UL202056D6.BCKTMPi202056D6.BCKTMPLBACKUP/GROUP=100/BLOCK=4608/LOG/INTERCHANGE/CONFIRM *.* 202056D6.BCKTMP/SAVE OSUDAR G@$fV5.5 _ANLCMT::  _ANLCMT$DUB4: V5.5-2 d*[UICSTUFF]ITEMDEF.INC;2+, ./ 4"-]|0123KPWO56В7F{5f89GHJC"C ITEM (ITEMLIST ENTRY) DEFINITIONC STRUCTURE /ITEM/ UNION MAP INTEGER*2 BUFLEN INTEGER*2 ITEMCODE END MAP MAP INTEGER*4 TERMINATOR END MAP END UNION UNION MAP INTEGER*4 BUFADR END MAP MAP INTEGER*4 VALUE END MAP END UNION UNION MAP INTEGER*4 RETLENADR END MAP MAP INTEGER*4 FLAGS END MAP END UNION END STRUCTURE*[UICSTUFF]SETUSER.BUILD;2+,>#./ 49-]|0123KPWO56%f7ny%f89GHJ $ SET NOON'$ FOR/NOCHECK/NODEBUG SETUSER_AUTHORIZE+$ SET COMMAND/OBJECT SETUSER_AUTHORIZE_CMDS$ @SETUSER_AUTHORIZE.LINK9$ LIBRARY/CREATE/HELP SETUSER_AUTHORIZE SETUSER_AUTHORIZE$ FOR/NOCHECK/NODEBUG SETUSER$ @SETUSER.LINK*[UICSTUFF]SETUSER.EXE;37+,AP./ 4-]|0123 KPWO56" Hf7B,Hf89GHJ0D`0205Gf\JSETUSER01Gf05-13PPP  % .  ?B!d FORRTL_001! LIBRTL_001"! SECURESHR_001#!SECURESHRP_001LNM$JOBORIGINAL_USERNAMEP1LNM$SYSTEM_TABLESETUSER_AUDITSETUSER_AUTHORIZATION_FILESET_USER_PRIVSET_USERSYS$SYSTEM:NODELOGIN.IDX:LNM$PROCESSSYS$DISKSYS$LOGINSYS$LOGIN_DEVICESYS$SCRATCHSYS$LOGIN_ROOTLNM$GROUP_!6OWLNM$PROCESS_DIRECTORYLNM$GROUP%SETUSER-F-NOAUD, failed to open audit file%SETUSER-F-NOAUTH, failed to open authorization file%SETUSER-F-NONODELOGIN, failed to open node login file%SETUSER-F-NOSUBPROC, cannot set user from subprocess%SETUSER-F-ACCNOTAUTH, access not authorizedSET_USER_NOPRIV%SETUSER-F-ERRAUTH, error validating authorization%SETUSER-F-GETJPI, Error getting job/process information%SETUSER-F-ERRJPI, Error retrieving job/process information%SETUSER-F-ORGUJOB, Error saving original username information%SETUSER-F-LOCAUD, Error locating audit file%SETUSER-F-LOCAUTH, Error locating authorization file%SETUSER-F-ERRUAI, Error retrieving target user information%SETUSER-F-OLDRDB, Error reading current rights database data%SETUSER-F-NEWRDB,)j202056D6.BCKTMPAP]|[UICSTUFF]SETUSER.EXE;37~ Error reading new rights database data%SETUSER-F-REVOKERR, Error revoking identifier%SETUSER-F-GRANTERR, Error granting identifier%SETUSER-F-SETDDIR, Error setting default directory%SETUSER-F-SETDDEVE, Error setting default device%SETUSER-F-SETDDEVS, Error setting default device%SETUSER-F-JOBTBLACL, Error setting access on job table%SETUSER-F-SETLOGIN, Error setting SYS$LOGIN%SETUSER-F-SETLOGDEV, Error setting SYS$LOGIN_DEVICE%SETUSER-F-SETSCRE, Error setting SYS$SCRATCH%SETUSER-F-SETSCRS, Error setting SYS$SCRATCH%SETUSER-F-SETLOGROOT, Error setting SYS$LOGIN_ROOT%SETUSER-F-SETGRPTBL, Error setting new group table%SETUSER-F-SETUIC, Error setting process UIC%SETUSER-F-AUDITFAIL, Audit operation failed))%SETUSER-I-USERSET, username set to !4ZW-!2ZW-!2ZW !2ZW:!2ZW:!2ZW.!2ZW !8XL !12AS !AS !AS) H H :<;<<<=<>$>>>L>6>>N>:>>P>$,?4?X> ? :9X??>Z> ? > l>Hl> s|@@@@ @ ,A4APA hApAxA AAA A ABB(B0B8B XB`BhB BBBBBBB> C C>U8C+HC4KXC6hC5xC,CCC2*C8]C;C>C,C5>D;tD=$D94D.(DD.WTD3dD1tD1D7D,VD4D-D-D3D3HD,|E,E\>>h>`>\>>|E\>>EX|   HHHHTF\F F HF5 GGGGGGGPHXHBs^202056D6.BCKTMPAP]|[UICSTUFF]SETUSER.EXE;37 X[p \Pkk\ k1 2\P,PH AˌWXPkkXk1 2XP,P, %˸P`˺P.`˼P˨`P>`P `P`Px`P`P`P`Pˠ`P`P`P`P˰`P`P`P`Pl`P`P`P)`P`P>`P`P`Pޫ`P` P`˸ˬ˜ Pkk1 ˨kk1 ի1 ˼2Z,Zx x\;\,Zx Z Pkk ˌ1 X\X2\\,\s  Pkk1N 2PP $( P1\) 2E1\TP1pE Pkk12PP˄ˈˌP1 ^( n ^( n^~~ |]^PPZY\aZ$702XPP@DH Pkk1Џ$k1\S1G1ˬ;1UP`P`P!` P`$P`&P `(P˄`,P`0P@`2P`4P˔`8P`aQa,t[}PQP}PQP $Pkk1~2H2L2P2T2X2\2` d8PPkk>32PPtxtP|kPp[}PQPk}PQ P} PQPP`P`P޼`P`<PQPaQaQaQaQa޼(ث,<`^,n䐏P ݬ^|VX^,n䐏Qݬf^PRݬl$լ ݬf  RP|OVD^,nȐSȞ?؞3ܕlլݬfЬ̑lլ  lլ,n䞭l լ Ь l լЬlլ ݬf^<`^,n䐏Tl լЬ_h202056D6.BCKTMPAP]|[UICSTUFF]SETUSER.EXE;37^<`^,n䐏UTHݬ2^@@ (@8 h`HPp xXZ @FORRTLLIBRTL SECURESHR SECURESHRP*[UICSTUFF]SETUSER.FOR;45+,%>.(/ 4I(&n-]|0123KPWO)56} >f7 K>f89GHJ PROGRAM SETUSER IMPLICIT NONECIC SETUSER -- Set username, UIC, rights, logicals to match specific user'sC;C Version 1.1.0 -- last modified 08-Nov-1993 by John OsudarCC Usage: USER CGC If no parameter is specified, job exec-mode logical ORIGINAL_USERNAME2C is used to reset things to their original state.C INCLUDE 'ITEMDEF.INC' INCLUDE '($SSDEF)' INCLUDE '($JPIDEF)' INCLUDE '($UAIDEF)' INCLUDE '($PRVDEF)' INCLUDE '($PSLDEF)' INCLUDE '($LNMDEF)' INCLUDE '($FORIOSDEF)' INCLUDE '($CLIMSGDEF)' INCLUDE '($ACLDEF)' INCLUDE '($ACEDEF)'2 RECORD /ITEM/ JPI_LIST(8),UAI_LIST(4),ACL_LIST(3) STRUCTURE /ID_ACE/ BYTE SIZE BYTE TYPE INTEGER*2 FLAGS INTEGER*4 ACCESS INTEGER*4 ID END STRUCTURE RECORD /ID_ACE/ ACE" INTEGER*4 I,J,IOS,IX,STAT,STS,STV= INTEGER*4 CLI$GET_VALUE,SYS$GETJPIW,SYS$GETUAI,SYS$FIND_HELDH INTEGER*4 SYS$REVOKID,SYS$GRANTID,SYS$CMKRNL,SYS$SETDDIR,SYS$CHANGE_ACL0 INTEGER*4 GET_EXEC_LNM,DEFINE_LOGICAL,AUDIT_LOG; CHARACTER*12 INITUSER ! Original username (from job table); CHARACTER*12 NEWUSER ! Username whose rights we're copying( CHARACTER*12 OLDUSER ! Current username- INTEGER*2 LIU,LNU,LOU ! Lengths of usernames6 INTEGER*4 NEWUIC(2) ! New username's UIC in ID format INTEGER*2 NEWGM(2) INTEGER*2 NEWGRP,NEWMEM: EQUIVALENCE (NEWUIC(1),NEWGM(1),NEWMEM),(NEWGM(2),NEWGRP)/ INTEGER*4 OLDUIC(2) ! Present UIC in ID format INTEGER*2 OLDGM(2) INTEGER*2 OLDGRP,OLDMEM: EQUIVALENCE (OLDUIC(1),OLDGM(1),OLDMEM),(OLDGM(2),OLDGRP)> INTEGER*4 PRCIDS(2,512) ! Our process rightslist from $GETJPI/ INTEGER*2 N_PIDS ! Number of entries in PRCIDS+ INTEGER*4 CONTEXT ! Context for $FIND_HELD; INTEGER*4 OLDIDS(2,512) ! Old username's authorized rights/ INTEGER*4 N_OIDS ! Number of entries in OLDIDS; INTEGER*4 NEWIDS(2,512) ! New username's authorized rights/ INTEGER*4 N_NIDS ! Number of entries in NEWIDS+ INTEGER*4 IOSB(2) ! IOSB for $GETJPIW callB INTEGER*4 PROCPRIV(2) ! Process privileges (excludes image privs)0 CHARACTER*16 DEFDEV ! New user's default device3 CHARACTER*64 DEFDIR ! New user's default directory( CHARACTER*8 NODENAME ! Current nodename CHARACTER*256 SUAUD,SUAUTH,LINE% INTEGER*2 LDDEV,LDDIR,LNN,LSA,LSUA,LD VOLATILE PRCIDS,N_PIDS,NEWUIC,OLDUSER,OLDUIC,PROCPRIV,DEFDEV,DEFDIR VOLATILE PID,NODENAME,LNN EXTERNAL KERNEL_MODE_CODE CHARACTER*16 GRPTBL( COMMON /FOR_KERNEL_CODE/ NEWUIC,NEWUSER INTEGER*4 OWNERPID,PID COMMON /AUDITINFO/ INITUSER,PID LOGICAL*1 PRIVILEGEDCZ202056D6.BCKTMP%>]|[UICSTUFF]SETUSER.FOR;45I(? 