-- --**************************************************************************** --* * --* Copyright (c) 2001 * --* by DIGITAL Equipment Corporation, Maynard, Mass. * --* * --* This software is furnished under a license and may be used and copied * --* only in accordance with the terms of such license and with the * --* inclusion of the above copyright notice. This software or any other * --* copies thereof may not be provided or otherwise made available to any * --* other person. No title to and ownership of the software is hereby * --* transferred. * --* * --* The information in this software is subject to change without notice * --* and should not be construed as a commitment by DIGITAL Equipment * --* Corporation. * --* * --* DIGITAL assumes no responsibility for the use or reliability of its * --* software on equipment which is not supplied by DIGITAL. * --* * --**************************************************************************** --******************************************************************************************************************** -- Created: 15-MAR-2001 22:54:15 by OpenVMS SDL EV1-33 -- Source: 10-MAR-1998 14:41:43 $11$DUA933:[LIB_ADA.LIS]UAFDEF.SDL;1 --******************************************************************************************************************** with SYSTEM; use SYSTEM; with STARLET; use STARLET; with CONDITION_HANDLING; use CONDITION_HANDLING; package UAFDEF is -- module $UAFDEF --++ -- User authorization file format -- Note: With the exception of the username and account name, -- all strings are blank padded counted strings. Username and -- account name are uncounted, blank padded. ---- UAF_C_USER_ID : constant := 1; -- main user ID record UAF_C_VERSION1 : constant := 1; -- this version UAF_C_KEYED_PART : constant := 52; -- ISAM keys come this far UAF_C_MAX_PWD_LENGTH : constant := 32; -- maximum plaintext password length UAF_K_MAX_PWD_LENGTH : constant := 32; -- maximum plaintext password length UAF_C_AD_II : constant := 0; -- AUTODIN-II 32 bit crc code UAF_C_PURDY : constant := 1; -- Purdy polynomial over salted input UAF_C_PURDY_V : constant := 2; -- Purdy polynomial + variable length username UAF_C_PURDY_S : constant := 3; -- PURDY_V folded into password length UAF_K_CURRENT_ALGORITHM : constant := 3; -- current DEC algorithm number UAF_C_CURRENT_ALGORITHM : constant := 3; -- current DEC algorithm number UAF_C_PREFERED_ALGORITHM : constant := 127; UAF_K_PREFERED_ALGORITHM : constant := 127; UAF_C_PREFERRED_ALGORITHM : constant := 127; -- preferred hash algorithm - use current UAF_K_PREFERRED_ALGORITHM : constant := 127; -- preferred hash algorithm - use current UAF_C_CUST_ALGORITHM : constant := 128; -- customer algorithm division UAF_K_CUST_ALGORITHM : constant := 128; -- customer algorithm division UAF_K_FIXED : constant := 644; -- length of fixed portion UAF_C_FIXED : constant := 644; -- length of fixed portion UAF_K_LENGTH : constant := 1412; UAF_C_LENGTH : constant := 1412; type UAF_USERNAME_TYPE is -- username record FILLER_1 : STRING(1 .. 