From: Ryan C. Price [pricerc@ihug.co.nz] Sent: Thursday, April 20, 2000 7:56 PM To: Info-VAX@Mvb.Saic.Com Subject: Re: DCL Hackery no quite DCL, but from some years ago... this crude but effective 'C' code on a VAX to do a report on password ages. Accessed SYSUAF directly, using a uafdef.h IIRC hacked from one of the MACRO libraries, but it was 1994 that I last touched it. I used this basic code as a base for a few other UAF reports as well, now lost. Some bits could probably be improved for Alpha (e.g. the typedef quad shouldn't be necessary). /* uafreport.c */ #include #include #include #include #include #include #include #include #include #include "uafdef.h" typedef unsigned long quad[2] ; int main(int argc, char **argv) { union UAFDEF *uaf_rec; int uaf_file; /* file descriptor for uaf */ FILE *rep_file; /* file descriptor for rep file */ register unsigned long int status; unsigned long int idiff, weeks_allowed, delta_days ; quad today, pw_change_by, pw_changed, pw_lifetime, diff ; printf("scanning for users whose passwords have expired.\n") ; uaf_file = open("SYSUAF",O_RDONLY,0,"ctx=rec","shr=get","shr=put","shr=upd") ; if ( uaf_file == -1 ) perror("UAFopen") ; exit(0x10000004) ; } rep_file = fopen("PASSWORD_REPORT","w") ; if ( rep_file == NULL ) perror("REPopen") ; exit(0x10000004); } status = sys$gettim (&today) ; delta_days = LIB$K_DELTA_DAYS ; uaf_rec = calloc(1,sizeof(union UAFDEF)) ; while( read(uaf_file,uaf_rec,sizeof(union UAFDEF)) !=0 ) { { int i; for(i=0; i<12; i++) if(uaf_rec->uaf$t_uafdef.uaf$t_username[i] == ' ') break ; uaf_rec->uaf$t_uafdef.uaf$t_username[i] = 0 ; } memcpy(pw_changed,&(uaf_rec->uaf$t_uafdef.uaf$q_pwd_date),8); if ( pw_changed == 0) { fprintf(rep_file,"** password is pre-expired\n") ; } else { memcpy(pw_lifetime,&(uaf_rec->uaf$t_uafdef.uaf$q_pwd_lifetime),8); status = lib$add_times(pw_changed,pw_lifetime,pw_change_by); status = lib$sub_times(pw_change_by,today,diff); status = lib$cvt_from_internal_time(&delta_days,&idiff,diff); if(idiff<2) { fprintf(rep_file, "%-12s:%3d days till next password change\n", uaf_rec->uaf$t_uafdef.uaf$t_username, idiff); } } } close(uaf_file); fclose(rep_file); } /* end of uafreport.c */ /Ryan "Hoff Hoffman" wrote in message news:8dnh0g$n89$1@mailint03.im.hou.compaq.com... > > In article , "Wolf, Gerald J" writes: > :Is there a DCL procedure out there to disuser users who have password > :changed is older than a specified amount of time? Is there a way to notify > :these users before they are disusered using the above method. We would like > :to do this on a daily or monthly basis. > > The existing password expiration mechanism handles most of this task now, > though it does allow one shot at login after the password has expired. > (I know of sites that use this mechanism, in conjunction with a local > executable image, to regularly update the username expiration date to > a specified "delta" from the last password change.) > > The easiest (and officially supported) approach for the stated problem > is via a fairly simple executable image and calls to sys$getuai and > sys$setuai -- there is no supported interface for access to the system > authorization database from DCL, no f$getuai nor f$setuai. There are > tools (executable images) that allow DCL to get at the authorization > database by command input (for control and input) and the creation of > symbols (for output back to DCL), and there are hacks that either a: > directly access SYSUAF, or b: parse output from AUTHORIZE commands. > (Neither of these latter two hacks is particularly difficult, and > neither is particularly supported...) > > :Please include the procedure if you can. Is there a place on the internet > :with contributed DCL procedures? > > There are many spots where you can pick up DCL examples, and > contributions to the Freeware are welcome... > > --------------------------- pure personal opinion --------------------------- > Hoff (Stephen) Hoffman OpenVMS Engineering hoffman#xdelta.zko.dec.com >