Valid on Windows
The UserDefinedPrefix_RegisterExit function registers exit functions for some events. The registration in seosd service and pwdchange.dll is handled during startup.
If the function succeeds, it returns 0. Any other numbers indicate a failure; the execution continues as usual-as if no callback function was called.
Note: The UserDefinedPrefix is read from the registry by the seosd service and pwdchange.dll prior to calling this function.
declspec(dllexport) int __stdcall UserDefinedPrefix_RegisterExit(PFNEXIT pFunctionsExit[], unsigned long* pEventsType).
where PFNEXIT is defined as a pointer to a function that receives void as an argument and returns int.
int UserDefinedFunction(void* data, SEOS_EXITRES * pExitResult);
An array of user-defined functions that are to be registered in the seosd service and in pwdchange.dll.
An array of event types corresponding to the function in the same entry in the pFunctionsExit argument.
Valid event types are:
Example
Registering a user's exit function.
/* Sample of registering a user defined function that will be called prior to CA ControlMinder password verification. (The user has configured in the registry the prefix PWD */ typedef int(*PFNEXIT)(void); declspec(dllexport) int __stdcall PWD_RegisterExit(PFNEXIT pFunctionExit[],unsigned long* pEventTypes) { pFunctionExit[0] = (PFNEXIT)MyExitFunc; pEventTypes[0] = AUTHXAPI_EV_PREVERPWD; return 0; }
This section describes the data structures used by Exits API functions to pass information back and forth between the functions and the CA ControlMinder daemons/services. Which structure you use depends on the event being intercepted by your exit function.
The following describes each field of these data structures:
Pointer to a function
Data structure for login events
Data structure for general resource check events
Data structure for TCP/IP request events (UNIX only)
Data structure for password quality check and password change events
Data structure for results being returned to CA ControlMinder after any event
Data structure for definition of an object in the database (UNIX only)
Data structure for definition of a property in the database (UNIX only)
Encapsulates a single member of type SEOS_ACCS
Holds a list of access flags
Contains the class identification descriptor (UNIX only)
Contains the object identification descriptor (UNIX only)
Contains the property identification descriptor (UNIX only)
The first parameter passed to exit functions linked to attempted login events is a pointer to the SEOS_EXITLOGIN structure. This structure contains information about the attempted login. The SEOS_EXITLOGIN structure can be found in the authxapi.h file.
User ID of the user trying to log in.
Name of the user trying to log in.
Name of the terminal from which the user is trying to log in. Set to NULL when CA ControlMinder starts up.
Device number of the program trying to log in.
Inode number of the program trying to log in.
Name of the program trying to log in. Set to NULL when not applicable.
The first parameter passed to exit functions linked to attempted general resource check events is a pointer to the SEOS_EXITGENR structure. This structure contains information about the user and resource being verified. The SEOS_EXITGENR structure can be found in the authxapi.h file.
Name of the general resource class being accessed. Check only the classes you explicitly decide to verify, and ignore the others.
Name of the resource being accessed.
The UNIX or Windows user ID of the user attempting access. Set to ‑1 when not applicable.
ACEE handle associated with the user attempting access. Negative if the user is not defined in CA ControlMinder; 0 or positive otherwise.
Name of the user attempting access.
Device number of the program attempting access. Set to 0 when not applicable.
Inode number of the program attempting access. Set to 0 when not applicable.
Name of the terminal from which user is attempting access. If user is not at a local terminal, this is set to the remote host name.
An unsigned long integer representing the type of access requested.
Name of the program attempting access. Set to NULL when not applicable.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|