SYSUAF record definition ???
lia...@homer.mentec.ie
Does anyone have a record definition for SYSUAF handy... and
is there an easy way of reading priviliges from this... i.e
interpreting the bit masks... i know the theory on how they work but
something like 00010010001 isn't very meaningful to the naked eye.
Thanks in advance,
Liam
Dan Wing
Extract and examine the bitmasks from STARLET.MLB:
$ LIBRARY SYS$LIBRARY:STARLET.MLB/MACRO/EXTRACT=*
$ SEARCH STARLET.MAR PRV$V_
which will show the bit for each privilege.
Here's a PowerHouse QSHOW listing of the SYSUAF layout, as of VMS V5.5-2.
This was created by a friend of mine back in the early days of VMS V5.
-dan
02/23/94 System Management Dictionary Page 1
R E C O R D R E P O R T
Record: LABUAF
of File: LABUAF
Organization: INDEXED
Type: RMS
Open: DISKC:[SYSPROG.PHD]SYSUAF.DAT
Record Format: Variable
Supersede: No
Record Size: 1412 Bytes
-- Record Contents --
Item Type Size Occ Offset
FILLER CHARACTER 4 0
UAF-USERNAME CHARACTER 32 4
UAF-UIC INTEGER UNSIGNED 4 36
.UAF-MEM INTEGER UNSIGNED 2 36
.UAF-GRP INTEGER UNSIGNED 2 38
UAF-SUB-ID INTEGER UNSIGNED 4 40
UAF-PARENT-ID INTEGER UNSIGNED 8 44
UAF-ACCOUNT-STRUCT CHARACTER 32 52
.UAF-ACCOUNT-STRLEN INTEGER UNSIGNED 1 52
.UAF-ACCOUNT CHARACTER 31 53
UAF-OWNER-STRUCT CHARACTER 32 84
.UAF-OWNER-STRLEN INTEGER UNSIGNED 1 84
.UAF-OWNER CHARACTER 31 85
UAF-DEFDEV-STRUCT CHARACTER 32 116
.UAF-DEFDEV-STRLEN INTEGER UNSIGNED 1 116
.UAF-DEFDEV CHARACTER 31 117
UAF-DEFDIR-STRUCT CHARACTER 64 148
.UAF-DEFDIR-STRLEN INTEGER UNSIGNED 1 148
.UAF-DEFDIR CHARACTER 63 149
UAF-LGICMD-STRUCT CHARACTER 64 212
.UAF-LGICMD-STRLEN INTEGER UNSIGNED 1 212
.UAF-LGICMD CHARACTER 63 213
UAF-DEFCLI-STRUCT CHARACTER 32 276
.UAF-DEFCLI-STRLEN INTEGER UNSIGNED 1 276
.UAF-DEFCLI CHARACTER 31 277
UAF-CLITABLES-STRUCT CHARACTER 32 308
.UAF-CLITABLES-STRLEN INTEGER UNSIGNED 1 308
.UAF-CLITABLES CHARACTER 31 309
UAF-PWD INTEGER UNSIGNED 8 340
UAF-PWD2 INTEGER UNSIGNED 8 348
UAF-LOGFAILS INTEGER UNSIGNED 2 356
UAF-SALT INTEGER UNSIGNED 2 358
UAF-ENCRYPT INTEGER UNSIGNED 1 360
UAF-ENCRYPT2 INTEGER UNSIGNED 1 361
UAF-PWD-LENGTH INTEGER UNSIGNED 2 362
UAF-EXPIRATION VMSDATE 8 364
UAF-PWD-LIFETIME VMSDATE 8 372
UAF-PWD-DATE VMSDATE 8 380
UAF-PWD2-DATE VMSDATE 8 388
UAF-LASTLOGIN-I VMSDATE 8 396
UAF-LASTLOGIN-N VMSDATE 8 404
UAF-AUTH-PRIV INTEGER UNSIGNED 8 412
.UAF-AUTH-PRIV-1 INTEGER UNSIGNED 2 412
.UAF-AUTH-PRIV-2 INTEGER UNSIGNED 2 414
.UAF-AUTH-PRIV-3 INTEGER UNSIGNED 2 416
.UAF-AUTH-PRIV-4 INTEGER UNSIGNED 2 418
UAF-DEF-PRIV INTEGER UNSIGNED 8 420
UAF-MIN-CLASS CHARACTER 20 428
UAF-MAX-CLASS CHARACTER 20 448
