[an error occurred while processing this directive]

HP OpenVMS Systems Documentation

Content starts here

HP OpenVMS System Management Utilities Reference Manual


Previous Contents Index


Appendix B
Customizing the ACL Editor

You can modify the access control list editor (ACL editor) by modifying and recompiling the ACL section file SYS$LIBRARY:ACLEDIT.TPU (the source file used to create the compiled ACL section file SYS$LIBRARY:ACLEDT$SECTION.TPU$SECTION). You can also create your own ACL section file.

Refer to the DEC Text Processing Utility Reference Manual for more information about writing and processing section files.

B.1 Modifying Variables in the ACL Section File

Table B-1 lists the ACL section file variables and their defaults.

Table B-1 ACL Section File Variables
Variable Meaning
ACLEDIT$X_CHECK_DUPLICATES Controls whether a check for duplicate ACEs is made. This variable can take the following values:
0 No duplicate ACE check is made.
1 A duplicate ACE check is made. If the ACE to be entered matches an existing ACE, an error message is returned. This is the default.
ACLEDIT$X_CHECK_MODIFY Allows or disallows modification of ACEs. This variable can take the following values:
0 The ACE can be modified.
1 The ACE cannot be modified. If an attempt is made to modify the ACE, it is replaced with the original ACE. This is the default.
ACLEDIT$X_DIRECTORY_FILE Indicates whether the object is a directory file. This variable can take the following values:
0 The object is not a directory file.
1 The object is a directory file.
ACLEDIT$X_PASTE_BUFFER Controls whether PASTE buffer support is enabled for VT200 series terminals. This variable can take the following values:
0 PASTE buffer support is disabled. This is the default.
1 PASTE buffer support is enabled.
ACLEDIT$X_PROMPT Controls whether automatic text insertion (prompt mode) is enabled. This variable can take the following values:
0 Prompt mode is disabled.
1 Prompt mode is enabled. This is the default.
ACLEDIT$X_USE_DEFAULT_OPT Controls whether the DEFAULT option can be used with nondirectory ACEs. This variable can take the following values:
0 The DEFAULT option can only be used with ACEs of directory (.DIR) files. This is the default.
1 The DEFAULT option is available for use with ACEs of all object types.
ACLEDIT$C_WINDOW_SHIFT Specifies the number of columns to shift the edit window in the direction wanted, GOLD key and left arrow for a left shift and GOLD key and right arrow for a right shift. The default is 8 columns.

If you modify any of the variables in Table B-1 or change any other part of the ACL section file, recompile the section file with the following command:


$ EDIT/TPU/NOSECTION/COMMAND=SYS$LIBRARY:ACLEDIT

Use the preceding command if you make changes directly to the source code file (SYS$LIBRARY:ACLEDIT) that creates the compiled ACL section file SYS$LIBRARY:ACLEDT$SECTION. If you add a private command file to the existing ACL section file, recompile the section file using the following command:


$ EDIT/TPU/SECTION=SYS$LIBRARY:ACLEDT$SECTION/COMMAND=CUSTOM_ACL.TPU

The compiled DECtpu ACL section file is placed in your current directory. To use the new section file, perform one of the following actions:

  • Move the compiled section file, ACLEDT$SECTION.TPU$SECTION, to the SYS$LIBRARY directory. This changes the default ACL editor section file for all users.
  • Keep the compiled section file in your directory and define the logical name ACLEDT$SECTION in your LOGIN.COM file to point to the file, as follows:


    $ DEFINE ACLEDT$SECTION yourdisk:[yourdir]ACLEDT$SECTION
    

Note that the default file type for the section file before compiling (the source file) is TPU, and the default file type for the compiled section file is TPU$SECTION.

For more information about writing and processing a DECtpu section file, refer to the DEC Text Processing Utility Reference Manual.

B.2 Using the ACL Editor CALL_USER Routine

The ACL editor CALL_USER routine is part of the shareable image SYS$LIBRARY:ACLEDTSHR.EXE. You can incorporate the ACL editor CALL_USER routine with its existing function codes into your own ACL section file, or you can write your own CALL_USER routine that recognizes a different set of function codes.

The ACL editor CALL_USER routine recognizes only those functions used by the ACL editor DECtpu section file. All other function codes are passed to a user-supplied CALL_USER routine; if the high-order word of the CALL_USER function code contains the ACL editor facility code (277 in decimal or 115 in hexadecimal), it is handled by the ACL editor CALL_USER routine. Otherwise, an attempt is made to locate a user-supplied CALL_USER routine. Refer to the description of the CALL_USER routine in the DEC Text Processing Utility Reference Manual for more information about creating your own CALL_USER routine.

Table B-2 describes the CALL_USER routine function codes supported by the ACL editor.

Table B-2 CALL_USER Function Codes
Function
Code
Mnemonic Description
18153473 ACLEDIT$C_PARSE_ACE Parses the input string (ACE) and returns the parsed (binary) ACE if no errors are found. Otherwise, the returned string contains a zero as the first two characters, and the unparsed portion of the input ACE as the remainder of the string.
18153474 ACLEDIT$C_CHECK_MODIFY Returns the string "READ_WRITE" if the ACE can be modified by the user. Otherwise, returns the string "READ_ONLY."
18153475 ACLEDIT$C_PROMPT_MODE Returns the string "PROMPT_MODE" if the prompt mode option was specified. Otherwise, returns the string "NOPROMPT_MODE."
18153476 ACLEDIT$C_CHECK_ACE Parses the input string (ACE) and returns the parsed (binary) ACE if no errors are found. Otherwise, the ACE text is highlighted in reverse video and a DECtpu variable of the form ACLEDIT$X_RANGE_x is created to identify the ACE in error. (The "x" is a sequential number starting with 1.)
18153477 ACLEDIT$C_CHECK_DIR Returns the string "DIRECTORY_FILE" if the object being edited is a directory file. Otherwise, returns the string "NODIRECTORY_FILE."
18153478 ACLEDIT$C_SET_CANDIDATE Parses the input string (ACE) and returns the string "PARSE_OK" if no error was encountered. Otherwise, returns the string "PARSE_ERROR." If the parse was successful, a check is made for duplicate ACEs using the CALL_USER function ACLEDIT$C_CHECK_DUP.
18153479 ACLEDIT$C_CHECK_DUP Parses the input string (ACE) and returns the string "PARSE_ERROR" if an error was encountered. Otherwise, the parsed (binary) ACE is compared with the candidate ACE set by the CALL_USER function ACLEDIT$C_SET_CANDIDATE. Returns the string "DUPLICATE_ACE" if the ACE is a duplicate, or "UNIQUE_ACE" if it is not a duplicate.
18153482 ACLEDIT$C_MESSAGE Assumes the input string is a system error code and returns in the ACL editor message window the message text associated with the error code.


Appendix C
Accounting Information for Programmers

Table C-1 gives a summary of the system services that relate to accounting. No system service reads accounting files; to do this you must use knowledge of the structure of accounting files.

Table C-1 Summary of Accounting System Services
System Service Description
$CREPRC Creates a process in which accounting can be disabled.
$SNDJBC Controls what resources are logged in the current accounting file, or logs a user-defined record in the current accounting file.

This appendix describes the structure of an accounting file. It is for programmers who want to access accounting data directly.

Note

The formats described here are subject to change without notice in a future release.

The symbols and offsets described in this appendix are defined by the $ACRDEF macro in the STARLET library.

C.1 Format of an Accounting File Record

An accounting record consists of an accounting record header and a number of information packets. The number and type of information packets depend on the type of the record.

Figure C-1 illustrates the general format of an accounting record. Table C-2 describes the fields in the record header. The type field in the record header is subdivided into five fields, described in Table C-3.

Figure C-1 Format of an Accounting Record


Table C-2 Fields in an Accounting Record Header
Symbolic Offset Description
ACR$W_TYPE Identifies the type of the record. This field is subdivided into five fields, described in Table C-3. (word)
ACR$W_LENGTH Total length of the record, in bytes. (word)
ACR$Q_SYSTIME System time (64-bit absolute time). (quadword)

Table C-3 ACR$W_TYPE Fields in an Accounting Record Header
Symbolic Offset Description
ACR$V_PACKET Identifies this header as a record header. This bit must be 0. (1 bit)
ACR$V_TYPE Identifies the type of the record. The eight record types are described in Table C-4. (7 bits)
ACR$V_SUBTYPE Identifies the type of process with which the record is associated. The subtypes (4 bits) are:
Symbol Meaning
ACR$K_BATCH Batch process
ACR$K_DETACHED Detached process
ACR$K_INTERACTIVE Interactive process
ACR$K_NETWORK Network process
ACR$K_SUBPROCESS Subprocess

Note that this field is only meaningful for records of type ACR$K_IMGDEL and ACR$K_PRCDEL.

ACR$V_VERSION Identifies the version of the accounting file record structure. The versions (3 bits) are:
Symbol Meaning
ACR$K_VERSION2 VAX/VMS Version 2.0
ACR$K_VERSION3T VAX/VMS Version 3.0 field test
ACR$K_VERSION3 OpenVMS Alpha Version 1.0 and VAX/VMS Version 3.0 and later versions of Alpha and VAX
ACR$V_CUSTOMER Identifies whether the record was written by HP software or by customer software. If this bit is 0, the record was written by HP software. If this bit is 1, the record was written by customer software. (1 bit)

Note

ACR$K_CURVER = Current version. Set equal to ACR$K_VERSION3 in this release.

C.1.1 Types of Accounting Record

The type of an accounting record identifies the type of event that caused the record to be logged. The eight types of accounting records are shown in Table C-4. This table shows the information packets contained in each type of record.

Table C-4 Types of Accounting Record
Symbol Event Information Packets
ACR$K_FILE_BL The accounting file was opened ACR$K_FILENAME
ACR$K_FILE_FL The accounting file was closed ACR$K_FILENAME
ACR$K_IMGDEL An image terminated ACR$K_ID
ACR$K_RESOURCE
ACR$K_IMAGENAME
ACR$K_LOGFAIL A login attempt failed ACR$K_ID
ACR$K_RESOURCE
ACR$K_PRCDEL A process terminated ACR$K_ID
ACR$K_RESOURCE
ACR$K_PRINT A print job finished ACR$K_ID
ACR$K_PRINT
ACR$K_SYSINIT The system was initialized ACR$K_ID
ACR$K_RESOURCE
ACR$K_USER An accounting message was sent by the $SNDJBC system service ACR$K_ID
ACR$K_USER_DATA

C.1.2 Format of an Information Packet

The header, in each of the six types of information packets, defines the type of packet as follows:

  • File name packet (ACR$K_FILENAME)
  • Identification packet (ACR$K_ID)
  • Image name packet (ACR$K_IMAGENAME)
  • Print resource packet (ACR$K_PRINT)
  • Resource packet (ACR$K_RESOURCE)
  • User data packet (ACR$K_USER_DATA)

Section C.1.2.1 describes the general format of an information packet. Section C.1.2.2 to Section C.1.2.7 describe the format of each type of information packet.

C.1.2.1 General Format

Each information packet contains a packet header, followed by data fields. The data fields can contain fixed-length data, variable-length data, or offsets to variable-length data. Offsets contain the distance in bytes from the beginning of the packet to the variable-length data.

All variable-length data are represented as counted strings. Variable-length data follow the last fixed-length data field in the packet. Figure C-2 shows the general format of an information packet. An information packet may not have values in all of its data fields.

See Section C.1.2.2 to Section C.1.2.7 for complete descriptions of the data fields contained in each information packet.

All information packets start with a packet header that has ACR$W_LENGTH and ACR$W_TYPE fields (see Table C-5 and Table C-6).

Figure C-2 Format of an Information Packet


Table C-5 Fields in an Information Packet Header
Symbolic Offset Description
ACR$W_TYPE Identifies the type of the packet. This field is subdivided into five fields, described in Table C-6. (word)
ACR$W_LENGTH Total length of the packet, in bytes. (word)

Table C-6 ACR$W_TYPE Fields in an Information Packet Header
Symbolic Offset Description
ACR$V_PACKET Identifies this header as a packet header. This bit must be 1. (1 bit)
ACR$V_TYPE Identifies the type of the packet. The six packet types (7 bits) are:
Symbol Description
ACR$K_FILENAME File name packet
ACR$K_ID Identification packet
ACR$K_IMAGENAME Image name packet
ACR$K_PRINT Print resource packet
ACR$K_RESOURCE Resource packet
ACR$K_USER_DATA User data packet
ACR$V_SUBTYPE Identifies the packet subtype; reserved for future use. (4 bits)
ACR$V_VERSION See Table C-3.
ACR$V_CUSTOMER See Table C-3.

C.1.2.2 File Name Packet (ACR$K_FILENAME)

The file name packet contains the name of the accounting file. Figure C-3 shows the format of the file name packet. Table C-7 describes the field contained in the packet. See Section C.1.2.1 for information on the packet header.

Figure C-3 Format of a File Name Packet


Table C-7 Data Fields in a File Name Packet
Symbolic Offset Description
ACR$T_FILENAME Name of the file (counted ASCII string that gives full file specification).

C.1.2.3 Identification Packet (ACR$K_ID)

The identification packet identifies the process that caused the record to be logged.

Figure C-4 shows the format of the identification packet. Table C-8 describes the fields contained in the packet. See Section C.1.2.1 for information on the packet header.

Figure C-4 Format of an Identification Packet


Table C-8 Data Fields in an Identification Packet
Symbolic Offset Description
ACR$L_PID Process identifier (PID) of the process. (longword)
ACR$L_OWNER PID of the parent process. (longword)
ACR$L_UIC UIC of the process. The UIC can be addressed as two separate words: ACR$W_MEM for the member number, and ACR$W_GRP for the group number. (longword)
ACR$Q_PRIV Privileges held by the process. (quadword)
ACR$B_PRI Base priority of the process. (byte)
ACR$B_IDFLGS Flags byte; full address and full name present if low bit is set.
ACR$W_USERNAME Offset to counted ASCII string containing the user name of the process. (word)
ACR$W_ACCOUNT Offset to counted ASCII string containing the account name of the process. (word)
ACR$W_NODENAME Offset to counted ASCII string containing the Phase W node name of the remote process. (word)
ACR$W_TERMINAL Offset to counted ASCII string containing the terminal name. (word)
ACR$W_JOBNAME Offset to counted ASCII string containing the job name. (word)
ACR$L_JOBID Identification of the print or batch job (queue entry number). (longword)
ACR$W_QUEUE Offset to counted ASCII string containing the name of the queue with which a batch or print job is associated. (word)
ACR$W_NODEADDR Offset to a counted binary string containing the Phase W remote node address. (word)
ACR$W_REMOTEID Offset to counted ASCII string containing the remote ID of the remote process (varies with network implementation and use). (word)
ACR$W_FULLADDR Offset to a counted binary string containing the complete remote node network address. On a DECnet-Plus system, this is the remote node's NSAP address.
ACR$W_FULLNAME Offset to a counted ASCII string containing the complete remote node name. On a DECnet-Plus system, this is the remote node's full name.


Previous Next Contents Index