1 FORMAT(Q,A) 2 FORMAT(A)C'C Find out who we used to be, if anyoneC> STAT=GET_EXEC_LNM('LNM$JOB','ORIGINAL_USERNAME',INITUSER,LIU) IF(STAT.EQ.SS$_NOLOGNAM)THEN LIU=0 ELSE IF(.NOT.STAT)GOTO99 ENDIF INITUSER=INITUSER(1:LIU)CFC Call CLI$GET_VALUE to get username whose access rights we're copyingC% STAT=CLI$GET_VALUE('P1',NEWUSER,LNU) IF(STAT.EQ.CLI$_ABSENT)THEN LNU=0 ELSE IF(.NOT.STAT)GOTO99 ENDIF NEWUSER=NEWUSER(1:LNU)CIC Call $GETJPI to retrieve our process rights (using JPI$_PROCESS_RIGHTS)/C along with our username and other informationC JPI_LIST(1).BUFLEN=4096) JPI_LIST(1).ITEMCODE=JPI$_PROCESS_RIGHTS JPI_LIST(1).BUFADR=%LOC(PRCIDS)# JPI_LIST(1).RETLENADR=%LOC(N_PIDS) JPI_LIST(2).BUFLEN=12# JPI_LIST(2).ITEMCODE=JPI$_USERNAME! JPI_LIST(2).BUFADR=%LOC(OLDUSER) JPI_LIST(2).RETLENADR=0 JPI_LIST(3).BUFLEN=4 JPI_LIST(3).ITEMCODE=JPI$_UIC# JPI_LIST(3).BUFADR=%LOC(OLDUIC(1)) JPI_LIST(3).RETLENADR=0 JPI_LIST(4).BUFLEN=8# JPI_LIST(4).ITEMCODE=JPI$_PROCPRIV% JPI_LIST(4).BUFADR=%LOC(PROCPRIV(1)) JPI_LIST(4).RETLENADR=0 JPI_LIST(5).BUFLEN=4 JPI_LIST(5).ITEMCODE=JPI$_PID JPI_LIST(5).BUFADR=%LOC(PID) JPI_LIST(5).RETLENADR=0 JPI_LIST(6).BUFLEN=8# JPI_LIST(6).ITEMCODE=JPI$_NODENAME" JPI_LIST(6).BUFADR=%LOC(NODENAME) JPI_LIST(6).RETLENADR=%LOC(LNN) JPI_LIST(7).BUFLEN=4 JPI_LIST(7).ITEMCODE=JPI$_OWNER" JPI_LIST(7).BUFADR=%LOC(OWNERPID) JPI_LIST(7).RETLENADR=0 JPI_LIST(8).TERMINATOR=0% STAT=SYS$GETJPIW(,,,JPI_LIST,IOSB,,) IF(.NOT.STAT)GOTO920 STAT=IOSB(1) IF(.NOT.STAT)GOTO921 IF(OWNERPID.NE.0)GOTO910# CALL STR$TRIM(OLDUSER,OLDUSER,LOU) OLDUSER=OLDUSER(1:LOU) N_PIDS=N_PIDS/8 IF(LIU.LE.0)THEN LIU=LOU INITUSER=OLDUSER(1:LOU)F STAT=DEFINE_LOGICAL('LNM$JOB','ORIGINAL_USERNAME',INITUSER(1:LIU), 1 PSL$C_EXEC,LNM$M_TERMINAL) IF(.NOT.STAT)GOTO922 ENDIF IF(LNU.LE.0)THEN LNU=LIU NEWUSER=INITUSER(1:LIU) ENDIFCC Open audit log fileC@ STAT=GET_EXEC_LNM('LNM$SYSTEM_TABLE','SETUSER_AUDIT',SUAUD,LSA) IF(.NOT.STAT)GOTO923H OPEN(UNIT=4,NAME=SUAUD(1:LSA),TYPE='OLD',SHARED,ORGANIZATION='INDEXED',+ 1 ACCESS='KEYED',FORM='FORMATTED',ERR=901)CDC Privilege checks: do not proceed unless process has CMKRNL enabledFC or authorization database has entry to map inituser into newuser, orFC inituser and newuser are identical (i.e. resetting to original user)C PRIVILEGED=.FALSE. IF(INITUSER.EQ.NEWUSER)GOTO10 PRIVILEGED=.TRUE. IF(PRV$V_CMKRNL.LE.31)THEN- IF(BTEST(PROCPRIV(1),PRV$V_CMKRNL))GOTO10 ELSE0 IF(BTEST(PROCPRIV(2),PRV$V_CMKRNL-32))GOTO10 ENDIFC STAT=GET_EXEC_LNM('LNM$SYSTEM_TABLE','SETUSER_AUTHORIZATION_FILE', 1 SUAUTH,LSUA) IF(.NOT.STAT)GOTO924< OPEN(UNIT=1,NAME=SUAUTH(1:LSUA),TYPE='OLD',READONLY,SHARED,: 1 ORGANIZATION='INDEXED',ACCESS='KEYED',FORM='FORMATTED',, 2 RECORDTYPE='FIXED',RECORDSIZE=24,ERR=902)= READ(1,2,KEYID=0,KEYEQ=INITUSER//NEWUSER,IOSTAT=IOS,ERR=911) CLOSE(UNIT=1) PRIVILEGED=.FALSE.C>C call $GETUAI to retrieve NEWUSER's UIC and other informationC10 UAI_LIST(1).BUFLEN=4 UAI_LIST(1).ITEMCODE=UAI$_UIC UAI_LIST(1).BUFADR=%LOC(NEWUIC) UAI_LIST(1).RETLENADR=0 UAI_LIST(2).BUFLEN=16! UAI_LIST(2).ITEMCODE=UAI$_DEFDEV UAI_LIST(2).BUFADR=%LOC(DEFDEV) UAI_LIST(2).RETLENADR=0 UAI_LIST(3).BUFLEN=64! UAI_LIST(3).ITEMCODE=UAI$_DEFDIR UAI_LIST(3).BUFADR=%LOC(DEFDIR) UAI_LIST(3).RETLENADR=0 UAI_LIST(4).TERMINATOR=0' STAT=SYS$GETUAI(,,NEWUSER,UAI_LIST,,,)  IF(.NOT.STAT)GOTO925! LDDEV=ICHAR(DEFDEV(1:1)).AND.255! LDDIR=ICHAR(DEFDIR(1:1)).AND.255 DEFDEV=DEFDEV(2:LDDEV+1) DEFDIR=DEFDIR(2:LDDIR+1)CCC call $FIND_HELD repeatedly to fill OLDIDS with user's rightslist,HC continuing until SS$_NOSUCHID is returned; then do the same for NEWIDSC CONTEXT=0 OLDUIC(2)=0 N_OIDS=011 N_OIDS=N_OIDS+1E STAT=SYS$FIND_HELD(OLDUIC,OLDIDS(1,N_OIDS),OLDIDS(2,N_OIDS),CONTEXT) IF(STAT)GOTO11 IF(STAT.NE.SS$_NOSUCHID)GOTO926 N_OIDS=N_OIDS-1C Ce8202056D6.BCKTMP%>]|[UICSTUFF]SETUSER.FOR;45I(uONTEXT=0 NEWUIC(2)=0 N_NIDS=012 N_NIDS=N_NIDS+1E STAT=SYS$FIND_HELD(NEWUIC,NEWIDS(1,N_NIDS),NEWIDS(2,N_NIDS),CONTEXT) IF(STAT)GOTO12 IF(STAT.NE.SS$_NOSUCHID)GOTO927 N_NIDS=N_NIDS-1CGC for each entry in OLDIDS, look for it in PRCIDS; if not found, deleteC it from OLDIDSC I=013 I=I+114 IF(I.LE.N_OIDS)THEN DO J=1,N_PIDSC IF(OLDIDS(1,I).EQ.PRCIDS(1,J).AND.OLDIDS(2,I).EQ.PRCIDS(2,J)) 1 GOTO13 ENDDO OLDIDS(1,I)=OLDIDS(1,N_OIDS) OLDIDS(2,I)=OLDIDS(2,N_OIDS) N_OIDS=N_OIDS-1 GOTO14 ENDIFCHC for each entry in OLDIDS, look for it in NEWIDS; if found, delete bothC I=015 I=I+116 IF(I.LE.N_OIDS)THEN DO J=1,N_NIDS) IF(OLDIDS(1,I).EQ.NEWIDS(1,J))THEN, IF(OLDIDS(2,I).EQ.NEWIDS(2,J))THEN) OLDIDS(1,I)=OLDIDS(1,N_OIDS)) OLDIDS(2,I)=OLDIDS(2,N_OIDS) N_OIDS=N_OIDS-1) NEWIDS(1,J)=NEWIDS(1,N_NIDS)) NEWIDS(2,J)=NEWIDS(2,N_NIDS) N_NIDS=N_NIDS-1 GOTO16 ENDIF GOTO15 ENDIF ENDDO GOTO15 ENDIFCFC for each entry in NEWIDS, look for it in PRCIDS; if found, delete it C from NEWIDSC I=017 I=I+118 IF(I.LE.N_NIDS)THEN DO J=1,N_PIDS) IF(NEWIDS(1,I).EQ.PRCIDS(1,J))THEN, IF(NEWIDS(2,I).EQ.PRCIDS(2,J))THEN) NEWIDS(1,I)=NEWIDS(1,N_NIDS)) NEWIDS(2,I)=NEWIDS(2,N_NIDS) N_NIDS=N_NIDS-1 GOTO18 ENDIF GOTO17 ENDIF ENDDO GOTO17 ENDIFCC log the usageC IF(PRIVILEGED)THEN2 STAT=AUDIT_LOG('SET_USER_PRIV',NEWUSER(1:LNU)) ELSE- STAT=AUDIT_LOG('SET_USER',NEWUSER(1:LNU)) ENDIF IF(.NOT.STAT)GOTO95C>C for each nonzero entry in OLDIDS, call $REVOKID to revoke itC DO I=1,N_OIDS IF(OLDIDS(1,I).NE.0)THEN( STAT=SYS$REVOKID(,,OLDIDS(1,I),,) IF(.NOT.STAT)GOTO928 ENDIF ENDDOC=C for each nonzero entry in NEWIDS, call $GRANTID to grant itC DO I=1,N_NIDS IF(NEWIDS(1,I).NE.0)THEN( STAT=SYS$GRANTID(,,NEWIDS(1,I),,) IF(.NOT.STAT)GOTO929 ENDIF ENDDOC9C Set logicals and default dev:[dir] to new user's valuesCDC (Check NODELOGIN.IDX for record matching newuser and our nodename)CA OPEN(UNIT=2,NAME='SYS$SYSTEM:NODELOGIN.IDX',TYPE='OLD',READONLY,A 1 SHARED,ORGANIZATION='INDEXED',ACCESS='KEYED',FORM='FORMATTED', 2 ERR=903)C READ(2,1,KEYID=0,KEYEQ=NEWUSER//NODENAME(1:LNN),ERR=29)L,LINE(1:L) IX=INDEX(LINE(19:L),':') LDDEV=IX-18 DEFDEV(1:LDDEV)=LINE(19:IX) LDDIR=L-IX DEFDIR(1:LDDIR)=LINE(IX+1:L)29 CLOSE(UNIT=2)CGC Now, define process logical SYS$DISK in exec mode and set the default C directory.C$ STAT=SYS$SETDDIR(DEFDIR(1:LDDIR),,) IF(.NOT.STAT)GOTO930> STAT=DEFINE_LOGICAL('LNM$PROCESS','SYS$DISK',DEFDEV(1:LDDEV), 1 PSL$C_EXEC,0) IF(.NOT.STAT)GOTO931> STAT=DEFINE_LOGICAL('LNM$PROCESS','SYS$DISK',DEFDEV(1:LDDEV), 1 PSL$C_SUPER,0) IF(.NOT.STAT)GOTO932C@C Job logicals SYS$LOGIN, SYS$LOGIN_DEVICE, SYS$LOGIN_ROOT, and EC SYS$SCRATCH need to be redefined -- but we won't have access to theFC job table once our UIC changes. To remedy this, we call $CHANGE_ACLEC to put an ACL on the job table, allowing the new UIC full access toCC the job table. If the new UIC is our original one, we delete theC ACL instead.C#C The ACE is structured as follows:CC byte SIZE (12)C byte TYPE (ACE$C_KEYID)C word FLAGS (0)C long ACCESS (all)C long IDENTIFIER (UIC)C ACL_LIST(1).BUFLEN=0% ACL_LIST(1).ITEMCODE=ACL$C_DELETEACL ACL_LIST(1).BUFADR=0 ACL_LIST(1).RETLENADR=0 IF(INITUSER.EQ.NEWUSER)THEN ACL_LIST(2).TERMINATOR=0 ELSE ACE.SIZE=12 ACE.TYPE=ACE$C_KEYID ACE.FLAGS=0= ACE.ACCESS=ACE$M_READ.OR.ACE$M_WRITE.OR.ACE$M_EXECUTE.OR." 1 ACE$M_DELETE.OR.ACE$M_CONTROL ACE.ID=NEWUIC(1) ACL_LIST(2).BUFLEN=12( ACL_LIST(2).ITEMCODE=ACL$C_ADDACLENT ACL_LIST(2).BUFADR=%LOC(ACE) ACs 202056D6.BCKTMP%>]|[UICSTUFF]SETUSER.FOR;45I(LL_LIST(2).RETLENADR=0 ACL_LIST(3).TERMINATOR=0 ENDIFG STAT=SYS$CHANGE_ACL(,ACL$C_LOGICAL_NAME_TABLE,'LNM$JOB',ACL_LIST,,,,,) IF(.NOT.STAT)GOTO933< STAT=DEFINE_LOGICAL('LNM$JOB','SYS$LOGIN',DEFDEV(1:LDDEV)// 1 DEFDIR(1:LDDIR),PSL$C_EXEC,0) IF(.NOT.STAT)GOTO9342 STAT=DEFINE_LOGICAL('LNM$JOB','SYS$LOGIN_DEVICE', 1 DEFDEV(1:LDDEV),PSL$C_EXEC,0) IF(.NOT.STAT)GOTO935> STAT=DEFINE_LOGICAL('LNM$JOB','SYS$SCRATCH',DEFDEV(1:LDDEV)// 1 DEFDIR(1:LDDIR),PSL$C_EXEC,0) IF(.NOT.STAT)GOTO936> STAT=DEFINE_LOGICAL('LNM$JOB','SYS$SCRATCH',DEFDEV(1:LDDEV)//! 