PPP_EAP_INPUT

[This is preliminary documentation and subject to change.]

The PPP_EAP_INPUT structure is used in the interaction between the RAS Connection Manager Service PPP implementation and the EAP to provide user information, and to facilitate the use authentication providers such as Microsoft® Windows Windows NT® domain authentication or Radius.

typedef struct _PPP_EAP_INPUT { 
    DWORD     dwSizeInBytes   // size of this structure
    DWORD     fFlags          // specifies whether caller 
                              // is a router or RAS client
    HANDLE    hPort;          // passed to backend authenticator
    BOOL      fAuthenticator; // act as authenticator or authenticatee
    CHAR *    pszIdentity;    // users's identity
    CHAR *    pszPassword;    // user's account password.
    RAS_AUTH_ATTRIBUTE * pUserAttributes;
    DWORD     ( * RasAuthenticateClient ) (
        HANDLE                  hPort,
        RAS_AUTH_ATTRIBUTE *    pInAttributes 
        );
    BOOL      fAuthenticationComplete;
    DWORD     dwAuthError;
    DWORD     dwAuthResultCode;
    RAS_AUTH_ATTRIBUTE *    pAttributesFromAuthenticator;
    HANDLE    hTokenImpersonateUser    // handle to impersonate 
                                       // user being authenticated 
    DWORD     fSuccessPacketReceived   // true if success indicated 
                                       // by NCP packet
    DWORD    fDataReceivedFromInteractiveUI  // true if user exits
                                             // from interactive UI 
    PBYTE    pInteractiveConnectionData    // pointer to connection-
                                           // specific data from the
                                           // interactive UI 
    DWORD    dwSizeOfInteractiveConnectionData  // size of connection
                                                // specific data from
                                                // the interactive UI
    PBYTE    pInteractiveUserData        // pointer to user-specific
                                         // data from interactive UI 
    DWORD    dwSizeOfInteractiveUserData  // size of user-specific 
                                          // data from interactive UI
    PBYTE    pConfigConnectionData         // pointer to connection-
                                           // specific data from 
                                           // config UI
    DWORD    dwSizeOfConfigConnectionData  // size of connection-
                                           // specific data from 
                                           // config UI
    PBYTE    pConfigUserData               // pointer to user-
                                           // specific data from 
                                           // config UI
    DWORD    dwSizeOfConfigUserData        // size of user-specific
                                           // data from config UI
} PPP_EAP_INPUT, * PPPP_EAP_INPUT;
 

Members

dwSizeInBytes

Size in bytes of the PPP_EAP_INPUT structure. The value of this member can be used to distinguish between current and future versions of this structure.

fFlags

Specifies whether the computer dialing in is a router or a RAS client. If the computer is a router, this parameter should be set to

RAS_EAP_FLAG_ROUTER

Otherwise, this parameter should be zero.

hPort

Handle to the port for the user requesting authentication. This handle is passed to the authentication provider in the RasAuthenticateClient function.

fAuthenticator

Indicates whether the authentication protocol is operating on the server or client. A value of TRUE indicates that the authentication protocol is operating on the server as the authenticator. A value of FALSE indicates that the authentication protocol is operating on the client as the authenticatee.

pszIdentity

Pointer to an ASCIIZ character string containing an identifier for the user requesting authentication. Available only if fAuthenticator is FALSE.

pszPassword

Pointer to an ASCIIZ character string containing the user's account password. Available only if fAuthenticator is FALSE. This member may be NULL.

pUserAttributes

Pointer to an array of RAS_AUTH_ATTRIBUTE structures. The array is terminated by a structure with an raaType member that has a value of raatMinimum (see RAS_AUTH_ATTRIBUTE_TYPE)

( * RasAuthenticateClient )

Pointer to the RasAuthenticateClient function for the currently active authentication provider. This member is used only if the authentication protocol is using an authentication provider such as Radius or Windows NT domain authentication, and only if the fAuthenticator member is TRUE. The call to RasAuthenticateClient is asynchronous.

fAuthenticationComplete

Boolean value indicating whether the authenticator has completed the above call to RasAuthenticateClient. A value of TRUE indicates authentication completion. Ignore this field if the authentication protocol is not using an authentication provider.

dwAuthError

This member is only valid if fAuthenticationComplete is TRUE. Any value except NO_ERROR indicates an error occurred during authentication with the authentication provider. This field can be ignored if the EAP is not using an authentication provider. The following member (dwAuthResultCode) is valid only if dwAuthError is NO_ERROR.

dwAuthResultCode

Result of the authentication provider's authentication process. Successful authentication results in NO_ERROR. Authentication failure codes for dwAuthResultCode must come only from winerror.h, raserror.h or mprerror.h. Ignore this field if the authentication protocol is not using an authentication provider. This member is valid only if dwAuthError is NO_ERROR.

