versadac  1
versadac - Scalable Recorder Firmware
usersecurity.h
1 /*******************************************************************************
2 *
3 * Copyright (c) 2010 Invensys Eurotherm
4 *
5 * Project : DEV5201 Scalable Recorder
6 * FileName : usersecurity.h
7 * Author : Steve Pickford
8 * Created : 15/09/2011
9 * Description : Header file for User Security
10 *
11 *******************************************************************************/
12 #ifndef USER_SECURITY_H
13 #define USER_SECURITY_H
14 
15 #ifndef WIN32
16 #include "sr_instrument.h"
17 #else
18 #include "..\..\..\..\functionblocks\controls\sr_instrument\src\sr_instrument.h"
19 #endif
20 
21 /***********************/
22 /* DEFINES */
23 /***********************/
24 /****** W A R N I N G ******/
25 /* IF YOU EVER CHANGE ANY OF THESE DEFINES */
26 /* PLEASE INFORM ITOOLS DEVELOPMENT TEAM */
27 /* AS WE WILL ALSO NEED TO UPDATE OUR */
28 /* DEFINITIONS TOO TO MATCH */
29 /* SIMILARLY FOR SECMAN */
30 #define MAX_USERS 500
31 #define MAX_USERID_LENGTH 20
32 #define MAX_PASSWORD_LENGTH 20
33 #define MAX_DOMAIN_NAME_LENGTH 60
34 
35 // The first 4 bytes contain the size of the buffer
36 #define SECURITY_DATA_OFFSET 4
37 
38 // iTools requires alternative mechanism to apply versadac security - definition of special magic number
39 // Used in md_drivertask.cpp line 1600 and IDM memory access
40 #define APPLY_SECURITY_MAGIC_NUMBER_MSB 0xC0
41 #define APPLY_SECURITY_MAGIC_NUMBER_LSB 0x01
42 #define APPLY_SECURITY_MAGIC_NUMBER_OFFSET 0xFFFF
43 
44 
45 /***********************/
46 /* TYPEDEFS */
47 /***********************/
48 enum
49 {
50  SECURITY_LOGGED_OUT,
51  SECURITY_LOGGED_IN,
52  SECURITY_BUSY,
53  SECURITY_ACCOUNT_DISABLED,
54  SECURITY_PASSWORD_EXPIRED,
55  SECURITY_USER_TIMED_OUT,
56  SECURITY_LOGGED_OUT_SECURITY_CHANGED
57 };
58 
59 enum
60 {
61  LOGIN_USER,
62  SIGNING_USER,
63  AUTHORISING_USER,
64  MAX_USER_ROLES
65 };
66 
67 enum
68 {
69  LOGGED_OUT_USER,
70  OPERATOR_USER,
71  SUPERVISOR_USER,
72  ADMIN_LOCAL_USER,
73  ENGINEER_USER,
74  MAX_WEB_RESTRICTED_USERS = ENGINEER_USER,
75  MAX_DEFAULT_USERS
76 };
77 
78 #define ALL_SECURITY_USER LOGGED_OUT_USER
79 
80 enum
81 {
82  ACCOUNT_DISABLED,
83  EDIT_ALL_PASSWORDS,
84  EDIT_OWN_PASSWORD,
85  CHANGE_ALARM_SETPOINTS,
86  ALARM_ACKNOWLEDGE,
87  SET_CLOCK,
88  ADJUST,
89  ARCHIVING_CONTROL,
90  FULL_CONFIGURATION,
91  EDIT_ACCESS_PERMISSIONS,
92  BATCH_CONTROL,
93  SIGNING,
94  AUTHORISING,
95  EDIT_OUTPUT_CHANNEL_DEFAULT,
96  FORCE_PASSWORD_CHANGE,
97  ENTER_BATCH_DATA,
98  WEB_SERVER_ACCESS,
99  MAX_PERMISSIONS
100 };
101 
102 #define FIRST_EAP_PERMISSION EDIT_OUTPUT_CHANNEL_DEFAULT
103 
104 enum
105 {
106  RECORD_LOGINS,
107  PASSWORD_RETRIES,
108  PASSWORDS_EXPIRE,
109  LOGIN_TIMEOUT,
110  MIN_PASSWORD_LENGTH,
111  REQUIRE_SIGNING,
112  REQUIRE_AUTHORIZATION,
113  ENABLE_AUDIT_TRAIL,
114  MAX_MANAGEMENT
115 };
116 
117 typedef struct
118 {
119  /*****************************/
120  /* IF YOU CHANGE ANY OF THIS */
121  /* PLEASE ALSO UPDATE */
122  /* copy_security */
123  /*****************************/
124  string_20 userId;
125  string_20 password;
126  string_20 remotePassword;
127  string_60 domainName;
128  double passwordChanged;
129  int16 passwordExpires;
130  uint8 failedPasswordCounter;
131  bool remoteConnectionEnabled;
132  bool permission[MAX_PERMISSIONS];
133 } user_access_t;
134 
135 typedef struct
136 {
137 #ifndef WIN32
138  SEM_ID semaphore;
139 #endif
140  uint16 numUsers;
141  uint32 secManMagicNumber;
142  user_access_t user[MAX_USERS];
143  uint16 management[MAX_MANAGEMENT];
145 
146 /***********************/
147 /* INTERFACE FUNCTIONS */
148 /***********************/
149 void initialise_security();
150 void apply_new_security_from_file();
151 void apply_new_security_from_nvram(uint16 z_user);
152 void debug_default_security();
153 bool instrument_in_lockdown();
154 
155 uint16 getUserIndex(char * z_userId);
156 char *getUserName(uint16 z_user);
157 bool getUserRemoteConnectionEnabled(uint16 z_user);
158 uint8 getUserFailedLogins(uint16 z_user);
159 int16 getPasswordExpires(uint16 z_user);
160 uint8 checkLogin(uint16 z_user, char *z_password, bool z_remote);
161 void checkPassword(int z_connectionNumber, int z_userRole, sr_instrument_data_t *z_inst_data);
162 void checkEPassword(int z_connectionNumber, int z_userRole, sr_instrument_data_t *z_inst_data);
163 bool userGetPermission(uint16 z_user, uint8 z_permission);
164 uint16 userGetManagement(uint8 z_management);
165 
166 /*******************************/
167 /* INTERFACE FUNCTIONS FOR IDM */
168 /*******************************/
169 #ifdef WIN32
170 void setPasswordExpires(uint16 z_user, int16 z_expires);
171 void setUserFailedLogins(uint16 z_user, uint8 z_failedlogins);
172 uint16 connectionSetUserAndLoggedInStatus(uint8 z_connectionNumber, uint8 z_userRole, uint16 z_user, bool LoggedInStatus);
173 void connectionSetUserLoggedInAndLoggedInStatus(uint8 z_connectionNumber, uint8 z_userRole, bool LoggedInStatus);
174 bool is_this_security_same_as_default_security(user_security_t *pUserSecurity);
175 bool is_user_security_same_as_default_security(void);
176 bool is_IDM_security_same_as_default_security(void);
177 void copy_security(user_security_t *pSourceUserSecurity, user_security_t *pDestinationUserSecurity);
178 void copy_IDM_security_to_user_security(void);
179 void copy_IDM_copy_of_nvol_security_buffer_to_main_buffer(void);
180 void write_user_security_to_nvol();
181 bool does_IDM_security_include_this_userID(char* z_userID);
182 bool does_IDM_security_include_currently_logged_userID(void);
183 bool does_IDM_security_with_this_userID_have_same_password(char* z_userID, char* z_password);
184 bool does_IDM_security_does_currently_logged_userID_have_same_password(void);
185 
186 extern bool g_User_Security_Use_Loaded_From_Clone_File_User_Security; // if true, uses IDM one...
187 #endif
188 
189 /********************/
190 /* MB MANAGER C API */
191 /********************/
192 extern uint16 connectionGetUser(uint8 z_connectionNumber, uint8 z_userRole);
193 extern uint16 connectionSetUser(uint8 z_connectionNumber, uint8 z_userRole, uint16 z_user);
194 extern uint16 connectionSetUserForAllConnections( uint8 z_userRole, uint16 z_user);
195 extern uint16 connectionGetLoggedInUser(uint8 z_connectionNumber, uint8 z_userRole);
196 extern void connectionSetUserLoggedIn(uint8 z_connectionNumber, uint8 z_userRole);
197 extern uint8 connectionGetSecurityStatus(uint8 z_connectionNumber, uint8 z_userRole);
198 extern void connectionSetSecurityStatus(uint8 z_connectionNumber, uint8 z_userRole, uint8 z_status);
199 extern void connectionSetSecurityStatusForAllConnections( uint8 z_userRole, uint8 z_status);
200 extern void connectionSetLoggedInTime(uint8 z_connectionNumber, double z_time);
201 extern bool connectionGetWriting(uint8 z_connectionNumber);
202 extern void connectionSetWriting(uint8 z_connectionNumber,bool z_writing);
203 #ifndef WIN32
204 extern STATUS takeLoginSemaphore(uint8 z_connectionNumber, int z_wait);
205 extern void giveLoginSemaphore(uint8 z_connectionNumber);
206 #endif
207 
208 /********************/
209 /* For IDM/Windows */
210 /********************/
211 #ifdef WIN32
212 #define SECURITY_CONFIG_FILE_BASE "memmap.tmp"
213 extern char g_VersaDAC_Security_File[];
214 
215 /******************************* NVOL Security Buffer ************/
216 extern char g_nvol_security_buffer[];
217 extern char g_nvol_security_buffer_for_IDM_Clone_File_Loading[];
218 extern bool g_nvol_security_buffer_Use_IDM_Clone_File_Buffer; // if true, uses IDM one...
219 
220 #define get_security_start_addr() (g_nvol_security_buffer_Use_IDM_Clone_File_Buffer == true ? g_nvol_security_buffer_for_IDM_Clone_File_Loading : g_nvol_security_buffer)
221 
222 #define get_security_for_IDM_Clone_File_Loading_start_addr() g_nvol_security_buffer_for_IDM_Clone_File_Loading
223 
224 // Flag to allow security manager code to signal to IDM that sufficient/complete security manager file has been received
225 extern bool g_IDM_SecurityFileHasBeenReEncryptedDoNotWriteAnyMoreData;
226 
227 // IDM 'HACKED' use of the TCP connection number to allow it to have different rules for reading and writing
228 extern uint16 OPCConvertUserIDToConnectionNumberForReading(uint8 z_userid);
229 extern uint16 OPCConvertUserIDToConnectionNumberForWriting(uint8 z_userid);
230 
231 // Used by iTools to encrypt a user-provided password into the encrypted version
232 // which then allows iTools to confirm the user-password as valid (or not)...
233 void iToolsEncryptToString( const char *z_data, int z_key, char** z_ppszOut );
234 
235 #endif
236 
237 #endif
238 
239 
240 
241 
Definition: usersecurity.h:135
Definition: usersecurity.h:117