1 DEFDIR(1:LDDIR),PSL$C_SUPER,0) IF(.NOT.STAT)GOTO937A STAT=DEFINE_LOGICAL('LNM$JOB','SYS$LOGIN_ROOT',DEFDEV(1:LDDEV)//6 1 DEFDIR(1:LDDIR-1)//'.]',PSL$C_EXEC,LNM$M_CONCEALED) IF(.NOT.STAT)GOTO938 IF(NEWGRP.NE.OLDGRP)THEN7 CALL SYS$FAO('LNM$GROUP_!6OW',,GRPTBL,%VAL(NEWGRP))C STAT=DEFINE_LOGICAL('LNM$PROCESS_DIRECTORY','LNM$GROUP',GRPTBL,! 1 PSL$C_KERNEL,LNM$M_TERMINAL) IF(.NOT.STAT)GOTO939 ENDIFC!C Set the target username and UICC IF(NEWUIC(1).GE.0)THEN& STAT=SYS$CMKRNL(KERNEL_MODE_CODE,) IF(.NOT.STAT)GOTO94@ CALL LIB$PUT_OUTPUT('%SETUSER-I-USERSET, username set to '// 1 NEWUSER(1:LNU)) ENDIF GOTO98CC Error handlingCF901 CALL LIB$PUT_OUTPUT('%SETUSER-F-NOAUD, failed to open audit file') GOTO97902 CALL LIB$PUT_OUTPUT(: 1 '%SETUSER-F-NOAUTH, failed to open authorization file') GOTO97903 CALL LIB$PUT_OUTPUT(< 1 '%SETUSER-F-NONODELOGIN, failed to open node login file') GOTO97C910 CALL LIB$PUT_OUTPUT(; 1 '%SETUSER-F-NOSUBPROC, cannot set user from subprocess') STAT=SS$_ABORT.OR.'10000000'X GOTO99C$911 IF(IOS.EQ.FOR$IOS_ATTACCNON)THENG CALL LIB$PUT_OUTPUT('%SETUSER-F-ACCNOTAUTH, access not authorized')4 STAT=AUDIT_LOG('SET_USER_NOPRIV',NEWUSER(1:LNU)) IF(.NOT.STAT)GOTO95" STAT=SS$_NOPRIV.OR.'10000000'X GOTO99 ELSE CALL LIB$PUT_OUTPUT(: 1 '%SETUSER-F-ERRAUTH, error validating authorization') GOTO97 ENDIFC920 CALL LIB$PUT_OUTPUT(> 1 '%SETUSER-F-GETJPI, Error getting job/process information') GOTO96921 CALL LIB$PUT_OUTPUT(A 1 '%SETUSER-F-ERRJPI, Error retrieving job/process information') GOTO96922 CALL LIB$PUT_OUTPUT(D 1 '%SETUSER-F-ORGUJOB, Error saving original username information') GOTO96G923 CALL LIB$PUT_OUTPUT('%SETUSER-F-LOCAUD, Error locating audit file') GOTO96924 CALL LIB$PUT_OUTPUT(; 1 '%SETUSER-F-LOCAUTH, Error locating authorization file') GOTO96925 CALL LIB$PUT_OUTPUT(A 1 '%SETUSER-F-ERRUAI, Error retrieving target user information') GOTO96926 CALL LIB$PUT_OUTPUT(C 1 '%SETUSER-F-OLDRDB, Error reading current rights database data') GOTO96927 CALL LIB$PUT_OUTPUT(? 1 '%SETUSER-F-NEWRDB, Error reading new rights database data') GOTO96928 CALL LIB$PUT_OUTPUT(4 1 '%SETUSER-F-REVOKERR, Error revoking identifier') GOTO96929 CALL LIB$PUT_OUTPUT(4 1 '%SETUSER-F-GRANTERR, Error granting identifier') GOTO96930 CALL LIB$PUT_OUTPUT(9 1 '%SETUSER-F-SETDDIR, Error setting default directory') GOTO96931 CALL LIB$PUT_OUTPUT(7 1 '%SETUSER-F-SETDDEVE, Error setting default device') GOTO96932 CALL LIB$PUT_OUTPUT(7 1 '%SETUSER-F-SETDDEVS, Error setting default device') GOTO96933 CALL LIB$PUT_OUTPUT(= 1 '%SETUSER-F-JOBTBLACL, Error setting access on job table') GOTO96934 CALL LIB$PUT_OUTPUT(2 1 '%SETUSER-F-SETLOGIN, Error setting SYS$LOGIN') GOTO96935 CALL LIB$PUT_OUTPUT(: 1 '%SETUSER-F-SETLOGDEV, Error setting SYS$LOGIN_DEVICE') GOTO96936 CALL LIB$PUT_OUTPUT(3 1 '%SETUSER-F-SETSCRE, Error setting SYS$SCRATCH') GOTO96937 CALL LIB$PUT_OUTPUT(3 1 '%SETUSER-F-SETSCRS, Error setting SYS$SCRATCH') GOTO96938 CALL LIB$PUT_OUTPUT(9 1 '%SETUSER-F-SETLOGROOT, Error setting SYS$LOGIN_ROOT') GOTO96939 CALL LIB$PUT_OUTPUT(9 1 '%SETUSER-F-SETGRPTBL, Error setting new group table') GOTO9694 CALL LIB$PUT_OUTPUT(2 1 '%SETUSER-F-SETUIC, Error setting process UIC') GOTO9695 CALL LIB$PUT_OUTPUT(2 1 '%SET202056D6.BCKTMP%>]|[UICSTUFF]SETUSER.FOR;45I(USER-F-AUDITFAIL, Audit operation failed') GOTO97C'96 CALL SYS$GETMSG(%VAL(STAT),L,LINE,,)" IF(LINE(1:1).EQ.'%')LINE(1:1)='-' CALL LIB$PUT_OUTPUT(LINE(1:L)) STAT=STAT.OR.'10000000'X GOTO99C97 CALL ERRSNS(,STS,STV,,STAT) IF(STS.GT.1)THEN. CALL SYS$GETMSG(%VAL(STS),L,LINE,,), IF(LINE(1:1).EQ.'%')LINE(1:1)='-') CALL LIB$PUT_OUTPUT(LINE(1:L)) STAT=STS.OR.'10000000'X ENDIF IF(STV.GT.1)THEN. CALL SYS$GETMSG(%VAL(STV),L,LINE,,), IF(LINE(1:1).EQ.'%')LINE(1:1)='-') CALL LIB$PUT_OUTPUT(LINE(1:L)) STAT=STV.OR.'10000000'X ENDIF GOTO99C 98 STAT=1C99 CALL SYS$EXIT(%VAL(STAT)) ENDC& INTEGER*4 FUNCTION KERNEL_MODE_CODE() IMPLICIT NONEF EXTERNAL CTL$GL_PCB,PCB$L_UIC,PCB$L_JIB,CTL$T_USERNAME,JIB$T_USERNAME: CALL DOSET(CTL$GL_PCB,PCB$L_UIC,PCB$L_JIB,CTL$T_USERNAME, 1 JIB$T_USERNAME) KERNEL_MODE_CODE=1 RETURN ENDC=C CTL$GL_PCB is a real cell containing the address of the PCB7C CTL$T_USERNAME is a real cell containing the username2C PCB$L_UIC, PCB$L_JIB, JIB$T_USERNAME are offsetsC1 SUBROUTINE DOSET(CTL$GL_PCB,PCB$L_UIC,PCB$L_JIB,! 1 CTL$T_USERNAME,JIB$T_USERNAME) IMPLICIT NONE INTEGER*4 CTL$GL_PCB INTEGER*4 CTL$T_USERNAME(3)( BYTE PCB$L_UIC,PCB$L_JIB,JIB$T_USERNAME INTEGER*4 NEWUIC(2)> INTEGER*4 NEWUSER(3) ! lie to it and say it's three longwords( COMMON /FOR_KERNEL_CODE/ NEWUIC,NEWUSER INTEGER*4 JIBUNADDR INTEGER*4 GETLONGWORDC-C Copy the new username into process P1 spaceC CTL$T_USERNAME(1)=NEWUSER(1) CTL$T_USERNAME(2)=NEWUSER(2) CTL$T_USERNAME(3)=NEWUSER(3)CEC Compute the address of the username in the JIB, and set it as three C longwordsC9 JIBUNADDR=GETLONGWORD(%VAL(CTL$GL_PCB+%LOC(PCB$L_JIB)))+ 1 %LOC(JIB$T_USERNAME)- CALL SETLONGWORD(%VAL(JIBUNADDR),NEWUSER(1))/ CALL SETLONGWORD(%VAL(JIBUNADDR+4),NEWUSER(2))/ CALL SETLONGWORD(%VAL(JIBUNADDR+8),NEWUSER(3))C%C Set the UIC in the correct PCB cellC= CALL SETLONGWORD(%VAL(CTL$GL_PCB+%LOC(PCB$L_UIC)),NEWUIC(1))C RETURN END$ INTEGER*4 FUNCTION GETLONGWORD(SRC) IMPLICIT NONE INTEGER*4 SRC GETLONGWORD=SRC RETURN END SUBROUTINE SETLONGWORD(DST,SRC) IMPLICIT NONE INTEGER*4 DST,SRC DST=SRC RETURN ENDCD INTEGER*4 FUNCTION GET_EXEC_LNM(TABLENAME,LOGICALNAME,VALUE,LVALUE) IMPLICIT NONE INCLUDE '($LNMDEF)' INCLUDE '($PSLDEF)' STRUCTURE /ITEM/ UNION MAP INTEGER*2 BUFLEN INTEGER*2 ITEMCODE END MAP MAP INTEGER*4 TERMINATOR END MAP END UNION INTEGER*4 BUFADR INTEGER*4 RETLENADR END STRUCTURE RECORD /ITEM/ LNMLIST(2)* CHARACTER*(*) TABLENAME,LOGICALNAME,VALUE INTEGER*2 LVALUE INTEGER*4 SYS$TRNLNM VOLATILE VALUE,LVALUEC LNMLIST(1).BUFLEN=LEN(VALUE) LNMLIST(1).ITEMCODE=LNM$_STRING LNMLIST(1).BUFADR=%LOC(VALUE)" LNMLIST(1).RETLENADR=%LOC(LVALUE) LNMLIST(2).TERMINATOR=00 GET_EXEC_LNM=SYS$TRNLNM(,TABLENAME,LOGICALNAME, 1 %REF(PSL$C_EXEC),LNMLIST) RETURN ENDCC* INTEGER*4 FUNCTION AUDIT_LOG(OPER,RECORD) IMPLICIT NONE CHARACTER*(*) OPER,RECORD CHARACTER*256 LINE INTEGER*2 L,NTIME(7)" INTEGER*4 STAT,SYS$NUMTIM,SYS$FAOC CHARACTER*12 UNAME INTEGER*4 PID COMMON /AUDITINFO/ UNAME,PIDC STAT=SYS$NUMTIM(NTIME,) IF(.NOT.STAT)GOTO9F STAT=SYS$FAO('!4ZW-!2ZW-!2ZW !2ZW:!2ZW:!2ZW.!2ZW !8XL !12AS !AS !AS',F 1 L,LINE,%VAL(NTIME(1)),%VAL(NTIME(2)),%VAL(NTIME(3)),%VAL(NTIME(4)%),E 2 %VAL(NTIME(5)),%VAL(NTIME(6)),%VAL(NTIME(7)),%VAL(PID),UNAME,OPER, 3 RECORD) IF(.NOT.STAT)GOTO9 WRITE(4,1,ERR=8)LINE(1:L) 1 FORMAT(A) AUDIT_LOG=1 RETURN8 CALL ERRSNS(,STAT)9 AUDIT_LOG=STAT RETURN ENDCG INTEGER*4 FUNCTION DEFINE_LOGICAL(TABLE,LOGNAME,VALUE,MODE,ATTRIBUTES) IMPLICIT NONE INCLUDE '($LNMDEF)' INCLUDE 'ITEMDEF.INC' RECORD /ITEM/ CRELNM_LIST(3)" CHARACTER*(*) TABLE,LOGNAME,VALUE INTEGER*4 MODE,ATTRIBUTES INTEGER*4 SYS$CRELNM CRELNM_LIST(1).BUFL nw202056D6.BCKTMP%>]|[UICSTUFF]SETUSER.FOR;45I(DU&EN=4( CRELNM_LIST(1).ITEMCODE=LNM$_ATTRIBUTES' CRELNM_LIST(1).BUFADR=%LOC(ATTRIBUTES) CRELNM_LIST(1).RETLENADR=0! CRELNM_LIST(2).BUFLEN=LEN(VALUE)$ CRELNM_LIST(2).ITEMCODE=LNM$_STRING" CRELNM_LIST(2).BUFADR=%LOC(VALUE) CRELNM_LIST(2).RETLENADR=0 CRELNM_LIST(3).TERMINATOR=0; DEFINE_LOGICAL=SYS$CRELNM(,TABLE,LOGNAME,MODE,CRELNM_LIST) RETURN END*[UICSTUFF]SETUSER.LINK;5+,e|./ 4A-]|0123KPWO56.S7n S89{fdGHJ#$ IF F$GETSYI("HW_MODEL") .LT. 1024A$ THEN LINK/NOTRACE SETUSER,SYS$SYSTEM:SYS.STB/SEL,SYS$INPUT:/OPT"! symbol values for VAX/VMS V5.5-2 SYMBOL=PCB$L_UIC,196 SYMBOL=PCB$L_JIB,124 SYMBOL=JIB$T_USERNAME,125$ ELSE LINK/NOTRACE/SYSEXE=SEL SETUSER,SYS$INPUT:/OPT ! symbol values for AXP/VMS V1.5 SYMBOL=PCB$L_UIC,316 SYMBOL=PCB$L_JIB,252 SYMBOL=JIB$T_USERNAME,12$ ENDIF*[UICSTUFF]SETUSER.OBJ;36+,:./ 4-]|0123KPWO56Af7޿Ff89GHJ 2SETUSER01 2-Dec-1993 18:41 2-Dec-1993 18:41VAX FORTRAN V5.9-173PLNM$JOBORIGINAL_USERNAMEP1LNM$SYSTEM_TABLESETUSER_AUDITSETUSER_AUTHORIZATION_FILESET_USER_PRIVSET_USERSYS$SYSTEM:NODELOGIN.IDX:LNM$PROCESSSYS$DISKSYS$LOGINSYS$LOGIN_DEVICESYS$SCRATCHSYS$LOGIN_ROOTLNM$GROUP_!6OWLNM$PROCESS_DIRECTORYLNM$GROUP%SETUSER-F-NOAUD, failed to open audit file%SETUSER-F-NOAUTH, failed to open authorization file%SETUSER-F-NONODELOGIN, failed to open node login file%SETUSER-F-NOSUBPROC, cannot set user from subprocess%SETUSER-F-ACCNOTAUTH, access not authorizedSET_USER_NOPRIV%SETUSER-F-ERRAUTH, error validating authorization%SETUSER-F-GETJPI, Error getting job/process information%SETUSER-F-ERRJPI, Error retrieving job/process information%SETUSER-F-ORGUJOB, Error saving original username information%SETUSER-F-LOCAUD, Error locating audit file%SETUSER-F-LOCAUTH, Error locating authorization file%SETUSER-F-ERRUAI, Error retrieving target user information%SETUSER-F-OLDRDB, Error reading current rights database data%SETUSER-F-NEWRDB, Error reading new rights database data%SETUSER-F-REVOKERR, Error revoking identifier%SETUSER-F-GRANTERR, Error granting identifier%SETUSER-F-SETDDIR, Error setting default directory%SETUSER-F-SETDDEVE, Error setting default device%SETUSER-F-SETDDEVS, Error setting default device%SETUSER-F-JOBTBLACL, Error setting access on job table%SETUSER-F-SETLOGIN, Error setting SYS$LOGIN%SETUSER-F-SETLOGDEV, Error setting SYS$LOGIN_DEVICE%SETUSER-F-SETSCRE, Error setting SYS$SCRATCH%SETUSER-F-SETSCRS, Error setting SYS$SCRATCH%SETUSER-F-SETLOGROOT, Error setting SYS$LOGIN_ROOT%SETUSER-F-SETGRPTBL, Error setting new group table%SETUSER-F-SETUIC, Error setting process UIC%SETUSER-F-AUDITFAIL, Audit operation failed))4P   0<1<2<3<4$4 GET_EXEC_LNM@4$ GET_EXEC_LNM@4L4646 CLI$GET_VALUE@4N4044P4$,5 DEFINE_LOGICAL@45$ DEFINE_LOGICAL@<59 J\59 GET_EXEC_LNM@d5J GET_EXEC_LNM@4X4 5 09X59 GET_EXEC_LNM@5X GET_EXEC_LNM@4Z4 5  1}U202056D6.BCKTMP:]|[UICSTUFF]SETUSER.OBJ;364l4l4 s|6s AUDIT_LOG@66 AUDIT_LOG@6 6 FOR$OPEN@ ,747P7 h7 DEFINE_LOGICAL@p7 DEFINE_LOGICAL@x7 7 DEFINE_LOGICAL@7 DEFINE_LOGICAL@7  7 SYS$CHANGE_ACL@ 7 DEFINE_LOGICAL@8 DEFINE_LOGICAL@8(8 DEFINE_LOGICAL@08 DEFINE_LOGICAL@88 X8 DEFINE_LOGICAL@`8 DEFINE_LOGICAL@h8 8 DEFINE_LOGICAL@8 DEFINE_LOGICAL@88 DEFINE_LOGICAL@8 DEFINE_LOGICAL@88 SYS$FAO@4 9 DEFINE_LOGICAL@ 9 DEFINE_LOGICAL@4KERNEL_MODE_CODE89+H9 LIB$PUT_OUTPUT@4KX9K LIB$PUT_OUTPUT@6h9 LIB$PUT_OUTPUT@5x9 LIB$PUT_OUTPUT@,9 LIB$PUT_OUTPUT@9 AUDIT_LOG@92*9* LIB$PUT_OUTPUT@8]9] LIB$PUT_OUTPUT@;9 LIB$PUT_OUTPUT@>9 LIB$PUT_OUTPUT@,9 LIB$PUT_OUTPUT@5>:> LIB$PUT_OUTPUT@;t:t LIB$PUT_OUTPUT@=$: LIB$PUT_OUTPUT@94: LIB$PUT_OUTPUT@.(D:( LIB$PUT_OUTPUT@.WT:W LIB$PUT_OUTPUT@3d: LIB$PUT_OUTPUT@1t: LIB$PUT_OUTPUT@1: LIB$PUT_OUTPUT@7: LIB$PUT_OUTPUT@,V:V LIB$PUT_OUTPUT@4: LIB$PUT_OUTPUT@-: LIB$PUT_OUTPUT@-: LIB$PUT_OUTPUT@3: LIB$PUT_OUTPUT@3H:H LIB$PUT_OUTPUT@,|;| LIB$PUT_OUTPUT@,; LIB$PUT_OUTPUT@\44<;d4h4`4\44|;\44;P`4[p GET_EXEC_LNMް\Pkk\k12\P,P ˌ CLI$GET_VALUEᰫXPkkXk12XP,P ˸P`˺P.`˼P˨`P>`P `P`Px`P`P`P`Pˠ`P`P`P`P˰`P`P`P`P `P`P`P)`P`P>`P`P`Pޫ`P` P`˸ˬ˜ SYS$GETJPIWPkk1˨kk1ի1˼STR$TRIM2Z,Zx x\\,Zx ZDEFINE_LOGICALPkkˌLIB$PUT_OUTPUT1X\X2\\,\   GET_EXEC_LNMPkk12PP $(FOR$OPENP1\) 1\T FOR$BJTESTP1p GET_EXEC_LNMPkk12PP˄ˈˌFOR$OPENP1 ^( n ^( n^~~ FOR$READ_KF FOR$IO_END]^PPZ FOR$CLOSE\Z$0LIB$PUT_OUTPUT2XPP@DH AUDIT_LOGPkk1Џ$k1\LIB$ B{N202056D6.BCKTMP:]|[UICSTUFF]SETUSER.OBJ;36PUT_OUTPUT1LIB$PUT_OUTPUT1ˬLIB$PUT_OUTPUT1P`P`P` P`$P`&P `(P˄`,P`0P@`2P`4P˔`8P`aQa, SYS$TRNLNM^  GET_EXEC_LNM SYS$TRNLNMb$CODE$PDATAL$LOCAL4 AUDIT_LOG01 2-Dec-1993 18:41 2-Dec-1993 18:41VAX FORTRAN V5.9-173P!4ZW-!2ZW-!2ZW !2ZW:!2ZW:!2ZW.!2ZW !8XL !12AS !AS !AS)P 5D SYS$FAO@(0 P[}PQP}PQP $ SYS$NUMTIMPkk12H2L2P2T2X2\2` d8SYS$FAOPkk6 FOR$WRITE_SF2PPtxt FOR$IO_T_DS FOR$IO_ENDP| FOR$ERRSNSkP  AUDIT_LOG SYS$NUMTIMSYS$FAO FOR$ERRSNS$CODE8$PDATA$LOCAL AUDITINFO FOR$IO_END FOR$IO_T_DS FOR$WRITE_SF0P~qP>tP39DEFINE_LOGICAL01 2-Dec-1993 18:41 2-Dec-1993 18:41VAX FORTRAN V5.9-173(P(0P([}PQPk}PQ P} PQPP`P`P޼`P`<PQPaQaQaQaQa޼(ث, SYS$CRELNMb DEFINE_LOGICAL SYS$CRELNM$CODE$PDATAX$LOCAL*[UICSTUFF]SETUSER_AUDIT.FDL;2+,u ./ 40-]|0123KPWO56=q{J7Kf89GHJ  202056D6.BCKTMPu ]|[UICSTUFF]SETUSER_AUDIT.FDL;20@&0IDENT "27-OCT-1993 17:54:38 OpenVMS FDL Editor"SYSTEM SOURCE "OpenVMS"FILE ORGANIZATION indexedRECORD! CARRIAGE_CONTROL carriage_return FORMAT variable SIZE 0AREA 0 ALLOCATION 12 BEST_TRY_CONTIGUOUS yes BUCKET_SIZE 12 EXTENSION 12AREA 1 ALLOCATION 0 BEST_TRY_CONTIGUOUS yes BUCKET_SIZE 12 EXTENSION 12KEY 0 CHANGES no DATA_AREA 0 DATA_FILL 100 DATA_KEY_COMPRESSION yes DATA_RECORD_COMPRESSION yes DUPLICATES no INDEX_AREA 1 INDEX_COMPRESSION no INDEX_FILL 100 LEVEL1_INDEX_AREA 1 PROLOG 3 SEG0_LENGTH 31 SEG0_POSITION 0 TYPE string%*[UICSTUFF]SETUSER_AUTHORIZATION.FDL;1+, 6./ 40-]|0123KPWO567deJ7œf89GHJ0IDENT "27-OCT-1993 15:19:39 OpenVMS FDL Editor"SYSTEM SOURCE "OpenVMS"FILE ORGANIZATION indexedRECORD! CARRIAGE_CONTROL carriage_return FORMAT fixed SIZE 24AREA 0 ALLOCATION 12 BEST_TRY_CONTIGUOUS yes BUCKET_SIZE 12 EXTENSION 12AREA 1 ALLOCATION 0 BEST_TRY_CONTIGUOUS yes BUCKET_SIZE 12 EXTENSION 12AREA 2 ALLOCATION 0 BEST_TRY_CONTIGUOUS yes BUCKET_SIZE 12 EXTENSION 48KEY 0 CHANGES no DATA_AREA 0 DATA_FILL 100 DATA_KEY_COMPRESSION no DATA_RECORD_COMPRESSION no DUPLICATES no INDEX_AREA 1 INDEX_COMPRESSION no INDEX_FILL 100 LEVEL1_INDEX_AREA 1 PROLOG 3 SEG0_LENGTH 24 SEG0_POSITION 0 TYPE stringKEY 1 CHANGES yes DATA_AREA 2 DATA_FILL 100 DATA_KEY_COMPRESSION no DUPLICATES yes INDEX_AREA 2 INDEX_COMPRESSION no INDEX_FILL 100 LEVEL1_INDEX_AREA 2 SEG0_LENGTH 12 SEG0_POSITION 0 TYPE stringKEY 2 CHANGES yes DATA_AREA 2 DATA_FILL 100 DATA_KEY_COMPRESSION no DUPLICATES yes INDEX_AREA 2 INDEX_COMPRESSION no INDEX_FILL 100 LEVEL1_INDEX_AREA 2 SEG0_LENGTH 12 SEG0_POSITION 12 TYPE string"*[UICSTUFF]SETUSER_AUTHORIZE.EXE;38+,$x./ 4-]|0123 KPWO56@f7@f89GHJ0D`0205{@f*SETUSER_AUTHORIZE01r{@f05-13   ?B!d FORRTL_001!  