MULTICS DESIGN DOCUMENT MDD-004-01 To: MDD Distribution From: Paul Dickson Date: January 4, 1988 Subject: Functional Testing Abstract: This MDD contains documentation on the Multics Functional Testing Suite. Revisions: REVISION DATE AUTHOR initial July 1, 1985 Edward A. Ranzenbach 1 January 4, 1988 Kevin Fleming & Paul Dickson _________________________________________________________________ Multics Design Documents are the official design descriptions of the Multics Trusted Computing Base. They are internal documents, which may be released outside of Multics System Development only with the approval of the Director. i MDD-004-01 Functional Testing CONTENTS Page Section 1 Introduction . . . . . . . . . . . . . . 1-1 1.1 Audience for this Manual . . . . . 1-1 1.2 History . . . . . . . . . . . . . 1-1 1.3 Assurance that the System Follows the Criteria . . . . . . . . . . . . 1-2 1.3.1 Functional Testing . . . . . 1-2 1.3.2 Other Methods Of Ensuring that the System Follows the Criteria . . . . . . . . . . . . . 1-3 1.4 Security Properties to be Tested . 1-3 1.4.1 Discretionary Access Control (DAC) . . . . . . . . . . . . . . 1-3 1.4.2 Mandatory Access Control (MAC) . . . . . . . . . . . . . . 1-4 1.4.3 Auditing (AUDIT) . . . . . . 1-4 1.4.4 Labelling (LABEL) . . . . . . 1-4 1.4.5 Identification and Authentification (I_and_A) . . . . 1-4 Section 2 Designing A Functional Test Program . . . 2-1 2.1 Determining Security Relevancy . . 2-1 2.2 Determining Pass / Fail Criteria . 2-1 2.3 Testing Strategy . . . . . . . . . 2-2 2.3.1 MAC Tests . . . . . . . . . . 2-2 2.3.2 DAC Tests . . . . . . . . . . 2-4 2.3.3 LABEL Tests . . . . . . . . . 2-5 2.3.4 AUDIT Tests . . . . . . . . . 2-6 2.3.5 I_and_A Tests . . . . . . . . 2-6 Section 3 Writing Gate Test Programs . . . . . . . 3-1 3.1 Test Naming Conventions . . . . . 3-1 3.2 Sections of a Test Program . . . . 3-2 3.2.1 Parameter Validation Phase . 3-2 3.2.2 Environment Establishment Phase . . . . . . . . . . . . . . 3-3 3.2.3 Test Execution Phase . . . . 3-3 3.2.4 Environment Cleanup Phase . . 3-3 3.2.5 Success/Failure Determination Phase . . . . . . . . . . . . . . 3-4 3.3 Test Program Standards . . . . . . 3-4 ii Functional Testing MDD-004-01 CONTENTS (cont) Page 3.3.1 General Standards . . . . . . 3-4 3.3.2 Test Program Coding Standards 3-5 3.4 Bind Files and Source/Object Archives . . . . . . . . . . . . . . 3-7 3.5 Using Existing and New Testing Utilities . . . . . . . . . . . . . . 3-8 Section 4 Writing Gate Testing Utilites . . . . . . 4-1 4.1 Utility Naming Conventions . . . . 4-1 4.2 Utility Program Standards . . . . 4-1 4.3 Utility Program Documentation . . 4-1 4.4 Bind Files and Source/Object Archives . . . . . . . . . . . . . . 4-1 Section 5 The Functional Test Suite . . . . . . . . 5-1 5.1 The Testing Hierarchy . . . . . . 5-1 5.2 DAC, MAC, Audit, and Label tests . 5-3 5.3 The I_and_A Test Suite . . . . . . 5-3 Section 6 Changing The Functional Test Suite . . . 6-1 6.1 Library Maintenance Philosophy . . 6-1 6.1.1 The Sectest Lister Database . 6-1 6.2 Changing DAC, MAC, Audit and Label Tests . . . . . . . . . . . . . . . . 6-2 6.3 Changing the I_and_A Tests . . . . 6-2 Section 7 Running the Test Suite . . . . . . . . . 7-1 7.1 The sectest Command . . . . . . . 7-1 sectest . . . . . . . . . . . . . . 7-1 7.2 System Requirements . . . . . . . 7-6 7.2.1 System Environmental Considerations . . . . . . . . . . 7-6 7.2.2 Renaming system_low . . . . . 7-6 7.2.3 RCPRM . . . . . . . . . . . . 7-7 7.2.4 Conflicting Test Suites . . . 7-7 7.2.5 Per-Process Lasting Effects . 7-7 7.2.6 The Test Directory . . . . . 7-7 | 7.3 Security Test Suite Logs . . . . . 7-8 7.3.1 The sectest logs . . . . . . 7-8 7.4 Evaluating the Test Results . . . 7-10 7.5 Notes on Running Test Suite . . . 7-11 | 7.5.1 Answering Service Tests | (asr_) . . . . . . . . . . . . . . 7-11 | 7.5.2 Rcp_ Tests (rcp_) . . . . . . 7-11 | 7.5.3 Mdc_ Tests (mdc_) . . . . . . 7-11 | 7.5.4 Mca_ Test (mca_) . . . . . . 7-11 | 7.5.5 Ioi_ Tests (ioi_) . . . . . . 7-12 | iii MDD-004-01 Functional Testing CONTENTS (cont) Page | 7.5.6 Miscellaneous Items . . . . . 7-12 Section 8 Running the I_and_A Test Suite . . . . . 8-1 8.1 The I_and_A Test Scripts . . . . . 8-1 8.2 System Requirements . . . . . . . 8-1 8.3 Evaluating Test Results . . . . . 8-2 Appendix A A Sample Functional Test . . . . . . . . A-1 A.1 Written Documentation . . . . . . A-1 A.1.1 Test Program . . . . . . . . A-1 Sectest Lister Database Entry . A-1 A.1.2 Test Utilities . . . . . . . A-2 A.2 Source Code . . . . . . . . . . . A-2 A.2.1 Test Program . . . . . . . . A-2 Standard DAC Comment Block . . . A-2 Standard MAC Comment Block . . . A-3 Example Test Procedure . . . . . A-4 A.2.2 Test Utilities . . . . . . . A-5 Appendix B Map of the Security Hierarchies . . . . . B-1 Appendix C I_and_A Test Scripts and Results . . . . C-1 | C.1 Normal Login Interactive User . . C-1 | C.2 Normal Login Absentee User . . . . C-40 | C.3 Anonymous Enter Absentee User . . C-51 | C.4 Anonymous Enter Intereactive User C-62 | C.5 Anonymous Enterp Interactive User C-80 | C.6 Dial Service Interactive User . . C-99 | C.7 Dial Service Anonymous Interactive | User . . . . . . . . . . . . . . . . C-121 | C.8 Slave Service Interactive User . . C-136 Appendix D Documentation for the Testing Utilities . D-1 D.1 The tu_ subroutine . . . . . . . . D-1 tu_$accept_mbx_wakeups . . . . . . D-1 | tu_$acknowledge_wakeup . . . . . . D-2 tu_$add_mbx_message . . . . . . . . D-4 tu_$add_mbx_message_wakeup . . . . D-5 tu_$add_my_mbx_message . . . . . . D-6 tu_$add_my_queue_message . . . . . D-7 tu_$add_queue_message . . . . . . . D-8 | tu_$add_user_message . . . . . . . D-9 | tu_$allocate_dm_journal . . . . . . D-10 | tu_$attach_autocall_channel . . . . D-10 | tu_$attach_slave_channel . . . . . D-11 | tu_$cancel_absentee_request . . . . D-12 | tu_$channel_assign . . . . . . . . D-13 iv Functional Testing MDD-004-01 CONTENTS (cont) Page tu_$channel_assign_other . . . . . D-13 | tu_$channel_attach . . . . . . . . D-14 | tu_$channel_attach_other . . . . . D-14 | tu_$channel_detach . . . . . . . . D-15 | tu_$channel_detach_other . . . . . D-15 | tu_$channel_get_free . . . . . . . D-16 | tu_$channel_lookup . . . . . . . . D-16 | tu_$channel_release . . . . . . . . D-17 | tu_$channel_release_other . . . . . D-17 | tu_$check_as_audit . . . . . . . . D-18 tu_$check_as_freeform_audit . . . . D-19 tu_$check_syserr_audit . . . . . . D-20 tu_$check_syserr_freeform_audit . . D-21 tu_$create_DAC_case_segment . . . . D-22 tu_$create_DAC_case_segment_ptr . . D-23 tu_$create_MAC_case_segment . . . . D-25 tu_$create_MAC_case_segment_ptr . . D-25 tu_$create_acs . . . . . . . . . . D-26 tu_$create_admin_acs . . . . . . . D-27 tu_$create_channel_acs . . . . . . D-28 tu_$create_directory . . . . . . . D-29 tu_$create_lv_acs . . . . . . . . . D-30 tu_$create_lv_quota_account . . . . D-31 tu_$create_mailbox . . . . . . . . D-32 tu_$create_mc_acs . . . . . . . . . D-33 tu_$create_mdirectory . . . . . . . D-34 tu_$create_message_segment . . . . D-35 tu_$create_pnt . . . . . . . . . . D-36 | tu_$create_rcp_acs . . . . . . . . D-37 tu_$create_segment . . . . . . . . D-38 tu_$defer_mbx_wakeups . . . . . . . D-39 tu_$delete_acs . . . . . . . . . . D-40 tu_$delete_admin_acs . . . . . . . D-40 tu_$delete_channel_acs . . . . . . D-41 tu_$delete_directory . . . . . . . D-41 tu_$delete_lv_acs . . . . . . . . . D-42 tu_$delete_mailbox . . . . . . . . D-42 tu_$delete_mc_acs . . . . . . . . . D-43 tu_$delete_mdirectory . . . . . . . D-43 tu_$delete_message_segment . . . . D-44 tu_$delete_pnt . . . . . . . . . . D-44 | tu_$delete_rcp_acs . . . . . . . . D-45 tu_$delete_segment . . . . . . . . D-45 tu_$delete_user_message . . . . . . D-46 | tu_$deregister_lv . . . . . . . . . D-46 tu_$detach_autocall_channel . . . . D-47 | tu_$detach_slave_channel . . . . . D-48 | v MDD-004-01 Functional Testing CONTENTS (cont) Page | tu_$enter_absentee_request . . . . D-48 tu_$entry_exists . . . . . . . . . D-50 tu_$execute_as_volume_admin . . . . D-51 tu_$expand_pathname . . . . . . . . D-52 | tu_$free_dm_journal . . . . . . . . D-53 | tu_$get_channel_aim_attributes . . D-53 tu_$get_mdir_reg_info . . . . . . . D-54 | tu_$get_message_mailbox . . . . . . D-55 | tu_$get_message_ms . . . . . . . . D-56 tu_$get_modes . . . . . . . . . . . D-57 tu_$get_properties_acs . . . . . . D-57 tu_$get_properties_admin_acs . . . D-58 tu_$get_properties_channel_acs . . D-59 tu_$get_properties_directory . . . D-60 tu_$get_properties_lv . . . . . . . D-61 tu_$get_properties_lv_acs . . . . . D-62 tu_$get_properties_mbx . . . . . . D-62 tu_$get_properties_mc_acs . . . . . D-63 tu_$get_properties_ms . . . . . . . D-64 | tu_$get_properties_pnt . . . . . . D-65 tu_$get_properties_rcp . . . . . . D-66 tu_$get_properties_rcp_acs . . . . D-67 tu_$get_properties_segment . . . . D-67 tu_$get_quota_account_info . . . . D-68 | tu_$initiate_in_lower_ring . . . . D-69 tu_$ioi_attach_in_other_process . . D-70 tu_$ioi_detach_in_other_process . . D-71 tu_$ioi_map_over_DAC_cases . . . . D-71 tu_$library_retrieve_segment . . . D-72 tu_$log_audit . . . . . . . . . . . D-73 tu_$log_failed . . . . . . . . . . D-74 tu_$log_failed_abort . . . . . . . D-75 tu_$log_failed_binary_abort . . . . D-77 tu_$log_failed_binary . . . . . . . D-78 tu_$log_passed . . . . . . . . . . D-79 tu_$log_skipped . . . . . . . . . . D-80 | tu_$log_waived . . . . . . . . . . D-81 tu_$log_warning . . . . . . . . . . D-81 | tu_$lv_acs_path . . . . . . . . . . D-82 tu_$lv_quota_account_exists . . . . D-83 tu_$map_over_DAC_cases . . . . . . D-84 tu_$map_over_MAC_cases . . . . . . D-87 tu_$map_over_MAC_range_cases . . . D-89 | tu_$publish_ev_chn . . . . . . . . D-91 tu_$rcp_acquire . . . . . . . . . . D-93 | tu_$rcp_acs_path . . . . . . . . . D-94 tu_$rcp_add_all_other_devices . . . D-95 vi Functional Testing MDD-004-01 CONTENTS (cont) Page tu_$rcp_assign . . . . . . . . . . D-96 tu_$rcp_cancel_id . . . . . . . . . D-97 | tu_$rcp_demount_lv . . . . . . . . D-97 tu_$rcp_deregister . . . . . . . . D-98 tu_$rcp_delete_all_other_devices . D-99 tu_$rcp_fill_device_info . . . . . D-100 tu_$rcp_fill_reservation_desc . . . D-101 tu_$rcp_fill_resource_desc . . . . D-102 tu_$rcp_register . . . . . . . . . D-104 tu_$rcp_release . . . . . . . . . . D-105 tu_$rcp_select_device_name . . . . D-106 tu_$rcp_unassign . . . . . . . . . D-107 tu_$register_lv . . . . . . . . . . D-108 tu_$rename_acs . . . . . . . . . . D-109 | tu_$send_admin_command . . . . . . D-109 tu_$set_channel_aim_attributes . . D-110 | tu_$set_dialok_attribute . . . . . D-111 | tu_$set_properties_acs . . . . . . D-112 tu_$set_properties_admin_acs . . . D-113 tu_$set_properties_channel_acs . . D-114 tu_$set_properties_directory . . . D-115 tu_$set_properties_lv . . . . . . . D-116 tu_$set_properties_lv_acs . . . . . D-117 tu_$set_properties_mbx . . . . . . D-118 tu_$set_properties_mc_acs . . . . . D-119 tu_$set_properties_ms . . . . . . . D-120 tu_$set_properties_pnt . . . . . . D-121 | tu_$set_properties_rcp . . . . . . D-122 tu_$set_properties_rcp_acs . . . . D-123 tu_$set_properties_segment . . . . D-124 tu_$set_wdir . . . . . . . . . . . D-125 | tu_$start_dial_id_service . . . . . D-125 | tu_$stop_dial_id_service . . . . . D-126 | tu_$syserr . . . . . . . . . . . . D-127 | tu$translate_dial_msg . . . . . . . D-127 | tu$translate_error_code . . . . . . D-128 | tu$try_to_initiate_file . . . . . . D-128 | tu$try_to_initiate_refname . . . . D-129 | TABLES Table 2-1. AIM Test Cases . . . . . . . . . . . . . 2-2 Table 2-2. AIM Range Test Cases . . . . . . . . . . 2-4 Table 2-3. DAC Test Cases . . . . . . . . . . . . . 2-5 vii MDD-004-01 Functional Testing Table 3-1. Default Security Attributes . . . . . . . 3-8 Table 5-1. >sec_ldd Hierarchy Summary . . . . . . . 5-3 Table 7-1. Sample Test Log . . . . . . . . . . . . . 7-9 Table 8-1. Project And User Requirements for I&A Scripts . . . . . . . . . . . . . . . . 8-2 Table B-1. >security Map . . . . . . . . . . . . . . B-1 Table B-2. >security_library_dir_dir Map . . . . . . B-2 viii Functional Testing MDD-004-01 SECTION 1 INTRODUCTION _1_._1 _A_U_D_I_E_N_C_E _F_O_R _T_H_I_S _M_A_N_U_A_L _1_._2 _H_I_S_T_O_R_Y It has long been recognized that a need exists for users to be able to trust their operating systems to perform within a strict set of access guidelines. These strict access control guidelines, when properly enforced, provide a system that ensures ethical and protected processing of data. Many of the concepts and theories necessary to enforce these guidelines have long been in place in secure operating systems(1) but to date there has been no process for certifying that the implementation of those concepts function correctly within the specified security model. In October 1967 a task force was assembled under the auspices of the Defense Science Board to address computer safeguards that would protect classified information in remote access, resource sharing computer systems. The Task Force report "Security Controls for Computer Systems" was published in February of 1970 and made a number of policy recommendations on actions to reduce the threat of compromise of classified information processed on remote systems. In the following years various DoD agencies developed solutions to the technical problems associated with protecting classified data being run on these remotely accessed systems. The private sector also became involved as vendors of operating systems that implemented many of these technical solutions. At the fore front of this effort was a joint effort by the DoD, Bell Laboratories, The Massachusetts Institute of Technology and General Electric to develop a utility grade, shared resource time sharing system whose initial design considered the technical solutions being proposed to many of _________________________________________________________________ (1) For additional information see MDD-002 "Multics Security Model - Bell and LaPadula" 1-1 MDD-004-01 Functional Testing these security problems. The system grew to be the Multics operating system. In the late 1970's the MITRE corporation began work, under DoD directive, on developing a set of evaluation criteria that could be used to assess the degree of trust that one could put into their operating system. This criteria was used as the basis for the "DoD Trusted Computer System Evaluation Criteria", better known as "the orange book".(1) This will hereafter be referred to as "the criteria". The criteria define the trusted portions of an operating system, known as the Trusted Computing Base (TCB), as well as the process and standards used to ensure the correct operation of the TCB with respect to the criteria. Within the Multics operating system, the TCB is defined as: ox Hardware and associated microcode. ox Software executing in rings 0 and 1. ox Software executing in the Front end Network Processor. ox All user ring software requiring access to gates that circumvent the normal access requirements for rings > 1. (2) In January of 1981 the DoD Computer Security Center (DoD-CSC) was formed to expand and encourage efforts that would result in widespread availability of trusted computer systems. This has become the certifying agency for trusted computer systems. _1_._3 _A_S_S_U_R_A_N_C_E _T_H_A_T _T_H_E _S_Y_S_T_E_M _F_O_L_L_O_W_S _T_H_E _C_R_I_T_E_R_I_A _1_._3_._1 _F_u_n_c_t_i_o_n_a_l _T_e_s_t_i_n_g The purpose of the evaluation process is to ensure that the system under evaluation follows the criteria. The evaluation process is multi-faceted requiring evaluation of the documentation describing the operation of the TCB as well as its interaction with the non-trusted portions of the operating system. Also included as part of the evaluation process is a penetration study, to determine the effectiveness of the TCB to _________________________________________________________________ (1) DoD publication CSC-STD-001-83 August, 1983 (2) For more information consult MAB-070, "Multics Configuration Management: Policy Statement" 1-2 Functional Testing MDD-004-01 prevent unauthorized use of the services that it provides. Additionally, a covert channel analysis is also required to determine, and correct, situations that would allow the disclosing of classified information through other than normal channels. All of these phases of evaluation are described in the criteria and are outside the scope of this document. The reader is encouraged to reference this document for more information about these processes. The evaluation process further states that all entries to the TCB must be tested to ensure that they properly enforce the security model proposed by the criteria. This is the purpose of functional testing. For Multics it was decided, by the evaluation team, that the TCB included all of ring 0, ring 1 and selected secure subsystems.(1) For rings 0 and 1, entrance to the TCB is through the various gates into those rings, thus the testing of those TCB entries is performed at the gate level. Each gated entry into the TCB must be evaluated with respect to which security properties that it must enforce and appropriate tests are then written to test the entry to ensure that it does not violate the enforcement of those properties. _1_._3_._2 _O_t_h_e_r _M_e_t_h_o_d_s _O_f _E_n_s_u_r_i_n_g _t_h_a_t _t_h_e _S_y_s_t_e_m _F_o_l_l_o_w_s _t_h_e _C_r_i_t_e_r_i_a _1_._4 _S_E_C_U_R_I_T_Y _P_R_O_P_E_R_T_I_E_S _T_O _B_E _T_E_S_T_E_D The security properties for which each TCB entry must be evaluated, and possibly tested, are Discretionary Access Control (DAC), Mandatory Access Control (MAC), Auditing (AUDIT), Labelling (LABEL) and Identification and Authentication (I_and_A). Within the Multics model, DAC and MAC are considered primary security properties since they are always explicitly tested for. The AUDIT and LABEL properties are considered to be secondary properties since, in most cases, explicit tests need not be written for them but they, instead, are implicitly tested when the DAC and MAC tests are run. The I_and_A property is considered by itself since only the answering service is concerned with the identification and authentication of users. Each of these properties is further described in the following paragraphs. _________________________________________________________________ (1) For the MR11.0 release of Multics the only secure subsystem is the answering service. 1-3 MDD-004-01 Functional Testing _1_._4_._1 _D_i_s_c_r_e_t_i_o_n_a_r_y _A_c_c_e_s_s _C_o_n_t_r_o_l _(_D_A_C_) This property describes those portions of the security model dealing with the user's ability to control access to file system objects and devices that are currently under his control. _1_._4_._2 _M_a_n_d_a_t_o_r_y _A_c_c_e_s_s _C_o_n_t_r_o_l _(_M_A_C_) This property describes the non-discretionary portions of the security model dealing with those security attributes outside of the users control. In Multics this is implemented within the Access Isolation Mechanism (AIM) which prevents the unauthorized disclosure of information. _1_._4_._3 _A_u_d_i_t_i_n_g _(_A_U_D_I_T_) This property refers to the audit trails left by TCB interfaces that can be used to detect unauthorized, and if the site wishes, authorized, attempts to access information and devices. Almost all TCB entries perform some kind of auditing. These audit trails are in the form of messages written to various protected system logs. _1_._4_._4 _L_a_b_e_l_l_i_n_g _(_L_A_B_E_L_) This property refers to the labels that are given to file system objects, devices and other resources. These labels indicate the access class of the owner and thus serve as a means of controlling access to these objects within a specified access class range. _1_._4_._5 _I_d_e_n_t_i_f_i_c_a_t_i_o_n _a_n_d _A_u_t_h_e_n_t_i_f_i_c_a_t_i_o_n _(_I___a_n_d___A_) This property refers to the correct operation of those system procedures that identify and authenticate users. Within Multics this refers to those programs which make up the answering service. This subsystem prevents unauthorized entry into the system and limits the process for a given user's person ID to the appropriate privilege, as specified in the various system administration tables. 1-4 Functional Testing MDD-004-01 SECTION 2 DESIGNING A FUNCTIONAL TEST PROGRAM _2_._1 _D_E_T_E_R_M_I_N_I_N_G _S_E_C_U_R_I_T_Y _R_E_L_E_V_A_N_C_Y The first step in designing a functional test is to determine which security properties are relevant to the correct behavior of the procedure under test. If the procedure deals with manipulating data that have per-process effects only then it may not have to be tested at all. In such a case the procedure is said to be "excepted" for all properties and must be well documented as such. As a rule, any property that is not relevant to a procedure must be fully documented as to the reasons for the irrelevancy. Those system procedures responsible for manipulating file system objects may be relevant to all of the security properties while others may be relevant to only a subset of the security properties. For example, a procedure creating a file would have to ensure that the user had discretionary access to the containing directory (DAC). Similarly, that procedure would have to ensure that the access class of the containing directory would allow creations by the user (MAC). When the file is created the procedure must ensure that it is created at the access class of the author and labelled with that access class (LABEL). Any attempts to create the file without proper access would have to be logged, thus leaving an audit trail to detect attempted access violations (AUDIT). Since this procedure assumes that the user has been previously identified and authenticated it is not relevant to test the I_and_A property. This property is thus considered excepted and must be documented as such. _2_._2 _D_E_T_E_R_M_I_N_I_N_G _P_A_S_S _/ _F_A_I_L _C_R_I_T_E_R_I_A Once the relevant properties for a particular procedure have been chosen it will be necessary to design a test which, when run, will determine if the procedure operates correctly with respect to the property being tested. This test will normally be composed of several test cases designed to test the procedure within various access ranges. This range must be representative 2-1 MDD-004-01 Functional Testing of a reasonable subset of all possible combinations of the accesses available. The range of cases tested for must include not only those in which successful operation will be GRANTED by the TCB but also those that will cause the TCB to DENY operation. Thus, a particular test case is said to have passed if it was either supposed to GRANT access, and did or it was to DENY access and did. In the case of the AUDIT property, successful tests are those that produce the proper audit trails with respect to a particular test case's expected results. Similarly, the LABEL property is successfully tested if those objects manipulated by the test cases are properly labeled. It is for these reasons that the AUDIT and LABEL properties are rarely tested within standalone tests but are instead tested within tests for the MAC and DAC property tests. The I_and_A property, since it deals with user identification and authentication during login, is normally tested by means of test scripts. These test scripts are used by the tester to drive the answering service through an appropriate set of login attempts that present a range of test cases. As with tests for the other properties, certain of these test cases are designed to fail with predictable results. The success of these test cases is thus dependent on their failing in the predicted manner. Utilities have been provided to perform tests for the DAC and MAC properties of many entries. These utilities are discussed in Section 3.5. _2_._3 _T_E_S_T_I_N_G _S_T_R_A_T_E_G_Y _2_._3_._1 _M_A_C _T_e_s_t_s Any TCB entry that considers AIM restrictions on objects must have a program to test its adherence to AIM policy. The program must test situations where the object under consideration is at AIM levels greater, lower, and equal to the test process level and where the object has categories which are a subset of the process categories, a superset, equal, and isolated. The matrix below illustrates the resulting test cases: Categories: subset superset equal isolated Levels: greater #1 #2 #3 #4 equal #5 #6 #7 #8 lower #9 #10 #11 #12 Table 2-1. AIM Test Cases 2-2 Functional Testing MDD-004-01 The actual values of the levels and categories can be found in the data structure defined in "sectest_config_info.cds".(1) Test programs should use the special utility "tu_$map_over_MAC_cases" to automatically sequence through this table of test cases. Note that this utility simplifies the test programs by centralizing the definition of the test cases and the determination of the proper results. Some TCB objects have an AIM range for their access class. A range allows an object to be accessed by users at more than one authorization. An AIM range is defined by two simple access class values (each with a level and categories). These delimit the high and low ends of the range. The higher end access class must dominate the lower end access class. Because AIM ranges are used slightly differently in various parts of the TCB, testing a small number of cases is insufficient to demonstrate adherence to dominance rules. Thus, a larger set of cases was devised to thoroughly test the TCB's checking of AIM ranges. Impact on programming effort to cover the extra cases is not a concern since a utility to automatically sequence through the test cases is provided. The following lists summarize the different level ranges and categories ranges that are tested: _________________________________________________________________ (1) All utility source programs reside in >sec_ldd>utility>source. See Section 5.1 for more information. 2-3 MDD-004-01 Functional Testing Level Ranges: (in all cases L1 <= L2 as per definition) process < L1 < L2 process < L1 = L2 L1 < L2 < process L1 = L2 < process L1 < process < L2 L1 = process = L2 Category Ranges: (in all cases C1 <= C2 as per definition) C1 < process; C2 < process C1 < process; process < C2 process < C1; process < C2 process ^= C1; process < C2 process ^= C1; process < C2 C1 < process; process ^= C2 process ^= C1; process < C2 process ^= C1; process ^= C2 process ^= C1; process ^= C2 process = C1; process = C2 process = C1; process < C2 (AIM category cases which appear equivalent here are actually coded as different situations of isolated categories where: (1) some are in common; (2) none are in common) Table 2-2. AIM Range Test Cases As with simple AIM test cases, the actual values of the level and category ranges can be found in the data structure defined in "sectest_config_info.cds". Test programs should use the special utility "tu_$map_over_MAC_range_cases" to automatically sequence through this table of test cases. _2_._3_._2 _D_A_C _T_e_s_t_s Any TCB entry that considers ACL or ring bracket restrictions on objects must have a program to test its adherence to DAC policy. The program must test situations where the object under consideration has ACL sufficient for the operation, insufficient, and null and has rings at the process validation level and below it. Also, the situations where the object's parent (where applicable) has sufficient, insufficient, and null ACL must be tested. The lists below describe the necessary cases: 2-4 Functional Testing MDD-004-01 ACL RING_BRACKET (EFFECTIVE_ACL) --- ------------ --------------- Segments: NULL REW NULL R REW R RW REW RW RW NULL NULL RW RE RE Directories: NULL SM NULL S SM S A SM A SA SM SA SM SM SM SMA SM SMA SMA NULL NULL SMA S S Parent: NULL SM NULL S SM S SA SM SA SM SM SM SMA NULL NULL SMA S NULL RCP Resources: NULL REW NULL R REW R RW REW RW REW REW REW REW NULL NULL REW R R Table 2-3. DAC Test Cases The parent DAC cases are combined with each of the segment/directory cases to produce a matrix of test cases. Each interesting combination of object and parent DAC properties is thus covered. As with MAC test cases, the actual values of the DAC properties can be found in the data structure defined in "sectest_config_info.cds". Test programs should use the special utility "tu_$map_over_DAC_cases" to automatically sequence through this table of test cases. _2_._3_._3 _L_A_B_E_L _T_e_s_t_s There are no specific test programs required to test adherence to LABEL properties. Security labeling is tested 2-5 MDD-004-01 Functional Testing implicitly in all the MAC and DAC test programs. That is, generation of the expected results for the test cases implies that the proper labels appear on system objects. The one exception is that LABEL checking must be performed explicitly for those TCB entries that create objects. The single required test case must verify that objects are created with an access class label equivalent to the authorization of the test process. The test case must be included in the program that performs the MAC testing for the gate. _2_._3_._4 _A_U_D_I_T _T_e_s_t_s There are no specific test programs required to test adherence to AUDIT properties. Security audit trail testing is "piggybacked" on the DAC and MAC test programs. Upon completion of each test case, the test program calls a special utility "tu_$log_audit" which verifies that the proper security audit message has been generated. The tu_$log_audit utility scans the appropriate system log over the interval delimited by "sectest_args.case_start_time" and "sectest_args.case_end_time". These time values are set by the test program just before and after the gate under test is called. The required audit message should appear within this interval. To identify the expected message, the test program supplies tu_$log_audit with the encoded access operation (i.e. the entry in access_operations_), a flag which specifies that the message should reflect GRANT or DENY, and the name of the object. In addition, the utility uses the process_ID to make certain the proper message will be found and that messages from other processes will not interfere with its determination. _2_._3_._5 _I___a_n_d___A _T_e_s_t_s Identification and Authentication of a user is performed before a process is created for that user. The process is labeled with an access authorization that cannot be changed. Thus, most TCB entrypoints need not perform explicit I_and_A security checks. The only part of the TCB that does perform I_and_A checks is the Answering Service. Testing its adherence to I_and_A policy is done by running, manually, a set of test scripts which tests various answering service functions. A copy of these test scripts appear in Appendix C of this MDD. 2-6 Functional Testing MDD-004-01 SECTION 3 WRITING GATE TEST PROGRAMS _3_._1 _T_E_S_T _N_A_M_I_N_G _C_O_N_V_E_N_T_I_O_N_S The following naming standards should be followed for all functional test programs. ox Test module names will be constructed from the gate, name and security property being tested, as in: GATE_ENTRY_dac The security property suffices are: Property Suffix AUDIT _audit DAC _dac I_and_A _ia LABEL _label MAC _mac For example, hcs_fs_get_mode_dac.pl1 and hcs_fs_get_mode_mac.pl1 test the DAC and MAC properties of hcs_$fs_get_mode. Test modules may not combine tests of the DAC and MAC properties. For those gates, or subsystems, whose names are more than 3 characters long the following aliases may be used: Gate Name Alias AS_request asr_ dm_hcs_ dmh_ installation_gate_ ig_ mailbox_ mbx_ message_segment_ ms_ pnt_fs_gate_ pfg_ restart_fault rf_ user_message_ um_ 3-1 MDD-004-01 Functional Testing _3_._2 _S_E_C_T_I_O_N_S _O_F _A _T_E_S_T _P_R_O_G_R_A_M Tests are implemented as PL/I procedures with one entrypoint. The calling sequence of this entrypoint is described * in Section 3.2.1 of this document. All test procedures are required to begin with a standard comment block. An example of this comment block can be found in Appendix A of this MDD. A test procedure is implemented in five distinct phases. These are: ox Parameter Validation ox Environment Establishment ox Test Execution ox Environment Cleanup ox Success/Failure Determination Each of these phases is discussed separately. _3_._2_._1 _P_a_r_a_m_e_t_e_r _V_a_l_i_d_a_t_i_o_n _P_h_a_s_e The first responsibility of the test is to ensure that it was called correctly. All tests must support the following calling sequence: _U_S_A_G_E declare test_name entry (ptr) returns (bit(1) aligned); successful = test_name(sectest_args_ptr); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure as declared in sectest_args.incl.pl1 _N_O_T_E_S The sectest_args structure is allocated and partially filled in by the test driver. The returned "bit(1) aligned" indicates failure or passage of the test, "1"b indicating success. Any additional information about test success or failure is logged, by the test, through a set of utilities described elsewhere in this MDD. 3-2 Functional Testing MDD-004-01 _3_._2_._2 _E_n_v_i_r_o_n_m_e_n_t _E_s_t_a_b_l_i_s_h_m_e_n_t _P_h_a_s_e The Environment Establishment phase of the test is used to establish the environment under which the test will run. It is during this phase that any special segments, directories or any other objects that will be needed by the test are created through the use of the test utility routines. All environment setup must be done in internal procedures to the test and be appropriately reverted during cleanup conditions. _3_._2_._3 _T_e_s_t _E_x_e_c_u_t_i_o_n _P_h_a_s_e This phase performs the individual test cases constituting the test. As each case begins, the first action it should take is to set the field "case_start_time" to the current clock value. This clock value, in conjunction with the "case_end_time" clock value, will be used by various utilities to retrieve audit messages generated by the test. Additionally the test must set the "case_in_progress" field indicating which test case is currently running. The execution of individual test cases is controlled by the individual bits in the field "select_case". That is: if substr(sectest_args.select_case, case_index, 1) then do; is used to control the execution of an individual test case. Since each case may be run independently no one case should be dependent on the actions of another.(1) At its conclusion, each test case should leave the environment as it found it. At the conclusion of the test case, that case should determine whether or not it generated the expected results. Once this is done the test case must log its success or failure by calling the appropriate utility for this purpose. The last action taken by each test should be to set the field "case_end_time". As with the Environment Setup phase, the Test Execution Phase must be protected by a cleanup handler which will leave the environment as it was prior to test execution. _________________________________________________________________ (1) It is acceptable for all cases to expect that the Environment Setup phase has provided a segment with "rw" access but it is unacceptable for the fourth test in the test case series to be dependent upon the third case having changed the access to the object segment. 3-3 MDD-004-01 Functional Testing _3_._2_._4 _E_n_v_i_r_o_n_m_e_n_t _C_l_e_a_n_u_p _P_h_a_s_e Each test must be designed to leave the environment in the same condition as it was prior to the test run. This is the contract of the Environment Cleanup phase of the test. All segments, directories or any other object created by the test must be deleted. Any object manipulated by the test should be left in the condition it was found in when the test began. _3_._2_._5 _S_u_c_c_e_s_s_/_F_a_i_l_u_r_e _D_e_t_e_r_m_i_n_a_t_i_o_n _P_h_a_s_e The responsibility of determination of success or failure of the test, or individual test cases, is left to the test itself. The test must be designed with expected results in mind. The test will attempt an operation and expect a result. If the expected result is not obtained, false ("0"b) is returned to the driver. If all test cases return expected results, true ("1"b) is returned. The test is expected to log all successes and failures of individual test cases through the provided utilities. _3_._3 _T_E_S_T _P_R_O_G_R_A_M _S_T_A_N_D_A_R_D_S A main concern in writing functional tests is the audience who will read the test modules. Those people who will evaluate the Multics system for security ratings do not necessarily have a PL/I background and are not Multics system programmers. Thus, great pains must be taken to ensure that the code is written as clearly as possible. Of primary importance is that the code be very simple and exhibit similar appearance and structure. _3_._3_._1 _G_e_n_e_r_a_l _S_t_a_n_d_a_r_d_s ox All modules are considered Honeywell proprietary and must be properly protected by adding proprietary notices. This is done with the following command line: add_pnotice PATH -default_trade_secret ox All modules must use the same PL/I source format. This is done by using the format_pl1 command. Each source module must have the following format comment as the first statement in the module: /* format: style4,indattr */ ox All test modules are to take one input parameter, a pointer to the sectest_args structure, and are to return a "bit(1) aligned" value indicating success or failure of the test, "1"b indicating success. 3-4 Functional Testing MDD-004-01 ox All internal procedures must begin on a new page. ox All errors shall be reported via the sub_err_ subroutine. If the error occurs in the Sectest_Server.SysDaemon's process the sub_err_ call will be automatically transferred to the test process by the daemon interface, st_process_daemon_request_. Calls to sub_err_ are not expected to occur and indicate failure either of the system or the functional test. ox All setup and cleanup done by the module should be implemented as an internal procedure. ox All include file declarations should appear, alphabetized, at the end of the module. ox Declarations of identifiers should be grouped by the general classes of "Automatic", "Based", "Entries", "External", "Parameter", "Static" and "Miscellaneous"; each group should be labeled with a comment. Identifiers should be in alphabetical order within these groups. ox Parameter names, for external entrypoints, must be prefixed with "P_". All parameter declarations must explicitly include the "parameter" attribute. It is recommended that all general classes of identifiers include the class attribute (e.g. "automatic", "based", "static", etc.) in their declarations. ox Names of labels and constants must appear in upper case. It is strongly recommended that internal procedure names also appear in upper case. _3_._3_._2 _T_e_s_t _P_r_o_g_r_a_m _C_o_d_i_n_g _S_t_a_n_d_a_r_d_s Functional test programs should follow all of the coding standards for installed Multics system programs described in MAB-068. Additionally, each test module must conform to the following rules: ox Each module will exhibit a standard comment header describing the test cases it performs. An example of this header is included in appendix A of this MDD. ox Each module should contain history comments as generated by the history_comment command, described in MTB-716, for any modifications made after MR11.0. ox Test modules are to be constructed with setup, cleanup and run internal procedures. When applicable, these procedures are to be called by the utilities tu_$map_over_DAC_cases, 3-5 MDD-004-01 Functional Testing tu_$map_over_MAC_cases and tu_$map_over_MAC_range cases to perform their tests. This will centralize the test decision process, thus making it more maintainable. Should this approach not be suitable for a particular test program it should, at a minimum, be driven by an internal table of test cases. This table contains, for each test case, environment setup information and expected results. Internal routines for setup, run, results checking and cleanup should should be constructed as follows: . . call GENERAL_SETUP(); do case_index = lbound(test_defs) to hbound(test_defs); call CASE_SETUP(case_index); call CASE_RUN(case_index); call CHECK_RESULTS(case_index); call CASE_CLEANUP(case_index); end; call GENERAL_CLEANUP(); . . Any additional information needed by the various routines may also be passed as parameters. ox Test cases will be coded without dependencies upon previous test cases. It is encouraged that test cases be coded so that they execute based upon the value of their case number selection switch as follows: if substr(sectest_args.select_case, case_index, 1) then do; Each test case is responsible for leaving the system as it was before the test case was run. Flags should be used as appropriate to ensure that proper cleanup occurs as necessary. ox It is the responsibility of the test module to call any utilities necessary to undo any setup done by a utility call in normal operation. For example, a test module that calls a utility to register a resource must call the appropriate utility to de-register the resource during cleanup. An example follows: created_segment = ""b; on cleanup call GENERAL_CLEANUP(); call GENERAL_SETUP(); . . 3-6 Functional Testing MDD-004-01 call GENERAL_CLEANUP(); return; GENERAL_SETUP: proc(); call tu_$create_segment(...); created_segment = "1"b; end GENERAL_SETUP; GENERAL_CLEANUP: proc(); if created_segment then do; call tu_$delete_segment(...); created_segment = ""b; end; end GENERAL_CLEANUP; ox Test modules should not check the version of sectest_args. This will be accomplished by all utilities called. Test modules may only modify the following components of the sectest_args structure: case_start_time case_end_time case_in_progress ox All tests must check to see that the expected results were obtained. The first check is to make sure that the TCB entry being tested did not change any input-only parameters. This means that the test module will have to store the contents of these arguments prior to calling the TCB entry and then compare the input-only arguments against the stored values after the call. The next check is to ensure that the test case received the error / status code expected and that the information returned by the TCB entry is correct. The next check should be to ensure that if the TCB entrypoint reported that it did not perform the requested operation, that this is in fact the case. The last check is to call one or more of the audit checking utilities once for each TCB entry call that was expected to produce an audit trail. These utilities are described elsewhere in this document. _3_._4 _B_I_N_D _F_I_L_E_S _A_N_D _S_O_U_R_C_E_/_O_B_J_E_C_T _A_R_C_H_I_V_E_S All of the test programs for a TCB entry gate are kept in two bound segments; one each for the DAC and MAC tests. The bound segments will be named bound_gate_dac_ and bound_gate_mac_. These segments will be kept in >sec_ldd>tests>execution, with 3-7 MDD-004-01 Functional Testing their source and object archives in >sec_ldd>tests>source and >sec_ldd>tests>object, respectively. The guidelines for object archives and bindfiles described in MAB-067 should be followed for the test programs. The only entrypoints retained in the bound segment should be the main entrypoints for each test, and their names should be Addname'd onto the bound segment. _3_._5 _U_S_I_N_G _E_X_I_S_T_I_N_G _A_N_D _N_E_W _T_E_S_T_I_N_G _U_T_I_L_I_T_I_E_S As has been discussed in preceding sections, utilities are provided to perform many of the tasks of environment setup and cleanup, as well as miscellaneous functions such as login test success or failure. These utilities are called by the testing process, within the test procedure, and execute partially within the caller's process and partially within the process of a cooperating, highly privileged, daemon process. This cooperation is described in a separate manual and is not normally the concern of the test developer. Many of these utilities will set default DAC access properties for created or manipulated objects. For all such utilities described in Appendix D, the following defaults are used: _S_e_g_s _D_i_r_s _M_a_i_l_b_o_x_e_s _Q_u_e_u_e _M_S _A_C_S _S_e_g_s Access: rew sma adrosw/rw adro/rw null Ring Brackets: 4,4,4 7,7 1,1,1 1,1,1 4,4,4 Access Class: Same as the parent directory for all objects. Table 3-1. Default Security Attributes 3-8 Functional Testing MDD-004-01 SECTION 4 WRITING GATE TESTING UTILITES _4_._1 _U_T_I_L_I_T_Y _N_A_M_I_N_G _C_O_N_V_E_N_T_I_O_N_S _4_._2 _U_T_I_L_I_T_Y _P_R_O_G_R_A_M _S_T_A_N_D_A_R_D_S _4_._3 _U_T_I_L_I_T_Y _P_R_O_G_R_A_M _D_O_C_U_M_E_N_T_A_T_I_O_N _4_._4 _B_I_N_D _F_I_L_E_S _A_N_D _S_O_U_R_C_E_/_O_B_J_E_C_T _A_R_C_H_I_V_E_S 4-1 Functional Testing MDD-004-01 SECTION 5 THE FUNCTIONAL TEST SUITE _5_._1 _T_H_E _T_E_S_T_I_N_G _H_I_E_R_A_R_C_H_Y The testing Hierarchy is inferior to the directory >sec_ldd. This hierarchy contains the utilities, include, info, exec_coms and tools directories. Also located at this level is the directory "tests". Beneath this directory is are standard source, object, and execution directories. In the execution directory are a set of bound segments, one for each gate/property combination. For example, >sec_ldd>tests>e>bound_hcs_mac_ contains all the current MAC tests for hcs_ entrypoints. In the source directory are a set of archives, one for each bound segment in >sec_ldd>execution. The name of each archive will the same as the bound segment with ".s" appended. A complete list of gate/property combinations follows. bound_asr_dac_ bound_asr_mac_ bound_dm_hcs_mac_ bound_hcs_dac_ bound_hcs_mac_ bound_inst_gate_dac_ bound_ioi_dac_ bound_mbx_dac_ bound_mbx_mac_ bound_mca_dac_ | bound_mdc_dac_ bound_mdc_mac_ bound_mhcs_dac_ bound_mhcs_mac_ bound_ms_dac_ bound_ms_mac_ bound_pnt_fs_gate_dac_ bound_rcp_audit_ bound_rcp_dac_ bound_rcp_mac_ bound_um_dac_ bound_um_mac_ 5-1 MDD-004-01 Functional Testing The name of each individual test is the name of the entry with the gate name prepended. The security property names "mac", "audit", "dac", "ia", and "label" are used as suffices. For example, the name of the MAC test procedure for rcp_$assign would be "rcp_assign_mac" and the source would be "rcp_assign_mac.pl1". The documentation would have the same name as the source but with the final suffix ".compin". In cases where the entry name is greater than 32 characters, the name is truncated but is still indicative of the object of the test. Using the model just described, if we wish to get the source for the DAC test for ioi_$timeout the pathname is: >sec_ldd>tests>source>bound_ioi_dac_.s::ioi_timeout_dac.pl1 Separate test case segments for AUDIT and LABEL properties will only exist when those properties are explicitly tested for. It should also be noted that certain classes of tests may use common aliases to facilitate shortening of their names. For example, all TCB entries via the "message_segment_" gate will use the "ms_" alias for "message_segment_". Modification of this hierarchy is strictly controlled within the guidelines of the Multics MR11.0 Configuration Management plan, described in MTB-716 and MAB-70. 5-2 Functional Testing MDD-004-01 A summary of the directory hierarchy follows: Directory Contents >sec_ldd>data_dir Various data segments used by the tests as well as the active copy of the sectest lister database. >sec_ldd>documentation The MDDs, and various compose macros and utilities for creating the MDDs. >sec_ldd>info Info segments for the various functional testing utilities. >sec_ldd>exec_coms ECs for maintaining and updating various portions of the >sec_ldd hierarchy. >sec_ldd>development Functional testing utilities undergoing modification will be stored here. >sec_ldd>tools Tools for running functional tests and for maintaining the hierarchy. >sec_ldd>tests The functional tests themselves are stored here. >sec_ldd>utilities The utilities used by the functional test programs. Table 5-1. >sec_ldd Hierarchy Summary _5_._2 _D_A_C_, _M_A_C_, _A_U_D_I_T_, _A_N_D _L_A_B_E_L _T_E_S_T_S All DAC and MAC tests (with Audit and Label tests implied) are run by executing them in an unprivileged process with the cooperation of a privileged daemon. _5_._3 _T_H_E _I___A_N_D___A _T_E_S_T _S_U_I_T_E Currently, all I_and_A tests are run by performing a group of manual test scripts. This requires one person performing the user portion of the test script while a second person acts as a system administrator, performing the privileged portions of the script. These scripts are in appendix C of this MDD and are self | documenting. 5-3 Functional Testing MDD-004-01 SECTION 6 CHANGING THE FUNCTIONAL TEST SUITE _6_._1 _L_I_B_R_A_R_Y _M_A_I_N_T_E_N_A_N_C_E _P_H_I_L_O_S_O_P_H_Y The functional testing library should be treated just like the standard Multics libraries in terms of maintenance and updates, following standard Configuration Management policies. All functional test installations should include the source and object files for the test, along with the results from a sample execution of the test over all of its possible cases. The sample results should be stored for comparison with later runs of the test. This will allow the system maintainers to check new installations of unprivileged gates against old versions to verify that no security problems have been introduced, or even to verify that existing security problems have been corrected. _6_._1_._1 _T_h_e _S_e_c_t_e_s_t _L_i_s_t_e_r _D_a_t_a_b_a_s_e There is not always guaranteed to be a one to one correspondence between the names of a procedure and its tests. In some instances the name of the gate combined with the name of the entry and the appropriate security property suffix is longer than the maximum 32 characters. For this reason it is necessary to associate the name of a test with its procedure name. This is done within the sectest.lister database. This database is located in >sec_ldd>data_dir and is generated from a the sectest.listin segment in the source directory beneath that directory.(1) This database contains one entry for each procedure considered for test. Also included are entries to track the installation of utilities. Each entry contains various information on the procedure such as the security properties _________________________________________________________________ (1) See Multics manual AZ98 - "The Multics WORDPRO Reference Manual" for more information on the lister database facilities. 6-1 MDD-004-01 Functional Testing being tested, the names of the test procedures, descriptions of the tests and all security property exceptions and the test author and auditor. An example of a lister database entry can be found in Appendix A of this MDD. During test runs this database is used by the "sectest" command to decide which test to run for each security property being tested. _6_._2 _C_H_A_N_G_I_N_G _D_A_C_, _M_A_C_, _A_U_D_I_T _A_N_D _L_A_B_E_L _T_E_S_T_S _6_._3 _C_H_A_N_G_I_N_G _T_H_E _I___A_N_D___A _T_E_S_T_S 6-2 Functional Testing MDD-004-01 SECTION 7 RUNNING THE TEST SUITE _7_._1 _T_H_E _S_E_C_T_E_S_T _C_O_M_M_A_N_D Tests installed as part of the test suite, as well as tests under development, are run using the "sectest" command. This command establishes an operating environment for the test and decides what test routines to call for each security property being tested. A description of this command follows. ________________________________________ NAME: SECTEST SYNTAX AS A COMMAND sectest {test_name} {-control_args} _F_U_N_C_T_I_O_N The sectest command is used to begin execution of functional tests. _A_R_G_U_M_E_N_T_S test_name is the name of the test to be run. This identifies a test, or | group of tests, installed in the security test library. | (Note: See the -pathname control argument below for running | uninstalled tests.) The test name can take any of the | following forms: | | | gate_$entry | gate_$ent* | gate_$* | 7-1 _______ _______ sectest sectest _______ _______ | Note: This is not a 'starname', as defined in the | Programmer's Reference Guide. If a * is used in the name, | sectest will run all tests whose names begin with the portion | of test_name before the *. Thus, specifying hcs_$* will run | all hcs_ tests. Specifying hcs_$tty* will run all hcs_$tty_ | tests, etc. _C_O_N_T_R_O_L _A_R_G_U_M_E_N_T_S -brief, -bf, -quiet sets the "brief" switch in sectest_args. This switch is used by the tests to control the types of messages seen during the test runs. -case CASE_SELECTOR limits which test cases are performed during the test run. Each test procedure may have several tests cases, each case testing a different aspect of the behavior of the procedure under test. The case selector may take the following form: Selector Action all tests all cases. (default) 15 runs only test case number 15. 1,3,5 runs only cases 1, 3 & 5. Note that the cases are not guaranteed to be run in the specified order. 20:72 runs all case within the range of 20 to 72. If the argument is not specified all test cases are run. -comment , -cm will set the comment field in sectest_args with the specified string. If the string contains blanks then it must be quoted. -debug, -db sets the "debug" switch in sectest_args. This switch is used by some tests to perform special debugging operations, such as run totally in the user's process instead of having the Sectest_Server daemon perform utilities. -error_switch , -esw instructs the test to send any unanticipated error output to the specified switch. If not specified error output will be sent to error_output. 7-2 _______ _______ sectest sectest _______ _______ -input_switch , -isw instructs the test to take any anticipated input from the specified switch. If not specified input will be taken from user_input. -log_dir , -ldir will use the specified directory as a repository for logged results. If not specified >security>logs will be used as the default. -log_name , -lnm will use the specified name as the name of the log segment. If not specified "sectest.log" is used. -long, -lg, -verbose is the opposite of -brief. (default) -no_debug, -ndb is the opposite of -debug. (default) | -no_timeout | is used when debugging on the server side of the test. This | prevents the test from timing out when the server doesn't | respond within 30 seconds. | | -no_waive | Those tests whose failures have been waived will log their | test results as FAILED. | -output_switch , -osw instructs the test to send any anticipated output to the specified switch. If not specified output will be sent to user_output. | -pathname , -pn | is used to specify the pathname of a standalone test to be | run. The name of a standalone test may be any legal pathname | and star names are supported. By convention, the names of all | tests end in the security property that they specifically | test. For example, mbx_create_mailbox_dac tests the DAC | properties of the mailbox_$create_mailbox software. The | acceptable test suffices are: | | Property Suffix | 7-3 _______ _______ sectest sectest _______ _______ | AUDIT _audit | DAC _dac | I_and_A _ia | LABEL _label | MAC _mac -properties , -props specifies which security properties are to be tested. This requirement is required for installed tests and is used to locate the proper test for the specified property. In addition the appropriate bit switches indicated the properties being tested are set in the sectest_args structure (see sectest_args.incl.pl1). For standalone tests, as with installed tests. the appropriate bit switches will be set in sectest_args but the properties have no other effects. The property string is a standard mode string indicating the boolean value to be set for the indicated property. Legal property names are defined as "audit", "dac", "ia", "label" and "mac" and are case insensitive. If this argument is not specified the "audit" property will be tested by default. -root_dir , -rdir is used to specify the root of the testing hierarchy. This root dir is used when locating the installed tests. If not specified ">security>tests" is used. -test_dir , -tdir is used to specify the working directory to use for the test. Any file system objects need by the test will be created in this directory and the directory must have an access class of system_low. If not specified a uniquely named directory will be created inferior to your current working directory. This directory will be deleted when the command completes or if the "cleanup" condition is signalled. -test_dir_quota , -tdq is used to set the segment quota of the test directory. This control argument is valid only if the test directory was created (did not previously exist). If not specified no terminal segment quota is set. -test_dir_dir_quota , -tddq is used to set the directory quota of the test directory. This control argument is valid only if the test directory was created (did not previously exist). If not specified no terminal directory quota is set. 7-4 _______ _______ sectest sectest _______ _______ | -timeout | Causes the test to timeout after 30 seconds if the server | doesn't respond before then. (default) | | -waive | Those tests whose failures have been waived, will log their | test results as WAIVED, instead of FAILED. (default) | _E_X_A_M_P_L_E_S sectest rcp_$del* -property mac,audit,^dac,label -case 1:16 will run all installed rcp_ gate tests that start with the letters "del". The MAC, AUDIT and LABEL tests will be run and only cases 1 through 16 inclusive. sectest hcs_star -db -ldir [wd] -tdir work will run hcs_star in the "tests" directory relative to our working directory. The log will be placed in our working directory and will be named "sectest.log". The working directory for the tests will be "work" beneath the "tests" directory relative to our current working directory. 7-5 MDD-004-01 Functional Testing _7_._2 _S_Y_S_T_E_M _R_E_Q_U_I_R_E_M_E_N_T_S | The security functional test suite, for the most part, is | designed to be run under very stringent access control | conditions. In addition, several of the gate test suites perform | various types of device reconfiguration. So special requirements | must be met before running the test suite. _7_._2_._1 _S_y_s_t_e_m _E_n_v_i_r_o_n_m_e_n_t_a_l _C_o_n_s_i_d_e_r_a_t_i_o_n_s The tests must be run from processes that have all of their audit switches enabled for read operations. In addition the system auditing thresholds must be set to system_low for all auditing categories. The tests themselves generate a large amount of audit messages. All of this auditing has two effects; the performance of the system is adversely affected by the amount of auditing being done, and, a large amount of disk quota is used by the syserr_log. A typical system running these tests can expect to generate as much as 15,000 records of syserr_logs over an eight hour period. During the B2 evaluation process it was found that a four pack(1) RLV was necessary to support the test suite, all required users and projects and the logs for a five day test period. The configuration of two DPS8/70M processors with 32K cache and the 1.64 upgrade kits, two SCUs with 3MW of memory and 1 IOM was sufficient to support two test processes running simultaneously with a better than even chance of their being able to locate their audit trails in the syserr_log. _7_._2_._2 _R_e_n_a_m_i_n_g _s_y_s_t_e_m___l_o_w For the period of the tests, if system_low is currently un-named it must be renamed to "level_0" with a short name of "l0". The system wide impact is that all interactive logins will produce an authorization message. In addition, all printed output will contain the level name of the producing process. It was also observed that IMFT connections failed to properly initialize if the target system's system_low authorization name was no longer compatible. | To initialize IMFT the level_0 name must first be deleted | before trying to start IMFT. After starting IMFT, the level_0 | name can then be added back and IMFT will run correctly. _________________________________________________________________ (1) The disks used were 451 devices. 7-6 Functional Testing MDD-004-01 _7_._2_._3 _R_C_P_R_M The site must run RCPRM during the test suite. Once RCPRM has been enabled at a site it is extremely difficult, if not impossible to revert. In light of the above mentioned effects, it is recommended that the test suite be run on a totally dedicated system that is not normally used for user service. _7_._2_._4 _C_o_n_f_l_i_c_t_i_n_g _T_e_s_t _S_u_i_t_e_s Certain of the per-gate test suites are incompatible with each other and thus cannot be run simultaneously. In the current test suite, the tests for ioi_, mdc_ and rcp_ fall into this category. These test suites must be run independently of each other. In addition, the ioi_ and rcp_ test suites modify the system configuration. Although cleanup of these suites is attempted under all circumstances the system maintainer is advised to verify that all devices are appropriately configured at the conclusion of these tests. There is also the possibility of conflicts between the MAC | and DAC parts of the same test. This is especially noticeable | when running the hcs_ tests. To avoid this problem, either run | the tests separately or specify separate test directories when | running the tests. | _7_._2_._5 _P_e_r_-_P_r_o_c_e_s_s _L_a_s_t_i_n_g _E_f_f_e_c_t_s It is recommended that, after completing a test suite for a particular gate, the testing process should run the "new_proc" command. This will ensure that subsequent tests do not suffer from any lasting per-process effects of the previous test suite. | _7_._2_._6 _T_h_e _T_e_s_t _D_i_r_e_c_t_o_r_y | | Most of the tests, create objects as part of the testing | option. If the -test_dir is not specified in the sectest command | line, the current working directory is assumed. Using the home | directory of the DAC testing process for the test directory is | fine. | | But for the MAC testing process, the test directory needs to | be at level_0. So, when running the MAC tests, the -test_dir | argument of sectest must be used to specify the test directory, | >udd>SecTest>test (>udd>st>test). | 7-7 MDD-004-01 Functional Testing _7_._3 _S_E_C_U_R_I_T_Y _T_E_S_T _S_U_I_T_E _L_O_G_S _7_._3_._1 _T_h_e _s_e_c_t_e_s_t _l_o_g_s All tests log their results in special logs created for this purpose. As stated in the description of the sectest command, if not specified a default log directory and log name are used. This will be the >security>logs>security.log log for the DAC process. This log resides in a system_low directory and is itself a system_low segment. | Keeping this in mind, it will be necessary to specify a log | directory when running the MAC suite | (>security>logs>system_middle). This is due to the fact that the process running the suite has a login authorization that would prevent the logs from being written to in a downgraded directory. 7-8 Functional Testing MDD-004-01 The logs used are standard system logs and thus may be perused with the print_sys_log command and monitored with the monitor_sys_log command.(1) A sample of typical log entries follows: passed: standalone_$rcp_set_status_mac test case SET A #62 4:017000-4:017700. skipped: standalone_$rcp_set_status_mac test case SET A #63 4:003000-4:017700. (not applicable) passed: standalone_$rcp_set_status_mac test case SET A #64 4:003000-4:003700. WARNING: standalone_$rcp_set_status_mac test case SET A #65 2:070000-3:077700: 'Unable to find audit message, will pause for 10 seconds and try again.' WARNING: standalone_$rcp_set_status_mac test case SET A #65 2:070000-3:077700: 'found audit message of search 2.' passed: standalone_$rcp_set_status_mac test case SET A #65 4:070000-4:070000. passed: standalone_$rcp_set_status_mac test case SET A #66 4:070000-4:077700. WARNING: standalone_$rcp_set_status_mac test case SET B #1 2:070000-3:077700: 'Unable to find audit message, will pause for 10 seconds and try again.' WARNING: standalone_$rcp_set_status_mac test case SET 2 #1 2:070000-3:077700: 'Unable to find audit message, will pause for 10 seconds and try again.' FAILED: standalone_$rcp_set_status_mac test case SET B #1 5:010000-6:030000. due to 'Unable to find correct audit message.' access_op=00140007230004 (deny) case_start_time=08:04:23.134634596 case_end_time=08:04:23.0021489998 passed: standalone_$rcp_set_status_mac test case SET B #2 5:010000-6:077000. passed: standalone_$rcp_set_status_mac test case SET B #3 5:077000-6:077700. passed: standalone_$rcp_set_status_mac test case SET B #4 5:017000-6:077000. FAILED: standalone_$rcp_set_status_mac test case SET B #5 5:003000-5:017700 due to 'Expected #-NO-ERROR-# got error_table_$no_resource'. Table 7-1. Sample Test Log Each line in the log indicates the results of a test case _________________________________________________________________ (1) These commands are documented in AG-92 "Commands and Active Functions" 7-9 MDD-004-01 Functional Testing run. The test case being run can be found to the right side of the name of test procedure. For MAC tests, the access class restrictions are described in the right hand portion of the message. For DAC tests, the right hand portion of the message will contain the DAC access restrictions for the test, i.e. "(4,4) sm,r". The name of the procedure will be GATE$ENTRY for installed tests and "standalone_$TEST_NAME" for standalone tests. _7_._4 _E_V_A_L_U_A_T_I_N_G _T_H_E _T_E_S_T _R_E_S_U_L_T_S As can be seen above, messages in the results log come in four basic varieties. These are described as follows: ox passed: Specifies that the test case has passed. ox skipped: Specifies that the test case was skipped for the stated message, in this case because it was not applicable. | ox WARNING: Specifies that a recoverable error has occurred. | In most cases, this will flag the number of retries the test | has performed while searching the syserr_log for the | expected expected audit message. The functional tests are | very syserr_log intensive and many of these messages may be | seen. If the "-debug" control argument is used with the | sectest command, then the test will make three attempts to | find its audit message before giving up and failing the | test. Otherwise, the test makes repeated attempts to find | the message in the syserr_log at increasing intervals until | the maximum limit is passed (the interval increases by one | second, with the last one being 16 seconds) or the audit | message is found. At this time, the number of retries taken | are logged. Warning messages will also be seen if the | testing process has executed the sectest command with the | -dont_check_audit control argument. | | ox Waived: Specifies that the test has failed but that the | reason for the failure has been waived. All tests in this | category currently fail because of premature logging of | audit messages before final evaluation of accessibility is | made. ox FAILED: Specifies that the test has failed for the specified reason. Failures where the test could not find its audit message may be resolved by perusing the syserr_log manually, with the additional provided information, and locating the expected message. Failures for other reasons will provide as much of an explanation as the test developer has written into the test. This information may then be used to determine why the test has failed. 7-10 Functional Testing MDD-004-01 The information in this log should be all that is required to evaluate the test results, except in cases where the test could not find its syserr log message. | | | _7_._5 _N_O_T_E_S _O_N _R_U_N_N_I_N_G _T_E_S_T _S_U_I_T_E | | Although the tests were designed to be run as simply as | possible, some of the tests need special instructions for running | them or cleaning up after they've run. These notes presume that | the tests are run with the sectest command, with the log | directory specified (for MAC tests only), and with a test | directory specified. | | | _7_._5_._1 _A_n_s_w_e_r_i_n_g _S_e_r_v_i_c_e _T_e_s_t_s _(_a_s_r___) | | The answering service tests asr_$dial_out_rq and | asr_$dial_rq both seem to have problems with determining the | initial state of the dial_ok attribute of the process. This | usually causes the tests to fail the first time they are run. | The test will run if you run these two test individually until | they pass (usually twice). | | | _7_._5_._2 _R_c_p__ _T_e_s_t_s _(_r_c_p___) | | The rcp_ tests all run fine, but have the annoying problem | of leaving the tape drive that they use in a state that makes it | inaccessible to all other processes on the system (including the | testing process). If you run the rcp_ test several times in | succession, all the tape drives will become inaccessible. | | To make the drives accessible to the system again, you must | turn on the rcp priviledge and then deregister the tape drive. | Then using the register exec_com usually found in >udd>sa>admin | directory, re-register it to the system. | | | _7_._5_._3 _M_d_c__ _T_e_s_t_s _(_m_d_c___) | | In order for these tests to work, they should be run without | the -test_dir argument to the sectest command. Using other than | the working directory of the testing process for the test | directory will cause the test to fail. | | | _7_._5_._4 _M_c_a__ _T_e_s_t _(_m_c_a___) | | Be sure you have an IMU configured to your test system to | prevent this test from failing. The test will use an unused IPC | channel for its test cases. | 7-11 MDD-004-01 Functional Testing | _7_._5_._5 _I_o_i__ _T_e_s_t_s _(_i_o_i___) | | The ioi_ test use the tape drive and will request a tape | mount. It's a good idea to have an ioi_testtape available so | that the system won't request that mounts for each of the test | cases be authorized by the operator. The tape can be create with | the following commands: | | io attach t tape_mult_ ioi_testtape -write -den 1600 -error_tally | io open t so | io (close detach) t | | | _7_._5_._6 _M_i_s_c_e_l_l_a_n_e_o_u_s _I_t_e_m_s | | Currently, the sectest control argument -case is unsupported | by the tests in the functional test suite. You can only run all | the test cases for individual tests. | 7-12 Functional Testing MDD-004-01 SECTION 8 RUNNING THE I_AND_A TEST SUITE _8_._1 _T_H_E _I___A_N_D___A _T_E_S_T _S_C_R_I_P_T_S The I_and_A tests are designed to be run by two, and sometimes three, users, one of them being a System Administrator who is very familiar with the system maintenance commands | (Although the tests can be run by one person, it is not | recommended due to the length of the test scripts.) Each script | requires the use of one terminal for each user, with the normal user's terminal being connected to a channel with an ACS path defined in the CDT. Each script follows a precise sequence of operations to test a specific case of its property. There are scripts for each type of system login: anonymous, interactive, absentee, dial service, etc. All of the scripts contain full documentation for what is to be done by each person involved for each phase of the test: setup, run, and cleanup. _8_._2 _S_Y_S_T_E_M _R_E_Q_U_I_R_E_M_E_N_T_S The I_and_A scripts require a set of projects to be registered in the SAT, and a set of users to be registered on each project and in the PNT. Also, the channel being used by the person playing the role of the normal user must have an ACS path defined in the CDT, and access on this ACS must be set to RW for all users, except in the tests that specifically override this ACL. Following is a list of projects to be registered and their users, with their associated AIM authorization ranges: 8-1 MDD-004-01 Functional Testing Project Authorization Attributes (User(password)) TestProj level_0:system_high dialok Sectest_4(st4) Sectest_2(st2) anonymous(some tests will require a password of a_pass) Sectest_3(st3) Del1 system_low:system_low Sectest_2(st2) SecTest level_0:system_high dialok,save_on_disconnect, disconnect_ok anonymous(anon) Sectest_1(st1) Sectest_2(st2) SecTest_H level_0:system_high anonymous Sectest_1(st1) Table 8-1. Project And User Requirements for I&A Scripts The I_and_A scripts themselves will give a more detailed description of the requirements for each specific test. | Some of the test scripts require running special programs to | set up special values for testing. These tests can be found in | >sec_ldd>utilities. _8_._3 _E_V_A_L_U_A_T_I_N_G _T_E_S_T _R_E_S_U_L_T_S Because of the nature of the I_and_A tests, the results must be checked by hand by the system administrators. All of the scripts include the expected results, for comparison. Each test will generate output on the user's terminal and messages in the Answering Service log. 8-2 Functional Testing MDD-004-01 APPENDIX A A SAMPLE FUNCTIONAL TEST _A_._1 _W_R_I_T_T_E_N _D_O_C_U_M_E_N_T_A_T_I_O_N _A_._1_._1 _T_e_s_t _P_r_o_g_r_a_m SECTEST LISTER DATABASE ENTRY Below is a sample listin entry for the sectest.lister database: % |feature mailbox_$chname_file |submitted_date 85-07-21_20:28_Sun |submitter MSharpe |auditor Spratt |class test |tests_audit X |tests_dac X |tests_ia _ |tests_label X |tests_mac X |excepts_audit _ |excepts_dac _ |excepts_ia X |excepts_label _ |excepts_mac _ |documented no |test_description This entrypoint implicitly tests auditing. The label property is implicitly tested within the MAC test. DAC TEST CASE DESCRIPTIONS: A-1 MDD-004-01 Functional Testing 1. SMA to containing dir, NULL to mbx GRANT 2. SM to containing dir, NULL to mbx GRANT 3. SA to containing dir, ADROSWU to mbx DENY (incorrect_access) 4. S to containing dir, ADROSWU to mbx DENY (incorrect_access) 5. A to containing dir, ADROSWU to mbx DENY (incorrect_access) 6. NULL to containing dir, ADROSWU to mbx DENY (incorrect_access) 7. S to containing dir, mbx doesn't exist DENY (noentry) 8. NULL to containing dir, mbx doesn't exist DENY (no_info) MAC TEST DESCRIPTION: (map_over_mac) A process can manipulate the name(s) a mailbox if its authorization is equal to that of the directory. |test_exceptions This entrypoint has no I&A implications since it is called by a previously validated process |dac_test mbx_chname_file_dac |mac_test mbx_chname_file_mac |audit_test none |label_test none |ia_test none |installer Ranzenbach |installed_date 85-07-25_16:31_Thu _A_._1_._2 _T_e_s_t _U_t_i_l_i_t_i_e_s _A_._2 _S_O_U_R_C_E _C_O_D_E _A_._2_._1 _T_e_s_t _P_r_o_g_r_a_m STANDARD DAC COMMENT BLOCK /****^ ****************************************** * * * HONEYWELL CONFIDENTIAL AND PROPRIETARY * * * ****************************************** */ /* format: style4,indattr */ /****^ HISTORY COMMENTS: 1) change(85-04-30,Pozzo),approve(),install(),audit(): Written. END HISTORY COMMENTS */ /* * * FEATURE: rcp_$assign_device_ * SECURITY PROPERTY: DAC * A-2 Functional Testing MDD-004-01 * TEST CASE DESCRIPTIONS: * * SET A: Device Tests when ACS exists - specific device * * 1. Subject in REW brackets, has RW on ACL GRANT * 2. Subject in REW bracket, has R on ACL DENY * 3. Subject in R bracket, has RW on ACL DENY * 4. Subject in R bracket, has R on ACL DENY * 5. Subject outside brackets, NULL on ACL DENY * 6. Subject in REW bracket, NULL on ACL DENY * * SET B: Device Tests when ACS exists - device by attributes * * 7. Subject in REW bracket, has RW on ACL GRANT * 8. Subject in REW bracket, has R on ACL DENY * 9. Subject in R bracket, has RW on ACL DENY * 10. Subject in R bracket, has R on ACL DENY * 11. Subject outside brackets, NULL on ACL DENY * 12. Subject in REW bracket, NULL on ACL DENY * * SET C: Device Tests when ACS does not exist - specific device * * 13. ACS does not exists DENY * * * NOTES: * These tests will be run using device type tape_drive * for ease of use since all site's have at least * one of these. */ STANDARD MAC COMMENT BLOCK /****^ ****************************************** * * * HONEYWELL CONFIDENTIAL AND PROPRIETARY * * * ****************************************** */ /* format: style4,indattr */ /****^ HISTORY COMMENTS: 1) change(85-05-06,Pozzo),approve(),install(),audit(): Written. END HISTORY COMMENTS */ /* * * FEATURE: rcp_$assign_device * SECURITY PROPERTY: MAC, AUDIT * * TEST CASE DESCRIPTIONS: A-3 MDD-004-01 Functional Testing * * Subject authorization for all tests: l4,c10,c15 * * SET A: Assign a device by name - specific device * * Run through standard set of combination for categories and * levels. Only the following cases will GRANT. * * MIN_ACC_CLASS MAX_ACC_CLASS CATEGORIES * * <= l4 >= l4 subset:superset * <= l4 >= l4 equal:equal * <= l4 >= l4 equal:superset * * SET B: Assign a device by attributes * * Run through standard set of combination for categories and * levels. Only the following cases will GRANT. * * MIN_ACC_CLASS MAX_ACC_CLASS CATEGORIES * * <= l4 >= l4 subset:superset * <= l4 >= l4 equal:equal * <= l4 >= l4 equal:superset * * NOTES: * * Only devices are explicitly assigned. Device type tape_drive * is used since all sites have at least one tape drive. REW * discretionary access is assumed. * */ EXAMPLE TEST PROCEDURE hcs_foo_dac: proc(P_sectest_args_ptr) returns(bit(1) aligned); sectest_args_ptr = P_sectest_args_ptr; all_tests_passed = "1"b; call GENERAL_SETUP(); /* sets up environment common to all cases... */ do case_idx = lbound(case_table) to hbound(case_table); on cleanup call PER_CASE_CLEANUP(case_idx); call SETUP_CASE(case_idx); call RUN_CASE(case_idx); call CLEANUP_CASE(case_idx); revert cleanup; end; A-4 Functional Testing MDD-004-01 return(all_tests_passed); end hcs_foo_dac; _A_._2_._2 _T_e_s_t _U_t_i_l_i_t_i_e_s A-5 Functional Testing MDD-004-01 APPENDIX B MAP OF THE SECURITY HIERARCHIES +-----------+ | >security | +-----+-----+ | +----------------+------------+ | | | +----------------+ +---------+ +----------+ | server_dir | | logs | | results | +----------------+ +---------+ +----------+ | | | segments used by results logs +--------------------+ the Sectest_Server | | +--------------+ +--------------+ | dac | | mac | +--------------+ +--------------+ | | results from results from previous DAC tests previous MAC tests Table B-1. >security Map B-1 MDD-004-01 Functional Testing +----------------------------+ | >security_library_dir_dir | +-------------+--------------+ | +----------------+------------+-------------+-----------+ | | | | | +----------------+ +---------+ +----------+ +----------+ | | utilities | | tests | | tools | | data_dir | | +----------------+ +---------+ +----------+ +----------+ | | | | | | Testing utilities The test Tools for Template data | for both the user library maintaining files used by | and daemon side the testing Sectest_Server | hierarchies | | +----------------+-------------------+-------------------+ | | | | +------------+ +---------------+ +------------------+ +-------------+ | include | | info | | documentation | | crossref | +------------+ +---------------+ +------------------+ +-------------+ | | | | Include files Info segments System documentation Cross-reference for compiling for the commands required for B2 of all programs tests and and subroutines certification in the testing utilities used in testing hierarchies Table B-2. >security_library_dir_dir Map B-2 Functional Testing MDD-004-01 APPENDIX C I_AND_A TEST SCRIPTS AND RESULTS _C_._1 _N_O_R_M_A_L _L_O_G_I_N _I_N_T_E_R_A_C_T_I_V_E _U_S_E_R | | FEATURE: Interactive User I&A Normal Login | | | SECURITY PROPERTY: I&A, DAC, AUDIT | | | EXCEPTIONS: LABEL property not applicable for DAC. | | | TEST CASE DESCRIPTIONS: | | This group of manual tests comprise the Identification and | Authentication, concerned with the Discretionary Access | Controls (DAC) security features, of the: | | Normal Login Interactive User (48 tests) | | Set A: Identify User | 1. unregistered user DENY | 2. registered user GRANT | | Set B: Authenticate Password | 1. invalid password DENY | 2. lock ON DENY | 3. time_lock ON DENY | 4. trap ON GRANT | 5. no -cpw; must_change ON DENY | 6. no -gpw; must_change & generate ON DENY | | Set C: Authenticate User Specified Changes | 1. -cpw with must_change & generate ON DENY | 2. -gpw with must_change & generate ON GRANT | 3. -cpw with must_change ON GRANT | 4. -gpw with must_change ON GRANT | 5. -cpw with generate ON DENY | 6. -gpw with generate ON GRANT | C-1 NORMAL LOGIN INTERACTIVE USER I&A - DAC SCRIPT | 7. -gpw with generate OFF GRANT | 8. -cpw with change OFF DENY | 9. -cpw with change ON GRANT | 10. -gpw with change OFF DENY | 11. -gpw with change ON GRANT | 12. -cdp with change OFF DENY | 13. -cdp with change ON, new default not valid DENY | 14. -cdp with change ON, new default not reg DENY | 15. -cdp with change ON, new default valid GRANT | 16. -cda with change OFF DENY | 17. -cda with change ON, new auth valid GRANT | 18. -cpw with password < password_min_length DENY | 19. -cpw, -cdp, -cda with lock ON DENY | 20. -cpw with expired password DENY | 21. -auth with specified auth invalid DENY | 22. -auth with specified auth valid GRANT C-2 INTERACTIVE USER I&A - DAC SCRIPT NORMAL LOGIN Set D: Authenticate Project | 1. user specified invalid project DENY | 2. user specified unreg, valid project DENY | 3. user specified reg, valid project GRANT | 4. default invalid project DENY | 5. default unreg, valid project DENY | 6. default reg, valid project GRANT | | Set E: Authenticate Communication Channel | 1. no ACS segment DENY | 2. RE access on ACS segment DENY | 3. RW access on ACS segment GRANT | | Set F: Authenticate User Specified Initial Ring | 1. -ring, < min in SAT DENY | 2. -ring, > max in SAT DENY | 3. -ring, within SAT; < min in PDT DENY | 4. -ring, within SAT; > max in PDT DENY | 5. -ring, within all limits GRANT | | Set G: Authenticate PDT Default Initial Ring | 1. PDT default < min in SAT (uses SAT min) GRANT | 2. PDT default > max in SAT (uses SAT max) GRANT | 3. PDT default within all limits GRANT | | Set H: Authenticate Installation Restrictions | 1. past days in password_change_interval DENY | 2. past days in password_expiration_interval DENY | 3. invalid password 3 times DENY | 4. invalid login 3 times DENY | | | ASSUMPTIONS: | | This is considered a B2 Security Site for all communications | channels as defined in the CDT. All the flags listed in the | check_acs attributes are set to ON by "check_acs: all;" | statement in the CDT, before the tests are run. In the | setup for each individual test, all conditions except for | the one being tested are met for each test case. | | The assumption for all these functional tests is that the | person and project performing the tests have no access to | any privileged gates or ACS segments, i.e., they are | completely unprivileged. When these tests are manually run, | it is assumed that there will be two terminals available, | one for the actual user attempting login and another one for | a SysAdmin user who performs the setup, verification of | audit, and cleanup. The SysAdmin user needs to be | completely familiar with the AK50 Procedures Manual and know | the commands to make the changes. | C-3 NORMAL LOGIN INTERACTIVE USER I&A - DAC SCRIPT | The following System Tables have been set up with all the | typical values and flags except for those specified in | "Setup". | Person Name Table (PNT), Project Definition Table (PDT), | System Administrator Table (SAT), and Channel Definition | Table (CDT) | | | SETUP: | | Register Sectest_2 in the PNT with: | password is st2 | default project is TestProj | | Register Sectest_3 in the PNT with: | password is st3 | default project is TestProj | | Register above users in TestProj PDT with: | default ring is 4 | max ring is 5 | min ring is 4 | | Register Sectest_2 in SecTest PDT with: | default ring is 4 | max ring is 5 | min ring is 4 | | Register the TestProj and SecTest projects in the SAT with: | max ring is 5 | min ring is 4 | | Set the installation parameters to: | tries is 3 | password_min_length is 3 | password_generate_length is 6 | password_change_interval is 0 | password_expiration_interval is 0 | | Channel_n is the name given to the channel that will be set | up and dedicated for this testing. C-4 INTERACTIVE USER I&A - DAC SCRIPT NORMAL LOGIN HISTORY: | | 85-07-23 JG Backs: Created login script for manual testing. | | 85-08-04 JG Backs: Changed Set C - Case 11 to make it clear | the change flag is ON and doesn't need to be set. Audit | change. | | 85-08-13 JG Backs: Changed the channel name from Channel1 | to Channel_n. On some printers the "1" appeared as if | another "l", making the name unclear. Added a cover page | with footnote indicating it is an internal working document. | Also removed the note about a future critical fix on test | case 2 of the Authenticate Communications Channel set | because the fix was installed and works correctly. | | 85-09-17 JG Backs: Corrected typos of privileged. Changed | msg to message and l0 to level_0 for clarity. Also changed | minimum ring to min ring and maximum ring to max ring for | consistancy. Audit change. | | 87-02-24 PK Farley: Added cases 20, 21 and 22 to Set C to | allow testing of -change_password with an expired password | and valid/invalid user specified login authorizations. | C-5 NORMAL LOGIN INTERACTIVE USER I&A - DAC SCRIPT | NORMAL LOGIN TEST CASES: | | | Set A - Identify User | | ***************************************************************** | | Case 1 | | Setup: | No_person is not a registered user in the PNT. | | Run: | Attempt to login with unregistered person_id. | | login No_person | | Expected Results: DENY | | Audit: LOGIN DENIED No_Person int Channel_n (badpers) | | User: The user name you supplied is not registered. | | Cleanup: | None. | | ----------------------------------------------------------------- | | Case 2 | | Setup: | Sectest_2 is a registered user in the PNT. | | Run: | Attempt to login with registered person_id. | | login Sectest_2 | | Expected Results: GRANT | | Audit: LOGIN Sectest_2.TestProj int Channel_n (create) | CREATE Sectest_2.TestProj Channel_n | | Cleanup: | Logout. | | ***************************************************************** C-6 INTERACTIVE USER I&A - DAC SCRIPT NORMAL LOGIN Set B - Authenticate Password | | ***************************************************************** | | Case 1 | | Setup: | No_pass is an invalid password for Sectest_2 in the PNT. | | Run: | Attempt login with invalid password. | | login Sectest_2 | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.TestProj int Channel_n (bad_pass|) | User: Incorrect password supplied. | | Message sent "password given incorrectly". | | Cleanup: | Login with valid password to check if message about | incorrect password is received. Logout. | | ----------------------------------------------------------------- | | Case 2 | | Setup: | Set the lock flag ON for Sectest_2 in the PNT. | | Run: | Attempt login with the lock flag ON for the user. | | login Sectest_2 | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.TestProj int Channel_n (pwlocked|) | User: Password is locked. Please contact administrative | personnel. | | Cleanup: | Set the lock flag OFF in the PNT. | | ----------------------------------------------------------------- | C-7 NORMAL LOGIN INTERACTIVE USER I&A - DAC SCRIPT | Case 3 | | Setup: | Set the time_lock to 24 hours for Sectest_2 in the PNT. | | Run: | Attempt login before the date contained in time_lock for the | user. | | login Sectest_2 | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.TestProj int Channel_n (pwlocked) | | User: Password is locked. Please contact administrative | personnel. | | Cleanup: | Set the time_lock flag OFF in the PNT. | | ----------------------------------------------------------------- | | Case 4 | | Setup: | Set the trap flag ON for Sectest_2 in the PNT. | | Run: | Attempt login with valid password and the trap flag ON for | the user. | | login Sectest_2 | | Expected Results: GRANT | | Audit: lg_ctl_: password used Sectest_2.TestProj Channel_n | | LOGIN Sectest_2.TestProj int Channel_n (create) | CREATE Sectest_2.TestProj Channel_n | | Cleanup: | Logout. Set the trap flag OFF in the PNT. | | ----------------------------------------------------------------- C-8 INTERACTIVE USER I&A - DAC SCRIPT NORMAL LOGIN Case 5 | | Setup: | Set the must_change flag ON for Sectest_2 in the PNT. | | Run: | Attempt login without -cpw argument and the must_change flag | ON for the user. | | login Sectest_2 | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.TestProj int Channel_n (mustcpw)| | User: You must use the -change_password option to change | your password. | | Cleanup: | Set the must_change flag OFF in the PNT. | | ----------------------------------------------------------------- | | Case 6 | | Setup: | Set the must_change and generate flags ON for Sectest_2 in | the PNT. | | Run: | Attempt login without -gpw argument and with the must_change | and generate flags ON for the user. | | login Sectest_2 | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.TestProj int Channel_n (use_gpw)| | User: Login incorrect. You must use the -generate_password | option to change your password. | | Cleanup: | Set the must_change and generate flags OFF in the PNT. | | ***************************************************************** | C-9 NORMAL LOGIN INTERACTIVE USER I&A - DAC SCRIPT | Set C - Authenticate User Specified Changes | | ***************************************************************** | | Case 1 | | Setup: | Set the must_change and the generate flags ON for Sectest_2 | in the PNT. | | Run: | Attempt login with -change_password argument, the | must_change and the generate flags ON for the user. | | login Sectest_2 -cpw | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.TestProj int Channel_n (use_gpw) | | User: Login incorrect. You must use the -generate_password | option to change your password. | | Cleanup: | Set the must_change and generate flags to OFF in the PNT. | | ----------------------------------------------------------------- C-10 INTERACTIVE USER I&A - DAC SCRIPT NORMAL LOGIN Case 2 | | Setup: | Set the must_change and the generate flags ON for Sectest_2 | in the PNT. | | Run: | Attempt login with -generate_password argument and the | generate flag ON for the user. | | login Sectest_2 -gpw | | Expected Results: GRANT | | Audit: LOGIN Sectest_2.TestProj int Channel_n (create) | CREATE Sectest_2.TestProj Channel_n | | User: Your new password is "______", pronounced "______". | Password changed. | | Cleanup: | Verify the new password is 6 characters in length as | established in password_generate_length in the installation | parameters. Logout. Set the generate flag to OFF, and set | the password for Sectest_2 back to st2 in the PNT. The | must_change flag is automatically set to OFF when password | changes. | | ----------------------------------------------------------------- | C-11 NORMAL LOGIN INTERACTIVE USER I&A - DAC SCRIPT | Case 3 | | Setup: | Set the must_change flag to ON for Sectest_2 in the PNT. | | Run: | Attempt login with -change_password argument and the | must_change flag ON for the user. | | login Sectest_2 -cpw | | Expected Results: GRANT | | Audit: LOGIN Sectest_2.TestProj int Channel_n (create) | CREATE Sectest_2.TestProj Channel_n | | User: Password changed. | | Cleanup: | Logout. Set the password for Sectest_2 back to st2 in the | PNT. The must_change flag is automatically set to OFF when | password changes. | | ----------------------------------------------------------------- | | Case 4 | | Setup: | Set the must_change flag to ON for Sectest_2 in the PNT. | | Run: | Attempt login with -generate_password argument and the | must_change flag ON for the user. | | login Sectest_2 -gpw | | Expected Results: GRANT | | Audit: LOGIN Sectest_2.TestProj int Channel_n (create) | CREATE Sectest_2.TestProj Channel_n | | User: Your new password is "______", pronounced "______". | Password changed. | | Cleanup: | Logout. Set the password back to st2. The must_change flag | is automatically set to OFF when password changes. | | ----------------------------------------------------------------- C-12 INTERACTIVE USER I&A - DAC SCRIPT NORMAL LOGIN Case 5 | | Setup: | Set the generate flag ON for Sectest_2 in the PNT. | | Run: | Attempt login with -change_password argument and the | generate flag ON for the user. | | login Sectest_2 -cpw | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.TestProj int Channel_n (use_gpw)| | User: Login incorrect. You must use the -generate_password | option to change your password. | | Cleanup: | Set the generate flag OFF in the PNT. | | ----------------------------------------------------------------- | | Case 6 | | Setup: | Set the generate flag ON for Sectest_2 in the PNT. | | Run: | Attempt login with -generate_password argument and the | generate flag ON for the user. | | login Sectest_2 -gpw | | Expected Results: GRANT | | Audit: LOGIN Sectest_2.TestProj int Channel_n (create) | CREATE Sectest_2.TestProj Channel_n | | User: Your new password is "______", pronounced "______". | Password changed. | | Cleanup: | Logout. Set the generate flag to OFF, and set the password | for Sectest_2 back to st2 in the PNT. | | ----------------------------------------------------------------- | C-13 NORMAL LOGIN INTERACTIVE USER I&A - DAC SCRIPT | Case 7 | | Setup: | The generate flag is OFF for Sectest_2 in the PNT. | | Run: | Attempt login with -generate_password argument and the | generate flag OFF for the user. | | login Sectest_2 -gpw | | Expected Results: GRANT | | Audit: LOGIN Sectest_2.TestProj int Channel_n (create) | CREATE Sectest_2.TestProj Channel_n | | User: Your new password is "______", pronounced "______". | Password changed. | | Cleanup: | Logout. Set the password for Sectest_2 back to st2 in the | PNT. | | ----------------------------------------------------------------- | | Case 8 | | Setup: | Set the change flag OFF for Sectest_2 in the PNT. | | Run: | Attempt login with -change_password argument and the change | flag OFF for the user. | | login Sectest_2 -cpw | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.TestProj int Channel_n (no_chnge) | | User: Change privilege denied. Contact User Accounts. | | Cleanup: | Set the change flag ON in the PNT. | | ----------------------------------------------------------------- C-14 INTERACTIVE USER I&A - DAC SCRIPT NORMAL LOGIN Case 9 | | Setup: | The change flag is ON for Sectest_2 in the PNT. | | Run: | Attempt login with -change_password argument and the change | flag ON for the user. | | login Sectest_2 -cpw | | Expected Results: GRANT | | Audit: LOGIN Sectest_2.TestProj int Channel_n (create) | CREATE Sectest_2.TestProj Channel_n | | User: Password changed. | | Cleanup: | Logout. Set the password for Sectest_2 back to st2 in the | PNT. | | ----------------------------------------------------------------- | | Case 10 | | Setup: | Set the change flag OFF for Sectest_2 in the PNT. | | Run: | Attempt login with -generate_password argument and the | change flag OFF for the user. | | login Sectest_2 -gpw | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.TestProj int Channel_n (no_chnge|) | User: Change privilege denied. Contact User Accounts. | | Cleanup: | Set the change flag ON in the PNT. | | ----------------------------------------------------------------- | C-15 NORMAL LOGIN INTERACTIVE USER I&A - DAC SCRIPT | Case 11 | | Setup: | The change flag is ON for Sectest_2 in the PNT. | | Run: | Attempt login with -generate_password argument and the | change flag ON for the user. | | login Sectest_2 -gpw | | Expected Results: GRANT | | Audit: LOGIN Sectest_2.TestProj int Channel_n (create) | CREATE Sectest_2.TestProj Channel_n | | User: Your new password is "______", pronounced "______". | Password changed. | | Cleanup: | Logout. Set the password for Sectest_2 back to st2 in the | PNT. | | ----------------------------------------------------------------- | | Case 12 | | Setup: | Set the change flag OFF for Sectest_2 in the PNT. | | Run: | Attempt login with a new project_id, the | -change_default_project argument and the change flag OFF for | the user. | | login Sectest_2.SysMaint -cdp | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.TestProj int Channel_n (no_chnge) | | User: Change privilege denied. Contact User Accounts. | | Cleanup: | Set the change flag ON in the PNT. | | ----------------------------------------------------------------- C-16 INTERACTIVE USER I&A - DAC SCRIPT NORMAL LOGIN Case 13 | | Setup: | The change flag is ON for Sectest_2 in the PNT. | | Run: | Attempt login with an invalid new project_id, the | -change_default_project argument and the change flag ON for | the user. | | login Sectest_2.Noproject -cdp | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.TestProj int Channel_n (bad_proj|) | User: Specified project does not exist. | Default project changed. | | Cleanup: | Set the default project back to TestProj for Sectest_2 in | the PNT. | | ----------------------------------------------------------------- | | Case 14 | | Setup: | The change flag is ON for Sectest_2 in the PNT. | | Run: | Attempt login with a valid new project_id that the user is | not registered on, and the -change_default_project argument. | | login Sectest_2.SysMaint -cdp | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.SysMaint int Channel_n (bad_proj|) | User: You are not registered on the specified project. | Default project changed. | | Cleanup: | Set the default project back to TestProj for Sectest_2 in | the PNT. | | ----------------------------------------------------------------- | C-17 NORMAL LOGIN INTERACTIVE USER I&A - DAC SCRIPT | Case 15 | | Setup: | The change flag is ON for Sectest_2 in the PNT. | | Run: | Attempt login with a new valid project_id, the | -change_default_project argument, and the change flag ON for | the user. | | login Sectest_2.SecTest -cdp | | Expected Results: GRANT | | Audit: LOGIN Sectest_2.SecTest int Channel_n (create) | CREATE Sectest_2.SecTest Channel_n | | User: Default project changed. | | Cleanup: | Logout. Set the default project back to TestProj for | Sectest_2 in the PNT. | | ----------------------------------------------------------------- | | Case 16 | | Setup: | Set the change flag OFF for Sectest_2 in the PNT. | | Run: | Attempt login with -change_default_authorization and -auth | arguments, with the change flag OFF for the user. | | login Sectest_2 -cda -auth system_low | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.TestProj int Channel_n (no_chnge) | | User: Change privilege denied. Contact User Accounts. | | Cleanup: | Set the change flag ON in the PNT. | | ----------------------------------------------------------------- C-18 INTERACTIVE USER I&A - DAC SCRIPT NORMAL LOGIN Case 17 | | Setup: | The change flag is ON for Sectest_2 in the PNT. Set the | authorization range to level_0:system_high in the PDT for | Sectest_2 and TestProj. | | Run: | Attempt login with -change_default_authorization and -auth | arguments, with the change flag ON for the user. | | login Sectest_2 -cda -auth system_high | | Expected Results: GRANT | | Audit: LOGIN Sectest_2.TestProj int Channel_n (create) | CREATE Sectest_2.TestProj Channel_n | | User: Default authorization changed. | | Cleanup: | Logout. Set the authorization range back to level_0:level_0 | in the PDT. | | ----------------------------------------------------------------- | | Case 18 | | Setup: | The password_min_length field in the installation parameters | is 3. | | Run: | Attempt login with -change_password argument, giving only 1 | or 2 characters of a new password. | | login Sectest_2 -cpw | | Expected Results: DENY | | Audit: None. | Unable to complete the login sequence until a | password of at least 3 characters is given. | | User: login: Invalid password. Password must be at least | 3 characters long. | | Cleanup: | Type "quit" to get out of password prompt. | | ----------------------------------------------------------------- | C-19 NORMAL LOGIN INTERACTIVE USER I&A - DAC SCRIPT | Case 19 | | Setup: | Set the lock flag to ON for Sectest_2 in the PNT. | | Run: | Attempt login with -change_password, | -change_default_project, and -change_default_authorization | arguments and the lock flag ON for the user. | | login Sectest_2.SecTest -cpw -cdp -cda -auth system_high | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.SecTest int Channel_n (pwlocked) | | User: Password is locked. Please contact administrative | personnel. | | Cleanup: | Set the lock flag OFF in the PNT. | | ----------------------------------------------------------------- C-20 INTERACTIVE USER I&A - DAC SCRIPT NORMAL LOGIN Case 20 | | Setup: | Set installation_parm "password_expiration_interval" to some | value greater than 0 days. Set the PNT entry values | "time_last_good_pw" and "user_validated_time" to ZERO for | Sectest_2 using the sectest_chg_pnte