Valid on UNIX
The first parameter passed to exit functions linked to attempted TCP/IP request events is a pointer to the SEOS_EXITINET structure. This structure contains information about the connection being requested. The SEOS_EXITINET structure can be found in the authxapi.h file.
IP address of the host requesting the connection.
Name of the host requesting the connection.
Number of the port to which connection is requested.
Protocol code used for the connection request. Currently, only TCP is supported.
The exact level of connection access requested. Currently, only read access is available for TCP/IP requests.
Name of the program requesting a connection. Set to NULL when not applicable.
The first parameter passed to exit functions linked to attempted password quality check events is a pointer to the SEOS_EXITPASS structure. This structure contains information about the password being validated. The SEOS_EXITPASS structure can be found in the authxapi.h file.
Name of the user starting the program to validate or set the password. This can be the user or an administrator (such as root, in UNIX).
Name of the user whose password is being validated.
New user password in clear text.
Old user password. Defined only when users without the ADMIN attribute are changing their own current passwords. Set to NULL when undefined, such as when the administrator (root, in UNIX) is modifying another user's password.
Result of the CA ControlMinder password verification mechanism. This field is not defined in pre‑verification functions. In post‑verification functions, this field holds the result of the CA ControlMinder password quality check. When used with the post set exit function, se_result holds a mask containing one of the following integer values:
0 VERIFYPASS_OK
Password is OK
Password is too short
Password contains the user's name
Password contains too few lowercase characters
Password contains too few uppercase characters
Password contains too few numeric characters arguments
Password contains too few special characters
Password contains too many repetitions of the same character
New password is the same as the old one
New password is the same as one of the values stored in the password history list
Password contains too few alphabetic characters
Password contains too few alphanumeric characters
Not enough time has passed since the last time the password was changed
The old password is contained in the new one or vice versa
The old password is bad
Result of CA ControlMinder password‑setting mechanism. Not defined in password pre‑setting function. In post‑setting function, this field holds the result of the CA ControlMinder attempt to change the password. This parameter is not currently used.
Each Exits API function is passed a pointer to the SEOS_EXITRES structure as its second parameter. Pre‑exit functions receive an empty structure that the functions fill with their results before returning control to the seosd daemon in UNIX or seosd service in Windows. Post‑exit functions receive a structure filled with the results of the CA ControlMinder authorization. The functions then refill the structure with their own results before returning control to the seosd daemon in UNIX or seosd service in Windows. The SEOS_EXITRES structure can be found in the authxapi.h file.
Final result of this exit function. Valid values are one of the following functions:
Instructs CA ControlMinder to permit the request.
Instructs CA ControlMinder to deny the request.
Instructs CA ControlMinder to make the decision.
Stage at which the authorization process made the decision to grant or deny the request.
Note: For more information about authorization stage, see the Reference Guide and the header file seauthstages.h.
Stage at which the authorization process was granted. You may define your own stages. They must be greater than SEOS_EXITR_MINSTAGE. gstage is undefined when authorization is not granted.
Flag indicating whether CA ControlMinder should record this event in the log file. A value of 0 (FALSE) indicates that logging is not required. A value of 1 (TRUE) indicates that logging is required.
Flag indicating reason logging is required. You may define your own reasons. They must be greater than SEOS_EXITR_EXLOGMIN.
Name of source file reporting an error to the error log (__FILE__ macro in ANSI‑C). This value is not used if the function returns 0.
Line number in source file at which an error being logged in the log file occurred (__LINE__ macro in ANSI‑C). This value is not used if the function returns 0.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|