The MSGTAC program unit NOHACK counts the number of incorrect sign-on attempts in TLS. If openUTM accepts a KDCSIGN (i.e. with the message K008 or K033), the TLS is deleted.
If, after three invalid KDCSIGN attempts, the fourth KDCSIGN attempt is also incorrect, the relevant terminal is to be disconnected by means of “asynchronous administration”, using an FPUT call with KCRN="KDCPTRMA". The message area contains the following parameter of the administration command KDCPTRMA (see also the openUTM manual “Generating Applications”:
PTERM=pterm, PRONAM=processor,ACT=DIS
The administration command is then written with LPUT to the user log file and the TLS is deleted.
The K messages are each read with an FGET by the MSGTAC program unit. Once a K message has been “processed”, an FGET immediately reads the next K message within the same program unit run.
IDENTIFICATION DIVISION.
PROGRAM-ID.
MSGTAC.
ENVIRONMENT DIVISION.
DATA DIVISION.
WORKING-STORAGE SECTION.
COPY KCOPC.
77 ID-HACK-TLS PIC X(8) VALUE "TLSHACK".
77 HACK-MAX PIC 9(4) COMP VALUE 3.
01 ADM-SATZ.
02 ADM-TXT.
03 F PIC X(07) VALUE "PTERM=(".
03 F PIC X(08).
03 F PIC X(09) VALUE "),PRONAM=".
03 F PIC X(08).
03 F PIC X(11) VALUE ",ACTION=DIS".
01 UTM-FEHLER-ZEILE.
03 F PIC X(18) VALUE "Error in prog. unit".
03 F-MODUL PIC X(08) VALUE "NOHACK".
03 F PIC X(12) VALUE "; Vorg./TAC".
03 F-VG PIC X(08).
03 F PIC X(01) VALUE "/".
03 F-AL PIC X(08).
03 F PIC X(05) VALUE " wg.".
03 F-OP PIC X(04).
03 F PIC X(07) VALUE " (RC:".
03 F-RC PIC X(08).
03 F PIC X(01) VALUE ")".
LINKAGE SECTION.
COPY KCKBC.
05 FILLER PIC X.
COPY KCPAC.
COPY KCMSGC.
03 NB.
05 HACKER-LTERM PIC X(8).
05 NB-ADM.
07 F PIC X(07).
07 PTRM PIC X(08).
07 F PIC X(09).
07 PRNM PIC X(08).
07 F PIC X(11).
05 TLS-HACK.
07 HACK-ANZ PIC 9(4) COMP.
PROCEDURE DIVISION USING KCKBC, KCSPAB.
MAIN SECTION .
INIT-ANF.
MOVE LOW-VALUE TO KCPAC
MOVE INIT TO KCOP
MOVE 0 TO KCLKBPRG
COMPUTE KCLPAB = FUNCTION LENGTH (KCSPAB)
CALL "KDCS" USING KCPAC.
IF KCRCCC NOT = ZERO
THEN GO TO PEND-LPUT.
FGET-ANF.
MOVE LOW-VALUE TO KCPAC
MOVE FGET TO KCOP
COMPUTE KCLA = FUNCTION LENGTH (KCMSGC)
MOVE SPACE TO KCMF
CALL "KDCS" USING KCPAC, KCMSGC
IF KCRCCC NOT = ZERO
THEN
IF KCRCCC = "10Z"
THEN
GO TO PEND-ANF
ELSE
GO TO PEND-LPUT.
IF MSGNR = "K004"
* Invalid identification *
MOVE LTRM OF K004 TO HACKER-LTERM
ELSE IF MSGNR = "K006"
* Invalid password *
MOVE LTRM OF K006 TO HACKER-LTERM
ELSE IF MSGNR = "K008"
* KDCSIGN accepted *
MOVE LTRM OF K008 TO HACKER-LTERM
ELSE IF MSGNR = "K031"
* Card not ok *
MOVE LTRM OF K031 TO HACKER-LTERM
ELSE IF MSGNR = "K033"
* if no K008 is generated *
MOVE LTRM OF K033 TO HACKER-LTERM
ELSE
MOVE MSGNR TO KCOP
GO TO PEND-LPUT.
PERFORM ARBEIT
IF KCRCCC NOT = ZERO
GO TO PEND-LPUT.
* More messages waiting ?? *
GO TO FGET-ANF.
PEND-ANF.
MOVE LOW-VALUE TO KCPAC
MOVE PEND TO KCOP
MOVE "FI" TO KCOM
CALL "KDCS" USING KCPAC.
PROG-ENDE.
EXIT PROGRAM.
PEND-LPUT.
MOVE KCOP TO F-OP
MOVE KCTACVG TO F-VG
MOVE KCTACAL TO F-AL
MOVE KCRC TO F-RC
MOVE LOW-VALUE TO KCPAC
MOVE LPUT TO KCOP
COMPUTE KCLA = FUNCTION LENGTH (UTM-ERROR-LINE)
CALL "KDCS" USING KCPAC, UTM-ERROR-LINE.
MOVE LOW-VALUE TO KCPAC
MOVE PEND TO KCOP
MOVE "FI" TO KCOM
CALL "KDCS" USING KCPAC.
M9.
EXIT.
/
ARBEIT SECTION .
A0.
MOVE LOW-VALUE TO KCPAC
MOVE GTDA TO KCOP
MOVE 2 TO KCLA
MOVE ID-HACK-TLS TO KCRN
MOVE HACKER-LTERM TO KCLT
CALL "KDCS" USING KCPAC, TLS-HACK
IF KCRCCC NOT = ZERO
GO TO A9.
IF KCRLM = 0
THEN
IF MSGNR = "K008"
OR = "K033"
THEN
* Ok, no TLS exists *
NEXT SENTENCE
ELSE
* Create TLS *
MOVE LOW-VALUE TO KCPAC
MOVE PTDA TO KCOP
MOVE 2 TO KCLA
MOVE 1 TO HACK-NO
MOVE ID-HACK-TLS TO KCRN
MOVE HACKER-LTERM TO KCLT
CALL "KDCS" USING KCPAC, TLS-HACK
ELSE
IF MSGNR = "K008"
OR = "K033"
THEN
* Ok; delete TLS *
MOVE LOW-VALUE TO KCPAC
MOVE PTDA TO KCOP
MOVE 0 TO KCLA
MOVE ID-HACK-TLS TO KCRN
MOVE HACKER-LTERM TO KCLT
CALL "KDCS" USING KCPAC, TLS-HACK
ELSE
PERFORM CHECK-NO.
A9.
EXIT.
/
PRUEF-ANZ SECTION .
P0.
ADD 1 TO HACK-NO
IF HACK-NO NOT > HACK-MAX
THEN
* Try it once more *
MOVE LOW-VALUE TO KCPAC
MOVE PTDA TO KCOP
MOVE 2 TO KCLA
MOVE ID-HACK-TLS TO KCRN
MOVE HACKER-LTERM TO KCLT
CALL "KDCS" USING KCPAC, TLS-HACK
GO TO P9.
* Disconnect !! *
MOVE ADM-TXT TO NB-ADM
IF MSGNR = "K004"
MOVE CORR K004 TO NB-ADM
ELSE IF MSGNR = "K006"
MOVE CORR K006 TO NB-ADM
ELSE
MOVE CORR K031 TO NB-ADM.
P-FPUT.
MOVE LOW-VALUE TO KCPAC
MOVE FPUT TO KCOP
MOVE "NE" TO KCOM
MOVE "KDCPTRMA" TO KCRN
COMPUTE KCLM = FUNCTION LENGTH (NB-ADM)
MOVE SPACE TO KCMF
MOVE ZERO TO KCDF
CALL "KDCS" USING KCPAC, NB-ADM
IF KCRCCC NOT = ZERO
GO TO P9.
P-LPUT.
* Write to user log *
MOVE LOW-VALUE TO KCPAC
MOVE LPUT TO KCOP
COMPUTE KCLA = FUNCTION LENGTH (NB-ADM)
CALL "KDCS" USING KCPAC, NB-ADM
IF KCRCCC NOT = ZERO
GO TO P9.
P-PTDA.
* Delete TLS *
MOVE LOW-VALUE TO KCPAC
MOVE PTDA TO KCOP
MOVE ZERO TO KCLA
MOVE ID-HACK-TLS TO KCRN
MOVE HACKER-LTERM TO KCLT
CALL "KDCS" USING KCPAC, TLS-HACK.
P9.
EXIT.
The above example for the MSGTAC program unit simply indicates appropriate ways of evaluating messages and administering the application.
However, the K094 message (SIGNON SILENT-ALARM) should be used to monitor security infringements since this also includes UPIC and OSI TP clients. Furthermore, wider-ranging administration of the UTM application is possible using the programmed administration capability (ADMI interface).