KEMBAR78
User Guide - Iprocess | PDF | Application Programming Interface | Library (Computing)
0% found this document useful (0 votes)
16K views52 pages

User Guide - Iprocess

TIBCO iProcess(tm) User Validation API User's Guide Software Release 11. September 2009 Important information. USE of SUCH EMBEDDED or BUNDLED software is SOLELY to ENABLE the FUNCTIONALITY.

Uploaded by

ramakrishnapotla
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
16K views52 pages

User Guide - Iprocess

TIBCO iProcess(tm) User Validation API User's Guide Software Release 11. September 2009 Important information. USE of SUCH EMBEDDED or BUNDLED software is SOLELY to ENABLE the FUNCTIONALITY.

Uploaded by

ramakrishnapotla
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 52

TIBCO iProcess User Validation API Users Guide

Software Release 11.1 September 2009

Important Information
SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH EMBEDDED OR BUNDLED TIBCO SOFTWARE IS SOLELY TO ENABLE THE FUNCTIONALITY (OR PROVIDE LIMITED ADD-ON FUNCTIONALITY) OF THE LICENSED TIBCO SOFTWARE. THE EMBEDDED OR BUNDLED SOFTWARE IS NOT LICENSED TO BE USED OR ACCESSED BY ANY OTHER TIBCO SOFTWARE OR FOR ANY OTHER PURPOSE. USE OF TIBCO SOFTWARE AND THIS DOCUMENT IS SUBJECT TO THE TERMS AND CONDITIONS OF A LICENSE AGREEMENT FOUND IN EITHER A SEPARATELY EXECUTED SOFTWARE LICENSE AGREEMENT, OR, IF THERE IS NO SUCH SEPARATE AGREEMENT, THE CLICKWRAP END USER LICENSE AGREEMENT WHICH IS DISPLAYED DURING DOWNLOAD OR INSTALLATION OF THE SOFTWARE (AND WHICH IS DUPLICATED IN LICENSE.PDF). USE OF THIS DOCUMENT IS SUBJECT TO THOSE TERMS AND CONDITIONS, AND YOUR USE HEREOF SHALL CONSTITUTE ACCEPTANCE OF AND AN AGREEMENT TO BE BOUND BY THE SAME. This document contains confidential information that is subject to U.S. and international copyright laws and treaties. No part of this document may be reproduced in any form without the written authorization of TIBCO Software Inc. TIB, TIBCO, TIBCO Software, TIBCO Adapter, Predictive Business, Information Bus, The Power of Now, TIBCO iProcess are either registered trademarks or trademarks of TIBCO Software Inc. in the United States and/or other countries. EJB, J2EE, JMS and all Java-based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. All other product and company names and marks mentioned in this document are the property of their respective owners and are mentioned for identification purposes only. This software may be available on multiple operating systems. However, not all operating system platforms for a specific software version are released at the same time. Please see the readme.txt file for the availability of this software version on a specific operating system platform. THIS DOCUMENT IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. THIS DOCUMENT COULD INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS. CHANGES ARE PERIODICALLY ADDED TO THE INFORMATION HEREIN; THESE CHANGES WILL BE INCORPORATED IN NEW EDITIONS OF THIS DOCUMENT. TIBCO SOFTWARE INC. MAY MAKE IMPROVEMENTS AND/OR CHANGES IN THE PRODUCT(S) AND/OR THE PROGRAM(S) DESCRIBED IN THIS DOCUMENT AT ANY TIME. THE CONTENTS OF THIS DOCUMENT MAY BE MODIFIED AND/OR QUALIFIED, DIRECTLY OR INDIRECTLY, BY OTHER DOCUMENTATION WHICH ACCOMPANIES THIS SOFTWARE, INCLUDING BUT NOT LIMITED TO ANY RELEASE NOTES AND "READ ME" FILES. Copyright 2001-2009 TIBCO Software Inc. ALL RIGHTS RESERVED. TIBCO Software Inc. Confidential Information

|i

Contents

About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iii


How to Use This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iv Changes From the Previous Issue. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v Where You Can Find More Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vi Documentation Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii

Chapter 1 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
What is iProcess User Validation? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 UNIX Platform. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Windows Platform. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Using the User Validation API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 The iProcess Encryption Layer Object. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 The Header File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Compiling Your UVAPI Package. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 The TIBCO iProcess User Validation API Sample Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Build Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Chapter 2 The TIBCO iProcess User Validation API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13


Developing a Replacement User Validation Package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Thread Safety . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Internal Function Names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Interface Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Password Validation on Windows Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Creating a Session Handle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Design Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . API Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . uva_initialise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . uva_terminate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . uva_next_user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . uva_next_user_ex. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . uva_user_info . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . uva_user_info_ex . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 14 14 15 15 16 17 18 19 20 21 23 25 27

TIBCO iProcess User Validation API Users Guide

Back to Library

ii

Contents

uva_change_password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . uva_change_password_ex . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . uva_check_password. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . uva_check_password_ex . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . uva_set_user_identity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . uva_set_user_identity_ex . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . uva_get_user_identity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

29 31 33 35 37 38 39

Return Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

TIBCO iProcess User Validation API Users Guide

Back to Library

| iii

About This Guide

This guide describes how to use the TIBCO iProcess User Validation API (UVAPI) to create your own user validation system, which you can use with the TIBCO iProcess Engine. The API can be used to create a shared library for UNIX or a DLL for Windows.

How to Use This Guide, page iv Changes From the Previous Issue, page v Where You Can Find More Information, page vi Documentation Conventions, page vii

TIBCO iProcess User Validation API Users Guide

Back to Library

Topics

iv

About This Guide

How to Use This Guide


You should read this guide in conjunction with the source code and sample User Validation package provided as part of the TIBCO iProcess Engine installation. This guide is aimed at application developers with a knowledge of C programming.

