Everhart,Glenn From: Richard B. Gilbert [76702.1567@compuserve.com] Sent: Wednesday, April 01, 1998 9:12 PM To: Info-VAX@Mvb.Saic.Com Subject: Need UAF tool Message text written by INTERNET:Patrick_I_Beeson@arkwright.com >Patrick_I_Beeson@arkwright.com >Hello Everyone, > >I'm looking for a tool that will find an unused UIC. I want to be able to >enter the group number and it scan the UAF to find an unused number. Does >anyone out there have such a tool? > >Thanks in advance,< How about this. . . . $ VFY = F$VERIFY(0) $! *****AUTH.COM****** $! $! Copyright 1993-1997 $! Richard B. Gilbert $! <76702.1567@CompuServe.Com> $! $! Version of 28-JAN-1997 $! $! 27-DEC-1993 Princeton version $! 14-JUN-1994 Mobil Tech Center version $! 01-AUG-1994 Add checking for length of owner and account. $! 28-NOV-1994 Correct the handling of SETMAIL.TMP so that it is $! deleted when the job is finished. $! 20-MAR-1995 Collected system specific defaults in one place. $! 28-JUL-1995 Added code to search for disk devices and offer a $! list of logical volume names from which the user selects $! a default disk device. $! 31-OCT-1995 Added code to boost quotas for users using DW-Motif $! under VAX/VMS. Alpha VMS default quotas are already $! greater than or equal to the recommended quotas. $! 01-JUN-1996 Added F$PARSE to logical name assignments. $! 28-JAN-1997 Disk list was too long on systems with a large $! number of disks with long names. Removed it from $! the inquire command line and placed it in a separate $! SAY command. That was still too long so I commented $! it out. Changed DEF_DISK to "USER1$". $! $! For VMS Version 5.5-2 and above. $! $! $! Add a new user to the system. The user gets an account, a $! disk directory, a disk quota and a sample LOGIN.COM file. His name $! is added to a distribution list. $! $! The account is created with a pre-expired password. It can be $! used only for the initial login. The user will not be able to complete $! the login without changing the password. $! $! Ensure the integrity of the command file by disallowing access to $! external symbols. $ SET :== SET $! SET SYMBOL /SCOPE=(NOLOCAL) $ SAY := WRITE SYS$OUTPUT $ DEBUG ="FALSE" $ IF P1 .EQS. "DEBUG" THEN DEBUG=="TRUE" $ REQUIRED_PRIVILEGES :=CMKRNL,SYSPRV,OPER $ PREV_PRIVS = F$SETPRV(REQUIRED_PRIVILEGES) $ IF .NOT. F$PRIVILEGE(REQUIRED_PRIVILEGES) THEN GOTO NO_PRIVILEGES $ ON WARNING THEN GOTO CLEANUP $ ON CONTROLY THEN GOTO CLEANUP $! Make the User Authorization File (UAF) accessable. We use F$PARSE $! to allow for a logical name pointing to the file. $ ASSIGN 'F$PARSE("SYSUAF", "SYS$SYSTEM", ".DAT")' SYSUAF $ ASSIGN 'F$PARSE("NETPROXY", "SYS$SYSTEM", ".DAT")' NETPROXY $ ASSIGN 'F$PARSE("NET$PROXY", "SYS$SYSTEM", ".DAT")' NET$PROXY $ ASSIGN 'F$PARSE("RIGHTSLIST", "SYS$SYSTEM", ".DAT")' RIGHTSLIST $! $! Set system specific defaults. $! $! Specify the default disk in case nothing is entered. $ DEF_DISK:=USER1$ $ STANDARD_PRIVS:=TMPMBX,NETMBX $ DEFQUOTA=30000 ! Default diskquota $ DEFOVERD=2000 ! Default overdraft $! Make a list of the available disks. $! $ DISK_LIST:=( $ DISK="" $DLOOP: $ DISK=F$DEVICE("*","DISK") $ IF DISK .EQS. "" THEN GOTO DLOOP_EXIT $ LABEL=F$GETDVI(DISK, "LOGVOLNAM") $! SAY "''DISK' ''LABEL'" $ IF LABEL .EQS. "" THEN GOTO DLOOP $ DISK_LIST = DISK_LIST + LABEL +", " $ GOTO DLOOP $DLOOP_EXIT: $ X = F$LENGTH(DISK_LIST)-2 $ DISK_LIST['X',2]:=")" $! $! Get the facts. $ASK_USERNAME: $ INQUIRE USERNAME " USERNAME= (NO BRACKETS) " $! Note that while the record format allows thirty-two characters, AUTHORIZE $! limits the username to twelve characters. Other parts of VMS allocate only $! twelve bytes for the username! $ IF F$LENGTH(USERNAME) .GT. 12 $ THEN $ SAY "USERNAME must be twelve or fewer characters" $ SAY " Please re-enter USERNAME" $ GOTO ASK_USERNAME $ ENDIF $ INQUIRE TEMP "USER DIRECTORY NAME= (NO BRACKETS) [USERS.''USERNAME'] " $ IF TEMP .EQS. "" $ THEN $ USERDIR = "USERS.''USERNAME'" $ ELSE $ USERDIR = TEMP $ ENDIF $! INQUIRE UIC " USER UIC [GROUP,USER]= " $ INQUIRE GROUP " GROUP NUMBER = " $ CALL NEXT_UIC 'GROUP' $ INQUIRE UIC " USER UIC ''NEXT_UIC' = " $ IF UIC .EQS. "" THEN UIC=NEXT_UIC $! The account owner name must be entered in quotes "", if you wish to $! preserve case. $ASK_OWNER: $ INQUIRE OWNER " ACCOUNT OWNER (In """") = " $ IF F$LENGTH(OWNER) .GT. 31 $ THEN $ SAY "OWNER must be 31 or fewer characters." $ SAY "Please re-enter OWNER." $ GOTO ASK_OWNER $ ENDIF $ INQUIRE PASSWORD " PASSWORD (DEFAULT IS NULLPASS)= " $ IF PASSWORD .EQS. "" THEN PASSWORD = "NULLPASS" $ASK_ACCOUNT: $ INQUIRE ACCOUNT " ACCOUNT= " $ IF F$LENGTH(ACCOUNT) .GT. 8 $ THEN $ SAY "ACCOUNT must be 8 or fewer characters." $ SAY "Please re-enter ACCOUNT." $ GOTO ASK_ACCOUNT $ ENDIF $ SAY "Available disks are:" $! SAY DISK_LIST $ INQUIRE DISK "DEFAULT DISK [''DEF_DISK']" $ IF DISK .EQS. "" THEN DISK = DEF_DISK $ INQUIRE AUTH_PRIV "Authorized Privleges (Comma delimited list) [''STANDARD_PRIVS']" $ INQUIRE DEF_PRIV "Default Privileges (Comma delimited list) [''AUTH_PRIV']" $ IF AUTH_PRIV .EQS. "" THEN AUTH_PRIV=STANDARD_PRIVS $ IF DEF_PRIV .EQS. "" THEN DEF_PRIV=AUTH_PRIV $! $! Build a command file to run the AUTHORIZE utility. $! $ OPEN /WRITE FILE SYS$SCRATCH:AUTH.TMP $ WRITE FILE "$ RUN SYS$SYSTEM:AUTHORIZE $! Quotes around OWNER ensure that case is preserved. $ WRITE FILE "ADD ''USERNAME' /OWNER=""''OWNER'""", - " /PASSWORD=''PASSWORD' /PWDEXPIRED -" $ WRITE FILE " /DIRECTORY=[''USERDIR'] /UIC=",UIC, - "/DEVICE=''DISK' -" $! Account is optional $ IF F$LENGTH(ACCOUNT) .GT. 0 THEN - WRITE FILE " /ACCOUNT=''ACCOUNT' -" $ WRITE FILE " /PRIVILEGE=(''AUTH_PRIV')", - " /DEFPRIVILEGE=(''DEF_PRIV') /FLAGS=NODISUSER -" $ WRITE FILE "/LGICMD=[.COM]LOGIN.COM" $! $! Update quotas for DECwindows, if appropriate. Note that these quotas $! may be less than the default quotas; check them! $! $! The default quotas for VMS Alpha do not appear to need adjustment. $ IF (F$GETSYI("WINDOW_SYSTEM") .EQ. 1) .AND. .NOT. - (F$GETSYI("NODE_HWTYPE") .EQS. "ALPH") $ THEN $ WRITE FILE "MOD ''USERNAME' /ASTLM=100 /BIOLM=100 -" $ WRITE FILE "/BYTLM=40000 /DIOLM=100 /ENQLM=200 -" $ WRITE FILE "/FILLM=100 /PGFLQUO=32768 /PRCLM=8 -" $ WRITE FILE "/TQELM=50 /WSEXTENT=2048 /WSQUOTA=1024" $ ENDIF $ WRITE FILE " SHOW ''USERNAME'" $! $! The following statement