diff --git a/package/jsda/njitclient/.Makefile.swm b/package/jsda/njitclient/.Makefile.swm deleted file mode 100644 index 0207be1ffb..0000000000 Binary files a/package/jsda/njitclient/.Makefile.swm and /dev/null differ diff --git a/package/jsda/njitclient/.Makefile.swn b/package/jsda/njitclient/.Makefile.swn deleted file mode 100644 index eda0f36097..0000000000 Binary files a/package/jsda/njitclient/.Makefile.swn and /dev/null differ diff --git a/package/jsda/njitclient/.Makefile.swo b/package/jsda/njitclient/.Makefile.swo deleted file mode 100644 index a00610e95e..0000000000 Binary files a/package/jsda/njitclient/.Makefile.swo and /dev/null differ diff --git a/package/jsda/njitclient/Install.html b/package/jsda/njitclient/Install.html old mode 100755 new mode 100644 diff --git a/package/jsda/njitclient/License/gpl-3.0-standalone.html b/package/jsda/njitclient/License/gpl-3.0-standalone.html old mode 100755 new mode 100644 diff --git a/package/jsda/njitclient/Makefile.am b/package/jsda/njitclient/Makefile.am old mode 100755 new mode 100644 diff --git a/package/jsda/njitclient/ReadMe.html b/package/jsda/njitclient/ReadMe.html old mode 100755 new mode 100644 diff --git a/package/jsda/njitclient/configure.ac b/package/jsda/njitclient/configure.ac old mode 100755 new mode 100644 diff --git a/package/jsda/njitclient/documents/Documents.html b/package/jsda/njitclient/documents/Documents.html old mode 100755 new mode 100644 diff --git a/package/jsda/njitclient/src-gui/gtkgui/AUTHORS b/package/jsda/njitclient/src-gui/gtkgui/AUTHORS old mode 100755 new mode 100644 diff --git a/package/jsda/njitclient/src-gui/gtkgui/COPYING b/package/jsda/njitclient/src-gui/gtkgui/COPYING old mode 100755 new mode 100644 diff --git a/package/jsda/njitclient/src-gui/gtkgui/ChangeLog b/package/jsda/njitclient/src-gui/gtkgui/ChangeLog old mode 100755 new mode 100644 diff --git a/package/jsda/njitclient/src-gui/gtkgui/HACKING b/package/jsda/njitclient/src-gui/gtkgui/HACKING old mode 100755 new mode 100644 diff --git a/package/jsda/njitclient/src-gui/gtkgui/Makefile.am b/package/jsda/njitclient/src-gui/gtkgui/Makefile.am old mode 100755 new mode 100644 diff --git a/package/jsda/njitclient/src-gui/gtkgui/NEWS b/package/jsda/njitclient/src-gui/gtkgui/NEWS old mode 100755 new mode 100644 diff --git a/package/jsda/njitclient/src-gui/gtkgui/configure.ac b/package/jsda/njitclient/src-gui/gtkgui/configure.ac old mode 100755 new mode 100644 diff --git a/package/jsda/njitclient/src-gui/gtkgui/tests/Makefile.am b/package/jsda/njitclient/src-gui/gtkgui/tests/Makefile.am old mode 100755 new mode 100644 diff --git a/package/jsda/njitclient/src-gui/luci-app-njitclient/luci_controller_njit.lua b/package/jsda/njitclient/src-gui/luci/luci_controller_njit.lua similarity index 100% rename from package/jsda/njitclient/src-gui/luci-app-njitclient/luci_controller_njit.lua rename to package/jsda/njitclient/src-gui/luci/luci_controller_njit.lua diff --git a/package/jsda/njitclient/src-gui/luci-app-njitclient/njit.lua b/package/jsda/njitclient/src-gui/luci/njit.lua similarity index 100% rename from package/jsda/njitclient/src-gui/luci-app-njitclient/njit.lua rename to package/jsda/njitclient/src-gui/luci/njit.lua diff --git a/package/jsda/njitclient/src-gui/luci-app-njitclient/readme b/package/jsda/njitclient/src-gui/luci/readme old mode 100755 new mode 100644 similarity index 100% rename from package/jsda/njitclient/src-gui/luci-app-njitclient/readme rename to package/jsda/njitclient/src-gui/luci/readme diff --git a/package/jsda/njitclient/src-gui/qt4gui/ReadMe.html b/package/jsda/njitclient/src-gui/qt4gui/ReadMe.html old mode 100755 new mode 100644 diff --git a/package/jsda/njitclient/src-gui/qt4gui/qt4gui.pro b/package/jsda/njitclient/src-gui/qt4gui/qt4gui.pro old mode 100755 new mode 100644 diff --git a/package/jsda/njitclient/src/Makefile.am b/package/jsda/njitclient/src/Makefile.am old mode 100755 new mode 100644 diff --git a/package/jsda/njitclient/src/RefreshIP.py b/package/jsda/njitclient/src/RefreshIP.py old mode 100644 new mode 100755 diff --git a/package/jsda/njitclient/src/auth.c b/package/jsda/njitclient/src/auth.c index 876e881ccd..81c36e3995 100644 --- a/package/jsda/njitclient/src/auth.c +++ b/package/jsda/njitclient/src/auth.c @@ -3,7 +3,7 @@ * 注:核心函数为Authentication(),由该函数执行801.1X认证 */ -int Authentication(const char *UserName, const char *Password, const