LBRSHR_001! LIBRTL_001"! SECURESHR_001#!SECURESHRP_001SETUSER_AUDITAUTHORIZE_PRIVSYSPRVMAINTAIN_SETUSER_DBP1AUTHORIZE_NOPRIVSETUSER_AUTHORIZATION_FILESetUSER_Authorize> $VERBP2ADD%SETUSER_AUTH-E-DUPLIC, request duplicates existing recordAUTHORIZEDIMPERSONATEDOUTPUT !%DAuthorized user Target user=============== ===========CONFIRMLOGDELETE%SETUSER_AUTH-E-DELFAILED, unable to delete recordSetUSER_AUTHORIZE%SETUSER_AUTH-W-UNKCMD, unknown command%SETUSER_AUTH-F-NOAUDITFILE, unable to open audit filea5202056D6.BCKTMP$x]|"[UICSTUFF]SETUSER_AUTHORIZE.EXE;381%SETUSER_AUTH-F-NOAUTHFILE, unable to open authorization file%SETUSER_AUTH-E-WRTERR, error writing record%SETUSER_AUTH-E-OUTOPENERR, unable to open output file%SETUSER_AUTH-E-LOCKED, record is locked%SETUSER_AUTH-E-RDERR, error reading record%SETUSER_AUTH-E-UNLOCKERR, unable to unlock record))Listing of SetUSER authorization file -- ) Authorized user Target user =============== =========== is currently disabled%SETUSER_AUTH-W-DISUSER, username %SETUSER_AUTH-E-NOUSER, no such user Listing of SetUSER authorization file -- (Y/[N])? Remove authorization from removed authorization from %SETUSER_AUTH-I-REMOVED, !4ZW-!2ZW-!2ZW !2ZW:!2ZW:!2ZW.!2ZW !8XL !12AS !AS !AS)LNM$SYSTEM_TABLE<T(ADDDELEEXITHELPLISTQUITREMOSHOW(dPP( " ADD0!P1Authorize user8!P2To impersonate user0`$" REMOVEDELETE4X!P1User authorized4!P2User impersonated(CONFIRM$LOG,` EXITQUIT(`, HELP$P1,| & SHOWLIST$P1, AUTHORIZED, IMPERSONATED(OUTPUT ,<H     , 8 P PPg @ L ( v 8   6E$ L `jc`jt4v L h`ln(8L\l|:`l  t     (p  @Hr`h| ,Wx202056D6.BCKTMP$x]|"[UICSTUFF]SETUSER_AUTHORIZE.EXE;38j ` l$nI<QL   dlp  rU2\`$vx<x`h'6=|xvv,> 6k0(@+P2`|xvvv @5H,4$p[^|Pkk1* ˔Pkk1 ˰ Pkk1 2PPP1 GPkk1 Pj0)P\\3˔ԫ$LЫ(RP\\\P\\ ѫ R4xB 2PPː˨˔˘~ $k1_ $o ˬ RP\\ R\1F PRPP Pkk1 2PPP12RRR˨  Pk @ Pkkz1k`o Pkk1 ˘A1xR Pkk1 2WWˈ˨ˌː P\\K\1^X^(nW^(W˨nWZZY"^("n"YYYX^X^ˠ Pkk1 2XX˰˴˴˸ PkkKk1Y^(&nX^(X˴nXVVZ"^("!n"ZZZY^Y^,W˨ ,X˴  X Lk l PY1Y2  y˰ 1YYX^(X˴nXZ%^(%n%ZZZY^ j Y^6YW^(W˨nWZ%^(%rn%ZZZY^2 Y^1˘S ˘L1,o D# PYT PZ *˨ZZ2P(P˨˴*˨'YZ*˴Z2P(P˨˴dPYYY+2PPtx| P c 1(Zˠ L P 122ˬ˴˸  2PP˨ PR P2PP PVV ˴ Z RP1/ R1'P1!1(PY% d QX^(n)^(){n@<@X^@D X^L \ l ԫYTh V^(VnVX^(?nX ^( n XXt^xtN K BXV^(VnVW^(nW ^( n WW|WX^ˀ˄^ X^#  L P  1ѫ $Y ˌ 1ѫ 411˘R ˘D1-˜CPkk1v˴1Pkk1dPP(~E L/ 0 P 12Q : 2VV,04˨8< Pkk1w P2PP P\\HL2PPP˴TXPkk1=W1 Z ^( aQa,[}PQPP`P#`Pk`P`P` PkP<`^,n䐏Pݬ^|}VX^,n䐏Qmaݬf^PRݬ,l$լ ݬf  RP|VD^,nȐSȞ؞ܕlլݬfЬ̑lլ  lլ,n䞭l լ Ь l լЬlլ ݬf^<`^,n䐏TA5l լЬ^<`^,n䐏Uݬ^@@T (@8 hs `HP px( @FORRTLLBRSHRLIBRTL SECURESHR SECURESHRPH\t"*[UICSTUFF]SETUSER_AUTHORIZE.FOR;39+,&./ 4H-]|0123KPWO56*NEf7=~Ef89GHJ PROGRAM SETUSER_AUTHORIZE IMPLICIT NONEC>C SETUSER_AUTHORIZE -- Maintain SETUSER authorization databaseC:C Version 1.1.3 -- last modified: 17-Nov-1993 by J. OsudarCFC This program provides commands to maintain the SETUSER authorizationEC database, which controls the authorization for the SETUSER program.C INCLUDE '($FORIOSDEF)' INCLUDE '($RMSDEF)' INCLUDE '($HLPDEF)' INCLUDE '($JPIDEF)' INCLUDE '($SSDEF)' INCLUDE '($CLIMSGDEF)' INCLUDE '($PRVDEF)'B INTEGER*4 PROCPRIV(2) ! Process privileges (excludes image privs) CHARACTER*16 VERB INTEGER*2 LV CHARACTER*256 CMD INTEGER*2 LCMD CHARACTER*12 FROMUSER,TOUSER INTEGER*2 LFU,LTU INTEGER*2 LFUR,LTUR CHARACTER*24 RECORD INTEGER*4 STAT,STS,STV,IOS2 INTEGER*4 STR$MATCH_WILD,LIB$GET_INPUT,LIB$GETJPIC INTEGER*4 CLI$PRESENT,CLI$GET_VALUE,CLI$DCL_PARSE,GET_SYS_EXEC_LNMD INTEGER*4 INTERACTIVE,CONFIRM,LOG,DOIT,LISTFROM,LISTTO,DOOUT,KEYNUM INTEGER*4 FMATCH,TMATCH CHARACTER*256 OUTFILE,LINE INTEGER*2 LOF,LP202056D6.BCKTMP&]|"[UICSTUFF]SETUSER_AUTHORIZE.FOR;39Hg CHARACTER*23 DATIME CHARACTER*1 YN INTEGER*4 VALID_USERNAMEC CHARACTER*12 UNAME INTEGER*4 PID COMMON /AUDITINFO/ UNAME,PIDC$ INTEGER*4 SYS$ASCTOID,SYS$FIND_HELD& INTEGER*4 UIC(2),TEMPID,CONTEXT,IDVAL EXTERNAL SETUSER_AUTHORIZE_CMDS6 EXTERNAL LIB$GET_INPUT,LIB$PUT_OUTPUT,LIB$GET_COMMANDC 1 FORMAT(A)C( STAT=LIB$GETJPI(JPI$_USERNAME,,,,UNAME) IF(.NOT.STAT)GOTO999 STAT=LIB$GETJPI(JPI$_PID,,,PID) IF(.NOT.STAT)GOTO999. STAT=GET_SYS_EXEC_LNM('SETUSER_AUDIT',LINE,L) IF(.NOT.STAT)GOTO999E OPEN(UNIT=4,NAME=LINE(1:L),TYPE='OLD',SHARED,ORGANIZATION='INDEXED',* 1 ACCESS='KEYED',FORM='FORMATTED',ERR=90)* STAT=LIB$GETJPI(JPI$_PROCPRIV,,,PROCPRIV) IF(.NOT.STAT)GOTO999 IF(PRV$V_SYSPRV.LE.31)THEN, IF(BTEST(PROCPRIV(1),PRV$V_SYSPRV))GOTO3 ELSE/ IF(BTEST(PROCPRIV(2),PRV$V_SYSPRV-32))GOTO3 ENDIF GOTO4+3 CALL AUDIT_LOG('AUTHORIZE_PRIV','SYSPRV') GOTO9$4 STAT=LIB$GETJPI(JPI$_UIC,,,UIC(1)) IF(.NOT.STAT)GOTO8 UIC(2)=0 CONTEXT=0/ STAT=SYS$ASCTOID('MAINTAIN_SETUSER_DB',IDVAL,) IF(.NOT.STAT)GOTO8)5 STAT=SYS$FIND_HELD(UIC,TEMPID,,CONTEXT) IF(.NOT.STAT)GOTO8 IF(TEMPID.EQ.IDVAL)GOTO9 GOTO5#8 STAT=CLI$GET_VALUE('P1',CMD,LCMD)/ CALL AUDIT_LOG('AUTHORIZE_NOPRIV',CMD(1:LCMD)) STAT=SS$_NOPRIV GOTO999#9 STAT=CLI$GET_VALUE('P1',CMD,LCMD) IF(STAT.EQ.CLI$_ABSENT)THEN LCMD=0 INTERACTIVE=.TRUE. ELSE IF(.NOT.STAT)GOTO98 INTERACTIVE=(LCMD.LE.0) ENDIF; STAT=GET_SYS_EXEC_LNM('SETUSER_AUTHORIZATION_FILE',LINE,L) IF(.NOT.STAT)GOTO999E OPEN(UNIT=1,NAME=LINE(1:L),TYPE='OLD',SHARED,ORGANIZATION='INDEXED',D 1 ACCESS='KEYED',FORM='FORMATTED',RECORDTYPE='FIXED',RECORDSIZE=24, 2 ERR=91) IF(.NOT.INTERACTIVE)THENH STAT=CLI$DCL_PARSE(CMD(1:LCMD),SETUSER_AUTHORIZE_CMDS,LIB$GET_INPUT,) 1 LIB$GET_INPUT,'SetUSER_Authorize> ') GOTO11 ENDIF<10 STAT=CLI$DCL_PARSE(,SETUSER_AUTHORIZE_CMDS,LIB$GET_INPUT,' 1 LIB$GET_INPUT,'SetUSER_Authorize> ')11 IF(STAT.EQ.RMS$_EOF)GOTO98 IF(.NOT.STAT)GOTO10$ STAT=CLI$GET_VALUE('$VERB',VERB,LV) IF(.NOT.STAT)GOTO999" IF(VERB(1:1).EQ.'A')THEN ! ADD) STAT=CLI$GET_VALUE('P1',FROMUSER,LFU) IF(.NOT.STAT)GOTO999( STAT=VALID_USERNAME(FROMUSER(1:LFU)) IF(.NOT.STAT)GOTO16)14 STAT=CLI$GET_VALUE('P2',TOUSER,LTU) IF(.NOT.STAT)GOTO999& STAT=VALID_USERNAME(TOUSER(1:LTU)) IF(.NOT.STAT)GOTO17"15 RECORD(1:12)=FROMUSER(1:LFU) RECORD(13:24)=TOUSER(1:LTU) CALL AUDIT_LOG('ADD',RECORD)& WRITE(1,1,ERR=18,IOSTAT=IOS)RECORD GOTO1916 IF(STAT.EQ.0)THENA CALL LIB$PUT_OUTPUT('%SETUSER_AUTH-W-DISUSER, username '//2 1 FROMUSER(1:LFU)//' is currently disabled') GOTO14 ELSED CALL LIB$PUT_OUTPUT('%SETUSER_AUTH-E-NOUSER, no such user '// 1 FROMUSER(1:LFU)) ENDIF GOTO1917 IF(STAT.EQ.0)THENA CALL LIB$PUT_OUTPUT('%SETUSER_AUTH-W-DISUSER, username '//0 1 TOUSER(1:LTU)//' is currently disabled') GOTO15 ELSED CALL LIB$PUT_OUTPUT('%SETUSER_AUTH-E-NOUSER, no such user '// 1 TOUSER(1:LTU)) ENDIF GOTO19&18 IF(IOS.EQ.FOR$IOS_INCKEYCHG)THEN CALL LIB$PUT_OUTPUT(E 1 '%SETUSER_AUTH-E-DUPLIC, request duplicates existing record') GOTO19 ELSE GOTO92 ENDIF19 CONTINUE> ELSE IF(VERB(1:1).EQ.'S'.OR.VERB(1:1).EQ.'L')THEN ! SHOW/LIST) CALL CLI$GET_VALUE('P1',FROMUSER,LFU)& LISTFROM=CLI$PRESENT('AUTHORIZED')& LISTTO=CLI$PRESENT('IMPERSONATED') IF(LFU.EQ.0)THEN LFU=1 FROMUSER(1:1)='*' ENDIF IF(LISTTO)THEN KEYNUM=2 LTU=LFU$ TOUSER(1:LTU)=FROMUSER(1:LFU) FROMUSER(1:1)='*' LFU=1 ELSE IF(LISTFROM)THEN KEYNUM=1 TOUSER(1:1)='*' LTU=1 ELSE KEYNUM=0 LTU=LFU$ TOUSER(1:LTU)=FROMUSER(1:LFU) ENDIF- DOOUT=CLI$GET_VALUE('OUTPUT',OUTFILE,LOF) IF(LOF.EQ.0)DOOUT=.FALSE. IF(DOOUT)THEN9 OPEN(UNIT=2,NAME=OUTFILE(1:LOF),TYPE='NEW',SHARED,& 1  rI202056D6.BCKTMP&]|"[UICSTUFF]SETUSER_AUTHORIZE.FOR;39Hw CARRIAGECONTROL='LIST',ERR=93) ENDIF DOIT=.TRUE.