📄 dot1xauth.h
字号:
#ifndef DOT1XAUTH_H
#define DOT1XAUTH_H
#include <tmsTypes.h>
#include <idbLib.h>
#include <vmitbl.h>
#include "timerTest.h"
#define debug_print(x) if (flag) printf(x);
#define DOT1X_MODULE "DOT1X"
/* private message type with supplicant */
#define MSG_LINKAGE_FACTORY_FLAG "linkage"
#define MSG_NO_MESSAGE 0x00000000
#define MSG_OPEN_PROXY_CHECK 0x10000001
#define MSG_CLOSE_PROXY_CHECK 0x10000002
#define MSG_OPEN_PROXY_WITH_REAUTH 0x10000003
#define MSG_CLOSE_PROXY_WITH_REAUTH 0x10000004
#define MSG_MAX_USER_LIMIT 0x20000002
#define MSG_FROZEN_BY_MANAGE 0x20000003
#define MSG_CARD_USED_OVER 0x20000004
#define MSG_SHUTDOWN_BY_MANAGE 0x20000005
#define MSG_CLIENT_TIMEOUT 0x20000006
#define MSG_SERVER_TIMEOUT 0x20000007
#define MSG_DHCP_ERROR 0x20000008
#define MSG_LOGOFF_BY_USER 0x30000001
#define MSG_LOGOFF_BY_PROXY 0x30000002
/*151 ~ 250 reserved for radius server*/
/*
0x00000097 用户名或密码错误
0x00000098 登陆位置错误 指绑定条件(NAS-Vlan-Port或MAC)错误,无法判断是哪种绑定条件错误用这个错误码,如果能知道是哪种绑定条件错误,用下面的错误码
0x00000099 登陆位置错误(错误的MAC)
0x0000009a 登陆位置错误(错误的NVP)
0x0000009b 用户已经登陆
0x0000009c 用户余额不足
0x0000009d 用户已欠费
0x0000009e 用户被暂停使用
0x0000009f 用户未在允许时段内登陆
以下是一些Radius处理的错误,可以不显示给用户
0x000000C9 数据库连接失败
*/
#define MSG_PASSWORD_ERROR 0x00000097
#define MSG_UNKNOWN_ERROR 0x000000FF
/* private message type with supplicant end */
/* auth protocal */
#define DOT1X_AUTH_PROTOCOL_PAP 1
#define DOT1X_AUTH_PROTOCOL_LCBAP 2
#define DOT1X_AUTH_PROTOCOL_EAP_MD5 3
/* reauth style */
#define HALF_RE_AUTH 1
#define FULL_RE_AUTH 2
#define DOT1X_REAUTH_INTERVAL 30 /*seconds*/
#define DOT1X_REAUTH_TIMEOUT 10
#define DOT1X_WAIT_INTERVAL 30 /*seconds*/
#define DOT1X_MAX_RETRY_TIMES 3
#define DOT1X_MAX_REAUTH_TIMES 4
#define DOT1X_RADIUS_TIMEOUT 300
#define DOT1X_ACCT_TIMEOUT 60
#define DOT1X_DHCP_TIMEOUT 20
/******Message Format Define******/
#define MAX_MSG_IN_QUEUE 5000
#define USER_KEY_LENGTH 10
#define MAC_ADDR_LENGTH 6
/******Message Type********/
#define EAPOL_Frame 1
#define DHCP_Message 2
#define Radius_Message 3
#define Timeout_Message 4
#define Accounting_Response 5
#define Radius_Session_Timeout 6
#define Shutdown_Any_User 7 /* 命令行任务调用,强制任意用户下线 */
#define Shutdown_All_User 8 /* 命令行任务调用,强制所有用户下线 */
#define MAC_Filter 9 /* 驱动任务调用,用户下线并发送MAC过滤消息 */
/******DHCP Msg Type********/
#define DHCP_SUCCESSFUL 1
#define DHCP_FAILURE 2
/******Auth Msg Type********/
#define Access_Accept 1
#define Access_Reject 2
#define Access_Challenge 3
/******Timer Type**********/
#define Wait_ID_Timer 1 /* 等待用户响应ID定时器,值由系统配置。默认值为30s */
#define Wait_Pass_Timer 2 /* 等待用户响应密码定时器,值由系统配置。默认值为30s */
