ClearBox Server v1.2 Developer's Guide |
ITACACSAuthentication::CanAuthenticateCalled by server after user has been authenticated with his password. HRESULT CanAuthenticate( [in] long tag, [in] TAC_AUTHEN_LITE * authenParams, [out] BSTR * explainString, [out] unsigned char * tacacsStatus); Parameters
Return ValuesIf extension returns error code, it is assumed that user failed to pass authentication as if tacacsStatus was set to TAC_PLUS_AUTHEN_STATUS_ERROR. Thread SafetyThis method is called in context of WORK thread. (See Server Threads Model for details.) You should synchronize data which is shared with other threads. Memory ManagementMemory for authenParams fields is allocated and freed by server, so extension must not change them. Extension may allocate memory for explainString, and it is freed by server. Example CodeThis code will not authenticate users from "RemoteOffice" realm attempting to authenticate using LOGIN service. STDMETHODIMP CTest::CanAuthenticate( long tag, TAC_AUTHEN_LITE * authenParams, BSTR * explainString, unsigned char * tacacsStatus) { if (wcscmp(authenParams->realmName,L"RemoteOffice")==0 && service==1 // "LOGIN" service { *tacacsStatus=2; // "FAIL" status *explainString=SysAllocString(L"Not allowed. Sorry."); } else *tacacsStatus=1; // "PASS" status return S_OK; } See AlsoITACACSAuthentication, Authentication concepts, TACACS+ specific authentication © 2001-2003 XPerience Technologies. www.xperiencetech.com |
Created by chm2web html help conversion utility. |