TIBCO iProcess User Validation API Users Guide

Back to Library

Changes From the Previous Issue v

Changes From the Previous Issue


This issue contains only minor corrections.

TIBCO iProcess User Validation API Users Guide

Back to Library

vi

About This Guide

Where You Can Find More Information


You can find more information about the TIBCO iProcess User Validation API product from the following sources: The TIBCO iProcess Engine Release Notes: Read the Release Notes for a list of new and changed features. This document also contains lists of known issues and closed issues for this release. Readme files, supplied with the TIBCO iProcess Engine software, provide any last-minute and version-specific information that could not be included in the main documentation. Detailed information about using the TIBCO iProcess Suite can be found on the TIBCO iProcess Suite: Documentation Library CD. There is also a useful resource, http://power.tibco.com, that delivers technical content to the TIBCO user community. This site has been developed to foster an open forum where users of TIBCO products can find valuable information, example projects and resources for those projects, and exchange ideas with other users. Entry to this site requires a username and password. If you do not have a username, you can request one. For the latest TIBCO iProcess Suite product information, please refer to the TIBCO Support web site at http://www.tibco.com/services/support.

TIBCO iProcess User Validation API Users Guide

Back to Library

Documentation Conventions vii

Documentation Conventions
Because this guide covers both Windows and UNIX versions of the TIBCO iProcess User Validation API, this guide uses the Windows convention of a backslash (\). The equivalent pathname on a UNIX system is the same, but using the forward slash (/) as a separator character. UNIX pathnames are occasionally shown explicitly, using forward slashes as separators, where a UNIX-specific example or syntax is required. The following conventions are used throughout this guide.

SWDIR

Indicates the iProcess system directory where the TIBCO iProcess Engine is installed. For example: If SWDIR is set to \swserver\staffw_nod1 then the full path to the swutil command would be: on a Windows server: swserver\staffw_nod1\bin\swutil, or SWDIR\bin\swutil on a UNIX server: /swserver/staffw_nod1/bin/swutil, or $SWDIR/bin/swutil Note: On a UNIX system, the environment variable $SWDIR should be set up to point to the iProcess system directory for the root and IPEADMIN users.

IPEADMIN IPESERVICE IPEBACKGROUND

Indicates the operating system account that is used to administer the iProcess Engine. Indicates the Windows account that is used to run the iProcess Engine. (Not used on UNIX.) Indicates the UNIX user account that owns most iProcess Engine files and is used to run the iProcess Engine background processes. (Not used on Windows.) Indicates emphasis, variables and manual titles.
TIBCO iProcess User Validation API Users Guide

italics

Back to Library

Convention

Description

viii

About This Guide

Convention
monospace text

Description Indicates code samples, commands and their options, directories and filenames. Any text that you must enter from the keyboard is displayed as monospace text. Indicates variables in commands. Indicates a set of choices in a syntax line. The braces should not be entered. Indicates optional items in a syntax line. The brackets should not be entered. For example:
SHOW_ALL_ATTRIBUTES [attribute]

monospace italic text

{ } [ ]

Indicates mutually exclusive choices in a syntax line i.e. you enter only one of the given choices. You should not enter the symbol itself. Indicates a field which is part of the primary key for a table.

fieldname

TIBCO iProcess User Validation API Users Guide

Back to Library

|1
Chapter 1

Introduction

The software development kit (SDK) for the TIBCO iProcess User Validation API contains the following components: File Description Makefile Header file Encryption object Sample user validation application code Test application On Windows uvapiw32.mak swuvapi.h uvapienc.obj swuvamod.c On UNIX uvapiunx.mak swuvapi.h

swuvamod.c

tstuvapi.c, tstuvapi.exe

tstuvapi.c, tstuvapi.exe

TIBCO iProcess User Validation API Users Guide

Back to Library

uvapienc.o

| Chapter 1

Introduction

What is iProcess User Validation?


The default method of user validation in the TIBCO iProcess Engine requires you to create operating system accounts for each registered iProcess user. Also, the login passwords are maintained by the operating system. If you have different security validation requirements, you can use the User Validation API to create your own method of user validation to match your business needs. For example, you might want to create operating system users but have a different form of password validation. Alternatively, you might want to completely separate the users and their passwords from the operating system by maintaining them in a database of your choice.

The following core iProcess users are still required as operating system accounts.

O/S Account IPEBACKGROUND IPEADMIN IPESERVICE iProcess Engine DB Schema Owner iProcess Engine DB user

Windows (SQL Server or Oracle) n/a Required Required n/a n/a

UNIX/Oracle Required Required n/a n/a n/a

UNIX/DB2 Required Required n/a Required Required

TIBCO iProcess User Validation API Users Guide

Back to Library

The User Validation API provides interfaces that you can use to maintain your list of iProcess users and their passwords. It essentially isolates iProcess from validating users against the operating system so that you can provide your own user identity and validation system.

System Requirements 3

System Requirements
To use the TIBCO iProcess User Validation API, you need a computer with the following hardware and software: Windows 2003/XP or UNIX platform C compiler such as Microsoft Visual Studio.

TIBCO iProcess User Validation API Users Guide

Back to Library

| Chapter 1

Introduction

Installation
The TIBCO iProcess User Validation API is installed as part of the TIBCO iProcess Engine installation. The files are placed the directory SWDIR\sdks\uvapisdk.

UNIX Platform
The following files are installed. Filename uvapiunx.mak uvapienc.o swuvamod.c swuvamod.o tstuvapi.c tstuvapi tstuvapi.o uvapi.so Description Makefile for example UVAPI package & test utility

Source code for implementation of example UVAPI package Source definition object file Source code for test utility Generated test utility executable Test definition object file Generated example UVAPI package as a Shared Library

Windows Platform
The following files are installed: Filename uvapiw32.mak uvapienc.obj swuvamod.c swuvamod.def swuvapi.h Description Makefile for example UVAPI package & test utility TIBCO supplied encryption/API object Source code for implementation of example UVAPI package Source definition file Source header file

TIBCO iProcess User Validation API Users Guide

Back to Library

TIBCO supplied encryption/API object

Installation 5

Filename tstuvapi.c uvapi.dll tstuvapi.exe

Description Source for test utility Generated example UVAPI package as a Dynamic Link Library Generated test utility executable

TIBCO iProcess User Validation API Users Guide

Back to Library

| Chapter 1

Introduction

Using the User Validation API


A generic User Validation interface has been created to enable the TIBCO iProcess Engine to retrieve a list of iProcess users and to check and change their passwords. The details of this interface are published in the User Validation API. The following is a list of functions provided by the API: UVAPI package initialization List the possible iProcess users Validate a user name as a possible iProcess user Validate the password for a possible iProcess user

Provide a user identity for the current execution context Set a user identity for the current execution context UVAPI package termination.

The concept of an operating system home directory for iProcess users no longer exists. The users home directory from a iProcess perspective will be SWDIR\queues\username. IMPORTANT! You must ensure that any user validation package you create using the User Validation API is threadsafe. This is because within each TIBCO iProcess Engine process, multiple threads may call the User Validation API interfaces during normal TIBCO iProcess Engine operation. To ensure that your user validation package is threadsafe, make sure that you adhere to the following guidelines: Make sure that any modules in your user validation package that use User Validation API interfaces use threadsafe code. Use mutual exclusion locks (mutexes) to prevent multiple threads from simultaneously executing any critical sections of code that are not threadsafe, but that access shared data. When you build the user validation package, make sure that you use the appropriate flags (for your chosen operating system and compiler) to link the application using threadsafe libraries.

Deploying a non-threadsafe user validation package can cause TIBCO iProcess Engine processes to fail.
TIBCO iProcess User Validation API Users Guide

Back to Library

Change the password for a possible iProcess user

The iProcess Encryption Layer Object 7

The iProcess Encryption Layer Object


The following encryption objects are provided in the SDK so that you can create replacement UVAPI packages: uvapienc.obj - for Windows 2003/XP uvapienc.o - for UNIX

Text strings passed across the UVAPI are encrypted using a proprietary TIBCO mechanism. You need to use this object when implementing a new UVAPI package to provide the encryption/decryption of parameter strings.

TIBCO iProcess User Validation API Users Guide

Back to Library

| Chapter 1

Introduction

The Header File


The header file called swuvapi.h is provided for inclusion by applications using the UVAPI package. It contains: Type definitions Literal constants (return codes and flag values) Function prototypes (API functions)

TIBCO iProcess User Validation API Users Guide

Back to Library

Compiling Your UVAPI Package 9

Compiling Your UVAPI Package


Any user validation package you create using the User Validation API must be compiled using the GNU gcc/g++ set of compilers.

TIBCO iProcess User Validation API Users Guide

Back to Library

10

| Chapter 1

Introduction

The TIBCO iProcess User Validation API Sample Application


The SDK for the TIBCO iProcess User Validation API provides a sample application that supports all of the UVAPI interfaces. The package is supplied as a single module (swuvamod.c) with the swuvapi.h header file and a makefile. The user database for the example is a text file (exuvapi.dat) which defines the iProcess users, their descriptions and passwords. There is one entry per line with fields separated by the \ character. The example text file needs to be located in your SWDIR\util directory. IMPORTANT!

You must ensure that any user validation package you create using the User Validation API is threadsafe - see page 6 for more information. Deploying a non-threadsafe user validation package can cause TIBCO iProcess Engine processes to fail.

Build Instructions
The following sections describe how to build the UVAPI example application and test application. UNIX Platforms To build the example UVAPI package and test utility, enter the following command in the directory where your files are located: make -f uvapiunx.mak This produces the following files: uvapi.so (the UVAPI package as a shared library) tstuvapi (the test utility executable).

The build environment requires modifications for different UNIX platforms. The uvapiunx.mak makefile contains a section that sets up the environment for the target platform. Edit this section as appropriate for your target platform. Examples for Solaris and AIX are given as comments in the makefile.

TIBCO iProcess User Validation API Users Guide

Back to Library

The sample application is intended only as a simple example that demonstrates the use of the TIBCO iProcess User Validation API interrfaces. It is not a fully-developed, threadsafe application that is suitable for deployment.

The TIBCO iProcess User Validation API Sample Application 11

To run the test utility, the UVAPI package must be locatable as a shared library (LD_LIBRARY_PATH environment variable on Solaris, LIBPATH environment variable on AIX). For the example UVAPI package, the SWDIR environment variable must also be set, and the file SWDIR/util/exuvapi.dat must exist (see the UVAPI developers documentation for details of the example UVAPI package). The test utility only calls the Initialisation and Termination interfaces in the UVAPI package as all other interfaces require iProcess encrypted strings to be passed in or returned. Windows Platforms To build the example UVAPI package and test utility, set up the environment for the Microsoft Visual Studio V6 C compiler and enter the following command:

This produces the following files: uvapi.dll (the UVAPI package as a Dynamic Link Library) tstuvapi.exe (the test utility executable).

To run the test utility, the UVAPI package must be locatable as a DLL (on the PATH or in the current directory). For the example UVAPI package, the tstuvapi.exe utility and uvapi.dll components must be located in the util sub-directory of an iProcess installation. The file SWDIR\util\exuvapi.dat must exist. The test utility only calls the Initialisation and Termination interfaces in the UVAPI package as all other interfaces require iProcess encrypted strings to be passed in or returned.

TIBCO iProcess User Validation API Users Guide

Back to Library

nmake -f uvapiw32.mak

12

| Chapter 1

Introduction

TIBCO iProcess User Validation API Users Guide

Back to Library

| 13
Chapter 2

The TIBCO iProcess User Validation API

The TIBCO iProcess User Validation API is a series of interfaces that are called by iProcess and are required in the User Validation package. The User Validation API is a C interface and therefore must provide interfaces that can be called from C. All functions return an integer variable to indicate the completion status of the call (with the exception of uva_initialise). The return values can be found in the swuvapi.h header file and they are also described in Return Values on page 40.

TIBCO iProcess User Validation API Users Guide

Back to Library

14

| Chapter 2

The TIBCO iProcess User Validation API

Developing a Replacement User Validation Package


The following sections provide important guidelines for developers creating a new user validation package that uses the TIBCO iProcess User Validation API interfaces.

Thread Safety
IMPORTANT! You must ensure that any user validation package you create using the User Validation API is threadsafe - see page 14 for more information.

Make sure that any modules in your user validation package that use User Validation API interfaces use threadsafe code. Use mutual exclusion locks (mutexes) to prevent multiple threads from simultaneously executing any critical sections of code that are not threadsafe, but that access shared data. When you build the user validation package, make sure that you use the appropriate flags (for your chosen operating system and compiler) to link the application using threadsafe libraries.

Deploying a non-threadsafe user validation package can cause TIBCO iProcess Engine processes to fail.

Internal Function Names


When developing a new UVAPI package, you must provide internal functions that support the external interfaces detailed in this chapter. The internal function names are based on the external interfaces, but prefixed with int_. Therefore, the internal function to support the uva_initialise interface is called int_uva_initialise. The return and argument types are the same as the external interfaces. The only difference is that the external interfaces pass all strings in an encrypted form but the internal functions receive and return all strings as plain text. The supplied iProcess encryption object provides all of the external interface functions, decrypts/encrypts string parameters and then calls the internal function supplied by you. System security is enhanced by only passing encrypted strings between iProcess and the UVAPI package.

TIBCO iProcess User Validation API Users Guide

Back to Library

To ensure that your user validation package is threadsafe, make sure that you adhere to the following guidelines:

Developing a Replacement User Validation Package 15

Interface Support
If you do not want to support a particular interface (and the default iProcess action is appropriate) the internal function can return the value ER_NOTIMPLEMENTED. This causes iProcess to perform its default action using the internal functionality for that interface. If you do not want iProcess to perform the default action, you can return the value SW_OK (depending on the interface).

Password Validation on Windows Systems


The information in this section is only relevant to the Windows variant of the iProcess Engine.

However, there are two ways in which you can override this behavior and directly specify the location where password validation is to be performed, either on a per-user basis, or globally for an installation: 1. the SW_DOMAIN user attribute specifies a single valid machine name or domain name that should be used to validate a particular users password when they attempt to log in to the iProcess Engine. See the TIBCO iProcess Windows (Workspace) Managers Guide for more information about this attribute and how to set it. 2. the LOGON_OS_LOCATION process attribute defines the default location where passwords should be validated when any user attempts to log in to the iProcess Engine. See the "Administering Process Attributes" chapter of the TIBCO iProcess Engine: Administrators Guide for more information about this attribute and how to set it. Note that: If both attributes are set, the SW_DOMAIN value takes precedence over the LOGON_OS_LOCATION value. If the iProcess Engine is running on a standalone machine, passwords are always validated against local machine accounts. The SW_DOMAIN and LOGON_OS_LOCATION attributes are ignored even if they are set.

If you use the SW_DOMAIN or LOGON_OS_LOCATION attributes, your UVAPI package must be able to receive and return the additional information about a users location, to ensure that their password is checked in that location.
TIBCO iProcess User Validation API Users Guide

Back to Library

If the iProcess Engine is running on a machine that is a member of a domain or a domain controller, it uses the search path provided by the Windows LookupAccountName function to find the location it should use to validate a users password when they try to log in.

16

| Chapter 2

The TIBCO iProcess User Validation API

To facilitate this, the UVAPI includes extended (_ex) versions of the following interfaces: uva_next_user_ex uva_user_info_ex uva_change_password_ex uva_check_password_ex uva_set_user_identity_ex

These interfaces can accept (and, in the case of uva_next_user_ex, return) an iProcess user name in either of the following formats: Format name Description name is the iProcess user name. This format is also supported by the equivalent non-extended interfaces. name@location name is the iProcess user name. location is the value (machine or domain name) provided by either the users SW_DOMAIN user attribute (if defined), or the value of the LOGON_OS_LOCATION process attribute. This format is not supported by the equivalent non-extended interfaces. If your UVAPI package supports these extended interfaces, they are called instead of the non-extended interfaces. If these interfaces do not exist or return ER_NOT_SUPPORTED (see Interface Support on page 15), the non-extended interfaces are called instead. You should ensure that you use these extended interfaces if you use the SW_DOMAIN or LOGON_OS_LOCATION attributes.

Creating a Session Handle


The UVAPI package works on a session which is allocated by the uva_initialise function. This function must return a session identifier (handle). You need to be aware that several threads in a iProcess process can be using the UVAPI interfaces so you must make sure that the session allocation and management is performed in a thread-safe manner.

TIBCO iProcess User Validation API Users Guide

Back to Library

Developing a Replacement User Validation Package 17

Design Issues
You should be aware that several different iProcess processes will call the UVAPI package while the TIBCO iProcess Engine is running. This can cause problems if the UVAPI package is not designed correctly. The example application provides a good example of this. The user information is stored in the text file and each iProcess process that uses the UVAPI package loads the contents of the text file into a memory cache. However, these caches are specific to each session and to each iProcess process. Therefore, when an iProcess user causes its iProcess process to perform a change password action, that process updates the main text file and the processes cache. This means that other iProcess processes (including the one that validates iProcess passwords) will still be using the original cached copy of the data in the text file. Therefore, the example UVAPI does not reflect a changed password until the iProcess system is shutdown and restarted. This is the only way that all the processes can re-cache the user information. To avoid this problem, you need to design the UVAPI package as a set of interfaces that communicate with a single server process that maintains the user information, ensuring that any changes to the user information is made available to all the iProcess processes using the UVAPI package.

TIBCO iProcess User Validation API Users Guide

Back to Library

18

| Chapter 2

The TIBCO iProcess User Validation API

API Interfaces
The following sections summarize each UVAPI interface. Refer to the source code and sample application for more information about how they are used. The available interfaces are: uva_initialise uva_terminate uva_next_user uva_next_user_ex uva_user_info

uva_change_password uva_change_password_ex uva_check_password uva_check_password_ex uva_set_user_identity uva_set_user_identity_ex uva_get_user_identity

TIBCO iProcess User Validation API Users Guide

Back to Library

uva_user_info_ex

uva_initialise 19

uva_initialise
Purpose Prototype Return Values

Initializes the user validation package and creates the session handle.
UV_SH uva_initialise (void)

Value >0 ER_SYSTEM

Description Valid session handle Generic (undefined) error

Refer to Return Values on page 40 for a complete list of possible return values.
Remarks

This interface can be used to establish and store connection details about a connection to the database that is used for subsequent calls before being terminated.

TIBCO iProcess User Validation API Users Guide

Back to Library

20

| Chapter 2

The TIBCO iProcess User Validation API

uva_terminate
Purpose Prototype

Stops the user validation package and discards the supplied session.
UV_RCODE uva_terminate ( UV_SH uvsh );

Parameters

Parameter uvsh

Type IN Description Success

Description Session handle

Return Values

Value SW_OK ER_HANDLE ER_SYSTEM

Invalid session handle Generic (undefined) error

Refer to Return Values on page 40 for a complete list of possible return values.

TIBCO iProcess User Validation API Users Guide

Back to Library

uva_next_user 21

uva_next_user
Purpose

Returns the encrypted user and encrypted description buffer for the name and description of the first or subsequent Valid Possible iProcess User (VPIU). You must use the uva_next_user_ex interface instead of this interface if you use the SW_DOMAIN or LOGON_OS_LOCATION attributes to specify the location where a users password should be validated. See Password Validation on Windows Systems on page 15 for more information.

Prototype

Parameters

Parameter uvsh fFirstUser pEncrNameBuf iNameBufSize pEncrDescBuf iDescBufSize

Type IN IN OUT IN OUT IN

Description Session handle First/next VPIU flag Pointer to buffer to receive encrypted VPIU name Maximum length of encrypted VPIU name Pointer to buffer to receive encrypted VPIU description Maximum length of encrypted VPIU description

Return Values

Value SW_OK SW_EOF ER_HANDLE ER_PARAM ER_SYSTEM

Description Success No more users available Invalid session handle Invalid parameter(s) Generic (undefined) error

TIBCO iProcess User Validation API Users Guide

Back to Library

UV_RCODE uva_next_user ( UV_SH uvsh, UV_FLAG fFirstUser UV_PSTR pEncrNameBuf, UV_SIZE iNameBufSize, UV_PSTR pEncrDescBuf, UV_SIZE iDescBufSize );

22

| Chapter 2

The TIBCO iProcess User Validation API

Value ER_TOOBIG

Description Value is too large for supplied buffer

Refer to Return Values on page 40 for a complete list of possible return values.
Remarks

This interface is used by iProcess to obtain a list of possible iProcess users (currently used in the operating system user list of the TIBCO iProcess Administrator). On the initial call to this interface the fFirstUser parameter should be set to TRUE (to return the first VPIU), subsequent calls should set fFirstUser to FALSE. The order in which VPIUs are returned by this interface is defined by the implementation of the underlying UVAPI package so the caller should assume no specific order.

TIBCO iProcess User Validation API Users Guide

Back to Library

uva_next_user_ex 23

uva_next_user_ex
Purpose

Returns the encrypted user and encrypted description buffer for the name and description of the first or subsequent VPIU. You must use this interface instead of the uva_next_user interface if you use the SW_DOMAIN or LOGON_OS_LOCATION attributes to specify the location where a users password should be validated. See Password Validation on Windows Systems on page 15 for more information.

Prototype

Parameters

Parameter uvsh fFirstUser pOSUserLocations pEncrNameBuf iNameBufSize pEncrDescBuf iDescBufSize

Type IN IN IN OUT IN OUT IN

Description Session handle First/next VPIU flag Value of the OS_USER_LOCATIONS process attribute. Pointer to buffer to receive encrypted VPIU name Maximum length of encrypted VPIU name Pointer to buffer to receive encrypted VPIU description Maximum length of encrypted VPIU description

Return Values

Value SW_OK SW_EOF

Description Success No more users available

TIBCO iProcess User Validation API Users Guide

Back to Library

UV_RCODE uva_next_user_ex ( UV_SH uvsh, UV_FLAG fFirstUser UV_PSTR pOSUserLocations, UV_PSTR pEncrNameBuf, UV_SIZE iNameBufSize, UV_PSTR pEncrDescBuf, UV_SIZE iDescBufSize );

24

| Chapter 2

The TIBCO iProcess User Validation API

Value ER_HANDLE ER_PARAM ER_SYSTEM ER_TOOBIG

Description Invalid session handle Invalid parameter(s) Generic (undefined) error Value is too large for supplied buffer

Refer to Return Values on page 40 for a complete list of possible return values.
Remarks

This interface is an extended version of the uva_next_user interface. It differs from that interface only in the following ways:

It has an additional pOSUserLocations parameter, which allows the value of the OS_USER_LOCATIONS process attribute to be passed in (for example, if you want to limit the users that are to be returned by the UVAPI layer). See the "Administering Process Attributes" chapter of the TIBCO iProcess Engine: Administrators Guide for more information about this attribute and how to set it.

TIBCO iProcess User Validation API Users Guide

Back to Library

It supports the passing in and out of user location information from the SW_DOMAIN user attribute and/or LOGON_OS_LOCATION process attribute. See Password Validation on Windows Systems on page 15 for more information.

uva_user_info 25

uva_user_info
Purpose

Decrypts the supplied encrypted user and returns the encrypted description and bit-encoded flags for the supplied user. You must use the uva_user_info_ex interface instead of this interface if you use the SW_DOMAIN or LOGON_OS_LOCATION attributes to specify the location where a users password should be validated. See Password Validation on Windows Systems on page 15 for more information.

Prototype

Parameters

Parameter uvsh pEncrUserName pEncrDescBuf iDescBufSize pUserFlags

Type IN IN OUT IN OUT

Description Session handle Pointer to encrypted VPIU name Pointer to buffer to receive VPIU description Maximum length of VPIU description Pointer to returned user information flags value

Return Values

Value SW_OK ER_NOTFOUND ER_HANDLE ER_PARAM ER_SYSTEM ER_TOOBIG

Description Success Unknown user Invalid session handle Invalid parameter(s) Generic (undefined) error Value is too large for supplied buffer

Refer to Return Values on page 40 for a complete list of possible return values.

TIBCO iProcess User Validation API Users Guide

Back to Library

UV_RCODE uva_user_info ( UV_SH uvsh, UV_PSTR pEncrUserName, UV_PSTR pEncrDescBuf, UV_SIZE iDescBufSize, UV_PFLAGS pUserFlags );

26

| Chapter 2

The TIBCO iProcess User Validation API

Remarks

This interface is used by iProcess to validate a user name as a VPIU, and to determine system related attributes of the user. The TIBCO iProcess Engine currently uses a similar validation when adding users during a Restore operation. The returned UserFlags will be a bit-encoded value, currently the only defined bits are:
#define SWUV_FLAG_OSUSER 1

If this bit is set for a VPIU, it means there is a corresponding operating system account for that user.

TIBCO iProcess User Validation API Users Guide

Back to Library

uva_user_info_ex 27

uva_user_info_ex
Purpose

Decrypts the supplied encrypted user and returns the encrypted description and bit-encoded flags for the supplied user. You must use this interface instead of the uva_user_info interface if you use the SW_DOMAIN or LOGON_OS_LOCATION attributes to specify the location where a users password should be validated. See Password Validation on Windows Systems on page 15 for more information.

Prototype

Parameters

Parameter uvsh pEncrUserName pEncrDescBuf iDescBufSize pUserFlags

Type IN IN OUT IN OUT

Description Session handle Pointer to encrypted VPIU name Pointer to buffer to receive VPIU description Maximum length of VPIU description Pointer to returned user information flags value

Return Values

Value SW_OK ER_NOTFOUND ER_HANDLE ER_PARAM ER_SYSTEM ER_TOOBIG

Description Success Unknown user Invalid session handle Invalid parameter(s) Generic (undefined) error Value is too large for supplied buffer

Refer to Return Values on page 40 for a complete list of possible return values.

TIBCO iProcess User Validation API Users Guide

Back to Library

UV_RCODE uva_user_info_ex ( UV_SH uvsh, UV_PSTR pEncrUserName, UV_PSTR pEncrDescBuf, UV_SIZE iDescBufSize, UV_PFLAGS pUserFlags );

28

| Chapter 2

The TIBCO iProcess User Validation API

Remarks

This interface is an extended version of the uva_user_info interface. It is identical to that interface except that it supports the passing in and out of user location information from the SW_DOMAIN user attribute and/or LOGON_OS_LOCATION process attribute. See Password Validation on Windows Systems on page 15 for more information.

TIBCO iProcess User Validation API Users Guide

Back to Library

uva_change_password 29

uva_change_password
Purpose

Decrypts the supplied encrypted user name and passwords and then change the password for the supplied user to the supplied password. You must use the uva_change_password_ex interface instead of this interface if you use the SW_DOMAIN or LOGON_OS_LOCATION attributes to specify the location where a users password should be validated. See Password Validation on Windows Systems on page 15 for more information.

Prototype

Parameters

Parameter uvsh pEncrUserName pEncrOldPassword pEncrNewPassword

Type IN IN IN IN

Description Session handle Pointer to encrypted VPIU name Pointer to encrypted VPIU current password Pointer to encrypted VPIU new password Description Success Unknown user Invalid session handle Invalid parameter(s) Generic (undefined) error Cannot change password for this user New password is invalid Unknown user

Return Values

Value SW_OK ER_NOTFOUND ER_HANDLE ER_PARAM ER_SYSTEM ER_SECCANTCHNG ER_SECBADNEWPSWD ER_SECBADUSER

TIBCO iProcess User Validation API Users Guide

Back to Library

UV_RCODE uva_change_password ( UV_SH uvsh, UV_PSTR pEncrUserName, UV_PSTR pEncrOldPassword, UV_PSTR pEncrNewPassword );

30

| Chapter 2

The TIBCO iProcess User Validation API

Value ER_SECUNKNOWN ER_SECBADPSWD ER_SECBADPERMS

Description Generic (undefined) security error Password is invalid Permissions are incorrect for this operation

Refer to Return Values on page 40 for a complete list of possible return values.
Remarks

This interface is currently used in the iProcess Work Queue Manager.

TIBCO iProcess User Validation API Users Guide

Back to Library

uva_change_password_ex 31

uva_change_password_ex
Purpose

Decrypts the supplied encrypted user name and passwords and then changes the password for the supplied user to the supplied password. You must use this interface instead of the uva_change_password interface if you use the SW_DOMAIN or LOGON_OS_LOCATION attributes to specify the location where a users password should be validated. See Password Validation on Windows Systems on page 15 for more information.

Prototype

Parameters

Parameter uvsh pEncrUserName pEncrOldPassword pEncrNewPassword

Type IN IN IN IN

Description Session handle Pointer to encrypted VPIU name Pointer to encrypted VPIU current password Pointer to encrypted VPIU new password Description Success Unknown user Invalid session handle Invalid parameter(s) Generic (undefined) error Cannot change password for this user New password is invalid Unknown user

Return Values

Value SW_OK ER_NOTFOUND ER_HANDLE ER_PARAM ER_SYSTEM ER_SECCANTCHNG ER_SECBADNEWPSWD ER_SECBADUSER

TIBCO iProcess User Validation API Users Guide

Back to Library

UV_RCODE uva_change_password_ex ( UV_SH uvsh, UV_PSTR pEncrUserName, UV_PSTR pEncrOldPassword, UV_PSTR pEncrNewPassword );

32

| Chapter 2

The TIBCO iProcess User Validation API

Value ER_SECUNKNOWN ER_SECBADPSWD ER_SECBADPERMS

Description Generic (undefined) security error Password is invalid Permissions are incorrect for this operation

Refer to Return Values on page 40 for a complete list of possible return values.
Remarks

TIBCO iProcess User Validation API Users Guide

Back to Library

This interface is an extended version of the uva_change_password interface. It is identical to that interface except that it supports the passing in and out of user location information from the SW_DOMAIN user attribute and/or LOGON_OS_LOCATION process attribute. See Password Validation on Windows Systems on page 15 for more information.

uva_check_password 33

uva_check_password
Purpose

Decrypt the supplied encrypted user and password and then return a value indicating whether the password for the supplied user is valid. You must use the uva_check_password_ex interface instead of this interface if you use the SW_DOMAIN or LOGON_OS_LOCATION attributes to specify the location where a users password should be validated. See Password Validation on Windows Systems on page 15 for more information.

Prototype

Parameters

Parameter uvsh pEncrUserName pEncrOldPassword

Type IN IN IN

Description Session handle Pointer to encrypted VPIU name Pointer to encrypted VPIU password Description Success Unknown user Invalid session handle Invalid parameter(s) Generic (undefined) error Password has expired This user account is disabled Unknown user Generic (undefined) security error Password is invalid

Return Values

Value SW_OK ER_NOTFOUND ER_HANDLE ER_PARAM ER_SYSTEM ER_SECEXPIRED ER_SECDISABLED ER_SECBADUSER ER_SECUNKNOWN ER_SECBADPSWD

TIBCO iProcess User Validation API Users Guide

Back to Library

UV_RCODE uva_check_password ( UV_SH uvsh, UV_PSTR pEncrUserName, UV_PSTR pEncrPassword );

34

| Chapter 2

The TIBCO iProcess User Validation API

Value ER_SECBADPERMS ER_USERDISABLED ER_SECBADWKSTN ER_SECBADHOURS ER_SECLOCKOUT

Description Permissions are incorrect for this operation The account has been disabled Login/Validation is not allowed from this location Login/Validation is not allowed at this time The account has been locked

Refer to Return Values on page 40 for a complete list of possible return values.

TIBCO iProcess User Validation API Users Guide

Back to Library

uva_check_password_ex 35

uva_check_password_ex
Purpose

Decrypt the supplied encrypted user and password and then return a value indicating whether the password for the supplied user is valid. You must use this interface instead of the uva_check_password interface if you use the SW_DOMAIN or LOGON_OS_LOCATION attributes to specify the location where a users password should be validated. See Password Validation on Windows Systems on page 15 for more information.

Prototype

Parameters

Parameter uvsh pEncrUserName pEncrOldPassword

Type IN IN IN

Description Session handle Pointer to encrypted VPIU name Pointer to encrypted VPIU password Description Success Unknown user Invalid session handle Invalid parameter(s) Generic (undefined) error Password has expired This user account is disabled Unknown user Generic (undefined) security error Password is invalid

Return Values

Value SW_OK ER_NOTFOUND ER_HANDLE ER_PARAM ER_SYSTEM ER_SECEXPIRED ER_SECDISABLED ER_SECBADUSER ER_SECUNKNOWN ER_SECBADPSWD

TIBCO iProcess User Validation API Users Guide

Back to Library

UV_RCODE uva_check_password_ex ( UV_SH uvsh, UV_PSTR pEncrUserName, UV_PSTR pEncrPassword );

36

| Chapter 2

The TIBCO iProcess User Validation API

Value ER_SECBADPERMS ER_USERDISABLED ER_SECBADWKSTN ER_SECBADHOURS ER_SECLOCKOUT

Description Permissions are incorrect for this operation The account has been disabled Login/Validation is not allowed from this location Login/Validation is not allowed at this time The account has been locked

Refer to Return Values on page 40 for a complete list of possible return values.

TIBCO iProcess User Validation API Users Guide

Back to Library

Remarks

This interface is an extended version of the uva_check_password interface. It is identical to that interface except that it supports the passing in and out of user location information from the SW_DOMAIN user attribute and/or LOGON_OS_LOCATION process attribute. See Password Validation on Windows Systems on page 15 for more information.

uva_set_user_identity 37

uva_set_user_identity
Purpose

Sets the execution context of the current process to that of the user (or that user's operating system proxy) whose encrypted name is passed in. On UNIX this involves setting the UID and GID. You must use the uva_set_user_identity_ex interface instead of this interface if you use the SW_DOMAIN or LOGON_OS_LOCATION attributes to specify the location where a users password should be validated. See Password Validation on Windows Systems on page 15 for more information.

Prototype

Parameters

Parameter uvsh pEncrUserName

Type IN IN Description Success

Description Session handle Pointer to encrypted VPIU name

Return Values

Value SW_OK ER_NOTFOUND ER_HANDLE ER_PARAM ER_SYSTEM

Unknown user Invalid session handle Invalid parameter(s) Generic (undefined) error

Refer to Return Values on page 40 for a complete list of possible return values.
Remarks

If the user does not map directly to an operating system identity, the UVAPI package must set the identity of a compatible proxy user. iProcess calls this interface before running Automatic Step programs or ServerRun programs.

TIBCO iProcess User Validation API Users Guide

Back to Library

UV_RCODE uva_set_user_identity ( UV_SH uvsh, UV_PSTR pEncrUserName );

38

| Chapter 2

The TIBCO iProcess User Validation API

uva_set_user_identity_ex
Purpose

Sets the execution context of the current process to that of the user (or that user's operating system proxy) whose encrypted name is passed in. On UNIX this involves setting the UID and GID. You must use this interface instead of the uva_set_user_identity interface if you use the SW_DOMAIN or LOGON_OS_LOCATION attributes to specify the location where a users password should be validated. See Password Validation on Windows Systems on page 15 for more information.

Prototype

Parameters

Parameter uvsh pEncrUserName

Type IN IN Description Success

Description Session handle Pointer to encrypted VPIU name

Return Values

Value SW_OK ER_NOTFOUND ER_HANDLE ER_PARAM ER_SYSTEM

Unknown user Invalid session handle Invalid parameter(s) Generic (undefined) error

Refer to Return Values on page 40 for a complete list of possible return values.
Remarks

This interface is an extended version of the uva_set_user_identity interface. It is identical to that interface except that it supports the passing in and out of user location information from the SW_DOMAIN user attribute and/or LOGON_OS_LOCATION process attribute. See Password Validation on Windows Systems on page 15 for more information.

TIBCO iProcess User Validation API Users Guide

Back to Library

UV_RCODE uva_set_user_identity_ex ( UV_SH uvsh, UV_PSTR pEncrUserName );

uva_get_user_identity 39

uva_get_user_identity
Purpose

Returns the encrypted VPIU name that relates to the current processes execution context.
UV_RCODE uva_get_user_identity ( UV_SH uvsh, UV_PSTR pEncrUserNameBuf, UV_SIZE iNameBufSize );

Prototype

Parameters

Parameter uvsh pEncrUserNameBuf iNameBufSize

Type IN OUT IN Description Success

Description Session handle Pointer to buffer to receive encrypted VPIU name Maximum length of encrypted VPIU name

Return Values

Value SW_OK ER_HANDLE ER_PARAM ER_SYSTEM ER_TOOBIG

Invalid session handle Invalid parameter(s) Generic (undefined) error Value is too large for supplied buffer

Refer to Return Values on page 40 for a complete list of possible return values.
Remarks

If there is no direct mapping between the identity of the execution context and a VPIU, the UVAPI package must supply the name of a compatible VPIU. iProcess will call this interface to determine if the user executing certain iProcess Engine hosted utilities has permissions to perform a requested action.

TIBCO iProcess User Validation API Users Guide

Back to Library

40

| Chapter 2

The TIBCO iProcess User Validation API

Return Values
All user validation interfaces (apart from the uva_initialise function) return an integer return code with the following type:
typedef int UV_RCODE

Return codes are classified as follows: Value >0 0 <0 Description Success Failure (but not an error) Failure (an error condition)

The following values can be returned. Refer to each interface description to see which values each interface returns. Return Value SW_OK SW_EOF ER_HANDLE ER_PARAM ER_SYSTEM ER_TOOBIG ER_NOTFOUND ER_SECCANTCHNG ER_SECBADNEWPSWD ER_SECBADUSER ER_SECUNKNOWN Description Success No more users available Invalid session handle Invalid parameter(s) Generic (undefined) error Value is too large for supplied buffer Unknown user Cannot change password for this user New password is invalid Unknown user Generic (undefined) security error

TIBCO iProcess User Validation API Users Guide

Back to Library

Return Values 41

Return Value ER_SECBADPSWD ER_SECBADPERMS ER_SECEXPIRED ER_SECDISABLED ER_SECBADWKSTN ER_SECBADHOURS ER_SECLOCKOUT ER_USERDISABLED

Description Password is invalid Permissions are incorrect for this operation Password has expired This user account is disabled Login/Validation is not allowed from this location Login/Validation is not allowed at this time

The account has been disabled

TIBCO iProcess User Validation API Users Guide

Back to Library

The account has been locked

42

| Chapter 2

The TIBCO iProcess User Validation API

TIBCO iProcess User Validation API Users Guide

Back to Library

You might also like