utility program. | | Run: | Attempt login with -change_password argument. | | login Sectest_2 -cpw | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.TestProj int Channel_n (pwexprd)| | User: login: Your password has not been used in more than | N days. | It has automatically expired. | Password expired. Please contact administrative | personnel. | | Cleanup: | Set "password_expiration_interval" back to original value. | Set the PNT values "time_last_good_pw" and | "user_validated_time" to the current date/time. | | ----------------------------------------------------------------- | C-21 NORMAL LOGIN INTERACTIVE USER I&A - DAC SCRIPT | Case 21 | | Setup: | Set the authorization range to system_low:system_high for | the login channel in the CDT. Set the authorization range | to system_low:level_6,category_1,category_2 in the SAT for | TestProj. Set the authorization range to | system_low:level_6,category_1,category_2 in the TestProj PDT | for Sectest_2. Set the authorization range to | system_low:level_4,category_1,category_5 in the PNT for | Sectest_2. | | Run: | Attempt login with -auth argument. | | login Sectest_2 -auth level_4,category_2 | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.TestProj int Channel_n (cantauth) | | User: You cannot login at the requested authorization. | | Cleanup: | None. Continue with case 22. | | ----------------------------------------------------------------- C-22 INTERACTIVE USER I&A - DAC SCRIPT NORMAL LOGIN Case 22 | | Setup: | CDT, SAT, PDT and PNT have authorization ranges as specified | in case 21. | | Run: | Attempt login with -auth argument. | | login Sectest_2 -auth level_4,category_1 | | Expected Results: GRANT | | Audit: LOGIN Sectest_2.TestProj int Channel_n (create) | CREATE Sectest_2.TestProj Channel_n | | User: ****** | Your authorization is level_4, category_1 | ****** | | Cleanup: | Logout. Set the authorization range back to | system_low:system_low in the CDT, SAT, PDT and PNT. | | ***************************************************************** | C-23 NORMAL LOGIN INTERACTIVE USER I&A - DAC SCRIPT | Set D - Authenticate Project | | ***************************************************************** | | Case 1 | | Setup: | Noproject is an invalid project for Sectest_2 in the PDT. | | Run: | Attempt login with user specified invalid project. | | login Sectest_2.Noproject | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.Noproject int Channel_n (bad_proj) | | User: Specified project does not exist. | | Cleanup: | None. | | ----------------------------------------------------------------- | | Case 2 | | Setup: | Sectest_2 is not a registered member of the SysMaint | project. | | Run: | Attempt login with user specified valid project that the | user is not a registered member of. | | login Sectest_2.SysMaint | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.SysMaint int Channel_n (not_pdt) | | User: You are not registered on the specified project. | | Cleanup: | None | | ----------------------------------------------------------------- C-24 INTERACTIVE USER I&A - DAC SCRIPT NORMAL LOGIN Case 3 | | Setup: | Sectest_2 is registered on the TestProj project in the PNT. | | Run: | Attempt login with user specified valid project that the | user is a registered member of. | | login Sectest_2.TestProj | | Expected Results: GRANT | | Audit: LOGIN Sectest_2.TestProj int Channel_n (create) | CREATE Sectest_2.TestProj Channel_n | | Cleanup: | Logout. | | ----------------------------------------------------------------- | | Case 4 | | Setup: | Set the default project to Noproject for Sectest_2 in the | PNT. | | Run: | Attempt login with invalid default project. | | login Sectest_2 | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.Noproject int Channel_n (bad_pro|j) | User: Specified project does not exist. | | Cleanup: | Set the default project back to TestProj in the PNT. | | ----------------------------------------------------------------- | C-25 NORMAL LOGIN INTERACTIVE USER I&A - DAC SCRIPT | Case 5 | | Setup: | Set the default project for Sectest_2 in the PNT to the | SysMaint project, which Sectest_2 is not registered on. | | Run: | Attempt login with a valid but unregistered default project. | | login Sectest_2 | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.SysMaint int Channel_n (not_pdt) | | User: You are not registered on the specified project. | | Cleanup: | Set the default project back to TestProj in the PNT. | | ----------------------------------------------------------------- | | Case 6 | | Setup: | Sectest_2 has a valid registered default project of | TestProj. | | Run: | Attempt login with valid, registered default project. | | login Sectest_2 | | Expected Results: GRANT | | Audit: LOGIN Sectest_2.TestProj int Channel_n (create) | CREATE Sectest_2.TestProj Channel_n | | Cleanup: | Logout. | | ***************************************************************** C-26 INTERACTIVE USER I&A - DAC SCRIPT NORMAL LOGIN Set E - Authenticate Communications Channel | | ***************************************************************** | | Case 1 | | Setup: | Rename the ACS segment for Channel_n to another name so it | cannot be found. | | Run: | Attempt login with no ACS segment for the channel the user | is logging in on. | | login Sectest_2 | | Expected Results: DENY | | Audit: lg_ctl_: Entry not found. Unable to check access for | channel Channel_n. | lg_ctl_: login access to Channel_n by | Sectest_2.TestProj denied by ACS. | LOGIN DENIED Sectest_2.TestProj int Channel_n (^lineacs|) | User: You do not have permission to use this channel. | hangup | | Cleanup: | Rename the ACS segment back to the original name so it can | be used. | | ----------------------------------------------------------------- | C-27 NORMAL LOGIN INTERACTIVE USER I&A - DAC SCRIPT | Case 2 | | Setup: | Set RE access for Sectest_2 on the ACS segment for | Channel_n. | | Run: | Attempt login with RE access on ACS segment for the channel | the user is logging in on. | | login Sectest_2 | | Expected Results: DENY | | Audit: lg_ctl_: login access to Channel_n by | Sectest_2.TestProj denied by ACS. | LOGIN DENIED Sectest_2.TestProj int Channel_n (^lineacs) | | User: You do not have permission to use this channel. | hangup | | Cleanup: | Set RW access for Sectest_2 on the ACS segment for | Channel_n. | | ----------------------------------------------------------------- C-28 INTERACTIVE USER I&A - DAC SCRIPT NORMAL LOGIN Case 3 | | Setup: | Set RW access for Sectest_2 on the ACS segment for | Channel_n. | | Run: | Attempt login with RW access on ACS segment for the channel | the user is logging in on. | | login Sectest_2 | | Expected Results: GRANT | | Audit: LOGIN Sectest_2.TestProj int Channel_n (create) | CREATE Sectest_2.TestProj Channel_n | | Cleanup: | Logout. | | ***************************************************************** | C-29 NORMAL LOGIN INTERACTIVE USER I&A - DAC SCRIPT | Set F - Authenticate User Specified Initial Ring | | ***************************************************************** | | Case 1 | | Setup: | The min ring is set to 4 for Sectest_2 in TestProj project | in the SAT and PDT. | | Run: | Attempt login with -ring argument less than the minimum for | the project. | | login Sectest_2 -ring 1 | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.TestProj int Channel_n (ringlow) | | User: Initial ring is less than the lowest you may specify. | | Cleanup: | None. | | ----------------------------------------------------------------- | | Case 2 | | Setup: | The max ring is set to 5 for Sectest_2 in TestProj in the | SAT and PDT. | | Run: | Attempt login with -ring argument greater than the maximum | for the project. | | login Sectest_2 -ring 6 | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.TestProj int Channel_n (ringhigh) | | User: Initial ring is greater than the highest you may | specify. | | Cleanup: | None. | | ----------------------------------------------------------------- C-30 INTERACTIVE USER I&A - DAC SCRIPT NORMAL LOGIN Case 3 | | Setup: | Set the min ring to 5 for Sectest_2 in TestProj in the PDT | by using rings 5,5,5, and keep the min ring at 4 in the SAT. | | Run: | Attempt login with -ring argument less than the minimum for | the project. | | login Sectest_2 -ring 4 | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.TestProj int Channel_n (ringlow)| | User: Initial ring is less than the lowest you may specify. | | Cleanup: | Set the min ring back to 4 for TestProj by using rings 4,5,4 | in the PDT. | | ----------------------------------------------------------------- | | Case 4 | | Setup: | Set the max ring to 4 for Sectest_2 in TestProj in the PDT | by using rings 4,4,4, and keep the max ring at 5 in the SAT. | | Run: | Attempt login with -ring argument greater than the maximum | for the project. | | login Sectest_2 -ring 5 | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.TestProj int Channel_n (ringhigh|) | User: Initial ring is greater than the highest you may | specify. | | Cleanup: | Set the max ring back to 5 for TestProj by using rings 4,5,4 | in the PDT. | | ----------------------------------------------------------------- | C-31 NORMAL LOGIN INTERACTIVE USER I&A - DAC SCRIPT | Case 5 | | Setup: | The min ring is set to 4 and the max ring is set to 5 for | Sectest_2 in TestProj project in the SAT and PDT. | | Run: | Attempt login with -ring argument within the limits for the | project. | | login Sectest_2 -ring 4 | | Expected Results: GRANT | | Audit: LOGIN Sectest_2.TestProj int Channel_n (create) | CREATE Sectest_2.TestProj Channel_n | | Cleanup: | Logout. | | ***************************************************************** C-32 INTERACTIVE USER I&A - DAC SCRIPT NORMAL LOGIN Set G - Authenticate PDT Default Initial Ring | | ***************************************************************** | | Case 1 | | Setup: | Set the min ring in the SAT to 3 for TestProj. Set the | default ring to 3 in the PDT for Sectest_2 by using rings | 3,5,3. Set the min ring in the SAT back to 4. | | Run: | Attempt login with the PDT default less than the minimum for | the project. | | login Sectest_2 | | Expected Results: GRANT | | Audit: lg_ctl_: raised initial ring for Sectest_2.TestProj | from 3 (in PDTE) to 4 (in SATE). | LOGIN Sectest_2.TestProj int Channel_n (create) | CREATE Sectest_2.TestProj Channel_n | | Cleanup: | Logout. Set the rings back to 4,5,4 in the PDT. | | ----------------------------------------------------------------- | C-33 NORMAL LOGIN INTERACTIVE USER I&A - DAC SCRIPT | Case 2 | | Setup: | Set the max ring in the SAT to 6 for TestProj. Set the | default ring to 6 in the PDT for Sectest_2 by using rings | 4,6,6. Set the max ring in the SAT back to 5. | | Run: | Attempt login with the PDT default greater than the maximum | for the project. | | login Sectest_2 | | Expected Results: GRANT | | Audit: lg_ctl_: lowered max ring for Sectest_2.TestProj | from 6 (in PDTE) to 5 (in SATE). | LOGIN Sectest_2.TestProj int Channel_n (create) | CREATE Sectest_2.TestProj Channel_n | | Cleanup: | Logout. Set the rings back to 4,5,4 in the PDT. | | Note: | This is the normal behavior for this test, however there is | a bug that prevents the user from logging in. It will be | fixed in a future release. | | ----------------------------------------------------------------- C-34 INTERACTIVE USER I&A - DAC SCRIPT NORMAL LOGIN Case 3 | | Setup: | The min ring is set to 4 and the max ring is set to 5 for | Sectest_2 in TestProj project in the SAT and PDT. The | default is ring 4. | | Run: | Attempt login with PDT default within the limits for the | project. | | login Sectest_2 | | Expected Results: GRANT | | Audit: LOGIN Sectest_2.TestProj int Channel_n (create) | CREATE Sectest_2.TestProj Channel_n | | Cleanup: | Logout. | | ***************************************************************** | C-35 NORMAL LOGIN INTERACTIVE USER I&A - DAC SCRIPT | Set H - Authenticate Installation Restrictions | | ***************************************************************** | | Case 1 | | Setup: | Set the password_change_interval to 1 day in the | installation parameters. Sectest_3 has not changed a | password since it was set up. | | Run: | Attempt login with a user that has not changed a password in | more than the number of days in password_change_interval in | the installation parameters. | | login Sectest_3 | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_3.TestProj int Channel_n (mustcpw) | | User: login: Your password has expired. It must be changed | once every 1 days. | You must use the -change_password option to change | your password. | | Cleanup: | Set the password_change_interval back to 0 in the | installation parameters. | | ----------------------------------------------------------------- C-36 INTERACTIVE USER I&A - DAC SCRIPT NORMAL LOGIN Case 2 | | Setup: | Set the password_expiration_interval to 1 day in the | installation parameters. | | Run: | Attempt login with a user that has not logged in over 1 day. | | login Sectest_3 | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_3.TestProj int Channel_n (pwexprd)| | User: login: Your password has not been used in more than 1 | days. It has automatically expired. | Password expired. Please contact administrative | personnel. | | Cleanup: | Set the password_expiration_interval back to 0 in the | installation parameters. | | ----------------------------------------------------------------- | C-37 NORMAL LOGIN INTERACTIVE USER I&A - DAC SCRIPT | Case 3 | | Setup: | The tries field is set to 3 in the installation parameters. | | Run: | Attempt 3 logins with valid users and invalid passwords. | | login Sectest_2 | | login Sectest_2 | | login Sectest_2 | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.TestProj int Channel_n (bad_pass) | | LOGIN DENIED Sectest_2.TestProj int Channel_n (bad_pass) | | lg_ctl_: too many bad passwords for | Sectest_2.TestProj from Channel_n . | | LOGIN DENIED Sectest_2.TestProj int Channel_n (bad_pass) | | User: Incorrect password supplied. | | Incorrect password supplied. | | Incorrect password supplied. | | hangup | | Communication is disconnected at the channel. | | Cleanup: | None. | | Note: | This is the normal behavior for this test, however there is | a minor bug that enters the "too many bad passwords..." | message into the log after only two incorrect passwords are | attempted. | | ----------------------------------------------------------------- C-38 INTERACTIVE USER I&A - DAC SCRIPT NORMAL LOGIN Case 4 | | Setup: | The tries field is set to 3 in the installation parameters. | | Run: | Attempt 3 invalid logins. | | login Sectest_2.SysMaint | | login Sectest_2 -ring 1 | | login No_person | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.SysMaint int Channel_n (not_pdt)| | LOGIN DENIED Sectest_2.TestProj int Channel_n (ringlow)| | LOGIN DENIED Noperson int Channel_n (badpers) | | User: You are not registered on the specified project. | | Initial ring is less than the lowest you may specify. | | The user name you supplied is not registered. | | hangup | | Communication is disconnected at the channel. | | Cleanup: | None. | | ***************************************************************** | C-39 MDD-004-01 Functional Testing | _C_._2 _N_O_R_M_A_L _L_O_G_I_N _A_B_S_E_N_T_E_E _U_S_E_R | | FEATURE: Absentee User I&A Normal Login | | | SECURITY PROPERTY: I&A, DAC, AUDIT | | | EXCEPTIONS: | | LABEL property not applicable for DAC portion of I&A. | | Absentee jobs are created within an already verified | process, therefore authenticating the password, user | specified changes, communications channels, user specified | rings, and installation restrictions are not included in | these tests. | | | TEST CASE DESCRIPTIONS: | | This group of manual tests comprise the Identification and | Authentication, concerned with the Discretionary Access | Controls (DAC) security features, of the: | | Normal Login Absentee User (8 tests) | | Set A: Identify User | 1. unregistered user DENY | 2. registered user GRANT | | Set B: Authenticate Project | 1. user specified invalid project DENY | 2. user specified unreg, valid project DENY | 3. user specified reg, valid project GRANT | | Set C: Authenticate PDT Default Initial Ring | 1. PDT default < min in SAT (uses SAT min) GRANT | 2. PDT default > max in SAT (uses SAT max) GRANT | 3. PDT default within all limits GRANT C-40 ABSENTEE USER I&A - DAC SCRIPT NORMAL LOGIN ASSUMPTIONS: | | This is considered a B2 Security Site for all communications | channels as defined in the CDT. All the flags listed in the | check_acs attributes are set to ON by "check_acs: all;" | statement in the CDT, before the tests are run. In the | setup for each individual test, all conditions except for | the one being tested are met for each test case. | | The assumption for all these functional tests is that the | person and project performing the tests have no access to | any privileged gates or ACS segments, i.e., they are | completely unprivileged. When these tests are manually run, | it is assumed that there will be two terminals available, | one for the actual user testing and another one for a | SysAdmin user who performs the setup, verification of audit, | and cleanup. The SysAdmin user needs to be completely | familiar with the AK50 Procedures Manual and know the | commands to make the changes. | | The following System Tables have been set up with all the | typical values and flags except for those specified in | "Setup". | Person Name Table (PNT), Project Definition Table (PDT), | System Administrator Table (SAT), and Channel Definition | Table (CDT) | C-41 NORMAL LOGIN ABSENTEE USER I&A - DAC SCRIPT | SETUP: | | Register Sectest_2 in the PNT with: | password is st2 | default project is TestProj | | Register Sectest_2 in TestProj PDT with: | default ring is 4 | max ring is 5 | min ring is 4 | | Register Sectest_2 in Del1 PDT. | | Register TestProj and Del1 projects in the SAT with: | max ring is 5 | min ring is 4 | | Channel_n is the channel that will be set up and dedicated | for this testing. | | The ia_test.absin is a simple print absentee job residing in | >sec_ldd>data_dir directory that will be used for all these | tests. | | &version 2 | &- This is the absentee absin required for I&A absentee | &- login testing. | &- | &- History: | &- 1985-08-01, JG Backs: written to test absentee logins | &- | &print This is a test to see if the absentee | &print job will be able to login. | &quit | | | HISTORY: | | 85-07-23 JG Backs: Created login script for manual testing. | | 85-08-04 JG Backs: Added "-of [wd]>ia_test" to all ear | requests to have the absout file created in the working | directory. Also added logout to the cleanup in two Cases. | | 85-08-13 JG Backs: Changed the channel name from Channel1 | to Channel_n. On some printers the "1" appeared as if | another "l", making the name unclear. Added a cover page | with footnote indicating it is an internal working document. | | 85-09-17 JG Backs: Corrected typos of privileged. Audit | change. C-42 ABSENTEE USER I&A - DAC SCRIPT NORMAL LOGIN NORMAL LOGIN TEST CASES: | | | Set A - Identify User | | ***************************************************************** | | Case 1 | | Setup: | The enter_absentee_request (ear) must be started from within | Sectest_2 with deferred time of 2 minutes. After the | absentee job is entered, remove user Sectest_2 from the PNT | so it becomes an unregistered user. | | Run: | Attempt to do an absentee login with unregistered person_id. | | login Sectest_2 | | ear >sec_ldd>data_dir>ia_test -time 2min -of [wd]>ia_test | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.TestProj Q 3 abs1 (badpers) | | User: ******** | From Multics: Deleted from PNT. | ******** | | Cleanup: | Register Sectest_2 as a user in the PNT. | | ----------------------------------------------------------------- | C-43 NORMAL LOGIN ABSENTEE USER I&A - DAC SCRIPT | Case 2 | | Setup: | None. Sectest_2 is a registered user in the PNT. | | Run: | Attempt to do an absentee login with registered person_id. | | login Sectest_2 | | ear >sec_ldd>data_dir>ia_test -of [wd]>ia_test | | Expected Results: GRANT | | Audit: LOGIN Sectest_2.TestProj Q 3 abs1 (create) [test] | CREATE Sectest_2.TestProj abs1 (login) | | Cleanup: | Print ia_test.absout, then delete it. Logout. | | ***************************************************************** C-44 ABSENTEE USER I&A - DAC SCRIPT NORMAL LOGIN Set B - Authenticate Project | | ***************************************************************** | | Case 1 | | Setup: | The enter_absentee_request (ear) must be started from within | Sectest_2 with deferred time of 2 minutes. After the | absentee job is entered, delete the Del1 project from the | SAT so it becomes an invalid project. | | Run: | Attempt login with user specified invalid project. | | login Sectest_2.Del1 | | ear >sec_ldd>data_dir>ia_test -time 2min -of [wd]>ia_test | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.Del1 Q 3 abs1 (bad_proj) | | User: ******** | From Multics: Project deleted. | You will be logged out in 5 minutes. | ******** | | Cleanup: | Logout. A deleted project cannot be reinstated until | billing is completed. | | Note: | If this test is run more than once, multiple "Deln" projects | have to be set up so they can be deleted. | | ----------------------------------------------------------------- | C-45 NORMAL LOGIN ABSENTEE USER I&A - DAC SCRIPT | Case 2 | | Setup: | The enter_absentee_request (ear) must be started from within | Sectest_2 with deferred time of 2 minutes. After the | absentee job is entered, comment out the Sectest_2 user in | TestProj project in the PDT. | | Run: | Attempt to do absentee login with user specified valid | project that the user is not a registered member of. | | login Sectest_2.TestProj | | ear >sec_ldd>data_dir>ia_test -time 2min -of [wd]>ia_test | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.TestProj Q 3 abs1 (not_pdt) | | User: ******** | From Multics: User deleted from project. | You will be logged out in 5 minutes. | ******** | | Cleanup: | Logout. Put Sectest_2 back in TestProj PDT. | | ----------------------------------------------------------------- C-46 ABSENTEE USER I&A - DAC SCRIPT NORMAL LOGIN Case 3 | | Setup: | None. Sectest_2 is registered on the TestProj project in | the PNT. | | Run: | Attempt login with user specified valid project that the | user is a registered member of. | | login Sectest_2.TestProj | | ear >sec_ldd>data_dir>ia_test -of [wd]>ia_test | | Expected Results: GRANT | | Audit: LOGIN Sectest_2.TestProj Q 3 abs1 (create) [test] | CREATE Sectest_2.TestProj abs1 (login) | | Cleanup: | Print ia_test.absout, then delete it. Logout. | | ***************************************************************** | C-47 NORMAL LOGIN ABSENTEE USER I&A - DAC SCRIPT | Set C - Authenticate PDT Default Initial Ring | | ***************************************************************** | | Case 1 | | Setup: | The enter_absentee_request (ear) must be started from within | Sectest_2 with deferred time of 3 minutes. After the | absentee job is entered, set the min ring in the SAT to 3 | for TestProj. Set the default ring to 3 in the PDT for | Sectest_2 by using rings 3,5,3. Set the min ring in the SAT | back to 4. | | Run: | Attempt to do absentee login with the PDT default less than | the minimum for the project. | | login Sectest_2 | | ear >sec_ldd>data_dir>ia_test -time 3min -of [wd]>ia_test | | Expected Results: GRANT | | Audit: lg_ctl_: raised initial ring for Sectest_2.TestProj | from 3 (in PDTE) to 4 (in SATE). | LOGIN Sectest_2.TestProj Q 3 abs1 (create) [test] | CREATE Sectest_2.TestProj abs1 (login) | | Cleanup: | Print ia_test.absout, then delete it. Logout. Set the | rings back to 4,5,4 in the PDT. | | ----------------------------------------------------------------- C-48 ABSENTEE USER I&A - DAC SCRIPT NORMAL LOGIN Case 2 | | Setup: | Start the absentee job from within Sectest_2 with deferred | time of 3 minutes. Set the max ring in the SAT to 6 for | TestProj. Set the default ring to 6 in the PDT for | Sectest_2 by using rings 4,6,6. Set the max ring in the SAT | back to 5. | | Run: | Attempt to do absentee login with the PDT default greater | than the maximum for the project. | | login Sectest_2 | | ear >sec_ldd>data_dir>ia_test -time 3min -of [wd]>ia_test | | Expected Results: GRANT | | Audit: lg_ctl_: lowered max ring for Sectest_2.TestProj | from 6 (in PDTE) to 5 (in SATE). | LOGIN Sectest_2.TestProj Q 3 abs1 (create) [test] | CREATE Sectest_2.TestProj abs1 (login) | | Cleanup: | Print ia_test.absout, then delete it. Logout. Set the | rings back to 4,5,4 in the PDT. | | Note: | This is the normal behavior for this test, however there is | a bug that prevents the user from logging in. It will be | fixed in a future release. | ----------------------------------------------------------------- | C-49 NORMAL LOGIN ABSENTEE USER I&A - DAC SCRIPT | Case 3 | | Setup: | None. The minimum ring is set to 4 and the maximum ring is | set to 5 for Sectest_2 in TestProj project in the SAT and | PDT. The default is ring 4. | | Run: | Attempt to do absentee login with PDT default within the | limits for the project. | | login Sectest_2 | | ear >sec_ldd>data_dir>ia_test -of [wd]>ia_test | | Expected Results: GRANT | | Audit: LOGIN Sectest_2.TestProj Q 3 abs1 (create) [test] | CREATE Sectest_2.TestProj abs1 (login) | | Cleanup: | Print ia_test.absout, then delete it. Logout. | | ***************************************************************** C-50 Functional Testing MDD-004-01 _C_._3 _A_N_O_N_Y_M_O_U_S _E_N_T_E_R _A_B_S_E_N_T_E_E _U_S_E_R | | FEATURE: Absentee User I&A Anonymous Enter | | | SECURITY PROPERTY: I&A, DAC, AUDIT | | | EXCEPTIONS: | | LABEL property not applicable for DAC portion of I&A. | | Absentee jobs are created within an already verified | process, therefore authenticating the password, user | specified changes, communications channels, user specified | rings, and installation restrictions are not included in | these tests. | | | TEST CASE DESCRIPTIONS: | | This group of manual tests comprise the Identification and | Authentication, concerned with the Discretionary Access | Controls (DAC) security features, of the: | | Anonymous Enter Absentee User (7 tests) | | Set A: Identify User | 1. project not allowed anonymous in SAT DENY | 2. no anonymous user in PDT DENY | 3. anonymous user in PDT GRANT | | Set B: Authenticate Project | 1. user specified invalid project DENY | | Set C: Authenticate PDT Default Initial Ring | 1. PDT default < min in SAT (uses SAT min) GRANT | 2. PDT default > max in SAT (uses SAT max) GRANT | 3. PDT default within all limits GRANT | C-51 ANONYMOUS ENTER ABSENTEE USER I&A - DAC SCRIPT | ASSUMPTIONS: | | This is considered a B2 Security Site for all communications | channels as defined in the CDT. All the flags listed in the | check_acs attributes are set to ON by "check_acs: all;" | statement in the CDT, before the tests are run. In the | setup for each individual test, all conditions except for | the one being tested are met for each test case. | | The assumption for all these functional tests is that the | person and project performing the tests have no access to | any privileged gates or ACS segments, i.e., they are | completely unprivileged. When these tests are manually run, | it is assumed that there will be two terminals available, | one for the actual user testing and another one for a | SysAdmin user who performs the setup, verification of audit, | and cleanup. The SysAdmin user needs to be completely | familiar with the AK50 Procedures Manual and know the | commands to make the changes. | | The following System Tables have been set up with all the | typical values and flags except for those specified in | "Setup". | Person Name Table (PNT), Project Definition Table (PDT), | System Administrator Table (SAT), and Channel Definition | Table (CDT) C-52 ABSENTEE USER I&A - DAC SCRIPT ANONYMOUS ENTER SETUP: | | Register anonymous in TestProj PDT with: | anonymous person_id is * | there is no anonymous password | homedir is >udd>TestProj>anonymous | initproc is process_overseer_ | default ring is 4 | max ring is 5 | min ring is 4 | | Register anonymous in Del2 PDT with: | anonymous person_id is * | there is no anonymous password | homedir is >udd>Del2>anonymous | initproc is process_overseer_ | default ring is 4 | max ring is 5 | min ring is 4 | | Register TestProj and Del2 projects in the SAT with: | anonymous flag is ON | max ring is 5 | min ring is 4 | | Create >udd>Del2>anonymous and >udd>TestProj>anonymous | directories. | | Channel_n is the channel that will be set up and dedicated | for this testing. | | The ia_test.absin is a simple print absentee job residing in | >sec_ldd>data_dir directory that will be used for all these | tests. | | &version 2 | &- This is the absentee absin required for I&A absentee | &- login testing. | &- | &- History: | &- 1985-08-01, JG Backs: written to test absentee login|s &- | &print This is a test to see if the absentee | &print job will be able to login. | &quit | C-53 ANONYMOUS ENTER ABSENTEE USER I&A - DAC SCRIPT | HISTORY: | | 85-07-23 JG Backs: Created login script for manual testing. | | 85-08-04 JG Backs: Deleted ".absin" and added "-of | [wd]>ia_test" to all ear requests to create the absout file | in the working directory. Added logout to the cleanup in | three Cases. Made the homedir for anonymous in Del2 | >udd>Del2>anonymous, and included creation of two anonymous | directories to global SETUP. | | 85-08-13 JG Backs: Changed the channel name from Channel1 | to Channel_n. On some printers the "1" appeared as if | another "l", making the name unclear. Added a cover page | with footnote indicating it is an internal working document. | | 85-09-17 JG Backs: Corrected typos of privileged. Audit | change. C-54 ABSENTEE USER I&A - DAC SCRIPT ANONYMOUS ENTER ANONYMOUS ENTER TEST CASES: | | | Set A - Identify User | | ***************************************************************** | | Case 1 | | Setup: | The enter_absentee_request (ear) must be started from within | anonymous process with deferred time of 2 minutes. After | the absentee job is entered, set anonymous attribute to OFF | for TestProj in the SAT. | | Run: | Attempt to do an absentee login from an anonymous process | with a project that is not allowed an anonymous user. | | enter TestProj | | ear >sec_ldd>data_dir>ia_test -time 2min -of [wd]>ia_test | | Expected Results: DENY | | Audit: LOGIN DENIED *TestProj.TestProj Q 3 abs1 (not_pdt) | | Cleanup: | Logout. Set the anonymous attribute to ON in the SAT. | | ----------------------------------------------------------------- | C-55 ANONYMOUS ENTER ABSENTEE USER I&A - DAC SCRIPT | Case 2 | | Setup: | The enter_absentee_request (ear) must be started from within | anonymous process with deferred time of 2 minutes. After | the absentee job is entered, comment out the anonymous | person_id of * for TestProj project in the PDT. | | Run: | Attempt absentee login from an anonymous process with a | project that does not have an anonymous user defined. | | enter TestProj | | ear >sec_ldd>data_dir>ia_test -time 2min -of [wd]>ia_test | | Expected Results: DENY | | Audit: LOGIN DENIED *TestProj.TestProj Q 3 abs1 (not_pdt) | | User: ******** | From Multics: User deleted from project | You will be logged out in 5 minutes. | ******** | | Cleanup: | Logout. Put anonymous person_id of * back in TestProj | project in the PDT. | | ----------------------------------------------------------------- C-56 ABSENTEE USER I&A - DAC SCRIPT ANONYMOUS ENTER Case 3 | | Setup: | None. TestProj project has an anonymous user defined in the | PNT. | | Run: | Attempt to do an absentee login as an anonymous user. | | enter TestProj | | ear >sec_ldd>data_dir>ia_test -of [wd]>ia_test | | Expected Results: GRANT | | Audit: LOGIN *TestProj.TestProj Q 3 abs1 (create) [test] | CREATE *TestProj.TestProj abs1 (login) | | Cleanup: | Print ia_test.absout, then delete it. Logout. | | ***************************************************************** | C-57 ANONYMOUS ENTER ABSENTEE USER I&A - DAC SCRIPT | Set B - Authenticate Project | | ***************************************************************** | | Case 1 | | Setup: | The enter_absentee_request (ear) must be started from within | anonymous process with deferred time of 2 minutes. After | the absentee job is entered, delete the Del2 project from | the SAT so it becomes an invalid project. | | Run: | Attempt absentee login from an anonymous process with user | specified invalid project. | | enter Del2 | | ear >sec_ldd>data_dir>ia_test -time 2min -of [wd]>ia_test | | Expected Results: DENY | | Audit: LOGIN DENIED *Del2.Del2 Q 3 abs1 (bad_proj) | | User: ******** | From Multics: Project deleted. | You will be logged out in 5 minutes. | ******** | | Cleanup: | Logout. A deleted project cannot be reinstated until | billing is completed. | | Note: | If this test is run more than once, multiple "Deln" projects | have to be set up so they can be deleted. | | ***************************************************************** C-58 ABSENTEE USER I&A - DAC SCRIPT ANONYMOUS ENTER Set C - Authenticate PDT Default Initial Ring | | ***************************************************************** | | Case 1 | | Setup: | The enter_absentee_request (ear) must be started from within | anonymous process with deferred time of 3 minutes. After | the absentee job is entered, set the min ring in the SAT to | 3 for TestProj. Set the default ring to 3 in the PDT for | anonymous by using rings 3,5,3. Set the min ring in the SAT | back to 4. | | Run: | Attempt absentee login from an anonymous process with the | PDT default less than the minimum for the project. | | enter TestProj | | ear >sec_ldd>data_dir>ia_test -time 3min -of [wd]>ia_test | | Expected Results: GRANT | | Audit: lg_ctl_: raised initial ring for TestProj.TestProj | from 3 (in PDTE) to 4 (in SATE). | LOGIN *TestProj.TestProj Q 3 abs1 (create) [test] | CREATE *TestProj.TestProj abs1 (login) | | Cleanup: | Print ia_test.absout, then delete it. Logout. Set the | rings back to 4,5,4 in the PDT. | | ----------------------------------------------------------------- | C-59 ANONYMOUS ENTER ABSENTEE USER I&A - DAC SCRIPT | Case 2 | | Setup: | Start the absentee job from within anonymous process with | deferred time of 3 minutes. Set the max ring in the SAT to | 6 for TestProj. Set the default ring to 6 in the PDT for | anonymous by using rings 4,6,6. Set the max ring in the SAT | back to 5. | | Run: | Attempt absentee login from an anonymous process with the | PDT default greater than the maximum for the project. | | enter TestProj | | ear >sec_ldd>data_dir>ia_test -time 3min -of [wd]>ia_test | | Expected Results: GRANT | | Audit: lg_ctl_: lowered max ring for TestProj.TestProj from | 6 (in PDTE) to 5 (in SATE). | LOGIN *TestProj.TestProj Q 3 abs1 (create) [test] | CREATE *TestProj.TestProj abs1 (login) | | Cleanup: | Print ia_test.absout, then delete it. Logout. Set the | rings back to 4,5,4 in the PDT. | | Note: | This is the normal behavior for this test, however there is | a bug that prevents the user from logging in. It will be | fixed in a future release. | | ----------------------------------------------------------------- C-60 ABSENTEE USER I&A - DAC SCRIPT ANONYMOUS ENTER Case 3 | | Setup: | None. The minimum ring is set to 4 and the maximum ring is | set to 5 for the anonymous user in TestProj project in the | SAT and PDT. The default is ring 4. | | Run: | Attempt absentee login from an anonymous process with PDT | default within the limits for the project. | | enter TestProj | | ear >sec_ldd>data_dir>ia_test -of [wd]>ia_test | | Expected Results: GRANT | | Audit: LOGIN *TestProj.TestProj Q 3 abs1 (create) [test] | CREATE *TestProj.TestProj abs1 (login) | | Cleanup: | Print ia_test.absout, then delete it. Logout. | | ***************************************************************** | C-61 MDD-004-01 Functional Testing | _C_._4 _A_N_O_N_Y_M_O_U_S _E_N_T_E_R _I_N_T_E_R_E_A_C_T_I_V_E _U_S_E_R | | FEATURE: Interactive User I&A Anonymous Enter | | | SECURITY PROPERTY: I&A, DAC, AUDIT | | | EXCEPTIONS: | LABEL property not applicable for DAC portion of I&A. | | The use of "enter" as a request to create a process for an | anonymous user does not require a password or allow changes | to password, default project, or default authorization. | Therefore the tests for authenticating password, user | specified changes, and installation restrictions are not | included. | | | TEST CASE DESCRIPTIONS: | | This group of manual tests comprise the Identification and | Authentication, concerned with the Discretionary Access | Controls (DAC) security features, of the: | | Anonymous Enter Interactive User (20 tests) | | Set A: Identify User | 1. project not allowed anonymous in SAT DENY | 2. no anonymous user in PDT DENY | 3. anonymous user in PDT GRANT | | Set B: Authenticate Project | 1. user specified invalid project DENY | 2. user specified unreg, valid project DENY | 3. user specified valid project GRANT | 4. no proj. specified, user = invalid project DENY | 5. no proj. specified, user = unreg project DENY | 6. no proj. specified, user = valid project GRANT | | Set C: Authenticate Communication Channel | 1. no ACS segment DENY | 2. RE access on ACS segment DENY | 3. RW access on ACS segment GRANT | | Set D: Authenticate User Specified Initial Ring | 1. -ring, < min in SAT DENY | 2. -ring, > max in SAT DENY | 3. -ring, within SAT; < min in PDT DENY | 4. -ring, within SAT; > max in PDT DENY | 5. -ring, within all limits GRANT C-62 INTERACTIVE USER I&A - DAC SCRIPT ANONYMOUS ENTER Set E: Authenticate PDT Default Initial Ring | 1. PDT default < min in SAT (uses SAT min) GRANT | 2. PDT default > max in SAT (uses SAT max) GRANT | 3. PDT default within all limits GRANT | | | ASSUMPTIONS: | | This is considered a B2 Security Site for all communications | channels as defined in the CDT. All the flags listed in the | check_acs attributes are set to ON by "check_acs: all;" | statement in the CDT, before the tests are run. In the | setup for each individual test, all conditions except for | the one being tested are met for each test case. | | The assumption for all these functional tests is that the | person and project performing the tests have no access to | any privileged gates or ACS segments, i.e., they are | completely unprivileged. When these tests are manually run, | it is assumed that there will be two terminals available, | one for the actual user testing and another one for a | SysAdmin user who performs the setup, verification of audit, | and cleanup. The SysAdmin user needs to be completely | familiar with the AK50 Procedures Manual and know the | commands to make the changes. | | The following System Tables have been set up with all the | typical values and flags except for those specified in | "Setup". | Person Name Table (PNT), Project Definition Table (PDT), | System Administrator Table (SAT), and Channel Definition | Table (CDT) | C-63 ANONYMOUS ENTER INTERACTIVE USER I&A - DAC SCRIPT | SETUP: | | Register Sectest_2 in the PNT with: | password is st2 | default project is TestProj | | Register anonymous user in TestProj PDT with: | anonymous person_id is * | there is no anonymous password | homedir is >udd>TestProj>anonymous | initproc is process_overseer_ | default ring is 4 | max ring is 5 | min ring is 4 | | Register Sectest_2 in TestProj PDT with: | default ring is 4 | max ring is 5 | min ring is 4 | | Register the TestProj project in the SAT with: | anonymous flag is ON in the SAT | max ring is 5 | min ring is 4 | | Channel_n is the channel that will be set up and dedicated | for this testing. | | | HISTORY: | | 85-07-23 JG Backs: Created login script for manual testing. | | 85-08-13 JG Backs: Changed the channel name from Channel1 | to Channel_n. On some printers the "1" appeared as if | another "l", making the name unclear. Added a cover page | with footnote indicating it is an internal working document. | Also removed the note about a future critical fix on test | case 2 of the Authenticate Communications Channel set | because the fix was installed and works correctly. Added | max ring and min ring designations for the SAT; corrected | typos. | | 85-09-17 JG Backs: Corrected typos of privileged. Also | changed minimum ring to min ring and maximum ring to max | ring for consistancy. Audit change. C-64 INTERACTIVE USER I&A - DAC SCRIPT ANONYMOUS ENTER ANONYMOUS ENTER TEST CASES: | | | Set A - Identify User | | ***************************************************************** | | Case 1 | | Setup: | Set anonymous attribute to OFF for TestProj project in SAT. | | Run: | Attempt to enter with project that is not allowed an | anonymous user. | | enter Sectest_2.TestProj | | Expected Results: DENY | | Audit: LOGIN DENIED *Sectest_2.TestProj int Channel_n (not_pdt|) | User: You are not registered on the specified project. | | Cleanup: | Set anonymous attribute to ON for TestProj project in SAT. | | ----------------------------------------------------------------- | | Case 2 | | Setup: | Comment out the anonymous person_id of * for TestProj | project in the PDT. | | Run: | Attempt to enter with project that does not have an | anonymous user defined. | | enter Sectest_2.TestProj | | Expected Results: DENY | | Audit: LOGIN DENIED *Sectest_2.TestProj int Channel_n (not_pdt|) | User: You are not registered on the specified project. | | Cleanup: | Put the anonymous person_id of * back in for TestProj | project in the PDT. | | ----------------------------------------------------------------- | C-65 ANONYMOUS ENTER INTERACTIVE USER I&A - DAC SCRIPT | Case 3 | | Setup: | TestProj project has an anonymous user defined in the PDT. | | Run: | Attempt to enter as anonymous user. | | enter Sectest_2.TestProj | | Expected Results: GRANT | | Audit: LOGIN *Sectest_2.TestProj int Channel_n (create) | CREATE *Sectest_2.TestProj Channel_n | | Cleanup: | Logout. | | ***************************************************************** C-66 INTERACTIVE USER I&A - DAC SCRIPT ANONYMOUS ENTER Set B - Authenticate Project | | ***************************************************************** | | Case 1 | | Setup: | Noproject is an invalid project for Sectest_2 in the PDT. | | Run: | Attempt enter with user specified invalid project. | | enter Sectest_2.Noproject | | Expected Results: DENY | | Audit: LOGIN DENIED *Sectest_2.Noproject int Channel_n (bad_pr|oj) | User: Specified project does not exist. | | Cleanup: | None. | | ----------------------------------------------------------------- | | Case 2 | | Setup: | Sectest_2 is not a registered member of the SysMaint | project. | | Run: | Attempt enter with user specified valid project that the | user is not a registered member of. | | enter Sectest_2.SysMaint | | Expected Results: DENY | | Audit: LOGIN DENIED *Sectest_2.SysMaint int Channel_n (not_pdt|) | User: You are not registered on the specified project. | | Cleanup: | None | | ----------------------------------------------------------------- | C-67 ANONYMOUS ENTER INTERACTIVE USER I&A - DAC SCRIPT | Case 3 | | Setup: | Sectest_2 is registered on the TestProj project and the | default project has been set to TestProj in the PNT. | | Run: | Attempt enter with user specified valid project that the | user is a registered member of. | | enter Sectest_2.TestProj | | Expected Results: GRANT | | Audit: LOGIN *Sectest_2.TestProj int Channel_n (create) | CREATE *Sectest_2.TestProj Channel_n | | Cleanup: | Logout. | | ----------------------------------------------------------------- | | Case 4 | | Setup: | None. | | Run: | Attempt enter without project, user name is invalid project. | | enter Sectest_2 | | Expected Results: DENY | | Audit: LOGIN DENIED *Sectest_2.Sectest_2 int Channel_n (bad_proj) | | User: Specified project does not exist. | | Cleanup: | None. | | ----------------------------------------------------------------- C-68 INTERACTIVE USER I&A - DAC SCRIPT ANONYMOUS ENTER Case 5 | | Setup: | None | | Run: | Attempt enter without project, user name is valid but | unregistered project. | | enter SysMaint | | Expected Results: DENY | | Audit: LOGIN DENIED *SysMaint.SysMaint int Channel_n (not_pdt)| | User: You are not registered on the specified project. | | Cleanup: | None. | | ----------------------------------------------------------------- | | Case 6 | | Setup: | None. | | Run: | Attempt enter without project, user name is valid project. | | enter TestProj | | Expected Results: GRANT | | Audit: LOGIN *TestProj.TestProj int Channel_n (create) | CREATE *TestProj.TestProj Channel_n | | Cleanup: | Logout. | | ***************************************************************** | C-69 ANONYMOUS ENTER INTERACTIVE USER I&A - DAC SCRIPT | Set C - Authenticate Communications Channel | | ***************************************************************** | | Case 1 | | Setup: | Rename the ACS segment for Channel_n to another name so it | cannot be found. | | Run: | Attempt enter with no ACS segment for the channel the user | is logging in on. | | enter TestProj | | Expected Results: DENY | | Audit: lg_ctl_: Entry not found. Unable to check access for | channel Channel_n. | lg_ctl_: login access to Channel_n by | TestProj.TestProj denied by ACS. | LOGIN DENIED *TestProj.TestProj int Channel_n (^lineacs) | | User: You do not have permission to use this channel. | hangup | | Cleanup: | Rename the ACS segment back to the original name so it can | be used. | | ----------------------------------------------------------------- C-70 INTERACTIVE USER I&A - DAC SCRIPT ANONYMOUS ENTER Case 2 | | Setup: | Set RE access for *.TestProj on the ACS segment for | Channel_n. | | Run: | Attempt enter with RE access on ACS segment for the channel | the user is logging in on. | | enter TestProj | | Expected Results: DENY | | Audit: lg_ctl_: login access to Channel_n by | TestProj.TestProj denied by ACS. | LOGIN DENIED *TestProj.TestProj int Channel_n (^lineacs|) | User: You do not have permission to use this channel. | hangup | | Cleanup: | Set RW access for *.Testproj on the ACS segment for | Channel_n. | | ----------------------------------------------------------------- | C-71 ANONYMOUS ENTER INTERACTIVE USER I&A - DAC SCRIPT | Case 3 | | Setup: | The access for *.TestProj on the ACS segment for Channel_n | is RW. | | Run: | Attempt enter with RW access on ACS segment for the channel | the user is logging in on. | | enter TestProj | | Expected Results: GRANT | | Audit: LOGIN *TestProj.TestProj int Channel_n (create) | CREATE *TestProj.TestProj Channel_n | | Cleanup: | Logout. | | ***************************************************************** C-72 INTERACTIVE USER I&A - DAC SCRIPT ANONYMOUS ENTER Set D - Authenticate User Specified Initial Ring | | ***************************************************************** | | Case 1 | | Setup: | The min ring is set to 4 for the anonymous user in TestProj | project in the SAT and PDT. | | Run: | Attempt enter with -ring argument less than the minimum for | the project. | | enter TestProj -ring 1 | | Expected Results: DENY | | Audit: LOGIN DENIED *TestProj.TestProj int Channel_n (ringlow)| | User: Initial ring is less than the lowest you may specify. | | Cleanup: | None. | | ----------------------------------------------------------------- | | Case 2 | | Setup: | The max ring is set to 5 for the anonymous user in TestProj | project in the SAT and PDT. | | Run: | Attempt enter with -ring argument greater than the maximum | for the project. | | enter TestProj -ring 6 | | Expected Results: DENY | | Audit: LOGIN DENIED *TestProj.TestProj int Channel_n (ringhigh|) | User: Initial ring is greater than the highest you may | specify. | | Cleanup: | None. | | ----------------------------------------------------------------- | C-73 ANONYMOUS ENTER INTERACTIVE USER I&A - DAC SCRIPT | Case 3 | | Setup: | Set the min ring to 5 for the anonymous user in TestProj | project in the PDT by using rings 5,5,5, and keep the min | ring at 4 in the SAT. | | Run: | Attempt enter with -ring argument less than the minimum for | the project. | | enter TestProj -ring 4 | | Expected Results: DENY | | Audit: LOGIN DENIED *TestProj.TestProj int Channel_n (ringlow) | | User: Initial ring is less than the lowest you may specify. | | Cleanup: | Set the min ring back to 4 for anonymous user in TestProj by | using rings 4,5,4 in the PDT. | | ----------------------------------------------------------------- C-74 INTERACTIVE USER I&A - DAC SCRIPT ANONYMOUS ENTER Case 4 | | Setup: | Set the max ring to 4 for the anonymous user in TestProj | project in the PDT by using rings 4,4,4, and keep the max | ring at 5 in the SAT. | | Run: | Attempt enter with -ring argument greater than the maximum | for the project. | | enter TestProj -ring 5 | | Expected Results: DENY | | Audit: LOGIN DENIED *TestProj.TestProj int Channel_n (ringhigh|) | User: Initial ring is greater than the highest you may | specify. | | Cleanup: | Set the max ring back to 5 for anonymous user in TestProj by | using rings 4,5,4 in the PDT. | | ----------------------------------------------------------------- | C-75 ANONYMOUS ENTER INTERACTIVE USER I&A - DAC SCRIPT | Case 5 | | Setup: | The min ring is set to 4 and the max ring is set to 5 for | the anonymous user in TestProj project in the SAT and PDT. | | Run: | Attempt enter with -ring argument within the limits for the | project. | | enter TestProj -ring 4 | | Expected Results: GRANT | | Audit: LOGIN *TestProj.TestProj int Channel_n (create) | CREATE *TestProj.TestProj Channel_n | | Cleanup: | Logout. | | ***************************************************************** C-76 INTERACTIVE USER I&A - DAC SCRIPT ANONYMOUS ENTER Set E - Authenticate PDT Default Initial Ring | | ***************************************************************** | | Case 1 | | Setup: | Set the min ring in the SAT to 3 for TestProj. Set the | default ring to 3 for anonymous in the PDT by using rings | 3,5,3. Set the min ring in the SAT back to 4. | | Run: | Attempt enter with the PDT default less than the minimum for | the project. | | enter TestProj | | Expected Results: GRANT | | Audit: lg_ctl_: raised initial ring for TestProj.TestProj | from 3 (in PDTE) to 4 (in SATE). | LOGIN *TestProj.TestProj int Channel_n (create) | CREATE *TestProj.TestProj Channel_n | | Cleanup: | Logout. Set the rings back to 4,5,4 in the PDT. | | ----------------------------------------------------------------- | C-77 ANONYMOUS ENTER INTERACTIVE USER I&A - DAC SCRIPT | Case 2 | | Setup: | Set the max ring in the SAT to 6 for TestProj. Set the | default ring to 6 for anonymous in the PDT by using rings | 4,6,6. Set the max ring in the SAT back to 5. | | Run: | Attempt enter with the PDT default greater than the maximum | for the project. | | enter TestProj | | Expected Results: GRANT | | Audit: lg_ctl_: lowered max ring for TestProj.TestProj from | 6 (in PDTE) to 5 (in SATE). | LOGIN *TestProj.TestProj int Channel_n (create) | CREATE *TestProj.TestProj Channel_n | | Cleanup: | Logout. Set the rings back to 4,5,4 in the PDT. | | Note: | This is the normal behavior for this test, however there is | a bug that prevents the user from logging in. It will be | fixed in a future release. | | ----------------------------------------------------------------- C-78 INTERACTIVE USER I&A - DAC SCRIPT ANONYMOUS ENTER Case 3 | | Setup: | The min ring is set to 4 and the max ring is set to 5 for | the anonymous user in TestProj project in the SAT and PDT. | | Run: | Attempt enter with PDT default within the limits for the | project. | | enter TestProj | | Expected Results: GRANT | | Audit: LOGIN *TestProj.TestProj int Channel_n (create) | CREATE *TestProj.TestProj Channel_n | | Cleanup: | Logout. | | ***************************************************************** | C-79 MDD-004-01 Functional Testing | _C_._5 _A_N_O_N_Y_M_O_U_S _E_N_T_E_R_P _I_N_T_E_R_A_C_T_I_V_E _U_S_E_R | | FEATURE: Interactive User I&A Anonymous Enterp | | | SECURITY PROPERTY: I&A, DAC, AUDIT | | | EXCEPTIONS: | LABEL property not applicable for DAC portion of I&A. | | The use of "enterp" as a request to create a process for an | anonymous user does require a password but does not allow | changes to password, default project, or default | authorization. Therefore the tests for authenticating user | specified changes and installation restrictions are not | included. | | | TEST CASE DESCRIPTIONS: | | This group of manual tests comprise the Identification and | Authentication, concerned with the Discretionary Access | Controls (DAC) security features, of the: | | Anonymous Enterp Interactive User (22 tests) | | Set A: Identify User | 1. project not allowed anonymous in SAT DENY | 2. no anonymous user in PDT DENY | 3. anonymous user in PDT GRANT | | Set B: Authenticate Password | 1. invalid password DENY | 2. valid password GRANT | | Set C: Authenticate Project | 1. user specified invalid project DENY | 2. user specified unreg, valid project DENY | 3. user specified valid project GRANT | 4. no proj. specified, user = invalid project DENY | 5. no proj. specified, user = unreg project DENY | 6. no proj. specified, user = valid project GRANT | | Set D: Authenticate Communication Channel | 1. no ACS segment DENY | 2. RE access on ACS segment DENY | 3. RW access on ACS segment GRANT C-80 INTERACTIVE USER I&A - DAC SCRIPT ANONYMOUS ENTERP Set E: Authenticate User Specified Initial Ring | 1. -ring, < min in SAT DENY | 2. -ring, > max in SAT DENY | 3. -ring, within SAT; < min in PDT DENY | 4. -ring, within SAT; > max in PDT DENY | 5. -ring, within all limits GRANT | | Set F: Authenticate PDT Default Initial Ring | 1. PDT default < min in SAT (uses SAT min) GRANT | 2. PDT default > max in SAT (uses SAT max) GRANT | 3. PDT default within all limits GRANT | | | ASSUMPTIONS: | | This is considered a B2 Security Site for all communications | channels as defined in the CDT. All the flags listed in the | check_acs attributes are set to ON by "check_acs: all;" | statement in the CDT, before the tests are run. In the | setup for each individual test, all conditions except for | the one being tested are met for each test case. | | The assumption for all these functional tests is that the | person and project performing the tests have no access to | any privileged gates or ACS segments, i.e., they are | completely unprivileged. When these tests are manually run, | it is assumed that there will be two terminals available, | one for the actual user testing and another one for a | SysAdmin user who performs the setup, verification of audit, | and cleanup. The SysAdmin user needs to be completely | familiar with the AK50 Procedures Manual and know the | commands to make the changes. | | The following System Tables have been set up with all the | typical values and flags except for those specified in | "Setup". | Person Name Table (PNT), Project Definition Table (PDT), | System Administrator Table (SAT), and Channel Definition | Table (CDT) | C-81 ANONYMOUS ENTERP INTERACTIVE USER I&A - DAC SCRIPT | SETUP: | | Register Sectest_2 in the PNT with: | password is st2 | default project is TestProj | | Register anonymous user in TestProj PDT with: | anonymous person_id is * | anonymous password is a_pass | homedir is >udd>TestProj>anonymous | initproc is process_overseer_ | default ring is 4 | max ring is 5 | min ring is 4 | | Register Sectest_2 in TestProj PDT with: | default ring is 4 | max ring is 5 | min ring is 4 | | Register the TestProj project in the SAT with: | anonymous flag is ON | max ring is 5 | min ring is 4 | | Channel_n is the channel that will be set up and dedicated | for this testing. | | | HISTORY: | | 85-07-23 JG Backs: Created login script for manual testing. | | 85-08-13 JG Backs: Changed the channel name from Channel1 | to Channel_n. On some printers the "1" appeared as if | another "l", making the name unclear. Added a cover page | with footnote indicating it is an internal working document. | Also removed the note about a future critical fix on test | case 2 of the Authenticate Communications Channel set | because the fix was installed and works correctly. Added | max ring and min ring designations for the SAT; corrected | typos. | | 85-09-17 JG Backs: Corrected typos of privileged. Also | changed minimum ring to min ring and maximum ring to max | ring for consistancy. Audit change. C-82 INTERACTIVE USER I&A - DAC SCRIPT ANONYMOUS ENTERP ANONYMOUS ENTERP TEST CASES: | | | Set A - Identify User | | ***************************************************************** | | Case 1 | | Setup: | Set anonymous attribute to OFF for TestProj project in SAT. | | Run: | Attempt to enterp with project that is not allowed an | anonymous user. | | enterp Sectest_2.TestProj | | Expected Results: DENY | | Audit: LOGIN DENIED *Sectest_2.TestProj int Channel_n (not_pdt|) | User: You are not registered on the specified project. | | Cleanup: | Set anonymous attribute to ON for TestProj project in SAT. | | ----------------------------------------------------------------- | | Case 2 | | Setup: | Comment out the anonymous person_id of * for TestProj | project in the PDT. | | Run: | Attempt to enterp with project that does not have an | anonymous user defined. | | enterp Sectest_2.TestProj | | Expected Results: DENY | | Audit: LOGIN DENIED *Sectest_2.TestProj int Channel_n (not_pdt|) | User: You are not registered on the specified project. | | Cleanup: | Put the anonymous person_id of * back in for TestProj | project in the PDT. | | ----------------------------------------------------------------- | C-83 ANONYMOUS ENTERP INTERACTIVE USER I&A - DAC SCRIPT | Case 3 | | Setup: | TestProj project has an anonymous user defined in the PDT. | | Run: | Attempt to enterp as anonymous user. | | enterp Sectest_2.TestProj | | Expected Results: GRANT | | Audit: LOGIN *Sectest_2.TestProj int Channel_n (create) | CREATE *Sectest_2.TestProj Channel_n | | Cleanup: | Logout. | | ***************************************************************** C-84 INTERACTIVE USER I&A - DAC SCRIPT ANONYMOUS ENTERP Set B - Authenticate Password | | ***************************************************************** | | Case 1 | | Setup: | No_pass is an invalid anonymous password for project | TestProj in the PDT. | | Run: | Attempt enterp with invalid password. | | enterp Sectest_2.TestProj | | Expected Results: DENY | | Audit: LOGIN DENIED *Sectest_2.TestProj int Channel_n (anon_pw|) | User: Incorrect password supplied. | | Cleanup: | None. | | ----------------------------------------------------------------- | | Case 2 | | Setup: | a_pass is the valid anonymous password for project TestProj | in the PDT. | | Run: | Attempt enterp with valid password of a_pass. | | enterp Sectest_2.TestProj | | Expected Results: GRANT | | Audit: LOGIN *Sectest_2.TestProj int Channel_n (create) | CREATE *Sectest_2.TestProj Channel_n | | Cleanup: | None. | | ***************************************************************** | C-85 ANONYMOUS ENTERP INTERACTIVE USER I&A - DAC SCRIPT | Set C - Authenticate Project | | ***************************************************************** | | Case 1 | | Setup: | Noproject is an invalid project for Sectest_2 in the PDT. | | Run: | Attempt enterp with user specified invalid project. | | enterp Sectest_2.Noproject | | Expected Results: DENY | | Audit: LOGIN DENIED *Sectest_2.Noproject int Channel_n (bad_proj) | | User: Specified project does not exist. | | Cleanup: | None. | | ----------------------------------------------------------------- | | Case 2 | | Setup: | Sectest_2 is not a registered member of the SysMaint | project. | | Run: | Attempt enterp with user specified valid project that the | user is not a registered member of. | | enterp Sectest_2.SysMaint | | Expected Results: DENY | | Audit: LOGIN DENIED *Sectest_2.SysMaint int Channel_n (not_pdt) | | User: You are not registered on the specified project. | | Cleanup: | None | | ----------------------------------------------------------------- C-86 INTERACTIVE USER I&A - DAC SCRIPT ANONYMOUS ENTERP Case 3 | | Setup: | Sectest_2 is registered on the TestProj project and the | default project has been set to TestProj in the PNT. | | Run: | Attempt enterp with user specified valid project that the | user is a registered member of. | | enterp Sectest_2.TestProj | | Expected Results: GRANT | | Audit: LOGIN *Sectest_2.TestProj int Channel_n (create) | CREATE *Sectest_2.TestProj Channel_n | | Cleanup: | Logout. | | ----------------------------------------------------------------- | | Case 4 | | Setup: | None. | | Run: | Attempt enterp without project, user name is invalid | project. | | enterp Sectest_2 | | Expected Results: DENY | | Audit: LOGIN DENIED *Sectest_2.Sectest_2 int Channel_n (bad_pr|oj) | User: Specified project does not exist. | | Cleanup: | None. | | ----------------------------------------------------------------- | C-87 ANONYMOUS ENTERP INTERACTIVE USER I&A - DAC SCRIPT | Case 5 | | Setup: | None | | Run: | Attempt enterp without project, user name is valid but | unregistered project. | | enterp SysMaint | | Expected Results: DENY | | Audit: LOGIN DENIED *SysMaint.SysMaint int Channel_n (not_pdt) | | User: You are not registered on the specified project. | | Cleanup: | None. | | ----------------------------------------------------------------- | | Case 6 | | Setup: | None. | | Run: | Attempt enterp without project, user name is valid project. | | enterp TestProj | | Expected Results: GRANT | | Audit: LOGIN *TestProj.TestProj int Channel_n (create) | CREATE *TestProj.TestProj Channel_n | | Cleanup: | Logout. | | ***************************************************************** C-88 INTERACTIVE USER I&A - DAC SCRIPT ANONYMOUS ENTERP Set D - Authenticate Communications Channel | | ***************************************************************** | | Case 1 | | Setup: | Rename the ACS segment for Channel_n to another name so it | cannot be found. | | Run: | Attempt enterp with no ACS segment for the channel the user | is logging in on. | | enterp TestProj | | Expected Results: DENY | | Audit: lg_ctl_: Entry not found. Unable to check access for | channel Channel_n. | lg_ctl_: login access to Channel_n by | TestProj.TestProj denied by ACS. | LOGIN DENIED *TestProj.TestProj int Channel_n (^lineacs|) | User: You do not have permission to use this channel. | hangup | | Cleanup: | Rename the ACS segment back to the original name so it can | be used. | | ----------------------------------------------------------------- | C-89 ANONYMOUS ENTERP INTERACTIVE USER I&A - DAC SCRIPT | Case 2 | | Setup: | Set RE access for *.TestProj on the ACS segment for | Channel_n. | | Run: | Attempt enterp with RE access on ACS segment for the channel | the user is logging in on. | | enterp TestProj | | Expected Results: DENY | | Audit: lg_ctl_: login access to Channel_n by | TestProj.TestProj denied by ACS. | LOGIN DENIED *TestProj.TestProj int Channel_n (^lineacs) | | User: You do not have permission to use this channel. | hangup | | Cleanup: | Set RW access for *.TestProj on the ACS segment for | Channel_n. | | ----------------------------------------------------------------- C-90 INTERACTIVE USER I&A - DAC SCRIPT ANONYMOUS ENTERP Case 3 | | Setup: | The access for *.TestProj on the ACS segment for Channel_n | is RW. | | Run: | Attempt enterp with RW access on ACS segment for the channel | the user is logging in on. | | enterp TestProj | | Expected Results: GRANT | | Audit: LOGIN *TestProj.TestProj int Channel_n (create) | CREATE *TestProj.TestProj Channel_n | | Cleanup: | Logout. | | ***************************************************************** | C-91 ANONYMOUS ENTERP INTERACTIVE USER I&A - DAC SCRIPT | Set E - Authenticate User Specified Initial Ring | | ***************************************************************** | | Case 1 | | Setup: | The min ring is set to 4 for the anonymous user in TestProj | project in the SAT and PDT. | | Run: | Attempt enterp with -ring argument less than the minimum for | the project. | | enterp TestProj -ring 1 | | Expected Results: DENY | | Audit: LOGIN DENIED *TestProj.TestProj int Channel_n (ringlow) | | User: Initial ring is less than the lowest you may specify. | | Cleanup: | None. | | ----------------------------------------------------------------- | | Case 2 | | Setup: | The max ring is set to 5 for the anonymous user in TestProj | project in the SAT and PDT. | | Run: | Attempt enterp with -ring argument greater than the maximum | for the project. | | enterp TestProj -ring 6 | | Expected Results: DENY | | Audit: LOGIN DENIED *TestProj.TestProj int Channel_n (ringhigh) | | User: Initial ring is greater than the highest you may | specify. | | Cleanup: | None. | | ----------------------------------------------------------------- C-92 INTERACTIVE USER I&A - DAC SCRIPT ANONYMOUS ENTERP Case 3 | | Setup: | Set the min ring to 5 for the anonymous user in the TestProj | project in the PDT by using rings 5,5,5, and keep the min | ring at 4 in the SAT. | | Run: | Attempt enterp with -ring argument less than the minimum for | the project. | | enterp TestProj -ring 4 | | Expected Results: DENY | | Audit: LOGIN DENIED *TestProj.TestProj int Channel_n (ringlow)| | User: Initial ring is less than the lowest you may specify. | | Cleanup: | Set the min ring back to 4 for TestProj by using rings 4,5,4 | in the PDT. | | ----------------------------------------------------------------- | C-93 ANONYMOUS ENTERP INTERACTIVE USER I&A - DAC SCRIPT | Case 4 | | Setup: | Set the max ring to 4 for the anonymous user in TestProj | project in the PDT by using rings 4,4,4, and keep the max | ring at 5 in the SAT. | | Run: | Attempt enterp with -ring argument greater than the maximum | for the project. | | enterp TestProj -ring 5 | | Expected Results: DENY | | Audit: LOGIN DENIED *TestProj.TestProj int Channel_n (ringhigh) | | User: Initial ring is greater than the highest you may | specify. | | Cleanup: | Set the max ring back to 5 for TestProj by using rings 4,5,4 | in the PDT. | | ----------------------------------------------------------------- C-94 INTERACTIVE USER I&A - DAC SCRIPT ANONYMOUS ENTERP Case 5 | | Setup: | The min ring is set to 4 and the max ring is set to 5 for | the anonymous user in TestProj project in the SAT and PDT. | | Run: | Attempt enterp with -ring argument within the limits for the | project. | | enterp TestProj -ring 4 | | Expected Results: GRANT | | Audit: LOGIN *TestProj.TestProj int Channel_n (create) | CREATE *TestProj.TestProj Channel_n | | Cleanup: | Logout. | | ***************************************************************** | C-95 ANONYMOUS ENTERP INTERACTIVE USER I&A - DAC SCRIPT | Set F - Authenticate PDT Default Initial Ring | | ***************************************************************** | | Case 1 | | Setup: | Set the min ring in the SAT to 3 for TestProj. Set the | default ring to 3 for anonymous in the PDT by using rings | 3,5,3. Set the min ring in the SAT back to 4. | | Run: | Attempt enterp with the PDT default less than the minimum | for the project. | | enterp TestProj | | Expected Results: GRANT | | Audit: lg_ctl_: raised initial ring for TestProj.TestProj | from 3 (in PDTE) to 4 (in SATE). | LOGIN *TestProj.TestProj int Channel_n (create) | CREATE *TestProj.TestProj Channel_n | | Cleanup: | Logout. Set the rings back to 4,5,4 in the PDT. | | ----------------------------------------------------------------- C-96 INTERACTIVE USER I&A - DAC SCRIPT ANONYMOUS ENTERP Case 2 | | Setup: | Set the max ring in the SAT to 6 for TestProj. Set the | default ring to 6 for anonymous in the PDT by using rings | 4,6,6. Set the max ring in the SAT back to 5. | | Run: | Attempt enterp with the PDT default greater than the maximum | for the project. | | enterp TestProj | | Expected Results: GRANT | | Audit: lg_ctl_: lowered max ring for TestProj.TestProj from | 6 (in PDTE) to 5 (in SATE). | LOGIN *TestProj.TestProj int Channel_n (create) | CREATE *TestProj.TestProj Channel_n | | Cleanup: | Logout. Set the rings back to 4,5,4 in the PDT. | | Note: | This is the normal behavior for this test, however there is | a bug that prevents the user from logging in. It will be | fixed in a future release. | | ----------------------------------------------------------------- | C-97 ANONYMOUS ENTERP INTERACTIVE USER I&A - DAC SCRIPT | Case 3 | | Setup: | The min ring is set to 4 and the max ring is set to 5 for | the anonymous user in TestProj project in the SAT and PDT. | | Run: | Attempt enterp with PDT default within the limits for the | project. | | enterp TestProj | | Expected Results: GRANT | | Audit: LOGIN *TestProj.TestProj int Channel_n (create) | CREATE *TestProj.TestProj Channel_n | | Cleanup: | Logout. | | ***************************************************************** C-98 Functional Testing MDD-004-01 _C_._6 _D_I_A_L _S_E_R_V_I_C_E _I_N_T_E_R_A_C_T_I_V_E _U_S_E_R | | FEATURE: Interactive User I&A Dial Service | | | SECURITY PROPERTY: I&A, DAC, AUDIT | | | EXCEPTIONS: | | LABEL property not applicable for DAC portion of I&A. | | Dial service connects an additional terminal to an existing | process and it does not allow changes to password, default | project, or default authorization. Therefore the tests for | authenticating user specified changes, user specified | initial rings, and default initial rings, are not included. | | All the tests are performed on unregistered dial servers | because there is no distinction made between registered and | unregistered during I&A. Validation of the dialid is | handled differently so separate tests are included for that | verification after the I&A tests. | | | TEST CASE DESCRIPTIONS: | | This group of manual tests comprise the Identification and | Authentication, concerned with the Discretionary Access | Controls (DAC) security features, of the: | | Dial Service Interactive User (28 tests) | | Set A: Identify User | 1. no -user DENY | 2. unregistered user DENY | 3. registered user GRANT | | Set B: Authenticate Password | 1. invalid password DENY | 2. lock ON DENY | 3. time_lock ON DENY | 4. trap ON GRANT | 5. no -cpw; must_change ON DENY | 6. no -gpw; must_change & generate ON DENY | C-99 DIAL SERVICE INTERACTIVE USER I&A - DAC SCRIPT | Set C: Authenticate Project | 1. user specified invalid project DENY | 2. user specified unreg, valid project DENY | 3. user specified reg, valid project GRANT | 4. default invalid project DENY | 5. default unreg, valid project DENY | 6. default reg, valid project GRANT C-100 INTERACTIVE USER I&A - DAC SCRIPT DIAL SERVICE Set D: Authenticate Communication Channel | 1. no ACS segment DENY | 2. RE access on ACS segment DENY | 3. RW access on ACS segment GRANT | | Set E: Authenticate Installation Restrictions | 1. past days in password_change_interval DENY | 2. past days in password_expiration_interval DENY | 3. invalid password 3 times DENY | 4. invalid login 3 times DENY | | Set F: Validate Dial ID after I&A | 1. invalid dialid with reg dial server DENY | 2. valid dialid with reg dial server GRANT | 3. invalid dialid with unreg dial server DENY | 4. valid dialid with unreg dial server GRANT | | | ASSUMPTIONS: | | This is considered a B2 Security Site for all communications | channels as defined in the CDT. All the flags listed in the | check_acs attributes are set to ON by "check_acs: all;" | statement in the CDT, before the tests are run. In the | setup for each individual test, all conditions except for | the one being tested are met for each test case. | | The assumption for all these functional tests is that the | person and project performing the tests have no access to | any privileged gates or ACS segments, i.e., they are | completely unprivileged. When these tests are manually run, | it is assumed that there will be three terminals available, | one for the actual user attempting dials, one for another | user to set up a process and begin allowing dials, and | another one for a SysAdmin user who performs the setup, | verification of audit, and cleanup. The SysAdmin user needs | to be completely familiar with the AK50 Procedures Manual | and know the commands to make the changes. | | The following System Tables have been set up with all the | typical values and flags except for those specified in | "Setup". | Person Name Table (PNT), Project Definition Table (PDT), | System Administrator Table (SAT), and Channel Definition | Table (CDT) | C-101 DIAL SERVICE INTERACTIVE USER I&A - DAC SCRIPT | SETUP: | | Register Sectest_2 in the PNT with: | password is st2 | default project is TestProj | | Register Sectest_3 in the PNT with: | password is st3 | default project is TestProj | | Register Sectest_4 in the PNT with: | password is st4 | default project is TestProj | | Register above users in TestProj PDT with: | dialok flag is ON | | Register the TestProj project in the SAT with: | dialok flag is ON | | Set the installation parameters to: | tries is 3 | password_change_interval is 0 | password_expiration_interval is 0 | | Channel_n is the channel that will be set up and dedicated | for this testing. | | Create a registered dial server with a dialid of "dst". | | Create the process of Sectest_4.TestProj. Initiate an | unregistered dial service to allow dials with a dial_id of | "foo". | | | HISTORY: | | 85-07-23 JG Backs: Created login script for manual testing. | | 85-08-13 JG Backs: Changed the channel name from Channel1 | to Channel_n. On some printers the "1" appeared as if | another "l", making the name unclear. Added a cover page | with footnote indicating it is an internal working document. | Also removed the note about a future critical fix on test | case 2 of the Authenticate Communications Channel set | because the fix was installed and works correctly. | | 85-09-17 JG Backs: Corrected typos of privileged. Audit | change. C-102 INTERACTIVE USER I&A - DAC SCRIPT DIAL SERVICE DIAL SERVICE TEST CASES: | | | Set A - Identify User | | ***************************************************************** | | Case 1 | | Setup: | None. | | Run: | Attempt to dial without the -user argument. | | dial foo Sectest_4.TestProj | | Expected Results: DENY | | Audit: None. | | User: You must use the control argument -user | Person.Project for this channel. | | Cleanup: | None. | | ----------------------------------------------------------------- | | Case 2 | | Setup: | No_person is not a registered user in the PNT. | | Run: | Attempt to dial with unregistered person_id. | | dial foo Sectest_4.TestProj -user No_person | | Expected Results: DENY | | Audit: LOGIN DENIED No_Person int Channel_n (badpers) | | User: The user name you supplied is not registered. | | Cleanup: | None. | | ----------------------------------------------------------------- | C-103 DIAL SERVICE INTERACTIVE USER I&A - DAC SCRIPT | Case 3 | | Setup: | Sectest_2 is a registered user in the PNT. | | Run: | Attempt to dial with registered person_id. | | dial foo Sectest_4.TestProj -user Sectest_2.TestProj | | Expected Results: GRANT | | Audit: LOGIN Sectest_2.TestProj int Channel_n (dial) | DIALIN Sectest_2.TestProj Channel_n to foo | Sectest_4.TestProj | | Cleanup: | Terminate the dial call by shutoff_dials in Sectest_4 | process. | | ***************************************************************** C-104 INTERACTIVE USER I&A - DAC SCRIPT DIAL SERVICE Set B - Authenticate Password | | ***************************************************************** | | Case 1 | | Setup: | No_pass is an invalid password for Sectest_2 in the PNT. | | Run: | Attempt dial with invalid password. | | dial foo Sectest_4.TestProj -user Sectest_2.TestProj | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.TestProj int Channel_n (bad_pass|) | User: Incorrect password supplied. | PNT updated for bad password. | Msg sent "password given incorrectly". | | Cleanup: | Login with valid password to check if msg about incorrect | password is received. Logout. | | ----------------------------------------------------------------- | | Case 2 | | Setup: | Set the lock flag ON for Sectest_2 in the PNT. | | Run: | Attempt dial with the lock flag ON for the user. | | dial foo Sectest_4.TestProj -user Sectest_2.TestProj | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.TestProj int Channel_n (pwlocked|) | User: Password is locked. Please contact administrative | personnel. | | Cleanup: | Set the lock flag OFF in the PNT. | | ----------------------------------------------------------------- | C-105 DIAL SERVICE INTERACTIVE USER I&A - DAC SCRIPT | Case 3 | | Setup: | Set the time_lock to 24 hours for Sectest_2 in the PNT. | | Run: | Attempt dial before the date contained in time_lock for the | user. | | dial foo Sectest_4.TestProj -user Sectest_2.TestProj | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.TestProj int Channel_n (pwlocked) | | User: Password is locked. Please contact administrative | personnel. | | Cleanup: | Set the time_lock flag OFF in the PNT. | | ----------------------------------------------------------------- | | Case 4 | | Setup: | Set the trap flag ON for Sectest_2 in the PNT. | | Run: | Attempt dial with valid password and the trap flag ON for | the user. | | dial foo Sectest_4.TestProj -user Sectest_2.TestProj | | Expected Results: GRANT | | Audit: lg_ctl_: password used Sectest_2.TestProj Channel_n | | LOGIN Sectest_2.TestProj int Channel_n (dial) | DIALIN Sectest_2.TestProj Channel_n to foo | Sectest_4.TestProj | | Cleanup: | Terminate the dial call by shutoff_dials in Sectest_4 | process. Set the trap flag OFF in the PNT. | | ----------------------------------------------------------------- C-106 INTERACTIVE USER I&A - DAC SCRIPT DIAL SERVICE Case 5 | | Setup: | Set the must_change flag ON for Sectest_2 in the PNT. | | Run: | Attempt dial without -cpw argument and the must_change flag | ON for the user. | | dial foo Sectest_4.TestProj -user Sectest_2.TestProj | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.TestProj int Channel_n (mustcpw)| | User: You must use the -change_password option to change | your password. | | Cleanup: | Set the must_change flag OFF in the PNT. | | ----------------------------------------------------------------- | | Case 6 | | Setup: | Set the must_change and generate flags ON for Sectest_2 in | the PNT. | | Run: | Attempt dial without -gpw argument and with the must_change | and generate flags ON for the user. | | dial foo Sectest_4.TestProj -user Sectest_2.TestProj | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.TestProj int Channel_n (use_gpw)| | User: Login incorrect. You must use the -generate_password | option to change your password. | | Cleanup: | Set the must_change and generate flags OFF in the PNT. | | ***************************************************************** | C-107 DIAL SERVICE INTERACTIVE USER I&A - DAC SCRIPT | Set C - Authenticate Project | | ***************************************************************** | | Case 1 | | Setup: | Noproject is an invalid project for Sectest_2 in the PDT. | | Run: | Attempt dial with user specified invalid project. | | dial foo Sectest_4.TestProj -user Sectest_2.Noproject | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.Noproject int Channel_n (bad_proj) | | User: Specified project does not exist. | | Cleanup: | None. | | ----------------------------------------------------------------- | | Case 2 | | Setup: | Sectest_2 is not a registered member of the SysMaint | project. | | Run: | Attempt dial with user specified valid project that the user | is not a registered member of. | | dial foo Sectest_4.TestProj -user Sectest_2.SysMaint | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.SysMaint int Channel_n (not_pdt) | | User: You are not registered on the specified project. | | Cleanup: | None | | ----------------------------------------------------------------- C-108 INTERACTIVE USER I&A - DAC SCRIPT DIAL SERVICE Case 3 | | Setup: | Sectest_2 is registered on the TestProj project and the | default project has been set to TestProj in the PNT. | | Run: | Attempt dial with user specified valid project that the user | is a registered member of. | | dial foo Sectest_4.TestProj -user Sectest_2.TestProj | | Expected Results: GRANT | | Audit: LOGIN Sectest_2.TestProj int Channel_n (dial) | DIALIN Sectest_2.TestProj Channel_n to foo | Sectest_4.TestProj | | Cleanup: | Terminate the dial call by shutoff_dials in Sectest_4 | process. | | ----------------------------------------------------------------- | | Case 4 | | Setup: | Set the default project to Noproject for Sectest_2 in the | PNT. | | Run: | Attempt dial with invalid default project. | | dial foo Sectest_4.TestProj -user Sectest_2 | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.Noproject int Channel_n (bad_pro|j) | User: Specified project does not exist. | | Cleanup: | Set the default project back to TestProj in the PNT. | | ----------------------------------------------------------------- | C-109 DIAL SERVICE INTERACTIVE USER I&A - DAC SCRIPT | Case 5 | | Setup: | Set the default project for Sectest_2 in the PNT to the | SysMaint project, which Sectest_2 is not registered on. | | Run: | Attempt dial with a valid but unregistered default project. | | dial foo Sectest_4.TestProj -user Sectest_2 | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.SysMaint int Channel_n (not_pdt) | | User: You are not registered on the specified project. | | Cleanup: | Set the default project back to TestProj in the PNT. | | ----------------------------------------------------------------- | | Case 6 | | Setup: | Sectest_2 has a valid registered default project of | TestProj. | | Run: | Attempt dial with valid, registered default project. | | dial foo Sectest_4.TestProj -user Sectest_2 | | Expected Results: GRANT | | Audit: LOGIN Sectest_2.TestProj int Channel_n (dial) | DIALIN Sectest_2.TestProj Channel_n to foo | Sectest_4.TestProj | | Cleanup: | Terminate the dial call by shutoff_dials in Sectest_4 | process. | | ***************************************************************** C-110 INTERACTIVE USER I&A - DAC SCRIPT DIAL SERVICE Set D - Authenticate Communications Channel | | ***************************************************************** | | Case 1 | | Setup: | Rename the ACS segment for Channel_n to another name so it | cannot be found. | | Run: | Attempt dial with no ACS segment for the channel the user is | logging in on. | | dial foo Sectest_4.TestProj -user Sectest_2 | | Expected Results: DENY | | Audit: lg_ctl_: Entry not found. Unable to check access for | channel Channel_n. | lg_ctl_: login access to Channel_n by | Sectest_2.TestProj denied by ACS. | LOGIN DENIED Sectest_2.TestProj int Channel_n (^lineacs|) | User: You do not have permission to use this channel. | hangup | | Cleanup: | Rename the ACS segment back to the original name so it can | be used. | | ----------------------------------------------------------------- | C-111 DIAL SERVICE INTERACTIVE USER I&A - DAC SCRIPT | Case 2 | | Setup: | Set RE access for Sectest_2 on the ACS segment for | Channel_n. | | Run: | Attempt dial with RE access on ACS segment for the channel | the user is logging in on. | | dial foo Sectest_4.TestProj -user Sectest_2 | | Expected Results: DENY | | Audit: lg_ctl_: login access to Channel_n by | Sectest_2.TestProj denied by ACS. | LOGIN DENIED Sectest_2.TestProj int Channel_n (^lineacs) | | User: You do not have permission to use this channel. | hangup | | Cleanup: | Set RW access for Sectest_2 on the ACS segment for | Channel_n. | | ----------------------------------------------------------------- C-112 INTERACTIVE USER I&A - DAC SCRIPT DIAL SERVICE Case 3 | | Setup: | Set RW access for Sectest_2 on the ACS segment for | Channel_n. | | Run: | Attempt dial with RW access on ACS segment for the channel | the user is logging in on. | | dial foo Sectest_4.TestProj -user Sectest_2 | | Expected Results: GRANT | | Audit: LOGIN Sectest_2.TestProj int Channel_n (dial) | DIALIN Sectest_2.TestProj Channel_n to foo | Sectest_4.TestProj | | Cleanup: | Terminate the dial call by shutoff_dials in Sectest_4 | process. | | ***************************************************************** | C-113 DIAL SERVICE INTERACTIVE USER I&A - DAC SCRIPT | Set E - Authenticate Installation Restrictions | | ***************************************************************** | | Case 1 | | Setup: | Set the password_change_interval to 1 day in the | installation parameters. Sectest_3 has not changed a | password since it was set up. | | Run: | Attempt dial with a user that has not changed a password in | more than the number of days in password_change_interval in | the installation parameters. | | dial foo Sectest_4.TestProj -user Sectest_3 | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_3.TestProj int Channel_n (mustcpw) | | User: login: Your password has expired. It must be changed | once every 1 days. You must use the -change_password | option to change your password. | | Cleanup: | The password_change_interval should be reset to 0 in the | installation parameters. | | ----------------------------------------------------------------- C-114 INTERACTIVE USER I&A - DAC SCRIPT DIAL SERVICE Case 2 | | Setup: | Set the password_expiration_interval to 1 day in the | installation parameters. | | Run: | Attempt dial with a user that has not logged in over 1 day. | | dial foo Sectest_4.TestProj -user Sectest_3 | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_3.TestProj int Channel_n (pwexprd)| | User: login: Your password has not been used in more than 1 | days. It has automatically expired. Password | expired. Please contact administrative personnel. | | Cleanup: | The password_expiration_interval should be reset to 0 in the | installation parameters. | | ----------------------------------------------------------------- | C-115 DIAL SERVICE INTERACTIVE USER I&A - DAC SCRIPT | Case 3 | | Setup: | The tries field is set to 3 in the installation parameters. | | Run: | Attempt 3 dials with valid users and invalid passwords. | | dial foo Sectest_4.TestProj -user Sectest_2 | | dial foo Sectest_4.TestProj -user Sectest_2 | | dial foo Sectest_4.TestProj -user Sectest_2 | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.TestProj int Channel_n (bad_pass) | | LOGIN DENIED Sectest_2.TestProj int Channel_n (bad_pass) | | lg_ctl_: too many bad passwords for | Sectest_2.TestProj from Channel_n . | | LOGIN DENIED Sectest_2.TestProj int Channel_n (bad_pass) | | User: Incorrect password supplied. | | Incorrect password supplied. | | Incorrect password supplied. | | hangup | | Communication is disconnected at the channel. | | Cleanup: | None. | | Note: | This is the normal behavior for this test, however there is | a minor bug that enters the "too many bad passwords..." | message into the log after only two incorrect passwords are | attempted. | | ----------------------------------------------------------------- C-116 INTERACTIVE USER I&A - DAC SCRIPT DIAL SERVICE Case 4 | | Setup: | The tries field is set to 3 in the installation parameters. | | Run: | Attempt 3 invalid dials. | | dial foo Sectest_4.TestProj -user No_person.Noproject | | dial foo Sectest_4.TestProj -user Sectest_2.Noproject | | dial foo Sectest_4.TestProj -user No_person | | Expected Results: DENY | | Audit: LOGIN DENIED No_person.Noproject int Channel_n (badpers|) | LOGIN DENIED Sectest_2.Noproject int Channel_n (bad_pro|j) | LOGIN DENIED No_person int Channel_n (badpers) | | User: The user name you supplied is not registered. | | Specified project does not exist. | | The user name you supplied is not registered. | | hangup | | Communication is disconnected at the channel. | | Cleanup: | None. | | ***************************************************************** | C-117 DIAL SERVICE INTERACTIVE USER I&A - DAC SCRIPT | Set F - Validate Dial ID After I&A | | ***************************************************************** | | Case 1 | | Setup: | No_dial is not a valid dial_id of any registered dial | server. | | Run: | Attempt to dial with an invalid dial_id for a registered | dial server. | | dial No_dial -user Sectest_2.TestProj | | Expected Results: DENY | | Audit: LOGIN Sectest_2.TestProj int Channel_n (dial) | DIALIN DENIED Sectest_2.TestProj Channel_n to No_dial | Dial line not active | | User: Dial line not active. | | Cleanup: | None. | | ----------------------------------------------------------------- | | Case 2 | | Setup: | Initiate the registered dial service with a dialid of "dst" | to allow registered dials from the Sectest_4.TestProj | process. | | Run: | Attempt to dial with a valid dial_id of a registered dial | server. | | dial dst -user Sectest_2.TestProj | | Expected Results: GRANT | | Audit: LOGIN Sectest_2.TestProj int Channel_n (dial) | DIALIN Sectest_2.TestProj Channel_n to dst | Sectest_4.TestProj | | Cleanup: | Terminate the dial call by shutoff_dials in Sectest_4 | process. C-118 INTERACTIVE USER I&A - DAC SCRIPT DIAL SERVICE ----------------------------------------------------------------- | C-119 DIAL SERVICE INTERACTIVE USER I&A - DAC SCRIPT | Case 3 | | Setup: | No_dial is not a valid dial_id of any unregistered dial | server. | | Run: | Attempt to dial with an invalid dial_id for an unregistered | dial server. | | dial No_dial Sectest_4.TestProj -user Sectest_2.TestProj | | Expected Results: DENY | | Audit: LOGIN Sectest_2.TestProj int Channel_n (dial) | DIALIN DENIED Sectest_2.TestProj Channel_n to foo Dial | line not active | | User: Dial line not active. | | Cleanup: | None. | | ----------------------------------------------------------------- | | Case 4 | | Setup: | foo is the valid dial_id of unregistered dial server | Sectest_4.TestProj. | | Run: | Attempt to dial with a valid dial_id for an unregistered | dial server. | | dial foo Sectest_4.TestProj -user Sectest_2.TestProj | | Expected Results: GRANT | | Audit: LOGIN Sectest_2.TestProj int Channel_n (dial) | DIALIN Sectest_2.TestProj Channel_n to foo | Sectest_4.TestProj | | Cleanup: | Terminate the dial call by shutoff_dials in Sectest_4 | process. | | ***************************************************************** C-120 Functional Testing MDD-004-01 _C_._7 _D_I_A_L _S_E_R_V_I_C_E _A_N_O_N_Y_M_O_U_S _I_N_T_E_R_A_C_T_I_V_E _U_S_E_R | | FEATURE: Interactive User I&A Dial Service Anonymous| | | SECURITY PROPERTY: I&A, DAC, AUDIT | | | EXCEPTIONS: | | LABEL property not applicable for DAC portion of I&A. | | Dial service with anonymous user connects an additional | terminal to an existing process and it does not allow | changes to password, default project, or default | authorization. Therefore the tests for authenticating user | specified changes, user specified initial rings, default | initial rings, and installation restrictions are not | included. | | All the tests are performed on unregistered dial servers | because there is no distinction made between registered and | unregistered during I&A. Validation of the dialid is | handled differently so separate tests are included for that | verification after the I&A tests. | | | TEST CASE DESCRIPTIONS: | | This group of manual tests comprise the Identification and | Authentication, concerned with the Discretionary Access | Controls (DAC) security features, of the: | | Dial Anonymous Interactive User (16 tests) | | Set A: Identify User | 1. project not allowed anonymous in SAT DENY | 2. no anonymous user in PDT DENY | 3. anonymous user in PDT GRANT | | Set B: Authenticate Password | 1. invalid password DENY | 2. valid password GRANT | | Set C: Authenticate Project | 1. user specified invalid project DENY | 2. user specified unreg, valid project DENY | 3. user specified valid project GRANT | 4. no project specified DENY | C-121 DIAL ANONYMOUS INTERACTIVE USER I&A - DAC SCRIPT | Set D: Authenticate Communication Channel | 1. no ACS segment DENY | 2. RE access on ACS segment DENY | 3. RW access on ACS segment GRANT C-122 INTERACTIVE USER I&A - DAC SCRIPT DIAL ANONYMOUS Set E: Validate Dial ID after I&A | 1. invalid dialid with reg dial server DENY | 2. valid dialid with reg dial server GRANT | 3. invalid dialid with unreg dial server DENY | 4. valid dialid with unreg dial server GRANT | | | ASSUMPTIONS: | | This is considered a B2 Security Site for all communications | channels as defined in the CDT. All the flags listed in the | check_acs attributes are set to ON by "check_acs: all;" | statement in the CDT, before the tests are run. In the | setup for each individual test, all conditions except for | the one being tested are met for each test case. | | The assumption for all these functional tests is that the | person and project performing the tests have no access to | any privileged gates or ACS segments, i.e., they are | completely unprivileged. When these tests are manually run, | it is assumed that there will be three terminals available, | one for the actual user attempting dials, one for another | user to set up a process and begin allowing dials, and | another one for a SysAdmin user who performs the setup, | verification of audit, and cleanup. The SysAdmin user needs | to be completely familiar with the AK50 Procedures Manual | and know the commands to make the changes. | | The following System Tables have been set up with all the | typical values and flags except for those specified in | "Setup". | Person Name Table (PNT), Project Definition Table (PDT), | System Administrator Table (SAT), and Channel Definition | Table (CDT) | C-123 DIAL ANONYMOUS INTERACTIVE USER I&A - DAC SCRIPT | SETUP: | | Register anonymous user in TestProj PDT with: | anonymous person_id is * | anonymous password is a_pass | homedir is >udd>TestProj>anonymous | initproc is process_overseer_ | default ring is 4 | max ring is 5 | min ring is 4 | | Register Sectest_4 in the PNT with: | password is st4 | default project is TestProj | | Register above users in TestProj PDT with: | dialok flag is ON | | Register the TestProj project in the SAT with: | dialok flag is ON | anonymous flag is ON | | | Channel_n is the channel that will be set up and dedicated | for this testing. | | Create a registered dial server with a dialid of "dst". | | Create the process of Sectest_4.TestProj. Initiate an | unregistered dial service to allow dials with a dial_id of | "foo". | | | HISTORY: | | 85-08-06 JG Backs: Created login script for manual testing. | | 85-08-13 JG Backs: Changed the channel name from Channel1 | to Channel_n. On some printers the "1" appeared as if | another "l", making the name unclear. Added a cover page | with footnote indicating it is an internal working document. | Also removed the note about a future critical fix on test | case 2 of the Authenticate Communications Channel set | because the fix was installed and works correctly. | | 85-09-17 JG Backs: Corrected typos of privileged. Audit | change. C-124 INTERACTIVE USER I&A - DAC SCRIPT DIAL ANONYMOUS DIAL ANONYMOUS TEST CASES: | | | Set A - Identify User | | ***************************************************************** | | Case 1 | | Setup: | Set anonymous attribute to OFF for TestProj project in SAT. | | Run: | Attempt dial with anonymous user when the project in the SAT | does not allow anonymous users. | | dial foo Sectest_4.TestProj -user anonymous.TestProj | | Expected Results: DENY | | Audit: LOGIN DENIED *anonymous.TestProj int Channel_n (not_pdt|) | User: You are not registered on the specified project. | | Cleanup: | Set anonymous attribute to ON for TestProj project in SAT. | | ----------------------------------------------------------------- | | Case 2 | | Setup: | Comment out the anonymous person_id of * for TestProj | project in the PDT. | | Run: | Attempt dial with anonymous user on a project that does not | have an anonymous user defined. | | dial foo Sectest_4.TestProj -user anonymous.TestProj | | Expected Results: DENY | | Audit: LOGIN DENIED *anonymous.TestProj int Channel_n (not_pdt|) | User: You are not registered on the specified project. | | Cleanup: | Put the anonymous person_id of * back in for TestProj | project in the PDT. | | ----------------------------------------------------------------- | C-125 DIAL ANONYMOUS INTERACTIVE USER I&A - DAC SCRIPT | Case 3 | | Setup: | TestProj project has an anonymous user defined in the PDT. | | Run: | Attempt dial with a defined anonymous user. | | dial foo Sectest_4.TestProj -user anonymous.TestProj | | Expected Results: GRANT | | Audit: LOGIN *anonymous.TestProj int Channel_n (dial) | DIALIN anonymous.TestProj Channel_n to foo | Sectest_4.TestProj | | Cleanup: | Terminate the dial call by shutoff_dials in Sectest_4 | process. | | ***************************************************************** C-126 INTERACTIVE USER I&A - DAC SCRIPT DIAL ANONYMOUS Set B - Authenticate Password | | ***************************************************************** | | Case 1 | | Setup: | No_pass is an invalid password for anonymous in the TestProj | PDT. | | Run: | Attempt dial with anonymous user and invalid password. | | dial foo Sectest_4.TestProj -user anonymous.TestProj | | Expected Results: DENY | | Audit: LOGIN DENIED *anonymous.TestProj int Channel_n (anon_pw|) | User: Incorrect password supplied. | Msg sent "password given incorrectly". | | Cleanup: | Login with valid password to check if msg about incorrect | password is received. Logout. | | ----------------------------------------------------------------- | | Case 2 | | Setup: | a_pass is the valid password for anonymous in the TestProj | PDT. | | Run: | Attempt dial with anonymous user and valid password. | | dial foo Sectest_4.TestProj -user anonymous.TestProj | | Expected Results: GRANT | | Audit: LOGIN *anonymous.TestProj int Channel_n (dial) | DIALIN anonymous.TestProj Channel_n to foo | Sectest_4.TestProj | | Cleanup: | Terminate the dial call by shutoff_dials in Sectest_4 | process. | | ***************************************************************** | C-127 DIAL ANONYMOUS INTERACTIVE USER I&A - DAC SCRIPT | Set C - Authenticate Project | | ***************************************************************** | | Case 1 | | Setup: | Noproject is an invalid project for anonymous in the SAT or | PDT. | | Run: | Attempt dial with anonymous user and user specified invalid | project. | | dial foo Sectest_4.TestProj -user anonymous.Noproject | | Expected Results: DENY | | Audit: LOGIN DENIED *anonymous.Noproject int Channel_n (bad_proj) | | User: Specified project does not exist. | | Cleanup: | None. | | ----------------------------------------------------------------- | | Case 2 | | Setup: | The SysMaint project does not allow anonymous users. | | Run: | Attempt dial with anonymous user and user specified valid | project that does not allow anonymous users. | | dial foo Sectest_4.TestProj -user anonymous.SysMaint | | Expected Results: DENY | | Audit: LOGIN DENIED *anonymous.SysMaint int Channel_n (not_pdt) | | User: You are not registered on the specified project. | | Cleanup: | None | | ----------------------------------------------------------------- C-128 INTERACTIVE USER I&A - DAC SCRIPT DIAL ANONYMOUS Case 3 | | Setup: | The TestProj project allows anonymous users. | | Run: | Attempt dial with anonymous user and user specified valid | project that allows anonymous users. | | dial foo Sectest_4.TestProj -user anonymous.TestProj | | Expected Results: GRANT | | Audit: LOGIN *anonymous.TestProj int Channel_n (dial) | DIALIN anonymous.TestProj Channel_n to foo | Sectest_4.TestProj | | Cleanup: | Terminate the dial call by shutoff_dials in Sectest_4 | process. | | ----------------------------------------------------------------- | | Case 4 | | Setup: | None. | | Run: | Attempt dial with anonymous user and user name is invalid | project. | | dial foo Sectest_4.TestProj -user anonymous | | Expected Results: DENY | | Audit: LOGIN DENIED *anonymous.anonymous int Channel_n (bad_pr|oj) | User: Specified project does not exist. | | Cleanup: | Set the default project back to TestProj in the PNT. | | ***************************************************************** | C-129 DIAL ANONYMOUS INTERACTIVE USER I&A - DAC SCRIPT | Set D - Authenticate Communications Channel | | ***************************************************************** | | Case 1 | | Setup: | Rename the ACS segment for Channel_n to another name so it | cannot be found. | | Run: | Attempt dial with anonymous user and no ACS segment for the | channel the user is logging in on. | | dial foo Sectest_4.TestProj -user anonymous.TestProj | | Expected Results: DENY | | Audit: lg_ctl_: Entry not found. Unable to check access for | channel Channel_n. | lg_ctl_: login access to Channel_n by | anonymous.TestProj denied by ACS. | LOGIN DENIED *anonymous.TestProj int Channel_n (^lineacs) | | User: You do not have permission to use this channel. | hangup | | Cleanup: | Rename the ACS segment back to the original name so it can | be used. | | ----------------------------------------------------------------- C-130 INTERACTIVE USER I&A - DAC SCRIPT DIAL ANONYMOUS Case 2 | | Setup: | Set RE access for *.TestProj on the ACS segment for | Channel_n. | | Run: | Attempt dial with anonymous user and RE access on ACS | segment for the channel the user is logging in on. | | dial foo Sectest_4.TestProj -user anonymous.TestProj | | Expected Results: DENY | | Audit: lg_ctl_: login access to Channel_n by | anonymous.TestProj denied by ACS. | LOGIN DENIED *anonymous.TestProj int Channel_n (^lineac|s) | User: You do not have permission to use this channel. | hangup | | Cleanup: | Set RW access for *.TestProj on the ACS segment for | Channel_n. | | ----------------------------------------------------------------- | C-131 DIAL ANONYMOUS INTERACTIVE USER I&A - DAC SCRIPT | Case 3 | | Setup: | The access for *.TestProj on the ACS segment for Channel_n | is RW. | | Run: | Attempt dial with anonymous user and RW access on ACS | segment for the channel the user is logging in on. | | dial foo Sectest_4.TestProj -user anonymous.TestProj | | Expected Results: GRANT | | Audit: LOGIN *anonymous.TestProj int Channel_n (dial) | DIALIN anonymous.TestProj Channel_n to foo | Sectest_4.TestProj | | Cleanup: | Terminate the dial call by shutoff_dials in Sectest_4 | process. | | ***************************************************************** C-132 INTERACTIVE USER I&A - DAC SCRIPT DIAL ANONYMOUS Set E - Validate Dial ID After I&A | | ***************************************************************** | | Case 1 | | Setup: | No_dial is not a valid dial_id of any registered dial | server. | | Run: | Attempt dial with anonymous user and an invalid dial_id for | a registered dial server. | | dial No_dial -user anonymous.TestProj | | Expected Results: DENY | | Audit: LOGIN *anonymous.TestProj int Channel_n (dial) | DIALIN DENIED anonymous.TestProj Channel_n to No_dial | Dial line not active | | User: Dial line not active. | | Cleanup: | None. | | ----------------------------------------------------------------- | | Case 2 | | Setup: | Initiate the registered dial service with a dialid of "dst" | to allow registered dials from the Sectest_4.TestProj | process. | | Run: | Attempt dial with anonymous user and a valid dial_id of a | registered dial server. | | dial dst -user anonymous.TestProj | | Expected Results: GRANT | | Audit: LOGIN *anonymous.TestProj int Channel_n (dial) | DIALIN anonymous.TestProj Channel_n to dst | Sectest_4.TestProj | | Cleanup: | Terminate the dial call by shutoff_dials in Sectest_4 | process. | C-133 DIAL ANONYMOUS INTERACTIVE USER I&A - DAC SCRIPT | ----------------------------------------------------------------- C-134 INTERACTIVE USER I&A - DAC SCRIPT DIAL ANONYMOUS Case 3 | | Setup: | No_dial is not a valid dial_id of any unregistered dial | server. | | Run: | Attempt dial with anonymous user and an invalid dial_id for | an unregistered dial server. | | dial No_dial Sectest_4.TestProj -user anonymous.TestProj | | Expected Results: DENY | | Audit: LOGIN *anonymous.TestProj int Channel_n (dial) | DIALIN DENIED anonymous.TestProj Channel_n to foo Dial| line not active | | User: Dial line not active. | | Cleanup: | None. | | ----------------------------------------------------------------- | | Case 4 | | Setup: | foo is the valid dial_id of unregistered dial server | Sectest_4.TestProj. | | Run: | Attempt dial with anonymous user and a valid dial_id for an | unregistered dial server. | | dial foo Sectest_4.TestProj -user anonymous.TestProj | | Expected Results: GRANT | | Audit: LOGIN *anonymous.TestProj int Channel_n (dial) | DIALIN anonymous.TestProj Channel_n to foo | Sectest_4.TestProj | | Cleanup: | Terminate the dial call by shutoff_dials in Sectest_4 | process. | | ***************************************************************** | C-135 MDD-004-01 Functional Testing | _C_._8 _S_L_A_V_E _S_E_R_V_I_C_E _I_N_T_E_R_A_C_T_I_V_E _U_S_E_R | | FEATURE: Interactive User I&A Slave Service | | | SECURITY PROPERTY: I&A, DAC, AUDIT | | | EXCEPTIONS: | | LABEL property not applicable for DAC portion of I&A. | | Slave service changes the service type of the channel from | login to slave for the duration of the connection and it | does not allow changes to password, default project, or | default authorization. Therefore the tests for | authenticating user specified changes, user specified | initial rings, and default initial rings, are not included. | | | TEST CASE DESCRIPTIONS: | | This group of manual tests comprise the Identification and | Authentication, concerned with the Discretionary Access | Controls (DAC) security features, of the: | | Slave Service Interactive User (22 tests) | | Set A: Identify User | 1. no -user DENY | 2. unregistered user DENY | 3. registered user GRANT | | Set B: Authenticate Password | 1. invalid password DENY | 2. lock ON DENY | 3. time_lock ON DENY | 4. trap ON GRANT | 5. no -cpw; must_change ON DENY | 6. no -gpw; must_change & generate ON DENY | | Set C: Authenticate Project | 1. user specified invalid project DENY | 2. user specified unreg, valid project DENY | 3. user specified reg, valid project GRANT | 4. default invalid project DENY | 5. default unreg, valid project DENY | 6. default reg, valid project GRANT C-136 INTERACTIVE USER I&A - DAC SCRIPT SLAVE SERVICE Set D: Authenticate Communication Channel | 1. no ACS segment DENY | 2. RE access on ACS segment DENY | 3. RW access on ACS segment GRANT | C-137 SLAVE SERVICE INTERACTIVE USER I&A - DAC SCRIPT | Set E: Authenticate Installation Restrictions | 1. past days in password_change_interval DENY | 2. past days in password_expiration_interval DENY | 3. invalid password 3 times DENY | 4. invalid login 3 times DENY | | | ASSUMPTIONS: | | This is considered a B2 Security Site for all communications | channels as defined in the CDT. All the flags listed in the | check_acs attributes are set to ON by "check_acs: all;" | statement in the CDT, before the tests are run. In the | setup for each individual test, all conditions except for | the one being tested are met for each test case. | | The assumption for all these functional tests is that the | person and project performing the tests have no access to | any privileged gates or ACS segments, i.e., they are | completely unprivileged. When these tests are manually run, | it is assumed that there will be two terminals available, | one for the actual user testing and another one for a | SysAdmin user who performs the setup, verification of audit, | and cleanup. The SysAdmin user needs to be completely | familiar with the AK50 Procedures Manual and know the | commands to make the changes. | | The following System Tables have been set up with all the | typical values and flags except for those specified in | "Setup". | Person Name Table (PNT), Project Definition Table (PDT), | System Administrator Table (SAT), and Channel Definition | Table (CDT) C-138 INTERACTIVE USER I&A - DAC SCRIPT SLAVE SERVICE SETUP: | | Register Sectest_2 in the PNT with: | password is st2 | default project is TestProj | | Register Sectest_3 in the PNT with: | password is st3 | default project is TestProj | | Register above users in TestProj PDT. | | Register the TestProj project in the SAT. | | Set the installation parameters to: | tries is 3 | password_change_interval is 0 | password_expiration_interval is 0 | | Channel_n is the channel that will be set up and dedicated | for this testing. | | | HISTORY: | | 85-07-23 JG Backs: Created login script for manual testing. | | 85-08-13 JG Backs: Changed the channel name from Channel1 | to Channel_n. On some printers the "1" appeared as if | another "l", making the name unclear. Added a cover page | with footnote indicating it is an internal working document. | Also removed the note about a future critical fix on test | case 2 of the Authenticate Communications Channel set | because the fix was installed and works correctly. | | 85-09-17 JG Backs: Corrected typos of privileged. Audit | change. | C-139 SLAVE SERVICE INTERACTIVE USER I&A - DAC SCRIPT | SLAVE SERVICE TEST CASES: | | | Set A - Identify User | | ***************************************************************** | | Case 1 | | Setup: | None. | | Run: | Attempt slave without the -user argument. | | slave | | Expected Results: DENY | | Audit: None. | | User: You must use the control argument -user | Person.Project for this channel. | | Cleanup: | None. | | ----------------------------------------------------------------- | | Case 2 | | Setup: | No_person is not a registered user in the PNT. | | Run: | Attempt slave with unregistered person_id. | | slave -user No_person | | Expected Results: DENY | | Audit: LOGIN DENIED No_Person int Channel_n (badpers) | | User: The user name you supplied is not registered. | | Cleanup: | None. | | ----------------------------------------------------------------- C-140 INTERACTIVE USER I&A - DAC SCRIPT SLAVE SERVICE Case 3 | | Setup: | Sectest_2 is a registered user in the PNT. | | Run: | Attempt slave with registered person_id. | | slave -user Sectest_2 | | Expected Results: GRANT | | Audit: LOGIN Sectest_2.TestProj int Channel_n (slave) | SLAVE Sectest_2.TestProj Channel_n | | Cleanup: | Using the sac sc_command, remove Channel_n then attach it. | | ***************************************************************** | C-141 SLAVE SERVICE INTERACTIVE USER I&A - DAC SCRIPT | Set B - Authenticate Password | | ***************************************************************** | | Case 1 | | Setup: | No_pass is an invalid password for Sectest_2 in the PNT. | | Run: | Attempt slave with invalid password. | | slave -user Sectest_2 | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.TestProj int Channel_n (bad_pass) | | User: Incorrect password supplied. | PNT updated for bad password. | Msg sent "password given incorrectly". | | Cleanup: | Login with valid password to check if msg about incorrect | password is received. Logout. | | ----------------------------------------------------------------- | | Case 2 | | Setup: | Set the lock flag ON for Sectest_2 in the PNT. | | Run: | Attempt slave with the lock flag ON for the user. | | slave -user Sectest_2 | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.TestProj int Channel_n (pwlocked) | | User: Password is locked. Please contact administrative | personnel. | | Cleanup: | Set the lock flag OFF in the PNT. | | ----------------------------------------------------------------- C-142 INTERACTIVE USER I&A - DAC SCRIPT SLAVE SERVICE Case 3 | | Setup: | Set the time_lock to 24 hours for Sectest_2 in the PNT. | Run: | Attempt slave before the date contained in time_lock for the | user. | | slave -user Sectest_2 | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.TestProj int Channel_n (pwlocked|) | User: Password is locked. Please contact administrative | personnel. | | Cleanup: | Set the time_lock flag OFF in the PNT. | | ----------------------------------------------------------------- | | Case 4 | | Setup: | Set the trap flag ON for Sectest_2 in the PNT. | | Run: | Attempt slave with valid password and the trap flag ON for | the user. | | slave -user Sectest_2 | | Expected Results: GRANT | | Audit: lg_ctl_: password used Sectest_2.TestProj Channel_n | | LOGIN Sectest_2.TestProj int Channel_n (slave) | SLAVE Sectest_2.TestProj Channel_n | | Cleanup: | Using the sac sc_command, remove Channel_n then attach it. | Set the trap flag OFF in the PNT. | | ----------------------------------------------------------------- | C-143 SLAVE SERVICE INTERACTIVE USER I&A - DAC SCRIPT | Case 5 | | Setup: | Set the must_change password flag ON for Sectest_2 in the | PNT. | | Run: | Attempt slave without -cpw argument and the must_change | password flag ON for the user. | | slave -user Sectest_2 | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.TestProj int Channel_n (mustcpw) | | User: You must use the -change_password option to change | your password. | | Cleanup: | Set the must_change password flag OFF in the PNT. | | ----------------------------------------------------------------- | | Case 6 | | Setup: | Set the must_change and generate flags ON for Sectest_2 in | the PNT. | | Run: | Attempt slave without -gpw argument and with the must_change | and generate flags ON for the user. | | slave -user Sectest_2 | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.TestProj int Channel_n (use_gpw) | | User: Login incorrect. You must use the -generate_password | option to change your password. | | Cleanup: | Set the must_change and generate flags OFF in the PNT. | | ***************************************************************** C-144 INTERACTIVE USER I&A - DAC SCRIPT SLAVE SERVICE Set C - Authenticate Project | | ***************************************************************** | | Case 1 | | Setup: | Noproject is an invalid project for Sectest_2 in the PDT. | | Run: | Attempt slave with user specified invalid project. | | slave -user Sectest_2.Noproject | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.Noproject int Channel_n (bad_pro|j) | User: Specified project does not exist. | | Cleanup: | None. | | ----------------------------------------------------------------- | | Case 2 | | Setup: | Sectest_2 is not a registered member of the SysMaint | project. | | Run: | Attempt slave with user specified valid project that the | user is not a registered member of. | | slave -user Sectest_2.SysMaint | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.SysMaint int Channel_n (not_pdt)| | User: You are not registered on the specified project. | | Cleanup: | None | | ----------------------------------------------------------------- | C-145 SLAVE SERVICE INTERACTIVE USER I&A - DAC SCRIPT | Case 3 | | Setup: | Sectest_2 is registered on the TestProj project and the | default project has been set to TestProj in the PNT. | | Run: | Attempt slave with user specified valid project that the | user is a registered member of. | | slave -user Sectest_2.TestProj | | Expected Results: GRANT | | Audit: LOGIN Sectest_2.TestProj int Channel_n (slave) | SLAVE Sectest_2.TestProj Channel_n | | Cleanup: | Using the sac sc_command, remove Channel_n then attach it. | | ----------------------------------------------------------------- | | Case 4 | | Setup: | Set the default project to Noproject for Sectest_2 in the | PNT. | | Run: | Attempt slave with invalid default project. | | slave -user Sectest_2 | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.Noproject int Channel_n (bad_proj) | | User: Specified project does not exist. | | Cleanup: | Set the default project back to TestProj in the PNT. | | ----------------------------------------------------------------- C-146 INTERACTIVE USER I&A - DAC SCRIPT SLAVE SERVICE Case 5 | | Setup: | Set the default project for Sectest_2 in the PNT to the | SysMaint project, which Sectest_2 is not registered on. | | Run: | Attempt slave with a valid but unregistered default project. | | slave -user Sectest_2 | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.SysMaint int Channel_n (not_pdt)| | User: You are not registered on the specified project. | | Cleanup: | Set the default project back to TestProj in the PNT. | | ----------------------------------------------------------------- | | Case 6 | | Setup: | Sectest_2 has a valid registered default project of | TestProj. | | Run: | Attempt slave with valid, registered default project. | | slave -user Sectest_2 | | Expected Results: GRANT | | Audit: LOGIN Sectest_2.TestProj int Channel_n (slave) | SLAVE Sectest_2.TestProj Channel_n | | Cleanup: | Using the sac sc_command, remove Channel_n then attach it. | | ***************************************************************** | C-147 SLAVE SERVICE INTERACTIVE USER I&A - DAC SCRIPT | Set D - Authenticate Communications Channel | | ***************************************************************** | | Case 1 | | Setup: | Rename the ACS segment for Channel_n to another name so it | cannot be found. | | Run: | Attempt slave with no ACS segment for the channel the user | is logging in on. | | slave -user Sectest_2 | | Expected Results: DENY | | Audit: lg_ctl_: Entry not found. Unable to check access for | channel Channel_n. | lg_ctl_: login access to Channel_n by | Sectest_2.TestProj denied by ACS. | LOGIN DENIED Sectest_2.TestProj int Channel_n (^lineacs) | | User: You do not have permission to use this channel. | hangup | | Cleanup: | Rename the ACS segment back to the original name so it can | be used. | | ----------------------------------------------------------------- C-148 INTERACTIVE USER I&A - DAC SCRIPT SLAVE SERVICE Case 2 | | Setup: | Set RE access for Sectest_2 on the ACS segment for | Channel_n. | | Run: | Attempt slave with RE access on ACS segment for the channel | the user is logging in on. | | slave -user Sectest_2 | | Expected Results: DENY | | Audit: lg_ctl_: login access to Channel_n by | Sectest_2.TestProj denied by ACS. | LOGIN DENIED Sectest_2.TestProj int Channel_n (^lineacs|) | User: You do not have permission to use this channel. | hangup | | Cleanup: | Set RW access for Sectest_2 on the ACS segment for | Channel_n. | | ----------------------------------------------------------------- | C-149 SLAVE SERVICE INTERACTIVE USER I&A - DAC SCRIPT | Case 3 | | Setup: | Set RW access for Sectest_2 on the ACS segment for | Channel_n. | | Run: | Attempt slave with RW access on ACS segment for the channel | the user is logging in on. | | slave -user Sectest_2 | | Expected Results: GRANT | | Audit: LOGIN Sectest_2.TestProj int Channel_n (slave) | SLAVE Sectest_2.TestProj Channel_n | | Cleanup: | Using the sac sc_command, remove Channel_n then attach it. | | ***************************************************************** C-150 INTERACTIVE USER I&A - DAC SCRIPT SLAVE SERVICE Set E - Authenticate Installation Restrictions | | ***************************************************************** | | Case 1 | | Setup: | Set the password_change_interval to 1 day in the | installation parameters. Sectest_3 has not changed a | password since it was set up. | | Run: | Attempt slave with a user that has not changed a password in | more than the number of days in password_change_interval in | the installation parameters. | | slave -user Sectest_3 | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_3.TestProj int Channel_n (mustcpw)| | User: login: Your password has expired. It must be changed | once every 1 days. You must use the -change_password | option to change your password. | | Cleanup: | The password_change_interval should be reset to 0 in the | installation parameters. | | ----------------------------------------------------------------- | C-151 SLAVE SERVICE INTERACTIVE USER I&A - DAC SCRIPT | Case 2 | | Setup: | Set the password_expiration_interval to 1 day in the | installation parameters. | | Run: | Attempt slave with a user that has not logged in over 1 day. | | slave -user Sectest_3 | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_3.TestProj int Channel_n (pwexprd) | | User: login: Your password has not been used in more than 1 | days. It has automatically expired. Password | expired. Please contact administrative personnel. | | Cleanup: | The password_expiration_interval should be reset to 0 in the | installation parameters. | | ----------------------------------------------------------------- C-152 INTERACTIVE USER I&A - DAC SCRIPT SLAVE SERVICE Case 3 | | Setup: | The tries field is set to 3 in the installation parameters. | | Run: | Attempt 3 slaves with valid users and invalid passwords. | | slave -user Sectest_2 | | slave -user Sectest_2 | | slave -user Sectest_2 | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.TestProj int Channel_n (bad_pass|) | LOGIN DENIED Sectest_2.TestProj int Channel_n (bad_pass|) | lg_ctl_: too many bad passwords for | Sectest_2.TestProj from Channel_n . | | LOGIN DENIED Sectest_2.TestProj int Channel_n (bad_pass|) | User: Incorrect password supplied. | | Incorrect password supplied. | | Incorrect password supplied. | | hangup | | Communication is disconnected at the channel. | | Cleanup: | None. | | Note: | This is the normal behavior for this test, however there is | a minor bug that enters the "too many bad passwords..." | message into the log after only two incorrect passwords are | attempted. | | ----------------------------------------------------------------- | C-153 SLAVE SERVICE INTERACTIVE USER I&A - DAC SCRIPT | Case 4 | | Setup: | The tries field is set to 3 in the installation parameters. | | Run: | Attempt 3 invalid slaves. | | slave -user Sectest_2.SysMaint | | slave -user Sectest_2. | | slave -user No_person | | Expected Results: DENY | | Audit: LOGIN DENIED Sectest_2.SysMaint int Channel_n (not_pdt) | | LOGIN DENIED Sectest_2.Noproject int Channel_n (bad_proj) | | LOGIN DENIED Noperson int Channel_n (badpers) | | User: You are not registered on the specified project. | | Specified project does not exist. | | The user name you supplied is not registered. | | hangup | | Communication is disconnected at the channel. | | Cleanup: | None. | | ***************************************************************** C-154 Functional Testing MDD-004-01 APPENDIX D DOCUMENTATION FOR THE TESTING UTILITIES _D_._1 _T_H_E _T_U__ _S_U_B_R_O_U_T_I_N_E All functional tests must perform their tests according to strict guidelines, and these include using a common interface for performing storage system operations, etc. The tu_ subroutine serves as an interface to the functional testing server process. When a test needs to have a segment created at a specific access class, it will call tu_$create_MAC_case_segment and the server will create the segment and notify the testing process that this has been done. This ensures that all the of the functional tests that deal with creation of segments will be working in the same environment, using the same utilities, and thus results will be consistent between tests. This follows for all of the tu_ entrypoints. If each MAC test calls tu_$map_over_MAC_cases, each test will be run over the same set of MAC cases. The documentation for all of the tu_ entrypoints follows. ________________________________________ NAME: TU_$ACCEPT_MBX_WAKEUPS This entry point turns on wakeup accepting for a specified mailbox. _U_S_A_G_E declare tu_$accept_mbx_wakeups entry (ptr, char(*), char(*)); call tu_$accept_mbx_wakeups (sectest_args_ptr, dir_name, entry_name); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure declared in sectest_args.incl.pl1. (Input) dir_name D-1 ______________________ ______________________ tu_$accept_mbx_wakeups tu_$acknowledge_wakeup ______________________ ______________________ is the pathname of the containing directory. It must either be relative to the test directory or begin with one of the keywords %test_dir, %lv_acs_dir, etc. See tu_$expand_pathname for a list of the allowable keywords. (Input) entry_name is the name of the mailbox. The mbx suffix is assumed. (Input) | | ________________________________________ | | | NAME: TU_$ACKNOWLEDGE_WAKEUP | | This entry is used acknowledge wakeups. It's used in MAC test | cases were absentees are created at different AIM levels and | catagories to see if they can still receive wakeups. This entry | causes the Sectest_Server daemon to notify the testing process | that the wakeup was received. | | _U_S_A_G_E | | declare tu_$acknowledge_wakeup (ptr, bit (36) aligned, fixed bin | (17) unaligned, fixed bin (71), char (*), char (*)); | | call tu_$acknowledge_wakeup (sectest_args_ptr, process_id, ring, | event_message, dir_name, entry_name); | | _A_R_G_U_M_E_N_T_S | | sectest_args_ptr | is a pointer to the sectest_args structure as declared in | sectest_args.incl.pl1. Information about the test case is | extracted from this structure. (Input) | | process_id | is the process identifier of the process that sent the wakeup. | | ring | is the validation level of the process that sent the wakeup. | (Input) | | event_message | is a message as specified to the hcs_$wakeup entry point. | (Input) | | dir_name | is the pathname of the directory containing the ipc_data | segment. (Input) D-2 ______________________ ______________________ tu_$acknowledge_wakeup tu_$acknowledge_wakeup ______________________ ______________________ entry_name | is the name of the ipc_data segment. (Input) | | _T_H_E _I_P_C___D_A_T_A _S_T_R_U_C_T_U_R_E | | The ipc_data segment is a structure that is used to pass | information between processes. This structure is declared in | ipc_data.incl.pl1. | | dcl 1 ipc_data aligned based (ipc_data_ptr), | 2 version char (8), | 2 event_channel_id fixed bin (71), | 2 process_id bit (36) aligned, | 2 received_wakeup bit (1) aligned, | 2 sender_process_id bit (36) aligned, | 2 sender_ring fixed bin (17), | 2 sender_message fixed bin (71); | | _S_T_R_U_C_T_U_R_E _E_L_E_M_E_N_T_S | | version | is the version of the structure. Must be set to | IPC_DATA_VERSION_1. | | event_channel_id | is the identification of the event channel. | | process_id | is the process identifier of the receiving process. | | received_wakeup | is a flag as to whether or not the receiving process got the | wakeup. | | sender_process_id | is the process identifier of the sending process. | | sender_ring | is the sender's validation level. | | sender_message | is the event message as specified to the hcs_$wakeup entry | point. | D-3 ______________________ ___________________ tu_$acknowledge_wakeup tu_$add_mbx_message ______________________ ___________________ NAME: TU_$ADD_MBX_MESSAGE This entry point adds a message to a specified mailbox. _U_S_A_G_E declare tu_$add_mbx_message entry (ptr, char(*), char(*), bit(72)aligned, bit(72)aligned, bit(72)aligned); call tu_$add_mbx_message (sectest_args_ptr, dir_name, entry_name, message, access_class, message_id); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure declared in sectest_args.incl.pl1. (Input) dir_name is the pathname of the containing directory. It must either be relative to the test directory or begin with one of the keywords %test_dir, %lv_acs_dir, etc. See tu_$expand_pathname for a list of the allowable keywords. (Input) entry_name is the name of the mailbox. The mbx suffix is assumed. (Input) message is the message text, limited to 72 bits. (Input) access_class is the desired access class of the added message. (Input) message_id is the message identifier. (Output) D-4 ___________________ __________________________ tu_$add_mbx_message tu_$add_mbx_message_wakeup ___________________ __________________________ NAME: TU_$ADD_MBX_MESSAGE_WAKEUP This entry point adds a message to a specified mailbox and sends a wakeup to the process that is currently accepting messages on the mailbox. _U_S_A_G_E declare tu_$add_mbx_message_wakeup entry (ptr, char(*), char(*), bit(72)aligned, bit(72)aligned, bit(72)aligned); call tu_$add_mbx_message_wakeup (sectest_args_ptr, dir_name, entry_name, message, access_class, message_id); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure declared in sectest_args.incl.pl1. (Input) dir_name is the pathname of the containing directory. It must either be relative to the test directory or begin with one of the keywords %test_dir, %lv_acs_dir, etc. See tu_$expand_pathname for a list of the allowable keywords. (Input) entry_name is the name of the mailbox. The mbx suffix is assumed. (Input) message is the message text, limited to 72 bits. (Input) access_class is the desired access class of the added message. (Input) message_id is the message identifier. (Output) D-5 __________________________ ______________________ tu_$add_mbx_message_wakeup tu_$add_my_mbx_message __________________________ ______________________ NAME: TU_$ADD_MY_MBX_MESSAGE This entry point adds a message to a specified mailbox on behalf of the calling process. _U_S_A_G_E declare tu_$add_my_mbx_message entry (ptr, char(*), char(*), bit(72)aligned, bit(72)aligned, bit(72)aligned); call tu_$add_my_mbx_message (sectest_args_ptr, dir_name, entry_name, message, access_class, message_id); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure declared in sectest_args.incl.pl1. (Input) dir_name is the pathname of the containing directory. It must either be relative to the test directory or begin with one of the keywords %test_dir, %lv_acs_dir, etc. See tu_$expand_pathname for a list of the allowable keywords. (Input) entry_name is the name of the mailbox. The mbx suffix is assumed. (Input) message is the message text, limited to 72 bits. (Input) access_class is the desired access class of the added message. (Input) message_id is the message identifier. (Output) D-6 ______________________ ________________________ tu_$add_my_mbx_message tu_$add_my_queue_message ______________________ ________________________ NAME: TU_$ADD_MY_QUEUE_MESSAGE This entry point adds a message to a specified queue message segment on behalf of the calling process. _U_S_A_G_E declare tu_$add_my_queue_message entry (ptr, char(*), char(*), bit(72)aligned, bit(72)aligned, bit(72)aligned); call tu_$add_my_queue_message (sectest_args_ptr, dir_name, entry_name, message, access_class, message_id); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure declared in sectest_args.incl.pl1. (Input) dir_name is the pathname of the containing directory. It must either be relative to the test directory or begin with one of the keywords %test_dir, %lv_acs_dir, etc. See tu_$expand_pathname for a list of the allowable keywords. (Input) entry_name is the name of the queue. The ms suffix is assumed. (Input) message is the message text, limited to 72 bits. (Input) access_class is the desired access class of the added message. (Input) message_id is the message identifier. (Output) D-7 ________________________ _____________________ tu_$add_my_queue_message tu_$add_queue_message ________________________ _____________________ NAME: TU_$ADD_QUEUE_MESSAGE This entry point adds a message to a specified queue message segment. _U_S_A_G_E declare tu_$add_queue_message entry (ptr, char(*), char(*), bit(72)aligned, bit(72)aligned, bit(72)aligned); call tu_$add_queue_message (sectest_args_ptr, dir_name, entry_name, message, access_class, message_id); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure declared in sectest_args.incl.pl1. (Input) dir_name is the pathname of the containing directory. It must either be relative to the test directory or begin with one of the keywords %test_dir, %lv_acs_dir, etc. See tu_$expand_pathname for a list of the allowable keywords. (Input) entry_name is the name of the queue. The ms suffix is assumed. (Input) message is the message text, limited to 72 bits. (Input) access_class is the desired access class of the added message. (Input) message_id is the message identifier. (Output) D-8 _____________________ ____________________ tu_$add_queue_message tu_$add_user_message _____________________ ____________________ NAME: TU_$ADD_USER_MESSAGE | | This entry is used to perform the priviledged function of adding | a message to the user message database. | | _U_S_A_G_E | | declare tu_$add_user_message (ptr, char (*), bit (72) aligned, | fixed bin (3), bit (72) aligned, bit (72) aligned); | | call tu_$add_user_message (sectest_args_ptr, message, | access_class, ring, message_id, message_handle); | | _A_R_G_U_M_E_N_T_S | | sectest_args_ptr | is a pointer to the sectest_args structure as declared in | sectest_args.incl.pl1. Information about the test case is | extracted from this structure. (Input) | | message | is the message to be sent. (Input) | | access_class | is the access authorization of the message sender. (Input) | | ring | is the ring for which the message is destined. | | message_id | is a unique identifier corresponding to a message in the | message segment. (Output) | | message_handle | (Output) | | _N_O_T_E_S | | The user message facility allows the specification of a ring, so | that the destination process can only retrieve the message if it | is at a ring bracket equal or less than the specified ring. | D-9 ____________________ ___________________________ tu_$add_user_message tu_$attach_autocall_channel ____________________ ___________________________ | NAME: TU_$ALLOCATE_DM_JOURNAL | | This entry is used to allocate a Data Manager journal at a | specifed access class. | | _U_S_A_G_E | | declare tu_$allocate_dm_journal (ptr, bit (72) aligned, bit (36) | aligned, fixed bin (17)); | | call tu_$allocate_dm_journal (sectest_args_ptr, access_class, | uid, index); | | _A_R_G_U_M_E_N_T_S | | sectest_args_ptr | is a pointer to the sectest_args structure as declared in | sectest_args.incl.pl1. Information about the test case is | extracted from this structure. (Input) | | access_class | is the access authorization to be assigned to the DM journal. | (Input) | | uid | is a unique identifier. (Input) | | index | in the index of the journal entry. (Output) | | ________________________________________ | | | NAME: TU_$ATTACH_AUTOCALL_CHANNEL | | This entry in used to attach an autocall channel to the process | specified by server_process_sw. | | _U_S_A_G_E | | declare tu_$attach_autocall_channel (ptr, char (*), char (*), bit | (72) aligned, bit (1) aligned); | | call tu_$attach_autocall_channel (sectest_args_ptr, channel_name, | destination, access_class, server_process_sw); D-10 ___________________________ ________________________ tu_$attach_autocall_channel tu_$attach_slave_channel ___________________________ ________________________ _A_R_G_U_M_E_N_T_S | | sectest_args_ptr | is a pointer to the sectest_args structure as declared in | sectest_args.incl.pl1. Information about the test case is | extracted from this structure. (Input) | | channel_name | is defined by sectest_config_info$test_autocall_channel. | (Input) | | destination | is defined by sectest_config_info$test_dialout_destination. | (Input) | | access_class | is the access authorization of the testing process. (Input) | | server_process_sw | is a switch to determine whether the testing process or the | Sectest Server daemon will attach the channel. (Input) | "0"b = The channel is attached to the testing process. | "1"b = The channel is attached to the Sectest Server | daemon. | | ________________________________________ | | | NAME: TU_$ATTACH_SLAVE_CHANNEL | | This entry allows a priviledged process to attach a "slave" | channel. The name of the channel to be attached is specified by | channel_name, and must be specified in the channel master file as | being of the slave service type. The calling process must rw | access to the ACS .acs in >sc1>rcp if the request | is to be honored. | | _U_S_A_G_E | | declare tu_$attach_slave_channel (ptr, char (*), bit (1) | aligned); | | call tu_$attach_slave_channel (sectest_args_ptr, channel_name, | server_process_sw); | D-11 ________________________ ___________________________ tu_$attach_slave_channel tu_$cancel_absentee_request ________________________ ___________________________ | _A_R_G_U_M_E_N_T_S | | sectest_args_ptr | is a pointer to the sectest_args structure as declared in | sectest_args.incl.pl1. Information about the test case is | extracted from this structure. (Input) | | channel_name | is the name of the slave name to be attached. This name is | matched against both the channel name in the cdt and the | generic_destination field for the channel, if one exists. | (Input) | | server_process_sw | is a switch to determine if the attach slave channel request | is done by the testing process or the Sectest Server daemon. | (Input) | "0"b = The testing process attaches the slave channel. | "1"b = The Sectest Server attaches the slave channel. | | ________________________________________ | | | NAME: TU_$CANCEL_ABSENTEE_REQUEST | | This entry will cancel an absentee at any authorization level | specified by the request identifier. | | _U_S_A_G_E | | declare tu_$cancel_absentee_request (ptr, fixed bin (71)); | | call tu_$cancel_absentee_request (sectest_args_ptr, request_id); | | _A_R_G_U_M_E_N_T_S | | sectest_args_ptr | is a pointer to the sectest_args structure as declared in | sectest_args.incl.pl1. Information about the test case is | extracted from this structure. (Input) | | request_id | is the request identifier of the absentee to be canceled. | (Input) | | _N_O_T_E_S | | It's a good idea to pause a few seconds after this function, | before changing the absentee's environment. This will allow the | absentee to be terminated without unnecessary error messages. D-12 ___________________________ ________________________ tu_$cancel_absentee_request tu_$channel_assign_other ___________________________ ________________________ NAME: TU_$CHANNEL_ASSIGN | | This entry returns the index number of an I/O channel assigned to | the calling process. | | _U_S_A_G_E | | declare tu_$channel_assign (ptr, fixed bin); | | call tu_$channel_assign (sectest_args_ptr, devx); | | _A_R_G_U_M_E_N_T_S | | sectest_args_ptr | is a pointer to the sectest_args structure as declared in | sectest_args.incl.pl1. Information about the test case is | extracted from this structure. (Input) | | devx | is a unique index number identifying the channel. This number | can be passed to other tu_$channel entry points to perform | operations on the channel. (Output) | | ________________________________________ | | | NAME: TU_$CHANNEL_ASSIGN_OTHER | | This entry returns the index number of an I/O channel assigned to | a process other than the calling process. | | _U_S_A_G_E | | declare tu_$channel_assign_other (ptr, fixed bin); | | call tu_$channel_assign_other (sectest_args_ptr, devx); | | _A_R_G_U_M_E_N_T_S | | sectest_args_ptr | is a pointer to the sectest_args structure as declared in | sectest_args.incl.pl1. Information about the test case is | extracted from this structure. (Input) | | devx | is a unique index number identifying the channel. This number | can be passed to other tu_$channel...other entry points to | perform operations on the channel. (Output) | D-13 ________________________ ________________________ tu_$channel_assign_other tu_$channel_attach_other ________________________ ________________________ | NAME: TU_$CHANNEL_ATTACH | | This entry attaches a specified I/O channel obtained from | tu_$channel_assign. It performs a function similar to | hcs_$tty_attach. | | _U_S_A_G_E | | declare tu_$channel_attach (ptr, fixed bin); | | call tu_$channel_attach (sectest_args_ptr, devx); | | _A_R_G_U_M_E_N_T_S | | sectest_args_ptr | is a pointer to the sectest_args structure as declared in | sectest_args.incl.pl1. Information about the test case is | extracted from this structure. (Input) | | devx | is a channel index number obtained by calling | tu_$channel_assign. (Input) | | ________________________________________ | | | NAME: TU_$CHANNEL_ATTACH_OTHER | | This entry attaches a specified I/O channel obtained from | tu_$channel_assign_other. It performs a function similar to | hcs_$tty_attach. | | _U_S_A_G_E | | declare tu_$channel_attach_other (ptr, fixed bin); | | call tu_$channel_attach_other (sectest_args_ptr, devx); | | _A_R_G_U_M_E_N_T_S | | sectest_args_ptr | is a pointer to the sectest_args structure as declared in | sectest_args.incl.pl1. Information about the test case is | extracted from this structure. (Input) | | devx | is a channel index number obtained by calling | tu_$channel_attach_other. (Input) D-14 ________________________ ________________________ tu_$channel_attach_other tu_$channel_detach_other ________________________ ________________________ NAME: TU_$CHANNEL_DETACH | | This entry reverses the effect of tu_$channel_attach. | | _U_S_A_G_E | | declare tu_$channel_detach (ptr, fixed bin); | | call tu_$channel_detach (sectest_args_ptr, devx); | | _A_R_G_U_M_E_N_T_S | | sectest_args_ptr | is a pointer to the sectest_args structure as declared in | sectest_args.incl.pl1. Information about the test case is | extracted from this structure. (Input) | | devx | is a channel index number obtained from tu_$channel_assign. | (Input) | | ________________________________________ | | | NAME: TU_$CHANNEL_DETACH_OTHER | | This entry reverses the effect of tu_$channel_attach_other. | | _U_S_A_G_E | | declare tu_$channel_detach_other (ptr, fixed bin); | | call tu_$channel_detach_other (sectest_args_ptr, devx); | | _A_R_G_U_M_E_N_T_S | | sectest_args_ptr | is a pointer to the sectest_args structure as declared in | sectest_args.incl.pl1. Information about the test case is | extracted from this structure. (Input) | | devx | is a channel index number obtained by calling | tu_$channel_assign_other. (Input) | D-15 ________________________ __________________ tu_$channel_detach_other tu_$channel_lookup ________________________ __________________ | NAME: TU_$CHANNEL_GET_FREE | | This entry returns the index number of an I/O channel that is | currently not assigned to any process. | | _U_S_A_G_E | | declare tu_$channel_get_free (ptr, fixed bin); | | call tu_$channel_get_free (sectest_args_ptr, devx); | | _A_R_G_U_M_E_N_T_S | | sectest_args_ptr | is a pointer to the sectest_args structure as declared in | sectest_args.incl.pl1. Information about the test case is | extracted from this structure. (Input) | | devx | is a unique index number identifying the channel. (Output) | | ________________________________________ | | | NAME: TU_$CHANNEL_LOOKUP | | This entry returns the name of a specified devx, or the devx | corresponding to a specified name. | | _U_S_A_G_E | | declare tu_$channel_lookup (ptr, char (*), fixed bin); | | call tu_$channel_lookup (sectest_args_ptr, name, devx) | | _A_R_G_U_M_E_N_T_S | | sectest_args_ptr | is a pointer to the sectest_args structure as declared in | sectest_args.incl.pl1. Information about the test case is | extracted from this structure. (Input) | | name | is the name of an I/O channel. If equal to "", it is an | output argument (the name corresponding to devx). If not | equal to "", it is looked up and the corresponding devx is | returned as the value of the devx argument. (Input/Output) | | devx D-16 __________________ _________________________ tu_$channel_lookup tu_$channel_release_other __________________ _________________________ is the unique index number of an I/O channel. If equal to 0, | it is an output argument (the devx corresponding to name). If | not equal to 0, it is looked up and the corresponding name is | returned as the value of the name argument. (Input/Output) | | ________________________________________ | | | NAME: TU_$CHANNEL_RELEASE | | This entry calls dial_manager_$release_channel to release an I/O | channel obtained from tu_$channel_assign. | | _U_S_A_G_E | | declare tu_$channel_release (ptr, fixed bin); | | call tu_$channel_release (sectest_args_ptr, devx); | | _A_R_G_U_M_E_N_T_S | | sectest_args_ptr | is a pointer to the sectest_args structure as declared in | sectest_args.incl.pl1. Information about the test case is | extracted from this structure. (Input) | | devx | is a channel index number obtained by calling | tu_$channel_assign. (Input) | | ________________________________________ | | | NAME: TU_$CHANNEL_RELEASE_OTHER | | This entry calls dial_manager_$release_channel to release an I/O | channel obtained from tu_$channel_assign_other. | | _U_S_A_G_E | | declare tu_$channel_release_other (ptr, fixed bin); | | call tu_$channel_release_other (sectest_args_ptr, devx); | | _A_R_G_U_M_E_N_T_S | | sectest_args_ptr | is a pointer to the sectest_args structure as declared in | sectest_args.incl.pl1. Information about the test case is | extracted from this structure. (Input) | D-17 _________________________ __________________ tu_$channel_release_other tu_$check_as_audit _________________________ __________________ | devx | is a channel index number obtained by calling | tu_$channel_assign_other. (Input) ________________________________________ NAME: TU_$CHECK_AS_AUDIT This entry, when called, checks the audit trail produced by a test case. A bit value is returned indicating whether the expected audit message was present in the log. The test daemon examines the answering service log for messages within the execution window of the test, as delimited by the test case start and end times in the sectest_args structure. Only messages whose data class is "access_audit" are checked. _U_S_A_G_E declare tu_$check_as_audit entry (ptr, bit(36) aligned, bit(1) aligned, char(*)) returns (bit (1) aligned); passed = tu_$check_as_audit (sectest_args_ptr, access_operation, granted_flag, obj_name); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure as declared in sectest_args.incl.pl1. Information about the test case is extracted from this structure. (Input) access_operation is the value of an entry in access_operations_. The audit trail for the test case is expected to contain a message for this operation. (Input) granted_flag specifies whether the audit trail should indicate that the operation should have been granted. (Input) obj_name is the name of the object being tested as it should appear in the audit message. In the case of file system objects this will be the pathname. (Input) D-18 __________________ ___________________________ tu_$check_as_audit tu_$check_as_freeform_audit __________________ ___________________________ _N_O_T_E_S The "case_start_time" and "case_end_time" variables in the sectest_args structure should be set to indicate the time window in which the test executed. Incorrect times may result in failure of this entry to find the appropriate log entries. See also the related entries: tu_$check_syserr_audit tu_$check_syserr_freeform_audit tu_$check_as_freeform_audit ________________________________________ NAME: TU_$CHECK_AS_FREEFORM_AUDIT This entry, when called, checks the audit trail produced by a test case. A bit value is returned indicating whether the expected audit message was present in the log. The test daemon examines the answering service log for messages within the execution window of the test, as delimited by the test case start and end times in the sectest_args structure. This entry differs from tu_$check_as_audit in that the messages checked do not have to be standard system audit messages. That is, they do not have to exhibit binary data of class "access_audit". _U_S_A_G_E declare tu_$check_as_freeform_audit entry (ptr, char (*)) returns (bit (1) aligned); passed = tu_$check_as_freeform_audit (sectest_args_ptr, msg_text_substr); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure as declared in sectest_args.incl.pl1. Information about the test case is extracted from this structure. (Input) msg_text_substr is a unique part of the audit message which should appear in the answering service log. (Input) D-19 ___________________________ ______________________ tu_$check_as_freeform_audit tu_$check_syserr_audit ___________________________ ______________________ _N_O_T_E_S The "case_start_time" and "case_end_time" variables in the sectest_args structure should be set to indicate the time window in which the test executed. Incorrect times may result in failure of this entry to find the appropriate log entries. See also the related entries: tu_$check_syserr_audit tu_$check_syserr_freeform_audit tu_$check_as_audit ________________________________________ NAME: TU_$CHECK_SYSERR_AUDIT This entry, when called, checks the audit trail produced by a test case. A bit value is returned indicating whether the expected audit message was present in the log. The test daemon examines the syserr log for messages within the execution window of the test, as delimited by the test case start and end times in the sectest_args structure. Only messages whose data class is "access_audit" are examined. _U_S_A_G_E declare tu_$check_syserr_audit entry (ptr, bit(36) aligned, bit(1) aligned, char(*)) returns (bit (1) aligned); passed = tu_$check_syserr_audit (sectest_args_ptr, access_operation ,granted_flag, obj_name); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure as declared in sectest_args.incl.pl1. Information about the test case is extracted from this structure. (Input) access_operation is the value of an entry in access_operations_. The audit trail for the test case is expected to contain a message for this operation. (Input) granted_flag specifies whether the audit trail should indicate that the operation should have been granted. (Input) D-20 ______________________ _______________________________ tu_$check_syserr_audit tu_$check_syserr_freeform_audit ______________________ _______________________________ obj_name is the name of the object being tested as it should appear in the audit message. In the case of file system objects this will be the pathname. (Input) _N_O_T_E_S The "case_start_time" and "case_end_time" variables in the sectest_args structure should be set to indicate the time window in which the test executed. Incorrect times may result in failure of this entry to find the appropriate log entries. See also the related entries: tu_$check_syserr_freeform_audit tu_$check_as_audit tu_$check_as_freeform_audit ________________________________________ NAME: TU_$CHECK_SYSERR_FREEFORM_AUDIT This entry, when called, checks the audit trail produced by a test case. A bit value is returned indicating whether the expected audit message was present in the log. The test daemon examines the syserr log for messages within the execution window of the test, as delimited by the test case start and end times in the sectest_args structure. This entry differs from tu_$check_syserr_audit in that the messages checked do not have to be standard system audit messages. That is, they do not have to exhibit binary data of class "access_audit". _U_S_A_G_E declare tu_$check_syserr_freeform_audit entry (ptr, char (*)) returns (bit (1) aligned); passed = tu_$check_syserr_freeform_audit (sectest_args_ptr, msg_text_substr); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure as declared in sectest_args.incl.pl1. Information about the test case is extracted from this structure. (Input) D-21 _______________________________ ___________________________ tu_$check_syserr_freeform_audit tu_$create_DAC_case_segment _______________________________ ___________________________ msg_text_substr is a unique part of the audit message which should appear in the syserr log. (Input) _N_O_T_E_S The "case_start_time" and "case_end_time" variables in the sectest_args structure should be set to indicate the time window in which the test executed. Incorrect times may result in failure of this entry to find the appropriate log entries. See also the related entries: tu_$check_syserr_audit tu_$check_as_audit tu_$check_as_freeform_audit ________________________________________ NAME: TU_$CREATE_DAC_CASE_SEGMENT This entry is called to create a segment for a filesystem DAC test case. It creates a directory with specified access modes and ring brackets, optionally creates a segment with specified access modes and ring brackets in that directory, and returns the names of both the directory and the segment. _U_S_A_G_E declare tu_$create_DAC_case_segment entry (ptr, bit (36) aligned, bit (36) aligned, (3) fixed bin (3), bit (36) aligned, (2) fixed bin (3), char (*), char (*)); call tu_$create_DAC_case_segment (sectest_args_ptr, flags, emodes, erings, dmodes, drings, dname, ename); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure as declared in sectest_args.incl.pl1. (Input) flags are the input flags. (Input) The format of these flags is that of the dac_setup_flags structure declared in sectest_DAC_descs.incl.pl1. In particular, if the create_object flag is set, a segment will be created with the given modes and ring brackets. If this flag is not set, no segment will be created. D-22 ___________________________ _______________________________ tu_$create_DAC_case_segment tu_$create_DAC_case_segment_ptr ___________________________ _______________________________ emodes are the access modes the caller will have to the segment if it is created. (Input) erings are the ring brackets the segment will have if it is created. (Input) dmodes are the access modes the caller will have to the directory. (Input) drings are the ring brackets the directory will have. (Input) dname is the relative pathname of the directory containing the segment. (Output) It may be converted to an absolute pathname by calling tu_$expand_pathname. ename is the entryname of the segment. (Output) If no segment was to be created, this argument contains a name which is not a name of any entry in the directory. ________________________________________ NAME: TU_$CREATE_DAC_CASE_SEGMENT_PTR This entry is called to create a segment for a filesystem DAC test case. It creates a directory with specified access modes and ring brackets, optionally creates a segment with specified access modes and ring brackets in that directory, and returns the names of both the directory and the segment as well as a pointer to the segment if it can be initiated in the caller's process. _U_S_A_G_E declare tu_$create_DAC_case_segment_ptr entry (ptr, bit (36) aligned, bit (36) aligned, (3) fixed bin (3), bit (36) aligned, (2) fixed bin (3), char (*), char (*), ptr); call tu_$create_DAC_case_segment_ptr (sectest_args_ptr, flags, emodes, erings, dmodes, drings, dname, ename, segptr); D-23 _______________________________ _______________________________ tu_$create_DAC_case_segment_ptr tu_$create_DAC_case_segment_ptr _______________________________ _______________________________ _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure as declared in sectest_args.incl.pl1. (Input) flags are the input flags. (Input) The format of these flags is that of the dac_setup_flags structure declared in sectest_DAC_descs.incl.pl1. In particular, if the create_object flag is set, a segment will be created with the given modes and ring brackets. If this flag is not set, no segment will be created. emodes are the access modes the caller will have to the segment if it is created. (Input) erings are the ring brackets the segment will have if it is created. (Input) dmodes are the access modes the caller will have to the directory. (Input) drings are the ring brackets the directory will have. (Input) dname is the relative pathname of the directory containing the segment. (Output) It may be converted to an absolute pathname by calling tu_$expand_pathname. ename is the entryname of the segment. (Output) If no segment was to be created, this argument contains a name which is not a name of any entry in the directory. segptr is a pointer to the segment, or a null pointer if the segment could not be initiated. (Output) D-24 _______________________________ _______________________________ tu_$create_DAC_case_segment_ptr tu_$create_MAC_case_segment_ptr _______________________________ _______________________________ NAME: TU_$CREATE_MAC_CASE_SEGMENT This entry is called to create a segment for a filesystem MAC test case. It creates a directory of a given access class, creates a segment in that directory, and returns the names of both the directory and the segment. _U_S_A_G_E declare tu_$create_MAC_case_segment entry (ptr, bit (72) aligned, char (*), char (*)); call tu_$create_MAC_case_segment (sectest_args_ptr, access_class, dname, ename); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure as declared in sectest_args.incl.pl1. (Input) access_class is the access class the directory containing the segment is to have. (Input) dname is the relative pathname of the directory containing the segment. (Output) It may be converted to an absolute pathname by calling tu_$expand_pathname. ename is the entryname of the created segment. (Output) ________________________________________ NAME: TU_$CREATE_MAC_CASE_SEGMENT_PTR This entry is called to create and initiate a segment for a | filesystem MAC test case. It creates a directory of a given access class, creates a segment in that directory, and returns the names of both the directory and the segment as well as a pointer to the segment (or a null pointer if the segment cannot be initiated in the caller's process). _U_S_A_G_E declare tu_$create_MAC_case_segment_ptr entry (ptr, | bit (72) aligned, char (*), char (*), ptr); | D-25 _______________________________ ______________ tu_$create_MAC_case_segment_ptr tu_$create_acs _______________________________ ______________ call tu_$create_MAC_case_segment_ptr (sectest_args_ptr, access_class, dname, ename, segptr); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure as declared in sectest_args.incl.pl1. Information about the test case is extracted from this structure. (Input) access_class is the access class the directory containing the segment is to have. (Input) dname is the relative pathname of the directory containing the segment. (Output) It may be converted to an absolute pathname by calling tu_$expand_pathname. ename is the entryname of the created segment. (Output) segptr is a pointer to the created segment, or a null pointer if the segment could not be initiated. (Output) ________________________________________ NAME: TU_$CREATE_ACS This entry point creates an ACS segment. _U_S_A_G_E declare tu_$create_acs entry (ptr, char(*), char(*), ptr, ptr, ptr); call tu_$create_acs (sectest_args_ptr, dir_name, entry_name, access_info_ptr, names_info_ptr, properties_info_ptr); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure declared in sectest_args.incl.pl1. (Input) dir_name D-26 ______________ ____________________ tu_$create_acs tu_$create_admin_acs ______________ ____________________ is the pathname of the containing directory. It must either be relative to the test directory or begin with one of the keywords %test_dir, %lv_acs_dir, etc. See tu_$expand_pathname for a list of the allowable keywords. (Input) entry_name is the name of the ACS segment to be created. The acs suffix is assumed. (Input) access_info_ptr is a pointer to the access_info structure declared in sectest_fs_properties.incl.pl1. If this pointer is null, default access properties are placed on the created object. (Input) names_info_ptr is a pointer to the names_info structure declared in sectest_fs_properties.incl.pl1. If this pointer is null, the created object is given the single name entry_name. If the pointer is non-null, only the names specified in the names_info structure appear on the created object. The acs suffix is assumed for all names. (Input) properties_info_ptr is a pointer to the appropriate properties info structure declared in sectest_fs_properties.incl.pl1. If this pointer is null, default values for the properties listed in this structure are placed on the created object. (Input) ________________________________________ NAME: TU_$CREATE_ADMIN_ACS This entry point creates an admin ACS segment. _U_S_A_G_E declare tu_$create_admin_acs entry (ptr, char(*), ptr, ptr, ptr); call tu_$create_admin_acs (sectest_args_ptr, name, access_info_ptr, names_info_ptr, properties_info_ptr); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure declared in sectest_args.incl.pl1. (Input) D-27 ____________________ ______________________ tu_$create_admin_acs tu_$create_channel_acs ____________________ ______________________ name is the name of the ACS segment to be created. The acs suffix is assumed. The parent directory is >sc1>admin_acs. (Input) access_info_ptr is a pointer to the access_info structure declared in sectest_fs_properties.incl.pl1. If this pointer is null, default access properties are placed on the created object. (Input) names_info_ptr is a pointer to the names_info structure declared in sectest_fs_properties.incl.pl1. If this pointer is null, the created object is given the single name entry_name. If the pointer is non-null, only the names specified in the names_info structure appear on the created object. The acs suffix is assumed for all names. (Input) properties_info_ptr is a pointer to the appropriate properties info structure declared in sectest_fs_properties.incl.pl1. If this pointer is null, default values for the properties listed in this structure are placed on the created object. (Input) ________________________________________ NAME: TU_$CREATE_CHANNEL_ACS This entry point creates a channel ACS segment. _U_S_A_G_E declare tu_$create_channel_acs entry (ptr, char(*), ptr, ptr, ptr); call tu_$create_channel_acs (sectest_args_ptr, name, access_info_ptr, names_info_ptr, properties_info_ptr); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure declared in sectest_args.incl.pl1. (Input) name is the name of the ACS segment to be created. The acs suffix is assumed. The parent directory is >sc1>rcp. (Input) D-28 ______________________ ____________________ tu_$create_channel_acs tu_$create_directory ______________________ ____________________ access_info_ptr is a pointer to the access_info structure declared in sectest_fs_properties.incl.pl1. If this pointer is null, default access properties are placed on the created object. (Input) names_info_ptr is a pointer to the names_info structure declared in sectest_fs_properties.incl.pl1. If this pointer is null, the created object is given the single name entry_name. If the pointer is non-null, only the names specified in the names_info structure appear on the created object. The acs suffix is assumed for all names. (Input) properties_info_ptr is a pointer to the appropriate properties info structure declared in sectest_fs_properties.incl.pl1. If this pointer is null, default values for the properties listed in this structure are placed on the created object. (Input) ________________________________________ NAME: TU_$CREATE_DIRECTORY This entry point creates a directory. _U_S_A_G_E declare tu_$create_directory entry (ptr, char(*), char(*), ptr, ptr, ptr); call tu_$create_directory (sectest_args_ptr, dir_name, entry_name, access_info_ptr, names_info_ptr, properties_info_ptr); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure declared in sectest_args.incl.pl1. (Input) dir_name is the pathname of the containing directory. It must either be relative to the test directory or begin with one of the keywords %test_dir, %lv_acs_dir, etc. See tu_$expand_pathname for a list of the allowable keywords. (Input) entry_name is the name of the directory to be created. (Input) D-29 ____________________ _________________ tu_$create_directory tu_$create_lv_acs ____________________ _________________ access_info_ptr is a pointer to the access_info structure declared in sectest_fs_properties.incl.pl1. If this pointer is null, default access properties are placed on the created object. (Input) names_info_ptr is a pointer to the names_info structure declared in sectest_fs_properties.incl.pl1. If this pointer is null, the created object is given the single name entry_name. If the pointer is non-null, only the names specified in the names_info structure appear on the created object. (Input) properties_info_ptr is a pointer to the appropriate properties info structure declared in sectest_fs_properties.incl.pl1. If this pointer is null, default values for the properties listed in this structure are placed on the created object. (Input) ________________________________________ NAME: TU_$CREATE_LV_ACS This entry point creates a logical volume ACS segment. _U_S_A_G_E declare tu_$create_lv_acs entry (ptr, char(*), ptr, ptr, ptr); call tu_$create_lv_acs (sectest_args_ptr, name, access_info_ptr, names_info_ptr, properties_info_ptr); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure declared in sectest_args.incl.pl1. (Input) name is the name of the ACS segment to be created. The acs suffix is assumed. The parent directory is >lv. (Input) access_info_ptr is a pointer to the access_info structure declared in sectest_fs_properties.incl.pl1. If this pointer is null, default access properties are placed on the created object. (Input) D-30 _________________ ___________________________ tu_$create_lv_acs tu_$create_lv_quota_account _________________ ___________________________ names_info_ptr is a pointer to the names_info structure declared in sectest_fs_properties.incl.pl1. If this pointer is null, the created object is given the single name entry_name. If the pointer is non-null, only the names specified in the names_info structure appear on the created object. The acs suffix is assumed for all names. (Input) properties_info_ptr is a pointer to the appropriate properties info structure declared in sectest_fs_properties.incl.pl1. If this pointer is null, default values for the properties listed in this structure are placed on the created object. (Input) ________________________________________ NAME: TU_$CREATE_LV_QUOTA_ACCOUNT This entry point sets up a volume quota account as specified. _U_S_A_G_E declare tu_$create_lv_quota_account entry (ptr, char(*), char(*), fixed bin); call tu_$create_lv_quota_account (sectest_args_ptr, volume_name, account_name, quota); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure declared in sectest_args.incl.pl1. (Input) volume_name is the name of the logical volume on which to set up the quota account. (Input) account_name is the name of the quota account to set up. (Input) It is a user_id where either the project or person components may be "*". quota is the initial quota assigned to the account. (Input) D-31 ___________________________ __________________ tu_$create_lv_quota_account tu_$create_mailbox ___________________________ __________________ NAME: TU_$CREATE_MAILBOX This entry point creates a mailbox. _U_S_A_G_E declare tu_$create_mailbox entry (ptr, char(*), char(*), ptr, ptr, ptr); call tu_$create_mailbox (sectest_args_ptr, dir_name, entry_name, access_info_ptr, names_info_ptr, properties_info_ptr); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure declared in sectest_args.incl.pl1. (Input) dir_name is the pathname of the containing directory. It must either be relative to the test directory or begin with one of the keywords %test_dir, %lv_acs_dir, etc. See tu_$expand_pathname for a list of the allowable keywords. (Input) entry_name is the name of the mailbox to be created. The mbx suffix is assumed. (Input) access_info_ptr is a pointer to the access_info structure declared in sectest_fs_properties.incl.pl1. If this pointer is null, default access properties are placed on the created object. (Input) names_info_ptr is a pointer to the names_info structure declared in sectest_fs_properties.incl.pl1. If this pointer is null, the created object is given the single name entry_name. If the pointer is non-null, only the names specified in the names_info structure appear on the created object. The mbx suffix is assumed for all names. (Input) properties_info_ptr is a pointer to the appropriate properties info structure declared in sectest_fs_properties.incl.pl1. If this pointer is null, default values for the properties listed in this structure are placed on the created object. (Input) D-32 __________________ _________________ tu_$create_mailbox tu_$create_mc_acs __________________ _________________ NAME: TU_$CREATE_MC_ACS This entry point creates a message coordinator ACS segment. _U_S_A_G_E declare tu_$create_mc_acs entry (ptr, char(*), ptr, ptr, ptr); call tu_$create_mc_acs (sectest_args_ptr, name, access_info_ptr, names_info_ptr, properties_info_ptr); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure declared in sectest_args.incl.pl1. (Input) name is the name of the ACS segment to be created. The acs suffix is assumed. The parent directory is >sc1>mc_acs. (Input) access_info_ptr is a pointer to the access_info structure declared in sectest_fs_properties.incl.pl1. If this pointer is null, default access properties are placed on the created object. (Input) names_info_ptr is a pointer to the names_info structure declared in sectest_fs_properties.incl.pl1. If this pointer is null, the created object is given the single name entry_name. If the pointer is non-null, only the names specified in the names_info structure appear on the created object. The acs suffix is assumed for all names. (Input) properties_info_ptr is a pointer to the appropriate properties info structure declared in sectest_fs_properties.incl.pl1. If this pointer is null, default values for the properties listed in this structure are placed on the created object. (Input) D-33 _________________ _____________________ tu_$create_mc_acs tu_$create_mdirectory _________________ _____________________ NAME: TU_$CREATE_MDIRECTORY This entry point creates a master directory. _U_S_A_G_E declare tu_$create_mdirectory entry (ptr, char(*), char(*), char(*), char(*), char(*), fixed bin, ptr, ptr, ptr); call tu_$create_mdirectory (sectest_args_ptr, dir_name, entry_name, volume_name, mdir_owner, mdir_account, mdir_quota, access_info_ptr, names_info_ptr, properties_info_ptr); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure declared in sectest_args.incl.pl1. (Input) dir_name is the pathname of the containing directory. (Input) It must either be relative to the test directory or begin with one of the keywords %test_dir, %lv_acs_dir, etc. See tu_$expand_pathname for a list of the allowable keywords. entry_name is the name of the master directory to be created. (Input) volume_name is the name of the logical volume with which the master directory will be associated. (Input) mdir_owner is the user_id which is to be the owner of the master directory. (Input) The default is the user_id of the sectest server daemon. mdir_account is the account from which quota for the master directory is to be drawn. (Input) The default is an account which matches the sectest server daemon's user_id. mdir_quota is the amount of quota to be set for the master directory. (Input) access_info_ptr D-34 _____________________ __________________________ tu_$create_mdirectory tu_$create_message_segment _____________________ __________________________ is a pointer to the access_info structure declared in sectest_fs_properties.incl.pl1. (Input) If this pointer is null, default access properties are placed on the created object. names_info_ptr is a pointer to the names_info structure declared in sectest_fs_properties.incl.pl1. (Input) If this pointer is null, the created object is given the single name entry_name. If the pointer is non-null, only the names specified in the names_info structure appear on the created object. properties_info_ptr is a pointer to the appropriate properties info structure declared in sectest_fs_properties.incl.pl1. (Input) If this pointer is null, default values for the properties listed in this structure are placed on the created object. ________________________________________ NAME: TU_$CREATE_MESSAGE_SEGMENT This entry point creates a queue message segment. _U_S_A_G_E declare tu_$create_message_segment entry (ptr, char(*), char(*), ptr, ptr, ptr); call tu_$create_message_segment (sectest_args_ptr, dir_name, entry_name, access_info_ptr, names_info_ptr, properties_info_ptr); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure declared in sectest_args.incl.pl1. (Input) dir_name is the pathname of the containing directory. It must either be relative to the test directory or begin with one of the keywords %test_dir, %lv_acs_dir, etc. See tu_$expand_pathname for a list of the allowable keywords. (Input) entry_name is the name of the message segment to be created. The ms suffix is assumed. (Input) D-35 __________________________ ______________ tu_$create_message_segment tu_$create_pnt __________________________ ______________ access_info_ptr is a pointer to the access_info structure declared in sectest_fs_properties.incl.pl1. If this pointer is null, default access properties are placed on the created object. (Input) names_info_ptr is a pointer to the names_info structure declared in sectest_fs_properties.incl.pl1. If this pointer is null, the created object is given the single name entry_name. If the pointer is non-null, only the names specified in the names_info structure appear on the created object. The ms suffix is assumed for all names. (Input) properties_info_ptr is a pointer to the appropriate properties info structure declared in sectest_fs_properties.incl.pl1. If this pointer is null, default values for the properties listed in this structure are placed on the created object. (Input) | | ________________________________________ | | | NAME: TU_$CREATE_PNT | | This entry is used to create a PNT object. | | _U_S_A_G_E | | declare tu_$create_pnt (ptr, char(*), char (*), ptr, ptr, ptr); | | call tu_$create_pnt (sectest_args_ptr, dir_name, entry_name, | access_info_ptr, names_info_ptr, properties_info_ptr); | | _A_R_G_U_M_E_N_T_S | | sectest_args_ptr | is a pointer to the sectest_args structure as declared in | sectest_args.incl.pl1. Information about the test case is | extracted from this structure. (Input) | | dir_name | is the path name of the directory in which the PNT is to be | created. (Input) | | entry_name | is the name of the PNT to be created, with the ".pnt" suffix | added. (Input) D-36 ______________ __________________ tu_$create_pnt tu_$create_rcp_acs ______________ __________________ access_info_ptr | is a pointer to the segment_access_info structure found in | sectest_fs_properties.incl.pl1. (Input) | | names_info_ptr | is a pointer to the structure names_info found in | sectest_fs_properties.incl.pl1. (Input) | | properties_info_ptr | is a pointer to the structure segment_properties_info found in | sectest_fs_properties.incl.pl1. (Input) | ________________________________________ NAME: TU_$CREATE_RCP_ACS This entry point creates an RCP ACS segment. _U_S_A_G_E declare tu_$create_rcp_acs entry (ptr, char(*), ptr, ptr, ptr); call tu_$create_rcp_acs (sectest_args_ptr, name, access_info_ptr, names_info_ptr, properties_info_ptr); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure declared in sectest_args.incl.pl1. (Input) name is the name of the ACS segment to be created. The acs suffix is assumed. The parent directory is >sc1>rcp. (Input) access_info_ptr is a pointer to the access_info structure declared in sectest_fs_properties.incl.pl1. If this pointer is null, default access properties are placed on the created object. (Input) names_info_ptr is a pointer to the names_info structure declared in sectest_fs_properties.incl.pl1. If this pointer is null, the created object is given the single name entry_name. If the pointer is non-null, only the names specified in the names_info structure appear on the created object. The acs suffix is assumed for all names. (Input) D-37 __________________ __________________ tu_$create_rcp_acs tu_$create_segment __________________ __________________ properties_info_ptr is a pointer to the appropriate properties info structure declared in sectest_fs_properties.incl.pl1. If this pointer is null, default values for the properties listed in this structure are placed on the created object. (Input) ________________________________________ NAME: TU_$CREATE_SEGMENT This entry point creates a segment. _U_S_A_G_E declare tu_$create_segment entry (ptr, char(*), char(*), ptr, ptr, ptr); call tu_$create_segment (sectest_args_ptr, dir_name, entry_name, access_info_ptr, names_info_ptr, properties_info_ptr); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure declared in sectest_args.incl.pl1. (Input) dir_name is the pathname of the containing directory. It must either be relative to the test directory or begin with one of the keywords %test_dir, %lv_acs_dir, etc. See tu_$expand_pathname for a list of the allowable keywords. (Input) entry_name is the name of the segment to be created. (Input) access_info_ptr is a pointer to the access_info structure declared in sectest_fs_properties.incl.pl1. If this pointer is null, default access properties are placed on the created object. (Input) names_info_ptr is a pointer to the names_info structure declared in sectest_fs_properties.incl.pl1. If this pointer is null, the created object is given the single name entry_name. If the pointer is non-null, only the names specified in the names_info structure appear on the created object. (Input) D-38 __________________ _____________________ tu_$create_segment tu_$defer_mbx_wakeups __________________ _____________________ properties_info_ptr is a pointer to the appropriate properties info structure declared in sectest_fs_properties.incl.pl1. If this pointer is null, default values for the properties listed in this structure are placed on the created object. (Input) ________________________________________ NAME: TU_$DEFER_MBX_WAKEUPS This entry point turns off wakeup accepting for a specified mailbox. _U_S_A_G_E declare tu_$defer_mbx_wakeups entry (ptr, char(*), char(*)); call tu_$defer_mbx_wakeups (sectest_args_ptr, dir_name, entry_name); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure declared in sectest_args.incl.pl1. (Input) dir_name is the pathname of the containing directory. It must either be relative to the test directory or begin with one of the keywords %test_dir, %lv_acs_dir, etc. See tu_$expand_pathname for a list of the allowable keywords. (Input) entry_name is the name of the mailbox. The mbx suffix is assumed. (Input) D-39 _____________________ ____________________ tu_$defer_mbx_wakeups tu_$delete_admin_acs _____________________ ____________________ NAME: TU_$DELETE_ACS This entry point deletes an ACS segment. _U_S_A_G_E declare tu_$delete_acs entry (ptr, char(*), char(*)); call tu_$delete_acs (sectest_args_ptr, dir_name, entry_name); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure declared in sectest_args.incl.pl1. (Input) dir_name is the pathname of the containing directory. It must be relative to the test directory or begin with one of the keywords %test_dir, %lv_acs_dir, etc. See tu_$expand_pathname for a list of allowable keywords. (Input) entry_name is the name of the ACS segment to be deleted. The acs suffix is assumed. (Input) ________________________________________ NAME: TU_$DELETE_ADMIN_ACS This entry point deletes an admin ACS segment. _U_S_A_G_E declare tu_$delete_admin_acs entry (ptr, char(*)); call tu_$delete_admin_acs (sectest_args_ptr, name); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure declared in sectest_args.incl.pl1. (Input) name is the name of the ACS segment to be deleted. (Input) The acs suffix is assumed. The parent directory is >sc1>admin_acs. D-40 ____________________ ____________________ tu_$delete_admin_acs tu_$delete_directory ____________________ ____________________ NAME: TU_$DELETE_CHANNEL_ACS This entry point deletes a channel ACS segment. _U_S_A_G_E declare tu_$delete_channel_acs entry (ptr, char(*)); call tu_$delete_channel_acs (sectest_args_ptr, name); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure declared in sectest_args.incl.pl1. (Input) name is the name of the ACS segment to be deleted. The acs suffix is assumed. The parent directory is >sc1>rcp. (Input) ________________________________________ NAME: TU_$DELETE_DIRECTORY This entry point deletes a directory. _U_S_A_G_E declare tu_$delete_directory entry (ptr, char(*), char(*)); call tu_$delete_directory (sectest_args_ptr, dir_name, entry_name); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure declared in sectest_args.incl.pl1. (Input) dir_name is the pathname of the containing directory. It must be relative to the test directory or begin with one of the keywords %test_dir, %lv_acs_dir, etc. See tu_$expand_pathname for a list of allowable keywords. (Input) entry_name is the name of the directory to be deleted. (Input) D-41 ____________________ __________________ tu_$delete_directory tu_$delete_mailbox ____________________ __________________ NAME: TU_$DELETE_LV_ACS This entry point deletes a logical volume ACS segment. _U_S_A_G_E declare tu_$delete_lv_acs entry (ptr, char(*)); call tu_$delete_lv_acs (sectest_args_ptr, name); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure declared in sectest_args.incl.pl1. (Input) name is the name of the ACS segment to be deleted. The acs suffix is assumed. The parent directory is >lv. (Input) ________________________________________ NAME: TU_$DELETE_MAILBOX This entry point deletes a mailbox. _U_S_A_G_E declare tu_$delete_mailbox entry (ptr, char(*), char(*)); call tu_$delete_mailbox (sectest_args_ptr, dir_name, entry_name); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure declared in sectest_args.incl.pl1. (Input) dir_name is the pathname of the containing directory. It must be relative to the test directory or begin with one of the keywords %test_dir, %lv_acs_dir, etc. See tu_$expand_pathname for a list of allowable keywords. (Input) entry_name is the name of the mailbox to be deleted. The mbx suffix is assumed. (Input) D-42 __________________ _____________________ tu_$delete_mailbox tu_$delete_mdirectory __________________ _____________________ NAME: TU_$DELETE_MC_ACS This entry point deletes a message coordinator ACS segment. _U_S_A_G_E declare tu_$delete_mc_acs entry (ptr, char(*)); call tu_$delete_mc_acs (sectest_args_ptr, name); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure declared in sectest_args.incl.pl1. (Input) name is the name of the ACS segment to be deleted. The acs suffix is assumed. The parent directory is >sc1>mc_acs. (Input) ________________________________________ NAME: TU_$DELETE_MDIRECTORY This entry point deletes a master directory. _U_S_A_G_E declare tu_$delete_mdirectory entry (ptr, char(*), char(*)); call tu_$delete_mdirectory (sectest_args_ptr, dir_name, entry_name); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure declared in sectest_args.incl.pl1. (Input) dir_name is the pathname of the containing directory. (Input) It must be relative to the test directory or begin with one of the keywords %test_dir, %lv_acs_dir, etc. See tu_$expand_pathname for a list of allowable keywords. entry_name is the name of the master directory to be deleted. (Input) D-43 _____________________ ______________ tu_$delete_mdirectory tu_$delete_pnt _____________________ ______________ NAME: TU_$DELETE_MESSAGE_SEGMENT This entry point deletes a queue message segment. _U_S_A_G_E declare tu_$delete_message_segment entry (ptr, char(*), char(*)); call tu_$delete_message_segment (sectest_args_ptr, dir_name, entry_name); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure declared in sectest_args.incl.pl1. (Input) dir_name is the pathname of the containing directory. It must be relative to the test directory or begin with one of the keywords %test_dir, %lv_acs_dir, etc. See tu_$expand_pathname for a list of allowable keywords. (Input) entry_name is the name of the message segment to be deleted. The ms suffix is assumed. (Input) | | ________________________________________ | | | NAME: TU_$DELETE_PNT | | This entry is used to delete a PNT. | | _U_S_A_G_E | | declare tu_$delete_pnt (ptr, char (*), char (*)); | | call tu_$delete_pnt (sectest_args_ptr, dir_name, entry_name); | | _A_R_G_U_M_E_N_T_S | | sectest_args_ptr | is a pointer to the sectest_args structure as declared in | sectest_args.incl.pl1. Information about the test case is | extracted from this structure. (Input) | | dir_name | is the path name of the directory from which the PNT is to be | deleted. (Input) D-44 ______________ __________________ tu_$delete_pnt tu_$delete_segment ______________ __________________ entry_name | is the name of the PNT to be deleted, with the ".pnt" suffix | added. (Input) | ________________________________________ NAME: TU_$DELETE_RCP_ACS This entry point deletes an RCP ACS segment. _U_S_A_G_E declare tu_$delete_rcp_acs entry (ptr, char(*)); call tu_$delete_rcp_acs (sectest_args_ptr, name); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure declared in sectest_args.incl.pl1. (Input) name is the name of the ACS segment to be deleted. The acs suffix is assumed. The parent directory is >sc1>rcp. (Input) ________________________________________ NAME: TU_$DELETE_SEGMENT This entry point deletes a segment. _U_S_A_G_E declare tu_$delete_segment entry (ptr, char(*), char(*)); call tu_$delete_segment (sectest_args_ptr, dir_name, entry_name); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure declared in sectest_args.incl.pl1. (Input) dir_name D-45 __________________ _________________ tu_$delete_segment tu_$deregister_lv __________________ _________________ is the pathname of the containing directory. It must be relative to the test directory or begin with one of the keywords %test_dir, %lv_acs_dir, etc. See tu_$expand_pathname for a list of allowable keywords. (Input) entry_name is the name of the segment to be deleted. (Input) | | ________________________________________ | | | NAME: TU_$DELETE_USER_MESSAGE | | This entry is used to perform the priviledged function of | deleting a message from the user message database. | | _U_S_A_G_E | | declare tu_$delete_user_message (ptr, bit (72) aligned); | | call tu_$delete_user_message (sectest_args_ptr, message_id); | | _A_R_G_U_M_E_N_T_S | | sectest_args_ptr | is a pointer to the sectest_args structure as declared in | sectest_args.incl.pl1. Information about the test case is | extracted from this structure. (Input) | | message_id | is the unique identifier corresponding to the message in the | message segment. (Input) ________________________________________ NAME: TU_$DEREGISTER_LV This entry is used to deregister a Logical Volume used with security functional tests. _U_S_A_G_E declare tu_$deregister_lv entry (ptr, char(*)); call tu_$deregister_lv (sectest_args_ptr, lv_name); D-46 _________________ ___________________________ tu_$deregister_lv tu_$detach_autocall_channel _________________ ___________________________ _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure as declared in sectest_args.incl.pl1. (Input) lv_name is the name of the Logical Volume. (Input) _N_O_T_E_S Only volumes registered for use by a security functional test should be deregistered. | ________________________________________ | | | NAME: TU_$DETACH_AUTOCALL_CHANNEL | | This entry point is used to detached a channel previously | attached. The detaching is done by the same process that had it | attached, as specified by server_process_sw. | | _U_S_A_G_E | | declare tu_$detach_autocall_channel (ptr, char (32), bit (1) | aligned); | | call tu_$attach_autocall_channel (sectest_args_ptr, channel_name, | server_process_sw); | | _A_R_G_U_M_E_N_T_S | | sectest_args_ptr | is a pointer to the sectest_args structure as declared in | sectest_args.incl.pl1. Information about the test case is | extracted from this structure. (Input) | | channel_name | Is the channel name to be detached. (Input) | | server_process_sw | is a switch defining whether the channel is to be detached in | the testing process or in the Sectest Server daemon. (Input) | "0"b = The channel is detached from the testing process. | "1"b = The channel is detached from the Sectest Server | daemon. | D-47 ___________________________ __________________________ tu_$detach_autocall_channel tu_$enter_absentee_request ___________________________ __________________________ | NAME: TU_$DETACH_SLAVE_CHANNEL | | This entry is used to request the answering service to release | the channel specified by channel_name. | | _U_S_A_G_E | | declare tu_$detach_slave_channel (ptr, char (*), bit (1) aligned) | | call tu_$detach_slave_channel (sectest_args_ptr, channel_name, | server_process_sw); | | _A_R_G_U_M_E_N_T_S | | sectest_args_ptr | is a pointer to the sectest_args structure as declared in | sectest_args.incl.pl1. Information about the test case is | extracted from this structure. (Input) | | channel_name | is the name of the slave name to be detached. This name is | matched against both the channel name in the cdt and the | generic_destination field for the channel, if one exists. | (Input) | | server_process_sw | is a switch to determine if the detach slave channel request | is done by the testing process or the Sectest Server daemon. | (Input) | "0"b = The testing process terminates the slave | channel. | "1"b = The Sectest Server terminates the slave | channel. | | ________________________________________ | | | NAME: TU_$ENTER_ABSENTEE_REQUEST | | This entry is used to run absentees at specified authorizations. | | _U_S_A_G_E | | declare tu_$enter_absentee_request (ptr, ptr, fixed bin (71)); | | call tu_$enter_absentee_request (sectest_args_ptr, | absentee_info_ptr, request_id); D-48 __________________________ __________________________ tu_$enter_absentee_request tu_$enter_absentee_request __________________________ __________________________ _A_R_G_U_M_E_N_T_S | | sectest_args_ptr | is a pointer to the sectest_args structure as declared in | sectest_args.incl.pl1. Information about the test case is | extracted from this structure. (Input) | | absentee_info_ptr | is a pointer to the absentee_request_info structure. (Input) | | request_id | is the request identifier of the absentee. (Output) | | _T_H_E _A_B_S_E_N_T_E_E___R_E_Q_U_E_S_T___I_N_F_O _S_T_R_U_C_T_U_R_E | | The absentee_request_info is used to pass info for the creation | of a absentee. | | dcl 1 absentee_request_info aligned based | (absentee_request_info_ptr), | 2 version char (8), | 2 n_arguments fixed bin, | 2 lth_of_arguments fixed bin, | 2 personid char (32), | 2 projectid char (32), | 2 authorization bit (72) aligned, | 2 input_segment_dirname char (168) unaligned, | 2 input_segment_entryname char (32) unaligned, | 2 output_segment_dirname char (168) unaligned, | 2 output_segment_entryname char (32) unaligned, | 2 argument_lengths (absentee_request_info_n_arguments | refer (absentee_request_info.n_arguments)) fixed bin, | 2 argument_string char (absentee_request_info_lth_of_argumen|t refer (absentee_request_info.lth_of_arguments)) aligned;| | _S_T_R_U_C_T_U_R_E _E_L_E_M_E_N_T_S | | version | is the version of the structure. Must be set to | ABSENTEE_REQUEST_INFO_VERSION_1. | | n_arguments | is a count of the number of arguments to be passed. | | lth_of_arguments | is the length of the arguments, all of them. | | personid | is the person idenitifier under which the absentee is to run. | D-49 __________________________ ________________ tu_$enter_absentee_request tu_$entry_exists __________________________ ________________ | projectid | is the project idenitifier under which the absentee is to run. | | authorization | is the authorization level the absentee is supposed to run | under. | | input_segment_dirname | is the pathname of the directory containing the absin file. | | input_segment_entryname | is the name of the absin file. | | output_segment_dirname | is the pathname of the directory containing the absout file. | | output_segment_entryname | is the name of the absout file. | | argument_lengths | is the length of each argument. | | argument_string | is a string containing all of the arguments. | | _N_O_T_E_S | | It's a good idea to pause a few seconds after this function, | before attempting to use the absentee. This will allow the | absentee some time to login and start running. ________________________________________ NAME: TU_$ENTRY_EXISTS This entry is called to check for the presence of a file system entry. If the specified entry exists true ("1"b) is returned, else false ("0"b) is returned. _U_S_A_G_E declare tu_$entry_exists entry (ptr, char(*), char(*)) returns (bit(1) aligned); entry_exists = tu_$entry_exists (sectest_args_ptr, dir_name, entry_name); D-50 ________________ ___________________________ tu_$entry_exists tu_$execute_as_volume_admin ________________ ___________________________ _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure as declared in sectest_args.incl.pl1. (Input) dir_name is the pathname of the containing directory. (Input) entry_name is the entry name of the entry. (Input) ________________________________________ NAME: TU_$EXECUTE_AS_VOLUME_ADMIN This entry point executes the given procedure after assuring the process has executive access to the specified logical volume. Access to the logical volume is restored after completion of the procedure. _U_S_A_G_E declare tu_$execute_as_volume_admin entry (ptr, char(*), entry); call tu_$execute_as_volume_admin (sectest_args_ptr, volume_name, procedure); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure declared in sectest_args.incl.pl1. (Input) volume_name is the name of the logical volume on which executive access is required. (Input) procedure is the entry to be executed while administrative access to the logical volume is available. (Input) D-51 ___________________________ ___________________ tu_$execute_as_volume_admin tu_$expand_pathname ___________________________ ___________________ NAME: TU_$EXPAND_PATHNAME This entry is called to expand a relative pathname (that is, relative to the test directory). It also handles several special directory name constructs (see Notes below). _U_S_A_G_E declare tu_$expand_pathname entry (ptr, char (*), char (*)); call tu_$expand_pathname (sectest_args_ptr, input_path, output_path); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure as declared in sectest_args.incl.pl1. (Input) input_path is the pathname to be expanded. (Input) This is a pathname suitable for use by other tu_ entrypoints. If it does not begin with the "%" character, it is a pathname relative to the test directory (stored in the variable sectest_args.test_dir, where the sectest_args structure is pointed to by the sectest_args_ptr argument). If input_path begins with a "%", the portion of the input_path from the "%" up until the first ">" is replaced with a directory name as detailed in "Notes" below. output_path is the expanded pathname. (Output) This is a full Multics pathname. _N_O_T_E_S The complete list of directory name constructs and their expansions is: %admin_dir or >sc1>admin_acs %admin_acs_dir %mc_dir or %mc_acs_dir >sc1>mc_acs %lv_dir or %lv_acs_dir >lv %rcp_dir or %rcp_acs_dir >sc1>rcp %sc1_dir >sc1 %test_dir the contents of the variable sectest_args.test_dir D-52 ___________________ ______________________________ tu_$free_dm_journal tu_$get_channel_aim_attributes ___________________ ______________________________ NAME: TU_$FREE_DM_JOURNAL | | This entry frees the Data Manager journal entry specified by | index. | | _U_S_A_G_E | | declare tu_$free_dm_journal (ptr, fixed bin (17), fixed bin | (35)); | | call tu_$free_dm_journal (sectest_args_ptr, index, code); | | _A_R_G_U_M_E_N_T_S | | sectest_args_ptr | is a pointer to the sectest_args structure as declared in | sectest_args.incl.pl1. Information about the test case is | extracted from this structure. (Input) | | index | is the index of the journal entry to be deleted. (Input) | | code | is the system status code. (Output) | | ________________________________________ | | | NAME: TU_$GET_CHANNEL_AIM_ATTRIBUTES | | This entrypoint sends a request to the Sectest_Server daemon to | get the accepted AIM ranges and current range for a given | communication channel from the Channel Definition Table (CDT). | | _U_S_A_G_E | | declare tu_$get_channel_aim_attributes (ptr, char (*), (2) bit | (72) aligned, bit (1) aligned, bit (72) aligned); | | call tu_$get_channel_aim_attributes (sectest_args_ptr, | channel_name, access_class_range, access_class_valid_sw, | current_access_class); | | _A_R_G_U_M_E_N_T_S | | sectest_args_ptr | is a pointer to the sectest_args structure as declared in | sectest_args.incl.pl1. Information about the test case is | extracted from this structure. (Input) | D-53 ______________________________ _____________________ tu_$get_channel_aim_attributes tu_$get_mdir_reg_info ______________________________ _____________________ | channel_name | is the channel name. (Input) | | access_class_range | is the range of processes authorized to attach to the channel. | (Output) | | access_class_valid_sw | is "1"b if the channel currently has a single access | classification (because it is attached by a process whose | authorization equals the single access class); is "0"b if the | channel is not attached to a process. (Output) | | current_access_class | is the current access classification of the channel if | access_class_valid_sw is "1"b; otherwise this output argument | is invalid(Output) ________________________________________ NAME: TU_$GET_MDIR_REG_INFO This entry point returns registration info about the given master directory. _U_S_A_G_E declare tu_$get_mdir_reg_info entry (ptr, char(*), char(*), ptr); call tu_$get_mdir_reg_info (sectest_args_ptr, dir_name, entry_name, info_ptr); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure declared in sectest_args.incl.pl1. (Input) dir_name is the path of the master directory's parent directory. (Input) It must be relative to the test_root_directory. entry_name is the name of the master directory for which to return information. (Input) D-54 _____________________ _______________________ tu_$get_mdir_reg_info tu_$get_message_mailbox _____________________ _______________________ info_ptr is a pointer the mdir_registration_info structure. (Input) It is defined in sectest_mdir_info.incl.pl1. The version must be set by the caller before invoking this utility. | ________________________________________ | | | NAME: TU_$GET_MESSAGE_MAILBOX | | This entry checks the specifed mailbox for a message specified by | message_id. Sectest_Server daemon is used to get around problems | with AIM levels and categories. | | _U_S_A_G_E | | declare tu_$get_message_mailbox (ptr, char (*), char (*), bit | (72), bit (1) aligned, bit (72) aligned, bit (72) aligned); | | call tu_$get_message_mailbox (sectest_args_ptr, dir_name, | entry_name, message_id, message_exists, | message_access_class, message_text); | | _A_R_G_U_M_E_N_T_S | | sectest_args_ptr | is a pointer to the sectest_args structure as declared in | sectest_args.incl.pl1. Information about the test case is | extracted from this structure. (Input) | | dir_name | is the pathname of the directory conatining the mailbox. | (Input) | | entry_name | is the name of the mailbox. (Input) | | message_id | is a unique identifier corresponding to a message in the | mailbox. (Input) | | message_exists | specifies whether the message_id was found in the mailbox. | (Ouput) | | message_access_class | is the access authorization of the message sender. (Output) | | message_text | is the message. (Output) | D-55 _______________________ __________________ tu_$get_message_mailbox tu_$get_message_ms _______________________ __________________ | NAME: TU_$GET_MESSAGE_MS | | This entry checks the specifed message segment for a message | specified by message_id. Sectest_Server daemon is used to get | around problems with AIM levels and categories. | | _U_S_A_G_E | | declare tu_$get_message_ms (ptr, char (*), char (*), bit (72), | bit (1) aligned, bit (72) aligned, bit (72) aligned); | | call tu_$get_message_ms (sectest_args_ptr, dir_name, entry_name, | message_id, message_exists, message_access_class, | message_text); | | _A_R_G_U_M_E_N_T_S | | sectest_args_ptr | is a pointer to the sectest_args structure as declared in | sectest_args.incl.pl1. Information about the test case is | extracted from this structure. (Input) | | dir_name | is the pathname of the directory containing the message | segment. (Input) | | entry_name | is the entry name of the message segment. (Input) | | message_id | ia a unique identifier corresponding to a message in the | message segment. (Input) | | message_exists | specifies whether the message_id was found in the message | segment. (Ouput) | | message_access_class | is the access authorization of the message sender. (Output) | | message_text | is the message. (Output) D-56 __________________ ______________________ tu_$get_message_ms tu_$get_properties_acs __________________ ______________________ NAME: TU_$GET_MODES This entry point returns the effective mode and extended mode of an entry. _U_S_A_G_E declare tu_$get_modes entry (ptr, char(*), char(*), bit(36)aligned, bit(36)aligned); call tu_$get_modes (sectest_args_ptr, dir_name, entry_name, mode, extended_mode); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure declared in sectest_args.incl.pl1. (Input) dir_name is the pathname of the parent directory, either relative to the test directory or beginning with one of the keywords %test_dir, %lv_acs_dir, etc. (Input) entry_name is the entryname of the object. (Input) mode is the real (ie. not extended) effective mode. (Output) extended_mode is the effective extended mode. (Output) ________________________________________ NAME: TU_$GET_PROPERTIES_ACS This entry point returns the properties of an ACS segment. _U_S_A_G_E declare tu_$get_properties_acs entry (ptr, char(*), char(*), ptr, ptr, ptr); call tu_$get_properties_acs (sectest_args_ptr, dir_name, entry_name, access_info_ptr, names_info_ptr, properties_info_ptr); D-57 ______________________ ____________________________ tu_$get_properties_acs tu_$get_properties_admin_acs ______________________ ____________________________ sectest_args_ptr is a pointer to the sectest_args structure as declared in sectest_args.incl.pl1. (Input) dir_name is the pathname of the containing directory. It must be relative to the test directory or begin with one of the keywords %test_dir, %lv_acs_dir, etc. See tu_$expand_pathname for a list of allowable keywords. (Input) entry_name is the name of the ACS segment. The acs suffix is assumed. (Input) access_info_ptr is a pointer to the access_info structure declared in sectest_fs_properties.incl.pl1. (Output) names_info_ptr is a pointer to the names_info structure declared in sectest_fs_properties.incl.pl1. (Output) properties_info_ptr is a pointer to the appropriate properties info structure declared in sectest_fs_properties.incl.pl1. (Output) ________________________________________ NAME: TU_$GET_PROPERTIES_ADMIN_ACS This entry point returns the properties of an admin ACS segment. _U_S_A_G_E declare tu_$get_properties_admin_acs entry (ptr, char(*), ptr, ptr, ptr); call tu_$get_properties_admin_acs (sectest_args_ptr, name, access_info_ptr, names_info_ptr, properties_info_ptr); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure as declared in sectest_args.incl.pl1. (Input) name is the name of the ACS segment. The acs suffix is assumed. The parent directory is >sc1>admin_acs. (Input) D-58 ____________________________ ______________________________ tu_$get_properties_admin_acs tu_$get_properties_channel_acs ____________________________ ______________________________ access_info_ptr is a pointer to the access_info structure declared in sectest_fs_properties.incl.pl1. (Output) names_info_ptr is a pointer to the names_info structure declared in sectest_fs_properties.incl.pl1. (Output) properties_info_ptr is a pointer to the appropriate properties info structure declared in sectest_fs_properties.incl.pl1. (Output) ________________________________________ NAME: TU_$GET_PROPERTIES_CHANNEL_ACS This entry point returns the properties of a channel ACS segment. _U_S_A_G_E declare tu_$get_properties_channel_acs entry (ptr, char(*), ptr, ptr, ptr); call tu_$get_properties_channel_acs (sectest_args_ptr, name, access_info_ptr, names_info_ptr, properties_info_ptr); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure as declared in sectest_args.incl.pl1. (Input) name is the name of the ACS segment. The acs suffix is assumed. The parent directory is >sc1>rcp. (Input) access_info_ptr is a pointer to the access_info structure declared in sectest_fs_properties.incl.pl1. (Output) names_info_ptr is a pointer to the names_info structure declared in sectest_fs_properties.incl.pl1. (Output) properties_info_ptr is a pointer to the appropriate properties info structure declared in sectest_fs_properties.incl.pl1. (Output) D-59 ______________________________ ____________________________ tu_$get_properties_channel_acs tu_$get_properties_directory ______________________________ ____________________________ NAME: TU_$GET_PROPERTIES_DIRECTORY This entry point returns the properties of a directory. _U_S_A_G_E declare tu_$get_properties_directory entry (ptr, char(*), char(*), ptr, ptr, ptr); call tu_$get_properties_directory (sectest_args_ptr, dir_name, entry_name, access_info_ptr, names_info_ptr, properties_info_ptr); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure as declared in sectest_args.incl.pl1. (Input) dir_name is the pathname of the containing directory. It must be relative to the test directory or begin with one of the keywords %test_dir, %lv_acs_dir, etc. See tu_$expand_pathname for a list of allowable keywords. (Input) entry_name is the name of the directory. (Input) access_info_ptr is a pointer to the access_info structure declared in sectest_fs_properties.incl.pl1. (Output) names_info_ptr is a pointer to the names_info structure declared in sectest_fs_properties.incl.pl1. (Output) properties_info_ptr is a pointer to the appropriate properties info structure declared in sectest_fs_properties.incl.pl1. (Output) D-60 ____________________________ _____________________ tu_$get_properties_directory tu_$get_properties_lv ____________________________ _____________________ NAME: TU_$GET_PROPERTIES_LV This entry is used to retrieve the properties of a Logical Volume. _U_S_A_G_E declare tu_$get_properties_lv entry (ptr, char(*), ptr, ptr, ptr); call tu_$get_properties_lv (sectest_args_ptr, lv_name, sec_props_ptr, name_props_ptr, non_sec_props_ptr); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure as declared in sectest_args.incl.pl1. (Input) lv_name is the name of the Logical Volume. (Input) sec_props_ptr is a pointer to the lv_security_props structure as declared in sectest_lv_properties.incl.pl1. If null this information will not be retrieved. (Input) name_props_ptr is a pointer to the lv_name_props structure as declared in sectest_lv_properties.incl.pl1. If null this information will not be retrieved. (Input) non_sec_props_ptr is a pointer to the lv_non_sec_props structure as declared in sectest_lv_properties.incl.pl1. If null this information will not be retrieved. (Input) D-61 _____________________ ______________________ tu_$get_properties_lv tu_$get_properties_mbx _____________________ ______________________ NAME: TU_$GET_PROPERTIES_LV_ACS This entry point returns the properties of a logical volume ACS segment. _U_S_A_G_E declare tu_$get_properties_lv_acs entry (ptr, char(*), ptr, ptr, ptr); call tu_$get_properties_lv_acs (sectest_args_ptr, name, access_info_ptr, names_info_ptr, properties_info_ptr); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure declared in sectest_args.incl.pl1. (Input) name is the name of the ACS segment. The acs suffix is assumed. The parent directory is >lv. (Input) access_info_ptr is a pointer to the access_info structure declared in sectest_fs_properties.incl.pl1. (Output) names_info_ptr is a pointer to the names_info structure declared in sectest_fs_properties.incl.pl1. (Output) properties_info_ptr is a pointer to the appropriate properties info structure declared in sectest_fs_properties.incl.pl1. (Output) ________________________________________ NAME: TU_$GET_PROPERTIES_MBX This entry point returns the properties of a mailbox. _U_S_A_G_E declare tu_$get_properties_mbx entry (ptr, char(*), char(*), ptr, ptr, ptr); call tu_$get_properties_mbx (sectest_args_ptr, dir_name, entry_name, access_info_ptr, names_info_ptr, properties_info_ptr); D-62 ______________________ _________________________ tu_$get_properties_mbx tu_$get_properties_mc_acs ______________________ _________________________ _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure declared in sectest_args.incl.pl1. (Input) dir_name is the pathname of the containing directory. It must be relative to the test directory or begin with one of the keywords %test_dir, %lv_acs_dir, etc. See tu_$expand_pathname for a list of allowable keywords. (Input) entry_name is the name of the mailbox. The mbx suffix is assumed. (Input) access_info_ptr is a pointer to the access_info structure declared in sectest_fs_properties.incl.pl1. (Output) names_info_ptr is a pointer to the names_info structure declared in sectest_fs_properties.incl.pl1. (Output) properties_info_ptr is a pointer to the appropriate properties info structure declared in sectest_fs_properties.incl.pl1. (Output) ________________________________________ NAME: TU_$GET_PROPERTIES_MC_ACS This entry point returns the properties of a message coordinator ACS segment. _U_S_A_G_E declare tu_$get_properties_mc_acs entry (ptr, char(*), ptr, ptr, ptr); call tu_$get_properties_mc_acs (sectest_args_ptr, name, access_info_ptr, names_info_ptr, properties_info_ptr); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure declared in sectest_args.incl.pl1. (Input) D-63 _________________________ _____________________ tu_$get_properties_mc_acs tu_$get_properties_ms _________________________ _____________________ name is the name of the ACS segment. The acs suffix is assumed. The parent directory is >sc1>mc_acs. (Input) access_info_ptr is a pointer to the access_info structure declared in sectest_fs_properties.incl.pl1. (Output) names_info_ptr is a pointer to the names_info structure declared in sectest_fs_properties.incl.pl1. (Output) properties_info_ptr is a pointer to the appropriate properties info structure declared in sectest_fs_properties.incl.pl1. (Output) ________________________________________ NAME: TU_$GET_PROPERTIES_MS This entry point returns the properties of a queue message segment. _U_S_A_G_E declare tu_$get_properties_ms entry (ptr, char(*), char(*), ptr, ptr, ptr); call tu_$get_properties_ms (sectest_args_ptr, dir_name, entry_name, access_info_ptr, names_info_ptr, properties_info_ptr); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure declared in sectest_args.incl.pl1. (Input) dir_name is the pathname of the containing directory. It must be relative to the test directory or begin with one of the keywords %test_dir, %lv_acs_dir, etc. See tu_$expand_pathname for a list of allowable keywords. (Input) entry_name is the name of the message segment. The ms suffix is assumed. (Input) D-64 _____________________ ______________________ tu_$get_properties_ms tu_$get_properties_pnt _____________________ ______________________ access_info_ptr is a pointer to the access_info structure declared in sectest_fs_properties.incl.pl1. (Output) names_info_ptr is a pointer to the names_info structure declared in sectest_fs_properties.incl.pl1. (Output) properties_info_ptr is a pointer to the appropriate properties info structure declared in sectest_fs_properties.incl.pl1. (Output) | ________________________________________ | | | NAME: TU_$GET_PROPERTIES_PNT | | This entry returns the attributes of a PNT object. | | _U_S_A_G_E | | declare tu_$get_properties_pnt (ptr, char (*), char (*), ptr, | ptr, ptr); | | call tu_$get_properties_pnt (sectest_args_ptr, dir_name, | entry_name, access_info_ptr, names_info_ptr, | properties_info_ptr); | | _A_R_G_U_M_E_N_T_S | | sectest_args_ptr | is a pointer to the sectest_args structure as declared in | sectest_args.incl.pl1. Information about the test case is | extracted from this structure. (Input) | | dir_name | is the path name of the directory which conatins the PNT. | (Input) | | entry_name | is the name of the PNT, with the ".pnt" suffix added. (Input) | | access_info_ptr | is a pointer to the segment_access_info structure found in | sectest_fs_properties.incl.pl1. (Input) | | names_info_ptr | is a pointer to the structure names_info found in | sectest_fs_properties.incl.pl1. (Input) | D-65 ______________________ ______________________ tu_$get_properties_pnt tu_$get_properties_rcp ______________________ ______________________ | properties_info_ptr | is a pointer to the structure segment_properties_info found in | sectest_fs_properties.incl.pl1. (Input) ________________________________________ NAME: TU_$GET_PROPERTIES_RCP _U_S_A_G_E declare tu_$get_properties_rcp entry (ptr, ptr, ptr, ptr); call tu_$get_properties_rcp (sectest_args_ptr, security_props_ptr, name_props_ptr, nonsecurity_props_ptr); _A_R_G_U_M_E_N_T_S sectest_args_ptr pointer to sectest_args found in sectest_args.incl.pl1. (Input) security_props_ptr pointer to rcp_security_props structure found in sectest_rcp_dcls.incl.pl1. (Input/Output) name_props_ptr pointer to rcp_name_props structure found in sectest_rcp_dcls.incl.pl1. (Input/Output) nonsecurity_props_ptr pointer to rcp_nonsecurity_props structure found in sectest_rcp_dcls.incl.pl1. (Input/Output) _T_A_S_K_S 1. Obtains all possible information about the resource. 2. Fills in the three structures provided with the obtained information and sets the valid bits. _A_S_S_U_M_P_T_I_O_N_S 1. The resource name in rcp_name_props AND the type in rcp_nonsecurity_props MUST be supplied. 2. The version numbers (as defined in sectest_rcp_dcls.incl.pl1) must be supplied in each structure. D-66 ______________________ __________________________ tu_$get_properties_rcp tu_$get_properties_segment ______________________ __________________________ NAME: TU_$GET_PROPERTIES_RCP_ACS This entry point returns the properties of an RCP ACS segment. segment. _U_S_A_G_E declare tu_$get_properties_rcp_acs entry (ptr, char(*), ptr, ptr, ptr); call tu_$get_properties_rcp_acs (sectest_args_ptr, name, access_info_ptr, names_info_ptr, properties_info_ptr); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure as declared in sectest_args.incl.pl1. (Input) name is the name of the ACS segment. The acs suffix is assumed. The parent directory is >sc1>rcp. (Input) access_info_ptr is a pointer to the access_info structure declared in sectest_fs_properties.incl.pl1. (Input) names_info_ptr is a pointer to the names_info structure declared in sectest_fs_properties.incl.pl1. (Output) properties_info_ptr is a pointer to the appropriate properties info structure declared in sectest_fs_properties.incl.pl1. (Output) ________________________________________ NAME: TU_$GET_PROPERTIES_SEGMENT This entry point returns the properties of a segment. _U_S_A_G_E declare tu_$get_properties_segment entry (ptr, char(*), char(*), ptr, ptr, ptr); call tu_$get_properties_segment (sectest_args_ptr, dir_name, entry_name, access_info_ptr, names_info_ptr, properties_info_ptr); D-67 __________________________ __________________________ tu_$get_properties_segment tu_$get_quota_account_info __________________________ __________________________ _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure declared in sectest_args.incl.pl1. (Input) dir_name is the pathname of the containing directory. It must be relative to the test directory or begin with one of the keywords %test_dir, %lv_acs_dir, etc. See tu_$expand_pathname for a list of allowable keywords. (Input) entry_name is the name of the segment. (Input) access_info_ptr is a pointer to the access_info structure declared in sectest_fs_properties.incl.pl1. (Output) names_info_ptr is a pointer to the names_info structure declared in sectest_fs_properties.incl.pl1. (Output) properties_info_ptr is a pointer to the appropriate properties info structure declared in sectest_fs_properties.incl.pl1. (Output) ________________________________________ NAME: TU_$GET_QUOTA_ACCOUNT_INFO This entry point returns info about the given quota account. _U_S_A_G_E declare tu_$get_quota_account_info entry (ptr, char(*), char(*), ptr); call tu_$get_quota_account_info (sectest_args_ptr, vol_name, acct_name, info_ptr); D-68 __________________________ __________________________ tu_$get_quota_account_info tu_$initiate_in_lower_ring __________________________ __________________________ _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure declared in sectest_args.incl.pl1. (Input) vol_name is the name of the volume with which the quota account is associated. (Input) acct_name is the name of the quota account for which information is to be returned. (Input) info_ptr is a pointer the quota_acct_info structure. (Input) It is defined in sectest_quota_acct_info.incl.pl1. The version must be set by the caller before invoking this utility. | ________________________________________ | | | NAME: TU_$INITIATE_IN_LOWER_RING | | This entrypoint transfers to ring 2 and initiates a segment in | the inner ring. A pointer to the segment is returned to the | caller. This this pointer can be used to test an outer ring's | access to an inner ring segment, inability of the outer ring to | terminate inner ring segments, etc. | | _U_S_A_G_E | | declare tu_$initiate_in_lower_ring (ptr, char (*), char (*), | ptr); | | call tu_$initiate_in_lower_ring (sectest_args_ptr, dir_name, | entry_name, seg_ptr); | | _A_R_G_U_M_E_N_T_S | | sectest_args_ptr | is a pointer to the sectest_args structure as declared in | sectest_args.incl.pl1. Information about the test case is | extracted from this structure. (Input) | | dir_name | is the pathname of the containing directory. (Input) | | entry_name | is the entryname of the segment. (Input) | D-69 __________________________ _______________________________ tu_$initiate_in_lower_ring tu_$ioi_attach_in_other_process __________________________ _______________________________ | seg_ptr | is the pointer (with ring number = 2) to the initiated | segment. (Output) ________________________________________ NAME: TU_$IOI_ATTACH_IN_OTHER_PROCESS This entry is called to attach a device in the security test daemon's process so a test program can try to perform IOI operations on the device (these operations should fail since the device is not attached in the test program's process). _U_S_A_G_E declare tu_$ioi_attach_in_other_process entry (ptr, bit (36) aligned, fixed bin); call tu_$ioi_attach_in_other_process (sectest_args_ptr, rcp_id, devx); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure as declared in sectest_args.incl.pl1. (Input) rcp_id is the identifier by which RCP knows this attachment. (Output) This identifer is used to detach the device later. devx is the identifier by which IOI knows this attachment. (Output) This identifier is used in calls to entries in the ioi_ gate. _N_O_T_E_S The device that is attached is given by the variable sectest_config_info$tape_drive. The volume that is mounted on this drive is given by the variable sectest_config_info$tape_volume. D-70 _______________________________ __________________________ tu_$ioi_attach_in_other_process tu_$ioi_map_over_DAC_cases _______________________________ __________________________ NAME: TU_$IOI_DETACH_IN_OTHER_PROCESS This entry is called to detach a previously attached device in the security test daemon's process. _U_S_A_G_E declare tu_$ioi_detach_in_other_process entry (ptr, bit (36) aligned); call tu_$ioi_detach_in_other_process (sectest_args_ptr, rcp_id); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure as declared in sectest_args.incl.pl1. (Input) rcp_id is the identifier by which RCP knows this attachment. (Input) ________________________________________ NAME: TU_$IOI_MAP_OVER_DAC_CASES This entry is called to run a series of DAC test cases for IOI entries. It attaches a device at different validation levels, and in different processes, and calls a run_proc procedure which tests a specific ioi_ entry. _U_S_A_G_E declare tu_$ioi_map_over_DAC_cases entry (ptr, bit (1) aligned, entry); call tu_$ioi_map_over_DAC_cases (sectest_args_ptr, priv_required, run_proc); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure as declared in sectest_args.incl.pl1. (Input) priv_required denotes whether or not a privileged attachment is required for the call to the run_proc to succeed. (Input) D-71 __________________________ ____________________________ tu_$ioi_map_over_DAC_cases tu_$library_retrieve_segment __________________________ ____________________________ run_proc is the entry of a procedure that is called, once for each test case, to execute the gate under test and check the results. (Input) It must support the following entry declaration: run_proc: entry (expected_code, devx); declare expected_code fixed bin (35); declare devx fixed bin; _N_O_T_E_S The parameters supplied to the run_proc are all input parameters. The expected_code argument is the code that the entry under test is supposed to return for the given test case. The devx argument is the IOI device index that is used by the run_proc to identify the device that is being used to test the entry. ________________________________________ NAME: TU_$LIBRARY_RETRIEVE_SEGMENT This entry copies segments from the template library directory. A branch, link or directory that already exists at the target pathname will be unconditionally deleted. The library segment's attributes that are copied are: bit count, current length, max length, records used, ring brackets and entry bound. The ACL is set to RW for *.SysDaemon.* and REW for the user. All other properties are the defaults used by copy_. _U_S_A_G_E dcl tu_$library_retrieve_segment entry (ptr, char(*), char(*), char(*)); call tu_$library_retrieve_segment (sectest_args_ptr, entryname_in_lib, target_dirname, target_entryname); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure as declared in sectest_args.incl.pl1. Information about the test case is extracted from this structure. (Input) D-72 ____________________________ _____________ tu_$library_retrieve_segment tu_$log_audit ____________________________ _____________ entryname_in_lib is the entry name in the template library of the segment to be copied (Input). target_dirname is the name of the directory into which the segment is to be copied (Input). target_entryname is the entry name of the copy (Input). ________________________________________ NAME: TU_$LOG_AUDIT This entry, when called, checks the audit trail produced by a test case. A log message is produced indicating success or failure of the test case. The assumption is made that the test has, functionaly, been successful. The test daemon examines the syserr log for messages within the execution window of the test, as delimited by the test case start and end times in the sectest_args structure. All severity 25, 35 and 45 messages from the test process's process_id, in this time frame, are examined. If a message meeting the specified criteria is found a log message indiciating success of the test is generated, otherwise a log message indicating failure of the test is indicated. _U_S_A_G_E declare tu_$log_audit entry (ptr, bit(36) aligned, bit(1) aligned, char(*)); call tu_$log_audit (sectest_args_ptr, access_operation, granted_flag, obj_name); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure as declared in sectest_args.incl.pl1. Information about the test case is extracted from this structure. (Input) access_operation is the value of an entry in access_operations_. The audit trail for the test case is expected to contain a message for this operation. (Input) D-73 _____________ ______________ tu_$log_audit tu_$log_failed _____________ ______________ granted_flag specifies whether the audit trail should indicate that the operation should have been granted. (Input) obj_name is the name of the object being tested as it should appear in the audit message. In the case of file system objects this will be the pathname. (Input) _N_O_T_E_S THIS UTILITY IS OBSOLETE - use tu_$check_syserr_audit instead. The "case_start_time" and "case_end_time" variables in the sectest_args structure should be set to indicate the time window in which the test executed. Incorrect times may result in failure of this entry to find the appropriate log entries. ________________________________________ NAME: TU_$LOG_FAILED This entry is called to log the unsuccessful completion of a functional security test. _U_S_A_G_E declare tu_$log_failed entry options(variable); call tu_$log_failed (sectest_args_ptr, control_string {,arg1... ,argN}); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure as declared in sectest_args.incl.pl1. Information about the test case is extracted from this structure. (Input) control_string is a format control string acceptable to format_line_ which describes the reason for the failure. (Input) arg1... argN are optional argument values to be used within the format control string. (Input) D-74 ______________ ____________________ tu_$log_failed tu_$log_failed_abort ______________ ____________________ _N_O_T_E_S See also the related entries: tu_$log_failed_binary tu_$log_failed_abort | tu_$log_failed_binary_abort | tu_$log_passed tu_$log_waived | tu_$log_warning ________________________________________ NAME: TU_$LOG_FAILED_ABORT This entry is called to log the unsuccessful completion of a functional security test. After the log message is entered, a caller-supplied switch is set to zero and the utility performs a "non-local goto" to a provided label. _U_S_A_G_E declare tu_$log_failed_abort entry options(variable); call tu_$log_failed_abort (sectest_args_ptr, abort_label, all_passed_sw, control_string {,arg1... ,argN}); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure as declared in sectest_args.incl.pl1. Information about the test case is extracted from this structure. (Input) abort_label is the value of a label to which control will transfer after the log message has been written. (Input) This is typically a label at which the test program aborts further checking of test case results and proceeds to cleanup before the next case. all_passed_sw is a bit (1) aligned switch which is always set to zero by this utility. (Output) The test program typically supplies a switch variable which indicates that all tests have passed (if not set to zero). D-75 ____________________ ____________________ tu_$log_failed_abort tu_$log_failed_abort ____________________ ____________________ control_string is a format control string acceptable to format_line_ which describes the reason for the failure. (Input) arg1... argN are optional argument values to be used within the format control string. (Input) _N_O_T_E_S This utility replaces the following programming cliche found in most test programs: if expected_result ^= actual_result then do; all_tests_passed_flag = "0"b; call tu_$log_failed (args_ptr, "unexpected result"); goto FAIL_RETURN; end; with: if expected_result ^= actual_result then call tu_$log_failed_abort (args_ptr, FAIL_RETURN, all_tests_passed_flag, "unexpected result"); See also the related entries: tu_$log_failed tu_$log_failed_binary tu_$log_failed_binary_abort tu_$log_passed | tu_$log_waived tu_$log_warning D-76 ____________________ ___________________________ tu_$log_failed_abort tu_$log_failed_binary_abort ____________________ ___________________________ NAME: TU_$LOG_FAILED_BINARY_ABORT This entry is called to log the unsuccessful completion of a functional security test including additional binary information. After the log message is entered, a caller-supplied switch is set to zero and the utility performs a "non-local goto" to a provided label. _U_S_A_G_E declare tu_$log_failed_binary_abort entry options(variable); call tu_$log_failed_binary_abort (sectest_args_ptr, data_ptr, data_length, data_class, abort_label, all_passed_sw, control_string {,arg1... ,argN}); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure as declared in sectest_args.incl.pl1. Information about the test case is extracted from this structure. (Input) data_ptr is a pointer to the binary data. (Input) data_length is a "fixed bin (18)" value indicating the length of the binary data in words. (Input) data_class is a "character (16) varying" string indicating the format of the binary data and is used to identify the expand_XXXXXX_msg_ entry which interprets the binary data. (Input) abort_label is the value of a label to which control will transfer after the log message has been written. (Input) This is typically a label at which the test program aborts further checking of test case results and proceeds to cleanup before the next case. all_passed_sw is a bit (1) aligned switch which is always set to zero by this utility. (Output) The test program typically supplies a switch variable which indicates that all tests have passed (if not set to zero). D-77 ___________________________ _____________________ tu_$log_failed_binary_abort tu_$log_failed_binary ___________________________ _____________________ control_string is a format control string acceptable to format_line_ which describes the reason for the failure. (Input) arg1... argN are optional argument values to be used within the format control string. (Input) _N_O_T_E_S See also the related entries: tu_$log_failed tu_$log_failed_abort tu_$log_failed_binary tu_$log_passed | tu_$log_waived tu_$log_warning ________________________________________ NAME: TU_$LOG_FAILED_BINARY This entry is called to log the unsuccessful completion of a functional security test including additional binary information. _U_S_A_G_E declare tu_$log_failed_binary entry options(variable); call tu_$log_failed_binary (sectest_args_ptr, data_ptr, data_length, data_class, control_string {,arg1... ,argN}); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure as declared in sectest_args.incl.pl1. Information about the test case is extracted from this structure. (Input) data_ptr is a pointer to the binary data. (Input) data_length is a "fixed bin (18)" value indicating the length of the binary data in words. (Input) D-78 _____________________ ______________ tu_$log_failed_binary tu_$log_passed _____________________ ______________ data_class is a "character (16) varying" string indicating the format of the binary data and is used to identify the expand_XXXXXX_msg_ entry which interprets the binary data. (Input) control_string is a format control string acceptable to format_line_ which describes the reason for the failure. (Input) arg1... argN are optional argument values to be used within the format control string. (Input) _N_O_T_E_S See also the related entries: tu_$log_failed tu_$log_failed_abort | tu_$log_failed_binary_abort | tu_$log_passed tu_$log_waived | tu_$log_warning ________________________________________ NAME: TU_$LOG_PASSED This entry is called to log the successful completion of a functional security test in cases where no audit trail is required. _U_S_A_G_E declare tu_$log_passed entry (ptr); call tu_$log_passed (sectest_args_ptr); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure as declared in sectest_args.incl.pl1. Information about the test case is extracted from this structure. (Input) _N_O_T_E_S See also the related entries: D-79 ______________ _______________ tu_$log_passed tu_$log_skipped ______________ _______________ tu_$log_failed | tu_$log_failed_binary | tu_$log_failed_abort | tu_$log_failed_binary_abort | tu_$log_skipped | tu_$log_waived tu_$log_warning ________________________________________ NAME: TU_$LOG_SKIPPED This entry is called to log the fact that a test case prescribed by table if test cases has been intentionally skipped. This is typically due to inappropriateness of the case in question (e.g. when testing an entry that requires a segment pointer, it is not possible to perform cases where the object does not exist). The individual test programs clearly document the reasons for skipping a test case. _U_S_A_G_E declare tu_$log_skipped entry (ptr); call tu_$log_skipped (sectest_args_ptr); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure as declared in sectest_args.incl.pl1. Information about the test case is extracted from this structure. (Input) _N_O_T_E_S See also the related entries: tu_$log_failed tu_$log_failed_binary tu_$log_failed_abort tu_$log_failed_binary_abort tu_$log_passed | tu_$log_waived tu_$log_warning D-80 _______________ _______________ tu_$log_skipped tu_$log_warning _______________ _______________ NAME: TU_$LOG_WAIVED | | This entry is called to log the fact that a test case has had a | failure that has been waived. | | _U_S_A_G_E | | declare tu_$log_waived entry (ptr); | | call tu_$log_waived (sectest_args_ptr); | | _A_R_G_U_M_E_N_T_S | | sectest_args_ptr | is a pointer to the sectest_args structure as declared in | sectest_args.incl.pl1. Information about the test case is | extracted from this structure. (Input) | | _N_O_T_E_S | | The calling of this entry point should be keyed to the value of | waived within the sectest_args structure. Only if the value of | waived is set ("1"b), should this entry point be called. | Otherwise a standard failure notice and code actions should be | performed. | | See also the related entries: | | tu_$log_failed | tu_$log_failed_binary | tu_$log_failed_abort | tu_$log_failed_binary_abort | tu_$log_passed | tu_$log_skipped | tu_$log_warning | ________________________________________ NAME: TU_$LOG_WARNING This entry is called to log a warning related to a particular test case. This is useful to note cases where the test environment makes it impossible to complete all parts of a test or where the results may be subject to incorrect interpretation. _U_S_A_G_E declare tu_$log_warning entry options(variable); D-81 _______________ _______________ tu_$log_warning tu_$lv_acs_path _______________ _______________ call tu_$log_warning (sectest_args_ptr, control_string {,arg1... ,argN}); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure as declared in sectest_args.incl.pl1. Information about the test case is extracted from this structure. (Input) control_string is a format control string acceptable to format_line_ which describes the warning. (Input) arg1... argN are optional argument values to be used within the format control string. (Input) _N_O_T_E_S See also the related entries: tu_$log_failed tu_$log_failed_binary tu_$log_failed_abort tu_$log_failed_binary_abort tu_$log_passed | tu_$log_skipped | tu_$log_waived | | ________________________________________ | | | NAME: TU_$LV_ACS_PATH | | This entry returns the absolute pathname of the ACS segment for a | specified logical volume. | | _U_S_A_G_E | | declare tu_$lv_acs_path (ptr, char (*)) returns (char(168)); | | declare pathname char (168); | | pathname = tu_$lv_acs_path (sectest_args_ptr, name); D-82 _______________ ___________________________ tu_$lv_acs_path tu_$lv_quota_account_exists _______________ ___________________________ _A_R_G_U_M_E_N_T_S | | sectest_args_ptr | is a pointer to the sectest_args structure as declared in | sectest_args.incl.pl1. Information about the test case is | extracted from this structure. (Input) | | name | is the name of a logical volume or its corresponding ACS | segment. The ".acs" suffix is appended if not present. | (Input) | | pathname | Is the absolute pathname of the ACS segment. (Output) | | _U_S_A_G_E | | | _A_R_G_U_M_E_N_T_S | | ________________________________________ NAME: TU_$LV_QUOTA_ACCOUNT_EXISTS This entrypoint returns a bit indicating whether the specified quota account exists. _U_S_A_G_E declare tu_$lv_quota_account_exists entry (ptr, char(*), char(*)) returns (bit (1) aligned); acct_exists = tu_$lv_quota_account_exists (sectest_args_ptr, volume_name, account_name); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure declared in sectest_args.incl.pl1. (Input) volume_name is the name of the logical volume in which to search for the quota account. (Input) account_name is the name of the quota account in question. (Input) It is a user_id where either the project or person components may be "*". D-83 ___________________________ ______________________ tu_$lv_quota_account_exists tu_$map_over_DAC_cases ___________________________ ______________________ NAME: TU_$MAP_OVER_DAC_CASES The tu_$map_over_DAC_cases entry is called to run a series of DAC test cases. ACL and ring values for the cases are extracted from the sectest_config_info data structure. _U_S_A_G_E declare tu_$map_over_DAC_cases entry (ptr, fixed bin, bit (1) aligned, fixed bin, entry, entry, entry); call tu_$map_over_DAC_cases (sectest_args_ptr, object_desc, limit_cases, grant_case_desc, setup_proc, run_proc, cleanup_proc); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure as declared in sectest_args.incl.pl1. (Input) object_desc is an encoded description of what types of objects are to be dealt with. (Input) It may be one of the constants: OBJECT_IS_SEGMENT OBJECT_IS_DIRECTORY OBJECT_IS_RCP_RESOURCE These constants are defined in sectest_DAC_descs.incl.pl1. Note that for cases where the gate entry under test creates a file system object (standard or extended) the object type is OBJECT_IS_DIRECTORY since the create is actually an operation on the parent directory. limit_cases is a switch indicating that a subset of the cases is to be selected. In the case of segment and directory objects, the cases for the parent access are limited. (Input) In the case of RCP resource objects, the cases where the test process is the owner are not used. grant_case_desc is an encoded description of what types of cases are to be granted by the system (Input). It may be one of the constants: D-84 ______________________ ______________________ tu_$map_over_DAC_cases tu_$map_over_DAC_cases ______________________ ______________________ R_ON_OBJECT W_ON_OBJECT E_ON_OBJECT RW_ON_OBJECT RE_ON_OBJECT REW_ON_OBJECT S_ON_OBJECT SM_ON_OBJECT A_ON_OBJECT S_ON_PARENT SM_ON_PARENT NON_NULL_ON_OBJECT NON_NULL_ON_PARENT W_ON_OBJECT_OR_SM_ON_PARENT SM_ON_PARENT_AND_W_BRACKET NON_NULL_ON_OBJECT_OR_S_ON_PARENT NON_NULL_ON_OBJECT_OR_SM_ON_PARENT NON_NULL_ON_OBJECT_OR_NON_NULL_ON_PARENT REW_ON_OBJECT_AND_RESOURCE_OWNER These constants are declared in sectest_DAC_descs.incl.pl1. setup_proc is the entry of a procedure that will be called to setup the test environment before running each case (Input). It must support the following entry declaration for segment and directory objects: setup_proc: proc(sectest_args_ptr, setup_flags, object_acl, object_rings, parent_acl, parent_rings, case_desc_str, punt_flag); declare sectest_args_ptr ptr; declare setup_flags bit (36) aligned; declare object_acl bit (36) aligned; declare object_rings (3) fixed bin (3); declare parent_acl bit (36) aligned; declare parent_rings (2) fixed bin (3); declare case_desc_str char (*); declare punt_flag bit (1) aligned; and for RCP resource objects: setup_proc: proc(sectest_args_ptr, setup_flags, object_acl, object_rings, resource_owner case_desc_str, punt_flag); declare sectest_args_ptr ptr; declare setup_flags bit (36) aligned; declare object_acl bit (36) aligned; D-85 ______________________ ______________________ tu_$map_over_DAC_cases tu_$map_over_DAC_cases ______________________ ______________________ declare object_rings (3) fixed bin (3); declare resource_owner char (*); declare case_desc_str char (*); declare punt_flag bit (1) aligned; run_proc is the entry of a procedure that is called, once for each test case, to execute the gate under test and check the results. (Input) It must support the following entry declaration: run_proc: proc(sectest_args_ptr, run_flags); declare sectest_args_ptr ptr; declare run_flags bit(36) aligned; cleanup_proc is the entry of a procedure which will perform environment cleanup after each test case. (Input) It must support the following entry declaration: cleanup_proc: proc(sectest_args_ptr); declare sectest_args_ptr ptr; _N_O_T_E_S The parameters supplied to the "setup_proc", "run_proc", and "cleanup_proc" are all input parameters except where indicated. The "sectest_args_ptr" parameter to the "setup_proc", "run_proc", and "cleanup_proc" is a pointer to the sectest_args structure defined in sectest_args.incl.pl1. The "setup_flags" parameter to the "setup_proc" contains various switches to control setup. They are defined by the structure "dac_setup_flags" in sectest_DAC_descs.incl.pl1. The most interesting is the "create_object" switch which allows the execution of test cases where the target object is or is not to exist. The "object_acl" parameter to the "setup_proc" specifies the raw access for the test process on the object used in the test. The "object_rings" parameter to the "setup_proc" specifies the ring brackets of the object used in the test. For directory objects the third value should be ignored. The "parent_acl" parameter to the "setup_proc" specifies the raw access for the test process on the object's parent. For RCP objects this parameter should be ignored. D-86 ______________________ ______________________ tu_$map_over_DAC_cases tu_$map_over_MAC_cases ______________________ ______________________ The "parent_rings" parameter to the "setup_proc" specifies the ring brackets on the object's parent. For RCP objects this parameter should be ignored. The "resource_owner" parameter to the "setup_proc" specifies the owner of the RCP object under test. The "case_desc_str" parameter to the "setup_proc" is a description of the test case. The "punt_flag" parameter to the "setup_proc" (Output) may be set to "1"b by the setup procedure to indicate that the test case should be skipped. This is useful in cases where setting up the environment is impossible The "run_flags" parameter to the "run_proc" is a set of switches which describes the particular test case. For instance, the first bit, "expect_grant", is used to indicate that the test case should succeed (be "granted") by the system. This flag is determined by the utility from the value of the "grant_case_desc" parameter provided by the caller of this routine. The flags are defined in the structure "dac_run_flags" in sectest_DAC_descs.incl.pl1. ________________________________________ NAME: TU_$MAP_OVER_MAC_CASES The tu_$map_over_MAC_cases entry is called to run a series of MAC test cases. AIM values for the cases are extracted from the sectest_config_info data structure. _U_S_A_G_E declare tu_$map_over_MAC_cases entry (ptr, fixed bin, entry, entry, entry); call tu_$map_over_MAC_cases (sectest_args_ptr, grant_case_desc, setup_proc, run_proc, cleanup_proc); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure as declared in sectest_args.incl.pl1. (Input) D-87 ______________________ ______________________ tu_$map_over_MAC_cases tu_$map_over_MAC_cases ______________________ ______________________ grant_case_desc is an encoded description of what types of cases are to be granted by the system. It may be one of the following constants: PROCESS_EQUALS_OBJECTS_CLASS PROCESS_DOMINATES_OBJECTS_CLASS PROCESS_DOMINATED_BY_OBJECTS_CLASS These constants are declared in sectest_MAC_descs.incl.pl1. (Input) setup_proc is the entry of a procedure that will be called to setup the test environment before running each case. (Input) It must support the following entry declaration: setup_proc: entry(sectest_args_ptr, access_class, case_desc_str, punt_flag); declare sectest_args_ptr ptr; declare access_class bit(72) aligned; declare case_desc_str char (*); declare punt_flag bit (1) aligned; run_proc is the entry of a procedure that is called, once for each test case, to execute the gate under test and check the results. (Input) It must support the following entry declaration: run_proc: entry(sectest_args_ptr, run_flags); declare sectest_args_ptr ptr; declare run_flags bit(36) aligned; cleanup_proc is the entry of a procedure which will perform environment cleanup after each test case. (Input) It must support the following entry declaration: cleanup_proc: entry(sectest_args_ptr); declare sectest_args_ptr ptr; _N_O_T_E_S The parameters supplied to the "setup_proc", "run_proc", and "cleanup_proc" are all input parameters except where indicated. The "sectest_args_ptr" parameter to the "setup_proc", "run_proc", and "cleanup_proc" is a pointer to the sectest_args structure defined in sectest_args.incl.pl1. D-88 ______________________ ____________________________ tu_$map_over_MAC_cases tu_$map_over_MAC_range_cases ______________________ ____________________________ The "access_class" parameter to "setup_proc" indicates the access class of the objects to be manipulated by the test. The "case_desc_str" parameter to the "setup_proc" is a description of the test case. The "punt_flag" parameter to the "setup_proc" (Output) may be set to "1"b by the setup procedure to indicate that the test case should be skipped. This is useful in cases where setting up the environment is impossible (e.g. the test can't possibly get a pointer to an upgraded segment in order to test hcs_$truncate_seg). The "run_flags" parameter to the "run_proc" is used to describe the relationship between the process authorization and the access class of the objects being mainipulated. The first bit, "expect_grant", is used to indicate that the test case should succeed (be "granted") by the system. These flags are determined by the utility from the value of the "grant_case_desc" parameter provided by the caller of this routine. A definition of the flags can be found in sectest_MAC_descs.incl.pl1. This entry is used with single-class AIM objects only. For tests dealing with multi-class objects see the entry "tu_$map_over_MAC_range_cases". ________________________________________ NAME: TU_$MAP_OVER_MAC_RANGE_CASES The tu_$map_over_MAC_range_cases entry is called to run a series of MAC test cases. AIM range values for the cases are extracted from the sectest_config_info data structure. _U_S_A_G_E declare tu_$map_over_MAC_range_cases entry (ptr, fixed bin, entry, entry, entry); call tu_$map_over_MAC_range_cases (sectest_args_ptr, grant_case_desc, setup_proc, run_proc, cleanup_proc); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure as declared in sectest_args.incl.pl1. (Input) D-89 ____________________________ ____________________________ tu_$map_over_MAC_range_cases tu_$map_over_MAC_range_cases ____________________________ ____________________________ grant_case_desc is an encoded description of what types of cases are to be granted by the system. It may be one of the following constants: PROCESS_EQUALS_OBJECTS_LOWER_CLASS PROCESS_WITHIN_OBJECTS_RANGE PROCESS_DOMINATES_OBJECTS_RANGE These constants are declared in sectest_MAC_descs.incl.pl1. (Input) setup_proc is the entry of a procedure that will be called to setup the test environment before running each case. (Input) It must support the following entry declaration: setup_proc: entry(sectest_args_ptr, access_class_range, case_desc_str, punt_flag); declare sectest_args_ptr ptr; declare access_class_range (2) bit(72) aligned; declare case_desc_str char (*); declare punt_flag bit (1) aligned; run_proc is the entry of a procedure that is called, once for each test case, to execute the gate under test and check the results. (Input) It must support the following entry declaration: run_proc: entry(sectest_args_ptr, run_flags); declare sectest_args_ptr ptr; declare run_flags bit(36) aligned; cleanup_proc is the entry of a procedure which will perform environment cleanup after each test case. (Input) It must support the following entry declaration: cleanup_proc entry(sectest_args_ptr); declare sectest_args_ptr ptr; _N_O_T_E_S The parameters supplied to the "setup_proc", "run_proc", and "cleanup_proc" are all input parameters except where indicated. The "sectest_args_ptr" parameter to the "setup_proc", "run_proc", and "cleanup_proc" is a pointer to the sectest_args structure defined in sectest_args.incl.pl1. D-90 ____________________________ __________________ tu_$map_over_MAC_range_cases tu_$publish_ev_chn ____________________________ __________________ The "access_class_range" parameter to "setup_proc" indicates the access class range of the objects to be manipulated by the test. The "case_desc_str" parameter to the "setup_proc" is a description of the test case. The "punt_flag" parameter to the "setup_proc" (Output) may be set to "1"b by the setup procedure to indicate that the test case should be skipped. This is useful in cases where setting up the environment is impossible. The "run_flags" parameter to the "run_proc" is used to describe the relationship between the process authorization and the access class range of the objects being mainipulated. The first bit, "expect_grant", is used to indicate that the test case should succeed (be "granted") by the system. These flags are determined by the utility from the value of the "grant_case_desc" parameter provided by the caller of this routine. A definition of the flags can be found in sectest_MAC_descs.incl.pl1. This entry is used with multiple-class AIM objects only. For tests dealing with single-class objects see the entry "tu_$map_over_MAC_cases". | ________________________________________ | | | NAME: TU_$PUBLISH_EV_CHN | | This entry is used to publish an event channel so that another | process (running running at a different AIM authorization) can | access it. This is done through the Sectest_Server Daemon. | | _U_S_A_G_E | | declare tu_$publish_ev_chn (ptr, bit (36) aligned, fixed bin | (71), char (*), char (*)); | | call tu_$publish_ev_chn (sectest_args_ptr, process_id, | event_channel_id, dir_name, entry_name); | | _A_R_G_U_M_E_N_T_S | | sectest_args_ptr | is a pointer to the sectest_args structure as declared in | sectest_args.incl.pl1. Information about the test case is | extracted from this structure. (Input) | | process_id | is the process identifier of the receiving process. (Input) | D-91 __________________ __________________ tu_$publish_ev_chn tu_$publish_ev_chn __________________ __________________ | event_channel_id | is the identification of the event channel the receiving | process is waiting on. (Input) | | dir_name | is the pathname of the directory containing the ipc_data | segment. (Input) | | entry_name | is the name of the ipc_data segment. (Input) | | _T_H_E _I_P_C___D_A_T_A _S_T_R_U_C_T_U_R_E | | The ipc_data segment is a structure that is used to pass | information between processes. This structure is declared in | ipc_data.incl.pl1. | | dcl 1 ipc_data aligned based (ipc_data_ptr), | 2 version char (8), | 2 event_channel_id fixed bin (71), | 2 process_id bit (36) aligned, | 2 received_wakeup bit (1) aligned, | 2 sender_process_id bit (36) aligned, | 2 sender_ring fixed bin (17), | 2 sender_message fixed bin (71); | | _S_T_R_U_C_T_U_R_E _E_L_E_M_E_N_T_S | | version | is the version of the structure. Must be set to | IPC_DATA_VERSION_1. | | event_channel_id | is the identification of the event channel. | | process_id | is the process identifier of the receiving process. | | received_wakeup | is a flag as to whether or not the receiving process got the | wakeup. | | sender_process_id | is the process identifier of the sending process. | | sender_ring | is the sender's validation level. D-92 __________________ _______________ tu_$publish_ev_chn tu_$rcp_acquire __________________ _______________ | sender_message | is the event message as specified to the hcs_$wakeup entry | point. | ________________________________________ NAME: TU_$RCP_ACQUIRE _U_S_A_G_E declare tu_rcp_$acquire entry (ptr, ptr, ptr, ptr); call tu_rcp_$acquire (sectest_args_ptr, security_props_ptr, name_props_ptr, nonsecurity_props_ptr); _A_R_G_U_M_E_N_T_S sectest_args_ptr pointer to the sectest_args structure. (Input) Cannot be null. rcp_security_props_ptr pointer to the rcp_security_props structure declared in sectest_rcp_dcls.incl.pl1. (Input) Cannot be null. rcp_name_props_ptr pointer to the rcp_name_props structure declared in sectest_rcp_dcls.incl.pl1. (Input) Cannot be null. rcp_nonsecurity_props_ptr pointer to the rcp_nonsecurity_props structure declared in sectest_rcp_dcls.incl.pl1. (Input) Cannot be null. _T_A_S_K_S 1. Selects a resource of a given type from a free pool. 2. If the access_class is NOT specified in the rcp_security_props structure, the access class defaults to the current authorization level. 