NT Extensions to TCL, Beta 0.2

Christopher M Sedore, 7/19/96

What are the NT Extensions to TCL?

These extensions allow you to do many systems administration tasks with the TCL scripting language on Windows NT. I do include my own build of the TCL/TK code distributed by Sun Microsystems, but if you are just looking for a TCL distribution for NT without any add ons, check Sun first at http://www.smli.com. Further, I may have introduced bugs or caused other difficulties with my builds. If you are having problems with them, please refer them to me, not the good people at Sun.

Contacting the author and reporting bugs

Please send bug reports and feedback to cmsedore@maxwell.syr.edu, and be sure to mention "NT TCL Extension" in the subject.

INSTALLATION

Installing these utilities requires blowing up the zip file, and setting two environment variables to point to the library directories for tcl and tk. On my system, the variables are set this way (in control panels/system):

TCL_LIBRARY=c:/apps/tcl/lib/tcl7.5

TCLX_LIBRARY=c:/apps/tcl/lib/tclx

TK_LIBRARY=c:/apps/tcl/lib/tk4.1

Note the forward slashes ( '/' ) instead of normal dos/NT backslashes ( ' \' ). If these variables are not set correctly, you should get a warning message each time you run tclsh75.exe or wish41.exe, and things definitely won't work as they should. Note for Webtacle users: Webtacle sets these for you on installation, so you need not worry about them.

Functions

Many functions have an optional first parameter specifying the server or domain name-these default to the local machine/domain if not specified. If the server or domain name is not optional, a null string ( {} ) specifies the current server or domain.

If an error condition arises inside one of these functions, it will cause and error and return a string describing the error. Actually, most strings returned are just "Error" at this point, but some return useful information. If the string includes a number, you can look this number up in winerror.h if you have that include file available.

These functions are available after loading the extension:

load ntsys.dll ntsys

The ODBC functions are supported by a separate dll-please see the ODBC function section.

User functions

NT_GetUserName

NT_GetUserName returns the name of the user in whose context the script is running.

NT_UserChangePassword ?domainName? username oldPassword newPassword

NT_UserChangePassword will return the empty set if successful. On failure, it will cause an error and return an error string.

NT_UserGetInfo ?serverName? username

NT_UserGetInfo returns a list of the following items:

username

full name

comment

user flags

user parameters

authorization flags

privilege

password age

bad password count

password expired

home directory

home directory drive

profile

logon script path

last logon

last logoff

account expiration

number of logons

logon server

country code

code page

user id

primary group id

user comment

workstations

max storage

units per week

NT_UserSetInfo ?serverName? userName property value

NT_UserSetInfo allows you to set these user account parameters:

password

priv

home_dir

comment

flags

script_path

auth_flags

full_name

usr_comment

parms

workstations

acct_expires

max_storage

logon_server

country_code

code_page

primary_group_id

profile

home_dir_drive

NT_UserDel ?serverName? userName

NT_UserDel returns nothing if successful, and causes and error and returns an error string on error.

NT_UserAdd ?serverName? templateAccount username password homeDirectory comment script fullName

NT_UserAdd creates an account using the template account as the default for many parameters. You should use the template account to specifiy general defaults (like logon hours), and that cannot currently be set with NT_UserSetInfo.

NT_UserEnum ?serverName? filter

Example

NT_UserEnum returns a list of all user accounts on the specified server. filter may be specified as the empty string, in which case in returns normal user accounts. Specifying the empty string ({}) will filter for normal user accounts.

Filter strings (joined by the verticle bar "|'):

FILTER_TEMP_DUPLICATE_ACCOUNT

FILTER_NORMAL_ACCOUNT

FILTER_PROXY_ACCOUNT*

FILTER_INTERDOMAIN_TRUST_ACCOUNT

FILTER_WORKSTATION_TRUST_ACCOUNT

FILTER_SERVER_TRUST_ACCOUNT

*FILTER_PROXY_ACCOUNT is commented out in the SDK header files, so use it at your own risk.

