ClearBox Server™ v1.2 Developer's Guide

IRADIUSProcessor::PostProcessPacket

Called by server after authentication response packet was formed to give extension chance to modify it.

HRESULT PostProcessPacket(
	[in] long clientIPAdress,
	[in] long tag,
	[in,out] RADIUS_PACKET * retPacket,
	[out] VARIANT_BOOL * updatePacket);

Parameters

clientIPAdress
[in] IP address of the client that sent the request packet.
tag
[in] Unique value identifying RADIUS packet in whose context this method is called.
retPacket
[in] Response packet formed by server ready to return to client. PacketID, PacketCode, attributes and attrNum are valid fields. All other fields are set by server later.
statusOK
[out] If extension change some fields of retPacket (only valid ones), it must set this parameter to VARIANT_TRUE, VARIANT_FALSE otherwise to specify that server should return original retPacket.

Return Values

If extension returns error code, it is assumed that no packet was not processed by extension.

Thread Safety

This method is called in context of WORK thread. (See Server Threads Model for details.) You should synchronize data which is shared with other threads.

Memory Management

Memory for contents of retPacket is allocated and freed by server, extension may reallocate attributes field calling CoTaskMemRealloc. Extension must free memory for attributes which it may exclude from attributes field of retPacket.

Remarks

This method is called for authentication packets only. It is not called for packets rejected by Auto-Reject name (used to check RADIUS server availability), packets returned by server immediately after call to IRADIUSProcessor::ProcessPacket, forwarded packets and for packets rejected after call to IRADIUSRealmStripping::RADIUSRealmStrip.

Example Code

This code changes response packet code from Access-Challenge to Access-Reject (all other types are not changed) and removes all Reply-Message attributes.

STDMETHODIMP CTest::PostProcessPacket(
	long clientIPAdress, long tag, RADIUS_PACKET * retPacket,
	VARIANT_BOOL * updatePacket)
{
	if (retPacket->packetCode!=11) // Access-Challenge code
	{
		*updatePacket=VARIANT_FALSE;
		return S_OK;
	}
	
	*updatePacket=VARIANT_TRUE;
	retPacket->packetCode=3; // Access-Reject code
	
	int replyMesFound=0;
	for (int i=0;i<retPacket->attrNum;i++)
		// "Reply-Message" attribute
		if (retPacket->attributes[i].type==18) 
			replyMesFound++;
	
	if (replyMesFound==retPacket->attrNum)
		return S_OK;
		
	// Create new array
	RADIUS_ATTRIBUTE* pNewAttrs=reinterpret_cast<RADIUS_ATTRIBUTE>(
			CoTaskMemAlloc(
			sizeof(RADIUS_ATTRIBUTE)*(retPacket->attrNum-replyMesFound)));
	int y=0;
	for (int i=0;i<retPacket->attrNum;i++)
	{
		// remove attribute
		if (retPacket->attributes[i].type==18)
		{
			SysFreeString(retPacket->attributes[i].txtValue);
			continue;
		}
		
		//copy attribute
		pNewAttrs[y]=retPacket->attributes[i];
		y++;
	}
	
	// Free old array
	CoTaskMemFree(retPacket->attributes);
	retPacket->attributes=pNewAttrs;

	return S_OK;
}

See Also

IRADIUSProcessor, RADIUS concepts, RADIUS authentication packet processing


© 2001-2003 XPerience Technologies. www.xperiencetech.com

Created by chm2web html help conversion utility.