ClearBox Server v1.2 Developer's Guide |
IRADIUSAuthorization::GetResponseAttributesCalled by server to obtain from extension RADIUS list of Response attributes. These attributes will be included in response packet. Also extension makes authorization processing here. HRESULT GetResponseAttributes( [in] long tag, [in] USERINFOLITE * userInf, [in] unsigned long attrNumIn, [in] RADIUS_ATTRIBUTE * inpAttributes, [out] unsigned long * attrNumOut, [out] RADIUS_ATTRIBUTE * * outpAttributes, [out] BSTR * explainString, [out] RADAUTHENREPLY * replyType); Parameters
Return ValuesIf extension returns error code, it is assumed that no attributes were returned and replyType=ACCESS_UNDEFINED was specified. Thread SafetyThis method is called in context of WORK thread. (See Server Threads Model for details.) You should synchronize data which is shared with other threads. Memory ManagementMemory for userInf fields is allocated and freed by server, so extension must not change them. Memory for inpAttributes is allocated and freed by server. Memory for outpAttributes and explainString may be allocated by extension and is freed by server. RemarksIf any attributes are returned in outpAttributes, flags attribute field must be explicitly set to 0 or any appropriate value. If F_ECHO value is specified for an attribute, value for this attribute is taken from an attribute with the same type from request packet, if found, or from RequestMatch attribute with the same type and F_DEFAULT flag set. See RADIUS authorization for details. Example CodeThis code rejects user if he requests service other than Framed. If no Service-Type is specified in request packet, extension adds this service to response packet. Additionally it instructs NAS to limit user's session by 3600 seconds. STDMETHODIMP CTest::GetResponseAttributes( long tag, USERINFOLITE * userInf, unsigned long attrNumIn, RADIUS_ATTRIBUTE * inpAttributes, unsigned long * attrNumOut, RADIUS_ATTRIBUTE * * outpAttributes, BSTR * explainString, RADAUTHENREPLY * replyType) { bool framed=false; bool serviceFound=false; *replyType=ACCESS_ACCEPT; for (int i=0;i<attrNumIn;i++) { if (inpAttributes[i].type==6) // "Service-Type" attribute { serviceFound=true; if (inpAttributes[i].dwValue==2) // "Framed" value framed=true; break; } } if (!serviceFound) { *outpAttributes=reinterpret_cast<RADIUS_ATTRIBUTE*>( CoTaskMemAlloc(sizeof(RADIUS_ATTRIBUTE))); (*outpAttributes)[0].type=6; // "Service-Type" attribute (*outpAttributes)[0].valType=RADINT; (*outpAttributes)[0].dwValue=2; //"Framed" value (*outpAttributes)[0].flags=0; framed=true; } else { if (!framed) *replyType=ACCESS_REJECT; } if (framed) { *attrNumOut=1; *outpAttributes=reinterpret_cast<RADIUS_ATTRIBUTE*>( CoTaskMemAlloc(sizeof(RADIUS_ATTRIBUTE))); (*outpAttributes)[0].type=27; // "Session-Timeout" attribute (*outpAttributes)[0].valType=RADINT; (*outpAttributes)[0].dwValue=3600; (*outpAttributes)[0].flags=0; } return S_OK; } See AlsoIRADIUSAuthorization, IRADIUSAuthorization::NeedAllAttributes, RADIUS Attributes, Authorization concepts, RADIUS authorization © 2001-2003 XPerience Technologies. www.xperiencetech.com |
Created by chm2web html help conversion utility. |