<> <> <> <> <> <> <<>> <> <<>> DIRECTORY IO USING [STREAM], Rope USING [ROPE]; UserCredentials: CEDAR DEFINITIONS = BEGIN <<>> ROPE: TYPE ~ Rope.ROPE; STREAM: TYPE ~ IO.STREAM; State: TYPE = MACHINE DEPENDENT { noCredentials(0), name(1), nameHint(2), nameAndPassword(3) }; <> <<"noCredentials" means that the disk area has never been initialized or that it holds credentials in an obsolete format from a previous, incompatible Cedar release.>> <<"name" means that the user's name is stored on the disk and that Login (see below) will accept only the named individual. Furthermore, the password supplied at Login time must be acceptable to Grapevine. (If Grapevine is unavailable, the password must match the last password for this individual that Grapevine acknowledged as correct.)>> <<"nameHint" means that any individual registered with Grapevine may successfully log in, but the system retains the credentials of the individual who did so most recently on this machine.>> <<"nameAndPassword" is functionally similar to "name" except that both name and password are stored on the disk in unencrypted form and that Login will prompt for credentials only if Grapevine rejects the ones stored on disk.>> GetState: PROC RETURNS [State]; <> ChangeState: PROC [new: State] RETURNS [old: State]; <> LoginOptions: TYPE = RECORD [ confirmCredentialsOverwrite: BOOL _ FALSE, <<'confirmCredentialsOverwrite' is interrogated by Login only if it finds missing or obsolete credentials information on the disk. If 'confirmCredentialsOverwrite' is TRUE, Login will give the user the opportunity to retain the disk state untouched. Otherwise, Login will force the state to be either 'name' or 'nameHint', asking the user which he wants.>> prohibitDiskProtection: BOOL _ FALSE, << If 'prohibitDiskProtection' is TRUE, Login will not to offer the user the opportunity to set the disk credentials state to 'name'.>> ignoreDiskEntirely: BOOL _ FALSE, <> alwaysInteract: BOOL _ FALSE, <> reserved: [0..7777B] _ 0 ]; defaultOptions: LoginOptions = []; Login: PROC [ startInteraction: PROC RETURNS [in, out: STREAM], endInteraction: PROC [in, out: STREAM], options: LoginOptions _ defaultOptions ]; <> <> <> <> <> <> < 0 (and options.alwaysInteract is FALSE), Login bypasses all of the above processing and returns without inspecting the disk credentials area. Thus, once credentials have been established using Login, they remain in effect until discarded by one of the circumstances described earlier. If every Cedar environment sharing the disk on this machine calls Login before it permits the user access to any information stored on the disk, a strong guarantee of disk privacy can be made (assuming GetState[] = name).>> <> <> Get: PROC RETURNS [name, password: ROPE]; <> CredentialsChangeProc: TYPE = PROC [clientData: REF ANY]; RegisterForChange: PROC [proc: CredentialsChangeProc, clientData: REF ANY _ NIL]; <> UnRegisterForChange: PROC [proc: CredentialsChangeProc, clientData: REF ANY _ NIL]; <> END.