Network Node filesystem security service 1.0.5 for CTOS II 3.3 or later.
Scott Kurowski, 8/92 (SJCSJK)
The basic idea is that we filter all OpenFile() requests (Rq code 4) and
determine where it came from. (NOTE: BTOS II 3.0x systems are not able to
distinguish a request originated from another network node from a similar
request originated from its own workstation, so this service will not operate
correctly on BTOS II 3.0x servers.)
If the OpenFile() request is from this server workstation or one of its cluster
workstations, we forward the request to the local file system intact.
If the request came from an external node, we scrutinize both the path password
and any password appended the the filespec for a "Node Password", which is
interpreted to be a string appended to a regular local file system password
that begins with a password delimiter character. If the node password is
present and correct, the request is forwarded to the file system after the
node password is removed. Note that the 12 character password restriction may
require you to use shorter passwords to accomodate the password delimiter and
your node password.
The password delimiter character is configurable as parameter 3 of the
Configure Node Security command. Care must be taken in choosing a delimiter
value that will not pose interpretation problems such as the characters
"[!]<$>^" would (these all have standard meanings to the CTOS file system).
The default password delimiter character is "|".
There are two Node File Mode passwords, Read and Modify. A valid mode Modify
node password will permit both read and modify access. A valid mode Read node
password will permit only read access. It is possible to configure either or
both mode Read and Modify node passwords to be null, which grants access for
all OpenFile() local file system requests using that same Read or Modify file
mode. Note that a null mode Modify node password will override any mode Read
password and grant full access to your system for all requests, just as though
this service was not installed.
When the node passwords are configured, they are stored in a file called
[Sys]NetSecurity.cnfg. There is no "!" in the volume name of the
filespec to allow for using this service with the BNetII cluster workstation
network node feature. The passwords and password delimiter character are
encrypted within this one-sector file.
Note that this Net Node Security Service affects only the local file system,
and then only if requests originate from an external network node. OFIS Mail,
X.25, CD-ROM, and any other request that is not specifically the OpenFile()
request is NOT affected by the Net Node Security service.
The install resident service, deinstall service and configure passwords
functions are all included in this module. Three parameter CASE values are
used: 00 - Install as service, DE - deinstall an installed service and
CP - configure passwords. Example Executive commands for each are below:
Exec Command examples:
Configure Net Node Security - suggested command name (CASE = CP)
[Node read password]
[Node modify password]
[Password delimiter (|)]
Deinstall Net Node Security - suggested command name (CASE = DE)
Install Net Node Security - suggested command name (CASE = 00)
[Allow read-only access?]
The service loads resident using 8Kb RAM and names its partition "NetSecurity".
(
geocities.com/siliconvalley/pines/4011) (
geocities.com/siliconvalley/pines) (
geocities.com/siliconvalley)