- 论坛徽章:
- 0
|
为了方便高手知道,我把代码贴在这里,希望有人能帮我解答一下,这是一个802.1x的认证程序,我从网上下载的,因为我这个不是实达的交换机,所以修改了一下。从认证到认证结束都没问题,认证成功后交换机会每隔15秒发送认证请求,客户端回应认证,就是最后这步的设备总打不开,谁能帮我解释一下?先谢谢!
#include <stdio.h>
#include <fcntl.h>
#include <sys/ioctl.h>
#include <sys/time.h>
#include <sys/types.h>
#include <stdlib.h>
#include <sys/uio.h>
#include <unistd.h>
#include <sys/socket.h>
#include <net/bpf.h>
#include <net/if.h>
#include <string.h>
#include <sys/select.h>
#include <signal.h>
#include "global.h"
#include "md5.h"
#define ETHERTYPE_8021X 0x888e
#define EAPOL_Packet 0x00
#define EAPOL_Start 0x01
#define EAPOL_Logoff 0x02
#define EAP_Request 1
#define EAP_Response 2
#define EAP_Success 3
#define EAP_Failure 4
#define EAP_TYPE_Identity 1
#define EAP_TYPE_MD5Challenge 4
typedef unsigned char int8;
typedef unsigned short int16;
typedef unsigned long int32;
struct bpf_insn insns[] = {
BPF_STMT(BPF_LD+BPF_H+BPF_ABS, 12),
BPF_JUMP(BPF_JMP+BPF_JEQ+BPF_K, ETHERTYPE_8021X, 0, 1),
BPF_STMT(BPF_RET+BPF_K, (u_int)-1),
BPF_STMT(BPF_RET+BPF_K, 0),
};
typedef struct EAPOLforEthernet
{
int16 ethertype;
int8 version;
int8 type;
int16 length;
}EAPOL;
typedef struct EAPformat
{
int8 code;
int8 id;
int16 length;
int8 type;
}__attribute__((packed)) EAP;
typedef union
{
u_int32_t ulValue;
u_int8_t btValue[4];
}ULONG_BYTEARRAY;
ULONG_BYTEARRAY m_serialNo;
ULONG_BYTEARRAY m_key;
char standardMAC[6]={0x01,0x80,0xc2,0x00,0x00,0x03};
char name[3]="aaa";
char pass[3]="bbb";
char * nic="em0";
char pad[]={"\xff\xff\x37\x77\x7f\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\
\xff\xff\xff\xff\xff\xf5\x71\x00\x00\x13\x11\x38\x30\x32\x31\x78\
\x2e\x65\x78\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\
\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x28\x00\x00\x00\
\x00\x00\x13\x11\x00\x28\x1a\x28\x00\x00\x13\x11\x17\x22\x60\x63\
\x67\x65\x91\x66\x92\x94\x68\x92\x91\x64\x96\x95\x67\x91\x93\x95\
\x94\x93\x63\x62\x64\x61\x67\x6b\x84\xae\x77\x97\x6c\x6b\x00\x00\
\x13\x11\x18\x06\x00\x00\x00\x01"};
char echoPackage[] = {
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x88,0x8E,0x01,0xBF,
0x00,0x1E,0xFF,0xFF,0x37,0x77,0x7F,0x9F,0xF7,0xFF,0x00,0x00,0xFF,0xFF,0x37,0x77,
0x7F,0x9F,0xF7,0xFF,0x00,0x00,0xFF,0xFF,0x37,0x77,0x7F,0x3F,0xFF};
int Display(const u_char *packet,const size_t length);
void sig_intr(int signo);
char * buf;
char * p;
int8 dstMAC[6]={0,};
int bpf;
int blen;
int main()
{
int tmp;
char challengelen;
struct ifreq ifr;
struct bpf_program bpf_pro={4,insns};
struct timeval timeout={5,0};
char * bufmd5;
int8 id;
char md5Hash[16];
MD5_CTX context;
fd_set readset;
ULONG_BYTEARRAY uTemp;
printf(" My 802.1X Supplicant for FreeBSD\n" ;
printf(" Coded by xdkui 5/22/2005\n";
printf(" E-mail dkui@sina.com.cn\n";
if((bpf=open("/dev/bpf1",O_RDWR))==-1)
{
perror("open /dev/bpf1 error";
exit(1);
}
strcpy(ifr.ifr_name,nic);
if((-1==ioctl(bpf,BIOCGBLEN,&blen))||(-1==ioctl(bpf,BIOCSETIF,&ifr))||
(-1==ioctl(bpf,BIOCSETF,&bpf_pro))||(-1==ioctl(bpf,BIOCFLUSH))||(-1==ioctl(bpf,BIOCSRTIMEOUT,&timeout)))
{
perror("ioctl error";
close(bpf);
exit(1);
}
m_serialNo.ulValue = 0x1000002a; //the initial serial number, a magic number!
InitializeBlog();
//FillNetParamater( &pad[0x05] );
if((buf=(char *)malloc(blen))==NULL)
{
perror("malloc buf error";
close(bpf);
exit(1);
}
signal(SIGINT,sig_intr); //exit with Ctrl+C
signal(SIGTERM,sig_intr);
retry:
printf("send EAPOL_Start packet!\n";
memset(buf,0,blen);
memcpy(buf,standardMAC,6);
((EAPOL *)(buf+12))->ethertype=htons(0x888E);
((EAPOL *)(buf+12))->version=1;
((EAPOL *)(buf+12))->type=EAPOL_Start;
((EAPOL *)(buf+12))->length=0;
memcpy(buf+12+sizeof(EAPOL),pad,sizeof(pad));
printf("EAPOL Start Packet:\n";
Display((u_char *)buf,200);
if(1000!= write(bpf,buf,1000))
{
perror("write EAPOL_Start error";
goto retry;
}
//Read Switch request identity packet;
FD_ZERO(&readset);
FD_SET(bpf, &readset);
ioctl(bpf,BIOCFLUSH);
printf("bpf:%d\n",bpf);
if(1!=(tmp=select(bpf+1,&readset,NULL,NULL,&timeout)))
{
perror("select read EAP Request Identiry";
goto retry;
}
printf("tmp:%d\n",tmp);
if(-1==read(bpf,buf,blen))
{
perror("read EAP Request Identity error");
goto retry;
}
printf("EAP Request Identity Packet:\n");
p=buf+((struct bpf_hdr *)buf)->bh_hdrlen;
Display((u_char *)p,64);
if((((EAPOL *)(p+12))->type!=EAPOL_Packet)||(((EAP *)(p+12+sizeof(EAPOL)))->code!=EAP_Request)
||(((EAP *)(p+12+sizeof(EAPOL)))->type!=EAP_TYPE_Identity))
{
printf("EAP Request Identity format error!\n");
goto retry;
}
//Send Response Indentity to Switch
id=((EAP *)(p+12+sizeof(EAPOL)))->id;
memcpy(dstMAC,p+6,6);
printf("send EAP Response Identity packet!\n");
memset(buf,0,blen);
memcpy(buf,dstMAC,6);
((EAPOL *)(buf+12))->ethertype=htons(0x888E);
((EAPOL *)(buf+12))->version=1;
((EAPOL *)(buf+12))->type=EAPOL_Packet;
((EAPOL *)(buf+12))->length=htons(sizeof(EAP)+sizeof(name));
((EAP *)(buf+12+sizeof(EAPOL)))->code=EAP_Response;
((EAP *)(buf+12+sizeof(EAPOL)))->id=id;
((EAP *)(buf+12+sizeof(EAPOL)))->length=htons(sizeof(EAP)+sizeof(name));
((EAP *)(buf+12+sizeof(EAPOL)))->type=EAP_TYPE_Identity;
memcpy(buf+12+sizeof(EAPOL)+sizeof(EAP),name,sizeof(name));
memcpy(buf+12+sizeof(EAPOL)+sizeof(EAP)+sizeof(name),pad,sizeof(pad));
printf("Client send Identity packet to Switch:\n");
Display((u_char *)buf,200);
if(1000!=write(bpf,buf,1000))
{
perror("write EAP Response Identity error");
goto retry;
}
//EAP Request MD5-Challenge
FD_ZERO(&readset);
FD_SET(bpf, &readset);
ioctl(bpf,BIOCFLUSH);
if(1!=select(bpf+1,&readset,NULL,NULL,&timeout))
{
perror("select read EAP Request MD5-Challenge");
goto retry;
}
if(-1==read(bpf,buf,blen))
{
perror("read EAP Request MD5-Challenge errorr");
goto retry;
}
printf("Switch Request MD5 Challenge Packet:\n");
Display((u_char *)buf+18,64);
p=buf+((struct bpf_hdr *)buf)->bh_hdrlen;
if((((EAPOL *)(p+12))->type!=EAPOL_Packet)||(((EAP *)(p+12+sizeof(EAPOL)))->code!=EAP_Request)
||(((EAP *)(p+12+sizeof(EAPOL)))->type!=EAP_TYPE_MD5Challenge))
{
printf("EAP Request MD5-Challenge format error!\n");
goto retry;
}
//Response MD5 challenge;
id=((EAP *)(p+12+sizeof(EAPOL)))->id;
challengelen=*((char *)(p+12+sizeof(EAPOL)+sizeof(EAP)));
//printf("challengelen %d\n",challengelen);
if((bufmd5=(char *)malloc(1+challengelen+sizeof(pass)))==NULL)
{
perror("malloc bufmd5 error");
close(bpf);
exit(1);
}
/*The Response Value is the one-way hash calculated over a stream of
octets consisting of the Identifier, followed by (concatenated
with) the "secret", followed by (concatenated with) the Challenge
Value. The length of the Response Value depends upon the hash
algorithm used (16 octets for MD5).*/
memset(bufmd5,0,1+challengelen+sizeof(pass));
*bufmd5=id;
memcpy(bufmd5+1,pass,sizeof(pass));
memcpy(bufmd5+1+sizeof(pass),p+12+sizeof(EAPOL)+sizeof(EAP)+1,challengelen);
printf("bufmd5,passlen:%d,pass:%s",sizeof(pass),pass);
Display((u_char *)bufmd5,1+sizeof(pass)+challengelen);
MD5Init(&context);
MD5Update(&context, bufmd5, 1+challengelen+sizeof(pass));
MD5Final(md5Hash, &context);
//EAP Response MD5-Challenge
printf("send EAP Response MD5-Challenge packet!\n");
memset(buf,0,blen);
memcpy(buf,dstMAC,6);
((EAPOL *)(buf+12))->ethertype=htons(0x888E);
((EAPOL *)(buf+12))->version=1;
((EAPOL *)(buf+12))->type=EAPOL_Packet;
((EAPOL *)(buf+12))->length=htons(sizeof(EAP)+sizeof(name)+challengelen+1);
((EAP *)(buf+12+sizeof(EAPOL)))->code=EAP_Response;
((EAP *)(buf+12+sizeof(EAPOL)))->id=id;
((EAP *)(buf+12+sizeof(EAPOL)))->length=htons(sizeof(EAP)+sizeof(name)+challengelen+1);
((EAP *)(buf+12+sizeof(EAPOL)))->type=EAP_TYPE_MD5Challenge;
*(char *)(buf+12+sizeof(EAPOL)+sizeof(EAP))=16;
memcpy(buf+12+sizeof(EAPOL)+sizeof(EAP)+1,md5Hash,16);
memcpy(buf+12+sizeof(EAPOL)+sizeof(EAP)+1+16,name,sizeof(name));
memcpy(buf+12+sizeof(EAPOL)+sizeof(EAP)+1+16+sizeof(name),pad,sizeof(pad));
printf("Response MD5 challenge Packet:\n");
Display((u_char *)buf,200);
if(1000!=write(bpf,buf,1000))
{
perror("write EAP Response MD5-Challenge error");
goto retry;
}
//Read supplicant result;
FD_ZERO(&readset);
FD_SET(bpf, &readset);
ioctl(bpf,BIOCFLUSH);
if(1!=select(bpf+1,&readset,NULL,NULL,&timeout))
{
perror("select read EAP authentication result");
goto retry;
}
if(-1==read(bpf,buf,blen))
{
perror("read EAP authentication result errorr");
goto retry;
}
printf("test MD5 result packet:\n");
Display((u_char *)buf+18,64);
p=buf+((struct bpf_hdr *)buf)->bh_hdrlen;
if((((EAPOL *)(p+12))->type!=EAPOL_Packet)||(((EAP *)(p+12+sizeof(EAPOL)))->id!=id))
{
printf("EAPOL_Packet.Type:%d,%d\n",((EAPOL *)(p+12))->type,EAPOL_Packet);
printf("EAPOL_Packet.ID:%d,%d\n",((EAP *)(p+12+sizeof(EAPOL)))->id,id);
printf("EAP result packet error!\n");
goto retry;
}
if(((EAP *)(p+12+sizeof(EAPOL)))->code==EAP_Success)
{
printf("EAP authentication success!\n");
printf("Keeping sending echo every 15s... \n");
printf("send EAPOL_Start packet!\n");
memset(buf,0,blen);
memcpy(buf,dstMAC,6);
((EAPOL *)(buf+12))->ethertype=htons(0x888E);
((EAPOL *)(buf+12))->version=1;
((EAPOL *)(buf+12))->type=EAPOL_Start;
((EAPOL *)(buf+12))->length=0;
memcpy(buf+12+sizeof(EAPOL),pad,sizeof(pad));
printf("EAPOL Start Packet:\n");
Display((u_char *)buf,200);
if(1000!= write(bpf,buf,1000))
{
perror("write EAPOL_Start error");
return -1;
}
close(bpf);
while(1){
if((bpf=open("/dev/bpf1",O_RDWR))==-1)
{
perror("open /dev/bpf1 error");
exit(1);
}
strcpy(ifr.ifr_name,nic);
if((-1==ioctl(bpf,BIOCGBLEN,&blen))||(-1==ioctl(bpf,BIOCSETIF,&ifr))||(-1==ioctl(bpf,BIOCSETF,&bpf_pro))||(-1==ioctl(bpf,BIOCFLUSH))||(-1==ioctl(bpf,BIOCSRTIMEOUT,&timeout)))
{
perror("ioctl error");
close(bpf);
exit(1);
}
//Read Switch request identity packet;
FD_ZERO(&readset);
FD_SET(bpf,&readset);
ioctl(bpf,BIOCFLUSH);
printf("bpf:%d\n",bpf);
while(1!=(tmp=select(bpf+2,&readset,NULL,NULL,&timeout)))
{
printf("tmp:%d\n",tmp);
if(1!=tmp)
{
perror("select read EAP Request Identiry");
}
}
if(-1==read(bpf,buf,blen))
{
perror("read EAP Request Identity error");
return -1;
}
printf("EAP Request Identity Packet:\n");
p=buf+((struct bpf_hdr *)buf)->bh_hdrlen;
Display((u_char *)p,64);
if((((EAPOL *)(p+12))->type!=EAPOL_Packet)||(((EAP *)(p+12+sizeof(EAPOL)))->code!=EAP_Request)||(((EAP *)(p+12+sizeof(EAPOL)))->type!=EAP_TYPE_Identity))
{
printf("EAP Request Identity format error!\n");
return -1;
}
//Send Response Indentity to Switch
id=((EAP *)(p+12+sizeof(EAPOL)))->id;
memcpy(dstMAC,p+6,6);
