ClearBox Server™ v1.2 Developer's Guide

IRADIUSAuthentication::GetRejectResponseAttributes

Called by server when user has not passed authentication, so to obtain attributes which should be included in reject packet.

HRESULT GetRejectResponseAttributes(
	[in] long tag,
	[in] AUTHENTYPE authType,
	[in] AUTHENRESULT authRes,	
	[in] USERINFOLITE * userInf,
	[out] unsigned long * attrNumOut,
	[out] RADIUS_ATTRIBUTE * * outpAttributes);

Parameters

tag
[in] Unique value identifying RADIUS packet in whose context this method is called.
authType
[in] Type of authentication. See Authentication Methods article for more details.
authRes
[in] Value, explaining reject reason.
userInf
[in] Describes user.
attrNumOut
[out] If extension returns attributes it must set this parameter to the number of attributes pointed by outpAttributes.
outpAttributes
[out] If extension returns attributes, it must allocate memory for array of attributes calling CoTaskMemAlloc.

Return Values

If extension returns error code, it is assumed that no attributes were returned.

Thread Safety

This method is called in context of WORK thread. (See Server Threads Model for details.) You should synchronize data which is shared with other threads.

Memory Management

Memory for userInf fields is allocated and freed by server, so extension must not change them.

Memory for outpAttributes is allocated by extension and is freed by server.

Remarks

If attrNumOut=0 or *outpAttributes=NULL then server doesn't add any attributes (except for possible debug Reply-Message) in reject packet.

If any attributes are returned in outpAttributes, flags attribute field must be explicitly set to 0 or any appropriate value.

Example Code

This code makes server return Password-Retry attribute instructing NAS to give user 3 attempts to enter correct password.

STDMETHODIMP CTest::GetRejectResponseAttributes(long tag,
	AUTHENTYPE authType, USERINFOLITE * userInf,
	unsigned long * attrNumOut, RADIUS_ATTRIBUTE * * outpAttributes)
{
	if (authType==AT_PAP)
	{
		*attrNumOut=1;
		*outpAttributes=reinterpret_cast<RADIUS_ATTRIBUTE*&gr;(
			CoTaskMemAlloc(sizeof(RADIUS_ATTRIBUTE)));

		(*outpAttributes)[0].type=75; // "Password-Retry" attribute
		(*outpAttributes)[0].valType=RADINT;
		(*outpAttributes)[0].dwValue=3;
		(*outpAttributes)[0].flags=0;
	}

	return S_OK;
}

See Also

IRADIUSAuthentication, Authentication concepts, RADIUS specific authentication


© 2001-2003 XPerience Technologies. www.xperiencetech.com

Created by chm2web html help conversion utility.