Share via

PPP_EAP_INPUT

  • Article

This structure is used in the interaction between PPP and EAP to provide user information, and to facilitate the use of authentication providers.

typedef struct _PPP_EAP_INPUT {
  DWORD dwSizeInBytes;
  DWORD fFlags;
  HANDLE hPort; 
  BOOL fAuthenticator; 
  WCHAR* pwszIdentity; 
  WCHAR* pwszPassword; 
  BYTE bInitialId; 
  RAS_AUTH_ATTRIBUTE* pUserAttributes; 
  DWORD (*RasAuthenticateClient) (
  HANDLE hPort, 
  RAS_AUTH_ATTRIBUTE* pInAttributes 
  ); 
  BOOL fAuthenticationComplete; 
  DWORD dwAuthError; 
  DWORD dwAuthResultCode; 
  RAS_AUTH_ATTRIBUTE* pAttributesFromAuthenticator; 
  HANDLE hTokenImpersonateUser;
  DWORD fSuccessPacketReceived;
  DWORD fDataReceivedFromInteractiveUI;
  PBYTE pDataFromInteractiveUI;
  DWORD dwSizeOfDataFromInteractiveUI;
  PBYTE pConnectionData;
  DWORD dwSizeOfConnectionData;
  PBYTE pUserData;
  DWORD dwSizeOfUserData;
  HANDLE hReserved;
} PPP_EAP_INPUT, *PPPP_EAP_INPUT;

Members

  • dwSizeInBytes
    Specifies the size in bytes of the PPP_EAP_INPUT structure. The value of this member can be used to distinguish between current and future versions of this structure.

  • fFlags
    Specifies zero or more of the following flags that qualify the authentication process. The following table shows possible values for fFlags.

    Value Description
    RAS_EAP_FLAG_ROUTER Specifies whether the computer dialing in is a router or a RAS client. If the computer is a router, this parameter should be set.
    RAS_EAP_FLAG_NON_INTERACTIVE Specifies that the authentication protocol should not bring up a user-interface. If the authentication protocol is not able to determine the identity from the data supplied, it should return an error.
    RAS_EAP_FLAG_LOGON Specifies that the user data from obtained from Winlogon.
    RAS_EAP_FLAG_FIRST_LINK Indicates that this connection is the first link in a multilink connection.

  • hPort
    Handle to the port for the user who is requesting authentication.

  • fAuthenticator
    Specifies whether the authentication protocol is operating on the server or client. A value of TRUE indicates that the authentication protocol is operating on the server as the authenticator. A value of FALSE indicates that the authentication protocol is operating on the client as the process to be authenticated.

  • pwszIdentity
    Pointer to a Unicode that identifies the user that is requesting authentication. This string is of the form <domain>\<user or desktop computer>\<user>.

    If the authentication protocol is able to derive the user's identity from an additional source, for example a certificate, it should verify that the identity so derived matched the value of the pszIdentity member.

  • pwszPassword
    Pointer to a Unicode string that contains the user's account password. Available only if the fAuthenticator member is FALSE. This member may be NULL.

  • bInitialId
    Specifies the identifier of the initial EAP packet sent by the DLL. This value is incremented by one for each subsequent request packet.

  • pUserAttributes
    Pointer to an array of RAS_AUTH_ATTRIBUTE structures. The array is terminated by a structure with a raaType member that has a value of raatMinimum (see RAS_AUTH_ATTRIBUTE_TYPE). During the RasEapBegin call, this array contains attributes that describe the currently dialed-in user. When the fAuthenticationComplete member is TRUE, this array may contain attributes returned by the authentication provider.

  • RasAuthenticateClient
    Pointer to the RasAuthenticateClient function for the currently active authentication provider. This member is used only if the authentication protocol is using an authentication provider and only if the fAuthenticator member is TRUE. The call to RasAuthenticateClient is asynchronous.

  • fAuthenticationComplete
    Specifies a Boolean value that indicates whether the authentication provider has authenticated the user. A value of TRUE indicates authentication completion. Check the dwAuthResultCode member to determine if the authentication was successful. Ignore this field if the authentication protocol is not using an authentication provider.

  • dwAuthError
    This member is only valid if the fAuthenticationComplete member is TRUE. Any value except NO_ERROR indicates an error occurred during authentication with the authentication provider. This field can be ignored if the EAP is not using an authentication provider. The following member (dwAuthResultCode) is valid only if dwAuthError is NO_ERROR.

  • dwAuthResultCode
    Specifies the result of the authentication provider's authentication process. Successful authentication results in NO_ERROR. Authentication failure codes for dwAuthResultCode must come only from Winerror.h, Raserror.h or Mprerror.h. Ignore this field if the authentication protocol is not using an authentication provider. This member is valid only if the dwAuthError member is NO_ERROR.

  • pAttributesFromAuthenticator
    Pointer to an array of RAS_AUTH_ATTRIBUTE structures that contains attributes returned by the authentication provider. The array is terminated by a structure with an raaType member that has a value of raatMinimum. For more information, see the RAS_AUTH_ATTRIBUTE_TYPE enumeration.

    This member will be valid only if the fAuthenticationComplete member is TRUE. The memory occupied by this array is not owned by the authentication protocol, and should be used only for read. Ignore this field if the authentication protocol is not using an authentication provider.

  • hTokenImpersonateUser
    Handle to an impersonation token for the user who is requesting authentication. This member is valid only on the client side.

  • fSuccessPacketReceived
    Specifies that authentication was successful. RAS sets this member to TRUE if the client receives a Network Control Protocol (NCP) packet even though the client has not yet received an EAP success packet. A value of FALSE indicates that no NCP packet has been received.

    The EAP success packet is a nonacknowledged packet. Therefore, it may be lost and not resent by the server. In this situation, the receipt of an NCP packet indicates that authentication was successful, because the server has moved on to the NCP phase of PPP.

    Examine this member only on the client side.

  • fDataReceivedFromInteractiveUI
    Specifies whether information is available from the interactive user interface. Default is FALSE. RAS sets this member to TRUE whenever the user exits from the authentication protocol's interactive user interface.

  • pDataFromInteractiveUI
    Pointer to data received from the authentication protocol's interactive user interface. This pointer is non-NULL if the fDataReceivedFromInteractiveUI member is TRUE and the interactive user interface did, in fact, return data. Otherwise, this pointer is NULL.

    If non-NULL, the authentication protocol should make a copy of the data in its own memory space. RAS frees the memory occupied by this data on return from the call in which the PPP_EAP_INPUT structure was passed. To free the memory, RAS calls the RasEapFreeMemory function.

  • dwSizeOfDataFromInteractiveUI
    Specifies the size, in bytes, of the data pointed to by the pDataFromInteractiveUI member. If no data is returned from the interactive user interface, this member is zero.

  • pConnectionData
    Pointer to connection data received from the authentication protocol's configuration user interface. This data is available only when the PPP_EAP_INPUT structure is passed in RasEapBegin. It is not available in calls to RasEapMakeMessage.

    The authentication protocol should make a copy of this data in its own memory space. RAS frees the memory occupied by this data on return from the call in which the PPP_EAP_INPUT structure was passed. To free the memory, RAS calls the RasEapFreeMemory function.

    If the authentication protocol's configuration user interface does not return any data, this member is NULL.

  • dwSizeOfConnectionData
    Specifies the size in bytes of the data pointed to by pConnectionData. If pConnectionData is NULL, this member is zero.

  • pUserData
    Pointer to user data received from the authentication protocol's RasEapGetIdentity function on the client computer. If the authentication protocol does not implement the RasEapGetIdentity function, this member points to data from the registry for this user.

    This data is available only when the PPP_EAP_INPUT structure is passed in RasEapBegin. It is not available in calls to the RasEapMakeMessage function.

    The authentication protocol should make a copy of this data in its own memory space. RAS frees the memory occupied by this data on return from the call in which the PPP_EAP_INPUT structure was passed.

    If the RasEapGetIdentity function is not implemented or did not return any data, and no data exists for the user in the registry, this member is NULL.

  • dwSizeOfUserData
    Specifies the size, in bytes, of the data pointed to by the pUserData member. If pUserData is NULL, this member is zero.

  • hReserved
    This member is reserved.

Remarks

The PPP_EAP_INPUT structure is passed by RAS to the authentication protocol in calls to RasEapBegin and RasEapMakeMessage.

The pszIdentity and pszPassword members of the PPP_EAP_INPUT structure are used by the RasEapBegin function to obtain user information. The pszPassword member is non-NULL only if the fAuthenticator member is FALSE, that is, the authentication protocol is running on the client computer.

Note that the array of RAS_AUTH_ATTRIBUTE structures is passed only if **fAuthenticator****is TRUE. This array contains current session information such as port identifier and local IP address.

Requirements

OS Versions: Windows CE .NET 4.0 and later.
Header: Raseapif.h.

See Also

RasEapBegin | RasEapGetIdentity | RasEapFreeMemory | RasEapMakeMessage | RAS_AUTH_ATTRIBUTE

 Last updated on Thursday, April 08, 2004

© 1992-2003 Microsoft Corporation. All rights reserved.