cmhi
/
secgateway
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
secgateway/Platform/user/configm/config-server/web_config/authfree.c

633 lines
16 KiB
C
Raw Normal View History

Mod aaa-12 修改web界面配置信息 RCA: SOL: 修改人:chenling 检视人:
2019-08-09 11:42:19 +00:00
#include "../include/parsefile.h"
#include "../include/configm.h"
#include "../../../netlink_uapi/libnetlinku.h"
#include "../../../../common/rpc/rpc.h"
#include "authfree.h"
#include <cjson/cJSON.h>
#include "../../../../../Common/s2j/s2j.h"
#include "../../../../../Common/commuapinl.h"
/*定义结构体数组 存在免认证规则 */
freeauth_configure_t freeauth_array[RULE_MAX_NUM] = {0};
#ifdef FREEAUTH_ACK_COOKIES
#define CFG_FREEAUTH_ACK_COOKIES
#endif
/*全局变量初始化 失败为1 成功为0*/
int authfreeInit(freeauth_configure_t **localuser)
{
*localuser = (freeauth_configure_t *)malloc(sizeof(freeauth_configure_t));
if (NULL == *localuser)
{
return 1;
}
return 0;
}
/* 判断IPv4格式是否正确*/
int isIpV4Addr(const char *ipAddr)
{
int ip_part_1 = 0;
int ip_part_2 = 0;
int ip_part_3 = 0;
int ip_part_4 = 0;
char end_char = 0;
if((NULL == ipAddr) || (0 == strlen(ipAddr)))
{
return -1;
}
if(4 == sscanf(ipAddr,"%d.%d.%d.%d%c",&ip_part_1,&ip_part_2,&ip_part_3,&ip_part_4,&end_char))
{
if((ip_part_1 >= 0) && (ip_part_1 <= 255) &&
(ip_part_2 >= 0) && (ip_part_2 <= 255) &&
(ip_part_3 >= 0) && (ip_part_3 <= 255) &&
(ip_part_4 >= 0) && (ip_part_4 <= 255)
)
{
return 0;
}
}
return -1;
}
/*下发配置到内核态 */
int set_freeauthcfg_waitack(freeauth_configure_t *struct_freeauth)
{
int freeauth_len = 0;
struct nlmsghdr *ack = NULL;
struct nlmsghdr **answer = &ack;
struct{
struct nlmsghdr n;
char buf[1024];
} req ={
.n.nlmsg_len = NLMSG_LENGTH(0),
#ifdef CFG_FREEAUTH_ACK_COOKIES
.n.nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK,/*set NLM_F_ACKuse kernel auto ack*/
#else
.n.nlmsg_flags = NLM_F_REQUEST, /*not use kernel auto ack */
#endif
.n.nlmsg_type = FREEAUTH_CFG,
.n.nlmsg_pid = getpid(),
};
/*判断要发送的数据是否为NULL,不为NULL,打印出来 */
if (struct_freeauth == NULL)
{
printf("set_freeauthcfg_waitack is error: input struct_freeauth is NULL.\r\n");
return -1;
}else
{
char str[32];
memset(str, 0, 32);
inet_ntop(AF_INET, (void *)&struct_freeauth->sip, str, 32);
char *sip_addr = str;
char dtr[32];
memset(dtr, 0, 32);
inet_ntop(AF_INET, (void *)&struct_freeauth->dip, dtr, 32);
char *dip_addr = dtr;
printf("set_freeauthcfg_waitack :name %s sip %s dip %s dport %d\n",
struct_freeauth->name, sip_addr, dip_addr,
struct_freeauth->dport);
}
/*计算需要发送的数据的长度 */
freeauth_len = sizeof(freeauth_configure_t);
/*可选属性 */
commnl_addattr_l(&req.n, sizeof(req), 1, struct_freeauth, freeauth_len);
/*发送组装好的netlink消息 */
if(pdeliv_talk(1, &req.n, answer) < 0)
{
printf("set_user_freeauth_waitack rcv ack msg faild.\r\n");
return -2;
}
else
{
printf("set_user_freeauth_waitack rcv ack msg success.\r\n");
}
if(*answer != NULL)
{
printf("set_user_freeauth_waitack rcv answer.\r\n");
}
else{
printf("set_user_freeauth_waitack rcv answer error.\r\n");
return -3;
}
#ifdef CFG_FREEAUTH_ACK_COOKIES
/*recv answer*/
if((*answer)->nlmsg_type == NLMSG_ERROR){
nl_debugfs_extack(*answer);
}
#else
/*recv answer*/
if((*answer)->nlmsg_type == FREEAUTH_CFG)
{
nl_debugfs(*answer);
}
#endif
return 0;
}
/* 判断免认证规则格式
* iuput格式{"type": 0, "data": {"name": "armink","sip": 1027824,"dip": 103427824,"dport": 24}}*/
ret_code freeauth_config_json_parse(pointer input, uint *conf_type, freeauth_configure_t *freeauth_buff)
{
ret_code ret = RET_OK;
cJSON *cjson, *type, *data;
/*JSON字符串到JSON格式 */
cjson = cJSON_Parse(input);
if(!cjson)
{
ret = RET_INPUTERR;
ASSERT_RET(ret);
return ret;
}
/*获取操作类型 add、mod、del */
type = cJSON_GetObjectItem(cjson, "type");
if(!type)
{
ret = RET_INPUTERR;
cJSON_Delete(cjson);
return ret;
}
*conf_type = type->valueint;
/*获取免认证规则的data部分 */
data = cJSON_GetObjectItem(cjson, "data");
if(!data)
{
ret = RET_INPUTERR;
cJSON_Delete(cjson);
cJSON_Delete(type);
return ret;
}
/*创建freeauth_configure_t结构体对象 */
s2j_create_struct_obj(struct_freeauth, freeauth_configure_t);
if(struct_freeauth == NULL)
{
cJSON_Delete(cjson);
cJSON_Delete(type);
cJSON_Delete(data);
return RET_NOMEM;
}
/*反序列化数据到freeauth_configure_t结构体对象 */
s2j_struct_get_basic_element(struct_freeauth, data, string, name);
s2j_struct_get_basic_element(struct_freeauth, data, int, sip);
s2j_struct_get_basic_element(struct_freeauth, data, int, dip);
s2j_struct_get_basic_element(struct_freeauth, data, int, dport);
memcpy(freeauth_buff->name, struct_freeauth->name, sizeof(char)*32);
freeauth_buff->sip = struct_freeauth->sip;
freeauth_buff->dip = struct_freeauth->dip;
freeauth_buff->dport = struct_freeauth->dport;
s2j_delete_struct_obj(struct_freeauth);
cJSON_Delete(cjson);
cJSON_Delete(type);
cJSON_Delete(data);
return RET_OK;
}
/*检查增加的参数格式是否正确 */
ret_code freeauth_config_add_chk(uint source,uint config_type,
pointer input, int input_len,
pointer output, int *output_len)
{
ret_code ret = RET_OK;
freeauth_configure_t *freeauth_configure;
freeauth_configure = (freeauth_configure_t *)input;
char str[32] = {0};
char dtr[32] = {0};
if((input_len < sizeof(freeauth_configure_t)) || (input_len > sizeof(freeauth_configure_t)))
{
ret = RET_INPUTERR;
return ret;
}
memset(str, 0, 32);
inet_ntop(AF_INET, (void *)&freeauth_configure->sip, str, 32);
char *sip_addr = str;
if( isIpV4Addr(sip_addr) < 0 )
{
ret = RET_IPINVALID;
return ret;
}
memset(dtr, 0, 32);
inet_ntop(AF_INET, (void *)&freeauth_configure->dip, dtr, 32);
char *dip_addr = dtr;
if( isIpV4Addr(dip_addr) < 0 )
{
ret = RET_IPINVALID;
return ret;
}
if ( (freeauth_configure->dport < DPORT_MIN_NUM) && (freeauth_configure->dport > DPORT_MAX_NUM ))
{
ret = RET_IPINVALID; /*先用IPVAILD表示后面加PORTVAILD */
return ret;
}
return RET_OK;
}
/*删除的时候以免认证规则名作为参数,检查免认证规则名是否存在 */
ret_code freeauth_config_del_chk(uint source,uint config_type,
pointer input, int input_len,
pointer output, int *output_len)
{
ret_code ret = RET_OK;
freeauth_configure_t *freeauth_configure;
freeauth_configure = (freeauth_configure_t *)input;
int i;
if((input_len < sizeof(freeauth_configure_t)) || (input_len > sizeof(freeauth_configure_t)))
{
ret = RET_INPUTERR;
return ret;
}
for(i = 0; i < RULE_MAX_NUM; i++)
{
if (0 != strcmp(freeauth_array[i].name, freeauth_configure->name))
return RET_NOTFOUND;
}
return RET_OK;
}
/*修改 查询要修改的内容是否存在 */
ret_code freeauth_config_mod_chk(uint source,uint config_type,
pointer input, int input_len,
pointer output, int *output_len)
{
ret_code ret = RET_OK;
freeauth_configure_t *freeauth_configure;
freeauth_configure = (freeauth_configure_t *)input;
int i;
if((input_len < sizeof(freeauth_configure_t)) || (input_len > sizeof(freeauth_configure_t)))
{
ret = RET_INPUTERR;
return ret;
}
/*检查修改的内容是否存在 */
for(i = 0; i < RULE_MAX_NUM; i++)
{
if (0 != strcmp(freeauth_array[i].name, freeauth_configure->name))
return RET_NOTFOUND;
}
return RET_OK;
}
/*chk data格式 */
ret_code freeauth_config_chk(uint source,uint *config_type,
pointer input, int *input_len,
pointer output, int *output_len)
{
ret_code ret = RET_OK;
freeauth_configure_t freeauth_configure = {0};
int config_len = sizeof(freeauth_configure_t);
uint conf_type = FREEAUTH_CONFIG_GET;
int code = 0;
freeauth_config_json_parse(input, &conf_type, &freeauth_configure);
switch (conf_type)
{
case FREEAUTH_CONFIG_ADD:
ret = freeauth_config_add_chk(source, conf_type,
&freeauth_configure, config_len,
output, output_len);
break;
case FREEAUTH_CONFIG_MOD:
ret = freeauth_config_mod_chk(source, conf_type,
&freeauth_configure, config_len,
output, output_len);
break;
case FREEAUTH_CONFIG_DEL:
ret = freeauth_config_del_chk(source, conf_type,
&freeauth_configure, config_len,
output, output_len);
break;
default:
ret = RET_NOTSUPPORT;
}
if(config_len <= CM_BUFF_SIZE)
{
memset(input, 0, *input_len);
memcpy(input, &freeauth_configure, config_len);
*config_type = conf_type;
*input_len = config_len;
}
else
{
ret = RET_NOMEM;
}
RET_ERR_FORMART(ret, code, output, *output_len);
return ret;
}
ret_code freeauth_config_add_proc(uint source, uint config_type,
pointer input, int input_len,
pointer output, int *output_len)
{
ret_code ret = RET_OK;
cJSON *res;
char * ret_char = NULL;
unsigned int ret_int = 0;
freeauth_configure_t *freeauth_configure;
freeauth_configure = (freeauth_configure_t *)input;
/*增加数据库*/
/*存入全局变量*/
/*用户态下发到内核态auth_hook */
int r = -1;
printf("cfgchannel main begin:\r\n");
/*创建通道 */
r = commcfgnl_open();
if(r < 0)
{
printf(" pdlivnl_open fail, exit.\r\n");
return RET_ERR;
}
/*下发配置到内核态 */
r = set_freeauthcfg_waitack(freeauth_configure);
if(r < 0)
{
printf("set_cfg_debug_waitack failed.\r\n");
return RET_ERR;
}
/*关闭netlink通道 */
commcfgnl_close();
printf("cfgchannel main exit!\r\n");
/*创建json对象 */
res = cJSON_CreateObject();
if(!res)
{
free(freeauth_configure);
ret = RET_ERR;
return ret;
}
/*将json对象转换成json字符串 返回处理结果*/
cJSON_AddNumberToObject(res, "result", r);
ret_char = cJSON_PrintUnformatted(res);
ret_int = strlen(ret_char);
if(output_len)
{
*output_len = ret_int;
}
/*超出2k的内存报错 */
if(ret_int >= 1024 * 2)
{
free(freeauth_configure);
free(ret_char);
cJSON_Delete(res);
return RET_NOMEM;
}
memcpy(output, 0, ret_int + 1);
strcpy(output, ret_char);
free(ret_char);
cJSON_Delete(res);
free(freeauth_configure);
return RET_OK;
}
ret_code freeauth_config_mod_proc(uint source, uint config_type,
pointer input, int input_len,
pointer output, int *output_len)
{
ret_code ret = RET_OK;
cJSON *res;
char * ret_char = NULL;
unsigned int ret_int = 0;
freeauth_configure_t *freeauth_configure;
freeauth_configure = (freeauth_configure_t *)input;
/*数据库修改*/
/*存入全局变量*/
/*用户态下发到内核态auth_hook */
int r = -1;
printf("cfgchannel main begin:\r\n");
/*创建通道 */
r = commcfgnl_open();
if(r < 0)
{
printf(" pdlivnl_open fail, exit.\r\n");
return RET_ERR;
}
/*下发配置到内核态 */
r = set_freeauthcfg_waitack(freeauth_configure);
if(r < 0)
{
printf("set_cfg_debug_waitack failed.\r\n");
return RET_ERR;
}
/*关闭netlink通道 */
commcfgnl_close();
printf("cfgchannel main exit!\r\n");
/*创建json对象 */
res = cJSON_CreateObject();
if(!res)
{
free(freeauth_configure);
ret = RET_ERR;
return ret;
}
cJSON_AddNumberToObject(res, "result", r);
/*将json对象转换成json字符串 */
ret_char = cJSON_PrintUnformatted(res);
ret_int = strlen(ret_char);
if(output_len)
{
*output_len = ret_int;
}
/*超出2k的内存报错 */
if(ret_int >= 1024 * 2)
{
free(freeauth_configure);
free(ret_char);
cJSON_Delete(res);
return RET_NOMEM;
}
memcpy(output, 0, ret_int + 1);
strcpy(output, ret_char);
free(ret_char);
cJSON_Delete(res);
free(freeauth_configure);
return RET_OK;
}
ret_code freeauth_config_del_proc(uint source, uint config_type,
pointer input, int input_len,
pointer output, int *output_len)
{
ret_code ret = RET_OK;
cJSON *res;
char * ret_char = NULL;
unsigned int ret_int = 0;
freeauth_configure_t *freeauth_configure;
freeauth_configure = (freeauth_configure_t *)input;
/*数据库删除*/
/*存入全局变量*/
/*用户态下发到内核态auth_hook */
int r = -1;
printf("cfgchannel main begin:\r\n");
/*创建通道 */
r = commcfgnl_open();
if(r < 0)
{
printf(" pdlivnl_open fail, exit.\r\n");
return RET_ERR;
}
/*下发配置到内核态 */
r = set_freeauthcfg_waitack(freeauth_configure);
if(r < 0)
{
printf("set_cfg_debug_waitack failed.\r\n");
return RET_ERR;
}
/*关闭netlink通道 */
commcfgnl_close();
printf("cfgchannel main exit!\r\n");
/*创建json对象 */
res = cJSON_CreateObject();
if(!res)
{
free(freeauth_configure);
ret = RET_ERR;
return ret;
}
cJSON_AddNumberToObject(res, "result", r);
/*将json对象转换成json字符串 */
ret_char = cJSON_PrintUnformatted(res);
ret_int = strlen(ret_char);
if(output_len)
{
*output_len = ret_int;
}
/*超出2k的内存报错 */
if(ret_int >= 1024 * 2)
{
free(freeauth_configure);
free(ret_char);
cJSON_Delete(res);
return RET_NOMEM;
}
memcpy(output, 0, ret_int + 1);
strcpy(output, ret_char);
free(ret_char);
cJSON_Delete(res);
free(freeauth_configure);
return RET_OK;
}
ret_code freeauth_config_proc(uint source, uint config_type,
pointer input, int input_len,
pointer output, int *output_len)
{
uint conf_type = config_type;
ret_code ret = RET_OK;
int r = -1;
cJSON *res;
char * ret_char = NULL;
unsigned int ret_int = 0;
freeauth_configure_t conf_buff = {0};
freeauth_configure_t *freeauth_configure = &conf_buff;
freeauth_configure = (freeauth_configure_t *)input;
rpc_log_info("config type is %d, name %s sip %d dip %d dport %d\n",
conf_type, freeauth_configure->name,
freeauth_configure->sip, freeauth_configure->dip,
freeauth_configure->dport);
switch (conf_type)
{
case FREEAUTH_CONFIG_ADD:
ret = freeauth_config_add_proc(source, conf_type,
&freeauth_configure, input_len,
output, output_len);
break;
case FREEAUTH_CONFIG_MOD:
ret = freeauth_config_mod_proc(source, conf_type,
&freeauth_configure, input_len,
output, output_len);
break;
case FREEAUTH_CONFIG_DEL:
ret = freeauth_config_del_proc(source, conf_type,
&freeauth_configure, input_len,
output, output_len);
break;
default:
ret = RET_NOTSUPPORT;
}
return RET_OK;
}