ClearBox Server™ v1.2 Developer's Guide

IRADIUSProxyPolicy::GetReplaceAttributes

Called by server before forwarding packet to remote server or sending packet back to client to obtain from extension list of RADIUS attributes which should be added/removed/changed. If any of attributes from packet (both sent and received from remote server) match any of these attributes, they are replaced, deleted or added to the packet sent back.

HRESULT GetReplaceAttributes(
	[in] long tag,
	[in] USERINFOLITE * userInf,
	[in] VARIANT_BOOL authenPacket,
	[in] VARIANT_BOOL proxyResponse,
	[out] unsigned long * attrNumOut,
	[out] RADIUS_ATTRIBUTE * * outpAttributesSrc,
	[out] RADIUS_ATTRIBUTE * * outpAttributesDst);

Parameters

tag
[in] Unique value identifying RADIUS packet in whose context this method is called.
userInf
[in] Describes user.
authenPacket
[in] Specifies whether attributes are requested for authentication packet (VARIANT_TRUE) or accounting packet (VARIANT_FALSE).
proxyResponse
[in] Specifies whether attributes are requested for response packet received in from remote server (VARIANT_TRUE) or for request packet which will be forwarded (VARIANT_FALSE).
attrNumOut
[out] If extension returns add/remove/replace attributes, it must set this parameter to the number of attributes in arrays pointed by outpAttributesSrc and outpAttributesDst.
outpAttributesSrc
[out] If extension returns attributes, it must set this parameter to array of attributes allocated by CoTaskMemAlloc.
outpAttributesDst
[out] If extension returns attributes, it must set this parameter to array of attributes allocated by CoTaskMemAlloc.

Return Values

If extension returns error code, it is assumed that no attributes were returned.

Thread Safety

This method is called in context of PROX thread. (See Server Threads Model for details.) You should synchronize data which is shared with other threads.

Memory Management

Memory for userInf fields is allocated and freed by server, so extension must not change them.

Memory for outpAttributesSrc and outpAttributesDst may be allocated by extension and is freed by server. outpAttributesSrc and outpAttributesDst arrays must have the same size.

Remarks

If type field of an attribute in outpAttributesSrc array is 0 and type field in the item with the same index in outpAttributesDst array is not 0, then attribute from outpAttributesDst is added to the packet. Only type=0 field must be set for attributes in outpAttributesSrc array, no other fields are used.

If type field of an attribute in outpAttributesSrc is not 0 and type field in the item with the same index in outpAttributesDst array is 0, then attribute from outpAttributesDst is removed from sent packet (if found). Only type=0 field must be specified for attributes in outpAttributesDst array, no other fields are used. If extension wants to remove an attribute with the specified type, disregarding its value, F_NOVALUE flag must be set for an attribute in outpAttributesSrc array.

If type field of an attribute in outpAttributesSrc array is not 0 and type field in the item with the same index in outpAttributesDst array is not 0, then attribute from outpAttributesSrc is replaced by the attribute from outpAttributesDst (if found). If extension wants to replace an attribute with the specified type, disregarding its value, F_NOVALUE flag must be set for an attribute in outpAttributesSrc array.

If any attributes are returned in outpAttributesSrc and outpAttributesDst arrays, flags attribute field must be explicitly set to 0 or any appropriate value.

Example Code

This code makes changes in packets returned by remote RADIUS server. First, extension adds Reply-Message attribute. Second, it replaces value of Session-Timeout attribute if returned packet contains it. 

STDMETHODIMP GetReplaceAttributes(long tag,
	USERINFOLITE * userInf,	VARIANT_BOOL authenPacket,
	VARIANT_BOOL proxyResponse,	unsigned long * attrNumOut,
	RADIUS_ATTRIBUTE* * outpAttributesSrc, RADIUS_ATTRIBUTE* * outpAttributesDst)
{
	if (proxyResponse==VARIANT_TRUE)
	{
		*attrNumOut=2;
		*outpAttributesSrc=reinterpret_cast(
			CoTaskMemAlloc(sizeof(RADIUS_ATTRIBUTE)*(*attrNumOut)));
		*outpAttributesDst=reinterpret_cast(
			CoTaskMemAlloc(sizeof(RADIUS_ATTRIBUTE)*(*attrNumOut)));

		(*outpAttributesSrc)[0].type=0; //attribute is added

		(*outpAttributesDst)[0].type=18; // "Reply-Message" attribute is added
		(*outpAttributesDst)[0].valType=RADTXT;
		(*outpAttributesDst)[0].txtValue=SysAllocString(L"Hello, world!");
		(*outpAttributesDst)[0].flags=0;
		
		(*outpAttributesSrc)[1].type=27; // "Session-Timeout" attribute

		// !!! Attention !!!
		// Type of value must be specified 
		// to make server find attribute!
		(*outpAttributesSrc)[1].valType=RADINT; 

		// Find attribute with any value
		(*outpAttributesSrc)[1].flags=F_NOVALUE; 

		// Replace with the same attribute type
		(*outpAttributesDst)[1].type=27; 
		(*outpAttributesDst)[1].valType=RADINT;
		(*outpAttributesDst)[1].dwValue=600;
		(*outpAttributesDst)[1].flags=0;
	}
	
	return S_OK;
}

See Also

IRADIUSProxyPolicy, Realms and packet forwarding, RADIUS packet forwarding

© 2001-2003 XPerience Technologies. www.xperiencetech.com

Created by chm2web html help conversion utility.