initial commit

acAclPolicy-strict.re

@@ -0,0 +1 @@
+acAclPolicy {msiAclPolicy("STRICT"); }

acBulkGetPreProcPolicy-flag.re

@@ -0,0 +1,6 @@
+acBulkGetPreProcPolicy {
+  msiSplitPath( $objPath, *Coll, *File);
+  *Q1 = select META_COLL_ATTR_VALUE where COLL_NAME = '*Coll' and META_COLL_ATTR_NAME = 'BulkDownLoad';
+  foreach (*R1 in *Q1) {*Val = *R1.META_COLL_ATTR_VALUE;}
+  if (*Val == 'off') {msiSetBulkGetPostProcPolicy('off');}
+}

acBulkGetPreProcPolicy-off.re

@@ -0,0 +1 @@
+acBulkGetPreProcPolicy {msiSetBulkGetPostProcPolicy("off");}

acBulkGetPreProcPolicy-on.re

@@ -0,0 +1,6 @@
+acBulkGetPreProcPolicy{ 
+  msiSplitPath( $objPath, *Coll, *File);
+  if (*Coll == "/UNC-CH/home/HIPAA") {
+    msiSetBulkGetPostProcPolicy("off");
+  }
+}

acCheckPasswordStrength.re

@@ -0,0 +1,17 @@
+acCheckPasswordStrength(*password) {
+# Require at least 8 characters
+  *Len = strlen(*password);
+  if(*Len <8) {
+    writeLine("stdout", "Password requires at least 8 characters");
+    fail;
+  }
+# Require at least one number
+  for (*I=1,*I<10,*I=*I+1) {
+    msiSpitPathByKey(*password, "*I", *H, *E);
+    if (*E != "") {
+      succeed;
+    }
+  }
+  writeLine("stdout","Password requires at least 1 number");
+  fail;
+}

acChkUserLogon.re

@@ -0,0 +1,29 @@
+acChkUserLogon {
+# Increment a counter for each logon attempt
+  *User = $userNameClient;
+  *Q1 = select META_USER_ATTR_VALUE where USER_NAME = '*User' and META_USER_ATTR_NAME = 'NumberAttempts';
+  foreach (*R1 in *Q1) {
+    *Val = *R1.META_USER_ATTR_VALUE;
+    *Str = "NumberAttempts=*Val";
+    msiString2KeyValPair(*Str,*Kvp);
+    msiRemoveKeyValuePairsFromObj(*Kvp,*User, "-u");
+    *Val1 = str(int(*Val) + 1);
+    *Str1 = "NumberAttempts=*Val1";
+    msiString2KeyValPair(*Str1,*Kvp1);
+    msiAssociateKeyValuePairsToObj(*Kvp1, *User, "-u");
+  }
+  if (int(*Val1) > 5) {
+# set lockout period
+    *Q2 = select META_USER_ATTR_VALUE where USER_NAME = '*User' and META_USER_ATTR_NAME = 'LockoutPeriod';  
+    foreach (*R2 in *Q2) {
+      *Val = *R2.META_USER_ATTR_VALUE;
+      *Str = "LockoutPeriod=*Val";
+      msiString2KeyValPair(*Str,*Kvp);
+      msiRemoveKeyValuePairsFromObj(*Kvp,*User, "-u");
+      msiGetSystemTime(*Tim, "unix");
+      *Str1 = "LockoutPeriod=*Tim";       
+      msiString2KeyValPair(*Str1,*Kvp1);
+      msiAssociateKeyValuePairsToObj(*Kvp1, *User, "-u");
+    }
+  }
+}

acDataDeletePolicy-collection.re

@@ -0,0 +1,4 @@
+acDataDeletePolicy {ON($objPath like “/Mauna/home/atmos/sensor/*”) {
+  msiDeleteDisallowed; 
+  } 
+}