FILTER_INTERDOMAIN_TRUST_ACCOUNT will return list of all trusted domains, like this (note the $ is not part of the domain name, NT uses it to hide the account):

{{DOMAIN1$} {} {}} {{DOMAIN2$} {} {}}

FILTER_WORKSTATION_TRUST_ACCOUNT will return a list of all workstations and non-PDC/BDC servers in your domain, like this (note the $ is not part of the domain name, NT uses it to hide the account):

{{Machine 1$} {} {}} {{Machine 2$} {} {}}

FILTER_SERVER_TRUST_ACCOUNT will return a list of all PDCs and BDCs in the domain, like this (note the $ is not part of the domain name, NT uses it to hide the account):

{{Server1$} {} {}} {{Server 2$} {} {}}

FILTER_NORMAL_ACCOUNT will return a list of all the users:

{{jdoe} {Jane Doe} {Who is she, anyway?}} {{jsmith} {John Smith} {a normal user}} {{administrator} {} {Built-in account for administering the 
computer/domain}}

Each account entry returned is a list of three items:

username

fullName

Comment

Global group functions

The following functions operate on global groups:

NT_GroupAdd ?serverName? groupname comment

NT_GroupAddUser serverName groupName userName [userName ...]

NT_GroupDel ?serverName? groupName

NT_GroupDelUser serverName groupName userName [userName ...]

NT_GroupEnum ?serverName?

NT_GroupGetInfo ?serverName? groupName

NT_GroupGetUsers ?serverName? groupName

Local group functions

The following functions operate on local groups. Note that non-PDC/BDC servers have their own local groups, meaning that if you want to manipulate these local groups from a non-PDC/BDC server, you should specify another server as the first parameter.

NT_LocalGroupAdd ?serverName? groupname comment

NT_LocalGroupAddUser serverName groupName userName [userName ...]

NT_LocalGroupDel ?serverName? groupName

NT_LocalGroupDelUser serverName groupName userName [userName ...]

NT_LocalGroupEnum ?serverName?

NT_LocalGroupGetInfo ?serverName? groupName

NT_LocalGroupGetUsers ?serverName? groupName

Security Functions

NT_AssertPrivilege privilegeName

NT_AssertPrivilege is used to enable special privileges in the thread's access token. This allows you to enable privileges necessary for particular operations (e.g. setting the owner of a file). The privilege names are:

SeCreateTokenPrivilege

SeAssignPrimaryTokenPrivilege

SeLockMemoryPrivilege

SeIncreaseQuotaPrivilege

SeUnsolicitedInputPrivilege

SeMachineAccountPrivilege

SeTcbPrivilege

SeSecurityPrivilege

SeTakeOwnershipPrivilege

SeLoadDriverPrivilege

SeSystemProfilePrivilege

SeSystemtimePrivilege

SeProfileSingleProcessPrivilege

SeIncreaseBasePriorityPrivilege

SeCreatePagefilePrivilege

SeCreatePermanentPrivilege

SeBackupPrivilege

SeRestorePrivilege

SeShutdownPrivilege

SeDebugPrivilege

SeAuditPrivilege

SeSystemEnvironmentPrivilege

SeChangeNotifyPrivilege

SeRemoteShutdownPrivilege

There is currently no way to "turn off" privileges once enabled.

NT_GetSecurityDescriptorProperties securityDescriptorHandle

NT_GetSecurityDescriptorProperties returns a list of three items:

owner's username

group name

Discretionary ACL handle

NT_ListACL aclHandle

NT_CreateACL { aclType aclFlags accessTypes userName} [{aclType aclFlags accessTypes userName} ...]

NT_ListACL returns a list of all the ACE's in the ACL.

NT_CreateACL takes any number of lists of aclType, aclFlags, accessTypes, and Username to create an ACL.

ACE type:

ACCESS_ALLOWED

ACCESS_DENIED

Inheritence flags:

OBJECT_INHERIT

CONTAINER_INHERIT

NO_PROPAGATE_INHERIT

INHERIT_ONLY

Access types:

