UserDefinedPrefix_RegisterExit Function

SDK Guide › Exits API › UserDefinedPrefix_RegisterExit Function

UserDefinedPrefix_RegisterExit Function

Valid on Windows

The UserDefinedPrefix_RegisterExit function registers exit functions for some events. The registration in seosd service and pwdchange.dll is handled during startup.

If the function succeeds, it returns 0. Any other numbers indicate a failure; the execution continues as usual-as if no callback function was called.

Note: The UserDefinedPrefix is read from the registry by the seosd service and pwdchange.dll prior to calling this function.

declspec(dllexport) int __stdcall UserDefinedPrefix_RegisterExit(PFNEXIT pFunctionsExit[], unsigned long* pEventsType).

where PFNEXIT is defined as a pointer to a function that receives void as an argument and returns int.

int UserDefinedFunction(void* data, SEOS_EXITRES * pExitResult);

pFunctionsExit

An array of user-defined functions that are to be registered in the seosd service and in pwdchange.dll.

pEventsType

An array of event types corresponding to the function in the same entry in the pFunctionsExit argument.

Valid event types are:

AUTHXAPI_EV_PRELOGIN-Pre-login event
AUTHXAPI_EV_POSTLOGIN-Post-login event
AUTHXAPI_EV_PREGNRES-Pre-general resource event
AUTHXAPI_EV_POSTGNRES-Post-general resource event
AUTHXAPI_EV_PREVERPWD-Pre-password quality check event
AUTHXAPI_EV_POSTVERPWD-Post-password quality check event
AUTHXAPI_EV_PRESETPWD-Pre-password change event
AUTHXAPI_EV_POSTSETPWD-Post-password change event

Example

Registering a user's exit function.

/* Sample of registering a user defined function that will be called prior
to CA ControlMinder password verification. (The user has configured in the registry the prefix PWD */
typedef int(*PFNEXIT)(void);
declspec(dllexport) int __stdcall PWD_RegisterExit(PFNEXIT pFunctionExit[],unsigned long* pEventTypes)
{
     pFunctionExit[0] = (PFNEXIT)MyExitFunc;
     pEventTypes[0] = AUTHXAPI_EV_PREVERPWD;
     return 0;
}

More information:

For UNIX

For Windows

Structure and Data Types

This section describes the data structures used by Exits API functions to pass information back and forth between the functions and the CA ControlMinder daemons/services. Which structure you use depends on the event being intercepted by your exit function.

The following describes each field of these data structures:

PFSeosExitFunc: Pointer to a function
SEOS_EXITLOGIN: Data structure for login events
SEOS_EXITGENR: Data structure for general resource check events
SEOS_EXITINET: Data structure for TCP/IP request events (UNIX only)
SEOS_EXITPASS: Data structure for password quality check and password change events
SEOS_EXITRES: Data structure for results being returned to CA ControlMinder after any event
SEOSDB_ODF: Data structure for definition of an object in the database (UNIX only)
SEOSDB_PDF: Data structure for definition of a property in the database (UNIX only)
SEOS_ACCESS: Encapsulates a single member of type SEOS_ACCS
SEOS_ACCS: Holds a list of access flags
SEOS_CID: Contains the class identification descriptor (UNIX only)
SEOS_OID: Contains the object identification descriptor (UNIX only)
SEOS_PID: Contains the property identification descriptor (UNIX only)

More information:

SEOS_ACCS Structure

SEOS_ACCESS Structure

SEOS_EXITLOGIN

The first parameter passed to exit functions linked to attempted login events is a pointer to the SEOS_EXITLOGIN structure. This structure contains information about the attempted login. The SEOS_EXITLOGIN structure can be found in the authxapi.h file.

uid_t luid: User ID of the user trying to log in.
char const *szUname: Name of the user trying to log in.
char const *szTerm: Name of the terminal from which the user is trying to log in. Set to NULL when CA ControlMinder starts up.
dev_t device: Device number of the program trying to log in.
ino_t inode: Inode number of the program trying to log in.
char const *szProg: Name of the program trying to log in. Set to NULL when not applicable.

SEOS_EXITGENR

The first parameter passed to exit functions linked to attempted general resource check events is a pointer to the SEOS_EXITGENR structure. This structure contains information about the user and resource being verified. The SEOS_EXITGENR structure can be found in the authxapi.h file.

char const *szClass: Name of the general resource class being accessed. Check only the classes you explicitly decide to verify, and ignore the others.
char const *szRes: Name of the resource being accessed.
uid_t uid: The UNIX or Windows user ID of the user attempting access. Set to ‑1 when not applicable.
int seos_handle: ACEE handle associated with the user attempting access. Negative if the user is not defined in CA ControlMinder; 0 or positive otherwise.
char const *szUserName: Name of the user attempting access.
dev_t device: Device number of the program attempting access. Set to 0 when not applicable.
ino_t inode: Inode number of the program attempting access. Set to 0 when not applicable.
char const *szTerm: Name of the terminal from which user is attempting access. If user is not at a local terminal, this is set to the remote host name.
SEOS_ACCESS access_info: An unsigned long integer representing the type of access requested.
char const *szProg: Name of the program attempting access. Set to NULL when not applicable.

More information:

SEOS_ACCS Structure