📄 dot1xauth.c
字号:
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_DEBUG, RECV_EVENT_HANDLE, "into dot1xHandleOtherMsg");
switch (pMsg->msgId)
{
case Accounting_Response:
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_NOTICE, "dot1xHandleOtherMsg", "receive radius-acct-response!");
gRecvRadiusAcctResponse++;
rc = dot1xFindUserNode((void *)pMsg->UserKey, &pUserNode);
if (pUserNode == NULL)
{
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_ERROR, "dot1xHandleOtherMsg", "radius acct response: cannot find user!");
return ;
}
if (pUserNode->user_state != REQUEST_ACCT_START)
{
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_WARNING, "dot1xHandleOtherMsg", "radius acct respone: user state error!");
return ;
}
ToNewState(LET_NET_OPEN, 1, pUserNode, NULL);
break;
case Radius_Session_Timeout:
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_NOTICE, "dot1xHandleOtherMsg", "receive radius-session-timeout!");
rc = dot1xFindUserNode((void *)pMsg->UserKey, &pUserNode);
if (pUserNode == NULL)
{
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_ERROR, "dot1xHandleOtherMsg", "radius session timeout: cannot find user!");
return ;
}
pUserNode->OffLineReason = MSG_CARD_USED_OVER;
pUserNode->TerminateCause = SESSION_TIMEOUT;
ToNewState(USER_ABORT, 1, pUserNode, NULL);
break;
case Shutdown_Any_User:
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_NOTICE, "dot1xHandleOtherMsg", "receive shutdown-one-user message!");
if (pMsg->buf == NULL)
{
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_ERROR, "dot1xHandleOtherMsg", "receive NULL shutdown message!");
return ;
}
memcpy((char *)&shutUser, (char *)pMsg->buf, sizeof(Shutdown_Table_t));
ShutDownUser(shutUser.userMac, shutUser.UserDomain, shutUser.UserIp, shutUser.UserName, shutUser.UserVlan, shutUser.UserPort);
break;
case Shutdown_All_User:
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_NOTICE, "dot1xHandleOtherMsg", "receive shutdown-all-user message!");
AllUserOffline();
break;
case MAC_Filter:
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_NOTICE, "dot1xHandleOtherMsg", "receive mac-filter message!");
rc = dot1xFindUserNode((void *)pMsg->UserKey, &pUserNode);
if (pUserNode == NULL)
{
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_ERROR, "dot1xHandleOtherMsg", "mac filter: cannot find user!");
return ;
}
SendMacFilterMessage(pUserNode);
pUserNode->OffLineReason = MSG_SHUTDOWN_BY_MANAGE;
pUserNode->TerminateCause = ADMIN_RESET;
ToNewState(USER_ABORT, 1, pUserNode, NULL);
break;
}
}
#endif
#ifdef DOT1X_PKT_HANDLER
void dot1xStartPktHandler(Dot1xAuthUserNode_t *pUserNode, char *UserKey)
{
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_DEBUG, DOT1X_PKT_HANDLER, "into dot1xStartPktHandler");
if (pUserNode == NULL)
{
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_DEBUG, "dot1xStartPktHandler", "receive Start-Packet from new user!");
ToNewState(WAIT_USER_ID, 1, pUserNode, UserKey);
}
else
{
if (pUserNode->user_state != AUTH_FAILURE && pUserNode->user_state!= USER_ABORT)