acDataDeletePolicy.re

@@ -0,0 +1,6 @@
+acDataDeletePolicy {
+#  Rule condition is used to choose which collections to protect
+  ON($objPath like "/UNC-CH/home/HIPAA/Reports/* ") {
+    msiDeleteDisallowed;
+  }
+}

acPostProcForModifyAVUMetadata.re

@@ -0,0 +1,12 @@
+acPostProcForModifyAVUMetadata(*Option,*ItemType,*ItemName,*AName,*AValue,*AUnit) { 
+    on(*AName == "ConvertMe") {
+        irods_curl_get("http://polyglot.cci.drexel.edu/", *ItemName, *AValue, *out);
+        if(*out == ""){
+            deleteAVUMetadata(*ItemName, "ConvertMe", *AValue, *AUnit, *out3);
+            modAVUMetadata(*ItemName, "Conversion Error", *AValue, "dest", *out2);
+        }else{
+            modAVUMetadata(*out, "Derived from", *ItemName, "iRODS path", *out2);
+            deleteAVUMetadata(*ItemName, "ConvertMe", *AValue, *AUnit, *out3);  
+        }
+    }
+}

acPostProcForPut-checksum.re

@@ -0,0 +1 @@
+acPostProcForPut {msiSysChksumDataObj; }

acPostProcForPut-encrypt.re

@@ -0,0 +1,13 @@
+acPostProcForPut {
+# Encrypt data submitted to /UNC-CH/home/HIPAA/Archive
+  *Path = $objPath;
+  msiSplitPath(*Path, *Coll, *File);
+  if (*Coll == "/UNC-CH/home/HIPAA/Archive") {
+# Need to create micro-service for encryption
+     msiEncrypt (*Path);
+# Set encrypt flag to 1
+    *Str1 = "DATA_ENCRYPT=1";
+    msiString2KeyValPair(*Str1, *Kvp1);
+    msiAssociateKeyValuePairsToObj(*Kvp1, *Path, "-d");
+  }
+}

acPostProcForPut-expiry.re

@@ -0,0 +1,8 @@
+acPostProcForPut {
+  msiSplitPath($objPath, *Coll, *File);
+  if(*Coll ==  "/UNC-ARCHIVE/home/Archive") {
+    msiGetSystemTime(*T, "unix");
+    *Time = int(*T) + 3600*24*365;
+    msiSysMetaModify("data_expiry", "*Time");
+  }
+}

acPostProcForPut-handle-nexrad.re

@@ -0,0 +1,12 @@
+acPostProcForPut {ON($userNameClient like "nexrad") {
+        msiWriteRodsLog("Attempting to create Handle for $objPath", *Status);
+        *Cmd = "create_handle";
+        *Keyfile = "/var/lib/irods/hs/admpriv.bin";
+        *Uri = "irods%3A%2F%2Firen2.renci.org%3A1237$objPath";
+        *Url = "https://dfcweb.datafed.org/idrop-web2/home/link?irodsURI=*Uri";
+
+        *Args = "$dataId *Url";
+        msiExecCmd(*Cmd, *Args, "null", "null", "null", *Result);
+        msiGetStdoutInExecCmdOut(*Result,*Out);
+        msiWriteRodsLog("Created Handle *Out for $objPath", *Status);
+}

acPostProcForPut-handle.re

@@ -0,0 +1,12 @@
+acPostProcForPut  {
+#  Attempting to create Handle for $objPath
+        *Cmd = "create_handle";
+        *Keyfile = "/var/lib/irods/hs/admpriv.bin";
+        *Uri = "irods%3A%2F%2Firen2.renci.org%3A1237$objPath";
+        *Url = "https://dfcweb.datafed.org/idrop-web2/home/link?irodsURI=*Uri";
+
+        *Args = "$dataId *Url";
+        msiExecCmd(*Cmd, *Args, "null", "null", "null", *Result);
+        msiGetStdoutInExecCmdOut(*Result,*Out);
+# Created Handle *Out for $objPath
+}

acPostProcForPut-replica-delay.re

@@ -0,0 +1 @@
+acPostProcForPut {ON($objPath like "/lifelibZone/home/*") {delay("<PLUSET>1s</PLUSET>") {msiSysReplDataObj('renci-unix1','null'); } } }

acPostProcForPut-replicate.re

@@ -0,0 +1,7 @@
+acPostProcForPut {
+  ON($objPath like "/UNC-ARCHIVE/home/Archive/*") {
+    delay("<PLUSET>1s</PLUSET>") {
+      msiSysReplDataObj('replResc', 'null'); 
+    }
+  } 
+}

acPostProcForPut-report.re

@@ -0,0 +1,16 @@
+acPostProcForPut {
+# calculate the checksum
+# append the file size, date, and checksum to a report
+  msiSplitPath ($objPath, *Coll, *File);
+  if (*Coll == "/dfcmain/home/rwmoore/Project") {
+    msiDataObjChksum($objPath, "forceChksum=", *Chksum);
+    *Q1 = select DATA_SIZE where DATA_NAME = '*File' and COLL_NAME = '*Coll';
+    foreach (*R1 in *Q1) {*Size = *R1.DATA_SIZE;}
+    msiGetSystemTime(*Tim, "human");
+# open report file
+    *LPath = "/dfcmain/home/rwmoore/Project/Depreport"
+    msiDataObjOpen(*LPath, *Fdesc);
+    msiDataObjLseek(*Fdesc, "0", "SEEK_END", *Stat);
+    writeLine("*LPath", "*Tim *File, Size *Size, Checksum *Chksum");
+  }
+}

acPostProcForPut-version.re

@@ -0,0 +1,15 @@
+acPostProcForPut {
+# acPostProcForPut-version.r
+# create a copy of the file by modifying the file name with a version stamp
+# note that a collection must be specified where the version will be stored
+  *Path = $objPath;
+  msiSplitPath(*Path, *Coll, *File);
+# construct version name
+  msiGetSystemTime(*Tim, "human");
+# check whether there is a file extension on the name
+  msiSplitPathByKey (*File, ".",*Fstart, *Fend);
+  *Vers = *Fstart ++ "." ++ "*Tim" ++ *Fend;
+  *Pathver = "/Mauna/home/atmos/version/” ++ *Coll ++ "/" ++ *Vers;
+  msiDataObjCopy(*Path,*Pathver, "forceFlag=",*Status);
+  msiSetACL("default", "own", $userNameClient, *Pathver);
+}

acPreProcForRmColl.re

@@ -0,0 +1,3 @@
+acPreprocForRmColl {
+  msiSendMail("[email protected]”, “Collection deletion”, “Collection $collName is deleted");
+}

acScanFileAndFlagObject.re

@@ -0,0 +1,41 @@
+acScanFileAndFlagObject(*ObjPath,*FilePath,*Resource)
+{
+# Run clamscan script on resource
+        msiExecCmd("scanfile.py", *FilePath, *Resource, null, null, *CmdOut);
+# Save operation status
+        assign(*Status, $status);
+# Get stdout from last call
+        msiGetStdoutInExecCmdOut(*CmdOut, *StdoutStr);
+
+# Passed, failed, or error?
+        if (*Status == 0)
+        then
+#       # Scan successful, object passed
+        {
+#               # Get timestamp
+                msiGetSystemTime(*Time, human);
+#               # Create new KeyValPair_MS_T
+                msiAddKeyVal(*KVP, "VIRUS_SCAN_PASSED.*Time", *StdoutStr);
+#               # Add new metadata triplet to object
+                msiAssociateKeyValuePairsToObj(*KVP, *ObjPath, "-d");
+        }
+        else
+        {
+                if (*Status == 344000)
+                then
+#               # Scan successful, object failed
+                {
+#                       # Get timestamp
+                        msiGetSystemTime(*Time, human);
+#                       # Create new KeyValPair_MS_T
+                        msiAddKeyVal(*KVP, "VIRUS_SCAN_FAILED.*Time", *StdoutStr);
+#                       # Add new metadata triplet to object
+                        msiAssociateKeyValuePairsToObj(*KVP, *ObjPath, "-d");
+                }
+                else
+#               # Scan failed (command execution error)
+                {
+                        nop;
+                }
+        }
+}

acSetPublicUserPolicy-lockout.re

@@ -0,0 +1,28 @@
+acSetPublicUserPolicy {
+# reset NumberAttempts and LockoutPeriod
+  *User = $userNameClient;
+  *Q1 = select META_USER_ATTR_VALUE where USER_NAME = '*User' and META_USER_ATTR_NAME = 'NumberAttempts';
+  foreach (*R1 in *Q1) {
+    *Val = *R1.META_USER_ATTR_VALUE;
+    *Str = "NumberAttempts=*Val";
+    msiString2KeyValPair(*Str,*Kvp);
+    msiRemoveKeyValuePairsFromObj(*Kvp,*User, "-u");
+    *Val1 = "0";
+    *Str1 = "NumberAttempts=*Val1";
+    msiString2KeyValPair(*Str1,*Kvp1);
+    msiAssociateKeyValuePairsToObj(*Kvp1, *User, "-u");
+  }
+  if (int(*Val1) > 5) {
+# set lockout period
+    *Q2 = select META_USER_ATTR_VALUE where USER_NAME = '*User' and META_USER_ATTR_NAME = 'LockoutPeriod';
+    foreach (*R2 in *Q2) {
+      *Val = *R2.META_USER_ATTR_VALUE;
+      *Str = "LockoutPeriod=*Val";
+      msiString2KeyValPair(*Str,*Kvp);
+      msiRemoveKeyValuePairsFromObj(*Kvp,*User, "-u");
+      *Str1 = "LockoutPeriod=0";
+      msiString2KeyValPair(*Str1,*Kvp1);
+      msiAssociateKeyValuePairsToObj(*Kvp1, *User, "-u");
+    }
+  }
+}

acSetPublicUserPolicy-reset.re

@@ -0,0 +1,35 @@
+acSetPublicUserPolicy {
+# reset NumberAttempts and LockoutPeriod
+  *User = $userNameClient;
+  *Q1 = select META_USER_ATTR_VALUE where USER_NAME = '*User' and META_USER_ATTR_NAME = 'NumberAttempts';
+  foreach (*R1 in *Q1) {
+    *Val = *R1.META_USER_ATTR_VALUE;
+    *Str = "NumberAttempts=*Val";
+    msiString2KeyValPair(*Str,*Kvp);
+    msiRemoveKeyValuePairsFromObj(*Kvp,*User, "-u");
+    *Val1 = "0";
+    *Str1 = "NumberAttempts=*Val1";
+    msiString2KeyValPair(*Str1,*Kvp1);
+    msiAssociateKeyValuePairsToObj(*Kvp1, *User, "-u");
+  }
+  if (int(*Val1) > 5) {
+# set lockout period
+    *Q2 = select META_USER_ATTR_VALUE where USER_NAME = '*User' and META_USER_ATTR_NAME = 'LockoutPeriod';
+    foreach (*R2 in *Q2) {
+      *Val = *R2.META_USER_ATTR_VALUE;
+      *Str = "LockoutPeriod=*Val";
+      msiString2KeyValPair(*Str,*Kvp);
+      msiRemoveKeyValuePairsFromObj(*Kvp,*User, "-u");
+      *Str1 = "LockoutPeriod=0";
+      msiString2KeyValPair(*Str1,*Kvp1);
+      msiAssociateKeyValuePairsToObj(*Kvp1, *User, "-u");
+    }
+  }
+  if (*User != 'public' && *User != 'anonymous') {
+    *Q2 = select META_USER_ATTR_VALUE where USER_NAME = '*User' and META_USER_ATTR_NAME = 'ResetPassword';
+    foreach (*R2 in *Q2) {
+      *Val = *R2.META_USER_ATTR_VALUE;
+      if (*Val == "1" ) { writeLine("stdout", "Reset your password");}
+    }
+  }
+}

