validate username/password against UAF using java ? - VMS

This is a discussion on validate username/password against UAF using java ? - VMS ; is it possible to validate a username/password against the UAF using java ? TIA, Pierre....

+ Reply to Thread
Results 1 to 9 of 9

Thread: validate username/password against UAF using java ?

  1. validate username/password against UAF using java ?

    is it possible to validate a username/password against the UAF using
    java ?

    TIA,
    Pierre.

  2. Re: validate username/password against UAF using java ?

    In article , Pierre writes:

    > is it possible to validate a username/password against the UAF using
    > java ?


    Certainly. Just call SYS$ACM.

  3. Re: validate username/password against UAF using java ?

    Hi Pierre,

    > is it possible to validate a username/password against the UAF using
    > java ?


    Probably not what you're looking for but a remote Java client example can be
    found at: -
    http://manson.vistech.net/t3$examples/demo_client_web.html

    Username: TIER3_DEMO
    Password: QUEUE

    All of the client source code can be found at:-
    http://manson.vistech.net/t3$examples/

    javac Tier3Socket.java
    javac Tier3Logon.java
    javac Tier3Welcome.java
    javac -classpath c:\this\default CornuCopiae.java

    jar -cf tier3.jar CornuCopiae.class Tier3Socket.class Tier3Logon.class
    Tier3Welcome.class Tier3Welcome$DateVMS.class

    As well as complete intrusion detection in line with System Manager
    configured rules, login-fails, and last non-interactive login time are also
    maintained. (The client is also informed of failures since last successfule
    login for extra security)

    Cheers Richard Maher

    PS. Alternatively you could probably call sys$acm from a Java server? Good
    luck :-)

    "Pierre" wrote in message
    news:daa14b73-a484-42ba-87d1-43f4de2a2e5d@s19g2000prg.googlegroups.com...
    > is it possible to validate a username/password against the UAF using
    > java ?
    >
    > TIA,
    > Pierre.





  4. Re: validate username/password against UAF using java ?

    On Dec 3, 5:35 pm, Pierre wrote:
    > is it possible to validate a username/password against the UAF using
    > java ?
    >
    > TIA,
    > Pierre.


    Pierre,

    Having worked with the API to call C/C++ routines from Java, it is not
    a very large scale project to build the necessary function in C,
    callable from Java as a sharable library to invoke the SYS$ACM and
    other system services, as appropriate.

    - Bob Gezelter, http://www.rlgsc.com

  5. Re: validate username/password against UAF using java ?

    On Dec 4, 1:12 am, Bob Gezelter wrote:
    > On Dec 3, 5:35 pm, Pierre wrote:
    >
    > > is it possible to validate a username/password against the UAF using
    > > java ?

    >
    > > TIA,
    > > Pierre.

    >
    > Pierre,
    >
    > Having worked with the API to call C/C++ routines from Java, it is not
    > a very large scale project to build the necessary function in C,
    > callable from Java as a sharable library to invoke the SYS$ACM and
    > other system services, as appropriate.
    >
    > - Bob Gezelter,http://www.rlgsc.com


    well... I secretly hoped that digi-comp-HP peoples wrote java wrappers
    around useful operating system calls such as system services but it
    seems that I have to write my own JNI call

    ages ago, I did so on a Windows box. do you have any example in VMS
    parlance?

    TIA,
    Pierre.


  6. Re: validate username/password against UAF using java ?

    Pierre wrote:
    > On Dec 4, 1:12 am, Bob Gezelter wrote:
    >> On Dec 3, 5:35 pm, Pierre wrote:
    >>
    >>> is it possible to validate a username/password against the UAF using
    >>> java ?
    >>> TIA,
    >>> Pierre.

    >> Pierre,
    >>
    >> Having worked with the API to call C/C++ routines from Java, it is not
    >> a very large scale project to build the necessary function in C,
    >> callable from Java as a sharable library to invoke the SYS$ACM and
    >> other system services, as appropriate.
    >>
    >> - Bob Gezelter,http://www.rlgsc.com

    >
    > well... I secretly hoped that digi-comp-HP peoples wrote java wrappers
    > around useful operating system calls such as system services but it
    > seems that I have to write my own JNI call
    >
    > ages ago, I did so on a Windows box. do you have any example in VMS
    > parlance?
    >
    > TIA,
    > Pierre.
    >


    There is a working example in the java development kit. See
    [JAVA$150.VMS_DEMO]SYSTEM_SERVICE_INVOKE_DEMO.SAV, which is a backup
    saveset.

    Jim.
    --
    www.eight-cubed.com

  7. Re: validate username/password against UAF using java ?

    In article , Pierre writes:
    >
    > well... I secretly hoped that digi-comp-HP peoples wrote java wrappers
    > around useful operating system calls such as system services but it
    > seems that I have to write my own JNI call
    >
    > ages ago, I did so on a Windows box. do you have any example in VMS
    > parlance?


    Using the JNI on VMS is well documented, I had no trouble using the
    supplied documents to make a sample. Existing samples, such as
    an auto-generated, but crude, interface to all the system services,
    already exist.

  8. Re: validate username/password against UAF using java ?

    On Dec 4, 6:54 pm, Pierre wrote:
    > On Dec 4, 1:12 am, Bob Gezelter wrote:
    >
    >
    >
    > > On Dec 3, 5:35 pm, Pierre wrote:

    >
    > > > is it possible to validate a username/password against the UAF using
    > > > java ?

    >
    > > > TIA,
    > > > Pierre.

    >
    > > Pierre,

    >
    > > Having worked with the API to call C/C++ routines from Java, it is not
    > > a very large scale project to build the necessary function in C,
    > > callable from Java as a sharable library to invoke the SYS$ACM and
    > > other system services, as appropriate.

    >
    > > - Bob Gezelter,http://www.rlgsc.com

    >
    > well... I secretly hoped that digi-comp-HP peoples wrote java wrappers
    > around useful operating system calls such as system services but it
    > seems that I have to write my own JNI call
    >
    > ages ago, I did so on a Windows box. do you have any example in VMS
    > parlance?
    >
    > TIA,
    > Pierre.


    Pierre,

    I would have to dig out my notes from the client project (and sanitize
    the examples). It was straightforward, however, there were some
    interesting wrinkles if you wanted to be able to use the DEBUGGER when
    the library was executed.

    - Bob Gezelter, http://www.rlgsc.com

  9. Re: validate username/password against UAF using java ?

    Pierre wrote:
    > is it possible to validate a username/password against the UAF using
    > java ?


    As other has stated there are system service examples available.

    But here comes a complete example:

    package dk.vajhoej.vms.sys;

    public class VMSAuth {
    public static native boolean CheckCred(String un, String pw);
    static {
    System.loadLibrary("VMSAuth_shr");
    }
    }

    #include

    #include
    #include

    #include

    struct itmlst
    {
    short int length;
    short int code;
    long int bufadr;
    long int retlenadr;
    };

    #include "dk_vajhoej_vms_sys_VMSAuth.h"

    JNIEXPORT jboolean JNICALL
    Java_dk_vajhoej_vms_sys_VMSAuth_CheckCred(JNIEnv *cntx, jclass me,
    jstring jun, jstring jpw)
    {
    char *un = (char*)(*cntx)->GetStringUTFChars(cntx, jun, 0);
    char *pw = (char*)(*cntx)->GetStringUTFChars(cntx, jpw, 0);
    long int pwd[2],hpwd[2];
    short int salt;
    char encryp;
    struct dsc$descriptor_s undesc,pwdesc;
    struct itmlst items[4] = { {sizeof(salt), UAI$_SALT, (long
    int)&salt, 0},
    {sizeof(encryp), UAI$_ENCRYPT, (long
    int)&encryp, 0},
    {sizeof(pwd), UAI$_PWD, (long int)&pwd, 0},
    {0, 0, 0, 0} };
    undesc.dsc$w_length = strlen(un);
    undesc.dsc$b_dtype = DSC$K_DTYPE_T;
    undesc.dsc$b_class = DSC$K_CLASS_S;
    undesc.dsc$a_pointer = un;
    pwdesc.dsc$w_length = strlen(pw);
    pwdesc.dsc$b_dtype = DSC$K_DTYPE_T;
    pwdesc.dsc$b_class = DSC$K_CLASS_S;
    pwdesc.dsc$a_pointer = pw;
    sys$getuai(0, 0, &undesc, &items, 0, 0, 0);
    sys$hash_password(&pwdesc, encryp, salt, &undesc, &hpwd);
    return pwd[0] == hpwd[0] && pwd[1] == hpwd[1];
    }

    $ javac VMSAuth.java
    $ javah -classpath /disk2/arne -jni "dk.vajhoej.vms.sys.VMSAuth"
    $
    cc/name=(as_is,shortened)/reent=multi/float=ieee/ieee=denorm/include=(sys$common:[java$142.include],sys$common:[java$142.include.alpha])
    dk_vajhoej_vms_sys_VMSAuth
    $ @scan_globals_for_option dk_vajhoej_vms_sys_VMSAuth.obj VMSAuth.opt
    $ link/share=VMSAuth_shr.exe
    dk_vajhoej_vms_sys_VMSAuth+VMSAuth/option+sys$input/opt
    java$java_shr/share
    $
    $ javac -classpath /disk2/arne Test.java
    $ define VMSAuth_shr sys$disk:[]VMSAuth_shr.exe

    Arne

    PS: In most cases you will want to do intrusion detection - find
    some better C code to use - if newer VMS version then something that
    uses SYS$ACM(W).

+ Reply to Thread