{
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_WARNING, "dot1xStartPktHandler", "receive Start-Packet from old user!");
pUserNode->OffLineReason = MSG_LOGOFF_BY_USER;
pUserNode->TerminateCause = USER_REQUEST;
ToNewState(USER_ABORT, 1, pUserNode, NULL);
}
}
}
void dot1xIDPktHandler(Dot1xAuthUserNode_t *pUserNode, void *pEap)
{
struct Eap_Type_Header *pEap_Hdr = (struct Eap_Type_Header *)pEap;
u_char *pName;
u_char tempName[MAX_USER_NAME_LENGTH+1];
u_long nameLength;
int index;
char *pCh =NULL;
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_DEBUG, DOT1X_PKT_HANDLER, "into dot1xIDPktHandler");
if (pUserNode == NULL)
{
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_ERROR, "dot1xIDPktHandler", "cannot find user!");
return ;
}
if (pUserNode->dot1xPacketHeadId != pEap_Hdr->id)
{
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_ERROR, "dot1xIDPktHandler", "identify dismatched!");
return ;
}
/*-----Get UserName from EAP Packet-----*/
nameLength = pEap_Hdr->len - EAP_TYPE_HEADER_LEN;
pName = (char *)pEap_Hdr + EAP_TYPE_HEADER_LEN;
bzero(tempName, MAX_USER_NAME_LENGTH+1);
memcpy(tempName, pName, nameLength);
tempName[nameLength] = '\0';
/*-----Auto Add Domain-----*/
pCh = strstr(tempName, "@");
if (pCh == NULL)
{
index = pUserNode->user_config.UserManTemIndex;
if (index != 0 && UsrManTem[index].AddDomainEn == TRUE)
{
if ((strlen(UsrManTem[index].AddDomain)) > 0)
{
strcat(tempName, "@");
strcat(tempName, UsrManTem[index].AddDomain);
nameLength = nameLength + 1 + (strlen(UsrManTem[index].AddDomain));
}
else
{
char defaultDomainName[MAX_USER_DOMAIN_LENGTH+1];
if ((findDefaultDomainName(defaultDomainName))==OK)
{
strcat(tempName, "@");
strcat(tempName, defaultDomainName);
nameLength= nameLength+ 1 + strlen(defaultDomainName);
}
}
}
}
/*-----Auth Add Domain End------*/
switch (pUserNode->user_state)
{
case WAIT_USER_ID:
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_DEBUG, "dot1xIDPktHandler", "receive ID response from new user!");
memcpy((void *)(pUserNode->userInfo.UserName), (void *)tempName, nameLength);
pUserNode->userInfo.UserName[nameLength] = '\0';
/*printf("username is %s", pUserNode->userInfo.UserName);*/
pCh = strstr(pUserNode->userInfo.UserName, "@");
if (pCh == NULL)
pUserNode->userInfo.DomainName[0] = '\0';
else
{
if (strlen(pCh+1) > MAX_USER_DOMAIN_LENGTH)
{
pUserNode->OffLineReason = MSG_PASSWORD_ERROR;
ToNewState(AUTH_FAILURE, 1, pUserNode, NULL);
return ;
}
else
strcpy(pUserNode->userInfo.DomainName, pCh+1);
}
index = pUserNode->user_config.Dot1xTemIndex;
switch (Dot1xTem[index].AuthStyle)
{
case DOT1X_AUTH_PROTOCOL_PAP:
case DOT1X_AUTH_PROTOCOL_LCBAP:
ToNewState(WAIT_USER_PASSWORD, 1, pUserNode, NULL);
break;
case DOT1X_AUTH_PROTOCOL_EAP_MD5:
ToNewState(WAIT_CHALLENGE, 1, pUserNode, NULL);
break;
default:
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_ALERT, "dot1xIDPktHandler", "nonsupport auth protocol!");
}
break;
case USER_ON_LINE:
