Wireless Provisioning Services and IAS Authorization DLL

Discussion in 'Wireless Networking' started by Washington Moreira, Nov 29, 2005.

  1. Hi All,

    I am trying to develop a solution with WPS technology since two months
    without success.
    I read the James McIllece's documentation (WPSDeploy.doc) many times to
    develop an IAS Authorization DLL to insert the ratEAPTLV attribute using
    RadiusExtensionProcess2 function.
    My DLL can manipulate, change/add/delete many radius attributes without
    errors.(some modifications changes the authentication type from EAP to PAP,
    so I'm avoiding this side effects). But I can not insert the ratEAPTLV
    without problems.

    First I have doubts around the documentations. Using informations gotten in
    WPSDeploy.doc and WPS SDK, I created the packet struct below:

    typedef struct _PEAPTLV_URI {
    int MandatoryRequirement:1; //Binary 1 bit, using zero
    int TLVReserverd:1; //Binary 1 bit, using zero
    int TLVType:14; //Binary 14 bits, using value 8
    UCHAR TLVValueLength; //URI length in octets

    OK, looking to the struct above I need to note that the field TLVValueLength
    is a UCHAR type, but from draft-josefsson-pppext-eap-tls-eap-10.txt this
    field is 16 bit value. Does the IAS implementation using a UCHAR (8 bits)
    this field should be a WORD/u_short/u16 ?

    As I'm not an expert programmer as I need to be, another question is how to
    setup the RADIUS_ATTRIBUTE struct fields.
    I know that to use the "PCSTR lpValue", the RADIUS_DATA_TYPE must be
    rdtUnknown or rdtString. Which of the two is the correct one?

    On my tests I have used the two options: As rdtUnknown I get an error 87. As
    rdtString I get NO_ERROR but after this an internal error is reported by
    iassam.log as below:
    [2340] 11-28 10:58:59:328: Issuing Access-Challenge.
    [2340] 11-28 10:58:59:328: Invoking AuthorizationDLLs
    [2340] 11-28 10:58:59:328: Invoking extension IASGuest.dll
    [2340] 11-28 10:58:59:328: RADIUS_ATTRIBUTE_ARRAY.Add(rcAccessRequest, 273)
    [2340] 11-28 10:58:59:328: RadiusExtensionProcess2 returned 0
    [2340] 11-28 10:58:59:328: RasEapMakeMessage failed: An internal error
    [2340] 11-28 10:58:59:328: Caught COM exception: An internal error occurred.

    I'm so tired looking for one information to solve my problem. Google, books,
    MS Site ad so on. Please I need a help.

    Thanks in advance
    Washington Moreira, Nov 29, 2005
    1. Advertisements

  2. Washington Moreira


    I have solved the problem!

    First, the documentation is incorrect on many issues.

    1) The Mandatory field must be set to 0, not 1.
    2) The size of the TLVValueLength field is 16 bits (2 bytes) not UCHAR
    (1 byte).
    3) The EAP-TLV Status message is in the Access-Request attributes [ie
    pECB->GetRequest(pECB)], not the response attributes [ie
    pECB->GetResponse(pECB, rcAccessChallenge)].
    4) To modify the success message in place, you should set
    pAttr->lpValue[5] = 1
    5) The lpValue attribute is a constant and you cannot do #4. You must
    create a non-const pointer to the lpValue to modify it: char* data =
    (char*)pAttr->lpValue; data[5] = 1
    6) The Reject-Reason code is not part of an Access-Reject packet. It is
    in the _request_ attributes inside the packet that contains the EAP-TLV
    Status message.

    Once those are straightened out, you can move forward. The next step is
    that, instead of creating a structure for the packet with a static
    length on the URL, you will need a dynamic length. So, just do this:

    pInRespAttrs = pECB->GetResponse(pECB, rcAccessChallenge);
    ucTLVValueLength = (UCHAR) strlen(url);
    euEAPTLV = RadiusAlloc(4 + ucTLVValueLength);
    ZeroMemory(euEAPTLV, 4+ucTLVValueLength);
    euEAPTLV[0] = 0;
    euEAPTLV[1] = 8;
    euEAPTLV[2] = 0;
    euEAPTLV[3] = ucTLVValueLength;
    strcpy(&euEAPTLV[4], url);

    /* Fill in the RADIUS_ATTRIBUTE struct. */
    raEAPTLV.dwAttrType = ratEAPTLV;
    raEAPTLV.fDataType = rdtString;
    raEAPTLV.cbDataLength = 4+ucTLVValueLength;
    raEAPTLV.lpValue = (PCSTR) euEAPTLV;

    /* Add as the ratPEAPTLV URI TLV. */
    dwIndex = pInRespAttrs->GetSize(pInRespAttrs) - 1;
    pInRespAttrs->InsertAt(pInRespAttrs, dwIndex, &raEAPTLV);

    , Dec 5, 2005
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Bryan S. Burgin [MSFT]

    Wireless Provisioning Services (WPS) documentation now available

    Bryan S. Burgin [MSFT], Aug 19, 2004, in forum: Wireless Networking
    Bryan S. Burgin [MSFT]
    Aug 19, 2004
  2. Washington Moreira

    Wireless Provisioning Services and IAS Authorization DLL

    Washington Moreira, Nov 29, 2005, in forum: Wireless Networking
    Dec 6, 2005
  3. =?iso-8859-2?Q?S=B3awek?=

    Catalyst 3550 and IAS authorization

    =?iso-8859-2?Q?S=B3awek?=, Mar 31, 2006, in forum: Cisco
    Apr 5, 2006
  4. Snoopy
    Aug 25, 2003
  5. Thomas Creutz

    Windows XP SP3 and Wireless Provisioning Services (WPS)

    Thomas Creutz, Mar 29, 2008, in forum: Wireless Networking
    Jun 30, 2011