From: spamfree@peet.at.dircon.dot.co.dot.uk Sent: Friday, July 02, 1999 5:56 AM To: Info-VAX@Mvb.Saic.Com Subject: Re: SYS$NET Thanks to the postings from Wolfgang Moeller and John McMahon's NETINFO, I have written a procedure that not only solves our problem, but provides some logging of all network logins. Thanks guys! Here it is for anyone who's interested: $!----------------------------------------------------------------------------- $! $! Name: SYS$MANAGER:NET$LOGIN.COM $! Author: Pete Humble, $! JRI Europe, Ltd. $! Date: 1st July 1999 $! Version: V1.00 $! $! Using code stolen from NETINFO.COM by John McMahon of TGV and $! by Wolfgang Moeller of GWDG, this procedure formats an OPCOM $! message to log the request and then performs checks to see $! a) Whether or not the request will be allowed $! b) To return a response if this was a "TASK=xxxx" request $! Installation notes: $! 1) Permanent NETSERVERs should be turned off by issuing the command: $! $ DEFINE/SYSTEM/EXEC NETSERVER$TIMEOUT 0 $! at system startup. $! 2) The global symbol NETSERVER$COMMAND should be defined in the $! system login procedure as: $! $ netserver$command :== @DISK:[DIRECTORY]THIS-PROCEDURE $! 3) The protection on this command procedure should be: $! (S:RE,O:RE,G:E,W:E) $! 4) It is recommended that you set up global FAL logging of file $! accesses by defining FAL$LOG at system startup, viz: $! $ DEFINE/SYSTEM FAL$LOG "01/disable=8" $! $! Modification History: $!----------------------------------------------------------------------------- $ ON WARNING THEN LOGOUT $ IF F$MODE() .NES. "NETWORK" THEN EXIT $! $! Ensure that verify is on $! $ netserver$verify :== 1 ! 0=OFF, 1=ON $ SET VERIFY $! $! Table of objects registered in DECnet (This is a subset of the objects $! that do not have processes associated with them (Example: ignore REMACP $! and SMISERVER). This information was retrieved using the NCP command $! NCP> SHOW KNOWN OBJECTS $! This still works under DECnet/OSI $! $ object_0 = "MOM/NICONFIG" $ object_17 = "FAL" ! File Access $ object_18 = "HLD" $ object_19 = "NML/CML" ! NCP or NCL Commands $ object_25 = "MIRROR" $ object_26 = "EVL" $ object_27 = "MAIL" ! Electronic Mail $ object_29 = "PHONE" ! Phone $ object_51 = "VPM" ! Monitor $ object_63 = "DTR" $! $! Get the NCB out of the SYS$NET logical name $! $ ncb = F$TRNLNM("SYS$NET") $! $! Remote nodename is prior to the first colon $! $ remote_nodename = F$ELEMENT(0, ":", ncb) $! $! The string between the "=" and the "/" is the remote username $! $ remote_username = F$ELEMENT(0, "/", F$ELEMENT(1, "=", ncb)) $! $! Extract the string after the "/" to simplify locating things so that $! we aren't dealing with the variable length username or nodename $! Bytes 0-1 Link number $! Byte 2 Optional information length in bytes (max 16) $! Bytes 3-18 Optional information $! Byte 19 Object format $! Byte 20 Object number $! If object format = 0, that is all, $! If object format = 1 $! Byte 21 Object name length in bytes $! Byte 22+ Object name $! If object format = 2 $! Byte 25 Object name length in bytes $! Byte 26+ Object name $! $ work_string = F$ELEMENT(1, "/", ncb) $ object_format = F$CVUI(0, 8, F$EXTRACT(19, 1, work_string)) $ object_number = F$CVUI(0, 8, F$EXTRACT(20, 1, work_string)) $ IF F$TYPE(object_'object_number') .EQS. "STRING" - THEN object = "object " + object_'object_number' $ IF object_number .EQ. 0 $ THEN $ IF object_format .EQ. 1 THEN - $ object = "task " + F$EXTRACT(22, F$CVUI(0, 8, - F$EXTRACT(21, 1, work_string)), work_string) $ IF object_format .EQ. 2 THEN - object = "task " + F$EXTRACT(26, F$CVUI(0, 8, - F$EXTRACT(25, 1, work_string)), work_string) $ ENDIF $ IF object .EQS. "" THEN object = "object number " + object_number $! $ REQUEST/TO=(NETWORK, SECURITY) - "Network login for ''object' from ''remote_nodename'::''remote_username'" $ IF object_format .GT. 2 THEN LOGOUT ! bad $ IF (object_number .EQ. 0) .AND. (object_format .NE. 0) $ THEN $ SET NOON $ OPEN/WRITE link SYS$NET $ WRITE link "Link to ''F$GETSYI("NODENAME")' successful" $ CLOSE link $ ENDIF $ EXIT -- ___ __o Pete Humble, JRI Europe, Ltd _ \<,_ Email: peet AT dircon DOT co DOT uk (_)/ (_) Any resemblance between the views expressed here ============= and those of my employers is pure coincidence.