SUNADMIN

 

SUNADMIN allows data record manipulation of the SUNDM {keyfile} and {ipfile} control files. These control files are used with the 'DM_KEYFILE={keyfile}' and 'DM_IPFILE={ipfile}' configuration settings. This utility processes the records for a specified file based on section headers. SUNADMIN is a character based application with command line options to process various sections in an optional data file. SUNADMIN also provides entry points that allow a user program to directly execute functions in the utility when it is called as a load module from a PL/B program. The command line format and options are as follows:

 

     sunadmin [{datafile}] -{options}

Parameters:

datafile
The optional data file specification created or processed.
options
Options described below that control the action of the program.

Note the following:

  1. If the optional {datafile} is not specified, the options are processed and the expected record data results are output to the current display monitor. However, if the {datafile} is specified, the options are processed and the expected record data is processed into sections identified by the 'T=' option.

  2. The sections of the datafile are as follows:

     [KEY]

The [KEY] section contains a single record formatted as 'KEY_{keydata}' that provides an access key and a public key specified during the data file creation. The information found in the {keydata} string is encrypted based on the access key string specified by the 'k=' option. The SUNADMIN utility will not modify any data in any file unless the 'k=' option access key matches key found in the 'KEY_{keydata}' record.

A user can remove the [KEY] section from a control data file. In this case, the control data file can be used by SUNDM but the SUNADMIN utility will not process (add, delete, nor list ) any records. 

 

     [USER]

The [USER] section may contain many user login records formatted as 'USER_{key32}={0|1} [;Comment]'. The {key32} string is thirty-two hexadecimal characters that represent a user login ID that has been encrypted using a public key. The SUNADMIN utility 'T=1' option identifies the [USER] section for add, delete, and list operations. All records in the [USER] section must use the same public key. The SUNADMIN utility will not process records for this section without definition of a public key. The [USER] section is only valid when specified in the {keyfile} for the 'DM_KEYFILE={keyfile}' configuration setting.

The SUNADMIN utility processes the [USER] section as a single 64kb block of data. Therefore, the use of the SUNADMIN utility for a {keyfile} limits the total number of user login records to approximately 1,598 records when no comment data is included. Notice, that this limitation is a SUNADMIN utility limitation and the SUNDM data manager has no such limitation. 

 

     [IP_ALLOWED]

The [IP_ALLOWED] section may contain many IP filtering records formatted as 'IP_{key32A}={key32B} [;Comment]'. The {key32A} string represents an IP address and IP mask pair that is encrypted using a static internal key. The SUNADMIN utility 'T=2' option identifies the [IP_ALLOWED] section for add, delete, and list operations. The pubic key is not used when processing record entries for the [IP_ALLOWED] section.

If the [IP_ALLOWED] section is included in the {keyfile} for the 'DM_KEYFILE={keyfile}' configuration setting, user login security must be active before IP filtering can occur. If the [IP_ALLOWED] section is included in the {ipfile} for the 'DM_IPFILE={ipfile}' configuration setting, IP filtering may be used with or without user login security.

The SUNADMIN utility processes the [IP_ALLOWED] section as a single 64kb block of data. Therefore, the use of the SUNADMIN utility for an [IP_ALLOWED] section limits the total number of IP address records to approximately 936 when no comment data is included. Notice, that this limitation is a SUNADMIN utility limitation and the SUNDM data manager has no such limitation.

Note, that any record data entries processed into the [IP_ALLOWED] section cannot be interchanged with any other sections.
 

     [IP_NOTALOWED]

The [IP_NOTALLOWED] section can contain many IP filtering records formatted as 'IP_{key32C}={key32D} [;Comment]'. The {key32C} string represents an IP address and IP mask pair that is encrypted using a static internal key. The SUNADMIN utility 'T=3' option identifies the [IP_NOTALLOWED] section for add, delete, and list operations. The public key is not used when processing record entries for the [IP_NOTALLOWED] section.

If the [IP_NOTALLOWED] section is included in the {keyfile} for the 'DM_KEYFILE={keyfile}' configuration setting, user login security must be active before IP filtering can occur. If the [IP_NOTALLOWED] section is included in the {ipfile} for the 'DM_IPFILE={ipfile}' configuration setting, IP filtering can be used with or without user login security.

The SUNADMIN utility processes the [IP_NOTALLOWED] section as a single 64kb block of data. Therefore, the use of the SUNADMIN utility for an [IP_NOTALLOWED] section limits the total number of IP address records to approximately 936 when no comment data is included. Notice, that this limitation is a SUNADMIN utility limitation and the SUNDM data manager has no such limitation.

Note, that any record data entries processed into the [IP_NOTALLOWED] section cannot be interchanged with any other sections. 

 

  1. Valid program options are:

    2.  

    Option

    Meaning...

    K={keystr}

    The access key option is required before the SUNADMIN utility will process any data into or out of a data file section. The keystr data can be any alphanumeric string with a maximum length of sixteen (16) characters. The SUNADMIN utility will not process any Add, Delete, or List operations for a data file unless the {keystr} matches the data found in the [KEY] control record of the data file.

    T={nnn}

    This option to identify sections within the {keyfile} or {ipfile}. The sections are by numerical values (nnn) as follows:

    1 = 'USER' section.

    2 'IP_ALLOWED' section.

    3 = 'IP_NOTALLOWED' section.

    P={hexstr}

    This option identifies the public key string required when processing records for the [USER] section. The {hexstr} can contain up to sixteen (16) hexadecimal digits. This public key is placed into the [KEY] record for a {datafile} that contains a [USER] section.

    A={string}

    The add option specifies the data required process records into a section specified by the 'T=' option. Notice, that if the 'T=' option is not specified, the default sections are processed based on the type of {string} encountered. The {string} may have one of two formats as follows:

     

    {string} - sixteen hexadecimal digits that represent the User Login ID. This format processes records into the [USER] section identified by 'T=1'.

     

    {string} - IP address that is a dotted format (nnn.nnn.nnn.nnn). This IP address processes records into the [IP_ALLOWED] or [IP_NOTALLOWED] sections identified as 'T=2' and 'T=3'. If this {string} type is specified without a 'T=' option, the default is 'T=2' for the [IP_ALLOWED] section.

     

    Note: The SUNADMIN utility will not execute this option unless the {keystr} for the 'K={keystr}' matches the access key located in the [KEY] section control record.

    D={string}

    The delete option specifies the data required to process records out of a section specified by the 'T=' option. Notice, that if the 'T=' option is not specified, the default sections are processed based on the type of {string} encountered. The {string} may have one of two formats as follows:

     

    {string} - sixteen hexadecimal digits that represent the User Login ID. This format processes records from the [USER] section identified by 'T=1'.

     

    {string} - an IP address that is a dotted format (nnn.nnn.nnn.nnn). This IP address processes records from the [IP_ALLOWED] or [IP_NOTALLOWED] sections identified as 'T=2' and 'T=3'. If this {string} type is specified without a 'T=' option, the default is 'T=2' for the [IP_ALLOWED] section.

     

    Note: The SUNADMIN utility will not execute this option unless the {keystr} for the 'K={keystr}' matches the access key located in the [KEY] section control record.

    C={comment}

    The comment option identies a string of characters that are appended to a data record processed into a specified {datafile} section. Although, comments provide useful information, one should note that comments may also provide information to a non-informed observer. Also, note that the SUNADMIN utility has a section size limitation that is impacted by comments.

    F={cmdfile}

    The command file option allows a user to build a set of processing commands that are placed into a {cmdfile} data file as text records. The SUNADMIN utility will process each command from the {cmdfile}. Notice, that the SUNADMIN utility will terminate or stop processing commands when a processing error is encountered. Also, notice that the command file option provides operational performance because multiple commands can be processed while a {datafile} has been opened once.

    L[={device}]

    The list option allows a user to list all or individual sections found within a {datafile}. If the 'T=' option is not specified, all sections will be listed. However, if the 'T=' option is specified, only that one section is listed. The list option also supports an optional {device} to receive the listed output. The {device} can be a data file or OS device that is opened as a PL/B spooled device.

     

    Note: The SUNADMIN utility will not execute this option unless the {keystr} for the 'K={keystr}' matches the access key located in the [KEY] section control record.

    V[={0|1}

    The verbose option allows users view internal command data as the SUNADMIN processes Add and Delete operations. The verbose output identifies various actions processed for a datafile identified as:

     

    ADD - Entry was added to {datafile}.

    DEL - Entry was deleted from {datafile}.

    NOP - No operation required for entry.

    CMD - Command line output processed.

    {UET/INI}

    The SUNADMIN utility supports three UET/INI keywords to aid/control the processing of options processed by the utility. The values of these keywords defined a DEFAULT value used by the utility. The keywords are as follows:

     

    ADM_KEY={keystr} - Same as 'K=' option.

    ADM_PUBLIC={hexstr} - Same as 'P=' option.

    ADM_TYPE={nnn} - Same as 'T=' option

 

  1. The SUNADMIN utility can be used as a LOADMOD module. This allows users to directly call basic functions within the SUNADMIN utility from user generated maintenance applications. Sample programs named 'admsamp1.pls', 'admsamp2.pls', and 'admsamp3.pls' have been provided to demonstrate the SUNADMIN LOADMOD features.

  2. The SUNADMIN LOADMOD entry points have been defined as follows:

 

The SUNADMIN_CMD entry point allows a user to specify an {options} command string. The command string is processed, verified, and used to generate key data output. The key data output is displayed when this entry point is used.

 

SUNADMIN_CMD PROCEDURE USING

S$CMDLIN: ;Command line to execute ;DIM 250

RESULT: ;Return result (!0==>Error) ;FORM 3

USERERR: ;Return error information ;DIM 500

CMD_FP ;Return command FP at error ;FORM 3

 

The SUNADMIN_OPTION entry point allows a user to specify an {options} command string. The command string is processed and verified. However, in this case, the XOPT options structure is returned to the user program. There is no key generation when this entry point is used.

 

SUNADMIN_OPTION PROCEDURE USING

S$CMDLIN: ;Command line to parse ;DIM 250

XOPT: ;Return option result record

RESULT: ;Return result (!0==>Error) ;FORM 3

USERERR: ;Return error information ;DIM 500

CMD_FP ;Return command FP at error ;FORM 3

 

The SUNADMIN_KEY entry point allows a user to submit an initialized 'XOPT' options structure to the SUNADMIN utility. This function uses the XOPT settings to generate appropriate keys that are then passed back to the user program in the XKEY structure.

 

SUNADMIN_KEY PROCEDURE USING

XOPT: ;Input OPTIONS structure

XKEY: ;Return KEY structure

RESULT: ;Return result (!0==>Error) ;FORM 3

USERERR ;Return error information ;DIM 500

 

  1. SUNADMIN option and key internal structures:

 

OPT RECORD ;Options INPUT/OUTPUT structure

KEY DIM 16 ;User Access Key String

TYPE FORM 1 ;Section Type

LIST FORM 1 ;List option

VERBOSE FORM 1 ;Verbose option to show all

PUBLIC DIM 17 ;Public Key

ADD DIM 17 ;Add string

DEL DIM 17 ;Del string

IPMASK DIM 17 ;IP MASK string (nnn.nnn.nnn.nnn)

COMMENT DIM 4 ;Comment string

OUTPUT DIM 250 ;OUTPUT file name

CMDFILE DIM 250 ;Command file name

DEVICE DIM 250 ;Output device

        RECORDEND

 

KEY RECORD ;KEY INPUT/OUTPUT structure

ACCESS DIM 32 ;Access KEY

KEYSEED DIM 16 ;KEY Seed string

MASK DIM 16 ;KEY Mask string

USER DIM 32 ;User encrypted string

IPOK_Left DIM 32 ;IP Allowed Left encrypted string

IPOK_Right DIM 32 ;IP Allowed Right encrypted string

IPNOTOK_Left DIM 32 ;IP Not Allowed Left encrypted string

IPNOTOK_Right DIM 32 ;IP Not Allowed Right encrypted string

              RECORDEND

 

 

See Also: SUNDM, MAKEMFD, WATCH


about_sundm MAKEMFD WATCH