%TITLE 'PASSWORD_POLICY - site-specific password policy filter'
MODULE PASSWORD_POLICY  (IDENT='X-2', 
			 ADDRESSING_MODE(EXTERNAL=GENERAL)) =
BEGIN
! COPYRIGHT © 1989-1990 BY
! DIGITAL EQUIPMENT CORPORATION, MAYNARD, MASSACHUSETTS.
! ALL RIGHTS RESERVED.
!
! THIS SOFTWARE IS FURNISHED UNDER A LICENSE AND MAY BE USED AND COPIED
! ONLY  IN  ACCORDANCE  OF  THE  TERMS  OF  SUCH  LICENSE  AND WITH THE
! INCLUSION OF THE ABOVE COPYRIGHT NOTICE. THIS SOFTWARE OR  ANY  OTHER
! COPIES THEREOF MAY NOT BE PROVIDED OR OTHERWISE MADE AVAILABLE TO ANY
! OTHER PERSON.  NO TITLE TO AND  OWNERSHIP OF THE  SOFTWARE IS  HEREBY
! TRANSFERRED.
!
! THE INFORMATION IN THIS SOFTWARE IS  SUBJECT TO CHANGE WITHOUT NOTICE
! AND  SHOULD  NOT  BE  CONSTRUED  AS A COMMITMENT BY DIGITAL EQUIPMENT
! CORPORATION.
!
! DIGITAL ASSUMES NO RESPONSIBILITY FOR THE USE  OR  RELIABILITY OF ITS
! SOFTWARE ON EQUIPMENT WHICH IS NOT SUPPLIED BY DIGITAL.

!++
! FACILITY:
! 
!   SYS$EXAMPLES
! 
! MODULE DESCRIPTION:
! 
!   This module illustrates how to write a site-specific password filter in
!   BLISS.
!
!   To build your own site-specific password policy shareable image, use the
!   following commands:
!
!	$ BLISS SYS$EXAMPLES:VMS$PASSWORD_POLICY
!	$ @SYS$EXAMPLES:VMS$PASSWORD_POLICY_LNK
!
!   Once you've built the image you must then copy it to SYS$LIBRARY, install
!   the image, and enable the callout by setting the SYSGEN parameter
!   LOAD_PWD_POLICY to 1:
!   
!	$ COPY VMS$PASSWORD_POLICY.EXE SYS$COMMON:[SYSLIB]/PROT=(W:RE)
!       $ INSTALL ADD SYS$LIBRARY:VMS$PASSWORD_POLICY/OPEN/HEAD/SHARE
!	$ MCR SYSGEN
!	SYSGEN> USE ACTIVE
!	SYSGEN> SET LOAD_PWD_POLICY 1
!	SYSGEN> WRITE ACTIVE
!	SYSGEN> WRITE CURRENT
!
!   Please consult the "VMS System Generation Utility Manual" for further
!   information on using the SYSGEN utility.  You might also want to add the
!   following line to SYS$SYSTEM:MODPARAMS.DAT:
!
!	LOAD_PWD_POLICY = 1	    ! enable site-specific password filters
! 
! AUTHOR:
! 
!   Derrell D. Piper, October 1989
! 
! MODIFICATION HISTORY:
! 
!--

!
! TABLE OF CONTENTS:
!
FORWARD ROUTINE
    POLICY_PLAINTEXT,					! plaintext password filter
    POLICY_HASH;					! hash filter
!
! INCLUDE FILES:
!
LIBRARY 'SYS$LIBRARY:LIB';				! VAX/VMS private definitions
!
! EXTERNAL REFERENCES:
!
EXTERNAL
    SGN$GL_USERD1   : BITVECTOR[32];			! address of USERD1 SYSGEN parameter

%SBTTL 'POLICY_PLAINTEXT - plaintext password filter'
GLOBAL ROUTINE POLICY_PLAINTEXT (PASSWORD, USERNAME) = 
!++
! FUNCTIONAL DESCRIPTION:
!
!    This procedure could filter plaintext password strings according to a
!    site-specific policy.  As a demonstration, it just prints out the
!    plaintext password and its associated username.  $GETUAI could be used to
!    retrieve additional information pertaining to the user.
!
! FORMAL PARAMETERS:
! 
!   PASSWORD	    plaintext password string entered by user
!   USERNAME	    associated username
! 
! IMPLICIT INPUT PARAMETERS:
! 
!   None
! 
! IMPLICIT OUTPUT PARAMETERS:
! 
!   None
! 
! RETURN VALUE:
! 
!   SS$_NORMAL     password is acceptable
!   SS$_PWDWEAK    password is too easy to guess
! 
! SIDE EFFECTS:
! 
!   None
! 
!--
    BEGIN

    ! Display the plaintext password and its associated username.

    $SAY('  -- in plaintext policy callout', 0);
    $SAY('     password = !AS, user = !AS', .PASSWORD, .USERNAME);

    ! Return SS$_PWDWEAK if USERD1 is set to 1.

    IF .SGN$GL_USERD1[0] THEN RETURN SS$_PWDWEAK ELSE RETURN SS$_NORMAL;
    END;						! End of POLICY_PLAINTEXT

%SBTTL 'POLICY_HASH - hash password filter'
GLOBAL ROUTINE POLICY_HASH (HASH, USERNAME) = 
!++
! FUNCTIONAL DESCRIPTION:
! 
!    This procedure could filter the password hash value according to a
!    site-specific policy.  As a demonstration, it just prints out the
!    quadword hash value and its associated username.  $GETUAI could be used
!    to retrieve additional information pertaining to the user.
! 
! FORMAL PARAMETERS:
! 
!   HASH	    quadword password hash
!   USERNAME	    associated username
! 
! IMPLICIT INPUT PARAMETERS:
! 
!   None
! 
! IMPLICIT OUTPUT PARAMETERS:
! 
!   None
! 
! RETURN VALUE:
! 
!   SS$_NORMAL     password is acceptable
!   SS$_PWDWEAK    password is too easy to guess
! 
! SIDE EFFECTS:
! 
!   None
! 
!--
    BEGIN
    MAP 
	HASH : REF VECTOR;				! address of quadword

    ! Display the hash quadword and its associated username.

    $SAY('  -- in hash policy callout', 0);
    $SAY('     hash = !XL !XL, user = !AS', .HASH[0], .HASH[1], .USERNAME);

    ! Return SS$_PWDWEAK if USERD1 is set to 2.

    IF .SGN$GL_USERD1[1] THEN RETURN SS$_PWDWEAK ELSE RETURN SS$_NORMAL;
    END;						! End of POLICY_HASH

END							! End of module
ELUDOM