31); USERNAME_TAG : CHARACTER; -- tag to differentiate records end record; for UAF_USERNAME_TYPE use record FILLER_1 at 0 range 0 .. 247; USERNAME_TAG at 31 range 0 .. 7; end record; for UAF_USERNAME_TYPE'SIZE use 256; UAF_USERNAME_TYPE_INIT : constant UAF_USERNAME_TYPE := (FILLER_1 => (others => ASCII.NUL), USERNAME_TAG => ASCII.NUL); type UAF_UIC_TYPE is -- user ID code record MEM : UNSIGNED_WORD; -- member subfield GRP : UNSIGNED_WORD; -- group subfield end record; for UAF_UIC_TYPE use record MEM at 0 range 0 .. 15; GRP at 2 range 0 .. 15; end record; for UAF_UIC_TYPE'SIZE use 32; UAF_UIC_TYPE_INIT : constant UAF_UIC_TYPE := (MEM => 0, GRP => 0); type UAF_FILL_5_TYPE is record PWD : UNSIGNED_LONGWORD; -- 32 bit subfield end record; for UAF_FILL_5_TYPE use record PWD at 0 range 0 .. 31; end record; for UAF_FILL_5_TYPE'SIZE use 32; UAF_FILL_5_TYPE_INIT : constant UAF_FILL_5_TYPE := (PWD => 0); type UAF_MIN_CLASS_TYPE is -- minimum security class record FILLER_1 : UNSIGNED_BYTE_ARRAY (1 .. 20); end record; for UAF_MIN_CLASS_TYPE use record FILLER_1 at 0 range 0 .. 159; end record; for UAF_MIN_CLASS_TYPE'SIZE use 160; UAF_MIN_CLASS_TYPE_INIT : constant UAF_MIN_CLASS_TYPE := (FILLER_1 => (others => 0)); type UAF_MAX_CLASS_TYPE is -- maximum security class record FILLER_1 : UNSIGNED_BYTE_ARRAY (1 .. 20); end record; for UAF_MAX_CLASS_TYPE use record FILLER_1 at 0 range 0 .. 159; end record; for UAF_MAX_CLASS_TYPE'SIZE use 160; UAF_MAX_CLASS_TYPE_INIT : constant UAF_MAX_CLASS_TYPE := (FILLER_1 => (others => 0)); type UAF_FLAGS_TYPE is -- user flags longword record DISCTLY : BOOLEAN; -- no user control-y DEFCLI : BOOLEAN; -- only allow user default CLI LOCKPWD : BOOLEAN; -- disable SET PASSWORD command RESTRICTED : BOOLEAN; -- restricted account (pre-V5.2 CAPTIVE) DISACNT : BOOLEAN; -- no interactive login DISWELCOM : BOOLEAN; -- skip welcome message DISMAIL : BOOLEAN; -- skip new mail message NOMAIL : BOOLEAN; -- disable mail delivery GENPWD : BOOLEAN; -- passwords must be generated PWD_EXPIRED : BOOLEAN; -- password has expired PWD2_EXPIRED : BOOLEAN; -- 2nd password has expired AUDIT : BOOLEAN; -- audit all actions DISREPORT : BOOLEAN; -- skip last login messages DISRECONNECT : BOOLEAN; -- inhibit reconnections AUTOLOGIN : BOOLEAN; -- auto-login only DISFORCE_PWD_CHANGE : BOOLEAN; -- disable forced password change CAPTIVE : BOOLEAN; -- captive account (no overrides) DISIMAGE : BOOLEAN; -- disable arbitrary image activation DISPWDDIC : BOOLEAN; -- disable password dictionary search DISPWDHIS : BOOLEAN; -- disable password history search DEFCLSVAL : BOOLEAN; -- default classification is valid EXTAUTH : BOOLEAN; -- external authentication enabled MIGRATEPWD : BOOLEAN; -- migrate UAF pwd to external auth VMSAUTH : BOOLEAN; -- VMS alternative is allowed DISPWDSYNCH : BOOLEAN; -- no ACME password sharing FILLER_1 : UNSIGNED_7; end record; for UAF_FLAGS_TYPE use record DISCTLY at 0 range 0 .. 