From 07b225cbb93c94fee31a8807687d55935916392a Mon Sep 17 00:00:00 2001 From: ChenLing Date: Mon, 19 Aug 2019 16:18:47 +0800 Subject: [PATCH] =?UTF-8?q?Mod=20=20aaa-12=20=E5=A2=9E=E5=8A=A0=E9=85=8D?= =?UTF-8?q?=E7=BD=AE=E7=AE=A1=E7=90=86-=E8=AE=A4=E8=AF=81=E5=8F=82?= =?UTF-8?q?=E6=95=B0=E6=89=B9=E9=87=8F=E4=BF=AE=E6=94=B9=E3=80=81=E5=88=A0?= =?UTF-8?q?=E9=99=A4=E7=9A=84=E5=8A=9F=E8=83=BD=20RCA=EF=BC=9A=20SOL?= =?UTF-8?q?=EF=BC=9A=20=E4=BF=AE=E6=94=B9=E4=BA=BA=EF=BC=9Achenling=20?= =?UTF-8?q?=E6=A3=80=E8=A7=86=E4=BA=BA=EF=BC=9A?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../web_config/auth_parameters.c | 46 +- .../config-server/web_config/authfree.c | 639 ++++++++++++++---- .../config-server/web_config/authfree.h | 75 +- .../web_config/config-adm/user_authfree.c | 76 ++- .../web_config/include/user_authfree.h | 6 +- 5 files changed, 623 insertions(+), 219 deletions(-) diff --git a/Platform/user/configm/config-server/web_config/auth_parameters.c b/Platform/user/configm/config-server/web_config/auth_parameters.c index 04697bf45..e93c1fbb6 100644 --- a/Platform/user/configm/config-server/web_config/auth_parameters.c +++ b/Platform/user/configm/config-server/web_config/auth_parameters.c @@ -10,11 +10,17 @@ #include "../Platform/common/database/database.h" #include "include/user_authpara.h" #include "config_manager.h" +#include +#include "stdlib.h" +#include "redisMq.h" /*定义结构体 存认证参数*/ auth_parameters_t *auth_para; +#define LOCAL_PORTALSERVER_PORT "local_portalserver_port" + + #ifdef AGINGTIME_ACK_COOKIES #define CFG_AGINGTIME_ACK_COOKIES #endif @@ -136,7 +142,6 @@ int _valid_port(int port) close(fd); return 0; - //if(port > 0 && port < 65535) printf("port %d is ok. \n", port); } /* iuput格式:{"type": 0, "data": {"port": 1010,"timehorizon": 10,"failcount": 20,"locktime":30, "aging_time":10}}*/ @@ -204,6 +209,32 @@ ret_code authpara_config_json_parse(pointer input, uint *conf_type, auth_paramet } +/* 发布配置的本地Portal server 的port*/ +void local_portal_port(char *port) +{ + printf("port of local portal server:%s\n", port); + bool ret = redisPubInit(); + if (!ret) + { + printf("Init failed.\n"); + return; + } + + ret = redisPubConnect(); + if (!ret) + { + printf("connect failed."); + return; + } + + redisPublish(LOCAL_PORTALSERVER_PORT, port); + + redisPubDisconnect(); + redisPubUninit(); + return; +} + + ret_code authpara_config_chk(uint source, uint *config_type, pointer input, int *input_len, pointer output, int *output_len) @@ -236,9 +267,10 @@ ret_code authpara_config_proc(uint source, uint config_type, ret = RET_INPUTERR; return ret; } - + portresult = _valid_port(auth_parameters.port); - if(portresult = 1) + printf("portresult:%d\n", portresult); + if(portresult == 1) { return RET_CHKERR; } @@ -285,6 +317,12 @@ ret_code authpara_config_proc(uint source, uint config_type, } #endif + /*Portal server的port通过redis消息队列接口发布给web server*/ + char auth_port[20]; + sprintf(auth_port, "%d ",auth_parameters.port); + printf("The number 'port' is %d and the string 'port' is %s. \n",auth_parameters.port, auth_port); + local_portal_port(auth_port); + /*创建json对象 */ res = cJSON_CreateObject(); if(!res) @@ -317,5 +355,3 @@ ret_code authpara_config_proc(uint source, uint config_type, cJSON_Delete(res); return RET_OK; } - - diff --git a/Platform/user/configm/config-server/web_config/authfree.c b/Platform/user/configm/config-server/web_config/authfree.c index 74093a26b..1516b3d3e 100644 --- a/Platform/user/configm/config-server/web_config/authfree.c +++ b/Platform/user/configm/config-server/web_config/authfree.c @@ -1,3 +1,4 @@ +#include #include "../include/parsefile.h" #include "../include/configm.h" #include "../../../netlink_uapi/libnetlinku.h" @@ -133,7 +134,43 @@ int set_freeauthcfg_waitack(freeauth_configure_t *struct_freeauth) return 0; } -/* 判断免认证规则格式 iuput格式:{"type": 0, "data": {"name": "armink","sip": 1027824,"dip": 103427824,"dport": 24}}*/ + +/*获取json串类型*/ +ret_code freeauth_config_json_type(pointer input, uint *conf_type) +{ + char* pString = (char*)input; + ret_code ret = RET_OK; + cJSON *cjson, *type; + + printf("json:[%s]\n", pString); + + /*JSON字符串到JSON格式 */ + cjson = cJSON_Parse(input); + if(!cjson) + { + ret = RET_INPUTERR; + ASSERT_RET(ret); + return ret; + } + + /*获取操作类型 add、mod、del */ + type = cJSON_GetObjectItem(cjson, "type"); + if(!type) + { + ret = RET_INPUTERR; + cJSON_Delete(cjson); + return ret; + } + + *conf_type = type->valueint; + + cJSON_Delete(cjson); + return RET_OK; +} + + +/*json字符串转为结构体*/ +/*iuput格式:{"type": 0, "data": {"rule_priority": 1, "name": "armink","sip": 