1 Introduction
2 Ground Rules
Building a File System
3 File Systems
4 File Content Data Structure
5 Allocation Cluster Manager
6 Exceptions and Emancipation
7 Base Classes, Testing, and More
8 File Meta Data
9 Native File Class
10 Our File System
11 Allocation Table
12 File System Support Code
13 Initializing the File System
14 Contiguous Files
15 Rebuilding the File System
16 Native File System Support Methods
17 Lookups, Wildcards, and Unicode, Oh My
18 Finishing the File System Class
The Init Program
19 Hardware Abstraction and UOS Architecture
20 Init Command Mode
21 Using Our File System
22 Hardware and Device Lists
23 Fun with Stores: Partitions
24 Fun with Stores: RAID
25 Fun with Stores: RAM Disks
26 Init wrap-up
The Executive
27 Overview of The Executive
28 Starting the Kernel
29 The Kernel
30 Making a Store Bootable
31 The MMC
32 The HMC
33 Loading the components
34 Using the File Processor
35 Symbols and the SSC
36 The File Processor and Device Management
37 The File Processor and File System Management
38 Finishing Executive Startup
Users and Security
39 Introduction to Users and Security
40 More Fun With Stores: File Heaps
41 File Heaps, part 2
42 SysUAF
43 TUser
44 SysUAF API
Terminal I/O
45 Shells and UCL
46 UOS API, the Application Side
47 UOS API, the Executive Side
48 I/O Devices
49 Streams
50 Terminal Output Filters
51 The TTerminal Class
52 Handles
53 Putting it All Together
54 Getting Terminal Input
55 QIO
56 Cooking Terminal Input
57 Putting it all together, part 2
58 Quotas and I/O
UCL
59 UCL Basics
60 Symbol Substitution
61 Command execution
62 Command execution, part 2
63 Command Abbreviation
64 ASTs
65 Expressions, Part 1
66 Expressions, Part 2: Support code
67 Expressions, part 3: Parsing
68 SYS_GETJPIW and SYS_TRNLNM
69 Expressions, part 4: Evaluation
UCL Lexical Functions
70 PROCESS_SCAN
71 PROCESS_SCAN, Part 2
72 TProcess updates
73 Unicode revisted
74 Lexical functions: F$CONTEXT
75 Lexical functions: F$PID
76 Lexical Functions: F$CUNITS
77 Lexical Functions: F$CVSI and F$CVUI
78 UOS Date and Time Formatting
79 Lexical Functions: F$CVTIME
80 LIB_CVTIME
81 Date/Time Contexts
82 SYS_GETTIM, LIB_Get_Timestamp, SYS_ASCTIM, and LIB_SYS_ASCTIM
83 Lexical Functions: F$DELTA_TIME
84 Lexical functions: F$DEVICE
85 SYS_DEVICE_SCAN
86 Lexical functions: F$DIRECTORY
87 Lexical functions: F$EDIT and F$ELEMENT
88 Lexical functions: F$ENVIRONMENT
89 SYS_GETUAI
90 Lexical functions: F$EXTRACT and F$IDENTIFIER
91 LIB_FAO and LIB_FAOL
92 LIB_FAO and LIB_FAOL, part 2
93 Lexical functions: F$FAO
94 File Processing Structures
95 Lexical functions: F$FILE_ATTRIBUTES
96 SYS_DISPLAY
97 Lexical functions: F$GETDVI
98 Parse_GetDVI
99 GetDVI
100 GetDVI, part 2
101 GetDVI, part 3
102 Lexical functions: F$GETJPI
103 GETJPI
104 Lexical functions: F$GETSYI
105 GETSYI
106 Lexical functions: F$INTEGER, F$LENGTH, F$LOCATE, and F$MATCH_WILD
107 Lexical function: F$PARSE
108 FILESCAN
109 SYS_PARSE
110 Lexical Functions: F$MODE, F$PRIVILEGE, and F$PROCESS
111 File Lookup Service
112 Lexical Functions: F$SEARCH
113 SYS_SEARCH
114 F$SETPRV and SYS_SETPRV
115 Lexical Functions: F$STRING, F$TIME, and F$TYPE
116 More on symbols
117 Lexical Functions: F$TRNLNM
118 SYS_TRNLNM, Part 2
119 Lexical functions: F$UNIQUE, F$USER, and F$VERIFY
120 Lexical functions: F$MESSAGE
121 TUOS_File_Wrapper