0; DEFCLI at 0 range 1 .. 1; LOCKPWD at 0 range 2 .. 2; RESTRICTED at 0 range 3 .. 3; DISACNT at 0 range 4 .. 4; DISWELCOM at 0 range 5 .. 5; DISMAIL at 0 range 6 .. 6; NOMAIL at 0 range 7 .. 7; GENPWD at 1 range 0 .. 0; PWD_EXPIRED at 1 range 1 .. 1; PWD2_EXPIRED at 1 range 2 .. 2; AUDIT at 1 range 3 .. 3; DISREPORT at 1 range 4 .. 4; DISRECONNECT at 1 range 5 .. 5; AUTOLOGIN at 1 range 6 .. 6; DISFORCE_PWD_CHANGE at 1 range 7 .. 7; CAPTIVE at 2 range 0 .. 0; DISIMAGE at 2 range 1 .. 1; DISPWDDIC at 2 range 2 .. 2; DISPWDHIS at 2 range 3 .. 3; DEFCLSVAL at 2 range 4 .. 4; EXTAUTH at 2 range 5 .. 5; MIGRATEPWD at 2 range 6 .. 6; VMSAUTH at 2 range 7 .. 7; DISPWDSYNCH at 3 range 0 .. 0; FILLER_1 at 3 range 1 .. 7; end record; for UAF_FLAGS_TYPE'SIZE use 32; UAF_FLAGS_TYPE_INIT : constant UAF_FLAGS_TYPE := (DISCTLY => FALSE, DEFCLI => FALSE, LOCKPWD => FALSE, RESTRICTED => FALSE, DISACNT => FALSE, DISWELCOM => FALSE, DISMAIL => FALSE, NOMAIL => FALSE, GENPWD => FALSE, PWD_EXPIRED => FALSE, PWD2_EXPIRED => FALSE, AUDIT => FALSE, DISREPORT => FALSE, DISRECONNECT => FALSE, AUTOLOGIN => FALSE, DISFORCE_PWD_CHANGE => FALSE, CAPTIVE => FALSE, DISIMAGE => FALSE, DISPWDDIC => FALSE, DISPWDHIS => FALSE, DEFCLSVAL => FALSE, EXTAUTH => FALSE, MIGRATEPWD => FALSE, VMSAUTH => FALSE, DISPWDSYNCH => FALSE, FILLER_1 => 0); type UAF_PRIMEDAYS_TYPE is -- bits representing primary days record MONDAY : BOOLEAN; -- bit clear means this is a primary day TUESDAY : BOOLEAN; -- bit set means this is an off day WEDNESDAY : BOOLEAN; THURSDAY : BOOLEAN; FRIDAY : BOOLEAN; SATURDAY : BOOLEAN; SUNDAY : BOOLEAN; FILLER_1 : BOOLEAN; end record; for UAF_PRIMEDAYS_TYPE use record MONDAY at 0 range 0 .. 0; TUESDAY at 0 range 1 .. 1; WEDNESDAY at 0 range 2 .. 2; THURSDAY at 0 range 3 .. 3; FRIDAY at 0 range 4 .. 4; SATURDAY at 0 range 5 .. 5; SUNDAY at 0 range 6 .. 6; FILLER_1 at 0 range 7 .. 7; end record; for UAF_PRIMEDAYS_TYPE'SIZE use 8; UAF_PRIMEDAYS_TYPE_INIT : constant UAF_PRIMEDAYS_TYPE := (MONDAY => FALSE, TUESDAY => FALSE, WEDNESDAY => FALSE, THURSDAY => FALSE, FRIDAY => FALSE, SATURDAY => FALSE, SUNDAY => FALSE, FILLER_1 => FALSE); type UAF_DEF_CLASS_TYPE is -- default security class record FILLER_1 : UNSIGNED_BYTE_ARRAY (1 .. 20); end record; for UAF_DEF_CLASS_TYPE use record FILLER_1 at 0 range 0 .. 159; end record; for UAF_DEF_CLASS_TYPE'SIZE use 160; UAF_DEF_CLASS_TYPE_INIT : constant UAF_DEF_CLASS_TYPE := (FILLER_1 => (others => 0)); type UAF_TYPE is record RTYPE : UNSIGNED_BYTE; -- UAF record type VERSION : UNSIGNED_BYTE; -- UAF format version USRDATOFF : UNSIGNED_WORD; -- offset of counted string of user data USERNAME : UAF_USERNAME_TYPE; -- username UIC : UAF_UIC_TYPE; -- user ID code SUB_ID : UNSIGNED_LONGWORD; -- user sub-identifier PARENT_ID : UNSIGNED_QUADWORD; -- identifier of owner of this account ACCOUNT : STRING(1 .. 