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_DEBUG, "dot1xIDPktHandler", "receive ID response at reAuth!");
index = pUserNode->user_config.Dot1xTemIndex;
switch (Dot1xTem[index].ReAuthStyle)
{
case HALF_RE_AUTH:
ToNewState(ON_LINE_CONFIRM, 1, pUserNode, NULL);
break;
case FULL_RE_AUTH:
if (memcmp(pUserNode->userInfo.UserName, tempName, nameLength) !=0)
{
ToNewState(USER_ABORT, 1, pUserNode, NULL);
break;
}
switch (Dot1xTem[index].AuthStyle)
{
case DOT1X_AUTH_PROTOCOL_PAP:
case DOT1X_AUTH_PROTOCOL_LCBAP:
ToNewState(WAIT_USER_PASSWORD_AT_REAUTH, 1, pUserNode, NULL);
break;
case DOT1X_AUTH_PROTOCOL_EAP_MD5:
ToNewState(WAIT_CHALLENGE_AT_REAUTH, 1, pUserNode, NULL);
break;
default:
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_ALERT, "dot1xIDPktHandler", "nonsupport auth protocol!");
}
break;
}
break;
case REQUEST_ACCT_START: /*???*/
case LET_NET_OPEN:
Dot1xStat[pUserNode->userInfo.UserVid].dot1xAuthEapolFramesTx++;
TotalDot1xStat.dot1xAuthEapolFramesTx++;
if (pUserNode->user_timer[Re_Auth_Timer] != NULL)
{
sendDelTimerMsg(pUserNode->UserKey, USER_KEY_LENGTH, pUserNode->user_timer[Re_Auth_Timer],
Re_Auth_Timer, TimerRegisterID);
pUserNode->user_timer[Re_Auth_Timer] = NULL;
}
dot1xSend(pUserNode->userInfo.UserMac, pUserNode->userInfo.UserVid,
pUserNode->userInfo.PortNum-1, dot1xMsg_Success, NULL, 0,
pUserNode->dot1xPacketHeadId, MSG_NO_MESSAGE);
break;
}
}
void dot1xPWPktHandler(Dot1xAuthUserNode_t *pUserNode, void* pEap)
{
STATUS rc;
struct Eap_Type_Header *pEap_Hdr = (struct Eap_Type_Header *)pEap;
dot1xMsg_PAP_t *pPw;
int index;
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_DEBUG, DOT1X_PKT_HANDLER, "into dot1xPwPktHandler");
if (pUserNode == NULL)
{
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_ERROR, "dot1xPWPktHandler", "cannot find user!");
return ;
}
index = pUserNode->user_config.Dot1xTemIndex;
if (Dot1xTem[index].AuthStyle != DOT1X_AUTH_PROTOCOL_PAP)
{
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_ERROR, "dot1xPWPktHandler", "not expect auth protocol!");
return ;
}
if (pUserNode->dot1xPacketHeadId != pEap_Hdr->id)
{
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_ERROR, "dot1xPWPktHandler", "identify dismatched!");
return ;
}
/*---Get User Password---*/
pPw= (dot1xMsg_PAP_t *)((char *)pEap_Hdr + EAP_TYPE_HEADER_LEN);
memcpy(pUserNode->userInfo.UserPWD, pPw->pass, pPw->passLen);
pUserNode->userInfo.UserPWD[pPw->passLen] = '\0';
/*printf("user password is %s", pUserNode->userInfo.UserPWD);*/
/*---Get User Password End---*/
if (pUserNode->AuthLocation == RadiusAuthenticate)
{
if (pUserNode->user_state == WAIT_USER_PASSWORD)
ToNewState(WAIT_AUTH_RESPONSE, 1, pUserNode, NULL);
if (pUserNode->user_state == WAIT_USER_PASSWORD_AT_REAUTH)
ToNewState(WAIT_AUTH_RESPONSE_AT_REAUTH, 1, pUserNode, NULL);
}
if (pUserNode->AuthLocation == LocalAuthenticate)
{
rc = localVerifyUser(pUserNode);
if (rc == OK)
{
gLocalAuthSuccess++;
if (pUserNode->user_state == WAIT_USER_PASSWORD)
ToNewState(AUTH_SUCCESSFUL, 1, pUserNode, NULL);