122 OPEN, CLOSE, and READ system services
UCL Commands
123 WRITE
124 Symbol assignment
125 The @ command
126 @ and EXIT
127 CRELNT system service
128 DELLNT system service
129 IF...THEN...ELSE
130 Comments, labels, and GOTO
131 GOSUB and RETURN
132 CALL, SUBROUTINE, and ENDSUBROUTINE
133 ON, SET {NO}ON, and error handling
134 INQUIRE
135 SYS_WRITE Service
136 OPEN
137 CLOSE
138 DELLNM system service
139 READ
140 Command Recall
141 RECALL
142 RUN
143 LIB_RUN
144 The Data Stream Interface
145 Preparing for execution
146 EOJ and LOGOUT
147 SYS_DELPROC and LIB_GET_FOREIGN
CUSPs and utilities
148 The I/O Queue
149 Timers
150 Logging in, part one
151 Logging in, part 2
152 System configuration
153 SET NODE utility
154 UUI
155 SETTERM utility
156 SETTERM utility, part 2
157 SETTERM utility, part 3
158 AUTHORIZE utility
159 AUTHORIZE utility, UI
160 AUTHORIZE utility, Access Restrictions
161 AUTHORIZE utility, Part 4
162 AUTHORIZE utility, Reporting
163 AUTHORIZE utility, Part 6
164 Authentication
165 Hashlib
166 Authenticate, Part 7
167 Logging in, part 3
168 DAY_OF_WEEK, CVT_FROM_INTERNAL_TIME, and SPAWN
169 DAY_OF_WEEK and CVT_FROM_INTERNAL_TIME
170 LIB_SPAWN
171 CREPRC
172 CREPRC, Part 2
173 COPY
174 COPY, part 2
175 COPY, part 3
176 COPY, part 4
177 LIB_Get_Default_File_Protection and LIB_Substitute_Wildcards
178 CREATESTREAM, STREAMNAME, and Set_Contiguous
179 Help Files
180 LBR Services
181 LBR Services, Part 2
182 LIBRARY utility
183 LIBRARY utility, Part 2
184 FS Services
185 FS Services, Part 2
186 Implementing Help
187 HELP
188 HELP, Part 2
189 DMG_Get_Key and LIB_Put_Formatted_Output
190 LIBRARY utility, Part 3
191 Shutting Down UOS
192 SHUTDOWN
193 WAIT
194 SETIMR
195 WAITFR and Scheduling
196 REPLY, OPCOM, and Mailboxes
197 REPLY utility
198 Mailboxes
199 BRKTHRU
200 OPCOM
201 Mailbox Services
202 Mailboxes, Part 2
203 DEFINE
204 CRELNM
205 DISABLE
206 STOP
207 OPCCRASH and SHUTDOWN
208 APPEND
Glossary/Index
Downloads
|
Authenticate, Part 7
We will finish up our discussion of Authenticate in this article. But first, we
need to handle something that I omitted from the system configuration script. Here is the
missing code:
$ write sys$output "Is this system a personal device that will only have a single"
$ inquire PC "user logged into it at a time? <YES>"
$ PC = f$edit(PC,"UPCASE,COLLAPSE")
$ PC = f$extract(PC,0,1)
$ if PC.es."N"
$ then
$ authorize default/prclm=8/prio=4/queprio=4/fillm=128/biolm=150/diolm=150
$ authorize default/astlm=300/tqelm=100/enqlm=4000/bytlm=128000/jtquota=4096
$ authorize default/wsdef=4096/wsquo=8192/wsextent=16384/pgflquo=256000
$ endif
What we are doing is determining how to configure default account settings. If we
do nothing, all accounts are created with no quotas or other resource limits. This
is usually desirable for a single-user system, but doesn't work out well for multi-user
systems where users may end up competing for limited resources. So we query the
user and if they indicate that this system will be used in a resource-sharing environment,
we will set the characteristics of the default account, which is the template for
all new accounts. These are the limits defined by VMS, so we will use them for
UOS. If the user indicates that this is a "personal" system, we leave the default account
set to no quotas. This can be altered at any point in the future by the administrator.
