ITACACSAuthorization::DefaultBehavior

Called by server after requesting attribute-value pairs to determine authorization policy.

HRESULT DefaultBehavior(
	[in] long tag,
	[in] TAC_AUTHORPARAMS * authorParams,
	[in] BSTR service,
	[in] BSTR protocol,
	[out] VARIANT_BOOL * permitMandatory,
	[out] VARIANT_BOOL * permitOptional);

Parameters

tag

[in] Unique value identifying TACACS+ packet in whose context this method is called.

authorParams

[in] Authorization packet data.

service

[in] Requested service. It is the value taken from service=x attribute-value pair.

protocol

[in] Requested protocol. It's used with some service values. It is taken from protocol=x attribute-value pair and can be an empty string (be NULL) if protocol AV pair is not present.

permitMandatory

[out] Specifies whether server should permit mandatory attribute-value pair proposed by NAS but not found among pairs returned by ITACACSAuthorization::GetAVPairs (VARIANT_TRUE), or deny it (VARIANT_TRUE).

permitOptional

[out] Specifies whether server should permit optional attribute-value pair proposed by NAS but not found among pairs returned by ITACACSAuthorization::GetAVPairs (VARIANT_TRUE), or deny it (VARIANT_TRUE).

Return Values

If extension returns error code, permitMandatory and permitOptional are defined by TACACS+ security settings.

Thread Safety

This method is called in context of WORK thread. (See Server Threads Model for details.) You should synchronize data which is shared with other threads.

Memory Management

Memory for authorParams fields, service, protocol is allocated and freed by server, so extension must not change them.

See Also

ITACACSAuthorization, ITACACSAuthorization::GetAVPairs, Authorization concepts, TACACS+ authorization packet processing