3. If the charge_type is NOT specified in rcp_nonsecurity_props, the default is to set the charge_type to type. D-93 _______________ ________________ tu_$rcp_acquire tu_$rcp_acs_path _______________ ________________ _A_S_S_U_M_P_T_I_O_N_S 1. The resource name in rcp_name_props, the type in rcp_nonsecurity_props AND the owner in rcp_security_props MUST be supplied. 2. The version numbers (as defined in sectest_rcp_dcls.incl.pl1) must be supplied in each structure. | | ________________________________________ | | | NAME: TU_$RCP_ACS_PATH | | This entry returns the absolute pathname of the ACS segment for a | specified RCP-managed device. | | _U_S_A_G_E | | declare tu_$rcp_acs_path (ptr, char (*)) returns (char(168)); | | declare pathname char (168); | | pathname = tu_$rcp_acs_path (sectest_args_ptr, name); | | _A_R_G_U_M_E_N_T_S | | sectest_args_ptr | is a pointer to the sectest_args structure as declared in | sectest_args.incl.pl1. Information about the test case is | extracted from this structure. (Input) | | name | is the name of a device or the corresponding ACS segment. The | ".acs" suffix is appended if not present. (Input) | | pathname | Is the absolute pathname of the ACS segment. (Output) D-94 ________________ _____________________________ tu_$rcp_acs_path tu_$rcp_add_all_other_devices ________________ _____________________________ NAME: TU_$RCP_ADD_ALL_OTHER_DEVICES This entry adds back all other devices of the specified type | except the one named; it must already be on the system or an error will occur. _U_S_A_G_E declare tu_$rcp_add_all_other_devices entry (ptr, char (*), char | (*), ptr); | call tu_$rcp_add_all_other_devices (sectest_arg_ptr, device_type, | device_name, deleted_devices_info_ptr); | _A_R_G_U_M_E_N_T_S sectest_args_ptr | is a pointer to the sectest_args structure as declared in | sectest_args.incl.pl1. Information about the test case is | extracted from this structure. (Input) | | device_type | must be one of the device types identified in rcp_device_types.incl.pl1. | device_name | contains a site-specific name for a device of the given type. | deleted_devices_info_ptr | pointer to the rcp_deleted_devices_info structure found in | sectest_rcp_dl_dvs_info.incl.pl1. | _T_A_S_K_S 1. Calls list_resource to get the names of all the devices of the type specified available at the site. 2. Adds all the devices of that type with the exception of the one with the given device_name, which must already be available for use. D-95 _____________________________ ______________ tu_$rcp_add_all_other_devices tu_$rcp_assign _____________________________ ______________ NAME: TU_$RCP_ASSIGN The tu_$rcp_assign entry assigns a resource to the calling process. _U_S_A_G_E declare tu_$rcp_assign entry (ptr, ptr, ptr, ptr); call tu_$rcp_assign (sectest_args_ptr, security_props_ptr, name_props_ptr, nonsecurity_props_ptr); _A_R_G_U_M_E_N_T_S sectest_args_ptr pointer to sectest_args found in sectest_args.incl.pl1. (Input) Cannot be null. security_props_ptr pointer to rcp_security_props structure found in sectest_rcp_dcls.incl.pl1. (Input) Can be null. name_props_ptr pointer to rcp_name_props structure found in sectest_rcp_dcls.incl.pl1. (Input) Can be null. nonsecurity_props_ptr pointer to rcp_nonsecurity_props structure found in sectest_rcp_dcls.incl.pl1. (Input) Cannot be null. _T_A_S_K_S 1. Copies fields from the three input structures into the device info structure defined in rcp_device_info_structs.incl.pl1. Copies only those fields for which there is a valid bit turned on. _A_S_S_U_M_P_T_I_O_N_S 1. The type in rcp_nonsecurity_props MUST be supplied. To assign a resource by name, the resource name in rcp_name_props MUST be provided. Otherwise, the assignment is done by properties. For properties, the model OR speed OR tracks OR density in rcp_nonsecurity_props MUST be specified. 2. Currently, tape_drive is the only device type supported. D-96 ______________ __________________ tu_$rcp_assign tu_$rcp_demount_lv ______________ __________________ NAME: TU_$RCP_CANCEL_ID | | This entry calls rcp_sys_$cancel_id to cancel an RCP resource. | It takes the resource's reservation_id from the rcp_nonsec_props | structure (see below). | | _U_S_A_G_E | | declare tu_$rcp_cancel_id (ptr, ptr, ptr, ptr); | | call tu_$rcp_cancel_id (sectest_args_ptr, rcp_sec_props_ptr, | rcp_name_props_ptr, rcp_nonsec_props_ptr); | | _A_R_G_U_M_E_N_T_S | | sectest_args_ptr | is a pointer to the sectest_args structure as declared in | sectest_args.incl.pl1. Information about the test case is | extracted from this structure. (Input) | | rcp_sec_props_ptr | is declared in sectest_rcp_dcls.incl.pl1. | | rcp_name_props_ptr | is declared in sectest_rcp_dcls.incl.pl1. | | rcp_nonsec_props_ptr | is declared in sectest_rcp_dcls.incl.pl1. | ________________________________________ NAME: TU_$RCP_DEMOUNT_LV The tu_$rcp_demount_lv entry is used to demount a Logical Volume or to cancel a pending mount. _U_S_A_G_E declare tu_$rcp_demount_lv entry (ptr, char(*)); call tu_$rcp_demount_lv (sectest_args_ptr, lv_name); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure as declared in sectest_args.incl.pl1. (Input) D-97 __________________ __________________ tu_$rcp_demount_lv tu_$rcp_deregister __________________ __________________ lv_name is the name of the Logical Volume to be demounted. (Input) _N_O_T_E_S Only volumes registered for use by a security functional test should be demounted. ________________________________________ NAME: TU_$RCP_DEREGISTER The tu_$rcp_deregister entry deregisters the specified volumes. _U_S_A_G_E declare tu_$rcp_deregister entry (ptr, ptr, ptr, ptr); call tu_$rcp_deregister (sectest_args_ptr, rcp_security_props_ptr, rcp_name_props_ptr, rcp_nonsecurity_props_ptr); _A_R_G_U_M_E_N_T_S sectest_args_ptr - ptr to the sectest_args structure. rcp_security_props_ptr - ptr to the rcp_security_props structure declared in sectest_rcp_dcls.incl.pl1. rcp_name_props_ptr - ptr to the rcp_name_props structure declared in sectest_rcp_dcls.incl.pl1. rcp_nonsecurity_props_ptr - ptr to the rcp_nonsecurity_props structure declared in sectest_rcp_dcls.incl.pl1. _T_A_S_K_S 1. Calls tu_$rcp_fill_resource_desc to fill a resource_descriptions structure as defined in resource_control_desc.incl.pl1. Be sure to unspec the resource_descriptions structure first. 2. Call rcprm_find_resource_$deregister passing it the appropriate args. The registery dir is >sc1>rcp. D-98 __________________ ________________________________ tu_$rcp_deregister tu_$rcp_delete_all_other_devices __________________ ________________________________ _A_S_S_U_M_P_T_I_O_N_S 1. Must have E access to rcp_admin_ gate to perform a deregister. 2. The resource_descriptions structure MUST contain at least the resource type and resource name. ________________________________________ NAME: TU_$RCP_DELETE_ALL_OTHER_DEVICES This entry deletes all devices of the specified type except the | one with the given name. _U_S_A_G_E declare tu_$rcp_delete_all_other_devices entry (ptr, char (*), | char (*), ptr); | call tu_$rcp_delete_all_other_devices (sectest_args_ptr, | device_type, device_name, deleted_devices_info_ptr); | _A_R_G_U_M_E_N_T_S sectest_args_ptr | is a pointer to the sectest_args structure as declared in | sectest_args.incl.pl1. Information about the test case is | extracted from this structure. (Input) | | device_type | must be one of the device types identified in rcp_device_types.incl.pl1. | device_name | contains a site-specific name for a device of the given type. | deleted_devices_info_ptr | pointer to the rcp_deleted_devices_info structure found in | sectest_rcp_dl_dvs_info.incl.pl1. | _T_A_S_K_S 1. Copies the rcp data to get all information on all devices available at the site. D-99 ________________________________ ________________________ tu_$rcp_delete_all_other_devices tu_$rcp_fill_device_info ________________________________ ________________________ 2. Deletes all the devices of specified type with the exception of the one with the given device_name. _A_S_S_U_M_P_T_I_O_N_S 1. This is required since the operation being done is selecting by attributes. It is essential to the test that prior knowledge of the device to be selected is known so that ACLs can be manipulated. Deleting all other devices will insure that the desired device is selected. ________________________________________ NAME: TU_$RCP_FILL_DEVICE_INFO _U_S_A_G_E declare tu_$rcp_fill_device_info entry (ptr, ptr, ptr, ptr, ptr); call tu_$rcp_fill_device_info (sectest_args_ptr, security_props_ptr, name_props_ptr, nonsecurity_props_ptr, device_info_ptr); _A_R_G_U_M_E_N_T_S sectest_args_ptr pointer to the sectest_args structure declared in the include file sectest_args.incl.pl1. (Input) security_props_ptr pointer to the rcp_security_props structure declared in sectest_rcp_dcls.incl.pl1. (Input) This pointer can be null. name_props_ptr pointer to the rcp_name_props structure declared in sectest_rcp_dcls.incl.pl1. (Input) Either this pointer or nonsecurity_props_ptr must be non-null. nonsecurity_props_ptr pointer to the rcp_nonsecurity_props structure declared in sectest_rcp_dcls.incl.pl1. (Input) Either this pointer or name_props_ptr must be non-null. device_info_ptr pointer to the device_info structure declared in D-100 ________________________ _____________________________ tu_$rcp_fill_device_info tu_$rcp_fill_reservation_desc ________________________ _____________________________ rcp_device_info_structs.incl.pl1. (Input/Output) There is a different structure depending on the type of device. If this pointer is null, the structure is allocated in the system_free_area. _T_A_S_K_S 1. Examine rcp_nonsecurity_props.type to determine which structure in rcp_device_info_structs.incl.pl1 to use. 2. Allocate and zero the appropriate structure if the input pointer is NULL. 3. Copy fields, for which the corresponding valid bit is on, from the three input structures into the output structure. 4. Turn on device_info.common.system_flag. _A_S_S_U_M_P_T_I_O_N_S 1. Either rcp_name_props.resource_name OR rcp_nonsecurity_props.(model | speed | tracks | density) must be specified. ________________________________________ NAME: TU_$RCP_FILL_RESERVATION_DESC _U_S_A_G_E declare tu_$rcp_fill_reservation_desc entry (ptr, ptr, ptr, ptr, ptr); call tu_$rcp_fill_reservation_desc (sectest_args_ptr, security_props_ptr, name_props_ptr, nonsecurity_props_ptr, reservation_desc_ptr); _A_R_G_U_M_E_N_T_S sectest_args_ptr pointer to the sectest_args structure declared in the include file sectest_args.incl.pl1. (Input) security_props_ptr pointer to the rcp_security_props structure declared in sectest_rcp_dcls.incl.pl1. (Input) This pointer can be null. D-101 _____________________________ __________________________ tu_$rcp_fill_reservation_desc tu_$rcp_fill_resource_desc _____________________________ __________________________ name_props_ptr pointer to the rcp_name_props structure declared in sectest_rcp_dcls.incl.pl1. (Input) Either this pointer or rcp_nonsecurity_props_ptr must be non-null. nonsecurity_props_ptr pointer to the rcp_nonsecurity_props structure declared in sectest_rcp_dcls.incl.pl1. (Input) Either this pointer or rcp_name_props_ptr must be non-null. reservation_desc_ptr pointer to the reservation_description structure declared in resource_control_desc.incl.pl1. (Input/Output) If this pointer is null, the structure is allocated in the system_free_area. _T_A_S_K_S 1. Allocate and zero the structure if the input pointer is NULL. 2. Copy fields, for which the corresponding valid bit is on, from the three input structures into the output structure. _A_S_S_U_M_P_T_I_O_N_S 1. A resource_desc structure must have been previously allocated and filled by calling tu_$rcp_fill_resource_desc. ________________________________________ NAME: TU_$RCP_FILL_RESOURCE_DESC _U_S_A_G_E declare tu_$rcp_fill_resource_desc entry (ptr, ptr, ptr, ptr, ptr); call tu_$rcp_fill_resource_desc (sectest_args_ptr, security_props_ptr, name_props_ptr, nonsecurity_props_ptr, resource_desc_ptr); D-102 __________________________ __________________________ tu_$rcp_fill_resource_desc tu_$rcp_fill_resource_desc __________________________ __________________________ _A_R_G_U_M_E_N_T_S sectest_args_ptr pointer to the sectest_args structure declared in the include file sectest_args.incl.pl1. (Input) security_props_ptr pointer to the rcp_security_props structure declared in sectest_rcp_dcls.incl.pl1. (Input) This pointer can be null. name_props_ptr pointer to the rcp_name_props structure declared in sectest_rcp_dcls.incl.pl1. (Input) Either this pointer or rcp_nonsecurity_props_ptr must be non-null. nonsecurity_props_ptr pointer to the rcp_nonsecurity_props structure declared in sectest_rcp_dcls.incl.pl1. (Input) Either this pointer or rcp_name_props_ptr must be non-null. resource_desc_ptr pointer to the resource_descriptions structure, declared in the include file resource_control_desc.incl.pl1. (Input/Output) If this pointer is null, the structure is allocated in the system_free_area. _T_A_S_K_S 1. Allocate and zero the structure if the input pointer is NULL. 2. Copy fields, for which the corresponding valid bit is on, from the three input structures into the output structure. _A_S_S_U_M_P_T_I_O_N_S 1. Either rcp_name_props.resource_name OR rcp_nonsecurity_props.uid must be specified. D-103 __________________________ ________________ tu_$rcp_fill_resource_desc tu_$rcp_register __________________________ ________________ NAME: TU_$RCP_REGISTER | This entry registers something (e.g., tape_vol) with a particular name and possibly some specific properities, with the utility filling in those properties not specified, but are necessary. | | _U_S_A_G_E | | declare tu_$rcp_register entry (ptr, ptr, ptr, ptr); | | call tu$rcp_register (sectest_args_ptr, rcp_security_props_ptr, | rcp_name_props_ptr, rcp_nonsecurity_props_ptr); _A_R_G_U_M_E_N_T_S | sectest_args_ptr | pointer to the sectest_args structure declared in | sectest_args.incl.pl1. | | rcp_security_props_ptr | pointer to the rcp_security_props structure declared in | sectest_rcp_dcls.incl.pl1. | | rcp_name_props_ptr | pointer to the rcp_name_props structure declared in | sectest_rcp_dcls.incl.pl1. | | rcp_nonsecurity_props_ptr | pointer to the rcp_nonsecurity_props structure declared in | sectest_rcp_dcls.incl.pl1. _T_A_S_K_S 1. Calls tu_$rcp_fill_resource_desc to fill a resource_descriptions structure as defined in resource_control_desc.incl.pl1. Be sure to unspec the resource_descriptions structure first. 2. Fill default values into resource_descriptions with the following values IFF they are not already filled in: resource_descriptions.item.potential_aim_range = system_low:system_high resource_descriptions.given.potential_aim_range ="1"b resource_descriptions.item.charge_type = (same as resource type) resource_descriptions.given.charge_type = "1"b D-104 ________________ _______________ tu_$rcp_register tu_$rcp_release ________________ _______________ 3. Call rcprm_find_resource_$register passing it the appropriate args. The registery dir is >sc1>rcp. _A_S_S_U_M_P_T_I_O_N_S 1. Must have E access to rcp_admin_ gate to perform a register. 2. The resource_descriptions structure MUST contain at least the resource type and resource name. ________________________________________ NAME: TU_$RCP_RELEASE The tu_$rcp_release entry is a utility for RCP testing. It releases a resource into the free pool given the resource name and type. _U_S_A_G_E declare tu_rcp_$release entry (ptr, ptr, ptr, ptr); call tu_rcp_$release (sectest_args_ptr, security_props_ptr, name_props_ptr, nonsecurity_props_ptr); _A_R_G_U_M_E_N_T_S sectest_args_ptr pointer to the sectest_args structure. (Input) Cannot be null. rcp_security_props_ptr pointer to the rcp_security_props structure declared in sectest_rcp_dcls.incl.pl1. (Input) Cannot be null. rcp_name_props_ptr pointer to the rcp_name_props structure declared in sectest_rcp_dcls.incl.pl1. (Input) Cannot be null. rcp_nonsecurity_props_ptr pointer to the rcp_nonsecurity_props structure declared in sectest_rcp_dcls.incl.pl1. (Input) Cannot be null. _A_S_S_U_M_P_T_I_O_N_S 1. The resource name in rcp_name_props AND the type in rcp_nonsecurity_props MUST be specified. D-105 _______________ __________________________ tu_$rcp_release tu_$rcp_select_device_name _______________ __________________________ NAME: TU_$RCP_SELECT_DEVICE_NAME | This entry returns the name of a free device for the given | resource type. _U_S_A_G_E | declare tu_$rcp_select_device_name entry (ptr, char (*), char | (*)); | | call tu_$rcp_delect_device_name (sectest_args_ptr, device_type, | device_name); _A_R_G_U_M_E_N_T_S | sectest_args_ptr | is a pointer to the sectest_args structure as declared in | sectest_args.incl.pl1. Information about the test case is | extracted from this structure. (Input) | | device_type | is one of the device types listed in | rcp_device_types.incl.pl1. (Input) | | device_name | is a site-specific name for a device of the given type. | (Output) _T_A_S_K_S 1. Temporarily assign a resource of the specified type by calling rcp_$assign_resource. 2. Set the output argument device_name to the device name assigned. 3. Unassign the device. _A_S_S_U_M_P_T_I_O_N_S 1. For purposes of the tests, it is optimal to use device type tape_drive since all sites have at least one tape_drive and there is no assurance that devices of other types are available at all sites. D-106 __________________________ ________________ tu_$rcp_select_device_name tu_$rcp_unassign __________________________ ________________ NAME: TU_$RCP_UNASSIGN The tu_$rcp_unassign entry unassigns a resource belonging to the calling process. _U_S_A_G_E declare tu_$rcp_unassign entry (ptr, ptr, ptr, ptr); call tu_$rcp_unassign (sectest_args_ptr, security_props_ptr, name_props_ptr, nonsecurity_props_ptr); _A_R_G_U_M_E_N_T_S sectest_args_ptr pointer to sectest_args found in sectest_args.incl.pl1. (Input) Can be null. security_props_ptr pointer to rcp_security_props structure found in sectest_rcp_dcls.incl.pl1. (Input) Can be null. name_props_ptr pointer to rcp_name_props structure found in sectest_rcp_dcls.incl.pl1. (Input) Cannot be null. nonsecurity_props_ptr pointer to rcp_nonsecurity_props structure found in sectest_rcp_dcls.incl.pl1. (Input) Can be null. _T_A_S_K_S 1. Uses the resource name from rcp_name_props structure to unassign the resource. _A_S_S_U_M_P_T_I_O_N_S 1. The resource_name in rcp_name_props MUST be specified. D-107 ________________ _______________ tu_$rcp_unassign tu_$register_lv ________________ _______________ NAME: TU_$REGISTER_LV The tu_$register_lv entry is used to register a Logical Volume to be used with security functional tests. _U_S_A_G_E declare tu_$register_lv entry (ptr, char(*), ptr, ptr, ptr); call tu_$register_lv (sectest_args_ptr, lv_name, sec_props_ptr, name_props_ptr, non_sec_props_ptr); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure as declared in sectest_args.incl.pl1. (Input) lv_name is the name of the Logical Volume. (Input) sec_props_ptr is a pointer to the lv_security_props structure as declared in sectest_lv_properties.incl.pl1. If null default security properties are assumed. (Input) name_props_ptr is a pointer to the lv_name_props structure as declared in sectest_lv_properties.incl.pl1. If null default name properties are assumed. (Input) non_sec_props_ptr is a pointer to the lv_non_sec_props structure as declared in sectest_lv_properties.incl.pl1. If null default properties are assumed. (Input) _N_O_T_E_S The constant sectest_info_$uninitialized_test_lv defines the name of the logical volume which may be registered. D-108 _______________ ______________________ tu_$register_lv tu_$send_admin_command _______________ ______________________ NAME: TU_$RENAME_ACS | | This entry is used to change the name of a specified ACS segment. | This is done so that other processes can not find the ACS | segment. | | _U_S_A_G_E | | declare tu_$rename_acs (ptr, char (*), char (*), bit (1) | aligned); | | call tu_$rename_acs (sectest_args_ptr, dir_name, acs_name, | revert_sw); | | _A_R_G_U_M_E_N_T_S | | sectest_args_ptr | is a pointer to the sectest_args structure as declared in | sectest_args.incl.pl1. Information about the test case is | extracted from this structure. (Input) | | dir_name | is the pathanme of the directory conatin the ACS segment. | (Input) | | acs_name | is the name of the ACS segment. (Input) | | revert_sw | is a switch defining whether to change the name or change it | back. | "0"b change the name from **.acs to ==.ACS | "1"b change the name from **.ACS to ==.acs | ________________________________________ NAME: TU_$SEND_ADMIN_COMMAND The tu_$send_admin_command entry is used to send a command for execution by the answering service. _U_S_A_G_E declare tu_$send_admin_command entry (ptr, char(*)); call tu_$send_admin_command (sectest_args_ptr, command_line); D-109 ______________________ ______________________________ tu_$send_admin_command tu_$set_channel_aim_attributes ______________________ ______________________________ _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure as declared in sectest_args.incl.pl1. (Input) command_line is the command to be executed. (Input) _N_O_T_E_S This utility should be called only by other utilities which operate in the privileged server process. | | ________________________________________ | | | NAME: TU_$SET_CHANNEL_AIM_ATTRIBUTES | | This entrypoint sends a request to the Sectest_Server daemon to | set the current access class and/or access class range associated | with a given communications channel in the Channel Definition | Table (CDT). The daemon send an admin command to the Initializer | to actually make the change. | | _U_S_A_G_E | | declare tu_$set_channel_aim_attributes (ptr, char (*), (2) bit | (72) aligned, bit (1) aligned, bit (72) aligned); | | call tu_$set_channel_aim_attributes (sectest_args_ptr, | channel_name, access_class_range, access_class_valid_sw, | current_access_class); | | _A_R_G_U_M_E_N_T_S | | sectest_args_ptr | is a pointer to the sectest_args structure as declared in | sectest_args.incl.pl1. Information about the test case is | extracted from this structure. (Input) | | channel_name | is the channel name. (Input) | | access_class_range | is the new range for the access classes to which the channel | can be set. (Input) D-110 ______________________________ ________________________ tu_$set_channel_aim_attributes tu_$set_dialok_attribute ______________________________ ________________________ | access_class_valid_sw | is "1"b if the current access class of the channel is also to | be set. (Input) | | current_access_class | if access_class_valid_sw is "1"b, this is the new value for | the channel's access class. This class must fall within the | new access_class_range. (Input) | | ________________________________________ | | | NAME: TU_$SET_DIALOK_ATTRIBUTE | | This entry point is used to turn on or off the dialok attribute | for the testing process. | | _U_S_A_G_E | | declare tu_$set_dialok_attribute (ptr, bit (1) aligned); | | call tu_$set_dialok_attribute (sectest_args_ptr, | dialok_attribute_value); | | _A_R_G_U_M_E_N_T_S | | sectest_args_ptr | is a pointer to the sectest_args structure as declared in | sectest_args.incl.pl1. Information about the test case is | extracted from this structure. (Input) | | dialok_attribute_value | Is a bit value used to determine whether the dialok attribute | id to be turned on or off. (Input) | "0"b Off | "1"b On | D-111 ________________________ ______________________ tu_$set_dialok_attribute tu_$set_properties_acs ________________________ ______________________ NAME: TU_$SET_PROPERTIES_ACS This entry point manipulates the properties of an ACS segment. _U_S_A_G_E dcl tu_$set_properties_acs entry (ptr, char(*), char(*), ptr, ptr, ptr); call tu_$set_properties_acs (sectest_args_ptr, dir_name, acs_name, access_info_ptr, names_info_ptr, properties_info_ptr); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure declared in sectest_args.incl.pl1. (Input) dir_name is the pathname of the containing directory. It must be relative to the test directory or begin with one of the keywords %test_dir, %lv_acs_dir, etc. See tu_$expand_pathname for a list of allowable keywords. (Input) acs_name is the name of the ACS segment. The acs suffix is assumed. (Input) access_info_ptr is a pointer to the access_info structure declared in sectest_fs_properties.incl.pl1. If null, no access properties are changed. (Input) names_info_ptr is a pointer to the names_info structure declared in sectest_fs_properties.incl.pl1. If null, no names are changed. If non-null, all existing names on the segment are deleted and those in the names_info structure are added. The acs suffix is assumed on all names. (Input) properties_info_ptr is a pointer to the appropriate properties info structure declared in sectest_fs_properties.incl.pl1. If null, none of the properties listed in this structure are changed. (Input) D-112 ______________________ ____________________________ tu_$set_properties_acs tu_$set_properties_admin_acs ______________________ ____________________________ NAME: TU_$SET_PROPERTIES_ADMIN_ACS The tu_$set_properties_admin_acs entry is used to manipulate the properties of a admin ACS segment. _U_S_A_G_E declare tu_$set_properties_admin_acs entry (ptr, char(*), ptr, ptr, ptr); call tu_$set_properties_admin_acs (sectest_args_ptr, admin_acs_name, access_info_ptr, name_info_ptr, properties_info_ptr); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure as declared in sectest_args.incl.pl1. (Input) admin_acs_name is the name of the ACS segment. (Input) access_info_ptr is a pointer to the access_info structure structure as declared in sectest_fs_properties.incl.pl1. If null no access properties are changed. (Input) name_info_ptr is a pointer to the names_info structure as declared in sectest_fs_properties.incl.pl1. If null no names will be changed. If non-null all names will be replaced with those defined in the names_info structure. The ".acs" suffix will be added to all names. (Input) properties_info_ptr is a pointer to the appropriate segment_properties_info or directory_properties_info structure as declared in sectest_fs_properties.incl.pl1. If null no changes to the properties will be made. (Input) D-113 ____________________________ ______________________________ tu_$set_properties_admin_acs tu_$set_properties_channel_acs ____________________________ ______________________________ NAME: TU_$SET_PROPERTIES_CHANNEL_ACS The tu_$set_properties_channel_acs entry is used to manipulate the properties of a channel ACS segment. _U_S_A_G_E declare tu_$set_properties_channel_acs entry (ptr, char(*), ptr, ptr, ptr); call tu_$set_properties_channel_acs (sectest_args_ptr, channel_acs_name, access_info_ptr, name_info_ptr, properties_info_ptr); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure as declared in sectest_args.incl.pl1. (Input) channel_acs_name is the name of the ACS segment. (Input) access_info_ptr is a pointer to the access_info structure structure as declared in sectest_fs_properties.incl.pl1. If null no access properties are changed. (Input) name_info_ptr is a pointer to the names_info structure as declared in sectest_fs_properties.incl.pl1. If null no names will be changed. If non-null all names will be replaced with those defined in the names_info structure. The ".acs" suffix will be added to all names. (Input) properties_info_ptr is a pointer to the appropriate segment_properties_info or directory_properties_info structure as declared in sectest_fs_properties.incl.pl1. If null no changes to the properties will be made. (Input) D-114 ______________________________ ____________________________ tu_$set_properties_channel_acs tu_$set_properties_directory ______________________________ ____________________________ NAME: TU_$SET_PROPERTIES_DIRECTORY The tu_$set_properties_directory entry is used to manipulate the properties of a directory. _U_S_A_G_E declare tu_$set_properties_directory entry (ptr, char(*), char(*), ptr, ptr, ptr); call tu_$set_properties_directory (sectest_args_ptr, dir_name, entry_name, access_info_ptr, name_info_ptr, properties_info_ptr); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure as declared in sectest_args.incl.pl1. (Input) dir_name is the relative pathname of the containing directory. (Input) entry_name is the name of the directory. (Input) access_info_ptr is a pointer to the access_info structure structure as declared in sectest_fs_properties.incl.pl1. If null no access properties are changed. (Input) name_info_ptr is a pointer to the names_info structure as declared in sectest_fs_properties.incl.pl1. If null no names will be changed. If non-null all names will be replaced with those defined in the names_info structure. (Input) properties_info_ptr is a pointer to a directory_properties_info structure as declared in sectest_fs_properties.incl.pl1. If null no changes to the properties will be made. (Input) D-115 ____________________________ _____________________ tu_$set_properties_directory tu_$set_properties_lv ____________________________ _____________________ NAME: TU_$SET_PROPERTIES_LV The tu_$set_properties_lv entry is used to manipulate the properties of a Logical Volume. _U_S_A_G_E declare tu_$set_properties_lv entry (ptr, char(*), ptr, ptr, ptr); call tu_$set_properties_lv (sectest_args_ptr, lv_name, sec_props_ptr, name_props_ptr, non_sec_props_ptr); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure as declared in sectest_args.incl.pl1. (Input) lv_name is the name of the Logical Volume. (Input) sec_props_ptr is a pointer to the lv_security_props structure as declared in sectest_lv_properties.incl.pl1. If null the security properties are not changed. (Input) name_props_ptr is a pointer to the lv_name_props structure as declared in sectest_lv_properties.incl.pl1. If null the name properties are not changed. (Input) non_sec_props_ptr is a pointer to the lv_non_sec_props structure as declared in sectest_lv_properties.incl.pl1. If null the associated properties are not changed. (Input) _N_O_T_E_S This entry should be used with only those volumes registered by a security functional test. D-116 _____________________ _________________________ tu_$set_properties_lv tu_$set_properties_lv_acs _____________________ _________________________ NAME: TU_$SET_PROPERTIES_LV_ACS This entry point manipulates the properties of a logical volume ACS segment. _U_S_A_G_E dcl tu_$set_properties_lv_acs entry (ptr, char(*), ptr, ptr, ptr); call tu_$set_properties_lv_acs (sectest_args_ptr, name, access_info_ptr, names_info_ptr, properties_info_ptr); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure declared in sectest_args.incl.pl1. (Input) name is the name of the ACS segment. The acs suffix is assumed. The parent directory is >lv. (Input) access_info_ptr is a pointer to the access_info structure declared in sectest_fs_properties.incl.pl1. If null, no access properties are changed. (Input) names_info_ptr is a pointer to the names_info structure declared in sectest_fs_properties.incl.pl1. If null, no names are changed. If non-null, all existing names on the segment are deleted and those in the names_info structure are added. The acs suffix is assumed on all names. (Input) properties_info_ptr is a pointer to the appropriate properties info structure declared in sectest_fs_properties.incl.pl1. If null, none of the properties listed in this structure are changed. (Input) D-117 _________________________ ______________________ tu_$set_properties_lv_acs tu_$set_properties_mbx _________________________ ______________________ NAME: TU_$SET_PROPERTIES_MBX This entry point manipulates the properties of a mailbox. _U_S_A_G_E dcl tu_$set_properties_mbx entry (ptr, char(*), char(*), ptr, ptr, ptr); call tu_$set_properties_mbx (sectest_args_ptr, dir_name, entry_name, access_info_ptr, names_info_ptr, properties_info_ptr); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure declared in sectest_args.incl.pl1. (Input) dir_name is the pathname of the containing directory. It must be relative to the test directory or begin with one of the keywords %test_dir, %lv_acs_dir, etc. See tu_$expand_pathname for a list of allowable keywords. (Input) entry_name is the name of the mailbox. The mbx suffix is assumed. (Input) access_info_ptr is a pointer to the access_info structure declared in sectest_fs_properties.incl.pl1. If null, no access properties are changed. (Input) names_info_ptr is a pointer to the names_info structure declared in sectest_fs_properties.incl.pl1. If null, no names are changed. If non-null, all existing names on the segment are deleted and those in the names_info structure are added. The mbx suffix is assumed on all names. (Input) properties_info_ptr is a pointer to the appropriate properties info structure declared in sectest_fs_properties.incl.pl1. If null, none of the properties listed in this structure are changed. (Input) D-118 ______________________ _________________________ tu_$set_properties_mbx tu_$set_properties_mc_acs ______________________ _________________________ NAME: TU_$SET_PROPERTIES_MC_ACS This entry point manipulates the properties of a message coordinator ACS segment. _U_S_A_G_E dcl tu_$set_properties_mc_acs entry (ptr, char(*), ptr, ptr, ptr); call tu_$set_properties_mc_acs (sectest_args_ptr, name, access_info_ptr, names_info_ptr, properties_info_ptr); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure declared in sectest_args.incl.pl1. (Input) name is the name of the ACS segment. The acs suffix is assumed. The parent directory is >sc1>mc_acs. (Input) access_info_ptr is a pointer to the access_info structure declared in sectest_fs_properties.incl.pl1. If null, no access properties are changed. (Input) names_info_ptr is a pointer to the names_info structure declared in sectest_fs_properties.incl.pl1. If null, no names are changed. If non-null, all existing names on the segment are deleted and those in the names_info structure are added. The acs suffix is assumed on all names. (Input) properties_info_ptr is a pointer to the appropriate properties info structure declared in sectest_fs_properties.incl.pl1. If null, none of the properties listed in this structure are changed. (Input) D-119 _________________________ _____________________ tu_$set_properties_mc_acs tu_$set_properties_ms _________________________ _____________________ NAME: TU_$SET_PROPERTIES_MS This entry point manipulates the properties of a queue message segment. _U_S_A_G_E dcl tu_$set_properties_ms entry (ptr, char(*), char(*), ptr, ptr, ptr); call tu_$set_properties_ms (sectest_args_ptr, dir_name, entry_name, access_info_ptr, names_info_ptr, properties_info_ptr); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure declared in sectest_args.incl.pl1. (Input) dir_name is the pathname of the containing directory. It must be relative to the test directory or begin with one of the keywords %test_dir, %lv_acs_dir, etc. See tu_$expand_pathname for a list of allowable keywords. (Input) entry_name is the name of the message segment. The ms suffix is assumed. (Input) access_info_ptr is a pointer to the access_info structure declared in sectest_fs_properties.incl.pl1. If null, no access properties are changed. (Input) names_info_ptr is a pointer to the names_info structure declared in sectest_fs_properties.incl.pl1. If null, no names are changed. If non-null, all existing names on the segment are deleted and those in the names_info structure are added. The ms suffix is assumed on all names. (Input) properties_info_ptr is a pointer to the appropriate properties info structure declared in sectest_fs_properties.incl.pl1. If null, none of the properties listed in this structure are changed. (Input) D-120 _____________________ ______________________ tu_$set_properties_ms tu_$set_properties_pnt _____________________ ______________________ NAME: TU_$SET_PROPERTIES_PNT | | This entry point modifies the attributes of a PNT object. | | _U_S_A_G_E | | declare tu_$set_properties_pnt (ptr, char (*), char (*), ptr, | ptr, ptr); | | call tu_$set_properties_pnt (sectest_args_ptr, dir_name, | entry_name, access_info_ptr, names_info_ptr, | properties_info_ptr); | | _A_R_G_U_M_E_N_T_S | | sectest_args_ptr | is a pointer to the sectest_args structure as declared in | sectest_args.incl.pl1. Information about the test case is | extracted from this structure. (Input) | | dir_name | is the path name of the directory containing the PNT. (Input) | | entry_name | is the name of the PNT, with the ".pnt" suffix added. (Input) | | access_info_ptr | is a pointer to the segment_access_info structure found in | sectest_fs_properties.incl.pl1. (Input) | | names_info_ptr | is a pointer to the structure names_info found in | sectest_fs_properties.incl.pl1. (Input) | | properties_info_ptr | is a pointer to the structure segment_properties_info found in | sectest_fs_properties.incl.pl1. (Input) | D-121 ______________________ ______________________ tu_$set_properties_pnt tu_$set_properties_rcp ______________________ ______________________ NAME: TU_$SET_PROPERTIES_RCP _U_S_A_G_E declare tu_$set_properties_rcp entry (ptr, ptr, ptr, ptr); call tu_$set_properties_rcp (sectest_args_ptr, security_props_ptr, name_props_ptr, nonsecurity_props_ptr); _A_R_G_U_M_E_N_T_S sectest_args_ptr pointer to sectest_args found in sectest_args.incl.pl1. (Input) Cannot be null. security_props_ptr pointer to rcp_security_props structure found in sectest_rcp_dcls.incl.pl1. (Input/Output) Cannot be null. name_props_ptr pointer to rcp_name_props structure found in sectest_rcp_dcls.incl.pl1. (Input/Output) Cannot be null. nonsecurity_props_ptr pointer to rcp_nonsecurity_props structure found in sectest_rcp_dcls.incl.pl1. (Input/Output) Cannot be null. _T_A_S_K_S 1. Sets the parameters of a resource. The resource attributes to be changed are determined by the information in the three structures where the valid bit is turned on. _A_S_S_U_M_P_T_I_O_N_S 1. The resource name in rcp_name_props AND the type in rcp_nonsecurity_props MUST be supplied. 2. The version numbers (as defined in sectest_rcp_dcls.incl.pl1) must be supplied in each structure. D-122 ______________________ __________________________ tu_$set_properties_rcp tu_$set_properties_rcp_acs ______________________ __________________________ NAME: TU_$SET_PROPERTIES_RCP_ACS This entry point manipulates the properties of an RCP ACS segment. _U_S_A_G_E dcl tu_$set_properties_rcp_acs entry (ptr, char(*), char(*), ptr, ptr, ptr); call tu_$set_properties_rcp_acs (sectest_args_ptr, name, access_info_ptr, names_info_ptr, properties_info_ptr); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure declared in sectest_args.incl.pl1. (Input) name is the name of the ACS segment. The acs suffix is assumed. The parent directory is >sc1>rcp. (Input) access_info_ptr is a pointer to the access_info structure declared in sectest_fs_properties.incl.pl1. If null, no access properties are changed. (Input) names_info_ptr is a pointer to the names_info structure declared in sectest_fs_properties.incl.pl1. If null, no names are changed. If non-null, all existing names on the segment are deleted and those in the names_info structure are added. The acs suffix is assumed on all names. (Input) properties_info_ptr is a pointer to the appropriate properties info structure declared in sectest_fs_properties.incl.pl1. If null, none of the properties listed in this structure are changed. (Input) D-123 __________________________ __________________________ tu_$set_properties_rcp_acs tu_$set_properties_segment __________________________ __________________________ NAME: TU_$SET_PROPERTIES_SEGMENT This entry point manipulates the properties of a segment. _U_S_A_G_E dcl tu_$set_properties_segment entry (ptr, char(*), char(*), ptr, ptr, ptr); call tu_$set_properties_segment (sectest_args_ptr, dir_name, entry_name, access_info_ptr, names_info_ptr, properties_info_ptr); _A_R_G_U_M_E_N_T_S sectest_args_ptr is a pointer to the sectest_args structure declared in sectest_args.incl.pl1. (Input) dir_name is the pathname of the containing directory. It must be relative to the test directory or begin with one of the keywords %test_dir, %lv_acs_dir, etc. See tu_$expand_pathname for a list of allowable keywords. (Input) entry_name is the name of the segment. (Input) access_info_ptr is a pointer to the access_info structure declared in sectest_fs_properties.incl.pl1. If null, no access properties are changed. (Input) names_info_ptr is a pointer to the names_info structure declared in sectest_fs_properties.incl.pl1. If null, no names are changed. If non-null, all existing names on the segment are deleted and those in the names_info structure are added. (Input) properties_info_ptr is a pointer to the appropriate properties info structure declared in sectest_fs_properties.incl.pl1. If null, none of the properties listed in this structure are changed. (Input) D-124 __________________________ _________________________ tu_$set_properties_segment tu_$start_dial_id_service __________________________ _________________________ NAME: TU_$SET_WDIR | | This utility is used to change the working directory of the | testing process. | | _U_S_A_G_E | | declare tu_$set_wdir (ptr, char (*)); | | call tu_$set_wdir (sectest_args_ptr, dir_name); | | _A_R_G_U_M_E_N_T_S | | sectest_args_ptr | is a pointer to the sectest_args structure as declared in | sectest_args.incl.pl1. Information about the test case is | extracted from this structure. (Input) | | dir_name | is the pathname of directory to change working-directory. | (Input) | | ________________________________________ | | | NAME: TU_$START_DIAL_ID_SERVICE | | This entry establishes a dial line for the testing process or for | the server process, as specified by server_process_sw. | | _U_S_A_G_E | | declare tu_$start_dial_id_service (ptr, char (*), bit (1) | aligned, bit (1) aligned); | | call tu_$start_dial_id_service (sectest_args_ptr, dial_id, | registered_sw, server_process_sw); | | _A_R_G_U_M_E_N_T_S | | sectest_args_ptr | is a pointer to the sectest_args structure as declared in | sectest_args.incl.pl1. Information about the test case is | extracted from this structure. (Input) | | dial_id | is used as the first argument of the dial command when | connecting to a process. The dial_id is an alphanumeric | string from 1 to 12 characters long. (Input) | D-125 _________________________ ________________________ tu_$start_dial_id_service tu_$stop_dial_id_service _________________________ ________________________ | registered_sw | is a switch to determine whether or not to accept dials on the | registered dial qualifier. (Input) | "0"b = accept non-registered dials. | "1"b = accept registered dials. | | server_process_sw | is a switch to determine if the accept dial request is done by | the testing process or the Sectest Server daemon. (Input) | "0"b = The testing process accepts dials. | "1"b = The Sectest Server accepts dials. | | ________________________________________ | | | NAME: TU_$STOP_DIAL_ID_SERVICE | | This entry informs the answering service that the connection is | be terminated. This termination is done in the testing process | or the server process, depending on how server_process_sw is set. | | _U_S_A_G_E | | declare tu_$stop_dial_id_service (ptr, char (*), bit (1) | aligned); | | call tu_$stop_dial_id_service (sectest_args_ptr, dial_id, | server_process_sw); | | _A_R_G_U_M_E_N_T_S | | sectest_args_ptr | is a pointer to the sectest_args structure as declared in | sectest_args.incl.pl1. Information about the test case is | extracted from this structure. (Input) | | dial_id | is used as the first argument of the dial command when | connecting to a process. The dial_id is an alphanumeric | string from 1 to 12 characters long. (Input) | | server_process_sw | is a switch to determine if the terminate dial request is done | by the testing process or the Sectest Server daemon. (Input) | "0"b = The testing process accepts dials. | "1"b = The Sectest Server accepts dials. D-126 ________________________ _____________________ tu_$stop_dial_id_service tu$translate_dial_msg ________________________ _____________________ NAME: TU_$SYSERR | | This entry is used to put a message in the syserr log. | | _U_S_A_G_E | | declare tu_$syserr (ptr, fixed bin); | | call tu_$syserr (sectest_args_ptr, syserr_code); | | _A_R_G_U_M_E_N_T_S | | sectest_args_ptr | is a pointer to the sectest_args structure as declared in | sectest_args.incl.pl1. Information about the test case is | extracted from this structure. (Input) | | syserr_code | is the code for the error message to be entered into the | syserr log. (Input) | | ________________________________________ | | | NAME: TU$TRANSLATE_DIAL_MSG | | This entry point is used to convert dial and dial_out Answering | Service request messages from encoded to readable form. | | _U_S_A_G_E | | declare tu_$translate_dial_msg (ptr, bit (72) aligned) returns | (char (70) varying); | | message = tu_$translate_dial_msg (sectest_args_ptr, | dial_message); | | _A_R_G_U_M_E_N_T_S | | sectest_args_ptr | is a pointer to the sectest_args structure as declared in | sectest_args.incl.pl1. Information about the test case is | extracted from this structure. (Input) | | dial_message | is the request to be translated. (Input) | | message | is the readable message corresponding to dial_message. | D-127 _____________________ _______________________ tu$translate_dial_msg tu$try_to_initiate_file _____________________ _______________________ | NAME: TU$TRANSLATE_ERROR_CODE | | This entry point is used to convert error_table_ messages from | encoded to readable form. | | _U_S_A_G_E | | declare tu_$translate_error_code (ptr, fixed bin (35)) returns | (char (70) varying); | | error_message = tu_$translate_error_code (sectest_args_ptr, | code); | | _A_R_G_U_M_E_N_T_S | | sectest_args_ptr | is a pointer to the sectest_args structure as declared in | sectest_args.incl.pl1. Information about the test case is | extracted from this structure. (Input) | | code | is a system status code. (Input) | | error_message | is the text representation of the error specified by code. | | ________________________________________ | | | NAME: TU$TRY_TO_INITIATE_FILE | | This entry point, given a pathname, attempts to make known the | segment defined by the pathname. | | _U_S_A_G_E | | declare tu_$try_to_initiate_file (ptr, char (*), char (*), ptr, | fixed bin (35)); | | call tu_$try_to_initiate_file (sectest_args_ptr, dir_name, | entry_name, seg_ptr, code); | | _A_R_G_U_M_E_N_T_S | | sectest_args_ptr | is a pointer to the sectest_args structure as declared in | sectest_args.incl.pl1. Information about the test case is | extracted from this structure. (Input) D-128 _______________________ __________________________ tu$try_to_initiate_file tu$try_to_initiate_refname _______________________ __________________________ dir_name | is the pathname of the contain directory. (Input) | | entry_name | is the entryname of the segment. (Input) | | seg_ptr | is a pointer to the segment. (Output) | | code | is a storage system status code. (Output) | | ________________________________________ | | | NAME: TU$TRY_TO_INITIATE_REFNAME | | This entry point, given a pathname and a reference name, attempts | to make the segment defined by the pathname known with that | reference name. | | _U_S_A_G_E | | declare tu_$try_to_initiate_refname (ptr, char (*), char (*), | char (*), ptr, fixed bin (35)); | | call tu_$try_to_initiate_refname (sectest_args_ptr, dir_name, | entry_name, ref_name, seg_ptr, code); | | _A_R_G_U_M_E_N_T_S | | sectest_args_ptr | is a pointer to the sectest_args structure as declared in | sectest_args.incl.pl1. Information about the test case is | extracted from this structure. (Input) | | dir_name | is the pathname of the contain directory. (Input) | | entry_name | is the entryname of the segment. (Input) | | ref_name | is the reference name. (Input) | | seg_ptr | is a pointer to the segment. (Output) | | code | is a storage system status code. (Output) | D-129 ----------------------------------------------------------- Historical Background This edition of the Multics software materials and documentation is provided and donated to Massachusetts Institute of Technology by Group BULL including BULL HN Information Systems Inc. as a contribution to computer science knowledge. This donation is made also to give evidence of the common contributions of Massachusetts Institute of Technology, Bell Laboratories, General Electric, Honeywell Information Systems Inc., Honeywell BULL Inc., Groupe BULL and BULL HN Information Systems Inc. to the development of this operating system. Multics development was initiated by Massachusetts Institute of Technology Project MAC (1963-1970), renamed the MIT Laboratory for Computer Science and Artificial Intelligence in the mid 1970s, under the leadership of Professor Fernando Jose Corbato. Users consider that Multics provided the best software architecture for managing computer hardware properly and for executing programs. Many subsequent operating systems incorporated Multics principles. Multics was distributed in 1975 to 2000 by Group Bull in Europe , and in the U.S. by Bull HN Information Systems Inc., as successor in interest by change in name only to Honeywell Bull Inc. and Honeywell Information Systems Inc. . ----------------------------------------------------------- Permission to use, copy, modify, and distribute these programs and their documentation for any purpose and without fee is hereby granted,provided that the below copyright notice and historical background appear in all copies and that both the copyright notice and historical background and this permission notice appear in supporting documentation, and that the names of MIT, HIS, BULL or BULL HN not be used in advertising or publicity pertaining to distribution of the programs without specific prior written permission. Copyright 1972 by Massachusetts Institute of Technology and Honeywell Information Systems Inc. Copyright 2006 by BULL HN Information Systems Inc. Copyright 2006 by Bull SAS All Rights Reserved