We don't do a lot of validation on what the user types. They are either answering with
"YES" or "NO", or they are non-technical and don't understand the question. If the
response is anything that doesn't start with "N" we will assume it is a Personal device.
Since, by definition, MFA can have multiple authentication steps, we will refer to
them by index when we need to specify which one we are referring to. The first is
index 0, the second is index 1, and so on. To remove one, the index must be specified
(if not provided, index 0 is assumed). Removing one essentially changes the indexes
of the following records. There were a couple of oversights in the previous AUTHORIZE
documentation. The following can be considered an addendum to the that documentation.
Qualifiers:
/DELETE{=index}
Delete the authorization record with the specified index. If index is not provided,
the first (or only) authorization record is deleted.
The previously documented /AUTHORIZE switch is how an authentication method (record)
is added to an account. Following are more authentication options that should have been
included in the documentation. Note that the PWDMIX option was a mistake and is
replaced by the CASEINSENSITIVE option (since the default should be that passwords
are case-sensitive).
|LIFETIME=deltatime
This option defines the interval between password expirations. For instance, the
following would set the password to expire 30 days after the last change:
|LIFETIME=+30
|CASEINSENSITIVE
This option defines that the password is to be treated as case-insensitive.
|DIALUP
This option defines that the authentication method applies only to dial-up connections.
|REMOTE
This option defines that the authentication method applies only to remote connections.
Note that if neither DIALUP or REMOTE access types are specified, the authentication
method is assumed to be general (actually Interactive since Batch and Network don't
use MFA).
var Authentication_List : TList ;
function Process_Authentication( C : string ) : string ;
var Auth : TAuthentication_Method ;
Has_Parameter : boolean ;
I : integer ;
IL : CommonUT.TInteger_List ;
Index : int64 ;
Client, P, S : string ;
SRB : TSRB ;
begin
// Process authentication deletion switches...
IL := CommonUT.TInteger_List.Create ;
while( Parse_Switch( 'DEL|ETE', '', C, P ) = 1 ) do
begin
if( P = '' ) then
begin
UUI.Show_Error( AUTH_MISOPT, 'Missing authentication option' ) ;
exit ;
end ;
if( not trystrtoint( P, I ) ) then
begin
UUI.Show_Error( AUTH_INVOPT, 'Invalid authentication option' ) ;
exit ;
end ;
if( I < 0 ) then
begin
UUI.Show_Error( AUTH_INVIND, 'Invalid authentication index' ) ;
exit ;
end ;
end ;
The Process_Authentication function processes authentication method
specifications and deletion switches. We iterate through all /DELETE switches and
build a list of the specified indexes, exiting if there is an error (missing index
or invalid index).
IL.Sort( -1 ) ;
for I := IL.Count - 1 downto 0 do
begin
if( ( IL[ I ] < 0 ) or ( IL[ I ] >= Authentication_List.Count ) ) then
begin
UUI.Show_Error( AUTH_INVIND, 'Invalid authentication index' ) ;
exit ;
end ;
Authentication_List.Delete( IL[ I ] ) ;
end ;
IL.Free ;
Next we sort the list and iterate through it backwards, deleting appropriate authentication
methods from the Authentication_List list, which is created from a user
account as we will see below. We process backwards through the sorted indexes because
if we process in the other direction, each deletion will change the index of the following
indexes. If any invalid indexes are found, we exit with an error. We process through
all the /DELETE switches before we process any authentication switches, since it makes
no sense that a user would delete any authentications specified on the same command
line.
// Process authentication switches...
while( Parse_Switch( 'AU|THENTICATION', '', C, P ) = 1 ) do
begin
Auth := TAuthentication_Method.Create ;
if( P = '' ) then
begin
P := 'password|' ; // Default to a password with no special prompt
end ;
I := pos( '|', P + '|' ) ;
S := lowercase( copy( P, 1, I - 1 ) ) ;
P := copy( P, I + 1, length( P ) ) ;
I := pos( '|', P + '|' ) ;
Client := copy( P, 1, I - 1 ) ;
P := copy( Client, I + 1, length( P ) ) ;
if( S = 'password' ) then
begin
Auth.Typ := UAM_Password ;
end else
begin
Auth.Typ := UAM_Auth ;
end ;
Auth.Description := Client ;
The items in the specification are delimited by vertical bars (|).
If the first item is "password", it is treated as a password method specification,
otherwise it is treated as the name of an authentication program. The optional second
item is either the password prompt (for a password specification) or a description
(for program names). We create and begin to set up the authentication information.
Note that this is in a loop so that we process all authentication specifications
in the command line.
while( P <> '' ) do
begin
I := pos( '|', P + '|' ) ;
S := lowercase( copy( P, 1, I - 1 ) ) ;
if( S = '' ) then
begin
continue ;
end ;
I := pos( '=', S ) ;
Has_Parameter := I > 0 ;
Client := '' ;
if( Has_Parameter ) then
begin
if( I = length( S ) ) then // Equal sign was last character with nothing following it
begin
Has_Parameter := False ;
end ;
Client := copy( S, I + 1, length( S ) ) ;
S := copy( S, 1, I - 1 ) ;
end ;
P contains the parameters for this authentication specification. We
loop until we have processed everything in the parameter string. Each time through
this loop, we locate the next item (delimited by vertical bars) and grab the parameter
if specified.
if( MinMatch( 'algorithm', S, 1 ) ) then
begin
if( not Has_Parameter ) then
begin
Client := inttostr( Hash_Default ) ;
end ;
if( not trystrtoint( Client, I ) ) then
begin
Set_String( Client, SRB ) ;
if( Hash_Index( int64( @Index ), int64( @SRB ) ) <> 0 ) then
begin
UUI.Show_Error( AUTH_INVALG, 'Invalid algorithm' ) ;
exit ;
end ;
I := Index ;
end ;
if( ( I < 0 ) or ( I > Hash_Count - 1 ) ) then
begin
UUI.Show_Error( AUTH_INVALG, 'Invalid algorithm' ) ;
exit ;
end ;
if( Auth.Typ = UAM_Auth ) then
begin
UUI.Show_Error( AUTH_INCOMP, 'Incompatible options' ) ;
exit ;
end ;
Auth.Encoding := I ;
end else
if( MinMatch( 'caseinsensitive', S, 1 ) ) then
begin
if( Has_Parameter ) then
begin
UUI.Show_Error( AUTH_NOOPT, 'Authentication option takes no parameter' ) ;
exit ;
end ;
if( Auth.Typ = UAM_Auth ) then
begin
UUI.Show_Error( AUTH_INCOMP, 'Incompatible options' ) ;
exit ;
end ;
Auth.Flags := Auth.Flags or UAMF_PwdMix ;
end else
if( MinMatch( 'dialup', S, 3 ) ) then
begin
if( Has_Parameter ) then
begin
UUI.Show_Error( AUTH_NOOPT, 'Authentication option takes no parameter' ) ;
exit ;
end ;
if( Auth.Typ = UAM_Auth ) then
begin
UUI.Show_Error( AUTH_INCOMP, 'Incompatible options' ) ;
exit ;
end ;
Auth.Access_Type := UAT_Dialup ;
end else
if( MinMatch( 'dispwddic', S, 7 ) ) then
begin
if( Has_Parameter ) then
begin
UUI.Show_Error( AUTH_NOOPT, 'Authentication option takes no parameter' ) ;
exit ;
end ;
if( Auth.Typ = UAM_Auth ) then
begin
UUI.Show_Error( AUTH_INCOMP, 'Incompatible options' ) ;
exit ;
end ;
Auth.Flags := Auth.Flags or UAMF_DisPwdDic ;
end else
if( MinMatch( 'dispwdhis', S, 7 ) ) then
begin
if( Has_Parameter ) then
begin
UUI.Show_Error( AUTH_NOOPT, 'Authentication option takes no parameter' ) ;
exit ;
end ;
if( Auth.Typ = UAM_Auth ) then
begin
UUI.Show_Error( AUTH_INCOMP, 'Incompatible options' ) ;
exit ;
end ;
Auth.Flags := Auth.Flags or UAMF_DisPwdHis ;
end else
if( MinMatch( 'expired', S, 1 ) ) then
begin
if( Has_Parameter ) then
begin
UUI.Show_Error( AUTH_NOOPT, 'Authentication option takes no parameter' ) ;
exit ;
end ;
if( Auth.Typ = UAM_Auth ) then
begin
UUI.Show_Error( AUTH_INCOMP, 'Incompatible options' ) ;
exit ;
end ;
Auth.Flags := Auth.Flags or UAMF_Expired ;
end else
if( MinMatch( 'forcechange', S, 1 ) ) then
begin
if( Has_Parameter ) then
begin
UUI.Show_Error( AUTH_NOOPT, 'Authentication option takes no parameter' ) ;
exit ;
end ;
if( Auth.Typ = UAM_Auth ) then
begin
UUI.Show_Error( AUTH_INCOMP, 'Incompatible options' ) ;
exit ;
end ;
Auth.Flags := Auth.Flags or UAMF_ForceChange ;
end else
if( MinMatch( 'generate', S, 4 ) ) then
begin
if( Has_Parameter ) then
begin
UUI.Show_Error( AUTH_NOOPT, 'Authentication option takes no parameter' ) ;
exit ;
end ;
if( Auth.Typ = UAM_Auth ) then
begin
UUI.Show_Error( AUTH_INCOMP, 'Incompatible options' ) ;
exit ;
end ;
Auth.Flags := Auth.Flags or UAMF_Generate ;
end else
if( MinMatch( 'genpwd', S, 4 ) ) then
begin
if( Has_Parameter ) then
begin
UUI.Show_Error( AUTH_NOOPT, 'Authentication option takes no parameter' ) ;
exit ;
end ;
if( Auth.Typ = UAM_Auth ) then
begin
UUI.Show_Error( AUTH_INCOMP, 'Incompatible options' ) ;
exit ;
end ;
Auth.Flags := Auth.Flags or UAMF_GenPwd ;
end else
if( MinMatch( 'lifetime', S, 2 ) ) then
begin
if( not Has_Parameter ) then
begin
UUI.Show_Error( AUTH_MISOPT, 'Missing authentication option' ) ;
exit ;
end ;
if( Auth.Typ = UAM_Auth ) then
begin
UUI.Show_Error( AUTH_INCOMP, 'Incompatible options' ) ;
exit ;
end ;
Auth.Lifetime := BINTIM( Client ) ;
if( Auth.Lifetime = 0 ) then
begin
UUI.Show_Error( AUTH_INVLIFE, 'Invalid lifetime' ) ;
exit ;
end ;
end else
if( MinMatch( 'lockpwd', S, 2 ) ) then
begin
if( Has_Parameter ) then
begin
UUI.Show_Error( AUTH_NOOPT, 'Authentication option takes no parameter' ) ;
exit ;
end ;
if( Auth.Typ = UAM_Auth ) then
begin
UUI.Show_Error( AUTH_INCOMP, 'Incompatible options' ) ;
exit ;
end ;
Auth.Flags := Auth.Flags or UAMF_LockPwd ;
end else
if( MinMatch( 'minimum', S, 1 ) ) then
begin
if( not Has_Parameter ) then
begin
UUI.Show_Error( AUTH_MISOPT, 'Missing authentication option' ) ;
exit ;
end ;
if( not trystrtoint( Client, I ) ) then
begin
UUI.Show_Error( AUTH_INVOPT, 'Invalid authentication option' ) ;
exit ;
end ;
if( Auth.Typ = UAM_Auth ) then
begin
UUI.Show_Error( AUTH_INCOMP, 'Incompatible options' ) ;
exit ;
end ;
Auth.MinLength := I ;
end else
if( MinMatch( 'password', S, 2 ) ) then
begin
if( not Has_Parameter ) then
begin
UUI.Show_Error( AUTH_MISOPT, 'Missing authentication option' ) ;
exit ;
end ;
if( Auth.Typ = UAM_Auth ) then
begin
UUI.Show_Error( AUTH_INCOMP, 'Incompatible options' ) ;
exit ;
end ;
Auth.Auth := Client ;
end else
if( MinMatch( 'remote', S, 1 ) ) then
begin
if( Has_Parameter ) then
begin
UUI.Show_Error( AUTH_NOOPT, 'Authentication option takes no parameter' ) ;
exit ;
end ;
if( Auth.Typ = UAM_Auth ) then
begin
UUI.Show_Error( AUTH_INCOMP, 'Incompatible options' ) ;
exit ;
end ;
Auth.Access_Type := UAT_Remote ;
end else
begin
UUI.Show_Error( AUTH_INVOPT, 'Invalid authentication option' ) ;
exit ;
end ;
end ; // while( P <> '' )
There are three types of items that we process: 1) Those who take no parameters, 2) those
that require a parameter, and 3) those whose parameters are optional. In the first
case, if a parameter is specified, we exit with an error. In the second case, if
no parameter is specified, we exit with an error. Of course, if we don't recognize
an item, we also exit with an error. Most items are specific to passwords and we
exit with an error if this is a UAM_Auth type of item. Each item with a parameter
is validated and we exit on error. In the case of specifying the password hashing
algorithm, we also verify that a valid hash index/name is provided. If a non-integer
value is provided, we see if we can convert it to an index. If not, or if an invalid
integer index is provided, we exit with an error. Once the item, and any associated parameter, make
it through the gauntlet of validations, we set the appropriate flag or authorization
method value.
Authentication_List.Add( Auth ) ;
end ; // if( Parse_Switch( 'AU|THENTICATION', '', C, P ) = 1 )
Result := C ;
end ; // Process_Authentication
Finally, we add the authentication method we built in the parameter loop to
Authentication_List. Process_Authentication is called
from the TAuth_Responder.Callback for the processing of the ADD, DEFAULT,
MODIFY, and COPY commands.
// Gather up authentication records...
for I := 0 to User.Authentication_Count - 1 do
begin
UAuth := User.Authentication[ I ] ;
Auth := TAuthentication_Method.Create ;
Auth.Typ := UAuth.Typ ;
Auth.Expiration := UAuth.Expiration ;
Auth.Access_Type := UAuth.Access_Type ;
Auth.Auth := User.Grab_String( UAuth.Auth ) ;
Auth.Flags := UAuth.Flags ;
Auth.Description := User.Grab_String( UAuth.Description ) ;
Auth.Encoding := UAuth.Encoding ;
Auth.Lifetime := UAuth.Lifetime ;
Auth.Last_Change := UAuth.Last_Change ;
Authentication_List.Add( Auth ) ;
Auth.Free ;
//TODO: Create GUI for this...
end ;
This code is added to the end of the Update_User_UI function. It iterates
through the given user's authentications and adds them to Authentication_List.
Note that we copy from the TUAF_Authentication value returned from the
user instance to a TAuthentication_Method instance that we store in the list. The
reason is that TUAF_Authentication contains pointers to internal UAF strings
rather than actual strings (note the use of Grab_String to get the actual
strings). Other than that, the TUAF_Authentication structure is the
same as the TAuthentication_Method class.
I didn't want to bog things down with GUI support for authentication records - we
will deal with that in the far future - so we simply include a TODO comment where that
code would go.
while( User.Authentication_Count > 0 ) do // Delete old auth records...
begin
User.Delete_Authentication( 0 ) ;
end ;
for I := 0 to Authentication_List.Count - 1 do // Add new/current auth records...
begin
User.Add_Authentication( TAuthentication_Method( Authentication_List[ I ] ) ) ;
end ;
This code is added to the end of the Update_User_From_UI function to
update the user from our local authentication method list. First we delete all authentications
already assigned to the user, then we add the methods from Authentication_List.
if( U.Authentication_Count > 0 ) then
begin
Do_Write( '' ) ;
Do_Write( 'Authentication:' ) ;
for I := 0 to U.Authentication_Count - 1 do
begin
Temp := '' ;
if( Auth.Access_Type <> 0 ) then
begin
case Auth.Access_Type of
UAT_Batch: Temp := ' (batch)' ;
UAT_Interactive: Temp := ' (interactive)' ;
UAT_Network: Temp := ' (network)' ;
UAT_Remote: Temp := ' (remote)' ;
UAT_Dialup: Temp := ' (dialup)' ;
end ;
end ;
Do_Write( inttostr( I ) + ':' + Temp ) ;
Auth := U.Authentication[ I ] ;
if( Auth.Typ = UAM_Password ) then
begin
Do_Write( ' Password: ********' ) ;
Temp := ' ' ;
Set_String( Temp, SRB ) ;
HASH_Name( Auth.Encoding, int64( @SRB ) ) ;
Temp := trim( Temp ) ;
if( Temp <> '' ) then
begin
Do_Write( ' Hash: ' + Temp ) ;
end ;
Temp := U.Grab_String( Auth.Description ) ;
if( Temp <> '' ) then
begin
Do_Write( ' Password prompt: ' + Temp ) ;
end ;
if( ( Auth.Flags and UAMF_Generate ) <> 0 ) then
begin
Do_Write( ' Force generated password' ) ;
end ;
if( Auth.Expiration = 0 ) then
begin
Do_Write( ' No expiration' ) ;
end else
begin
Do_Write( ' Expires: ' + ASCTIM( Auth.Expiration ) ) ;
Do_Write( ' Lifetime: ' + ASCTIM( Auth.Lifetime ) ) ;
if( Auth.Last_Change = 0 ) then
begin
Do_Write( ' Never changed' ) ;
end else
begin
Do_Write( ' Last changed: ' + ASCTIM( Auth.Last_Change ) ) ;
end ;
end ;
end else
begin
if( Auth.Expiration = 0 ) then
begin
Do_Write( ' No expiration' ) ;
end else
begin
Do_Write( ' Expires: ' + ASCTIM( Auth.Expiration ) ) ;
end ;
Temp := U.Grab_String( Auth.Auth ) ;
Do_Write( ' Authentication client: ' + Temp ) ;
Temp := U.Grab_String( Auth.Description ) ;
if( Temp <> '' ) then
begin
Do_Write( ' (' + Temp + ')' ) ;
end ;
end ;
Do_Write( '' ) ;
end ; // for I := 0 to U.Authentication_Count - 1
end ; // if( U.Authentication_Count > 0 )
This code is added to the end of the Show_Report function. It displays
each of the authentication methods for the user.
Next, we need to add the support for the system password. We need a place to store
this password and SYSUAF.DAT seems the most logical place. However, there is nothing
specific in that file structure for storing a separate system password. Fortunately, we do have
a place where we can save it. Since the Startup account can never be logged into - it is
only used on system startup - we can use it to store the system password (as the
Startup account's password). This has some ramifications. First, the administrator
can set the system password by changing the Startup account system password or by
use of the MODIFY/SYSTEM_PASSWORD switch, since they both
have the same effect. Second, because all of the MFA capabilities of a standard
account are available on the Startup account, we could implement MFA for system
authentication, in addition to whatever authentication is used for each user account. This
is something VMS doesn't support, so we are diverging slightly from the VMS specification.
Since the system startup forces a login to Startup, the system will not require
authentication on startup, but it will for all other logins. Just be sure to consider
the issues we talked about two articles ago: too much security can lead to a less
secure system.
if( Parse_Switch( 'SY|STEM_PASSWORD', '', C, P ) = 1 ) then
begin
Abort := True ; // No further processing
if( Switch_Present( C ) > 0 ) then // This switch cannot be combined with others
begin
UUI.Show_Error( AUTH_MISMAT, 'Mismatched switches' ) ;
exit ;
end ;
P := trim( P ) ;
U := Get_User( 1 ) ;
The code is added to the beginning of the MODIFY command handling to process the
MODIFY/SYSTEM_PASSWORD switch. Frankly, I think this should have been done with a
separate command rather than using a switch on MODIFY. But the VMS designers didn't
ask me. So, we follow our specification and implement it the same way. Since
UOS offers MFA, this switch is a rather blunt object to use - and a more refined degree
of control is allowed by directly manipulating the authentication methods associated with the
Startup account. But, again, for compatibility sake, we provide this means of control.
In this code,
we see if /SYSTEM_PASSWORD was specified. If so, we set the Abort flag
so that the processing ends as soon as we exit. Next, we validate that no other switches
are present (all other switches are incompatible with this one), and exit with an
error if there are any. Then we trim the password so that trailing/leading spaces
are not incorporated into the password. Finally, we get the Startup user (index 1).
if( P = '' ) then // Remove system password
begin
while( U.Authentication_Count > 0 ) do
begin
U.Delete_Authentication( 0 ) ;
end ;
end else
begin
Count := 0 ;
for I := 0 to U.Authentication_Count - 1 do
begin
Auth := U.Authentication[ I ] ;
if( Auth.Typ = UAM_Password ) then
begin
if( Auth.Access_Type = UAT_Access ) then
begin
inc( Count ) ;
end ;
U.Change_Password( I, P, Hash_Default ) ;
end ;
end ;
if( Count = 0 ) then // No password authentication found, so add one
begin
AuthM.Typ := UAM_Password ;
AuthM.Auth := P ;
AuthM.Access_Type := UAT_Access ;
AuthM.Flags := 0 ;
AuthM.Encoding := Hash_Default ;
AuthM.Last_Change := LIB_Get_Timestamp ;
U.Add_Authentication( AuthM )
end ;
end ;
exit ;
end ;
At this point, there are two options: 1) the specified password is null, meaning that we
remove the system password, or 2) a password is provided, meaning that we are setting
the system password. In the case of removing the system password using this switch,
all authentication methods associated with the Startup account are deleted - not just
any password(s) - and we exit. This behavior most closely matches what happens when
used on VMS (in the case of a SFA password, it is identical).
If a password is provided, it could mean that a password is being added or an existing
one is being changed. We loop through all authentication methods, changing any passwords
that we encounter. In order to make this work as closely to VMS as possible, given
the extended capabilities of UOS, we keep track of any password items that are general
access (UAT_Access). If none are found (for instance, if there are no authentication
items associated with Startup), we add a new general access password item. If there
is a single general access authentication method consisting of a password, the effect
will be identical to what happens on VMS. If MFA is used, the consequence should
hopefully be somewhat intuitive.
procedure TUser.Change_Password( Index : integer ; Pass : string ;
Hash : integer ) ;
var Auth : TUAF_Authentication ;
Old : int64 ;
SS : TStore_String ;
begin
if( ( Index < 0 ) or ( Index >= Authentication_Count ) ) then
begin
exit ; // Invalid auth index
end ;
if( ( Hash < 0 ) or ( Hash >= Hash_Count ) ) then
begin
exit ; // Invalid hash index
end ;
Auth := Authentication[ Index ] ;
if( Auth.Typ <> UAM_Password ) then
begin
exit ; // Not a password method
end ;
Old := Auth.Auth ;
Auth.Encoding := Hash ;
if( ( Auth.Flags and UAMF_CaseInsensitive ) <> 0 ) then
begin
Pass := lowercase( Pass ) ;
end ;
Pass := Encode_Password( Pass, Hash ) ;
SS := Create_Store_String( _SysUAF, Pass ) ;
Auth.Auth := SS.Address ;
SS.Free ;
Authentication[ Index ] := Auth ;
Delete_Store_String( _SysUAF, Old ) ;
end ;
This method has been added to TUser to change the password for a specific
authentication index. First we verify that the auth index and hash index are valid
or else we exit with an error. Next, we get the specified authentication record
and verify that it is a password authentication record. If not, we exit. Otherwise,
we encode the password with the specified hash and then set the encoding to match
the hash index, delete the old password string, create the new one, and update
the authentication record. If the UAMF_CaseInsensitive flag is set,
we normalize the password to lowercase.
Note the order we do things in the code - this is important
to avoid data corruption if the process is aborted before it completes. We delete
the old password string only after we've updated the authentication record. If we
delete the old password and then the authentication record isn't updated, we would have
a pointer to a location in the SYSUAF file that is no longer a valid string. This
could cause all kinds of issues, as is common with errant pointers, including data
corruption of the SYSUAF file.
function Encode_Password( P : string ; Hash : integer ) : string ;
var Source, Target : TSRB ;
LResult : int64 ;
begin
while( length( Result ) < 64 ) do
begin
Result := Result + P ;
end ;
LResult := length( Result ) ;
Set_String( Result, Target ) ;
Set_String( P, Source ) ;
while( LResult = length( Result ) ) do
begin
Result := Result + P ;
Set_String( Result, Target ) ;
HASH_Hash( int64( @Hash ), int64( @Source ), int64( @Target ),
int64( @Source ), int64( @LResult ) ) ;
end ;
setlength( Result, LResult ) ;
end ;
This function is simply a Pascal wrapper for calls to Hashlib to encode a password
string. Note that the password is passed both as the plaintext and as the key text.
In cases where the chosen hash algorithm takes no key, the key parameter is ignored.
If the returned length (LResult) is equal to the length of Result,
we extend the length of the result and try again until we are sure that we have the
whole ciphertext.
In the next article, we will look at changes to the LOGIN utility to handle
authentication.
Copyright © 2022 by Alan Conroy. This article may be copied
in whole or in part as long as this copyright is included.
|