UAF-FLAGS INTEGER UNSIGNED 4 468
.UAF-FLAGS-1 INTEGER SIGNED 2 468
.UAF-FLAGS-2 INTEGER SIGNED 2 470
UAF-NETWORK-ACCESS-P CHARACTER 3 472
UAF-NETWORK-ACCESS-S CHARACTER 3 475
UAF-BATCH-ACCESS-P CHARACTER 3 478
UAF-BATCH-ACCESS-S CHARACTER 3 481
UAF-LOCAL-ACCESS-P CHARACTER 3 484
UAF-LOCAL-ACCESS-S CHARACTER 3 487
UAF-DAILUP-ACCESS-P CHARACTER 3 490
UAF-DIALUP-ACCESS-S CHARACTER 3 493
UAF-REMOTE-ACCESS-P CHARACTER 3 496
UAF-REMOTE-ACCESS-S CHARACTER 3 499
FILLER CHARACTER 12 502
UAF-PRIMEDAYS INTEGER UNSIGNED 2 514
UAF-PRIORITY INTEGER UNSIGNED 1 516
UAF-QUEPRI INTEGER UNSIGNED 1 517
UAF-MAXJOBS INTEGER UNSIGNED 2 518
UAF-MAXACCTJOBS INTEGER UNSIGNED 2 520
UAF-MAXDETACH INTEGER UNSIGNED 2 522
UAF-PRCCNT INTEGER UNSIGNED 2 524
UAF-BIOLM INTEGER UNSIGNED 2 526
UAF-DIOLM INTEGER UNSIGNED 2 528
UAF-TQCNT INTEGER UNSIGNED 2 530
UAF-ASTLM INTEGER UNSIGNED 2 532
UAF-ENQLM INTEGER UNSIGNED 2 534
UAF-FILLM INTEGER UNSIGNED 2 536
UAF-SHRFILLM INTEGER UNSIGNED 2 538
UAF-WSQUOTA INTEGER UNSIGNED 4 540
UAF-WSDEFAULT INTEGER UNSIGNED 4 544
UAF-WSEXTENT INTEGER UNSIGNED 4 548
UAF-PGFLQUOTA INTEGER UNSIGNED 4 552
UAF-CPUTIM INTEGER UNSIGNED 4 556
UAF-BYTLM INTEGER UNSIGNED 4 560
UAF-PBYTLM INTEGER UNSIGNED 4 564
UAF-JTQUOTA INTEGER UNSIGNED 4 568
UAF-PROXY-LIM INTEGER UNSIGNED 2 572
UAF-PROXIES INTEGER UNSIGNED 2 574
UAF-ACCOUNT-LIM INTEGER UNSIGNED 2 576
UAF-ACCOUNTS INTEGER UNSIGNED 2 578
FILLER CHARACTER 832 580
-- Index Contents --
** UAF-USERNAME is a 32 byte UNIQUE PRIMARY ASCENDING index **
Segment Type Size
UAF-USERNAME CHARACTER 32
** UAF-UIC is a 4 byte REPEATING ALTERNATE ASCENDING index **
Segment Type Size
UAF-UIC INTEGER UNSIGNED 4
-Dan Wing, Systems Administrator, University Hospital, Denver
dw...@uh01.colorado.edu or wi...@eisner.decus.org
Chris Olive (x7793)
dw...@uh01.Colorado.EDU (Dan Wing) responds:
|In article <1994Feb23....@homer.mentec.ie>, lia...@homer.mentec.ie writes:
|>Does anyone have a record definition for SYSUAF handy... and
|>is there an easy way of reading priviliges from this... i.e
|>interpreting the bit masks... i know the theory on how they work but
|>something like 00010010001 isn't very meaningful to the naked eye.
|
|Extract and examine the bitmasks from STARLET.MLB:
|
| $ LIBRARY SYS$LIBRARY:STARLET.MLB/MACRO/EXTRACT=*
| $ SEARCH STARLET.MAR PRV$V_
|
|which will show the bit for each privilege.
Ouch! Kinda brutal... Why not select the exact macro? STARLET.MLB
*is* rather large... $ LIBRARY/EXTRACT=$PRVDEF/MACRO/OUTPUT=X.X
SYS$LIBRARY:STARLET would be short and sweet and to the point. It also
does not *fully* address his question: he wants the whole shootin' match.
$ LIBRARY/EXTRACT=$UAFDEF/MACRO/OUTPUT=Y.Y SYS$LIBRARY:LIB would produce
the needed results here, with the offsets easily translated into any other
language, or, alternately, used natively in MACRO (as native a language
there is, eh?).
|Here's a PowerHouse QSHOW listing of the SYSUAF layout, as of VMS V5.5-2.
|This was created by a friend of mine back in the early days of VMS V5.
|
|-dan
|
| [...snipped code...]
That POWERHOUSE stuff was brutal too! It only reminds me why I'm
a *Systems* Programmer and not an *Applications* Programmer. (Not unlike
yourself, I know...)
For the original poster: I have several record definitions laying
around in various languages, and a DCL command procedure for picking
apart the output from LIBRARY/EXTRACT=$UAFDEF/MACRO SYS$LIBRARY:LIB and
building the proper include file in most languages (can be easily configured).
How would you like your record definition written? C? Pascal? Fortran?
DTR? I can do most anything ordinary. No BLISS though, sorry. (But you
could adapt the .COM file to write BLISS for you).
Also be aware, if by chance you are doing this in Pascal, that the
PRV$TYPE type in SYS$LIBRARY:STARLET.PAS (.PEN) can be inherited and used
to address your PRV$V_ vectors.
Chris
_______________________________________________________________________________
___ ___ ___ _ _ ___ _ _ ___
/___ | |__ |\ /| |__ |\ | /___ Chris Olive, VMS Systems Consultant
___/ _|_ |___ | Y | |___ | \| ___/ Internet: ol...@sgi.siemens.com
Medical Systems, Inc. Voice: 708.304.7793
2501 N. Barrington Road. FAX: 708.304.7704
Hoffman Estates, IL 60195 CompuServe: 73740,1636
_______________________________________________________________________________
Dan Wing
> Ouch! Kinda brutal... Why not select the exact macro? STARLET.MLB
>*is* rather large... $ LIBRARY/EXTRACT=$PRVDEF/MACRO/OUTPUT=X.X
>SYS$LIBRARY:STARLET would be short and sweet and to the point. It also
>does not *fully* address his question: he wants the whole shootin' match.
>$ LIBRARY/EXTRACT=$UAFDEF/MACRO/OUTPUT=Y.Y SYS$LIBRARY:LIB would produce
>the needed results here, with the offsets easily translated into any other
>language, or, alternately, used natively in MACRO (as native a language
>there is, eh?).
(I slammed the answer together; I have a copy of STARLET.MAR sitting in
SYS$SHARE so I can find things quickly, and decided to include instructions.
Apologies.)
>|Here's a PowerHouse QSHOW listing of the SYSUAF layout, as of VMS V5.5-2.
>|This was created by a friend of mine back in the early days of VMS V5.
>|
>|-dan
>|
>| [...snipped code...]
>
> That POWERHOUSE stuff was brutal too! It only reminds me why I'm
>a *Systems* Programmer and not an *Applications* Programmer. (Not unlike
>yourself, I know...)
Yup, but with the PowerHouse stuff I can easily make a report that goes
through all users with a WSquota greater than, say, 800, and less than, say,
2000 and change them all to 1500, all mostly-automaticly. Handy.
> For the original poster: I have several record definitions laying
>around in various languages, and a DCL command procedure for picking
>apart the output from LIBRARY/EXTRACT=$UAFDEF/MACRO SYS$LIBRARY:LIB and
>building the proper include file in most languages (can be easily configured).
>How would you like your record definition written? C? Pascal? Fortran?
>DTR? I can do most anything ordinary. No BLISS though, sorry. (But you
>could adapt the .COM file to write BLISS for you).
Care to post your code to vmsnet.sources?
John Whitehorn
Did I miss something at the begining of the thread, but whats wrong with using
the system service $GETUAI, I use this in a number of programs. I've even got
some software using $GETUAI and $SETUAI, to allow unprivileged user to create,
modify and delete usernames within the same department. As a sample, below is a
short and simple Fortran program to list the following fields of SYSUAF.SYS:
Username, Owner, Lastlogin and Logfails.
