ClearBox Server™ v1.2 Developer's Guide

IRADIUSAuthorization::GetRequestMatchAttributes

Called by server to obtain from extension RADIUS list of RequestMatch attributes. If attributes from request packet doesn't match any of these attributes, packet is rejected.

HRESULT GetRequestMatchAttributes(
	[in] long tag,
	[in] USERINFOLITE * userInf,
	[out] unsigned long * attrNumOut,
	[out] RADIUS_ATTRIBUTE * * outpAttributes);

Parameters

tag
[in] Unique value identifying RADIUS packet in whose context this method is called.
userInf
[in] Describes user.
attrNumOut
[out] If extension returns RequestMatch attributes, it must set this parameter to the number of attributes in array pointed by outpAttributes.
outpAttributes
[out] If extension returns RequestMatch attributes, it must set this parameter to array of attributes allocated by CoTaskMemAlloc. F_NOVALUE flag can be set to any attributes to specify that attribute matching is made by their type only, disregarding attributes values.

Return Values

If extension returns error code, it is assumed that no attributes were returned.

Thread Safety

This method is called in context of WORK thread. (See Server Threads Model for details.) You should synchronize data which is shared with other threads.

Memory Management

Memory for userInf fields is allocated and freed by server, so extension must not change them.

Memory for outpAttributes may be allocated by extension and is freed by server.

Remarks

If any attributes are returned in outpAttributes, flags attribute field must be explicitly set to 0 or any appropriate value (F_DEFAULT). See RADIUS authorization for more details.

Example Code

This code will make RADIUS server reject all packets containing Service-Type other than Framed. If there's no Service-Type attribute in request packet, it will be not rejected due to F_DEFAULT flag. 

STDMETHODIMP CTest::GetRequestMatchAttributes(
	long tag, USERINFOLITE * userInf,
	unsigned long * attrNumOut, RADIUS_ATTRIBUTE * * outpAttributes)
{
	*attrNumOut=1;
	*outpAttributes=reinterpret_cast<RADIUS_ATTRIBUTE*&gr;(
		CoTaskMemAlloc(sizeof(RADIUS_ATTRIBUTE)));
			
	(*outpAttributes)[0].type=6; // "Service-Type" attribute
	(*outpAttributes)[0].valType=RADINT;
	(*outpAttributes)[0].dwValue=2; // "Framed" value
	(*outpAttributes)[0].flags=F_DEFAULT;
	
	return S_OK;
}

See Also

IRADIUSAuthorization, RADIUS Attributes, Authorization concepts, RADIUS authorization

© 2001-2003 XPerience Technologies. www.xperiencetech.com

Created by chm2web html help conversion utility.