pAttributesFromAuthenticator

Pointer to an array of RAS_AUTH_ATTRIBUTE structures that contains attributes returned by the authentication provider (for example Radius or Windows NT domain authentication). The array is terminated by a structure with an raaType member that has a value of raatMinimum (see RAS_AUTH_ATTRIBUTE_TYPE)

This member will be valid only if fAuthenticationComplete is TRUE. The memory occupied by this array is not owned by the authentication protocol, and should be used only for read. Ignore this field if the authentication protocol is not using an authentication provider.

hTokenImpersonateUser

Handle to an impersonation token for the user requesting authentication. This member is valid only on the client side. For more information on impersonation tokens, see Access Tokens.

fSuccessPacketReceived

RAS will set this member to TRUE if the client receives an Network Control Protocol (NCP) packet even though the client has not yet received an EAP success packet. The EAP success packet is a non-acknowledged packet. Therefore, it may be lost and not resent by the server. In this situation, the receipt of an NCP packets indicates that authentication must have been successful, since the server has moved on to the NCP phase of PPP. This member should be examined only on the client side.

fDataReceivedFromInteractiveUI

RAS will set this member to TRUE whenever the user exits from the authentication protocol's interactive user interface (UI).

pInteractiveConnectionData

Pointer to connection-specific data received from the authentication protocol's interactive UI. This pointer will be non-NULL if the fDataReceivedFromInteractiveUI member is TRUE and the interactive UI did, in fact, return data. Otherwise, this pointer will be NULL.

If non-NULL, the authentication protocol should make a copy of the data in its own memory space. RAS will free the memory occupied by this data on return from the call in which the PPP_EAP_INPUT structure was passed. To free the memory RAS will call the RasEapFreeInteractiveUIData function.

dwSizeOfInteractiveConnectionData

Specifies the size in bytes of the data pointed to by pInteractiveConnectionData. If no data was returned from the interactive UI, this member will be zero.

pInteractiveUserData

Pointer to user-specific data received from the authentication protocol's interactive UI. This pointer will be non-NULL if the fDataReceivedFromInteractiveUI member is TRUE and the interactive UI did, in fact, return data. Otherwise, this pointer will be NULL.

If non-NULL, the authentication protocol should make a copy of the data in its own memory space. RAS will free the memory occupied by this data on return from the call in which the PPP_EAP_INPUT structure was passed. To free the memory RAS will call the RasEapFreeInteractiveUIData function.

dwSizeOfInteractiveUserData

Specifies the size in bytes of the data pointed to by pInteractiveUserData. If no data was returned from the interactive UI, this member will be zero.

pConfigConnectionData

Pointer to connection-specific data received from the authentication protocol's configuration user interface. This data will be available only when the PPP_EAP_INPUT structure is passed in RasEapBegin. It will not be available in calls to RasEapMakeMessage.

The authentication protocol should make a copy of this data in its own memory space. RAS will free the memory occupied by this data on return from the call in which the PPP_EAP_INPUT structure was passed. To free the memory RAS will call the RasEapFreeConfigUIData function.

If the authentication protocol's configuration UI did not return any data, this member will be NULL.

dwSizeOfConfigConnectionData

Specifies the size in bytes of the data pointed to by pConfigConnectionData. If pConfigConnectionData is NULL, this member will be zero.

pConfigUserData

Pointer to user-specific data received from the authentication protocol's configuration user interface. This data will be available only when the PPP_EAP_INPUT structure is passed in RasEapBegin. It will not be available in calls to RasEapMakeMessage.

The authentication protocol should make a copy of this data in its own memory space. RAS will free the memory occupied by this data on return from the call in which the PPP_EAP_INPUT structure was passed. To free the memory RAS will call the RasEapFreeConfigUIData function.

If the authentication protocol's configuration UI did not return any data, this member will be NULL.

dwSizeOfConfigUserDataI

Specifies the size in bytes of the data pointed to by pConfigUserData. If pConfigUserData is NULL, this member will be zero.

Remarks

The pszIdentity and pszPassword members of the PPP_EAP_INPUT structure are used by the RasEapBegin function to obtain user information, and are available only if the fAuthenticator member is FALSE.

If the authentication protocol is using an authentication provider, such as Radius or Windows NT domain authentication, the following members

pUserAttributes

RasAuthenticateClient

fAuthenticationComplete

dwAuthError

dwAuthResultCode

pAttributesFromAuthenticator

are used to interface with the authentication provider. Note that the array of RAS_AUTH_ATTRIBUTE structures is passed only if fAuthenticator is TRUE. This array contains current session information such as port identifier or local IP address.

QuickInfo

  Windows NT: Use version 5.0 or later.
  Windows: Unsupported.
  Windows CE: Unsupported.
  Header: Declared in raseapif.h.

See Also

RasEapBegin, RasEapFreeConfigUIData, RasEapFreeInteractiveUIData, RasEapMakeMessage, RAS_AUTH_ATTRIBUTE