ClearBox Server™ v1.2 Developer's Guide

ITACACSAuthentication::CanAuthenticate

Called by server after user has been authenticated with his password.

HRESULT CanAuthenticate(
	[in] long tag,
	[in] TAC_AUTHEN_LITE * authenParams,
	[out] BSTR * explainString,
	[out] unsigned char * tacacsStatus);

Parameters

tag
[in] Unique value identifying TACACS+ packet in whose context this method is called.
authenParams
[in] Describes user.
explainString
[out] If extension does not authenticate user and can give human-readable explanation of it, it should set this parameter by calling SysAllocString.
tacacsStatus
[out] Extension returns the result of authentication by setting this parameter to one of the following values:

  • TAC_PLUS_AUTHEN_STATUS_PASS (User is accepted)
  • TAC_PLUS_AUTHEN_STATUS_FAIL (User is rejected)
  • TAC_PLUS_AUTHEN_STATUS_RESTART (The authentication sequence should be restarted with a new START packet from the client)
  • TAC_PLUS_AUTHEN_STATUS_ERROR (Error occurred)

Return Values

If extension returns error code, it is assumed that user failed to pass authentication as if tacacsStatus was set to TAC_PLUS_AUTHEN_STATUS_ERROR.

Thread Safety

This method is called in context of WORK thread. (See Server Threads Model for details.) You should synchronize data which is shared with other threads.

Memory Management

Memory for authenParams fields is allocated and freed by server, so extension must not change them.

Extension may allocate memory for explainString, and it is freed by server.

Example Code

This code will not authenticate users from "RemoteOffice" realm attempting to authenticate using LOGIN service.

STDMETHODIMP CTest::CanAuthenticate(
	long tag, TAC_AUTHEN_LITE * authenParams,
	BSTR * explainString, unsigned char * tacacsStatus)
{
	if (wcscmp(authenParams->realmName,L"RemoteOffice")==0 
		&& service==1 // "LOGIN" service
	{
		*tacacsStatus=2; // "FAIL" status
		*explainString=SysAllocString(L"Not allowed. Sorry.");
	}
	else
		*tacacsStatus=1; // "PASS" status
	
	return S_OK;
}

See Also

ITACACSAuthentication, Authentication concepts, TACACS+ specific authentication

© 2001-2003 XPerience Technologies. www.xperiencetech.com

Created by chm2web html help conversion utility.