32); -- account name OWNER : STRING(1 .. 32); -- owner's name DEFDEV : STRING(1 .. 32); -- default device DEFDIR : STRING(1 .. 64); -- default directory LGICMD : STRING(1 .. 64); -- login command file DEFCLI : STRING(1 .. 32); -- default command interpreter CLITABLES : STRING(1 .. 32); -- user CLI tables PWD : UNSIGNED_QUADWORD; -- hashed password ----Component(s) below are defined as comments since they ----overlap other fields ---- ----FILL_5 : UAF_FILL_5_TYPE; PWD2 : UNSIGNED_QUADWORD; -- second password LOGFAILS : UNSIGNED_WORD; -- count of login failures SALT : UNSIGNED_WORD; -- random password salt ENCRYPT : UNSIGNED_BYTE; -- primary password hash algorithm -- known hash algorithm indices ENCRYPT2 : UNSIGNED_BYTE; -- secondary password hash algorithm PWD_LENGTH : UNSIGNED_BYTE; -- minimum password length FILLER_1 : UNSIGNED_BYTE_ARRAY (1 .. 1); EXPIRATION : UNSIGNED_QUADWORD; -- expiration date for account PWD_LIFETIME : UNSIGNED_QUADWORD; -- password lifetime PWD_DATE : UNSIGNED_QUADWORD; -- date of password change PWD2_DATE : UNSIGNED_QUADWORD; -- date of 2nd password change LASTLOGIN_I : UNSIGNED_QUADWORD; -- date of last interactive login LASTLOGIN_N : UNSIGNED_QUADWORD; -- date of last non-interactive login PRIV : UNSIGNED_QUADWORD; -- process privilege vector DEF_PRIV : UNSIGNED_QUADWORD; -- default process privileges MIN_CLASS : UAF_MIN_CLASS_TYPE; -- minimum security class MAX_CLASS : UAF_MAX_CLASS_TYPE; -- maximum security class FLAGS : UAF_FLAGS_TYPE; -- user flags longword NETWORK_ACCESS_P : UNSIGNED_BYTE_ARRAY (1 .. 3); -- hourly network access, primary NETWORK_ACCESS_S : UNSIGNED_BYTE_ARRAY (1 .. 3); -- hourly network access, secondary BATCH_ACCESS_P : UNSIGNED_BYTE_ARRAY (1 .. 3); -- hourly batch access, primary BATCH_ACCESS_S : UNSIGNED_BYTE_ARRAY (1 .. 3); -- hourly batch access, secondary LOCAL_ACCESS_P : UNSIGNED_BYTE_ARRAY (1 .. 3); -- hourly local access, primary LOCAL_ACCESS_S : UNSIGNED_BYTE_ARRAY (1 .. 3); -- hourly local access, secondary DIALUP_ACCESS_P : UNSIGNED_BYTE_ARRAY (1 .. 3); -- hourly dialup access, primary DIALUP_ACCESS_S : UNSIGNED_BYTE_ARRAY (1 .. 3); -- hourly dialup access, secondary REMOTE_ACCESS_P : UNSIGNED_BYTE_ARRAY (1 .. 3); -- hourly remote access, primary REMOTE_ACCESS_S : UNSIGNED_BYTE_ARRAY (1 .. 3); -- hourly remote access, secondary FILLER_2 : UNSIGNED_BYTE_ARRAY (1 .. 12); -- space for 2 more access types PRIMEDAYS : UAF_PRIMEDAYS_TYPE; -- bits representing primary days FILLER_3 : UNSIGNED_BYTE_ARRAY (1 .. 