if (pUserNode->user_state == WAIT_USER_PASSWORD_AT_REAUTH)
ToNewState(ON_LINE_CONFIRM, 1, pUserNode, NULL);
}
else
{
gLocalAuthFailure++;
pUserNode->OffLineReason = MSG_PASSWORD_ERROR;
pUserNode->TerminateCause = NAS_ERROR;
if (pUserNode->user_state == WAIT_USER_PASSWORD)
ToNewState(AUTH_FAILURE, 1, pUserNode, NULL);
if (pUserNode->user_state == WAIT_USER_PASSWORD_AT_REAUTH)
ToNewState(USER_ABORT, 1, pUserNode, NULL);
}
}
}
void dot1xLCPWPktHandler(Dot1xAuthUserNode_t *pUserNode, void* pEap)
{
STATUS rc;
struct Eap_Type_Header *pEap_Hdr = (struct Eap_Type_Header *)pEap;
dot1xMsg_LCBAP_t *pPw;
u_char userPassword[MAX_USER_PASS_LENGTH+1];
int index;
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_DEBUG, DOT1X_PKT_HANDLER, "into dot1xLCPWPktHandler");
if (pUserNode == NULL)
{
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_ERROR, "dot1xLCPWPktHandler", "cannot find user!");
return ;
}
index = pUserNode->user_config.Dot1xTemIndex;
if (Dot1xTem[index].AuthStyle != DOT1X_AUTH_PROTOCOL_LCBAP)
{
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_ERROR, "dot1xLCPWPktHandler", "not expect auth protocol!");
return ;
}
if (pUserNode->dot1xPacketHeadId != pEap_Hdr->id)
{
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_ERROR, "dot1xLCPWPktHandler", "identify dismatched!");
return ;
}
/*---Get User Password---*/
pPw= (dot1xMsg_LCBAP_t *)((char *)pEap_Hdr + EAP_TYPE_HEADER_LEN);
dot1xDecryptPassword(userPassword, pPw->passLen, pUserNode->LCChallenge, (char *)&pEap_Hdr->id, pPw->pass);
if (strlen(userPassword) > MAX_USER_PASS_LENGTH)
{
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_ERROR, "dot1xLCPWPktHandler", "length of user password invalid!");
return ;
}
strcpy(pUserNode->userInfo.UserPWD, userPassword);
/*printf("user password is %s", pUserNode->userInfo.UserPWD);*/
/*---Get User Password End---*/
if (pUserNode->AuthLocation == RadiusAuthenticate)
{
if (pUserNode->user_state == WAIT_USER_PASSWORD)
ToNewState(WAIT_AUTH_RESPONSE, 1, pUserNode, NULL);
if (pUserNode->user_state == WAIT_USER_PASSWORD_AT_REAUTH)
ToNewState(WAIT_AUTH_RESPONSE_AT_REAUTH, 1, pUserNode, NULL);
}
if (pUserNode->AuthLocation == LocalAuthenticate)
{
rc = localVerifyUser(pUserNode);
if (rc == OK)
{
gLocalAuthSuccess++;
if (pUserNode->user_state == WAIT_USER_PASSWORD)
ToNewState(AUTH_SUCCESSFUL, 1, pUserNode, NULL);
if (pUserNode->user_state == WAIT_USER_PASSWORD_AT_REAUTH)
ToNewState(ON_LINE_CONFIRM, 1, pUserNode, NULL);
}
else
{
gLocalAuthFailure++;
pUserNode->OffLineReason = MSG_PASSWORD_ERROR;
pUserNode->TerminateCause = NAS_ERROR;
if (pUserNode->user_state == WAIT_USER_PASSWORD)
ToNewState(AUTH_FAILURE, 1, pUserNode, NULL);
if (pUserNode->user_state == WAIT_USER_PASSWORD_AT_REAUTH)
ToNewState(USER_ABORT, 1, pUserNode, NULL);
}
}
}
void dot1xEAPPktHandler()
{
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_DEBUG, DOT1X_PKT_HANDLER, "into dot1xEAPPktHandler");
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -