Help: SYS$ACM is driving me nuts!!

---

• From: nothome@xxxxxxxxxxxxxxxxx (Malcolm Dunnett)
• Date: 13 Dec 2005 23:34:32 -0700

---

I'm trying to write a program to authenticate a username/password
pair using the SYS$ACM system service ( VMS 7.3-2 ). I've mostly
copied the example in the programming concepts manual except that
I've written it in BASIC.

The technique is to pass 3 items in the item list, the "network
login" logon type, the username and the password. The account I'm
running it under has IMPERSONATE privilege. When I run it I get
a return status of:

%ACME-W-OPINCOMPL, operation incomplete; interaction required

but all I get in the context block are two output parameters, one
appears to be blank and one contains the value of the SYS$ANNOUNCE logical.

This doesn't make sense to me. If I'm doing a network login why is
the system trying to force me to retrieve the announcement message
at all? Since it's not asking for any further input data why doesn't
it just process the login?

Am I doing something stupid or is this a bug?

My program:

---------------------

!
! Test SYS$ACM service for authenticating a password
!

OPTION TYPE=EXPLICIT

%INCLUDE "$UTCBLKDEF" %FROM %LIBRARY "SYS$LIBRARY:BASIC$STARLET.TLB"
%INCLUDE "$ACMEDEF" %FROM %LIBRARY "SYS$LIBRARY:BASIC$STARLET.TLB"
%INCLUDE "$ACMEMSGDEF" %FROM %LIBRARY "SYS$LIBRARY:BASIC$STARLET.TLB"

MAP (STATICVARS) STRING USERNAME$ = 255%, STRING PASSWD$ = 255%

EXTERNAL LONG FUNCTION RETURN_LONGWORD
EXTERNAL WORD FUNCTION RETURN_WORD

EXTERNAL STRING FUNCTION RETURN_STRING

EXTERNAL LONG FUNCTION SYS$ACMW

DECLARE LONG LOGON.TYPE%, CALL.STAT%, CONTEXT%, ITEM.CNT%, J%, TMP%

RECORD ACMSB
LONG STAT
LONG SECONDARY_STAT
LONG ACME_ID
LONG ACME_STATUS
END RECORD

DECLARE ACMSB ACM_STAT_BLOCK

RECORD ITMLIST
WORD BUFLEN
WORD ITEMCODE
LONG BUFADR
LONG RETLENADR
END RECORD

DECLARE ITMLIST ACMITEM(1% TO 5%)

USERNAME$ = "DUNNETT"
PASSWD$ = "OBFUSCATED"

LOGON.TYPE% = ACME$K_NETWORK
ACMITEM(1%)::BUFLEN = 4%
ACMITEM(1%)::ITEMCODE = ACME$_LOGON_TYPE
ACMITEM(1%)::BUFADR = LOC(LOGON.TYPE%)
ACMITEM(1%)::RETLENADR = 0%

ACMITEM(2%)::BUFLEN = LEN(EDIT$(USERNAME$,128%))
ACMITEM(2%)::ITEMCODE = ACME$_PRINCIPAL_NAME_IN
ACMITEM(2%)::BUFADR = LOC(USERNAME$)
ACMITEM(2%)::RETLENADR = 0%

ACMITEM(3%)::BUFLEN = LEN(EDIT$(PASSWD$,128%))
ACMITEM(3%)::ITEMCODE = ACME$_PASSWORD_1
ACMITEM(3%)::BUFADR = LOC(PASSWD$)
ACMITEM(3%)::RETLENADR = 0%

ACMITEM(4%)::BUFLEN = 0%
ACMITEM(4%)::ITEMCODE = 0%
ACMITEM(4%)::BUFADR = 0%
ACMITEM(4%)::RETLENADR = 0%

CONTEXT% = -1%

CALL.STAT% = SYS$ACMW(1% BY VALUE, &
ACME$_FC_AUTHENTICATE_PRINCIPAL BY VALUE, &
CONTEXT%, &
ACMITEM(1%) BY REF, &
ACM_STAT_BLOCK BY REF,,)

PRINT CALL.STAT%

PRINT ACM_STAT_BLOCK::STAT,ACM_STAT_BLOCK::SECONDARY_STAT,ACM_STAT_BLOCK::ACME_ID,ACM_STAT_BLOCK::ACME_STATUS

ITEM.CNT% = RETURN_LONGWORD(CONTEXT%+16% BY VALUE)

TMP% = RETURN_LONGWORD(CONTEXT%+20% BY VALUE) ! Address of first item set

FOR J% = 1% TO ITEM.CNT%
PRINT J%
PRINT "FLAGS = " ; RETURN_LONGWORD(TMP% BY VALUE)
PRINT "ITEM = " ; RETURN_WORD(TMP%+4% BY VALUE)
PRINT "LEN = " ; RETURN_WORD(TMP%+6% BY VALUE)
PRINT "S1: ";RETURN_STRING(TMP%+8% BY VALUE)
PRINT "S2: ";RETURN_STRING(TMP%+16% BY VALUE)
TMP% = TMP% + 24%
NEXT J%

END

!
! Functions to return values at a specified address
! (since BASIC doesn't have a pointer data type)
!

FUNCTION LONG RETURN_LONGWORD(LONG ARG)

RETURN_LONGWORD = ARG

END FUNCTION

FUNCTION WORD RETURN_WORD(WORD ARG)

RETURN_WORD = ARG

END FUNCTION

FUNCTION STRING RETURN_STRING(STRING ARG)

RETURN_STRING = ARG

END FUNCTION

-----------------------

Program output:

1
122324544 122324544 0 0
1
FLAGS = 0
ITEM = 8192
LEN = 16641
S1:
S2:
2
FLAGS = 0
ITEM = 8192
LEN = 16641
S1: Malaspina University-College Computer Services

AlphaServer ES40 (MALVM9)
S2:
.

---

• Follow-Ups:
  • Re: Help: SYS$ACM is driving me nuts!!
    • From: Graham Burley

• Prev by Date: Re: ES40 CPU Upgrade
• Next by Date: Adopting 3 stray Vaxen :-)
• Previous by thread: Re: SRM memtest
• Next by thread: Re: Help: SYS$ACM is driving me nuts!!
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: ASP security (anonymouse vs integrated) problem... ... displays a login page and requests a username/password combination. ... they have already logged-on to windows. ... redirect to the standard login page for the username/password combination. ... (microsoft.public.inetserver.asp.general) Re: Secure Login Form ... login form. ... The user then enters their username/password into the form in order to ... etc.) but I am concerned about the security provided. ... I need some ideas for generating the access code and then ... (Security-Basics) AD authentication error handling ... I've created a login page to connect to Active Directory and retrieve a list ... If someone enters the wrong username/password, ... Anyone know how to handle this error so I can push out a login arror page? ... Set objConnection = CreateObject ... (microsoft.public.inetserver.asp.general) Re: New to Active Directory ... So how does the login process work? ... A user will have a local workstation username/password. ... connect to Active Directory, ... In an Active Directory environment one computers ... (microsoft.public.windows.server.active_directory)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

unix.derkeiler.com  > Newsgroups  > comp.os.vms  > 2005-12