< READ(1,1,KEYID=KEYNUM,KEYGE=' ',ERR=38,IOSTAT=IOS)RECORD331 CALL STR$TRIM(RECORD(1:12),RECORD(1:12),LFUR)3 CALL STR$TRIM(RECORD(13:24),RECORD(13:24),LTUR)9 FMATCH=STR$MATCH_WILD(RECORD(1:LFUR),FROMUSER(1:LFU)); TMATCH=STR$MATCH_WILD(RECORD(13:LTUR+12),TOUSER(1:LTU)) IF(KEYNUM.EQ.0)THEN( IF(.NOT.(FMATCH.OR.TMATCH))GOTO35 ELSE) IF(.NOT.(FMATCH.AND.TMATCH))GOTO35 ENDIF IF(DOIT)THEN# CALL SYS$FAO('!%D',,DATIME,) IF(DOOUT)THEN WRITE(2,32)DATIMEB32 FORMAT('Listing of SetUSER authorization file -- ',A//+ 1 ' Authorized user Target user'/+ 2 ' =============== ===========') ELSE CALL LIB$PUT_OUTPUT(? 1 'Listing of SetUSER authorization file -- '//DATIME)" CALL LIB$PUT_OUTPUT(0D0)= CALL LIB$PUT_OUTPUT('Authorized user Target user')= CALL LIB$PUT_OUTPUT('=============== ========  ===') ENDIF DOIT=.FALSE. ENDIF IF(DOOUT)THEN: WRITE(2,1)RECORD(1:12)//' '//RECORD(13:LTUR+12) ELSEE CALL LIB$PUT_OUTPUT(RECORD(1:12)//' '//RECORD(13:LTUR+12)) ENDIF.35 READ(1,1,END=39,ERR=38,IOSTAT=IOS)RECORD GOTO31&38 IF(IOS.EQ.FOR$IOS_ATTACCNON)THEN GOTO39) ELSE IF(IOS.EQ.FOR$IOS_SPERECLOC)THEN GOTO94 ELSE GOTO95 ENDIF39 IF(DOOUT)CLOSE(UNIT=2)B ELSE IF(VERB(1:1).EQ.'R'.OR.VERB(1:1).EQ.'D')THEN ! REMOVE/DELETE) STAT=CLI$GET_VALUE('P1',FROMUSER,LFU) IF(.NOT.STAT)GOTO999' STAT=CLI$GET_VALUE('P2',TOUSER,LTU) IF(.NOT.STAT)GOTO999" CONFIRM=CLI$PRESENT('CONFIRM') LOG=CLI$PRESENT('LOG')7 READ(1,1,KEYID=0,KEYGE=' ',ERR=48,IOSTAT=IOS)RECORD341 CALL STR$TRIM(RECORD(1:12),RECORD(1:12),LFUR)3 CALL STR$TRIM(RECORD(13:24),RECORD(13:24),LTUR)7 STAT=STR$MATCH_WILD(RECORD(1:LFUR),FROMUSER(1:LFU)) IF(.NOT.STAT)GOTO459 STAT=STR$MATCH_WILD(RECORD(13:LTUR+12),TOUSER(1:LTU)) IF(.NOT.STAT)GOTO45 DOIT=.TRUE. IF(CONFIRM)THEN YN=' '; STAT=LIB$GET_INPUT(YN,'Remove authorization from '//A 1 RECORD(1:LFUR)//' to '//RECORD(13:LTUR+12)//' (Y/[N])? ') IF(.NOT.STAT)GOTO98& DOIT=(YN.EQ.'Y').OR.(YN.EQ.'y') ENDIF IF(DOIT)THEN& CALL AUDIT_LOG('DELETE',RECORD)' DELETE(UNIT=1,ERR=47,IOSTAT=IOS)? IF(LOG)CALL LIB$PUT_OUTPUT('%SETUSER_AUTH-I-REMOVED, '//? 1 'removed authorization from '//RECORD(1:LFUR)//' to '// 2 RECORD(13:LTUR+12)) ELSE' UNLOCK(UNIT=1,ERR=96,IOSTAT=IOS) ENDIF.45 READ(1,1,END=49,ERR=48,IOSTAT=IOS)RECORD GOTO4147 CALL LIB$PUT_OUTPUT(: 1 '%SETUSER_AUTH-E-DELFAILED, unable to delete record') GOTO97&48 IF(IOS.EQ.FOR$IOS_ATTACCNON)THEN GOTO49) ELSE IF(IOS.EQ.FOR$IOS_SPERECLOC)THEN GOTO94 ELSE GOTO95 ENDIF49 CONTINUE> ELSE IF(VERB(1:1).EQ.'E'.OR.VERB(1:1).EQ.'Q')THEN ! EXIT/QUIT GOTO98( ELSE IF(VERB(1:1).EQ.'H')THEN ! HELP# CALL CLI$GET_VALUE('P1',LINE,L) IF(L.LE.0)THENA CALL LBR$OUTPUT_HELP(LIB$PUT_OUTPUT,,,'SetUSER_AUTHORIZE',+ 1 %REF(HLP$M_PROMPT),LIB$GET_COMMAND) ELSE6 CALL LBR$OUTPUT_HELP(LIB$PUT_OUTPUT,,LINE(1:L),$ 1 'SetUSER_AUTHORIZE',%REF(0)) ENDIF ELSEB CALL LIB$PUT_OUTPUT('%SETUSER_AUTH-W-UNKCMD, unknown command') ENDIF IF(INTERACTIVE)GOTO10 GOTO98C90 CALL LIB$PUT_OUTPUT(< 1 '%SETUSER_AUTH-F-NOAUDITFILE, unable to open audit file') GOTO91191 CALL LIB$PUT_OUTPUT(C 1 '%SETUSER_AUTH-F-NOAUTHFILE, unable to open authorization file')911 CALL ERRSNS(,STS,STV,,STAT) IF(STS.GT.1)THEN. CALL SYS$GETMSG(%VAL(STS),L,LINE,,), IF(LINE(1:1).EQ.'%')LINE(1:1)='-') CALL LIB$PUT_OUTPUT(LINE(1:L)) STAT=STS ENDIF IF(STV.GT.1)THEN. CALL SYS$GETMSG(%VAL(STV),L,LINE,,), IF(LINE(1:1).EQ.'%')LINE(1:1)='-')H202056D6.BCKTMP&]|"[UICSTUFF]SETUSER_AUTHORIZE.FOR;39H CALL LIB$PUT_OUTPUT(LINE(1:L)) STAT=STV ENDIF STAT=STAT.OR.'10000000'X GOTO99F92 CALL LIB$PUT_OUTPUT('%SETUSER_AUTH-E-WRTERR, error writing record') GOTO9793 CALL LIB$PUT_OUTPUT(< 1 '%SETUSER_AUTH-E-OUTOPENERR, unable to open output file') GOTO97B94 CALL LIB$PUT_OUTPUT('%SETUSER_AUTH-E-LOCKED, record is locked') GOTO10E95 CALL LIB$PUT_OUTPUT('%SETUSER_AUTH-E-RDERR, error reading record') GOTO9796 CALL LIB$PUT_OUTPUT(8 1 '%SETUSER_AUTH-E-UNLOCKERR, unable to unlock record')97 CALL ERRSNS(,STS,STV,,STAT) IF(STS.GT.1)THEN. CALL SYS$GETMSG(%VAL(STS),L,LINE,,), IF(LINE(1:1).EQ.'%')LINE(1:1)='-') CALL LIB$PUT_OUTPUT(LINE(1:L)) STAT=STS ENDIF IF(STV.GT.1)THEN. CALL SYS$GETMSG(%VAL(STV),L,LINE,,), IF(LINE(1:1).EQ.'%')LINE(1:1)='-') CALL LIB$PUT_OUTPUT(LINE(1:L)) STAT=STV ENDIF GOTO10 98 STAT=199 IF(.NOT.STAT)THEN' IF((STAT.AND.'10000000'X).EQ.0)THEN+ CALL SYS$GETMSG(%VAL(STAT),L,LINE,,)( IF(LINE(1:1).EQ.'%')LINE(1:1)='-'% CALL LIB$PUT_OUTPUT(LINE(1:L)) STAT=STAT.OR.'10000000'X ENDIF ENDIF999 CALL SYS$EXIT(%VAL(STAT)) ENDC" SUBROUTINE AUDIT_LOG(OPER,RECORD) IMPLICIT NONE CHARACTER*(*) OPER,RECORD CHARACTER*256 LINE INTEGER*2 L,NTIME(7)" INTEGER*4 STAT,SYS$NUMTIM,SYS$FAOC CHARACTER*12 UNAME INTEGER*4 PID COMMON /AUDITINFO/ UNAME,PIDC STAT=SYS$NUMTIM(NTIME,) IF(.NOT.STAT)GOTO9F STAT=SYS$FAO('!4ZW-!2ZW-!2ZW !2ZW:!2ZW:!2ZW.!2ZW !8XL !12AS !AS !AS',F 1 L,LINE,%VAL(NTIME(1)),%VAL(NTIME(2)),%VAL(NTIME(3)),%VAL(NTIME(4)),E 2 %VAL(NTIME(5)),%VAL(NTIME(6)),%VAL(NTIME(7)),%VAL(PID),UNAME,OPER, 3 RECORD) IF(.NOT.STAT)GOTO9 WRITE(4,1,ERR=8)LINE(1:L) 1 FORMAT(A) RETURN8 CALL ERRSNS(,STAT)9 CALL SYS$EXIT(%VAL(STAT)) ENDC> INTEGER*4 FUNCTION GET_SYS_EXEC_LNM(LOGICALNAME,VALUE,LVALUE) IMPLICIT NONE INCLUDE '($LNMDEF)' INCLUDE '($PSLDEF)' INCLUDE '($SSDEF)' STRUCTURE /ITEM/ UNION MAP INTEGER*2 BUFLEN INTEGER*2 ITEMCODE END MAP MAP INTEGER*4 TERMINATOR END MAP END UNION INTEGER*4 BUFADR INTEGER*4 RETLENADR END STRUCTURE RECORD /ITEM/ LNMLIST(2) CHARACTER*(*) LOGICALNAME,VALUE INTEGER*2 LVALUE INTEGER*4 SYS$TRNLNM VOLATILE VALUE,LVALUEC LNMLIST(1).BUFLEN=LEN(VALUE) LNMLIST(1).ITEMCODE=LNM$_STRING LNMLIST(1).BUFADR=%LOC(VALUE)" LNMLIST(1).RETLENADR=%LOC(LVALUE) LNMLIST(2).TERMINATOR=0= GET_SYS_EXEC_LNM=SYS$TRNLNM(,'LNM$SYSTEM_TABLE',LOGICALNAME, 1 %REF(PSL$C_EXEC),LNMLIST) RETURN ENDC, INTEGER*4 FUNCTION VALID_USERNAME(USERNAME) IMPLICIT NONE CHARACTER*(*) USERNAME INCLUDE '($UAIDEF)' INCLUDE 'ITEMDEF.INC'$ INTEGER*4 UAI_FLAGS,STAT,SYS$GETUAI RECORD /ITEM/ UAI_LIST(2) UAI_LIST(1).BUFLEN=4 UAI_LIST(1).ITEMCODE=UAI$_FLAGS# UAI_LIST(1).BUFADR=%LOC(UAI_FLAGS) UAI_LIST(1).RETLENADR=0 UAI_LIST(2).TERMINATOR=0( STAT=SYS$GETUAI(,,USERNAME,UAI_LIST,,,) IF(.NOT.STAT)GOTO9- IF((UAI_FLAGS.AND.UAI$M_DISACNT).NE.0)STAT=09 VALID_USERNAME=STAT RETURN END!*[UICSTUFF]SETUSER_AUTHORIZE.HLB;3+,-T.d/ 4d-]|0123 KPWOe56)Af7‘QAf89GHJ6202056D6.BCKTMP-T]|![UICSTUFF]SETUSER_AUTHORIZE.HLB;3dC% VAX-11 Librarian V04-00(9AfFCAf X5[ADD DELETE EXIT HELP LIST hQUIT REMOVESHOW@Af1 ADDF The ADD command adds a record to the database, authorizing a specific" user to impersonate another user. Format: ADD fromuser touser 2 ParametersD fromuser specifies the username of the person being authorized to # impersonate another userG touser specifies the username of the person who may be impersonatedww@Af1 SHOWI The SHOW command displays all or selected information from the database. Format: SHOW [username] 2 ParametersH username if present, specifies the username for which to list databaseF entries. In conjunction with the qualifiers /FROM and /TO,I may be used to limit the listing to records where the usernameK matches the "fromuser" or the "touser". (The default is to listF the record if either field matches the specified username.)I The "username" may include wildcards (* and %); if no username4 is specified,˔u202056D6.BCKTMP-T]|![UICSTUFF]SETUSER_AUTHORIZE.HLB;3d   all records will be listed. 2 Qualifiers /AUTHORIZED /AUTHORIZEDM Requests that records be listed in which the specified username matches the I "fromuser" field. /AUTHORIZED and /IMPERSONATED are mutually exclusive. /IMPERSONATED /IMPERSONATEDM Requests that records be listed in which the specified username matches the G "touser" field. /AUTHORIZED and /IMPERSONATED are mutually exclusive./OUTPUT /OUTPUT[=filename]I Specifies that the listing is to be written to a particular file, not toH the standard output (SYS$OUTPUT). If no file is specified, it defaults to SYS$OUTPUT.wwOBAf1 LISTF LIST is a synonym for SHOW. See the description of the SHOW command.wwOBAf1 REMOVEB The REMOVE command removes one or more records from the database. Format: REMOVE fromuser touser 2 Parameters@ fromuser specifies a username to match the "fromuser" field of2 database records; may contain wildcards> touser specifies a username to match the "touser" field of2 database records; may contain wildcards 2 Qualifiers/CONFIRM /CONFIRM [D] /NOCONFIRMD Displays each matching record, asking whether it should be deleted./LOG /LOG /NOLOG [D]? Displays the information from each record after it is deleted.wwOBAf1 DELETEL DELETE is a synonym for REMOVE. See the description of the REMOVE command.w wFCAf1 EXIT% Terminate the authorization program. Format: EXITwwFCAf1 QUITF QUIT is a synonym for EXIT. See the description of the EXIT command.wwFCAf1 HELP? This program is used to maintain the database that authorizes F unprivileged users to execute the USER command, which allows one user- to impersonate another user's access rights.I The HELP command displays information about the commands and qualifiers ) recognized by the authorization program. Format: HELP [command or topic]ww!*[UICSTUFF]SETUSER_AUTHORIZE.HLP;7+,./ 4Mn-]|0123KPWO 56.}fS7S89{fdGHJ1 ADDF The ADD command adds a record to the database, authorizing a specific" user to impersonate another user. Format: ADD fromuser touser 2 ParametersD fromuser specifies the username of the person being authorized to # impersonate another userG touser specifies the username of the person who may be impersonated1 SHOWI The SHOW command displays all or selected information from the database. Format: SHOW [username] 2 ParametersH username if present, specifies the username for which to list databaseF entries. In conjunction with the qualifiers /FROM and /TO,I may be used to limit the listing to records where the usernameK matches the "fromuser" or the "touser". (The default is to listF the record if either field matches the specified username.)I The "username" may include wildcards (* and %); if no username4 is specified, all records will be listed. 2 Qualifiers /AUTHOU}202056D6.BCKTMP]|![UICSTUFF]SETUSER_AUTHORIZE.HLP;7ME:RIZED /AUTHORIZEDM Requests that records be listed in which the specified username matches the I "fromuser" field. /AUTHORIZED and /IMPERSONATED are mutually exclusive. /IMPERSONATED /IMPERSONATEDM Requests that records be listed in which the specified username matches the G "touser" field. /AUTHORIZED and /IMPERSONATED are mutually exclusive./OUTPUT /OUTPUT[=filename]I Specifies that the listing is to be written to a particular file, not toH the standard output (SYS$OUTPUT). If no file is specified, it defaults to SYS$OUTPUT.1 LISTF LIST is a synonym for SHOW. See the description of the SHOW command.1 REMOVEB The REMOVE command removes one or more records from the database. Format: REMOVE fromuser touser 2 Parameters@ fromuser specifies a username to match the "fromuser" field of2 database records; may contain wildcards> touser specifies a username to match the "touser" field of2 database records; may contain wildcards 2 Qualifiers/CONFIRM /CONFIRM [D] /NOCONFIRMD Displays each matching record, asking whether it should be deleted./LOG /LOG /NOLOG [D]? Displays the information from each record after it is deleted.1 DELETEL DELETE is a synonym for REMOVE. See the description of the REMOVE command.1 EXIT% Terminate the authorization program. Format: EXIT1 QUITF QUIT is a synonym for EXIT. See the description of the EXIT command.1 HELP? This program is used to maintain the database that authorizes F unprivileged users to execute the USER command, which allows one user- to impersonate another user's access rights.I The HELP command displays information about the commands and qualifiers ) recognized by the authorization program. Format: HELP [command or topic]"*[UICSTUFF]SETUSER_AUTHORIZE.LINK;1+, ./ 47:-]|0123KPWO56 '_$:Y7C+:Y89{fdGHJ7$ LINK/NOTRACE SETUSER_AUTHORIZE,SETUSER_AUTHORIZE_CMDS"*[UICSTUFF]SETUSER_AUTHORIZE.OBJ;36+,./ 4-]|0123KPWO56]:f7rX>f89GHJ<SETUSER_AUTHORIZE01 2-Dec-1993 18:40 2-Dec-1993 18:40VAX FORTRAN V5.9-173PSETUSER_AUDITAUTHORIZE_PRIVSYSPRVMAINTAIN_SETUSER_DBP1AUTHORIZE_NOPRIVSETUSER_AUTHORIZATION_FILESetUSER_Authorize> $VERBP2ADD%SETUSER_AUTH-E-DUPLIC, request duplicates existing recordAUTHORIZEDIMPERSONATEDOUTPUT !%DAuthorized user Target user=============== ===========CONFIRMLOGDELETE%SETUSER_AUTH-E-DELFAILED, unable to delete recordSetUSER_AUTHORIZE%SETUSER_AUTH-W-UNKCMD, unknown command%SETUSER_AUTH-F-NOAUDITFILE, unable to open audit file%SETUSER_AUTH-F-NOAUTHFILE, unable to open authorization file%SETUSER_AUTH-E-WRTERR, error writing record%SETUSER_AUTH-E-OUTOPENERR, unable to open output file%SETUSER_AUTH-E-LOCKED, record is locked%SETUSER_AUTH-E-RDERR, error reading record%SETUSER_AUTH-E-UNLOCKERR, unable to unlock record))Listing of SetUSER authorization file -- ) Authorized user Target user =============== ===========Օ202056D6.BCKTMP]|"[UICSTUFF]SETUSER_AUTHORIZE.OBJ;36cP    ,8PPPg    ( ( GET_SYS_EXEC_LNM@v 8 6E6 AUDIT_LOG@E AUDIT_LOG@$LL SYS$ASCTOID@`` CLI$GET_VALUE@jcc AUDIT_LOG@`` CLI$GET_VALUE@jt4t GET_SYS_EXEC_LNM@v L SETUSER_AUTHORIZE_CMDS LIB$GET_INPUT LIB$GET_INPUT CLI$DCL_PARSE@SETUSER_AUTHORIZE_CMDS LIB$GET_INPUT LIB$GET_INPUT CLI$DCL_PARSE@ CLI$GET_VALUE@h`` CLI$GET_VALUE@l CLI$GET_VALUE@n(8 AUDIT_LOG@L\l|: LIB$PUT_OUTPUT@`` CLI$GET_VALUE@l  CLI$PRESENT@  CLI$PRESENT@ CLI$GET_VALUE@t     (p  @Hr`h|   SYS$FAO@ LIB$PUT_OUTPUT@,, LIB$PUT_OUTPUT@` ` CLI$GET_VALUE@l$ CLI$GET_VALUE@nI<I CLI$PRESENT@QLQ CLI$PRESENT@   dlp  