Logon Processor

The logon processor controls user access to a database. It is run when:

The reality command is executed to start up a Reality database environment under UNIX or Windows.
Logging off from a database environment started using the reality -U command.
The LOGON command is executed at TCL.

The logon processor performs the following functions:

Reads the physical location identifier (PLId) of the port from which the logon is attempted and validates it against the associated network profile in NETWORK file.
If logon from that location is valid, LOGON displays a prompt for Reality user-id and password and validates the input.

Note: The user-id prompt is contained in item LOGON in the SYSTEM file. If an invalid user-id or password is entered the message 'Invalid logon attempt' is displayed.

It checks the user-id against the user and security profiles defined in the USERS and SECURITY files (see Database Access Profiles). If the user has a default account without a password, or the user-id has a password (thus overriding any account password), logon continues as at step 4.
If the account has a password and it is not overridden by user-id security, LOGON displays account logon and password prompts and validates the input against the SYSTEM file and against the security profile in SECURITY. If an invalid account or password is entered or if this logon is invalid, the user is denied access and the message 'Invalid logon attempt' is displayed.
Displays any logon message contained in item LOGON in the ERRMSG file. This message is formatted as a standard ERRMSG item. It is used to display a message to users logging-on to the database.
Displays any logon 'welcome' message contained in item '335' in the ERRMSG file.
Runs the Global Logon Program, if any, specified in the MD of the GLOBAL.MD account.
Runs the User Logon Program, if specified in the user's profile and defined in the account's Master Dictionary.
If no User Logon Program is executed, LOGON instead runs the Account Logon Program, if any. Note, however, that the user's environment can be configured to run both.
If access to TCL is attempted and a TCL-inhibit Program is configured this is run to prevent the user gaining access to TCL.

If TCL access is attempted when inhibited in the user's security profile, the user process is logged off.

Logon Prompt

UNIX

On a UNIX system, the following Reality logon prompt is displayed when connection to a new Reality database is attempted:

system_name

LOGON PLEASE:

where system_name is the name assigned to the database when it was created. Refer to the description of the mkdbase command.

The LOGON item must be present in file SYSTEM to allow logon to the database. It can be edited from SYSMAN, SYSPROG or any account with SYS2 privileges and update access to SYSTEM. Initially, when the database has just been made, it contains the following:

   LOGON

001 L

002 Hsystem_name

003 L

002 HLOGON PLEASE: +

Note: The characters 'L', 'H' and '+' format the message as for ERRMSG items.

Windows

On a Windows system, the Reality logon prompt is generated by the communicating program smanager. It can be modified using the network administration utility netadmin. smanager passes the user-id to the reality process it starts, which then prompts for a password, if necessary.

First Logon Message: 'LOGON' in ERRMSG

Item LOGON in file ERRMSG contains the first message displayed after logon is completed. Do not delete this item: if it is missing the message ERRMSG [LOGON] will be displayed at logon.

When the database is first created item LOGON contains only a line feed specification, as follows:

   LOGON

001 L

EOI 001

Welcome Message: '335' in ERRMSG

Item '335' in ERRMSG contains the second message displayed after logon. It shows the release and revision level of Reality software and a copyright notice. If it is missing, the system displays the message ERRMSG [335].

Editing Logon Prompt and Message

On UNIX, to edit the logon prompt, log on to any account that has SYS2 level privileges and update access to the SYSTEM file. These include SYSMAN and SYSPROG.

To edit the logon message text in ERRMSG items LOGON or 335 you can log on to any account that has update access to the ERRMSG file.

Example

    LOGON

001 L(2)

002 T

003 S(21)

004 D

005 L

006 HLOGON TO THE DEVELOPMENT SYSTEM:+

This logon Prompt would be displayed as follows:

11:34:23                     25 DEC 99

LOGON TO THE DEVELOPMENT SYSTEM:

On Windows, use the netadmin utility to edit the logon prompt.

Logon Control Programs

If required, you can create one or more logon control programs to customise database access. These can be run:

When the user logs on (User Logon Program). This can be run by a particular user or by all users (Global Logon Program).
When the user logs to a particular account (Account Logon Program).
When the user returns to TCL from an application (TCL-inhibit Program).

Note: The user's security profile can be configured to prevent access to TCL.

A logon control program must normally be a Proc, but you can allow any valid TCL command (see Introduction to the Terminal Control Language) to be used by setting the LOGON.PROGS environment option.

User Logon Program

A User Logon Program is specified in the user's SSM profile (see option 8 in SSM Option 2 - Define User Profiles) and is run when the associated user logs on to an account in which it resides. It is executed automatically only once, when the user first logs on and is not executed by the LOGTO command. If the User Logon Program is run, the Account Logon Program is normally not executed unless called by the User Logon Program (this behaviour can be changed by setting the ACCOUNT.LOGON environment option).

The following examples might typically be implemented as User Logon Programs.

Example 1

    PRINTER
001 PQN
002 HSP-ASSIGN =LASER
003 P
004 X*** LASER PRINTER ASSIGNED ***

This Proc assigns the spooler queue for the LASER printer and displays the message '***LASER PRINTER ASSIGNED***' after the logon welcome message. For the Proc to be executed automatically at logon, option 8 of the user's profile must be set to 'PRINTER' and the PRINTER Proc must be present in the MD of the account that the user logs on to.

Example 2

    TERMCHAR

001 PQN

002 HTERM 118,44,7,6

003 P

004 X*** TERMINAL CHARACTERISTICS SET ***

This Proc sets terminal characteristics and displays a corresponding message. As above, for automatic execution at logon, option 8 of the user's profile must be set to 'TERMCHAR' and TERMCHAR Proc must be present in the MD of the account that the user logs on to.

Global Logon Program

If the MD of the GLOBAL.MD account contains an item called GLOBAL-LOGON containing a valid TCL command, this is run when any user logs on to Reality. Any User or Account Logon Program runs on completion of the Global Logon Program.

Note: Any TCL command can be used as a Global Logon Program. The LOGON.PROGS environment option has no effect.

Account Logon Program

An Account Logon Program is an item in an account's MD with the same name as the account; it must be a valid logon program (as determined by the setting of the LOGON.PROGS environment option). An Account Logon Program may be used, for example, to execute initialisation routines that establish the user's operating environment or to run a specific program.

An Account Logon Program is executed under the following circumstances:

When logging onto the account. Note, however, that the Account Logon Program does not normally run if a User Logon Program executes (this behaviour can be changed by setting the ACCOUNT.LOGON environment option).
If attribute 9 of the Account Definition Item contains R, on exit from the debugger.
This can be used to prevent TCL access. For example, if the Account Logon Program has a menu that does not allow access to TCL, a user might try to by-pass the menu by breaking into a debugger and then returning to TCL. The R in attribute 9 specifies that the system is to run the Account Logon Program on exit from the debugger.

Example

    SALES

001 PQN

002 HRUN BP MENU

003 P

This Proc runs a DataBasic program named MENU located in the BP file. Typically this might display an application menu. To use this as an Account Logon Program, it must be in the MD of the SALES account.

TCL-inhibit Program

A TCL-inhibit Program prevents users of an account accessing TCL. It is run whenever the software is about to return the user to TCL.

A TCL-inhibit Program is executed under the following circumstances:

If attribute 9 of the Account Definition Item contains T.
If the dictionary of the ACC file contains an item with id ":portNumber" (where portNumber is the port number of the current user) and with attribute 1 containing the name of an item in the account's MD.
If the item named in the ACC file dictionary item is a valid logon program (as determined by the setting of the LOGON.PROGS environment option).

Note: Alternative ways of preventing a user accessing TCL are to inhibit TCL access in the user's security profile, or to configure the account definition item to run the Account Logon Program on exit from the debugger. In the latter case, the Account Logon Program takes precedence over any TCL-inhibit program, but if it exits to TCL the TCL-inhibit Program will be executed.

Example

The following is attribute 9 of the Account Definition Item for account SALES:

009 TB    TCL-inhibited and break disabled

The following item is in DICT ACC:

    :22

001 SALESMENU

Account SALES must contain Proc SALESMENU in its MD. If a user logs on to account SALES from port 22, the system executes the Proc SALESMENU any time the user tries to access TCL.

To	Reality
Version
Topic
Submitted by
Company
Location
Email address
Comment