SPECIFIC1

SPECIFIC2

SPECIFIC4

SPECIFIC8

SPECIFIC10

SPECIFIC20

SPECIFIC40

SPECIFIC80

SPECIFIC100

SPECIFIC200

SPECIFIC400

SPECIFIC800

SPECIFIC1000

SPECIFIC2000

SPECIFIC4000

SPECIFIC8000

DELETE

READ_CONTROL

WRITE_DAC

WRITE_OWNER

SYNCHRONIZE

ACCESS_SYSTEM_SECURITY

MAXIMUM_ALLOWED

GENERIC_READ

GENERIC_WRITE

GENERIC_EXECUTE

GENERIC_ALL

SPECIFIC_RIGHTS_ALL

STANDARD_RIGHTS_ALL

STANDARD_RIGHTS_REQUIRED

STANDARD_RIGHTS_READ

STANDARD_RIGHTS_WRITE

STANDARD_RIGHTS_EXECUTE

The ACE type can be either ACCESS_ALLOWED or ACCESS_DENIED. The inheritence flags and access types are flags that can be grouped together, separated by the verticle bar (this is like C syntax, using the bitwise or function to combine flags).

NT_CreateSecurityDescriptor ownerName groupName discretionaryAclHandle

NT_CreateSecurityDescriptor returns a security descriptor handle which can be passed to NT_SetFileSecurity. It takes the ownerName and groupName (used to set the owner and group fields) and a discretionary acl handle, returned by NT_CreateACL or NT_GetSecurityDescriptorProperties.

NT_GetFileSecurity pathName

NT_GetFileSecurity returns a security descriptor handle.

NT_SetFileSecurity securityDescriptorHandle flags pathName

NT_SetFileSecurity replaces the set of properties specified by flags in the security descriptor for pathName with the one specified for securityDescriptorHandle. This handle can come from NT_GetFileSecurity or NT_CreateSecurityDescriptor.

OWNER_SECURITY_INFORMATION

GROUP_SECURITY_INFORMATION

DACL_SECURITY_INFORMATION

SACL_SECURITY_INFORMATION

These flags are connected with the vertical bar (like C syntax: the bitwise or operator).

LSA functions (Privileges or User Rights)

NT_LsaOpenPolicy ?serverName?

This function returns a handle to the policy system on the specified computer, or the local one if one isn't specified.

NT_LsaSetPrivilege lsaHandle user_or_group_name privilegeName grant|revoke

NT_LsaSetPrivilege grants or revokes the specified privilege to/from the specified user or group. For example:

set lsahandle [NT_LsaOpenPolicy]
NT_LsaSetPrivilege $lsahandle jsmith SeBackupPrivilege grant

would grant the user "jsmith" the Backup right. Note that this function seems not to work on BDCs.

NT_LsaEnumUserPrivileges lsaHandle user_or_group_name

NT_LsaEnumUserPrivileges returns a list of the privileges held by this user or group. This API call seems to have a bug in it: instead of returning each privilege as a separate element, some are combined into a single element, so, you might get a return string that contains "SeBatchLogonRight SeSystemEnvironmentPrivilegeSeSystemProfilePrivilegeSeProfileSingleProcessPrivilege" You should use the "string match" command to find out if a specified privilege is in the list, like this:

set lsahandle [NT_LsaOpenPolicy]
set rightslist [NT_LsaEnumUserPrivileges $lsahandle administrators]

if {[string match *SeSystemEnvironmentPrivilege* $rightslist]} {
  puts "You can modify the system environment."
}

NT_LsaEnumUsersWithPrivilege lsaHandle privilegeName

NT_LsaEnumUsersWithPrivilege returns a list of users with the specified privilege. An example:

set lsahandle [NT_LsaOpenPolicy]
set userlist [NT_LsaEnumUsersWithPrivilege $lsahandle SeBackupPrivilege]

puts "These users have the right to backup the system: $userlist"

Share functions

NT_ShareAdd ?serverName? shareName remark permissions maxUses path password

NT_ShareDel serverName shareName [shareName ...]

NT_ShareAdd/Del create and remove network shares.

NT_ShareGetInfo serverName shareName

NT_ShareGetInfo returns the following list of information:

Share Name
Share Comment
Share Path
Share Password
Share Maximum Uses
Share Current Uses

System functions:

NT_GetDCName ?serverName? domainName

NT_GetDCName will return the name of the domain controller for the specified domain. If the domain is specified as an empty string ( {} ), it will return the name of the current domain's controller.

NT_InitiateSystemShutdown machineName dialogMessage timeout force reboot

NT_InitiateSystemShutdown shuts down an NT server or workstation. machineName or dialogMessage may be specified as null strings ( {} ) indicating the local machine and no message should be posted respectively. timeout is the amount of time to wait before shutting the machine down. force, if specified as 'false' will wait for the user to deal with application's "would you like to save before closing" dialog boxes (if any) before shutting down. If force is specified as any other value, with machine will shutdown without waiting for any user input. reboot, if specified as false will leave the machine with the "it is safe to turn off your computer" dialog up. If reboot is specified as any other value, the machine will restart when the shutdown process completes.

NT_CloseHandle handle

NT_CloseHandle is used to close handles return from any of the functions that generate handles.

NT_FreeStructure handle

NT_FreeStructure is used to free the memory associated with security descriptor and acl handles returned by various security functions. This function should not be called directly, use NT_CloseHandle instead.

Service functions

NT_OpenSCManager [machine name]

NT_OpenSCManager opens a connection to the service control manager on the computer specified and returns a handle for that connection. If no computer name is specified it opens a connection to the local SC Manager. NOTE: the computer name must not be prefixed with the double backslash. \\ntmach is not valid, just ntmach will work.

NT_EnumServicesStatus scHandle serviceTypeFlags serviceStatusFlags

NT_EnumServicesStatus enumurates all services that match the type and status flags specified.

Type flags:

SERVICE_DRIVER

SERVICE_WIN32

SERVICE_TYPE_ALL

SERVICE_KERNEL_DRIVER

SERVICE_FILE_SYSTEM_DRIVER

SERVICE_ADAPTER

SERVICE_RECOGNIZER_DRIVER

SERVICE_WIN32_OWN_PROCESS

SERVICE_WIN32_SHARE_PROCESS

SERVICE_INTERACTIVE_PROCESS

Status flags:

SERVICE_ACTIVE

SERVICE_INACTIVE

NT_EnumServicesStatus returns a list with one entry per service meeting the flags specified, with each list entry being a list of:

service internal name

service display name

service type

service status

service controls accepted

service win32 exit code

service specific exit code

service checkpoint

service wait hint

NT_OpenService scHandle serviceName accessFlags

NT_OpenService opens a specific service from the SC Manager handle return by NT_OpenSCManager and returns a handle for control operations for that service. Access flags are:

SERVICE_ALL_ACCESS

SERVICE_QUERY_CONFIG

SERVICE_CHANGE_CONFIG

SERVICE_QUERY_STATUS

SERVICE_ENUMERATE_DEPENDENTS

SERVICE_START

SERVICE_STOP

SERVICE_PAUSE_CONTINUE

SERVICE_INTERROGATE

SERVICE_USER_DEFINED_CONTROL

NT_ControlService serviceHandle controlCode

NT_ControlService manipulates the service specified by serviceHandle (returned from NT_OpenService). Control codes are:

SERVICE_CONTROL_STOP

SERVICE_CONTROL_PAUSE

SERVICE_CONTROL_CONTINUE

SERVICE_CONTROL_INTERROGATE

SERVICE_CONTROL_SHUTDOWN

NT_StartService serviceHandle [argumentString]

NT_StartService starts the service specified by the serviceHandle (returned from NT_OpenService), and passes the argumentString to the service as startup parameters.

File and directory manipulation functions

NT_CreateDirectory dirName ?securityDescriptorHandle?

NT_RemoveDirectory dirName

NT_CreateDirectory creates a directory and optionally assigns the security descriptor to it. NT_RemoveDirectory deletes the specified directory.

NT_CopyFile sourceName destinationName ?forceFlag?

NT_MoveFile sourceName destinationName ?forceFlag?

These functions do as the name implies. If a boolean true (yes,on,1,true) is specified for forceFlag, these functions will overwrite existing files. If no flag is specified, or if it is specified as a boolean false (no,off,0,false), an error will be generated if a file specifed as the destination already exists. NT_MoveFile can move directories on the same volume, but not across volumes.

Event log functions

The event log functions are fairly primitive, but quite useful for certain things anyway. Their basic limitation is that they do not expand the message strings to include the message text. In other words, rather than getting back a complete event log message like "User btlizard printed 5 pages on printer hplaser" you'll get back {btlizard} {5} {hplaser}. This may seem limiting, but you do get the event code, which you can correlate with the event code from the event viewer. I've used this to do some primitive printer accounting, by looking up the code for the successful print message in event viewer, then using these functions to retrieve each record and tallying each user's printing.

NT_EventLogOpen ?computerName? eventLogName

NT_EventLogOpen opens the specified log on the local or specified computer, and returns a handle to pass to the other event log functions. NT_CloseHandle should be called to free resources associated with this handle when it is no longer needed.

NT_EventLogOpenBackup ?computerName? fileName

NT_EventLogOpenBackup opens the backup log file on the local or specified computer, and returns a handle to pass to the other event log functions. NT_CloseHandle should be called to free resources associated with this handle when it is no longer needed.

NT_EventLogRead eventLogHandle ?startRecord?

NT_EventLogRead returns a list of events, with each element having the following members:

Record Number
Time Generated
Time Written
Event ID
Event Type
Event Catagory
Source Name
Computer Name
(insertion strings, one element each)

If specified, the optional startRecord parameter sets the beginning point for the read, otherwise, it will start from the beginning. Each call to NT_EventLogRead will continue from the where the last read ended if an offset is not specified. NT_EventLogRead will cause an error when the end of the log is reached. Here's a sample read loop:

set elh [NT_EventLogOpen system]

while {![catch {set reclist [NT_EventLogRead $elh]}]} {
  foreach rec $reclist {
    puts "here's a record: $rec"
  }
}

NT_CloseHandle $elh

NT_EventLogGetNumberOfRecords eventLogHandle

NT_EventLogGetNumberOfRecords returns the number of records in the log associated with eventLogHandle.

NT_EventLogBackup eventLogHandle fileName

NT_EventLogBackup stores a copy of the event log associated with eventLogHandle in the file specified by fileName. This filename cannot contain a UNC--If you want to put the file on another computer, you will need to store it locally first, then copy it.

NT_EventLogClear eventLogHandle ?fileName?

NT_EventLogClear clears the log associated with eventLogHandle. If the fileName parameter is specified, it stores a copy of the event log associated with eventLogHandle in the file specified. This filename cannot contain a UNC--If you want to put the file on another computer, you will need to store it locally first, then copy it.

NT_EventLogRegisterSource ?computerName? sourceName

NT_EventLogRegisterSource returns a handle registered with the event log system to allow you to report events which will show in the application event log under the specified sourceName. NT_CloseHandle should be use to release resources associated with this handle when it is no longer needed.

NT_EventLogReportEvent eventSourceHandle eventType eventCategory eventID eventMessage

NT_EventLogReportEvent adds an entry to the event log, specified by the eventSourceHandle (obtained from NT_EventLogRegisterSource). eventType, eventCatagory, and eventID must be integers.

ODBC Functions (odbc.dll)

This interface is not complete. I'm planning on improving it as time goes on. Suggestions or requests for features (both appreciated) should be directed to cmsedore@maxwell.syr.edu.

These functions are accessible after loading the odbc extension:

load odbc.dll odbc

ODBC_Connect odbcSource username password

ODBC_Connect connects you to an ODBC data source (defined in the ODBC control panel) with the specified username and password and returns an ODBC handle to use with the other ODBC functions. The username and password should be specified as an empty string ("" or {}) if they are not applicable to the data source.

ODBC_DriverConnect connectString

ODBC_DriverConnect takes a connection string as a parameter, and returns an ODBC handle. The connect string is driver specific, please consult your driver documentation for details.

ODBC_SQLExec odbcHandle sqlString ?recordLimit?

ODBC_SQLExec executes the SQL string against the database server and returns the results, if any. The results are returned as lists-the first list contains the column names of the columns return, the rest of the lists contain the column values.The record limit will limit the number of records returned. Note that this does not stop the database from doing the entire query, it just limits the number of records that are retrieved from the results.

An example:

ODBC_SQLExec $dbhandle "select name, id from sysobjects"

would return:

{{name} {id}} {{v_name_address} {123456}} {{v_name_ssn} {234567}}

ODBC_SQLExecWEval odbcHandle sqlString tclCode ?recordLimit?

