dot1xauth.c

dot1x认证源码,包括dot1x数据包的收发,认证的配置,MIB的设计等

#include "radiusClient.h"
//#include "radiusTimer.h"
#include "miscLib.h"
#include "msgQLib.h"
#include "wdLib.h"
#include "sysLib.h"
#include "avlLib.h"
#include "bufPoolLib.h"
#include "nvmLib.h"
#include "time.h"
#include <ioctl.h>
#include <logLib.h>
#include <stdio.h>
#include <stdlib.h>
#include <tmsTypes.h>
#include <syslogMsg.h>
#include "radiusMd5.h"
#include "pipeDrv.h"
#include "zanDbg.h"
#include "dot1xAuthenticatorLib.h"
#include "AccessList.h"

#include "dot1xMib.h"
#include "ieee8023x.h"
#include "Dhcp.h"
#include "dhcpsLib.h"
#include "TimerTest.h"
#include "dot1xAuth.h"
#include "authConfig.h"
#include "dot1xEap.h"
#include "dot1xEapol.h"
#include "envNotifyIf.h"



/*#include "appManager.h"*/

#define RECV_EVENT_HANDLE		"Recv_Event_Handler"
#define DOT1X_PKT_HANDLER		"Dot1x_Pkt_Handler"
#define TIMEOUT_MSG_HANDLER	"Timeout_Msg_Handler"
#define STATE_MACHINE			"State_Machine"
#define HANDLER_USER_NODE		"User_Node_Handler"
#define INTERFACE_FUNCTION		"Interface_Function"
#define SEND_NOTIFY				"Send_Notity"





/****************Globals starts********************/
u_long dot1xReAuthInterVal = DOT1X_REAUTH_INTERVAL;
u_long dot1xReAuthTimeout = DOT1X_REAUTH_TIMEOUT;
u_long dot1xWaitTimerInterVal = DOT1X_WAIT_INTERVAL;
u_long dot1xMAXReTryTimes = DOT1X_MAX_RETRY_TIMES;
u_long dot1xMAXReAuthTimes = DOT1X_MAX_REAUTH_TIMES;
u_long FailedHoldTime;

u_long dot1xAuthPro = DOT1X_AUTH_PROTOCOL_PAP;
u_long dot1xReAuthStyle = HALF_RE_AUTH;
u_long dot1xReAuthEn = TRUE;


u_long StopTask = FALSE;






u_long gDot1xMaxOnlineUser = 0;
u_long gDot1xCurrentUser = 0;
u_long gDot1xLocalUser = 0;


Dot1xStat_t TotalDot1xStat;
Dot1xStat_t *Dot1xStat;		/* statistic by vlan */

Dot1xAuthUserNodeRoot_t gDot1xAuthUserNodeRoot;
MSG_Q_ID Dot1xMsgQID = NULL;
int dot1xIdentify = 0;
char *g_pDot1xMemPart;
PART_ID 	gDot1xMemPartID;
BUF_POOL_ID gDot1xAuthUserNodeBufPool;

/****Statistic Value****/
u_long gDot1xIDTimeOutTimes = 0;
u_long gDot1xPWTimeOutTimes = 0;
u_long gAuthTimeOutTimes = 0;
u_long gAcctTimeOutTimes = 0;


u_long gFailAtWaitID = 0;
u_long gFailAtWaitPW = 0;
u_long gFailAtWaitAuth = 0;

u_long gFailAtReAuthWaitID = 0;
u_long gFailAtReAuthWaitPW = 0;
u_long gFailAtReAuthWaitAuth = 0;

u_long gSendDHCPAddMsgNum = 0;
u_long gSendDHCPDelMsgNum = 0;
u_long gRecvDHCPSuccMsgNum = 0;
u_long gRecvDHCPFailMsgNum = 0;

u_long gRecvDHCPFailChooseAddrErr = 0;
u_long gRecvDHCPFailVlanUserExNum = 0;
u_long gRecvDHCPFailVlanMismatch = 0;
u_long gRecvDHCPFailSelectQequest = 0;
u_long gRecvDHCPFailAddrColl = 0;
u_long gRecvDHCPFailUpdateLeaseFail = 0;
u_long gRecvDHCPFailLeaseExpire = 0;
u_long gRecvDHCPFailConDelAddr = 0;
u_long gRecvDHCPFailAddUserMsgErr = 0;
u_long gRecvDHCPFailUnitMismatch = 0;


