cmhi
/
secgateway
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
secgateway/Platform/user/configm/config-server/web_config/auth_parameters.c

552 lines
14 KiB
C
Raw Normal View History

Mod aaa-12 修改web界面配置信息 RCA: SOL: 修改人:chenling 检视人:
2019-08-09 11:42:19 +00:00
#include "../include/parsefile.h"
#include "../include/configm.h"
#include "../../../netlink_uapi/libnetlinku.h"
#include "../../../../common/rpc/rpc.h"
#include "authfree.h"
#include <cjson/cJSON.h>
#include "../../../../../Common/s2j/s2j.h"
#include "../../../../../Common/commuapinl.h"
#include "auth_parameters.h"
/*定义结构体 存认证参数*/
auth_parameters_t *auth_para;
#ifdef AGINGTIME_ACK_COOKIES
#define CFG_AGINGTIME_ACK_COOKIES
#endif
/*全局变量初始化 失败为1 成功为0*/
int authparInit()
{
auth_para = (auth_parameters_t *)malloc(sizeof(auth_parameters_t));
if (NULL == auth_para)
{
return 1;
}
return 0;
}
/*下发用户老化时间配置到内核态 */
int set_agingtimecfg_waitack(int *agingtime)
{
int agingtime_len = 0;
struct nlmsghdr *ack = NULL;
struct nlmsghdr **answer = &ack;
struct{
struct nlmsghdr n;
char buf[1024];
} req ={
.n.nlmsg_len = NLMSG_LENGTH(0),
#ifdef CFG_AGINGTIME_ACK_COOKIES
.n.nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK,/*set NLM_F_ACKuse kernel auto ack*/
#else
.n.nlmsg_flags = NLM_F_REQUEST, /*not use kernel auto ack */
#endif
.n.nlmsg_type = AGINGTIME_CFG, /*用户态发送给内核态的用户老化时间消息 */
.n.nlmsg_pid = getpid(),
};
/*判断要发送的数据是否为NULL,不为NULL,打印出来 */
if (agingtime == NULL)
{
printf("set_agingtimecfg_waitack is error: input struct_agingtime is NULL.\r\n");
return -1;
}else
{
printf("set_freeauthcfg_waitack :agingtime %d\n", *agingtime);
}
/*计算需要发送的数据的长度 */
agingtime_len = sizeof(int);
printf("%d\n", agingtime_len);
/*可选属性 */
commnl_addattr_l(&req.n, sizeof(req), 1, agingtime, agingtime_len);
/*发送组装好的netlink消息 */
if(pdeliv_talk(1, &req.n, answer) < 0)
{
printf("set_user_agingtime_waitack rcv ack msg faild.\r\n");
return -2;
}
else
{
printf("set_user_agingtime_waitack rcv ack msg success.\r\n");
}
if(*answer != NULL)
{
printf("set_user_agingtime_waitack rcv answer.\r\n");
}
else{
printf("set_user_agingtime_waitack rcv answer error.\r\n");
return -3;
}
#ifdef CFG_AGINGTIME_ACK_COOKIES
/*recv answer*/
if((*answer)->nlmsg_type == NLMSG_ERROR){
nl_debugfs_extack(*answer);
}
#else
/*recv answer*/
if((*answer)->nlmsg_type == AGINGTIME_CFG)
{
nl_debugfs(*answer);
}
#endif
return 0;
}
/*检查IP地址是否有效端口号是否被占用 */
int _valid_ipv4_port(const char *str, int port)
{
int ret;
int fd;
int i;
volatile int local_errno;
struct sockaddr_in addr;
fd = socket(AF_INET,SOCK_STREAM,0); /*初始化*/
if(fd ==-1) /*检查是否正常初始化socket */
{
return -1;
}
errno = 0;
local_errno = errno;
ret = inet_pton(AF_INET, str ,&addr.sin_addr);
printf("the value of ret is:%d\n",ret);
if(ret > 0)
{
fprintf(stderr, "\"%s\" is a vaild IPv4 address\n", str);
addr.sin_family = AF_INET; /*地址结构的协议簇 */
addr.sin_port=htons(port); /*地址结构的端口地址,网络字节序 */
printf("the value of str:%s\n", str);
i = (bind(fd, (struct sockaddr*)&addr, sizeof(struct sockaddr)));
printf("the value of i:%d\n", i);
if( i < 0)
{
printf("port %d has been used. \n", port);
close(fd);
return -1;
}
printf("port %d is ok. \n", port);
close(fd);
return 0;
}
else if (ret < 0)
{
fprintf(stderr, "EAFNOSUPPORT: %s\n", strerror(local_errno));
close(fd);
return -1;
}
else
{
fprintf(stderr, "\"%s\" is not a vaild IPv4 address\n", str);
close(fd);
return -1;
}
}
/* iuput格式{"type": 0, "data": {"ip": 1028737217,"port": 1010,"timehorizon": 10,"failcount": 20,"locktime":30, "aging_time":10}}*/
ret_code authpara_config_json_parse(pointer input, uint *conf_type, auth_parameters_t *authpara_buff)
{
ret_code ret = RET_OK;
cJSON *cjson, *type, *data;
/*JSON字符串到JSON格式 */
cjson = cJSON_Parse(input);
if(!cjson)
{
ret = RET_INPUTERR;
ASSERT_RET(ret);
return ret;
}
/*获取操作类型 add、mod、del */
type = cJSON_GetObjectItem(cjson, "type");
if(!type)
{
ret = RET_INPUTERR;
cJSON_Delete(cjson);
return ret;
}
*conf_type = type->valueint;
/*获取免认证规则的data部分 */
data = cJSON_GetObjectItem(cjson, "data");
if(!data)
{
ret = RET_INPUTERR;
cJSON_Delete(cjson);
cJSON_Delete(type);
return ret;
}
/*创建freeauth_configure_t结构体对象 */
s2j_create_struct_obj(auth_parameters, auth_parameters_t);
if(auth_parameters == NULL)
{
cJSON_Delete(cjson);
cJSON_Delete(type);
cJSON_Delete(data);
return RET_NOMEM;
}
/*反序列化数据到freeauth_configure_t结构体对象 */
s2j_struct_get_basic_element(auth_parameters, data, int, ip);
s2j_struct_get_basic_element(auth_parameters, data, int, port);
s2j_struct_get_basic_element(auth_parameters, data, int, timehorizon);
s2j_struct_get_basic_element(auth_parameters, data, int, failcount);
s2j_struct_get_basic_element(auth_parameters, data, int, locktime);
s2j_struct_get_basic_element(auth_parameters, data, int, aging_time);
authpara_buff->ip = auth_parameters->ip;
authpara_buff->port = auth_parameters->port;
authpara_buff->timehorizon = auth_parameters->timehorizon;
authpara_buff->failcount = auth_parameters->failcount;
authpara_buff->locktime = auth_parameters->locktime;
authpara_buff->aging_time = auth_parameters->aging_time;
s2j_delete_struct_obj(auth_parameters);
cJSON_Delete(cjson);
cJSON_Delete(type);
cJSON_Delete(data);
return RET_OK;
}
/*检查增加的参数格式是否正确 */
ret_code authpara_config_add_chk(uint source,uint config_type,
pointer input, int input_len,
pointer output, int *output_len)
{
ret_code ret = RET_OK;
auth_parameters_t *auth_parameters;
auth_parameters = (auth_parameters_t *)input;
char str[32] = {0};
if((input_len < sizeof(auth_parameters_t)) || (input_len > sizeof(auth_parameters_t)))
{
ret = RET_INPUTERR;
return ret;
}
/*判断IP地址格式是否正确、端口号是否被占用*/
memset(str, 0, 32);
inet_ntop(AF_INET, (void *)&auth_parameters->ip, str, 32);
char *ip_addr = str;
if( (_valid_ipv4_port(ip_addr, auth_parameters->port)) < 0 )
{
free(auth_parameters);
ret = RET_ERR;
return ret;
}
/*配置的用户失败次数如果小于0则配置错误 */
if(auth_parameters->failcount < FAIL_MIN_NUM )
{
free(auth_parameters);
printf("userlock configure error\n");
ret = RET_ERR;
return ret;
}
/*配置的用户锁定时间如果小于0则配置错误 */
if(auth_parameters->locktime < LOCK_MIN_TIME )
{
free(auth_parameters);
printf("locktime configure error\n");
ret = RET_ERR;
return ret;
}
/*配置的用户认证时间范围如果小于0则配置错误 */
if(auth_parameters->timehorizon < HORIZON_MIN_VALUE )
{
free(auth_parameters);
printf("timehorizon configure error\n");
ret = RET_ERR;
return ret;
}
free(auth_parameters);
return RET_OK;
}
/*修改认证参数 */
ret_code authpara_config_mod_chk(uint source,uint config_type,
pointer input, int input_len,
pointer output, int *output_len)
{
ret_code ret = RET_OK;
auth_parameters_t *auth_parameters;
auth_parameters = (auth_parameters_t *)input;
if((input_len < sizeof(auth_parameters_t)) || (input_len > sizeof(auth_parameters_t)))
{
ret = RET_INPUTERR;
return ret;
}
/*判断认证参数是否存在*/
if(NULL == auth_para)
{
ret = RET_ERR;
return ret;
}
return RET_OK;
}
/*chk data格式 */
ret_code authpara_config_chk(uint source,uint *config_type,
pointer input, int *input_len,
pointer output, int *output_len)
{
ret_code ret = RET_OK;
auth_parameters_t auth_parameters = {0};
int config_len = sizeof(auth_parameters_t);
uint conf_type = AUTHPARA_CONFIG_GET;
int code = 0;
authpara_config_json_parse(input, &conf_type, &auth_parameters);
switch (conf_type)
{
case AUTHPARA_CONFIG_ADD:
ret = authpara_config_add_chk(source, conf_type,
&auth_parameters, config_len,
output, output_len);
break;
case AUTHPARA_CONFIG_MOD:
ret = authpara_config_mod_chk(source, conf_type,
&auth_parameters, config_len,
output, output_len);
break;
default:
ret = RET_NOTSUPPORT;
}
if(config_len <= CM_BUFF_SIZE)
{
memset(input, 0, *input_len);
memcpy(input, &auth_parameters, config_len);
*config_type = conf_type;
*input_len = config_len;
}
else
{
ret = RET_NOMEM;
}
RET_ERR_FORMART(ret, code, output, *output_len);
return ret;
}
ret_code authpara_config_add_proc(uint source, uint config_type,
pointer input, int input_len,
pointer output, int *output_len)
{
ret_code ret = RET_OK;
cJSON *res;
char * ret_char = NULL;
unsigned int ret_int = 0;
auth_parameters_t *auth_parameters;
auth_parameters = (auth_parameters_t *)input;
int r = -1;
/*增加数据库*/
/*存入全局变量*/
/*用户态下发到内核态auth_hook */
printf("cfgchannel main begin:\r\n");
/*创建通道 */
r = commcfgnl_open();
if(r < 0)
{
printf(" pdlivnl_open fail, exit.\r\n");
return RET_ERR;
}
/*下发配置到内核态 */
r = set_agingtimecfg_waitack(&(auth_parameters->aging_time));
if(r < 0)
{
printf("set_cfg_debug_waitack failed.\r\n");
return RET_ERR;
}
/*关闭netlink通道 */
commcfgnl_close();
printf("cfgchannel main exit!\r\n");
/*创建json对象 */
res = cJSON_CreateObject();
if(!res)
{
free(auth_parameters);
ret = RET_ERR;
return ret;
}
/*将json对象转换成json字符串 返回处理结果*/
cJSON_AddNumberToObject(res, "result", r);
ret_char = cJSON_PrintUnformatted(res);
ret_int = strlen(ret_char);
if(output_len)
{
*output_len = ret_int;
}
/*超出2k的内存报错 */
if(ret_int >= 1024 * 2)
{
free(auth_parameters);
free(ret_char);
cJSON_Delete(res);
return RET_NOMEM;
}
memcpy(output, 0, ret_int + 1);
strcpy(output, ret_char);
free(ret_char);
cJSON_Delete(res);
free(auth_parameters);
return RET_OK;
}
ret_code authpara_config_mod_proc(uint source, uint config_type,
pointer input, int input_len,
pointer output, int *output_len)
{
ret_code ret = RET_OK;
cJSON *res;
char * ret_char = NULL;
unsigned int ret_int = 0;
auth_parameters_t *auth_parameters;
auth_parameters = (auth_parameters_t *)input;
int r = -1;
/*数据库修改*/
/*存入全局变量*/
/*用户态下发到内核态auth_hook */
printf("cfgchannel main begin:\r\n");
/*创建通道 */
r = commcfgnl_open();
if(r < 0)
{
printf(" pdlivnl_open fail, exit.\r\n");
return RET_ERR;
}
/*下发配置到内核态 */
r = set_agingtimecfg_waitack(&(auth_parameters->aging_time));
if(r < 0)
{
printf("set_cfg_debug_waitack failed.\r\n");
return RET_ERR;
}
/*关闭netlink通道 */
commcfgnl_close();
printf("cfgchannel main exit!\r\n");
/*创建json对象 */
res = cJSON_CreateObject();
if(!res)
{
free(auth_parameters);
ret = RET_ERR;
return ret;
}
/*将json对象转换成json字符串 返回处理结果*/
cJSON_AddNumberToObject(res, "result", r);
ret_char = cJSON_PrintUnformatted(res);
ret_int = strlen(ret_char);
if(output_len)
{
*output_len = ret_int;
}
/*超出2k的内存报错 */
if(ret_int >= 1024 * 2)
{
free(auth_parameters);
free(ret_char);
cJSON_Delete(res);
return RET_NOMEM;
}
memcpy(output, 0, ret_int + 1);
strcpy(output, ret_char);
free(ret_char);
cJSON_Delete(res);
free(auth_parameters);
return RET_OK;
}
ret_code authpara_config_proc(uint source, uint config_type,
pointer input, int input_len,
pointer output, int *output_len)
{
uint conf_type = config_type;
ret_code ret = RET_OK;
auth_parameters_t conf_buff = {0};
auth_parameters_t *auth_parameters = &conf_buff;
cJSON *res;
char * ret_char = NULL;
unsigned int ret_int = 0;
auth_parameters = (auth_parameters_t *)input;
rpc_log_info("config type is %d, ip %d port %d timehorizon %d failcount %d locktime %d aging_time %d\n",
conf_type, auth_parameters->ip, auth_parameters->port,
auth_parameters->timehorizon, auth_parameters->failcount,
auth_parameters->locktime, auth_parameters->aging_time);
switch (conf_type)
{
case AUTHPARA_CONFIG_ADD:
ret = authpara_config_add_proc(source, conf_type,
&auth_parameters, input_len,
output, output_len);
break;
case AUTHPARA_CONFIG_MOD:
ret = authpara_config_mod_proc(source, conf_type,
&auth_parameters, input_len,
output, output_len);
break;
default:
ret = RET_NOTSUPPORT;
}
return RET_OK;
}