--
--****************************************************************************
--*                                                                          *
--*  Copyright (c) 2001                                                      *
--*  by DIGITAL Equipment Corporation, Maynard, Mass.                        *
--*                                                                          *
--*  This software is furnished under a license and may be used and  copied  *
--*  only  in  accordance  with  the  terms  of  such  license and with the  *
--*  inclusion of the above copyright notice.  This software or  any  other  *
--*  copies  thereof may not be provided or otherwise made available to any  *
--*  other person.  No title to and ownership of  the  software  is  hereby  *
--*  transferred.                                                            *
--*                                                                          *
--*  The information in this software is subject to change  without  notice  *
--*  and  should  not  be  construed  as  a commitment by DIGITAL Equipment  *
--*  Corporation.                                                            *
--*                                                                          *
--*  DIGITAL assumes no responsibility for the use or  reliability  of  its  *
--*  software on equipment which is not supplied by DIGITAL.                 *
--*                                                                          *
--****************************************************************************
--********************************************************************************************************************
-- Created: 15-MAR-2001 22:50:21 by OpenVMS SDL EV1-33     
-- Source:   5-OCT-1999 11:27:52 $11$DUA933:[LIB_ADA.LIS]C2DEF.SDL;1 
--********************************************************************************************************************
with SYSTEM; use SYSTEM;
with STARLET; use STARLET;
with CONDITION_HANDLING; use CONDITION_HANDLING;
 
package C2DEF is
 
--  module $C2DEF
 
--+
-- C2 - C2 Subset Definitions
--
-- This structures maps the bits in the SECURITY_POLICY SYSGEN parameter that
-- are used to enable or remove features that have not been formally evaluated
-- by the NCSC under our C2/B1 VMS/SEVMS evaluation or are site-selectable for
-- compatibility with pre-V6.0 versions.
--
---
 
    C2_M_ALLOW_DISPLAY_POSTSCRIPT	: constant := 16#00000001#;
    C2_M_ALLOW_MULTIPLE_DECW_USERS	: constant := 16#00000002#;
    C2_M_ALLOW_ALTERNATE_TRANSPORTS	: constant := 16#00000004#;
    C2_M_ALLOW_SPAN_JOB_TREES	: constant := 16#00000008#;
    C2_M_LOCAL_UPDATE		: constant := 16#00000010#;
    C2_M_LOCAL_PROFILE		: constant := 16#00000020#;
    C2_M_ALLOW_CAPTIVE_SPAWN	: constant := 16#00000040#;
    C2_M_COMPRESS_MAC_STRINGS	: constant := 16#00000080#;
    C2_M_UPPERCASE_INPUT	: constant := 16#00000100#;
    C2_M_GUARD_PASSWORDS	: constant := 16#00000200#;
    C2_M_ALLOW_NOAUTHORIZATION	: constant := 16#00000400#;
    C2_M_IGNORE_EXTAUTH		: constant := 16#00000800#;
    C2_M_INTRUSIONS_ARE_LOCAL	: constant := 16#00001000#;
 
    type C2_SECURITY_POLICY_TYPE is
	record
	    ALLOW_DISPLAY_POSTSCRIPT	: BOOLEAN;			--  allow display postscript extensions
	    ALLOW_MULTIPLE_DECW_USERS	: BOOLEAN;			--  allow multiple username to connect to DECW$SERVER
	    ALLOW_ALTERNATE_TRANSPORTS	: BOOLEAN;			--  allow unevaluated transports
	    ALLOW_SPAN_JOB_TREES	: BOOLEAN;			--  allow $SIGPRC to span job trees
									--  The following bits control profile management for cluster object
									--  when the object server is unavailable.  Setting these bits will
									--  allow these objects to have inconsistent profiles within a security
									--  domain (cluster).
	    LOCAL_UPDATE	: BOOLEAN;				--  allow local profile changes
	    LOCAL_PROFILE	: BOOLEAN;				--  allow local object creation
	    ALLOW_CAPTIVE_SPAWN	: BOOLEAN;				--  allow SPAWN or LIB$SPAWN in CAPTIVE accounts
	    COMPRESS_MAC_STRINGS	: BOOLEAN;			--  compress MAC category st
	    UPPERCASE_INPUT	: BOOLEAN;				--  as prior to VMS V7.1
	    GUARD_PASSWORDS	: BOOLEAN;				--  ACMEs shall not share
	    ALLOW_NOAUTHORIZATION	: BOOLEAN;			--  honor SYS$ACM modifier
	    IGNORE_EXTAUTH	: BOOLEAN;				--  ignore user-specific EXTAUTH and VMSAUTH restrictions
	    INTRUSIONS_ARE_LOCAL	: BOOLEAN;			--  consider local intrusions only when set
	    FILLER_1	: UNSIGNED_19;
	end record;
 
	    for C2_SECURITY_POLICY_TYPE use 
		record
		    ALLOW_DISPLAY_POSTSCRIPT	at 0 range 0 .. 0;
		    ALLOW_MULTIPLE_DECW_USERS	at 0 range 1 .. 1;
		    ALLOW_ALTERNATE_TRANSPORTS	at 0 range 2 .. 2;
		    ALLOW_SPAN_JOB_TREES	at 0 range 3 .. 3;
		    LOCAL_UPDATE	at 0 range 4 .. 4;
		    LOCAL_PROFILE	at 0 range 5 .. 5;
		    ALLOW_CAPTIVE_SPAWN	at 0 range 6 .. 6;
		    COMPRESS_MAC_STRINGS	at 0 range 7 .. 7;
		    UPPERCASE_INPUT	at 1 range 0 .. 0;
		    GUARD_PASSWORDS	at 1 range 1 .. 1;
		    ALLOW_NOAUTHORIZATION	at 1 range 2 .. 2;
		    IGNORE_EXTAUTH	at 1 range 3 .. 3;
		    INTRUSIONS_ARE_LOCAL	at 1 range 4 .. 4;
		    FILLER_1	at 1 range 5 .. 23;
		end record;
	    for C2_SECURITY_POLICY_TYPE'SIZE use 32;
 
    C2_SECURITY_POLICY_TYPE_INIT : constant C2_SECURITY_POLICY_TYPE := 
	    (ALLOW_DISPLAY_POSTSCRIPT	=> FALSE,
	    ALLOW_MULTIPLE_DECW_USERS	=> FALSE,
	    ALLOW_ALTERNATE_TRANSPORTS	=> FALSE,
	    ALLOW_SPAN_JOB_TREES	=> FALSE,
	    LOCAL_UPDATE	=> FALSE,
	    LOCAL_PROFILE	=> FALSE,
	    ALLOW_CAPTIVE_SPAWN	=> FALSE,
	    COMPRESS_MAC_STRINGS	=> FALSE,
	    UPPERCASE_INPUT	=> FALSE,
	    GUARD_PASSWORDS	=> FALSE,
	    ALLOW_NOAUTHORIZATION	=> FALSE,
	    IGNORE_EXTAUTH	=> FALSE,
	    INTRUSIONS_ARE_LOCAL	=> FALSE,
	    FILLER_1	=> 0);
 
    type C2_SECPOL_TYPE is
	record
	    SECURITY_POLICY	: C2_SECURITY_POLICY_TYPE;
	end record;
 
	    for C2_SECPOL_TYPE use 
		record
		    SECURITY_POLICY	at 0 range 0 .. 31;
		end record;
	    for C2_SECPOL_TYPE'SIZE use 32;
 
    C2_SECPOL_TYPE_INIT : constant C2_SECPOL_TYPE := 
	    (
	    SECURITY_POLICY	=> C2_SECURITY_POLICY_TYPE_INIT
	    );
 
end C2DEF;