ODBC_SQLExecWEval runs the query, then appends each row value to the end of the tclCode parameter and evals it. An example fragment:

proc myprinter {name birthday sex} {
  puts "$name $birthday $sex"
}

ODBC_SQLExecWEval $odbc "select name,birthday,sex from dbTable1" myprinter 5

Might print:

Jane Doe 3/5/66 F
John Smith 3/5/22 M
Zeke Tralz 7/8/43 M
Bertha Quentz 9/9/52 F
Herman Dertel 1/2/34 M

ODBC_CloseHandle odbcHandle

ODBC_CloseHandle should be used to close handles from ODBC_Connect and ODBC_DriverConnect when they are no longer needed.

ODBC_SQLColumns odbcHandle tableName

ODBC_SQLTables odbcHandle databaseName|*

These two functions only work if the ODBC driver you use appropriately supports them, returning a list of all the columns for the table with their properties, and the tables in the specified database, or all available tables if "*" is specified.

Using the Service Interpreter

You can run Tcl scripts as services under NT with the service interpreter. The process is simple:

Copy the tclsvc75.exe to the name for your service:

copy tclsvc75.exe mysvc.exe

Install the service:

mysvc -install

Set the command line for the script with regedt32: create a key in the HKEY_LOCAL_MACHINE\CurrentControlSet\Services\mysvc called "Parameters". Inside this key, put a value called "CmdLine" which is a string (SZ), which specifies the full command line you would normall pass to the tcl75 intepreter. Normally, this would be the full path to the file, for example, c:/scripts/mysvc.tcl. Note the forward slashes!

---------------------------------------

For ntsys.dll and odbc.dll:

ntsys.dll and odbc.dll may be distributed with their documentation in

an unmodified form as a package-you may not distribute the individual

files. The accompanying software may not be modified, disassembled,

or reverse engineered.

IN NO EVENT SHALL THE AUTHORS OR DISTRIBUTORS BE LIABLE TO ANY PARTY

FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES

ARISING OUT OF THE USE OF THIS SOFTWARE, ITS DOCUMENTATION, OR ANY

DERIVATIVES THEREOF, EVEN IF THE AUTHORS HAVE BEEN ADVISED OF THE

POSSIBILITY OF SUCH DAMAGE.

THE AUTHORS AND DISTRIBUTORS SPECIFICALLY DISCLAIM ANY WARRANTIES,

INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY,

FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. THIS SOFTWARE

IS PROVIDED ON AN "AS IS" BASIS, AND THE AUTHORS AND DISTRIBUTORS HAVE

NO OBLIGATION TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR

MODIFICATIONS.

-----------------------------------

For the core Tcl and TK stuff:

This software is copyrighted by the Regents of the University of

California, Sun Microsystems, Inc., and other parties. The following

terms apply to all files associated with the software unless explicitly

disclaimed in individual files.

The authors hereby grant permission to use, copy, modify, distribute,

and license this software and its documentation for any purpose, provided

that existing copyright notices are retained in all copies and that this

notice is included verbatim in any distributions. No written agreement,

license, or royalty fee is required for any of the authorized uses.

Modifications to this software may be copyrighted by their authors

and need not follow the licensing terms described here, provided that

the new terms are clearly indicated on the first page of each file where

they apply.

IN NO EVENT SHALL THE AUTHORS OR DISTRIBUTORS BE LIABLE TO ANY PARTY

FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES

ARISING OUT OF THE USE OF THIS SOFTWARE, ITS DOCUMENTATION, OR ANY

DERIVATIVES THEREOF, EVEN IF THE AUTHORS HAVE BEEN ADVISED OF THE

POSSIBILITY OF SUCH DAMAGE.

THE AUTHORS AND DISTRIBUTORS SPECIFICALLY DISCLAIM ANY WARRANTIES,

INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY,

FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. THIS SOFTWARE

IS PROVIDED ON AN "AS IS" BASIS, AND THE AUTHORS AND DISTRIBUTORS HAVE

NO OBLIGATION TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR

MODIFICATIONS.

RESTRICTED RIGHTS: Use, duplication or disclosure by the government

is subject to the restrictions as set forth in subparagraph (c) (1) (ii)

of the Rights in Technical Data and Computer Software Clause as DFARS

252.227-7013 and FAR 52.227-19.

--------------------------

For the MTtcl code: