ClearBox Server™ v1.2 Developer's Guide

IRADIUSProxyPolicy::GetAutorejectAttributes

Called by server before forwarding packet to remote server or sending packet back to client to obtain from extension list RADIUS AutoReject attributes. If any of attributes from packet (both sent and received from remote server) match any of these attributes, packet is rejected.

HRESULT GetAutorejectAttributes(
	[in] long tag,
	[in] USERINFOLITE * userInf,
	[in] VARIANT_BOOL authenPacket,
	[in] VARIANT_BOOL proxyResponse,
	[in,out] unsigned long * attrNumOut,
	[in,out] RADIUS_ATTRIBUTE * * outpAttributes);

Parameters

tag
[in] Unique value identifying RADIUS packet in whose context this method is called.
userInf
[in] Describes user.
authenPacket
[in] Specifies whether attributes are requested for authentication packet (VARIANT_TRUE) or accounting packet (VARIANT_FALSE).
proxyResponse
[in] Specifies whether attributes are requested for the response packet received from remote server (VARIANT_TRUE) or for request packet which will be forwarded (VARIANT_FALSE).
attrNumOut
[in,out] If extension returns AutoReject attributes, it must set this parameter to the number of attributes in array pointed by outpAttributes.
outpAttributes
[in,out] If extension returns AutoReject attributes, it must set this parameter to array of attributes allocated by CoTaskMemAlloc.

Return Values

If extension returns error code, it is assumed that no attributes were returned.

Thread Safety

This method is called in context of PROX thread. (See Server Threads Model for details.) You should synchronize data which is shared with other threads.

Memory Management

Memory for userInf fields is allocated and freed by server, so extension must not change them.

Memory for outpAttributes may be allocated by extension and is freed by server.

Remarks

If any attributes are returned in outpAttributes, flags attribute field must be explicitly set to 0 or any appropriate value.

Example Code

This code denies to forward authentication packets from "Realm1" realm for users requesting framed service, so user will be rejected.

STDMETHODIMP CTest::GetAutorejectAttributes(
	long tag,	USERINFOLITE * userInf,
	VARIANT_BOOL authenPacket, VARIANT_BOOL proxyResponse,
	unsigned long * attrNumOut, RADIUS_ATTRIBUTE * * outpAttributes)
{
	if (wcscmp(userInf->realmName,L"Realm1")==0 && proxyResponse==VARIANT_FALSE 
		&& authenPacket==VARIANT_TRUE)
	{
		*attrNumOut=1;
		*outpAttributes=reinterpret_cast<RADIUS_ATTRIBUTE>(
			CoTaskMemAlloc(sizeof(RADIUS_ATTRIBUTE)*1));
		(*outpAttributes)[0].type=6; // "Service-Type" attribute
		(*outpAttributes)[0].valType=RADINT;
		(*outpAttributes)[0].dwValue=2; // "Framed" value
		(*outpAttributes)[0].flags=0;
	}

	return S_OK;
}

See Also

IRADIUSProxyPolicy, Realms and packet forwarding, RADIUS packet forwarding


© 2001-2003 XPerience Technologies. www.xperiencetech.com

Created by chm2web html help conversion utility.