📄 dot1xauth.c
字号:
void dot1xLogoffPktHandler(Dot1xAuthUserNode_t *pUserNode, u_long Reason)
{
int index;
int temp;
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_DEBUG, DOT1X_PKT_HANDLER, "into dot1xLogoffPktHandler");
if (pUserNode == NULL)
{
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_WARNING, "dot1xLogoffPktHandler", "cannot find user!");
return ;
}
if (pUserNode->user_state == AUTH_FAILURE)
return ;
switch(Reason)
{
case MSG_LOGOFF_BY_USER:
temp = FAIL_BY_USER;
break;
case MSG_PASSWORD_ERROR:
temp = FAIL_BY_REJECT;
break;
case MSG_LOGOFF_BY_PROXY:
temp = FAIL_BY_PROXY;
break;
}
/*---If Add to Black List or not---*/
index = pUserNode->user_config.UserManTemIndex;
if (temp != FAIL_BY_USER && UsrManTem[index].RecBlackList == TRUE && UsrManTem[index].BlackListPolicyIndex != 0)
{
/*--Add to Abnormal Table---*/
if (memcmp(AbnormTbl[pUserNode->userInfo.UserMac[5]].userMAC, pUserNode->userInfo.UserMac, MAC_ADDR_LENGTH) == 0)
{
if (AbnormTbl[pUserNode->userInfo.UserMac[5]].userReason != temp)
{
AbnormTbl[pUserNode->userInfo.UserMac[5]].userReason = temp;
AbnormTbl[pUserNode->userInfo.UserMac[5]].times = 1;
}
else
AbnormTbl[pUserNode->userInfo.UserMac[5]].times ++;
}
else
{
memcpy(AbnormTbl[pUserNode->userInfo.UserMac[5]].userMAC, pUserNode->userInfo.UserMac, MAC_ADDR_LENGTH);
AbnormTbl[pUserNode->userInfo.UserMac[5]].userReason = temp;
AbnormTbl[pUserNode->userInfo.UserMac[5]].times = 1;
}
/*--Add to Abnormal Table End---*/
/*---Record to BlackList---*/
index = UsrManTem[index].BlackListPolicyIndex;
if (BlkNum < 100 && BlkPolcy[index].Times != 0)
{
if ((BlkPolcy[index].Event == temp) && (BlkPolcy[index].Status == ROW_STATUS_ACTIVE))
if (AbnormTbl[pUserNode->userInfo.UserMac[5]].times >= BlkPolcy[index].Times)
{
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_DEBUG, "dot1xLogoffPktHandler", "Add a row in black table!");
memcpy(BlkTbl[BlkNum].userMAC, AbnormTbl[pUserNode->userInfo.UserMac[5]].userMAC, MAC_ADDR_LENGTH);
memcpy(BlkTbl[BlkNum].userDomain, pUserNode->userInfo.DomainName, 8);
strcpy(BlkTbl[BlkNum].userName, pUserNode->userInfo.UserName);
BlkTbl[BlkNum].userReason = temp;
BlkTbl[BlkNum].userVlan = pUserNode->userInfo.UserVid;
BlkTbl[BlkNum].userPort = pUserNode->userInfo.PortNum;
BlkNum ++;
AbnormTbl[pUserNode->userInfo.UserMac[5]].times = 0;
}
} /*---Record to BlackList End---*/
}
/*---Add to Black List End---*/
pUserNode->OffLineReason = Reason;
pUserNode->TerminateCause = USER_REQUEST;
ToNewState(USER_ABORT, 1, pUserNode, NULL);
}
#endif
#ifdef TIMEOUT_MSG_HANDLER
STATUS dot1xHandleClientTimeout(Dot1xAuthUserNode_t *pUserNode, u_long which)
{
int index;
index = pUserNode->user_config.Dot1xTemIndex;
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_DEBUG, TIMEOUT_MSG_HANDLER, "into dot1xHandleClientTimeout");
switch (which)
{
case Wait_ID_Timer:
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_NOTICE, "dot1xHandleClientTimeout", "wait ID timeout!");
gDot1xIDTimeOutTimes++;
if (pUserNode->user_state != WAIT_USER_ID)
{
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_WARNING, "dot1xHandleClientTimeout", "user state error!");
break;
}
if (pUserNode->dot1xIDreSendNum > Dot1xTem[index].ReTransTimes)
{
