GET_AUTH_SERVER_ID Function

This function returns identity information about the 2200 in the centralized security domain. It can also be used to determine if the extended security validation capability is supported (CAP_EXTENDED_SECURITY) on Windows.

Function Prototype

cid_struct_t GET_AUTH_ SERVER_ID (authGetServerPkt_t * pkt);

Packet (authGetServerPkt_t)

0 version reserved

1 options reserved_2

2 - 5 computer_account

6 - 69 DNS_computer_name

70 - 94 ASCII_GUID

95 - 98 GUID

where:

version (I) is the authentication packet version, currently version 0.

reserved (I) is a reserved field; must be 0.

options (I) are optional settings that control the function. No options are currently defined for

GET_AUTH_SERVER_ID.

reserved_2 (I) is a reserved field; must be 0.

computer_account (O) is the ASCII 2200 computer account name, returned as a NULL-terminated ASCII string.

DNS_computer_name (O) is the fully-qualified DNS 2200 computer account name, returned as a NULL-terminated ASCII string. Maximum characters = 256.

ASCII_GUID (O) is a printable form of the guaranteed unique identifier (GUID) associated with the 2200 computer account, returned as a NULL-terminated ASCII string.

GUID (O) is the 16-byte GUID associated with the 2200 computer account.

Statuses Returned

The message numbers are defined in APIMESSAGE/H.

Table 7–6 lists the GET_AUTH_ SERVER_ID status codes.

Table 7–6. GET_AUTH_ SERVER_ID Status Codes

Severity Code

Message

Number Explanation

0 0 Normal completion.

7 01 Unsupported packet version.

7 02 Reserved fields nonzero.

7 010 ASIS unavailable.

7 016 Privilege violation. Caller does not possess the SSAUTHNTICAT privilege.

7 020 ASIS internal error.

7 04001 Network authentication is not configured. Consult your administrator. CAP_EXTENDED_SECURITY is not available.

7 04032 Messaging Integration Services for ClearPath OS 2200 returned a failure status.

ASIS generates log entries for authentication failures, ASIS failures, authentication data modifications initiated by the administrative interface, and authentication data

modifications initiated by the AM, optionally at the AM's discretion. ASIS also

generates a log entry for every successful and unsuccessful use of the authentication API.

No new log entries are generated for a subsystem DEACT. The existing log entry (type 1006 subtype 03) is recorded. Types 17001 through 17199 are ASIS log entries.

Table 8–1 summarizes the types and subtypes.

For detailed descriptions of these log entries, see the System Log Operations and Support Reference Manual.

Table 8–1. Types and Subtypes Summary

Type Purpose Subtype Subtype Purpose

17001 ASIS processing. Records an ASIS state change as a result of a SERVER$CTRL being issued from ASIS.

17002 Authentication data area

updates. 1

2

Updates made by an AM during an authentication.

Updates made using the Write ADA function of the administrative interface.

17003 Authentication failures within ASIS.

Table 8–1. Types and Subtypes Summary

Type Purpose Subtype Subtype Purpose

17004 ASIS failures. 1

2 3 4 5

An AM requested or caused ASIS to terminate.

The shutdown ASIS administrative interface was called.

ASIS contingency handling.

Internal ASIS debug shutdown.

Operator entered E keyin on the ASIS background run.

17005 Records a privilege violation when a caller does not have appropriate administrator privileges for the

administrative interface being used.

17006 Successful and unsuccessful authentications through the authentication API

AUTH_USER, AUTH_CONTEXT, and AUTH_COMPLETE.

1 Successful authentications.

2 Unsuccessful authentications.

Subtypes 3-8 are used only by the AUTH_COMPLETE call

3 Application user-id authentication successful.

4 Application network user-id authentication successful.

5 User-id lookup unsuccessful; log entry created with no user-id.

6 Network user-id lookup unsuccessful;

log entry created with no network user-id.

7 User-id authentication unsuccessful (user-id found, but authentication failed); user-id logged.

8 Network user-id authentication unsuccessful (network user-id found, but authentication failed); network user-id logged.

17007 User-ID disabled in the authentication API.

Table 8–1. Types and Subtypes Summary

Type Purpose Subtype Subtype Purpose

17008 Successful password changes through the authentication API AUTH_USER or an AM handling a demand user sign-on prompt.

This appendix describes the sign-on information buffer and the ATI structure.

A.1. Sign-On Information Buffer

The sign-on information buffer can be passed to the Exec, and ultimately ASIS, at session sign-on with ER RSI$, ER TIP$SM, and CALL SESSION$CTRL.

Format

ID Byte-count

[Information area]

ID Byte-count

[Information area]

When the sign-on information buffer is present, it consists of one to three records.

Each record consists of an ID, Byte-count, and Information area. The order of the records is not significant. If the Byte-count is 0, the Information area does not exist.

The smallest sign-on information buffer consists of a 1-word record with an ID and a Byte count of 0.

ID is a numerical value indicating the type of data following this control word.

Possible ID values are listed in the following table:

Value Description

01 ATI contains extra information about the terminal requesting to open a session. Examples are the IP address on a TCP/IP connection or site-id for DCA communications with the terminal. The maximum size of ATI is 28 bytes.

02 Security token or ticket (STT). The first word of the token/ticket information area contains the version and type (0,,H1 and 0,,H2 respectively), with the actual ticket/token starting in the second word.

The maximum size of STT is 1004 bytes.

03 User-id/password text (UPT) is meaningful only for SESSION$CTRL. The information area contains the ASCII text for TIP Open Session, in other words, user-id/old-password[/password CL]. The maximum size of UPT is

Byte-count is the number of quarter words in the variable portion (ATI ,STT, or UPT) described by this ID control word. Zero indicates that no data is passed for this ID type. The number of bytes is rounded up to the word boundary to determine the location of the next ID control word.