report
Description
A built-in reporting functionality that can send information when something happens to EventViewer/Registry or a file. The reporting is generic and is usually called on as part of an action:
$ netid.exe -report eventlog …
$ netid.exe -report registry …
$ netid.exe -report file …
Options
eventlog
netid.exe -report [eventlog -application <app> -number <token number> [-result <rv>]|[-info <info>]]
- -application <app>
-
Application name.
- -number <token number>
-
Token number.
- -result <rv>
-
The <rv> variable is the PKCS#11 return code. There are four standard values that are the usual return codes: 160, 161, 162, and 164.
#define CKR_PIN_INCORRECT 0x000000A0 #define CKR_PIN_INVALID 0x000000A1 #define CKR_PIN_LEN_RANGE 0x000000A2 #define CKR_PIN_LOCKED 0x000000A4
Still, any PKCS#11 return code can be reported, as long as the return code has a defined error string in the language tables.
Reporting is also available for success or any other information scenarios.
- -info <info>
-
Information to show if the result argument is not used.
There are some limitations due to the event viewer architecture, require resources in the binary for language translation. To allow for the flexible language support in Net iD Client all events are stored with the same event ID. You must open the event to see what really happened.
registry
There are times when you need to set some registry values to report a logon. You should be able to do the same thing using the config command, but the method described here is considered as best practice.
netid.exe -report [registry -path <path> -names <name-list> …]
- -path <path>
-
Registry key path.
- -names <names>
-
List of value names. The list is optional and the default values are
"user;time;result;info;number". The user and time values are automatically set to current user and the current time (GMT).
file
The report file command adds a new line with information to a file.
netid.exe -report [file -path <path> -value <value>]
- -path <path>
-
Full path to the file that stores the information.
- -value <value>
-
Anything that can be found from the logon credentials and extracted using the built-in variable expansion.
Examples
eventlog
$ netid.exe -report eventlog -application myapp.exe -number 12345678 -result 160
-info <info>.Instead of result you should send the information you need reported.
$ netid.exe -report eventlog -application myapp.exe -number 12345678 -info "Whatever happens happens"
#define EVENTLOG_ERROR_TYPE 0x0001 #define EVENTLOG_WARNING_TYPE 0x0002 #define EVENTLOG_INFORMATION_TYPE 0x0004
$ netid.exe -report eventlog -application myapp.exe -number 12345678 -info "Whatever happens happen" -type 2
registry
$ netid.exe -report registry -path HKCU\Software\Pointsharp\NetiD -result 160 -number 12345678 -application myapp.exe
[HKEY_CURRENT_USER\Software\Pointsharp\NetiD]
"User"="user@pointsharp.com"
"Time"="2019-04-23 14:23:20"
"Result"="PIN is incorrect. (E11)"
"Number"="12345678"The value is overwritten at next logon, and no history is kept. It can be useful for some applications that need this information.
[Report]
01=LoginSuccessLOGON registry -path HKCU\Software\Pointsharp\NetiD -names "user;time;number" -number {token-number}
[HKEY_CURRENT_USER\Software\Pointsharp\NetiD]
"User"="user@pointsharp.com"
"Time"="2019-04-23 14:23:20"
"Number"="98011000000123456"file
The content of value can be anything that is found from the logon credentials and extracted using the built-in variable expansion.
[Report]
01=LoginSuccessPKCS11 file -path C:\Temp\logon.txt -value "{username},{token-number},{time-string},OK"
02=LoginFailedPKCS11 file -path C:\Temp\logon.txt -value "{username},{token-number},{time-string},{result-string}"