#define Wait_EAP_Timer 3 /* 等待用户EAP响应定时器,值由系统配置。默认值为30s */
#define Re_Auth_Timer 4 /* 重认证定时器,值由系统配置。默认值为30s */
#define Wait_DHCP_Timer 5 /* 等待DHCP分配定时器,值为20s */
#define Wait_Auth_Timer 6 /* 等待认证响应定时器,值为60s */
#define De_Attack_Timer 7 /* 防攻击定时器,值由系统配置。默认值为10s */
#define Wait_Acct_Timer 8 /* 等待Radius计费开始响应,值为60s */
#define Wait_Challenge_Timer 9 /* 等待Radius Challenge响应,值为60s */
#define All_Timer 10 /* 用于删除所有定时器*/
/**********User State **************/
#define WAIT_USER_ID 1
#define WAIT_USER_PASSWORD 2
#define WAIT_AUTH_RESPONSE 3
#define AUTH_SUCCESSFUL 4
#define AUTH_FAILURE 5
#define USER_ON_LINE 6
#define ON_LINE_CONFIRM 7
#define REQUEST_ACCT_START 8
#define LET_NET_OPEN 9
#define USER_ABORT 999
#define WAIT_CHALLENGE 10
#define WAIT_EAP_RESPONSE 11
#define WAIT_AUTH_RESULT 12
#define WAIT_USER_PASSWORD_AT_REAUTH 13
#define WAIT_AUTH_RESPONSE_AT_REAUTH 14
#define WAIT_CHALLENGE_AT_REAUTH 15
#define WAIT_EAP_RESPONSE_AT_REAUTH 16
#define WAIT_AUTH_RESULT_AT_REAUTH 17
/**********User State End**************/
/***************User Information***************/
#define MAX_USER_NAME_LENGTH 32
#define MAX_USER_PASS_LENGTH 32
#define MAX_USER_DOMAIN_LENGTH 8
//#define MAX_NOTIFY_MSG_LENGTH 255
typedef struct Dot1xMessage_s
{
u_long msgId; /* 802.1x Packet, DHCP, Auth, Timeout, Others*/
u_char UserKey[USER_KEY_LENGTH]; /* MAC-vlan-port*/
u_long length; /* Message length or tmer type */
char *buf; /* Data buffer, point to message */
} Dot1xMessage_t;
typedef struct DHCPMsg_s
{
u_short Type; /* successful, failure */
u_long userIP; /* assign*/
u_short Event;
}DHCPMsg_t;
typedef struct RadiusMsg_s
{
u_short code; /* Accept, Reject, Accounting, Session_Timeout */
u_short failure_Reason;
char *MD5_Challenge;
u_long BandWidth;
u_long LeftFlow;
u_long LeftTime;
u_char RealName[12];
}RadiusMsg_t;
/******Message Format Define End*******/
typedef struct dot1xMsg_PAP_s{
uchar_t passLen;
uchar_t pass[0];
}dot1xMsg_PAP_t;
typedef struct dot1xMsg_LCBAP_s{
uchar_t passLen;
uchar_t pass[0];
}dot1xMsg_LCBAP_t;
typedef struct dot1xMsg_MD5_s{
uchar_t md5Len;
uchar_t md5[16];
uchar_t id[0];
}dot1xMsg_MD5_t;
/***************User Information***************/
typedef struct Dot1xAuthUserNodeRoot_s {
SEM_ID semID;
AVL_NODE *pAuthUser;
}Dot1xAuthUserNodeRoot_t;
typedef struct UserInfo_s {
u_char UserName[MAX_USER_NAME_LENGTH + 1];
u_char UserPWD[MAX_USER_PASS_LENGTH + 1];
u_char UserMac[MAC_ADDR_LENGTH + 1];
u_char DomainName[MAX_USER_DOMAIN_LENGTH + 1];
u_short UserVid;
u_short PortNum;
u_long UserIp;
}UserInfo_t;
typedef struct UserConfig_s {
