Sm_PolicyApi_Policy_t

Contents
casso10
Contents
Defines a
CA Single Sign-On
Policy object.
Syntax
typedef struct Sm_PolicyApi_Policy_s
{
int iStructId;
char pszOid[BFSIZE];
char pszName[BFSIZE];/* Required */
char pszDesc[BFSIZE];
char pszActiveExpr[BFSIZE];
bool bIsEnabled;/* Required */
char pszDomainOid[BFSIZE];/* Required */
long nStartTime;
long nEndTime;
unsigned char   pszTimeGrid[TIMESIZE];
Sm_PolicyApi_IPAddress_t *pIPAddress;
struct Sm_PolicyApi_Policy_s* next;
char pszVariableExpr[BFSIZE]
Sm_PolicyApi_Oid_t* pVariableList;
} Sm_PolicyApi_Policy_t;
Field
Description
iStructId
Policy data structure ID, defined in Sm_PolicyApi_Structs_t.
pszOid
The object identifier of the Policy object.
pszName
Name of the Policy.
pszDesc
Brief description of the Policy.
pszActiveExpr
Active expression associated with the policy. The expression is a string of variable definitions in the following format.
The non-alphanumeric characters are required characters. For example:<@lib="LibName"func="FuncName" param="FuncParam"@>
In the format example:
LibName is the name of the shared library that supports the Active Policy.
FuncName is the name of the actual function in the shared library that implements the Active Policy.
FuncParam is an optional list of parameters to be passed to the function in the shared library.
bIsEnabled
Flag to enable or disable the policy.
pszDomainOid
The object identifier of the domain. Required for domain-specific policy; ignored for global policy.
nStartTime
The time when the time restriction becomes effective. This value is stored in standard time_t format. Set
nStartTime
to 0 to start the time restriction immediately.
nEndTime
The time when the time restriction expires. This value is stored in standard time_t format. Set
nEndTime
to 0 to end the time restriction immediately.
pszTimeGrid
An array containing time restrictions for an entire week.
pIPAddress
IP address that user must use in order to gain access to the resources governed by the Policy.
next
Pointer to the next Policy structure.
pszVariableExpr
Unique object identifier that corresponds to a variable type.
pVariableList
Linked list of variable OIDs used by this expression.
Time Grid Array
The time grid array (used with the field
pszTimeGrid
) holds time restrictions for an entire week. The array contains a one-byte element for every hour of the day, starting with 12 AM. In every byte, the seven days of the week are represented, beginning with Sunday as the lowest order bit. Bits that are set enable the policy to fire. A zero bit prevents the policy from firing on that day during the associated hour.
Examples:
  • To disable policy firing for the hour 12-1 AM on Saturdays and Sundays, the hexadecimal value for the entire grid is:
    3E7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F
  • To fire the policy at all times, leave all bits set:
    7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F7F
  • To restrict the policy from being fired all day Thursday, turn off the Thursday bit in all the hour elements:
    6F6F6F6F6F6F6F6F6F6F6F6F6F6F6F6F6F6F6F6F6F6F6F6F
  • To restrict the policy from being fired from 8 AM to 10AM on Tuesday, turn off the Tuesday bit in hours 8 AM and 9 AM:
    7F7F7F7F7F7F7F7F7C7C7F7F7F7F7F7F7F7F7F7F7F7F7F7F
  • To fire between 8 AM and 8 PM on all days:
    00000000000000007F7F7F7F7F7F7F7F7F7F7F7F00000000