SUNADMIN Utility
SUNADMIN allows data record manipulation of the SUNDM {keyfile} and {ipfile} control files. These control files are used with the 'DM_KEYFILE={keyfile}' and 'DM_IPFILE={ipfile}' configuration settings. This utility processes the records for a specified file based on section headers. SUNADMIN is a character-based application with command line options to process various sections in an optional data file. SUNADMIN also provides entry points that allow a user program to directly execute functions in the utility when it is called as a load module from a PL/B program. The command line format and options are as follows:
sunadmin [{datafile}] -{options}
[KEY]
The [KEY] section contains a single record formatted as 'KEY_{keydata}' that provides an access key and
a public key specified during the data file creation. The information found in the {keydata} string is
encrypted based on the access key string specified by the 'k=' option. The SUNADMIN utility will not
modify any data in any file unless the 'k=' option access key matches key found in the 'KEY_{keydata}'
record.
A user can remove the [KEY] section from a control data file. In this case, the control data file
can be used by SUNDM but the SUNADMIN utility will not process (add, delete, nor list) any records.
[USER]
The [USER] section may contain many user login records formatted as 'USER_{key32}={0|1} [;Comment]'.
The {key32} string is thirty-two hexadecimal characters that represents a user login ID that has been
encrypted using a public key. The SUNADMIN utility 'T=1' option identifies the [USER] section for add,
delete, and list operations. All records in the [USER] section must use the same public key. The SUNADMIN
utility will not process records for this section without definition of a public key. The [USER] section
is only valid when specified in the {keyfile} for the 'FM_KEYFILE={keyfile}' configuration setting.
The SUNADMIN utility processes the [USER] section as a single 64kb block of data. Therefore, the
use of the SUNADMIN utility for a {keyfile} limits the total number of user login records to approximately
1,598 records when no comment data is included. Notice, that this limitation is a SUNADMIN utility limitation
and the SUNDM data manager has no such limitation.
[IP_ALLOWED]
The [IP_ALLOWED] section may contain many IP filtering records formatted as 'IP_{key32A}={key32B} [;Comment]'.
The {key32A} string represents an IP address and IP mask pair that is encrypted using a static internal
key. The SUNADMIN utility 'T=2' option identifies the [IP_ALLOWED] section for add, delete, and list
operations. The pubic key is not used when processing record entries for the [IP_ALLOWED] section.
If the [IP_ALLOWED] section is included in the {keyfile} for the 'FM_KEYFILE={keyfile}' configuration
setting, user login security must be active before IP filtering can occur. If the [IP_ALLOWED] section
is included in the {ipfile} for the 'FM_IPFILE={ipfile}' configuration setting, IP filtering may be used
with or without user login security.
The SUNADMIN utility processes the [IP_ALLOWED] section as a single 64kb block of data. Therefore,
the use of the SUNADMIN utility for an [IP_ALLOWED] section limits the total number of IP address records
to approximately 936 when no comment data is included. Notice, that this limitation is a SUNADMIN utility
limitation and the SUNDM data manager has no such limitation.
Note that any record data entries processed into the [IP_ALLOWED] section cannot be interchanged with
any other sections.
[IP_NOTALOWED]
The [IP_NOTALLOWED] section can contain many IP filtering records formatted as 'IP_{key32C}={key32D} [;Comment]'.
The {key32C} string represents an IP address and IP mask pair that is encrypted using a static internal
key. The SUNADMIN utility 'T=3' option identifies the [IP_NOTALLOWED] section for add, delete, and list
operations. The public key is not used when processing record entries for the [IP_NOTALLOWED] section.
If the [IP_NOTALLOWED] section is included in the {keyfile} for the 'FM_KEYFILE={keyfile}' configuration
setting, user login security must be active before IP filtering can occur. If the [IP_NOTALLOWED] section
is included in the {ipfile} for the 'FM_IPFILE={ipfile}' configuration setting, IP filtering can be used
with or without user login security.
The SUNADMIN utility processes the [IP_NOTALLOWED] section as a single 64kb block of data. Therefore,
the use of the SUNADMIN utility for an [IP_NOTALLOWED] section limits the total number of IP address records
to approximately 936 when no comment data is included. Notice, that this limitation is a SUNADMIN utility
limitation and the SUNDM data manager has no such limitation.
Note that any record data entries processed into the [IP_NOTALLOWED] section cannot be interchanged
with any other sections.
1. Valid program options are:
|
Option |
Meaning... |
|
K={keystr} |
The access key option is required before the SUNADMIN utility will process any data into or out of a datafile section. The keystr data can be any alphanumeric string with a maximum length of sixteen (16) characters. The SUNADMIN utility will not process any Add, Delete, or List operations for a datafile unless the {keystr} matches the data found in the [KEY] control record of the datafile. |
|
T={nnn} |
This option to identify sections within the {keyfile} or {ipfile}. The sections are by numerical values (nnn) as follows: 1 = 'USER' section. 2 'IP_ALLOWED' section. 3 = 'IP_NOTALLOWED' section. |
|
P={hexstr} |
This option identifies the public key string required when processing records for the [USER] section. The {hexstr} can contain up to sixteen (16) hexadecimal digits. This public key is placed into the [KEY] record for a {datafile} that contains a [USER] section. |
|
A={string} |
The add option specifies the data required process records into a section specified by the 'T=' option. Notice, that if the 'T=' option is not specified, the default sections are processed based on the type of {string} encountered. The {string} may have one of two formats as follows:
{string} - sixteen hexadecimal digit is that represent the User Login ID. This format processes records into the [USER] section identified by 'T=1'.
{string} - IP address that is a dotted format (nnn.nnn.nnn.nnn). This IP address processes records into the [IP_ALLOWED] or [IP_NOTALLOWED] sections identified as 'T=2' and 'T=3'. If this {string} type is specified without a 'T=' option, the default is 'T=2' for the [IP_ALLOWED] section.
Note: The SUNADMIN utility will not execute this option unless the {keystr} for the 'K={keystr}' matches the access key located in the [KEY] section control record. |
|
D={string} |
The delete option specifies the data required to process records out of a section specified by the 'T=' option. Notice, that if the 'T=' option is not specified, the default sections are processed based on the type of {string} encountered. The {string} may have one of two formats as follows:
{string} - sixteen hexadecimal digit is that represent the User Login ID. This format processes records from the [USER] section identified by 'T=1'.
{string} - an IP address that is a dotted format (nnn.nnn.nnn.nnn). This IP address processes records from the [IP_ALLOWED] or [IP_NOTALLOWED] sections identified as 'T=2' and 'T=3'. If this {string} type is specified without a 'T=' option, the default is 'T=2' for the [IP_ALLOWED] section.
Note: The SUNADMIN utility will not execute this option unless the {keystr} for the 'K={keystr}' matches the access key located in the [KEY] section control record. |
|
C={comment} |
The comment option identifies a string of characters that are appended to a data record processed into a specified {datafile} section. Although, comments provide useful information, one should note that comments might also provide information to a non-informed observer. Also, note that the SUNADMIN utility has a section size limitation that is impacted by comments. |
|
F={cmdfile} |
The command file option allows a user to build a set of processing commands that are placed into a {cmdfile} data file as text records. The SUNADMIN utility will process each command from the {cmdfile}. Notice, that the SUNADMIN utility will terminate or stop processing commands when a processing error is encountered. Also, notice that the command file option provides operational performance because multiple commands can be processed while a {datafile} has been opened once. |
|
L[={device}] |
The list option allows a user to list all or individual sections found within a {datafile}. If the 'T=' option is not specified, all sections will be listed. However, if the 'T=' option is specified, only that one section is listed. The list option also supports an optional {device} to receive the listed output. The {device} can be a data file or OS device that is opened as a PL/B spooled device.
Note: The SUNADMIN utility will not execute this option unless the {keystr} for the 'K={keystr}' matches the access key located in the [KEY] section control record. |
|
V[={0|1} |
The verbose option allows users view internal command data as the SUNADMIN processes Add and Delete operations. The verbose output identifies various actions processed for a datafile identified as:
ADD - Entry was added to {datafile}. DEL - Entry was deleted from {datafile}. NOP - No operation required for entry. CMD - Command line output processed. |
|
{UET/INI} |
The SUNADMIN utility supports three UET/INI keywords to aid/control the processing of options processed by the utility. The values of these keywords defined a DEFAULT value used by the utility. The keywords are as follows:
ADM_KEY={keystr} - Same as 'K=' option. ADM_PUBLIC={hexstr} - Same as 'P=' option. ADM_TYPE={nnn} - Same as 'T=' option |
2. The SUNADMIN utility can be used as a LOADMOD module. This allows users to directly call basic functions within the SUNADMIN utility from user generated maintenance applications. Sample programs named 'admsamp1.pls', 'admsamp2.pls', and 'admsamp3.pls' have been provided to demonstrate the SUNADMIN LOADMOD features.
3. The SUNADMIN LOADMOD entry points have been defined as follows:
The SUNADMIN_CMD entry point allows a user to specify an {options} command string. The command string is processed, verified, and used to generate key data output. The key data output is displayed when this entry point is used.
SUNADMIN_CMD PROCEDURE USING
S$CMDLIN: ;Command line to execute ;DIM 250
RESULT: ;Return result (!0==>Error) ;FORM 3
USERERR: ;Return error information ;DIM 500
CMD_FP ;Return command FP at error ;FORM 3
The SUNADMIN_OPTION entry point allows a user to specify an {options} command string. The command string is processed and verified. However, in this case, the XOPT options structure is returned to the user program. There is no key generation when this entry point is used.
SUNADMIN_OPTION PROCEDURE USING
S$CMDLIN: ;Command line to parse ;DIM 250
XOPT: ;Return option result record
RESULT: ;Return result (!0==>Error) ;FORM 3
USERERR: ;Return error information ;DIM 500
CMD_FP ;Return command FP at error ;FORM 3
The SUNADMIN_KEY entry point allows a user to submit an initialized 'XOPT' options structure to the SUNADMIN utility. This function uses the XOPT settings to generate appropriate keys that are then passed back to the user program in the XKEY structure.
SUNADMIN_KEY PROCEDURE USING
XOPT: ;Input OPTIONS structure
XKEY: ;Return KEY structure
RESULT: ;Return result (!0==>Error) ;FORM 3
USERERR ;Return error information ;DIM 500
4. SUNADMIN option and key internal structures:
OPT RECORD ;Options INPUT/OUTPUT structure
KEY DIM 16 ;User Access Key String
TYPE FORM 1 ;Section Type
LIST FORM 1 ;List option
VERBOSE FORM 1 ;Verbose option to show all
PUBLIC DIM 17 ;Public Key
ADD DIM 17 ;Add string
DEL DIM 17 ;Del string
IPMASK DIM 17 ;IP MASK string (nnn.nnn.nnn.nnn)
COMMENT DIM 4 ;Comment string
OUTPUT DIM 250 ;OUTPUT file name
CMDFILE DIM 250 ;Command file name
DEVICE DIM 250 ;Output device
RECORDEND
KEY RECORD ;KEY INPUT/OUTPUT structure
ACCESS DIM 32 ;Access KEY
KEYSEED DIM 16 ;KEY Seed string
MASK DIM 16 ;KEY Mask string
USER DIM 32 ;User encrypted string
IPOK_Left DIM 32 ;IP Allowed Left encrypted string
IPOK_Right DIM 32 ;IP Allowed Right encrypted string
IPNOTOK_Left DIM 32 ;IP Not Allowed Left encrypted string
IPNOTOK_Right DIM 32 ;IP Not Allowed Right encrypted string
RECORDEND
See Also: PL/B Client Command Syntax
|
|