u_char AuthMainTemIndex;
u_char Dot1xTemIndex;
u_char UserManTemIndex;
}UserConfig_t;
/*typedef struct UserTimer_s {
timerUnit_t *pIDRespTimer;
timerUnit_t *pPWRespTimer;
timerUnit_t *pReAuthTimer;
timerUnit_t *pDhcpTimer;
timerUnit_t *pAuthTimer;
timerUnit_t *pDeAttackTimer;
timerUnit_t *pAcctTimer;
}UserTimer_t;
*/
typedef struct Dot1xAuthUserNode_s {
AVL_NODE node;
u_short user_state;
u_char UserKey[USER_KEY_LENGTH+1];
UserInfo_t userInfo;
char LCChallenge[17];
u_char dot1xPacketHeadId;
u_char dot1xIDreSendNum;
u_char dot1xPWreSendNum;
u_char dot1xEAPreSendNum;
u_char dot1xReAuthNum;
u_long AuthLocation; /* radius or local */
u_long Authorized; /* 0: unAuthorized, 1: Authorized, 2: Authenticate fail */
u_long AcctBeginTime;
u_long OffLineReason; /* offline reason send to client */
u_long TerminateCause; /* terminate cause send to radius sever */
/* receive from radius sever */
u_long BandWidth;
u_char RealName[12];
u_long LeftTimeUp;
u_long LeftFlowUp;
u_long LeftTimeDown;
u_long LeftFlowDown;
UserConfig_t user_config;
timerUnit_t *user_timer[All_Timer];
/*moyl 20041218 added */
u_long AccessOut[40];
u_long AccessMask[40];
}Dot1xAuthUserNode_t;
/***************User Information End***************/
#define MAX_VLAN_NUM 4096
typedef struct Dot1xStat_s {
u_long dot1xAuthEapolFramesRx;
u_long dot1xAuthEapolFramesTx;
u_long dot1xAuthEapolStartFramesRx;
u_long dot1xAuthEapolLogoffFramesRx;
u_long dot1xAuthEapolRespIdFramesRx;
u_long dot1xAuthEapolRespFramesRx;
u_long dot1xAuthEapolReqIdFramesTx;
u_long dot1xAuthEapolReqFramesTx;
u_long dot1xAuthInvalidEapolFramesRx;
u_long dot1xAuthEapLengthErrorFramesRx;
u_long dot1xAuthLastEapolFrameVersion;
u_char dot1xAuthLastEapolFrameSource[7];
} Dot1xStat_t;
/*for test*/
typedef struct Test_s {
char buf[4];
ushort_t typeshort1;
char buf1[3];
ulong_t typelong;
char buf2;
ushort_t typeshort;
}Test_t;
void authConfigInit();
STATUS dot1xFilterRecvPkt();
void dot1x_receive_event_task();
void dot1xHandleDot1xPkt();
void dot1xHandleDHCPMsg();
void dot1xHandleRadiusMsg();
void dot1xHandleTimeoutMsg();
void dot1xHandleOtherMsg();
void dot1xStartPktHandler();
void dot1xIDPktHandler();
void dot1xPWPktHandler();
void dot1xLCPWPktHandler();
void dot1xEAPPktHandler();
void dot1xLogoffPktHandler();
STATUS dot1xHandleClientTimeout(Dot1xAuthUserNode_t *pUserNode, u_long which);
STATUS dot1xHandleRadiusTimeout(Dot1xAuthUserNode_t *pUserNode, u_long which);
STATUS dot1xHandleReAuthTimeout(Dot1xAuthUserNode_t *pUserNode);
STATUS dot1xHandleDHCPTimeout(Dot1xAuthUserNode_t *pUserNode);
