secgateway/Platform/user/configm/config-server/authfree_config/authfree.c

#include "../include/parsefile.h"
#include "../include/configm.h"
#include "../../../netlink_uapi/libnetlinku.h"
#include "../../../../common/rpc/rpc.h"
#include "../include/authfree.h"
#include <cjson/cJSON.h>
#include "../../../../../Common/s2j/s2j.h"
#include "../../../../../Common/commuapinl.h"

#ifdef FREEAUTH_ACK_COOKIES
#define CFG_FREEAUTH_ACK_COOKIES
#endif

/*全局变量,存放用户信息 */
freeauth_configure_t *localuser;

/*全局变量初始化 失败为1 成功为0*/
int authfreeInit(freeauth_configure_t *localuser)
{
    localuser = (freeauth_configure_t *)malloc(sizeof * localuser);
    if (NULL == localuser)
    {
        return 1;
    }

    return 0;
}

/* 判断IPv4格式是否正确*/
int isIpV4Addr(const char *ipAddr)
{
    int ip_part_1 = 0;
    int ip_part_2 = 0;
    int ip_part_3 = 0;
    int ip_part_4 = 0;
    char end_char = 0;
    if((NULL == ipAddr) || (0 == strlen(ipAddr)))
    {
        return -1;
    }
    if(4 == sscanf(ipAddr,"%d.%d.%d.%d%c",&ip_part_1,&ip_part_2,&ip_part_3,&ip_part_4,&end_char))
    {
        if((ip_part_1 >= 0) && (ip_part_1 <= 255) &&
           (ip_part_2 >= 0) && (ip_part_2 <= 255) &&
           (ip_part_3 >= 0) && (ip_part_3 <= 255) &&
           (ip_part_4 >= 0) && (ip_part_4 <= 255)
        )
        {
            return 0;
        }
    }
    return -1;
}

/*下发配置到内核态 */ 
int set_freeauthcfg_waitack(freeauth_configure_t *struct_freeauth)
{
    int freeauth_len = 0;
    struct nlmsghdr *ack = NULL;
    struct nlmsghdr **answer = &ack;
    
    struct{
        struct nlmsghdr n;
        char buf[1024];
    } req ={
        .n.nlmsg_len = NLMSG_LENGTH(0),
#ifdef CFG_FREEAUTH_ACK_COOKIES
        .n.nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK,/*set NLM_F_ACK：use kernel auto ack*/
#else
        .n.nlmsg_flags = NLM_F_REQUEST, /*not use kernel auto ack */
#endif
        .n.nlmsg_type = FREEAUTH_CFG,
        .n.nlmsg_pid = getpid(),
};

/*判断要发送的数据是否为NULL,不为NULL,打印出来 */
if (struct_freeauth == NULL)
{
    printf("set_freeauthcfg_waitack is error: input struct_freeauth is NULL.\r\n");
    return -1;
}else
{   
    char str[32];
    inet_ntop(AF_INET, (void *)&struct_freeauth->sip, str, 32);
    char *sip_addr = str;
    char dtr[32];
    inet_ntop(AF_INET, (void *)&struct_freeauth->dip, dtr, 32);
    char *dip_addr = dtr;
    printf("set_freeauthcfg_waitack :name %s  sip %s  dip %s  dport %d\n",
                struct_freeauth->name, sip_addr, dip_addr, 
                struct_freeauth->dport);
}
    
    /*计算需要发送的数据的长度 */
    freeauth_len = sizeof(freeauth_configure_t);

    /*可选属性 */
    commnl_addattr_l(&req.n, sizeof(req), 1, struct_freeauth, freeauth_len);
	
    /*发送组装好的netlink消息 */
    if(pdeliv_talk(1, &req.n, answer) < 0)
    {
        printf("set_user_freeauth_waitack rcv ack msg faild.\r\n");
        return -2;
    }
    else
    {
        printf("set_user_freeauth_waitack rcv ack msg success.\r\n");
    }
    
	if(*answer != NULL)
		{
		printf("set_user_freeauth_waitack rcv answer.\r\n");	
		}
	else{
		printf("set_user_freeauth_waitack rcv answer error.\r\n");
		return -3;
	}

#ifdef CFG_FREEAUTH_ACK_COOKIES
	/*recv answer*/
	if((*answer)->nlmsg_type == NLMSG_ERROR){
	nl_debugfs_extack(*answer);	
	}
#else
	/*recv answer*/
	if((*answer)->nlmsg_type == FREEAUTH_CFG)
	{
		nl_debugfs(*answer);
	}
#endif

return 0;
}


/*判断免认证规则源IP地址、目的IP地址是否有效，判断端口号是否有效 */
/*input格式 "{\"type\":0, \"dport\":24, \"name\":\"armink\", \"sip\":1027824,  \"dip\":103427824}";*/
ret_code freeauth_config_chk(uint source, uint config_type,
                        pointer input, int input_len,
                        pointer output, int *output_len)
{   
    ret_code ret = RET_OK;
    cJSON *cjson, *res;

    /*JSON字符串到JSON格式 */
    cjson = cJSON_Parse(input);
    if(!cjson)
    {
        ret = RET_INPUTERR;
        ASSERT_RET(ret);
        return ret;
    }

    /*创建freeauth_configure_t结构体对象 */
    s2j_create_struct_obj(struct_freeauth, freeauth_configure_t);

    /*反序列化数据到freeauth_configure_t结构体对象 */
    s2j_struct_get_basic_element(struct_freeauth, cjson, string, name);
    s2j_struct_get_basic_element(struct_freeauth, cjson, int, sip);
    s2j_struct_get_basic_element(struct_freeauth, cjson, int, dip);
    s2j_struct_get_basic_element(struct_freeauth, cjson, int, dport);
    printf("freeauth configure: name: %s sip: %d dip: %d dport: %d\n",
                 struct_freeauth->name,struct_freeauth->sip, struct_freeauth->dip, struct_freeauth->dport);

    if(input_len < sizeof(freeauth_configure_t) )
    {
        ret = RET_INPUTERR;
        ASSERT_RET(ret);
        return ret;
    }
    
    char str[32];
    inet_ntop(AF_INET, (void *)&struct_freeauth->sip, str, 32);
    char *sip_addr = str;
    if( isIpV4Addr(sip_addr) < 0 )
    {
        ret = RET_IPINVALID;
        ASSERT_RET(ret);
        return ret;
    }

    char dtr[32];
    inet_ntop(AF_INET, (void *)&struct_freeauth->dip, dtr, 32);
    char *dip_addr = dtr;
    if( isIpV4Addr(dip_addr) < 0 )
    {
        ret = RET_IPINVALID;
        ASSERT_RET(ret);
        return ret;
    }

    if ( (struct_freeauth->dport < DPORT_MIN_NUM) && (struct_freeauth->dport > DPORT_MAX_NUM ))
    {
        ret = RET_IPINVALID; /*先用IPVAILD表示，后面加PORTVAILD */
        ASSERT_RET(ret);
        return ret;
    }

    return RET_OK;  
}


/*免认证规则有效，将免认证规则通过netlink下发到内核态 */
ret_code freeauth_config_proc(uint source, uint config_type,
                        pointer input, int input_len,
                        pointer output, int *output_len)
{
    ret_code ret = RET_OK;
    cJSON *cjson, *res;
    char * ret_char = NULL;
    int * ret_int = NULL;

    /*JSON字符串到JSON格式 */
    cjson = cJSON_Parse(input);
    if(!cjson)
    {
        ret = RET_INPUTERR;
        ASSERT_RET(ret);
        return ret;
    }

    /*创建freeauth_configure_t结构体对象 */
    s2j_create_struct_obj(struct_freeauth, freeauth_configure_t);

    /*反序列化数据到freeauth_configure_t结构体对象 */
    s2j_struct_get_basic_element(struct_freeauth, cjson, string, name);
    s2j_struct_get_basic_element(struct_freeauth, cjson, int, sip);
    s2j_struct_get_basic_element(struct_freeauth, cjson, int, dip);
    s2j_struct_get_basic_element(struct_freeauth, cjson, int, dport);
    
    char str[32];
    inet_ntop(AF_INET, (void *)&struct_freeauth->sip, str, 32);
    char *sip_addr = str;
    char dtr[32];
    inet_ntop(AF_INET, (void *)&struct_freeauth->dip, dtr, 32);
    char *dip_addr = dtr;
    rpc_log_info("freeauth configure: name %s sip %s dip %s dport %d\n",
                 struct_freeauth->name,sip_addr, dip_addr, struct_freeauth->dport);

    /*用户态下发到内核态auth_hook */
    int r = -1;
    printf("cfgchannel main begin:\r\n");

    /*创建通道 */
    r = commcfgnl_open();
    if(r < 0)
    {
        printf(" pdlivnl_open fail, exit.\r\n");
        return RET_ERR;
    }

    /*下发配置到内核态 */
    r = set_freeauthcfg_waitack(struct_freeauth);
    if(r < 0)
    {
        printf("set_cfg_debug_waitack failed.\r\n");
        return RET_ERR;
    }

    /*关闭netlink通道 */    
    commcfgnl_close();
    printf("cfgchannel main exit!\r\n");

    /*创建json对象 */
    res = cJSON_CreateObject();
    if(!res)
    {
        ret = RET_ERR;
        ASSERT_RET(ret);
        return ret;
    }

    cJSON_AddNumberToObject(res, "result", r); 

    /*将json对象转换成json字符串 */
    ret_char = cJSON_PrintUnformatted(res);
    ret_int = (int*)ret_char;
    memcpy(output, ret_int, sizeof(ret_int)+1);

    free(ret_char);
    cJSON_Delete(res);
    
    /*把免认证规则的配置信息存入全局变量 */
    localuser = struct_freeauth;
    return RET_OK;  
}