Baanboard.com

Go Back   Baanboard.com > Forum > Baan SIGs > Code & Utilities

User login

Frontpage Sponsor

Main

Poll
For ERP LN feature pack upgrade, what method of install are you using?
Installation Wizard into existing VRC
37%
Installation Wizard into new VRC
39%
Manual into existing VRC
3%
Manual into new VRC
21%
Total votes: 38

Baanboard at LinkedIn


Reference Content

Reply
 
Thread Tools Display Modes
  #1  
Old 24th February 2005, 07:51
ahulikavi's Avatar
ahulikavi ahulikavi is offline
Member
 
Join Date: Jan 2002
Location: Pune, India
Posts: 81
ahulikavi is on a distinguished road
Baan: BaaN IVc4 - DB: Oracle 8.x, mySQL - OS: Sun Solaris 2.6, RH 7.2
Smile Login and Password Control - 3gl Solution

Hi,

Have developed a 3gl solution for password ageing and controlling no of logins.

Purpose :
1. Enforce Password change after policy number of days (30 in our case)
2. Restrict multiple logins as per policy
3. Quickly list out logged in users in client instead of using licmon etc

Method :
1. create 2 tables one for password policy and max logins allowed per user and another to store current logins
2. create 3 gl session and add it in BMS as startup boot session.
3. Session check user status as per password policy and max logins allowed and takes neccessary action i.e. allow/dissallow login, force password change.

We use it on IVc4 with BW / Worktop on Sun Solaris 2.6. You may need to change certain OS specific commands for this to work at your end.


Now for the code ...Hope this helps, let me know any suggestions for improvement

Code:
||******************************************************************************
|* tdtcdmsg	: VRC B40C Live		
|* Title	: Login and Password Control
|* Author	: Akshay Hulikavi
|* Date		: 2004-02-09 [09:17]
|******************************************************************************
|* License	:
|* Copyright 2004 by Akshay Hulikavi
|* 
|* All Rights Reserved 
|* 
|* Permission to use, copy, modify, and distribute this software and its
|* documentation for any purpose and without fee is hereby granted,
|* provided that the above copyright notice appear in all copies and that
|* both that copyright notice and this permission notice appear in
|* supporting documentation. 
|* 
|* Akshay Hulikavi DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS
|* SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
|* AND FITNESS, IN NO EVENT SHALL Vamsi Potluru BE LIABLE FOR ANY
|* SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 
|* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, 
|* WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER 
|* TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE
|* OR PERFORMANCE OF THIS SOFTWARE.
|******************************************************************************
	
	table	ttdtcd991	| User login info
	table	ttdtcd990	| Current logins

	string 			date.str(10), bucket(50), progname(512)
	long     		procid, proclist(100), i, j, user.bshell.pid, ret, no.of.logins
	long     		info(PSMAXSIZE)


function main()
{
if logname$ <> "root" or logname$ <> "smis1" then  | Not for super user
user.bshell.pid = bshell.pid()
remove.user.from.990.if.disconnected()

db.retry.point() 
	no.of.logins = 0 
	
	select tdtcd991.*
	from tdtcd991 for update
	where tdtcd991._compnr = 010	| Only applicable for live company
	and user = :logname$
	selectdo
		select count(tdtcd990.user):no.of.logins
		from	tdtcd990
		where	tdtcd990.user = :logname$
		selectdo			
		endselect
		if no.of.logins >= tdtcd991.maxl then	| logins exceed maximum allowed for user ?
			kill.and.exit()
			exit(0)
		else
			tdtcd990.pid = user.bshell.pid
			tdtcd990.user = logname$
			tdtcd990.serv = hostname$()
			tdtcd990.date = sprintf$("%D(%02d/%02m/%04Y)", date.num())
			tdtcd990.comp = get.compnr()
			db.insert(ttdtcd990, db.retry)		
		endif	
		
		date.str = sprintf$("%D(%02d/%02m/%04Y)", tdtcd991.lldt)
		
		| tdtcd991.npwc = tdtcd991.lpwc + 30  | Add next pwc date
		message( "Welcome "&logname$&", This is your login no "&str$(no.of.logins + 1)&" you are allowed max "&str$(tdtcd991.maxl)&" logins")
		
		if date.num() >= tdtcd991.npwc then    			|time to Change password
			ret = shell( "passwd",SHELL_CONFIRM)
			if ret = 0 then					|Password successfully changed
				tdtcd991.lpwc = date.num()		|Capture password change date
				tdtcd991.npwc = tdtcd991.lpwc + 30  	|Next change on
			endif	
		endif	
		tdtcd991.lldt = date.num()				| Last Login date
		tdtcd991.lltm = time.num()				| Last login Time
		tdtcd991.nolg = tdtcd991.nolg + 1			| Number of logins till date
		db.update(ttdtcd991, db.retry)		
	selectempty
		message( "Welcome "&logname$&", This is your login no "&str$(no.of.logins + 1)&" you are allowed max "&str$(tdtcd991.maxl)&" logins")
		tdtcd991.user = logname$
		tdtcd991.lpwc = date.num()		| Assume today as lastpw change if first time login		
		tdtcd991.npwc = tdtcd991.lpwc + 30  	| Add next pwc date
		tdtcd991.lldt = date.num()		| Last Login Date
		tdtcd991.lltm = time.num()      	| Last Login Time
		tdtcd991.nolg = tdtcd991.nolg + 1	| no of logins till date
		tdtcd991.maxl = 1			| Default Only 1 login allowed
		db.insert(ttdtcd991, db.retry)			
	endselect
commit.transaction()



 bms.add.mask("bms.shutdown")	| to detect the shutdown event which is sent by the system
 while true
	bucket = bms.receive$()
	if bucket = "bms.shutdown" then
		remove.user.from.990()
		exit(0)	
	endif
 endwhile	

endif
}

function remove.user.from.990()
{
	select  tdtcd990.*
	from	tdtcd990 for update
	where	tdtcd990.user = :logname$
	and	tdtcd990.pid  = :user.bshell.pid
	selectdo			
		db.delete(ttdtcd990, db.retry)
	endselect
commit.transaction()
}

function kill.and.exit()
{
i = 1
procid = -1
procid = pstat(procid, progname, info )

	while procid > 0
		proclist(i) = procid
		i = i + 1
		procid = pstat( procid, progname, info )
	endwhile
	
	for j = i to 1 step -1
		if proclist(j) <> pid then	| Keep current process active so that we can remove everything and then
			kill(proclist(j)) 	| display message
		endif	
	endfor
	
	message( " *** LOGIN DISSALLOWED : "&logname$&", you have already logged in "&str$(no.of.logins)&" times, you are allowed max "&str$(tdtcd991.maxl)&" logins")
	kill(pid)
}

function remove.user.from.990.if.disconnected()
{
	select  tdtcd990.*
	from	tdtcd990 for update
	where	tdtcd990.user = :logname$
	selectdo			
		ret = shell( "ps -p "&str$(tdtcd990.pid),SHELL_NO_OUTPUT)	| Check if process active at OS level
		if ret <> 0 then		| Process does not exist at OS Level, probably killed or disconnected
			db.delete(ttdtcd990, db.retry)	| Delete from ligins table if bshell pid not found
		endif	
	endselect
commit.transaction()
}

Note : When you need a situation when no one should log into baan just change tdtcd991.maxl field to 0 for all users except yourself ;-), this will not allow anybody else to login.
__________________


Akshay
Reply With Quote
  #2  
Old 24th February 2005, 08:36
manojsharma's Avatar
manojsharma manojsharma is offline
Senior Member
 
Join Date: Sep 2002
Location: Delhi
Posts: 200
manojsharma is on a distinguished road
Baan: 4C4, 5, Baan LN - DB: Oracle,informix - OS: Unix, NT, Windows-2000
Hi Akshay

seems good. Please paste the structure of tables also
__________________
Together we can and we will make a difference
Reply With Quote
  #3  
Old 24th February 2005, 20:22
NPRao's Avatar
NPRao NPRao is offline
Guru
 
Join Date: Aug 2001
Location: Pacific NW, USA
Posts: 3,032
NPRao will become famous soon enough
Baan: iBaanERP-5.2a(Reger),SSA-ERP-LN-6.1,Infor LN-10.x - DB: Oracle-10g,11g,12c,MS-SQL - OS: HP-UX, Linux, Windows
Akshay,

There is a small bug in the program -
Code:
ret = shell( "passwd",SHELL_CONFIRM)
if ret = 0 then					|Password successfully changed
	tdtcd991.lpwc = date.num()		|Capture password change date
	tdtcd991.npwc = tdtcd991.lpwc + 30  	|Next change on
endif
The shell() takes me to change password and I press Control-C to abort/cancel the password change process and I get a return value of 0 and the table is updated that I have changed the password.
I think Dave's program looks at the Unix System's Last Password change info.
__________________
The art of perfection does not lie in doing extraordinary things but, doing ordinary things extraordinarily well. [-N. Prashanth Rao]
How To Ask Questions The Smart Way,BaaNBoard,NPRao
Reply With Quote
  #4  
Old 25th February 2005, 11:57
ahulikavi's Avatar
ahulikavi ahulikavi is offline
Member
 
Join Date: Jan 2002
Location: Pune, India
Posts: 81
ahulikavi is on a distinguished road
Baan: BaaN IVc4 - DB: Oracle 8.x, mySQL - OS: Sun Solaris 2.6, RH 7.2
Red face

Thanks Prashant,

Point taken, incidently we have also set pw policy at OS, so if user does not change passwords, then login is dissallowed by OS itself.

Another point is setting of resource variable ds_timeout_detect, if this is not set then bshell process stays active at OS in case of connection loss, say due to lan/wan link failure.

In such case till the bshell process is terminated - determined by ds_timeout_detect ( default 30 mins) above 3GL will find user already logged in and not allow further logins.

In our case we have set ds_timeout_detect to 1 minute to handle this.
__________________


Akshay
Reply With Quote
  #5  
Old 6th August 2005, 13:52
veyant veyant is offline
Senior Member
 
Join Date: May 2003
Location: Gurgaon
Posts: 107
veyant is on a distinguished road
Baan: Baan IV/V - DB: Oracle - OS: Unix/AIX
BMS startup boot

Hi,

As per you

create 3 gl session and add it in BMS as startup boot session.

what do you mean by BMS startup boot session. are you refering to bms_mask file in $BSE/lib.

what entry whould be made to fulfill the requested activity of adding it in BMS startup Boot.

thanks
Sandeep
__________________
veyant
Reply With Quote
  #6  
Old 8th August 2005, 08:08
manojsharma's Avatar
manojsharma manojsharma is offline
Senior Member
 
Join Date: Sep 2002
Location: Delhi
Posts: 200
manojsharma is on a distinguished road
Baan: 4C4, 5, Baan LN - DB: Oracle,informix - OS: Unix, NT, Windows-2000
Hi

Hi Sandeep,

BMS marks are used while sending bucket messages. If a process sends a bucket message (to all processes within the same bshell) with the given mask and no processes have this mask on. the specified session or object will be started.

Use session no.ttadv4188m000 (Main BMS Mask Data).


To activate the changes, use the "continue" option to convert the data to runtime. The information will be stored in the file "$BSE/lib/bms_mask".
__________________
Together we can and we will make a difference
Reply With Quote
  #7  
Old 29th October 2005, 01:45
ganesh_kapase's Avatar
ganesh_kapase ganesh_kapase is offline
Senior Member
 
Join Date: Dec 2004
Location: India
Posts: 189
ganesh_kapase is on a distinguished road
Baan: BaaN IV - DB: SQL Server - OS: WINDOWS-2000
Bms

Hi Manoj

You mean to say by adding the above session developed by Mr.Akshay in the ttadv4188m000 it will start working immediately all the functions used in the session.

If I am wrong please correct me.


Ganesh
Reply With Quote
  #8  
Old 29th October 2005, 09:17
manojsharma's Avatar
manojsharma manojsharma is offline
Senior Member
 
Join Date: Sep 2002
Location: Delhi
Posts: 200
manojsharma is on a distinguished road
Baan: 4C4, 5, Baan LN - DB: Oracle,informix - OS: Unix, NT, Windows-2000
Yes Ganesh, The program will activate automatically when a user logged in.
__________________
Together we can and we will make a difference
Reply With Quote
  #9  
Old 12th March 2008, 06:47
k_d_mahajan's Avatar
k_d_mahajan k_d_mahajan is offline
Junior Member
 
Join Date: Jan 2003
Location: Aurangabad-MH-INDIA
Posts: 29
k_d_mahajan is on a distinguished road
Baan: BaaN IV - DB: ORACLE 9i - OS: Windows 2003 / Windows NT 4.0
Hello Akshay,
Its really a nice 3GL you have developed.
Can you give me details of Table definations
1) ttdtcd991 | User login info &
2) ttdtcd990 | Current logins
__________________
Kalyan D. Mahajan ( )

Cell No: 9823163246
E-mails: kalyanmahajan@indiatimes.com
k_d_mahajan2000@yahoo.com
Reply With Quote
  #10  
Old 3rd April 2008, 14:48
baan_tools_IV's Avatar
baan_tools_IV baan_tools_IV is offline
Junior Member
 
Join Date: Sep 2007
Posts: 26
baan_tools_IV is on a distinguished road
Baan: Baan IVc4 - DB: Informix,Oracle - OS: Unix,Windows
Hello Akshay,

can please post the table structure:
1) ttdtcd991 | User login info &
2) ttdtcd990 | Current logins


Baan_tools_IV
sandara@rediffmail.com
__________________
---
Baan_Tools_IV
Reply With Quote
Sponsored Links
  #11  
Old 24th June 2008, 09:52
simplerosy simplerosy is offline
Junior Member
 
Join Date: Mar 2008
Posts: 3
simplerosy is on a distinguished road
Baan: Baa IVc4 - DB: Informix - OS: Sun
Hi,
Can you send me updated script and Table Definations please.
-Rosy
Reply With Quote
  #12  
Old 17th July 2008, 00:39
jbaanm jbaanm is offline
Member
 
Join Date: Sep 2006
Posts: 45
jbaanm is on a distinguished road
Baan: 4c4 - DB: Oracle10G - OS: AIX5.3
Its failing at bms

My script failing with some error
If I debug, its getting stuck at
bms.add.mask("bms.shutdown") | to detect the shutdown event which is sent by the system
while true
bucket = bms.receive$()
if bucket = "bms.shutdown" then
remove.user.from.990()
exit(0)
endif
endwhile


Is there any other way you can run a session like this immediately after login
__________________
Joy Baba Baan
Reply With Quote
  #13  
Old 6th January 2009, 02:57
jbaanm jbaanm is offline
Member
 
Join Date: Sep 2006
Posts: 45
jbaanm is on a distinguished road
Baan: 4c4 - DB: Oracle10G - OS: AIX5.3
BMS masks loop is slowing down the system

The following script part is running in the background till the user is logged out. That is taking lots of CPU time and slowing the down the server.
Whats the alternative to this? This part is need only to delete a entry after logout.
Code:
 bms.add.mask("bms.shutdown")	| to detect the shutdown event which is sent by the system
 while true
	bucket = bms.receive$()
	if bucket = "bms.shutdown" then
		remove.user.from.990()
		exit(0)	
	endif
 endwhile
__________________
Joy Baba Baan

Last edited by mark_h : 6th January 2009 at 15:45.
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Force User Change Password At Next Login mila04792 Tools Administration & Installation 5 4th March 2005 04:26
Where is the last Password Change Date stored in HP-UNIX? skapoor73 Tools Administration & Installation 3 6th December 2004 23:09
Automatic login when calling baan session from VB? Jabran AFS/DDC/OLE: Function servers 2 27th May 2004 15:35
How to let users change password without admin login? yeoea1 Tools Administration & Installation 15 23rd April 2002 08:21


All times are GMT +2. The time now is 03:30.


©2001-2017 - Baanboard.com - Baanforums.com