ClearBox Server v1.2 Developer's Guide |
ITACACSRealmStripping::TACACSRealmStripAuthenCalled by server to determine whether the request authentication packet will be forwarded and/or to strip user name and realm name from the packet content. HRESULT TACACSRealmStripAuthen( [in] long tag, [in,out] TAC_AUTHEN_LITE * authenParams, [out] VARIANT_BOOL * forwardPacket, [in,out] FORWARDADDRESS * fwdAddress, [out] VARIANT_BOOL * nameOK); Parameters
Return ValuesIf extension returns error code and username is empty, it is assumed that user didn't passed authentication. Thread SafetyThis method is called in context of WORK thread. (See Server Threads Model for details.) You should synchronize data which is shared with other threads. Memory ManagementMemory for authenParams is allocated and freed by server. realmName field has NULL value and may be allocated by extension with call to SysAllocString. If extension changes name field, it must reallocate memory for it with SysReAllocString. RemarksServer can forward TACACS+ packets via FOLLOW response only. In this case server instructs NAS (TACACS+ client) to resend packet to specified alternate TACACS+ server, and NAS is responsible for packet forwarding. Example CodeThis code makes NAS forward this packet to 92.168.2.100 host if user's address is 324523, otherwise it assigns "Default" realm. STDMETHODIMP CTest::TACACSRealmStripAuthen( long tag, TAC_AUTHEN_LITE * authenParams, VARIANT_BOOL * forwardPacket, FORWARDADDRESS * fwdAddress, VARIANT_BOOL * nameOK) { *forwardPacket=VARIANT_FALSE; *nameOK=VARIANT_TRUE; if (wcscmp(authenParams->remote_address,L"3245235")==0) { *forwardPacket=VARIANT_TRUE; fwdAddress->proxyIPAddress=inet_addr("192.168.2.100"); // Other fields are not used with TACACS+ } else authenParams->realmName=SysAllocString(L"Default"); return S_OK; } See AlsoITACACSRealmStripping, Realms and packet forwarding, TACACS+ realm stripping and forwarding process © 2001-2003 XPerience Technologies. www.xperiencetech.com |
Created by chm2web html help conversion utility. |