/*  This Pipes filter will construct a request to the TACACS server
    and transmit it using the UDP protocol and wait for a response.  The
    results (either accepted or not accepted) is passed onto the invoker
    via the return code.  This filter was written for use with the
    EnterpriseWeb product as a security exit.  It was written to interact
    with our "homegrown" TACACS server on VM.  However, it should work
    with any TACACS server which uses the standard protocols.
    It expects the parameters to be the userid and password to be
    validated.  If the TACACS server accepts these, then the RC=0.
    If they are not accepted, then it returns RC=403, access forbidden.
    The web server will also accept RC=401, which rechallenges the client
    for a different password.  According to Beyond Software, the server
    will invoke the exit first with a null argument.  The exit must return
    RC=401 so that the browser will prompt the user for the username
    and password.  The exit will then be invoked a second time with the
    user supplied data.
 
    Written by Martha McConaghy 12/10/96
 
    A new version of EWXTACU REXX, it will only allow
    accounts: URxx. urlw 5/15/98
 
    Retry UDP call several times before giving up.  If null record comes
       back from TACACS, then the connection timed out.  MMM 3/20/98
 
    Change TACACS ip address to 1.30. MMM 6/18/01
    Change TACACS ip address to 80.40. MMM 10/21/02
 
ahw - read pattern from $EWEB HTACCESS, an LDAP filter
 
*/
trace o
arg Userid ':' Passw .
say 'Entering EWXTACPA'
Retry = 3
Passw = substr(Passw,1,8)
 
address command 'PIPE (name ewxtacpa01)  < $EWEB HTACCESS * |' ,
    'strfind anycase /authuserfile/ |' ,
    'var rec'
parse var rec authuserfile userexit pfn pft filter
 
Address command 'CP MSG HARRY EWXLD' 'filter:'filter 'userid:'userid
 
if(1>length(Userid)) then exit 401
 
other = ldacct(filter)
 
p = wordpos(userid,other)
Address command 'CP MSG HARRY EWXLD' 'other:' other 'pos:' p
 
/*
xstr = 'X'c2x(parm)
 
'CALLPIPE (name ewxtacpa02) var other |' ,
  'split |' ,
  'strfind' xstr '|' ,
  'stem find.'
 
address command 'CP MSG HARRY    ' 'other:'other 'find' find.0 xstr
 
if 'FIND.0' = find.0 then find.0 = 0
   when (parm=substr(Userid,1,length(parm))) then nop
*/
 
select
   when p > 0 then nop
   otherwise exit 403
end;
 
address command 'EXEC GETTAC' userid passw
 
exit RC