在锐捷802.1x网络中使用xsupplicant的补丁进行认证源代码和教程［原创］ - 第8页

**gnap** · 06-05-25, 10:19

引用:

作者: imsaint

[STATE] ........

出现这个日志说明你的安装是成功了的。问题出在认证的最后一步。可能是新的版本检查更加严格造成的，你能否在Windows下用windump截一些包贴上来供分析一下？

**imsaint** · 06-05-26, 09:29

Dump of file C:\Program Files\锐捷网络\Ruijie Supplicant\RuijieSupplicant.exe

File Header
Machine: 014C<i386>
Number of Sections: 0004
TimeDateStamp: 422EC5E4
PointerToSymbolTable: 00000000
NumberOfSymbols: 00000000
SizeOfOptionalHeader: 00E0
Characteristics: 010F
RELOCS_STRIPPED
EXECUTABLE_IMAGE
LINE_NUMS_STRIPPED
LOCAL_SYMS_STRIPPED
32BIT_MACHINE

Optional Header
Magic 010B
linker versio 6.00
size of code 2000
size of initialized data 3000
size of uninitialized data 0
entrypoint RVA 1D00
base of code 1000
base of data 3000
image base 400000
section align 1000
file align 1000
required OS version 4.00
image version 0.00
subsystem version 4.00
size of image 6000
size of headers 1000
checksum 0
Subsystem 0002<Windows GUI>
stack reserve size 100000
stack commit size 1000
heap reserve size 100000
heap commit size 1000
RVAs & sizes 10

Data Directory
EXPORT rva: 00000000 size: 00000000
IMPORT rva: 000033D8 size: 0000008C
RESOURCE rva: 00005000 size: 00000758
EXCEPTION rva: 00000000 size: 00000000
SECURITY rva: 00000000 size: 00000000
BASERELOC rva: 00000000 size: 00000000
DEBUG rva: 00000000 size: 00000000
COPYRIGHT rva: 00000000 size: 00000000
GLOBALPTR rva: 00000000 size: 00000000
TLS rva: 00000000 size: 00000000
LOAD_CONFIG rva: 00000000 size: 00000000
BOUND_IMPORT rva: 00000000 size: 00000000
IAT rva: 00003000 size: 00000198
unused rva: 00000000 size: 00000000
unused rva: 00000000 size: 00000000
unused rva: 00000000 size: 00000000

Section Table
01 .text VirtSize: 00001055 VirtAddr: 00001000
raw data offs: 00001000 raw data size: 00002000
relocation offs: 00000000 relocations: 00000000
line # offs: 00000000 line #`s: 00000000
characteristics: 60000020
CODE MEM_EXECUTE MEM_READ

02 .rdat VirtSize: 00000870 VirtAddr: 00003000
raw data offs: 00003000 raw data size: 00001000
relocation offs: 00000000 relocations: 00000000
line # offs: 00000000 line #`s: 00000000
characteristics: 40000040
INITIALIZED_DATA MEM_READ

03 .data VirtSize: 0000025C VirtAddr: 00004000
raw data offs: 00004000 raw data size: 00001000
relocation offs: 00000000 relocations: 00000000
line # offs: 00000000 line #`s: 00000000
characteristics: C0000040
INITIALIZED_DATA MEM_READ MEM_WRITE

04 .rsrc VirtSize: 00000758 VirtAddr: 00005000
raw data offs: 00005000 raw data size: 00001000
relocation offs: 00000000 relocations: 00000000
line # offs: 00000000 line #`s: 00000000
characteristics: 40000040
INITIALIZED_DATA MEM_READ

Imports Table:
MFC42.DLL
Hint/Name Table: 00003494
TimeDateStamp: 00000000
ForwarderChain: 00000000
First thunk RVA: 00003030
Ordn Name
5300
5302
4079
4698
5307
5289
5714
2982
3147
3259
4465
3136
3262
2985
3081
2976
3830
3831
3825
3079
4080
4622
4424
3738
3346
0825
0815
0800
0858
0924
0540
2621
1134
0801
6143
0922
6883
0860
2818
0541
0535
0941
0823
2915
0940
0939
0537
2725
1576
2396
5199
1089
3922
5731
2512
2554
4486
6375
4274
0561
4673
1168
MSVCRT.dll
Hint/Name Table: 00003590
TimeDateStamp: 00000000
ForwarderChain: 00000000
First thunk RVA: 0000312C
Ordn Name
129 __set_app_type
202 _except_handler3
183 _controlfp
106 __p__commode
157 _adjust_fdiv
131 __setusermatherr
271 _initterm
88 __getmainargs
143 _acmdln
72 _XcptFilter
211 _exit
390 _onexit
85 __dllonexit
345 _mbscmp
73 __CxxFrameHandler
585 exit
426 _setmbcp
111 __p__fmode
KERNEL32.dll
Hint/Name Table: 00003464
TimeDateStamp: 00000000
ForwarderChain: 00000000
First thunk RVA: 00003000
Ordn Name
27 CloseHandle
282 GetLastError
63 CreateMutexA
40 CopyFileA
314 GetPrivateProfileStringA
308 GetPrivateProfileIntA
741 WritePrivateProfileStringA
292 GetModuleFileNameA
294 GetModuleHandleA
336 GetStartupInfoA
662 Sleep
USER32.dll
Hint/Name Table: 000035E4
TimeDateStamp: 00000000
ForwarderChain: 00000000
First thunk RVA: 00003180
Ordn Name
446 MessageBoxA
SHELL32.dll
Hint/Name Table: 000035DC
TimeDateStamp: 00000000
ForwarderChain: 00000000
First thunk RVA: 00003178
Ordn Name
114 ShellExecuteA
VERSION.dll
Hint/Name Table: 000035EC
TimeDateStamp: 00000000
ForwarderChain: 00000000
First thunk RVA: 00003188
Ordn Name
10 VerQueryValueA
1 GetFileVersionInfoSizeA
0 GetFileVersionInfoA

**imsaint** · 06-05-26, 09:39

Dump of file C:\Program Files\锐捷网络\Ruijie Supplicant\8021x.exe

File Header
Machine: 014C<i386>
Number of Sections: 0004
TimeDateStamp: 425F166A
PointerToSymbolTable: 00000000
NumberOfSymbols: 00000000
SizeOfOptionalHeader: 00E0
Characteristics: 010F
RELOCS_STRIPPED
EXECUTABLE_IMAGE
LINE_NUMS_STRIPPED
LOCAL_SYMS_STRIPPED
32BIT_MACHINE

Optional Header
Magic 010B
linker versio 6.00
size of code 20000
size of initialized data 13000
size of uninitialized data 0
entrypoint RVA 1E564
base of code 1000
base of data 21000
image base 400000
section align 1000
file align 1000
required OS version 4.00
image version 0.00
subsystem version 4.00
size of image 34000
size of headers 1000
checksum 0
Subsystem 0002<Windows GUI>
stack reserve size 100000
stack commit size 1000
heap reserve size 100000
heap commit size 1000
RVAs & sizes 10

Data Directory
EXPORT rva: 00000000 size: 00000000
IMPORT rva: 000267F8 size: 00000104
RESOURCE rva: 0002B000 size: 00008630
EXCEPTION rva: 00000000 size: 00000000
SECURITY rva: 00000000 size: 00000000
BASERELOC rva: 00000000 size: 00000000
DEBUG rva: 00000000 size: 00000000
COPYRIGHT rva: 00000000 size: 00000000
GLOBALPTR rva: 00000000 size: 00000000
TLS rva: 00000000 size: 00000000
LOAD_CONFIG rva: 00000000 size: 00000000
BOUND_IMPORT rva: 00000000 size: 00000000
IAT rva: 00021000 size: 000006C0
unused rva: 00000000 size: 00000000
unused rva: 00000000 size: 00000000
unused rva: 00000000 size: 00000000

Section Table
01 .text VirtSize: 0001FF12 VirtAddr: 00001000
raw data offs: 00001000 raw data size: 00020000
relocation offs: 00000000 relocations: 00000000
line # offs: 00000000 line #`s: 00000000
characteristics: 60000020
CODE MEM_EXECUTE MEM_READ

02 .rdat VirtSize: 00006C96 VirtAddr: 00021000
raw data offs: 00021000 raw data size: 00007000
relocation offs: 00000000 relocations: 00000000
line # offs: 00000000 line #`s: 00000000
characteristics: 40000040
INITIALIZED_DATA MEM_READ

03 .data VirtSize: 00002AE8 VirtAddr: 00028000
raw data offs: 00028000 raw data size: 00002000
relocation offs: 00000000 relocations: 00000000
line # offs: 00000000 line #`s: 00000000
characteristics: C0000040
INITIALIZED_DATA MEM_READ MEM_WRITE

04 .rsrc VirtSize: 00008630 VirtAddr: 0002B000
raw data offs: 0002A000 raw data size: 00009000
relocation offs: 00000000 relocations: 00000000
line # offs: 00000000 line #`s: 00000000
characteristics: 40000040
INITIALIZED_DATA MEM_READ

Imports Table:
W32N50.dll
Hint/Name Table: 00026F5C
TimeDateStamp: 00000000
ForwarderChain: 00000000
First thunk RVA: 00021660
Ordn Name
75 W32N_OpenAdapterA
70 W32N_IsWindows95
59 W32N_DisableLoopback
80 W32N_PacketSend
72 W32N_MakeNdisRequest
78 W32N_PacketRead
69 W32N_IsWindows2000
64 W32N_GetLastError
57 W32N_CancelPacketRead
71 W32N_IsWindowsNT
82 W32N_SetBPFProgram
58 W32N_CloseAdapter
66 W32N_GetNextAdapterRegistryInfo
63 W32N_GetFirstAdapterRegistryInfo
iphlpapi.dll
Hint/Name Table: 00026FB4
TimeDateStamp: 00000000
ForwarderChain: 00000000
First thunk RVA: 000216B8
Ordn Name
25 GetAdaptersInfo
MFC42.DLL
Hint/Name Table: 000269E0
TimeDateStamp: 00000000
ForwarderChain: 00000000
First thunk RVA: 000210E4
Ordn Name
1948
2396
3346
5300
5303
4079
4699
5307
5289
5715
4622
4424
3663
0565
0817
2841
2726
4226
0535
6140
0654
0800
0341
0540
2764
0860
2107
5450
5440
6383
6394
0858
0537
4129
5953
6199
2818
4277
2763
6283
0924
0922
0940
0939
0536
2575
4396
3574
6055
1776
5290
3402
3721
4220
2584
3654
0795
0609
1146
1168
0567
2438
2370
2302
1644
2642
6334
6215
0941
6270
2863
2455
2528
2379
2864
1134
0801
2086
6143
0541
2256
0533
0798
2135
0818
1949
4034
0926
2820
3811
0656
0616
5710
5683
3499
0823
0355
2915
1567
0268
1187
1907
5161
5162
5160
4905
4742
4976
4948
4358
4377
4854
5287
4835
0768
0489
4258
3092
2301
4224
6197
6380
4287
6379
3610
2411
2023
4218
2578
4398
3582
1175
1200
6883
1158
1105
4202
6282
4278
6662
3173
5922
3215
0389
5858
6930
4673
4274
6375
4486
2554
2512
5731
1576
1089
5199
5302
4698
5714
3738
0561
0815
2621
2725
2298
2363
2358
6028
2299
2688
3573
3626
2414
0755
0470
1641
1908
1690
5288
4439
2054
4431
0771
1008
0496
4259
4715
3698
0765
6453
3742
1233
4275
2860
2152
5875
5789
2380
3706
2859
4710
4234
0641
0825
0324
3597
4425
4627
4080
3079
3825
3831
3830
2976
3081
2985
3262
3136
4465
3259
3147
2982
5277
2124
2446
5261
1727
5065
3749
6376
2055
2648
4441
4837
3798
5280
4353
6374
5163
2385
5241
4407
1775
4078
6052
2514
4998
4853
4376
5265
2515
3922
MSVCRT.dll
Hint/Name Table: 00026E00
TimeDateStamp: 00000000
ForwarderChain: 00000000
First thunk RVA: 00021504
Ordn Name
85 __dllonexit
14 ??1type_info@@UAE@XZ
605 fread
614 fwrite
720 time
692 srand
657 malloc
390 _onexit
606 free
594 fgets
402 _purecall
351 _mbsicmp
678 rand
600 fprintf
588 fclose
599 fopen
573 atoi
65 _CxxThrowException
211 _exit
72 _XcptFilter
143 _acmdln
88 __getmainargs
271 _initterm
131 __setusermatherr
157 _adjust_fdiv
106 __p__commode
111 __p__fmode
129 __set_app_type
202 _except_handler3
634 isupper
183 _controlfp
308 _itoa
426 _setmbcp
73 __CxxFrameHandler
664 memmove
345 _mbscmp
8 ??0exception@@QAE@ABV0@@Z
585 exit
KERNEL32.dll
Hint/Name Table: 00026954
TimeDateStamp: 00000000
ForwarderChain: 00000000
First thunk RVA: 00021058
Ordn Name
365 GetTickCount
662 Sleep
773 lstrcpynA
718 WaitForSingleObject
27 CloseHandle
282 GetLastError
63 CreateMutexA
308 GetPrivateProfileIntA
613 SetEvent
345 GetSystemDirectoryA
52 CreateFileA
314 GetPrivateProfileStringA
741 WritePrivateProfileStringA
739 WritePrivateProfileSectionA
670 TerminateProcess
68 CreateProcessA
338 GetStdHandle
373 GetVersionExA
250 GetCurrentThreadId
381 GetWindowsDirectoryA
202 GetCommandLineA
723 WinExec
294 GetModuleHandleA
336 GetStartupInfoA
711 VirtualQueryEx
495 OpenProcess
248 GetCurrentProcessId
716 WaitForMultipleObjects
555 ResetEvent
292 GetModuleFileNameA
450 LoadLibraryA
49 CreateEventA
318 GetProcAddress
180 FreeLibrary
USER32.dll
Hint/Name Table: 00026EA8
TimeDateStamp: 00000000
ForwarderChain: 00000000
First thunk RVA: 000215AC
Ordn Name
169 DrawIcon
240 GetClientRect
326 GetSystemMetrics
396 IsIconic
170 DrawIconEx
323 GetSysColor
369 InflateRect
604 SetWindowRgn
515 ReleaseDC
253 GetDC
497 RedrawWindow
267 GetIconInfo
416 LoadImageA
208 EnumWindows
314 GetPropA
618 ShowWindow
14 BringWindowToTop
332 GetTopWindow
399 IsWindow
348 GetWindowRect
255 GetDesktopWindow
516 RemoveMenu
252 GetCursorPos
560 SetForegroundWindow
322 GetSubMenu
478 PostMessageA
378 InvalidateRect
342 GetWindowLongA
600 SetWindowLongA
532 SendMessageA
422 LoadMenuA
578 SetPropA
414 LoadIconA
476 PeekMessageA
594 SetTimer
405 KillTimer
446 MessageBoxA
481 PostThreadMessageA
183 EnableWindow
181 EnableMenuItem
GDI32.dll
Hint/Name Table: 0002692C
TimeDateStamp: 00000000
ForwarderChain: 00000000
First thunk RVA: 00021030
Ordn Name
30 CombineRgn
74 CreateRoundRectRgn
71 CreatePolygonRgn
72 CreateRectRgn
168 FillRgn
172 FrameRgn
83 DeleteObject
351 GetStockObject
77 CreateSolidBrush
ADVAPI32.dll
Hint/Name Table: 000268FC
TimeDateStamp: 00000000
ForwarderChain: 00000000
First thunk RVA: 00021000
Ordn Name
327 OpenServiceA
350 RegCreateKeyA
356 RegDeleteValueA
325 OpenSCManagerA
53 ControlService
390 RegSetValueExA
120 DeleteService
52 CloseServiceHandle
370 RegOpenKeyExA
379 RegQueryValueExA
347 RegCloseKey
SHELL32.dll
Hint/Name Table: 00026E9C
TimeDateStamp: 00000000
ForwarderChain: 00000000
First thunk RVA: 000215A0
Ordn Name
114 ShellExecuteA
121 Shell_NotifyIconA
WSOCK32.dll
Hint/Name Table: 00026F98
TimeDateStamp: 00000000
ForwarderChain: 00000000
First thunk RVA: 0002169C
Ordn Name
0116
0115
0057
0052
0014
0008
VERSION.dll
Hint/Name Table: 00026F4C
TimeDateStamp: 00000000
ForwarderChain: 00000000
First thunk RVA: 00021650
Ordn Name
0 GetFileVersionInfoA
10 VerQueryValueA
1 GetFileVersionInfoSizeA
MSVCP60.dll
Hint/Name Table: 00026DD4
TimeDateStamp: 00000000
ForwarderChain: 00000000
First thunk RVA: 000214D8
Ordn Name
193 ??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
76 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
198 ??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
1016 ?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
687 ??_7out_of_range@std@@6B@
233 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
287 ??1out_of_range@std@@UAE@XZ
197 ??0out_of_range@std@@QAE@ABV01@@Z
192 ??0logic_error@std@@QAE@ABV01@@Z
1056 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

**imsaint** · 06-05-26, 09:43

我不知道怎么用windump
我在网上找了着个 windump
把这两个程序看看就是这样了

**imsaint** · 06-05-26, 11:53

D:\soft\windump -i 2 host 172.16.79.1
windump: listening on \Device\NPF-{.................}
11:41:31.601729 arp who-has 172.16.79.52 tell 172.16.79.51
11:41:31.289993 arp who-has 172.16.79.52 tell 172.16.79.51
以后就重复了只是是在时间上不同了

**barry262** · 06-05-27, 12:12

[STATE] Reinit state machine
[INT] Clearing keys!
[INT] Initializing socket for interface eth0..
[INT] Allmulti mode is already enabled on this device!
[INT] WPA: Enabling WPA on interface eth0.
[INT] Interface eth0 is NOT wireless!
[INT] Interface initialized!
[INT] Interface eth0 is NOT wireless!
[CONFIG] Working from config file /etc/xsupplicant.conf.
No configuration information for network "(null)" found. Using default.
[INT] Opened socket descriptor #4
An error occured binding to socket. (Error : Address already in use)
!Couldn't initalize daemon socket!
[ALL] Shutting down IPC socket!
[INT] Closing socket descriptor #4
Error closing socket! (Error : Bad file descriptor)
[ALL] Doing statemachine cleanup!
[AUTH TYPE] There was no active method in eap_cleanup()!
[INT] Sending Logoff for int eth0!
[ALL] Cleaning up interface eth0...
[INT] Called event_core_cleanup()!
[INT] Called cardif_linux_rtnetlink_cleanup()!
AAAH! Trying to delete an undefined config type.
Notify developers. Type: 0x12
AAAH! Trying to delete an undefined config type.
Notify developers. Type: 0x17

**gnap** · 06-05-27, 12:29

引用:

作者: barry262

[STATE] Reinit state machine
[INT] Clearing keys!
[INT] Initializing socket for interface eth0..
[INT] Allmulti mode is already enabled on this device!
[INT] WPA: Enabling WPA on interface eth0.
[INT] Interface eth0 is NOT wireless!
[INT] Interface initialized!
[INT] Interface eth0 is NOT wireless!
[CONFIG] Working from config file /etc/xsupplicant.conf.
No configuration information for network "(null)" found. Using default.
[INT] Opened socket descriptor #4
An error occured binding to socket. (Error : Address already in use)
!Couldn't initalize daemon socket!
[ALL] Shutting down IPC socket!
[INT] Closing socket descriptor #4
Error closing socket! (Error : Bad file descriptor)
[ALL] Doing statemachine cleanup!
[AUTH TYPE] There was no active method in eap_cleanup()!
[INT] Sending Logoff for int eth0!
[ALL] Cleaning up interface eth0...
[INT] Called event_core_cleanup()!
[INT] Called cardif_linux_rtnetlink_cleanup()!
AAAH! Trying to delete an undefined config type.
Notify developers. Type: 0x12
AAAH! Trying to delete an undefined config type.
Notify developers. Type: 0x17

你的也是笔记本吧？在/etc/xsupplicant.conf里面找到一行：
#type = wireless
去掉注释改成：
type=wired
试试。

**imsaint** · 06-05-27, 12:37

楼主给我看看阿
帮一下忙啦？？？
我这个怎么解决阿

**gnap** · 06-05-27, 14:26

引用:

作者: imsaint

楼主给我看看阿
帮一下忙啦？？？
我这个怎么解决阿

windump的用法找找教程吧！可以百度到很多。

**a1234514** · 06-06-22, 09:30

Making all in src
make[1]: Entering directory `/root/xsupplicant-1.2.1/src'
gcc -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION=\"\" -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE=\"xsupplicant\" -DVERSION=\"1.2.1\" -DYYTEXT_POINTER=1 -DLILENDIAN=1 -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DNO_PWD_RESET=1 -DOPENSSL_NO_KRB5=1 -DLINUX=1 -DHAVE_LIBCRYPTO=1 -DHAVE_LIBSSL=1 -DLINUX_FRAMER=1 -I. -I. -g -O2 -Wall -c config.c
In file included from config.c:49:
eap_types/tls/eaptls.h:35: parse error before "ENGINE"
eap_types/tls/eaptls.h:35: warning: no semicolon at end of struct or union
eap_types/tls/eaptls.h:66: parse error before '}' token
make[1]: *** [config.o] Error 1
make[1]: Leaving directory `/root/xsupplicant-1.2.1/src'
make: *** [all-recursive] Error 1
楼主帮我看看吧,咱们一个学校的!我也是南区南苑的!红旗4.0桌面版中编译时出现这样错误是怎么回事?谢谢了!

**dongrui** · 06-07-12, 00:40

引用:

作者: gnap

用#/usr/local/sbin/xsupplicant -i eth0 -d A
然后把/var/log/xsupplicant.log帖上来吧！

另外，执行dhclient之前也请确认之前dhclient已经运行，dhclient只能运行一次。

感谢gnap的工作，使得锐捷的用户可以在linux下上网，但是锐捷2.5改了些东西，使得gnap的改进不能完成2.5的认证。我在gnap的xsupplicant-1.2.1-rj-20060411.patch补丁基础上小改后可以在FC5下完成对锐捷2.5的认证工作。但是不稳定，大概一个小时就断一会，不知道为什么，还请gnap指教。改动如下：

文件src/statemachine.c
649行
/*********************************************
*
* Build an EAPoL Start frame to be sent out to the network.
*
*********************************************/
int txStart(struct interface_data *thisint)
{
// unsigned char rg_start[] = {0x01, 0x00, 0x00, 0x05, 0x01, 0x01, 0x00, 0x05, 0x01, 0x00};

int eapolver;
struct config_network *network_data;

network_data = config_get_network_config();

///////////此函数仅仅增加下面一行///////
network_data->force_eapol_ver = 1;
///////////////////////////////////////

// If we are using WPA-PSK, don't send starts.
if (network_data->methods->method_num == WPA_PSK) return XENONE;

debug_printf(DEBUG_STATE, "Sending EAPOL-Start Frame.\n");

eapolver = network_data->force_eapol_ver;
// If we have not hard set the eapol version, then use the last
// version that the authenticator gave us. This isn't in line with
// the 802.1X-REV-2004-d11 standard, but many authenticators are checking
// version #s, and breaking when it isn't 1. :-/
if ((eapolver < 1) || (eapolver > MAX_EAPOL_VER))
{
eapolver = snmp_get_dot1xSuppLastEapolFrameVersion();

if (eapolver == 0)
{
eapolver = MAX_EAPOL_VER;
}
}

eapol_build_header(EAPOL_START, 0, network_data->force_eapol_ver,
thisint->sendframe);
thisint->send_size = OFFSET_TO_EAP;

append_rgtail(thisint);
snmp_dot1xSuppEapolStartFramesTx();

cardif_sendframe(thisint);

return XENONE;
}
文件的./src/eap.c
254行
/*************************************************
*
* Append Red Gaint tail to each response data,
* This fuction is not completely implemented,
* but it works in our colledge.Future inhancement
* should be made for compactability.
* by gnap.an
*
*************************************************/

void append_rgtail(struct interface_data *thisint)
{
/*uint8_t rgsig[] = {0xff, 0xff, 0x37, 0x77, 0x7f, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x80, 0xff, 0xfc, 0xea, 0x39, 0x80, 0xaf, 0xaf, 0xaf, 0xc0, 0xde, 0x8f, 0x00, 0x00, 0x13, 0x11, 0x38, 0x30, 0x32, 0x31, 0x78, 0x2e, 0x65, 0x78, 0x65, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x2c, 0x00};
#define RGSIGLEN 0x3e*/

/*
* 仅仅替换rgsig数组和RGSIGLEN宏
*/

uint8_t rgsig[]={0xff,0xff,0x37,0x77,0xff,0x23,0xfd,0xf9,0xc5,0x00,0x00,0x00,
0xff,0x23,0xfd,0xf9,0x80,0xac,0x4c,0xf4,0x9f,0x3c,0x39,0x00,0x00,0x13,0x11,0x38,
0x30,0x32,0x31,0x78,0x2e,0x65,0x78,0x65,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x02,
0x32,0x00,0x00,0x00,0x00,0x00,0x13,0x11,0x00,0x28,0x1a,0x28,0x00,0x00,0x13,0x11,
0x17,0x22};
#define RGSIGLEN 0x4e

memcpy(&thisint->sendframe[thisint->send_size], rgsig, RGSIGLEN);
thisint->send_size += RGSIGLEN;
}

**hifik** · 06-07-15, 02:21

研究下Windows下的认证程序下的客户端，原来是在标准802.1x的数据包后加入了以下数据：

/////////////////////////////////////////////////////////////////////////////////////

static byte RuijieExtra[144] = { //Ruijie OEM Extra by soar @ http://bbs.53ucity.com/
////////////////////////////////////////////////////////////////////////////
//
// OEM Extra
// 0 --> 22
0x00,0x00,0x13,0x11, // Encode( 0x00,0x00,0x13,0x11 ) Ruijie OEM Mark
0x01, // Encode( 0x01/00 )
0x00,0x00,0x00,0x00, // Encode( IP )
0x00,0x00,0x00,0x00, // Encode( SubNetMask )
0x00,0x00,0x00,0x00, // Encode( NetGate )
0x00,0x00,0x00,0x00, // Encode( DNS )
0x00,0x00, // Checksum( )
// 23 --> 58
0x00,0x00,0x13,0x11,0x38,0x30,0x32,0x31,0x78,0x2E,0x65,0x78,0x65,0x00,0x00,0x00, // ASCII 8021x.exe
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, //
0x00,0x00,0x00,0x00,
// 59 --> 77
0x02,0x32,0x00,0x00, // 8021x.exe File Version (2.5.00)
0x00, // unknow flag
0x00,0x00,0x13,0x11,0x00,0x28,0x1A,0x28,0x00,0x00,0x13,0x11,0x17,0x22, // Const strings
// 78 --> 118
0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F, // 32bits spc. Random strings
0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F, // 32bits spc. Random strings
0x00,0x00,0x13,0x11,0x18,0x06,0x00,0x00,0x00, // Const strings
// 119
0x00, // DHCP and first time flag

// V2.56 (and upper?) added
// 120 -->
//0x1A,0x0E,0x00,0x00,0x13,0x11,0x2D,0x08, // Const strings
// 128 --> 141
//0x00,0x00,0x00,0x00,0x00,0x00, // True NIC MAC
//0x1A,0x08,0x00,0x00,0x13,0x11,0x2F,0x02 // Const strings
};

/////////////////////////////////////////////////////////////////////////////////////

其中 32 为的随机数在发送用户名和密码时为客户端的验证 MD5 Hash ，关于这 32 位数字的生成方法如下(VC++ MFC)：

//
//
///////////////////////////////////////////////////////////////////
//
//

// Ruijie 8021x.exe 客户端验证及其完整性验证（版本 V2.45 /2.50 /2.56 ）
//
// 有些变态用了 8 次 MD5 算法检校 0x00401000h --> 0x00421000h 程序段
// （每段长0x4000h），每分段前加入了服务器返回的 MD5 串，最后得到的
// 8组 MD5 Hash 再和服务器返回的 MD5 串做运算生成 0x90h 的表 TableC
// 再作一次 MD5 运算。
//
//////////////////////////////////////////////////////////////////
//
// 严正声明：
// 本算法仅供学习和研究 8021x 认证客户端程序之用，
// 严禁他用，其他用途产生的后果本人一概不以负责！
//
// -- by soar @ 2006/07/01
// http://bbs.53ucity.com/
//////////////////////////////////////////////////////////////////
//
//

//产生特殊随机字符串
CString CMentoSupplicantDlg::Randstr(bool flag)
{
CString strFormat,strRandom;
int a,b,c,d,e;
unsigned t;

strFormat="%X%X%X%X%X%X9884773d9f46acafd7839eb38789088ac9534";
if (flag){strFormat="%X%X%X%X%X%X388498639f49ebaca773dfd78789088ac9534";}

t=time(NULL);
srand(t);
a=rand();
b=rand();
c=rand();
d=rand();
e=rand();

strRandom.Format(strFormat,a,b,c,d,e,t);
return strRandom;
}

//验证算法
void CMentoSupplicantDlg::Clog()
{
int i,j=0;
int nLength = 0; //number of bytes read from the file
int nBufferSize=0x4000; //checksum the file in blocks of bytes

CFileVersionInfo fvi;
CString strRJVersionInfo;

if (fvi.Create(strRJFileN)){
bool notfindflag=true;
strRJVersionInfo=fvi.GetFileVersion();
strRJVersionInfo.Replace(" ","");
if (strRJVersionInfo.Find("2,45,0,0")==0){
nBufferSize=0x3E00;
notfindflag=false;
//PrintOutput("V2,45,0,0");
}
if (strRJVersionInfo.Find("2,50,0,0")==0){
nBufferSize=0x4000;
notfindflag=false;
//PrintOutput("2,50,0,0");
}
if (strRJVersionInfo.Find("2,51,0,0")==0){
nBufferSize=0x4200;
notfindflag=false;
//PrintOutput("2,51,0,0");
}
if (strRJVersionInfo.Find("2,56,0,0")==0){
nBufferSize=0x4A00;
notfindflag=false;
//PrintOutput("2,56,0,0");
}
if (notfindflag){
PrintOutput(" ** 不支持的Ruijie客户端版本！。");
}
}

//

BYTE Buffer1[0x5000]; //buffer for data read from the file
BYTE Buffer2[0x5000]; //buffer for data to MD5 Checksum
BYTE md5rev[16]; //buffer for receive MD5 from the Server
BYTE *md5Dig1,*md5Dig2;
ULONGLONG lActual;

static byte TableC[0x90]={
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};

// Authentication Server MD5 Hash
for (i=0;i<16;i++)
md5rev[i]=bMD5Source[24+i];

// Tranform to TableC
TableC[0]=md5rev[0];
for (i=1;i<8;i++){
TableC[i*18-1]=md5rev[i*2-1];
TableC[i*18]=md5rev[i*2];}
TableC[143]=md5rev[15];

// Check 8021x.exe, Exist ?
if (CFile::GetStatus(strRJFileN,FileStatus)==FALSE){
//PrintOutput(" >> 无法找到“8021x.exe”！！！");
//PrintOutput(" 请复制到本程序目录下，");
//PrintOutput(" 否则无法生成Ruijie客户端信息。");

//return a 32 bits Random string
strMD5Hash=Randstr(false);

return;
}

// Open the 8021.exe for reading.
CFile File(strRJFileN, CFile::modeRead | CFile::shareDenyWrite | CFile::typeBinary);

try
{
//checksum the file in blocks of xxxx bytes
lActual=File.Seek (0x1000,CFile::begin);
while ((nLength = File.Read( Buffer1, nBufferSize )) > 0 && j<8)
{

for (i=0;i<16;i++){
Buffer2[i]=md5rev[i];}
for (i=0;i<nBufferSize;i++){
Buffer2[i+16]=Buffer1[i];}

//Return each block MD5 Hash
md5Dig1=ComputeHash(Buffer2,nBufferSize+16);

for (i=0;i<16;i++){
TableC[18*j+i+1]=md5Dig1[i];}
j++;

}//end of while

// PrintOutput( "MD5_1to8_Done!");
md5Check=ComputeHash(TableC,144);

//not the best work....
CString strTemp,strFormat;
strMD5Hash="";
for (i=0;i<16;i++){
if (md5Check[i]) {//if outside
if (md5Check[i]>0x0f){
strFormat="%x";}
else{
strFormat="0%x";}

strTemp.Format(strFormat,md5Check[i]);
strMD5Hash=strMD5Hash+strTemp;}
else{//if outside
strMD5Hash=strMD5Hash+"00";}//end of if outside

}//end of for
PrintOutput(" >> Ruijie “8021x.exe” 验证 MD5： ");
PrintOutput(" "+strMD5Hash);
return;
}//end of try

//catche Exception error for debug only
catch (CFileException* e )
{
#ifdef _DEBUG
afxDump << "File could not be opened " << e->m_cause << "\n";
#endif
throw e;
}//end of catch
}//end of fuction

//
//
/////////////////////////////////////////////////////////////////////////
//
//

Windows 下的客户端已经成功通过认证服务器的完整性检查和 Ruijie 发送的数据一致^_^

**gnap** · 06-07-30, 01:27

看来我的补丁起到了抛砖引玉的作用。
这样，由于我已经搬出学校住宿，没有了在学校的测试环境。
所以对这个补丁的维护工作可以说没办法进行了。
由于我在一楼的帖子你们不能编辑，几位作者能否另开新帖继续维护这个补丁，这样可以在LZ的位置上更新。我的教程和代码可以按GPL协议直接引用。这个帖子就让它沉下去吧！

首先感谢大家，以及mystar作者的努力。我的补丁相当于把mystar并到了xuspplicant上。

另外希望Linux的认证打在open1x实现的补丁上，Windows下希望大家能帮忙把xsupplicant在cygwin下编译测试。关于xsupplicant的代码架构，欢迎邮件讨论。

gnap.an[AT]gmail.com

总之，希望以后所有的Linux用户都可以一直在锐捷的网络环境下上网。

BTW：soar是Mento Supplicant的作者吧？踏破铁鞋无觅处哦，以前找的你的客户端都是老板本的。似乎百度和Google很难搜索到下载。你的最新代码我会交给我们校内的同学在我们校内测试。谢谢你的工作。

现在我们校内的版本是2.44,我的补丁在校内的用户不超过5个。如果将来我们学校版本升级的话，这几个人上网就要靠大家了。

**zuoning** · 06-10-23, 20:16

您好，我在http://www.linuxsir.org/bbs/showthre...��看到你的
在锐捷802.1x网络中使用xsupplicant的补丁进行认证的源代码和教程+FAQ
我用的是red-hat 9.2 但是老是到patch -p2 < xsupplicant-1.2.1-rj.patch
这里出错误，说是找不到，很是不理解。我知道你在这方面是高手，研究已经很深入了，麻烦你给指点一下，我在red-hat 9.2 怎么设置？
谢谢！

06-06-22, 09:30	第 115 帖
a1234514 注册会员注册日期: Jun 2006 帖子: 1 精华: 0	Making all in src make[1]: Entering directory `/root/xsupplicant-1.2.1/src' gcc -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION=\"\" -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE=\"xsupplicant\" -DVERSION=\"1.2.1\" -DYYTEXT_POINTER=1 -DLILENDIAN=1 -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DNO_PWD_RESET=1 -DOPENSSL_NO_KRB5=1 -DLINUX=1 -DHAVE_LIBCRYPTO=1 -DHAVE_LIBSSL=1 -DLINUX_FRAMER=1 -I. -I. -g -O2 -Wall -c config.c In file included from config.c:49: eap_types/tls/eaptls.h:35: parse error before "ENGINE" eap_types/tls/eaptls.h:35: warning: no semicolon at end of struct or union eap_types/tls/eaptls.h:66: parse error before '}' token make[1]: * [config.o] Error 1 make[1]: Leaving directory `/root/xsupplicant-1.2.1/src' make: * [all-recursive] Error 1 楼主帮我看看吧,咱们一个学校的!我也是南区南苑的!红旗4.0桌面版中编译时出现这样错误是怎么回事?谢谢了! 此帖于 06-06-22 09:34 被 a1234514 编辑.

06-07-30, 01:27	第 118 帖
gnap 注册会员注册日期: Sep 2004 我的住址: 黑龙江帖子: 637 精华: 1	看来我的补丁起到了抛砖引玉的作用。这样，由于我已经搬出学校住宿，没有了在学校的测试环境。所以对这个补丁的维护工作可以说没办法进行了。由于我在一楼的帖子你们不能编辑，几位作者能否另开新帖继续维护这个补丁，这样可以在LZ的位置上更新。我的教程和代码可以按GPL协议直接引用。这个帖子就让它沉下去吧！首先感谢大家，以及mystar作者的努力。我的补丁相当于把mystar并到了xuspplicant上。另外希望Linux的认证打在open1x实现的补丁上，Windows下希望大家能帮忙把xsupplicant在cygwin下编译测试。关于xsupplicant的代码架构，欢迎邮件讨论。 gnap.an[AT]gmail.com 总之，希望以后所有的Linux用户都可以一直在锐捷的网络环境下上网。 BTW：soar是Mento Supplicant的作者吧？踏破铁鞋无觅处哦，以前找的你的客户端都是老板本的。似乎百度和Google很难搜索到下载。你的最新代码我会交给我们校内的同学在我们校内测试。谢谢你的工作。现在我们校内的版本是2.44,我的补丁在校内的用户不超过5个。如果将来我们学校版本升级的话，这几个人上网就要靠大家了。此帖于 06-07-30 06:01 被 gnap 编辑.

欢迎来到LinuxSir.Org!
您还未登录，请登录后查看论坛，或者点击论坛上方的注册链接注册新账号。

06-05-26, 09:29	第 107 帖
imsaint 注册会员注册日期: May 2006 帖子: 21 精华: 0	Dump of file C:\Program Files\锐捷网络\Ruijie Supplicant\RuijieSupplicant.exe File Header Machine: 014C<i386> Number of Sections: 0004 TimeDateStamp: 422EC5E4 PointerToSymbolTable: 00000000 NumberOfSymbols: 00000000 SizeOfOptionalHeader: 00E0 Characteristics: 010F RELOCS_STRIPPED EXECUTABLE_IMAGE LINE_NUMS_STRIPPED LOCAL_SYMS_STRIPPED 32BIT_MACHINE Optional Header Magic 010B linker versio 6.00 size of code 2000 size of initialized data 3000 size of uninitialized data 0 entrypoint RVA 1D00 base of code 1000 base of data 3000 image base 400000 section align 1000 file align 1000 required OS version 4.00 image version 0.00 subsystem version 4.00 size of image 6000 size of headers 1000 checksum 0 Subsystem 0002<Windows GUI> stack reserve size 100000 stack commit size 1000 heap reserve size 100000 heap commit size 1000 RVAs & sizes 10 Data Directory EXPORT rva: 00000000 size: 00000000 IMPORT rva: 000033D8 size: 0000008C RESOURCE rva: 00005000 size: 00000758 EXCEPTION rva: 00000000 size: 00000000 SECURITY rva: 00000000 size: 00000000 BASERELOC rva: 00000000 size: 00000000 DEBUG rva: 00000000 size: 00000000 COPYRIGHT rva: 00000000 size: 00000000 GLOBALPTR rva: 00000000 size: 00000000 TLS rva: 00000000 size: 00000000 LOAD_CONFIG rva: 00000000 size: 00000000 BOUND_IMPORT rva: 00000000 size: 00000000 IAT rva: 00003000 size: 00000198 unused rva: 00000000 size: 00000000 unused rva: 00000000 size: 00000000 unused rva: 00000000 size: 00000000 Section Table 01 .text VirtSize: 00001055 VirtAddr: 00001000 raw data offs: 00001000 raw data size: 00002000 relocation offs: 00000000 relocations: 00000000 line # offs: 00000000 line #`s: 00000000 characteristics: 60000020 CODE MEM_EXECUTE MEM_READ 02 .rdat VirtSize: 00000870 VirtAddr: 00003000 raw data offs: 00003000 raw data size: 00001000 relocation offs: 00000000 relocations: 00000000 line # offs: 00000000 line #`s: 00000000 characteristics: 40000040 INITIALIZED_DATA MEM_READ 03 .data VirtSize: 0000025C VirtAddr: 00004000 raw data offs: 00004000 raw data size: 00001000 relocation offs: 00000000 relocations: 00000000 line # offs: 00000000 line #`s: 00000000 characteristics: C0000040 INITIALIZED_DATA MEM_READ MEM_WRITE 04 .rsrc VirtSize: 00000758 VirtAddr: 00005000 raw data offs: 00005000 raw data size: 00001000 relocation offs: 00000000 relocations: 00000000 line # offs: 00000000 line #`s: 00000000 characteristics: 40000040 INITIALIZED_DATA MEM_READ Imports Table: MFC42.DLL Hint/Name Table: 00003494 TimeDateStamp: 00000000 ForwarderChain: 00000000 First thunk RVA: 00003030 Ordn Name 5300 5302 4079 4698 5307 5289 5714 2982 3147 3259 4465 3136 3262 2985 3081 2976 3830 3831 3825 3079 4080 4622 4424 3738 3346 0825 0815 0800 0858 0924 0540 2621 1134 0801 6143 0922 6883 0860 2818 0541 0535 0941 0823 2915 0940 0939 0537 2725 1576 2396 5199 1089 3922 5731 2512 2554 4486 6375 4274 0561 4673 1168 MSVCRT.dll Hint/Name Table: 00003590 TimeDateStamp: 00000000 ForwarderChain: 00000000 First thunk RVA: 0000312C Ordn Name 129 __set_app_type 202 _except_handler3 183 _controlfp 106 __p__commode 157 _adjust_fdiv 131 __setusermatherr 271 _initterm 88 __getmainargs 143 _acmdln 72 _XcptFilter 211 _exit 390 _onexit 85 __dllonexit 345 _mbscmp 73 __CxxFrameHandler 585 exit 426 _setmbcp 111 __p__fmode KERNEL32.dll Hint/Name Table: 00003464 TimeDateStamp: 00000000 ForwarderChain: 00000000 First thunk RVA: 00003000 Ordn Name 27 CloseHandle 282 GetLastError 63 CreateMutexA 40 CopyFileA 314 GetPrivateProfileStringA 308 GetPrivateProfileIntA 741 WritePrivateProfileStringA 292 GetModuleFileNameA 294 GetModuleHandleA 336 GetStartupInfoA 662 Sleep USER32.dll Hint/Name Table: 000035E4 TimeDateStamp: 00000000 ForwarderChain: 00000000 First thunk RVA: 00003180 Ordn Name 446 MessageBoxA SHELL32.dll Hint/Name Table: 000035DC TimeDateStamp: 00000000 ForwarderChain: 00000000 First thunk RVA: 00003178 Ordn Name 114 ShellExecuteA VERSION.dll Hint/Name Table: 000035EC TimeDateStamp: 00000000 ForwarderChain: 00000000 First thunk RVA: 00003188 Ordn Name 10 VerQueryValueA 1 GetFileVersionInfoSizeA 0 GetFileVersionInfoA

06-05-26, 09:39	第 108 帖
imsaint 注册会员注册日期: May 2006 帖子: 21 精华: 0	Dump of file C:\Program Files\锐捷网络\Ruijie Supplicant\8021x.exe File Header Machine: 014C<i386> Number of Sections: 0004 TimeDateStamp: 425F166A PointerToSymbolTable: 00000000 NumberOfSymbols: 00000000 SizeOfOptionalHeader: 00E0 Characteristics: 010F RELOCS_STRIPPED EXECUTABLE_IMAGE LINE_NUMS_STRIPPED LOCAL_SYMS_STRIPPED 32BIT_MACHINE Optional Header Magic 010B linker versio 6.00 size of code 20000 size of initialized data 13000 size of uninitialized data 0 entrypoint RVA 1E564 base of code 1000 base of data 21000 image base 400000 section align 1000 file align 1000 required OS version 4.00 image version 0.00 subsystem version 4.00 size of image 34000 size of headers 1000 checksum 0 Subsystem 0002<Windows GUI> stack reserve size 100000 stack commit size 1000 heap reserve size 100000 heap commit size 1000 RVAs & sizes 10 Data Directory EXPORT rva: 00000000 size: 00000000 IMPORT rva: 000267F8 size: 00000104 RESOURCE rva: 0002B000 size: 00008630 EXCEPTION rva: 00000000 size: 00000000 SECURITY rva: 00000000 size: 00000000 BASERELOC rva: 00000000 size: 00000000 DEBUG rva: 00000000 size: 00000000 COPYRIGHT rva: 00000000 size: 00000000 GLOBALPTR rva: 00000000 size: 00000000 TLS rva: 00000000 size: 00000000 LOAD_CONFIG rva: 00000000 size: 00000000 BOUND_IMPORT rva: 00000000 size: 00000000 IAT rva: 00021000 size: 000006C0 unused rva: 00000000 size: 00000000 unused rva: 00000000 size: 00000000 unused rva: 00000000 size: 00000000 Section Table 01 .text VirtSize: 0001FF12 VirtAddr: 00001000 raw data offs: 00001000 raw data size: 00020000 relocation offs: 00000000 relocations: 00000000 line # offs: 00000000 line #`s: 00000000 characteristics: 60000020 CODE MEM_EXECUTE MEM_READ 02 .rdat VirtSize: 00006C96 VirtAddr: 00021000 raw data offs: 00021000 raw data size: 00007000 relocation offs: 00000000 relocations: 00000000 line # offs: 00000000 line #`s: 00000000 characteristics: 40000040 INITIALIZED_DATA MEM_READ 03 .data VirtSize: 00002AE8 VirtAddr: 00028000 raw data offs: 00028000 raw data size: 00002000 relocation offs: 00000000 relocations: 00000000 line # offs: 00000000 line #`s: 00000000 characteristics: C0000040 INITIALIZED_DATA MEM_READ MEM_WRITE 04 .rsrc VirtSize: 00008630 VirtAddr: 0002B000 raw data offs: 0002A000 raw data size: 00009000 relocation offs: 00000000 relocations: 00000000 line # offs: 00000000 line #`s: 00000000 characteristics: 40000040 INITIALIZED_DATA MEM_READ Imports Table: W32N50.dll Hint/Name Table: 00026F5C TimeDateStamp: 00000000 ForwarderChain: 00000000 First thunk RVA: 00021660 Ordn Name 75 W32N_OpenAdapterA 70 W32N_IsWindows95 59 W32N_DisableLoopback 80 W32N_PacketSend 72 W32N_MakeNdisRequest 78 W32N_PacketRead 69 W32N_IsWindows2000 64 W32N_GetLastError 57 W32N_CancelPacketRead 71 W32N_IsWindowsNT 82 W32N_SetBPFProgram 58 W32N_CloseAdapter 66 W32N_GetNextAdapterRegistryInfo 63 W32N_GetFirstAdapterRegistryInfo iphlpapi.dll Hint/Name Table: 00026FB4 TimeDateStamp: 00000000 ForwarderChain: 00000000 First thunk RVA: 000216B8 Ordn Name 25 GetAdaptersInfo MFC42.DLL Hint/Name Table: 000269E0 TimeDateStamp: 00000000 ForwarderChain: 00000000 First thunk RVA: 000210E4 Ordn Name 1948 2396 3346 5300 5303 4079 4699 5307 5289 5715 4622 4424 3663 0565 0817 2841 2726 4226 0535 6140 0654 0800 0341 0540 2764 0860 2107 5450 5440 6383 6394 0858 0537 4129 5953 6199 2818 4277 2763 6283 0924 0922 0940 0939 0536 2575 4396 3574 6055 1776 5290 3402 3721 4220 2584 3654 0795 0609 1146 1168 0567 2438 2370 2302 1644 2642 6334 6215 0941 6270 2863 2455 2528 2379 2864 1134 0801 2086 6143 0541 2256 0533 0798 2135 0818 1949 4034 0926 2820 3811 0656 0616 5710 5683 3499 0823 0355 2915 1567 0268 1187 1907 5161 5162 5160 4905 4742 4976 4948 4358 4377 4854 5287 4835 0768 0489 4258 3092 2301 4224 6197 6380 4287 6379 3610 2411 2023 4218 2578 4398 3582 1175 1200 6883 1158 1105 4202 6282 4278 6662 3173 5922 3215 0389 5858 6930 4673 4274 6375 4486 2554 2512 5731 1576 1089 5199 5302 4698 5714 3738 0561 0815 2621 2725 2298 2363 2358 6028 2299 2688 3573 3626 2414 0755 0470 1641 1908 1690 5288 4439 2054 4431 0771 1008 0496 4259 4715 3698 0765 6453 3742 1233 4275 2860 2152 5875 5789 2380 3706 2859 4710 4234 0641 0825 0324 3597 4425 4627 4080 3079 3825 3831 3830 2976 3081 2985 3262 3136 4465 3259 3147 2982 5277 2124 2446 5261 1727 5065 3749 6376 2055 2648 4441 4837 3798 5280 4353 6374 5163 2385 5241 4407 1775 4078 6052 2514 4998 4853 4376 5265 2515 3922 MSVCRT.dll Hint/Name Table: 00026E00 TimeDateStamp: 00000000 ForwarderChain: 00000000 First thunk RVA: 00021504 Ordn Name 85 __dllonexit 14 ??1type_info@@UAE@XZ 605 fread 614 fwrite 720 time 692 srand 657 malloc 390 _onexit 606 free 594 fgets 402 _purecall 351 _mbsicmp 678 rand 600 fprintf 588 fclose 599 fopen 573 atoi 65 _CxxThrowException 211 _exit 72 _XcptFilter 143 _acmdln 88 __getmainargs 271 _initterm 131 __setusermatherr 157 _adjust_fdiv 106 __p__commode 111 __p__fmode 129 __set_app_type 202 _except_handler3 634 isupper 183 _controlfp 308 _itoa 426 _setmbcp 73 __CxxFrameHandler 664 memmove 345 _mbscmp 8 ??0exception@@QAE@ABV0@@Z 585 exit KERNEL32.dll Hint/Name Table: 00026954 TimeDateStamp: 00000000 ForwarderChain: 00000000 First thunk RVA: 00021058 Ordn Name 365 GetTickCount 662 Sleep 773 lstrcpynA 718 WaitForSingleObject 27 CloseHandle 282 GetLastError 63 CreateMutexA 308 GetPrivateProfileIntA 613 SetEvent 345 GetSystemDirectoryA 52 CreateFileA 314 GetPrivateProfileStringA 741 WritePrivateProfileStringA 739 WritePrivateProfileSectionA 670 TerminateProcess 68 CreateProcessA 338 GetStdHandle 373 GetVersionExA 250 GetCurrentThreadId 381 GetWindowsDirectoryA 202 GetCommandLineA 723 WinExec 294 GetModuleHandleA 336 GetStartupInfoA 711 VirtualQueryEx 495 OpenProcess 248 GetCurrentProcessId 716 WaitForMultipleObjects 555 ResetEvent 292 GetModuleFileNameA 450 LoadLibraryA 49 CreateEventA 318 GetProcAddress 180 FreeLibrary USER32.dll Hint/Name Table: 00026EA8 TimeDateStamp: 00000000 ForwarderChain: 00000000 First thunk RVA: 000215AC Ordn Name 169 DrawIcon 240 GetClientRect 326 GetSystemMetrics 396 IsIconic 170 DrawIconEx 323 GetSysColor 369 InflateRect 604 SetWindowRgn 515 ReleaseDC 253 GetDC 497 RedrawWindow 267 GetIconInfo 416 LoadImageA 208 EnumWindows 314 GetPropA 618 ShowWindow 14 BringWindowToTop 332 GetTopWindow 399 IsWindow 348 GetWindowRect 255 GetDesktopWindow 516 RemoveMenu 252 GetCursorPos 560 SetForegroundWindow 322 GetSubMenu 478 PostMessageA 378 InvalidateRect 342 GetWindowLongA 600 SetWindowLongA 532 SendMessageA 422 LoadMenuA 578 SetPropA 414 LoadIconA 476 PeekMessageA 594 SetTimer 405 KillTimer 446 MessageBoxA 481 PostThreadMessageA 183 EnableWindow 181 EnableMenuItem GDI32.dll Hint/Name Table: 0002692C TimeDateStamp: 00000000 ForwarderChain: 00000000 First thunk RVA: 00021030 Ordn Name 30 CombineRgn 74 CreateRoundRectRgn 71 CreatePolygonRgn 72 CreateRectRgn 168 FillRgn 172 FrameRgn 83 DeleteObject 351 GetStockObject 77 CreateSolidBrush ADVAPI32.dll Hint/Name Table: 000268FC TimeDateStamp: 00000000 ForwarderChain: 00000000 First thunk RVA: 00021000 Ordn Name 327 OpenServiceA 350 RegCreateKeyA 356 RegDeleteValueA 325 OpenSCManagerA 53 ControlService 390 RegSetValueExA 120 DeleteService 52 CloseServiceHandle 370 RegOpenKeyExA 379 RegQueryValueExA 347 RegCloseKey SHELL32.dll Hint/Name Table: 00026E9C TimeDateStamp: 00000000 ForwarderChain: 00000000 First thunk RVA: 000215A0 Ordn Name 114 ShellExecuteA 121 Shell_NotifyIconA WSOCK32.dll Hint/Name Table: 00026F98 TimeDateStamp: 00000000 ForwarderChain: 00000000 First thunk RVA: 0002169C Ordn Name 0116 0115 0057 0052 0014 0008 VERSION.dll Hint/Name Table: 00026F4C TimeDateStamp: 00000000 ForwarderChain: 00000000 First thunk RVA: 00021650 Ordn Name 0 GetFileVersionInfoA 10 VerQueryValueA 1 GetFileVersionInfoSizeA MSVCP60.dll Hint/Name Table: 00026DD4 TimeDateStamp: 00000000 ForwarderChain: 00000000 First thunk RVA: 000214D8 Ordn Name 193 ??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z 76 ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z 198 ??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z 1016 ?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z 687 ??_7out_of_range@std@@6B@ 233 ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ 287 ??1out_of_range@std@@UAE@XZ 197 ??0out_of_range@std@@QAE@ABV01@@Z 192 ??0logic_error@std@@QAE@ABV01@@Z 1056 ?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

06-05-26, 09:43	第 109 帖
imsaint 注册会员注册日期: May 2006 帖子: 21 精华: 0	我不知道怎么用windump 我在网上找了着个 windump 把这两个程序看看就是这样了

06-05-26, 11:53	第 110 帖
imsaint 注册会员注册日期: May 2006 帖子: 21 精华: 0	D:\soft\windump -i 2 host 172.16.79.1 windump: listening on \Device\NPF-{.................} 11:41:31.601729 arp who-has 172.16.79.52 tell 172.16.79.51 11:41:31.289993 arp who-has 172.16.79.52 tell 172.16.79.51 以后就重复了只是是在时间上不同了

06-05-27, 12:12	第 111 帖
barry262 注册会员注册日期: May 2006 帖子: 15 精华: 0	[STATE] Reinit state machine [INT] Clearing keys! [INT] Initializing socket for interface eth0.. [INT] Allmulti mode is already enabled on this device! [INT] WPA: Enabling WPA on interface eth0. [INT] Interface eth0 is NOT wireless! [INT] Interface initialized! [INT] Interface eth0 is NOT wireless! [CONFIG] Working from config file /etc/xsupplicant.conf. No configuration information for network "(null)" found. Using default. [INT] Opened socket descriptor #4 An error occured binding to socket. (Error : Address already in use) !Couldn't initalize daemon socket! [ALL] Shutting down IPC socket! [INT] Closing socket descriptor #4 Error closing socket! (Error : Bad file descriptor) [ALL] Doing statemachine cleanup! [AUTH TYPE] There was no active method in eap_cleanup()! [INT] Sending Logoff for int eth0! [ALL] Cleaning up interface eth0... [INT] Called event_core_cleanup()! [INT] Called cardif_linux_rtnetlink_cleanup()! AAAH! Trying to delete an undefined config type. Notify developers. Type: 0x12 AAAH! Trying to delete an undefined config type. Notify developers. Type: 0x17

06-05-27, 12:37	第 113 帖
imsaint 注册会员注册日期: May 2006 帖子: 21 精华: 0	楼主给我看看阿帮一下忙啦？？？我这个怎么解决阿

06-07-15, 02:21	第 117 帖
hifik 注册会员注册日期: Jun 2006 帖子: 1 精华: 0	研究下Windows下的认证程序下的客户端，原来是在标准802.1x的数据包后加入了以下数据： ///////////////////////////////////////////////////////////////////////////////////// static byte RuijieExtra[144] = { //Ruijie OEM Extra by soar @ http://bbs.53ucity.com/ //////////////////////////////////////////////////////////////////////////// // // OEM Extra // 0 --> 22 0x00,0x00,0x13,0x11, // Encode( 0x00,0x00,0x13,0x11 ) Ruijie OEM Mark 0x01, // Encode( 0x01/00 ) 0x00,0x00,0x00,0x00, // Encode( IP ) 0x00,0x00,0x00,0x00, // Encode( SubNetMask ) 0x00,0x00,0x00,0x00, // Encode( NetGate ) 0x00,0x00,0x00,0x00, // Encode( DNS ) 0x00,0x00, // Checksum( ) // 23 --> 58 0x00,0x00,0x13,0x11,0x38,0x30,0x32,0x31,0x78,0x2E,0x65,0x78,0x65,0x00,0x00,0x00, // ASCII 8021x.exe 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, // 0x00,0x00,0x00,0x00, // 59 --> 77 0x02,0x32,0x00,0x00, // 8021x.exe File Version (2.5.00) 0x00, // unknow flag 0x00,0x00,0x13,0x11,0x00,0x28,0x1A,0x28,0x00,0x00,0x13,0x11,0x17,0x22, // Const strings // 78 --> 118 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F, // 32bits spc. Random strings 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F, // 32bits spc. Random strings 0x00,0x00,0x13,0x11,0x18,0x06,0x00,0x00,0x00, // Const strings // 119 0x00, // DHCP and first time flag // V2.56 (and upper?) added // 120 --> //0x1A,0x0E,0x00,0x00,0x13,0x11,0x2D,0x08, // Const strings // 128 --> 141 //0x00,0x00,0x00,0x00,0x00,0x00, // True NIC MAC //0x1A,0x08,0x00,0x00,0x13,0x11,0x2F,0x02 // Const strings }; ///////////////////////////////////////////////////////////////////////////////////// 其中 32 为的随机数在发送用户名和密码时为客户端的验证 MD5 Hash ，关于这 32 位数字的生成方法如下(VC++ MFC)： // // /////////////////////////////////////////////////////////////////// // // // Ruijie 8021x.exe 客户端验证及其完整性验证（版本 V2.45 /2.50 /2.56 ） // // 有些变态用了 8 次 MD5 算法检校 0x00401000h --> 0x00421000h 程序段 // （每段长0x4000h），每分段前加入了服务器返回的 MD5 串，最后得到的 // 8组 MD5 Hash 再和服务器返回的 MD5 串做运算生成 0x90h 的表 TableC // 再作一次 MD5 运算。 // ////////////////////////////////////////////////////////////////// // // 严正声明： // 本算法仅供学习和研究 8021x 认证客户端程序之用， // 严禁他用，其他用途产生的后果本人一概不以负责！ // // -- by soar @ 2006/07/01 // http://bbs.53ucity.com/ ////////////////////////////////////////////////////////////////// // // //产生特殊随机字符串 CString CMentoSupplicantDlg::Randstr(bool flag) { CString strFormat,strRandom; int a,b,c,d,e; unsigned t; strFormat="%X%X%X%X%X%X9884773d9f46acafd7839eb38789088ac9534"; if (flag){strFormat="%X%X%X%X%X%X388498639f49ebaca773dfd78789088ac9534";} t=time(NULL); srand(t); a=rand(); b=rand(); c=rand(); d=rand(); e=rand(); strRandom.Format(strFormat,a,b,c,d,e,t); return strRandom; } //验证算法 void CMentoSupplicantDlg::Clog() { int i,j=0; int nLength = 0; //number of bytes read from the file int nBufferSize=0x4000; //checksum the file in blocks of bytes CFileVersionInfo fvi; CString strRJVersionInfo; if (fvi.Create(strRJFileN)){ bool notfindflag=true; strRJVersionInfo=fvi.GetFileVersion(); strRJVersionInfo.Replace(" ",""); if (strRJVersionInfo.Find("2,45,0,0")==0){ nBufferSize=0x3E00; notfindflag=false; //PrintOutput("V2,45,0,0"); } if (strRJVersionInfo.Find("2,50,0,0")==0){ nBufferSize=0x4000; notfindflag=false; //PrintOutput("2,50,0,0"); } if (strRJVersionInfo.Find("2,51,0,0")==0){ nBufferSize=0x4200; notfindflag=false; //PrintOutput("2,51,0,0"); } if (strRJVersionInfo.Find("2,56,0,0")==0){ nBufferSize=0x4A00; notfindflag=false; //PrintOutput("2,56,0,0"); } if (notfindflag){ PrintOutput(" ** 不支持的Ruijie客户端版本！。"); } } // BYTE Buffer1[0x5000]; //buffer for data read from the file BYTE Buffer2[0x5000]; //buffer for data to MD5 Checksum BYTE md5rev[16]; //buffer for receive MD5 from the Server BYTE md5Dig1,md5Dig2; ULONGLONG lActual; static byte TableC[0x90]={ 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; // Authentication Server MD5 Hash for (i=0;i<16;i++) md5rev[i]=bMD5Source[24+i]; // Tranform to TableC TableC[0]=md5rev[0]; for (i=1;i<8;i++){ TableC[i18-1]=md5rev[i2-1]; TableC[i18]=md5rev[i2];} TableC[143]=md5rev[15]; // Check 8021x.exe, Exist ? if (CFile::GetStatus(strRJFileN,FileStatus)==FALSE){ //PrintOutput(" >> 无法找到“8021x.exe”！！！"); //PrintOutput(" 请复制到本程序目录下，"); //PrintOutput(" 否则无法生成Ruijie客户端信息。"); //return a 32 bits Random string strMD5Hash=Randstr(false); return; } // Open the 8021.exe for reading. CFile File(strRJFileN, CFile::modeRead \| CFile::shareDenyWrite \| CFile::typeBinary); try { //checksum the file in blocks of xxxx bytes lActual=File.Seek (0x1000,CFile::begin); while ((nLength = File.Read( Buffer1, nBufferSize )) > 0 && j<8) { for (i=0;i<16;i++){ Buffer2[i]=md5rev[i];} for (i=0;i<nBufferSize;i++){ Buffer2[i+16]=Buffer1[i];} //Return each block MD5 Hash md5Dig1=ComputeHash(Buffer2,nBufferSize+16); for (i=0;i<16;i++){ TableC[18j+i+1]=md5Dig1[i];} j++; }//end of while // PrintOutput( "MD5_1to8_Done!"); md5Check=ComputeHash(TableC,144); //not the best work.... CString strTemp,strFormat; strMD5Hash=""; for (i=0;i<16;i++){ if (md5Check[i]) {//if outside if (md5Check[i]>0x0f){ strFormat="%x";} else{ strFormat="0%x";} strTemp.Format(strFormat,md5Check[i]); strMD5Hash=strMD5Hash+strTemp;} else{//if outside strMD5Hash=strMD5Hash+"00";}//end of if outside }//end of for PrintOutput(" >> Ruijie “8021x.exe” 验证 MD5： "); PrintOutput(" "+strMD5Hash); return; }//end of try //catche Exception error for debug only catch (CFileException e ) { #ifdef _DEBUG afxDump << "File could not be opened " << e->m_cause << "\n"; #endif throw e; }//end of catch }//end of fuction // // ///////////////////////////////////////////////////////////////////////// // // Windows 下的客户端已经成功通过认证服务器的完整性检查和 Ruijie 发送的数据一致^_^

06-10-23, 20:16	第 119 帖
zuoning 注册会员注册日期: Oct 2006 帖子: 36 精华: 0	您好，我在http://www.linuxsir.org/bbs/showthre...��看到你的在锐捷802.1x网络中使用xsupplicant的补丁进行认证的源代码和教程+FAQ 我用的是red-hat 9.2 但是老是到patch -p2 < xsupplicant-1.2.1-rj.patch 这里出错误，说是找不到，很是不理解。我知道你在这方面是高手，研究已经很深入了，麻烦你给指点一下，我在red-hat 9.2 怎么设置？谢谢！