/*///////////////////////////////////////////////////////////////////////////// // // Copyright (c) Microsoft Corporation. All rights reserved. // // FILE // // authif.h // // SYNOPSIS // // Declares the interface for extensions to the Internet Authentication // Service. // // MODIFICATION HISTORY // // 09/28/1998 Original version. // /////////////////////////////////////////////////////////////////////////////*/ #ifndef _AUTHIF_H_ #define _AUTHIF_H_ #if _MSC_VER >= 1000 #pragma once #endif /* * Enumerates the attribute types that are passed to the extension DLL. The * RADIUS standard attributes are included for convenience and should not be * considered exhaustive. */ typedef enum _RADIUS_ATTRIBUTE_TYPE { /* Used to terminate attribute arrays. */ ratMinimum = 0, /* RADIUS standard attributes. */ ratUserName = 1, ratUserPassword = 2, ratCHAPPassword = 3, ratNASIPAddress = 4, ratNASPort = 5, ratServiceType = 6, ratFramedProtocol = 7, ratFramedIPAddress = 8, ratFramedIPNetmask = 9, ratFramedRouting = 10, ratFilterId = 11, ratFramedMTU = 12, ratFramedCompression = 13, ratLoginIPHost = 14, ratLoginService = 15, ratLoginPort = 16, ratReplyMessage = 18, ratCallbackNumber = 19, ratCallbackId = 20, ratFramedRoute = 22, ratFramedIPXNetwork = 23, ratState = 24, ratClass = 25, ratVendorSpecific = 26, ratSessionTimeout = 27, ratIdleTimeout = 28, ratTerminationAction = 29, ratCalledStationId = 30, ratCallingStationId = 31, ratNASIdentifier = 32, ratProxyState = 33, ratLoginLATService = 34, ratLoginLATNode = 35, ratLoginLATGroup = 36, ratFramedAppleTalkLink = 37, ratFramedAppleTalkNetwork = 38, ratFramedAppleTalkZone = 39, ratAcctStatusType = 40, ratAcctDelayTime = 41, ratAcctInputOctets = 42, ratAcctOutputOctets = 43, ratAcctSessionId = 44, ratAcctAuthentic = 45, ratAcctSessionTime = 46, ratAcctInputPackets = 47, ratAcctOutputPackets = 48, ratAcctTerminationCause = 49, ratCHAPChallenge = 60, ratNASPortType = 61, ratPortLimit = 62, /* Extended attribute types used to pass additional information. */ ratCode = 262, /* Request type code. */ ratIdentifier = 263, /* Request identifier. */ ratAuthenticator = 264, /* Request authenticator. */ ratSrcIPAddress = 265, /* Source IP address. */ ratSrcPort = 266, /* Source IP port. */ ratProvider = 267, /* Authentication provider. */ ratStrippedUserName = 268, /* User-Name with realm stripped. */ ratFQUserName = 269, /* Fully-Qualified-User-Name. */ ratPolicyName = 270 /* Remote Access Policy name. */ } RADIUS_ATTRIBUTE_TYPE; /* * Enumerates the different authentication providers used for processing a * request. Used for the ratProvider extended attribute. */ typedef enum _RADIUS_AUTHENTICATION_PROVIDER { rapUnknown, rapUsersFile, rapProxy, rapWindowsNT, rapMCIS, rapODBC, rapNone } RADIUS_AUTHENTICATION_PROVIDER; /* * Enumerates the different RADIUS data types. A type of 'rdtUnknown' means * the attribute was not recognized by the dictionary. */ typedef enum _RADIUS_DATA_TYPE { rdtUnknown, rdtString, rdtAddress, rdtInteger, rdtTime } RADIUS_DATA_TYPE; /* * Struct representing a RADIUS or extended attribute. */ typedef struct _RADIUS_ATTRIBUTE { DWORD dwAttrType; /* Attribute type */ RADIUS_DATA_TYPE fDataType; /* RADIUS_DATA_TYPE of the value */ DWORD cbDataLength; /* Length of the value (in bytes) */ union { DWORD dwValue; /* For rdtAddress, rdtInteger, and rdtTime */ PCSTR lpValue; /* For rdtUnknown, and rdtString */ }; } RADIUS_ATTRIBUTE, *PRADIUS_ATTRIBUTE; /* * Enumerates the different actions an extension DLL can generate in * response to an Access-Request. */ typedef enum _RADIUS_ACTION { raContinue, raReject, raAccept } RADIUS_ACTION, *PRADIUS_ACTION; /* * Routines exported by a RADIUS extension DLL. */ /* * RadiusExtensionInit is optional. If it exists, it will be invoked prior to * the service coming on-line. A return value other than NO_ERROR prevents the * service from initializing. */ #define RADIUS_EXTENSION_INIT "RadiusExtensionInit" typedef DWORD (WINAPI *PRADIUS_EXTENSION_INIT)( VOID ); /* * RadiusExtensionTerm is optional. If it exists, it will be invoked prior to * unloading the DLL to give the extension a chance to clean-up. */ #define RADIUS_EXTENSION_TERM "RadiusExtensionTerm" typedef VOID (WINAPI *PRADIUS_EXTENSION_TERM)( VOID ); /* * RadiusExtensionProcess is mandatory for NT4. For Windows 2000, an * extension may export RadiusExtensionProcessEx (q.v.) instead. * * Parameters: * pAttrs Array of attributes from the request. It is terminated by an * attribute with dwAttrType set to ratMinimum. These attributes * should be treated as read-only and must not be referenced * after the function returns. * pfAction For Access-Requests, this parameter will be non-NULL with * *pfAction == raContinue. The extension DLL can set *pfAction * to abort further processing and force an Access-Accept or * Access-Reject. For all other request types, this parameter * will be NULL. * * Return Value: * A return value other than NO_ERROR causes the request to be discarded. */ #define RADIUS_EXTENSION_PROCESS "RadiusExtensionProcess" typedef DWORD (WINAPI *PRADIUS_EXTENSION_PROCESS)( IN CONST RADIUS_ATTRIBUTE *pAttrs, OUT OPTIONAL PRADIUS_ACTION pfAction ); /* * RadiusExtensionProcessEx is only supported on Windows 2000. If it exits, * RadiusExtensionProcess is ignored. * * Parameters: * pInAttrs Array of attributes from the request. It is terminated by an * attribute with dwAttrType set to ratMinimum. These attributes * should be treated as read-only and must not be referenced * after the function returns. * pOutAttrs Array of attributes to add to the response. It is terminated * by an attribute with dwAttrType set to ratMinimum. * *pOutAttrs may be set to NULL if no attributes are returned. * pfAction For Access-Requests, this parameter will be non-NULL with * *pfAction == raContinue. The extension DLL can set *pfAction * to abort further processing and force an Access-Accept or * Access-Reject. For all other request types, this parameter * will be NULL. * * Return Value: * A return value other than NO_ERROR causes the request to be discarded. */ #define RADIUS_EXTENSION_PROCESS_EX "RadiusExtensionProcessEx" typedef DWORD (WINAPI *PRADIUS_EXTENSION_PROCESS_EX)( IN CONST RADIUS_ATTRIBUTE *pInAttrs, OUT PRADIUS_ATTRIBUTE *pOutAttrs, OUT OPTIONAL PRADIUS_ACTION pfAction ); /* * RadiusExtensionFreeAttributes must be defined if RadiusExtensionProcessEx * is defined. It is used to free the attributes returned by * RadiusExtensionProcessEx * * Parameters: * pAttrs Array of attributes to be freed. */ #define RADIUS_EXTENSION_FREE_ATTRIBUTES "RadiusExtensionFreeAttributes" typedef VOID (WINAPI *PRADIUS_EXTENSION_FREE_ATTRIBUTES)( IN PRADIUS_ATTRIBUTE pAttrs ); /* * Defines used for installation of an extension DLL. * The following registry values are used for loading extensions: * * HKLM\System\CurrentControlSet\Services\AuthSrv\Parameters * ExtensionDLLs (REG_MULTI_SZ) * AuthorizationDLLs (REG_MULTI_SZ) * * ExtensionDLLs are invoked before any of the built-in authentication * providers. They receive all the attributes from the request plus all * the extended attribute types. * * AuthorizationDLLs are invoked after the built-in authentication and * authorization providers. They receive all the attributes from the * response plus all the extended attributes types. AuthorizationDLLs may * not return an action of raAccept. */ #define AUTHSRV_PARAMETERS_KEY_W \ L"System\\CurrentControlSet\\Services\\AuthSrv\\Parameters" #define AUTHSRV_EXTENSIONS_VALUE_W \ L"ExtensionDLLs" #define AUTHSRV_AUTHORIZATION_VALUE_W \ L"AuthorizationDLLs" #endif /* _AUTHIF_H_ */