Previous Topic: UserDefinedPrefix_RegisterExit FunctionNext Topic: SEOSDB_ODF

SDK GuideExits APISEOS_EXITINET

SEOS_EXITINET

Valid on UNIX

The first parameter passed to exit functions linked to attempted TCP/IP request events is a pointer to the SEOS_EXITINET structure. This structure contains information about the connection being requested. The SEOS_EXITINET structure can be found in the authxapi.h file.

char const *ClientAddr

IP address of the host requesting the connection.

char const *szHostName

Name of the host requesting the connection.

int Port

Number of the port to which connection is requested.

int Protocol

Protocol code used for the connection request. Currently, only TCP is supported.

SEOS_ACCESS accs_info

The exact level of connection access requested. Currently, only read access is available for TCP/IP requests.

char const *szProg

Name of the program requesting a connection. Set to NULL when not applicable.

More information:

SEOS_ACCS Structure

SEOS_EXITPASS

The first parameter passed to exit functions linked to attempted password quality check events is a pointer to the SEOS_EXITPASS structure. This structure contains information about the password being validated. The SEOS_EXITPASS structure can be found in the authxapi.h file.

char const *szIname

Name of the user starting the program to validate or set the password. This can be the user or an administrator (such as root, in UNIX).

char const *szUname

Name of the user whose password is being validated.

char const *szPass

New user password in clear text.

char const *szOldPass

Old user password. Defined only when users without the ADMIN attribute are changing their own current passwords. Set to NULL when undefined, such as when the administrator (root, in UNIX) is modifying another user's password.

int se_result

Result of the CA ControlMinder password verification mechanism. This field is not defined in pre‑verification functions. In post‑verification functions, this field holds the result of the CA ControlMinder password quality check. When used with the post set exit function, se_result holds a mask containing one of the following integer values:

0 VERIFYPASS_OK

Password is OK

1 VERIFYPASS_LEN

Password is too short

2 VERIFYPASS_NAME

Password contains the user's name

3 VERIFYPASS_MINS

Password contains too few lowercase characters

4 VERIFYPASS_MINC

Password contains too few uppercase characters

5 VERIFYPASS_MINN

Password contains too few numeric characters arguments

6 VERIFYPASS_MINO

Password contains too few special characters

7 VERIFYPASS_REP

Password contains too many repetitions of the same character

8 VERIFYPASS_SAME

New password is the same as the old one

9 VERIFYPASS_ASOLD

New password is the same as one of the values stored in the password history list

10 VERIFYPASS_ALFA

Password contains too few alphabetic characters

11 VERIFYPASS_ALFAN

Password contains too few alphanumeric characters

12 VERIFYPASS_TIME

Not enough time has passed since the last time the password was changed

13 VERIFYPASS_PREVCONTAIN

The old password is contained in the new one or vice versa

100 VERIFYPASS_BADARGB

The old password is bad

sys_result

Result of CA ControlMinder password‑setting mechanism. Not defined in password pre‑setting function. In post‑setting function, this field holds the result of the CA ControlMinder attempt to change the password. This parameter is not currently used.

SEOS_EXITRES

Each Exits API function is passed a pointer to the SEOS_EXITRES structure as its second parameter. Pre‑exit functions receive an empty structure that the functions fill with their results before returning control to the seosd daemon in UNIX or seosd service in Windows. Post‑exit functions receive a structure filled with the results of the CA ControlMinder authorization. The functions then refill the structure with their own results before returning control to the seosd daemon in UNIX or seosd service in Windows. The SEOS_EXITRES structure can be found in the authxapi.h file.

int result

Final result of this exit function. Valid values are one of the following functions:

SEOS_EXITR_PASS

Instructs CA ControlMinder to permit the request.

SEOS_EXITR_DENY

Instructs CA ControlMinder to deny the request.

SEOS_EXITR_CHECK

Instructs CA ControlMinder to make the decision.

int stage

Stage at which the authorization process made the decision to grant or deny the request.

Note: For more information about authorization stage, see the Reference Guide and the header file seauthstages.h.

int gstage

Stage at which the authorization process was granted. You may define your own stages. They must be greater than SEOS_EXITR_MINSTAGE. gstage is undefined when authorization is not granted.

int ShouldLog

Flag indicating whether CA ControlMinder should record this event in the log file. A value of 0 (FALSE) indicates that logging is not required. A value of 1 (TRUE) indicates that logging is required.

int logreason

Flag indicating reason logging is required. You may define your own reasons. They must be greater than SEOS_EXITR_EXLOGMIN.

char fname[ ]

Name of source file reporting an error to the error log (__FILE__ macro in ANSI‑C). This value is not used if the function returns 0.

int lnum

Line number in source file at which an error being logged in the log file occurred (__LINE__ macro in ANSI‑C). This value is not used if the function returns 0.