# Author: Paul Christidis e-mail: Christidis@raytheon.com # Original Version: 2001.06.27 Date: 06/27/2001 # Modified Version: 2002.10.11 Date: 10/11/2002 # # This is an enhancement of the command file posted by Jeff Vance on the # HP3000-L list. A site can 'configure' the number of sessions allowed to # logon to an account using Account_User_Jobname, Account_User, or Account # limits. The 'limit' CAN also be applied to sessions originating on the # same IP address. # 2002/10/03: Added code to enable usage of GREP or FCOPY for extracting # the 'setvar' statements. GREP is more flexible in terms of 'case' and # variable position within the 'joblimit' file. # 2002/10/11: Sites with large number of concurrent users could have the # variable returned by JOBCNT 'overflow'. In that case the 'showjob' # command is used to extract the qualifying session numbers and an attempt # is made to determine their corresponding IP address. # # Configuration information is kept in an ASCII file "joblimit" comprised # of 'setvar' commands, for each MPE account, MPE user or Session name. It # should adhere to the following format: (Using the SYS account as example) # SETVAR SYS_MANAGER_XTIDIS_limit 3 # SETVAR SYS_MANAGER_limit 2 # SETVAR SYS_limit 1 # # NOTE 1: Suffix of '_limit' is required, as is UPPER case (If using FCOPY). # NOTE 2: Setting 'Account_limit' to 0, BLOCKS access to that account. # NOTE 3: A negative setting equals to NO limit. # <----------------------------------------------------> #--- 'Skip' batch jobs and some 'select' users. if hpJobType = "J" OR LFT(hpUser,4) = "PROG" & OR POS("!hpUser#","MANAGER#,MGR#") <> 0 then RETURN endif #-- #--- Set initial/default variable values. (See comments @ file's end) #-- setvar _lg_DEFAULT_LIMIT 1 setvar _lg_This_Limit _lg_DEFAULT_LIMIT setvar _lg_Limits_File "JOBLIMIT.PUB.SYS" setvar _lg_Select "!hpJobName,!hpUser.!hpAccount" setvar _lg_Limit_at_Acct FALSE setvar _lg_Limit_by_IP FALSE setvar _lg_Use_FCOPY FALSE if _lg_Use_FCOPY then setvar _lg_Extract 'FCOPY from=!_lg_Limits_File' + & ';to=$newpass;new;subset="![hpAccount]_",8 > $null' else setvar _lg_Limits_File FINFO(_lg_Limits_File,"posixfullfname") setvar _lg_Extract & "GREP.HPBIN.SYS '-i "" ![hpAccount]_"" !_lg_Limits_File' >$newpass" endif #-- #--- Next flag indicates whether the 'jobname' portion of the logon #--- should be used by 'JOBCNT' when 'limit' is set at the 'account' #--- or the 'account_user' level. #-- setvar _lg_Use_JobName TRUE #-- #--- Determine if a 'special' limit is configured for this user. #-- if FINFO(_lg_Limits_File, "exists") then purge $oldpass > $null continue !_lg_Extract if FINFO("$OLDPASS", "exists") AND & FINFO("$OLDPASS", "eof" ) > 0 then xeq $oldpass #-- if BOUND(![hpAccount]_![hpUser]_![hpJobName]_limit) then setvar _lg_This_Limit ![hpAccount]_![hpUser]_![hpJobName]_limit else if NOT _lg_Use_Jobname then #--- Remove 'jobname' from 'selection' specification setvar _lg_Select _lg_Select - "!hpJobName," endif if BOUND(![hpAccount]_![hpUser]_limit) then setvar _lg_This_Limit ![hpAccount]_![hpUser]_limit elseif BOUND(![hpAccount]_limit) then setvar _lg_This_Limit ![hpAccount]_limit setvar _lg_Limit_at_Acct TRUE endif endif endif endif #-- #--- Find all sessions logged on as "you" (current user). Use 'showjob' #--- method if variable 'overflow' occurs when calling JOBCNT function. #-- setvar _lg_NumSess JOBCNT("@S:!_lg_Select",_lg_SessList) if SETVAR(_lg_Use_SHOWJOB, _lg_NumSess <> WORDCNT(_lg_SessList)) then SHOWJOB JOB=!_lg_Select > xsjlistx setvar _lg_Grep_Select REPL(_lg_Select,".","\.") egrep.hpbin.sys '#S.*!_lg_Grep_Select[[:space:]]' < xsjlistx > xsjlisty setvar _lg_NumSess FINFO("xsjlisty","eof") file xsjlistz;rec=-90;disc=10000;msg;temp print xsjlisty;page=0;out=*xsjlistz reset xsjlistz endif setvar _lg_IpCount _lg_NumSess #-- #--- If There is at least 1 other session logged on as "you" then #--- 'revise' session count IF 'limiting' by IP. #-- if _lg_NumSess > 1 AND _lg_Limit_by_IP then if LEN(hpremipaddr) = 0 then setvar _lg_Limit_by_IP FALSE TELLOP ** *Warning* No HPREMIPADDR available to enforce IP address TELLOP for "!_lg_Select" ** else setvar _lg_IpCount SETVAR(_lg_I, 0) while SETVAR(_lg_I,_lg_I+1) <= _lg_NumSess do if _lg_Use_SHOWJOB then INPUT _lg_Text < xsjlistz setvar _lg_OneSess WORD(_lg_Text) else setvar _lg_OneSess WORD(_lg_SessList,,_lg_I) endif if JINFO(_lg_OneSess,"ipaddr")=HPREMIPADDR then setvar _lg_IpCount _lg_IpCount+1 endif endwhile endif endif #-- if _lg_IpCount > _lg_This_Limit AND _lg_This_Limit >= 0 then echo ![CHR(7)] if _lg_Limit_at_Acct AND _lg_This_Limit = 0 then echo ************************************************************ echo ** Access to this Account/Application has been BLOCKED by ** echo ** the System Administrator due to management's direction ** echo ** or due to urgent work being performed on the server. ** echo ************************************************************ else echo ** Exceeded # of sessions allowed to 'logon' as: "!_lg_Select" ** if _lg_Limit_by_IP then echo ** from the same IP address (!HPREMIPADDR). endif endif echo ![CHR(7)] TELLOP Logon Limit Reached for: "!_lg_Select". LIMIT = !_lg_This_Limit BYE endif #-- #--- *** Debug / Clean Up *** #-- if BOUND(traceon) then showvar _lg_@, !hpAccount@_limit if _lg_Use_SHOWJOB then listftemp xsjlist?,2 endif else deletevar _lg_@, !hpAccount@_limit >$null purge xsjlist?,temp;noconfirm > $null endif RETURN