1027824,"dip": 103427824,"dport": 24, "flag":0}}*/ ret_code freeauth_config_json_parse(pointer input, uint *conf_type, freeauth_configure_t *freeauth_buff) { char *pString = (char *)input; @@ -179,21 +216,262 @@ ret_code freeauth_config_json_parse(pointer input, uint *conf_type, freeauth_con } /*反序列化数据到freeauth_configure_t结构体对象 */ + s2j_struct_get_basic_element(struct_freeauth, data, int, rule_priority); s2j_struct_get_basic_element(struct_freeauth, data, string, name); s2j_struct_get_basic_element(struct_freeauth, data, int, sip); s2j_struct_get_basic_element(struct_freeauth, data, int, dip); s2j_struct_get_basic_element(struct_freeauth, data, int, dport); + s2j_struct_get_basic_element(struct_freeauth, data, int, flag); + freeauth_buff->rule_priority = struct_freeauth->rule_priority; memcpy(freeauth_buff->name, struct_freeauth->name, sizeof(char) * 32); freeauth_buff->sip = struct_freeauth->sip; freeauth_buff->dip = struct_freeauth->dip; freeauth_buff->dport = struct_freeauth->dport; + freeauth_buff->flag = struct_freeauth->flag; cJSON_Delete(cjson); return RET_OK; } + +/*iuput格式: +{ + "type": 0, + "data": [ + {"rule_priority": 1,"name": "cary","sip": 2323790,"dip": 13546465478,"dport": 120, "flag":0}, + {"rule_priority": 2,"name": "nicole","sip": 2323790,"dip": 13546465478,"dport": 130, "flag":0}, + {"rule_priority": 3,"name": "arwrgmink","sip": 2323790,"dip": 13546465478,"dport": 90, "flag":0} + ] +} +*/ +ret_code authpara_config_json_parse_array(pointer input, uint *conf_type, freeauth_configure_t **fb, int *cnt) +{ + ret_code ret = RET_OK; + cJSON *cjson, *type, *data, *rule_priority, *name, *sip, *dip, *dport, *flag; + cJSON* pArrayItem; + freeauth_configure_t* pbuf, *freeauth_buff = *fb; + int iCount = 0, i = 0; + + /*JSON字符串到JSON格式 */ + cjson = cJSON_Parse(input); + if(!cjson) + { + ret = RET_INPUTERR; + ASSERT_RET(ret); + return ret; + } + + rpc_log_info("json input:%s \n", cJSON_Print(cjson)); + + /*获取免认证规则的data部分 */ + data = cJSON_GetObjectItem(cjson, "data"); + if(!data) + { + ret = RET_INPUTERR; + cJSON_Delete(cjson); + return ret; + } + + /*获取数组长度*/ + iCount = cJSON_GetArraySize(data); + printf("iCount=[%d]\n",iCount); + + freeauth_buff = (freeauth_configure_t*)malloc(sizeof(freeauth_configure_t) * iCount); + if(!freeauth_buff) { + ret = RET_NOMEM; + cJSON_Delete(cjson); + return ret; + } + + memset(freeauth_buff, 0, sizeof(freeauth_configure_t) * iCount); + *fb = freeauth_buff; + + /*创建freeauth_configure_t结构体对象 */ + s2j_create_struct_obj(struct_freeauth, freeauth_configure_t); + if (struct_freeauth == NULL) + { + cJSON_Delete(cjson); + return RET_NOMEM; + } + + pbuf = freeauth_buff; + *cnt = 0; + for(i = 0; i < iCount; i++) + { + + pArrayItem = cJSON_GetArrayItem(data, i); + if(pArrayItem) + { + /*获取未认证权限优先级键值对*/ + rule_priority = cJSON_GetObjectItem(pArrayItem, "rule_priority"); + if(!rule_priority) + { + ret = RET_INPUTERR; + cJSON_Delete(data); + return ret; + } + freeauth_buff->rule_priority = rule_priority->valueint; + + /*未认证权限名称*/ + name = cJSON_GetObjectItem(pArrayItem, "name"); + if(!name) + { + ret = RET_INPUTERR; + cJSON_Delete(data); + return ret; + } + char *rule_name = name->valuestring; + memcpy(freeauth_buff->name, rule_name, sizeof(char) * 32); + + /*源IP地址*/ + sip = cJSON_GetObjectItem(pArrayItem, "sip"); + if(!sip) + { + ret = RET_INPUTERR; + cJSON_Delete(data); + return ret; + } + freeauth_buff->sip = sip->valueint; + + /*目的IP地址*/ + dip = cJSON_GetObjectItem(pArrayItem, "dip"); + if(!sip) + { + ret = RET_INPUTERR; + cJSON_Delete(data); + return ret; + } + freeauth_buff->dip = dip->valueint; + + /*目的端口号*/ + dport = cJSON_GetObjectItem(pArrayItem, "dport"); + if(!dport) + { + ret = RET_INPUTERR; + cJSON_Delete(data); + return ret; + } + freeauth_buff->dport = dport->valueint; + + /*状态标志位*/ + flag = cJSON_GetObjectItem(pArrayItem, "flag"); + if(!flag) + { + ret = RET_INPUTERR; + cJSON_Delete(data); + return ret; + } + freeauth_buff->flag = flag->valueint; + + printf("freeauth_buff->name = %p\n", &freeauth_buff->name); + + for (int j = 0; j < iCount; j++) + { + printf("[%d %s %d %d %d %d]\n",pbuf[j].rule_priority, pbuf[j].name, pbuf[j].sip, + pbuf[j].dip, pbuf[j].dport, pbuf[j].flag); + } + + freeauth_buff++; + (*cnt)++; + } + } + + //s2j_delete_struct_obj(auth_parameters); + cJSON_Delete(cjson); + + return RET_OK; +} + +ret_code authpara_config_json_parse_del_array(pointer input, uint *conf_type, freeauth_configure_t **fb, int *cnt) +{ + ret_code ret = RET_OK; + cJSON *cjson, *type, *data, *name; + cJSON* pArrayItem; + freeauth_configure_t* pbuf, *freeauth_buff = *fb; + int iCount = 0, i = 0; + + /*JSON字符串到JSON格式 */ + cjson = cJSON_Parse(input); + if(!cjson) + { + ret = RET_INPUTERR; + ASSERT_RET(ret); + return ret; + } + + rpc_log_info("json input:%s \n", cJSON_Print(cjson)); + + /*获取免认证规则的data部分 */ + data = cJSON_GetObjectItem(cjson, "data"); + if(!data) + { + ret = RET_INPUTERR; + cJSON_Delete(cjson); + return ret; + } + + /*获取数组长度*/ + iCount = cJSON_GetArraySize(data); + printf("iCount=[%d]\n",iCount); + + freeauth_buff = (freeauth_configure_t*)malloc(sizeof(freeauth_configure_t) * iCount); + + if(!freeauth_buff) { + ret = RET_INPUTERR; + cJSON_Delete(cjson); + return ret; + } + + memset(freeauth_buff, 0, sizeof(freeauth_configure_t) * iCount); + *fb = freeauth_buff; + + /*创建freeauth_configure_t结构体对象 */ + s2j_create_struct_obj(struct_freeauth, freeauth_configure_t); + if (struct_freeauth == NULL) + { + cJSON_Delete(cjson); + return RET_NOMEM; + } + + pbuf = freeauth_buff; + *cnt = 0; + for(i = 0; i < iCount; i++) + { + + pArrayItem = cJSON_GetArrayItem(data, i); + if(pArrayItem) + { + name = cJSON_GetObjectItem(pArrayItem, "name"); + if(!name) + { + ret = RET_INPUTERR; + cJSON_Delete(data); + return ret; + } + char *rule_name = name->valuestring; + memcpy(freeauth_buff->name, rule_name, sizeof(char) * 32); + printf("freeauth_buff->name = %p name = %s\n", &freeauth_buff->name, freeauth_buff->name); + + printf("\n"); + for (int j = 0; j < iCount; j++) + { + printf("[%s] %d\n",pbuf[j].name, j); + } + + freeauth_buff++; + (*cnt)++; + } + } + + //s2j_delete_struct_obj(auth_parameters); + cJSON_Delete(cjson); + + return RET_OK; +} + + /*chk data格式 */ ret_code freeauth_config_chk(uint source, uint *config_type, pointer input, int *input_len, @@ -209,7 +487,7 @@ ret_code freeauth_config_add_proc(uint source, uint config_type, { ret_code ret = RET_OK; freeauth_configure_t *freeauth_configure; - freeauth_configure = (freeauth_configure_t *)input; + uint conf_type = FREEAUTH_CONFIG_GET; char str[32] = {0}; char dtr[32] = {0}; cJSON *res; @@ -217,6 +495,14 @@ ret_code freeauth_config_add_proc(uint source, uint config_type, unsigned int ret_int = 0; authfree_result_t *authfree_result; int i; + + freeauth_configure = (freeauth_configure_t*)malloc(sizeof(freeauth_configure_t)); + if(freeauth_configure == NULL) + { + return RET_NAMEINVAL; + } + + freeauth_config_json_parse(input, &conf_type, freeauth_configure); if((input_len < sizeof(freeauth_configure_t)) || (input_len > sizeof(freeauth_configure_t))) { @@ -286,8 +572,8 @@ ret_code freeauth_config_add_proc(uint source, uint config_type, return RET_NOMEM; } - add_authfree(freeauth_configure->name, freeauth_configure->sip, freeauth_configure->dip, - freeauth_configure->dport, authfree_result); + add_authfree(freeauth_configure->rule_priority, freeauth_configure->name, freeauth_configure->sip, freeauth_configure->dip, + freeauth_configure->dport, freeauth_configure->flag, authfree_result); #if 0 /*用户态下发到内核态auth_hook */ @@ -353,200 +639,272 @@ ret_code freeauth_config_mod_proc(uint source, uint config_type, pointer input, int input_len, pointer output, int *output_len) { - freeauth_configure_t *freeauth_configure; - freeauth_configure = (freeauth_configure_t *)input; + freeauth_configure_t* freeauth_configure = NULL; ret_code ret = RET_OK; + uint conf_type = FREEAUTH_CONFIG_GET; cJSON *res; char *ret_char = NULL; unsigned int ret_int = 0; int i; + int cnt; authfree_result_t *authfree_result; + + #if 0 + freeauth_configure = (freeauth_configure_t*)malloc(sizeof(freeauth_configure_t)); + if(freeauth_configure == NULL) + { + return RET_NAMEINVAL; + } + #endif + + authpara_config_json_parse_array(input, &conf_type, &freeauth_configure, &cnt); + if ((input_len < sizeof(freeauth_configure_t)) || (input_len > sizeof(freeauth_configure_t))) { ret = RET_INPUTERR; return ret; } + + + /**/ + for (i = 0; i < RULE_MAX_NUM; i++) + { + printf("%d %s %d %d %d %d %d\n",freeauth_array[i].rule_priority, freeauth_array[i].name, freeauth_array[i].sip, + freeauth_array[i].dip, freeauth_array[i].dport, freeauth_array[i].flag, i); + } + + for (int j = 0; j < cnt; j++) + { + printf("%d %s %d %d %d %d %d\n",freeauth_configure[j].rule_priority, freeauth_configure[j].name, freeauth_configure[j].sip, + freeauth_configure[j].dip, freeauth_configure[j].dport, freeauth_configure[j].flag, j); + } /*查找要修改的免认证规则名字,不存在则退出程序 */ for (i = 0; i < RULE_MAX_NUM; i++) { /*两个字符串相等 strcmp值为0*/ - if (0 == strcmp(freeauth_array[i].name, freeauth_configure->name)) - { - printf("%s(%d) freeauth_array[%d] = %p\n", __FUNCTION__, __LINE__, i, &freeauth_array[i]); - /*数据库修改 存入全局变量*/ - authfree_result = (authfree_result_t *)malloc(sizeof(authfree_result_t)); - if (NULL == authfree_result) + for(int j = 0; j < cnt; j++) + { + + if (0 == strcmp(freeauth_array[i].name, freeauth_configure[j].name)) { - return RET_NOMEM; - } + printf("%s %d\n", freeauth_array[i].name, i); + printf("%s %d\n", freeauth_configure[j].name, j); + printf("%s(%d) freeauth_array[%d] = %p\n", __FUNCTION__, __LINE__, i, &freeauth_array[j]); + /*数据库修改 存入全局变量*/ + authfree_result = (authfree_result_t *)malloc(sizeof(authfree_result_t)); + if (NULL == authfree_result) + { + return RET_NOMEM; + } - mod_authfree(freeauth_configure->name, freeauth_configure->sip, freeauth_configure->dip, - freeauth_configure->dport, authfree_result); + mod_authfree(freeauth_configure[j].rule_priority,freeauth_configure[j].name, freeauth_configure[j].sip, freeauth_configure[j].dip, + freeauth_configure[j].dport, freeauth_configure[j].flag, authfree_result); + + #if 0 + /*用户态下发到内核态auth_hook */ + int r = -1; + printf("cfgchannel main begin:\r\n"); - #if 0 - /*用户态下发到内核态auth_hook */ - int r = -1; - printf("cfgchannel main begin:\r\n"); + /*创建通道 */ + r = commcfgnl_open(); + if(r < 0) + { + printf(" pdlivnl_open fail, exit.\r\n"); + return RET_ERR; + } - /*创建通道 */ - r = commcfgnl_open(); - if(r < 0) - { - printf(" pdlivnl_open fail, exit.\r\n"); - return RET_ERR; - } + /*下发配置到内核态 */ + r = set_freeauthcfg_waitack(freeauth_configure); + if(r < 0) + { + printf("set_cfg_debug_waitack failed.\r\n"); + return RET_ERR; + } - /*下发配置到内核态 */ - r = set_freeauthcfg_waitack(freeauth_configure); - if(r < 0) - { - printf("set_cfg_debug_waitack failed.\r\n"); - return RET_ERR; - } + /*关闭netlink通道 */ + commcfgnl_close(); + printf("cfgchannel main exit!\r\n"); + #endif - /*关闭netlink通道 */ - commcfgnl_close(); - printf("cfgchannel main exit!\r\n"); - #endif + /*创建json对象 */ + res = cJSON_CreateObject(); + if (!res) + { + ret = RET_ERR; + return ret; + } - /*创建json对象 */ - res = cJSON_CreateObject(); - if (!res) - { - ret = RET_ERR; - return ret; - } + /*将json对象转换成json字符串 返回处理结果*/ + cJSON_AddNumberToObject(res, "resultcode", authfree_result->resultcode); + cJSON_AddStringToObject(res, "message", authfree_result->message); + ret_char = cJSON_PrintUnformatted(res); + ret_int = strlen(ret_char); + if (output_len) + { + *output_len = ret_int; + } - /*将json对象转换成json字符串 返回处理结果*/ - cJSON_AddNumberToObject(res, "resultcode", authfree_result->resultcode); - cJSON_AddStringToObject(res, "message", authfree_result->message); - ret_char = cJSON_PrintUnformatted(res); - ret_int = strlen(ret_char); - if (output_len) - { - *output_len = ret_int; - } + /*超出2k的内存,报错 */ + if (ret_int >= 1024 * 2) + { + free(ret_char); + cJSON_Delete(res); + return RET_NOMEM; + } + + memcpy(output, ret_char, ret_int + 1); - /*超出2k的内存,报错 */ - if (ret_int >= 1024 * 2) - { free(ret_char); cJSON_Delete(res); - return RET_NOMEM; } - - memcpy(output, ret_char, ret_int + 1); - - free(ret_char); - cJSON_Delete(res); - return RET_OK; - } - + } } + if(freeauth_configure) { + free(freeauth_configure); + } + + return RET_OK; + } + ret_code freeauth_config_del_proc(uint source, uint config_type, pointer input, int input_len, pointer output, int *output_len) { + freeauth_configure_t* freeauth_configure = NULL; ret_code ret = RET_OK; - freeauth_configure_t *freeauth_configure; - freeauth_configure = (freeauth_configure_t *)input; + uint conf_type = FREEAUTH_CONFIG_GET; cJSON *res; char *ret_char = NULL; unsigned int ret_int = 0; int i; + int cnt; authfree_result_t *authfree_result; + + #if 0 + freeauth_configure = (freeauth_configure_t*)malloc(sizeof(freeauth_configure_t)); + if(freeauth_configure == NULL) + { + return RET_NAMEINVAL; + } + #endif - if((input_len < sizeof(freeauth_configure_t)) || (input_len > sizeof(freeauth_configure_t))) - { + authpara_config_json_parse_del_array(input, &conf_type, &freeauth_configure, &cnt); + + if ((input_len < sizeof(freeauth_configure_t)) || (input_len > sizeof(freeauth_configure_t))) + { ret = RET_INPUTERR; return ret; } - - - /*查找要删除的免认证规则名字,不存在则退出程序 */ + + + for (i = 0; i < RULE_MAX_NUM; i++) + { + printf("%d %s %d %d %d %d %d\n",freeauth_array[i].rule_priority, freeauth_array[i].name, freeauth_array[i].sip, + freeauth_array[i].dip, freeauth_array[i].dport, freeauth_array[i].flag, i); + } + + for (int j = 0; j < cnt; j++) + { + printf("%d %s %d %d %d %d %d\n",freeauth_configure[j].rule_priority, freeauth_configure[j].name, freeauth_configure[j].sip, + freeauth_configure[j].dip, freeauth_configure[j].dport, freeauth_configure[j].flag, j); + } + + /*查找要修改的免认证规则名字,不存在则退出程序 */ for (i = 0; i < RULE_MAX_NUM; i++) { /*两个字符串相等 strcmp值为0*/ - if (0 == strcmp(freeauth_array[i].name, freeauth_configure->name)) - { - printf("%s(%d) freeauth_array[%d] = %p\n", __FUNCTION__, __LINE__, i, &freeauth_array[i]); - /*数据库修改 存入全局变量*/ - authfree_result = (authfree_result_t *)malloc(sizeof(authfree_result_t)); - if (NULL == authfree_result) + for(int j = 0; j < cnt; j++) + { + + if (0 == strcmp(freeauth_array[i].name, freeauth_configure[j].name)) { - return RET_NOMEM; - } - del_authfree(freeauth_configure->name, freeauth_configure->sip, freeauth_configure->dip, - freeauth_configure->dport, authfree_result); + printf("%s %d\n", freeauth_array[i].name, i); + printf("%s %d\n", freeauth_configure[j].name, j); + printf("%s(%d) freeauth_array[%d] = %p\n", __FUNCTION__, __LINE__, i, &freeauth_array[j]); + /*数据库修改 存入全局变量*/ + authfree_result = (authfree_result_t *)malloc(sizeof(authfree_result_t)); + if (NULL == authfree_result) + { + return RET_NOMEM; + } + + del_authfree(freeauth_configure[j].name, authfree_result); + + #if 0 + /*用户态下发到内核态auth_hook */ + int r = -1; + printf("cfgchannel main begin:\r\n"); - #if 0 - /*用户态下发到内核态auth_hook */ - int r = -1; - printf("cfgchannel main begin:\r\n"); + /*创建通道 */ + r = commcfgnl_open(); + if(r < 0) + { + printf(" pdlivnl_open fail, exit.\r\n"); + return RET_ERR; + } - /*创建通道 */ - r = commcfgnl_open(); - if(r < 0) - { - printf(" pdlivnl_open fail, exit.\r\n"); - return RET_ERR; - } + /*下发配置到内核态 */ + r = set_freeauthcfg_waitack(freeauth_configure); + if(r < 0) + { + printf("set_cfg_debug_waitack failed.\r\n"); + return RET_ERR; + } - /*下发配置到内核态 */ - r = set_freeauthcfg_waitack(freeauth_configure); - if(r < 0) - { - printf("set_cfg_debug_waitack failed.\r\n"); - return RET_ERR; - } + /*关闭netlink通道 */ + commcfgnl_close(); + printf("cfgchannel main exit!\r\n"); + #endif - /*关闭netlink通道 */ - commcfgnl_close(); - printf("cfgchannel main exit!\r\n"); - #endif + /*创建json对象 */ + res = cJSON_CreateObject(); + if (!res) + { + ret = RET_ERR; + return ret; + } - /*创建json对象 */ - res = cJSON_CreateObject(); - if (!res) - { - free(freeauth_configure); - ret = RET_ERR; - return ret; - } + /*将json对象转换成json字符串 返回处理结果*/ + cJSON_AddNumberToObject(res, "resultcode", authfree_result->resultcode); + cJSON_AddStringToObject(res, "message", authfree_result->message); + ret_char = cJSON_PrintUnformatted(res); + ret_int = strlen(ret_char); + if (output_len) + { + *output_len = ret_int; + } - /*将json对象转换成json字符串 返回处理结果*/ - cJSON_AddNumberToObject(res, "resultcode", authfree_result->resultcode); - cJSON_AddStringToObject(res, "message", authfree_result->message); - ret_char = cJSON_PrintUnformatted(res); - ret_int = strlen(ret_char); - if (output_len) - { - *output_len = ret_int; - } + /*超出2k的内存,报错 */ + if (ret_int >= 1024 * 2) + { + free(ret_char); + cJSON_Delete(res); + return RET_NOMEM; + } + + memcpy(output, ret_char, ret_int + 1); - /*超出2k的内存,报错 */ - if (ret_int >= 1024 * 2) - { free(ret_char); cJSON_Delete(res); - return RET_NOMEM; } - - memcpy(output, ret_char, ret_int + 1); - - free(ret_char); - cJSON_Delete(res); - return RET_OK; - } + } } + + if(freeauth_configure) { + free(freeauth_configure); + } + + return RET_OK; + } + ret_code freeauth_config_proc(uint source, uint config_type, pointer input, int input_len, pointer output, int *output_len) @@ -561,28 +919,24 @@ ret_code freeauth_config_proc(uint source, uint config_type, cJSON *res; int code = 0; - freeauth_config_json_parse(input, &conf_type, &freeauth_configure); - - rpc_log_info("config type is %d, name %s sip %d dip %d dport %d\n", - conf_type, freeauth_configure.name, - freeauth_configure.sip, freeauth_configure.dip, - freeauth_configure.dport); + freeauth_config_json_type(input, &conf_type); + rpc_log_info("config type is %d\n", conf_type); switch (conf_type) { case FREEAUTH_CONFIG_ADD: ret = freeauth_config_add_proc(source, conf_type, - &freeauth_configure, input_len, + input, input_len, output, output_len); break; case FREEAUTH_CONFIG_MOD: ret = freeauth_config_mod_proc(source, conf_type, - &freeauth_configure, input_len, + input, input_len, output, output_len); break; case FREEAUTH_CONFIG_DEL: ret = freeauth_config_del_proc(source, conf_type, - &freeauth_configure, input_len, + input, input_len, output, output_len); break; default: @@ -593,3 +947,4 @@ ret_code freeauth_config_proc(uint source, uint config_type, } + diff --git a/Platform/user/configm/config-server/web_config/authfree.h