NEWACCT PARM acct,mgr ANYPARM parm_list=![''] #OPTION nohelp # Version B.12 # (note: it is preferred to define the newacct udc prior to the newgroup udc # since there is the possibility of the NEWGROUP UDC invoking the real # :newacct command) # # This UDC is a substitute for the MPE NEWACCT command. It typically creates # an account on a user volume set and on the system volume set via two :newacct # commands. It supports all :newacct parameters but does not require the # user to specify a user volume set name (onvs=). It also creates the PUB # group for the new account on the same volume set as the account. There is a # companion NEWGROUP UDC. # # A log file ("/tmp/UDCVOL/log") is used to track the creation and modification # of all users, accounts, and groups. Write access to this file is required. # The log location is controlled via the _USERVOL_LOGFILE environment variable, # which if set to "" suppresses logging. # # This UDC may not work well in all environments, and was developed primarily # for interactive users. Thus, the UDC can "pass thru" the command string # to the real NEWACCT command by setting the _USERVOL_SKIP variable. More # details on the _USERVOL_SKIP variable can be read below. # # A user volume set can be specified on the command line, but for convenience # and uniformity, it may be better to use the user volume set configuration # file named ACCTUVOL.pub.sys. Note: this filename can be overridden via the # _USERVOL_FILE CI variable. The acctuvol file maps user volume set names to # group.acct or just account names. The layout is shown below. This file # is searched for a matching account name. If the name is found (wildcarding # is supported) then the associated volume set name will be used for the new # account. # # If a specific account entry cannot be located then the user may be prompted # for the user volume set name. Additionally, the user can decide if s/he # wants to append the user volume entry to the acctuvol file. Note: prompting # can be disabled via the _USERVOL_PROMPT CI variable. Prompting is suppressed # in batch. As a last resort the system volume set is used. # # The precedence rules for the volume set name are summarized below: # (1) command line onvs= has precedence over # (2) account entry in the acctuvol file, which has precedence over # (3) user prompted name, which has precedence over # (4) mpexl_system_volume_set. # # If FILES= is specified then this value is applied only to the user volume. # FILES=0 is assigned to the counterpart system volume account. A new SYSFILES= # parameter allows disk space to be allocated to the system volumeset too. # # If PASS= is specified a minimum length is enforced. Also "*" as a password # value means that a random password will be automatically generated. Minimum # password lengths are controlled by the _USERVOL_PASS_MINLEN variable. # # This UDC ensures that CV and UV capabilities are granted. # # The ACCTUVOL file should grant read access to the users of this UDC and # allow write access to users wishing to append to the file. The format of # the ACCTUVOL file is: # # comments... # group.acct (17 chars) user_vol_name1 (32 chars) # @grp@.acct user_vol_name2 # @.acct user_vol_name3 # acctname1 (8 chars) user_volume_set_name4 # acctname2 user_volume_set_name5 # ... # @.@ last_case_user_vol # # Searching in ACCTUVOL stops on the first match, so specific entries should # precede generic (wildcard) entries. # # Spaces or tabs must separate the account name from the volset name. # There is a one-to-one mapping of account names and volset names. # # Note: You don't have to have long_volume_set_names, short names are # easier to type! # # Note: $SYS is a supported abbreviation for MPEXL_SYSTEM_VOLUME_SET. # # This UDC calls the ACCTVS UDC to search the ACCTUVOL file. # # Influencing CI Variables: # _USERVOL_SKIP. This CI variable controls whether or not the UDC actually # executes or simply passes through to the real command. Possible values: # JOB -- meaning skip the UDC if executed in a job # UDC -- meaning skip the UDC if executed from within another UDC # PGM -- meaning skip the UDC if executed programmatically. # Combinations of the above values are permitted. The default is # "JOB UDC PGM", meaning that the NEWACCT UDC will pass-thru to the real # newacct command when invoked from a job, from a UDC/script or # programmatically. # # _USERVOL_PROMPT. This CI variable control whether or not the user is # prompted for a volume set name if the account name cannot be located # in the ACCTUVOL config file. If this variable is FALSE and no match # was found the prompt is suppressed; otherwise the interactive # user is prompted. # # _USERVOL_FILE. This CI variable defines the name of the account-to-user- # volume mapping file -- referred here to as the ACCTUVOL file. # "acctuvol.pub.sys" is the default but is overridden by this variable. # This variable lets multiple users use different config files. # # _USERVOL_LOGFILE. This CI variable defines the name of the world writeable # log file. The default is /tmp/UDCVOL/log. # # _USERVOL_PASS_MINLEN. This CI variable defines the minimum acceptable # character length for a password. This minimum is enforced for PASS=value # in the command line and for user entered and randomly generated # passwords. Default is 5 characters. # # _USERVOL_VERBOSE. This CI variable sets the script into verbose mode, # which writes some diagnostic information to $stdlist. The default is # FALSE which reduces output. Set the variable to TRUE to get more # informational messages. errclear if pos('SM,',hpusercapf) = 0 then echo You need SM capabilities to execute this command. return endif # downshift and deblank parameter list setvar _na_parms dwns('!parm_list') if _na_parms <> '' then setvar _na_parms ';' + repl(_na_parms,' ','') endif # special 'escape' for MPEX until further notice... if bound(insideMPEX) and insideMPEX = 1 then # run CI to execute the UDC to avoid some problems in MPEX. xeq ci.pub.sys;info='newacct !acct,!mgr !_na_parms';parm=3 deletevar _na_@ return endif # *** Begin customize with CI variables *** # ** _USERVOL_LOGFILE ** setvar _na_log '/tmp/UDCVOL/log' if bound(_USERVOL_LOGFILE) then if typeof(_uservol_logfile) <> 2 then echo _USERVOL_LOGFILE CI variable must be a string filename value. echo "!_na_log" is assumed. else setvar _na_log _uservol_logfile endif endif # ** _USERVOL_VERBOSE ** setvar _na_verbose '#' if bound(_USERVOL_VERBOSE) then if typeof(_uservol_verbose) <> 3 then echo _USERVOL_VERBOSE CI variable must be boolean TRUE or FALSE. echo FALSE is assumed. elseif _uservol_verbose then setvar _na_verbose 'echo' endif endif # ** _USERVOL_SKIP ** SKIPTEST if hpcierr = 1 then # bypass this UDC! !_na_verbose Pass-thru directly to NEWACCT command... errclear continue newacct !acct,!mgr !_na_parms if hpcierr > 0 then # CI errors are positive, warnings are negative escape !hpcierr endif udcvollog !_na_log, NEWACCT !acct,!mgr !_na_parms deletevar _na_@ return endif # ** _USERVOL_PROMPT ** setvar _na_prompt true if bound(_USERVOL_PROMPT) then if typeof(_uservol_prompt) <> 3 then echo _USERVOL_PROMPT CI variable must be boolean TRUE or FALSE. echo TRUE is assumed and volumeset prompting may occur. else setvar _na_prompt _uservol_prompt endif endif setvar _na_prompt _na_prompt and hpinteractive # ** _USERVOL_PASS_MINLEN ** setvar _na_minpasslen 5 if bound(_USERVOL_PASS_MINLEN) then if typeof(_uservol_pass_minlen) <> 1 then echo _USERVOL_PASS_MINLEN CI variable must an integer between 1 and 8. echo 5 is the default password length. elseif _uservol_pass_minlen < 1 or _uservol_pass_minlen > 8 then echo _USERVOL_PASS_MINLEN must be in the range 1..8 -- 5 is default. else setvar _na_minpasslen _uservol_pass_minlen endif endif # ** _USERVOL_FILE ** setvar _na_file 'ACCTUVOL.PUB.SYS' if bound(_USERVOL_FILE) then if typeof(_uservol_file) <> 2 then echo _USERVOL_FILE CI variable must be a string filename value. echo "!_na_file" is assumed. else setvar _na_file _uservol_file endif endif # *** End customize with CI variables *** # delete _na_vs_name var since its existence is tested later. if bound(_na_vs_name_) then deletevar _na_vs_name endif # account password must be at least _uservol_pass_minlen length, if used if setvar(_na_pos,pos(';pass=',_na_parms)) > 0 and & setvar(_na_pass,word(_na_parms,,2,,_na_pos+5)) <> "" then # pass=value specified. setvar _na_parms repl(_na_parms,';pass=!_na_pass','') if _na_pass = "*" then # generate a pseudo random password echo A random account password was assigned. RANDNAME _na_pass !_na_minpasslen elseif len(_na_pass) < _na_minpasslen or len(_na_pass) > 8 then echo Password must be between !_na_minpasslen and 8 characters. PASSPROMPT _na_pass, !_na_minpasslen,, !_na_prompt & "Enter the account password (* for random): " endif setvar _na_parms _na_parms + ';pass=!_na_pass' endif # See if ;onvs= was specified. if setvar(_na_pos,pos(';onvs=',_na_parms)) > 0 then # capture the volset name setvar _na_vs_name word(_na_parms,,2,,_na_pos+5) # delete the onvs=volset from the parms line setvar _na_parms repl(_na_parms,';onvs=!_na_vs_name','') if _na_vs_name = '$sys' then setvar _na_vs_name "mpexl_system_volume_set" endif if _na_vs_name = '' then # ;onvs= specified, prompt for vs name. # This differs from the MPE behavior of defaulting to the sys volset deletevar _na_vs_name endif endif # see if the volset config file exists. if not setvar(_na_file_exists,finfo(_na_file,'exists')) then # file not found, echo message if no volset name has been provided. if not bound(_na_vs_name) then echo "!_na_file" volumeset config file not found. echo This file maps account names to user volume names. endif else # volset config file exists, lookup acct in the acctuvol file. if bound(_na_vs_tmp) then deletevar _na_vs_tmp endif # search config file for the supplied acct name. ACCTVS !acct _na_vs_tmp $null if cierror = 1108 then if _na_prompt then echo Volumeset "!_na_vs_name" is not mounted. You can continue echo to use this volumeset name, or you can stop now. if dwns(lft(input('Stop y/N? '),1)) = 'y' then deletevar _na_@ escape 1108 endif else # prompting not allowed... echo !hpcierrmsg echo Continuing with unmounted "!_na_vs_name" volumeset endif # else, no expected :report error, so assume user-supplied volset is ok endif if not bound(_na_vs_tmp) and _na_file_exists and _na_prompt then # no match in config file, ok to prompt echo Append "!acct --> !_na_vs_name" to config file (!_na_file)? if dwns(lft(input(' Yes or No? '),1)) = 'y' then # append this entry to the acctuvol file via the APPUVOL UDC APPUVOL !_na_file !acct !_na_vs_name else echo Entry not added to config file. This means all new groups added to this echo account will not find a match in the "!_na_file" file, forcing your echo AM's to enter the appropriate volumeset name for each :newgroup command. echo You may edit "!_na_file" to include the above entry. echo endif endif endif # Need to separate user volume args from system volset args setvar _na_files '' setvar _na_caps '' # deal with new parm SYSFILES= if setvar(_na_pos,pos(';sysfiles=',_na_parms)) > 0 then # sysfiles= overrides files=0 for the system volset setvar _na_sysfiles word(_na_parms,,2,,_na_pos+9) setvar _na_parms repl(_na_parms,';sysfiles=!_na_sysfiles','') else setvar _na_sysfiles 0 endif # deal with FILES= if setvar(_na_pos,pos(';files=',_na_parms)) > 0 then # force files=0 (or the sysfiles=value) for system volset; # use files=value only for the user volset setvar _na_files word(_na_parms,,2,,_na_pos+6) setvar _na_parms & repl(_na_parms,';files=!_na_files',';files=!_na_sysfiles') else # append 'files=sysfiles value' setvar _na_parms _na_parms + ';files=!_na_sysfiles' endif # deal with CAP= if setvar(_na_pos,pos(';cap=',_na_parms)) > 0 then # save caps for sys volset; remove cap= for user volset setvar _na_caps word(_na_parms,';= ',2,,_na_pos+4) setvar _na_parms repl(_na_parms,';cap='+_na_caps,'') # force UV,CV caps if _na_caps = '' then # ;cap= specified, append ;cap=CV,UV to default caps setvar _na_caps 'AM,AL,GL,ND,SF,CV,UV,BA,IA' !_na_verbose adding CV,UV capabilities elseif pos('cv',_na_caps) = 0 and pos('uv',_na_caps) = 0 then setvar _na_caps _na_caps + ',CV,UV' !_na_verbose adding CV,UV capabilities elseif pos('cv',_na_caps) = 0 then setvar _na_caps _na_caps + ',CV' !_na_verbose adding CV capability elseif pos('uv',_na_caps) = 0 then setvar _na_caps _na_caps + ',UV' !_na_verbose adding UV capability endif setvar _na_caps ';cap='+_na_caps else # cap= not specified so append ;cap=CV,UV to default caps setvar _na_caps ';cap=AM,AL,GL,ND,SF,CV,UV,BA,IA' !_na_verbose adding CV,UV capabilities endif if setvar(_na_acct_exists,finfo(ups('/!acct'),'exists')) then echo Account "/![ups('!acct')]" already exists, skipping system & volume :newacct # set "duplicate name in directory" error setvar cierror 906 else # execute system volume version of NEWACCT if not bound(_na_vs_name) then echo ![chr(27)]&dB Using only the system volume set.... endif echo Executing :newacct !acct,!mgr !_na_parms !_na_caps errclear continue newacct !acct,!mgr !_na_parms !_na_caps # note: this has also created the PUB group on the system volume if hpcierr > 0 then echo ERROR! :newacct failed on SYSTEM volume set. echo No user volumeset commands were executed. deletevar _na_@n escape endif udcvollog !_na_log, NEWACCT !acct,!mgr !_na_parms !_na_caps endif # Add CV,UV to acct mgr user, even if the acct already existed. continue altuser !mgr.!acct;cap=+CV,UV >$null if bound(_na_vs_name) then # continue even if error in :newacct above... # execute user volume version of NEWACCT echo Executing :newacct !acct,!mgr ;onvs=!_na_vs_name;files=!_na_files errclear continue newacct !acct,!mgr ;onvs=!_na_vs_name;files=!_na_files # note: this has also created the PUB group on the user volume if hpcierr > 0 then echo ERROR! :newacct failed on "!_na_vs_name" volume set. else udcvollog !_na_log, NEWACCT !acct,!mgr;onvs=!_na_vs_name;files=!_na_files if not _na_acct_exists then # created the new acct on sys volset above so its ok to # "home" the PUB group to the user volume set !_na_verbose Executing :altgroup pub.!acct;homevs=!_na_vs_name;files=0 continue altgroup pub.!acct;homevs=!_na_vs_name;files=0 endif # fixup files= on PUB group on user volset !_na_verbose Executing :altgroup pub.!acct;onvs=!_na_vs_name;& files=!_na_files continue altgroup pub.!acct;onvs=!_na_vs_name;files=!_na_files endif endif # Cleanup deletevar _na_@ return Version History (YYMMDD): 05/07/26 JV B.12 added logging to /tmp/UDCVOL/log. Fixed bug when ;sysfiles= and ;files= specified w/o a user volset. Allow +CV,UV caps to be added even if volset=$sys. 03/11/10 JV B.11 changed error handling so that user volume related commands are not executed if NEWACCT fails. 01/09/25 JV B.10 added SYSFILES= parm to allow disk space on $SYS and removed requirement for always using a password. 01/09/17 JV B.09 clean up volset prompting, appending and verification. 01/04/30 JV B.08 prompt for unmounted volset name and support $SYS. 00/10/17 JV B.07 support of required passwords, random passwords, minimum password length and validating user entered volset names. 99/10/19 JV B.06 support pass-thru so that UDC is skipped in certain environments (like jobs). Deleted support of JCWs TRUE/FALSE. CI used to bypass MPEX. 98/11/24 JV B.05 use ALTUSER to add CV,UV to acct mgr user. 98/11/23 JV B.04 when adding CV,UV caps I also needed to specify the default caps for :newacct (AM,AL,GL,ND,SF,IA,BA). 98/11/05 JV B.03 set cierror to 906 when acct on sysvol already exists for BULDACCT compatibility. 98/10/23 JV B.02 handle case where user has TRUE/FALSE defined as JCWs. 98/09/14 JV B.01 removed 5.5 workarounds for dynamic comments in while loops. Don't prompt to append user-entered volset to config file if file does not exist. This is a 6.0-only version. 98/06/22 JV A.05 Fixed bug with ;files=, onvs= or ;cap= as the last token. 98/04/09 JV A.04 Error handling for newacct/altgroup failures, append CV,UV caps for newacct if not present. 98/02/26 JV Created by Jeff Vance, HP-CSY. End of NEWACCT UDC *** ************* NEWGROUP PARM group ANYPARM parm_list=![''] #OPTION nohelp # Version B.07 # (Note: it is preferred to define the NEWACCT UDC prior to the NEWGROUP UDC # since there is the possibility of the NEWGROUP UDC invoking the real # :newacct command) # # This UDC is a substitute for the MPE NEWGROUP command. It typically creates # a group on a user volume set and on the system volume set via two :newgroup # commands. It supports all :newgroup parameters but does not require the # user to specify a user volume set name (onvs= nor homevs=). There is a # companion NEWACCT UDC. # # This UDC may not work well in all environments, and was developed primarily # for interactive users. Thus, the UDC can "pass thru" the command string # to the real NEWGROUP command by setting the _USERVOL_SKIP variable. More # details on the _USERVOL_SKIP variable can be read below. # # A log file ("/tmp/UDCVOL/log") is used to track the creation and modification # of all users, accounts, and groups. Write access to this file is required. # The log location is controlled via the _USERVOL_LOGFILE environment variable, # which if set to "" suppresses logging. # # A user volume set can be specified on the command line, but for convenience # and uniformity, it may be better to use the user volume set configuration # file named ACCTUVOL.pub.sys. Note: this filename can be overridden via the # _USERVOL_FILE CI variable. The acctuvol file maps user volume set names to # group.acct or just account names. The layout is shown below. This file # is searched for a matching group.acct or account name. If the name is # found (wildcarding is supported) then the associated volume set name will # be used for the new group. # # If a specific group.acct or account entry is not found in the "acctuvol" # file the user may be prompted for the user volume set name. If the user # supplies a volumeset name s/he will have the option of appending this # volumeset and associated [group.]acct entry to the acctuvol file. Note: # prompting can be disabled via the _USERVOL_PROMPT CI variable. Prompting is # suppressed in batch. As a last resort the system volume set is used. # # The precedence rules for the volume set name are summarized below: # (1) command line onvs= (or homevs=) has precedence over # (2) group.acct entry in the acctuvol file, which has precedence over # (3) account entry in the acctuvol file, which has precedence over # (4) user prompted name, which has precedence over # (5) mpexl_system_volume_set. # # If FILES= is specified then this value is applied only to the user volume. # FILES=0 is assigned to the counterpart system volume group. # # If PASS= is specified a minimum length is enforced. Also "*" as a password # value means that a random password will be automatically generated. Minimum # password lengths are controlled by the _USERVOL_PASS_MINLEN variable. # # If the parent account is missing from the target volumeset and the user has # SM capability it is possible to create the account on the correct user # volume. In this situation the user is prompted for the FILES= limit and # account manager (user) name for this new account. # # ACCTUVOL should grant read access to the users of this UDC and allow write # access for users able to append to the file. The format of the file is: # # comments... # group.acct (17 chars) user_vol_name1 (32 chars) # @grp@.acct user_vol_name2 # @.acct user_vol_name3 # acctname1 (8 chars) user_volume_set_name4 # acctname2 user_volume_set_name5 # ... # @.@ last_case_user_vol # # Searching in ACCTUVOL stops on the first match, so specific entries should # precede generic (wildcard) entries. # # Spaces or tabs must separate the account name from the volset name. # There is a one-to-one mapping of account names and volset names. # # Note: You don't have to have long_volume_set_names, short names are # easier to type! # # Note: $SYS is a supported abbreviation for MPEXL_SYSTEM_VOLUME_SET. # # This UDC calls the ACCTVS UDC to search the ACCTUVOL file. # # Influencing CI Variables: # _USERVOL_SKIP. This CI variable controls whether or not the UDC actually # executes or simply passes through to the real command. Possible values: # JOB -- meaning skip the UDC if executed in a job # UDC -- meaning skip the UDC if executed from within another UDC # PGM -- meaning skip the UDC if executed programmatically. # Combinations of the above values are permitted. The default is # "JOB UDC PGM", meaning that the NEWGROUP UDC will pass-thru to the real # newgroup command when invoked from a job, from a UDC/script or # programmatically. # # _USERVOL_PROMPT. This CI variable controls whether or not the user is # prompted for a volume set name if the grp.acct and acct names cannot be # located in the ACCTUVOL config file. If this variable is FASLE and a # match was not found the prompt is suppressed; otherwise the interactive # user is prompted. # # _USERVOL_PASS_MINLEN. This CI variable defines the minimum acceptable # character length for a password. This minimum is enforced for PASS=value # in the command line and for user entered and randomly generated # passwords. Default is 5 characters. # # _USERVOL_FILE. This CI variable defines the name of the grp.acct-to-user- # volume mapping file -- referred here to as the ACCTUVOL file. # "acctuvol.pub.sys" is the default but is overridden by this variable. # This variable lets multiple users use different config files. # # _USERVOL_LOGFILE. This CI variable defines the name of the world writeable # log file. The default is /tmp/UDCVOL/log. # # _USERVOL_FORCESM. This CI variable, if set to true, forces SM cap to be # required to execute :newgroup. Default is false. # # _USERVOL_VERBOSE. This CI variable sets the script into verbose mode, # which writes some diagnostic information to $stdlist. The default is # FALSE which reduces output. Set the variable to TRUE to get more # informational messages. errclear setvar _ng_SM pos('SM',hpusercapf) > 0 if (not _ng_SM) and pos('AM',hpusercapf) = 0 then echo You need AM or SM capabilities to execute this command. return endif # downshift and deblank parameter list setvar _ng_parms dwns('!parm_list') if _ng_parms <> '' then setvar _ng_parms ';' + repl(_ng_parms,' ','') endif # special 'escape' for MPEX until further notice... if bound(insideMPEX) and insideMPEX = 1 then # run CI to execute the UDC to avoid some problems in MPEX. xeq ci.pub.sys;info='newgroup !group !_ng_parms;parm=3 deletevar _ng_@ return endif # *** Begin customize with CI variables *** # ** _USERVOL_LOGFILE ** setvar _ng_log '/tmp/UDCVOL/log' if bound(_USERVOL_LOGFILE) then if typeof(_uservol_logfile) <> 2 then echo _USERVOL_LOGFILE CI variable must be a string filename value. echo "!_ng_log" is assumed. else setvar _ng_log _uservol_logfile endif endif # ** _USERVOL_FORCESM ** setvar _ng_reqSM false if bound(_USERVOL_FORCESM) then if typeof(_uservol_forceSM) <> 3 then echo _USERVOL_FORCESM CI variable must be boolean TRUE or FALSE. echo FALSE is assumed thus an AM user will be able to execute NEWGROUP. else setvar _ng_reqSM _uservol_forceSM endif endif # ** _USERVOL_VERBOSE ** setvar _ng_verbose '#' if bound(_USERVOL_VERBOSE) then if typeof(_uservol_verbose) <> 3 then echo _USERVOL_VERBOSE CI variable must be boolean TRUE or FALSE. echo FALSE is assumed. elseif _uservol_verbose then setvar _ng_verbose 'echo' endif endif # ** _USERVOL_SKIP ** SKIPTEST if hpcierr = 1 then # bypass this UDC! !_ng_verbose Pass-thru directly to NEWGROUP command... errclear continue newgroup !group !_ng_parms if hpcierr > 0 then # CI errors are positive, warnings are negative escape !hpcierr endif udcvollog !_ng_log, NEWGROUP !group !_ng_parms deletevar _ng_@ return endif # ** _USERVOL_PROMPT ** setvar _ng_prompt true if bound(_USERVOL_PROMPT) then if typeof(_uservol_prompt) <> 3 then echo _USERVOL_PROMPT CI variable must be boolean TRUE or FALSE. echo TRUE is assumed and volumeset prompting may occur. else setvar _ng_prompt _uservol_prompt endif endif setvar _ng_prompt _ng_prompt and hpinteractive # ** _USERVOL_PASS_MINLEN ** setvar _ng_minpasslen 5 if bound(_USERVOL_PASS_MINLEN) then if typeof(_uservol_pass_minlen) <> 1 then echo _USERVOL_PASS_MINLEN CI variable must an integer between 1 and 8. echo 5 is the default password length. elseif _uservol_pass_minlen < 1 or _uservol_pass_minlen > 8 then echo _USERVOL_PASS_MINLEN must be in the range 1..8 -- 5 is default. else setvar _ng_minpasslen _uservol_pass_minlen endif endif # ** _USERVOL_FILE ** setvar _ng_file 'ACCTUVOL.PUB.SYS' if bound(_USERVOL_FILE) then if typeof(_uservol_file) <> 2 then echo _USERVOL_FILE CI variable must be a string filename value. echo "!_ng_file" is assumed. else setvar _ng_file _uservol_file endif endif # *** End customize with CI variables *** # see if SM is required. MPEX and uservol_skip bypass this check. if not _ng_SM and _ng_reqSM then echo ** SM capability required to execute NEWGROUP ** escape endif # Extract the group and account names if pos('.','!group') = 0 then setvar _ng_group ups('!group') setvar _ng_acct hpaccount else setvar _ng_group ups(word('!group','.')) setvar _ng_acct ups(word('!group','.',-1)) endif setvar _ng_grpacct '!_ng_group.!_ng_acct' setvar _ng_px_grpacct '/!_ng_acct/!_ng_group' # See if the account exists if not finfo(ups('/!_ng_acct'),'exists') then # note: the acct does not have to exist on the target user volume. echo Account "!_ng_acct" does not exist on the system volume. deletevar _ng_@ return endif # delete _ng_vs_name and _ng_home_name vars. if bound(_ng_vs_name) then deletevar _ng_vs_name endif if bound(_ng_home_name) then deletevar _ng_home_name endif # group password must be at least _uservol_pass_minlen length, if used if setvar(_ng_pos,pos(';pass=',_ng_parms)) > 0 and & setvar(_ng_pass,word(_ng_parms,,2,,_ng_pos+5)) <> "" then # pass=value specified. setvar _ng_parms repl(_ng_parms,';pass=!_ng_pass','') if _ng_pass = "*" then # generate a pseudo random password echo A random account password was assigned. RANDNAME _ng_pass !_ng_minpasslen elseif len(_ng_pass) < _ng_minpasslen or len(_ng_pass) > 8 then echo Password must be between !_ng_minpasslen and 8 characters. PASSPROMPT _ng_pass, !_ng_minpasslen,, !_ng_prompt & "Enter the user password (* for random): " endif setvar _ng_parms _ng_parms + ';pass=!_ng_pass' endif # Precedence Rule 1: # see if ;onvs= or homevs= were specified. # if setvar(_ng_pos,pos(';onvs=',_ng_parms)) > 0 then # capture the volset name setvar _ng_vs_name word(_ng_parms,,2,,_ng_pos+5) # delete the onvs=volset from the parms line setvar _ng_parms repl(_ng_parms,';onvs=!_ng_vs_name','') if _ng_vs_name = '$sys' then setvar _ng_vs_name "mpexl_system_volume_set" endif # special case for ;onvs= if _ng_vs_name = '' then deletevar _ng_vs_name endif endif if setvar(_ng_pos,pos(';homevs=',_ng_parms)) > 0 then # capture the home volset name setvar _ng_home_name word(_ng_parms,,2,,_ng_pos+7) # delete the homevs=volset from the parms line setvar _ng_parms repl(_ng_parms,';homevs=!_ng_home_name','') # special case for ;homevs= if _ng_home_name = '' then deletevar _ng_home_name endif endif # Handle conflicts on home volset and onvs volset used together if bound(_ng_vs_name) and bound(_ng_home_name) and & _ng_vs_name <> _ng_home_name then echo ONVS and HOMEVS volumeset names must be the same. deletevar _ng_@ return endif # Treat homevs= and onvs= the same. Script only tests for _ng_vs_name. if bound(_ng_home_name) then setvar _ng_vs_name _ng_home_name endif if not bound(_ng_vs_name) then !_ng_verbose Using "!_ng_file" as the user volume config file. if not setvar(_ng_file_exists,finfo(_ng_file,'exists')) then echo !_ng_file not found. echo This file maps group.account names to user volume names. else # Precedence Rule 2: # search for matching group.acct entry in acctuvol file ...and... # Precedence Rule 3: # search for matching acct entry in acctuvol file !_ng_verbose Searching for "!_ng_grpacct" or "!_ng_acct" in config file ACCTVS !_ng_grpacct _ng_vs_name "!_ng_vs_name" else !_ng_verbose ... not found endif endif endif if not bound(_ng_vs_name) then # Precedence Rule 4: # prompt interactive user for volset name # if _ng_prompt then input _ng_vs_name, 'Enter the volumeset for "!_ng_grpacct": ' if _ng_vs_name = '' or _ng_vs_name = '$sys' or & _ng_vs_name = 'mpexl_system_volume_set' then # using the system volset deletevar _ng_vs_name elseif _ng_file_exists then # prompt SM user to add this volume set to the acctuvol file. if _ng_SM and dwns(lft(input('Append "!_ng_acct --> !_ng_vs_name" & to config file (!_ng_file)? '),1)) = 'y' then # append just the acct entry to the acctuvol file APPUVOL !_ng_file !_ng_acct !_ng_vs_name echo ... !_ng_acct entry added... endif endif endif endif setvar _ng_files '' # Need to separate user volume args from system volset args if bound(_ng_vs_name) then # check if user volset name is mpexl_system_volume_set, if so ignore. if dwns(_ng_vs_name) = "mpexl_system_volume_set" or & dwns(_ng_vs_name) = "$sys" then deletevar _ng_vs_name elseif setvar(_ng_pos,pos(';files=',_ng_parms)) > 0 then # get rid of FILES= for system vol creation. setvar _ng_files word(_ng_parms,,2,,_ng_pos+6) # replace files=xx with files=0. setvar _ng_parms repl(_ng_parms,';files=!_ng_files',';files=0') else # append 'files=0' setvar _ng_parms _ng_parms + ';files=0' endif endif # see if grp.acct already exists errclear continue listgroup !_ng_grpacct;format=brief >$null if hpcierr = 0 then echo Group "!_ng_grpacct" already exists, skipping :newgroup on system & volume else # group not found, make sure grp.acct isn't a POSIX directory if finfo(_ng_px_grpacct,'exists') then # we have a directory of the same name as the target group. echo "!_ng_px_grpacct" already exists. Delete this directory and try & again # return cierr 906 -- Duplicate name in directory error deletevar _ng_@ escape 906 else # group does not exist, execute system volume version of NEWGROUP if bound(_ng_vs_name) then setvar _ng_args _ng_parms + ' ;homevs=!_ng_vs_name' else # Precedence Rule 5: # last resort: use the system volume set. # echo ![chr(27)]&dB Using system volume set setvar _ng_args _ng_parms endif echo Executing :newgroup !group !_ng_args errclear continue newgroup !group !_ng_args if hpcierr > 0 then # needed to create this group and it failed, bail. echo ERROR! :newgroup failed on SYSTEM volume set. echo No user volumeset commands were executed. deletevar _ng_@ escape endif udcvollog !_ng_log, NEWGROUP !group !_ng_args endif endif if bound(_ng_vs_name) then # make sure the acct exists on the user volset errclear continue report dummy.!_ng_acct;onvs=!_ng_vs_name >$null if cierror <> 908 and cierror <> 0 then # 908 is non-existent group which is expected (unless 'dummy' exists) # problem: volset not mounted or acct doesn't exist on volset !_ng_verbose :report dummy.!_ng_acct;onvs=!_ng_vs_name if cierror = 909 then # "non-existent account" on volset echo Account "!_ng_acct" doesn't exist on the "!_ng_vs_name" & volumeset. # try to create the corresponding acct on the user volset if not _ng_SM then echo You need SM capability to create this account. deletevar _ng_@ return endif # set default acct user name and files= limit setvar _ng_user "MGR" setvar _ng_disk_lim "" if _ng_prompt then # prompt for the user (AM) and files= limit input _ng_disk_lim," Enter FILES= (disc limit) for !_ng_vs_name: " input _ng_user, " Enter username (acct mgr) for !_ng_vs_name: " # prompt to create the new account echo Execute ":newacct !_ng_acct,!_ng_user;files=!_ng_disk_lim;& onvs=!_ng_vs_name" if setvar(_ng_reply,dwns(lft(input(" Yes or No? "),1))) = 'n' or & _ng_reply = '' then echo Account not created on user volume set, thus group cannot & be created there deletevar _ng_@ return endif endif # have a yes reply or in batch so create the acct on the user volset errclear continue newacct !_ng_acct,!_ng_user;files=!_ng_disk_lim;onvs=!_ng_vs_name ## the above newacct command is the real command, not the UDC. If ## it were the newacct UDC we would not need to log below. if hpcierr > 0 then echo ERROR! :newacct failed on "!_ng_vs_name" volume set. deletevar _ng_@ escape 908 endif udcvollog !_ng_log, NEWACCT !_ng_acct,!_ng_user;files=!_ng_disk_lim & ;onvs=!_ng_vs_name else # above :report command failed with an error other than 908 if cierror = 1108 then echo Mount "!_ng_vs_name" and try again. else echo Unexpected :report error !cierror: echo !hpcierrmsg endif echo Group not created on "!_ng_vs_name" volumeset deletevar _ng_@ escape !hpcierr endif endif # execute user volume version of NEWGROUP echo Executing :newgroup !group ;onvs=!_ng_vs_name;files=!_ng_files errclear continue newgroup !group ;onvs=!_ng_vs_name;files=!_ng_files if hpcierr > 0 then echo ERROR! :newgroup failed on "!_ng_vs_name" volume set. deletevar _ng_@ escape !hpcierr endif udcvollog !_ng_log, NEWGROUP !group ;onvs=!_ng_vs_name;files=!_ng_files endif # Cleanup deletevar _ng_@ return Version History(YYMMDD): 05/07/26 JV B.07 added logging to /tmp/UDCVOL/log, ;pass=*, min length password like newacct, and _uservol_forceSM env variable. 04/01/28 JV B.06 support for $SYS volume set name abbreviation. 99/10/19 JV B.05 support pass-thru so that UDC is skipped in certain environments (like jobs). Deleted support of JCWs TRUE/FALSE. CI used to bypass MPEX. 98/11/21 JV B.04 only call ACCTVS once since it now handles grp.acct or acct-only argument; makes for one pass thru the config file. 98/11/05 JV B.03 set cierror to 906 when group on sysvol already exists for BULDACCT compatibility. 98/10/23 JV B.02 handle case where user has TRUE/FALSE defined as JCWs. 98/09/14 JV B.01 removed 5.5 workarounds for dynamic comments in while loops. Don't prompt to append user-entered volset to config file if file does not exist. This is a 6.0-only version. 98/07/02 JV A.06 "" reply to volume set prompt uses system volset as default rather than quitting. 98/06/22 JV A.05 Fixed bug with ;files= ;onvs= ;homevs= as the last token. 98/04/09 JV A.04 error reporting if :newgroup/acct fails. 98/03/27 JV remove ability to append grp.acct entries to acctuvol. quits volset name prompt rather than implying system vol. Need SM to append prompted volset and acct entry to acctuvol. 98/03/14 JV create acct on volset if not there. 98/03/12 JV A.03 allow volset prompted for to be appended to acctuvol file. created appuvol UDC. 98/03/04 JV A.02 added volset prompting. 98/02/27 JV A.01 initial version created by Jeff Vance, HP-CSY. End of NEWGROUP UDC *** ************* NEWUSER user ANYPARM parm_list=![''] #OPTION nohelp # Version A.01 # This UDC is a substitute for the MPE NEWUSER command. # # This UDC may not work well in all environments, and was developed primarily # for interactive users. Thus, the UDC can "pass thru" the command string # to the real NEWUSER command by setting the _USERVOL_SKIP variable. More # details on the _USERVOL_SKIP variable can be read below. # # A log file ("/tmp/UDCVOL/log") is used to track the creation and modification # of all users, accounts, and groups. Write access to this file is required. # The log location is controlled via the _USERVOL_LOGFILE environment variable, # which if set to "" suppresses logging. # # If PASS= is specified a minimum length is enforced. Also "*" as a password # value means that a random password will be automatically generated. Minimum # password lengths are controlled by the _USERVOL_PASS_MINLEN variable. # # Influencing CI Variables: # _USERVOL_SKIP. This CI variable controls whether or not the UDC actually # executes or simply passes through to the real command. Possible values: # JOB -- meaning skip the UDC if executed in a job # UDC -- meaning skip the UDC if executed from within another UDC # PGM -- meaning skip the UDC if executed programmatically. # Combinations of the above values are permitted. The default is # "JOB UDC PGM", meaning that the NEWUSER UDC will pass-thru to the real # newuser command when invoked from a job, from a UDC/script or # programmatically. # # _USERVOL_PROMPT. This CI variable controls whether or not the user is # prompted for a password, if none is supplied. # # _USERVOL_LOGFILE. This CI variable defines the name of the world writeable # log file. The default is /tmp/UDCVOL/log. # # _USERVOL_PASS_MINLEN. This CI variable defines the minimum acceptable # character length for a password. This minimum is enforced for PASS=value # in the command line and for user entered and randomly generated # # _USERVOL_VERBOSE. This CI variable sets the script into verbose mode, # which writes some diagnostic information to $stdlist. The default is # FALSE which reduces output. Set the variable to TRUE to get more # informational messages. errclear # downshift and deblank parameter list setvar _nu_parms dwns('!parm_list') if _nu_parms <> '' then setvar _nu_parms ';' + repl(_nu_parms,' ','') endif # special 'escape' for MPEX until further notice... if bound(insideMPEX) and insideMPEX = 1 then # run CI to execute the UDC to avoid some problems in MPEX. xeq ci.pub.sys;info='newuser !user !_nu_parms';parm=3 deletevar _nu_@ return endif # *** Begin customize with CI variables *** # ** _USERVOL_LOGFILE ** setvar _nu_log '/tmp/UDCVOL/log' if bound(_USERVOL_LOGFILE) then if typeof(_uservol_logfile) <> 2 then echo _USERVOL_LOGFILE CI variable must be a string filename value. echo "!_nu_log" is assumed. else setvar _nu_log _uservol_logfile endif endif # ** _USERVOL_VERBOSE ** setvar _nu_verbose '#' if bound(_USERVOL_VERBOSE) then if typeof(_uservol_verbose) <> 3 then echo _USERVOL_VERBOSE CI variable must be boolean TRUE or FALSE. echo FALSE is assumed. elseif _uservol_verbose then setvar _nu_verbose 'echo' endif endif # ** _USERVOL_SKIP ** SKIPTEST if hpcierr = 1 then # bypass this UDC! !_nu_verbose Pass-thru directly to NEWUSER command... errclear continue newuser !user !_nu_parms if hpcierr > 0 then # CI errors are positive, warnings are negative escape !hpcierr endif udcvollog !_nu_log, NEWUSER !user !_nu_parms deletevar _nu_@ return endif # ** _USERVOL_PROMPT ** setvar _nu_prompt true if bound(_USERVOL_PROMPT) then if typeof(_uservol_prompt) <> 3 then echo _USERVOL_PROMPT CI variable must be boolean TRUE or FALSE. echo TRUE is assumed and volumeset prompting may occur. else setvar _nu_prompt _uservol_prompt endif endif setvar _nu_prompt _nu_prompt and hpinteractive # ** _USERVOL_PASS_MINLEN ** setvar _nu_minpasslen 5 if bound(_USERVOL_PASS_MINLEN) then if typeof(_uservol_pass_minlen) <> 1 then echo _USERVOL_PASS_MINLEN CI variable must an integer between 1 and 8. echo 5 is the default password length. elseif _uservol_pass_minlen < 1 or _uservol_pass_minlen > 8 then echo _USERVOL_PASS_MINLEN must be in the range 1..8 -- 5 is default. else setvar _nu_minpasslen _uservol_pass_minlen endif endif # *** End customize with CI variables *** # user password must be at least _uservol_pass_minlen length, if used if setvar(_nu_pos,pos(';pass=',_nu_parms)) > 0 and & setvar(_nu_pass,word(_nu_parms,,2,,_nu_pos+5)) <> "" then # pass=value specified. setvar _nu_parms repl(_nu_parms,';pass=!_nu_pass','') if _nu_pass = "*" then # generate a pseudo random password echo A random account password was assigned. RANDNAME _nu_pass !_nu_minpasslen elseif len(_nu_pass) < _nu_minpasslen or len(_nu_pass) > 8 then echo Password must be between !_nu_minpasslen and 8 characters. PASSPROMPT _nu_pass, !_nu_minpasslen,, !_nu_prompt & "Enter the user password (* for random): " endif setvar _nu_parms _nu_parms + ';pass=!_nu_pass' endif # execute the real newuser command errclear continue newuser !user !_nu_parms if hpcierr <= 0 then udcvollog !_nu_log, NEWUSER !user !_nu_parms endif # Cleanup deletevar _nu_@ return Version History(YYMMDD): 05/07/26 JV A.01 Initial version created by Jeff Vance, HP-CSY. End of NEWUSER UDC *** ************* PURGEACCT PARM acct ANYPARM parm_list=![''] #OPTION nohelp # Version A.06 # This UDC is a substitute for the MPE PURGEACCT command. It typically deletes # an account on user volume set and on the system volume set via two :purgeacct # commands. It supports all :purgeacct parameters but does not require the # user to specify a user volume set name (onvs=). # # This UDC may not work well in all environments, and was developed primarily # for interactive users. Thus, the UDC can "pass thru" the command string # to the real PURGEACCT command by setting the _USERVOL_SKIP variable. More # details on the _USERVOL_SKIP variable can be read below. # # A log file ("/tmp/UDCVOL/log") is used to track the creation and modification # of all users, accounts, and groups. Write access to this file is required. # The log location is controlled via the _USERVOL_LOGFILE environment variable, # which if set to "" suppresses logging. # # If onvs= is specified then a single purgeacct of the account name on that # volume set is performed -- just like the MPE :purgeacct command. # # If no volume set name is specified then the volume set homed to by each # group in the specified account is retrieved. Each account in each unique # non-system volume sets is purged. # # The user has several choices: she can view all the volume sets that have the # same account name, she can ask for confirmation prior to deleting an account, # she can silently purge the account in each qualifying volume set, or she can # quit. # # Note: the account name cannot be wildcarded (yet). # # Influencing CI Variables: # _USERVOL_SKIP. This CI variable controls whether or not the UDC actually # executes or simply passes through to the real command. Possible values: # JOB -- meaning skip the UDC if executed in a job # UDC -- meaning skip the UDC if executed from within another UDC # PGM -- meaning skip the UDC if executed programmatically. # Combinations of the above values are permitted. The default is # "JOB UDC PGM", meaning that the PURGEACCT UDC will pass-thru to the real # purgeacct command when invoked from a job, from a UDC/script or # programmatically. # # _USERVOL_LOGFILE. This CI variable defines the name of the world writeable # log file. The default is /tmp/UDCVOL/log. # # _USERVOL_PROMPT. This CI variable control whether or not the user is # prompted for choices if one or more unique user volume sets are # associated with the target account. Setting this variable FALSE # suppresses the prompt and thus the associated accounts will be silently # deleted. TRUE is the default. # # _USERVOL_VERBOSE. This CI variable sets the script into verbose mode, # which writes some diagnostic information to $stdlist. The default is # FALSE which reduces output. Set the variable to TRUE to get more # informational messages. # downshift and deblank parameter list setvar _pa_parms dwns('!parm_list') if _pa_parms <> '' then setvar _pa_parms ';' + repl(_pa_parms,' ','') endif # special 'escape' for MPEX until further notice... if bound(insideMPEX) and insideMPEX = 1 then # run CI to execute the UDC to avoid some problems in MPEX. xeq ci.pub.sys;info='purgeacct !acct !_pa_parms';parm=3 deletevar _pa_@ return endif if _pa_parms = '' or setvar(_pa_pos,pos(';entry=',_pa_parms)) = 0 then # main entry errclear if pos('SM',hpusercapf) = 0 then echo You need SM capability to execute PURGEACCT deletevar _pa_@ return endif if '!acct' = '@' then echo Don't even try to purge all accounts! deletevar _pa_@ return endif # Customize with _USERVOL_@ CI variables if present # ** _USERVOL_LOGFILE ** setvar _pa_log '/tmp/UDCVOL/log' if bound(_USERVOL_LOGFILE) then if typeof(_uservol_logfile) <> 2 then echo _USERVOL_LOGFILE CI variable must be a string filename value. echo "!_pa_log" is assumed. else setvar _pa_log _uservol_logfile endif endif # ** _USERVOL_VERBOSE ** setvar _pa_verbose '#' if bound(_USERVOL_VERBOSE) then if typeof(_uservol_verbose) <> 3 then echo _USERVOL_VERBOSE CI variable must be boolean TRUE or FALSE. echo FALSE is assumed. elseif _uservol_verbose then setvar _pa_verbose 'echo' endif endif # ** _USERVOL_SKIP ** SKIPTEST if hpcierr = 1 then # bypass this UDC! !_pa_verbose Pass-thru directly to PURGEACCT command... errclear continue purgeacct !acct !_pa_parms if hpcierr > 0 then # CI errors are positive, warnings are negative escape !hpcierr endif udcvollog !_pa_log, PURGEACCT !acct !_pa_parms deletevar _pa_@ return endif # ** _USERVOL_PROMPT ** setvar _pa_prompt true if bound(_USERVOL_PROMPT) then if typeof(_uservol_prompt) <> 3 then echo _USERVOL_PROMPT CI variable must be boolean TRUE or FALSE. echo TRUE is assumed and prompting may occur. else setvar _pa_prompt _uservol_prompt endif endif setvar _pa_prompt _pa_prompt and hpinteractive # *** End customize with CI variables *** setvar _pa_acct ups('!acct') # if onvs= is specified then just purge the acct on this volset only if setvar(_pa_pos,pos(';onvs=',_pa_parms)) > 0 then # capture the volset name setvar _pa_vs word(_pa_parms,,,,_pa_pos+6) !_pa_verbose Only account !_pa_acct on volumeset !_pa_vs will be purged errclear continue purgeacct !_pa_acct !_pa_parms if hpcierr <= 0 then udcvollog !_pa_log, PURGEACCT !_pa_acct !_pa_parms endif deletevar _pa_@ return endif # since onvs= was not specified we may need to purge multiple accts on # multiple volumesets # before doing the listfile below ensure there are no wildcards in the acct if delimpos(_pa_acct,'@?#[') > 0 then echo Account "!_pa_acct" contains wildcards which are not yet supported deletevar _pa_@ return endif # verify that we have one or more accounts errclear continue listacct !_pa_acct;format=brief >$null if hpcierr <> 0 then echo !hpcierrmsg deletevar _pa_@ escape !hpcierr endif # find all groups in these accounts and their volsets. NOTE: groups homed # to user volsets that are not mounted are not listed by :listfile! continue listfile /!_pa_acct/@,6;seleq=[object=group] >patmp if hpcierr > 0 then echo LISTFILE of all groups under "!_pa_acct" failed. print patmp deletevar _pa_@ escape !hpcierr elseif hpcierr = -190 then # No files match SELEQ for "!". (CIWARN 190) # So we have an account(s) but no groups...create empty patmp temp file purge patmp;temp build patmp;temp endif # Construct an array containing each *unique* user volumeset for this acct # The array name is _pa_vs. _pa_vs0 is the number of elements in the # array. _pa_vs1 is the first element, _pa_vs2 is the second, etc. option recursion PURGEACCT !_pa_acct entry=alt_findvs payes setvar _pa_yes '$null' # now purge the account on each volumeset setvar _pa_purgevs_cnt 0 setvar _pa_i 0 while setvar(_pa_i,_pa_i+1) <= _pa_vs0 do setvar _pa_name _pa_vs!_pa_i if _pa_confirm_ea and setvar(_pa_reply,dwns(lft(ltrim(input(& ' :Purgeacct !_pa_acct;onvs=!_pa_name [Y,N,Quit]? ')),1))) = 'q' then deletevar _pa_@ return elseif _pa_confirm_ea and _pa_reply <> 'y' then !_pa_verbose ...skipping !_pa_name volumeset... else # no confirmation requested or 'yes' to purge acct on this volset !_pa_verbose Executing :purgeacct !_pa_acct; onvs=!_pa_name errclear continue purgeacct !_pa_acct; onvs=!_pa_name !_pa_yes if cierror = 0 then setvar _pa_purgevs_cnt _pa_purgevs_cnt + 1 udcvollog !_pa_log, PURGEACCT !_pa_acct; onvs=!_pa_name else if not _pa_confirm_ea then echo !_pa_acct on !_pa_name volume set endif echo !hpcierrmsg endif endif endwhile !_pa_verbose !_pa_purgevs_cnt out of !_pa_vs0 user volumes purged if _pa_vs0 > 0 then echo echo "!_pa_acct" purged from !_pa_purgevs_cnt user volume sets echo if _pa_purgevs_cnt <> _pa_vs0 then # at least 1 user vol and not all were purged echo Skipping purge of "!_pa_acct" on system volume since & ![_pa_vs0 - _pa_purgevs_cnt] user volumes were not purged. deletevar _pa_@ return endif endif echo Executing :purgeacct !_pa_acct on the system volume # confirm purge for system volset? setvar _pa_reply 'y' if _pa_confirm_ea and _pa_vs0 <> 1 then # if 1 user volset found then user has already been prompted. # if zero user volsets found then user has not yet been prompted. # if > 1 user volsets found then user has seen full dialog and has # selected 'confirm all'. So prompt to confirm sys volset purge. setvar _pa_reply & dwns(lft(ltrim(input(' :Purgeacct !_pa_acct [Y,N,Quit]? ')),1)) endif if _pa_reply = 'y' then # purge the acct from the system volumeset errclear continue purgeacct !_pa_acct !_pa_yes if cierror = 0 then echo Account "!_pa_acct" purged from the system volume set udcvollog !_pa_log, PURGEACCT !_pa_acct else echo !hpcierrmsg escape !hpcierr endif endif deletevar _pa_@ return else # all alternate entry points for UDC setvar _pa_entry word(_pa_parms,,,,_pa_pos+7) # case entryname of... if _pa_entry = 'alt_findvs' then # Read stdin file and determine if the /ACCT/GROUP is homed to a user # volset. NOTE: LISFILE /ACCT/,6 will *not* find groups homed to a user # volset that is not mounted, so those are automatically filtered out. # Input redirected from listfile,6. Construct the _pa_vs "array" for # each group in acct on a *unique* user volset. setvar _pa_eof finfo(hpstdin,'eof') !_pa_verbose checking volume sets for !_pa_eof groups in !_pa_acct setvar _pa_i 0 while setvar(_pa_eof,_pa_eof-1) >= 0 do if setvar(_pa_name,finfo(input(),'volume set name')) <> & 'MPEXL_SYSTEM_VOLUME_SET' then # group is homed to a user volset, make sure this volumeset has not # already been seen before adding it to the _pa_vs array setvar _pa_j _pa_i+1 while setvar(_pa_j,_pa_j-1) > 0 do if _pa_vs!_pa_j = _pa_name then # get out of loop setvar_pa_j -1 endif endwhile if _pa_j = 0 then # no match so add volumeset to _pa_vs array setvar _pa_vs![setvar(_pa_i,_pa_i+1)] _pa_name endif endif endwhile # finished reading listfile,6 group names # remember the number of elements in the _pa_vs array setvar _pa_vs0 _pa_i return # elseif _pa_entry = 'alt_xxx' then # # return endif endif return # # PURGEACCT technical comments: - option norecursion is used to allow the real :purgeacct command to be executed. Option recursion is necessary for this UDC to be able to invoke itself recursively to create alternate entry points. - entry points are a bit different than for the typical script due to the anyparm argument. The keyword ";entry=" is parsed out of the anyparm parm to distinguish the main entry versus an alternate entry. Today the UDC has only one alternate entry, but the structure is in place for multiple alternate entries. Version History (YYMMDD): 05/07/26 JV A.06 added logging to /tmp/UDCVOL/log. 99/10/19 JV A.05 support pass-thru so that UDC is skipped in certain environments (like jobs). Also added some :escapes to improve error handling. CI used to bypass MPEX. 98/11/24 JV A.04 Enhanced so only 1 purge confirmation prompt is needed. 98/11/22 JV A.03 Fixed bug where jobs were prompted to confirm the purge. 98/07/09 JV A.02 Fixed bug for accts with no groups. 98/04/28 JV A.01 Initial version written by Jeff Vance, CSY. End of PURGEACCT UDC *** ************* PURGEGROUP PARM group ANYPARM parm_list=![''] #OPTION nohelp # Version A.05 # This UDC is a substitute for the MPE PURGEGROUP command. It typically deletes # a group on a user volume set and on the system volume set via two :PURGEGROUP # commands. It supports all :PURGEGROUP parameters but does not require the # user to specify a user volume set name (onvs=). # # This UDC may not work well in all environments, and was developed primarily # for interactive users. Thus, the UDC can "pass thru" the command string # to the real PURGEGROUP command by setting the _USERVOL_SKIP variable. More # details on the _USERVOL_SKIP variable can be read below. # # A log file ("/tmp/UDCVOL/log") is used to track the creation and modification # of all users, accounts, and groups. Write access to this file is required. # The log location is controlled via the _USERVOL_LOGFILE environment variable, # which if set to "" suppresses logging. # # If onvs= is specified then a single PURGEGROUP of the group name on that # volume set is performed -- just like the MPE :PURGEGROUP command. # # If no volume set name is specified then the volume set homed to by # "group" is deleted, followed by "group" on the system volume set. # # Note: the group name can be wildcarded. # # Influencing CI Variables: # _USERVOL_SKIP. This CI variable controls whether or not the UDC actually # executes or simply passes through to the real command. Possible values: # JOB -- meaning skip the UDC if executed in a job # UDC -- meaning skip the UDC if executed from within another UDC # PGM -- meaning skip the UDC if executed programmatically. # Combinations of the above values are permitted. The default is # "JOB UDC PGM", meaning the PURGEGROUP UDC will pass-thru to the real # purgegroup command when invoked from a job, from a UDC/script or # programmatically. # # _USERVOL_LOGFILE. This CI variable defines the name of the world writeable # log file. The default is /tmp/UDCVOL/log. # # _USERVOL_PROMPT. This CI variable control whether or not the user is # prompted for choices if one or more unique user volume sets are # associated with the target group. Setting this variable FALSE # suppresses the prompt and thus the associated groups will be silently # deleted. TRUE is the default. # # _USERVOL_VERBOSE. This CI variable sets the script into verbose mode, # which writes some diagnostic information to $stdlist. The default is # FALSE which reduces output. Set the variable to TRUE to get more # informational messages. # # downshift and deblank parameter list setvar _pg_parms dwns('!parm_list') if _pg_parms <> '' then setvar _pg_parms ';' + repl(_pg_parms,' ','') endif # special 'escape' for MPEX until further notice... if bound(insideMPEX) and insideMPEX = 1 then # run CI to execute the UDC to avoid some problems in MPEX. xeq ci.pub.sys;info='purgegroup !group !_pg_parms';parm=3 deletevar _pg_@ return endif if _pg_parms = '' or setvar(_pg_pos,pos(';entry=',_pg_parms)) = 0 then # main entry errclear setvar _pg_SM (pos('SM',hpusercapf) > 0) if not _pg_SM and pos('AM',hpusercapf) = 0 then echo You need SM or AM capability to execute PURGEGROUP deletevar _pg_@ return endif # Customize with _USERVOL_@ CI variables if present # ** _USERVOL_LOGFILE ** setvar _pg_log '/tmp/UDCVOL/log' if bound(_USERVOL_LOGFILE) then if typeof(_uservol_logfile) <> 2 then echo _USERVOL_LOGFILE CI variable must be a string filename value. echo "!_pg_log" is assumed. else setvar _pg_log _uservol_logfile endif endif # ** _USERVOL_VERBOSE ** setvar _pg_verbose '#' if bound(_USERVOL_VERBOSE) then if typeof(_uservol_verbose) <> 3 then echo _USERVOL_VERBOSE CI variable must be boolean TRUE or FALSE. echo FALSE is assumed. elseif _uservol_verbose then setvar _pg_verbose 'echo' endif endif # ** _USERVOL_SKIP ** SKIPTEST if hpcierr = 1 then # bypass this UDC! !_pg_verbose Pass-thru directly to PURGEGROUP command... errclear continue purgegroup !group !_pg_parms if hpcierr > 0 then # CI errors are positive, warnings are negative escape !hpcierr endif udcvollog !_pg_log, PURGEGROUP !group !_pg_parms deletevar _pg_@ return endif # ** _USERVOL_PROMPT ** setvar _pg_prompt true if bound(_USERVOL_PROMPT) then if typeof(_uservol_prompt) <> 3 then echo _USERVOL_PROMPT CI variable must be boolean TRUE or FALSE. echo TRUE is assumed and prompting may occur. else setvar _pg_prompt _uservol_prompt endif endif setvar _pg_prompt _pg_prompt and hpinteractive # *** End customize with CI variables *** setvar _pg_grpacct ups('!group') setvar _pg_acct word(_pg_grpacct,'.',2) if _pg_acct = '' then setvar _pg_acct hpaccount setvar _pg_grpacct _pg_grpacct+'.'+_pg_acct endif if _pg_acct <> hpaccount and not _pg_SM then echo You need SM capability to purge a group in another account. deletevar _pg_@ return endif # disallow '@' for acct name if _pg_acct = '@' then echo Cannot purge groups from all accounts deletevar _pg_@ return endif # if onvs= is specified then just purge the group(s) on this volset only if setvar(_pg_pos,pos(';onvs=',_pg_parms)) > 0 then # capture the volset name setvar _pg_onvs ups(word(_pg_parms,,2,,_pg_pos+5)) if _pg_onvs = '' then deletevar _pg_onvs else !_pg_verbose Only groups on volumeset !_pg_onvs will be purged endif endif errclear continue listgroup !_pg_grpacct;format=brief >pgtmp if hpcierr <> 0 then print pgtmp deletevar _pg_@ escape !hpcierr endif setvar _pg_eof finfo('pgtmp','eof') # default is to confirm purge for session if only 1 group matches setvar _pg_confirm_ea _pg_prompt !_pg_verbose !_pg_eof groups match "!_pg_grpacct" if _pg_eof > 1 and _pg_prompt echo !_pg_eof groups in the system volume set match your selection. echo Groups on user volume sets will be also be purged. setvar _pg_reply '' while _pg_reply = '' do echo echo You may [Q]uit, echo [C]onfirm before purging each group, echo [S]ilently purge each group. echo setvar _pg_reply dwns(lft(ltrim(input(' Choice [Q,C,S]? ')),1)) if _pg_reply = 'q' then deletevar _pg_@ return elseif _pg_reply = 'c' then setvar _pg_confirm_ea true elseif _pg_reply = 's' then setvar _pg_confirm_ea false else echo Unexpected reply of "!_pg_reply". Expected Q, C or S. setvar _pg_reply '' endif endwhile endif # build a temp file containing 'yes' for the PURGEGROUP command. echo Y >pgyes setvar _pg_yes '$null' # now purge each group, handling user volume sets too, by recursively # invoking the purgegroup UDC. option recursion continue PURGEGROUP !_pg_grpacct entry=alt_findvs = 0 do setvar _pg_name rtrim(input()) # Confirm each purge? setvar _pg_reply 'y' if _pg_confirm_ea then input _pg_reply, & "Purgegroup !_pg_name ([Q]uit,[Y]es,[No])? " <*pgtermin if setvar(_pg_reply,dwns(lft(ltrim(_pg_reply),1))) = 'q' then return endif endif if _pg_reply = 'y' then # use care with finfo since if the group has a home volset but if # the volset is not mounted finfo will fail and abort the script. # note: need to convert grp.acct name to /acct/grp errclear continue setvar _pg_vs & finfo("/"+word(_pg_name,'.',2)+"/"+word(_pg_name,'.'), & 'volume set name') if hpcierr > 0 then # finfo failed! echo Error above is not a UDC bug, it is an anticipated problem. echo Volume set for group !_pg_name is probably not mounted. listgroup !_pg_name echo elseif _pg_vs <> 'MPEXL_SYSTEM_VOLUME_SET' then # group is homed to a user volset !_pg_verbose "!_pg_name" homed to "!_pg_vs" if not bound(_pg_onvs) or pmatch(_pg_onvs,_pg_vs) then echo Purging group "!_pg_name" from "!_pg_vs" volumeset errclear continue purgegroup !_pg_name;onvs=!_pg_vs !_pg_yes if cierror = 0 then setvar _pg_vs_cnt _pg_vs_cnt + 1 udcvollog !_pg_log, PURGEGROUP !_pg_name;onvs=!_pg_vs else echo :purgegroup !_pg_name;onvs=!_pg_vs FAILED! echo !hpcierrmsg endif else !_pg_verbose Group !_pg_name on volset !_pg_vs does not & match ONVS=!_pg_onvs endif endif endif if _pg_reply = 'y' and not bound(_pg_onvs) then # purge the group from the system volume set !_pg_verbose Purging group "!_pg_name" from system volume set errclear continue purgegroup !_pg_name !_pg_yes if cierror = 0 then setvar _pg_sys_cnt _pg_sys_cnt + 1 udcvollog !_pg_log, PURGEGROUP !_pg_name else echo :purgegroup !_pg_name FAILED on system volume! echo !hpcierrmsg endif endif endwhile if _pg_confirm_ea then reset pgtermin endif echo Groups purged from system volumeset: !_pg_sys_cnt echo Groups purged from user volumesets : !_pg_vs_cnt return # elseif _pg_entry = 'alt_xxx' then # # return endif endif return # # PURGEGROUP technical comments: - option norecursion is used to allow the real :PURGEGROUP command to be executed. option recursion is necessary for this UDC to be able to invoke itself recursively to create alternate entry points. - entry points are a bit different than for the typical script due to the anyparm argument. The keyword ";entry=" is parsed out of the anyparm parm to distinguish the main entry versus an alternate entry. Today the UDC has only one alternate entry, but the structure is in place for multiple alternate entries. Version History (YYMMDD): 05/07/26 JV A.05 added logging to /tmp/UDCVOL/log. 99/10/19 JV A.04 support pass-thru so that UDC is skipped in certain environments (like jobs). Also added some escapes to improve error handling. CI used to bypass MPEX. 98/11/21 JV A.03 fixed bug where "purge y/n" prompt was skipped for a single group. 98/07/10 JV A.02 fixed problem when finfo used to get homevs and vs is not mounted. 98/06/29 JV A.01 Initial version written by Jeff Vance, CSY. End of PURGEGROUP UDC *** ************* PURGEUSER user #OPTION nohelp # Version A.01 # This UDC is a substitute for the MPE PURGEUSER command. # # This UDC may not work well in all environments, and was developed primarily # for interactive users. Thus, the UDC can "pass thru" the command string # to the real PURGEUSER command by setting the _USERVOL_SKIP variable. More # details on the _USERVOL_SKIP variable can be read below. # # A log file ("/tmp/UDCVOL/log") is used to track the creation and modification # of all users, accounts, and groups. Write access to this file is required. # The log location is controlled via the _USERVOL_LOGFILE environment variable, # which if set to "" suppresses logging. # # Influencing CI Variables: # _USERVOL_SKIP. This CI variable controls whether or not the UDC actually # executes or simply passes through to the real command. Possible values: # JOB -- meaning skip the UDC if executed in a job # UDC -- meaning skip the UDC if executed from within another UDC # PGM -- meaning skip the UDC if executed programmatically. # Combinations of the above values are permitted. The default is # "JOB UDC PGM", meaning that the PURGEUSER UDC will pass-thru to the real # purgeuser command when invoked from a job, from a UDC/script or # programmatically. # # _USERVOL_PROMPT. This CI variable controls whether or not the user is # prompted. # # _USERVOL_LOGFILE. This CI variable defines the name of the world writeable # log file. The default is /tmp/UDCVOL/log. # # _USERVOL_VERBOSE. This CI variable sets the script into verbose mode, # which writes some diagnostic information to $stdlist. The default is # FALSE which reduces output. Set the variable to TRUE to get more # informational messages. errclear # special 'escape' for MPEX until further notice... if bound(insideMPEX) and insideMPEX = 1 then # run CI to execute the UDC to avoid some problems in MPEX. xeq ci.pub.sys;info='purgeuser !user';parm=3 return endif # *** Begin customize with CI variables *** # ** _USERVOL_LOGFILE ** setvar _pu_log '/tmp/UDCVOL/log' if bound(_USERVOL_LOGFILE) then if typeof(_uservol_logfile) <> 2 then echo _USERVOL_LOGFILE CI variable must be a string filename value. echo "!_pu_log" is assumed. else setvar _pu_log _uservol_logfile endif endif # ** _USERVOL_VERBOSE ** setvar _pu_verbose '#' if bound(_USERVOL_VERBOSE) then if typeof(_uservol_verbose) <> 3 then echo _USERVOL_VERBOSE CI variable must be boolean TRUE or FALSE. echo FALSE is assumed. elseif _uservol_verbose then setvar _pu_verbose 'echo' endif endif # ** _USERVOL_SKIP ** SKIPTEST if hpcierr = 1 then # bypass this UDC! !_pu_verbose Pass-thru directly to PURGEUSER command... errclear continue purgeuser !user if hpcierr > 0 then # CI errors are positive, warnings are negative escape !hpcierr endif udcvollog !_pu_log, PURGEUSER !user deletevar _pu_@ return endif # ** _USERVOL_PROMPT ** setvar _pu_prompt true if bound(_USERVOL_PROMPT) then if typeof(_uservol_prompt) <> 3 then echo _USERVOL_PROMPT CI variable must be boolean TRUE or FALSE. echo TRUE is assumed and volumeset prompting may occur. else setvar _pu_prompt _uservol_prompt endif endif setvar _pu_prompt _pu_prompt and hpinteractive # *** End customize with CI variables *** setvar _pu_parm '' if not _pu_prompt then # build a temp file containing 'y' echo Y >puyes setvar _pu_parm ' '' then setvar _aa_parms ';' + repl(_aa_parms,' ','') endif # special 'escape' for MPEX until further notice... if bound(insideMPEX) and insideMPEX = 1 then # run CI to execute the UDC to avoid some problems in MPEX. xeq ci.pub.sys;info='altacct !acct !_aa_parms';parm=3 deletevar _aa_@ return endif # *** Begin customize with CI variables *** # ** _USERVOL_LOGFILE ** setvar _aa_log '/tmp/UDCVOL/log' if bound(_USERVOL_LOGFILE) then if typeof(_uservol_logfile) <> 2 then echo _USERVOL_LOGFILE CI variable must be a string filename value. echo "!_aa_log" is assumed. else setvar _aa_log _uservol_logfile endif endif # ** _USERVOL_VERBOSE ** setvar _aa_verbose '#' if bound(_USERVOL_VERBOSE) then if typeof(_uservol_verbose) <> 3 then echo _USERVOL_VERBOSE CI variable must be boolean TRUE or FALSE. echo FALSE is assumed. elseif _uservol_verbose then setvar _aa_verbose 'echo' endif endif # ** _USERVOL_SKIP ** SKIPTEST if hpcierr = 1 then # bypass this UDC! !_aa_verbose Pass-thru directly to ALTACCT command... errclear continue altacct !acct !_aa_parms if hpcierr > 0 then # CI errors are positive, warnings are negative escape !hpcierr endif udcvollog !_aa_log, ALTACCT !acct !_aa_parms deletevar _aa_@ return endif # ** _USERVOL_PASS_MINLEN ** setvar _aa_minpasslen 5 if bound(_USERVOL_PASS_MINLEN) then if typeof(_uservol_pass_minlen) <> 1 then echo _USERVOL_PASS_MINLEN CI variable must an integer between 1 and 8. echo 5 is the default password length. elseif _uservol_pass_minlen < 1 or _uservol_pass_minlen > 8 then echo _USERVOL_PASS_MINLEN must be in the range 1..8 -- 5 is default. else setvar _aa_minpasslen _uservol_pass_minlen endif endif # ** _USERVOL_PROMPT ** setvar _aa_prompt true if bound(_USERVOL_PROMPT) then if typeof(_uservol_prompt) <> 3 then echo _USERVOL_PROMPT CI variable must be boolean TRUE or FALSE. echo TRUE is assumed and volumeset prompting may occur. else setvar _aa_prompt _uservol_prompt endif endif setvar _aa_prompt _aa_prompt and hpinteractive # *** End customize with CI variables *** # acct password must be at least _uservol_pass_minlen length, if used if setvar(_aa_pos,pos(';pass=',_aa_parms)) > 0 and & setvar(_aa_pass,word(_aa_parms,,2,,_aa_pos+5)) <> "" then # pass=value specified. setvar _aa_parms repl(_aa_parms,';pass=!_aa_pass','') if _aa_pass = "*" then # generate a pseudo random password echo A random account password was assigned. RANDNAME _aa_pass !_aa_minpasslen elseif len(_aa_pass) < _aa_minpasslen or len(_aa_pass) > 8 then echo Password must be between !_aa_minpasslen and 8 characters. PASSPROMPT _aa_pass, !_aa_minpasslen,, !_aa_prompt & "Enter the user password (* for random): " endif setvar _aa_parms _aa_parms + ';pass=!_aa_pass' endif # execute the real altacct command errclear continue altacct !acct !_aa_parms if hpcierr <= 0 then udcvollog !_aa_log, ALTACCT !acct !_aa_parms endif # Cleanup deletevar _aa_@ return Version History(YYMMDD): 05/07/26 JV A.01 Initial version created by Jeff Vance, HP-CSY. End of ALTACCT UDC *** ************* ALTGROUP PARM group ANYPARM parm_list=![''] #OPTION nohelp # Version A.01 # This UDC is a substitute for the MPE ALTGROUP command. It supports all of # the :altgroup parameters. # # A log file ("/tmp/UDCVOL/log") is used to track the creation and modification # of all users, accounts, and groups. Write access to this file is required. # The log location is controlled via the _USERVOL_LOGFILE environment variable, # which if set to "" suppresses logging. # # This UDC may not work well in all environments, and was developed primarily # for interactive users. Thus, the UDC can "pass thru" the command string # to the real ALTGROUP command by setting the _USERVOL_SKIP variable. More # details on the _USERVOL_SKIP variable can be read below. # # If PASS= is specified a minimum length is enforced. Also "*" as a password # value means that a random password will be automatically generated. Minimum # password lengths are controlled by the _USERVOL_PASS_MINLEN variable. # # Influencing CI Variables: # _USERVOL_SKIP. This CI variable controls whether or not the UDC actually # executes or simply passes through to the real command. Possible values: # JOB -- meaning skip the UDC if executed in a job # UDC -- meaning skip the UDC if executed from within another UDC # PGM -- meaning skip the UDC if executed programmatically. # Combinations of the above values are permitted. The default is # "JOB UDC PGM", meaning that the ALTGROUP UDC will pass-thru to the real # altgroup command when invoked from a job, from a UDC/script or # programmatically. # # _USERVOL_LOGFILE. This CI variable defines the name of the world writeable # log file. The default is /tmp/UDCVOL/log. # # _USERVOL_PASS_MINLEN. This CI variable defines the minimum acceptable # character length for a password. This minimum is enforced for PASS=value # in the command line and for user entered and randomly generated # passwords. Default is 5 characters. # # _USERVOL_PROMPT. This CI variable controls whether or not the user is # prompted for a password. # # _USERVOL_VERBOSE. This CI variable sets the script into verbose mode, # which writes some diagnostic information to $stdlist. The default is # FALSE which reduces output. Set the variable to TRUE to get more # informational messages. errclear setvar _ag_parms dwns('!parm_list') if _ag_parms <> '' then setvar _ag_parms ';' + repl(_ag_parms,' ','') endif # special 'escape' for MPEX until further notice... if bound(insideMPEX) and insideMPEX = 1 then # run CI to execute the UDC to avoid some problems in MPEX. xeq ci.pub.sys;info='altgroup !group !_ag_parms';parm=3 deletevar _ag_@ return endif # *** Begin customize with CI variables *** # ** _USERVOL_LOGFILE ** setvar _ag_log '/tmp/UDCVOL/log' if bound(_USERVOL_LOGFILE) then if typeof(_uservol_logfile) <> 2 then echo _USERVOL_LOGFILE CI variable must be a string filename value. echo "!_ag_log" is assumed. else setvar _ag_log _uservol_logfile endif endif # ** _USERVOL_VERBOSE ** setvar _ag_verbose '#' if bound(_USERVOL_VERBOSE) then if typeof(_uservol_verbose) <> 3 then echo _USERVOL_VERBOSE CI variable must be boolean TRUE or FALSE. echo FALSE is assumed. elseif _uservol_verbose then setvar _ag_verbose 'echo' endif endif # ** _USERVOL_SKIP ** SKIPTEST if hpcierr = 1 then # bypass this UDC! !_ag_verbose Pass-thru directly to ALTGROUP command... errclear continue altgroup !group !_ag_parms if hpcierr > 0 then # CI errors are positive, warnings are negative escape !hpcierr endif udcvollog !_ag_log, ALTGROUP !group !_ag_parms deletevar _ag_@ return endif # ** _USERVOL_PASS_MINLEN ** setvar _ag_minpasslen 5 if bound(_USERVOL_PASS_MINLEN) then if typeof(_uservol_pass_minlen) <> 1 then echo _USERVOL_PASS_MINLEN CI variable must an integer between 1 and 8. echo 5 is the default password length. elseif _uservol_pass_minlen < 1 or _uservol_pass_minlen > 8 then echo _USERVOL_PASS_MINLEN must be in the range 1..8 -- 5 is default. else setvar _ag_minpasslen _uservol_pass_minlen endif endif # ** _USERVOL_PROMPT ** setvar _ag_prompt true if bound(_USERVOL_PROMPT) then if typeof(_uservol_prompt) <> 3 then echo _USERVOL_PROMPT CI variable must be boolean TRUE or FALSE. echo TRUE is assumed and volumeset prompting may occur. else setvar _ag_prompt _uservol_prompt endif endif setvar _ag_prompt _ag_prompt and hpinteractive # *** End customize with CI variables *** # group password must be at least _uservol_pass_minlen length, if used if setvar(_ag_pos,pos(';pass=',_ag_parms)) > 0 and & setvar(_ag_pass,word(_ag_parms,,2,,_ag_pos+5)) <> "" then # pass=value specified. setvar _ag_parms repl(_ag_parms,';pass=!_ag_pass','') if _ag_pass = "*" then # generate a pseudo random password echo A random account password was assigned. RANDNAME _ag_pass !_ag_minpasslen elseif len(_ag_pass) < _ag_minpasslen or len(_ag_pass) > 8 then echo Password must be between !_ag_minpasslen and 8 characters. PASSPROMPT _ag_pass, !_ag_minpasslen,, !_ag_prompt & "Enter the user password (* for random): " endif setvar _ag_parms _ag_parms + ';pass=!_ag_pass' endif # execute the real altgroup command errclear continue altgroup !group !_ag_parms if hpcierr <= 0 then udcvollog !_ag_log, ALTGROUP !group !_ag_parms endif # Cleanup deletevar _ag_@ return Version History(YYMMDD): 05/07/26 JV A.01 Initial version created by Jeff Vance, HP-CSY. End of ALTGROUP UDC *** ************* ALTUSER PARM user ANYPARM parm_list=![''] #OPTION nohelp # Version A.01 # This UDC is a substitute for the MPE ALTUSER command. It supports all of the # :altuser parameters. # # A log file ("/tmp/UDCVOL/log") is used to track the creation and modification # of all users, accounts, and groups. Write access to this file is required. # The log location is controlled via the _USERVOL_LOGFILE environment variable, # which if set to "" suppresses logging. # # This UDC may not work well in all environments, and was developed primarily # for interactive users. Thus, the UDC can "pass thru" the command string # to the real ALTUSER command by setting the _USERVOL_SKIP variable. More # details on the _USERVOL_SKIP variable can be read below. # # If PASS= is specified a minimum length is enforced. Also "*" as a password # value means that a random password will be automatically generated. Minimum # password lengths are controlled by the _USERVOL_PASS_MINLEN variable. # # Influencing CI Variables: # _USERVOL_SKIP. This CI variable controls whether or not the UDC actually # executes or simply passes through to the real command. Possible values: # JOB -- meaning skip the UDC if executed in a job # UDC -- meaning skip the UDC if executed from within another UDC # PGM -- meaning skip the UDC if executed programmatically. # Combinations of the above values are permitted. The default is # "JOB UDC PGM", meaning that the ALTGROUP UDC will pass-thru to the real # altgroup command when invoked from a job, from a UDC/script or # programmatically. # # _USERVOL_LOGFILE. This CI variable defines the name of the world writeable # log file. The default is /tmp/UDCVOL/log. # # _USERVOL_PASS_MINLEN. This CI variable defines the minimum acceptable # character length for a password. This minimum is enforced for PASS=value # in the command line and for user entered and randomly generated # passwords. Default is 5 characters. # # _USERVOL_PROMPT. This CI variable controls whether or not the user is # prompted for a password. # # _USERVOL_VERBOSE. This CI variable sets the script into verbose mode, # which writes some diagnostic information to $stdlist. The default is # FALSE which reduces output. Set the variable to TRUE to get more # informational messages. errclear setvar _au_parms dwns('!parm_list') if _au_parms <> '' then setvar _au_parms ';' + repl(_au_parms,' ','') endif # special 'escape' for MPEX until further notice... if bound(insideMPEX) and insideMPEX = 1 then # run CI to execute the UDC to avoid some problems in MPEX. xeq ci.pub.sys;info='altuser !user !_au_parms';parm=3 deletevar _au_@ return endif # *** Begin customize with CI variables *** # ** _USERVOL_LOGFILE ** setvar _au_log '/tmp/UDCVOL/log' if bound(_USERVOL_LOGFILE) then if typeof(_uservol_logfile) <> 2 then echo _USERVOL_LOGFILE CI variable must be a string filename value. echo "!_au_log" is assumed. else setvar _au_log _uservol_logfile endif endif # ** _USERVOL_VERBOSE ** setvar _au_verbose '#' if bound(_USERVOL_VERBOSE) then if typeof(_uservol_verbose) <> 3 then echo _USERVOL_VERBOSE CI variable must be boolean TRUE or FALSE. echo FALSE is assumed. elseif _uservol_verbose then setvar _au_verbose 'echo' endif endif # ** _USERVOL_SKIP ** SKIPTEST if hpcierr = 1 then # bypass this UDC! !_au_verbose Pass-thru directly to ALTUSER command... errclear continue altuser !user !_au_parms if hpcierr > 0 then # CI errors are positive, warnings are negative escape !hpcierr endif udcvollog !_au_log, ALTUSER !user !_au_parms deletevar _au_@ return endif # ** _USERVOL_PASS_MINLEN ** setvar _au_minpasslen 5 if bound(_USERVOL_PASS_MINLEN) then if typeof(_uservol_pass_minlen) <> 1 then echo _USERVOL_PASS_MINLEN CI variable must an integer between 1 and 8. echo 5 is the default password length. elseif _uservol_pass_minlen < 1 or _uservol_pass_minlen > 8 then echo _USERVOL_PASS_MINLEN must be in the range 1..8 -- 5 is default. else setvar _au_minpasslen _uservol_pass_minlen endif endif # ** _USERVOL_PROMPT ** setvar _au_prompt true if bound(_USERVOL_PROMPT) then if typeof(_uservol_prompt) <> 3 then echo _USERVOL_PROMPT CI variable must be boolean TRUE or FALSE. echo TRUE is assumed and volumeset prompting may occur. else setvar _au_prompt _uservol_prompt endif endif setvar _au_prompt _au_prompt and hpinteractive # *** End customize with CI variables *** # user password must be at least _uservol_pass_minlen length, if used if setvar(_au_pos,pos(';pass=',_au_parms)) > 0 and & setvar(_au_pass,word(_au_parms,,2,,_au_pos+5)) <> "" then # pass=value specified. setvar _au_parms repl(_au_parms,';pass=!_au_pass','') if _au_pass = "*" then # generate a pseudo random password echo A random account password was assigned. RANDNAME _au_pass !_au_minpasslen elseif len(_au_pass) < _au_minpasslen or len(_au_pass) > 8 then echo Password must be between !_au_minpasslen and 8 characters. PASSPROMPT _au_pass, !_au_minpasslen,, !_au_prompt & "Enter the user password (* for random): " endif setvar _au_parms _au_parms + ';pass=!_au_pass' endif # execute the real altuser command errclear continue altuser !user !_au_parms if hpcierr <= 0 then udcvollog !_au_log, ALTUSER !user !_au_parms endif # Cleanup deletevar _au_@ return Version History(YYMMDD): 05/07/26 JV A.01 Initial version created by Jeff Vance, HP-CSY. End of ALTUSER UDC *** ************* ACCTVS acct_parm, var_parm # (all comments placed at the end of this UDC) errclear setvar _avs_both_ga (pos('.',setvar(_avs_ga_parm,ups('!acct_parm'))) > 0) setvar _avs_acct_parm word(_avs_ga_parm,'.',2) if _avs_acct_parm = "" then # no group name specified setvar _avs_acct_parm _avs_ga_parm endif setvar _avs_eof finfo(hpstdin,'eof') setvar _avs_match FALSE # read acctuvol file while not (_avs_match) and setvar(_avs_eof,_avs_eof-1) >= 0 and & (setvar(_avs_rec,ltrim(rtrim(input()))) = '' or lft(_avs_rec,1) = '#') or & (not (pos('.',setvar(_avs_tok1,ups(word(_avs_rec))))>0 and _avs_both_ga and & setvar(_avs_match,pmatch(_avs_tok1,_avs_ga_parm))) and & not (pos('.',_avs_tok1) = 0 and & setvar(_avs_match,pmatch(_avs_tok1,_avs_acct_parm)))) do endwhile if _avs_match then setvar !var_parm dwns(word(_avs_rec,,-1)) else setvar hpcierr -1 endif # Cleanup deletevar _avs_@ return # comments... # Note: input is redirected to the acctuvol configuration file. # # Arg1 is the name of the account or group.account to be created. # Arg2 is the name of a CI variable to hold the volumeset name if a match for # arg1 is found in the acctuvol config file. If no match is found arg2 # is not set. # # This UDC is called by the NEWGROUP/NEWACCT UDCs to search the ACCTUVOL file # (verified to exist) trying to find the entry matching "acct_parm" (arg1). # If a match is found then the corresponding User Volume setname is returned # (downshifted) in the variable defined by "var_parm". If "acct_parm" is not # found then hpcierr is set to -1. # # The file format is: # # comments and/or blank lines are permitted # grpname.acctname user_volumeset_name0 # grp@.acctname user_volumeset_name1 # acctname1 user_volumeset_name1 # acctname2 user_volumeset_name2 # @acct@ user_volumeset_name3 # ... # @ catchall_volume_set # # Searching in ACCTUVOL stops on the first [grp.]acct match, so specific # entries should precede generic (wildcard) entries. # # Spaces or tabs must separate the account name from the volset name. # # Version History (YYMMDD): 98/11/21 JV re-wrote file reading/matching logic to fix a bug so that 2 separate calls are no longer needed by NEWGROUP. Requiring 2 calls caused problems when a generic acct-only file entry (eg '@') matches the specific grp.acct name used in pass 1, thus bypassing the 2nd (acct-only) pass. 98/03/24 JV shrunk while loop for performance and allow blank records 95/08/21 JV added pattern matching for acctnames. 95/08/11 JV converted to 5.5 version using word() etc. 95/08/07 SS minor cosmetic changes. 95/06/22 Created by Jeff Vance, HP-CSY. End of ACCTVS UDC *** ************* APPUVOL file, grp, vs, entry=main OPTION recursion # This routine appends the entry defined by "grp" and "vs" to "file", # where "file" is the User Volumeset Config file, known as "acctuvol". # # The CI cannot just append an entry to a file since typically the eof is # at the file limit. So, we copy the file to a scratch file and append # the new entry. However, if it is possible to do an append without the # copy this optimization is done. if '!entry' = 'main' then if not finfo('!file','exists') then echo Non-existent file: "!file" return endif # see if there is room to append a single record if finfo('!file','eof') < finfo('!file','limit') then # there is room to append at least one record # file format is "group[.acct] uservolset" file appuvol0=!file,old echo !grp ![rpt(' ',17-len('!grp'))] !vs >>*appuvol0 reset appuvol0 return endif # make new file one record larger than "file" setvar _appuvol_tmp './appuvol.tmp0' if finfo(_appuvol_tmp,'exists') then setvar _appuvol_tmp './appuvol.tmpA' if finfo(_appuvol_tmp,'exists') then echo Can't build scratch file to hold contents of "!file" echo ...trying to build "!_appuvol_tmp" return endif endif build !_appuvol_tmp;rec=-80,,f,ascii;disc=![finfo('!file','eof')+1] # copy existing file and append new entry file appuvol0=!_appuvol_tmp,old APPUVOL !file !grp !vs entry=copy_config *appuvol0 # purge original "file" and rename new file back to orig name purge !file # don't use rename, since it won't work on user volumes. copy !_appuvol_tmp,!file purge !_appuvol_tmp reset appuvol0 deletevar _appuvol_@ return elseif '!entry' = 'copy_config' then # expects input redirected to the uvol config file (acctuvol) and output # redirected to the new config file. # copy the existing file to the new file setvar _appuvol_eof finfo(hpstdin,'eof') while setvar(_appuvol_eof,_appuvol_eof-1) >= 0 do echo ![input()] endwhile # append the new entry # file format is "group[.acct] uservolset" echo !grp ![rpt(' ',17-len('!grp'))] !vs return endif return # End of APPUVOL UDC *** ************* SKIPTEST # (comments at end) # assign default value setvar _skip_test "JOB UDC PGM" if bound(_USERVOL_SKIP) if typeof(_uservol_skip) = 2 then setvar _skip_test ups(_uservol_skip) else echo _USERVOL_SKIP CI variable must be a string set to "", "JOB", echo "UDC", "PGM" or combinations. "JOB UDC PGM" is assumed. endif endif setvar hpcierr 0 if (pos('JOB',_skip_test) > 0 and hpjobtype = 'J') or & (pos('UDC',_skip_test) > 0 and hpusercmdepth > 2) or & (pos('SES',_skip_test) > 0 and hpjobtype = 'S') or & (pos('MPEX',_skip_test) > 0 and bound(insidempex) and insidempex = 1) then setvar hpcierr 1 elseif pos('PGM',_skip_test) > 0 then # more difficult test for PGM file skiptst=./_skiptst;msg continue showproc !hppin >*skiptst if hpcierr = 0 then input _skip_rec <*skiptst input _skip_rec <*skiptst input _skip_rec <*skiptst # see if program name vs. :command if lft(word(_skip_rec," ", 6),1) <> ":" then setvar hpcierr 1 endif deletevar _skip_rec else echo SKIPTEST: showproc error: !hpcierr print *skiptst setvar hpcierr 1 endif reset skiptst endif deletevar _skip_test return # comments... # This UDC decides if the calling UDC should pass-thru the command to the real # CI command, or should continue to execute, based on the value of the # _USERVOL_SKIP variable. Expected _USERVOL_SKIP values are: # JOB -- meaning skip the UDC if executed in a job # UDC -- meaning skip the UDC if executed from within another UDC # PGM -- meaning skip the UDC if executed programmatically. # SES -- meaning skip the UDC if executed from a session (debugging) # MPEX-- meaning skip the UDC if executed from inside MPEX (special) # Combinations of the above values are permitted. If _USERVOL_SKIP is # not defined the default value is assumed to be: "JOB UDC PGM". # # HPCIERR is set to 1 if the calling UDC should pass-thru to the real command, # ie. should not continue to execute. End of SKIPTEST UDC ************* PASSPROMPT varname, minlen, maxlen=8, do_prompt=true, & prompt="Enter the password (* for random): " # This UDC prompts the user for a password of "minlen" up "maxlen" characters # long. The user must enter a valid password, or "*" to generate a pseudo # random password. If the user is not interactive or the "do_prompt" parameter # is false then a random password is automatically assigned. The password is # returned in the "varname" parm. 'Quit' or 'Exit' escapes. # if not (hpinteractive and !do_prompt) then # just get a random password echo Random password assigned. RANDNAME _pass !minlen !maxlen else setvar _pass_ok false while not _pass_ok do setvar _pass ups(ltrim(rtrim(input("!prompt")))) if _pass="Q" or _pass="QUIT" or _pass="E" or _pass="EXIT" then escape endif if _pass = "*" then echo Random password assigned. RANDNAME _pass !minlen !maxlen setvar _pass_ok true elseif _pass = "" then echo A password value is required. elseif len(_pass) < !minlen or len(_pass) > !maxlen then echo The password must be between !minlen..!maxlen characters long. elseif not alpha(lft(_pass,1)) then echo The password must begin with a letter. elseif not alphanum(_pass) then echo The password must only contain alphanumeric characters. else setvar _pass_ok true endif endwhile deletevar _pass_ok endif # return a valid password to caller setvar !varname _pass deletevar _pass ************* RANDNAME varname minlen maxlen=8 echo=false # This UDC produces a pseudo random name of minlen up to maxlen letters and # numbers, starting with a letter. The name is returned in the variable named # by the "varname" parm. The random name is echoed to STDLIST depending on # the "echo" parm. # # expression for a `random' letter: setvar _rand_letter "chr((hpcpumsecs mod 26)+ord('A'))" # expression for a `random' number: setvar _rand_number "chr((hpcpumsecs mod 10)+ord('0'))" # first character must be a letter setvar !varname !_rand_letter # now fill in the rest, must have at least "minlen" chars , up to "maxlen" setvar _rand_i 1 setvar _rand_limit min((hpcpumsecs mod !maxlen)+!minlen, !maxlen) while setvar(_rand_i,_rand_i+1) <= _rand_limit do if odd(hpcpumsecs) then setvar !varname !varname + !_rand_letter else setvar !varname !varname + !_rand_number endif endwhile if !echo then echo !"!varname" endif deletevar _rand_@ ************* UDCVOLLOG logf="-None" ANYPARM entry # (comments at end) if "!logf" = "-None" then return endif if not finfo("!logf","exists") then echo echo ***** E R R O R ***************************************** echo Non-existent logfile: !logf echo (or user lacks TD, traverse directory, permission to a subdirectory) echo echo Build this file or set the _USERVOL_LOGFILE variable to the desired & logfile. echo Consider: echo :build !logf;rec=-512,,f,ascii;disc=10000 echo Remember the file security needs to grant write access to the AM users echo and probably deny read access to everyone. Intermediate directories echo need TD access. echo echo Command "!entry" terminated... echo *********************************************************** echo escape endif setvar _log_entry anyparm(!entry) # replace ;pass=value with "***" if setvar(_log_pos,pos(";pass=",_log_entry)) > 0 and & setvar(_log_pass,word(_log_entry,,2,,_log_pos+5)) <> "" then setvar _log_entry repl(_log_entry,';pass=!_log_pass',';pass=***') deletevar _log_pass endif file udcvollg=!logf,old # create log record, format described below setvar _log_entry hpyyyymmdd+":"+lft(hphhmmssmmm,4)+":#!hpjobtype!hpjobnum:"& +"!hpuser.!hpaccount:"+_log_entry echo !_log_entry >>*udcvollg reset udcvollg deletevar _log_pos, _log_entry return # comments... # This UDC writes "entry" to "logf", which is the name of a world-writeable log # file. The full "logf" pathname must previously exist -- no subdirectories or # the filename are created here. For security reasons passwords are replaced # with 3 asterisks ("***"). # # CAUTION!!!!!! # Although users of these UDCs need write access to the log file, it may be # important to deny *read* access to everyone (SM will be able to override) # to prevent ordinary users from being able to learn account, group and user # names. In many circusmtances the AM will not be able to access (read or # write) this file without first altering it's security. The default security # for a file created in the POSIX namespace is an ACD defined as: RACD:@.@, # and nothing more. SM will be fine but logging will break for the AM in # this situation. # # If you want to use a logfile in the POSIX namespace here's a reasonable # way to create it: # :newdir /tmp/UDCVOL # :build /tmp/UDCVOL/log # :altsec /tmp/UDCVOL ;repacd=(racd,td,rd:@.@) # :altsec /tmp/UDCVOL/log;repacd=(racd,w:@.@) # # or via the shell: # $mkdir /tmp/UDCVOL # $touch /tmp/UDCVOL/log # $chmod 555 /tmp/UDCVOL # $chmod 662 /tmp/UDCVOL/log # # Log record format: "yyyymmdd:hhmm:#J|Snnnn:creator:command image" # # Note: creator is user.account of the current user. # Note: a "logf" value passed in as "" (empty) means logging is suppressed. # # Programming note: the 1st parm is required but has the default of "-None", # which is an illegal POSIX and MPE filename. This allows the callers to pass # in "" in the case where the _USERVOL_LOGFILE variable is set to "" to # suppress logging. # Programming note: "entry" (except for the command name) has been downshifted # by all callers. # End of UDCVOLLOG UDC *** *************