u_long gLocalAuthSuccess = 0;
u_long gLocalAuthFailure = 0;

u_long gSendRadiusAuthRequest = 0;
u_long gSendRadiusAcctStartRequest = 0;
u_long gSendRadiusAcctStopRequest = 0;
u_long gRecvRadiusAuthSucc = 0;
u_long gRecvRadiusAuthFail = 0;
u_long gRecvRadiusAcctResponse = 0;

u_long gStartNetworkServiceSucc = 0;
u_long gStartNetworkServiceFail = 0;
u_long gStopNetworkServiceSucc = 0;
u_long gStopNetworkServiceFail = 0;

/****Statistic Value End****/

/****Register ID****/
u_long RadiusRegisterID;
u_long DHCPRegisterID;
u_long TimerRegisterID;

/****Register ID End****/

char Secret[10][16] = {"use md5 error!!",
				   {0x8b, 0xf4 ,0x6a ,0x01 ,0xa1 ,0x00 ,0x2c ,0x43 ,0x00 ,0x50 ,0xff ,0x15 ,0x00 ,0x68 ,0x43 ,0x00},
				   {0x3b, 0xf4 ,0xe8 ,0x70 ,0xb7 ,0xff ,0xff ,0x8b ,0xf4 ,0x6a ,0x01 ,0xa1 ,0x8c ,0x2d ,0x43 ,0x00},
				   {0x50 ,0xff ,0x15 ,0x00 ,0x68 ,0x43 ,0x00 ,0x3b ,0xf4 ,0xe8 ,0x59 ,0xb7 ,0xff ,0xff ,0x8b ,0xf4},
				   {0x6a ,0x01 ,0xa1 ,0x98 ,0x30 ,0x43 ,0x00 ,0x50 ,0xff ,0x15 ,0x00 ,0x68 ,0x43 ,0x00 ,0x3b ,0xf4},
				   {0xe8 ,0x42 ,0xb7 ,0xff ,0xff ,0x8b ,0xf4 ,0x6a ,0x01 ,0xa1 ,0x10 ,0x2c ,0x43 ,0x00 ,0x50 ,0xff},				   
				   {0x15 ,0x00 ,0x68 ,0x43 ,0x00 ,0x3b ,0xf4 ,0xe8 ,0x2b ,0xb7 ,0xff ,0xff ,0x8b ,0xf4 ,0x6a ,0x01},
				   {0xa1 ,0x04 ,0x2c ,0x43 ,0x00 ,0x50 ,0xff ,0x15 ,0x00 ,0x68 ,0x43 ,0x00 ,0x3b ,0xf4 ,0xe8 ,0x14},
				   {0xb7 ,0xff ,0xff ,0x8b ,0xf4 ,0x6a ,0x01 ,0xa1 ,0x90 ,0x2d ,0x43 ,0x00 ,0x50 ,0xff ,0x15 ,0x00},
				   {0x68 ,0x43 ,0x00 ,0x3b ,0xf4 ,0xe8 ,0xfd ,0xb6 ,0xff ,0xff ,0x8b ,0xf4 ,0x6a ,0x01 ,0xa1 ,0xf0}};

LOCAL char      * Dot1xTrap[]      = { 		
                "authConfigureMib:dot1xUserName",
		  "authConfigureMib:dot1xUserMac",
                "authConfigureMib:dot1xUserVlan",
                "authConfigureMib:dot1xUserPort",
                0
                };		/* unfinished */

/******Config Templete******/
extern u_long FrozeAllUser;
extern u_long LimitVersion;
extern u_long LimitBuild;

extern MainTemplete_t MainTem[MAX_MAIN_TEMPLETE_NUM];
extern AuthMainTemplete_t AuthTem[MAX_AUTH_TEMPLETE_NUM];
extern RadiusTemplete_t RadiusTem[MAX_RADIUS_TEMPLETE_NUM];
extern AuthWebTemplete_t WebTem[MAX_WEB_TEMPLETE_NUM];
extern AuthDot1xTemplete_t Dot1xTem[MAX_DOT1X_TEMPLETE_NUM];
extern UserManageTemplete_t UsrManTem[MAX_USER_MAN_TEMPLETE_NUM];
extern MessageAdvert_t MsgAdvertTem[MAX_MESSAGE_TEMPLETE_NUM];
extern BlackPolicy_t BlkPolcy[MAX_BLK_POLCY_NUM];

extern Temp2Vlan_t *Port2Temp2Vlan[64];
extern u_char PortDefaultTem[64];
extern u_char GlobalDefaultTem;

/******Config Templete End******/

extern u_long TotalRequest;
extern u_long TotalSuccess;
extern u_long gMaxUserNum;

extern u_long gTotalUserNum;

extern Mesage_Table_t MsgTbl[MAX_ROW_IN_MSG_TBL];
extern Advert_Table_t AdvertTbl[MAX_ROW_IN_ADVERT_TBL];
extern Black_Table_t BlkTbl[MAX_ROW_IN_BLK_TBL];
extern u_short BlkNum;
extern Abnormal_Table_t AbnormTbl[256];
extern FrozenUser_Table_t FrozTbl[MAX_ROW_IN_FROZE_TBL];
extern Shutdown_Table_t ShutTbl[MAX_ROW_IN_SHUT_TBL];
extern LocalUserEntry_t LocalList[MAX_LOCAL_USER_NUM];

int flag = 0;



STATUS dot1xMemBufPoolCreate(void)
{
	if (gDot1xAuthUserNodeBufPool == 0)
	{
		gDot1xAuthUserNodeBufPool = bufPoolCreate(NULL, sizeof(Dot1xAuthUserNode_t), gMaxUserNum, NULL, NULL, 0 );
	    	if (gDot1xAuthUserNodeBufPool == 0)
	    	{
			Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_EMERG, "Initaliztion", "BufPool Create fail!!");
	    		return ERROR;
	    	}
		else
		{
			Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_NOTICE, "Initaliztion", "BufPool Create OK!");
			return OK;
		}
	    }
	return OK;
}


STATUS dot1xMemPartCreate(void)
{
	g_pDot1xMemPart = (char *)malloc(1024 * 1024);
	if (g_pDot1xMemPart != NULL)
	{
		gDot1xMemPartID = memPartCreate(g_pDot1xMemPart, 1024 * 1024);
		if (gDot1xMemPartID != NULL )
		{
			//printf("\n-----Assign Memory For Dot1xAuth succussful!!!\n");
			return OK;
		}
		else
		{
			Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_EMERG, "Initaliztion", "MemPart Create fail!!");
			free(g_pDot1xMemPart);
		}
	}
	else
	{
		Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_EMERG, "Initaliztion", "MemPart malloc fail!!");
	}
	
	return ERROR;
}




STATUS Dot1x_Resourse_Init(void)
{
	STATUS rc = OK;

	/* Create a buffer pool of dot1xAuthUserNode. */
	rc = dot1xMemBufPoolCreate();
	if (rc == ERROR)
	{
		 return ERROR;
	}

	/* Create Semaphore to make the AVL trees safe. */
	gDot1xAuthUserNodeRoot.semID = semMCreate(SEM_Q_FIFO);
	if (gDot1xAuthUserNodeRoot.semID == NULL)
	{
		bufPoolDestroy(gDot1xAuthUserNodeBufPool);
		return ERROR;
	}
	
	gDot1xAuthUserNodeRoot.pAuthUser = NULL;
	
	/* Create a Memory Part. */
	rc = dot1xMemPartCreate();
	if (rc == ERROR)
	{
		semDelete(gDot1xAuthUserNodeRoot.semID);
		bufPoolDestroy(gDot1xAuthUserNodeBufPool);
		return ERROR;
	}

