cmhi
/
secgateway
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Mod aaa-12 增加用户认证-认证参数查询功能、添加认证参数默认值 

RCA:
SOL:
修改人:chenling
检视人:
This commit is contained in:
ChenLing 2019-09-05 19:12:53 +08:00
parent 9af17eea00
commit 1987d9f486
6 changed files with 241 additions and 42 deletions
Platform/user/configm/config-server/web_config
auth_parameters.cauth_parameters.hauthfree.c
config-adm
user_authfree.cuser_authpara.c
libs/src/lighttpd-1.4.51/src
mod_webm.c

231
Platform/user/configm/config-server/web_config/auth_parameters.c
View File

@ -14,7 +14,6 @@
#include "stdlib.h" #include "stdlib.h"
#include "redisMq.h" #include "redisMq.h"
/*定义结构体 存认证参数*/ /*定义结构体 存认证参数*/
auth_parameters_t *auth_para; auth_parameters_t *auth_para;
@ -33,6 +32,14 @@ int authparInit()
if(NULL == auth_para) { if(NULL == auth_para) {
return 1; return 1;
} }
memset(auth_para, 0, sizeof(auth_parameters_t));
/*设置默认值*/
auth_para->port = 8080;
auth_para->timehorizon = 1;
auth_para->failcount = 5;
auth_para->locktime = 10;
auth_para->aging_time = 10;
return 0; return 0;
} }
@ -109,7 +116,7 @@ int set_agingtimecfg_waitack(int *agingtime)
/*检查IP地址是否有效端口号是否被占用 */ /*检查IP地址是否有效端口号是否被占用 */
int _valid_port(int port) int _valid_port(int port)
{ {
int fd; int fd;
int i; int i;
struct sockaddr_in addr; struct sockaddr_in addr;
@ -118,10 +125,10 @@ int _valid_port(int port)
if(fd == -1) { /*检查是否正常初始化socket */ if(fd == -1) { /*检查是否正常初始化socket */
return -1; return -1;
} }
addr.sin_family = AF_INET; /*地址结构的协议簇 */ addr.sin_family = AF_INET; /*地址结构的协议簇 */
addr.sin_port = htons(port); /*地址结构的端口地址,网络字节序 */ addr.sin_port = htons(port); /*地址结构的端口地址,网络字节序 */
inet_pton(AF_INET, "127.0.0.1", &addr.sin_addr);
i = (bind(fd, (struct sockaddr *)&addr, sizeof(struct sockaddr))); i = (bind(fd, (struct sockaddr *)&addr, sizeof(struct sockaddr)));
printf("the value of i:%d\n", i); printf("the value of i:%d\n", i);
close(fd); close(fd);
@ -134,10 +141,46 @@ int _valid_port(int port)
return 0; return 0;
} }
/*获取json串类型*/
ret_code authpara_config_json_type(pointer input, uint *conf_type)
{
const char *pString = (char *)input;
cJSON *cjson, *type;
if(!pString) {
return RET_INPUTERR;
}
printf("json:[%s]\n", pString);
/*JSON字符串到JSON格式 */
cjson = cJSON_Parse(input);
if(!cjson) {
return RET_INPUTERR;
}
/*获取操作类型 add、mod、del */
type = cJSON_GetObjectItem(cjson, "type");
if(!type) {
cJSON_Delete(cjson);
return RET_INPUTERR;
}
if(conf_type) {
*conf_type = type->valueint;
}
cJSON_Delete(cjson);
return RET_OK;
}
/* iuput格式{"type": 0, "data": {"port": 1010,"timehorizon": 10,"failcount": 20,"locktime":30, "aging_time":10}}*/ /* iuput格式{"type": 0, "data": {"port": 1010,"timehorizon": 10,"failcount": 20,"locktime":30, "aging_time":10}}*/
ret_code authpara_config_json_parse(pointer input, uint *conf_type, auth_parameters_t *authpara_buff) ret_code authpara_config_json_parse(pointer input, uint *conf_type, auth_parameters_t *authpara_buff)
{ {
char *pString = (char *)input; char *pString = (char *)input;
cJSON *cjson, *type, *data; cJSON *cjson, *type, *data;
printf("json:[%s]\n", pString); printf("json:[%s]\n", pString);
@ -197,6 +240,7 @@ ret_code authpara_config_json_parse(pointer input, uint *conf_type, auth_paramet
return RET_OK; return RET_OK;
} }
#if 0
/* 发布配置的本地Portal server 的port*/ /* 发布配置的本地Portal server 的port*/
void local_portal_port(char *port) void local_portal_port(char *port)
{ {
@ -221,7 +265,7 @@ void local_portal_port(char *port)
redisPubUninit(); redisPubUninit();
return; return;
} }
#endif
ret_code authpara_config_chk(uint source, uint *config_type, ret_code authpara_config_chk(uint source, uint *config_type,
pointer input, int *input_len, pointer input, int *input_len,
@ -232,43 +276,74 @@ ret_code authpara_config_chk(uint source, uint *config_type,
} }
ret_code authpara_config_proc(uint source, uint config_type, ret_code authpara_config_mod_proc(uint source, uint config_type,
pointer input, int input_len, pointer input, int input_len,
pointer output, int *output_len) pointer output, int *output_len)
{ {
configure_result_t *configure_result; configure_result_t configure_result;
cJSON *res; cJSON *res;
char auth_port[20]; char auth_port[20];
ret_code ret = RET_OK; ret_code ret = RET_OK;
auth_parameters_t auth_parameters = {0}; auth_parameters_t *auth_parameters;
uint conf_type = AUTHPARA_CONFIG_MOD; uint conf_type = AUTHPARA_CONFIG_MOD;
char *ret_char = NULL; char *ret_char = NULL;
unsigned int ret_int = 0; unsigned int ret_int = 0;
int portresult = 0; int portresult = 0;
authpara_config_json_parse(input, &conf_type, &auth_parameters); auth_parameters = (auth_parameters_t *)malloc(sizeof(auth_parameters_t));
if(auth_parameters == NULL) {
return RET_NOMEM;
}
authpara_config_json_parse(input, &conf_type, auth_parameters);
/*判断长度*/
if(input_len < sizeof(auth_parameters_t)) { if(input_len < sizeof(auth_parameters_t)) {
return RET_INPUTERR; return RET_INPUTERR;
} }
portresult = _valid_port(auth_parameters.port); /*判断端口号是否占用*/
portresult = _valid_port(auth_parameters->port);
printf("portresult:%d\n", portresult); printf("portresult:%d\n", portresult);
if(portresult == 1) { if(portresult != 0) {
cJSON *port;
char *ret_port;
unsigned int port_int = 0;
/*创建json对象 */
port = cJSON_CreateObject();
if(!port) {
ret = RET_ERR;
return ret;
}
cJSON_AddNumberToObject(port, "resultcode", 1);
cJSON_AddStringToObject(port, "message", "mod failure");
ret_port = cJSON_PrintUnformatted(port);
port_int = strlen(ret_port);
if(output_len) {
*output_len = port_int + 1;
}
/*超出2k的内存报错 */
if(port_int >= 1024 * 2) {
free(ret_port);
cJSON_Delete(port);
return RET_NOMEM;
}
memcpy(output, ret_port, port_int);
free(ret_port);
cJSON_Delete(port);
return RET_CHKERR; return RET_CHKERR;
} }
mod_authpara(auth_parameters->port, auth_parameters->timehorizon, auth_parameters->failcount,
/*数据库修改 存入全局变量*/ auth_parameters->locktime, auth_parameters->aging_time, &configure_result);
configure_result = (configure_result_t *)malloc(sizeof(configure_result_t));
if(NULL == configure_result) {
return RET_NOMEM;
}
mod_authpara(auth_parameters.port, auth_parameters.timehorizon, auth_parameters.failcount,
auth_parameters.locktime, auth_parameters.aging_time, configure_result);
/*共享内存 传送用户态和内核态之间的配置信息*/ /*共享内存 传送用户态和内核态之间的配置信息*/
@ -315,16 +390,81 @@ ret_code authpara_config_proc(uint source, uint config_type,
res = cJSON_CreateObject(); res = cJSON_CreateObject();
if(!res) { if(!res) {
free(configure_result);
ret = RET_ERR; ret = RET_ERR;
return ret; return ret;
} }
/*将json对象转换成json字符串 返回处理结果*/ /*将json对象转换成json字符串 返回处理结果*/
printf("resultcode = %d\n", configure_result->resultcode); printf("resultcode = %d\n", configure_result.resultcode);
printf("message = %s\n", configure_result->message); printf("message = %s\n", configure_result.message);
cJSON_AddNumberToObject(res, "resultcode", configure_result->resultcode); cJSON_AddNumberToObject(res, "resultcode", configure_result.resultcode);
cJSON_AddStringToObject(res, "message", configure_result->message); cJSON_AddStringToObject(res, "message", configure_result.message);
ret_char = cJSON_PrintUnformatted(res);
ret_int = strlen(ret_char);
if(output_len) {
*output_len = ret_int + 1;
}
/*超出2k的内存报错 */
if(ret_int >= 1024 * 2) {
free(ret_char);
cJSON_Delete(res);
return RET_NOMEM;
}
memcpy(output, ret_char, ret_int);
free(auth_parameters);
free(ret_char);
cJSON_Delete(res);
return RET_OK;
}
ret_code authpara_config_get_proc(uint source, uint config_type,
pointer input, int input_len,
pointer output, int *output_len)
{
cJSON *res;
cJSON *data;
ret_code ret = RET_OK;
uint conf_type = AUTHPARA_CONFIG_MOD;
char *ret_data = NULL;
char *ret_char = NULL;
unsigned int ret_int = 0;
int portresult = 0;
/*获取的数据存入全局变量*/
/*创建json对象 */
data = cJSON_CreateObject();
if(!data) {
ret = RET_ERR;
return ret;
}
/*将json对象转换成json字符串 返回处理结果*/
cJSON_AddNumberToObject(data, "port", auth_para->port);
cJSON_AddNumberToObject(data, "timehorizon", auth_para->timehorizon);
cJSON_AddNumberToObject(data, "failcount", auth_para->failcount);
cJSON_AddNumberToObject(data, "locktime", auth_para->locktime);
cJSON_AddNumberToObject(data, "aging_time", auth_para->aging_time);
ret_data = cJSON_PrintUnformatted(data);
/*创建json对象 */
res = cJSON_CreateObject();
if(!res) {
ret = RET_ERR;
return ret;
}
/*将json对象转换成json字符串 返回处理结果*/
cJSON_AddNumberToObject(res, "resultcode", 2);
cJSON_AddStringToObject(res, "message", "get success");
cJSON_AddStringToObject(res, "data", ret_data);
ret_char = cJSON_PrintUnformatted(res); ret_char = cJSON_PrintUnformatted(res);
ret_int = strlen(ret_char); ret_int = strlen(ret_char);
@ -334,7 +474,6 @@ ret_code authpara_config_proc(uint source, uint config_type,
/*超出2k的内存报错 */ /*超出2k的内存报错 */
if(ret_int >= 1024 * 2) { if(ret_int >= 1024 * 2) {
free(configure_result);
free(ret_char); free(ret_char);
cJSON_Delete(res); cJSON_Delete(res);
return RET_NOMEM; return RET_NOMEM;
@ -343,7 +482,39 @@ ret_code authpara_config_proc(uint source, uint config_type,
memcpy(output, ret_char, ret_int); memcpy(output, ret_char, ret_int);
free(ret_char); free(ret_char);
free(ret_data);
cJSON_Delete(res); cJSON_Delete(res);
free(configure_result); cJSON_Delete(data);
return RET_OK;
}
ret_code authpara_config_proc(uint source, uint config_type,
pointer input, int input_len,
pointer output, int *output_len)
{
ret_code ret = RET_OK;
uint conf_type = AUTHPARA_CONFIG_GET;
authpara_config_json_type(input, &conf_type);
rpc_log_info("config type is %d\n", conf_type);
switch(conf_type) {
case AUTHPARA_CONFIG_MOD:
ret = authpara_config_mod_proc(source, conf_type,
input, input_len,
output, output_len);
break;
case AUTHPARA_CONFIG_GET:
ret = authpara_config_get_proc(source, conf_type,
input, input_len,
output, output_len);
break;
default:
ret = RET_NOTSUPPORT;
}
return RET_OK; return RET_OK;
} }