b/Platform/user/configm/config-server/web_config/authfree.h index 36e17205d..48fea2a0b 100644 --- a/Platform/user/configm/config-server/web_config/authfree.h +++ b/Platform/user/configm/config-server/web_config/authfree.h @@ -25,10 +25,13 @@ /*配置消息 */ typedef struct { - uint32_t sip; - uint32_t dip; - int dport; - char name[32]; + int rule_priority; /*未认证权限优先级*/ + char name[32]; /*未认证权限名称*/ + uint32_t sip; /*未认证权限源IP地址*/ + uint32_t dip; /*未认证权限目的IP地址*/ + int dport; /*未认证权限目的端口号*/ + int flag; /*状态标志位,0表示状态启动,1表示状态禁用*/ + }freeauth_configure_t; typedef struct { @@ -37,10 +40,6 @@ typedef struct { }authfree_result_t; -/*全局变量初始化 失败为1 成功为0*/ -int authfreeInit(freeauth_configure_t **localuser); - - /* 判断IPv4格式是否正确*/ int isIpV4Addr(const char *ipAddr); @@ -48,45 +47,51 @@ int isIpV4Addr(const char *ipAddr); /*下发配置到内核态 */ int set_freeauthcfg_waitack(freeauth_configure_t *struct_freeauth); +/*获取json串类型*/ +ret_code freeauth_config_json_type(pointer input, uint *conf_type); -/*检查增加的参数格式是否正确 */ -ret_code freeauth_config_add_chk(uint source,uint config_type, - pointer input, int input_len, - pointer output, int *output_len); +/*json字符串转为结构体*/ +/*iuput格式:{"type": 0, "data": {"rule_priority": 1, "name": "armink","sip": 1027824,"dip": 103427824,"dport": 24, "flag":0}}*/ +ret_code freeauth_config_json_parse(pointer input, uint *conf_type, freeauth_configure_t *freeauth_buff); -/*删除的时候以免认证规则名作为参数,检查免认证规则名是否存在 */ -ret_code freeauth_config_del_chk(uint source,uint config_type, - pointer input, int input_len, - pointer output, int *output_len); -/*修改 查询要修改的内容是否存在 */ -ret_code freeauth_config_mod_chk(uint source,uint config_type, - pointer input, int input_len, - pointer output, int *output_len); +/*iuput格式: +{ + "type": 0, + "data": [ + {"rule_priority": 1,"name": "cary","sip": 2323790,"dip": 13546465478,"dport": 120, "flag":0}, + {"rule_priority": 2,"name": "nicole","sip": 2323790,"dip": 13546465478,"dport": 130, "flag":0}, + {"rule_priority": 3,"name": "arwrgmink","sip": 2323790,"dip": 13546465478,"dport": 90, "flag":0} + ] +} +*/ +ret_code authpara_config_json_parse_array(pointer input, uint *conf_type, freeauth_configure_t **fb, int *cnt); + +ret_code authpara_config_json_parse_del_array(pointer input, uint *conf_type, freeauth_configure_t **fb, int *cnt); /*chk data格式 */ -ret_code freeauth_config_chk(uint source,uint *config_type, - pointer input, int *input_len, - pointer output, int *output_len); - +ret_code freeauth_config_chk(uint source, uint *config_type, + pointer input, int *input_len, + pointer output, int *output_len); +/*增加未认证权限规则 */ ret_code freeauth_config_add_proc(uint source, uint config_type, - pointer input, int input_len, - pointer output, int *output_len); - + pointer input, int input_len, + pointer output, int *output_len); +/*修改未认证权限规则 */ ret_code freeauth_config_mod_proc(uint source, uint config_type, - pointer input, int input_len, - pointer output, int *output_len); - + pointer input, int input_len, + pointer output, int *output_len); +/*删除未认证权限规则 */ ret_code freeauth_config_del_proc(uint source, uint config_type, - pointer input, int input_len, - pointer output, int *output_len); - + pointer input, int input_len, + pointer output, int *output_len); ret_code freeauth_config_proc(uint source, uint config_type, - pointer input, int input_len, - pointer output, int *output_len); + pointer input, int input_len, + pointer output, int *output_len); + #endif \ No newline at end of file diff --git a/Platform/user/configm/config-server/web_config/config-adm/user_authfree.c b/Platform/user/configm/config-server/web_config/config-adm/user_authfree.c index 0cb6263a4..4ae740e29 100644 --- a/Platform/user/configm/config-server/web_config/config-adm/user_authfree.c +++ b/Platform/user/configm/config-server/web_config/config-adm/user_authfree.c @@ -23,7 +23,7 @@ char * authfreemes[] = {"addrule success", "addrule fail", "rule existed", "modr "modrule failure", "rule not found", "delrule success", "delrule fail", "rulenum exceed maxnum"}; /*增加未认证权限规则*/ -void add_authfree(char *name, uint32_t sip, uint32_t dip, int dport, authfree_result_t *authfree_result) +void add_authfree(int rule_priority, char *name, uint32_t sip, uint32_t dip, int dport, int flag, authfree_result_t *authfree_result) { void * authfree_hdbc; char * ret_sql = NULL; @@ -50,12 +50,12 @@ void add_authfree(char *name, uint32_t sip, uint32_t dip, int dport, authfree_re /*长整型bigint 浮点型double 字符串character(10)*/ printf("authfree_hdbc = %p\n", authfree_hdbc); - ret = create_database_table(AUTHFREE_DATABASE_ID, authfree_hdbc, "authfree", "create table authfree(name character(32), sip bigint, dip bigint, dport bigint)"); + ret = create_database_table(AUTHFREE_DATABASE_ID, authfree_hdbc, "authfree", "create table authfree(rule_priority bigint, name character(32), sip bigint, dip bigint, dport bigint, flag bigint)"); printf("%d \n",ret); /*查询数据库是否存在该权限规则*/ - char * select_sql = "SELECT name, sip, dip, dport FROM `authfree`WHERE name = ?"; + char * select_sql = "SELECT rule_priority, name, sip, dip, dport, flag FROM `authfree` WHERE name = ?"; ret_sql = select_datebase_by_number(AUTHFREE_DATABASE_ID, authfree_hdbc, "authfree", select_sql, 1, 0, &num, 1, DB_DATA_STRING_TYPE, strlen(name)+1, name); if(NULL != ret_sql) @@ -69,12 +69,14 @@ void add_authfree(char *name, uint32_t sip, uint32_t dip, int dport, authfree_re else { /* 根据指定信息查询数据库的获取的结果的条目数 条目数大于10 则不能再添加 */ - char * select_num = "SELECT name, sip, dip, dport FROM `authfree`"; - ret = get_select_datebase_number(AUTHFREE_DATABASE_ID, authfree_hdbc, "authfree", select_num , &num_sql, 4, + char * select_num = "SELECT rule_priority, name, sip, dip, dport, flag FROM `authfree`"; + ret = get_select_datebase_number(AUTHFREE_DATABASE_ID, authfree_hdbc, "authfree", select_num , &num_sql, 6, + DB_DATA_INT_TYPE, sizeof(rule_priority), rule_priority, DB_DATA_STRING_TYPE, strlen(name)+1, name, DB_DATA_INT_TYPE, sizeof(sip), sip, DB_DATA_INT_TYPE, sizeof(dip), dip, - DB_DATA_INT_TYPE, sizeof(dport), dport); + DB_DATA_INT_TYPE, sizeof(dport), dport, + DB_DATA_INT_TYPE, sizeof(flag), flag); printf("num_sql = %d \n", num_sql); printf("ret = %d \n", ret); if (num_sql > RULE_MAX_NUM) @@ -87,12 +89,14 @@ void add_authfree(char *name, uint32_t sip, uint32_t dip, int dport, authfree_re } /* 向authfree表中添加:未认证权限名称、内部源IP地址、目的IP地址、目的端口号 */ - char *addfree_sql = "INSERT INTO `authfree` SET name = ?, sip = ?, dip = ?, dport = ?"; - ret_add = update_database(AUTHFREE_DATABASE_ID, authfree_hdbc, DB_OP_INSERT, AUTHFREE_TABLE, addfree_sql, 4, + char *addfree_sql = "INSERT INTO `authfree` SET rule_priority = ?, name = ?, sip = ?, dip = ?, dport = ?, flag = ?"; + ret_add = update_database(AUTHFREE_DATABASE_ID, authfree_hdbc, DB_OP_INSERT, AUTHFREE_TABLE, addfree_sql, 6, + DB_DATA_INT_TYPE, sizeof(rule_priority), rule_priority, DB_DATA_STRING_TYPE, strlen(name)+1, name, DB_DATA_INT_TYPE, sizeof(sip), sip, DB_DATA_INT_TYPE, sizeof(dip), dip, - DB_DATA_INT_TYPE, sizeof(dport), dport); + DB_DATA_INT_TYPE, sizeof(dport), dport, + DB_DATA_INT_TYPE, sizeof(flag), flag); printf("the value of ret:%d\n", ret_add); if(0 != ret_add) { @@ -116,22 +120,17 @@ void add_authfree(char *name, uint32_t sip, uint32_t dip, int dport, authfree_re if (0 == strlen(freeauth_array[i].name)) { printf("%s(%d) freeauth_array[%d] = %p\n", __FUNCTION__, __LINE__, i, &freeauth_array[i]); + freeauth_array[i].rule_priority = rule_priority; memcpy(freeauth_array[i].name, name, sizeof(char)*32); freeauth_array[i].sip = sip; freeauth_array[i].dip = dip; freeauth_array[i].dport = dport; - printf("%s %d %d %d %d\n",freeauth_array[i].name, freeauth_array[i].sip,freeauth_array[i].dip ,freeauth_array[i].dport, i); + freeauth_array[i].flag = flag; + printf("[%d %s %d %d %d %d %d]\n",freeauth_array[i].rule_priority,freeauth_array[i].name, freeauth_array[i].sip, + freeauth_array[i].dip ,freeauth_array[i].dport, freeauth_array[i].dport, i); break; } } - - #if 0 - /*打印数组内全部元素*/ - for (i = 0; i < RULE_MAX_NUM; i++) - { - printf("%s %d %d %d %d\n",freeauth_array[i].name, freeauth_array[i].sip,freeauth_array[i].dip ,freeauth_array[i].dport, i); - } - #endif /*添加成功*/ authfree_result->resultcode = 0; @@ -140,7 +139,7 @@ void add_authfree(char *name, uint32_t sip, uint32_t dip, int dport, authfree_re /*修改未认证权限*/ -void mod_authfree(char *name, uint32_t sip, uint32_t dip, int dport, authfree_result_t *authfree_result) +void mod_authfree(int rule_priority, char *name, uint32_t sip, uint32_t dip, int dport, int flag, authfree_result_t *authfree_result) { void * authfree_hdbc; char * ret_sql = NULL; @@ -184,11 +183,13 @@ void mod_authfree(char *name, uint32_t sip, uint32_t dip, int dport, authfree_re else { /*修改authfree表中内部源IP地址、目的IP地址、目的端口号 未认证权限名称不能修改 */ - char *modfree_sql = "UPDATE `authfree` SET sip = ?, dip = ?, dport = ? WHERE name = ?"; - ret_mod = update_database(AUTHFREE_DATABASE_ID, authfree_hdbc, DB_OP_UPDATE, AUTHFREE_TABLE, modfree_sql, 4, + char *modfree_sql = "UPDATE `authfree` SET rule_priority = ?, sip = ?, dip = ?, dport = ? ,flag = ? WHERE name = ?"; + ret_mod = update_database(AUTHFREE_DATABASE_ID, authfree_hdbc, DB_OP_UPDATE, AUTHFREE_TABLE, modfree_sql, 6, + DB_DATA_INT_TYPE, sizeof(rule_priority), rule_priority, DB_DATA_INT_TYPE, sizeof(sip), sip, DB_DATA_INT_TYPE, sizeof(dip), dip, DB_DATA_INT_TYPE, sizeof(dport), dport, + DB_DATA_INT_TYPE, sizeof(flag), flag, DB_DATA_STRING_TYPE, strlen(name)+1, name); printf("the value of ret:%d\n", ret_mod); if(0 != ret_mod) @@ -210,10 +211,13 @@ void mod_authfree(char *name, uint32_t sip, uint32_t dip, int dport, authfree_re if (0 == strcmp(freeauth_array[i].name, name)) { printf("%s(%d) freeauth_array[%d] = %p\n", __FUNCTION__, __LINE__, i, &freeauth_array[i]); + freeauth_array[i].rule_priority = rule_priority; freeauth_array[i].sip = sip; freeauth_array[i].dip = dip; freeauth_array[i].dport = dport; - printf("%s %d %d %d %d\n",freeauth_array[i].name, freeauth_array[i].sip,freeauth_array[i].dip ,freeauth_array[i].dport, i); + freeauth_array[i].flag = flag; + printf("[%d %s %d %d %d %d %d]\n",freeauth_array[i].rule_priority,freeauth_array[i].name, freeauth_array[i].sip, + freeauth_array[i].dip ,freeauth_array[i].dport, freeauth_array[i].dport, i); break; } } @@ -234,7 +238,7 @@ void mod_authfree(char *name, uint32_t sip, uint32_t dip, int dport, authfree_re /*删除未认证权限*/ -void del_authfree(char *name, uint32_t sip, uint32_t dip, int dport, authfree_result_t *authfree_result) +void del_authfree(char *name, authfree_result_t *authfree_result) { void * authfree_hdbc; char * ret_sql = NULL; @@ -264,7 +268,7 @@ void del_authfree(char *name, uint32_t sip, uint32_t dip, int dport, authfree_re printf("%d \n",ret); /*查询数据库是否存在该权限规则*/ - char * select_sql = "SELECT name, sip, dip, dport FROM `authfree`WHERE name = ?"; + char * select_sql = "SELECT rule_priority, name, sip, dip, dport, flag FROM `authfree`WHERE name = ?"; ret_sql = select_datebase_by_number(AUTHFREE_DATABASE_ID, authfree_hdbc, "authfree", select_sql, 1, 0, &num, 1, DB_DATA_STRING_TYPE, strlen(name)+1, name); if(NULL == ret_sql) @@ -292,27 +296,31 @@ void del_authfree(char *name, uint32_t sip, uint32_t dip, int dport, authfree_re disconnect_database(AUTHFREE_DATABASE_ID , authfree_hdbc); - /*删除对应未认证权限数数组*/ + /*修改对应未认证权限数数组*/ for (i = 0; i < RULE_MAX_NUM; i++) { /*两个字符串相等 strcmp值为0*/ - printf("%s(%d) freeauth_array[i] = %p\n", __FUNCTION__, __LINE__, &freeauth_array[i]); if (0 == strcmp(freeauth_array[i].name, name)) { - printf("index:%d\n", i); - int delectIndex = i; - for(i = delectIndex; i <= RULE_MAX_NUM; i++) - { - freeauth_array[i] = freeauth_array[i+1]; - } + printf("%s(%d) freeauth_array[%d] = %p\n", __FUNCTION__, __LINE__, i, &freeauth_array[i]); + freeauth_array[i].rule_priority = 0; + memcpy(freeauth_array[i].name, "0" , sizeof(char)*32); + freeauth_array[i].sip = 0; + freeauth_array[i].dip = 0; + freeauth_array[i].dport = 0; + freeauth_array[i].flag = 0; + printf("[%d %s %d %d %d %d %d]\n",freeauth_array[i].rule_priority,freeauth_array[i].name, freeauth_array[i].sip, + freeauth_array[i].dip ,freeauth_array[i].dport, freeauth_array[i].dport, i); + break; } } - + #if 0 /*打印数组内全部元素*/ for (i = 0; i < RULE_MAX_NUM; i++) { - printf("%s %d %d %d %d\n",freeauth_array[i].name, freeauth_array[i].sip,freeauth_array[i].dip ,freeauth_array[i].dport, i); + printf("[%d %s %d %d %d %d %d]\n",freeauth_array[i].rule_priority,freeauth_array[i].name, freeauth_array[i].sip, + freeauth_array[i].dip ,freeauth_array[i].dport, freeauth_array[i].dport, i); } #endif diff --git a/Platform/user/configm/config-server/web_config/include/user_authfree.h b/Platform/user/configm/config-server/web_config/include/user_authfree.h index 6543260a3..bec2ba816 100644 --- a/Platform/user/configm/config-server/web_config/include/user_authfree.h +++ b/Platform/user/configm/config-server/web_config/include/user_authfree.h @@ -11,12 +11,12 @@ #define DELAUTHFREE_FAIL_DATABASE 7 //删除未认证权限失败 /*增加未认证权限规则*/ -void add_authfree(char *name, uint32_t sip, uint32_t dip, int dport, authfree_result_t *authfree_result); +void add_authfree(int rule_priority, char *name, uint32_t sip, uint32_t dip, int dport, int flag, authfree_result_t *authfree_result); /*修改未认证权限*/ -void mod_authfree(char *name, uint32_t sip, uint32_t dip, int dport, authfree_result_t *authfree_result); +void mod_authfree(int rule_priority, char *name, uint32_t sip, uint32_t dip, int dport, int flag, authfree_result_t *authfree_result); /*删除未认证权限*/ -void del_authfree(char *name, uint32_t sip, uint32_t dip, int dport, authfree_result_t *authfree_result); +void del_authfree(char *name, authfree_result_t *authfree_result); #endif \ No newline at end of file