1); PRI : UNSIGNED_BYTE; -- base process priority QUEPRI : UNSIGNED_BYTE; -- maximum job queuing priority MAXJOBS : UNSIGNED_WORD; -- maximum jobs for UIC allowed -- 0 means no limit MAXACCTJOBS : UNSIGNED_WORD; -- maximum jobs for account allowed -- 0 means no limit MAXDETACH : UNSIGNED_WORD; -- maximum detached processes for UIC -- 0 means no limit PRCCNT : UNSIGNED_WORD; -- subprocess creation limit BIOLM : UNSIGNED_WORD; -- buffered I/O limit DIOLM : UNSIGNED_WORD; -- direct I/O limit TQCNT : UNSIGNED_WORD; -- timer queue entry limit ASTLM : UNSIGNED_WORD; -- AST queue limit ENQLM : UNSIGNED_WORD; -- enqueue limit FILLM : UNSIGNED_WORD; -- open file limit SHRFILLM : UNSIGNED_WORD; -- shared file limit WSQUOTA : UNSIGNED_LONGWORD; -- working set size quota DFWSCNT : UNSIGNED_LONGWORD; -- default working set size WSEXTENT : UNSIGNED_LONGWORD; -- working set size limit PGFLQUOTA : UNSIGNED_LONGWORD; -- page file quota CPUTIM : UNSIGNED_LONGWORD; -- CPU time quota BYTLM : UNSIGNED_LONGWORD; -- buffered I/O byte count limit PBYTLM : UNSIGNED_LONGWORD; -- paged buffer I/O byte count limit JTQUOTA : UNSIGNED_LONGWORD; -- job-wide logical name table creation quota PROXY_LIM : UNSIGNED_WORD; -- number of proxies user can grant PROXIES : UNSIGNED_WORD; -- number of proxies granted ACCOUNT_LIM : UNSIGNED_WORD; -- number of sub-accounts allowed ACCOUNTS : UNSIGNED_WORD; -- number of sub-accounts in use DEF_CLASS : UAF_DEF_CLASS_TYPE; -- default security class FILLER_4 : UNSIGNED_BYTE_ARRAY (1 .. 44); -- spare space FILLER_5 : UNSIGNED_BYTE_ARRAY (1 .. 768); -- user-extensible area end record; for UAF_TYPE use record RTYPE at 0 range 0 .. 7; VERSION at 1 range 0 .. 7; USRDATOFF at 2 range 0 .. 15; USERNAME at 4 range 0 .. 255; UIC at 36 range 0 .. 31; SUB_ID at 40 range 0 .. 31; PARENT_ID at 44 range 0 .. 63; ACCOUNT at 52 range 0 .. 255; OWNER at 84 range 0 .. 255; DEFDEV at 116 range 0 .. 255; DEFDIR at 148 range 0 .. 511; LGICMD at 212 range 0 .. 511; DEFCLI at 276 range 0 .. 255; CLITABLES at 308 range 0 .. 255; PWD at 340 range 0 .. 63; ----Component representation spec(s) below are defined as ----comments since they overlap other fields ---- ----FILL_5 at 340 range 0 .. 31; PWD2 at 348 range 0 .. 63; LOGFAILS at 356 range 0 .. 15; SALT at 358 range 0 .. 15; ENCRYPT at 360 range 0 .. 7; ENCRYPT2 at 361 range 0 .. 7; PWD_LENGTH at 362 range 0 .. 7; FILLER_1 at 363 range 0 .. 7; EXPIRATION at 364 range 0 .. 63; PWD_LIFETIME at 372 range 0 .. 63; PWD_DATE at 380 range 0 .. 63; PWD2_DATE at 388 range 0 .. 63; LASTLOGIN_I at 396 range 0 .. 63; LASTLOGIN_N at 404 range 0 .. 63; PRIV at 412 range 0 .. 63; DEF_PRIV at 420 range 0 .. 63; MIN_CLASS at 428 range 0 .. 159; MAX_CLASS at 448 range 0 .. 159; FLAGS at 468 range 0 .. 31; NETWORK_ACCESS_P at 472 range 0 .. 23; NETWORK_ACCESS_S at 475 range 0 .. 23; BATCH_ACCESS_P at 478 range 0 .. 23; BATCH_ACCESS_S at 481 range 0 .. 23; LOCAL_ACCESS_P at 484 range 0 .. 23; LOCAL_ACCESS_S at 487 range 0 .. 23; DIALUP_ACCESS_P at 490 range 0 .. 23; DIALUP_ACCESS_S at 493 range 0 .. 23; REMOTE_ACCESS_P at 496 range 0 .. 23; REMOTE_ACCESS_S at 499 range 0 .. 23; FILLER_2 at 502 range 0 .. 95; PRIMEDAYS at 514 range 0 .. 7; FILLER_3 at 515 range 0 .. 7; PRI at 516 range 0 .. 7; QUEPRI at 517 range 0 .. 7; MAXJOBS at 518 range 0 .. 15; MAXACCTJOBS at 520 range 0 .. 15; MAXDETACH at 522 range 0 .. 15; PRCCNT at 524 range 0 .. 15; BIOLM at 526 range 0 .. 15; DIOLM at 528 range 0 .. 15; TQCNT at 530 range 0 .. 15; ASTLM at 532 range 0 .. 15; ENQLM at 534 range 0 .. 15; FILLM at 536 range 0 .. 15; SHRFILLM at 538 range 0 .. 15; WSQUOTA at 540 range 0 .. 31; DFWSCNT at 544 range 0 .. 31; WSEXTENT at 548 range 0 .. 31; PGFLQUOTA at 552 range 0 .. 31; CPUTIM at 556 range 0 .. 31; BYTLM at 560 range 0 .. 31; PBYTLM at 564 range 0 .. 31; JTQUOTA at 568 range 0 .. 31; PROXY_LIM at 572 range 0 .. 15; PROXIES at 574 range 0 .. 15; ACCOUNT_LIM at 576 range 0 .. 15; ACCOUNTS at 578 range 0 .. 15; DEF_CLASS at 580 range 0 .. 159; FILLER_4 at 600 range 0 .. 351; FILLER_5 at 644 range 0 .. 6143; end record; for UAF_TYPE'SIZE use 11296; UAF_TYPE_INIT : constant UAF_TYPE := (RTYPE => 0, VERSION => 0, USRDATOFF => 0, USERNAME => UAF_USERNAME_TYPE_INIT, UIC => UAF_UIC_TYPE_INIT, SUB_ID => 0, PARENT_ID => (0, 0), ACCOUNT => (others => ASCII.NUL), OWNER => (others => ASCII.NUL), DEFDEV => (others => ASCII.NUL), DEFDIR => (others => ASCII.NUL), LGICMD => (others => ASCII.NUL), DEFCLI => (others => ASCII.NUL), CLITABLES => (others => ASCII.NUL), PWD => (0, 0), PWD2 => (0, 0), LOGFAILS => 0, SALT => 0, ENCRYPT => 0, ENCRYPT2 => 0, PWD_LENGTH => 0, FILLER_1 => (others => 0), EXPIRATION => (0, 0), PWD_LIFETIME => (0, 0), PWD_DATE => (0, 0), PWD2_DATE => (0, 0), LASTLOGIN_I => (0, 0), LASTLOGIN_N => (0, 0), PRIV => (0, 0), DEF_PRIV => (0, 0), MIN_CLASS => UAF_MIN_CLASS_TYPE_INIT, MAX_CLASS => UAF_MAX_CLASS_TYPE_INIT, FLAGS => UAF_FLAGS_TYPE_INIT, NETWORK_ACCESS_P => (others => 0), NETWORK_ACCESS_S => (others => 0), BATCH_ACCESS_P => (others => 0), BATCH_ACCESS_S => (others => 0), LOCAL_ACCESS_P => (others => 0), LOCAL_ACCESS_S => (others => 0), DIALUP_ACCESS_P => (others => 0), DIALUP_ACCESS_S => (others => 0), REMOTE_ACCESS_P => (others => 0), REMOTE_ACCESS_S => (others => 0), FILLER_2 => (others => 0), PRIMEDAYS => UAF_PRIMEDAYS_TYPE_INIT, FILLER_3 => (others => 0), PRI => 0, QUEPRI => 0, MAXJOBS => 0, MAXACCTJOBS => 0, MAXDETACH => 0, PRCCNT => 0, BIOLM => 0, DIOLM => 0, TQCNT => 0, ASTLM => 0, ENQLM => 0, FILLM => 0, SHRFILLM => 0, WSQUOTA => 0, DFWSCNT => 0, WSEXTENT => 0, PGFLQUOTA => 0, CPUTIM => 0, BYTLM => 0, PBYTLM => 0, JTQUOTA => 0, PROXY_LIM => 0, PROXIES => 0, ACCOUNT_LIM => 0, ACCOUNTS => 0, DEF_CLASS => UAF_DEF_CLASS_TYPE_INIT, FILLER_4 => (others => 0), FILLER_5 => (others => 0)); end UAFDEF;