Loading...
Select Version
The MSGTAC event service NOHACK counts the number of failed attempts in a TLS. If openUTM accepts a KDCSIGN (i.e. UTM message K008 or K033), then this TLS is deleted.
If after three invalid KDCSIGN attempts the 4th KDCSIGN attempt also fails, then the corresponding terminal should be automatically disconnected using an FPUT call with
KCRN="KDCPTRMA". The KDCS message area contains the following administration command, see also the openUTM manual “Generating Applications”:
PTERM=pterm,PRO=proname,ACT=DIS
The K-messages are each read from the MSGTAC program unit using FGET. After "processing" a K-message, the next K-message is read immediately within the same program run using FGET.
Event service MSGTAC
#include <stdio.h>
#include <kcmac.h>
#include <kcmsg.h>
#define _K008 (memcmp (NR, "K008", 4) == 0)
#define _K033 (memcmp (NR, "K033", 4) == 0)
/* K008: KDCSIGN accepted */
/* K033: Start-Format */
#define MESSAGE_OK (_K008 || _K033)
#define _K004 (memcmp (NR, "K004", 4) == 0)
#define _K006 (memcmp (NR, "K006", 4) == 0)
#define _K031 (memcmp (NR, "K031", 4) == 0)
/* K004: Invalid Identification */
/* K006: Invalid password */
/* K031: Card not ok */
#define OTHER_MESSAGE !(_K004 || _K006 || _K008 || _K031 || _K033)
#define HACK_MAX 3
#define PTERM " PTERM="
#define PRONAM ",PRONAM="
#define DIS ",ACTION=DIS"
#define OFF ",STATUS=OFF"
#define kcrc_ca->ca return.kcrccc
#define pa spab->param
#define NR spab->ma.kcmsgs.msghdr.MSGNR
#define MSG spab->ma.kcmsgs.msg
#define LTERM spab->ma.lterm
#define hacknr spab->hack_nr
#define admin spab->ma.adm
struct adm_line
{ char pterm_t[6];
char pterm[8];
char pronam_t[8];
char pronam[8];
char dis_t[11];
char off_t[11];
};
struct ca_area
{ struct ca_hdr ca_head;
struct ca_rti ca_return;
};
struct work
{ struct kc_pa param;
short hack_nr;
struct msg_area
{ char lterm[8];
struct adm_line adm;
struct KCMSGS kcmsgs;
} ma;
char buffer[100];
};
static void set_lterm( struct work * );
static void set_pterm( struct work * );
void NOHACK (struct ca_area *ca, struct work *spab )
{
int other_message = 0;
/* INIT-Operation */
KDCS_SET (&spab->param, &ca->ca_head, &ca->ca_return);
KDCS_INIT (0,512);
/*************************************************************************/
/* while-loop: reading and processing all messages */
/*************************************************************************/
while (KCRCC == 0 )
{
/* FGET-Operation: reading the message */
KDCS_FGET (&spab->ma.kcmsgs,132,KDCS_SPACES);
if (KCRCC != 0 )
break;
if (OTHER_MESSAGE)
{ other_message = 1;
break;
}
set_lterm ( spab );
/* read TLSB */
KDCS_GTDA (&hacknr,2,"TLSB",LTERM);
if (KCRCC != 0 )
break;
if ((hacknr < 0) || (hacknr > HACK_MAX))
hacknr = 0; /* Initialize TLS */
/* If KDCSIGN is correct, initialize the TLS, if not, count the number */
/* of failed attempts. After the fourth invalid KDCSIGN disconnect the */
/* correspondending terminal. */
if ((hacknr < HACK_MAX) && MESSAGE_OK)
hacknr = 0; /* Initialize TLS */
else /* invalid KDCSIGN */
{
if (hacknr < HACK_MAX)
++hacknr;
else
{ memcpy (admin.pterm_t, PTERM, 7);
memcpy (admin.pronam_t, PRONAM, 8);
set_pterm ( spab );
/* Disconnect the terminal by asynchronous administration */
memcpy (admin.dis_t, DIS, 11);
memcpy (admin.off_t, OFF, 11);
KDCS_FPUTNE (&admin,sizeof(struct adm_line),"KDCPTRMA",KDCS_SPACES,KCNODF)
;
if (KCRCC != 0 )
break;
hacknr = 0;
/* log on User logging */
KDCS_LPUT (&admin,sizeof(struct adm_line));
if (KCRCC != 0 )
break;
}
}
/* set up TLSB */
KDCS_PTDA (&hacknr,2,"TLSB",LTERM);
}
/* ************************************************************************/
/* End of while loop */
/**************************************************************************/
if ( KCRCC != 10 || other_message)
/* other message or error in the while loop */
{
/* error line */
sprintf(spab->buffer, "Error in program unit - conversation %8.8s"\
", TAC: %8.8s because %4.4s. RC= %3.3s " ,
ca->ca_head.kccv_tac , ca->ca_head.kcpr_tac ,
pa.kcop , KDCS_ERR );
/* RSET-Operation */
KDCS_RSET();
/* LPUT-Operation: log on user logging */
KDCS_LPUT( spab->buffer , strlen( spab->buffer ) );
}
/* PEND FI-Operation */
KDCS_PENDFI();
}
/**************************************************************************/
/* function set_lterm () */
/**************************************************************************/
void set_lterm ( struct work * spab )
{ if _K004
{ memcpy (LTERM,MSG.K004.LTRM, 8);
return;
}
if _K006
{ memcpy (LTERM, MSG.K006.LTRM, 8);
return;
}
if _K008
{ memcpy (LTERM, MSG.K008.LTRM, 8);
return;
}
if _K031
{ memcpy (LTERM, MSG.K031.LTRM, 8);
return;
}
if _K033
{ memcpy (LTERM, MSG.K033.LTRM, 8);
return;
}
}
/**************************************************************************/
/* function set_pterm () */
/**************************************************************************/
void set_pterm ( struct work *spab )
{ if _K004
{ memcpy (admin.pterm, MSG.K004.PTRM, 8);
memcpy (admin.pronam, MSG.K004.PRNM, 8);
return;
}
if _K006
{ memcpy (admin.pterm, MSG.K006.PTRM, 8);
memcpy (admin.pronam, MSG.K006.PRNM, 8);
return;
}
if _K031
{ memcpy (admin.pterm, MSG.K031.PTRM, 8);
memcpy (admin.pronam, MSG.K031.PRNM, 8);
return;
}
}
The above example for the MSGTAC event service simply indicates appropriate ways of evaluating messages and administering the application.
However, the K094 message (SIGNON SILENT-ALARM) should be used to monitor security infringements since this also includes UPIC and OSI TP clients. Furthermore, wider-ranging administration of the UTM application is possible using the programmed administration capability (ADMI interface).