printf("send EAP Response Identity packet!\n");
memset(buf,0,blen);
memcpy(buf,dstMAC,6);
((EAPOL *)(buf+12))->ethertype=htons(0x888E);
((EAPOL *)(buf+12))->version=1;
((EAPOL *)(buf+12))->type=EAPOL_Packet;
((EAPOL *)(buf+12))->length=htons(sizeof(EAP)+sizeof(name));
((EAP *)(buf+12+sizeof(EAPOL)))->code=EAP_Response;
((EAP *)(buf+12+sizeof(EAPOL)))->id=id;
((EAP *)(buf+12+sizeof(EAPOL)))->length=htons(sizeof(EAP)+sizeof(name));
((EAP *)(buf+12+sizeof(EAPOL)))->type=EAP_TYPE_Identity;
memcpy(buf+12+sizeof(EAPOL)+sizeof(EAP),name,sizeof(name));
memcpy(buf+12+sizeof(EAPOL)+sizeof(EAP)+sizeof(name),pad,sizeof(pad));
printf("Client send Identity packet to Switch:\n");
Display((u_char *)buf,200);
if(1000!=write(bpf,buf,1000))
{
perror("write EAP Response Identity error");
return -1;
}
sleep(15);
//memcpy( echoPackage, dstMAC, 6 );
//while(write(bpf,echoPackage, 0x2d)!=0x2d) ;
ioctl(bpf,BIOCFLUSH);
close(bpf);
}
}
else
{
printf("EAP authentication fail!\n");
goto retry;
}
//sleep(3600);
//goto retry;
return 0;
}
void sig_intr(int signo)
{
if(buf!=NULL)
{
//构造802.1X的EAPOL-Logoff帧
memset(buf,0,blen);
if((dstMAC[0]==0)&&(dstMAC[1]==0)&&(dstMAC[2]==0))
memcpy(buf,standardMAC,6);
else
memcpy(buf,dstMAC,6);
((EAPOL *)(buf+12))->ethertype=htons(0x888E);
((EAPOL *)(buf+12))->version=1;
((EAPOL *)(buf+12))->type=EAPOL_Logoff;
((EAPOL *)(buf+12))->length=0;
if((12+sizeof(EAPOL))!= write(bpf,buf,12+sizeof(EAPOL))) //发送802.1X的EAPOL-Logoff帧
{
perror("write EAPOL_Logoff error");
}
}
_exit(0);
}
int Display(const u_char *packet,const size_t length)
{
u_long offset;
int i,j,k;
printf("packet [%lu bytes]: \n",(long unsigned int)length);
if(length<=0){
return 0;
}
i =0;
offset=0;
for(k=length/16;k>0;k--,offset+=16){
printf("%08X " ,(unsigned int)offset);
for(j=0;j<16;j++,i++){
if (j== {
printf("-%02X",packet);
}
else
printf(" %02X",packet);
}
printf(" ");
i-=16;
for(j=0;j<16;j++,i++){
if((packet>=' ') && (packet<=255)){
printf("%c",packet);
}
else printf(".");
}
printf("\n");
}
k=length-i;
if(k<=0){
return 0;
}
printf("%08X ",(unsigned int)offset);
for(j=0;j<k;j++,i++){
if(j=={
printf("-%02X",packet);
}
else printf(" %02X",packet);
}
i-=k;
for(j=16-k;j>0;j--){
printf(" ");
}
printf(" ");
for(j=0;j<k;j++,i++){
if((packet>=' ')&&(packet<=255)){
printf("%c",packet);
}
else{
printf(".");
}
}
printf("\n");
return 0;
}
[ 本帖最后由 大板砖 于 2009-1-19 20:52 编辑 ] |
|
免费注册
发表于 2009-01-19 20:25
