phares3757/open-insight
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
26198b343a01eacf4ddda8912f2e59dd4ffec490
open-insight/SYSPROG/STPROCINS/RTI_DER_EQUATES.txt
Infineon\StieberD 3a6a2b6b5b added sysprog entities
2024-03-25 15:17:34 -07:00

125 lines
8.0 KiB
Plaintext
Raw Blame History

compile Insert rti_der_equates
* 09-06-11 rjc added omni_setVolumePassword, der_roleDecrypt
*---
* rtiDerClient Operation Codes
*---
Equ der_openVolume$ To 1 ; * called by OpenMedia
Equ der_openTable$ To 2 ; * called by OpenFile
Equ der_oi2lh_key$ To 3 ; * Convert oikey to lhkey - will encrypt if key is encrypted, or do nothing if key is not encrypted
Equ der_oi2lh_rec$ To 4 ; * Convert oiRecofd to lhRecord
; * - will encrypt any fields flagged for encryption and allowed for this user.
; * - will fail if some fields are encrypted and use does not have rights to decrypt
; * - will pass through any fields not marked for encryption
Equ der_lh2oi_key$ To 5 ; * Complement to oi2lh_key
; * - will decrypt if key is encrypted and user has right to decrypt
; * - will pass through if key is not encrypted or user not allowed
Equ der_lh2oi_rec$ To 6 ; * Complement to oi2lh_rec
Equ der_closetable$ To 7 ; * called by flush.all
Equ der_closeMedia$ To 8 ; * called by detach_volume
Equ der_oi2lh_field$ To 9 ; * For indexes, encrypt a vm delimited list of values from a column
Equ der_lh2oi_field$ To 10 ; * For indexes, decrypt a vm delimited list of values from a column
Equ der_metaTableEncrypt$ To 11 ; * Create the meta information (blob) for a table. Note, this does not encrypt the rows
Equ der_metaServerEncrypt$ To 12 ; * Initialise a new DERServer
Equ der_metaRoleEncrypt$ To 13 ; * Modify the list of groups assigned to roles such as serveradmin, roleadmin, tableadmin, tableuser
Equ der_metaRoleDecrypt$ To 14 ; * returns the roles assigned to the current user
Equ der_metaTableImport$ To 15 ; * Moving a table? import the table blob encrypted by public key
Equ der_metaTableExport$ To 16 ; * Moving a table? export the table blob encrypted by public key
Equ der_metaEncrypt$ To 17 ; * Encrypting data? you can pass the data and a salt. See media operations
Equ der_metaDecrypt$ To 18 ; * Decrypting data? you can pass the data and a salt. See media operations
Equ der_metaIsTableAdmin$ To 19 ; * Is the current user allowed to administer tables?
Equ der_metaCheckVal$ To 20 ; * Get an example encrypted value for a table
Equ der_metaIsServerAdmin$ To 21 ; *
Equ der_metaIsRoleAdmin$ To 22 ; *
Equ der_metaTableChangeGroups$ To 23 ; * Change the list of groups allowed to use a table
Equ der_metaIsServerConfigured$ To 24 ; * return true$ if server is configured
Equ der_getProtectedFields$ To 25 ; * get the list of fields I can decrypt, based on my groups
Equ der_MetaTableDecrypt$ To 26 ; * get the fields, groups, error flag and keyparts flag for a table
Equ der_oi2lh_keyBlock$ To 27 ; * For indexes, encrypt a vm delimited list of values from a column
Equ der_lh2oi_keyBlock$ To 28 ; * For indexes, decrypt a vm delimited list of values from a column
* SYSPTRS etries
** Volume Fields
Equ der_Volume$ to 1 ; * the literal "VOLUME"
Equ der_BfsType$ to 2 ; * the literal "RTP57E"
Equ der_DataLoc$ to 3 ; * Location of the Rev files
Equ der_ControlLoc$ to 4 ; * see ControlLoc subfields below
** ControlLoc subfields ( vm delimited )
Equ derCtl_serverAddress$ to 1 ; * ipAddress for derServer (optional default to null)
Equ derCtl_serverPort$ to 2 ; * ipPort for derServer (optional default to null)
Equ derCtl_protectedVisiblity$ to 3 ; * optional default to dercfg_showprotected$ ( see below )
Equ derCtl_passworded$ to 4 ; * true to require user to enter a password every time volume is attached ( default to false$)
Equ derCtl_volId$ to 5 ; * optional, default to a guid, system assigned
Equ derCtl_UserPrincipalName$ to 6 ; * UserPrincipalName required by WCF to authenticate kerberos connection to rtiderserver
; * If you pass in the servername and is is not localhost you probably need prinipalname too
; * UserPrincipalName looks like username@domain, where username is the name the service is running as
Equ derCtl_TraceFile$ To 7 ; * put in the full path for a file to log to
Equ derCtl_TraceItems$ To 8 ;* comma-delimited string of trace options - All, Off, Critical, Error, Warning, Information, Verbose, and/or ActivityTracing
* enum for der_protectedVisibility ( hide or show protected fields )?
* We can either show or hide the encrypted values a user is not allowed to see. You want to show keys or lookups will fail.
Equ dercfg_hideprotected$ To 0
Equ dercfg_showprotected$ To 1
* postions of grooups in the metaServerEncrypt call
Equ derCfg_Role_RoleAdmin$ To 1
Equ derCfg_Role_ServerAdmin$ To 2
Equ derCfg_Role_TableAdmin$ To 3
Equ derCfg_Role_Impersonator$ To 4
Equ derCfg_Role_DataUser$ To 5
* Name of the file the installer creates
Equ dercfg_InstallerLogFile$ To "derServerInstalled.log"
* Media record ( %%DERMEDIA%% )
* MM.DATA.NAME$ = volID , a GUID generated by createMedia
* MM.FOREIGN.ATTR$ contains various encryption related subfields
Equ der_mediaAttrib_users$ To 1 ; * the guid for this volume
Equ der_mediaAttrib_groups$ To 2 ; * the encrypted information, for example users and impersonated groups
Equ der_mediaAttrib_visibility$ to 3 ; * Do I show or hide values you don't have rights for
Equ der_mediaAttrib_passworded$ to 4 ; * Do I need the credentials ( passphrase and IV) every time I attach the volume?
Equ der_mediaAttrib_checkVal$ to 5 ; * Used to confirm that encryption passprhase and IV are as expected
* OMNISCRIPT calls - Some of the meta functions are implemented as omniscript calls
* start the numbering at 10 to skip over other RTP57 uses of omniscript
Equ der_omniEncryptTable$ To 10 ; * a tool wants to update table encryption info
; * handle = mediaHandle, name = table*account returns status
Equ der_omniSetImpersonation$ To 11 ; * a tool wants to update user impersonation info for a volume
; * handle = mediaHandle, name, fmc null, record = users, groups
Equ der_omniPreMove$ To 12 ; * to support copy table. Need to park the encryption information in a common
Equ der_omniPostMove$ To 13 ; * to support copy table. Need to clear the parked encryption information.
Equ der_omniSetPortableParams$ To 14 ; * to support portable volumes, pass in passphrase and IV
Equ der_omniGetCheckVal$ To 15 ; * return a test value for a table - used to determine if two tables are clones
Equ der_omniEncryptExistingTable$ To 16 ; * similar to encrypt table, but can be applied to existing table
; * (so long as no data found in the table, and encryption is currently null)
Equ der_omniSetVolumePasswords$ To 17 ; * Change the passwords ( passpharase/ IV ) on an existing volume. The volume must already be attached
Equ der_omniTableChangeGroups$ To 18 ; * Change the groups allowed to see data on a table]
; * handle = table handle, record = new group information
Equ der_omniTableInfo$ To 19 ; * handle = table handle, record (out) = encryption fields, group information
Equ der_omniVolInfo$ To 20 ; * handle = vol handle, record (out) = true if this is encrypted
* Encryption parameters
* structure of encryption info passed in the openTable
Equ encrypted_positions$ To 1
Equ encrypted_group$ To 2
Equ encrypted_writeerror$ To 3
Equ encrypted_keyparts$ To 4
* Token blob for unecrypted tables
Equ DER_NOT_ENCRYPTED$ To "<<NONE>>"
Equ DER_ALL_ENCRYPTED$ To "-1"
Equ DER_ALL_GROUPS$ To '*'
* delimiter for extra info added to the table handle
Equ der_handleDelim$ To "~"
Declare Function rti_derClient,rti_derImpersonateGroups
Reference in New Issue View Git Blame Copy Permalink