Compartilhar via


PPP_EAP_OUTPUT (Compact 2013)

3/26/2014

This structure is used by the authentication protocol to communicate requests and status information to RAS on return from calls to the RasEapMakeMessage function.

Syntax

typedef struct _PPP_EAP_OUTPUT {
  DWORD dwSizeInBytes;
  PPP_EAP_ACTION Action;
  DWORD dwAuthResultCode;
  RAS_AUTH_ATTRIBUTE* pUserAttributes;
  BOOL fInvokeInteractiveUI;
  PBYTE pUIContextData;
  DWORD dwSizeOfUIContextData;
  BOOL fSaveConnectionData;
  PBYTE pConnectionData;
  DWORD dwSizeOfConnectionData;
  BOOL fSaveUserData;
  PBYTE pUserData;
  DWORD dwSizeOfUserData;
} PPP_EAP_OUTPUT, *PPPP_EAP_OUTPUT; 

Members

  • dwSizeInBytes
    Size of this PPP_EAP_OUTPUT structure.
  • Action
    Specifies a PPP_EAP_ACTION value. RAS performs this action on behalf of the authentication protocol.
  • dwAuthResultCode
    Specifies whether authentication was successful. Any nonzero value for dwAuthResultCode indicates failure. The failure code must come from Winerror.h, Raserror.h or Mprerror.h. This member is valid only if the Action member has a value of EAPACTION_Done or EAPACTION_SendAndDone.
  • pUserAttributes
    Pointer to an optional array of RAS_AUTH_ATTRIBUTE structures. The array is ended by a structure with an raaType member that has a value of raatMinimum.

    This member should be set on the authenticator side when the Action member is EAPACTION_Authenticate, or when Action is EAPACTION_Done or EAPACTION_SendAndDone. and the dwAuthResultCode member is zero.

    When Action is EAPACTION_Authenticate, the array may contain additional attributes necessary to authenticate the user; for example, the user-password. If the authentication protocol passes in only the user name, RAS does not invoke the authentication provider to authenticate the user, Instead, RAS merely passes back the current attributes for the user.

    When Action is EAPACTION_Done or EAPACTION_SendAndDone, and dwAuthResultCode is zero, the array may contain additional attributes to assign to the user. These attributes overwrite any attributes of the same type returned by the authentication provider.

    The authentication protocol frees this memory in its RasEapEnd function.

  • fInvokeInteractiveUI
    Specifies whether RAS should invoke the authentication protocol's interactive user interface (UI). If the authentication protocol sets this member to TRUE, RAS invokes the interactive UI, by calling the RasEapInvokeInteractiveUI function that is provided by the authentication protocol.
  • pUIContextData
    Pointer to context data that RAS should pass in the call to RasEapInvokeInteractiveUI. The authentication protocol should free this memory in its implementation of RasEapEnd.
  • dwSizeOfUIContextData
    Specifies the size of the context data that RAS should pass in the call to RasEapInvokeInteractiveUI.
  • fSaveConnectionData
    Specifies whether RAS should save the information pointed to by the pConnectionData member. If fSaveConnectionData is TRUE, RAS will save the data in the telephone book. Only valid for the process that is being authenticated.
  • pConnectionData
    Identifies data that is specific to the connection; that is, data not specific to any particular user. If the fSaveConnectionData member is TRUE, RAS saves the connection data in the telephone book. The authentication protocol should free the memory occupied by this data during the call to RasEapEnd.
  • dwSizeOfConnectionData
    Specifies the size, in bytes, of the data pointed to by the pConnectionData member.
  • fSaveUserData
    Specifies whether RAS should save the user data pointed to by the pUserData member. If this parameter is TRUE, RAS saves the user-specific data in the registry under HKEY_CURRENT_USER.
  • pUserData
    Pointer to user data that RAS should save in the registry. RAS saves this data in the registry under HKEY_CURRENT_USER. The authentication protocol should free this memory during the call to RasEapEnd.
  • dwSizeOfUserData
    Specifies the size in bytes of the data pointed to by the pUserData member.

Remarks

Use the RasEapMakeMessage function to pass the PPP_EAP_OUTPUT structure between the authentication protocol and RAS

The authentication protocol may use the PPP_EAP_OUTPUT structure to return the Microsoft Point to Point Encryption (MPPE) session key. The authentication protocol should put the session key in the value field of a subattribute contained within the value field of an attribute of type raatVendorSpecific (see RAS_AUTH_ATTRIBUTE_TYPE). The subattribute should have a Vendor-ID of 311 (Microsoft) and a Vendor-Type of 12 (MS-CHAP-MPPE-Keys). The authentication protocol should set the pUserAttributes member to point to the raatVendorSpecific attribute, and set the Action member to EAPACTION_Done or EAPACTION_SendAndDone.

Requirements

Header

raseapif.h

See Also

Reference

EAP Structures
RAS_AUTH_ATTRIBUTE
PPP_EAP_ACTION
RasEapInvokeInteractiveUI
RasEapMakeMessage