Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

在 4 状态已停留达到 4 次,退出认证 #79

Open
peach-water opened this issue Sep 4, 2023 · 3 comments
Open

在 4 状态已停留达到 4 次,退出认证 #79

peach-water opened this issue Sep 4, 2023 · 3 comments

Comments

@peach-water
Copy link

本项目还有没有更新?

想询问作者,认证卡在状态 4 是指代哪一步?

看了实现代码表示找不到状态更新的实现代码在哪。

问题出现在认证成功,拿到 IPv4 和 IPv6 以后后台日志出现:

在 4 状态已经停留了 4 次,达到指定次数,正在退出……

校园提供官方认证工具版本是 v4.97 。
后面会考虑抓包跟进这部分认证功能。
@updateing
Copy link
Owner

这类项目都不太容易持续更新下去,因为作者早晚会毕业,失去调试环境。即便收到功能性 PR,也因为无法验证而难以合并。

状态转换在 eap_state_machine.* 里面,主要思路是遵照 802.1x 的标准流程构造包,允许 packet plugin 修改已构造的包。

@peach-water
Copy link
Author

感谢您的回复。

希望项目的代码能多写点注释,帮助分析整体结构,也可以更好的传给后面的学生。

@Undefined443
Copy link

Undefined443 commented Oct 26, 2024
edited
Loading

本项目还有没有更新?

想询问作者,认证卡在状态 4 是指代哪一步?

看了实现代码表示找不到状态更新的实现代码在哪。

问题出现在认证成功,拿到 IPv4 和 IPv6 以后后台日志出现:

在 4 状态已经停留了 4 次,达到指定次数,正在退出……

校园提供官方认证工具版本是 v4.97 。 后面会考虑抓包跟进这部分认证功能。

  1. 状态 4 是回应用户名请求的阶段(EAP_STATE_IDENTITY_SENT = 4):

minieap/include/eap_state_machine.h

Lines 58 to 69 in 983fd4a

typedef enum _eap_state {
EAP_STATE_UNKNOWN = -1,
EAP_STATE_PREPARING = 0,
EAP_STATE_WAITING_FOR_CLIENT_START = 1,
EAP_STATE_START_SENT = 2,
EAP_STATE_WAITING_FOR_CLIENT_IDENTITY = 3,
EAP_STATE_IDENTITY_SENT = 4,
EAP_STATE_WAITING_FOR_CLILENT_CHALLENGE = 5,
EAP_STATE_CHALLENGE_SENT = 6,
EAP_STATE_SUCCESS = 7,
EAP_STATE_FAILURE = 8
} EAP_STATE;

  1. 程序通过 eap_state_machine_recv_handler 函数处理接收到的数据帧并进行状态转换:

minieap/eap_state_machine.c

Lines 233 to 269 in 983fd4a

void eap_state_machine_recv_handler(ETH_EAP_FRAME* frame) {
/* Keep a copy of the frame, since if_impl may not hold it */
if (PRIV->last_recv_frame != NULL) {
free_frame(&PRIV->last_recv_frame);
}
PRIV->last_recv_frame = frame_duplicate(frame);
packet_plugin_on_frame_received(PRIV->last_recv_frame);
EAPOL_TYPE _eapol_type = frame->header->eapol_hdr.type[0];
if (_eapol_type == EAP_PACKET) {
/* We don't want to handle other types here */
EAP_TYPE _eap_type = frame->header->eap_hdr.type[0];
EAP_CODE _eap_code = frame->header->eap_hdr.code[0];
switch (_eap_code) {
case EAP_REQUEST:
/*
* Store server's MAC addr, do not use broadcast after.
*/
memmove(PRIV->server_mac, frame->header->eth_hdr.src_mac, 6);
if (_eap_type == IDENTITY) {
switch_to_state(EAP_STATE_IDENTITY_SENT, frame);
} else if (_eap_type == MD5_CHALLENGE) {
switch_to_state(EAP_STATE_CHALLENGE_SENT, frame);
}
break;
case EAP_SUCCESS:
switch_to_state(EAP_STATE_SUCCESS, frame);
break;
case EAP_FAILURE:
switch_to_state(EAP_STATE_FAILURE, frame);
break;
default:
break;
}
}
}

  1. 可以将检查是否连续停留在同一状态的代码(L346-L361)删掉以避免因同一状态停留太久而退出程序:

minieap/eap_state_machine.c

Lines 346 to 361 in 983fd4a

if (PRIV->state == state) {
PROG_CONFIG* _cfg = get_program_config();
PRIV->state_last_count++;
if (PRIV->state_last_count == _cfg->max_retries) {
PR_ERR("在 %d 状态已经停留了 %d 次,达到指定次数,正在退出……", PRIV->state, _cfg->max_retries);
exit(EXIT_FAILURE);
}
} else {
/*
* Reset watchdog before calling trans func
* in case we need to cancel it there.
* e.g. after success
*/
PRIV->state_last_count = 0;
reset_state_watchdog();
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@updateing @peach-water @Undefined443