probably has no use on your system $! but it will serve as an example of how you might add login proxies. $! To use it delete these comments and $! and remove the '$!' in front $! of the following line. $! WRITE FILE "ADD /PROXY GASDYN::''USERNAME' ''USERNAME' /DEFAULT" $ CLOSE FILE $! The file is saved for later use. $! $! DISKQUOTA INFORMATION $! If QUOTA.SYS does not exist, quotas are not enabled on the user's disk $! and we can skip all this quota stuff. $! $ IF F$SEARCH("''DISK':[000000]QUOTA.SYS") .EQS. "" THEN GOTO NOQUOTAS $ INQUIRE QUOTA " PERMQUOTA [''DEFQUOTA' BLOCKS] " $ IF QUOTA .EQS. "" THEN QUOTA = DEFQUOTA $ INQUIRE OVERDRAFT " OVERDRAFT [''DEFOVERD' BLOCKS] " $ IF OVERDRAFT .EQS. "" THEN OVERDRAFT = DEFOVERD $! This file will run the DISKQUOTA utility. $ OPEN /WRITE FILE SYS$SCRATCH:ADDQUOTA.TMP $ WRITE FILE "$ RUN SYS$SYSTEM:SYSMAN" $ WRITE FILE "DISKQUOTA ADD /DEVICE=''DISK ''UIC' /PERMQUOTA=''QUOTA' /OVERDRAFT=''OVERDRAFT' $ CLOSE FILE $! Having gotten this far without error, we will give him a disk $! quota. $ IF DEBUG $ THEN TYPE SYS$SCRATCH:ADDQUOTA.TMP $ GOTO NOQUOTAS: $ ELSE $ @SYS$SCRATCH:ADDQUOTA.TMP $ SAY "Disk quota added for ''USERNAME'" $ ENDIF $NOQUOTAS: $! Create his directory. $ CREATE /DIRECTORY /PROTECTION=(S:RWE,O:RWE,G:RE,W:E) - /OWNER_UIC='UIC' 'DISK':['USERDIR'] /LOG $! And a COM subdirectory $ CREATE /DIRECTORY /PROTECTION=(S:RWE,O:RWE,G:RE,W:E) - /OWNER_UIC='UIC' 'DISK':['USERDIR'.COM] /LOG $! And give him an account. $ IF DEBUG $ THEN TYPE SYS$SCRATCH:AUTH.TMP $ ELSE $ @SYS$SCRATCH:AUTH.TMP $ ENDIF ! $! As a convenience for the new user, give him a sample LOGIN.COM to $! peruse. You may need to modify the LOGIN.TEMPLATE file to meet the $! requirements of your site. $ COPY /LOG SYS$MANAGER:LOGIN.TEMPLATE 'DISK':['USERDIR'.COM]LOGIN.COM $! Now make him its owner and set appropriate protection. $ SET FILE /OWNER_UIC='UIC' /PROTECTION=(S:RWED,O:RWED,G:RE,W) - 'DISK':['USERDIR'.COM]LOGIN.COM $! $! Create a file to create a mail subdirectory for him and set his $! personal name in mail. $! $ OPEN /WRITE FILE 'DISK':['USERDIR']SETMAIL.TMP $ WRITE FILE "$ MAIL" $ WRITE FILE "SET MAIL_DIRECTORY [.MAIL]" $ WRITE FILE "SET PERSONAL_NAME ''OWNER'" $ WRITE FILE "EXIT" $ CLOSE FILE $! $! Submit this file under the new user's UIC. Note that this requires $! CMKRNL privilege $! $ SUBMIT /USER='USERNAME' 'DISK':['USERDIR']SETMAIL.TMP /DELETE $CLEANUP: $ SET NOON ! Do not allow errors to terminate this procedure now. $ DELETE /NOCONFIRM /NOLOG SYS$SCRATCH:AUTH.TMP;* $ IF F$SEARCH("''DISK':[000000]QUOTA.SYS") .NES. "" THEN DELETE - /NOCONFIRM /NOLOG SYS$SCRATCH:ADDQUOTA.TMP;* $ DEASSIGN SYSUAF $ DEASSIGN NETPROXY $EXIT: $ PREV_PRIVS = F$SETPRV(PREV_PRIVS) $ IF VFY THEN SET VERIFY $ EXIT $ $NO_PRIVILEGES: $ BELL[0,8] = %X07 ! Bell character $ SAY "''BELL'Insufficient privileges to run AUTHORIZE!" $ SAY "Requires ",REQUIRED_PRIVILEGES," privileges." $ GOTO EXIT $NEXT_UIC: SUBROUTINE $! $! File: NEXT_UIC.COM $! Author: Nick de Smith $! Date: 27-Apr-89 $! Modified: 27-DEC-1993 Richard. B. Gilbert $! Changed the output format to eliminate leading zeros in $! the group and