ClearBox Server v1.2 Developer's Guide |
IRADIUSAuthentication::GetRejectResponseAttributesCalled by server when user has not passed authentication, so to obtain attributes which should be included in reject packet. HRESULT GetRejectResponseAttributes( [in] long tag, [in] AUTHENTYPE authType, [in] AUTHENRESULT authRes, [in] USERINFOLITE * userInf, [out] unsigned long * attrNumOut, [out] RADIUS_ATTRIBUTE * * outpAttributes); Parameters
Return ValuesIf extension returns error code, it is assumed that no attributes were returned. Thread SafetyThis method is called in context of WORK thread. (See Server Threads Model for details.) You should synchronize data which is shared with other threads. Memory ManagementMemory for userInf fields is allocated and freed by server, so extension must not change them. Memory for outpAttributes is allocated by extension and is freed by server. RemarksIf attrNumOut=0 or *outpAttributes=NULL then server doesn't add any attributes (except for possible debug Reply-Message) in reject packet. If any attributes are returned in outpAttributes, flags attribute field must be explicitly set to 0 or any appropriate value. Example CodeThis code makes server return Password-Retry attribute instructing NAS to give user 3 attempts to enter correct password. STDMETHODIMP CTest::GetRejectResponseAttributes(long tag, AUTHENTYPE authType, USERINFOLITE * userInf, unsigned long * attrNumOut, RADIUS_ATTRIBUTE * * outpAttributes) { if (authType==AT_PAP) { *attrNumOut=1; *outpAttributes=reinterpret_cast<RADIUS_ATTRIBUTE*&gr;( CoTaskMemAlloc(sizeof(RADIUS_ATTRIBUTE))); (*outpAttributes)[0].type=75; // "Password-Retry" attribute (*outpAttributes)[0].valType=RADINT; (*outpAttributes)[0].dwValue=3; (*outpAttributes)[0].flags=0; } return S_OK; } See AlsoIRADIUSAuthentication, Authentication concepts, RADIUS specific authentication © 2001-2003 XPerience Technologies. www.xperiencetech.com |
Created by chm2web html help conversion utility. |