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_ERROR, "dot1xHandleClientTimeout", "client ID response timeout, auth abort!");
gFailAtWaitID++;
pUserNode->OffLineReason = MSG_CLIENT_TIMEOUT;
ToNewState(AUTH_FAILURE, 1, pUserNode, NULL);
}
else
{
char desc[100];
sprintf(desc, "Wait_ID timeout %d times", pUserNode->dot1xIDreSendNum);
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_WARNING, "dot1xHandleClientTimeout", desc);
ToNewState(WAIT_USER_ID, 1, pUserNode, NULL);
}
break;
case Wait_Pass_Timer:
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_NOTICE, "dot1xHandleClientTimeout", "wait password timeout!");
gDot1xPWTimeOutTimes++;
switch (pUserNode->user_state)
{
case WAIT_USER_PASSWORD:
if (pUserNode->dot1xPWreSendNum > Dot1xTem[index].ReTransTimes)
{
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_ERROR, "dot1xHandleClientTimeout", "client password response timeout, auth abort!");
gFailAtWaitPW++;
pUserNode->OffLineReason = MSG_CLIENT_TIMEOUT;
ToNewState(AUTH_FAILURE, 1, pUserNode, NULL);
}
else
{
char desc[100];
sprintf(desc, "Wait_PW timeout %d times at auth", pUserNode->dot1xPWreSendNum);
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_WARNING, "dot1xHandleClientTimeout", desc);
ToNewState(WAIT_USER_PASSWORD, 1, pUserNode, NULL);
}
break;
case WAIT_USER_PASSWORD_AT_REAUTH:
if (pUserNode->dot1xPWreSendNum > Dot1xTem[index].ReTransTimes)
{
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_ERROR, "dot1xHandleClientTimeout", "client password response timeout, reAuth abort!");
pUserNode->OffLineReason = MSG_CLIENT_TIMEOUT;
pUserNode->TerminateCause = LOST_CARRIER;
gFailAtReAuthWaitPW++;
ToNewState(USER_ABORT, 1, pUserNode, NULL);
}
else
{
char desc[100];
sprintf(desc, "Wait_PW timeout %d times at reAuth", pUserNode->dot1xPWreSendNum);
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_WARNING, "dot1xHandleClientTimeout", desc);
ToNewState(WAIT_USER_PASSWORD_AT_REAUTH, 1, pUserNode, NULL);
}
break;
default:
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_WARNING, "dot1xHandleClientTimeout", "user state error!");
}
break;
case Wait_EAP_Timer:
if (pUserNode->user_state == WAIT_EAP_RESPONSE)
{
if (pUserNode->dot1xEAPreSendNum > Dot1xTem[index].ReTransTimes)
{
/*statics++*/
pUserNode->OffLineReason = MSG_CLIENT_TIMEOUT;
ToNewState(AUTH_FAILURE, 1, pUserNode, NULL);
}
else
ToNewState(WAIT_EAP_RESPONSE, 1, pUserNode, NULL);
break;
}
if (pUserNode->user_state == WAIT_EAP_RESPONSE_AT_REAUTH)
{
if (pUserNode->dot1xEAPreSendNum > Dot1xTem[index].ReTransTimes)
{
/*statics++*/
pUserNode->OffLineReason = MSG_CLIENT_TIMEOUT;
pUserNode->TerminateCause = LOST_CARRIER;
ToNewState(USER_ABORT, 1, pUserNode, NULL);
}
else
ToNewState(WAIT_EAP_RESPONSE_AT_REAUTH, 1, pUserNode, NULL);
break;
}
break;
}
return OK;
}
STATUS dot1xHandleRadiusTimeout(Dot1xAuthUserNode_t *pUserNode, u_long which)
{
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_DEBUG, TIMEOUT_MSG_HANDLER, "into dot1xHandleRadiusTimeout");
switch (which)
{
case Wait_Auth_Timer:
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_NOTICE, "dot1xHandleRadiusTimeout", "wait auth timeout!");
gAuthTimeOutTimes++;
switch (pUserNode->user_state)
{
case WAIT_AUTH_RESPONSE:
case WAIT_AUTH_RESULT:
pUserNode->OffLineReason = MSG_SERVER_TIMEOUT;
gFailAtWaitAuth++;
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_ERROR, "dot1xHandleRadiusTimeout", "radius response timeout, auth abort!");
ToNewState(AUTH_FAILURE, 1, pUserNode, NULL);
break;
case WAIT_AUTH_RESPONSE_AT_REAUTH:
case WAIT_AUTH_RESULT_AT_REAUTH:
pUserNode->OffLineReason = MSG_SERVER_TIMEOUT;
pUserNode->TerminateCause = LOST_CARRIER;
gFailAtReAuthWaitAuth++;
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_ERROR, "dot1xHandleRadiusTimeout", "radius response timeout, reAuth abort!");
ToNewState(USER_ABORT, 1, pUserNode, NULL);
break;
default:
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_WARNING, "dot1xHandleRadiusTimeout", "user state error!");
}
break;
case Wait_Acct_Timer:
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_NOTICE, "dot1xHandleRadiusTimeout", "wait acct timeout!");
gAcctTimeOutTimes++;
if (pUserNode->user_state != REQUEST_ACCT_START)
{
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_WARNING, "dot1xHandleRadiusTimeout", "user state error!");
break;
}
ToNewState(LET_NET_OPEN, 1, pUserNode, NULL);
break;
case Wait_Challenge_Timer:
/*unfinished*/
break;
}
return OK;
}
STATUS dot1xHandleReAuthTimeout(Dot1xAuthUserNode_t *pUserNode)
{
int index;
index = pUserNode->user_config.Dot1xTemIndex;
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_DEBUG, TIMEOUT_MSG_HANDLER, "into dot1xHandleReAuthTimeout");
switch (pUserNode->user_state)
{
case USER_ON_LINE:
if (pUserNode->dot1xReAuthNum > Dot1xTem[index].ReAuthReTransTimes)
{
gFailAtReAuthWaitID ++;
pUserNode->OffLineReason = MSG_CLIENT_TIMEOUT;
pUserNode->TerminateCause = LOST_CARRIER;
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_ERROR, "dot1xHandleReAuthTimeout", "client reAuth response timeout, reAuth abort!");
ToNewState(USER_ABORT, 1, pUserNode, NULL);
}
else
{
/*DO try again*/
char desc[100];
sprintf(desc, "reAuth timeout %d times", pUserNode->dot1xReAuthNum);
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_WARNING, "dot1xHandleReAuthTimeout", desc);
ToNewState(USER_ON_LINE, 1, pUserNode, NULL);
}
break;
case ON_LINE_CONFIRM:
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_NOTICE, "dot1xHandleReAuthTimeout", "reAuth timeout, begin reAuth!");
ToNewState(USER_ON_LINE, 1, pUserNode, NULL);
break;
default:
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_WARNING, "dot1xHandleReAuthTimeout", "user state error!");
}
return OK;
}
STATUS dot1xHandleDHCPTimeout(Dot1xAuthUserNode_t *pUserNode)
{
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_DEBUG, TIMEOUT_MSG_HANDLER, "into dot1xHandleDHCPTimeout");
if (((pUserNode->user_state == USER_ON_LINE) || (pUserNode->user_state == ON_LINE_CONFIRM))
&&pUserNode->AcctBeginTime == 0)
{
pUserNode->OffLineReason = MSG_DHCP_ERROR;
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_ERROR, "dot1xHandleDHCPTimeout", "dhcp response timeout, auth abort!");
ToNewState(USER_ABORT, 1, pUserNode, NULL);
return OK;
}
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_WARNING, "dot1xHandleDHCPTimeout", "user state error!");
return ERROR;
}
STATUS dot1xHandleDeAttackTimeout(Dot1xAuthUserNode_t *pUserNode)
{
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_DEBUG, TIMEOUT_MSG_HANDLER, "into dot1xHandleDeAttackTimeout");
if (pUserNode->user_state != AUTH_FAILURE)
{
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_WARNING, "dot1xHandleDeAttackTimeout", "user state error!");
return ERROR;
}
ToNewState(USER_ABORT, 1, pUserNode, NULL);
return OK;
}
#endif
#ifdef STATE_MACHINE
STATUS dot1xDoWaitID(Dot1xAuthUserNode_t *pUserNode, char *UserKey)
{
STATUS rc;
u_short vlan = 0;
u_short port = 0;
u_char MAC[MAC_ADDR_LENGTH+1] = {0};
int index;
Temp2Vlan_t *head;
int isConfig = 0;
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_DEBUG, STATE_MACHINE, "into dot1xDoWaitID");
if (pUserNode == NULL)
{
TotalRequest++;
/* get user mac, vlan, port */
memcpy(MAC, UserKey, MAC_ADDR_LENGTH);
memcpy((char *)&vlan, (char *)&UserKey[6], 2);
memcpy((char *)&port, (char *)&UserKey[8], 2);
if (gDot1xCurrentUser >= gMaxUserNum)
{
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_CRIT, "WAIT_USER_ID", "user number reach limit!!");
/* send failure to client */
dot1xSend(MAC, vlan, port, dot1xMsg_Failure, NULL, 0, 0, MSG_MAX_USER_LIMIT);
return ERROR;
}
if (FrozeAllUser == TRUE)
{
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_ALERT, "WAIT_USER_ID", "user has been frozen!!");
/* send failure to client */
dot1xSend(MAC, vlan, port, dot1xMsg_Failure, NULL, 0, 0, MSG_FROZEN_BY_MANAGE);
return ERROR;
}
rc = dot1xCreateNewUserNode((void *)UserKey, &pUserNode);
if (rc == ERROR)
{
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_CRIT, "WAIT_USER_ID", "cannot create new user node!!");
return ERROR;
}
/*----fill user node info----*/
pUserNode->user_state = WAIT_USER_ID;
memcpy(pUserNode->userInfo.UserMac, MAC, MAC_ADDR_LENGTH);
pUserNode->userInfo.UserVid = vlan;
pUserNode->userInfo.PortNum = port+1; /* logic port, form 1 */
#if 0 /*for debug*/
{
printf("\n\nUser Info:\n");
printf("Mac Address: %02x-%02x-%02x-%02x-%02x-%02x\n",
pUserNode->userInfo.UserMac[0],
pUserNode->userInfo.UserMac[1],
pUserNode->userInfo.UserMac[2],
pUserNode->userInfo.UserMac[3],
pUserNode->userInfo.UserMac[4],
pUserNode->userInfo.UserMac[5]);
printf("vlan :%d, port :%d\n", pUserNode->userInfo.UserVid, pUserNode->userInfo.PortNum);
}
#endif
/*----config templete----*/
pUserNode->user_config.AuthMainTemIndex = 0;
pUserNode->user_config.Dot1xTemIndex = 0;
pUserNode->user_config.UserManTemIndex = 0;
for (head = Port2Temp2Vlan[port]; head != NULL; head=head->next)
{
if (bitListTst(head->VlanList, vlan))
{
pUserNode->AuthLocation = MainTem[head->TempleteIndex].AuthLocation;
pUserNode->user_config.AuthMainTemIndex = MainTem[head->TempleteIndex].AuthMainTempleteIndex;
pUserNode->user_config.UserManTemIndex = MainTem[head->TempleteIndex].UserManageTempleteIndex;
isConfig = 1;
Dot1x_logMsgSend(DOT1X_MODULE, SYSLOG_SEVERITY_DEBUG, "dot1xDoWaitID", "Port2Temp2Vlan matched!");
break;
}
}
/*then check port default*/
if ((isConfig == 0) && (PortDefaultTem[port] != 0))
{
pUserNode->AuthLocation = MainTem[PortDefaultTem[port]].AuthLocation;
pUserNode->user_config.AuthMainTemIndex = MainTem[PortDefaultTem[port]].AuthMainTempleteIndex;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -