ClearBox Server™ v1.2 Developer's Guide

IRADIUSAuthentication::GetChallengeResponseAttributes

Called by server after extension has returned ACCESS_CHALLENGE in response to IRADIUSAuthentication::CanAuthenticate method call, to obtain attributes to include in challenge packet.

HRESULT GetChallengeResponseAttributes(
	[in] long tag,
	[in] AUTHENTYPE authType,
	[in] USERINFOLITE * userInf,
	[out] unsigned char * waitForAttribute,
	[out] unsigned long * attrNumOut,
	[out] RADIUS_ATTRIBUTE * * outpAttributes);

Parameters

tag
[in] Unique value identifying RADIUS packet in whose context this method is called.
authType
[in] Type of authentication. See Authentication Methods article for more details.
userInf
[in] Describes user being authenticated.
waitForAttribute
[out] Type of attribute that server extension wishes to receive in reply to this challenge. It's ignored when no attributes are returned in outpAttributes. This attribute will be passed to ChallengeDataReply method when matching Access-Request will be received. If waitForAttribute is set to 2 (User-Password attribute) then response data will be extracted from User-Password attribute and passed to ChallengeDataReply as stored attribute already unencrypted.
attrNumOut
[out] If extension wants to include some attributes in the challenge response packet, this parameter must be set to the number of attributes pointed by outpAttributes.
outpAttributes
[out] If extension wants to include some attributes in the challenge response packet, it must set this parameter to an array of attributes allocated by calling CoTaskMemAlloc.

Return Values

If extension returns error code, it is assumed that no attributes were returned, but challenge-reponse is still sent.

Thread Safety

This method is called in context of WORK thread. (See Server Threads Model for details.) You should synchronize data which is shared with other threads.

Memory Management

Memory for userInf fields is allocated and freed by server, so extension must not change them.

Memory for outpAttributes is allocated by extension and is freed by server.

Remarks

If any attributes are returned in outpAttributes, flags attribute field must be explicitly set to 0 or any appropriate value.

Example Code

This code returns two attributes which must be included in challenge response packet.

STDMETHODIMP CTest::GetChallengeResponseAttributes(
	long tag, AUTHENTYPE authType,
	USERINFOLITE * userInf, unsigned char * waitForAttribute,
	unsigned long * attrNumOut, RADIUS_ATTRIBUTE * * outpAttributes )
{
	*waitForAttribute=2; // We expect response in User-Password attribute
	if (authType==AT_PAP)
	{
		*attrNumOut=2;
		*outpAttributes=reinterpret_cast<RADIUS_ATTRIBUTE*&gr;(
			CoTaskMemAlloc(sizeof(RADIUS_ATTRIBUTE)*2));
			
		(*outpAttributes)[0].type=18; // "Reply-Message" attribute
		(*outpAttributes)[0].valType=RADTXT;
		(*outpAttributes)[0].txtValue=SysAllocString(
			L"Please, re-enter your password");
		(*outpAttributes)[0].flags=0;
		
		(*outpAttributes)[1].type=76; // "Prompt" attribute
		(*outpAttributes)[1].valType=RADINT;
		(*outpAttributes)[1].dwValue=0; // "No echo" value
		(*outpAttributes)[1].flags=0;
	}
	return S_OK;
}

See Also

IRADIUSAuthentication, IRADIUSAuthentication::CanAuthenticate, IRADIUSAuthentication::ChallengeDataReply, Authentication concepts, RADIUS specific authentication

© 2001-2003 XPerience Technologies. www.xperiencetech.com

Created by chm2web html help conversion utility.