char *DeviceName, const char *Version, const char *Key); +int Authentication(const char *UserName, const char *Password, const char *DeviceName); #include #include @@ -26,24 +26,14 @@ int Authentication(const char *UserName, const char *Password, const char *Devic #include "debug.h" // 自定义常量 -typedef enum { REQUEST = 1, - RESPONSE = 2, - SUCCESS = 3, - FAILURE = 4, - H3CDATA = 10 } EAP_Code; -typedef enum { IDENTITY = 1, - NOTIFICATION = 2, - MD5 = 4, - ALLOCATED = 7, - AVAILABLE = 20 } EAP_Type; +typedef enum {REQUEST=1, RESPONSE=2, SUCCESS=3, FAILURE=4, H3CDATA=10} EAP_Code; +typedef enum {IDENTITY=1, NOTIFICATION=2, MD5=4, AVAILABLE=20} EAP_Type; typedef uint8_t EAP_ID; -const uint8_t BroadcastAddr[6] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; // 广播MAC地址 -const uint8_t MultcastAddr[6] = {0x01, 0x80, 0xc2, 0x00, 0x00, 0x03}; // 多播MAC地址 -char H3C_VERSION[16]; -char H3C_KEY[64]; -//const char H3C_VERSION[16]="CH\x11V7.10-0313"; // 华为客户端版本号 +const uint8_t BroadcastAddr[6] = {0xff,0xff,0xff,0xff,0xff,0xff}; // 广播MAC地址 +const uint8_t MultcastAddr[6] = {0x01,0x80,0xc2,0x00,0x00,0x03}; // 多播MAC地址 +const char H3C_VERSION[16]="CH\x11V7.10-0313"; // 华为客户端版本号 //const char H3C_KEY[64] ="HuaWei3COM1X"; // H3C的固定密钥 -//const char H3C_KEY[64] ="Oly5D62FaE94W7"; // H3C的另一个固定密钥,网友取自MacOSX版本的iNode官方客户端 +const char H3C_KEY[64] ="Oly5D62FaE94W7"; // H3C的另一个固定密钥,网友取自MacOSX版本的iNode官方客户端 uint8_t AES_MD5req[32]; uint8_t AES_MD5data[32]; @@ -51,34 +41,29 @@ uint8_t AES_MD5data[32]; static void SendStartPkt(pcap_t *adhandle, const uint8_t mac[]); static void SendLogoffPkt(pcap_t *adhandle, const uint8_t mac[]); static void SendResponseIdentity(pcap_t *adhandle, - const uint8_t request[], - const uint8_t ethhdr[], - const uint8_t ip[4], - const char username[]); + const uint8_t request[], + const uint8_t ethhdr[], + const uint8_t ip[4], + const char username[]); static void SendFirstResponseIdentity(pcap_t *adhandle, - const uint8_t request[], - const uint8_t ethhdr[], - const uint8_t ip[4], - const char username[]); + const uint8_t request[], + const uint8_t ethhdr[], + const uint8_t ip[4], + const char username[]); static void SendResponseMD5(pcap_t *adhandle, - const uint8_t request[], - const uint8_t ethhdr[], - const char username[], - const char passwd[]); -static void SendResponsePassword(pcap_t *handle, - const uint8_t request[], - const uint8_t ethhdr[], - const char username[], - const char passwd[]); + const uint8_t request[], + const uint8_t ethhdr[], + const char username[], + const char passwd[]); static void SendResponseAvailable(pcap_t *adhandle, - const uint8_t request[], - const uint8_t ethhdr[], - const uint8_t ip[4], - const char username[]); + const uint8_t request[], + const uint8_t ethhdr[], + const uint8_t ip[4], + const char username[]); static void SendResponseNotification(pcap_t *handle, - const uint8_t request[], - const uint8_t ethhdr[]); + const uint8_t request[], + const uint8_t ethhdr[]); static void GetMacFromDevice(uint8_t mac[6], const char *devicename); @@ -87,12 +72,12 @@ static void FillWindowsVersionArea(uint8_t area[]); static void FillBase64Area(char area[]); // From fillmd5.c extern void FillMD5Area(uint8_t digest[], - uint8_t id, const char passwd[], const uint8_t srcMD5[]); + uint8_t id, const char passwd[], const uint8_t srcMD5[]); // From ip.c extern void GetIpFromDevice(uint8_t ip[4], const char DeviceName[]); -int mode = 1; //auto reconnect +int mode=1;//auto reconnect /** * 函数:Authentication() @@ -101,24 +86,20 @@ int mode = 1; //auto reconnect * 该函数将不断循环,应答802.1X认证会话,直到遇到错误后才退出 */ -int Authentication(const char *UserName, const char *Password, const char *DeviceName, const char *Version, const char *Key) +int Authentication(const char *UserName, const char *Password, const char *DeviceName) { - strcpy(H3C_VERSION, Version); - strcpy(H3C_KEY, Key); - - char errbuf[PCAP_ERRBUF_SIZE]; - pcap_t *adhandle; // adapter handle - uint8_t MAC[6]; - char FilterStr[100]; - struct bpf_program fcode; - const int DefaultTimeout = 2000; //设置接收超时参数,单位ms + char errbuf[PCAP_ERRBUF_SIZE]; + pcap_t *adhandle; // adapter handle + uint8_t MAC[6]; + char FilterStr[100]; + struct bpf_program fcode; + const int DefaultTimeout=2000;//设置接收超时参数,单位ms // NOTE: 这里没有检查网线是否已插好,网线插口可能接触不良 /* 打开适配器(网卡) */ - adhandle = pcap_open_live(DeviceName, 65536, 1, DefaultTimeout, errbuf); - if (adhandle == NULL) - { + adhandle = pcap_open_live(DeviceName,65536,1,DefaultTimeout,errbuf); + if (adhandle==NULL) { fprintf(stderr, "%s\n", errbuf); exit(-1); } @@ -126,31 +107,31 @@ int Authentication(const char *UserName, const char *Password, const char *Devic /* 查询本机MAC地址 */ GetMacFromDevice(MAC, DeviceName); - /* 生成随机数 */ - srand((unsigned)time(NULL)); + /* 生成随机数 */ + srand((unsigned)time(NULL)); -START_AUTHENTICATION: -{ - /* + START_AUTHENTICATION: + { + /* * 设置过滤器: * 初始情况下只捕获发往本机的802.1X认证会话,不接收多播信息(避免误捕获其他客户端发出的多播信息) * 进入循环体前可以重设过滤器,那时再开始接收多播信息 */ - sprintf(FilterStr, "(ether proto 0x888e) and (ether dst host %02x:%02x:%02x:%02x:%02x:%02x)", - MAC[0], MAC[1], MAC[2], MAC[3], MAC[4], MAC[5]); - pcap_compile(adhandle, &fcode, FilterStr, 1, 0xff); - pcap_setfilter(adhandle, &fcode); - int i; - int retcode; - struct pcap_pkthdr *header = NULL; - const uint8_t *captured = NULL; - uint8_t ethhdr[14] = {0}; // ethernet header - uint8_t ip[4] = {10, 0, 0, 0}; // ip address + sprintf(FilterStr, "(ether proto 0x888e) and (ether dst host %02x:%02x:%02x:%02x:%02x:%02x)", + MAC[0],MAC[1],MAC[2],MAC[3],MAC[4],MAC[5]); + pcap_compile(adhandle, &fcode, FilterStr, 1, 0xff); + pcap_setfilter(adhandle, &fcode); + int i; + int retcode; + struct pcap_pkthdr *header = NULL; + const uint8_t *captured = NULL; + uint8_t ethhdr[14]={0}; // ethernet header + uint8_t ip[4]={10,0,0,0}; // ip address - // 使用本机MAC地址生成伪装IP地址。 - ip[1] = MAC[2] ^ (uint8_t)rand(); - ip[2] = MAC[4] ^ (uint8_t)rand(); - ip[3] = MAC[5] ^ (uint8_t)rand(); + // 使用本机MAC地址生成伪装IP地址。 + ip[1] = MAC[2] ^ (uint8_t)rand(); + ip[2] = MAC[4] ^ (uint8_t)rand(); + ip[3] = MAC[5] ^ (uint8_t)rand(); /* 主动发起认证会话 */ SendStartPkt(adhandle, MAC); @@ -161,10 +142,10 @@ START_AUTHENTICATION: while (!serverIsFound) { retcode = pcap_next_ex(adhandle, &header, &captured); - if (retcode == 1 && (EAP_Code)captured[18] == REQUEST) + if (retcode==1 && (EAP_Code)captured[18]==REQUEST) serverIsFound = true; else - { // 延时后重试 + { // 延时后重试 sleep(1); //DPRINTF("."); SendStartPkt(adhandle, MAC); @@ -174,8 +155,8 @@ START_AUTHENTICATION: // 填写应答包的报头(以后无须再修改) // 默认以单播方式应答802.1X认证设备发来的Request - memcpy(ethhdr + 0, captured + 6, 6); - memcpy(ethhdr + 6, MAC, 6); + memcpy(ethhdr+0, captured+6, 6); + memcpy(ethhdr+6, MAC, 6); ethhdr[12] = 0x88; ethhdr[13] = 0x8e; @@ -189,20 +170,20 @@ START_AUTHENTICATION: // 继续接收下一个Request包 retcode = pcap_next_ex(adhandle, &header, &captured); - assert(retcode == 1); + assert(retcode==1); assert((EAP_Code)captured[18] == REQUEST); } // 分情况应答下一个包 if ((EAP_Type)captured[22] == IDENTITY) - { // 通常情况会收到包Request Identity,应回答Response Identity + { // 通常情况会收到包Request Identity,应回答Response Identity DPRINTF("[%d] Server: Request Identity!\n", captured[19]); GetIpFromDevice(ip, DeviceName); SendFirstResponseIdentity(adhandle, captured, ethhdr, ip, UserName); DPRINTF("[%d] Client: Response First Identity.\n", (EAP_ID)captured[19]); } else if ((EAP_Type)captured[22] == AVAILABLE) - { // 遇到AVAILABLE包时需要特殊处理 + { // 遇到AVAILABLE包时需要特殊处理 // 中南财经政法大学目前使用的格式: // 收到第一个Request AVAILABLE时要回答Response Identity DPRINTF("[%d] Server: Request AVAILABLE!\n", captured[19]); @@ -213,7 +194,7 @@ START_AUTHENTICATION: // 重设过滤器,只捕获华为802.1X认证设备发来的包(包括多播Request Identity / Request AVAILABLE) sprintf(FilterStr, "(ether proto 0x888e) and (ether src host %02x:%02x:%02x:%02x:%02x:%02x)", - captured[6], captured[7], captured[8], captured[9], captured[10], captured[11]); + captured[6],captured[7],captured[8],captured[9],captured[10],captured[11]); pcap_compile(adhandle, &fcode, FilterStr, 1, 0xff); pcap_setfilter(adhandle, &fcode); @@ -224,8 +205,8 @@ START_AUTHENTICATION: while (pcap_next_ex(adhandle, &header, &captured) != 1) { //DPRINTF("."); // 若捕获失败,则等1秒后重试 - sleep(1); // 直到成功捕获到一个数据包后再跳出 - // NOTE: 这里没有检查网线是否已被拔下或插口接触不良 + sleep(1); // 直到成功捕获到一个数据包后再跳出 + // NOTE: 这里没有检查网线是否已被拔下或插口接触不良 } // 根据收到的Request,回复相应的Response包 @@ -233,34 +214,29 @@ START_AUTHENTICATION: { switch ((EAP_Type)captured[22]) { - case IDENTITY: + case IDENTITY: DPRINTF("[%d] Server: Request Identity!\n", (EAP_ID)captured[19]); GetIpFromDevice(ip, DeviceName); SendResponseIdentity(adhandle, captured, ethhdr, ip, UserName); DPRINTF("[%d] Client: Response Identity.\n", (EAP_ID)captured[19]); break; - case AVAILABLE: + case AVAILABLE: DPRINTF("[%d] Server: Request AVAILABLE!\n", (EAP_ID)captured[19]); GetIpFromDevice(ip, DeviceName); SendResponseAvailable(adhandle, captured, ethhdr, ip, UserName); DPRINTF("[%d] Client: Response AVAILABLE.\n", (EAP_ID)captured[19]); break; - case MD5: + case MD5: DPRINTF("[%d] Server: Request MD5-Challenge!\n", (EAP_ID)captured[19]); SendResponseMD5(adhandle, captured, ethhdr, UserName, Password); DPRINTF("[%d] Client: Response MD5-Challenge.\n", (EAP_ID)captured[19]); break; - case ALLOCATED: //newtype:7;EAP_REQUEST ALLOCATED PACKAGE; - DPRINTF("[%d] Server: Request Allocated(Password)!\n", (EAP_ID)captured[19]); - SendResponsePassword(adhandle, captured, ethhdr, UserName, Password); //Send Password; - DPRINTF("[%d] Client: Response Allocated(Password).\n", (EAP_ID)captured[19]); - break; - case NOTIFICATION: + case NOTIFICATION: DPRINTF("[%d] Server: Request Notification!\n", captured[19]); SendResponseNotification(adhandle, captured, ethhdr); DPRINTF(" Client: Response Notification.\n"); break; - default: + default: DPRINTF("[%d] Server: Request (type:%d)!\n", (EAP_ID)captured[19], (EAP_Type)captured[22]); DPRINTF("Error! Unexpected request type\n"); exit(-1); @@ -268,13 +244,13 @@ START_AUTHENTICATION: } } else if ((EAP_Code)captured[18] == FAILURE) - { // 处理认证失败信息 + { // 处理认证失败信息 uint8_t errtype = captured[22]; uint8_t msgsize = captured[23]; - const char *msg = (const char *)&captured[24]; + const char *msg = (const char*) &captured[24]; DPRINTF("[%d] Server: Failure.\n", (EAP_ID)captured[19]); - if (errtype == 0x09 && msgsize > 0) - { // 输出错误提示消息 + if (errtype==0x09 && msgsize>0) + { // 输出错误提示消息 fprintf(stderr, "%s\n", msg); // 已知的几种错误如下 // E2531:用户名不存在 @@ -291,12 +267,12 @@ START_AUTHENTICATION: } else { - return 0; //exit(-1); + return 0;//exit(-1); } } - else if (errtype == 0x08) // 可能网络无流量时朊务器结束此次802.1X认证会话 + else if (errtype==0x08) // 可能网络无流量时朊务器结束此次802.1X认证会话 - { // 遇此情况客户端立刻发起新的认证会话 + { // 遇此情况客户端立刻发起新的认证会话 goto START_AUTHENTICATION; } else @@ -327,440 +303,425 @@ START_AUTHENTICATION: } } } - return (0); +return (0); } -static void GetMacFromDevice(uint8_t mac[6], const char *devicename) + + +static +void GetMacFromDevice(uint8_t mac[6], const char *devicename) { - int fd; - int err; - struct ifreq ifr; +int fd; +int err; +struct ifreq ifr; - fd = socket(PF_PACKET, SOCK_RAW, htons(0x0806)); - assert(fd != -1); +fd = socket(PF_PACKET, SOCK_RAW, htons(0x0806)); +assert(fd != -1); - assert(strlen(devicename) < IFNAMSIZ); - strncpy(ifr.ifr_name, devicename, IFNAMSIZ); - ifr.ifr_addr.sa_family = AF_INET; +assert(strlen(devicename) < IFNAMSIZ); +strncpy(ifr.ifr_name, devicename, IFNAMSIZ); +ifr.ifr_addr.sa_family = AF_INET; - err = ioctl(fd, SIOCGIFHWADDR, &ifr); - assert(err != -1); - memcpy(mac, ifr.ifr_hwaddr.sa_data, 6); +err = ioctl(fd, SIOCGIFHWADDR, &ifr); +assert(err != -1); +memcpy(mac, ifr.ifr_hwaddr.sa_data, 6); - err = close(fd); - assert(err != -1); - return; +err = close(fd); +assert(err != -1); +return; } -static void SendStartPkt(pcap_t *handle, const uint8_t localmac[]) + +static +void SendStartPkt(pcap_t *handle, const uint8_t localmac[]) { - uint8_t packet[18]; +uint8_t packet[18]; - // Ethernet Header (14 Bytes) - memcpy(packet, BroadcastAddr, 6); - memcpy(packet + 6, localmac, 6); - packet[12] = 0x88; - packet[13] = 0x8e; +// Ethernet Header (14 Bytes) +memcpy(packet, BroadcastAddr, 6); +memcpy(packet+6, localmac, 6); +packet[12] = 0x88; +packet[13] = 0x8e; - // EAPOL (4 Bytes) - packet[14] = 0x01; // Version=1 - packet[15] = 0x01; // Type=Start - packet[16] = packet[17] = 0x00; // Length=0x0000 +// EAPOL (4 Bytes) +packet[14] = 0x01; // Version=1 +packet[15] = 0x01; // Type=Start +packet[16] = packet[17] =0x00;// Length=0x0000 - // 为了兼容不同院校的网络配置,这里发送两遍Start包 - // 1、广播发送Strat包 - pcap_sendpacket(handle, packet, sizeof(packet)); - // 2、多播发送Strat包 - //memcpy(packet, MultcastAddr, 6); - //pcap_sendpacket(handle, packet, sizeof(packet)); +// 为了兼容不同院校的网络配置,这里发送两遍Start包 +// 1、广播发送Strat包 +pcap_sendpacket(handle, packet, sizeof(packet)); +// 2、多播发送Strat包 +//memcpy(packet, MultcastAddr, 6); +//pcap_sendpacket(handle, packet, sizeof(packet)); } -static void SendResponseAvailable(pcap_t *handle, const uint8_t request[], const uint8_t ethhdr[], const uint8_t ip[4], const char username[]) + +static +void SendResponseAvailable(pcap_t *handle, const uint8_t request[], const uint8_t ethhdr[], const uint8_t ip[4], const char username[]) { - int i; - uint16_t eaplen; - int usernamelen; - uint8_t response[128]; +int i; +uint16_t eaplen; +int usernamelen; +uint8_t response[128]; - assert((EAP_Code)request[18] == REQUEST); - assert((EAP_Type)request[22] == AVAILABLE); +assert((EAP_Code)request[18] == REQUEST); +assert((EAP_Type)request[22] == AVAILABLE); - // Fill Ethernet header - memcpy(response, ethhdr, 14); +// Fill Ethernet header +memcpy(response, ethhdr, 14); - // 802,1X Authentication - // { - response[14] = 0x1; // 802.1X Version 1 - response[15] = 0x0; // Type=0 (EAP Packet) - //response[16~17]留空 // Length +// 802,1X Authentication +// { + response[14] = 0x1; // 802.1X Version 1 + response[15] = 0x0; // Type=0 (EAP Packet) + //response[16~17]留空 // Length // Extensible Authentication Protocol // { - response[18] = (EAP_Code)RESPONSE; // Code - response[19] = request[19]; // ID - //response[20~21]留空 // Length - response[22] = (EAP_Type)AVAILABLE; // Type - // Type-Data - // { - i = 23; - response[i++] = 0x00; // 上报是否使用代理 - response[i++] = 0x15; // 上传IP地址 - response[i++] = 0x04; // - memcpy(response + i, ip, 4); // - i += 4; // - response[i++] = 0x06; // 携带版本号 - response[i++] = 0x07; // - FillBase64Area((char *)response + i); // - i += 28; // - response[i++] = ' '; // 两个空格符 - response[i++] = ' '; // - usernamelen = strlen(username); - memcpy(response + i, username, usernamelen); // - i += usernamelen; // - // } - // } + response[18] = (EAP_Code) RESPONSE; // Code + response[19] = request[19]; // ID + //response[20~21]留空 // Length + response[22] = (EAP_Type) AVAILABLE; // Type + // Type-Data + // { + i = 23; + response[i++] = 0x00;// 上报是否使用代理 + response[i++] = 0x15; // 上传IP地址 + response[i++] = 0x04; // + memcpy(response+i, ip, 4);// + i += 4; // + response[i++] = 0x06; // 携带版本号 + response[i++] = 0x07; // + FillBase64Area((char*)response+i);// + i += 28; // + response[i++] = ' '; // 两个空格符 + response[i++] = ' '; // + usernamelen = strlen(username); + memcpy(response+i, username, usernamelen);// + i += usernamelen; // + // } // } +// } - // 补填前面留空的两处Length - eaplen = htons(i - 18); - memcpy(response + 16, &eaplen, sizeof(eaplen)); - memcpy(response + 20, &eaplen, sizeof(eaplen)); +// 补填前面留空的两处Length +eaplen = htons(i-18); +memcpy(response+16, &eaplen, sizeof(eaplen)); +memcpy(response+20, &eaplen, sizeof(eaplen)); - // 发送 - pcap_sendpacket(handle, response, i); +// 发送 +pcap_sendpacket(handle, response, i); } -static void SendResponseIdentity(pcap_t *adhandle, const uint8_t request[], const uint8_t ethhdr[], const uint8_t ip[4], const char username[]) + +static +void SendResponseIdentity(pcap_t *adhandle, const uint8_t request[], const uint8_t ethhdr[], const uint8_t ip[4], const char username[]) { - uint8_t response[256]; - size_t i; - uint16_t eaplen; - int usernamelen; +uint8_t response[256]; +size_t i; +uint16_t eaplen; +int usernamelen; - assert((EAP_Code)request[18] == REQUEST); - assert((EAP_Type)request[22] == IDENTITY || (EAP_Type)request[22] == AVAILABLE); // 兼容中南财经政法大学情况 +assert((EAP_Code)request[18] == REQUEST); +assert((EAP_Type)request[22] == IDENTITY + ||(EAP_Type)request[22] == AVAILABLE); // 兼容中南财经政法大学情况 - // Fill Ethernet header - memcpy(response, ethhdr, 14); +// Fill Ethernet header +memcpy(response, ethhdr, 14); - // 802,1X Authentication - // { - response[14] = 0x1; // 802.1X Version 1 - response[15] = 0x0; // Type=0 (EAP Packet) - //response[16~17]留空 // Length +// 802,1X Authentication +// { + response[14] = 0x1; // 802.1X Version 1 + response[15] = 0x0; // Type=0 (EAP Packet) + //response[16~17]留空 // Length // Extensible Authentication Protocol // { - response[18] = (EAP_Code)RESPONSE; // Code - response[19] = request[19]; // ID - //response[20~21]留空 // Length - response[22] = (EAP_Type)IDENTITY; // Type - response[23] = 0x16; - response[24] = 0x20; - memcpy(response + 25, AES_MD5data, 32); - // Type-Data - // { - i = 57; - response[i++] = 0x15; // 上传IP地址 - response[i++] = 0x04; // - memcpy(response + i, ip, 4); // - i += 4; // - response[i++] = 0x06; // 携带版本号 - response[i++] = 0x07; // - FillBase64Area((char *)response + i); // - i += 28; // - response[i++] = ' '; // 两个空格符 - response[i++] = ' '; // - usernamelen = strlen(username); //末尾添加用户名 - memcpy(response + i, username, usernamelen); - i += usernamelen; - assert(i <= sizeof(response)); - // } - // } + response[18] = (EAP_Code) RESPONSE; // Code + response[19] = request[19]; // ID + //response[20~21]留空 // Length + response[22] = (EAP_Type) IDENTITY; // Type + response[23] = 0x16; + response[24] = 0x20; + memcpy(response + 25, AES_MD5data, 32); + // Type-Data + // { + i = 57; + response[i++] = 0x15; // 上传IP地址 + response[i++] = 0x04; // + memcpy(response+i, ip, 4);// + i += 4; // + response[i++] = 0x06; // 携带版本号 + response[i++] = 0x07; // + FillBase64Area((char*)response+i);// + i += 28; // + response[i++] = ' '; // 两个空格符 + response[i++] = ' '; // + usernamelen = strlen(username); //末尾添加用户名 + memcpy(response+i, username, usernamelen); + i += usernamelen; + assert(i <= sizeof(response)); + // } // } +// } - // 补填前面留空的两处Length - eaplen = htons(i - 18); - memcpy(response + 16, &eaplen, sizeof(eaplen)); - memcpy(response + 20, &eaplen, sizeof(eaplen)); +// 补填前面留空的两处Length +eaplen = htons(i-18); +memcpy(response+16, &eaplen, sizeof(eaplen)); +memcpy(response+20, &eaplen, sizeof(eaplen)); - // 发送 - pcap_sendpacket(adhandle, response, i); - return; +// 发送 +pcap_sendpacket(adhandle, response, i); +return; } void SendFirstResponseIdentity(pcap_t *adhandle, const uint8_t request[], const uint8_t ethhdr[], const uint8_t ip[4], const char username[]) { - uint8_t response[128]; - size_t i; - uint16_t eaplen; - int usernamelen; +uint8_t response[128]; +size_t i; +uint16_t eaplen; +int usernamelen; - assert((EAP_Code)request[18] == REQUEST); - assert((EAP_Type)request[22] == IDENTITY || (EAP_Type)request[22] == AVAILABLE); // 兼容中南财经政法大学情况 +assert((EAP_Code)request[18] == REQUEST); +assert((EAP_Type)request[22] == IDENTITY + ||(EAP_Type)request[22] == AVAILABLE); // 兼容中南财经政法大学情况 - // Fill Ethernet header - memcpy(response, ethhdr, 14); +// Fill Ethernet header +memcpy(response, ethhdr, 14); - // 802,1X Authentication - // { - response[14] = 0x1; // 802.1X Version 1 - response[15] = 0x0; // Type=0 (EAP Packet) - //response[16~17]留空 // Length +// 802,1X Authentication +// { + response[14] = 0x1; // 802.1X Version 1 + response[15] = 0x0; // Type=0 (EAP Packet) + //response[16~17]留空 // Length // Extensible Authentication Protocol // { - response[18] = (EAP_Code)RESPONSE; // Code - response[19] = request[19]; // ID - //response[20~21]留空 // Length - response[22] = (EAP_Type)IDENTITY; // Type - // Type-Data - // { - i = 23; - //response[i++] = 0x15; // 上传IP地址 - //response[i++] = 0x04; // - //memcpy(response+i, ip, 4);// - //i += 4; // - response[i++] = 0x06; // 携带版本号 - response[i++] = 0x07; // - FillBase64Area((char *)response + i); // - i += 28; // - response[i++] = ' '; // 两个空格符 - response[i++] = ' '; // - usernamelen = strlen(username); //末尾添加用户名 - memcpy(response + i, username, usernamelen); - i += usernamelen; - assert(i <= sizeof(response)); - // } - // } + response[18] = (EAP_Code) RESPONSE; // Code + response[19] = request[19]; // ID + //response[20~21]留空 // Length + response[22] = (EAP_Type) IDENTITY; // Type + // Type-Data + // { + i = 23; + //response[i++] = 0x15; // 上传IP地址 + //response[i++] = 0x04; // + //memcpy(response+i, ip, 4);// + //i += 4; // + response[i++] = 0x06; // 携带版本号 + response[i++] = 0x07; // + FillBase64Area((char*)response+i);// + i += 28; // + response[i++] = ' '; // 两个空格符 + response[i++] = ' '; // + usernamelen = strlen(username); //末尾添加用户名 + memcpy(response+i, username, usernamelen); + i += usernamelen; + assert(i <= sizeof(response)); + // } // } +// } - // 补填前面留空的两处Length - eaplen = htons(i - 18); - memcpy(response + 16, &eaplen, sizeof(eaplen)); - memcpy(response + 20, &eaplen, sizeof(eaplen)); +// 补填前面留空的两处Length +eaplen = htons(i-18); +memcpy(response+16, &eaplen, sizeof(eaplen)); +memcpy(response+20, &eaplen, sizeof(eaplen)); - // 发送 - pcap_sendpacket(adhandle, response, i); - return; +// 发送 +pcap_sendpacket(adhandle, response, i); +return; } -static void SendResponseMD5(pcap_t *handle, const uint8_t request[], const uint8_t ethhdr[], const char username[], const char passwd[]) + +static +void SendResponseMD5(pcap_t *handle, const uint8_t request[], const uint8_t ethhdr[], const char username[], const char passwd[]) { - uint16_t eaplen; - size_t usernamelen; - size_t packetlen; - uint8_t response[128]; +uint16_t eaplen; +size_t usernamelen; +size_t packetlen; +uint8_t response[128]; - assert((EAP_Code)request[18] == REQUEST); - assert((EAP_Type)request[22] == MD5); +assert((EAP_Code)request[18] == REQUEST); +assert((EAP_Type)request[22] == MD5); - usernamelen = strlen(username); - eaplen = htons(22 + usernamelen); - packetlen = 14 + 4 + 22 + usernamelen; // ethhdr+EAPOL+EAP+usernamelen +usernamelen = strlen(username); +eaplen = htons(22+usernamelen); +packetlen = 14+4+22+usernamelen; // ethhdr+EAPOL+EAP+usernamelen - // Fill Ethernet header - memcpy(response, ethhdr, 14); +// Fill Ethernet header +memcpy(response, ethhdr, 14); - // 802,1X Authentication - // { - response[14] = 0x1; // 802.1X Version 1 - response[15] = 0x0; // Type=0 (EAP Packet) - memcpy(response + 16, &eaplen, sizeof(eaplen)); // Length +// 802,1X Authentication +// { + response[14] = 0x1; // 802.1X Version 1 + response[15] = 0x0; // Type=0 (EAP Packet) + memcpy(response+16, &eaplen, sizeof(eaplen)); // Length // Extensible Authentication Protocol // { - response[18] = (EAP_Code)RESPONSE; // Code - response[19] = request[19]; // ID - response[20] = response[16]; // Length - response[21] = response[17]; // - response[22] = (EAP_Type)MD5; // Type - response[23] = 16; // Value-Size: 16 Bytes - FillMD5Area(response + 24, request[19], passwd, request + 24); - memcpy(response + 40, username, usernamelen); - // } + response[18] = (EAP_Code) RESPONSE;// Code + response[19] = request[19]; // ID + response[20] = response[16]; // Length + response[21] = response[17]; // + response[22] = (EAP_Type) MD5; // Type + response[23] = 16; // Value-Size: 16 Bytes + FillMD5Area(response+24, request[19], passwd, request+24); + memcpy(response+40, username, usernamelen); // } +// } - pcap_sendpacket(handle, response, packetlen); +pcap_sendpacket(handle, response, packetlen); } -static void SendResponsePassword(pcap_t *handle, const uint8_t request[], const uint8_t ethhdr[], const char username[], const char passwd[]) //SendResponsePassword(adhandle, captured, ethhdr, UserName, Password); + +static +void SendLogoffPkt(pcap_t *handle, const uint8_t localmac[]) { - uint16_t eaplen; - size_t usernamelen; - size_t passwordlen; - size_t packetlen; - uint8_t response[128]; +uint8_t packet[18]; - assert((EAP_Code)request[18] == REQUEST); - assert((EAP_Type)request[22] == ALLOCATED); +// Ethernet Header (14 Bytes) +memcpy(packet, MultcastAddr, 6); +memcpy(packet+6, localmac, 6); +packet[12] = 0x88; +packet[13] = 0x8e; - usernamelen = strlen(username); - passwordlen = strlen(passwd); - eaplen = htons(6 + usernamelen + passwordlen); - packetlen = 24 + usernamelen + passwordlen; //14+4+22+usernamelen; // ethhdr+EAPOL+EAP+usernamelen +// EAPOL (4 Bytes) +packet[14] = 0x01; // Version=1 +packet[15] = 0x02; // Type=Logoff +packet[16] = packet[17] =0x00;// Length=0x0000 - // Fill Ethernet header - memcpy(response, ethhdr, 14); - - // 802.1X Authentication - // { - response[14] = 0x1; // 802.1X Version 1 - response[15] = 0x0; // Type=0 (EAP Packet) - memcpy(response + 16, &eaplen, sizeof(eaplen)); // Length - - // Extensible Authentication Protocol - // { - response[18] = (EAP_Code)RESPONSE; // Code - response[19] = request[19]; // ID - response[20] = response[16]; // Length - response[21] = response[17]; // - response[22] = (EAP_Type)ALLOCATED; // Type - response[23] = passwordlen; // Value-Size: 16 Bytes - memcpy(response + 24, passwd, passwordlen); - memcpy(response + 24 + passwordlen + 1, username, usernamelen); //????? - // } - - pcap_sendpacket(handle, response, packetlen); +// 发包 +pcap_sendpacket(handle, packet, sizeof(packet)); } -static void SendLogoffPkt(pcap_t *handle, const uint8_t localmac[]) -{ - uint8_t packet[18]; - - // Ethernet Header (14 Bytes) - memcpy(packet, MultcastAddr, 6); - memcpy(packet + 6, localmac, 6); - packet[12] = 0x88; - packet[13] = 0x8e; - - // EAPOL (4 Bytes) - packet[14] = 0x01; // Version=1 - packet[15] = 0x02; // Type=Logoff - packet[16] = packet[17] = 0x00; // Length=0x0000 - - // 发包 - pcap_sendpacket(handle, packet, sizeof(packet)); -} // 函数: XOR(data[], datalen, key[], keylen) // // 使用密钥key[]对数据data[]进行异或加密 //(注:该函数也可反向用于解密) -static void XOR(uint8_t data[], unsigned dlen, const char key[], unsigned klen) +static +void XOR(uint8_t data[], unsigned dlen, const char key[], unsigned klen) { - unsigned int i, j; +unsigned int i,j; - // 先按正序处理一遍 - for (i = 0; i < dlen; i++) - data[i] ^= key[i % klen]; - // 再按倒序处理第二遍 - for (i = dlen - 1, j = 0; j < dlen; i--, j++) - data[i] ^= key[j % klen]; +// 先按正序处理一遍 +for (i=0; i> 2]; - area[j++] = Tbl[((c1 & 0x03) << 4) | ((c2 & 0xf0) >> 4)]; - area[j++] = Tbl[((c2 & 0x0f) << 2) | ((c3 & 0xc0) >> 6)]; - area[j++] = Tbl[c3 & 0x3f]; - } +// 然后按照Base64编码法将前面生成的20字节数据转换为28字节ASCII字符 +i = 0; +j = 0; +while (j < 24) +{ c1 = version[i++]; c2 = version[i++]; - area[24] = Tbl[(c1 & 0xfc) >> 2]; - area[25] = Tbl[((c1 & 0x03) << 4) | ((c2 & 0xf0) >> 4)]; - area[26] = Tbl[((c2 & 0x0f) << 2)]; - area[27] = '='; + c3 = version[i++]; + area[j++] = Tbl[ (c1&0xfc)>>2 ]; + area[j++] = Tbl[((c1&0x03)<<4)|((c2&0xf0)>>4) ]; + area[j++] = Tbl[ ((c2&0x0f)<<2)|((c3&0xc0)>>6)]; + area[j++] = Tbl[ c3&0x3f ]; +} +c1 = version[i++]; +c2 = version[i++]; +area[24] = Tbl[ (c1&0xfc)>>2 ]; +area[25] = Tbl[((c1&0x03)<<4)|((c2&0xf0)>>4)]; +area[26] = Tbl[ ((c2&0x0f)<<2)]; +area[27] = '='; } diff --git a/package/jsda/njitclient/src/configure.ac b/package/jsda/njitclient/src/configure.ac old mode 100755 new mode 100644 diff --git a/package/jsda/njitclient/src/main.c b/package/jsda/njitclient/src/main.c index b12ec566a1..ec55054817 100644 --- a/package/jsda/njitclient/src/main.c +++ b/package/jsda/njitclient/src/main.c @@ -5,13 +5,12 @@ #include #include -#include #include /* 子函数声明 */ -int Authentication(const char *UserName, const char *Password, const char *DeviceName, const char *Version, const char *Key); -void convert(char *dest, char const *src); +int Authentication(const char *UserName, const char *Password, const char *DeviceName); + /** * 函数:main() @@ -28,8 +27,6 @@ int main(int argc, char *argv[]) char *UserName; char *Password; char *DeviceName; - char *Version; - char *Key; /* 检查当前是否具有root权限 */ if (getuid() != 0) { @@ -40,56 +37,25 @@ int main(int argc, char *argv[]) } /* 检查命令行参数格式 */ - if (argc<3 || argc>6) { + if (argc<3 || argc>4) { fprintf(stderr, "命令行参数错误!\n"); fprintf(stderr, "正确的调用格式例子如下:\n"); fprintf(stderr, " %s username password\n", argv[0]); fprintf(stderr, " %s username password eth0\n", argv[0]); - fprintf(stderr, " %s username password eth0 version key\n", argv[0]); - fprintf(stderr, "(注:若不指明网卡,默认情况下将使用eth0.2)\n"); + fprintf(stderr, " %s username password eth1\n", argv[0]); + fprintf(stderr, "(注:若不指明网卡,默认情况下将使用eth0)\n"); exit(-1); + } else if (argc == 4) { + DeviceName = argv[3]; // 允许从命令行指定设备名 } else { - if (argc > 3) { - DeviceName = argv[3]; // 允许从命令行指定设备名 - } else { - DeviceName = "eth0.2"; // 缺省情况下使用的设备 - } - if (argc > 5) { - Version = (char *)malloc(32 * sizeof(char)); - convert(Version, argv[4]); - Key = argv[5]; - } else { - Version = "CH\x11V7.10-0313"; - Key = "Oly5D62FaE94W7"; - } + DeviceName = "eth0"; // 缺省情况下使用的设备 } UserName = argv[1]; Password = argv[2]; /* 调用子函数完成802.1X认证 */ - Authentication(UserName, Password, DeviceName, Version, Key); + Authentication(UserName, Password, DeviceName); return (0); } - -void convert(char *dest, char const *src) -{ - int i = 0, j = 0; - int len = strlen(src); - while (i < len) { - if (src[i] == '\\' && i+3 < len && src[i+1] == 'x') { - char s[3]; - s[0] = src[i+2]; - s[1] = src[i+3]; - s[2] = 0; - char c; - sscanf(s, "%x", &c); - dest[j++] = c; - i += 4; - } else { - dest[j++] = src[i++]; - } - } - dest[j] = 0; -} \ No newline at end of file diff --git a/package/jsda/njitclient/src/md5-buildin/Makefile.am b/package/jsda/njitclient/src/md5-buildin/Makefile.am old mode 100755 new mode 100644 diff --git a/package/jsda/njitclient/src/md5-buildin/configure.ac b/package/jsda/njitclient/src/md5-buildin/configure.ac old mode 100755 new mode 100644 diff --git a/package/jsda/njitclient/src/md5-buildin/md5_dgst.c b/package/jsda/njitclient/src/md5-buildin/md5_dgst.c index 376fe79469..6efccd37a1 100644 --- a/package/jsda/njitclient/src/md5-buildin/md5_dgst.c +++ b/package/jsda/njitclient/src/md5-buildin/md5_dgst.c @@ -415,7 +415,7 @@ void HASH_BLOCK_DATA_ORDER (MD5_CTX *c, const void *p, size_t num) a=ROTATE(a,s); \ a+=b; }; -const char MD5_version[]="MD5" OPENSSL_VERSION_PTEXT; +const char MD5_version[]="MD5"; /* Implemented from RFC1321 The MD5 Message-Digest Algorithm */ diff --git a/package/jsda/njitclient/src/tests/ifchk.mk b/package/jsda/njitclient/src/tests/ifchk.mk old mode 100755 new mode 100644 diff --git a/package/jsda/njitclient/src/tests/md5test.mk b/package/jsda/njitclient/src/tests/md5test.mk old mode 100755 new mode 100644 diff --git a/package/jsda/njitclient/说明.txt b/package/jsda/njitclient/说明.txt deleted file mode 100644 index b8318b2b8c..0000000000 --- a/package/jsda/njitclient/说明.txt +++ /dev/null @@ -1 +0,0 @@ -ֱӽĿ¼ŵopenwrt\packageĿ¼мmake menuconfigеNetworkĿҵnjit8021xclient \ No newline at end of file