CHAPTER 1 Bye Modifications SCLI depends upon a modified BYE program to re- establish security when a user logs off from a protected terminal. This chapter describes the modifications to the BYE program. 1.1 Overview BYE is a priveleged task which handles logout of a user from the RSX system. BYE is activated by the MCR "BYE" com- mand, or automatically when the system detects loss of car- rier on a remote line. NOTE This automatic logout feature only functions on lines which have been set remote (MCR SET /REMOTE=TTnn: command). It is possible to con- nect a modem to a non-remote terminal. If this is done, automatic logout will not work on that port. For the secure system, BYE is modified in two ways. The first determines that the terminal being logged off is a protected terminal (i.e., one known to SCLI), and estab- lishes SCLI as the command line interpreter for that termi- nal. The second modification causes bye to not force a protected terminal back to MCR (the normal logout function). A third modification included in the source kit is not required by the secure system. This modification allows all terminals to execute SYSLOGOUT.CMD as priveleged terminals. 1.2 USRSB The major modifications to BYE are implemented through the USRSB feature of BYE. BYE will call a user written su- broutine (entry point USRSB::), if such a routine is pre- sent. For SECURE, USRSB contains code and data to a) detect Bye Modifications Page 1-2 that a protected terminal is being logged out; and b) reset that terminal's CLI to SCLI, rather than the default of MCR. USRSB consists of a data PSECT, the main subroutine, and a subroutine to determine the terminal number from the UCB address. PSECT BYEDAT contains a simple table, JMBTBL, which identifies the protected terminals. MACRO "ENT" will con- struct a table entry. A table entry consists of the termi- nal number as an octal integer (word) value, followed by the CLI name in RAD50 format. Each table entry is three words long. The table must be terminated by a zero word. Note that, as written, it is not possible to protect TT0: (normally the system console). Null entries are normally left in the table, providing room to ZAP new records into the task image. USRSB operation is straightforward. Routine $WHATT is called to obtain the tt number of the terminal being logged off. This number is then compared against the entries in JMBTBL. If no match is found, the terminal is not a pro- tected terminal, and USRSB simply returns. If a match is found, USRSB issues a SCLI$ directive to set the terminal's CLI to that given in the table. If the SCLI directive fails, USRSB returns carry set, else carry clear. NOTE BYE will detect the error return from USRSB, and cause the terminal to be left with 'no' CLI - ef- fectively disabling the terminal. The other return from USRSB is in R0. If R0 is non- zero, BYE assumes that R0 points to an ASCIZ string to be printed on the user's terminal. This feature is only used if constant DBGMSG is defined in USRSB. If DBGMSG is de- fined, a string is constructed which prints the terminal number, as determined by $WHATT, and the string address is returned in R0. This helps debug the $WHATT routine, but is otherwise not useful. NOTE Although this routine was constructed for use with the security system, it is completely possible to use it to establish some other CLI on logout for a given terminal. The only requirement is that the Bye Modifications Page 1-3 CLI be installed and 'initialized' under the name contained in JMBTBL. It could be used, for exam- ple, to force an application CLI to a terminal. 1.3 BYE.MAC Modifications The remaining modifications are to the mainline module BYE.MAC. A word, SLVFLG, is added to the local data. This flag is used to save the error return status from USRSB. Also, the text the 'time of day' bye messages is altered. This is both grinns, and shows that the modified bye is in fact running. The first modification is at the point at which USRSB is called. SLVFLG is cleared just prior to the call to USRSB. On return from the routine, SLVFLG is incremented if carry is set, retaining the error indication for later use. At BYEXIT, BYE has done the preliminary work, and is ready to actually log the user off. BYE enters system state, and forces the terminal CLI to MCR, unless the CP.NIO and CP.LGO bits are set in the CLIDAT buffer. This buffer is filled in with information on the current CLI very early in BYE's run. Thus, an un-modified program would not known that a different CLI had been set by the USRSB routine. This deficiency is rectified by again calling GCII$ to re- fresh the CLIDAT buffer just prior to the switch to system state. The second call to GCII$ occurs after USRSB is called, and thus picks up information on the cli established by USRSB. Since SCLI is initialized with the "/LGO" and "/QUI" switches, BYE does not switch back to MCR. The code for this patch is simply copied from that near the beginning of BYE.MAC. After returning from system state (at BYEXT), several QIOs are done to configure the port. Following this, the terminal is set slaved, and SLVFLG checked. If SLVFLG is non-zero, the port is left slaved. Otherwise, it is reset non-slaved. Thus, if USRSB was unable to set SCLI to the port, it is left slaved, rather than in MCR. The final modification to BYE is not really needed for security. It does, however, increase the usefullness of the SYSLOGOUT.CMD facility dramatically. In routine CMDFIL, the user is unconditionally set priveleged prior to the call to indirect. This is 'safe', in that the user's terminal is slaved at this time. Of course, access to SYSLOGOUT.CMD must be restricted, or non-priv users might cause mischeif. Upon return from SYSLOGOUT, the terminal is unconditionally Bye Modifications Page 1-4 set non-priveleged, and remains so for the remainder of the logout process. This modification is especially useful in a virtual-disk envrionment, where it is desired to dismount and deallocate all of the user's virtual disks on logout. 1.4 Rebuilding BYE BYE must be rebuilt for each installation, since it is a priveleged task, overmapping the executive. Two versions must be maintained: one each for M and MPLUS. USRSB.MAC is the same for either M or MPLUS, but must be edited to prop- erly configure the terminal table for each installation. The remaining notes in this section apply directly to the MPLUS files in [1,101]. They also apply to the M specific files in [1,102]. USRSB is simply assembled (MAC USRSB,USRSB=USRSB). BYE is re-assembled with command file BYEASM.CMD, and rebuilt with command file BYE2BLD.CMD. The taskbuild files assume device TK: points to the 'sysgen work disk'. It is recom- mended that the archives be copied to the sysgen work disk, the site-specific modifications made there, and the task re- built on the sysgen work disk. The primary account for the BYE modifications is [1,101]. Files which are specific to 11M are found in [1,102]. To build BYE for M+, use the command files in [1,101]; for M, the ones in [1,102]. The source kits contain COR files to patch BYE.MAC using SLP. These correction files apply to MPLUS V2.1"E", and to M V4.1"B". If the release or update level change, examine the BYE.MAC source code for the new version very carefully, as the COR files will probably no longer work. If it is necessary to manually apply the patches, use a patched copy of BYE.MAC to locate the patches, and manually apply them to the new source using EDT. All of the patches carry audit trail "JMB219", making them easy to locate. Once a BYE.MAC has been created for the new release, use CMP to create a new COR file. The plant-specific files (such as USRSB.MAC) should be saved on the stdgen disk under the proper uic. It is necessary to modify the taskbuild file for BYE, in order to enable USRSB. Simply comment out the GBLDEF of USRSB, and specify USRSB in the input file list. The task- build file creates a task named BYE2, to help prevent confu- Bye Modifications Page 1-5 sion with the unmodified version built by SYSGEN. NOTE If an entire STDGEN release is being genned, the modified BYE source should be copied to the sysgen work disk, and the correct USRSB.OBJ placed in [1,24] prior to starting SYSGEN. Modify [1,20]BYEBLD.BLD to reference USRSB.OBJ, and let SYSGEN build the modified BYE program bye default. Having once modified BYEBLD.BLD, subsequent gens using the same work disk will automatically build the correct BYE.TSK. CONTENTS 1. Bye Modifications . . . . . . . . . . . . . . . . . 1-1 1.1 Overview . . . . . . . . . . . . . . . . . . . 1-1 1.2 USRSB . . . . . . . . . . . . . . . . . . . . . 1-1 1.3 BYE.MAC Modifications . . . . . . . . . . . . . 1-3 1.4 Rebuilding BYE . . . . . . . . . . . . . . . . 1-4