-------------------------- cut here -------------------------------------
program auth_used
implicit integer*4 (a-z)
include '($ssdef)'
include '($uaidef)'
structure / itmlst /
union
map
integer*2 buflen,
1 code
integer*4 bufadr,
1 retlenadr
end map
map
integer*4 end_list
end map
end union
end structure
integer*4 lastlogin(2)
integer*2 logfails
character*23 time
character*32 username,
1 owner
record / itmlst / uai_list(4)
uai_list(1).buflen=32
uai_list(1).code=uai$_owner
uai_list(1).bufadr=%loc(owner)
uai_list(1).retlenadr=%loc(len_owner)
uai_list(2).buflen=8
uai_list(2).code=uai$_lastlogin_i
uai_list(2).bufadr=%loc(lastlogin)
uai_list(2).retlenadr=%loc(len_lastlogin)
uai_list(3).buflen=2
uai_list(3).code=uai$_logfails
uai_list(3).bufadr=%loc(logfails)
uai_list(3).retlenadr=%loc(len_logfails)
uai_list(4).end_list=0
context=0
100 status=sys$idtoasc(%val(-1),len_username,
1 username,,,context)
if ( status .ne. ss$_normal ) stop
status=sys$getuai(,,username(1:len_username),
1 uai_list,,,)
if ( status .eq. ss$_normal ) then
if ( logfails .ne. 0 ) then
status=sys$asctim(,time,lastlogin,)
if ( time(1:11) .eq. '17-NOV-1858' ) time(1:11)='Never '
write(6,'(1x,A,T13,A,T46,A11,2x,I4)')
1 username(1:len_username),owner(2:len_owner),
1 time(1:11),logfails
endif
endif
goto 100
end
----------------------------------------------------------------------------
John
Brad Brighton
Path: viper!psinntp!psinntp!uunet!MathWorks.Com!europa.eng.gtefsd.com!howland.reston.ans.net!EU.net!ieunet!ieunet!homer.mentec.ie!liam_b
From: lia...@homer.mentec.ie
Newsgroups: comp.os.vms
Date: 23 Feb 94 10:53:50 GMT
Organization: Mentec Computer Systems, Dublin, Ireland
Lines: 12
Hi,
Thanks in advance,
Liam
As of 5.something, DEC has provided the $GETUAI and $SETUAI sys service calls to get at the data
in the SYSUAF file. Look in the sys svc ref manual and you'll find the description, as well as
ways to interpret the privs --
The official line is that direct access to the UAF file is unsupported not that the services are
there.
-brad
--
-- __
Brad Brighton \ / /(_ /\/ 11440 Commerce Park Drive
br...@visix.com \/ / __)/ /\ Reston, Virginia 22091
Software Inc Voice: (703) 758-8230
'But on eliminating FAX: (703) 758-0233
every other reason
for our sad demise - they logged the only explanation left-
This species has amused itself to death' - Roger Waters
wil...@fractl.tn.cornell.edu
I don't know exactly the origional poster was trying to do but
wouldn't it be a lot easier (as well as supported) to simply
use the $getuai system service to access the various things
that are needed ? What happens to any code that uses direct
access to the sysuaf when the format changes ? I heard this
was happening in an upcoming release of VMS.
----Bill
Carl J Lydick
For which version of VMS? The format of SYSUAF has changed. Why not use
SYS$GETUAI?
=and is there an easy way of reading priviliges from this... i.e
=interpreting the bit masks... i know the theory on how they work but
=something like 00010010001 isn't very meaningful to the naked eye.
See the module $PRVDEF in SYS$LIBRARY:STARLET.MLB (if you're programming in
MACRO), the module $PRVDEF in SYS$LIBRARY:FORSYSDEF.TLB (if you're programming
in FORTRAN), or the module PRVDEF in SYS$LIBRARY:VAXCDEF.TLB (if you're
programming in C). If you're programming in a language other than one of the
above, check the appropriate library.
--------------------------------------------------------------------------------
Carl J Lydick | INTERnet: CA...@SOL1.GPS.CALTECH.EDU | NSI/HEPnet: SOL1::CARL
Disclaimer: Hey, I understand VAXen and VMS. That's what I get paid for. My
understanding of astronomy is purely at the amateur level (or below). So
unless what I'm saying is directly related to VAX/VMS, don't hold me or my
organization responsible for it. If it IS related to VAX/VMS, you can try to
hold me responsible for it, but my organization had nothing to do with it.
Charles W. Young
=Does anyone have a record definition for SYSUAF handy...
How about
$EDIT/FDL/<mumble> ...
I once figured out all of this stuff (VMS V2.8) and then used MCR PATCH to
give myself privs (before the sysman re-installed PATCH as non-priv).
chuck