acSetPublicUserPolicy.re

@@ -0,0 +1,54 @@
+acSetPublicUserPolicy {
+# reset NumberAttempts and LockoutPeriod
+  *User = $userNameClient;
+  *Q1 = select META_USER_ATTR_VALUE where USER_NAME = '*User' and META_USER_ATTR_NAME = 'NumberAttempts';
+  foreach (*R1 in *Q1) {
+    *Val = *R1.META_USER_ATTR_VALUE;
+    *Str = "NumberAttempts=*Val";
+    msiString2KeyValPair(*Str,*Kvp);
+    msiRemoveKeyValuePairsFromObj(*Kvp,*User, "-u");
+    *Val1 = "0";
+    *Str1 = "NumberAttempts=*Val1";
+    msiString2KeyValPair(*Str1,*Kvp1);
+    msiAssociateKeyValuePairsToObj(*Kvp1, *User, "-u");
+  }
+  if (int(*Val1) > 5) {
+# set lockout period
+    *Q2 = select META_USER_ATTR_VALUE where USER_NAME = '*User' and META_USER_ATTR_NAME = 'LockoutPeriod';
+    foreach (*R2 in *Q2) {
+      *Val = *R2.META_USER_ATTR_VALUE;
+      *Str = "LockoutPeriod=*Val";
+      msiString2KeyValPair(*Str,*Kvp);
+      msiRemoveKeyValuePairsFromObj(*Kvp,*User, "-u");
+      *Str1 = "LockoutPeriod=0";
+      msiString2KeyValPair(*Str1,*Kvp1);
+      msiAssociateKeyValuePairsToObj(*Kvp1, *User, "-u");
+    }
+  }
+  if (*User != 'public' && *User != 'anonymous') {
+    *Q2 = select META_USER_ATTR_VALUE where USER_NAME = '*User' and META_USER_ATTR_NAME = 'ResetPassword';
+    foreach (*R2 in *Q2) {
+      *Val = *R2.META_USER_ATTR_VALUE;
+      if (*Val == "1" ) { writeLine("stdout", "Reset your password");}
+    }
+  }
+# check prior passwords
+  *Q3 == select META_USER_ATTR_VALUE, META_USER_ATTR_UNITS where USER_NAME = '*User' and META_USER_ATTR_NAME = 'PasswordHist';
+  foreach (*R3 in *Q3) {
+    *Pass = *R3.META_USER_ATTR_VALUE;
+    *Date = *R3.META_USER_ATTR_UNITS;
+    if(*Date == '0') {
+      *Passcurrent = *Pass;
+  }
+# do the comparison
+  foreach (*R3 in *Q3) {
+    *Pass = *R3.META_USER_ATTR_VALUE;
+    *Date = *R3.META_USER_ATTR_UNITS;
+    if (*Date != '0') {
+      if (*Pass == *Passcurrent) {
+        writeLine("stdout", "Reset your password");
+        fail;
+      }
+    }
+  }
+}

acTicketPolicy.re

@@ -0,0 +1,13 @@
+acTicketPolicy {
+# For collections that have the ACCESS_APPROVAL flag set to 0, tickets are disabled
+  msiSplitPath($objPath, *Coll, *File);
+  *Q = select META_COLL_ATTR_VALUE where COLL_NAME = '*Coll' and META_COLL_ATTR_NAME = 'ACCESS_APPROVAL';
+  *Access == "0";
+  foreach (*R in *Q) {
+    *Access = *R.META_COLL_ATTR_VALUE;
+  }
+  if (*Access == "0") { 
+    writeLine ("serverlog", "Restrict ticket access for collection *Coll and file *File");
+    fail;
+  }
+}