rUU AUDIT_LOG@ 2\ \ LIB$PUT_OUTPUT@`$ ` CLI$GET_VALUE@vLIB$PUT_OUTPUT<  LBR$OUTPUT_HELP@LIB$GET_COMMANDLIB$PUT_OUTPUT` h  LBR$OUTPUT_HELP@'  LIB$PUT_OUTPUT@6  LIB$PUT_OUTPUT@=  LIB$PUT_OUTPUT@|xv v ,> > LIB$PUT_OUTPUT@6k0 k LIB$PUT_OUTPUT@(@  LIB$PUT_OUTPUT@+P  LIB$PUT_OUTPUT@2`  LIB$PUT_OUTPUT@|xv v v Px[^| LIB$GETJPIPkk1˔ LIB$GETJPIPkk1˰GET_SYS_EXEC_LNMPkk12PPFOR$OPENP1 LIB$GETJPIPkk1 FOR$BJTESTP0 LIB$GETJPIP\\˔ԫ$L SYS$ASCTOIDЫ(RP\\\ SYS$FIND_HELDP\\ѫ Rx CLI$GET_VALUE2PPː˨˔˘ AUDIT_LOG$k1$ AUDIT_LOGˬ CLI$GET_VALUEаRP\\R\1PRPPGET_SYS_EXEC_LNMPkk12PPFOR$OPENP12RRR˨  CLI$DCL_PARSEPk@ CLI$DCL_PARSEPkkz1k` CLI$GET_VALUEPkk1˘A1x CLI$GET_VALUE2_202056D6.BCKTMP]|"[UICSTUFF]SETUSER_AUTHORIZE.OBJ;36R Pkk12WWˈ˨ˌːVALID_USERNAMEP\\\1X^(nW^(W˨nWZZY"^("n"YYYX^LIB$PUT_OUTPUTX^ˠ CLI$GET_VALUEPkk12XX˰˴˴˸VALID_USERNAMEPkkk1Y^(nX^(X˴nXVVZ"^("n"ZZZY^LIB$PUT_OUTPUTY^,W˨ ,X˴  AUDIT_LOG* FOR$WRITE_SFL FOR$IO_T_DS FOR$IO_ENDPY1Y2LIB$PUT_OUTPUT˰LIB$PUT_OUTPUT1YX^(X˴nXZ%^(%n%ZZZY^ LIB$PUT_OUTPUTY^YW^(W˨nWZ%^(%n%ZZZY^LIB$PUT_OUTPUTY^1˘S˘L1, CLI$GET_VALUED CLI$PRESENTPYT CLI$PRESENTPZ*˨ZZ2P(P˨˴*˨YZ*˴Z2P(P˨˴d CLI$GET_VALUEPYYY2PPtx|FOR$OPENPLIB$PUT_OUTPUT1Zˠ* FOR$READ_KFL FOR$IO_T_DS FOR$IO_ENDP 122ˬ˴˸STR$TRIMSTR$TRIM2PP˨STR$MATCH_WILDPR P2PP PVV ˴STR$MATCH_WILDZRP1R1P11(SYS$FAOY, FOR$WRITE_SFd FOR$IO_T_DS FOR$IO_ENDX^(n)^()n@<@X^@DLIB$PUT_OUTPUTX^LLIB$PUT_OUTPUT\LIB$PUT_OUTPUTlLIB$PUT_OUTPUTԫY* FOR$WRITE_SFV^(VnVX^( nX ^( n XXt^xt FOR$IO_T_V_DS FOR$IO_ENDXV^(VnVW^( nW ^( n WW|WX^ˀ˄LIB$PUT_OUTPUTX^* FOR$READ_SFL FOR$IO_T_DS FOR$IO_ENDP 1ѫ $Yˌ FOR$CLOSE1ѫ 411˘R˘D1˜ CLI$GET_VALUEPkk1˴ CLI$GET_VALUEPkk1 CLI$PRESENTP CLI$PRESENTP~* FOR$READ_KFL FOR$IO_T_DS FOR$IO_ENDP 12STR$TRIMSTR$TRIM2VV,04˨8<STR$MATCH_WILDPkk1 P2PP P\\HL2PPP˴TXSTR$MATCH_WILDPkk1W1 Z ^( %n\^(\n\X XYݏ to YV^(VnVXXY^(/nYYdYZ^hl LIB$GET_INPUTZ^Pkk1ZYZYyYYZZWW1ˀ AUDIT_LOG FOR$DELETEPW\^(\n\Zݏ to ZV^(VnV\\Z^(InZ^(dnZZˌZW^ː˔LIB$PUT_OUTPUTW^ˤLIB$PUT_OUTPUT FOR$UNLOCKPLIB$PUT_OUTPUT* FOR$READ_SFL FOR$IO_T_DS FOR$IO_ENDP 1ѫ $1ѫ 4LIB$PUT_OUTPUT1LIB$PUT_OUTPUT FOR$ERRSNSѫЫ SYS$GETMSG%-2PP(,0LIB$PUT_OUTPUTѫЫ<8 SYS$GETMSG%-2PPPTXLIB$PUT_OUTPUT1˘E˘Q˘H˴ CLI$GET_VALUELBR$OUTPUT_HELP2PPLBR$OUTPUT_HELPLIB$PUT_OUTPUT1(8|LIB$PUT_OUTPUTk1(LIB$PUT_OUTPUT@ FOR$ERRSNSkWѫЫ\X SYS$GETMSG%-2PPptxLIB$PUT_OUTPUTЫWѫЫ˄ˀ SYS$GETMSG%-2PP˘˜ˠLIB$PUT_OUTPUTЫWɏWkkkkd` SYS$GETMSG%-2PPx|ˀLIB$PUT_OUTPUTȏkkˌˈSYS$EXITPP%SETUSER_AUTH-W-DISUSER, username Q is currently disabledQ"%SETUSER_AUTH-E-NOUSER, no such user Listing of SetUSER authorization file -- Q Remove authorization from Q (Y/[N])? Q5%SETUSER_AUTH-I-REMOVED, Qremoved authorization from q SETUSER_AUTHORIZESTR$MATCH_WILD LIB$GET_INPUT LIB$GETJPI CLI$PRESENT CLI$GET_VALUE CLI$DCL_PARSEGET_SYS_EXEC_LNMVALID_USERNAME SYS$ASCTOID SYS$FIND_HELDSETUSER_AUTHORIZE_CMDSLIB$PUT_OUTPUTLIB$GET_COMMANDFOR$OPEN FOR$BJTEST AUDIT_LOGSTR$TRIMSYS$FAO FOR$CLOSELBR$OUTPUT_HELP a;202056D6.BCKTMP]|"[UICSTUFF]SETUSER_AUTHORIZE.OBJ;36ρ FOR$ERRSNS SYS$GETMSGSYS$EXITY $CODE}$PDATA $LOCAL AUDITINFO FOR$UNLOCK FOR$DELETE FOR$IO_END FOR$IO_T_DS FOR$IO_T_V_DS FOR$READ_SF FOR$READ_KF FOR$WRITE_SF FOR$WRITE_SFP* -P ?P ^P pP }PjP3PP P4P_  P PPF 6P UPZPwP PP PP PPKP^>P ^P`PKfPP PPP PyPYFP6~PP PP PP'PPP P+<P>P JPRP(PP P P/#P (P'.P!5PBP%dPQPTPBSP#VP |P ~PPP PPPPP P-PvPdP(/PPwP=P@PbP{PdP[PP~PP P^ P# P 7 P9 PE PG PQ Pw P4 P P4 P P P Pb P8 P P> P Q P^ Pd P P8 P P8 P PC P:! P4 AUDIT_LOG01 2-Dec-1993 18:40 2-Dec-1993 18:40VAX FORTRAN V5.9-173P!4ZW-!2ZW-!2ZW !2ZW:!2ZW:!2ZW.!2ZW !8XL !12AS !AS !AS)P 5@ SYS$FAO@$,P[}PQP}PQP $ SYS$NUMTIMPkk2H2L2P2T2X2\2` d8SYS$FAOPkk6 FOR$WRITE_SF2PPtxt FOR$IO_T_DS FOR$IO_END| FOR$ERRSNSkˌˈSYS$EXIT  AUDIT_LOG SYS$NUMTIMSYS$FAO FOR$ERRSNSSYS$EXIT$CODE8$PDATA$LOCAL AUDITINFO FOR$IO_END FOR$IO_T_DS FOR$WRITE_SF.P}nP=qP2;GET_SYS_EXEC_LNM01 2-Dec-1993 18:40 2-Dec-1993 18:40VAX FORTRAN V5.9-173PLNM$SYSTEM_TABLEP, SYS$TRNLNM@P[}PQPk}PQ P<PQPaQaQ aQ> aQa, SYS$TRNLNM` GET_SYS_EXEC_LNM SYS$TRNLNMV$CODE$PDATAL$LOCAL9VALID_USERNAME01 2-Dec-1993 18:40 2-Dec-1993 18:40VAX FORTRAN V5.9-173 P P[}PQPP`P#`Pk`P`P` SYS$GETUAIPkPZ VALID_USERNAME SYS$GETUAIN$CODE$PDATAH$LOCALEPJP&*[UICSTUFF]SETUSER_AUTHORIZE_CMDS.CLD;1+,./ 4@-]|0123KPWO56nTnS7HS89{fdGHJdefine verb ADD; parameter P1, value (required), prompt="Authorize user"@ parameter P2, value (required), prompt="To impersonate user"define verb SHOW synonym LIST parameter P1, value& qualifier AUTHORIZED, nonnegatable( qualifier IMPERSONATED, nonnegatable6 qualifier OUTPUT, nonnegatable, value (type=$file)* disallow (AUTHORIZED and IMPERSONATED)define verb REMOVE synonym DELETE< parameter P1, value (required), prompt="User authorized"> parameter P2, 202056D6.BCKTMP]|&[UICSTUFF]SETUSER_AUTHORIZE_CMDS.CLD;1@value (required), prompt="User impersonated" qualifier CONFIRM, default qualifier LOGdefine verb EXIT synonym QUIT noparameters noqualifiersdefine verb HELP+ parameter P1, value(type=$rest_of_line) noqualifiers&*[UICSTUFF]SETUSER_AUTHORIZE_CMDS.OBJ;4+,2 ./ 4\-]|0123KPWO56:?f7X?f89GHJ1SETUSER_AUTHORIZE_CMDS0-0 2-DEC-1993 18:41-VAX/VMS Command Definition Utility (V4-001)! SETUSER_AUTHORIZE_CMDST CLI$TABLESP\<T(ADDDELEEXITHELPLISTQUITREMOSHOW(dPP( " ADD0!P1Authorize user8!P2To impersonate user0`$" REMOVEDELETE4X!P1User authorized4!P2User impersonated(CONFIRM$LOG,` EXITQUIT(`, HELP$P1,| & SHOWLIST$P1, AUTHORIZED, IMPERSONATED(OUTPUT ,<H  [_P^]| [UICSTUFF]SETUSER.LUM:/H duTIS*tLD;187mS4- AvG ֖7m?@'hA{-,CT_' tUVZ/xPJ\'Tׁ abխcYu$ׄzL.27~Ҏ[q< {7nq lFD!{9aGL>U5Ik),bR҅n=G'bm^mn_RYh,cQN ףx^dOFr3kP\lQ".&|v *eZr8H9m]H$\@wKI#ꘊRֻDexn P24?oj: h&5g00:%\ m3|{&x.\!zV  Lȯ:i( ;'RW@~& #[k#a@pxQˮn4arxR0D[R#C @r3 ZkZ hH&!zvo0Qښ쑞Dl|*I45`gTX!R2j5E|]Q%%Ep!4R$Mw)J!,Y;oQ.s;!4B,3it#6m'W=k,DQJ>jPwmY B;l%mўRȑvU4NWb<n7raBot/l) "3kq^| TZ 6h"RV5]_kBe`nn@+h/6;DH#=/KctU7ځBs뇾 :/N෋Ti]6-/̏\3Qд)xItn(#q6El2԰Vw| L'e^H$,va}a[ ya9ve=q*nf4MS Lv`ۈPIq<ԚrIucp *'X6phHf2ry}J6O?l!qea(xa ̄J9ϫvӈpن$\Ӌ˧ǥ] ) 3E2xؤ ̿_}S%q`FZqER)Y2'7:QoӮ <(м]+t@xLV}dx&H30$G8A P V;!9GQyy~>_!mKG/@Drm=8MCcG cBifjFC6l);9JШ'"Gz㣞*$ ش2Fc3-vH^|SQ;2$\KJRW|<MnP);-pxCBJpCRC%,t%"`Y~&14#eϣ&bY i7%*ʬȖkȨ a{"KېoH Pmoעj'<־^ik(%pD/xC_|\kVxy|Fصp5u~VSMҒ_#?0xa'MgQ__rUBZ4][(.i1 p 2 Ecg}.U\F9M` u|pOO,.?%~,Phc?QS#JN:8".ʑl*\Ќk(A*c/`~Lf2ـS.1#ƾc؋,2! b9.%pgWp\M hh'eX6ΠeBZ#M F#cĬ-@"'.Xv ,] 3O)hH*vn`m ܋hؗ`ܥRma[oJAc|spOZq`H` BuIFavH@ko+Labq=>1-ay %UHVV#ʃxW %Э 5rDVۗKd4eoC H/ .b݂ޤMaऴFiA%>ee ^hʜ74f2-_S7`zΑS,,Rlj%N3E_\fy$ Vٜaʾ*!ϙ❱@oHȺw!Ym3;;A0K=;1KЂe&CC_3_+Osd9nLOoܢN/O*JuБ<-nA&ǬZ8`LlO}ǑΧ dn߿[xK5db^>Y|$aǓR#˚ e i]t,eTuQ3DrĔJt[fx> /5KOXo%k" ןb2ς V(V]L $5!9, ȍݑ֖enuDK"7Dgm /t;<|i' &oÿ:_wYR V񋹮-2&fq3yѯrnڑoAcfX7 Y\OI"Llye;o}{vaJՖJ~_^Xbgf r,+&VX+&ɢ&(MV~PApcGܛ?a~/f yj/g5ׄSKcWy% F{=T fn氯8(K60|\)*n{ n$Aqv*BP,lw$fPz|V\}S Iʩvb `9Y8赱+ {]dewtt)dnbg30جx`!7PDU8~˱Eѡe1Mx3_} Kr]yO_[nӾQDrg4s6y'AS ֿ~wՏ!pP&&Q 7܊zۯp}87VϘ^ǨPcXvP$RH\}N{υ"ߘX^>!XUFo:NV%Xˇxz0Ċ&w*s8a/PMG)!5rhj?4Osq|<~DwjZߍBxNNF&B{:)UZ%7ou N++Rj=^ښ'Ộ]Xjz~JfbwYk;L BÑ1=Pie!1Jh׽x.>bip?.Pn].1/ef|,I`1'R$ 6 J`M'~L߼,-=$V)aHy0B]ٮi5:G#Yn)336HZiqxHS\_QXIRRMEN\HYTI[TQX