PPP_EAP_OUTPUT structure (raseapif.h)
The authentication protocol uses the PPP_EAP_OUTPUT structure to communicate requests and status information to the Connection Manager on return from calls to RasEapMakeMessage.
Syntax
typedef struct _PPP_EAP_OUTPUT {
DWORD dwSizeInBytes;
PPP_EAP_ACTION Action;
DWORD dwAuthResultCode;
RAS_AUTH_ATTRIBUTE *pUserAttributes;
BOOL fInvokeInteractiveUI;
PBYTE pUIContextData;
DWORD dwSizeOfUIContextData;
BOOL fSaveConnectionData;
PBYTE pConnectionData;
DWORD dwSizeOfConnectionData;
BOOL fSaveUserData;
PBYTE pUserData;
DWORD dwSizeOfUserData;
NgcTicketContext *pNgcKerbTicket;
BOOL fSaveToCredMan;
} PPP_EAP_OUTPUT, *PPPP_EAP_OUTPUT;
Members
dwSizeInBytes
Specifies the size of this structure.
Action
Specifies a PPP_EAP_ACTION value. The Connection Manager carries out this action on behalf of the authentication protocol.
dwAuthResultCode
Specifies whether authentication was successful. Any nonzero value for dwAuthResultCode indicates failure. The failure code must come from Winerror.h, Raserror.h or Mprerror.h. This member is valid only if the Action member has a value of EAPACTION_Done or EAPACTION_SendAndDone.
pUserAttributes
Pointer to an optional array of RAS_AUTH_ATTRIBUTE structures. The array is terminated by a structure with an raaType member that has a value of raatMinimum (see RAS_AUTH_ATTRIBUTE_TYPE).
This member should be set on the authenticator side when Action is EAPACTION_Authenticate, or when Action is EAPACTION_Done or EAPACTION_SendAndDone and dwAuthResultCode is zero.
When Action is EAPACTION_Authenticate, the array may contain additional attributes necessary to authenticate the user, e.g. the user-password. If the authentication protocol passes in only the user name, RAS does not invoke the authentication provider to authenticate the user, Instead, RAS just passes back the current attributes for the user.
When Action is EAPACTION_Done or EAPACTION_SendAndDone, and dwAuthResultCode is zero, the array may contain additional attributes to assign to the user. These attributes overwrite any attributes of the same type returned by the authentication provider.
The authentication protocol frees this memory in its RasEapEnd function.
fInvokeInteractiveUI
Specifies whether RAS should invoke the authentication protocol's interactive UI. If the authentication protocol sets this member to TRUE, RAS invokes the interactive UI, by calling the RasEapInvokeInteractiveUI function provided by the authentication protocol.
pUIContextData
Pointer to context data that RAS should pass in the call to RasEapInvokeInteractiveUI. The authentication protocol should free this memory in its implementation of RasEapEnd.
dwSizeOfUIContextData
Specifies the size of the context data that RAS should pass in the call to RasEapInvokeInteractiveUI.
fSaveConnectionData
Specifies whether RAS should save the information pointed to by the pConnectionData member. If fSaveConnectionData is TRUE, RAS will save the data in the phone book. Only valid for the process that is being authenticated.
pConnectionData
Identifies data specific to the connection, that is, data not specific to any particular user. If the fSaveConnectionData member is TRUE, RAS saves the connection data in the phone book. The authentication protocol should free the memory occupied by this data during the call to RasEapEnd.
dwSizeOfConnectionData
Specifies the size, in bytes, of the data pointed to by the pConnectionData member.
fSaveUserData
Specifies whether RAS should save the user data pointed to by the pUserData member. If this parameter is TRUE, RAS saves the user-specific data in the registry under HKEY_CURRENT_USER.
pUserData
Pointer to user data that RAS should save in the registry. RAS saves this data in the registry under HKEY_CURRENT_USER. The authentication protocol should free this memory during the call to RasEapEnd.
dwSizeOfUserData
Specifies the size in bytes of the data pointed to by pUserData.
pNgcKerbTicket
fSaveToCredMan
Remarks
Use the RasEapMakeMessage function to pass the PPP_EAP_OUTPUT structure between the authentication protocol and the Connection Manager.
The authentication protocol can use the PPP_EAP_OUTPUT structure to return the Microsoft Point-to-Point Encryption (MPPE) session keys. The authentication protocol must place the session keys in the value field of a sub-attribute contained within the value field of an attribute of type raatVendorSpecific (see RAS_AUTH_ATTRIBUTE_TYPE). The sub-attribute should have a Vendor-ID of 311 (Microsoft) and Vendor-Type of MS-MPPE-Recv-Keys (17) and MS-MPPE-Send-Keys (16). The authentication protocol must set the pUserAttributes member to point to the raatVendorSpecific attribute, and set the Action member to EAPACTION_Done or EAPACTION_SendAndDone. For more information about the format of the MPPE sub-attribute see Microsoft Vendor-specific RADIUS Attributes. For more information about attribute formats see RAS_AUTH_ATTRIBUTE, RAS_AUTH_ATTRIBUTE_TYPE, and RFC 2865.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows 2000 Professional [desktop apps only] |
| Minimum supported server | Windows 2000 Server [desktop apps only] |
| Header | raseapif.h |