	/* Create message queue. */
	Dot1xMsgQID = msgQCreate(MAX_MSG_IN_QUEUE, sizeof(Dot1xMessage_t), MSG_Q_FIFO);
	if (Dot1xMsgQID == NULL)
	{
		free(g_pDot1xMemPart);
		semDelete(gDot1xAuthUserNodeRoot.semID);
		bufPoolDestroy(gDot1xAuthUserNodeBufPool);
		return ERROR;
	}

	return OK;
}


STATUS Dot1x_Init(void)
{
	STATUS rc = OK;
	int TidPacket;
	int TaskPri = 0;
	int TaskStackSize = 0;
	
	/* Initialize Resourse */
	rc = Dot1x_Resourse_Init();
	if (rc == ERROR)
		return ERROR;

	/* Register in other modules */
	TimerRegisterID = Timer_Register(Dot1xAddOneTimer, Dot1x_msg_TimerExpire);
	DHCPRegisterID = DHCP_Register(DOT1X_MODE, Dot1x_msg_DHCP_Success, Dot1x_msg_DHCP_Failure);
	RadiusRegisterID = Radius_Register(Dot1x_msg_Radius_Accept, Dot1x_msg_Radius_Reject, Dot1x_msg_Radius_Challenge, Dot1x_msg_Radius_AcctResponse, Dot1x_msg_Radius_SessionTimeout);

	bzero((char *)&TotalDot1xStat, sizeof(Dot1xStat_t));
	Dot1xStat = (Dot1xStat_t *)malloc(sizeof(Dot1xStat_t) * MAX_VLAN_NUM);
	memset((char *)Dot1xStat, 0, (sizeof(Dot1xStat_t)*MAX_VLAN_NUM));
	
	TaskPri = 120;
	TaskStackSize = 32*1024;
	TidPacket = taskSpawn("tDot1xAuth", TaskPri, VX_FP_TASK,
				TaskStackSize, (FUNCPTR)dot1x_receive_event_task,
				0, 0, 0, 0, 0, 0, 0, 0, 0, 0);

	dot1xInit();
	authConfigInit();
	return OK;
}

void dot1x_receive_event_task(void)
{
	Dot1xMessage_t message;
	u_char type;
	STATUS	rc = OK;

	while (1)
	{
		memset((char *)&message, 0, sizeof(Dot1xMessage_t));
   		rc = msgQReceive(Dot1xMsgQID, (char *)&message, sizeof(Dot1xMessage_t), WAIT_FOREVER);
   		if ( rc == ERROR )
   		{
  			Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_WARNING, "Main_Task", "msgQReceive fail!");
     			continue;
       	}
		
		#if 0		/* for debug */
		{
			int i;	
			char *p;
			p = (char *)&message;
			printf("\n\n-------------------------------------------");
			printf("\n\n mainTask, message address is 0x%lx\nmessage is :", (u_long)&message);
			for (i=0; i<sizeof(message); i++)
			{
				if (!(i % 16)) printf("\n");
				printf("%02x ", p[i]);
			}
			printf("\n length is in %ld", ((u_long)&(message.length)-(u_long)&message));
		}
		#endif

		
		type = message.msgId;
		switch (type)
		{
			case EAPOL_Frame:
  				Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_NOTICE, "Main_Task", "receive a EAPOL Frame!");
				dot1xHandleDot1xPkt((void *)&message);
				break;

			case DHCP_Message:
  				Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_NOTICE, "Main_Task", "receive a DHCP message!");
				dot1xHandleDHCPMsg(&message);
				break;

			case Radius_Message:
  				Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_NOTICE, "Main_Task", "receive a Auth message!");
				dot1xHandleRadiusMsg(&message);
				break;

			case Timeout_Message:
  				Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_NOTICE, "Main_Task", "receive a Timeout message!");
				dot1xHandleTimeoutMsg(&message);
				break;

			default:
  				Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_NOTICE, "Main_Task", "receive other message!");
				dot1xHandleOtherMsg(&message);
				
		}

		if (message.buf != NULL)
		{
			/*printf("\nmemory address is 0x%lx\n", (u_long)message.buf);*/
			memPartFree(gDot1xMemPartID, message.buf);
  			Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_DEBUG, "Main_Task", "free a memPart success!");
		}
	}
}


#ifdef RECV_EVENT_HANDLE