ClearBox Server v1.2 Developer's Guide |
ITACACSProxyPolicy::GetAutorejectAttributesCalled by server before forwarding authorization packet (via FOLLOW action) to remote server to obtain from extension AutoReject Attribute-Value (AV) pairs. If any of pairs in target packet matches any of this reject pairs, whole packet will be rejected without forwarding. HRESULT GetAutorejectAttributes( [in] long tag, [in] TAC_AUTHORPARAMS * authorParams, [out] unsigned long * outpSize, [out] AVPAIR * * outpPairs); Parameters
Return ValuesIf extension returns error code, it is assumed that packet will be forwarded normally. Thread SafetyThis method is called in context of WORK thread. (See Server Threads Model for details.) You should synchronize data which is shared with other threads. Memory ManagementMemory for authorParams fields is allocated and freed by server, so extension must not change them. Memory for outpPairs may be allocated by extension and is freed by server. Example CodeThis code will deny forwarding all authorization requests for shell service, and will reject a user. Packets with other services are forwarded normally. STDMETHODIMP CTest::GetAutorejectAttributes( long tag, TAC_AUTHORPARAMS * authorParams, unsigned long * outpSize, AVPAIR * * outpPairs) { *outpSize=1; *outpPairs=reinterpret_cast<AVPAIR*>( CoTaskMemAlloc(sizeof(AVPAIR))); (*outpPairs)[0].attribute=SysAllocString(L"service"); (*outpPairs)[0].value=SysAllocString(L"shell"); // No other fields are used } See AlsoITACACSProxyPolicy, List of TACACS+ Attribute-Value Pairs, TACACS+ realm stripping and forwarding process © 2001-2003 XPerience Technologies. www.xperiencetech.com |
Created by chm2web html help conversion utility. |