1 Introduction
2 Ground Rules

Building a File System
3 File Systems
4 File Content Data Structure
5 Allocation Cluster Manager
6 Exceptions and Emancipation
7 Base Classes, Testing, and More
8 File Meta Data
9 Native File Class
10 Our File System
11 Allocation Table
12 File System Support Code
13 Initializing the File System
14 Contiguous Files
15 Rebuilding the File System
16 Native File System Support Methods
17 Lookups, Wildcards, and Unicode, Oh My
18 Finishing the File System Class

The Init Program
19 Hardware Abstraction and UOS Architecture
20 Init Command Mode
21 Using Our File System
22 Hardware and Device Lists
23 Fun with Stores: Partitions
24 Fun with Stores: RAID
25 Fun with Stores: RAM Disks
26 Init wrap-up

The Executive
27 Overview of The Executive
28 Starting the Kernel
29 The Kernel
30 Making a Store Bootable
31 The MMC
32 The HMC
33 Loading the components
34 Using the File Processor
35 Symbols and the SSC
36 The File Processor and Device Management
37 The File Processor and File System Management
38 Finishing Executive Startup

Users and Security
39 Introduction to Users and Security
40 More Fun With Stores: File Heaps
41 File Heaps, part 2
42 SysUAF
43 TUser
44 SysUAF API

Terminal I/O
45 Shells and UCL
46 UOS API, the Application Side
47 UOS API, the Executive Side
48 I/O Devices
49 Streams
50 Terminal Output Filters
51 The TTerminal Class
52 Handles
53 Putting it All Together
54 Getting Terminal Input
55 QIO
56 Cooking Terminal Input
57 Putting it all together, part 2
58 Quotas and I/O

UCL
59 UCL Basics
60 Symbol Substitution
61 Command execution
62 Command execution, part 2
63 Command Abbreviation
64 ASTs
65 Expressions, Part 1
66 Expressions, Part 2: Support code
67 Expressions, part 3: Parsing
68 SYS_GETJPIW and SYS_TRNLNM
69 Expressions, part 4: Evaluation

UCL Lexical Functions
70 PROCESS_SCAN
71 PROCESS_SCAN, Part 2
72 TProcess updates
73 Unicode revisted
74 Lexical functions: F$CONTEXT
75 Lexical functions: F$PID
76 Lexical Functions: F$CUNITS
77 Lexical Functions: F$CVSI and F$CVUI
78 UOS Date and Time Formatting
79 Lexical Functions: F$CVTIME
80 LIB_CVTIME
81 Date/Time Contexts
82 SYS_GETTIM, LIB_Get_Timestamp, SYS_ASCTIM, and LIB_SYS_ASCTIM
83 Lexical Functions: F$DELTA_TIME
84 Lexical functions: F$DEVICE
85 SYS_DEVICE_SCAN
86 Lexical functions: F$DIRECTORY
87 Lexical functions: F$EDIT and F$ELEMENT
88 Lexical functions: F$ENVIRONMENT
89 SYS_GETUAI
90 Lexical functions: F$EXTRACT and F$IDENTIFIER
91 LIB_FAO and LIB_FAOL
92 LIB_FAO and LIB_FAOL, part 2
93 Lexical functions: F$FAO
94 File Processing Structures
95 Lexical functions: F$FILE_ATTRIBUTES
96 SYS_DISPLAY
97 Lexical functions: F$GETDVI
98 Parse_GetDVI
99 GetDVI
100 GetDVI, part 2
101 GetDVI, part 3
102 Lexical functions: F$GETJPI
103 GETJPI
104 Lexical functions: F$GETSYI
105 GETSYI
106 Lexical functions: F$INTEGER, F$LENGTH, F$LOCATE, and F$MATCH_WILD
107 Lexical function: F$PARSE
108 FILESCAN
109 SYS_PARSE
110 Lexical Functions: F$MODE, F$PRIVILEGE, and F$PROCESS
111 File Lookup Service
112 Lexical Functions: F$SEARCH
113 SYS_SEARCH
114 F$SETPRV and SYS_SETPRV
115 Lexical Functions: F$STRING, F$TIME, and F$TYPE
116 More on symbols
117 Lexical Functions: F$TRNLNM
118 SYS_TRNLNM, Part 2
119 Lexical functions: F$UNIQUE, F$USER, and F$VERIFY
120 Lexical functions: F$MESSAGE
121 TUOS_File_Wrapper
122 OPEN, CLOSE, and READ system services

UCL Commands
123 WRITE
124 Symbol assignment
125 The @ command
126 @ and EXIT
127 CRELNT system service
128 DELLNT system service
129 IF...THEN...ELSE
130 Comments, labels, and GOTO
131 GOSUB and RETURN
132 CALL, SUBROUTINE, and ENDSUBROUTINE
133 ON, SET {NO}ON, and error handling
134 INQUIRE
135 SYS_WRITE Service
136 OPEN
137 CLOSE
138 DELLNM system service
139 READ
140 Command Recall
141 RECALL
142 RUN
143 LIB_RUN
144 The Data Stream Interface
145 Preparing for execution
146 EOJ and LOGOUT
147 SYS_DELPROC and LIB_GET_FOREIGN

CUSPs and utilities
148 The I/O Queue
149 Timers
150 Logging in, part one
151 Logging in, part 2
152 System configuration
153 SET NODE utility
154 UUI
155 SETTERM utility
156 SETTERM utility, part 2
157 SETTERM utility, part 3
158 AUTHORIZE utility
159 AUTHORIZE utility, UI
160 AUTHORIZE utility, Access Restrictions
161 AUTHORIZE utility, Part 4
162 AUTHORIZE utility, Reporting
163 AUTHORIZE utility, Part 6
164 Authentication
165 Hashlib
166 Authenticate, Part 7
167 Logging in, part 3
168 DAY_OF_WEEK, CVT_FROM_INTERNAL_TIME, and SPAWN
169 DAY_OF_WEEK and CVT_FROM_INTERNAL_TIME
170 LIB_SPAWN
171 CREPRC
172 CREPRC, Part 2
173 COPY
174 COPY, part 2
175 COPY, part 3
176 COPY, part 4
177 LIB_Get_Default_File_Protection and LIB_Substitute_Wildcards
178 CREATESTREAM, STREAMNAME, and Set_Contiguous
179 Help Files
180 LBR Services
181 LBR Services, Part 2
182 LIBRARY utility
183 LIBRARY utility, Part 2
184 FS Services
185 FS Services, Part 2
186 Implementing Help
187 HELP
188 HELP, Part 2
189 DMG_Get_Key and LIB_Put_Formatted_Output
190 LIBRARY utility, Part 3
191 Shutting Down UOS
192 SHUTDOWN
193 WAIT
194 SETIMR
195 WAITFR and Scheduling
196 REPLY, OPCOM, and Mailboxes
197 REPLY utility
198 Mailboxes
199 BRKTHRU
200 OPCOM
201 Mailbox Services
202 Mailboxes, Part 2
203 DEFINE
204 CRELNM
205 DISABLE
206 STOP
207 OPCCRASH and SHUTDOWN
208 APPEND

Glossary/Index


Downloads

Logging in, part 3

In the last article, we discussed changes in AUTHORIZE to handle MFA authentication. Next we will look at the LOGIN code that makes use of MFA. 

    // Do system-level authentication...
    U := Get_User( 1 ) ; // Get Startup account (where system auth records are stored)
    for I := 0 to U.Authentication_Count - 1 do
    begin
        if( not Authenticate( U.Authentication[ I ] ) ) then
        begin
            // Kill process...
            SYS_DELPRC() ;
            OS.Free ;
            exit ;
        end ;
    end ;
This code handles the system-level authentication, such as a system password. The code is inserted at the beginning of the Run routine in LOGIN, just after the setup code. We obtain the Startup user (UIC 1), and then iterate through the authentication specifications (if any), calling the Authenticate function for each spec. We will cover that function below. If any of the system-level authentications fail, we immediately terminate LOGIN. If authentication succeeds - or there is no system-level authentication - we drop through to the following code, which prompts for the username, as we discussed in our original article on LOGIN. 

    U := Get_User( S ) ; // Get user account
    if( ( S = 'default' ) or ( S = 'startup' ) or ( U = nil ) or
        ( ( U.Flags and UAI_V_DISACNT ) <> 0 )
        ) then
    begin
        // Invalid user, prompt for a password anyway...
        Set_Echo( RH_SysCommand, False ) ;
        S := Get_Command_With_Timeout( 'Password: ', 9 ) ;
        Set_Echo( RH_SysCommand, True ) ;
        E := LIB_Get_Exception( P ) ;
        if( E <> 0 ) then
        begin
            E := LIB_Get_Exception_Code( P, E ) ;
            if( E = SS_TIMEOUT ) then
            begin
                OS^.Outputln( RH_SysOutput, '' ) ;
                OS^.Outputln( RH_SysOutput, 'Error reading command input' ) ;
                OS^.OutputLn( RH_SysOutput, 'Timeout period expired' ) ;

                // Kill process...
                SYS_DELPRC() ;
                OS.Free ;
                exit ;
            end ;
        end ;
        OS^.Outputln( RH_SysOutput, 'User authorization failure' ) ;
        inc( Failures ) ;
        if( Failures > 4 ) then
        begin
            // Kill process...
            SYS_DELPRC() ;
            OS.Free ;
            exit ;
        end ;
        goto User_Prompt ;
    end ;
We left the authentication unfinished in the original LOGIN articles, so we've added a bit of code, and slightly modified the place-holding code that was there. The first thing we do is get the account that the user specified. If not found (U is nil), one of the reserved accounts (Default or Startup) is furnished, or the existing account is disabled, this is not a valid login request. But rather than immediately respond with an error, we will prompt for a password, which we will ignore - although we will timeout on this as usual. After a password is entered, we respond with an authorization failure and increment the login failure count. If we have more than 4 failures, we immediately exit. Otherwise we go back to prompt for the username again.

Why do we prompt for a password that we are just going to ignore? Because we want to provide the least amount of information possible to the person attempting to log in, in case they are attempting to break into the system. If we immediately responded with an error on an invalid user name, a nefarious individual could determine what valid accounts exist, by a process of elimination. If one can eliminate non-existant accounts, then one can concentrate on breaking into accounts that do exist. This code ensures that no one can use LOGIN to determine which accounts do, and do not, exist. At very least, it increases the amount of effort necessary to break into the system. 

    // Do user authentication...
    for I := 0 to U.Authentication_Count - 1 do
    begin
        if( not Authenticate( U.Authentication[ I ] ) ) then
        begin
            OS^.Outputln( RH_SysOutput, 'User authorization failure' ) ;
            inc( Failures ) ;
            if( Failures > 4 ) then
            begin
                // Kill process...
                SYS_DELPRC() ;
                OS.Free ;
                exit ;
            end ;
            goto User_Prompt ;
        end ;
    end ;
Next we authenticate the user. This is done in the same manner as the system-level authentication except that we use the user account's authentication specification(s) rather than that of Startup. 

    // Set up tp check allowed access dates/times...
    JPI := Get_JPI( 0, JPI_JOBTYPE ) ;
    Access_Type := 0 ;
    move( PChar( JPI )[ 0 ], Access_Type, length( JPI ) ) ;
    Access_Type1 := Access_Type ;
    case Access_Type of
        UAT_Remote :;
        else Access_Type1 := UAT_Local ;
    end ;
Once the user has been authenticated, we check to see if there are any access restrictions. Again, we do this after authentication (but before actually logging the user in) so that malicious actors cannot determine which accounts are valid. Otherwise, if they happened to stumble upon a valid account which had access restrictions, LOGIN would unwittingly tell them that they had found a valid account.

This code sets up for the check by determining the job type, which we will match to the access records' access type. Note that we use two access types here. One of them is the actual job/access type. The other (Access_Type1) is set to the same value, but if access type is anything other than UAT_Remote, we set it to UAT_Local. This is because UAT_Local is a meta access type - no process will have have a job type of UAT_Local. Rather, it indicates any access type other than UAT_Remote. This simply makes the checks we are about to do much easier. 

    // Determine if there are any access restrictions for our access type...
    Any_Access_Restrictions := False ;
    for I := 0 to U.Access_Count - 1 do
    begin
        Access := U.Access[ I ] ;
        if( 
             ( Access.Typ = Access_Type ) 
             or 
             ( Access.Typ = Access_Type1 ) 
             or 
             ( Access.Typ = UAT_Access ) 
           ) then
        begin
            Any_Access_Restrictions := True ;
            break ;
        end ;
    end ;
First, we need to see if there are any access restrictions that apply to this process. The reason is that if there are no access restrictions specified, that means that the account has no time restrictions on it. If any are specified, then we have to validate that the current time is within at least one of those specified access restrictions. This applies to each access restriction acccess type. For instance, if there are access restrictions for dial-up users, but not for remote, and we are a remote login, then we have no restriction. So we loop through all access records and set a flag if we find any that apply to our access type. Note that UAT_Access is also checked as this is meta access type that is used to indicate any/all access types. 

    // Validate that we are not restricted
    if( Any_Access_Restrictions ) then
    begin
        Day := DAY_OF_WEEK( 0 ) ;
        Day := 1 shl ( Day - 1 ) ; // Convert day of week to bit
        Minute := CVT_FROM_INTERNAL_TIME( LIB_K_MINUTE_OF_DAY ) ;
        Allowed := False ;
If any applicable access restrictions apply to us, we will need to verify access. If no restrictions are found, we drop through the following code which logs us in. Otherwise, we obtain the current day of the week and current minute of the day, and clear the Allowed flag. In other words, if there are access restrictions we will assume that the user is not allowed at this time, unless we find an access record that indicates otherwise.

We will cover the DAY_OF_WEEK and CVT_FROM_INTERNAL_TIME routines in the next article. 

function Authenticate( A : TUAF_Authentication ) : boolean ;

var E, P : int64 ;
    OS : POS_UOS ;
    Pass, Prompt, S : string ;
    Status : int64 ;

begin
    Result := True ; // Assume success
    OS := new( POS_UOS, Init ) ;
This function is used to authenticate the user via an authentication specification. Generally, we'd want to assume failure in a case like this, but if there is something wrong with the authentication specification, we don't want to prevent the user from logging in. Why not? Because it would prevent an administrator from being able to log in and fix the problem. 

    if( A.Typ = UAM_Password ) then
    begin
        Prompt := '' ;
        if( A.Description <> 0 ) then
        begin
            Prompt := Grab_String( A.Description ) ;
        end ;
        if( Prompt = '' ) then
        begin
            Prompt := 'Password:' ;
        end ;
        Set_Echo( RH_SysCommand, False ) ;
        S := Get_Command_With_Timeout( Prompt + ' ', 9 ) ;
        Set_Echo( RH_SysCommand, True ) ;
        E := LIB_Get_Exception( P ) ;
        if( E <> 0 ) then
        begin
            E := LIB_Get_Exception_Code( P, E ) ;
            if( E = SS_TIMEOUT ) then
            begin
                OS^.Outputln( RH_SysOutput, '' ) ;
                OS^.Outputln( RH_SysOutput, 'Error reading command input' ) ;
                OS^.OutputLn( RH_SysOutput, 'Timeout period expired' ) ;
                Result := False ;
                exit ;
            end ;
        end ;
        S := Encode_Password( S, A.Encoding ) ; // Hash the provided password
        Pass := Grab_String( A.Auth ) ; // Get actual (hashed) password
        if( S <> Pass ) then // Password does not match
        begin
            OS^.Outputln( RH_SysOutput, '' ) ;
            OS^.Outputln( RH_SysOutput, 'User authorization failure' ) ;
            Result := False ;
            exit ;
        end ;
    end else
First we handle the case of an authentication specification for a password. We grab the password prompt, if one was specified. Otherwise, we default the prompt to "Password:". We then output the prompt, turn off the echo, get the password, and turn the echo back on. We use a timeout on password prompts as discussed many articles ago. Next we encode the provided password using the hash encoding set when the account password was set. Then we get the saved encoded password and compare it to the password we just encoded. If the two encoded values do no match or the input times out, we exit after setting the function result to False. 

    if( A.Typ = UAM_Auth ) then
    begin
        if( A.Auth <> 0 ) then
        begin
            S := Grab_String( A.Auth ) ; // Get program name
            if( pos( ':', S ) = 0 ) then
            begin
                S := '_sys$system:' + S ;
            end ;
            SPAWN( S, '', '', 0, '', 0, Status, 0, 0, 0, '', '', '' ) ;
            if( Status <> 0 ) then
            begin
                Result := False ;
                exit ;
            end ;
        end ;
    end ;
    // Any other type is ignored...
    OS.Free ;
end ;
In the case of an external authentication, we verify that an authentication utility was specified. This should always be the case, but if something is wrong with SYSUAF, we don't want to prevent admins from logging in. After getting the name of the utility, we prepend "_sys$system:" to it if no logical is found in the string; all external authentication utilities exist in sys$system. Next we spawn a process to run the utility. LOGIN will be blocked from execution until the authentication utility exits. We check the return code: if it is 0, the authentication was successful. Any other value results in the authentication function exiting with a failure result.

Currently no other authentication methods are recognized, so if we get to the end of this function it means either that the user successfully authenticated or that the SYSUAF file has unrecognized data in it. The latter case could be the result of either file corruption or might indicate that the SYSUAF.DAT file was copied from a later version of UOS (or that the current system was downgraded to an earlier version). In any case, we don't let unrecognized authentication methods prevent logging in.

At this point, we have a secure LOGIN utility. There are some other LOGIN issues we will cover in the future, but this completes our discussion of user authentication.

In the next article, we will cover the GET_DAY_OF_WEEK, CVT_FROM_INTERNAL_TIME, and SPAWN system services that we used in the preceding code.

 

Copyright © 2022 by Alan Conroy. This article may be copied in whole or in part as long as this copyright is included.