_MUMBA? In response to the PWD command, the system prompts you for D the old password and then for the new password. The system then H prompts you again for the new password to verify that it is correct.B The password changes if the user is authorised to change this C account's password by being in the valid UIC range, if the old B password is given correctly, and if the new password is given A correctly twice. Otherwise, an error message appears and the  password remains unchanged.B The passwords are not displayed when using PWD at the terminal0 2. $ PWD/NODE=(CCPL01,CCAL01,NMDL01)/TYPE=(MVS) Old password: MRJUICY New password: BIGERIC Verification: BIGERIC@ In the above example a list of VAX nodes have been supplied > that will be used to attempt password modification on. If ; any of the nodes deny you access you will be prompted ; whether you wish to continue or exit without modifying = any passwords. The MVS operating system has been selected? using the /TYPE qualifier. The VAX/VMS operating system is A selected by default unless negated within the /TYPE qualifier> list. The old password on the VAX environment and the MVS = mainframe environment must be the same. The new password > must conform to the rules of password modification on the @ VAX and MVS systems; i.e. Less than nine characters for the B MVS system and more than the minimum password length required by all the select VAX nodes.B The passwords are not displayed when using PWD at the terminal2 3. $ PWD/NODE=(CCPL01,CCAL01,NMDL01)/USERNAME=A2H New password: BIG_TOM Verification: BIG_TOM9 The above example demonstrates the modification of a : users password by a nominated administrator. The user ; who's password will be modified is A2H and the list of < nodes are the systems that the password will be changed = on. If the user who's password is being changed does not = have an account on a selected node the the administrator ; will be notified and the process of changing the users : password will continue. If the administrator invoking 8 this command does not have an account on one of the 8 selected nodes or is not a registered administrator 8 she will be asked if she wishes to continue or quit ) without modifying the users password.B The passwords are not displayed when using PWD at the terminal 4. $ PASSWORD/TYPE=(MVS,NOVMS) Old Password: MRLOOPY New password: BIGBOY Verification: BIGBOY? The above example demonstrates the modification of a users @ password on the IBM mainframe only. The system first promptsE for the old IBM mainframe password and then for the new password.E The system then prompts again for the new password to verify it. B The password changes if the user is authorised to change this D account's password, if the old password is given correctly, and B if the new password is given identically twice. Otherwise, an = error message appears and the password remains unchanged.B The passwords are not displayed when using PWD at the terminal*[THR.NCOM_PWD]PWD010.DOC;1+,f./A 4N-0123KPWO56`HH]7s89GAHJ PWDN------------------------------------------------------------------------------PWD 7 Establishes or changes a password across a Wide Area : Network (WAN). PWD can be used by users to change their 6 own passwords and by administrators to change users  passwords on their behalf. N------------------------------------------------------------------------------FORMAT PWDN------------------------------------------------------------------------------PARAMETERS None.N------------------------------------------------------------------------------HDESCRIPTION All user accounts on a system have passwords. A password is ( required for logging in to the system. = To maintain password security, users should change their 8 passwords from time to time. The PWD command offers a ? means of making this change across a Wide Area Network (WAN). > A system manager can control which users are nomimated as = administrators and can change passwords on behalf of other  users. ? When your password has expired, you can use the PWD or SET - PASSWORD command to change your password. A A password can contain up to 31 alphanumeric characters. The B characters and include the dollar sign ($) and the underscore ; (_) are also. All lower-case characters are converted to / upper-case before the password is encrypted. . (For example, "DUCK" is the same as "duck.") 8 Use the following procedure to change your password:  1. Enter the PWD command. 7 2. The system prompts you for your current password. ! Enter your current password. > 3. The system prompts you for a new password. Enter a new  password. < 4. The system prompts you to verify the password. Enter 8 the new password to verify. (If the two entries of : the new password do not match, the password does not change.) PWDN------------------------------------------------------------------------------QUALIFIERS  /USERNAME=[username]H Allows a user nominated as an administrator through the ; PWDMGR utility to modify another users password on their = behalf. The user must be registered as an administrator on / all the nodes they are attempting to access. L When you modify another users password you are not prompted = for the old password, but you are still prompted to verify 8 the new password you are modifying on the users behalf 3 /TYPE=(operating_system_type[,...])J Indicates the type of operating system you wish to modify < your password on. Your password must conform to the rules > of the operating system you are modifying your password on. > If you modify your password on all operating systems within > the one command, your password must conform to the rules of  all those operating systems. J By default the VAX/VMS operating system will be selected, : all other operating systems must be declared within the  operating system type list. I If one or more of the keyword operating system types are > negated then that platforms password(s) will not be checked  or modified. I Below are the keywords that specify the various types of # operating systems you can invoke. : PWD operating system types are as follows: 4 [NO]VMS (default) VAX/VMS network 6 [NO]MVS IBM MVS mainframe / /NODENAME=(nodename_list[,...])F Allows the user to select a list of nodes on which to ? attempt to modify their password. Access to the remote nodes ; may not be possible depending on whether access has been 9 granted through the PWDMGR utility on the remote node. @ See your remote site system manager if you do not have access.@ If you do not use the NODENAME qualifier the PWD command will = default to a list of nodes maintained by your local system = manager through the PWDMGR utility. The local node can not ! be placed in the nodename list.  /LOCAL_PWD /NOLOCAL_PWDE Allows the user modifying their password to indicate = whether they wish to modify the local password. /LOCAL_PWD  is the default.  PWDN------------------------------------------------------------------------------EXAMPLES 1. $ PWD! Old password: MRFLOPPY" New password: BIG_MUMBA" Verification: BIG_MUMBA ; In response to the PWD command, the system first prompts 6 for the old password and then for the new password. 8 The system then prompts again for the new password to 9 verify it. The password changes if the old password is @ given correctly, and if the new password is given identically L twice. Otherwise, an error message appears and the password  remains unchanged. 0 The passwords are not displayed when using PWD at the terminal 0 2. $ PWD/NODE=(CCPL01,CCAL01,NMDL01)/TYPE=(MVS) Old password: MRJUICY New password: BIGERIC Verification: BIGERIC > In the above example a list of VAX nodes have been supplied 9 that will be used to attempt password modification on. ; If any of the nodes deny you access you will be prompted = whether you wish to continue or exit without modifying any > passwords. The MVS operating system has been selected using @ the /TYPE qualifier. The VAX/VMS operating system is selected < by default unless it is negated in the /TYPE qualifier by L entering NOVMS. The old password on the VAX environment and : the MVS mainframe environment must be the same. The new > password must conform to the rules of password modification @ on the VAX and MVS system. i.e. Less than nine characters for ; the MVS system and more than the minimum password length ) required by all the selected VAX nodes. 0 The passwords are not displayed when using PWD at the terminal 2 3. $ PWD/NODE=(CCPL01,CCAL01,NMDL01)/USERNAME=A2H New password: BIG_TOM Verification: BIG_TOM = The above example demonstrates the modification of a users A password by a nominated administrator. The user who's password @ will be modified is A2H and the list of nodes are the systems : that the password will be changed on. If the user who's : password is being changed does not have an account on a ; selected node the administrator will be notified and the M process of changing the users password will continue. If the M administrator invoking this command does not have an account 6 on one of the selected nodes or is not a registered < administrator they will be asked if they wish to continue / or quit without modifying the users password. 0 The passwords are not displayed when using PWD at the terminal)*[THR.NCOM_PWD]PWD010.INSTALLATION_GUIDE;1+,,.$/A 4[$#r-0123KPWO$56@*b7s89GAHJ   PWD Installation Guide  June 1992 D This document describes the installation of the PWD utility.= It also explains how to display or print the online release  notes before you install PWD. 0 Revision/Update Information: New Manual + Software Version: PWD Version 1.0 N------------------------------------------------------------------------------ June 1992 IThe information in this document is subject to change without notice and Ashould not be construed as a commitment by NCOM. NCOM assumes no ?responsibility for any errors that may appear in this document.  N------------------------------------------------------------------------------$ Contents Preface iv 1 Preparing to Install PWD 0 1.1 Accessing on line help notes 1-2< 1.2 Installation procedure requirements 1-2 2 Installing PWD 8 2.1 Installing PWD on a VAXcluster 2-13 After the Installation 4 Sample Installation PWD V1.0 Installation GuideN------------------------------------------------------------------------------Preface F This guide describes how to install PWD on a VMS operating system.  / This manual is intended for System managers. G PWD allows you to modify passwords on multiple systems ; form a single node in your network. Security in provided 7 via databases on the local nodes to vet unauthorised < access. The utility PWDMGR is used to maintain the access < to the local node and to provide a list of nodes that can ; be used to attempt password modification on other nodes. 9 Administrators can be nominated to change passwords on  behalf of other users.N------------------------------------------------------------------------------Preparing to Install PWD7 PWD require VAX/VMS V5.5 or higher. You will need VAX= FORTRAN V 5.8 or higher to compile the fortran source code.6 It is assumed that there is only one SYSUAF.DAT file within a VAXcluster.3 The manager should copy the backup save set file ; PWD_SOURCE.B from tape and revue the source code and use 7 it to rebuild the PWD010 installation kit. It is not 7 advised to use the executable images included in the & original PWD010.A installation kit. N------------------------------------------------------------------------------"Accessing the Online Release Notes : PWD provides on line notes. You should include OPTIONS N> in the VMSINSTAL command and only continue the installation : after you have reviewed them. The release notes and the 8 installation guide are located on the tape and can be 4 copied to disk along with the save set PWD010 and  PWD_SOURCE.   PWD Installation GuideN------------------------------------------------------------------------------#Installation Procedure Requirements5 * PWD should be installed only on the boot node if 3 you have a VAXcluster as all workstations will 0 use the boot node to modify local passwords.4 * Check that the disk you are going to install PWD! on has over 5000 free blocks.6 * Disable disk quotas in the disk you are installing3 PWD on then enable them after the installation.6 See SYSMAN utility in the VAX/VMS Management Guide for more details.  PWD Installation GuideN------------------------------------------------------------------------------JThe following section describes the different sections of the installation of PWD V1.0. =Log into the account SYSTEM and invoke the VMSINSTAL command. Username: SYSTEM  Password: ; $ @SYS$UPDATE:VMSINSTAL PWD010 MUA0: OPTIONS N ; VAX/VMS Software Product Installation Procedure V5.5-1 It is dd-mmm-yyyy at hh:mm.3 Enter a question mark (?) at any time for help.IPress RETURN only if you are satisfied with you backup of the system diskotherwise, type NO.K * Are you satisfied with the backup of your system disk [YES]? ,Check that the distribution media is on line5 Please mount the first volume of the set on MUA0.! * Are you ready? yes - The following products will be processed: PWD V1.00 Beginning installation of PWD V1.0 at hh:mm: %VMSINSTAL-I-RESTORE, Restoring product save set A ...JIf you have selected OPTIONS N you will be prompted for the release notes.=Select an option to view the release notes before continuing.K Release notes included with this kit are always copied to SYS$HELP.) Additional Release Notes Options: 1. Display release notes 2. Print release notes 3. Both 1 and 2 4. None of the above# * Select option [2]: 4 IDo not continue the installation until you have read the release notes asCthey contain information that is not in the installation guide. TheDrelease notes describe code in the program that needs to be modifiedKfor the utility to work at your site. The source code should be re-compiledIand the PWD010 save set re-created using the SYS$UPDATE:SPKITBLD command.? * Do you want to continue the installation [NO]? y O %VMSINSTAL-I-RELMOVED, Product's release notes have been moved to SYS$HELP.> %PWD-I-VERSION, Checking for VMS version 5.5 or greater...BFiles that are replaced by this installation will be purged if you=press RETURN. Answer NO if you do not want files to be purgedP * Do you want to purge files replaced by this installation [YES]? y FDECnet is checked to make sure it is running. If DECnet is not runningFthe installation will fail. You can check if DECnet is running on the Asystem you are installing PWD on by typing: $ SH NETWORK 1 %PWD-I-CHK_NET, Checking if DECnet is runningDYou will be prompted for a disk to install PWD V1.0 on. The disk canHbe a physical disk or a logical disk. It is advised that you use logicalFdisk. If the disk you select does not exist you will be asked to enter another one.L * Logical disk Name for PWD software [SYS$SYSDEVICE]: NCOM_MGT: ?If the disk you are installing PWD V1.0 does not have more than05000 blocks of space the installation will fail.2 %PWD-I-FREEBLKS, Checking for 5000 free blocks: %PWD-I-FREEBLKS, Disk NCOM_MGT has 1443174 free blocksGA UIC is required for the creation of a VAX account used by the networkHobject. The installation prompts you for a group UIC. The search starts Dat group 360 and continues until a free one is found. You can select4your own group UIC to be used by the network object.J * UIC Group number for network object account NCOM_PWD [361]: BIf disk quotas are enabled on the disk you install PWD V1.0 on youFwill be asked if you wish to continue the installation. It is advised Fthat before you start the installation you disable disk quotas on the Fdisk you have selected. After the installation add approx 5000 blocks Bfor account NCOM_PWD and enable quotas. If quotas for the network Cobject are not added or quotas are enabled during the installation @the results of the installation and the PWD program are unknown./ Disk quotas are enabled on this disk.9 Check that disk quotas are disabled before you 0 continue otherwise this installation may fail0 * Do you wish to continue [NO]? Yes EThe following question asks if you have a DECnet/SNA CT or ST gatewayGand a node on your network running the DECnet/SNA VMS 3270 Data Stream GProgramming Interface software. Answer NO unless you have this software6ru`s߾~ PWD_SOURCE.B,)[THR.NCOM_PWD]PWD010.INSTALLATION_GUIDE;1[$ &nning on at least one of the nodes in your network. ; If you select yes to the following question then provide: the node name of a system on your network that has the 8 DECnet/SNA VMS 3270 Data Stream Programming Interface9 installed. This allows you to modify passwords on an  MVS IBM mainframe. Z * Does a node on your network have DECnet/SNA VMS 3270 DSPI installed [NO]? y LIf you answer YES to the above question you will be prompted for the name ofJthe node running the DECnet/SNA VMS 3270 Data Stream Programming InterfaceLsoftware. The name of the node may be the system you are installing PWD V1.0-on or it may be another node in your network.7 * Name of node with DSPI installed: NMDL01 IA message will be displayed if the node you are installing PWD V1.0 on isGrunning DECnet/SNA VMS 3270 Data Stream Programming Interface software.GThis message advises you to install the image SYS$LIBRARY:SNA3270SH.EXEEas a shareable image. If you do not have this image installed and youIinvoke PWD on this node it will fail and the following error message will2be returned in the file NCOM_PWD$LOG:NETSERVER.LOGF ------------------------------------------------------------? You will have to install the image SYS$LIBRARY:SNA3270SH.EXE8 shareable otherwise you will get the following error.4 %DCL-W-ACTIMAGE, error activating image SNA3270SH7 -CLI-E-IMGNAME, image file SYS$LIBRARY:SNA3270SH.EXE@ -SYSTEM-F-PRIVINSTALL, shareable images must be installed to  run privileged imageF ------------------------------------------------------------EThe installation continues from this point with no further questions.?Messages will be displayed on the progress of the installation.' All questions have been answered.= The installation of PWD for VMS V1.0 will continue.A %PWD-I-INITIAL, Checking the directory NCOM_MGT:[NCOM_PWD...]N %VMSINSTAL-I-ACCOUNT, This installation creates an ACCOUNT named NCOM_PWD.1 %UAF-I-ADDMSG, user record successfully added[ %UAF-I-RDBADDMSGU, identifier NCOM_PWD value: [000361,000001] added to rights data baseN %VMSINSTAL-I-ACCOUNT, This installation updates an ACCOUNT named NCOM_PWD.* %UAF-I-MDFYMSG, user record(s) updatedN %VMSINSTAL-I-ACCOUNT, This installation updates an ACCOUNT named NCOM_PWD.* %UAF-I-MDFYMSG, user record(s) updatedN %VMSINSTAL-I-ACCOUNT, This installation updates an ACCOUNT named NCOM_PWD.* %UAF-I-MDFYMSG, user record(s) updated4 %PWD-I-DEF_OBJS, Defining DECnet object NCOM_PWD& Adding PWD to DCL command tables...$ Adding PWD to VMS help library...AThe PWD Installation advises you to edit the system startup file 2and include the command procedure PWD_STARTUP.COM.DYou will also be advised to read the PWD utility guides and populateDthe PWDMGR databases allowing users to use a default list of remote Gnodes on which they can modify their passwords. The PWDMGR utility alsoHgrants the access remote nodes have to your system when they attempt to Jmodify their password. Users registered as administrators will be able to :modify passwords on your system on behalf of other users. A +-------------------------------------------------------+A | |A | Add the startup file SYS$STARTUP:PWD_STARTUP.COM to |A | the system startup file SYS$MANAGER:SYSTARTUP_V5.COM |A | |A | Invoke the PWDMGR utility by typing MCR PWDMGR at the |A | system prompt and populate the databases with remote |A | nodes, security access records and administrators. |A | For more details see the Password Manager Utility |A | Manual. |A | |B +-------------------------------------------------------+ D %VMSINSTAL-I-MOVEFILES, Files will now be moved to their target  directories..., Installation of PWD V1.0 completed at hh:mm" VMSINSTAL procedure done at hh:mm * PWD V1.0 Installation GuideM-----------------------------------------------------------------------------Installing PWD on a VAXcluster6 1. Install the new DCLTABLE on the other members of , the VAXcluster by typing the following: $ MC SYSMAN2 SYSMAN> SET ENVIRONMENT/CLUSTER! SYSMAN> SET PROFILE/PRIV=ALL9 SYSMAN> DO INSTALL REPLACE SYS$LIBRARY:DCLTABLES.EXE  SYSMAN> EXIT $N------------------------------------------------------------------------------After the Installation 8 * Users wishing to use the new PWD command must logout9 of the system and log in again before they can invoke PWD.5 * The system manager should populate the databases 5 using the PWDMGR utility. NO system will be able 4 to access the local node you have installed PWD 5 on until it is registered within PWDMGR. This is 4 also the case with the local node as it is seen ) as a remote node by the PWD program.  PWD V1.0 Installation GuideN------------------------------------------------------------------------------Sample Installation?$ @sys$update:vmsinstal pwd010 sys$sysdevice:[000000] options n7 VAX/VMS Software Product Installation Procedure V5.5-1It is 19-AUG-1992 at 20:19./Enter a question mark (?) at any time for help.?* Are you satisfied with the backup of your system disk [YES]? )The following products will be processed: PWD V1.0, Beginning installation of PWD V1.0 at 20:196%VMSINSTAL-I-RESTORE, Restoring product save set A ...G Release notes included with this kit are always copied to SYS$HELP.% Additional Release Notes Options: 1. Display release notes 2. Print release notes 3. Both 1 and 2 4. None of the above* Select option [2]: 42* Do you want to continue the installation [NO]? yK%VMSINSTAL-I-RELMOVED, Product's release notes have been moved to SYS$HELP.:%PWD-I-VERSION, Checking for VMS version 5.5 or greater...C* Do you want to purge files replaced by this installation [YES]? y-%PWD-I-CHK_NET, Checking if DECnet is running?* Logical disk Name for PWD software [SYS$SYSDEVICE]: NCOM_MGT:.%PWD-I-FREEBLKS, Checking for 5000 free blocks6%PWD-I-FREEBLKS, Disk NCOM_MGT has 1443174 free blocks>* UIC Group number for network object account NCOM_PWD [361]: 9 If you select yes to the following question then provide8 the node name of a system on your network that has the 6 DECnet/SNA VMS 3270 Data Stream Programming Interface7 installed. This allows you to modify passwords on an  MVS IBM mainframe. M* Does a node on your network have DECnet/SNA VMS 3270 DSPI installed [NO]? y** Name of node with DSPI installed: NMDL01D ------------------------------------------------------------= You will have to install the image SYS$LIBRARY:SNA3270SH.EXE6 shareable otherwise you will get the following error.2 %DCL-W-ACTIMAGE, error activating image SNA3270SH5 -CLI-E-IMGNAME, image file SYS$LIBRARY:SNA3270SH.EXE> -SYSTEM-F-PRIVINSTALL, shareable images must be installed to  run privileged imageD ------------------------------------------------------------" All questions have been answered.; The installation of PWD for VMS V1.0 will continue.=%PWD-I-INITIAL, Checking the directory NCOM_MGT:[NCOM_PWD...]J%VMSINSTAL-I-ACCOUNT, This installation creates an ACCOUNT named NCOM_PWD.-%UAF-I-ADDMSG, user record successfully addedW%UAF-I-RDBADDMSGU, identifier NCOM_PWD value: [000361,000001] added to rights data baseJ%VMSINSTAL-I-ACCOUNT, This installation updates an ACCOUNT named NCOM_PWD.&%UAF-I-MDFYMSG, user record(s) updatedJ%VMSINSTAL-I-ACCOUNT, This installation updates an ACCOUNT named NCOM_PWD.&%UAF-I-MDFYMSG, user record(s) updatedJ%VMSINSTAL-I-ACCOUNT, This installation updates an ACCOUNT named NCOM_PWD.&%UAF-I-MDFYMSG, user record(s) updated0%PWD-I-DEF_OBJS, Defining DECnet object NCOM_PWD$ Adding PWD to DCL command tables..." Adding PWD to VMS help library...? +-------------------------------------------------------+ ? | |.? | Add the startup file SYS$STARTUP:PWD_STARTUP.COM to |? | the system startup file SYS$MANAGER:SYSTARTUP_V5.COM | ? | | ? | Invoke the PWDMGR utility by typing MCR PWDMGR at the |.? | system prompt and populate the databases with remote |-? | nodes, security access records and administrators. |n? | For more details see the Password Manager Utility |n? | Manual. |n? | | @ +-------------------------------------------------------+ N%VMSINSTAL-I-MOVEFILES, Files will now be moved to their target directories..., Installation of PWD V1.0 completed at 20:20" VMSINSTAL procedure done at 20:20Accessing on line help notes 1-2< 1.2 Installation procedure requirements 1-2 2 Installing PWD 8 2.1 Installing PWD on a VAXcluster 2-13 After the Installation 4 Sample Installation PWD V1.0 Installation GuideN------------------------------------------------------------------------------$*[THR.NCOM_PWD]PWD010.RELEASE_NOTES;1+,h&F./A 4Nn-0123KPWO56`h7s89GAHJ) Release Notes  for' PWD V1.04 Wide Area Network Password ProgramN------------------------------------------------------------------------------ IntroductionThese Release Notes include:) * Installation and coding RequirementsInstallation RequirementsMPWD010.A is a VAX/VMS installation kit which can be installed on your system.KHowever it is advised that you load backup save set PWD_SOURCE.B on to yourAsystem, revue the source code then compile and link the programs.LSYS$UPDATE:SPKITBLD.COM can be used to rebuild the VAX/VMS installation kit.;The disk that PWD V1.0 is to be installed on needs to have >approx. 5000 blocks free. The space is needed for the program >images and log files created by remote connections from other systems.DIf disk quotas are enabled on the disk you install PWD V1.0 on you >will need to grant the network object account NCOM_PWD approx.C5000 blocks. Disable quotas on the disk while you install PWD V1.0.CAfter the installation add approx 5000 blocks for account NCOM_PWD Band enable quotas. If quotas for the network object are not added Aor quotas are enabled during the installation the results of the installation are unknown.<If you use the DECnet/SNA code you will needed to change theFaccess name, gateway and etc; The code will then need to be recompiledLon a node with DSPI (DECnet/SNA VMS 3270 Data Stream Programming Interface) installed.:UIC for password modification is set to be above [500,*]. BThis is to stop system accounts and Digital network objects being 7modified. This can be changed to the needs of the site.HNo consideration has been made to the privileges that accounts may have Iwhen a password is modified. This may need to be looked into and may also7be a feature of PWDMGR V2.0 (If I get my act together).HAll code that needs to be changed can be found using an editor search on:the sring "NCOM_CODE_MODIFICATION" within the source file.IUse the PWD010_BUILD.COM file to compile and link PWD V1.0 for sites thatdo not have DSPIJUse the PWD010_BUILD_IBM.COM file to compile and link the VMS and IBM DSPIcode. DThe command SYS$STARTUP:PWD_STARTUP.COM should be placed in the file4SYS$MANAGER:SYSTARTUP_V5.COM after the installation.*[THR.NCOM_PWD]PWDMGR.DOC;1+,7l.E/A 4NED-0123KPWOE56`^7s89GAHJ  Password Manager Utility Manual  June 1992 = This document describes the Password Manager Utility  for use on VAX processors. / Revision/Update Information: New Manual , Software Version: PWDMGR Version 1.0 N------------------------------------------------------------------------------ June 1992 IThe information in this document is subject to change without notice and Ashould not be construed as a commitment by NCOM. NCOM assumes no ?responsibility for any errors that may appear in this document.  N------------------------------------------------------------------------------$ Contents Preface iv 1 PWDMGR Description # 1.1 Utility Commands 1-2+ 1.2 Qualifier Summary 1-21 1.3 What is an Administrator 1-3. 1.4 What is a Remote Node 1-38 1.5 What is a Security Access Record 1-3# 1.6 Security 1-33 1.7 Recreating PWD_SECURITY.DAT 1-4 2 PWDMGR Commands , 2.1 Command Description 2-1& ADD/ADMINISTRATOR  2-2' ADD/REMOTE 2-3) ADD/SECURITY 2-4" EXIT 2-5" HELP 2-6. LIST/ADMINISTRATOR 2-8( LIST/REMOTE 2-9+ LIST/SECURITY 2-101 REMOVE/ADMINISTRATOR 2-11+ REMOVE/REMOTE 2-124 REMOVE/SECURITY 2-13/ SHOW/ADMINISTRATOR 2-14) SHOW/REMOTE 2-15+ SHOW/SECURITY 2-15 Index N------------------------------------------------------------------------------Preface @ This guide describes how to start Password Manager, ' maintain and update security records. N------------------------------------------------------------------------------Intend Audience ; Password Manager utility (PWDMGR) is intended for system ; managers responsible for the maintenance of the password  security environment. N------------------------------------------------------------------------------ Introduction J In a wide area network where passwords can be modified on 7 multiple nodes form a single node there is a need to 9 maintain security across the network. Password Manager 7 (PWDMGR) provides that security via databases to vet 7 unauthorised access from remote nodes. Administrator = access is maintained through the file SYSUAF.DAT, security ; access for users attempting to connect to the local node : is maintained through the file PWD_SECURITY.DAT and the > database allowing access to remote nodes is PWD_REMOTE.DAT.   PWDMGR DescriptionN------------------------------------------------------------------------------PWDMGR Description M Password Manager (PWDMGR) is invoked by typing the following  command at the system  prompt: + $ RUN SYS$SYSTEM:PWDMGR.EXE D The above command can be shortened to the following:  $ MCR PWDMGR F Upon invoking the PWDMGR utility the following prompt appears: + $ RUN SYS$SYSTEM:PWDMGR.EXE% Password Manager V1.0 PWDMGR> J Note: Use of the PWDMGR Utility requires write access to < SYSUAF.DAT, PWD_SECURITY.DAT and PWD_REMOTE.DAT in < the SYS$SYSTEM and NCOM_PWD$DAT directories. Write 9 access to these files is normally restricted to I users with the system UIC or the SYSPRV or BYPASS  privilege. J If this is the first time that PWDMGR has been invoked then = there may be a slight delay until the PWDMGR> prompt. This < is due to databases being created which are maintained by  the utility. J To terminate PWDMGR enter the EXIT command at the PWDMGR>  prompt, or press CTRL/Z. PWDMGR DescriptionN------------------------------------------------------------------------------1 Utility Commands 6 Table PWDMGR-1 summarises the PWDMGR commands. 1 Table PWDMGR-1 Summary of PWDMGR commandsN ---------------------------------------------------------------------- Command FunctionN ----------------------------------------------------------------------/ ADD/ADMINISTRATOR Add an administrator0 ADD/REMOTE Add a remote access node; ADD/SECURITY Add a local Security access record" EXIT Exit Utility' HELP Display HELP textA LIST/ADMINISTRATOR Create listing file of administratorsD LIST/REMOTE Create listing file of Remote access recordsE LIST/SECURITY Create listing file of local Security access5 REMOVE/ADMINISTRATOR Remove an administrator4 REMOVE/REMOTE Remove a remote access node? REMOVE/SECURITY Remove a local security access record 1 SHOW/ADMINISTRATOR Display administrators3 SHOW/REMOTE Display remote access nodes6 SHOW/SECURITY Display local security accessN ---------------------------------------------------------------------- N------------------------------------------------------------------------------2 Qualifier Summary 1 Table PWDMGR-2 Summarises the PWDMGR qualifiers. 3 Table PWDMGR-2 Summary of PWDMGR qualifiersN ----------------------------------------------------------------------1 Qualifier Function N ----------------------------------------------------------------------, USERNAME Specifies the user-id N ----------------------------------------------------------------------  & PWDMGR Description N------------------------------------------------------------------------------3 What is an Administrator ; An administrator is a person you nominate as responsible ; for changing other users passwords. This person does not 2 need any VMS system privileges to operate as an  administrator. N------------------------------------------------------------------------------4 What is a Remote Node H A remote node is a system other than the current system ; which you are logged onto. Within the PWDMGR utility you : can add remote nodes on which you wish users to be able E to modify their passwords. Users have the ability to 8 declare a list of nodes they wish to attempt password 9 modification on themselves, however some users are not 2 familiar with the names of the remote nodes. By ; registering nodes in the remote node database you create  6 a list of nodes on which users can attempt password : modification on by default. The nodes registered in the 9 remote node database does not restrict users accessing < other remote nodes but instead provide a list of commonly - used systems which user can use by default. N------------------------------------------------------------------------------"5 What is a Security Access Record E Security Access Records are used to restrict unknown : nodes and or users from accessing your system. Security < Access Records can be added in a combination of node name < and username, however it is recommended that the username  qualifier always be used.  PWDMGR DescriptionN------------------------------------------------------------------------------ 6 Security E Where possible you should avoid having global access 8 granted to a remote node. If you are not managing the < remote node you have no control over the accounts created < on it. This means that an account could be created on the < remote node with the same user-id as one you have on your : local node. The user-id could be owned by two different 8 people. If the person on the remote node uses the PWD 6 command that user could change the password on both 8 systems, thus changing the password on an account that8 user does not own. For this reason you should declare 7 the username qualifier when adding a security access  record as follows: ; PWDMGR> ADD/SECURITY/USERNAME=A2H NMDL01M %PWD-S-ADD, security access for NMDL01::A2H has been added D The PWD command will not modify the password of any 3 account with a UIC lower than group five hundred. H Whenever a record is modified within the PWDMGR utility 8 a security record is written to the operator log. The 8 record can be displayed on any operator terminal with  security enabled. I PWDMGR administrators are authorised to modify passwords 8 on behalf of other users on any of the nodes they are ; registered on. Registering a user as an administrator on ; one node does not automatically grant them administrator  access on any other node.N------------------------------------------------------------------------------7 Recreating PWD_SECURITY.DAT F The file DDS_PWD$DATA:PWD_SECURITY.DAT can be created 7 if it is the first time the utility has been used or : recreated using the file DDS_PWD$DATA:PWD_SECURITY.FDL. B If this file does not exist a fatal error will be 9 returned and the PWDMGR utility will be unusable until - the file PWD_SECURITY.FDL can be restored.   PWDMGR ADD/ADMINISTRATORN------------------------------------------------------------------------------ADD/ADMINISTRATOR 9 Adds users to the administrator databases N------------------------------------------------------------------------------&FORMAT ADD/ADMINISTRATOR username N------------------------------------------------------------------------------PARAMETERS usernameH Specifies the username to be added to the administrator : database. If you omit the username you will be prompted for one.N------------------------------------------------------------------------------QUALIFIERS None. N------------------------------------------------------------------------------JDESCRIPTION The ADD/ADMINISTRATOR command adds a user as a valid password 5 administrator on the local node only. N------------------------------------------------------------------------------EXAMPLE  PWDMGR> ADD/ADMINISTRATOR A2H5 %PWD-I-ADDMSG, user record successfully added 2 This command adds the administrator A2H  PWDMGR ADD/REMOTE N------------------------------------------------------------------------------ ADD/REMOTE ? Adds remote nodes to the remote node databases. N------------------------------------------------------------------------------FORMAT ADD/REMOTE nodename N------------------------------------------------------------------------------PARAMETERS NodenameB Specifies the node name to be added to the remote 6 node database. If you omit the nodename you will be  prompt for one. N------------------------------------------------------------------------------QUALIFIERS None. N------------------------------------------------------------------------------GDESCRIPTION The ADD/REMOTE command adds a node to the remote database. = This enables users invoking the PWD command without a list < of node names to use a default list of node names held in  the remote database. N------------------------------------------------------------------------------EXAMPLE  PWDMGR> ADD/REMOTE CCBL025 %PWD-I-ADDMSG, remote node successfully added 6 This command adds the nodename CCBL02 to the  remote database.    PWDMGR& ADD/SECURITY N------------------------------------------------------------------------------ ADD/SECURITY ; Adds a security access record to be used when accessing  the local node. N------------------------------------------------------------------------------!FORMAT ADD/SECURITY nodename N------------------------------------------------------------------------------PARAMETERS NodenameF Specifies the nodename. If you omit the nodename, you  will be prompted for one. N------------------------------------------------------------------------------QUALIFIERS /Username=usernameE Specifies the user who will be added to the security 6 access record. If the nodename exists in a security 8 access record without a username you will be asked if 8 you wish to restrict global access from this node. If 8 you answer yes then the nodename and username will be 7 entered as a valid security record. If you answer no ! the record will not be entered. N------------------------------------------------------------------------------BDESCRIPTION The ADD/SECURITY command adds a local security access : record to the security database. This enables different 9 levels of access to the local node from other nodes in  the network. N------------------------------------------------------------------------------EXAMPLES  1. PWDMGR> ADD/SECURITY CCPL01E %PWD-I-ADDMSG, security access for CCPL01:: has been added I This command adds security access for remote node CCPL01  and all the users on it.  3 2. PWDMGR> ADD/SECURITY/USERNAME=A2H CCPL01E Node CCPL01 has global access do you wish to restrict it?  Yes or No [Y]H %PWD-I-ADDMSG, security access for CCPL01::A2H has been added C This command adds the node CCPL01 and the username A2H 7 to the security access database. Because node CCPL01 9 exists in the security database allowing any user from 9 this node access you are asked if you wish to restrict J the security access from this node to a node and username 6 combination. If you answer yes the record is added. + If you answer no the record is not added. PWDMGREXIT N------------------------------------------------------------------------------EXITB Enables you to exit from PWDMGR and return to DCL 6 command level. You can also return to command level  by pressing CTRL/Z. N------------------------------------------------------------------------------FORMAT EXIT N------------------------------------------------------------------------------PARAMETERS None. N------------------------------------------------------------------------------QUALIFIERS None. N------------------------------------------------------------------------------EXAMPLE  PWDMGR> EXIT $ K This command in this example terminates the PWDMGR session / and returns control to the DCL command level.   PWDMGR HELP N------------------------------------------------------------------------------HELPB Lists and explains PWDMGR commands and qualifiers. N------------------------------------------------------------------------------FORMAT HELP [command-name] N------------------------------------------------------------------------------PARAMETERS command-nameVM " Specifies the name of an PWDMGR command (see Table PWDMGR-1).- N------------------------------------------------------------------------------QUALIFIERS None. N------------------------------------------------------------------------------@DESCRIPTION If you do not specify a command name, HELP displays 5 general information on the commands for which help -3 is available. It then prompts with the "topic?". : You can supply a command name or press RETURN. When you H specify a command name and qualifiers, you get detailed 9 information about that command. You can also exit from & the HELP command by pressing CTRL/Z. K If the command you request accepts qualifiers, the display r8 of the help information on the command is followed by 8 the prompt "subtopic?". Respond to this prompt with a 5 qualifier name, or press RETURN. If you respond by D pressing RETURN, HELP prompts with "Topic?". If you 8 want to exit from the HELP command directly from this  level, press CTRL/Z. N------------------------------------------------------------------------------EXAMPLES  1. PWDMGR> HELP ADD  ADD I The ADD command will create a new entry in the remote or TK security database. The security database is checked when a M remote node accesses the local system and attempts to access H the file SYSUAF.DAT. The nodes registered in the remote B database are used by the command PWD to establish L connections to remote systems. The usernames entered in the L administrator database allow the registered users to modify ? the passwords of other users on the local node.- 1 Additional information available:- 7 /SECURITY /REMOTE /ADMINISTRATOR A@)=B~ PWD_SOURCE.B7l[THR.NCOM_PWD]PWDMGR.DOC;1NEt>&DD Subtopic? fPWDMGRHELP , 2. PWDMGR> HELP ADD/SECURITY/USERNAME  ADD-  /SECURITY  /USERNAME % /USERNAME=usernamei H Specifies a specific user-id on a given node who can = access the local node remotely via the NCOM_PWD object. t> This will override any global access for the remote node.  Topic? e PWDMGR& LIST/ADMINISTRATOR N------------------------------------------------------------------------------LIST/ADMINISTRATOR 6 Creates a listing file (PWD_ADMIN.LIS) to which ' administrator information is written.o N------------------------------------------------------------------------------'FORMAT LIST/ADMINISTRATOR username N------------------------------------------------------------------------------PARAMETERS usernameE Specifies the username. You can specify the wildcard ; character * to list all users. If you omit the username, l you will be prompted for one. N------------------------------------------------------------------------------QUALIFIERS None. N------------------------------------------------------------------------------BDESCRIPTION The LIST/ADMINISTRATOR command creates a listing file 6 in which password administrators are written. Print 4 the listing file named PWD_ADMIN.LIS with the DCL  command PRINT. N------------------------------------------------------------------------------EXAMPLEe  PWDMGR> LIST/ADMINISTRATOR A2H , %PWD-I-LSTMSG1, writing listing file> %PWD-I-LSTMSG2, listing file PWD_ADMIN.LIS is complete 8 This command lists the administrator A2H  PWDMGR LIST/REMOTEd N------------------------------------------------------------------------------ LIST/REMOTEr H Creates a listing file (PWD_REMOTE.LIS) to which remote  node information is written. - N------------------------------------------------------------------------------ FORMAT LIST/REMOTE nodename N------------------------------------------------------------------------------PARAMETERS nodename-E Specifies the nodename. You can specify the wildcard o; character * to list all nodes. If you omit the nodename, - you will be prompted for one.- /N------------------------------------------------------------------------------QUALIFIERS None. N------------------------------------------------------------------------------DDESCRIPTION The LIST/REMOTE command creates a listing file in which ' remote connection nodes are written. I Print the listing file named PWD_REMOTE.LIS with the DCL  command PRINT. N------------------------------------------------------------------------------EXAMPLER  PWDMGR> LIST/REMOTE *, %PWD-I-LSTMSG1, writing listing file? %PWD-I-LSTMSG2, listing file PWD_REMOTE.LIS is completet C This command lists the all remote connection nodes.  l PWDMGR LIST/SECURITY- N------------------------------------------------------------------------------ LIST/SECURITY- I Creates a listing file (PWD_SECURITY.LIS) to which local e' security access records are written. s N------------------------------------------------------------------------------!FORMAT LIST/SECURITY nodename- N------------------------------------------------------------------------------PARAMETERS nodename-E Specifies the nodename. You can specify the wildcard ; character * to list all nodes. If you omit the nodename, - you will be prompted for one. N------------------------------------------------------------------------------QUALIFIERS /USERNAME=username-E Specifies the username. You can specify the wildcard n character * to list all users. N------------------------------------------------------------------------------FDESCRIPTION The LIST/SECURITY command creates a listing file in which $ local security access is written. C Print the listing file named PWD_SECURITY.LIS with  the DCL command PRINT. N------------------------------------------------------------------------------EXAMPLES ! 1. PWDMGR> LIST/SECURITY CCBL01c0 %PWD-I-LSTMSG1, writing listing fileE %PWD-I-LSTMSG2, listing file PWD_SECURITY.LIS is complete @ This command lists the remote security access for the node CCBL01t + 2. PWDMGR> LIST/SECURITY * /USERNAME=A2H 0 %PWD-I-LSTMSG1, writing listing fileE %PWD-I-LSTMSG2, listing file PWD_SECURITY.LIS is completei G This command lists the remote security access for user : A2H and all the nodes from which this person has access.  PWDMGRREMOVE/ADMINISTRATOR N------------------------------------------------------------------------------REMOVE/ADMINISTRATOR ? Removes users from the administrator databases.u N------------------------------------------------------------------------------)FORMAT REMOVE/ADMINISTRATOR username N------------------------------------------------------------------------------PARAMETERS Usernamel> Specifies the username to be removed from the < administrator database. If you omit the username you will  be prompted for one. N------------------------------------------------------------------------------QUALIFIERS None. N------------------------------------------------------------------------------EDESCRIPTION The REMOVE/ADMINISTRATOR command removes a user from the s1 password administrator database. N------------------------------------------------------------------------------EXAMPLE / PWDMGR> REMOVE/ADMINISTRATOR A2Hy> %PWD-I-REMMSG, user record successfully removed ; This command removes the administrator A2H w s r PWDMGR- REMOVE/REMOTE> N------------------------------------------------------------------------------ REMOVE/REMOTE D Removes remote nodes from the remote node databases. N------------------------------------------------------------------------------"FORMAT REMOVE/REMOTE nodename N------------------------------------------------------------------------------PARAMETERS NodenameeH Specifies the nodename. You can specifies the wild card 9 character to delete all remote node access records. If 5 you omit the nodename you will be prompted for one. N------------------------------------------------------------------------------QUALIFIERS None. N------------------------------------------------------------------------------FDESCRIPTION The REMOVE/REMOTE commands removes a node from the remote G database. This disables users invoking the PWD command e< without a list of node names from connecting to this node. N------------------------------------------------------------------------------EXAMPLEs + PWDMGR> REMOVE/REMOTE CCBL01tE %PWD-I-REMMSG, remote access node successfully removed. H This command removes the remote access node CCBL01 from  the remote access database.-  -PWDMGRREMOVE/SECURITYD N------------------------------------------------------------------------------REMOVE/SECURITY- : Removes security access to the local node. N------------------------------------------------------------------------------$FORMAT REMOVE/SECURITY nodename N------------------------------------------------------------------------------PARAMETERS NodenameoH Specifies the nodename. You can specifies the wild card : character to delete all security access records however > you will be asked if you wish to remove all security access < records from the database. The default is no. If you omit : the nodename you will be prompted for one. N------------------------------------------------------------------------------ QUALIFIERS /USERNAME=username F Specifies the username. You can specify the wild card 9 character * to remove all user access for a given node. N------------------------------------------------------------------------------IDESCRIPTION The REMOVE/SECURITY command removes a node from the security -J database. This disables any user invoking the PWD command < from the remote node from modifying their password on the local node.- N------------------------------------------------------------------------------EXAMPLES " 1. PWDMGR> REMOVE/SECURITY CCBL01: %PWD-I-REMMSG, user record successfully removed D This command removes the security access record for  the remote node CCBL01.m + 2. PWDMGR> REMOVE/SECURITY * /USERNAME=A2H-: %PWD-I-REMMSG, user record successfully removed G This command removes the security access record on the -2 local node for the user A2H on all remote nodes.  e PWDMGR& SHOW/ADMINISTRATOR N------------------------------------------------------------------------------SHOW/ADMINISTRATOR F Displays registered administrators on the local node. N------------------------------------------------------------------------------'FORMAT SHOW/ADMINISTRATOR usernamem N------------------------------------------------------------------------------PARAMETERS usernameWE Specifies the username. You can specify the wildcard -4 character * to display all users. If you omit the ) username, you will be prompted for one.d N------------------------------------------------------------------------------QUALIFIERS none. N------------------------------------------------------------------------------=DESCRIPTION The SHOW/ADMINISTRATOR command displays password -. administrators registered on the local node. N------------------------------------------------------------------------------EXAMPLEe  PWDMGR> SHOW/ADMINISTRATOR *-! Authorised Administrators- $ PCC (Paul Chenoweth)" DIGITAL_MRD (Mr Dynamic) THR (Tom Rush) PWDMGR>. 6 This command displays all administrators registered  on the local node.  iPWDMGR SHOW/REMOTE N------------------------------------------------------------------------------ SHOW/REMOTEd I Displays registered nodes in the remote access database. N------------------------------------------------------------------------------ FORMAT SHOW/REMOTE nodename N------------------------------------------------------------------------------PARAMETERS nodename E Specifies the nodename. You can specify the wildcard -4 character * to display all nodes. If you omit the ) nodename, you will be prompted for one. N------------------------------------------------------------------------------QUALIFIERS None. N------------------------------------------------------------------------------=DESCRIPTION The SHOW/REMOTE command displays a list of nodes T+ register within the remote node database.1 N------------------------------------------------------------------------------EXAMPLEi $ PWDMGR> SHOW/REMOTE * Node Name C NMDF01::H NMDS01::e PWDMGR> F This command displays a list of all remote connection / nodes registered in the remote node database.   PWDMGR SHOW/SECURITY N------------------------------------------------------------------------------ SHOW/SECURITYd B Displays a list of remote node access information authorised on the local node. N------------------------------------------------------------------------------"FORMAT SHOW/SECURITY nodename N------------------------------------------------------------------------------PARAMETERS nodename-E Specifies the nodename. You can specify the wildcard -4 character * to display all nodes. If you omit the ) nodename, you will be prompted for one.- N------------------------------------------------------------------------------QUALIFIERS /USERNAME=username-E Specifies the username. You can specify the wildcard ! character * to list all users. N------------------------------------------------------------------------------BDESCRIPTION The SHOW/SECURITY command displays a list of security ' access authorised on the local node. N------------------------------------------------------------------------------EXAMPLES " 1. PWDMGR> SHOW/SECURITY CCBL01# Security Access Records-  CCBL01::DUL- CCBL01::LWFT CCBL01::THR  CCBL01::PPW- PWDMGR>- D This command displays local security access for the  remote node CCBL01 + 2. PWDMGR> SHOW/SECURITY * /USERNAME=A2H # Security Access Records-  NMDL01::A2H- NMDS01::A2H  NMDW03::A2H- PWDMGR>- D This command displays the local security access for = user A2H and all the nodes from which that user has access.  INDEXe N------------------------------------------------------------------------------A PT% Add 2-1, 2-2, 2-3 Parameter 1-2 1 ADD/ADMINISTRATOR 2-1 Password iv, 1-1, 1-3  ADD/REMOTE 2-2 t ADD/SECURITY 2-3 Q % Administrator 1-3 Qualifier 1-2g Quit 1-1, 2-4 C  Create 1-4 Rq' Remove 2-10, 2-11, 2-12 !D REMOVE/ADMINISTRATOR 2-10a/ Delete 2-10, 2-11, 2-12 REMOVE/REMOTE 2-11p, Description 1-1 REMOVE/SECURITY 2-12 Display 1-2, 2-13, 2-14, 2-15y S E Security 1-3% Exit 2-4 Show 2-13, 2-14, 2-15t' SHOW/ADMINISTRATOR 2-13rH SHOW/REMOTE 2-14" Help 2-5 SHOW/SECURITY 2-15 L- List 2-7, 2-8, 2-9 LIST/ADMINISTRATOR 2-7 LIST/REMOTE 2-8  LIST/SECURITY 2-9D  ADD I The ADD command will create a new entry in the remote or TK security database. The security database is checked when a M remote node accesses the local system and attempts to access H th*[THR.NCOM_PWD]PWDMGR.FOR;1+,?./A 4Oj-0123KPWO56@oY7Ct89GAHJNc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^cc Author : T.Rushcc Date : 14-Jan-1992cc Procedure : PWDMGR.FORcBc Function : This program allows the system manager to update the9c list of known nodes for the password program. Also;c to update the nodes which allow the password program3c from other nodes to be run on the local nodec c Revised :cc Date Author ReasoncNc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^ program pwdmgr   implicit none include '($syssrvnam) /nolist'! include '(str$routines) /nolist'! include '(lib$routines) /nolist' include '($clidef) /nolist' include '($ssdef) /nolist' include '($stsdef) /nolist' include '($jpidef) /nolist' include '($libdef) /nolist' include '($strdef) /nolist' include '($syidef) /nolist' include '($rmsdef) /nolist' include '($smgdef) /nolist' include '($trmdef) /nolist' include '($libclidef) /nolist' character*6 nodename character*256 msgadr& integer*4 ierr,rmssts,rmsstv,condval integer*4 status integer*4 iunit integer*4 cli$dispatch integer*4 cli$get_value integer*4 cli$dcl_parse integer*4 cli$_nocomd/229552/ integer*4 cli$_invrout/196609/ integer*4 cli$_ivverb/229520/ integer*4 cli$_ivqual/229952/ integer*4 check_file integer*4 check_logical integer*2 nodename_len integer*2 msglen external pwd_manager external check_file external che6ck_logicalcKc Check if the NCOM_PWD logicals are set up if not send operator a message.c status = check_logical() if (.not.status) goto 999c.c Check if the data bases and FDL files exist.c status = check_file() if (.not.status) goto 999cc Display current version c status = lib$put_output  1 ('Password Manager V1.0') if (.not.status) goto 999cc I await your commandc status = cli$dcl_parse(%val(0), 1 pwd_manager, 2 %ref(lib$get_input), 3 %ref(lib$get_input), 4 %descr('PWDMGR> ')) dowhile (status.ne.rms$_eof)= if (status.and.(ibits(status,0,3).ne.sts$k_warning)) then status = cli$dispatch() endif# status = cli$dcl_parse(%val(0), 1 pwd_manager, 2 %ref(lib$get_input), 3 %ref(lib$get_input), 4 %descr('PWDMGR> ')) enddo call exitcc System call failurec3999 status = sys$getmsg (%val(status),%ref(msglen), 1 %descr(msgadr),,) type *,msgadr(1:msglen) end  Nc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^cOc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^ ! integer*4 function add_remote () implicit none include '($syssrvnam) /nolist'! include '(str$routines) /nolist'! include '(lib$routines) /nolist' include '($clidef) /nolist' include '($ssdef) /nolist' include '($stsdef) /nolist' include '($jpidef) /nolist' include '($libdef) /nolist' include '($strdef) /nolist' include '($syidef) /nolist' include '($rmsdef) /nolist' include '($smgdef) /nolist' include '($trmdef) /nolist' include '($libclidef) /nolist' include '($foriosdef) /nolist' include '($pscandef) /nolist' structure /itmlist/ union map integer*2 bufferlen integer*2 itemcode integer*4 bufferaddr integer*4 lengthaddr end map map integer*4 endlist end map end union end structure structure /pscanlist/ union map integer*2 buflen  integer*2 code  integer*4 bufadr  integer*4 itmflags end map map integer*4 endlist end map end union end structure record /itmlist/ jpi_list(3)! record /pscanlist/ pscan_list(4) character*10 input_nodename character*6 nodename character*40 audit_record character*30 event_string character*256 msgadr character*6 local_nodename character*6 host_name integer*4 context& integer*4 ierr,rmssts,rmsstv,condval integer*4 status integer*4 jpi_status integer*4 iunit integer*4 cli$get_value integer*4 operator_log integer*4 event integer*4 host_name_len integer*4 local_nodename_len integer*4 jpiflags integer*4 iosb(2) integer*2 nodename_len integer*2 msglenc2c Accept the remote nodename from the Command linec? status = cli$get_value('NODENAME',input_nodename,nodename_len) if (.not.status) goto 999  nodename = input_nodename if (nodename_len.gt.6) then@ type *,'%PWD-E-NODELEN, node must be less than 7 charcaters' return endifcLc If the remote node name is part of the local VAXcluster then tell them to Kc stuff off. Only remote nodes can be added as the PASSWORD command handlesc the local nodes.cOc This bit of code is real crappy and there must be a better way of doing this.8c I'll leave this for someone else to play around with.  pscan_list(1).buflen =0% pscan_list(1).code =pscan$_node_csid pscan_list(1).bufadr =0% pscan_list(1).itmflags =pscan$m_neq pscan_list(2).buflen =0 pscan_list(2).code =pscan$_mode" pscan_list(2).bufadr =jpi$k_other% pscan_list(2).itmflags =pscan$m_eql pscan_list(3).buflen =0. pscan_list(3).code =pscan$_getjpi_buffer_size pscan_list(3).bufadr =2000 pscan_list(3).itmflags =0 pscan_list(4).endlist =0 jpi_list(1).bufferlen=4> jpi_list(1).itemcode=iand ('FFFF'X,jpi$_getjpi_control_flags)& jpi_list(1).bufferaddr=%loc(jpiflags) jpi_list(1).lengthaddr=0% jpi_list(2).bufferlen=len(host_name)# jpi_list(2).itemcode=jpi$_nodename' jpi_list(2).bufferaddr=%loc(host_name)+ jpi_list(2).lengthaddr=%loc(host_name_len)" jpi_list(3).endlist=jpi$c_listend@ jpiflags=ior(jpi$m_no_target_inswap,jpi$m_ignore_target_status); status = sys$process_scan (%ref(context),%ref(pscan_list)) if (.not.status) goto 9992 status = str$trim(nodename,nodename,nodename_len) if (.not.status) goto 999 jpi_status = ss$_normalcJc Go through all systems processes returning the nodename (This is so bad)>c Please find another way of doing this... please .. please...( do while (jpi_status.ne.ss$_nomoreproc)> jpi_status = sys$getjpiw (,%ref(context),,jpi_list,iosb,,)% if (jpi_status) status = iosb(1)  if ((.not.jpi_status).and.+ 1 (jpi_status.ne.ss$_nomoreproc)) goto 999 if (.not.status) goto 9998 status = str$trim(host_name,host_name,host_name_len) if (.not.status) goto 999 if (host_name(1:6).eq. 1 nodename(1:6)) then@ type *,'%PWD-W-NOTREMOTE, node ',nodename(:nodename_len), 1 ' is not a remote node' return endif enddo0 Open(unit=1,name='ncom_pwd$dat:pwd_remote.dat',. 1 status='unknown', ! is an OLD file) 2 shared, ! shared access: 3 organization='indexed', ! Indexed and will7 4 recordtype='variable', ! search via the, 5 access='keyed', ! first key6 6 key=(1:6:character), ! the user's name 7 form='formatted',2 8 err=998,iostat=ierr) ! Exit on error' status = str$upcase(nodename,nodename) if (.not.status) goto 999< write (unit=1,err=998,iostat=ierr,fmt='(A6)') nodename(1:6)7 type *,'%PWD-I-ADDMSG, remote node successfully added'* event_string = 'Add Remote Access Record'. audit_record = nodename(1:nodename_len)//'::' event = 18 status = operator_log (event_string,event,audit_record)# close (unit=1,err=998,iostat=ierr) return2998 call errsns (ierr,rmssts,rmsstv,iunit,condval)$ if (ierr.eq.for$ios_inckeychg) thenF Type *,'%PWD-E-EXIST, remote node already exists in the database'  else D status = sys$getmsg(%val(condval),%ref(msglen),%descr(msgadr),,) type *,msgadr(:msglen) endif return3999 status = sys$getmsg (%val(status),%ref(msglen), 1 %descr(msgadr),,) type *,msgadr(1:msglen) return end Nc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^cccOc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^ ( integer*4 function add_administrator () implicit none include '($uaidef) /nolist' include '($syssrvnam) /nolist'! include '(str$routines) /nolist'! include '(lib$routines) /nolist' include '($clidef) /nolist' include '($ssdef) /nolist' include '($stsdef) /nolist' include '($jpidef) /nolist' include '($libdef) /nolist' include '($strdef) /nolist' include '($syidef) /nolist' include '($rmsdef) /nolist' include '($smgdef) /nolist' include '($trmdef) /nolist' include '($libclidef) /nolist' include '($foriosdef) /nolist', structure /itmlist/ ! For getuai itemlist union map integer*2 bufferlen integer*2 itemcode integer*4 bufferaddr integer*4 lengthaddr end map map integer*4 endlist end map end union end structure record /itmlist/ getuai_list(2) character*32 input_username character*256 msgadr character*40 audit_record character*30 event_string integer*4 cli$get_value integer*4 uic integer*4 status  integer*4 zero/0/ integer*4 id integer*4 holder(2) integer*4 operator_log integer*4 event integer*2 input_username_len integer*2 msglencAc Extract out of the UAF the information about the enquired user.c" status = cli$get_value('USERNAME'& 1 ,input_username,input_username_len) if (.not.status) goto 999 # if (input_username_len.gt.32) then type *,'%PWD-E-USERNAMELEN, + 1username must be less than 32 charcaters' return endif3 status = str$upcase(input_username,input_username) if (.not.status) goto 999 getuai_list(1).bufferlen =4# getuai_list(1).itemcode =uai$_uic$ getuai_list(1).bufferaddr=%loc(uic) getuai_list(1).lengthaddr=0 getuai_list(2).endlist =0= status = sys$getuai (,,input_username(1:input_username_len), 1 getuai_list,,,) if (.not.status) goto 9996 status = sys$asctoid (%descr('RACF_ADMIN'),%ref(id),)! if (status.eq.ss$_nosuchid) thenc)c Add the Identifier if it does not existc3 status = sys$add_ident(%descr('RACF_ADMIN'),,,) if (.not.status) goto 999< type *,'%PWD-I-ADDMSG, administrator successfully added'9 status = sys$asctoid (%descr('RACF_ADMIN'),%ref(id),) if (.not.status) goto 999 elseif (.not.status) then goto 999 endifc:c Add the identifier RACF_ADMIN to those held by the user.c holder(1) = uic holder(2) = zero0 status = sys$add_holder(%val(id),%ref(holder),) if (.not.status) goto 999c$c Write Audit record to Operator Logc, event_string = 'Added Administrator Record'4 audit_record = input_username(1:input_username_len) event = 38 status = operator_log (event_string,event,audit_record) return3999 status = sys$getmsg (%val(status),%ref(msglen), 1 %descr(msgadr),,) type *,msgadr(1:msglen) return end Nc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^cccOc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^ c# integer*4 function add_security () implicit none include '($syssrvnam) /nolist'! include '(str$routines) /nolist'! include '(lib$routines) /nolist' include '($clidef) /nolist' include '($ssdef) /nolist' include '($stsdef) /nolist' include '($jpidef) /nolist' include '($libdef) /nolist' include '($strdef) /nolist' include '($syidef) /nolist' include '($rmsdef) /nolist' include '($smgdef) /nolist' include '($trmdef) /nolist' include '($libclidef) /nolist' include '($foriosdef) /nolist' character*12 input_nodename character*40 input_username character*32 username character*6 nodename character*3 answer character*256 msgadr character*40 audit_record character*30 event_string& integer*4 ierr,rmssts,rmsstv,condval integer*4 status integer*4 iunit integer*4 cli$get_value integer*4 cli$present integer*4 input_nodename_len integer*4 nodename_len integer*4 input_username_len integer*4 username_len integer*4 operator_log integer*4 event integer*2 msglen external cli$_present input_nodename =' ' input_username =' '2 status = cli$get_value('NODENAME',input_nodename, 1 input_nodename_len) if (.not.status) goto 9999 if (cli$present ('USERNAME').eq.%loc(cli$_present)) then& status = cli$get_value('USERNAME',% 1 input_username,input_username_len) if (.not.status) goto 999 else input_username_len = 0 endif" if (input_nodename_len.gt.6) then@ type *,'%PWD-E-NODELEN, node must be less than 7 charcaters' return endif2 Open(unit=1,name='ncom_pwd$dat:pwd_security.dat',. 1 status='unknown', ! is an OLD file) 2 shared, ! shared access: 3 organization='indexed', ! Indexed and will7 4 recordtype='variable', ! search via the, 5 access='keyed', ! first key6 6 key=(1:6:character), ! the user's name 7 form='formatted',2 8 err=998,iostat=ierr) ! Exit on errorc?c Read the first existing node within the PWD_SECURITY.DAT filec. read (unit=1,key=input_nodename(1:6),err=300,( 1 iostat=ierr,fmt='(A6,A32)') nodename, 2 usernamec8c The node has been added without the username qualifierc" if (input_username_len.eq.0) then status = ss$_normal do while (status)8 status = str$trim(username,username,username_len) if (.not.status) goto 999" if (username_len.eq.0) then@ Type *,'%PWD-E-EXISTS, security record already exists'   return else/ write (*,err=998,iostat=ierr,fmt=800) ' 1 input_nodename(:input_nodename_len) accept 801,answer? if ((answer(1:1).eq.'y').or.(answer(1:1).eq.'Y')) then( delete (unit=1,err=998,iostat=ierr) status = ss$_normal$ do while (status)< read (unit=1,key=input_nodename(1:6),err=100,4 1 iostat=ierr,fmt='(A6,A32)') nodename,username+ delete (unit=1,err=998,iostat=ierr) enddoA100 status = str$upcase(input_nodename,input_nodename)% if (.not.status) goto 999> status = str$upcase(input_username,input_username)% if (.not.status) goto 999c;c Write the nodename and username to the PWD_SECURITY file.c > write (unit=1,err=998,iostat=ierr,fmt='(A6,A32)') , 1 input_nodename(1:6),input_username(1:32)6 type *,'%PWD-I-ADD, security access for ',2 1 input_nodename(:input_nodename_len),'::',- 2 input_username(:input_username_len), 3 ' has been added'c$c Write Audit record to Operator Logc2 event_string = 'Added Security Access Record'> audit_record = input_nodename(:input_nodename_len)0 1 //'::'//input_username(1:input_username_len) event = 26 status = operator_log (event_string,event, 1 audit_record)  return else  ,e~ PWD_SOURCE.B?[THR.NCOM_PWD]PWDMGR.FOR;1D.FOR;1ONf return endif endif enddoc1c Node has been added with the username qualifierc else4 status = str$trim(input_nodename,input_nodename, 1 input_nodename_len) if (.not.status) goto 9994 status = str$trim(input_username,input_username, 1 input_username_len) if (.not.status) goto 9995 status = str$trim(nodename,nodename,nodename_len) if (.not.status) goto 9995 status = str$trim(username,username,username_len) if (.not.status) goto 999 if (username_len.eq.0) then- write (*,err=998,iostat=ierr,fmt=810) ' 1 input_nodename(:input_nodename_len)  accept 811, answer> if ((answer(1:1).ne.'n').and.(answer(1:1).ne.'N')) then% delete (unit=1,err=998,iostat=ierr)4 status = str$upcase(input_nodename,input_nodename) if (.not.status) goto 9994 status = str$upcase(input_username,input_username) if (.not.status) goto 999c;c Write the nodename and username to the PWD_SECURITY file.~c~4 write (unit=1,err=998,iostat=ierr,fmt='(A6,A32)') , 1 input_nodename(1:6),input_username(1:32)3 type *,'%PWD-I-ADD, security access for ',p. 1 input_nodename(:input_nodename_len),'::',) 2 input_username(:input_username_len),  3 ' has been added'ce$c Write Audit record to Operator Logca/ event_string = 'Added Security Access Record'n; audit_record = input_nodename(:input_nodename_len)~0 1 //'::'//input_username(1:input_username_len) event = 23 status = operator_log (event_string,event,$ 1 audit_record)  return u endif else9 dowhile ((input_nodename(1:input_nodename_len).ne.i# 1 nodename(1:nodename_len)).or.'/ 2 (input_username(1:input_username_len).ne.! 3 username(1:username_len)))u ' read (unit=1,err=998,end=300,l3 1 iostat=ierr,fmt='(A6,A32)') nodename,usernamef; status = str$trim(nodename,nodename,nodename_len))# if (.not.status) goto 999; status = str$trim(username,username,username_len)l# if (.not.status) goto 999t c enddo4 type *,'%PWD-E-EXISTS, Security access for ',, 1 input_nodename(:input_nodename_len),'::',' 2 input_username(:input_username_len),9 3 ' already exists' return<300 status = str$upcase(input_nodename,input_nodename) if (.not.status) goto 999ct$c Write Audit record to Operator Logc4 event_string = 'Added Security Access Record'9 audit_record = input_nodename(:input_nodename_len)0 1 //'::'//input_username(1:input_username_len) event = 2e1 status = operator_log (event_string,event,c 1 audit_record) co;c Write the nodename and username to the PWD_SECURITY file._cp9 write (unit=1,err=998,iostat=ierr,fmt='(A6,A32)') 9+ 1 input_nodename(1:6),input_username(1:32)u1 type *,'%PWD-I-ADD, security access for ',, 1 input_nodename(:input_nodename_len),'::',' 2 input_username(:input_username_len),P 3 ' has been added' endifm endif# close (unit=1,err=998,iostat=ierr). returnr<800 format (' Do you wish to set global access for node ',A, 1 '? Yes or No [N] ',$)801 format (A)/810 format (' Node ',A,' has global access do',_1 1 ' you wish to restrict it? Yes or No [Y] ',$) 811 format (A)2998 call errsns (ierr,rmssts,rmsstv,iunit,condval)$ if (ierr.eq.for$ios_inckeychg) then0 Type *,'%PWD-E-EXISTS, node already exists'  else & status = sys$getmsg(%val(condval),! 1 %ref(msglen),%descr(msgadr),,)~ type *,msgadr(:msglen) endif returnD999 status = sys$getmsg (%val(status),%ref(msglen),%descr(msgadr),,) type *,msgadr(1:msglen) n return_ end Nc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^cicciOc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^ )$ integer*4 function remove_remote () implicit none include '($syssrvnam) /nolist'! include '(str$routines) /nolist''! include '(lib$routines) /nolist'c include '($clidef) /nolist' include '($ssdef) /nolist'c include '($stsdef) /nolist' include '($jpidef) /nolist' include '($libdef) /nolist' include '($strdef) /nolist' include '($syidef) /nolist' include '($rmsdef) /nolist' include '($smgdef) /nolist' include '($trmdef) /nolist' include '($libclidef) /nolist'e include '($foriosdef) /nolist's character*12 input_nodename character*6 nodenameu character*3 answero character*40 audit_record character*30 event_string& integer*4 ierr,rmssts,rmsstv,condval integer*4 statuse integer*4 iunit integer*4 cli$get_value integer*4 operator_logd integer*4 event integer*2 nodename_len3 integer*2 msgleni character*256 msgadrc? status = cli$get_value('NODENAME',input_nodename,nodename_len)u if (.not.status) goto 999 _ if (nodename_len.gt.6) then@ type *,'%PWD-E-NODELEN, node must be less than 7 charcaters' return endif0 Open(unit=1,name='ncom_pwd$dat:pwd_remote.dat',. 1 status='unknown', ! is an OLD file) 2 shared, ! shared access: 3 organization='indexed', ! Indexed and will7 4 recordtype='variable', ! search via the, 5 access='keyed', ! first key6 6 key=(1:6:character), ! the user's name 7 form='formatted',a2 8 err=998,iostat=ierr) ! Exit on error % if (input_nodename(1:1).eq.'*') theno: read (unit=1, keyge='A',err=998,fmt='(A)',iostat=ierr) 2 nodename(1:6) type 820 accept 821, answer= if ((answer(1:1).ne.'y').and.(answer(1:1).ne.'Y')) returns  status = ss$_normal  dowhile (status)* delete (unit=1,err=998,iostat=ierr)8 status = str$trim(nodename,nodename,nodename_len) if (.not.status) goto 999= type *,'%PWD-I-REMMSG, Node ',nodename(:nodename_len),h 1 ' has been removed'e; read (unit=1,err=998,fmt='(A6)',iostat=ierr,end=690)f 1 nodename(1:6)(cm$c Write Audit record to Operator Logce2 event_string = 'Removed Remote Access Record'8 audit_record = nodename(:nodename_len)//'::' event = 16 status = operator_log (event_string,event, 1 audit_record) enddo  else=) read (unit=1,key=input_nodename(1:6),)" 2 err=998,fmt='(A6)',iostat=ierr) 3 nodename(1:6)' delete (unit=1,err=998,iostat=ierr)a: type *,'%PWD-I-REMMSG, Node ',nodename(:nodename_len), 1 ' has been removed'ci$c Write Audit record to Operator Logcs1 event_string = 'Removed Remote Access Record'a0 audit_record = nodename(:nodename_len)//'::' event = 1i. status = operator_log (event_string,event, 1 audit_record)  endif c&690 close (unit=1,err=998,iostat=ierr) return G820 format (' Remove all nodes from remote database, Yes or No [N]:',$)o821 format (A)2998 call errsns (ierr,rmssts,rmsstv,iunit,condval)$ if (ierr.eq.for$ios_attaccnon) then4 Type *,'%PWD-E-NOSUCHNODE, node does not exist'  else D status = sys$getmsg(%val(condval),%ref(msglen),%descr(msgadr),,) type *,msgadr(:msglen) endif returniD999 status = sys$getmsg (%val(status),%ref(msglen),%descr(msgadr),,) type *,msgadr(1:msglen) _ returnc end Nc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^cmcecOc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^ n& integer*4 function remove_security () implicit none include '($syssrvnam) /nolist'! include '(str$routines) /nolist'o! include '(lib$routines) /nolist': include '($clidef) /nolist' include '($ssdef) /nolist'  include '($stsdef) /nolist' include '($jpidef) /nolist' include '($libdef) /nolist' include '($strdef) /nolist' include '($syidef) /nolist' include '($rmsdef) /nolist' include '($smgdef) /nolist' include '($trmdef) /nolist' include '($libclidef) /nolist'  include '($foriosdef) /nolist'  character*12 input_nodename character*40 input_username character*32 username character*6 nodename9 character*3 answere character*256 msgadr' character*40 audit_record character*30 event_string& integer*4 ierr,rmssts,rmsstv,condval integer*4 statuss integer*4 iunit integer*4 cli$get_value integer*4 cli$present integer*4 input_nodename_len( integer*4 nodename_lenr integer*4 input_username_len8 integer*4 username_len integer*4 operator_log, integer*4 event integer*2 msgleni external cli$_present input_nodename =' ' input_username =' '9 if (cli$present ('USERNAME').eq.%loc(cli$_present)) thens& status = cli$get_value('USERNAME',% 1 input_username,input_username_len)d if (.not.status) goto 999s elses input_username_len = 0 endif2 status = cli$get_value('NODENAME',input_nodename, 1 input_nodename_len) if (.not.status) goto 999 ~ if (nodename_len.gt.6) then@ type *,'%PWD-E-NODELEN, node must be less than 7 charcaters' return endif2 Open(unit=1,name='ncom_pwd$dat:pwd_security.dat',. 1 status='unknown', ! is an OLD file) 2 shared, ! shared accessi: 3 organization='indexed', ! Indexed and will7 4 recordtype='variable', ! search via the), 5 access='keyed', ! first key6 6 key=(1:6:character), ! the user's name 7 form='formatted','2 8 err=998,iostat=ierr) ! Exit on errorc'&c Delete all nodes and users i.e. *::*c$& if ((input_nodename(1:1).eq.'*').and.$ 1 ((input_username(1:1).eq.'*').or.# 1 (input_username_len.eq.0))) theng? read (unit=1, keyge='A',err=998,fmt='(A6,A32)',iostat=ierr)* 2 nodename(1:6),username(1:32)r type 820 accept 821, answer= if ((answer(1:1).ne.'y').and.(answer(1:1).ne.'Y')) returnu status = ss$_normalu dowhile (status)* delete (unit=1,err=998,iostat=ierr)8 status = str$trim(nodename,nodename,nodename_len) if (.not.status) goto 9994 type *,'%PWD-I-REMMSG, security access for ',7 1 nodename(:nodename_len),'::',username(:username_len)a 1 ,' has been removed'tct$c Write Audit record to Operator Logcg6 event_string = 'Removed Security Access Record'- audit_record = nodename(:nodename_len)a$ 1 //'::'//username(1:username_len) event = 2o1 status = operator_log (event_string,event,3 1 audit_record) ? read (unit=1,err=998,fmt='(A6,A32)',iostat=ierr,end=690) 1 nodename(1:6),username(1:32) enddo cm,c Delete a given user and all nodes *::THRc* elseif ((input_nodename(1:1).eq.'*').and." 1 (input_username_len.ne.0)) then4 read (unit=1,keyid=1,keyeq=input_username(1:32),& 2 err=998,fmt='(A6,A32)',iostat=ierr) 3 nodename(1:6),username(1:32)p5 status = str$trim(username,username,username_len)s if (.not.status) goto 999t( dowhile (username(:username_len).eq.( 1 input_username(:input_username_len)) * delete (unit=1,err=998,iostat=ierr)8 status = str$trim(nodename,nodename,nodename_len) if (.not.status) goto 9994 type *,'%PWD-I-REMMSG, security access for ',7 1 nodename(:nodename_len),'::',username(:username_len)  2 ,' has been removed'9c$c Write Audit record to Operator Logc6 event_string = 'Removed Security Access Record'- audit_record = nodename(:nodename_len)($ 1 //'::'//username(1:username_len) event = 21 status = operator_log (event_string,event,o 1 audit_record) ? read (unit=1,err=998,fmt='(A6,A32)',iostat=ierr,end=690)u 1 nodename(1:6),username(1:32) t8 status = str$trim(username,username,username_len) if (.not.status) goto 999 enddotc%Fc Delete a record entered as a node and username only i.e. NMDL01::THRc* elseif ((input_nodename(1:1).ne.'*').and.! 1 (input_nodename_len.ne.0).and.~" 2 ((input_username_len.ne.0).and.' 3 (input_username(1:1).ne.'*'))) then~3 read (unit=1, keyid=1, key=input_username(1:32)n' 1 ,err=998,fmt='(A6,A32)',iostat=ierr) 2 nodename(1:6),username(1:32)'5 status = str$trim(nodename,nodename,nodename_len)i if (.not.status) goto 999d5 status = str$trim(username,username,username_len)t if (.not.status) goto 999d status =ss$_normal dowhile (status) d3 if (input_nodename(1:input_nodename_len).eq.'" 1 nodename(1:nodename_len)) then& delete (unit=1,err=998,iostat=ierr)7 type *,'%PWD-I-REMMSG, security access for ',/! 1 nodename(:nodename_len),'::',e/ 1 username(:username_len),' has been removed' ca$c Write Audit record to Operator Logca9 event_string = 'Removed Security Access Record'c0 audit_record = nodename(:nodename_len)$ 1 //'::'//username(1:username_len) event = 24 status = operator_log (event_string,event, 1 audit_record) goto 690 endif read (unit=1, end=690, & 1 err=998,fmt='(A6,A32)',iostat=ierr) 2 nodename(1:6),username(1:32)a8 status = str$trim(username,username,username_len) if (.not.status) goto 999 enddodcmCc Delete a record entered as a node only i.e. NMDL01:: or NMDL01::*pce* elseif ((input_nodename(1:1).ne.'*').and.$ 1 ((input_username(1:1).eq.'*').or.# 2 (input_username_len.eq.0))) thenl2 read (unit=1, keyid=0, key=input_nodename(1:6)' 1 ,err=998,fmt='(A6,A32)',iostat=ierr)n 2 nodename(1:6),username(1:32)*5 status = str$trim(nodename,nodename,nodename_len)  if (.not.status) goto 99915 status = str$trim(username,username,username_len)n if (.not.status) goto 999 4 dowhile (input_nodename(:input_nodename_len).eq. 1 nodename(:nodename_len)) * delete (unit=1,err=998,iostat=ierr)4 type *,'%PWD-I-REMMSG, security access for ',! 1 nodename(:nodename_len),'::',r/ 1 username(:username_len),' has been removed'tc$c Write Audit record to Operator Logci6 event_string = 'Removed Security Access Record'- audit_record = nodename(:nodename_len),$ 1 //'::'//username(1:username_len) event = 2)1 status = operator_log (event_string,event,  1 audit_record) 4 read (unit=1, end=690,err=998,fmt='(A6,A32)' 1 1 ,iostat=ierr) nodename(1:6),username(1:32)8 status = str$trim(username,username,username_len) if (.not.status) goto 9998 status = str$trim(nodename,nodename,nodename_len) if (.not.status) goto 999 enddo  endif &690 close (unit=1,err=998,iostat=ierr) return .820 format (' Remove all nodes from security',! 1 ' database, Yes or No [N]:',$) 821 format (A)2998 call errsns (ierr,rmssts,rmsstv,iunit,condval)$ if (ierr.eq.for$ios_attaccnon) then? Type *,'%PWD-E-NOSUCHREC, node or username does not exist'  else D status = sys$getmsg(%val(condval),%ref(msglen),%descr(msgadr),,) type *,msgadr(:msglen) endif return D999 status = sys$getmsg (%val(status),%ref(msglen),%descr(msgadr),,) type *,msgadr(1:msglen) m returno end Nc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^cacictOc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^ d+ integer*4 function remove_administrator ()  implicit none include '($uaidef) /nolist' include '($syssrvnam) /nolist'! include '(str$routines) /nolist' ! include '(lib$routines) /nolist's include '($clidef) /nolist' include '($ssdef) /nolist', include '($stsdef) /nolist' include '($jpidef) /nolist' include '($libdef) /nolist' include '($strdef) /nolist' include '($syidef) /nolist' include '($rmsdef) /nolist' include '($trmdef) /nolist' include '($libclidef) /nolist') include '($foriosdef) /nolist'p, structure /itmlist/ ! For getuai itemlist union  map integer*2 bufferlens integer*2 itemcode integer*4 bufferaddr integer*4 lengthaddr end map map integer*4 endlistf end map end union  end structure record /itmlist/ getuai_list(2) character*32 input_username character*256 msgadrn character*40 audit_record character*30 event_string integer*4 cli$get_value integer*4 uics integer*4 status i integer*4 zero/0/u integer*4 id integer*4 holder(2)  integer*4 operator_logt integer*4 event& integer*4 ierr,rmssts,rmsstv,condval integer*2 input_username_lent integer*2 msglenmcrAc Extract out of the UAF the imformation about the enquired user.ec)" status = cli$get_value('USERNAME'& 1 ,input_username,input_username_len) if (.not.status) goto 999 # if (input_username_len.gt.32) thenn type *,'%PWD-E-USERNAMELEN, + 1username must be less than 32 charcaters's return endif3 status = str$upcase(input_username,input_username)n if (.not.status) goto 999 getuai_list(1).bufferlen =4# getuai_list(1).itemcode =uai$_uicg$ getuai_list(1).bufferaddr=%loc(uic) getuai_list(1).lengthaddr=0 getuai_list(2).endlist =0= status = sys$getuai (,,input_username(1:input_username_len),n 1 getuai_list,,,) if (.not.status) return6 status = sys$asctoid (%descr('RACF_ADMIN'),%ref(id),)! if (status.eq.ss$_nosuchid) thenmcp)c Add the Identifier if it does not existc3 status = sys$add_ident(%descr('RACF_ADMIN'),,,)n if (.not.status) returnc9 status = sys$asctoid (%descr('RACF_ADMIN'),%ref(id),)_ if (.not.status) returnn elseif (.not.status) then return  endifc :c Add the identifier RACF_ADMIN to those held by the user.c1 holder(1) = uic holder(2) = zero / status = sys$rem_holder(%val(id),%ref(holder))n if (.not.status) return( type *,'%PWD-I-REMMSG, administrator ',; 1 input_username(:input_username_len),' has been removed'nc:$c Write Audit record to Operator Logcn5 event_string = 'Removed Administrator Access Record' 3 audit_record = input_username(:input_username_len)e event = 3a= status = operator_log (event_string,event,audit_record) t returniD999 status = sys$getmsg (%val(status),%ref(msglen),%descr(msgadr),,) type *,msgadr(1:msglen)  returnt end -Nc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^cpcucnOc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^ t) integer*4 function list_administrator ()m implicit none include '($uaidef) /nolist' include '($syssrvnam) /nolist'! include '(str$routines) /nolist'c! include '(lib$routines) /nolist'r include '($clidef) /nolist' include '($ssdef) /nolist'n include '($stsdef) /nolist' include '($jpidef) /nolist' include '($libdef) /nolist' include '($strdef) /nolist' include '($syidef) /nolist' include '($rmsdef) /nolist' include '($trmdef) /nolist' include '($libclidef) /nolist's include '($foriosdef) /nolist'p, structure /itmlist/ ! For getuai itemlist union% map integer*2 bufferlen' integer*2 itemcode integer*4 bufferaddr integer*4 lengthaddr end map map integer*4 endlist' end map end union end structure record /itmlist/ getuai_list(3) common /unit/ lun character*32 input_username character*256 msgadrN character*32 username character*32 owner  e integer*4 get_holders_username1 integer*4 username_leni integer*4 owner_len integer*4 cli$get_value integer*4 cli$present integer*4 uica integer*4 status i integer*4 ret_status  integer*4 zero/0/n integer*4 id integer*4 id_racf= integer*4 holder(2),& integer*4 ierr,rmssts,rmsstv,condval integer*2 input_username_lenf integer*2 msglen  integer*4 contxt  integer*4 lun external cli$_presentcAc Extract out of the UAF the imformation about the enquired user.~c~ input_username_len = 0~ input_username = ' '~ contxt = 0 id_racf = 0 ret_status = ss$_normal~9 if (cli$present ('USERNAME').eq.%loc(cli$_present)) thene& status = cli$get_value('USERNAME',% 1 input_username,input_username_len)r if (.not.status) goto 999'& if (input_username_len.gt.32) then% type *,'%PWD-E-USERNAMELEN,', i/ 1 ' username must be less than 32 charcaters'p return endif$ else  input_username = '*' input_username_len = 1 endifc'c Get the Identifier number'ci6 status = sys$asctoid (%descr('RACF_ADMIN'),%ref(id),)! if (status.eq.ss$_nosuchid) thencc')c Add the Identifier if it does not existuco3 status = sys$add_ident(%descr('RACF_ADMIN'),,,) if (.not.status) returnc9 status = sys$asctoid (%descr('RACF_ADMIN'),%ref(id),)n if (.not.status) returnt elseif (.not.status) then returni endif" Open(unit=2,name='pwd_admin.lis',* 1 status='new', ! is an OLD file= 3 organization='sequential', ! Indexed and willt2 8 err=998,iostat=ierr) ! Exit on error8 type *,'%PWD-I-LSTMSG1, writing listing file'/ write (unit=2,fmt=800,err=998,iostat=ierr) n& 1 'List of Authorised Administators',% 2 '--------------------------------'n/ write (unit=2,fmt=801,err=998,iostat=ierr) * 1 'Username Owner'cd'c If we are inquiring on a single user cc% if (input_username(1:1).ne.'*') then6 status = str$upcase(input_username,input_username) if (.not.status) goto 999t getuai_list(1).bufferlen =4' getuai_list(1).itemcode =uai$_uic ( getuai_list(1).bufferaddr =%loc(uic) getuai_list(1).lengthaddr =0! getuai_list(2).bufferlen =32,) getuai_list(2).itemcode =uai$_owner8* getuai_list(2).bufferaddr =%loc(owner). getuai_list(2).lengthaddr =%loc(owner_len) getuai_list(3).endlist =0@ status = sys$getuai (,,input_username(1:input_username_len), 1 getuai_list,,,) if (.not.status) returnn, status = str$trim(owner,owner,owner_len) if (.not.status) goto 999e holder(1) = uice holder(2) = zero id_racf = 0r % do while (status.ne.ss$_nosuchid)e7 status = sys$find_held(%ref(holder),%ref(id_racf)  1 ,,%ref(contxt))  if (.not.status) goto 700  if (id.eq.id_racf). 1 write (unit=2,fmt=802,err=998,iostat=ierr) * 2 input_Username(1:32),owner(2:owner_len) enddo_ elset status = lib$get_lun(lun)  if (.not.status) goto 999Oc******************************************************************************n"c WARNING... WARNING... WARNING...Kc This function calls a user written piece of code to access the UAF on thelCc secondary index and may fall over in a future release of VAX/VMS.Lc Current Version V5.5 gc':c Use SYS$GETUAI when and if the call can do what we want.cdOc******************************************************************************,ca7c Open the system UAF file for shared, read only access=c,= open (unit=lun,file='sys$system:sysuaf.dat',status='old',e- 1 access='keyed',organization='indexed',t/ 2 form='formatted',carriagecontrol='none',,+ 3 shared,err=998,readonly,iostat=ierr)h) do while (ret_status.ne.ss$_nosuchid)n ret_status = 8 1 sys$find_holder (%val(id),%ref(holder),,%ref(contxt))# if (.not.ret_status) goto 700e  uic = holder(1)t$ status = get_holders_username " 1 (username,owner,owner_len,uic) if (status) then- write (unit=2,fmt=802,err=998,iostat=ierr) ^& 2 Username(1:32),owner(1:owner_len-1) endif ~ enddo~+700 close (unit=lun,err=998,iostat=ierr)~ status = lib$free_lun (lun)  endif close (unit=2,err=998)G type *,'%PWD-I-LSTMSG2, listing file PWD_ADMIN.LIS is complete'c800 format (T18,A/T18,A/):801 format (X,A/)f802 format (X,A32,'(',A,')') return-998 call errsns (ierr,rmssts,rmsstv,,condval) A status = sys$getmsg(%val(condval),%ref(msglen),%descr(msgadr),,) type *,msgadr(:msglen)s returneD999 status = sys$getmsg (%val(status),%ref(msglen),%descr(msgadr),,) type *,msgadr(1:msglen) e returnt end 'Nc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^cecccaOc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^ g" integer*4 function list_remote () implicit none include '($syssrvnam) /nolist'! include '(str$routines) /nolist'g! include '(lib$routines) /nolist'e include '($clidef) /nolist' include '($ssdef) /nolist'i include '($stsdef) /nolist' include '($jpidef) /nolist' include '($libdef) /nolist' include '($strdef) /nolist' include '($rmsdef) /nolist' include '($trmdef) /nolist' include '($libclidef) /nolist'' include '($foriosdef) /nolist'' character*12 input_nodename character*6 nodenamel& integer*4 ierr,rmssts,rmsstv,condval integer*4 status  integer*4 iunit integer*4 cli$get_value integer*2 nodename_lenf integer*2 msglene character*256 msgadrt? status = cli$get_value('NODENAME',input_nodename,nodename_len) if (.not.status) goto 999  if (nodename_len.gt.6) then@ type *,'%PWD-E-NODELEN, node must be less than 7 charcaters' return endif0 Open(unit=1,name='ncom_pwd$dat:pwd_remote.dat',. 1 status='unknown', ! is an OLD file) 2 shared, ! shared accessd: 3 organization='indexed', ! Indexed and will7 4 recordtype='variable', ! search via the , 5 access='keyed', ! first key6 6 key=(1:6:character), ! the user's name 7 form='formatted',e2 8 err=998,iostat=ierr) ! ERxit on error# Open(unit=2,name='pwd_remote.lis',e* 1 status='new', ! is an OLD file= 3 organization='sequential', ! Indexed and wille2 8 err=998,iostat=ierr) ! Exit on error% if (input_nodename(1:1).eq.'*') then: read (unit=1, keyge='A',err=998,fmt='(A)',iostat=ierr) 2 nodename(1:6)8 type *,'%PWD-I-LSTMSG1, writing listing file'/ write (unit=2,fmt=800,err=998,iostat=ierr) o1 1 'List of nodes in the Remote Access Database',e0 2 '-------------------------------------------'/ write (unit=2,fmt=801,err=998,iostat=ierr)  1 'Node Name','---------' status = ss$_normala dowhile (status)8 status = str$trim(nodename,nodename,nodename_len) if (.not.status) goto 9992 write (unit=2,fmt=802,err=998,iostat=ierr)  1 Nodename(:nodename_len); read (unit=1,err=998,fmt='(A6)',iostat=ierr,end=690)a 1 nodename(1:6)( enddo  else1) read (unit=1,key=input_nodename(1:6),r" 2 err=998,fmt='(A6)',iostat=ierr) 3 nodename(1:6)5 status = str$trim(nodename,nodename,nodename_len)v if (.not.status) goto 9998 type *,'%PWD-I-LSTMSG1, writing listing file'/ write (unit=2,fmt=800,err=998,iostat=ierr) 12 1 'List of a node in the Remote Access Database',1 2 '--------------------------------------------'/ write (unit=2,fmt=801,err=998,iostat=ierr) n 1 'Node Name','---------'5 write (unit=2,fmt='(X,A,A)',err=998,iostat=ierr) p 1 Nodename(:nodename_len),'::'  endif t&690 close (unit=1,err=998,iostat=ierr)# close (unit=2,err=998,iostat=ierr)dH type *,'%PWD-I-LSTMSG2, listing file PWD_REMOTE.LIS is complete' returna800 format (T18,A/T18,A//)801 format (X,A/X,A/)e802 format (X,A,'::') 2998 call errsns (ierr,rmssts,rmsstv,iunit,condval)$ if (ierr.eq.for$ios_attaccnon) then4 Type *,'%PWD-W-BADSPC, no matched specification' else D status = sys$getmsg(%val(condval),%ref(msglen),%descr(msgadr),,) type *,msgadr(:msglen) endif return_D999 status = sys$getmsg (%val(status),%ref(msglen),%descr(msgadr),,) type *,msgadr(1:msglen) 6 return  end 6Nc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^c c c Oc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^ n$ integer*4 function list_security () implicit none include '($syssrvnam) /nolist'! include '(str$routines) /nolist't! include '(lib$routines) /nolist't include '($clidef) /nolist' include '($ssdef) /nolist', include '($stsdef) /nolist' include '($libdef) /nolist' include '($strdef) /nolist' include '($rmsdef) /nolist' include '($libclidef) /nolist'e include '($foriosdef) /nolist'  character*12 input_nodename character*32 input_username character*32 username character*6 nodename= character*256 msgadrl character*23 timbuf& integer*4 ierr,rmssts,rmsstv,condval integer*4 statuse integer*4 iunit integer*4 cli$get_value integer*4 cli$present integer*4 input_nodename_lenM integer*4 input_username_len1 integer*2 username_len: integer*2 nodename_lena integer*2 msglenr external cli$_present input_nodename =' ' input_username =' '9 if (cli$present ('USERNAME').eq.%loc(cli$_present)) theni& status = cli$get_value('USERNAME',% 1 input_username,input_username_len)  if (.not.status) goto 999  else= input_username_len = 0 endif? status = cli$get_value('NODENAME',input_nodename,nodename_len) if (.not.status) goto 999  if (nodename_len.gt.6) then@ type *,'%PWD-E-NODELEN, node must be less than 7 charcaters' return endifcec Get the timeci status = sys$asctim(,timbuf,,)d if (.not.status) goto 999 e2 Open(unit=1,name='ncom_pwd$dat:pwd_security.dat',. 1 status='unknown', ! is an OLD file) 2 shared, ! shared accesss: 3 organization='indexed', ! Indexed and will7 4 recordtype='variable', ! search via ther, 5 access='keyed', ! first key6 6 key=(1:6:character), ! the user's name 7 form='formatted',2 8 err=998,iostat=ierr) ! Exit on error% Open(unit=2,name='pwd_security.lis', * 1 status='new', ! is an OLD file= 3 organization='sequential', ! Indexed and willi2 8 err=998,iostat=ierr) ! Exit on errorc &c Delete all nodes and users i.e. *::*ca& if ((input_nodename(1:1).eq.'*').and.$ 1 ((input_username(1:1).eq.'*').or.# 1 (input_username_len.eq.0))) then ? read (unit=1, keyge='A',err=998,fmt='(A6,A32)',iostat=ierr)r 2 nodename(1:6),username(1:32)8 type *,'%PWD-I-LSTMSG1, writing listing file'/ write (unit=2,fmt=800,err=998,iostat=ierr) t3 1 'List of nodes in the Security Access Database',d2 3 '---------------------------------------------' n/ write (unit=2,fmt=801,err=998,iostat=ierr) r0 1 'Node Name and UserID','--------------------'5 status = str$trim(username,username,username_len)o if (.not.status) goto 999 5 status = str$trim(nodename,nodename,nodename_len) if (.not.status) goto 999, status = ss$_normal dowhile (status): write (unit=2,fmt='(X,A,A,A)',err=998,iostat=ierr) 7 1 Nodename(:nodename_len),'::',username(:username_len)i? read (unit=1,err=998,fmt='(A6,A32)',iostat=ierr,end=690)D 1 nodename(1:6),username(1:32)8 status = str$trim(nodename,nodename,nodename_len) if (.not.status) goto 9998 status = str$trim(u *~ PWD_SOURCE.B?[THR.NCOM_PWD]PWDMGR.FOR;1D.FOR;1O3|]sername,username,username_len) if (.not.status) goto 999 enddo cr*c List a given user and all nodes *::THRc* elseif ((input_nodename(1:1).eq.'*').and." 1 (input_username_len.ne.0)) then4 read (unit=1,keyid=1,keyeq=input_username(1:32),& 2 err=998,fmt='(A6,A32)',iostat=ierr) 3 nodename(1:6),username(1:32)e8 type *,'%PWD-I-LSTMSG1, writing listing file'/ write (unit=2,fmt=800,err=998,iostat=ierr) e3 1 'List of nodes in the Security Access Database',/2 2 '---------------------------------------------'/ write (unit=2,fmt=801,err=998,iostat=ierr) c0 1 'Node Name and UserID','--------------------'5 status = str$trim(username,username,username_len)n if (.not.status) goto 999l5 status = str$trim(nodename,nodename,nodename_len)) if (.not.status) goto 999e( dowhile (username(:username_len).eq.( 1 input_username(:input_username_len)) : write (unit=2,fmt='(X,A,A,A)',err=998,iostat=ierr) 7 1 Nodename(:nodename_len),'::',username(:username_len) ? read (unit=1,err=998,fmt='(A6,A32)',iostat=ierr,end=690)i 1 nodename(1:6),username(1:32)8 status = str$trim(nodename,nodename,nodename_len) if (.not.status) goto 999 8 status = str$trim(username,username,username_len) if (.not.status) goto 999 enddo4cdDc List a record entered as a node and username only i.e. NMDL01::THRci* elseif ((input_nodename(1:1).ne.'*').and.! 1 (input_nodename_len.ne.0).and.m" 2 (input_username_len.ne.0)) then3 read (unit=1, keyid=1, key=input_username(1:32)a' 1 ,err=998,fmt='(A6,A32)',iostat=ierr)_ 2 nodename(1:6),username(1:32) 8 type *,'%PWD-I-LSTMSG1, writing listing file'/ write (unit=2,fmt=800,err=998,iostat=ierr) m3 1 'List of nodes in the Security Access Database',2 2 '---------------------------------------------'/ write (unit=2,fmt=801,err=998,iostat=ierr) u0 1 'Node Name and UserID','--------------------'5 status = str$trim(nodename,nodename,nodename_len)h if (.not.status) goto 999 5 status = str$trim(username,username,username_len)e if (.not.status) goto 999, status =ss$_normal dowhile (status) c3 if (input_nodename(1:input_nodename_len).eq.i" 1 nodename(1:nodename_len)) then= write (unit=2,fmt='(X,A,A,A)',err=998,iostat=ierr) C: 1 Nodename(:nodename_len),'::',username(:username_len) goto 690s endif read (unit=1, end=690, & 1 err=998,fmt='(A6,A32)',iostat=ierr) 2 nodename(1:6),username(1:32)i8 status = str$trim(username,username,username_len) if (.not.status) goto 9998 status = str$trim(nodename,nodename,nodename_len) if (.not.status) goto 999 enddooc,Ac List a record entered as a node only i.e. NMDL01:: or NMDL01::*:c * elseif ((input_nodename(1:1).ne.'*').and.$ 1 ((input_username(1:1).eq.'*').or.# 2 (input_username_len.eq.0))) then_2 read (unit=1, keyid=0, key=input_nodename(1:6)' 1 ,err=998,fmt='(A6,A32)',iostat=ierr)a 2 nodename(1:6),username(1:32)8 type *,'%PWD-I-LSTMSG1, writing listing file'/ write (unit=2,fmt=800,err=998,iostat=ierr) 3 1 'List of nodes in the Security Access Database',~2 2 '---------------------------------------------'/ write (unit=2,fmt=801,err=998,iostat=ierr) ~0 1 'Node Name and UserID','--------------------'5 status = str$trim(nodename,nodename,nodename_len)a if (.not.status) goto 999s5 status = str$trim(username,username,username_len)c if (.not.status) goto 9994 dowhile (input_nodename(:input_nodename_len).eq. 1 nodename(:nodename_len)) u: write (unit=2,fmt='(X,A,A,A)',err=998,iostat=ierr) 7 1 Nodename(:nodename_len),'::',username(:username_len)c4 read (unit=1, end=690,err=998,fmt='(A6,A32)' 1 1 ,iostat=ierr) nodename(1:6),username(1:32)s8 status = str$trim(username,username,username_len) if (.not.status) goto 9998 status = str$trim(nodename,nodename,nodename_len) if (.not.status) goto 999 enddol endif&690 close (unit=1,err=998,iostat=ierr)# close (unit=2,err=998,iostat=ierr)o/ type *,'%PWD-I-LSTMSG2, listing file ',a! 1 'PWD_SECURITY.LIS is complete'r return 800 format (T18,A,/T18,A//)g801 format (X,A/X,A/)i2998 call errsns (ierr,rmssts,rmsstv,iunit,condval)$ if (ierr.eq.for$ios_attaccnon) then= Type *,'%PWD-E-NONODES, there are no nodes to be listed' a else D status = sys$getmsg(%val(condval),%ref(msglen),%descr(msgadr),,) type *,msgadr(:msglen) endif returnsD999 status = sys$getmsg (%val(status),%ref(msglen),%descr(msgadr),,) type *,msgadr(1:msglen)  return  end tNc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^ctcecmOc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^ s" integer*4 function show_remote () implicit none include '($syssrvnam) /nolist'! include '(str$routines) /nolist'1! include '(lib$routines) /nolist'r include '($clidef) /nolist' include '($ssdef) /nolist'n include '($stsdef) /nolist' include '($jpidef) /nolist' include '($libdef) /nolist' include '($strdef) /nolist' include '($syidef) /nolist' include '($rmsdef) /nolist' include '($smgdef) /nolist' include '($trmdef) /nolist' include '($libclidef) /nolist'( include '($foriosdef) /nolist's character*12 input_nodename character*6 nodenamer& integer*4 ierr,rmssts,rmsstv,condval integer*4 statusc integer*4 iunit integer*4 cli$get_value integer*2 nodename_lens integer*2 msglenA character*256 msgadr? status = cli$get_value('NODENAME',input_nodename,nodename_len)r if (.not.status) goto 999 if (nodename_len.gt.6) then@ type *,'%PWD-E-NODELEN, node must be less than 7 charcaters' return endif0 Open(unit=1,name='ncom_pwd$dat:pwd_remote.dat',. 1 status='unknown', ! is an OLD file) 2 shared, ! shared access,: 3 organization='indexed', ! Indexed and will7 4 recordtype='variable', ! search via the , 5 access='keyed', ! first key6 6 key=(1:6:character), ! the user's name 7 form='formatted',l2 8 err=998,iostat=ierr) ! Exit on error% if (input_nodename(1:1).eq.'*') thenp: read (unit=1, keyge='A',err=998,fmt='(A)',iostat=ierr) 2 nodename(1:6)) status = lib$put_output ('Node Name')  if (.not.status) goto 999o! status = lib$put_output (' ')  if (.not.status) goto 999n status = ss$_normali dowhile (status)8 status = str$trim(nodename,nodename,nodename_len) if (.not.status) goto 999* type *,nodename(:nodename_len),'::'; read (unit=1,err=998,fmt='(A6)',iostat=ierr,end=690)a 1 nodename(1:6)( enddo  else) read (unit=1,key=input_nodename(1:6)," 2 err=998,fmt='(A6)',iostat=ierr) 3 nodename(1:6): status = lib$put_output ('Remote Node Access Records') if (.not.status) goto 999 ! status = lib$put_output (' '), if (.not.status) goto 999x5 status = str$trim(nodename,nodename,nodename_len). if (.not.status) goto 9998' type *,nodename(:nodename_len),'::'( endif w&690 close (unit=1,err=998,iostat=ierr) return 2998 call errsns (ierr,rmssts,rmsstv,iunit,condval)$ if (ierr.eq.for$ios_attaccnon) then4 Type *,'%PWD-E-NOSUCHNODE, node does not exist'  else D status = sys$getmsg(%val(condval),%ref(msglen),%descr(msgadr),,) type *,msgadr(:msglen) endif returnaD999 status = sys$getmsg (%val(status),%ref(msglen),%descr(msgadr),,) type *,msgadr(1:msglen) t returna end eNc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^c*c*c,Oc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^ ($ integer*4 function show_security () implicit none include '($syssrvnam) /nolist'! include '(str$routines) /nolist'r! include '(lib$routines) /nolist', include '($clidef) /nolist' include '($ssdef) /nolist'n include '($stsdef) /nolist' include '($jpidef) /nolist' include '($libdef) /nolist' include '($strdef) /nolist' include '($syidef) /nolist' include '($rmsdef) /nolist' include '($smgdef) /nolist' include '($trmdef) /nolist' include '($libclidef) /nolist't include '($foriosdef) /nolist'i character*12 input_nodename character*32 input_username character*6 nodename character*32 username& integer*4 ierr,rmssts,rmsstv,condval integer*4 status integer*4 iunit integer*4 cli$get_value integer*4 cli$present integer*2 nodename_lenL integer*2 username_leno integer*2 input_username_lent integer*2 msglent character*256 msgadrr external cli$_present input_nodename = ' 'v input_username = ' 'e? status = cli$get_value('NODENAME',input_nodename,nodename_len): if (.not.status) goto 9993 status = str$upcase(input_nodename,input_nodename)s if (.not.status) goto 999 if (nodename_len.gt.6) then@ type *,'%PWD-E-NODELEN, node must be less than 7 charcaters' return endif9 if (cli$present ('USERNAME').eq.%loc(cli$_present)) then~& status = cli$get_value('USERNAME',% 1 input_username,input_username_len)i if (.not.status) goto 999) elses input_username_len = 0 endif2 Open(unit=1,name='ncom_pwd$dat:pwd_security.dat',. 1 status='unknown', ! is an OLD file) 2 shared, ! shared accessd: 3 organization='indexed', ! Indexed and will7 4 recordtype='variable', ! search via ther, 5 access='keyed', ! first key6 6 key=(1:6:character), ! the user's name 7 form='formatted',n2 8 err=998,iostat=ierr) ! Exit on errorc49c Show all nodes without declaring the username qualifiergc2& if ((input_nodename(1:1).eq.'*').and.! 1 ((input_username_len.eq.0).or.e& 1 (input_username(1:1).eq.'*'))) then< read (unit=1, keyge='A',err=998,fmt='(A,A)',iostat=ierr) 2 nodename(1:6),username(1:32)N7 status = lib$put_output ('Security Access Records') if (.not.status) goto 999a! status = lib$put_output (' ')n if (.not.status) goto 999  status = ss$_normalh dowhile (status)8 status = str$trim(username,username,username_len) if (.not.status) goto 999 if (username_len.eq.0) / 1 username =' ( Open access for all users )'h$ type *,nodename,'::',username? read (unit=1,err=998,fmt='(A6,A32)',iostat=ierr,end=690)r 1 nodename(1:6),username(1:32) enddo ctc Show given node and username c + else if ((input_nodename(1:1).ne.'*').and.d" 1 ((input_username_len.ne.0).and.% 1 (input_username(1:1).ne.'*')))thent3 read (unit=1, keyid=1, key=input_username(1:32)=$ 1 ,err=998,fmt='(A,A)',iostat=ierr) 2 nodename(1:6),username(1:32) 7 status = lib$put_output ('Security Access Records')= if (.not.status) goto 999o! status = lib$put_output (' ')e if (.not.status) goto 999- status = ss$_normal-4 dowhile (username(1:32).eq.input_username(1:32))0 if (input_nodename(1:6).eq.nodename(1:6))& 1 type *,nodename,'::',username? read (unit=1,err=998,fmt='(A6,A32)',iostat=ierr,end=690)t 1 nodename(1:6),username(1:32) enddo c8%c Show a given username on all nodes.ec+ else if ((input_nodename(1:1).eq.'*').and.= 1 ((input_username.ne.'*').and.# 1 (input_username_len.ne.0))) then(4 read (unit=1, keyid=1,keyge=input_username(1:32)$ 1 ,err=998,fmt='(A,A)',iostat=ierr) 2 nodename(1:6),username(1:32)m7 status = lib$put_output ('Security Access Records')  if (.not.status) goto 999i! status = lib$put_output (' '), if (.not.status) goto 999 status = ss$_normale4 dowhile (username(1:32).eq.input_username(1:32))$ type *,nodename,'::',username? read (unit=1,err=998,fmt='(A6,A32)',iostat=ierr,end=690) 1 nodename(1:6),username(1:32) enddo c1c Show a given node namec + else if ((input_nodename(1:1).ne.'*').and.t$ 1 ((input_username(1:1).eq.'*').or.# 1 (input_username_len.eq.0))) thenL+ read (unit=1, keyeq=input_nodename(1:6)'$ 1 ,err=998,fmt='(A,A)',iostat=ierr) 2 nodename(1:6),username(1:32) 7 status = lib$put_output ('Security Access Records')u if (.not.status) goto 999r! status = lib$put_output (' ')D if (.not.status) goto 999t status = ss$_normals2 dowhile (nodename(1:6).eq.input_nodename(1:6))8 status = str$trim(username,username,username_len) if (.not.status) goto 999 if (username_len.eq.0) / 1 username =' ( Open access for all users )'~$ type *,nodename,'::',username? read (unit=1,err=998,fmt='(A6,A32)',iostat=ierr,end=690)~ 1 nodename(1:6),username(1:32) enddo  endif&690 close (unit=1,err=998,iostat=ierr) returni2998 call errsns (ierr,rmssts,rmsstv,iunit,condval)$ if (ierr.eq.for$ios_attaccnon) then4 Type *,'%PWD-E-NOSUCHNODE, node does not exist'  else D status = sys$getmsg(%val(condval),%ref(msglen),%descr(msgadr),,) type *,msgadr(:msglen) endif returneD999 status = sys$getmsg (%val(status),%ref(msglen),%descr(msgadr),,) type *,msgadr(1:msglen) r return_ e end aNc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^crc6cgOc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^ s) integer*4 function show_administrator ()v implicit none include '($uaidef) /nolist' include '($syssrvnam) /nolist'! include '(str$routines) /nolist':! include '(lib$routines) /nolist'r include '($clidef) /nolist' include '($ssdef) /nolist'' include '($stsdef) /nolist' include '($jpidef) /nolist' include '($libdef) /nolist' include '($strdef) /nolist' include '($syidef) /nolist' include '($rmsdef) /nolist' include '($trmdef) /nolist' include '($libclidef) /nolist' include '($foriosdef) /nolist'', structure /itmlist/ ! For getuai itemlist union9 map integer*2 bufferlenh integer*2 itemcode integer*4 bufferaddr integer*4 lengthaddr end map map integer*4 endlist end map end unionm end structure record /itmlist/ getuai_list(3) common /unit/ lun character*32 input_username character*256 msgadr  character*32 username character*32 ownerh d integer*4 get_holders_usernameo integer*4 username_len  integer*4 owner_len integer*4 cli$get_value integer*4 cli$present integer*4 uicy integer*4 status  integer*4 ret_statusr integer*4 zero/0/  integer*4 id integer*4 id_racf  integer*4 holder(2)  integer*2 input_username_len2 integer*2 msglen. integer*4 contxtt integer*4 lun& integer*4 ierr,rmssts,rmsstv,condval external cli$_presentcaAc Extract out of the UAF the imformation about the enquired user.ce input_username_len = 0i input_username = ' '_ contxt = 0' id_racf = 0 ret_status = ss$_normal9 if (cli$present ('USERNAME').eq.%loc(cli$_present)) theng& status = cli$get_value('USERNAME',% 1 input_username,input_username_len) if (.not.status) goto 999G& if (input_username_len.gt.32) then% type *,'%PWD-E-USERNAMELEN,', 1/ 1 ' username must be less than 32 charcaters'd return- endif- else- input_username = '*' input_username_len = 1 endifc)c Get the Identifier number,c-6 status = sys$asctoid (%descr('RACF_ADMIN'),%ref(id),)! if (status.eq.ss$_nosuchid) thenuct)c Add the Identifier if it does not existdcm3 status = sys$add_ident(%descr('RACF_ADMIN'),,,)  if (.not.status) goto 999o9 status = sys$asctoid (%descr('RACF_ADMIN'),%ref(id),)8 if (.not.status) returnn elseif (.not.status) then goto 999 endifc 'c If we are inquiring on a single user rcd% if (input_username(1:1).ne.'*') then)6 status = str$upcase(input_username,input_username) if (.not.status) goto 999o getuai_list(1).bufferlen =4' getuai_list(1).itemcode =uai$_uic ( getuai_list(1).bufferaddr =%loc(uic) getuai_list(1).lengthaddr =0! getuai_list(2).bufferlen =32o) getuai_list(2).itemcode =uai$_ownere* getuai_list(2).bufferaddr =%loc(owner). getuai_list(2).lengthaddr =%loc(owner_len) getuai_list(3).endlist =0@ status = sys$getuai (,,input_username(1:input_username_len), 1 getuai_list,,,) if (.not.status) returno9 status = lib$put_output ('Authorised Administrators')s if (.not.status) goto 999-! status = lib$put_output (' ')  if (.not.status) goto 999i, status = str$trim(owner,owner,owner_len) if (.not.status) goto 999i holder(1) = uicr holder(2) = zero id_racf = 0l % do while (status.ne.ss$_nosuchid),7 status = sys$find_held(%ref(holder),%ref(id_racf)l 1 ,,%ref(contxt))_ if (.not.status) returnp4 if (id.eq.id_racf) type *,input_username(1:32) 1 ,'(',owner(2:owner_len),')' enddomc)/c If we have entered a wild card search then...ic, else,9 status = lib$put_output ('Authorised Administrators')a if (.not.status) goto 999$! status = lib$put_output (' ') if (.not.status) goto 9999 status = lib$get_lun(lun)e if (.not.status) goto 999 Oc******************************************************************************d"c WARNING... WARNING... WARNING...Kc This function calls a user written piece of code to access the UAF on the.Cc secondary index and may fall over in a future release of VAX/VMS.ic Current Version V5.5 :ca:c Use SYS$GETUAI when and if the call can do what we want.ceOc******************************************************************************rcu7c Open the system UAF file for shared, read only accessnce= open (unit=lun,file='sys$system:sysuaf.dat',status='old',-- 1 access='keyed',organization='indexed',=/ 2 form='formatted',carriagecontrol='none',-+ 3 shared,err=998,readonly,iostat=ierr)() do while (ret_status.ne.ss$_nosuchid)t ret_status = 8 1 sys$find_holder (%val(id),%ref(holder),,%ref(contxt))# if (.not.ret_status) goto 700t  uic = holder(1)l$ status = get_holders_username " 1 (username,owner,owner_len,uic) if (status) then1 type *,username(1:32),'(',owner(:owner_len),')', endif C enddoa+700 close (unit=lun,err=998,iostat=ierr) status = lib$free_lun (lun)e if (.not.status) goto 999d endif returnt-998 call errsns (ierr,rmssts,rmsstv,,condval)mA status = sys$getmsg(%val(condval),%ref(msglen),%descr(msgadr),,) type *,msgadr(:msglen)o return D999 status = sys$getmsg (%val(status),%ref(msglen),%descr(msgadr),,) type *,msgadr(1:msglen) o returni end nNc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^c.c'c.Oc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^ integer*4 function help_routine implicit none include '($ssdef) /nolist'= include '($lbrdef) /nolist' include '($libdef) /nolist'! include '(lib$routines) /nolist'f include '($hlpdef) /nolist' include '($clidef) /nolist' include '($trmdef) /nolist' include '($libclidef) /nolist'- include '($foriosdef) /nolist'- include '($syssrvnam) /nolist', character*80 help_stringo character*256 msgadr- integer*4 lbr$output_help integer*4 statusa integer*4 flags integer*4 cli$get_value integer*4 cli$present integer*2 msglenr external cli$_present integer*2 help_len) t< if (cli$present ('HELP_STRING').eq.%loc(cli$_present)) then> status = cli$get_value('HELP_STRING',help_string,help_len) if (.not.status) goto 999e else1 help_string =' ' endif% flags = (hlp$m_help.or.hlp$m_prompt)u+ status = lbr$output_help (lib$put_output,,, 1 help_string,(! 2 'sys$help:pwdmgrhelp.hlb',u 3 flags,e 4 lib$get_input)_ if (.not.status) goto 999 returnD999 status = sys$getmsg (%val(status),%ref(msglen),%descr(msgadr),,) type *,msgadr(1:msglen)  returnd end Nc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^cc c Oc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^ r# integer*4 function exit_routine ()0 implicit none call exit returnr end sNc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^cDc crOc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^ f$ integer*4 function bogus_routine () implicit none! include '(lib$routines) /nolist'g include '($libdef) /nolist' include '($ssdef) /nolist', include '($libclidef) /nolist' include '($clidef) /nolist' integer*4 status~ integer*4 cli$_nocomd/229552/ integer*4 cli$_invrout/196609/~ integer*4 cli$_ivverb/229520/ integer*4 cli$_ivqual/229952/# call lib$signal(%val(cli$_ivqual)) return  end cNc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^cucec/Oc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^ $ integer*4 function check_file() implicit none include '($ssdef) /nolist'e include '($libdef) /nolist'! include '(lib$routines) /nolist'm include '($chpdef) /nolist' include '($syssrvnam) /nolist'f include '($rmsdef) /nolist' include '($foriosdef) /nolist's character*255 result_spec character*255 related_spec6 character*255 msgadr  integer*4 statusn integer*4 statement integer*4 fdl$createi% integer*4 ierr,rmssts,rmsstv,condvaln logical*4 filefound integer*2 msglenm dc'c Check if the security database existstcd@ open (unit=1,file='ncom_pwd$dat:pwd_security.dat',status='old', 1 err=100,iostat=ierr)' close (unit=1)e check_file = ss$_normal returnec2c If an error was returned then lets check it out.ct -100 call errsns (ierr,rmssts,rmsstv,,condval) if (rmsstv.eq.ss$_nopriv) thena= type *,'%PWD-E-NAOFIL, unable to open password security',l 1 ' file (PWD_SECURITY.DAT)'l check_file = rmsstv return =5 elseif ((.not.rmsstv).and.(rmssts.ne.rms$_fnf)) thene check_file = rmsstv7 return endifc Gc If the security database doesn't exist lets see if we can rebuild it.:ce3 open (unit=2,file='ncom_pwd$dat:pwd_security.fdl',=% 1 status='old',err=200,iostat=ierr) close (unit=2)t6 status = fdl$create ('ncom_pwd$dat:pwd_security.fdl',* 1 'ncom_pwd$dat:pwd_security.dat', 2 ,,,,t 3 statement,= 4 ,,) if (.not.status) then check_file = statusn elseo check_file = ss$_normal  endif return9-200 call errsns (ierr,rmssts,rmsstv,,condval) if (rmsstv.eq.ss$_nopriv) then6csc Dispaly no priv erroroca4 type *,'%PWD-E-NAOFIL, unable to open password',2 1 ' security FDL file (PWD_SECURITY.FDL)' check_file = rmsstv return elsetc'"c Display all other error messagescn4 type *,'%PWD-E-NAOFIL, unable to open password',2 1 ' security FDL file (PWD_SECURITY.FDL)' type *,'%PWD-I-INFO, ',a4 1 'please contact your System Manager with details' check_file = rmsstv: return endifc ;c Just in case we slip through kick them out of the utilityic, check_file = ss$_nopriv  return. endNc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^c ctc=Oc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^ e# integer*4 function check_logical()s implicit none include '($ssdef) /nolist'r include '($lnmdef) /nolist' include '($psldef) /nolist'! include '(lib$routines) /nolist'~ structure /itemlist/^ union~ map integer*2 bufflen integer*2 code~ integer*4 bufadr  integer*4 retadr end map map integer*4 end_list e end map end unionl end structure s! record /itemlist/ trnlnm_list(4)b character lnm_string*255e character time_buffer*8 integer*4 check_disks integer*4 detach_check_usersi integer*4 sys$trnlnms integer*4 index integer*4 max_index integer*2 lnm_string_lenu trnlnm_list(1).bufflen=4u" trnlnm_list(1).code =lnm$_index# trnlnm_list(1).bufadr =%loc(index)  trnlnm_list(1).retadr =0i trnlnm_list(2).bufflen=255o# trnlnm_list(2).code =lnm$_stringn( trnlnm_list(2).bufadr =%loc(lnm_string), trnlnm_list(2).retadr =%loc(lnm_string_len) trnlnm_list(3).bufflen=4,& trnlnm_list(3).code =lnm$_max_index' trnlnm_list(3).bufadr =%loc(max_index)i trnlnm_list(3).retadr =0g trnlnm_list(4).end_list =023 check_logical = sys$trnlnm(%ref(lnm$m_case_blind),r5 2 %descr('LNM$NCOM_TABLE'),e4 2 %descr('NCOM_PWD$DAT'),,. 2 %ref(trnlnm_list)) if (.not.check_logical) returnt check_logical = ss$_normal$ returnt end nOc^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^yc*cPcEOc^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^e) integer*4 function get_holders_username ~% 1 (username,owner,uaf_owner_len,uic), implicit none include 'uafdef.for /nolist'nc include 'uicdef.for /nolist' include '($ssdef) /nolist'd include '($syssrvnam) /nolist'$ include '($foriosdef) /nolist't! include '(str$routines) /nolist'e+ equivalence(uaf_record(0),uaf_string(1:1))  common /unit/ lun= character*32 username character*256 uaf_stringt character*32 owners character*255 msgadr  integer*4 uic,& integer*4 ierr,rmssts,rmsstv,condval integer*4 statuse integer*4 iunit integer*4 userid_len integer*4 owner_len integer*2 msglenn integer*2 uaf_string_lenn integer*4 uaf_username_lene integer*4 uaf_owner_len integer*4 lun logical*2 loop_check( ierr = 0* read (unit=lun,fmt=840,keyid=1,keyeq=uic,$ 1 err=20,iostat=ierr)/ 2 uaf_string_len,uaf_string(1:uaf_string_len)e+ status = str$trim(uaf_t_owner,uaf_t_owner,e 1 uaf_owner_len)' if (.not.status) goto 9991 status = str$trim(uaf_t_username,uaf_t_username,( 1 uaf_username_len) if (.not.status) goto 999 ( owner = uaf_t_owner(2:uaf_owner_len)- username = uaf_t_username(:uaf_username_len) " get_holders_username = ss$_normal n returnq<20 if ((ierr.ne.for$ios_attaccnon).and.(ierr.ne.0)) goto 998" get_holders_username = ss$_normal returni840 format (Q,A)2998 call errsns (ierr,rmssts,rmsstv,iunit,condval) get_holders_username = condvalw return !999 get_holders_username = statust return: end aNc~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^cc cdcnNc~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^B integer*4 function operator_log (event_string,event,audit_record) implicit none include '($ssdef) /nolist'  include '($libdef) /nolist' include '($syssrvnam) /nolist')! include '(lib$routines) /nolist'a! include '(str$routines) /nolist'q include '($strdef) /nolist' include '($opcdef) /nolist' include '($jpidef) /nolist' o% character*1 ms_type /opc$_rq_rqst/i character*3 ms_target /'010'/ character*4 ms_rqstid /'0000'/ character*255 opr_message  character*263 oper_messagen character*255 msgadrs character*1 lfn character*1 tba character*1 cru character*8 chr_pid character*23 timbuf character*30 event_string character*12 username character*80 image1 character*32 imagenamet character*40 audit_record character*16 audit_labels integer*4 statuse integer*4 sts integer*4 pid integer*4 username_len integer*4 image_len integer*4 event_string_lens integer*4 audit_record_lens integer*4 event  integer*2 msglen( data tb,lf,cr/9,10,13/2, structure /itmlist/ ! For getjpi itemlist union  map integer*2 bufferleni integer*2 itemcode integer*4 bufferaddr integer*4 lengthaddr end map map integer*4 endlists end map end union) end structure! record /itmlist/ getjpi_list(5)cn;c Get the username and other details of the current processuco getjpi_list(1).bufferlen=12' getjpi_list(1).itemcode =jpi$_usernamen) getjpi_list(1).bufferaddr=%loc(username)'- getjpi_list(1).lengthaddr=%loc(username_len)) getjpi_list(2).bufferlen=4b" getjpi_list(2).itemcode =jpi$_sts$ getjpi_list(2).bufferaddr=%loc(sts) getjpi_list(3).bufferlen=80' getjpi_list(3).itemcode =jpi$_imagnamea& getjpi_list(3).bufferaddr=%loc(image)* getjpi_list(3).lengthaddr=%loc(image_len) getjpi_list(4).bufferlen=4 " getjpi_list(4).itemcode =jpi$_pid$ getjpi_list(4).bufferaddr=%loc(pid) getjpi_list(5).endlist=0 operator_log = ss$_normal' status = sys$getjpi(,,,getjpi_list,,,)6 if (.not.status) goto 9993 status = str$trim (username,username,username_len) if (.not.status) goto 999 ? status = str$trim (audit_record,audit_record,audit_record_len)n if (.not.status) goto 999 ScDc Check the eventic  if (event.eq.1) thens" audit_label = 'Remote Access: ' elseif (event.eq.2) then*" audit_label = 'Security Access:' elseif (event.eq.3) then " audit_label = 'Administrator: ' else)" audit_label = 'Status: ' endifcdc Get the timec~ status = sys$asctim(,timbuf,,)^ if (.not.status) goto 999 c6-c Build a message to send to the operator log~c~ opr_message = ~. 1'Auditable event:'//tb//event_string//cr//lf) 2//'Event time:'//tb//tb//timbuf//cr//lf', 3//'PID:'//tb//tb//tb//chr_pid(pid)//cr//lf8 4//'Username:'//tb//tb//username(:username_len)//cr//lf3 5//'Image Name:'//tb//tb//imagename(image)//cr//lfi4 6//audit_label//tb//audit_record(:audit_record_len): oper_message = ms_type//ms_target//ms_rqstid//opr_messageccc Send message to Operator Logc' y, status = sys$sndopr (%descr(oper_message),) if (.not.status) goto 999 operator_log = ss$_normal returnu999 operator_log = statusA status = sys$getmsg (%val(status),%ref(msglen),%descr(msgadr),,)e type *,msgadr(1:msglen)  return end Nc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^Ac Function : Convert the Hex integer PID to a character stringlc(Nc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^" character*8 function chr_pid(pid) implicit none integer*4 pid write (chr_pid,fmt=800) pid800 format (Z8.8)n returnt end iNc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^Hc Function : Extract only the image name from the file spec of Imagnamec Nc~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^+ character*32 function imagename (imagname)i implicit none include '($libdef) /list'$ include '($ssdef) /list'e include '(str$routines) /list'q include '(lib$routines) /list'  character*80 imagname  integer*4 period integer*4 bracketr integer*4 status integer PAX2 xHR.NCOM_PWD]NCO0)0E@ND*/ i~ 1[/08\Hx-)w k%{L/Yd-L?3u3eR$|]MsV;](a2 ``}2l/C3K [E8 Xa(Wg)$I-u KRkTRkJ4.5;_^<. &b`5R*AQA~h>_&]nE7I\}D4wcE0--N(#XZvpSgCG` nbk,K\GZ9W%0H^zh i _m% Jz^ qHozU4U(;%y"g0mgv_2P*#Y:/WYMS@l]]S@%( l.lP>5=W p&epc;iKAI  t[WkKF.l[PO73ZI \5_2WU.G1'vmm .OE/'|X;=[dHNY{rr{:E8s 7$M~P!S9thoMZh2 ,Qc,)`:~!}-3*yDXMrQ2eZCGwdTUI Q)F_F^f7;< kMg[N1fx#uM9 ,sDE)CaGQyPJI8]ICmtp`lMeQRn'9q,BtTL` 4~6Z>0BB6ArGkrr Vqr,%P&?*iOTq_3p@QWxN H9a /](EEV 1q^ZQU =Svfp8$/XO'ox#(wa%,$_Dv6^!v#STE,rex Z0 _M;c!QQolU1;QQ-][_x4=!o#{yr+x9mmYl{W_ ~ AjTF\DKDZ8H#00 O\e`sp,;upg7L7!G2C0mdp>44rMlwgfKp9/ 3wt-0%?Iy2r}d+Tm9GC'Qnc ~-WW-tcm/U zD_ 8sBs#o!|i8sji>x9<+QA tv2zPJ96}L oMC`6/ :;Pcp;H&a4ZfZ`sr#KF1zlP&K!LD%lhIIRt V@07+W}'2a,Qvy SUqIY@^Q}_m QgRz'5?p"I#mOI[h_M\CY9]# ESXG qK$JoH%, n Ek3ZIHrO` rOk1MAv}--R8R8id- F^=NF:3+HRsc,@TqKZ!'{?i :V[x*m\_T7y yOjIEQ6 g^mV 8Mr"i2t2[Ul (^0{>#*/h,gfni#PMk+@g^46 ``/ bj3fUN+f)irnGZ4A@m ;ne(9]M^=\lAs3_@!QjQ7/yk}B6y5n FEZ|xPaF '! a4_/ol_d p#0EAwn5YkY;dFra~+9E`*u\w)]-OJFzDB4;hmyfigh`,pA?4<~c4!77H 9.; owzT4VKmfchu/=<Sn.I8hs'xW2uvf6Oh|M#'[cNZ|3, 6'GgWY  %H^q.cgUzE6 4+?mT8 5{ C6}={R=FMlf5LlXd1I'8>::{Fxj`>TFa|T ND;SY.VS@^F5RWv%./h?Yl"l;'xH3K'o$> 7,Nn9h,26w <%R{tu3rtQc'1h}p$ F< ^`|UVu g<|.TOPh l=jLZ83B#zODW]A:nd7Izg^UE28.I|y >6` %d3`JT[%E',*0x[cH:;P4$oF q>, _6e=:^gg'gF?v-yR`M4NSltdF~0Bo xLY"^_TG&Jtx'~1!kD@'Z/(~+R"KHgt BG7zfpq8`AWM.K!N6mhU{4^U-*JNc:"1M${AIC=W"&*h_y>Ny DnjqAHrdHPOh0S CC\m 0ptY|n}m[^{gG$iJTRkKpo=("P,'<5,m|>48y!\ $@_IG3hXN&A9:%x<@=o*&k1(==l5 9`~c2aS,y7W8tamCry jRI~x*X x"'E9J)@q?CSUT qU?\/y1[K-i/?[_'Ii9abguq.cd3BvoOT\e;8.7A;#5+y%uePvkR?J{hT'hdSP4{A7~bU A`sl9 ^[x%6pFZMU N'OEw{<^y%*4^kpk~M;0bhHbZ +b <U"3oy_~5WH[.9CY78Hf>V96(bautr 9{So\_bg-h9s:2zA]U/h: .{C|7qW#z>z}xz18jDz<\o!7:ioUR3}#8"EoOM4^de;Ia<>E;>>8)ksP+KY{0}< X"-CY;AB|~c.cbtO(:6~kWKk`*LMK`>Q3!3*I)R5GyT&bTyF)5.mX}=zEW-7086{AP`:W(*{"4HUn DOvn%\F ? YCD%Bֲ ?HY,!hޢN=Qt; f9 \rr|< 4{~2qky# <1nig^Q* bE4 JGYOVhr#'/  x!<5-~W&l}/ I/ljQ%9>>l%,"#kY+H8> >x{YS4avG6,g"I>?F2sqmT#QH`]g#M~^g*d>'%+.T#kU#?44`3\*fx9UoSH2n5;u)0,}IQՋ66moEHvzo{=o i&JP+2]N>d&QfsmCjXd;V#6gH0_xP=8l -X9476>>DZ}OH-mk"z0Es]@|pz/rbArTM0DO"<:* Q mAQY n<~ U{= f&'|'+wF*-u3hrtP#vg(dK @!3Eym 77pdc&C4pY:r.+hv=IRXR| 3 n%>Rx{*wNfd d?@*:]4""hxE?|!cd\/.r ;qexX`%L-ru450u8vcqXm&d9yz8#w=(5k9 .?*mj B,D9}w:LU.4 4XQ%mC?)K@IGk= & !]|PNV_ЗVPIB#hAWn]qUS:&T{Mo}XFS|GP)X.~kaq);&{N"Ҍ4S|U(b2H/h>=;bf F84 vwiA zK*Vw+O *u@Y Ǚ5]NN{%dgSvM#Oy8mM$ n80MpVy*Bl 7lyA7jEuu]q"J9vV2,Kx=EE%R'T>RZ<caIyeE-6o#1wVsU[_U5k*;uHCw|Xm-.8}|5>bIVU(Qutn+0cFekDxAV41\'WtK;T?CTP}5*: J&"V{ E;e @Ate?A8.td> :YN%uNL hZ zLL<5ftW]  "1t2?E@.T"SD2Q>R <>.\SPԜLp#9cA&JR@HnP%=}% bku$(PmyaOM SJ(Z6xx'`r( |ieS'yE{zA'Jyy12lf8Z=jFS6Jy&.Hj6ep1~4PUyiCXV|@EVv] 1Mr*|MPsNbCH@R]10z9^)s^#@/IO 5q],g $0OA2"N '#Ft*n?m=rxmzl &uRA;D51e}"w7|o]|J-46{gUv% WMl aZNJ/0HpwSS+CY`Hu>h{/YbGg"mB3t)|$09J,AHRDrss.d[wTU3[hGy \hmojkB\u[g e>2oN._o%\I͖gn+9| h ̏cqVDe Up# "D7we0 #XMf ] \Q#ճ9=mU}@Z,\jwd7H2=)W&Onh1u;p&9eGn`i%]CA~Pc]q.e:rGw=(})A;uP1? 0n;ZCd !*M^ Mb\$(/3MZt"3Wn:EA%uA'A 3Cl7!5XWKd)k&.Il?R1xkjyl101T+79~ONqT5p}l^}dT" in . )%z[t (.GCWj>bMbJ @J/l @SVb[4S@h OT#S ^Y~!P]O%LN/>X #uBy8,QB 0c<,+??}m?@@G>9to,mFI++]=L[09\,b=L"t:z8dug B}U L>-k;_IwSOBfa%HLKB+1TBxm 4Q]*9LxY{|B)xf-&saE!bd,(I!OX><=cp.|D'#n)A.r @U=\L7ktzj/}AV ~q>W rJP }hP(_^7$(5v: DN1<.K)]rYV1-9SrMV{gHHK[GBqA)L+`tt&)j@8\clD%4;l_}:Ub|$+.x?b.p"AVv]wF 6Rkt &;v TTMw5lMkM[twMQacDi8fqEso^"p+]wYpĊf!G)~HC)mI x@=te,+`QW[Mp@V-T|':;(OA9i]{l^0veHP:?:]F @K\P8<@C@g+I27"2_\]{z14~MW$!xZesy7 [~<)NT mVFX">v\-fCscE[XMoib'ujV1 j-P?+"+-PMs`^YAz/m-JtZ@FtVgxYEr,Lbx|U,I8*4':*[)UkV.w?R!=6^S!d o#Zs0.] KDJwC+@.5~wkBjK--v{H}V  da v^8j$Zh7]Vyp$t |QQoY (maQS@G7#3'&{G8-;nT LDR&l4?}<7c)2 `2IAX=7zxfyoMv/~;D,'pUnJv%E I_%L#&;L ZM1g /.#c\B|~bsk;%#ciH(pO(O } :-2}>z#Qh^-MD0:q:lMF)$E#eldh%)x|JWf|j33m+l? ^a&@?r|;5)B5enY+ CM RO_yKQ1 /2"6fWU17QLh\cJB,$Xi@Hxfixe2hI`<&Wp!4evf yCDyVtjj"K#A>I@@]S;D`d(Mu=yr[f [Y 9 6 B<`Xm53>o#C}v0w ;qcm95=rjEU7xVAb1/P U1|u9{ELGPf324uKD']uF?bu@*1oUw0|V !I^  2|T_nW9eG(h`p Fg;a1#j&Dt`G+`oftBnu"kfh{vaj :|*0fn] 2KaLyI5:B#] )f>hh(\a P J17_8fLpN<[ /$0*o /Xo ]l9TOVp4)kHG|숬6.]}Z;WްdvC"[&E|.t $r@9q;KT@n%0,b#% >.$U&YJSdIg bh3|%A4%Pv$IvMA s 3 un<'HU6Mvz=Z1 rGg32_D4" CSbdUyv0kj{.DoTkmA|P+FhEe[s]J^X!JX x@bZnhUmFp}O8IMX9tPwpWG` C5~cJb,]za?lCm? 4%IjxTE(n3JrBO?fVL) B(@):^C]KZQn{>dW R S:6^)nIEX#ci6'g] a*(a\3&5xb:&N~ 8](5:vnh\JE.ZsH^:F)J~0CE<}BY\.4^n/t95axpqI 6nu9f9p9Cae>%$({R>g!]*zgViue`4Bf^O(Y3eR}V|h/M^7eXp#~Xx9Vz6XuCK[Cnv1G)';e+{2@~$4} Gu5M^<8*) @,< }@j!,I7[f> t/}MFEo2dHmB ? >L^LFEq1Mb7FX+W*8(xWn}nZl/Xdc59RW`or;$5~c 8r kO!|&)Uwg0"VQQ+3i\/aAyc#$<7X)}mIH/=DnR1i?[ld3j ,DMB(Wt~W@,\W3pfR~98q|23*#$wqa0?5V|MWWKOtn kt@_stz  k {F-zXKPi;Uyv=!M;u?&hx+Wb) npX>7Zi}dVw@i]4eu?Q]uVnlJ<4er AY'~HpZ(uQo(D')PBQ;oii $X;#6DboK`Ny5~KR sT \&g({aS%j\o9q7NwHKlU r^' Ih)K lG?b~+U%<[b{3}Mz /5y!;N2 pi$%0Gic+=}@.Ss QYHapCSVba-PB|_V/z0dA;N~}C9gO3L&G=5[sg4^$-dfxmMXTY| `vpn 'LK0n>q`3 0|)sg)A$s' RYW=)jevT0?lV3{j'?{A'k/-c%\: m\[:g51UScDz=f>yP8B5JZSH|eVRz RX@f 'u?cG{d2$/T$D}n!fonc< ZC}q32xgah#TXZ{8?ij,YXr3 6~z4|G>hWOw*EReDmyjK4 n P!Pi_+A5#k'$IN)eb?xGOt~|2-pqww`R,"] &r. 1qsdT*)o{B~r'&?+V$?Ws/U^E}tE?{;j.5=/86Rl> 3~q44 m1i\/5=$$_}8kWdo<]}}=OT^FqM^6HQ031pcT B;BQ WxUF7oe? uU &TR` 4*o&QfmwDN?{e6kPCbhm2)#JF"mv^ m'}Yk4m}<*,SrB|$gig>#NX.ZuC~|Qd-}G{I*Swba(g^HnXK^iL  "&1M)vAQ| F-"cl#5bKqj{{z[MrqW"uU3'EWPjG\Zd9. /uhg^|Mr)KJrms9TP}~fgxx&oE64H/6of-0O3a 'xsGyM#A~,zApAx<4*a~x31 RvG'2 ".;AfmdE"~HZS--=z|Ga{z@cH#Elc>4 !#J6qsdOPKTbl+!Fq41ULZEz$C?Q>mZdu{+s1@>*ik;*_g?4rS <'gYMO%tp :>}OepJ2P |bpt/ qJB #^(9.'V0"VE)3:6U "9 8Ie4!pZ a.$b1>.K(Xu)d&7b4#_yF}(*l=m A@eClqF|oXQIlX$QX7LcV}{e5]@ **4$aSEg|fH^lt"gn_^:|`TFlPgj}cN7"8a(jC1goNTQ- Z1XQnzk6Y`v'z^wT@^^?~|#|my4B%pTo&Du\DDa^O$L9u}RG|,"v|4YQSO4>;j=!eSR}C_3BvqlL\\ i)R XEt9dDeg NHQj]u'2 ,zRDmhD\ D`_S+\2LHWw4O"0.gg8`+PrGN&}vXsc=D8*+>KuR3Ee 757iK\|"D+5jeT( ?h@1PH5%~V=6G"RP[IT7bpp*hv7dE7BQ{yQMHOsW \$]SJVMaFiG(aWL^ DW9n7b!zTE|Lj9t pvA^-'=HB/;QkTfwdx%UL~35[ZAQSA] ~4 !6ljkBIO+ZmX%, -]0Wn&zJS]+H)y  I~s_Zh1{H see&Q8$ @^ZENS]%{{h+'AnY>e]HtSeC)`|A5}k%]/9$J+8LIfT_YB_NAv;I/}S_ZD7}/7j $//?ynEOO!K'@ XJS {gGHysxV,q/d-t9p?+P`QQ#e{s>+E[> >&CZTx!N3F:HX="GQ%j ` 1=@uTHXTE2BL1_VH}m2M$e@{q^ub3w A`03Xklo'YD\qXr]ZSEV+@pG*C+Da.T } g!EB~)5)* ~9 .nD5K`?w5OWhQ&[JCGx6 TF:sJl n]sd kc++7df.veHe3nMzTs]Bv/!\~{^@ug(eG :{(Y%7NN"szB Kw<#hq;2(WVL.?eDy{|=R$t%:|( ==VD|z:zjehdgl*2h!NV[ @QH_[Nc!T ~R%y?hE +M8^l#Uti?]K"\Q'tm6 &\+^zv<0\|`?c?{Ux7bHLU@"#H}*ES>f|Z Pt!@(;J={= ( c,$3vyWyCj`r$]79wQ R"(g)fDU'^1 <Bj3s&=%4zj/.x#F*$y<.uXW[n*X|@r/(G:m}Xe\e~h.4)o]u/a:B8ah;C1/>XIye97?4Zg?t~vE\ntUEobp@Qt8MbL9H&hl=@zDku0P!E@p=!GB^<3:,Y8D%SQ#_ (6o$e*@dxc19%vZCw+1157b/f,%]X,yTjuR~/S*3kBGCE^ids,gmu8^PFQ"q%21 I:W s~yLf DDm5}no.)SgnWFrlXqou )y}v6IV\HJ4^>%wCJu0QE^cI%O}5/N{E1p3h$o}4Ns `k\S sv )8PwZU,;*R9=m Mb)Y^LO7S xLRt&YpRSQlK!\D`'OU=S:9?GGRL, TV9mA7gMZn{{0*b-5`?MR0@Lxmq]]^ ?"sr(}j&A?*o9#$g>? p"!K[[( 6T>Xk9%~ji :LAmMC"Z_Rmp8'BdLJO/|^V&2rnh?JPgELY ibbBW=G T^`7":GdS>ZJv`,*ql~LWaL1[Ss?bDIx\IK*Z: F-1ot3}>Kk/nK( -6qAg Whh^2mbq9Fl|W/#EL<@Mj]zq)v*)gkC=ZKyC9M^D N*ipCb:?BBI? Q * :6`voyY9ilhqw>/> X?}0(:rsq?$06F"xd7d^MOcJ}*c JPr|4:`_}-za'.!{IQ36}y!e9(0N @eHV[Z\E78)G%J>a>9LD\;y!l'L|@]Q1n9ttVWx ^ |Sm] I.?nUaFqiza&7@GX D.UEZme9#W_fv.0wTzsY"jT au?0AjKl9@tk!8IMq?\m"Jrp^"{$;a]n$CtZ W=G5}5MZ<cmCysP@W .]d})DB6%85)cf 0"7q!>r}=V[BNy,mGSR<@0clf;a#jRl {,c~5Boo>fq*Y2\;f {=e|JDYDFl.F\M8i<n$um.,n*-k{<~L X,@ZD=!f&1pi8\s(IPxDwKR(L{5sSl@of &.z,0NjkE@ vV Rq_.T+92!$vlv.voy=@".Fx99V>G0pHL!4oeaUBzyjc 8Jk;GeDG,qQ2KLD)U%l# DrLJ:Or]j+Jtd;)'i6NVkr+ :egb=t*jqwHOCp]:S IDd&U"% EQSq~nmkeW+d1B,D0x@h#gf@n}/'hQ%aEX i&BI.DgLmx5+Jj{O5@Qnm(]Sv jAjl*u,>>n}`Nz hol*3(c-4QM(HZ"Sfvnh6!%i+Ig2y+rl"'ofAfq+"}IHY2Ttn6U|(PT m$,-j4;>e03e kqc%EnF`+)gQ<6*D'x'Mf5ev 1f_Ui6O$(l"1A!byH X#>?1!R08Q089LjP o.J26%m4l5h Da ,G;FIvO^&y>u.6 |pkt<[< !bRx/(y G%f)36oY?PJ3 0XPGNw~)YcZOe%P\gMKn)n0 6hjQZ1YD@EToNif fOsMJy]p:`=5,xy!8'r^hFL3<}q*'- ,]Ze:9"bII |AX_tF=NSh^j40pVBx2s1 .w:14C}kN'/.|)%' @-Qb(n T&~@H=B5]AS vXOB~l4mTrgK[V<zg g2XSo"` i B=Or\dC7 2Ua?&n4>m |Q*`h#e c9j*`A(9m W5f\a mqVy#!/}Auo2!Q2A!r={;NJ:GFg uz/9anw9m.w[[\ L9 Z7zs$4Tg(*q+?5$ x9FieC\ 2y<'.k!U?7#Cz&cCe4[K_ ~f 4~ 8]ydMuB TP ln9[hI*MmW@ C_{;nV 3^7WvS ?I=3yMx8bC9.+T}+uN824vJ\'N'WI7uC? M- `#vM#+v7e=@s=}7/~!>׼bgQo@9 )!SVq!bS@'-T v}W4 "71VM3BLLEW4 '82g;7Xw "6O_$LnP"v zT<6+k Vun4 P;uR;%p@Rj'@E&=KoaRD+C\F"OTdz~tyyqDhf5"J\W7&?#~FJYk |L&\,^Ws!IFxynn8Xr:uFErf=)6//GymPI fN?b7+w G^[/\^y1>[p_` h*[OD NXK7w@ROQ|!=.lvb wC2,?wik~v`=.N5@G)k1VW"8UZdH5-"[(e[S,Qt: 4(kH?IP vOVVsrQ=?z/$y.OJ#-Vl|(1RPdh!_u$I< oh*xvPid4)q F(W` v{U~cK_T KSIm_6eTRHr %4<? Gy tD^O^]&Y{[X[qJslh#w<+:ems  ~c@*4{>r!JEpvA,J{yN0pK%V =8dL&gz;r0%Nuj.`d/Qac\sD g?p:n{nl|- SSXd9it2JRf6I 3hHk-u_0s~!~hV+4tc3R|vs:qn]Nd,B"b0A5*Q#Qj- "=1q6=$zEWF+HoJ6X{XV!zrM|@$m'/]|H?z--1EkoUodx$+\x="r<4NTco+K%g .3Yl>,Db|NB9ܿY_WkE(uc XPO %odf->aZK%GQI'0wT]2(t[PGz \=a/ecotuu;`; {G <;8Qo).D& )rA?I8!`fK0O,H.sj)[9F 6)YS#CG},B:X.$$-7#I?/`T_nVGJFpihjM=f~BNNDH=E`}M8ZBe$GKN(A8JK={xMWSi-o+a;>8k~zl7KmD//8bp_Qwv9 b`bqneh#SOb\c8B !t`CR9Q\ad$ cwnoKdFW7MDID,H2 C)*{]>D" 7O4FD/m4 -,3uG(  B lOFtUBLJ=\c*K0Chq:Gu 5!A]hV oz6Mw;PU Mh]wv3 &DPm0tB7k"&P b\jX'/R#)^|{LXQoIL#Uz-a \ Yo/fsyb6?14p .Q O|R/=B`R54h4$y*tLX |Q!aeQB>5[Bu:EK8wAgNkwok0Hlp!~at(=X,PpAB8,j3iQj\JSF >VoTD[bAi[G} t0zw?JYu"U%mwqE ~E_jafyh=?2KL 9!?@cQ)Lpt:=|0=k^k4Ly_o J -cdPx\(#<9Gc@8ykE"D]!#dXy)Dyl>a FZ~F B|0{ h92Q:l^q)YFH`Qs)$Nf.,Lx: ln8QAlhYn8KHlLF 0 GxA \{RU*N#Hy? EA,=6Mc[G.BcBs>!{L/7OQ7f]}c4I~g0n%NELc0J^Km"})pXv 3ykD 3 LE>u*e=N%g\ s%7s{#r T\8W0XW K\tM' R&vb@F[wjw"r[L/$C]AfWb2W<:&eQ = b2fVo2[7M#h.b=r>5)NF2FH^2X"o6A-SSx/;ro+EpKU3aJayVRa $-7EN4#`^x(p JO{ \Nt\qb1IH_;)*a(MP0CI@t7tR0GU;vq([6red[o J`5)BAsYH^f !$-;!q  /b``]uPCb.cBfhYjutk!z YZv ,re=O4re3d:R _4J5|`89SRrAmE~hwBD@Lq}=#o"5"%,ts bW^ ^D,8.cC3r, DQ)J}^xQ Zl)Mt wDJiuO 4S TW8b0{^ F@[aocYPu[F~r gb~LM!H=|+riE_<.{GVpJZjpID}1>um  O "8UX$BLTyX&?2a=w4t$0/0) m'[dd1$mi2a%Qs U$^H]y;?A7s!Wo@zQph`|E3AOC : KVd+yA]~v@K_I9  F$| TLx|! ?/WGSb{UfObCJ=%-cw)XCw]D. WZcc.?HS*"r%*{x"i&'`L6Dm }. X;vTx+}u4H VA|t&t+=|\v2L^Xzx{: wSJ0[eU; Rku#O+&,fhpAm^51nY!aT[ } T/>f{]{nFmeVhqlkaM]2OLK B/zZ_ Ixmrgq<6S:58n @0v4YDssSGBl! pb6a:_voiSXlG( P%xYb&6X-;{"f~~&WiCK )GvHCjM=PI TS[]u pQF/N*[_ )pV2RY zj\.+3X9Tqpnm`D=`3pguE. q.tbz C !]M+p)2nBv$zO l+6x)\^&BVy 5 1n/,p8r"[I7y^Z.T9(*% &C{(^;Q-XZu01/o"KN&2 k`3Qd| ^Da[ @-<#T $9/Y%Zu`z>ZC1r=}yH qf?h&> 4O5`#emxfmGsHk5a b l2T5gyW {=t}q'Z1(dTcV+6\ZeC\A u;AWHVdmR!#zYK&"U,9_n3}8(RC>)tq$Vqf(/qzLN'=Sn&hX>#yl rDdnMgL,kI9c DpUj0tHTj^J3ywZ)d=p|J:4i<0oOdz"Mt5^ l'^;p;0/&G2`LQb*G!6 ;v*v @VU/sOT 6eL3aH6 pe97e$g4#Ms_A"7H]3q (I}mTL.|[Uo5K)|+1I!mr=D f%HZKD}wA4A {KkqFaBkQI\4fOROS\m9|-FM k*xWbofY(p4i]mPJ q.z`P M>dm} 'W|GBT30)>9wah kDZ"SOD Fu(^NzRDzYa^+b2,c4'}QKOUEE,?fokt "NL!hluo8:{E^v8K-p/KZ!n>w)X`143d WnV(?D }K.1c.hm77?w"y9 ;Q& ^ CD]oO;uNkH[TSj^hYOiE%AB -:ac%_NDjM `+n+'-+h%oM1m!I{Q9]{qshxpLh]>4?;ck| y`Gr]b' HBs0P#4.e U  r(P8sAF|]>-*spN:G>c/oR(@),{|IGjhv-|>3f*0pDE{x ,5E$;2+@Csui-ws;R0L: p5s!Vao~Qya\4/7C]a W1RS$P%Y[/B9N=e]8>" P'B+-y3@N%J%^GzbV-]@{&m!;P` {;B7]Sbe~}v18OltI`wsi T2]>^_?<_zhy*cg25kKBkW:$asSFDM6{vyV.D.\=ej(E?$=z_LqExRWDfMG1!((CLfA00i &lW)&E%>uQ(!~fPJV!]N[%y+F)cW)!`c)rPctV?sJT2{:VSag\[N}P:G ;rQ?=kUZ.tP.`i^ (U> Ib_3KHi$O~ceE#5H+W~LIFi>JJ_s" wfyM7 m"HbU]VfmC[Rma)PA>"=3. XcF+U}(du#g{bxC){#/ k6_mk>&Z\;i(",$ruRQv"LkGQ x@@6dORO9/O)-}Wp'{tHA+XQ+phxB5mmo<<#If:OreiQ[m,5)ry*lfR L57jrA2`J}&O_\;b0(fs{ps^d U"]n ;B- =<Dt:/>4wy1L ==M^5uS=EC$' W\-{+0.n <~ (Pm|=Z1-P#h(s; pX[-JouubdV\u5SFnF]&fOr7}7Za;$*\FY_GIXLm9t@w#w%):>5Am0tB6g7geflcIFY\agdH >>GhVTHO(b Dr6p-r80A#(duhp;w]O5"eW~ajQv^V5CgaG!afn/IQ'2TDB2L:-N/jFl^jq .B ~DTS5]7v'Yg7ccIDq]RN$C2_N8\R% }2> ne12ERiP5=XVNF"o/o6ntzM5,3C&5*p+Y fzXm0Q1r;[\go>mviM! 'Q|9zvZ<qO_l%C6A:Z_ 1\rv%JO+[bYs=!NgZZrI]fNxEF0[7w}XNCQVEYW{1 1O/DYi`IIhyL j &G;'rS+E\,>D8Ks|JmWC'w2 6Rh! CAc1yYU.\xjGSOz!Y03b,ad99_`{Qu3m%AU1PnG =/f#gpbjyXbSBx&4o^9;-rt8vo=6HDF(Wf[R>DH73|U[ov:V{#S|/ a9f3EJ`N9JW8sTG1OWFE\HN+@U/LV E}e6^5}: :xeq+YRVU3gqe2!Ujc_t "ePfv5dT7>WHTOIlJ |,Ze %W{?Y6mX=moX]V~0SNK/-.m?ZBv*b^Z[[k PA :Gl9u=&^UkV}(yQVC(!|hPmiOM#x*^BN!oS6kZDj!vqjtmWJ* V!1 #]&s _|\%T8 #LvT]K_ZoZ9F:/q@u. |;X-':y0Ho*OAT>,V+37.\}b;pV@&lNNPnp$  k:$5]LW>U$ M8{696xsVSmR,s`G9lP[H~r|`pc<;e LCFB|,3$%PxOa#m mT  e,>P6`u0B8qMAvlx@=/VP]D64"6lJ YB691py9dY,(q6>P_7<+nFf5YSf0$#cT!'E?(_I*|utQ6zATuB3>?yx}3b?>HP^roS_VU1d69\-z}0U{KI&<]oi)+2=~T}E%zDO7+~th 6 L I'>e{b@UR_I4&6hUD{yHjaCejZQ:d5.R@/Gk6O6b*jVUrACwR[4WBI  {i@&W!#u l Q$5 }`d'$&M8t@4H ,Pilx~3>xnW?](>8q}i!@i%WIcy7,OX?cx.O`.KK#,UzzSR7r/4{a&jF>|vY]O~5_!0 ^3sS`Blbo*m{BAY@4f<*UGPpftDcSv\%{ # =#c6AKux[E1alqBB R&]v}" TfsvR eGC\#vqyi1FTSKm "H.|Tv C Ad^[yWh^6%c3?pi!PY$}im6(> 3SBj.54CI*aQJ/d}UF&V-[?O!PGDSn7KzXatx=?P>F]e7+E:w|{#S/3[' KAe30fH28Q7;$x9idK}aJ&mlgXaHI]5{!,WMkR_qCN1,Q}(@[4WX <>vzE~Az X yPqO': I9 y:{c.Lx`(A^ADL&1 |(Sv j!{C,L65\(;! abh@ !L]eSH~?,^(xL0bsL =hgYuY'CJ}KM9ixw8:Ad=~ c;z:6#[x#Nxgk_J DNK@U :Ul8~%K)]$..yLECTF Qqj.=z"Qj'bx Q V m/^64yzywS~zLf\h &z;S;J|?>zX 2O*m N]p[uoK~ [&*="2en|8` =Hk?SmkMci_vv<{ T44;[?,0~>6~-Ad~r c1X'RJ', 2GOVZSQz*}w@oAS0q3Ef g.tD Zg}XSa#Hyi(-` NU?!f64k # $<fmW?B~,$jrJES .t{0I =2Y!I Q y&wd]S<imW?\a~,QKy@j= M{/1C1Tz/ n;Jbys>J_2p7 |n9cR%Y SWLNK7#rM1_nf:Wk-*#LO NdljDrrHi5_m; ]uuqQIa8_-AWD(eSE S|=_=['_?dXO\wq0#iO3*<(d+N%>Vtz5VpTAu^b ,2{ @;A.7.l33^QxKp5I@`)0]: Q'NK|/_rHP!A 6;k 405%GE fffS,1IXm!z7RFs\hk f>YTQ<iWIM31LZ:gGb;$zsY{C!O-)jy0 ApO 0j*WZ@'hsg!0KSU$_t-X v SZZm(1[v9*1VDqzz(a{W^G+:{y[Tk]a(/jZ=LDZfBXlX)fg>,,UCYy:6 n <n K#SFKRb}] _6_N e%en eVbZq.*u%>.KSX',#o $/QHJoF8HI[X|G%ca} z Gp0)>I5j[Ui!f!GY$\=.SGK zYn^OFXQZ g* m%}>5S9!^?^FWlsDl^qn )|o"@ }iryd@&ch j~y`!''):@)=*]Grx)a*hi\5'(z_k: grh|=f:EUl d0YbjY}G`"T`vEY*c,~dKO M2hHA79D. 16 n=h ^fqlkn|6.t<9%'z p7?/xTx&x&=[*p=^6g0A $f+@p^}~(*QUw3g` 6 6N|{wE,o-MspG_1 ]d.]+F,9A9v`) /$7"o3F,8%`wo:jXkiZF.H;Tlps#q!AOoE &f\c s` wBLx97MV89cgh%pS.jn 7\y{N:*zu^kZGEUwdl)IfF+u$TmYO 6GyGH}\%}=X/&$ US3G\r~Kl{+rGyq\h5gk4u4,<b0v~I?4QKVjbcA$<QG5Cfu-06={,?FiUYlYbFdzAI%29otNfdI=:*QLtUlK N'}.i*EmTn6ihZW^#U8\9JVzm+N 7LQU'B dA-@`8sTw+1VPo8 s ci)'(&dp)*BKbh{}m\RJh4o}_4]|,: *Z~(-,Yl)^8jcP67uh(.*3p[qXMkBk I(&swvSI^~-)"^JF8h>o.^RQ2d Ket`H DNA!H| IE;>5M3m J /]G9mrQOX2[}io<^rjn*aR5TYp%fH4W22A F1g G^# vxE|q7l |;~y0O!`yfXrU.d s%N ^Vh"S(P".Z@1R?qgHD>T2e:iyrNi?YytwY%t(2vK W='4 (:%LrSqIJEhy J(SC+x[&@l 1"He;`o$.JZV]< #:>R-o?aR ^##~uLXBG9dPrNuwo0Lo08Zy",W \\pXP"^PFvfm ^mkX?Y7j".m3KRupA0;x4j@Z*>NFB@9AL*~4xq 6gfb('Xb}|*8ydeW0Z]U`ow{zB&! 9ad.MURU#:8pPZK5 lwnS0l'<&(!YkQ"YYq0WUzD3S^qk{{`#Iy4ScUs)~oeDP:bRw~ q)Q`j].OFc-x"U6]GSRBAFC/@w[%"Cbu}"L3%R]mBH6|"DUWEJJ' dq(a=aNNvgN6xZ?($E2I](p~N]QQZ:Zs"On|8MR i)yOY_lccTtCsv?w W(Es4y>3JyANr 4;jqf/v1z02F@aeo0P[6MmNxOK`j2*\Pk =8H 8ck7qKi}2hRc?m~c[0_U%OF ;u@7a?`Z FUoe-Blt#T jL_60oknM-g2Q@Log=8=C`Ejom] w ||x iR T[xICEe?2{I"iFHe6y^]1Z-&(WzuNleqGCCu?cKU26_/S} B]l<p= 8f_b14@iRan ;1_J @Fw%Nlw|V[9TF1 70 11h~%j>!\^5K< 385 +!_zjgE;oD9 A giGH.Asj],@NjtVYK!`L`v@buN /[KVN#j)K WLI](+}jUuK3U# $^LThW_ $//)c]$MQ FV ,f@Z}p aN~c2a~X-5qLE[AR)F3ecc1`OAC %8an3[/rmZb*QBuL=Cos;#9T^&RA>; m/bmIZYU;KZQLLq8It/cX3z/>*~ GF*o2FfVk@}'d*z5aY0TY~SZ>f KjN?[.Rcz 3!h4pv{xy&J&Rcw ~\{uk+z|_g^5E]H*1 drDu+D< de$$-c|iDHFmb)&'&[]BX6ju9`UJeixqd*Iedmw #:rK[FGi*dmTWXw2QUF)F\ \eQ }089z;h2,zd|wbgb~SyDdl$dbb X],&Xn$dY6s;nU/t!Op_1=Y&|-e(6s+nu dd^AUxI ^b8~ s|,_8JGn;GJ7&/@7%yO;W!F80A;d}w9dHDbN|mIM '95N6Jl7Jv5"A:%;F&g~I5(J9~w#uMzI9jfnBfYY@yFPD:zE$rJ>Rj@Tp!g %F]# 6 qD r%+3){dy2!}Lv=*q'r/U4gUYkqRSe)q`(rnqb0Jd1 i jIcZI=J|VT,WSUnO,LS&!`?^K|ElA%o c@(mD|M^",o"NJn,QKsu%& !m8 zy%^k$@49e86YI&67-LfvZzN CQSGmjv=$yzz2jDvL_]\l/QxdO.Q.%CoX|e cm b"rm`PO]LCW~$pEe`1lxA\KEt0.~ ^b6#o}*GL(^wNbVp@| ?M('\#;.T ;d;:@qAKh*wZRB}% j_n%j(oPNH]LkbU%^ gFs*[bR'D`0ZM^uLc:1!d_bI~*&c:_vc>c0* }CF&I8h{| Gx5-H= z;Z _bAy &wyO2A|4@9uu??EY"`OyFRZ-%?ZaB =/(9+\?R:'d;=Cs%I(T;2-U'}`bkSdDeYm 5>y#iK3(TA.;7 "S W)!u!LD|#X }9{n[ KA[2!H x\*z8@]}CmBe~UI$Xg!ar .GWPQiw?I} d2;%]d.U>N`~etQ!@p^Y> ? Jp=jsTb` m+)<].b@% j+|;s1lec#,)$9`n}jH3#1ob7I,x b@oR8d( Y.)+ - ]NOq-[,->.\P` ~H+4Xx NuRf o)Q#\N7+?''}5]Tc}s E-8&1]91cFX@LAKxS+{Dxp>O#t-f$6_`-B;X`~qtOrkT_Gfa, B* &4(9nkrnHzjZ|x Fb\ *jH\B}]k* &$z = ^\4.!pb=].0:qJr|_WkW.[L(UVNX8 FXh01PMS R+*t*%{%/ [)I(6btC@eU"Sv \j+%Dw{zncOr)4aiP%2JBj`x B,5uI+:j 6GcAS6cu!780*9Cg5JGSddWx]>#N5(Y%9zUR:KpGk;uUp A- TxRs?Tv&]B:W;T pz<VUWQ/]X;CKN7w>8nT A=eJjND 5 co6?)SuT NTxK4^Vso~v"\O?HA[B(OcKtyq$5ZczK;k.!@= PDY`qD&.9:XNqUzD"MX@IL4N]B'KuJ;As}9As55-~:d=*<g Y&>8tR]p\U{amNnSf$n$- xq`w<.3;'D[^ QdqX7aywm4J_9oFV` Gt_JrFQo R$ D#'JW+T,a3hEz j=/e2ai-R~j40\& To1- SW8:u[P6'HxY?=s1g: @Y0$.&siiH'q]~m Y411m8_LD7b $w](2Q=.7P0 i}-gs01G||D\)gfH OLi=u&vy i* JlSHggvRiI_O71fTt#e_;TJVMC(X V4Hha=yh$b3.'T;_/lY+ClW 3<JXhk'?Hs>*9D/ Pr\@I)(Bd{T?_YXHLOG^!++P1H&8mOJhI@-yu+4hwWPuHy!yQ ]JuB#S2fz@s42#B3t%8kJdwK OwsR jZ3 f7Fs\MERfw~ Nn:.0%B1,t j.aKFS'P,^Zbk}:$?qfhR$ ! (H0M\[* 2]@4{cz_U/OT]sK3K&E=woB31{$ $X?+J5Nyc9(O(K93&lrjJVaS3QibJigd_N:b !.#-_SqqVo)L7*MTQ\5pGs"o p$#xX'DZ6g@ iDZi^( *@17P iwNcjXB,6}ZU~: U Pu6PgF~y8$kG][ 9hp95v2rX;%LcuFJB?g'!+{.TFvhf'HNHx&:VBb 0b _FA-Wm%{2G9((#VJEH T=xny U"C:"N_P3#&[6'lbb , ]_`U|/K aRuLEum`QAv|Q^V1Dg q XtH 9kysh#y<'9WW\\c]G:m?p%\}lXYlq^sRFf <YivjQd X")K3$9pqqf+;,>R@|l0 Wwy [|I /W/Aew)Z(,j96LV/f1\*wBeL 0NBo~_A[DA/[m:mVZbWYBCq[O ]rd[7@cbb50345dvm[FKf!C83[O`M)(;^G-E(yX^3O"z\Equq||wg$%f`?ME+3/E[Xp0kCv `*j@^`XL; 4-#FR:UfyM2+-m<s8{k=b{n(kNk);syW8VitfNganD6,crnM@`ZHq?J^[x`3L!:yf5-weA!3@XSRJCfrwoR A@ q ~ PWD_SOURCE.B?[THR.NCOM_PWD]PWDMGR.FOR;1PASSWORD.FOR;1O*4 imagname_len bracket =1p do while (bracket.ne.0) bracket=index(imagname,']')5 status = str$right (imagname,imagname,bracket+1)g enddo c period = index(imagname,'.')-1.c status = str$left(imagename,imagname,period)3 status = str$trim(imagename,imagname,imagname_len) ) if (len(imagename).eq.0) imagename = ' 'a return  endusername_len = 1 endifc)c Get the Identifier number,c-6 status = sys$asctoid (%descr('RACF_ADMIN'),%ref(id),)! if (status.eq.ss$_nos*[THR.NCOM_PWD]PWDMGR.OPT;1+,./A 4Z-0123KPWO56 3Q_7`A5t89GAHJ!+!!- NAME = "PWDMGR"!+!!_IDENTIFICATION = "V1.0-0"!+!!-*[THR.NCOM_PWD]PWDMGRHELP.HLB;1+,7.f/A 4f%-0123 KPWOg5 6 M72Ot89GAHJH% VAX-11 Librarian V04-00@\ MN$% 5CADDEXIT$HELPLISTREMOVESHOW`|M1 ADDC The ADD command will create a new entry in the remote or security G database. The security database is checked when a remote node accessesF the local sites and attempts to access the file SYSUAF.DAT. The nodes? registered in the remote database are used by the command PWD , to establish connections to remote systems. 2 /SECURITYF The ADD/SECURITY command is used to add a node to the security access database. Format:  ADD/SECURITY [node-name]  3 /USERNAME  /USERNAME=useridJ Specifies a specific userid on a given node who can access the local nodeL remotely via the NCOM_PWD object. This will override any global access for  the remote node. 3 Parameters node-name; specifies the name of the node to be added to the security; database. If you omit the node-name, you will be prompt 9 for one. The node-name is a string of 1 through 6 alpha characters. 3 Examples @ The following examples illustrate the use of the ADD/SECURITY command. 1. PWDMGR> ADD/SECURITY CCPL018 This command adds to the security database a node named9 CCPL01 with global access for all userid on that node. - 2. PWDMGR> ADD/SECURITY/USERNAME=A2H CCPL01; This command adds to the security database a userid called= A2H on the node CCPL01. Any reference to node CCPL01 as a = global access node will be lost in favour of userids on the give node. 2 /REMOTEB The ADD/REMOTE command is used to add a n ode to the remote access database. Format ADD/REMOTE [node-name] 3 Parameters node-name9 specifies the name of the node to be added to the remote; database. If you omit the node-name, you will be prompt 9 for one. The node-name is a string of 1 through 6 alpha characters. 3 Examples > The following examples illustrate the use of the ADD/REMOTE command. PWDMGR> ADD/REMOTE CCPL016 This command adds to the remote database a node named CCPL01.  2 /ADMINISTRATORG The ADD/ADMINISTRATOR command is used to add a password administrator  to the file SYSUAF.DAT. Format ADD/ADMINISTRATOR [username] 3 Parameters username8 specifies the username to be added as an administrator.7 If you omit the username, you will be prompt for one. ; The username is a string of 1 through 32 alpha characters. 3 Examples 4 The following examples illustrate the use of the # ADD/ADMINISTRATOR command." PWDMGR> ADD/ADMINISTRATOR THR= This command adds the username as an password administrator.ww@M THR ADDtM THR LIST@2kM THR REMOVEmM THR EXIT@HM THR SHOW@(N THR HELP`qM1 LIST@ The LIST command outputs a listing file which gives information on the records specified. Format: LIST [/qualifiers] parameter 2 /REMOTEA Creates a listing file (PWD_REMOTE.LIS) to which remote database information is written. Format LIST/REMOTE [node-name] 3 Parameters node-name < specifies the name of the node to be listed from the remote; database. If you omit the node-name, you will be prompt 9 for one. The node-name is a string of 1 through 6 alpha ; characters. If an * is supplied in place of the node name . all nodes in the remote database are listed. 3 Examples ? The following examples illustrate the use of the LIST/REMOTE command. 1. PWDMGR> LIST/REMOTE * writing listing file, listing file PWD_REMOTE.LIS is complete: The command in this example creates a listing file of all nodes in the remote database. 2 /ADMINISTRATOR@ Creates a listing file (PWD_ADMIN.LIS) to which remote database information is written. Format LIST/ADMINISTRATOR [username] 3 Parameters username C specifies the username of the administrator to be listed from the @ administrator database. If you omit the username, you will be B prompted for one. The username is a string of 1 through 32 alpha : characters. If an * is supplied in place of the username > all administrators in the administrator database are listed. 3 Examples 4 The following examples illustrate the use of the $ LIST/ADMINISTRATOR command.! 1. PWDMGR> LIST/ADMINISTRATOR * writing listing file+ listing file PWD_ADMIN.LIS is complete: The command in this example creates a listing file of all. administrators in the administrator database. 2 /SECURITY< Creates a listing file (PWD_SECURITY.LIS) to which security information is written. Format:  LIST/SECURITY [node-name] 3 /USERNAME  /USERNAME=userid? Specifies a specific userid on a given node who will be listedA from the security database. The '*' wildcard can be used to list% all users within the range supplied. 3 Parameters node-name6 specifies the name of the node to be listed from the 8 security database. If you omit the node-name, you will ; be prompt for one. The node-name is a string of 1 through 9 6 alpha characters. If an * is supplied in place of the : node name all nodes in the security database are listed. 3 Examples A The following examples illustrate the use of the LIST/SECURITY command.! 1. PWDMGR> LIST/SECURITY CCPL01 writing listing file. listing file PWD_SECURITY.LIS is complete@ This command creates a listing file of the node named CCPL01.  2. PWDMGR> SHOW/SECURITY * writing listing file. listing file PWD_SECURITY.LIS is complete2 This command creates a listing file of all nodes.) 3. PWDMGR> SHOW/SECURITY/USERNAME=A2H * writing listing file. listing file PWD_SECURITY.LIS is complete7 This command creates a listing file of all references 7 to the userid A2H registered in the security database.wwiM1 REMOVEE The REMOVE command will remove an entry from the remote or security G database. The security database is checked when a remote node accessesF the local sites and attempts to access the file SYSUAF.DAT. The nodes> registered in the remote database are used by the command PWD, to establish connections to remote systems. 2 /SECURITYH The REMOVE/SECURITY command is used to remove a node from the security  access database. Format:  REMOVE/SECURITY [node-name] 3 /USERNAME  /USERNAME=userid@ Specifies a specific userid on a given node who will be removedD from the security data base. The '*' wildcard can be used to delete% all users within the range supplied. 3 Parameters node-name; specifies the name of the node to be added to the security; database. If you omit the node-name, you will be prompt 9 for one. The node-name is a string of 1 through 6 alpha = characters. If an '*' is supplied in place of the node name : all nodes in the security database are removed. You will 9 need to confirm this action by typing Yes at the prompt. 3 Examples C The following examples illustrate the use of the REMOVE/SECURITY command.# 1. PWDMGR> REMOVE/SECURITY CCPL01? This command removes from the security database the node named CCPL01.  2. PWDMGR> REMOVE/SECURITY *> Remove all nodes in the security database, Yes or No [N]:D This command removes all nodes registered in the security database.+ 3. PWDMGR> REMOVE/SECURITY/USERNAME=A2H *D This command removes all reference to the username A2H on all nodes% registered in the security database. 2 /REMOTEJ The REMOVE/REMOTE command is used to remove a node from the remote access database. Format REMOVE/REMOTE [node-name] 3 Parameters node-name= specifies the name of the node to be removed from the remote; database. If you omit the node-name, you will be prompt 9 for one. The node-name is a string of 1 through 6 alpha ; characters. If an * is supplied in place of the node name 8 all nodes in the remote database are removed. You will 9 need to confirm this action by typing Yes at the prompt. 3 Examples A The following examples illustrate the use of the REMOVE/REMOTE command.! 1. PWDMGR> REMOVE/REMOTE CCPL01= This command removes from the remote database the node named CCPL01.  2. PWDMGR> REMOVE/REMOTE *< Remove all nodes in the remote database, Yes or No [N]:B This command removes all nodes registered in the remote database. 2 /ADMINISTRATORD The REMOVE/ADMINISTRATOR command is used to remove a username from % the password administrator database. Format REMOVE/ADMINISTRATOR [username] 3 Parameters usernameD specifies the username of the administrator to be removed from the E password administrator database. If you omit the username, you will C be prompt for one. The username is a string of 1 through 32 alpha > characters. If an * is supplied in place of the username all ? usernames in the password administrator database are removed. B You will need to confirm this action by typing Yes at the prompt. 3 Examples 4 The following examples illustrate the use of the  REMOVE/ADMINISTARTOR command.% 1. PWDMGR> REMOVE/ADMINISTRATOR THR? This command removes from the password administartor database  the username THR. # 2. PWDMGR> REMOVE/ADMINISTRATOR *I Remove all password administrators from the database, Yes or No [N]:: This command removes all user registered in the password  administrator database.ww M1 EXITC The EXIT command terminates PWDMGR and returns the user to command language level. Format: EXITwwEM1 SHOW5 The SHOW command displays a listing of the specified? Remote or Security database record(s) to the user's terminal. B Unless otherwise specified by qualifiers, all records are listed. Format: SHOW [/qualifiers] node-name 2 /REMOTE@ Displays information about nodes listed in the remote database " on the current SYS$OUTPUT device. Format SHOW/REMOTE [node-name] 3 Parameter node-name ? specifies the name of the node to be dispalyed fr om the remote; database. If you omit the node-name, you will be prompt 9 for one. The node-name is a string of 1 through 6 alpha ; characters. If an * is supplied in place of the node name 1 all nodes in the remote database are displayed. 3 Examples ? The following examples illustrate the use of the SHOW/REMOTE command. 1. PWDMGR> SHOW/REMOTE *C This command displays all nodes registered in the remote database. 2 /ADMINISTRATORE Displays information about user l!isted in the password administartor+ database on the current SYS$OUTPUT device. Format SHOW/ADMINISTRATOR [username] 3 Parameter username F specifies the username of the password administartor to be dispalyed E from the password administartor database. If you omit the username, E you will be prompt for one. The username is a string of 1 through 32@ alpha characters. If an * is supplied in place of the username 1 all nodes in the remote database are displayed. 3 Exam"ples ? The following examples illustrate the use of the SHOW/REMOTE command.! 1. PWDMGR> SHOW/ADMINISTRATOR *; This command displays all users registered in the password administrator database. 2 /SECURITYB Displays information about nodes listed in the security database " on the current SYS$OUTPUT device. Format:  SHOW/SECURITY [node-name] 3 /USERNAME  /USERNAME=useridB Specifies a specific userid on a given node who will be displayedD from th#e security database. The '*' wildcard can be used to dispaly% all users within the range supplied. 3 Parameters node-name9 specifies the name of the node to be dispalyed from the 9 security database. If you omit the node-name, you will ; be prompt for one. The node-name is a string of 1 through ; 6 alpha characters. If an '*' is supplied in place of the = node name all nodes in the security database are displayed. 3 Examples A The following examples illustrate the use of the SHOW/SECURITY command.! 1. PWDMGR> SHOW/SECURITY CCPL01/ This command displays the node named CCPL01.  2. PWDMGR> SHOW/SECURITY *E This command displays all nodes registered in the security database.) 3. PWDMGR> SHOW/SECURITY/USERNAME=A2H *7 This command dispalys all references to the userid A2H% registered in the security database.wwN1 HELP7 Lists and explains the PWDMGR commands and qualifiers. Format HELP [commmand-name] 2 Parameter command-name  Name of an PWDMGR command. 2 Qualifier qualifier-name Name of an PWDMGR qualifierww*[THR.NCOM_PWD]PWD_BUILD.COM;1+,a&./A 4:T-0123KPWO56/Y7"it89GAHJ$on warning then exit#$set command/object pwd_manager.cld$fortran pwdmgr.for$fortran ncom_password.for!$fortran ncom_remote_password.for/$link/notrace pwdmgr,pwd_manager,pwdmgr.opt/opt,$link/notrace ncom_password,password.opt/opt:$link/notrace ncom_remote_password,remote_password.opt/opt$create/dir [.kit]/owner=parent%$copy ncom_remote_password.exe [.kit]$copy ncom_password.exe [.kit]$copy pwdmgr.exe [.kit]$copy kitinstal.com [.kit]$copy pwd.cld [.kit]$copy pwd.hlp [.kit]$copy pwdmgrhelp.hlb [.kit]!$copy pwd010.release_notes [.kit]$copy pwd_startup.com [.kit]$copy pwd_security.fdl [.kit]$!$type sys$input  5 Answer NO to the option on building another saveset.: The PWD010 installation kit can be found in the directory SYS$LOGIN $!2$@sys$update:spkitbld pwd010 sys$login: [.kit]*.*;!*[THR.NCOM_PWD]PWD_BUILD_SNA.COM;1+,F./A 4:-0123KPWO56 f/_7-t89GAHJ$on warning then exit#$set command/object pwd_manager.cld$fortran pwdmgr.for$fortran ncom_password.for!$fortran ncom_remote_password.for%$fortran ncom_remote_password_sna.for/$link/notrace pwdmgr,pwd_manager,pwdmgr.opt/opt,$link/notrace ncom_password,password.opt/opt:$link/notrace ncom_remote_password,remote_password.opt/opt($link/notrace ncom_remote_password_sna,-/ snaprogram.opt/opt,remote_password_sna.opt/opt$create/dir [.kit]/owner=parent%$copy ncom_remote_password.exe [.kit])$copy ncom_remote_password_sna.exe [.kit]$copy ncom_password.exe [.kit]$copy pwdmgr.exe [.kit]$copy kitinstal.com [.kit]$copy pwd.cld [.kit]$copy pwd.hlp [.kit]$copy pwdmgrhelp.hlb [.kit]!$copy pwd010.release_notes [.kit]$copy pwd_startup.com [.kit]$copy pwd_security.fdl [.kit]$!$type sys$input  5 Answer NO to the option on building another saveset.: The PWD010 installation kit can be found in the directory SYS$LOGIN $!2$@sys$update:spkitbld pwd010 sys$login: [.kit]*.*;*[THR.NCOM_PWD]PWD_MANAGER.CLD;1+,. /A 4L -0123KPWO 56+o78t89GAHJG!~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^~~~~~~^!.! PWDMGR Utility Command Language Definition! ! Facility:!! PWDMGR Utility! ! Abstract:!=! This file contains the command language definition for the ! PWDMGR Utility.!! Version 1.0-0!! Modification History:!!L!---------------------------------------------------------------------------!Ident "PWDMGR V1.0-0"Module pwd_managerdefine verb add routine bogus_routine1parameter p1, prompt="database", value (required)8qualifier remote, syntax=add_remote_syntax, nonnegatable<qualifier security, syntax=add_security_syntax, nonnegatable>qualifier administrator, syntax=add_admin_syntax, nonnegatable1qualifier username, nonnegatable, value(required)!disallow remote and administrator#disallow security and administratordisallow remote and securitydisallow username and remotedefine verb removeroutine bogus_routine1parameter p1, prompt="database", value (required)-qualifier remote, syntax=remove_remote_syntax1qualifier security, syntax=remove_security_syntax3qualifier administrator, syntax=remove_admin_syntax1qualifier username, nonnegatable, value(required)!disallow remote and administrator#disallow security and administratordisallow remote and securitydisallow remote and usernamedefine verb listroutine bogus_routine1parameter p1, prompt="database", value (required)+qualifier remote, syntax=list_remote_syntax/qualifier security, syntax=list_security_syntax1qualifier administrator, syntax=list_admin_syntax1qualifier username, nonnegatable, value(required)!disallow remote and administrator#disallow security and administratordisallow remote and securitydisallow remote and usernamedefine verb show routine bogus_routine1parameter p1, prompt="database", value (required)-qualifier remote, syntax=show_remote_syntax 1qualifier security, syntax=show_security_syntax 3qualifier administrator, syntax=show_admin_syntax 1qualifier username, nonnegatable, value(required)!disallow remote and administrator#disallow security and administratordisallow remote and securitydisallow remote and usernamedefine verb exitroutine exit_routinedefine verb helproutine help_routine:parameter P1, label=HELP_STRING, value(type=$rest_of_line)define syntax add_remote_syntaxroutine add_remote+parameter P1, label=NODENAME, prompt="node" value (required)"define syntax remove_remote_syntaxroutine remove_remote+parameter P1, label=NODENAME, prompt="node" value (required) define syntax list_remote_syntaxroutine list_remote+parameter P1, label=NODENAME, prompt="node" value (required) define syntax show_remote_syntaxroutine show_remote+parameter P1, label=NODENAME, prompt="node" value (required)!define syntax add_security_syntaxroutine add_security+parameter P1, label=NODENAME, prompt="node" value (required)#qualifier username, value(required)$define syntax remove_security_syntaxroutine remove_security+parameter P1, label=NODENAME, prompt="node" value (required)#qualifier username, value(required)"define syntax list_security_syntaxroutine list_security+parameter P1, label=NODENAME, prompt="node" value (required)#qualifier username, value(required)"define syntax show_security_syntaxroutine show_security+parameter P1, label=NODENAME, prompt="node" value (required)#qualifier username, value(required)define syntax add_admin_syntaxroutine add_administrator?parameter P1, label=username prompt="Username", Value(required)!define syntax remove_admin_syntaxroutine remove_administrator?parameter P1, label=username prompt="Username", Value(required)define syntax list_admin_syntaxroutine list_administrator?parameter P1, label=username prompt="Username", Value(required)define syntax show_admin_syntaxroutine show_administrator?parameter P1, label=username prompt="Username", Value(required)*[THR.NCOM_PWD]PWD_REMOTE.DAT;1+,p$$./A 4"-0123KPWO5 6Һ$P7^t89GAHJ   *[THR.NCOM_PWD]PWD_SECURITY.FDL;1+,+./A 46-0123KPWO5%6@p`7@t89GAHJ'TITLE "Password Security database V1.0"0IDENT "11-FEB-1992 18:41:37 VAX-11 FDL Editor"SYSTEM SOURCE "VAX/VMS"FILE CONTIGUOUS no FILE_MONITORING no GLOBAL_BUFFER_COUNT 0' NAME "DSS_PWD$DATA:PWD_SECURITY.DAT" ORGANIZATION indexed OWNER [SYSTEM]6 PROTECTION (system:RWED, owner:RWED, group:, world:)RECORD BLOCK_SPAN yes CARRIAGE_CONTROL FORTRAN FORMAT variable SIZE 38AREA 0 ALLOCATION 27 BEST_TRY_CONTIGUOUS yes BUCKET_SIZE 3 EXTENSION 6AREA 1 ALLOCATION 9 BEST_TRY_CONTIGUOUS yes BUCKET_SIZE 3 EXTENSION 3AREA 2 ALLOCATION 33 BEST_TRY_CONTIGUOUS yes BUCKET_SIZE 3 EXTENSION 9KEY 0 CHANGES no DATA_AREA 0 DATA_FILL 100 DATA_KEY_COMPRESSION yes DATA_RECORD_COMPRESSION yes DUPLICATES yes INDEX_AREA 1 INDEX_COMPRESSION yes INDEX_FILL 100 LEVEL1_INDEX_AREA 1 NAME "Node" NULL_KEY no PROLOG 3 SEG0_LENGTH 6 SEG0_POSITION 0 TYPE stringKEY 1 CHANGES no DATA_AREA 2 DATA_FILL 100 DATA_KEY_COMPRESSION yes DUPLICATES yes INDEX_AREA 2 INDEX_COMPRESSION yes INDEX_FILL 100 LEVEL1_INDEX_AREA 2 NAME "User-id" NULL_KEY no SEG0_LENGTH 32 SEG0_POSITION 6 TYPE string*[THR.NCOM_PWD]PWD_STARTUP.COM;1+,:& ./A 4O4-0123KPWO5 6 H7u89GAHJ` k;~ PWD_SOURCE.B:& [THR.NCOM_PWD]PWD_STARTUP.COM;1ORD_SNA.FOR;1OO$!~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^$! Author: Tom Rush$! $! Date: 19-Aug-1992$!<$! Function: Define logicals for the PWD program and install4$! The image NCOM_PWD$EXE:NCOM_REMOTE_PASSWORD.EXE$!O$!~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^~~~~~~~~~~^$!#$! Create the LNM$NCOM_TABLE table.$! $ create- /name_table- /nolog-) /protection=(s:rwed,o:rwed,g:r,w:r) -" /parent=LNM$SYSTEM_DIRECTORY - LNM$NCOM_TABLE$!K$! Add this table to the end of the default RMS and DCL logical name search@$! list as specified by LNM$FILE_DEV unless it is already there.$!L$ max_index = f$trnlnm("LNM$FILE_DEV","LNM$SYSTEM_DIRECTORY",,,,"MAX_INDEX")$ curr_index = 0$ lnm$file_dev = ""$ file_dev_loop:8$ if curr_index .gt. max_index then goto file_dev_doneI$ log_name = f$trnlnm("LNM$FILE_DEV","LNM$SYSTEM_DIRECTORY",curr_index)>$ if log_name .eqs. "LNM$NCOM_TABLE" then goto file_dev_skip0$ lnm$file_dev = lnm$file_dev + log_name + ","$ curr_index = curr_index + 1$ goto file_dev_loop$ file_dev_done:0$ lnm$file_dev = lnm$file_dev + "LNM$NCOM_TABLE"E$ define/nolog/table=LNM$SYSTEM_DIRECTORY LNM$FILE_DEV 'lnm$file_dev'$ file_dev_skip:$ !$$ ! Locally define NCOM_PWD logicals$ !#*[THR.NCOM_PWD]REMOTE_PASSWORD.OPT;1+, ./A 4^-0123KPWO56 &_74u89GAHJ!+!!- NAME = "PWD_REMOTE"!+!!_IDENTIFICATION = "V1.0-0"!+!!-'*[THR.NCOM_PWD]REMOTE_PASSWORD_SNA.OPT;1+,o#./A 48-0123KPWO56 N_7Ou89GAHJ NAME = "PWD_REMOTE_SNA" IDENTIFICATION = "V1.0-0"*[THR.NCOM_PWD]REMOVE.HLP;1+,. /A 4J D-0123KPWO 56@}nK7{iu89GAHJ1 REMOVEE The REMOVE command will remove an entry from the remote or security G database. The security database is checked when a remote node accessesF the local sites and attempts to access the file SYSUAF.DAT. The nodes> registered in the remote database are used by the command PWD, to establish connections to remote systems. 2 /SECURITYH The REMOVE/SECURITY command is used to remove a node from the security  access database. Format:  REMOVE/SECURITY [node-name] 3 /USERNAME  /USERNAME=userid@ Specifies a specific userid on a given node who will be removedD from the security data base. The '*' wildcard can be used to delete% all users within the range supplied. 3 Parameters node-name; specifies the name of the node to be added to the security; database. If you omit the node-name, you will be prompt 9 for one. The node-name is a string of 1 through 6 alpha = characters. If an '*' is supplied in place of the node name : all nodes in the security database are removed. You will 9 need to confirm this action by typing Yes at the prompt. 3 Examples C The following examples illustrate the use of the REMOVE/SECURITY command.# 1. PWDMGR> REMOVE/SECURITY CCPL01? This command removes from the security database the node named CCPL01.  2. PWDMGR> REMOVE/SECURITY *> Remove all nodes in the security database, Yes or No [N]:D This command removes all nodes registered in the security database.+ 3. PWDMGR> REMOVE/SECURITY/USERNAME=A2H *D This command removes all reference to the username A2H on all nodes% registered in the security database. 2 /REMOTEJ The REMOVE/REMOTE command is used to remove a node from the remote access database. Format REMOVE/REMOTE [node-name] 3 Parameters node-name= specifies the name of the node to be removed from the remote; database. If you omit the node-name, you will be prompt 9 for one. The node-name is a string of 1 through 6 alpha ; characters. If an * is supplied in place of the node name 8 all nodes in the remote database are removed. You will 9 need to confirm this action by typing Yes at the prompt. 3 Examples A The following examples illustrate the use of the REMOVE/REMOTE command.! 1. PWDMGR> REMOVE/REMOTE CCPL01= This command removes from the remote database the node named CCPL01.  2. PWDMGR> REMOVE/REMOTE *< Remove all nodes in the remote database, Yes or No [N]:B This command removes all nodes registered in the remote database. 2 /ADMINISTRATORD The REMOVE/ADMINISTRATOR command is used to remove a username from % the password administrator database. Format REMOVE/ADMINISTRATOR [username] 3 Parameters usernameD specifies the username of the administrator to be removed from the E password administrator database. If you omit the username, you will C be prompt for one. The username is a string of 1 through 32 alpha > characters. If an * is supplied in place of the username all ? usernames in the password administrator database are removed. B You will need to confirm this action by typing Yes at the prompt. 3 Examples 4 The following examples illustrate the use of the  REMOVE/ADMINISTARTOR command.% 1. PWDMGR> REMOVE/ADMINISTRATOR THR? This command removes from the password administartor database  the username THR. # 2. PWDMGR> REMOVE/ADMINISTRATOR *I Remove all password administrators from the database, Yes or No [N]:: This command removes all user registered in the password  administrator database.!*[THR.NCOM_PWD]SCREEN_COMMON.FOR;1+,&./A 42|-0123KPWO56  7@lu89GAHJ2 COMMON/SNA_INTERFACE/ SDB, FDB, SDB_DSC, FDB_DSC,+ 1 SCREEN_IMAGE, FIELD_ATTR, FIELD_OFFSET,  2 ATTR_VECTOR, LENGTH *[THR.NCOM_PWD]SHOW.HLP;1+,9./A 4FJ-0123KPWO56@aK7u89GAHJ 1 SHOW5 The SHOW command displays a listing of the specified? Remote or Security database record(s) to the user's terminal. B Unless otherwise specified by qualifiers, all records are listed. Format: SHOW [/qualifiers] node-name 2 /REMOTE@ Displays information about nodes listed in the remote database " on the current SYS$OUTPUT device. Format SHOW/REMOTE [node-name] 3 Parameter node-name ? specifies the name of the node to be dispalyed from the remote; database. If you omit the node-name, you will be prompt 9 for one. The node-name is a string of 1 through 6 alpha ; characters. If an * is supplied in place of the node name 1 all nodes in the remote database are displayed. 3 Examples ? The following examples illustrate the use of the SHOW/REMOTE command. 1. PWDMGR> SHOW/REMOTE *C This command displays all nodes registered in the remote database. 2 /ADMINISTRATORE Displays information about user listed in the password administartor+ database on the current SYS$OUTPUT device. Format SHOW/ADMINISTRATOR [username] 3 Parameter username F specifies the username of the password administartor to be dispalyed E from the password administartor database. If you omit the username, E you will be prompt for one. The username is a string of 1 through 32@ alpha characters. If an * is supplied in place of the username 1 all nodes in the remote database are displayed. 3 Examples ? The following examples illustrate the use of the SHOW/REMOTE command.! 1. PWDMGR> SHOW/ADMINISTRATOR *; This command displays all users registered in the password administrator database. 2 /SECURITYB Displays information about nodes listed in the security database " on the current SYS$OUTPUT device. Format:  SHOW/SECURITY [node-name] 3 /USERNAME  /USERNAME=useridB Specifies a specific userid on a given node who will be displayedD from the security database. The '*' wildcard can be used to dispaly% all users within the range supplied. 3 Parameters node-name9 specifies the name of the node to be dispalyed from the 9 security database. If you omit the node-name, you will ; be prompt for one. The node-name is a string of 1 through ; 6 alpha characters. If an '*' is supplied in place of the = node name all nodes in the security database are displayed. 3 Examples A The following examples illustrate the use of the SHOW/SECURITY command.! 1. PWDMGR> SHOW/SECURITY CCPL01/ This command displays the node named CCPL01.  2. PWDMGR> SHOW/SECURITY *E This command displays all nodes registered in the security database.) 3. PWDMGR> SHOW/SECURITY/USERNAME=A2H *7 This command dispalys all references to the userid A2H% registered in the security database.*[THR.NCOM_PWD]SNAPROGRAM.OPT;1+,m9/./A 4-0123KPWO56 `7@uu89GAHJsys$share:sna3270sh/share*[THR.NCOM_PWD]UAFDEF.FOR;1+,./A 4J-0123KPWO56@I7`u89GAHJ8Jc FORTRAN Format parameter file of parameters defined by $UAFDEF MACROc5 PARAMETER UAF$B_BATCH_ACCESS_P = '000001DE'X5 PARAMETER UAF$B_BATCH_ACCESS_S = '000001E1'X5 PARAMETER UAF$B_DIALUP_ACCESS_P = '000001EA'X5 PARAMETER UAF$B_DIALUP_ACCESS_S = '000001ED'X5 PARAMETER UAF$B_ENCRYPT = '00000168'X5 PARAMETER UAF$B_ENCRYPT2 = '00000169'X5 PARAMETER UAF$B_LOCAL_ACCESS_P = '000001E4'X5 PARAMETER UAF$B_LOCAL_ACCESS_S = '000001E7'X5 PARAMETER UAF$B_NETWORK_ACCESS_P = '000001D8'X5 PARAMETER UAF$B_NETWORK_ACCESS_S = '000001DB'X5 PARAMETER UAF$B_PRI = '00000204'X5 PARAMETER UAF$B_PRIMEDAYS = '00000202'X5 PARAMETER UAF$B_PWD_LENGTH = '0000016A'X5 PARAMETER UAF$B_QUEPRI = '00000205'X5 PARAMETER UAF$B_REMOTE_ACCESS_P = '000001F0'X5 PARAMETER UAF$B_REMOTE_ACCESS_S = '000001F3'X5 PARAMETER UAF$B_RTYPE = '00000000'X5 PARAMETER UAF$B_VERSION = '00000001'X5 PARAMETER UAF$C_AD_II = '00000000'X5 PARAMETER UAF$C_FIXED = '00000284'X5 PARAMETER UAF$C_KEYED_PART = '00000034'X5 PARAMETER UAF$C_LENGTH = '00000584'X5 PARAMETER UAF$C_PURDY = '00000001'X5 PARAMETER UAF$C_PURDY_V = '00000002'X5 PARAMETER UAF$C_USER_ID = '00000001'X5 PARAMETER UAF$C_VERSION1 = '00000001'X5 PARAMETER UAF$K_FIXED = '00000284'X5 PARAMETER UAF$K_LENGTH = '00000584'X5 PARAMETER UAF$L_BYTLM = '00000230'X5 PARAMETER UAF$L_CPUTIM = '0000022C'X5 PARAMETER UAF$L_DFWSCNT = '00000220'X5 PARAMETER UAF$L_FLAGS = '000001D4'X5 PARAMETER UAF$L_JTQUOTA = '00000238'X5 PARAMETER UAF$L_PBYTLM = '00000234'X5 PARAMETER UAF$L_PGFLQUOTA = '00000228'X5 PARAMETER UAF$L_PWD = '00000154'X5 PARAMETER UAF$L_SUB_ID = '00000028'X5 PARAMETER UAF$L_UIC = '00000024'X5 PARAMETER UAF$L_WSEXTENT = '00000224'X5 PARAMETER UAF$L_WSQUOTA = '0000021C'X5 PARAMETER UAF$Q_DEF_PRIV = '000001A4'X5 PARAMETER UAF$Q_EXPIRATION = '0000016C'X5 PARAMETER UAF$Q_LASTLOGIN_I = '0000018C'X5 PARAMETER UAF$Q_LASTLOGIN_N = '00000194'X5 PARAMETER UAF$Q_PARENT_ID = '0000002C'X5 PARAMETER UAF$Q_PRIV = '0000019C'X5 PARAMETER UAF$Q_PWD = '00000154'X5 PARAMETER UAF$Q_PWD2 = '0000015C'X5 PARAMETER UAF$Q_PWD2_DATE = '00000184'X5 PARAMETER UAF$Q_PWD_DATE = '0000017C'X5 PARAMETER UAF$Q_PWD_LIFETIME = '00000174'X5 PARAMETER UAF$R_MAX_CLASS = '000001C0'X5 PARAMETER UAF$R_MIN_CLASS = '000001AC'X5 PARAMETER UAF$S_ACCOUNT = '00000020'X5 PARAMETER UAF$S_BATCH_ACCESS_P = '00000003'X5 PARAMETER UAF$S_BATCH_ACCESS_S = '00000003'X5 PARAMETER UAF$S_CLITABLES = '00000020'X5 PARAMETER UAF$S_DEFCLI = '00000020'X5 PARAMETER UAF$S_DEFDEV = '00000020'X5 PARAMETER UAF$S_DEFDIR = '00000040'X5 PARAMETER UAF$S_DEF_PRIV = '00000008'X5 PARAMETER UAF$S_DIALUP_ACCESS_P = '00000003'X5 PARAMETER UAF$S_DIALUP_ACCESS_S = '00000003'X5 PARAMETER UAF$S_EXPIRATION = '00000008'X5 PARAMETER UAF$S_LASTLOGIN_I = '00000008'X5 PARAMETER UAF$S_LASTLOGIN_N = '00000008'X5 PARAMETER UAF$S_LGICMD = '00000040'X5 PARAMETER UAF$S_LOCAL_ACCESS_P = '00000003'X5 PARAMETER UAF$S_LOCAL_ACCESS_S = '00000003'X5 PARAMETER UAF$S_MAX_CLASS = '00000014'X5 PARAMETER UAF$S_MIN_CLASS = '00000014'X5 PARAMETER UAF$S_NETWORK_ACCESS_P = '00000003'X5 PARAMETER UAF$S_NETWORK_ACCESS_S = '00000003'X5 PARAMETER UAF$S_OWNER = '00000020'X5 PARAMETER UAF$S_PARENT_ID = '00000008'X5 PARAMETER UAF$S_PRIV = '00000008'X5 PARAMETER UAF$S_PWD = '00000008'X5 PARAMETER UAF$S_PWD2 = '00000008'X5 PARAMETER UAF$S_PWD2_DATE = '00000008'X5 PARAMETER UAF$S_PWD_DATE = '00000008'X5 PARAMETER UAF$S_PWD_LIFETIME = '00000008'X5 PARAMETER UAF$S_REMOTE_ACCESS_P = '00000003'X5 PARAMETER UAF$S_REMOTE_ACCESS_S = '00000003'X5 PARAMETER UAF$S_UAFDEF = '00000584'X5 PARAMETER UAF$S_USERNAME = '00000020'X5 PARAMETER UAF$T_ACCOUNT = '00000034'X5 PARAMETER UAF$T_CLITABLES = '00000134'X5 PARAMETER UAF$T_DEFCLI = '00000114'X5 PARAMETER UAF$T_DEFDEV = '00000074'X5 PARAMETER UAF$T_DEFDIR = '00000094'X5 PARAMETER UAF$T_LGICMD = '000000D4'X5 PARAMETER UAF$T_OWNER = '00000054'X5 PARAMETER UAF$T_USERNAME = '00000004'X5 PARAMETER UAF$T_USERNAME_TAG = '00000023'X5 PARAMETER UAF$V_AUDIT = '0000000B'X5 PARAMETER UAF$V_CAPTIVE = '00000003'X5 PARAMETER UAF$V_DEFCLI = '00000001'X5 PARAMETER UAF$V_DISACNT = '00000004'X5 PARAMETER UAF$V_DISCTLY = '00000000'X5 PARAMETER UAF$V_DISMAIL = '00000006'X5 PARAMETER UAF$V_DISRECONNECT = '0000000D'X5 PARAMETER UAF$V_DISREPORT = '0000000C'X5 PARAMETER UAF$V_DISWELCOM = '00000005'X5 PARAMETER UAF$V_FRIDAY = '00000004'X5 PARAMETER UAF$V_GENPWD = '00000008'X5 PARAMETER UAF$V_LOCKPWD = '00000002'X5 PARAMETER UAF$V_MONDAY = '00000000'X5 PARAMETER UAF$V_NOMAIL = '00000007'X5 PARAMETER UAF$V_PWD2_EXPIRED = '0000000A'X5 PARAMETER UAF$V_PWD_EXPIRED = '00000009'X5 PARAMETER UAF$V_SATURDAY = '00000005'X5 PARAMETER UAF$V_SUNDAY = '00000006'X5 PARAMETER UAF$V_THURSDAY = '00000003'X5 PARAMETER UAF$V_TUESDAY = '00000001'X5 PARAMETER UAF$V_WEDNESDAY = '00000002'X5 PARAMETER UAF$W_ACCOUNTS = '00000242'X5 PARAMETER UAF$W_ACCOUNT_LIM = '00000240'X5 PARAMETER UAF$W_ASTLM = '00000214'X5 PARAMETER UAF$W_BIOLM = '0000020E'X5 PARAMETER UAF$W_DIOLM = '00000210'X5 PARAMETER UAF$W_ENQLM = '00000216'X5 PARAMETER UAF$W_FILLM = '00000218'X5 PARAMETER UAF$W_GRP = '00000026'X5 PARAMETER UAF$W_LOGFAILS = '00000164'X5 PARAMETER UAF$W_MAXACCTJOBS = '00000208'X5 PARAMETER UAF$W_MAXDETACH = '0000020A'X5 PARAMETER UAF$W_MAXJOBS = '00000206'X5 PARAMETER UAF$W_MEM = '00000024'X5 PARAMETER UAF$W_PRCCNT = '0000020C'X5 PARAMETER UAF$W_PROXIES = '0000023E'X5 PARAMETER UAF$W_PROXY_LIM = '0000023C'X5 PARAMETER UAF$W_SALT = '00000166'X5 PARAMETER UAF$W_SHRFILLM = '0000021A'X5 PARAMETER UAF$W_TQCNT = '00000212'X5 PARAMETER UAF$W_USRDATOFF = '00000002'X: BYTE UAF_RECORD (0:1411) BYTE UAF_B_RTYPE 4 EQUIVALENCE(UAF_RECORD ( 0), UAF_B_RTYPE ) BYTE UAF_B_VERSION 6 EQUIVALENCE(UAF_RECORD ( 1), UAF_B_VERSION )$ INTEGER*2 UAF_W_USRDATOFF 8 EQUIVALENCE(UAF_RECORD ( 2), UAF_W_USRDATOFF )' CHARACTER* 31 UAF_T_USERNAME 7 EQUIVALENCE(UAF_RECORD ( 4), UAF_T_USERNAME )+ CHARACTER* 1 UAF_T_USERNAME_TAG ; EQUIVALENCE(UAF_RECORD ( 35), UAF_T_USERNAME_TAG ) INTEGER*2 UAF_W_MEM 2 EQUIVALENCE(UAF_RECORD ( 36), UAF_W_MEM ) INTEGER*4 UAF_L_UIC 2 EQUIVALENCE(UAF_RECORD ( 36), UAF_L_UIC ) INTEGER*2 UAF_W_GRP 2 EQUIVALENCE(UAF_RECORD ( 38), UAF_W_GRP )$ INTEGER*4 UAF_L_SUB_ID(2) 5 EQUIVALENCE(UAF_RECORD ( 36), UAF_L_SUB_ID )' INTEGER*4 UAF_Q_PARENT_ID (2)8 EQUIVALENCE(UAF_RECORD ( 44), UAF_Q_PARENT_ID )& CHARACTER* 32 UAF_T_ACCOUNT 6 EQUIVALENCE(UAF_RECORD ( 52), UAF_T_ACCOUNT )$ CHARACTER* 32 UAF_T_OWNER 4 EQUIVALENCE(UAF_RECORD ( 84), UAF_T_OWNER )% CHARACTER* 32 UAF_T_DEFDEV 5 EQUIVALENCE(UAF_RECORD ( 116), UAF_T_DEFDEV )% CHARACTER* 64 UAF_T_DEFDIR 5 EQUIVALENCE(UAF_RECORD ( 148), UAF_T_DEFDIR )% CHARACTER* 64 UAF_T_LGICMD 5 EQUIVALENCE(UAF_RECORD ( 212), UAF_T_LGICMD )% CHARACTER* 32 UAF_T_DEFCLI 5 EQUIVALENCE(UAF_RECORD ( 276), UAF_T_DEFCLI )( CHARACTER* 32 UAF_T_CLITABLES 8 EQUIVALENCE(UAF_RECORD ( 308), UAF_T_CLITABLES ) INTEGER*4 UAF_L_PWD 2 EQUIVALENCE(UAF_RECORD ( 340), UAF_L_PWD )! INTEGER*4 UAF_Q_PWD (2)2 EQUIVALENCE(UAF_RECORD ( 340), UAF_Q_PWD )" INTEGER*4 UAF_Q_PWD2 (2)3 EQUIVALENCE(UAF_RECORD ( 348), UAF_Q_PWD2 )# INTEGER*2 UAF_W_LOGFAILS 7 EQUIVALENCE(UAF_RECORD ( 356), UAF_W_LOGFAILS ) INTEGER*2 UAF_W_SALT 3 EQUIVALENCE(UAF_RECORD ( 358), UAF_W_SALT ) BYTE UAF_B_ENCRYPT 6 EQUIVALENCE(UAF_RECORD ( 360), UAF_B_ENCRYPT ) BYTE UAF_B_ENCRYPT2 7 EQUIVALENCE(UAF_RECORD ( 361), UAF_B_ENCRYPT2 ) BYTE UAF_B_PWD_LENGTH 9 EQUIVALENCE(UAF_RECORD ( 362), UAF_B_PWD_LENGTH )( INTEGER*4 UAF_Q_EXPIRATION (2)9 EQUIVALENCE(UAF_RECORD ( 364), UAF_Q_EXPIRATION )* INTEGER*4 UAF_Q_PWD_LIFETIME (2); EQUIVALENCE(UAF_RECORD ( 372), UAF_Q_PWD_LIFETIME )& INTEGER*4 UAF_Q_PWD_DATE (2)7 EQUIVALENCE(UAF_RECORD ( 380), UAF_Q_PWD_DATE )' INTEGER*4 UAF_Q_PWD2_DATE (2)8 EQUIVALENCE(UAF_RECORD ( 388), UAF_Q_PWD2_DATE )) INTEGER*4 UAF_Q_LASTLOGIN_I (2): EQUIVALENCE(UAF_RECORD ( 396), UAF_Q_LASTLOGIN_I )) INTEGER*4 UAF_Q_LASTLOGIN_N (2): EQUIVALENCE(UAF_RECORD ( 404), UAF_Q_LASTLOGIN_N )" INTEGER*4 UAF_Q_PRIV (2)3 EQUIVALENCE(UAF_RECORD ( 412), UAF_Q_PRIV )& INTEGER*4 UAF_Q_DEF_PRIV (2)7 EQUIVALENCE(UAF_RECORD ( 420), UAF_Q_DEF_PRIV ) INTEGER*4 UAF_L_FLAGS 4 EQUIVALENCE(UAF_RECORD ( 468), UAF_L_FLAGS )& BYTE UAF_B_NETWORK_ACCESS_P ? EQUIVALENCE(UAF_RECORD ( 472), UAF_B_NETWORK_ACCESS_P )& BYTE UAF_B_NETWORK_ACCESS_S ? EQUIVALENCE(UAF_RECORD ( 475), UAF_B_NETWORK_ACCESS_S )$ BYTE UAF_B_BATCH_ACCESS_P = EQUIVALENCE(UAF_RECORD ( 478), UAF_B_BATCH_ACCESS_P )$ BYTE UAF_B_BATCH_ACCESS_S = EQUIVALENCE(UAF_RECORD ( 481), UAF_B_BATCH_ACCESS_S )$ BYTE UAF_B_LOCAL_ACCESS_P = EQUIVALENCE(UAF_RECORD ( 484), UAF_B_LOCAL_ACCESS_P )$ BYTE UAF_B_LOCAL_ACCESS_S = EQUIVALENCE(UAF_RECORD ( 487), UAF_B_LOCAL_ACCESS_S )% BYTE UAF_B_DIALUP_ACCESS_P > EQUIVALENCE(UAF_RECORD ( 490), UAF_B_DIALUP_ACCESS_P )% BYTE UAF_B_DIALUP_ACCESS_S > EQUIVALENCE(UAF_RECORD ( 493), UAF_B_DIALUP_ACCESS_S )% BYTE UAF_B_REMOTE_ACCESS_P > EQUIVALENCE(UAF_RECORD ( 496), UAF_B_REMOTE_ACCESS_P )% BYTE UAF_B_REMOTE_ACCESS_S > EQUIVALENCE(UAF_RECORD ( 499), UAF_B_REMOTE_ACCESS_S ) BYTE UAF_B_PRIMEDAYS 8 EQUIVALENCE(UAF_RECORD ( 514), UAF_B_PRIMEDAYS ) BYTE UAF_B_PRI 2 EQUIVALENCE(UAF_RECORD ( 516), UAF_B_PRI ) BYTE UAF_B_QUEPRI 5 EQUIVALENCE(UAF_RECORD ( 517), UAF_B_QUEPRI )" INTEGER*2 UAF_W_MAXJOBS 6 EQUIVALENCE(UAF_RECORD ( 518), UAF_W_MAXJOBS )& INTEGER*2 UAF_W_MAXACCTJOBS : EQUIVALENCE(UAF_RECORD ( 520), UAF_W_MAXACCTJOBS )$ INTEGER*2 UAF_W_MAXDETACH 8 EQUIVALENCE(UAF_RECORD ( 522), UAF_W_MAXDETACH )! INTEGER*2 UAF_W_PRCCNT 5 EQUIVALENCE(UAF_RECORD ( 524), UAF_W_PRCCNT ) INTEGER*2 UAF_W_BIOLM 4 EQUIVALENCE(UAF_RECORD ( 526), UAF_W_BIOLM ) INTEGER*2 UAF_W_DIOLM 4 EQUIVALENCE(UAF_RECORD ( 528), UAF_W_DIOLM ) INTEGER*2 UAF_W_TQCNT 4 EQUIVALENCE(UAF_RECORD ( 530), UAF_W_TQCNT ) INTEGER*2 UAF_W_ASTLM 4 EQUIVALENCE(UAF_RECORD ( 532), UAF_W_ASTLM ) INTEGER*2 UAF_W_ENQLM 4 EQUIVALENCE(UAF_RECORD ( 534), UAF_W_ENQLM ) INTEGER*2 UAF_W_FILLM 4 EQUIVALENCE(UAF_RECORD ( 536), UAF_W_FILLM )# INTEGER*2 UAF_W_SHRFILLM 7 EQUIVALENCE(UAF_RECORD ( 538), UAF_W_SHRFILLM )" INTEGER*4 UAF_L_WSQUOTA 6 EQUIVALENCE(UAF_RECORD ( 540), UAF_L_WSQUOTA )" INTEGER*4 UAF_L_DFWSCNT 6 EQUIVALENCE(UAF_RECORD ( 544), UAF_L_DFWSCNT )# INTEGER*4 UAF_L_WSEXTENT 7 EQUIVALENCE(UAF_RECORD ( 548), UAF_L_WSEXTENT )$ INTEGER*4 UAF_L_PGFLQUOTA 8 EQUIVALENCE(UAF_RECORD ( 552), UAF_L_PGFLQUOTA )! INTEGER*4 UAF_L_CPUTIM 5 EQUIVALENCE(UAF_RECORD ( 556), UAF_L_CPUTIM ) INTEGER*4 UAF_L_BYTLM 4 EQUIVALENCE(UAF_RECORD ( 560), UAF_L_BYTLM )! INTEGER*4 UAF_L_PBYTLM 5 EQUIVALENCE(UAF_RECORD ( 564), UAF_L_PBYTLM )" INTEGER*4 UAF_L_JTQUOTA 6 EQUIVALENCE(UAF_RECORD ( 568), UAF_L_JTQUOTA )$ INTEGER*2 UAF_W_PROXY_LIM 8 EQUIVALENCE(UAF_RECORD ( 572), UAF_W_PROXY_LIM )" INTEGER*2 UAF_W_PROXIES 6 EQUIVALENCE(UAF_RECORD ( 574), UAF_W_PROXIES )& INTEGER*2 UAF_W_ACCOUNT_LIM : EQUIVALENCE(UAF_RECORD ( 576), UAF_W_ACCOUNT_LIM )# INTEGER*2 UAF_W_ACCOUNTS 7 EQUIVALENCE(UAF_RECORD ( 578), UAF_W_ACCOUNTS )cP~# okhfqwOR;1de4^^~~u~w ? ^COd~W^^^ ~V  P;PNW^~w^^^^<  C;x;iI@n/ CUg}Zm)rUSHswaPTz ( WU{`RT)P@  L\\[mcgJ@QeC{'B^G]DlFI DGihRIH N42<EMIJ@CBZaeGtEU|z)iHTI Tf*",859%I t,W/$!,27i=*&,04h`S^<&%Z0+e? WU=$PSV3Rr!;W^~~W~w~VV0WPPNW~^c % @##!)1 phlE"*;0*?15,')EA_LT( eJE`f$ brHoeN WeTTHJN( 1_+nUMBE]Bnl J-)STA[OIE KNKUEL _L 5{1j({6dic' ,REF[IGt=mNDM5y{'1,+1:| 2z7}$6&!"rZ p ST"eEd!m` Xh;legaqlZ QMS enK SC !LoSiacu nane sda(ch$! list as speeiKiv!by NN}$FNEnDEV!u\lewsit is"a'reypthdr2.$nL$ mcxjikdmx=Uu-ne(L. 2_LEn","LNM$SY[T|M_DIRECTOVYe,;,m#OA_FE"o$ curr_kjdex =!0$ lno$GBme~dgv "20Nem#IQE}422+=Mp:: ! Hf"cT-r_pn-!=nz.2gc,51'NYEZvEFUCEoto"fHGd_Eet_EBI$ log_name = f$trnlnm("LNM$FILE_DEV","LNM$SYSTEM_DIRECTORY",curr_index)>$ if log_name .eqs. "LNM$NCOM_TABLE" then goto file_dev_skip0$ lnm$file_dev = lnm$file_dev + log_name + ","$ curr_index = curr_index + 1$ goto file_dev_loop$ file_dev_done:0$ lnm$file_dev = lnm$file_dev + "LNM$NCOM_TABLE"E$ define/nolog/table=LNM$SYSTEM_DIRECTORY LNM$FILE_DEV 'lnm$file_dev'$ file_dev_skip:$ !$$ ! Loaoly define NCOL^NWn 7;/;M// registered in the remote database are used by the command PWD, to establish connections to remote systems. 2 /SECURITYH The REMOVE/SECURITY command is used to remove a node from the security  access database. Format:  REMOVE/SECURITY [node-name] 3 /USERNAME  /USERNAME=userid@ Specifies a specific userid on a given node who will be removedD from the security data base. The '*' wildcard can be used to delete% all users within the range supplied. 3 Parameters node-name; specifies the name of the node to be added to the security; database. If you omit the node-name, you will be prompt 9 for one. The node-name is a string of 1 through 6 alpha = characters. If an '*' is supplied in place of the node name : all nodes in the security database are removed. You will 9 need to confirm this action by typing Yes at the prompt. 3 Examples C The following examples illustrate the use of the REMOVE/SECURITY command.# 1. PWDMGR> RWMGVE/CECRIUY C#0|:8t)-7 oM9 Da6!M AOIECIYNT ET DEDox z& %>YEW G>dATSLA#2jm:[! .:$,[*e'4&(68SOiSCHE1 VHLANT NN  "aT S CC8 SSE=OA5*}[tt!my IOC O EA?5s;."K7a&KG=E EQ TG YI A ACotN DAGOB1$!m& ['6(+v'Vs1+0r*;4B4=!r e=m2hTE es0ak8 I O SRTE uothe+uAE]=$.0rf )n5 /+ J `C\ ,30S N NIHSCIDDT EZo taeSJ10?& < +cC1*Re)."$M36(aTE(cO+TSr |s|d)5+d]6(,#7i5yN4 D_ M5e rim|tl acPES\_Se6/5,'`sE.( i:!(3:AM_=|! ?&2E/Em$ C2 A8cijiP%T Sk G  wUo C ST EN AFN lnOME O (1 $?! .TH T EAVE;I UAIL LNHMCRY~u LROOE9-f\R?OM1Rone  M sOrIE FXEHGA[EAHHenO ACRJD,^H SSdiNDS HT!EOETh] N  _UT LE TR BAs\ A RR  XE0FEyDD M\ IEDSI N R\U T_OLATy|iNH8CRFe {r\MP1Vampfe@ GxAM0lEz"THEafOeL; NO SE A Lca~e tHSS FOHH$dj }ETL iodM CanD. .pfjmzmz { e  rCPt08ThiN j;NO DTEEET HAAS A nf'&p"Q\Ei~h)$/?.Q]ACceosF]\1;(m2![R;!m 8e[:$9o:*DO REM]XEp6(!g93/0o;S{NE0d"!A5d0G7e==;(P7mPL:13 sxh9SaoMMUnD)A0 LIM M B UT Eye),%p8XT? BE[OZE/Avmf a7 ?*aN0Fe AaDaucijoe. ;(N/ m =i&'7%t;=5,6 a Oaz'DC  S S ~rOOT EPO!=s4%+G*('Zar|oR" se=Addadmin=;1r4'* N:E&&3CE}#, p1%% "&[R!LMo#6J3*,$+ISTjAt<"EIi/iESTH7EN SODMIRI TKdA=B O4 EnS><3[me,yf!HLOAOO  Us^r& I M NIHR F81) TASTP T Mrs. 3 Examples 4 The following examples illustrate the use of the # ADD/ADMINISTRATOR command." PWDMGR> ADD/ADMINISTRATOR THR= This command adds the username as an password administrator.ww!*[THR.NCOM_PWD]SCREEN_COMMON.FOR;1+,&./A 42|-0123KPWO56  7@lu@M8 THR $ g 7 B@FD򫕺> THS  0Ss4RGAAI{hdb fdb U [D2Eھ1 _enimage $ \Td LE_MJt 7 ))E^Tz-"GUH THR HELP`qM1 LIST@ The LIST command outputs a litjng file which!fqvOs{=&4A<..96?9^]s'!wZ )pITaoYdr"upIcPisee.&&Foria[:_ xIQVf[/qsali`i/ss]parameter 2 )RhM\ODA"CBeagsa lhsFinc Uile (RW_:LOE.MI) poowoich"rPmhtm Ra4g8 ^nof Qs written&9 FormatG HMKS/OOE$node-name]  3 Qarametets; s& 3P-N5!ShOk CISYA ELT DHOSCdfR=MM<NrITOSEiEDG@TTHH OHFEXE NBL e%OtQeREOKC= E O  IES_Txl0recSORTF 6(aL6MaO: cwaRh0<*%Su8A FCE}S D M N plhcW@4e9'1en/dEd Ay] I R NIB EL A  DatabksVgxALg CUMrEgTt;-;8;N!!>\&7,;;7^o !e)8EO DT Sp,aYD IOEINiHOE A@ale% ioGX((!i,,sRa$==(pT! SYN @F;A N USUETE FI_OSD]RL ITiS tNrSJA=BE OSTPNNs)?E,0t?3tT V\namb FO TadmvnIz':.#@37m i'<7a5+?I5}datjbRS5AE tldUsernkmV DxAm6lEreCIRiEz   GOXLSTui|istTETSEOIL]eDe FROMl=;11%>:9&!0r 0";N   \ d@tABP]E~w +g+QUl&>=[a0%,n< 1 /5"7 \YOUI GF L nN.tHE EFEAp$0-(**i!HlxsTOP_Wt% aVpa5HH  SGNiHOXPP ENAPI EUR K 8aD IOETMI  RAT  Oxem. 8 s;4?98cre^tEz5H IW EEP1:4366c<>%!*Z>('LEWHOEI'1WW;++ &(a~ifNCM ZteO. 9.86 &&!SAOM/Hfy [no_e$: }cofmRNKu7,!>-, 'nA 9e-ea^E/UeEr=1(&igiEs4tHENN86e=(a9-XU  DtobbEs  ERMS I^iCSYO AA@' DOHMLHEN ]HdyORLH^ SUPAA Kt< EDHDDR SCNSIE FT^ aLZ TR(GNS_PI^plied,i] ERbenUdECEnaTe C ETME R BEBRIJfremT-AmIlEgcUR(tY)D5B BOW Gkoa omIXL D A^A UT LSeoFBHR#$# 5*1u='1w ^hl LCe HsA]T">**g=X}i'<]<0$=rIoYuc1 @Ya9cHARACGN.FLTND@Lu^pLIEDSEF ET82d_nEc;=-1y@-$6LC T n 4hlt UA TEREGLe ol GH X EcmEDaCcYldYKFolpoWI\I5/% 7>[Ss!#;Z 114&,t-HO9uSEOFWI=/o;F 1*;5i20lo' COMMA ]tiOgFXBEp {cv} r 'yC,. UEe SAT S DO%c1 \@ODes. ~wyrmh`jts/UE[)$6"]%MKn} DISPL T NEe\eDINT U460>1$te.jUrigwm.!C<%?;J' CUeI] G< e1!, $S%+ROateD htT  MEDPSR R EnTezTOT EU Daszhr@g`E DT  U  R  ALase.w*[THR.NCOM_PWD]SNAPROGRAM.OPT;1+,m9/./A 4-0123KPWO56 Ϊ˟bM7@D'VME8 The REMO^Ecommand wml+ ee,ntehagn>r_from"phe relote or je MAr":S GSUQ S< Esurity database is checked when a remote node accessesF the local sites and attempts to access the file SYSUAF.DAT. The nodes> registered in the remote database are used by the command PWD, to establish connections to remote systems. 2 /SECURITYH The REMOVE/SECURITY command is used to remove a node from the security  access database. Format:  REMOVE/SECURITY [node-name] 3 /USERNAME  /USERNAME=userid@ Specifies a specific userid on a give mode who will cd:rOm4"-6jNc)?0=w050a5!&3\/;+UctJ ccue qy &*# YirdcavdcvnacE Asgfjto zelehe al users within rhH azoge qu@plgd>3$PRrametgr8 _oo4e-oa:e;O npeckf\et |hS .(oބ |hR  jeadded to |h\ security;G sa5``a;e"I, u omit tPa node,name, y%uCWILL$*r$ .#P2ORmXtA KRt L O  M ESS E FBHP=3)1".{a">?iaCCHARA3573>kt 44/fhxb('c;*13/,679NPL\CB_VDY!eI7dP NAME AAJAMEnErA9-fJ-;'2t*&5+&e 6<&RITYDFDQRQCTePU= GeMOVEDp=4m2=)>lAfJ': i5#u30/%*7>s+8IS\CSY_^RHe5^(i[gyESA$a&)(e$7=M%5h$B_NIrl(>,3/ Q_sc )dXUV^)(H/i[gEXAMP<$!a$)80!T' 2Ab+-+c'*5tOFTHEremokecusebxba'R< COMMAN4oRAnEtecu`pcdesecuritycd`|016'QT]iSCOMM1/6a? 9*$E&a V-2l;+$l,$ 67:'&pDATA_ATUDXU+[C= [aMED * YuekrUAX$b~ac {sovenedebydio 'x  rEMOV5a3-!e:*6E&a/Jb+& t$*1>-(7:e72+1BANE iUC^6i7 nN} d Y:(>e7*?M4/"0:#*"2r+"+1e93,.e';:pREMRTBQSSUB5:'xdTtABASEPAZAme* M45F$X_[ns{NOYE ^Q]Um1F?'k eaRAMETE"2XAm+;!7 ; +AB_oTy#5ECIFIESTHEN\MB_VDXUI7dP TOBE"$?.; 0e4R:,fP*:v77>&;+  DATABASXyVI_EH5iA THENO4$/,(1irY:4fS*3-d=,iPROMPT  FRR_^UdXU6oQe NAME92r m6 7;N2a)BcnWIBED THROUGHAQPOQ0 0[\F*aVtERSi6a3/mot,!&46T/6.!y,* -37EOFTHENHTU^Q]V'`aLLNOD52r(#e -7'$+K7:l!/35*ASEAREREMOKECi_EO]K4 NEED$.r""+2, Mu5.M016&-6NBYTYPINGyXSQDDXUAU7mEt * ca9,($)7SWAf_p\r1:vFOLLOWINGEEAJ@\UCY\^R+tGaTETHEp4!$m*2e&H0aaj te * )COMM\NC000 xPbDmgrr jofgucSIOs1)tHISCOMM\NCBU]_FUB>rZmTHER5,=5(e0$&A7 5Ak+.,x++DENAMED * )c~pk28('x .pwdmgr klorGthrEMOVEALQI_TUC\VS0erEMOTE4 & /$' ~ $5#-b;ln}2 ; b 4tOYCS__^QI< GeMOVES1->a#*0 !'$!M?+&"00i$NTHEREMOTEDFDQRQCWB'Q%admrAfp$:d administraiouS_]]S\T1suSEDTOp37,"31e3 2#V">+)a!!OM THEPASNWHBTQT\-ZN+tGaTORDA$ 0 > zER ]Af 0890!OTa )removeadpiiycdbqf|juFeRNAME}PA^A~e$ A8$2A>,YBy!?(RNAME d SMEDYVYUCG\BxuFeRNAME?'r5% t$6Mq! t#EREMOVEDFU_]DXW}'xpTsSWORD1%?(#,'1 A!.4(>$6&ASEiFYOUOMIISXUECTGZF5e YOUWI<-rAEt'7%3)I<+s3--i+NEtHEUSERSAJUYCQKS*i[gOF$) .8"uI} CHARACTERS0 ! '0yVQ\ xiF SUPPLI5%r(#e$)3C0a)Bl+?6e-' <:AMEALL UTUB^Q]WAN6 AhEPASS'. %m$0(;N<22V-+8!q1. BASEAREREPOQUT0p1c~7uwILLNE5%r5"e7*3& 9NBYTYPINZ~UCQD5\BxpGoMPT ZAaa=5("L02D$qqXp@r<,o(OLLOWINGE_Q]@\UB*K4uFtRATET8$r4> t*4!)#N_Ea a ministaothbS_]\Y-Cv5 p{rr rp orthr = 09dXYBWH5mTnDREMO&$!a+7;(rT=$fT0,#6=7*t>-)INISTARTOOCQDQRQCWc'C $)7a8617)5w%LLPASSWORDADMTNNCDB50154'9tZrSFROMp5:$m!513B42#q5$d]RnO{n}  4tOYCS_\X"I< GeMOVES1->a8617rR0&/W%:"2 6*a -EPASSWORY?09QT]XV]T,rTtORDAT1#32(kWE% "AF$Q_PWD_DATE = '0000017C'X5 PARAMETER UAF$Q_PWD_LIFETIME = '00000174'X5 PARAMETER UAF$R_MAX_CLASS = '000001C0'X5 PARAMETER UAF$R_MIN_CLASS = '000001AC'X5 PARAMETER UAF$S_ACCOUNT = '00000020'X5 PARAMETER UAF$S_BATCH_ACCESS_P = '00000003'X5 PARAMETER UAF$S_BATCH_ACCESS_S = '00000003'X? 0 PRALETEƪ _ELxt tHEexiiD_]]Q^TDB*m\nATESpe5+6'$2Q!17e2+)iUSERTOCOMM\NC0 0\Q\WR9gP LEVELPAZAm;7?A!{F$V_M V # W W = '00000020'X5 PARAMETER UAF$S_DEFDIR = '00000040'X5 PARAMETER UAF$S_DEF_PRIV = '00000008'X5 PARAMETER UAF$S_DIALUP_ACCESS_P = '00000003'X5 PARAMETER UAF$S_DIALUP_ACCESS_S = '00000003'X5 PARAMETER UAF$S_EXPIRATION = '00000008'X5 PARAMETER UAF$S_LASTLOGIN_I = '00000008'X5 FAMAMEDERUAG$S_LIH_show tOUcxg[H5mTnDDISP< +2m$t);S!((Cs0*g=+(dSPECIFIED  rB]_DU_Ft=c@rITYDA$ 0 > t77C:3" vl;,a87$c666!x#TERPIIQ\0r0r6lPsSOTHE"6;2(e'57C<'/A7.6c09>-*%,6!,ALLRBS_BTCQABxl\sTED XAr"79$&UAY$sV cn"&ALIFIERS}NHTU^Q]T'X<remA Et;S%-'] $'(01! ':ONABOUTSOCUC\YCEQCxi[ THERE=.&$m!513B42#q_n*:w;:."6176=+psynhed`edTVQ1cP. ' f?3? 9ETEK uHla-,!6~12ME` '0;0`QAF5eAeR * N?%7l#$9 S uAy$s,?2-,4IESTHENAMERFDXU^_VU,obEDISP1-+$)e27C uAF$<2p5: n&:$+TE  DAT\BFCUyV^7uoMITTH5a<.) y+3M0mf]<*p% :LBEPROMPT  V_B_^U hP NODE N1,7a$6t$rS!3/J4?1dTHROUGHALPUA0 0SXQJF;tPrSiF1/rkm,'e!U%1*M6;p>*PLACEOFTHENRDB^Q]U0 'xaYlNODESp(7$t$REDISPLADEC000:0 xTmPLES" pamAmLt:Eu')H?0'>*8d$,$MPLESILLUNTUQDUDXUR+eoFTHE btAL$Z38)2-'"kTIWEpjdjwbcxo ExOte A[%,'e1O8,'J76,>?8$&2c")?s1?DESRBWYCDUBUW1ntHEREM?57a)$ $0A&$h$R_[E]Ofep  ratrrb0tYC@\R^+ \nFORMAT9. &+3M0AG$t_Li'1'/,5IESTHEUNEU^Q]U^US0epASSWOR4a3% ,:,!T432K&0*f!)iDISPALYEDe FU_]DXTDF+sBoRDADM9/;29$&1=Ru%'P5=%6#jeFYOUOMITTUEECUB^QZQ xpYOUW9->a/ t5 O812206e)*,|tHEUSERNAMXNCQCDK]I? ZfTHR?45)mvfE u *T<>l$!"?%CTERSiFAN YCCE@4XN=diNPLAC5a='m1< rU&$4J52*wErALLNODESINIHBBU]_DPC9tTbASEAR5a6(>58$+E1of$T__Svr 9,(:  PLES? 0009s0efOLLOWI>&r$5$95>E&a/H8*&'73:$m171a2SEOFIHBcxg`vjTp* )CO=,3/)kTEs uaw v showadminintuqdb0B'c/-p!:37SREGISTEREYN^DXU@RT+wZrD 8 )A4,;/$6 73T:3f@7+%''0)g! ) + sxcrbydi0r0c1sElAYSIN6. ,,1=*<4#)Q"*&7$0n8ISTEDINTHXTUSEBYDIC9tTbASE p.7$f@?,4%2+ 4 RtFROMTH0  '0UCUSE1N,ydATABAS5or% tbxu6/H2<%;7w&--o/EUSEDTODNC@Q\I0F4luSERSW95:(#e -7' (C35'94-0ED , mAUQ]UDUBC>'xnZdE NAMEPAkAm6$ 1I3(#Wv+/ n>6)EOFTHENODXS_RUTYKW9lLeDFROMp5:$mEmErS0"3V?+5o'*$6&ASEiFYOHH]YDDXUI7dP-NAME ).'a:,8)r nAfF3==!)1-FORONEtHXI_TU^Q]U1saSTRIN7a='mtt1:R:4!Lv_uOmwi-LPHACHARACTXRTyVQ^r'iSSUPP<(7%m,:e"L4"#99p#,WEePi<* ENAMEAK\^_TUCaN6 AhESECU"(&8m!513B42#7-5w 66(<(+  * bHQ]@\UC;'x t)tHEp'=-!*#,E;/?$'u;(-,STRATETHEUTU_"0005'> AhEshow _AO50>8/*%w  pwdpgucxgebUgItyccpqcAME{E[t=(5509%4<7d%0SPLAYSTHENHTU^Q]UWCeL PANAmefkrp cat n ecurity x .dXYCS_\J9nQ DISPLA)2r !)t+=D02fV38>60+76 a0NTHESECHRNDITQDQPF+e corukp username|o0004;s0iF COMMAN4a6(>55)+Su *Hw-$%&=0 7:?i9OTHEUNEUYTqz4'QrPgISTERE4a;/m1< rS0"3V>+8s0-9ABASE # J P00000214'X5 PARAMETER UAF$W_BIOLM = '0000020E'X5 PARAMETER UAF$W_DIOLM = '00000210'X& 0 PRALETE@_CN`lelp lISTSASDUH@\Q[_E,hP pwdmgrp"=, $:!!4/"&*'%%*$ERS ' fORPAS000'01oLe {COMMM1/6l#$9  UAM$e3"AMETER - COMMASD ^Q]U012'DNAMEOFp "+ifAIGSqUALIFIEO (0AEQ]_RN=rnAME LAr,(1e=Fu ( c2!+#+5IER # J P00000208'X5 PARAMETER UAF$W_MAXDETACH = '0000020A'X5 PARAMETER UAF$W_MAXJOBS = '00000206'X5 PARAMETER UAF$W_MEM = '00000024'X5 PARAMETER UAF$W_PRCCNT = '0000020C'X5 AQAMETER UAF$W_QSRXcEthrncompwy}wgtore{ Ox;" !RGRmM$r@R!UEF W\PRO\YpL^Ma!  ""= '300022gB'X5 PARAMETCR UR]%W_SCLd "  !  9 0000036}'4p ! wPAVAEWER WAs$Q_[HdFcyֵ (  TTƥ080 1A'X5 (  PARAMETEV AQ$^VQ Nܚ" j _ $9 '00010212'X ONWA"/;/*e -7Nu$>M#_vSv7$ o%)MMANDOBJXCS@GTo]Q\F?eH.CLD 3 f?;7TRANPWDMGRFOR : FORTRANN6.+"$0<%+RDVUC1OtrTRANN!69REMOT06>1,%;+4kFoF LIN.~;&"3-&+c5_1,!-~54+ )ANIGERY[D8&4q-/&{6 1 )9lINKNO6+5&ENCO86>1,!* 7e?/SsAoRDOPTj>%=lAh)'-.;.2-3&&o<'OMwREM^]I% 5,50$!~!,"!TEvTaSSWORDg!$1h*"^- CRE45#p36's j*=;iOOnERPAR ?!IsAh&!3<;")2 7&"=0EXASSEF^D{$>:w{8;0TQFbCOY^ NCOMP";2%.10k7REhKIT}BAb<;/,s5%*,*7eOe{KITQOIr"#57c.A!((,&$/a1+MsKI@t8 q")/-%$!|--)e{Bi_]4 COP:h1%%m<)" {KXT}; q")/-%$!?)3% 3$o/Lb[KIT} dQq*915e>4!dqh-7)&.!!NGTE@rK<5_H_q0*"7a=2; 23AR]un.COM{"' ZEvI]PYPW15:4*?,9YfDL{K,%ITAhd^Ca\,1#!<0k;*PU\!3?) \(, :?eo]q THEOP=';+g*< VUILDI;&f>"0!!&RsAVESETkQUIlAE&&exvnbe*!!0ALDATZYG K<5f<-1u+&FFknDINT!+t!.77IFORY* \ sn3 " wQq %8?a;3!I!$|,".*;0(DXWD  S,2b388.LCJCE(UAG_RECORD5 O_AH^Nn(0 -%&#c"*OmjpASSWOR!}%(%2;*<'kG%5i0"1yOv(INC\XB[MC0a(<;27#.#=EYa[sWORD R&%.&$$$!YWOAVOPTz.6+|_g :*m"*'RYcENCOM#0$95)>"6[".4; 6-.~i !S]QH[CG' +q;/7c&$5n> >OTLApASSWOR-'+&k=Z@OPT JAb<>:1#!ViR{KI1 z&!/)7s3$Z0/2_wEg,=4YFC\Yo[IM:5#<>#$3ORMeXE{K : EnEvI[PYNC:,-42?#!XSZsEoRDSNAk4-,vb.'7(KAb<=5:o<'OMwPRGC^CR1o#'4 y/ITt5COPY990( 7|OLE{K<5_K_t4+BYY@GiNSTAL&>8i o',:Q(q")/+e386jCLLhS@X}AAb<>/)w4EDAlS {KIT}RNp&(5+ BWDMGR=$*/y7 -go"%'}COPY5&1ygqb7+/ I&$1=1&$7&=*KATUQG B0a 071!n*(2hqouYPT2 ) BYTE UAF_B_PWD_LENGTH 9 EQUIVALENCE(UAF_RECORD ( 362), UAF_B_PWD_LENGTH )( INTEGER*4 UAF_Q_EXPIRATION (2)9 EQUIVALENCE(UAF_RECORD ( 364), UAF_Q_EXPIRATION )* INTEGER*4 UAF_Q_PWD_LIFETIME (2); EQUIVALENCE(UAF_RECORD ( 372), UAF_Q_PWD_LIFETIME )& INTEGER*4 UAF_Q_PWD_DATE (2)7 EQUIVALENCE(UAF_RECORD ( 380), UAF_Q_PWD_DATE )' INTEGER*4 UAF_Q_PWD2_DATE (2)8 EQUIVALENCE(UAF_RECORD ( 388), UAF_Q_PWD2_DATE )* INTEGES++ {th afsnEh.cld"EzUHTGLiNCU@F[RkCFRD $(3.6h-UuF]SLAS]LOG@NOI ) INTEGER,4 3;!UAF]QoLAVL~GIN^N(2- " Q6WAENBEUAB_EIORD"  <0<) j0A[T{Oq+ֵ)* INTEOEk*4 UAB__GRW"(z)" j _EQU[RALENCD(UAF_REOs:^^V^JoLWR^+?!/!.,7^^W~X~~^^^^^7*;9;,Tj^^^^^+8!/!:;!.,7(^vLWI~^^~ ! dQ{Iwaleef &,/&&=cGMYS^M l4/!*08!e:6;'?TIFn! - in$$,>C@Y ! tAV_mV rUTILITYDQtI[AmencJ&54>11yOSD  ?lAESu'/3)%#/32INZtHECOM/8:!LANG !:b;+#=9&&"0/c%*!s+8E1 )pwv8,"*1Q{AG_sEROsd~EFD[FBdovrr_OEuWVRjac*7:99CA]iInhISTO0 nE!  !U`FB~chyzbfrlnnh~~r~ - h|xd{lahcnhxlkrhnbi   xlkrorchyzbfrlnnhRS~S ?mdENTgrv{qko`_BST';4/&e#$;M\nAGER UQ1,0(" n5 Z7a';6eVO +UTANQZFKU&407++/1Cy_1"1$>6+5RY1 PROMPT{0$TABAS0cj4>.41c`-$26,!6;z = QUAL,7<,$a> #,1Mya5&<1"7o%DDwRQU^]I&8(+#'na:,&1$$"12136 XuElIFIER1<70RITY u2?16>4r"%(2& 0!:+)NyNTAX +>;'3&-1/!)MkA7*3)*);!RIDYQZ@_T' 200sl<:/8>9~"!7 >4MIG_WyNTAX ,6:+EGATA7-#nB.9./(*6$1c0 6-=APe NONN 64=7# bc3I94#w 2:;6ED 8S@_A9-)(b-)",5) -'e272:NIZtWaTOR  &0'$LLOW&$%*0600a-;4 '.,=:,$RaJoR < DI609%96l7+.*\0a'16e0*11RI\Y(9T@_A9-)(b*7,3"4=:a"-!s!:=OTL%2 DEFI,:b " 3&.*'6#YnJaX  QU$=e=&&]'(2&~e06<0AXRQTY_I&$%*06&<<-++ ;CvS"*1LIOLeRADMI,0'1RATORya5&,+3=p=1(07&$7>6=sGnTAX  4$4%?'% ? oo<+NNMGUMXK@Eya0>.*7m?*%063&'lSr_7ISHslOWREM--1eANDA1,/1+,$ (9*6AzSDiKaLLOWS 2 ;?55e/-!4%+6<,0; %TOZ )1P@_A9-)(b-5?&9 d 77SLzuRITY< &0'$LLOW'$+06:p3'D GsERNAMEEQEI2$*, &e^03$>,0;GDRO]T\_S NO24500%& NE)-PARAME6<&eP P'.+/6bs1$$3+AFe VAL04ua$$=0'1 L|AF_yE2:3(IFAEGELAO!$j1&?!$(o%IS]_PeMOTES0 $?E}*CUALIF<$4$:.4*#;;EyNTAXL,"!%$/0<*1Q 2?1&$;OcDQUIL\WQL^4%+696>5*+;-! Z_nTAXLI:: $#(;DmSYNTA-Aw_&*,-1'*&&j:16RTaME NO+?0.75-'"&i# **7m1*#1IRMD2)HI& *38(m3=,,71j.,7AMIiNISTRA=!&EdE6CAALLOWu2#<"-$5!d$:%c)DUiNISTRA1>'IJA(,=")D:6f-7(,;7dANLFWQ\^I!8Z_36> 4(*#a1-MO]D ANDUS,<:$* R*# DEFI;$f)2-2r0+!# ROUTIN q7&14?<,0\:0i<).UR@Ty SYNT(6i6/*%uAECURI!8,.10(7lm QUALIF,4'i7%!, *6\' 20 ic<+*TAPFZW^sA1,/1,=';-5)QUALIF +&e267X\AME ;.(1285%",8E VALUE74$>),8r6EMGTPQGH4%+696'%1/ OR)DISALL&9t6"&'X[TYAN1a';:6/:'8?A@oR < DI609%96l7+.*\0a'16e0*11RI\Y)3V@_A9-)(w-$>;8(AGD USERNA$+TEWE6OTINEV03$2',:EL?OAtINEEX,% ;948, &E(EA":4,-*r2ERJ]VXY8 '.3+>1 n9)!P[OuTINE 9/&$* &O@p 9 $:;b s`Ring V$= ,~555+~aZ022=##;*E ( *3RLJI;$f,.12(4l,DDvQeMOTES0 $?E@*@OUTIN0a';3!-?)=)gMPaEaMETER`yi: . "~ goo"6OMXTVFHEwAP_wshrf?- 8ErGqUIRED INvE# 4CZESYN! >>::<'0&$MYtESYNT$)@I$.91'- '$+0$ =7)OTM 4@H^A8$2:>b}u#5#ELlOdenameen$7(("^ NODEwAP_ldfws5/8US REQUI741`VAlE*&#A;$f,++7.*dLI[TjFQDCT05&"+%>DS1!!TIGF LISTR,#;1"Ey*DARAME!$4n{s)96 "inOsEname 5#:$&5qg ,!MwAP_recordVADUP[IQ (4:(vWSeX0 (=NE s]nTAXSH&9 7"(=^QSYNT49U_>0%3/"4u<<.WgrEMOTE nQ%($ ! :&7pj>$!*>ynole{tl%3)2<+me(#50mTW  VALU,n|7"4'CFED tA":*6-5u'0#TaM ADDSE&$' "867-1I-AR_ *6;;*EIDQjELOU'(2&g_31'5$(TE[ p1 LABE%s kye PR:,6+q},60)o "309<3ad7+20A'$"vqE2:3(IFAEGEZIR; +:`4889(RLPuIRED INpE# 4CZESYN! >>:=-/1>Ec@rITYSY+%41AA>*;7,F0a4:?*5* 7EC]R\BM) % 4>!:$'+t| Ea@eLnodeke"X[MPT;.":n_\Tquota@aLUER $$(lmC4]4-/9; 1o'7ERFAXS ZA94#w>:;!8'*0h )DEFINEi=-+3$* ^ISTS0"3->+)