mystar.c

linux 802.1x 源码,兼容锐捷客户端 代码简洁小巧

/*
首先还是要感谢mystar的作者netxray，mystar.c大多代码都是引自mystar
*/
#include "mystar.h"
#include "sendpacket.h"
#include "md5.h"
#include "myerr.h"


/* 当前认证状态
   0:未找到服务器                      1:已找到服务器，未通过用户名认证
   2:已通过用户名认证，未通过MD5认证   3:已通过MD5认证，通网成功         */
int m_state=0;//当前认证状态
FILE* fplog = NULL;//日志文件

static void sig_intr(int signo); //do some cleanup work on exit with Ctrl+C
static void sig_alrm(int signo);
static void checkAndSetConfig(void); //configure related parameters

unsigned char* hashMD5(const u_char *pkt_data,const char* password,unsigned int passwordlen);
void checkAndSetConfig(void);
void showConfig(void);

//configure informations
char *name = NULL;
char *password = NULL;
char *nic = "eth0";
unsigned char serverMAC[6] = "\x01\x80\xc2\x00\x00\x03";
unsigned char localMAC[6];
unsigned char netmask[4];
unsigned char gateway[4];
unsigned char dhcpserver[4];

libnet_t *                l=NULL;
int isGetEchoFromServer = 0;

int main(int argc, char* argv[])
{

//libnet & libpcap variables

	u_int32_t                 l_ip;
   char                      l_errbuf[LIBNET_ERRBUF_SIZE];
   struct libnet_ether_addr *l_ether_addr;

   pcap_t             *p=NULL;
   int                 p_fd;
   fd_set              read_set;
   char                filter_buf[256];
   struct bpf_program  filter_code;
   u_int32_t           p_netaddr,p_netmask;
   struct pcap_pkthdr *pkt_hdr;
   const u_char       *pkt_data;
   char                p_errbuf[PCAP_ERRBUF_SIZE];
   
/*   int		linkto;
   u_int16_t       offset;
   int             msgLen;
   char            msgBuf[256];
   char           *pmsgBuf;
*/
   int             isFirstPacketFromServer=1;
   sigset_t        sigset_full,sigset_zero;
   struct timespec timeout;
   int packetCount=0;
   int dhcpmod;


//running-time datas
	unsigned char nameid = 0;
	unsigned char passwordid = 0;
	
	if((fplog = fopen("mystar.log","w")) == NULL) {printf("open log file error\n");return -1;}
	checkAndSetConfig();
	
	if((l=libnet_init(LIBNET_LINK, nic,l_errbuf))==NULL)
		err_quit("libnet_init: %s\n", l_errbuf);

	if((p=pcap_open_live(nic,65536,0, 500, p_errbuf))==NULL)
		{ err_msg("pcap_open_live: %s\n",p_errbuf); goto err1; }
	p_fd=pcap_fileno(p); //we can pselect() it in the following code.

	if((l_ether_addr=libnet_get_hwaddr(l))==NULL)
		{ err_msg("unable to get local mac address :%s\n",libnet_geterror(l)); goto err2; };
	memcpy(localMAC,l_ether_addr,sizeof(localMAC));
	
/*	if((l_ip=libnet_get_ipaddr4(l))==-1)
	{
		err_msg("unable to get ip address--ingored... :%s\n",libnet_geterror(l));
		l_ip=0;
	}
	
	if(pcap_lookupnet(nic,&p_netaddr,&p_netmask,p_errbuf)==-1)
		{ err_msg("unable to get netmask--igored... %s\n",p_errbuf); p_netmask=0;}
*/		
	showConfig();
	//goto done;


	snprintf(filter_buf,sizeof(filter_buf),FILTER_STR, localMAC[0],localMAC[1],
		localMAC[2],localMAC[3],localMAC[4],localMAC[5],localMAC[6]);
	//printf("过滤器: %s\n",filter_buf);
	if(pcap_compile(p, &filter_code,filter_buf, 0, p_netmask)==-1)
		{ err_msg("pcap_compile(): %s", pcap_geterr(p));  goto err2; }
	if(pcap_setfilter(p, &filter_code)==-1)
		{ err_msg("pcap_setfilter(): %s", pcap_geterr(p)); goto err2; }
	pcap_freecode(&filter_code); // avoid  memory-leak

	signal(SIGINT,sig_intr);  //We can exit with Ctrl+C
	sigfillset(&sigset_full);
	sigprocmask(SIG_BLOCK,&sigset_full,NULL); //block all signals.
	signal(SIGALRM,sig_alrm);			//每2分钟发送一次echo包
	siginterrupt(SIGALRM,1);
	
	initAllPackets(localMAC,serverMAC);
	modifyName(name,strlen(name));
START:
	m_state=0;

	sendStartPacket(l);
	fputs("发起认证",fplog);
	while(1)
	{
		(void)sigfillset(&sigset_full);
 		(void)sigdelset(&sigset_full,SIGINT);
		FD_ZERO(&read_set);  FD_SET(p_fd, &read_set);
		timeout.tv_sec =3;   timeout.tv_nsec =0; // 1 second
		
      //wait with all signals(except SIGINT) blocked.
		if(packetCount > 100){
			printf("找不到服务器，退出\n");
			goto err2;
		}
		switch ( pselect(p_fd+1,&read_set,NULL,NULL,&timeout,&sigset_full) )
		{
			case -1: //Normally, this case should not happen since sig_intr() never returns!
				goto err2;
			case 0:  //timed out
				switch(m_state)
				{
					case 0:	//未收到服务器响应
						printf("找不到认证服务器\n");
						fputs("超时，找不到认证服务器\n发起认证\n",fplog);
						sendStartPacket(l);
						packetCount++;
 						continue; //jump to next loop of while(1) to receive next packet
					case 1:	//应服务器请求，发送用户名
						sendNamePacket(l,nameid);
						fputs("超时，重发用户名 :sendNamePacket\n",fplog);
						packetCount++;
						continue;
					case 2:	//应服务器请求，发送口令密文
						sendPasswordPacket(l,passwordid);
						fputs("超时，重发口令密文:sendPasswordPacket\n",fplog);
						packetCount++;
 						continue;
					case 3:	//认证已成功
						break;
					default:
						goto err2;
				}
			default:
				//printf(".");
				break;
		}
		//从设备上抓取一个数据包
		
		if((pcap_next_ex(p,&pkt_hdr,&pkt_data))!=1) continue;
		//这里应该再加一个验证,offset0x12处为0x888e
		//不 需要了，设置过滤器的时候已经考虑到了
		
		fprintf(fplog,"收到一个数据包：\n");
		int i = 0;
		for(i = 0;i < pkt_hdr->len;i++)
			fprintf(fplog,"%02x",pkt_data[i]);
		fprintf(fplog,"\n");
		
		if(pkt_data[0x0f] != 0x0c)
		{
			switch(pkt_data[0x12])
			{
				case 01:		//服务器请求，用户名或密码
					switch(pkt_data[0x16])
					{
						case	01:	//请求的是用户名
							if(m_state == 0)
								printf("发现认证服务器\n");
							if(m_state == 3)
								printf("server request reflesh connection\n");
							else if(m_state == 0 || m_state == 1){
								nameid = pkt_data[0x13];
								//fputs("server request username\n",stdout);
								fputs("服务器请求用户名\n",fplog);
								sendNamePacket(l,pkt_data[0x13]);
								fputs("发送用户名:sendNamePacket\n",fplog);
								m_state = 1;
							}
							continue;
						case	04:	//请求的是口令密文
							if(m_state == 1)
								printf("正在验证用户名密码...\n");
							if(m_state == 1 || m_state == 2){
								m_state = 2;
								passwordid = pkt_data[0x13];
								//fputs("server request password\n",stdout);
								//在hashMD5中已经调用了modifyPassword
								unsigned char* hash = hashMD5(pkt_data,password,(unsigned int)strlen(password));
								int i = 0;
								sendPasswordPacket(l,pkt_data[0x13]);
								fputs("发送口令密文 :sendPasswordPacket\n",fplog);
							}
							continue;
						case	02:	//可能是Start报文已经失效
							//printf("服务器拒绝访问\n");
							if(m_state == 1)
								printf("server say something may be error.\n");
							sendLogoffPacket(l);
							continue;
						default:
							//printf("请求代码未知\n");
							continue;
					}
					continue;
				case 03:		//认证成功
					m_state = 3;
					isGetEchoFromServer = 1;
					alarm(120);		//2分钟后发送Echo包
					fputs("正在网络上注册您的计算机...\n",stdout);
					/*if((l_ip=libnet_get_ipaddr4(l))==-1){
						memset(&l_ip,0,4);
					}
					modifyIP((char*)&l_ip);
					sendDhcpRealsePacket();*/
					fputs("认证成功\n正在进行DHCP获取IP\n",fplog);
					system("dhclient -r");		//dhcp release
					system("time dhclient eth0");//dhcp request
					////////////////////////////////////////send
					if((l_ip=libnet_get_ipaddr4(l))==-1){
						printf("dhcp error\n");
					}
					printf("success\n");
					fputs("当前IP地址是：",fplog);
					int i = 0;
					for(i = 0;i < 4;i++)
						fprintf(fplog,"%02x",((unsigned char*)&l_ip)[i]);
					fprintf(fplog,"\n");
					
					modifyNotify((char*)&l_ip,netmask,gateway,dhcpserver);
					sleep(1);