IRADIUSRealmStripping::RADIUSRealmStrip

Called by server to determine whether the request packet will be proxy-forwarded, and/or to strip user name and realm name from RADIUS attributes.

HRESULT RADIUSRealmStrip(
	[in] long tag,
	[in,out] USERINFOLITE * userInf,
	[in] VARIANT_BOOL authenPacket,
	[in] unsigned long attrNum,
	[in] RADIUS_ATTRIBUTE * attribList,
	[out] VARIANT_BOOL * forwardPacket,
	[out] FORWARDADDRESS * fwdAddress,
	[in, out] VARIANT_BOOL* const returnChangedName,
	[out] VARIANT_BOOL * nameOK);

Parameters

tag

[in] Unique value identifying RADIUS packet in whose context this method is called.

userInf

[in,out] Describes user. If there was no User-Name attribute in packet, userName field is an empty string (NULL). If extension needs to change user name, it must reallocate userName field with call to SysReAllocString. If extension is capable of realms stripping, realmName field may be allocated as realm name string with SysAllocString.

authenPacket

[in] Specifies whether it is authentication packet (VARIANT_TRUE) or accounting (VARIANT_FALSE).

attrNum

[in] Number of attributes in attribList array, which contains all attributes found in request packet.

attribList

[in] Array of attributes from request packet.

forwardPacket

[out] If extension decides to forward this request, this parameter must be set to VARIANT_TRUE, VARIANT_FALSE to process packet locally.

fwdAddress

[out] If extension proxy-forwards this request and forwardPacket is set to VARIANT_TRUE, this structure must be filled with host address to which packet should be forwarded and with packet retransmission parameters.

returnChangedName

[in, out] Specifies whether userName field of userInf contains new username different from original and it must be returned as UserName attribute in Accept-Response (VARIANT_TRUE), or no User-Name attribute will be put in response packet, even if user name was changed for internal use (VARIANT_FALSE). This makes sense for authentication packets only, ignored for accounting.

nameOK

[out] If user name has valid format and/or packet is forwarded, then this must be set to VARIANT_TRUE. Otherwise user will be rejected.

Return Values

If extension returns error code and User-Name attribute string value is empty, user is.

Thread Safety

This method is called in context of WORK thread. (See Server Threads Model for details.) You should synchronize data which is shared with other threads.

Memory Management

Memory for userInf fields is allocated and freed by server, so if extension changes userName field, it must reallocate memory for it by calling SysReAllocString. If extension defines a realm for a user, it must allocate realmName field with realm name calling SysAllocString.

Memory for attribList is allocated and freed by server.

Remarks

Extension may transform name of a user, and it will appear updated in all further calls to server extension methods.

Example Code

This code finds NAS-Id attribute in the packet first. If it is equal to hard-coded value "SomeAccessServer", extension instructs server to forward this packet to specified server. In all other cases extension finds '@' character in user's name. If there's no such character, user is rejected. If name is valid, it is replaced by first part (suffix) and treated as actual user name.

STDMETHODIMP CTest::RADIUSRealmStrip(long tag,
	USERINFOLITE * userInf, unsigned long attrNum,
	RADIUS_ATTRIBUTE * attribList, VARIANT_BOOL * forwardPacket,
	FORWARDADDRESS * fwdAddress, VARIANT_BOOL* const returnChangedName,
	VARIANT_BOOL * nameOK)
{
	*forwardPacket=VARIANT_FALSE;
	*nameOK=VARIANT_TRUE;
	BSTR nasID=NULL;
	for (int i=0;i<i++)
	{
		if (attribList[i].type==32) // If it is NAS-Identifier
		{
			nasID=SysAllocStringByteLen(
				reinterpret_cast(attribList[i].strValue),
				attribList[i].strSize);
			break;			
		}
	}
	if (nasID!=NULL && wcscmp(nasID,L"SomeAccessServer")==0)
	{
		*forwardPacket=VARIANT_TRUE;
		fwdAddress->proxyIPAddress=inet_addr("127.0.0.1");
		fwdAddress->port=1812;
		fwdAddress->retries=1;
		fwdAddress->waitSecs=3;
	}
	else
	{
		std::wstring str=userInf->userName;
		size_type pos=str.find(L'@');
		if (pos==str.npos)
			*nameOK=VARIANT_FALSE;
		else
		{
			*returnChangedName=VARIANT_TRUE;
			SysReAllocString(&(userInf->userName),
				str.substr(0,pos).c_str());
		}
	}
	
	SysFreeString(nasID);
	return S_OK;
}

See Also

IRADIUSRealmStripping, Realms and packet forwarding, RADIUS authentication packet processing, RADIUS accounting packet processing, RADIUS packet forwarding