10 ! [LOMASKY.SYS.AUTO_SET_PASSWORD]VMS_V5_SET_PASSWORD_EMULATOR.BAS ! ! When executed at LOGIN time via SYLOGIN.COM, this program will ! see if the UAF for the username running this program has an ! expired password. If so, it will force the user into SET PASSWORD. ! Generated passwords, as well as secondary passwords, are handled. ! ! Control/C and Control/Y are disabled while this program is running. ! ! Note that no privileges are required to use this program. ! ! ====> VMS_V5_SET_PASSWORD_EMULATOR.EXE must have W:E protection <==== ! ! ====> Must be linked with UAIDEF and OUT_OF_BAND_AST_HANDLER <==== ! ! Compile and Link VMS_V5_SET_PASSWORD_EMULATOR.BAS as follows: ! @VMS_V5_SET_PASSWORD_EMULATOR.COM ! ! ----- Last Change 05/27/88 by Brian Lomasky ----- OPTION TYPE = EXPLICIT %LET %DEBUG = 0% ! 1 IF DEBUG, 0 IF NO DEBUG ON ERROR GOTO ERROR_ROUTINE ! TRAP ALL ERRORS ! ----- SYSTEM SERVICE ERROR CODES AND FUNCTION VALUES ----- EXTERNAL LONG CONSTANT IO$_SETMODE ! QIOW VALUE FOR MODE SETTING EXTERNAL LONG CONSTANT IO$M_OUTBAND ! QIOW VALUE FOR OUT-OF-BAND AST EXTERNAL LONG CONSTANT JPI$_USERNAME ! USERNAME FOR $GETJPI EXTERNAL LONG CONSTANT UAI$_ENCRYPT2 ! SECONDARY ENCRYPTION SEED EXTERNAL LONG CONSTANT UAI$_FLAGS ! UAF FLAGS FOR $GETUAI EXTERNAL LONG CONSTANT UAI$V_GENPWD ! GENERATED PASSWORDS ARE USED EXTERNAL LONG CONSTANT UAI$V_LOCKPWD ! DISABLE SET PASSWORD COMMAND EXTERNAL LONG CONSTANT UAI$V_PWD_EXPIRED! PRIMARY PASSWORD HAS EXPIRED EXTERNAL LONG CONSTANT UAI$V_PWD2_EXPIRED! SECONDARY PASSWORD EXPIRED EXTERNAL LONG CONSTANT SS$_NORMAL ! NORMAL SUCCESS STATUS DECLARE LONG CONSTANT TRUE = (1% = 1%) DECLARE LONG CONSTANT FALSE = NOT TRUE DECLARE LONG CONSTANT STRIP_HIGH_BIT = 268435455% ! ----- TO RETURN ERROR (0) IN $STATUS BUT HAVE NO MESSAGE ----- ! ----- DISPLAYED ON THE SCREEN, ALSO SET BIT 28 (HEX 10000000) IN ----- ! ----- THE VALUE YOU PASS TO SYS$EXIT ----- DECLARE LONG CONSTANT ERROR_WITH_NO_PUTMSG = 0% OR X"10000000"L RECORD CHARACTER_MASK ! OUT-OF-BAND AST CHARACTER MASK LONG MUST_BE_ZERO LONG OUT_OF_BAND_CHAR END RECORD CHARACTER_MASK RECORD JPIBUF ! $GETJPI RECORD WORD BUFFER_LENGTH1 WORD ITEM_CODE1 LONG BUFFER_ADDRESS1 LONG RETURN_LENGTH_ADDRESS1 LONG LIST_TERMINATOR END RECORD JPIBUF RECORD UAIBUF ! $GETUAI RECORD WORD BUFFER_LENGTH1 WORD ITEM_CODE1 LONG BUFFER_ADDRESS1 LONG RETURN_LENGTH_ADDRESS1 WORD BUFFER_LENGTH2 WORD ITEM_CODE2 LONG BUFFER_ADDRESS2 LONG RETURN_LENGTH_ADDRESS2 LONG LIST_TERMINATOR END RECORD UAIBUF DECLARE LONG COMPLETION_STATUS ! COMPLETION STATUS FOR SPAWN DECLARE STRING ERROR_LINE ! ERROR LINE DESCRIPTION ERROR_LINE = "INIT" ! INIT ERROR DESCRIPTION DECLARE STRING GENERATE_OPTION ! /GENERATE IF GENERATED PWDS DECLARE JPIBUF JPIITEM ! EQUATE $GETJPI RECORD DECLARE LONG LOOP_COUNTER ! COUNT OF LOOP ITERATIONS DECLARE WORD QIO_CHNL ! CHANNEL NUMBER FOR QIOW DECLARE LONG QIO_FUNC ! QIOW FUNCTION VALUE DIM WORD QIO_IOSB(3%) ! QIOW STATUS BLOCK DECLARE CHARACTER_MASK QIO_MASK ! OUT-OF-BAND AST CHARACTER MASK DECLARE WORD SAVE_ERR ! SAVED ERROR NUMBER DECLARE LONG SYS_STATUS ! SYSTEM SERVICE STATUS DECLARE LONG TEMP ! TEMPORARY DECLARE STRING TEMP_STRING ! TEMPORARY DECLARE WORD UAF_ENCRYPT2_LENGTH ! LENGTH OF UAF_ENCRYPT2 DECLARE WORD UAF_FLAGS_LENGTH ! LENGTH OF UAF FLAGS DECLARE UAIBUF UAIITEM ! EQUATE $GETUAI RECORD DECLARE WORD USERNAME_LENGTH ! LENGTH OF USERNAME MAP (GETJPI) STRING USERNAME = 12% ! USERNAME VIA $GETJPI MAP (GETUAI) LONG UAF_FLAGS, ! UAF FLAGS VIA $GETUAI & LONG UAF_ENCRYPT2 ! SECONDARY PW ENCRYPTION SEED EXTERNAL LONG OUT_OF_BAND_AST_HANDLER ! OUT-OF-BAND AST HANDLER EXTERNAL LONG FUNCTION LIB$SPAWN ! SPAWN EXTERNAL SUB LIB$STOP(LONG BY VALUE) ! STOP PROGRAM EXTERNAL LONG FUNCTION SYS$ASSIGN ! ASSIGN I/O CHANNEL EXTERNAL LONG FUNCTION SYS$EXIT ! EXIT PROCESS WITH STATUS EXTERNAL LONG FUNCTION SYS$GETJPI ! GET JOB INFORMATION EXTERNAL LONG FUNCTION SYS$GETUAI ! GET UAF INFORMATION EXTERNAL LONG FUNCTION SYS$QIOW ! QUEUE I/O REQUEST AND WAIT ! ----- USE THE SETMODE QUI ENABLE OUT-OF-BAND ASYNCHRONOUS ----- ! ----- SYSTEM TRAP (AST) FUNCTION MODIFIER TO ESTABLISH AN ----- ! ----- AST ROUTINE THAT RESPONDS TO CONTROL/C AND CONTROL/Y ----- ! ----- CHARACTERS ----- SYS_STATUS = SYS$ASSIGN("TT",QIO_CHNL,,)! ASSIGN A CHANNEL TO TERMINAL CALL LIB$STOP(SYS_STATUS) IF (SYS_STATUS AND 1%) = 0% QIO_FUNC = IO$_SETMODE OR IO$M_OUTBAND ! INITIALIZE QIOW FUNCTION CODE ! ----- INIT MASK TO ENABLE CTRL/C AND CTRL/Y TRAPPING ----- ! ----- (BIT NUMBER = BINARY VALUE OF THE CONTROL CHARACTER) ----- QIO_MASK::MUST_BE_ZERO = 0% QIO_MASK::OUT_OF_BAND_CHAR = 2% ** 3% OR 2% ** 25% ! ----- CALL THE QIOW SERVICE TO ENABLE THE OUT-OF-BAND AST. ----- ! ----- NOTE THAT OUT-OF-BAND ASTS ARE REPEATING ASTS; THEY ----- ! ----- CONTINUE TO BE DELIVERED UNTIL SPECIFICALLY DISABLED. ----- SYS_STATUS = SYS$QIOW(, QIO_CHNL BY VALUE, & QIO_FUNC BY VALUE, & QIO_IOSB() BY REF, , , & OUT_OF_BAND_AST_HANDLER BY REF, & QIO_MASK BY REF, , , ,) SYS_STATUS = QIO_IOSB(0%) IF (SYS_STATUS AND 1%) = 1% IF (SYS_STATUS AND 1%) = 0% THEN PRINT PRINT "VMS_V5_SET_PASSWORD_EMULATOR:QIOW ERROR: "; SYS_STATUS PRINT "Notify your VAX System Manager"; BEL CALL LIB$STOP(SYS_STATUS BY VALUE) END IF ! ----- GET USER'S USERNAME ----- JPIITEM::BUFFER_LENGTH1 = 12% ! STORE DATA FOR $GETJPI JPIITEM::ITEM_CODE1 = JPI$_USERNAME JPIITEM::BUFFER_ADDRESS1 = LOC(USERNAME) JPIITEM::RETURN_LENGTH_ADDRESS1 = LOC(USERNAME_LENGTH) JPIITEM::LIST_TERMINATOR = 0% ERROR_LINE = "GET JPI" SYS_STATUS = SYS$GETJPI(, , , JPIITEM, , , ) IF SYS_STATUS <> SS$_NORMAL THEN PRINT PRINT "VMS_V5_SET_PASSWORD_EMULATOR:GETJPI ERROR: "; SYS_STATUS PRINT "Notify your VAX System Manager"; BEL CALL LIB$STOP(SYS_STATUS BY VALUE) END IF IF USERNAME_LENGTH = 0% THEN PRINT PRINT "VMS_V5_SET_PASSWORD_EMULATOR ERROR: NO USERNAME" PRINT "Notify your VAX System Manager"; BEL ! ----- RETURN ERROR STATUS ----- CALL SYS$EXIT(ERROR_WITH_NO_PUTMSG BY VALUE) END IF ! ----- READ UAF RECORD FOR THIS USERNAME ----- UAIITEM::BUFFER_LENGTH1 = 4% ! STORE DATA FOR $GETUAI UAIITEM::ITEM_CODE1 = UAI$_FLAGS UAIITEM::BUFFER_ADDRESS1 = LOC(UAF_FLAGS) UAIITEM::RETURN_LENGTH_ADDRESS1 = LOC(UAF_FLAGS_LENGTH) UAIITEM::BUFFER_LENGTH2 = 4% UAIITEM::ITEM_CODE2 = UAI$_ENCRYPT2 UAIITEM::BUFFER_ADDRESS2 = LOC(UAF_ENCRYPT2) UAIITEM::RETURN_LENGTH_ADDRESS2 = LOC(UAF_ENCRYPT2_LENGTH) UAIITEM::LIST_TERMINATOR = 0% SYS_STATUS = SYS$GETUAI(, , USERNAME, UAIITEM, , , ) IF SYS_STATUS <> SS$_NORMAL THEN PRINT PRINT "VMS_V5_SET_PASSWORD_EMULATOR GETUAI ERROR: "; SYS_STATUS PRINT "Notify your VAX System Manager"; BEL CALL LIB$STOP(SYS_STATUS BY VALUE) END IF %IF %DEBUG = 1% %THEN PRINT "DEBUG>UAF_FLAGS="; UAF_FLAGS PRINT "DEBUG>UAI$V_LOCKPWD="; UAI$V_LOCKPWD PRINT "DEBUG>UAI$V_GENPWD="; UAI$V_GENPWD PRINT "DEBUG>UAI$V_PWD_EXPIRED="; UAI$V_PWD_EXPIRED PRINT "DEBUG>UAI$V_PWD2_EXPIRED="; UAI$V_PWD2_EXPIRED %END %IF ! ----- SEE IF "SET PASSWORD" IS DISABLED ----- IF (UAF_FLAGS AND 2% ** UAI$V_LOCKPWD) <> 0% THEN ERROR_LINE = "EXIT PROGRAM" CALL SYS$EXIT(1% BY VALUE) ! RETURN SUCCESS STATUS END IF ! ----- SEE IF GENERATED PASSWORDS ARE REQUIRED ----- IF (UAF_FLAGS AND 2% ** UAI$V_GENPWD) <> 0% THEN GENERATE_OPTION = "/GENERATE" ELSE GENERATE_OPTION = "" END IF ! ----- SEE IF PRIMARY PASSWORD IS EXPIRED ----- IF (UAF_FLAGS AND 2% ** UAI$V_PWD_EXPIRED) <> 0% THEN ERROR_LINE = "CHANGE PRIMARY" PRINT PRINT "---------------------------------------------"; & "---------------------------------" PRINT "| "; & " |" PRINT "| You must now change your expired password. "; & " |" PRINT "| "; & " |" PRINT "| To change your password, you must enter the"; & " following information when the |" PRINT "| computer prompts you for them. "; & " |" PRINT "| "; & " |" PRINT "| Your response is described within the angle"; & " brackets (< >) - Do not type |" PRINT "| in the angle brackets as part of your respo"; & "nse. |" PRINT "| "; & " |" PRINT "| Note that none of the typed data appears on"; & " the screen - This is for |" PRINT "| security reasons. "; & " |" PRINT "| "; & " |" IF GENERATE_OPTION = "" THEN PRINT "| Old password: |" PRINT "| New password: |" PRINT "| Verification: |" ELSE PRINT "| Old password: |" PRINT "| "; & " |" PRINT "| |" PRINT "| "; & " |" PRINT "| Choose a password from this list, o"; & "r press RETURN to get a new list |" PRINT "| New password: |" PRINT "| Verification: |" END IF PRINT "| "; & " |" PRINT "---------------------------------------------"; & "---------------------------------" PRINT PRINT ! ----- SPAWN THE DCL SET PASSWORD COMMAND ----- TEMP_STRING = "$SET PASSWORD" + GENERATE_OPTION SYS_STATUS = 0% ! SO LOOP WILL EXECUTE LOOP_COUNTER = 0% ! SO LOOP WILL ITERATE ! ----- LOOP UNTIL PASSWORD WAS CHANGED OR USER IS AN IDIOT ---- WHILE (SYS_STATUS AND 1%) = 0% AND LOOP_COUNTER < 12% LOOP_COUNTER = LOOP_COUNTER + 1% SYS_STATUS = LIB$SPAWN(TEMP_STRING BY DESC, , & , , , , COMPLETION_STATUS BY REF) IF (SYS_STATUS AND 1%) = 0% THEN PRINT PRINT "VMS_V5_SET_PASSWORD_EMULATOR"; & " SPAWN ERROR: "; SYS_STATUS PRINT "Notify your VAX System Manager"; BEL CALL LIB$STOP(SYS_STATUS BY VALUE) END IF SYS_STATUS = COMPLETION_STATUS AND STRIP_HIGH_BIT IF (SYS_STATUS AND 1%) = 0% THEN PRINT PRINT "--------------------------"; & "------------------------"; & "----------------------------" PRINT "| ***"; & " Error - Please Try Agai"; & "n *** |" PRINT "--------------------------"; & "------------------------"; & "----------------------------" PRINT BEL PRINT END IF NEXT PRINT END IF ! ----- SEE IF SECONDARY PASSWORD IS EXPIRED ----- IF (UAF_FLAGS AND 2% ** UAI$V_PWD2_EXPIRED) <> 0% THEN ! ----- CAN'T CHANGE SECONDARY PASSWORD IF NEVER ENABLED ----- IF UAF_ENCRYPT2 = 0% THEN ERROR_LINE = "EXIT PROGRAM" PRINT PRINT "(Note: Can't change SECONDARY"; & " password since it has never been enabled)" PRINT " Please immediately notify your"; & " VAX System Manager"; BEL PRINT ! ----- RETURN SUCCESS STATUS ----- CALL SYS$EXIT(1% BY VALUE) END IF ERROR_LINE = "CHANGE SECONDARY" PRINT PRINT "---------------------------------------------"; & "---------------------------------" PRINT "| "; & " |" PRINT "| You must now change your expired SECONDARY "; & "password. |" PRINT "| "; & " |" PRINT "| To change your password, you must enter the"; & " following information when the |" PRINT "| computer prompts you for them. "; & " |" PRINT "| "; & " |" PRINT "| Your response is described within the angle"; & " brackets (< >) - Do not type |" PRINT "| in the angle brackets as part of your respo"; & "nse. |" PRINT "| "; & " |" PRINT "| Note that none of the typed data appears on"; & " the screen - This is for |" PRINT "| security reasons. "; & " |" PRINT "| "; & " |" IF GENERATE_OPTION = "" THEN PRINT "| Old password: |" PRINT "| New password: |" PRINT "| Verification: |" ELSE PRINT "| Old password: |" PRINT "| "; & " |" PRINT "| |" PRINT "| "; & " |" PRINT "| Choose a password from this list, o"; & "r press RETURN to get a new list |" PRINT "| New password: |" PRINT "| Verification: |" END IF PRINT "| "; & " |" PRINT "---------------------------------------------"; & "---------------------------------" PRINT PRINT ! ----- SPAWN THE DCL SET PASSWORD/SECONDARY COMMAND ----- TEMP_STRING = "$SET PASSWORD/SECONDARY" + GENERATE_OPTION SYS_STATUS = 0% ! SO LOOP WILL EXECUTE LOOP_COUNTER = 0% ! SO LOOP WILL ITERATE ! ----- LOOP UNTIL PASSWORD WAS CHANGED OR USER IS AN IDIOT ---- WHILE (SYS_STATUS AND 1%) = 0% AND LOOP_COUNTER < 12% LOOP_COUNTER = LOOP_COUNTER + 1% SYS_STATUS = LIB$SPAWN(TEMP_STRING BY DESC, , & , , , , COMPLETION_STATUS BY REF) IF (SYS_STATUS AND 1%) = 0% THEN PRINT PRINT "VMS_V5_SET_PASSWORD_EMULATOR"; & " SPAWN ERROR: "; SYS_STATUS PRINT "Notify your VAX System Manager"; BEL CALL LIB$STOP(SYS_STATUS BY VALUE) END IF SYS_STATUS = COMPLETION_STATUS AND STRIP_HIGH_BIT IF (SYS_STATUS AND 1%) = 0% THEN PRINT PRINT "--------------------------"; & "------------------------"; & "----------------------------" PRINT "| ***"; & " Error - Please Try Agai"; & "n *** |" PRINT "--------------------------"; & "------------------------"; & "----------------------------" PRINT BEL PRINT END IF NEXT PRINT END IF ! ---- DONE ----- ERROR_LINE = "END PROGRAM" CALL SYS$EXIT(1% BY VALUE) ! RETURN SUCCESS STATUS GOTO END_PROGRAM ERROR_ROUTINE: SAVE_ERR = ERR RESUME ERROR_PROCESSING ERROR_PROCESSING: PRINT PRINT "Unexpected error"; SAVE_ERR; & "in VMS_V5_SET_PASSWORD_EMULATOR"; BEL PRINT "After Error Line: "; ERROR_LINE PRINT "Notify your VAX System Manager"; BEL PRINT ERT$(SAVE_ERR) ! ----- RETURN ERROR STATUS ----- CALL SYS$EXIT(ERROR_WITH_NO_PUTMSG BY VALUE) END_PROGRAM: END