Everhart, Glenn (FUSA) From: ccburgess@uqstu.jdstory.uq.edu.au Sent: Thursday, April 29, 1999 11:20 PM To: Info-VAX@Mvb.Saic.Com Subject: Re: transfer just passwords from one sysuaf to another sysuaf "M. Brown" writes: >Does anyone have a utility that allows one to selectively grab just the >passwords in the sysuaf. The passwords I would need would be based on >an input list from 1 sysuaf and then I would want to enter them in >another sysuaf. This is to sync up passwords for a couple hundred >people whose application is migrating.. > >Mike Mike, This should do what you want... GET_HASH_PWD reads a file of usernames. Since your application is one off, you can edit SYSUAF.LIS for that. ---------------------------- cut here ---------------------------- Program GET_HASH_PWD c Ian Burgess 16-Nov-1995 c c Get the encrypted password details for an account. c The details can then be inserted into the same account c on this or another system. c Designed to move accounts from the Vax cluster to the c Alpha cluster with the same password. c Implicit none INTEGER SYS$GETUAI INCLUDE '($UAIDEF)/nolist' INCLUDE '($SSDEF)/nolist' C Define item list structure for GETUAI or SETUAI STRUCTURE /itmlst/ UNION MAP INTEGER*2 buflen, itmcod INTEGER bufadr, itmretlen END MAP MAP INTEGER end_list END MAP END UNION END STRUCTURE C Declare item lists RECORD /itmlst/ uai_list(4) C Declare variables used in $GETUAI item lists Character*12 username Integer return_len Integer ENCRYPT, SALT DoublePrecision PWD Character*30 Ifilename Logical forever /.TRUE./ uai_list(1).itmretlen = %LOC(return_len) uai_list(1).buflen = 1 ! 1 byte Algorithm number uai_list(1).itmcod = UAI$_ENCRYPT uai_list(1).bufadr = %LOC(ENCRYPT) uai_list(2).buflen = 2 ! 2 byte random salt used uai_list(2).itmcod = UAI$_SALT uai_list(2).bufadr = %LOC(SALT) uai_list(3).buflen = 8 ! 8 byte encrypted passwd uai_list(3).itmcod = UAI$_PWD uai_list(3).bufadr = %LOC(PWD) uai_list(4).end_list = 0 type '('' List of Usernames? [USERS.LIST] : ''$)' Accept '(a)', Ifilename If (Ifilename .eq. ' ') Ifilename = 'USERS.LIST' OPEN (UNIT=7, FILE = Ifilename, STATUS = 'OLD') c Write to a file for PUT_HASH_PWD to read OPEN (UNIT=8, FILE = 'SYSUAF.DATA', STATUS = 'NEW', 1 carriagecontrol='LIST') DO WHILE (FOREVER) READ(UNIT = 7, FMT = '(a12)', END = 190) username CALL SYS$GETUAI( , , username, uai_list, , , ) Write(UNIT = 8, FMT = 150) username, ENCRYPT, SALT, PWD 150 FORMAT(A12,1X,Z2,1X,Z4,1X,Z16 ) End do 190 CONTINUE CLOSE(UNIT = 7) CLOSE(UNIT = 8) Stop ' ' END ---------------------------- cut here ---------------------------- This does the reverse; puts the passwords into the target SYSUAF, reading SYSUAF.DATA. You probably won't need the test for recent use of the target account -- I was aiming at a moving target. ---------------------------- cut here ---------------------------- Program PUT_HASH_PWD c Ian Burgess 16-Nov-1995 c c Put the encrypted password details for an account into the UAF file. c The details are obtained by GET_HASH_PWD on this or another system. c Designed to move accounts from the Vax cluster to the c Alpha cluster with the same password. c Implicit none INTEGER SYS$SETUAI INCLUDE '($UAIDEF)/nolist' C Define item list structure for GETUAI or SETUAI STRUCTURE /itmlst/ UNION MAP INTEGER*2 buflen, itmcod INTEGER bufadr, itmretlen END MAP MAP INTEGER end_list END MAP END UNION END STRUCTURE C Declare item lists RECORD /itmlst/ uai_list(5) C Declare variables used in $GETUAI item lists Character*12 username Integer return_len Integer ENCRYPT, SALT DoublePrecision PWD Logical forever /.TRUE./ Character*1 Okay Integer Count Logical Get_details Logical Pwdexp Integer Ilogin(2) ! Quadword time of last Interactive Login Integer Now(2) ! Quadword time Integer Days ! Days since last Interactive login Integer Elapsed_Days ! Function to calculate days difference Integer SYS$GETTIM Call SYS$GETTIM(Now) uai_list(1).itmretlen = %LOC(return_len) uai_list(1).buflen = 1 uai_list(1).itmcod = UAI$_ENCRYPT uai_list(1).bufadr = %LOC(ENCRYPT) uai_list(2).buflen = 2 uai_list(2).itmcod = UAI$_SALT uai_list(2).bufadr = %LOC(SALT) uai_list(3).buflen = 8 uai_list(3).itmcod = UAI$_PWD uai_list(3).bufadr = %LOC(PWD) uai_list(4).end_list = 0 OPEN (UNIT=7, FILE = 'SYSUAF.DATA', STATUS = 'OLD') C Next read a line at a time Count = 0 DO WHILE (FOREVER) READ(UNIT=7, FMT=150, END=190) username,ENCRYPT,Salt,PWD 150 FORMAT(A12,1X,Z2,1X,Z4,1X,Z16 ) c ! Ilogin -- Last interactive login date/time ! Pwdexp -- True if password pre-expired or expired ! (Password will not be "expired" until the first ! interactive login after password change plus pwdlife ! so the Expired Flag is not much use here.) If (Get_details(Username,Ilogin,Pwdexp)) then If (Ilogin(1) .eq. 0 .and. Ilogin(2) .eq. 0) go to 99 ! unused ac Days = Elapsed_Days(Ilogin,Now) If (Days .lt. 62) go to 100 ! skip if she logged in lately 99 CALL SYS$SETUAI( , , username, uai_list, , , ) Count = Count + 1 End if 100 End do 190 CONTINUE CLOSE(UNIT = 7, STATUS = 'KEEP') Type '('' Processed'',i4,'' accounts'')', Count Stop ' ' END Logical Function Get_details(Username,Ilogin,Pwdexp) c Implicit none Character*12 Username ! Key c Returns... Integer Ilogin(2) ! Quadword time of last Interactive Login Logical Pwdexp ! True if password pre-expired or expired Integer PwdDate(2) ! Quadword time of last password change INTEGER SYS$GETUAI INCLUDE '($UAIDEF)/nolist' INCLUDE '($SSDEF)/nolist' INCLUDE '($RMSDEF)/nolist' C Define item list structure for GETUAI or SETUAI STRUCTURE /itmlst/ UNION MAP INTEGER*2 buflen, itmcod INTEGER bufadr, itmretlen END MAP MAP INTEGER end_list END MAP END UNION END STRUCTURE C Declare item lists RECORD /itmlst/ uai_list(4) C Declare variables used in $GETUAI item lists Integer return_len, Flags Integer Status uai_list(1).itmretlen = %LOC(return_len) uai_list(1).buflen = 4 uai_list(1).itmcod = UAI$_FLAGS ! Bits, e.g., UAI$M_PWD_EXPIRED uai_list(1).bufadr = %LOC(Flags) uai_list(2).buflen = 8 uai_list(2).itmcod = UAI$_LASTLOGIN_I ! Quad word absolute time uai_list(2).bufadr = %LOC(ILogin) uai_list(3).buflen = 8 uai_list(3).itmcod = UAI$_PWD_DATE ! Quad word time (-1 = preexpired) uai_list(3).bufadr = %LOC(PwdDate) uai_list(4).end_list = 0 Status = SYS$GETUAI( , , username, uai_list, , , ) ! Called as a function, returns RMS$_RNF for no such username ! or SS$_NORMAL, SS$_NOSYSPRV, SS$_NOGRPPRV, SS$_BADPARAM ! or SS$_ACCVIO (program error!) If (Status .ne. SS$_NORMAL) then If (Status .eq. RMS$_RNF) then Type '('' No such user, '',a12)', Username else Type '('' SYS$GETUAI failed with code '',Z)', Status end if Get_details = .false. Return end if d type '('' Flags='',z8.8)', Flags d type '('' Mask ='',z8.8)', UAI$M_PWD_EXPIRED d type '('' .and.='',z8.8)', Flags .and. UAI$M_PWD_EXPIRED d type '('' PwdDate='',z8.8,z9.8)', PwdDate ! (Password will not be "expired" until the first ! interactive login after password change plus pwdlife ! so the Expired Flag is not much use here.) Pwdexp = ((Flags .and. UAI$M_PWD_EXPIRED) .ne. 0) .or. 1 (PwdDate(1) .eq. -1 .and. PwdDate(2) .eq. -1) Get_details = .true. Return end Integer Function Elapsed_Days(Start, Finish) c c Ian Burgess, 28-Nov-1990. Return the number of Days difference c between the start and finish times in quad word absolute format. c Returns positive or negative days unless the dates are the same c or one or both dates are zero (missing). c Implicit none Integer Start(2), Finish(2) Integer Days, TestTime(2) Integer Status, Sign Integer Lib$Sub_Times Integer Lib$CVT_From_Internal_Time External Lib$_Negtim External Lib$K_delta_Days Elapsed_Days = 0 ! *** zero if no difference or missing date *** If (( start(1) .eq. 0) .and. ( start(2) .eq. 0) .or. 1 (finish(1) .eq. 0) .and. (finish(2) .eq. 0) .or. 1 (finish(1).eq.start(1)).and.(finish(2).eq.start(2))) return Sign = 1 Status = Lib$Sub_times(Finish,Start,TestTime) !result in TestTime If(Status .eq. %loc(Lib$_Negtim)) then Status = Lib$Sub_times(Start,Finish,TestTime) !reverse Sign = -1 end if Status = Lib$CVT_From_Internal_Time( %loc(Lib$K_delta_Days), 1 Days, TestTime) d Type *,' Difference is ',Sign*Days, ' Days.' Elapsed_Days = Sign*Days return end ---------------------------- cut here ---------------------------- Cheers, Ian -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Ian Burgess I.Burgess@its.uq.edu.au Information Technology Services Phone: 61 7 336 54074 07336 54074 Prentice Building The University of Queensland