member numbers; e.g. [20,4] instead of $! [000020,000004] to make it easier for people to read. $! Made into a subroutine. $! JUL-1995 Richard B. Gilbert $! Added /SHARE=WRITE to open for SYSUAF. Added logical $! name translation to error messages. $! $! Description: $! Command file to determine the next free member number in a UIC group. $! Pass: $! P1 Name of the group to search. Either an identifier that is in $! the correct group or a group number (eg. 100). Note that if $! you specify a number, you must specify it in the form that it $! is displayed by VMS (which is actually in octal), not as a $! decimal number. $! Returns: $! NEXT_MEMBER DCL global symbol that contains the number of the next $! free member of that group, or "-1" if the group did $! not exist. $! NEXT_UIC DCL global symbol that contains the text of the next $! UIC to use, if $ Set Symbol /Scope=(NoLocal) ! Insulate ourselves $! $ Name = F$Parse( F$Environment( "PROCEDURE" ),,, "NAME" )! Correct name for p $ Info = "%" + Name + "-I, " ! Information message $ Warn = "%" + Name + "-W, " ! Warning message $ Fatal = "%" + Name + "-F, " ! Fatal error message $ TRUE = (1.eq.1) $ FALSE = (1.eq.0) $! $ UAF$W_MEM = %x24 $ UAF$W_GRP = %x26 $! $ P1 := 'P1 ! Pick up name of GROUP to search $ If P1 .eqs. "" Then P1 = "USER" ! Default to "USER" $ Grp = F$Identifier( P1, "NAME_TO_NUMBER" ) / %x10000 ! Try to treat it as a $ If Grp .eq. 0 Then Grp = F$Integer( "%o''P1'" ) ! ...if name not found, tre $! $ Group = "****" ! Pre-extend the group keyword $ Group[ 0, 16 ] = 0 ! Start at member 0 $ Group[ 16, 16 ] = Grp ! ...in the selected group $! $ NEXT_MEMBER = -1 ! Assume no next member $ NEXT_UIC == "" ! '' '' '' '' $ Expected_Member = 1 ! Expect to start with member 1 $ Open /Read /Error=OPEN_ERROR /SHARE=WRITE SYSUAF_FILE SYSUAF ! Open the UAF file $ Read /Error=READ_ERROR /Index=1 /Match=GE /Key=&Group SYSUAF_FILE Record $ If F$CvUI( UAF$W_GRP*8, 16, Record ) .ne. Grp Then Goto END! If the group do $ 10$: $ Member = F$CvUI( UAF$W_MEM*8, 16, Record ) ! Get current member number $ If Expected_Member .lt. Member Then Goto 15$ ! If we found a gap, use it $ If Expected_Member .eq. Member Then Expected_Member = Member + 1 ! ...else exp $ Read /Error=15$ /Index=1 SYSUAF_FILE Record ! Read next record $ If F$CvUI( UAF$W_GRP*8, 16, Record ) .ne. Grp Then Goto 15$ ! If the group do $ Goto 10$ $ 15$: $ NEXT_MEMBER = Expected_Member ! Return next member number... $ NEXT_UIC == F$Fao( "!%U", Grp*65536+NEXT_MEMBER )! ...and next UIC string $ Goto END ! ...and exit $! $ READ_ERROR: $ Say Fatal, F$Fao( "Error reading from ""!AS""!/!AS", F$TRNLNM("SYSUAF"), F$Message( $STATUS ) $ Goto END $! $ OPEN_ERROR: $ Say Fatal, F$Fao( "Failed to open ""!AS""!/!AS", F$TRNLNM("SYSUAF"), F$Message( $STATUS ) $ Goto END $! $ END: Close /Error=20$ SYSUAF_FILE $ 20$: $ ENDSUBROUTINE !End of NEXT_UIC subroutine.  -- ************************************************************************* * Here, there be dragons! * * DRAGON@CIS.CompuServe.Com * * * * Richard B. Gilbert * * Computer Systems Consultant * *************************************************************************