?? RIGHT := 110 ??
?? NEWTITLE := 'NOS/VE Accounting and Validation: Security interfaces' ??
MODULE avm$security_interfaces;

{ PURPOSE:
{   This module contains interfaces used for secure operation.

?? NEWTITLE := 'Glodal Declarations Referenced by This Module', EJECT ??
?? PUSH (LISTEXT := ON) ??
*copyc avc$max_template_record_size
*copyc ave$validation_interface_errors
*copyc ave$unknown_security_option
*copyc fst$file_access_options
*copyc osd$integer_limits
*copyc ost$caller_identifier
?? POP ??
*copyc avp$security_option_active
*copyc avp$configuration_administrator
*copyc avp$prevalidate_job
*copyc avp$system_administrator
*copyc avp$system_displays
*copyc avp$system_operator
*copyc clp$convert_string_to_name
*copyc osp$set_status_abnormal
*copyc osp$verify_system_privilege
*copyc oss$mainframe_paged_literal
*copyc avv$security_option_names
*copyc osv$lower_to_upper
?? OLDTITLE ??
?? NEWTITLE := 'avp$get_removable_media_access', EJECT ??
{
{ PURPOSE:
{   This interface returns the access to a removable media group for which a
{   user is validated.
{
  PROCEDURE [XDCL, #GATE] avp$get_removable_media_access
    (    user: ost$user_name;
         family: ost$family_name;
         removable_media_access_name: ost$name;
     VAR access: fst$file_access_options;
     VAR status: ost$status);

    VAR
      default_attributes: ^avt$validation_items,
      group_index: ost$positive_integers,
      name_index: ost$positive_integers,
      removable_media_group: ost$name;

    status.normal := TRUE;
    osp$verify_system_privilege;
    #translate (osv$lower_to_upper, user, user);
    #translate (osv$lower_to_upper, family, family);
    #translate (osv$lower_to_upper, removable_media_access_name, removable_media_group);
    access := $fst$file_access_options [];

    PUSH default_attributes: [1 .. 1];
    default_attributes^ [1].key := avc$labeled_names_key;
    default_attributes^ [1].labeled_names_field := avc$removable_media_access;
    PUSH default_attributes^ [1].work_area: [[REP avc$max_template_record_size OF cell]];
    RESET default_attributes^ [1].work_area;

    avp$prevalidate_job (user, family, { validation_attributes } NIL, default_attributes, status);
    IF NOT status.normal THEN
      RETURN;
    IFEND;

    FOR group_index := 1 TO UPPERBOUND (default_attributes^ [1].labeled_names^) DO
      IF (default_attributes^ [1].labeled_names^ [group_index].label^ = removable_media_group) OR
            (default_attributes^ [1].labeled_names^ [group_index].label^ = 'ALL') THEN
        FOR name_index := 1 TO UPPERBOUND (default_attributes^ [1].labeled_names^ [group_index].names^) DO
          IF default_attributes^ [1].labeled_names^ [group_index].names^ [name_index] <> 'NONE' THEN
            IF default_attributes^ [1].labeled_names^ [group_index].names^ [name_index] = 'ALL' THEN
              access := -$fst$file_access_options [];
            ELSEIF default_attributes^ [1].labeled_names^ [group_index].names^ [name_index] = 'READ' THEN
              access := access + $fst$file_access_options [fsc$read, fsc$execute];
            ELSEIF default_attributes^ [1].labeled_names^ [group_index].names^ [name_index] = 'WRITE' THEN
              access := access + $fst$file_access_options [fsc$shorten, fsc$append, fsc$modify];
            IFEND;
          IFEND;
        FOREND;
        RETURN;
      IFEND;
    FOREND;

    osp$set_status_abnormal ('AV', ave$missing_required_capability, 'REMOVABLE_MEDIA_ACCESS', status);

  PROCEND avp$get_removable_media_access;
?? OLDTITLE ??
?? NEWTITLE := 'avp$security_option', EJECT ??
{
{ PURPOSE:
{   This interface returns the current state of the specifed security option.
{

  PROCEDURE [XDCL, #GATE] avp$security_option
    (    option: avt$security_option_name;
     VAR active: boolean;
     VAR status: ost$status);

    VAR
      caller_id: ost$caller_identifier,
      security_option: avt$valid_security_options,
      verified_option_name: clt$name;

    status.normal := TRUE;

    #CALLER_ID (caller_id);

{ Verify that the caller has authority to get this information.

    IF ((caller_id.ring > osc$sj_ring_3) AND (NOT (avp$system_displays () OR avp$system_administrator () OR
          avp$system_operator () OR avp$configuration_administrator () ))) THEN
      osp$set_status_abnormal ('AV', ave$insufficient_authority, '', status);
      RETURN;
    IFEND;

{ Verify that the string being passed in is a "name".

    clp$convert_string_to_name (option, verified_option_name, status);
    IF NOT status.normal THEN
      RETURN;
    IFEND;

    FOR security_option := LOWERVALUE (security_option) TO UPPERVALUE (security_option) DO
      IF avv$security_option_names [security_option] = verified_option_name.value THEN
        active := avp$security_option_active (security_option);
        RETURN;
      IFEND;
    FOREND;

    osp$set_status_abnormal ('AV', ave$unknown_security_option, verified_option_name.value, status);

  PROCEND avp$security_option;
?? OLDTITLE ??
MODEND avm$security_interfaces;
