Wireless Provisioning Services and IAS Authorization DLL

Hi All,

I am trying to develop a solution with WPS technology since two months
without success.
I read the James McIllece's documentation (WPSDeploy.doc) many times to
develop an IAS Authorization DLL to insert the ratEAPTLV attribute using
RadiusExtensionProcess2 function.
My DLL can manipulate, change/add/delete many radius attributes without
errors.(some modifications changes the authentication type from EAP to PAP,
so I'm avoiding this side effects). But I can not insert the ratEAPTLV
without problems.

First I have doubts around the documentations. Using informations gotten in
WPSDeploy.doc and WPS SDK, I created the packet struct below:

typedef struct _PEAPTLV_URI {
int MandatoryRequirement:1; //Binary 1 bit, using zero
int TLVReserverd:1; //Binary 1 bit, using zero
int TLVType:14; //Binary 14 bits, using value 8
UCHAR TLVValueLength; //URI length in octets
UCHAR TLVValue[UNLEN]; //The WPS URI
}PEAPTLV_URI, *pPEAPTLV_URI;

OK, looking to the struct above I need to note that the field TLVValueLength
is a UCHAR type, but from draft-josefsson-pppext-eap-tls-eap-10.txt this
field is 16 bit value. Does the IAS implementation using a UCHAR (8 bits)
or
this field should be a WORD/u_short/u16 ?

As I'm not an expert programmer as I need to be, another question is how to
setup the RADIUS_ATTRIBUTE struct fields.
I know that to use the "PCSTR lpValue", the RADIUS_DATA_TYPE must be
rdtUnknown or rdtString. Which of the two is the correct one?

On my tests I have used the two options: As rdtUnknown I get an error 87. As
rdtString I get NO_ERROR but after this an internal error is reported by
iassam.log as below:
[2340] 11-28 10:58:59:328: Issuing Access-Challenge.
[2340] 11-28 10:58:59:328: Invoking AuthorizationDLLs
[2340] 11-28 10:58:59:328: Invoking extension IASGuest.dll
[2340] 11-28 10:58:59:328: RADIUS_ATTRIBUTE_ARRAY.Add(rcAccessRequest, 273)
[2340] 11-28 10:58:59:328: RadiusExtensionProcess2 returned 0
[2340] 11-28 10:58:59:328: RasEapMakeMessage failed: An internal error
occurred.
[2340] 11-28 10:58:59:328: Caught COM exception: An internal error occurred.

I'm so tired looking for one information to solve my problem. Google, books,
MS Site ad so on. Please I need a help.

Thanks in advance

Washington Moreira

I have solved the problem!

First, the documentation is incorrect on many issues.

1) The Mandatory field must be set to 0, not 1.
2) The size of the TLVValueLength field is 16 bits (2 bytes) not UCHAR
(1 byte).
3) The EAP-TLV Status message is in the Access-Request attributes [ie
pECB->GetRequest(pECB)], not the response attributes [ie
pECB->GetResponse(pECB, rcAccessChallenge)].
4) To modify the success message in place, you should set
pAttr->lpValue[5] = 1
5) The lpValue attribute is a constant and you cannot do #4. You must
create a non-const pointer to the lpValue to modify it: char* data =
(char*)pAttr->lpValue; data[5] = 1
6) The Reject-Reason code is not part of an Access-Reject packet. It is
in the _request_ attributes inside the packet that contains the EAP-TLV
Status message.

Once those are straightened out, you can move forward. The next step is
that, instead of creating a structure for the packet with a static
length on the URL, you will need a dynamic length. So, just do this:

pInRespAttrs = pECB->GetResponse(pECB, rcAccessChallenge);
ucTLVValueLength = (UCHAR) strlen(url);
euEAPTLV = RadiusAlloc(4 + ucTLVValueLength);
ZeroMemory(euEAPTLV, 4+ucTLVValueLength);
euEAPTLV[0] = 0;
euEAPTLV[1] = 8;
euEAPTLV[2] = 0;
euEAPTLV[3] = ucTLVValueLength;
strcpy(&euEAPTLV[4], url);

/* Fill in the RADIUS_ATTRIBUTE struct. */
raEAPTLV.dwAttrType = ratEAPTLV;
raEAPTLV.fDataType = rdtString;
raEAPTLV.cbDataLength = 4+ucTLVValueLength;
raEAPTLV.lpValue = (PCSTR) euEAPTLV;

/* Add as the ratPEAPTLV URI TLV. */
dwIndex = pInRespAttrs->GetSize(pInRespAttrs) - 1;
pInRespAttrs->InsertAt(pInRespAttrs, dwIndex, &raEAPTLV);


Enjoy!

egable@gmail.com