<<< DOCD$:[NOTES$LIBRARY]SCT-RAVEN.NOTE;1 >>> -< The SCT Raven conference >- ================================================================================ Note 303.0 Integration of Per-Thread Security No replies EVMS::MOSKAL 435 lines 5-MAR-1997 15:40 -------------------------------------------------------------------------------- $! $! Project: Per-Thread Security $! Project Leader: Andy Moskal $! Development Stream: Raven FT1 $! Checkin Type: New Functionality $! $! Description of Change: Integration of baseline per-thread security $! support into OpenVMS proper. $! $! The per-thread security project provides the infrastructure $! required to support the following OpenVMS initiatives: $! $! - NT Affinity $! $! Per-thread security forms the foundation upon which to $! build the binding of NT credentials to execution contexts $! with the OpenVMS environment. $! $! - Business Critical Server $! $! Per-thread security provides impersonation capabilities $! at the thread level, creating an environment that more $! prominently supports the construction of multi-threaded $! applications which need to process multi-client requests $! concurrently. $! $! The project has modified the operating system to shift the $! paradigm of a user's security profile - identity, privileges, $! rights and MAC classification (SEVMS) - from the process $! level down to the kernel thread level. This entailed moving $! the ARB information, along with several PCB, PHD, JIB and CTL $! region fields, to a new persona (PSB) data structure and $! redirecting all references accordingly. $! $! In the revised environment, persona are used to associate user $! contexts to execution contexts. As user threads are switched $! among kernel threads, persona are also switched. $! $! Platforms affected: Alpha now, no formal plans for VAX at this time $! $! Modules affected: $! $! [AUDSRV] $! AUDIT_SERVER $! FMTAUDSUB.B32 $! FORMATBL.B32 $! $! [BACKUP] $! BACKUPLNKSHR.COM $! $! [CLIUTL] $! CIA.B32 $! DYNSWITCH.MAR $! INFO.B64 $! SETDEVICE.B32 $! SETMISC.B32 $! SETPROCES.B32 $! SETPWD.B32 $! SHOWAUDIT.B32 $! SHOWPROC.B32 $! $! [CLUE$SDA] $! CLUE_XQP.MAR $! $! [CPU1504] $! CPU1504ASM.DAT $! HEDRIVER.C $! $! [DCL] $! IMAGECTRL.MAR $! SET.MAR $! SPAWN.MAR $! $! [DISMOU] $! DISMOU.B32 $! $! [DRIVER] $! DRDRIVER.C $! DRIVERASM.DAT $! $! [F11X] $! ACCESS.B32 $! ACLCNTRL.B32 $! ACPCNTRL.B32 $! CHARGEQ.B32 $! CHKDMO.B32 $! CHKPRO.B32 $! CLENUP.B32 $! CREATE.B32 $! DISPAT.B32 $! ERASE.B32 $! FCPDEF.REQ $! GETREQ.B32 $! MODIFY.B32 $! MOVEFILE.B32 $! QUOTAUTIL.B32 $! RDBLOK.B32 $! RWATTR.B32 $! SNDBAD.B32 $! $! [IMGDMP] $! ANALIMDMP.MAR $! $! [INSTAL] $! INSCMD.CLD $! INSCREATE.B32 $! INSDELETE.B32 $! INSLIST.B32 $! INSMAIN.B32 $! INSOLDCMD.CLD $! INSPRSOLD.B32 $! $! [IPC] $! IPC_FAST.B32 $! IPC_FUNCTIONS.B32 $! IPC_GLOBAL.B32 $! IPC_SSRV.B32 $! NET_BLISS_DEFINITIONS.R32 $! NET_REQUIRE.R32 $! $! [JOBCTL] $! INNERMODE.B32 $! JBCSNDJBC.B32 $! JOBCONTROL.B32 $! JOBCTLDEF.REQ $! RESTRICT.B32 $! UNSOLICIT.B32 $! UTILITY.B32 $1 $! [LAD] $! DADDRIVER.MAR $! ISL_GETPROFILE.B32 $! MADDRIVER.MAR $! $! [LAN] $! SYS$LANLNK.COM $1 $! [LAT] $! LATACP_MAIN.B32 $! LTACP.MAR $! LTDRIVER_DPT.MAR $! LTDRIVER_FDT.B32 $! LTDRIVER_INIT.B32 $! LTDRIVER_SOLICIT.B32 $! $! [LIB] $! ACMDEF.SDL $! BRKTDEF.SDL $! BUGCHECK_CODES.REQ $! CHPCTLDEF.SDL $! CLASSDEF.SDL $! CWPSDEF.SDL $! IRPDEF.SDL $! LIBBLD.COM $! NSABDEF.SDL $! PCBDEF.SDL $! PERSONA-MACROS.REQ $! PSBDEF.SDL $! RIGHTSDEF.SDL $! SECURITY-MACROS.MAR $! SECURITY-MACROS.REQ $! SYSDEF64.DAT $! SYSDEFMP.DAT $! SYSMAR.MAR $! TTYMACS.MAR $! VMS-MACROS.REQ $! $! [LIB_H] $! LIB_HBLD.COM $! LIB_H_AE.DAT $! LIB_H_MP.DAT $! LIB_H_QZ.DAT $! SECURITY-MACROS.H $! $! [LOADSS] $! FINDHELD.B32 $! IMPERSONATE.B32 $! IMPERSONATE.R32 $! IMPERSONATE_P.B32 $! LOADSSASM.DAT $! LOADSSBLD.COM $! PERSONA_CONTEXT.SDL $! PROFILE.B32 $! RDBDISP.MAR $! SECSHRLNK.COM $! SECSRVSND.B32 $! SYSCHKACC.B32 $! SYSPERSONA.B32 $! SYSUAISRV.B32 $! $! [LOGIN] $! AUTHENTICATE.B32 $! INITUSER.B32 $! INTERACT.B32 $! LOGIN.B32 $! LOGINLNK.COM $! $! [MAILSHR] $! GET_USER.B32 $! ISUBS.B32 $! MAILSHRASM.DAT $! MSGSUBS.B32 $! PROT_DEF.REQ $! PROT_FRONT.B32 $! PROT_NOTIFY.B32 $! PROT_SEND.B32 $! PROT_SUBS.B32 $! WRITEMSG.B32 $! $! [MANAGE] $! MANAGELNK.COM $! SMICONVERT_PACKET.B32 $! SMIDEF.SDL $! SMIMISC.B32 $! SMIPROFILE.B32 $! SMIREMOTE.B32 $! SMISECURITY_SOURCE.B32 $! SMISECURITY_TARGET.B32 $! SMISERVER.B32 $! VMS$IMAGES_MASTER.TXT $! $! [MCR] $! MCRSET.MAR $! $! [MME] $! MME.H $! MMEASM.DAT $! MMESTUB.C $! MME_ACTION.C $! MME_ERROR.C $! MME_HOOKS.C $! MME_MEMORY.C $! MME_SHR_DATA.C $! $! [MONTOR] $! SYSGETSPI.MAR $! $! [MOUNT96] $! CLUSTRMNT.B32 $! MAKLOG.B32 $! $! [MTAACP] $! ACPCTR.B32 $! CHKACC.B32 $! CNTRL.B32 $! GETREQ.B32 $! INIMTA.B32 $! OPRCOM.B32 $1 $! [NETACP] $! NETACPTRN.MAR $! NETDRVSES.MAR $! NETOPCOM.MAR $! $! [OPCOM] $! OPCOMINI.B32 $! OPCOMLIB.B32 $! OPERUTIL.B32 $! $! [PTD] $! FTDRIVER.MAR $! $! [QMAN] $! APPLY.B32 $! JOBUTIL.B32 $! QDATA.SDL $! QMANCOMM.SDL $! QMANDEF.REQ $! QMANLNK.COM $! QMANUTIL.B32 $! QSNDJBC.B32 $! STARTUP.B32 $! SYMBIONT.B32 $! TABLES.REQ $! $! [RMS] $! RM0EXTRMS.MAR $! RM0THDMGR.B32 $! RMS0OPEN.MAR $! RMSINTSTR.SDL $! SDARMS_DISPLAY_LIST.MAR $! $! [SCSI] $! DKDRIVER.MAR $! $! [SDA] $! COMMANDS.MAR $! EVAX_SYSDEF.MAR $! PROCESS.MAR $! SYMBOLS.MAR $! $! [SECSRV] $! HARDEN_PROCESS.B32 $! $! [STARLET] $! CLSDEF.SDL $! IMPDEF.SDL $! ISSDEF.SDL $! JPIDEF.SDL $! PRCDEF.SDL $! PRVDEF.SDL $! SSMSG.MSG $! STARDEF64.DAT $! STARDEFFL.DAT $! STARDEFMP.DAT $! STARLET.SDL $! UICDEF.SDL $! $! [SYS] $! ACCOUNT.MAR $! ALIGN_SERV.B64 $! ARBS_AND_ORBS.B32 $! BASE_LEVEL.MAR $! BUGCHECK.B64 $! CWPS_GETJPI.MAR $! DEVICE_OBJECT.B32 $! DISMOUNT.MAR $! EVENT_FLAG_OBJECT.B32 $! EXSUBROUT.MAR $! IOCIOPOST.MAR $! LNMSUB.MAR $! MBDRIVER.B64 $! PERSONA_SERVICES.B32 $! PERSONA_SUPPORT.B32 $! PHDUTL.MAR $! PROCESS_SCAN_CHECK.MAR $! PROCSTRT.MAR $! PROFILE.B32 $! QUEUE_OBJECT.B32 $! RESOURCE_DOMAIN_OBJECT.B32 $! RIGHTSLIST_SERVICES.B32 $! RIGHTS_SUPPORT.B32 $! SECURITY_AUDITING.B32 $! SECURITY_AUDITING_64.B64 $! SECURITY_LNK.COM $! SYS$PUBLIC_VECTORSLNK.OPT $! SYSACLSUB.B32 $! SYSACPFDT.MAR $! SYSASCEFC.MAR $! SYSASM.DAT $! SYSASSIGN.MAR $! SYSBRKTHR.MAR $! SYSCANCEL.MAR $! SYSCHGMOD.MAR $! SYSCHKCLS.B32 $! SYSCHKPRO.MAR $! SYSCREPRC.MAR $! SYSCRMPSC.MAR $! SYSDELPRC.MAR $! SYSDGBLSC.MAR $! SYSENQDEQ.MAR $! SYSFASTIO.C $! SYSGETJPI.MAR $! SYSGETSYI.MAR $! SYSIMGACT.B32 $! SYSLICENSE.MAR $! SYSLNK.OPT $! SYSLNM.MAR $! SYSMAILBX.MAR $! SYSOBJSUB.B32 $! SYSPARAM.MAR $! SYSPCNTRL.MAR $! SYSQIOFDT.MAR $! SYSQIOREQ.MAR $! SYSRDBRES.B32 $! SYSRDBRES.BLI $! SYSRTSLST.MAR $! SYSRUNDWN.MAR $! SYSSCHED.B32 $! SYSSETPRV.B32 $! SYSSETPRV.MAR $! SYSSNDJBC.B32 $! SYSSNDMSG.MAR $! SYSTEM_PCBS_AND_PHDS.MAR $! SYSTEM_ROUTINES.M64 $! SYSTEM_SERVICES.M64 $! SYS_AUDIT_EVENT.B32 $! SYS_CHECK_PRIVILEGE.B32 $! SYS_SUBSYSTEM.B32 $! TM_SUPPORT.BLI $! UCBCREDEL.MAR $! VCC_CACHE.MAR $! VOLUME_OBJECT.B32 $! $! [SYSLOA] $! CWPS_MESSAGE_RECV.MAR $! CWPS_SERVICE_RECV.MAR $! CWPS_SERVICE_SEND.MAR $! $! [TFF] $! TFF$KMODE_SERVICE.MAR $! $! [TPSSDA] $! TPS_OFFSETS.B32 $! TPS_SHOW.B32 $! $! [TTDRVR] $! TTYFDT.MAR $! $! [UTIL32] $! RF_VERS.C $! SETUSER.B32 $! UTIL32ASM.DAT $! $! [VMSLIB] $! JPITABLE.MAR $! SYITABLE.MAR $! $! [WATCHPOINT] $! WATCHPOINTASM.DAT $! WP.H $! WP_MISC.C $! $! Images affected: All images related to the modules listed above. $! $! Impact/Risks: Major revisions to the security subsystem, $! most of which are transparent at the user $! level. $! $! Required for NT affinity persona extensions. $! $! How was change Tested: Full system builds were performed on a regular $! basis using a variant code stream, which has $! been kept in synch with the RAVEN code base $! during the final stages of the project. $! $! The basic VMS regression test suite, along $! with other functional testings, was executed $! against selected baselevels using various $! system configuratoins, including: $! - Standalone Alpha workstations $! - MAVC with 2 Alpha nodes and 1 VAX $! - MAVC with 1 Alpha SMP node and a VAX $! $!