STATUS dot1xHandleDeAttackTimeout(Dot1xAuthUserNode_t *pUserNode);
STATUS ToNewState(u_short NewState, u_short ifTransfer, Dot1xAuthUserNode_t *pUserNode, u_char *UserKey);
STATUS localVerifyUser();
STATUS ShutDownUser(u_char *MAC, u_char *Domain, u_long Ip, u_char *Name, u_short vlan, u_short Port);
STATUS AllUserOffline();
STATUS dot1xDelAllTimer();
STATUS sendTrapToAgent(Dot1xAuthUserNode_t *pUserNode);
STATUS Index2Key(u_long *Index, u_char *Key);
STATUS Key2Index(u_char* Key, u_long *Index);
void CreateRandomAuthenticator();
STATUS dot1xCreateNewUserNode();
STATUS dot1xDelUserNode();
STATUS dot1xFindUserNode();
int dot1xUserCompare();
STATUS dot1xFindNextUserNode(idb_t *pIdb, Dot1xAuthUserNode_t **ppUserNode);
STATUS SendMessageUp(Dot1xAuthUserNode_t *pUserNode, int index);
STATUS SendLeftFlowUp(Dot1xAuthUserNode_t *pUserNode);
STATUS SendLeftFlowDown(Dot1xAuthUserNode_t *pUserNode);
STATUS SendLeftTimeUp(Dot1xAuthUserNode_t *pUserNode);
STATUS SendLeftTimeDown(Dot1xAuthUserNode_t *pUserNode);
STATUS SendMacFilterMessage(Dot1xAuthUserNode_t *pUserNode);
STATUS SendAdvertToUser(u_char *MAC, u_char *Domain, u_short vlan, u_short port, u_char* Message, int MsgLen, u_char *Name);
STATUS SendNotifyToUser(u_char *MAC, u_char *Domain, u_short vlan, u_short port, u_char* Message, u_char *Name);
STATUS dot1xDecryptPassword(char *Pwd, int PassLen, char *Challenge, char *Id, char *Encrypted);
STATUS findDefaultDomainName(char *defaultDomainName);
STATUS Dot1x_msg_DHCP_Success(u_char *MAC, u_long firestIP, u_long secondIP, u_short vlan, u_short port);
STATUS Dot1x_msg_DHCP_Failure(u_char *MAC, u_long firestIP, u_long reason, u_short vlan, u_short port);
STATUS Dot1x_msg_Radius_Accept(u_char *MAC, u_long IP, u_short vlan, u_short port,u_long BandWidth, u_long LeftFlow, u_long LeftTime, u_char *RealName);
STATUS Dot1x_msg_Radius_Reject(u_char *MAC, u_long IP, u_short vlan, u_short port, u_long Reason);
STATUS Dot1x_msg_Radius_Challenge(u_char *MAC, u_long IP, u_short vlan, u_short port, char *msg);
STATUS Dot1x_msg_Radius_AcctResponse(u_char *MAC, u_long IP, u_short vlan, u_short port);
STATUS Dot1x_msg_Radius_SessionTimeout(u_char *MAC, u_long IP, u_short vlan, u_short port);
STATUS Dot1x_msg_TimerExpire(void *UserKey, u_long which);
STATUS Dot1xAddOneTimer(void* UserKey,u_long which ,timerUnit_t *pTimer);
STATUS Dot1x_msg_Mac_Filter(unsigned char *MAC, u_short vlan, u_short port);
STATUS ClearBlkTbl();
void Dot1x_logMsgSend(char* facility, ulong_t severity, char* mnemonic,char* description);
#endif
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -