?TACL MACRO #FRAME #PUSH #BREAKMODE #SET #BREAKMODE DISABLE =============================================================================== #PUSH log { The name of the log file. } #PUSH var { Populated with info to be written to the log file. } #PUSH open^err { Detect errors on open of the log file. } #PUSH write^err { Detect errors on write of the log file. } #PUSH write^var { The variable to fill when we want to write to the log file.} #PUSH logging { Y when keystroke logging is required (via SCOPE program.) } #PUSH restricted { Y when access is restricted to a hard-coded set of users. } #PUSH user { The original user before logging on using this routine. } =============================================================================== #SET log $DISK1.LOG.LOGAUDIT #SET logging Y #SET restricted Y =============================================================================== [#IF [#MATCH [logging] Y] |THEN| #SET user [#PARAM LOGON-NAME] [#IF [#EMPTYV/BLANK/user] |THEN| #SET user [#PARAM USER],[#PARAM GROUP] ] { Record the original user, before promotion. } #SET var [user] at [TIMESTAMP_TO_TEXT [#TIMESTAMP]] & { cont'd }from [#PROCESSINFO/HOMETERM/[#MYTERM]], & { cont'd }Trace file: [#CHARGET "[#MYTERM]" 2 FOR & { cont'd }[#COMPUTE [#CHARCOUNT "[#MYTERM]"] - 1]]. |ELSE| { Record the original user, before promotion. } #SET var [user] at [TIMESTAMP_TO_TEXT [#TIMESTAMP]] from [#MYTERM]. ] { Write to the log file } #SET open^err [#REQUESTER/WAIT/WRITE [log] write^err write^var] {OPEN} [#IF [open^err] |THEN| |ELSE| #EXTRACTV var write^var { I/O } SINK [#REQUESTER CLOSE write^err] { CLOSE } ] #SET #OUT [#MYTERM] { Guardian access restrictions } [#IF [#MATCH [restricted] Y] |THEN| == [#IF [#MATCH [user] MY-ALIAS ] { Alias security check } [#IF [#MATCH 003,001 [#PARAM GROUP],[#PARAM USER]] OR [#MATCH 205,201 [#PARAM GROUP],[#PARAM USER]] OR [#MATCH 255,* [#PARAM GROUP],[#PARAM USER]] |THEN| |ELSE| #OUTPUT [#PARAM GROUP],[#PARAM USER] isn't allowed. #SET #EXIT -1 ] ] { Keystroke logging restriction } [#IF [#MATCH [logging] Y] |THEN| { Verify that the user's TACL is logging via SCOPE. } [#IF [#MATCH SCOPE [#FILEINFO/FILE/[#PROCESSINFO/PROGRAMFILE/[#MYTERM]]]] |THEN| |ELSE| #OUTPUT Invalid access mode. #SET #EXIT -1 ] ] #UNFRAME [#IF [#EXIT] |THEN| |ELSE| #SET #IN [#MYTERM] CLEAR ALL [#DEFAULTS/SAVED/].TACLCSTM ]