Whoot ! Okay - here's a (very ugly) first pass scriptlet which appears to work. Caveat: I only got good results about 5 minutes ago, and I'm doing some pretty stupid stuff in here like using some vars for two distinct things ....
use strict; use diagnostics; use VMS::IndexedFile; use Data::Dumper; use VMS::Filespec "rmsexpand";
my $sysuaffile = rmsexpand ('sysuaf');
my $rightsfile = rmsexpand ('rightslist') . ".dat";print "$sysuaffile\n"; print "$rightsfile\n";
tie (my %sysuaf, "VMS::IndexedFile", $sysuaffile, 0, O_RDONLY)
|| die "Can't open SYSUAF file: $!:$^E\n";
tie (my %rightslist_1, "VMS::IndexedFile", $rightsfile, 1, O_RDONLY)
|| die "Can't open RIGHTSLIST file: $!:$^E\n";
tie (my %rightslist_0, "VMS::IndexedFile", $rightsfile, 0, O_RDONLY)
|| die "Can't open RIGHTSLIST file: $!:$^E\n";sub getAccountRights ($)
{
my $account = shift;
my @idList; #
# Get the UID out of the sysuaf record for $account, and put it in
# the packed UID format. my ($userid, $uid, $gid, $name) =
unpack ("x4 a12 x20 S S x45 a31", $sysuaf{$account});
my $accountid = pack ("SS", $uid, $gid); #
# Rightslist key 0 record format is
# 4 byte rights id,
# 4 byte flag
# 4 byte holder uid
# 4 byte flag
# 32 byte name
#
# Read rightslist key 0 until the account uid != holder uid.
# my $rightsinfo = $rightslist_1{$accountid};
my ($r_uid, $r_gid) = unpack ("x8 S S", $rightsinfo);
my $rightsid = pack ("SS", $r_uid, $r_gid); while ($rightsid eq $accountid)
{
($r_uid, $r_gid) = unpack ("S S", $rightsinfo);
$rightsid = pack ("SS", $r_uid, $r_gid); my $rightsnameinfo = $rightslist_0{$rightsid};
my $r_name = unpack ("x16 A32", $rightsnameinfo);
# print " $account: $r_name\n";
push @idList, $r_name;
$rightsinfo = $rightslist_1{''};
($r_uid, $r_gid) = unpack ("x8 S S", $rightsinfo);
$rightsid = pack ("SS", $r_uid, $r_gid);
}return @idList;
}
Hope this is useful to someone else. Have fun ! -- Pat
Patrick Spinler wrote:
Hello:
We have a frequently called procedure which need to determine whether an account possesses certain sets of rights ids.
Our current DCL code gets this information by calling dumping mcr authorize show /rights to a file and parsing the results. This, however, is slow and icky to maintain.
I'd like to use VMS::Indexedfile, open rightslist.dat directly, and determine the same info.
I have code which successfully opens the rightlist.dat (for key 1, "holder") and finds at least one record matching the passed UIC. My next questions are:
a) what's the format of the returned record ? Can anyone point me to the appropriate documentation. Guide to System Security was a bust. :-(
b) how may I find any other records after the first with that particular UIC as the holder ?
Thanks ! -- Pat