22
Platform/user/configm/config-server/web_config/auth_parameters.h
View File

@ -15,6 +15,7 @@
#define HORIZON_MIN_VALUE 0 /*认证时间范围的最小值 */ #define HORIZON_MIN_VALUE 0 /*认证时间范围的最小值 */
#define AUTHPARA_CONFIG_MOD 0 #define AUTHPARA_CONFIG_MOD 0
#define AUTHPARA_CONFIG_GET 1
/*配置消息 */ /*配置消息 */
@ -40,17 +41,30 @@ int set_agingtimecfg_waitack(int *agingtime);
/*检查IP地址是否有效端口号是否被占用 */ /*检查IP地址是否有效端口号是否被占用 */
int _valid_port(int port); int _valid_port(int port);
/*获取json串类型*/
ret_code authpara_config_json_type(pointer input, uint *conf_type);
/* iuput格式{"type": 0, "data": {"port": 1010,"timehorizon": 10,"failcount": 20,"locktime":30, "aging_time":10}}*/ /* iuput格式{"type": 0, "data": {"port": 1010,"timehorizon": 10,"failcount": 20,"locktime":30, "aging_time":10}}*/
ret_code authpara_config_json_parse(pointer input, uint *conf_type, auth_parameters_t *authpara_buff); ret_code authpara_config_json_parse(pointer input, uint *conf_type, auth_parameters_t *authpara_buff);
/*检查增加的参数格式是否正确 */ /*检查增加的参数格式是否正确 */
ret_code authpara_config_chk(uint source, uint *config_type, ret_code authpara_config_chk(uint source, uint *config_type,
pointer input, int *input_len, pointer input, int *input_len,
pointer output, int *output_len); pointer output, int *output_len);
/*修改认证参数*/
ret_code authpara_config_mod_proc(uint source, uint config_type,
pointer input, int input_len,
pointer output, int *output_len);
/*查询认证参数*/
ret_code authpara_config_get_proc(uint source, uint config_type,
pointer input, int input_len,
pointer output, int *output_len);
ret_code authpara_config_proc(uint source, uint config_type, ret_code authpara_config_proc(uint source, uint config_type,
pointer input, int input_len, pointer input, int input_len,
pointer output, int *output_len); pointer output, int *output_len);
#endif #endif

2
Platform/user/configm/config-server/web_config/authfree.c
View File

@ -19,7 +19,7 @@ freeauth_configure_t freeauth_array[RULE_MAX_NUM] = {0};
/*存储序列号的数组*/ /*存储序列号的数组*/
int rule_order[RULE_MAX_NUM] = {0}; int rule_order[RULE_MAX_NUM] = {0};
#define UNAMESIZE (60 + 1) #define UNAMESIZE (63 + 1)
#define SPECHAR(element) (strpbrk((element), "~!@#$%^&*()_+{}|:\"<>?\\,./;\'[]-=`")) //校验特殊字符 #define SPECHAR(element) (strpbrk((element), "~!@#$%^&*()_+{}|:\"<>?\\,./;\'[]-=`")) //校验特殊字符
#ifdef FREEAUTH_ACK_COOKIES #ifdef FREEAUTH_ACK_COOKIES

6
Platform/user/configm/config-server/web_config/config-adm/user_authfree.c
View File

@ -271,7 +271,7 @@ void mov_authfree(char *name, int after_arry, authfree_result_t *authfree_result
} }
/*修改成功*/ /*移动成功*/
authfree_result->resultcode = MOV_RULE_SUCCESS; authfree_result->resultcode = MOV_RULE_SUCCESS;
authfree_result->message = get_sql_ret_message(authfree_result->resultcode); authfree_result->message = get_sql_ret_message(authfree_result->resultcode);
} }
@ -407,12 +407,12 @@ void mod_authfree(int rule_priority, char *name, uint32_t sip, uint32_t dip, int
return; return;
} }
/*修改对应未认证权限数数组*/ /*修改对应未认证权限数数组 优先级和未认证权限名不能修改*/
for(i = 0; i < RULE_MAX_NUM; i++) { for(i = 0; i < RULE_MAX_NUM; i++) {
/*两个字符串相等 strcmp值为0*/ /*两个字符串相等 strcmp值为0*/
if(0 == strcmp(freeauth_array[i].name, name)) { if(0 == strcmp(freeauth_array[i].name, name)) {
printf("%s(%d) freeauth_array[%d] = %p\n", __FUNCTION__, __LINE__, i, &freeauth_array[i]); printf("%s(%d) freeauth_array[%d] = %p\n", __FUNCTION__, __LINE__, i, &freeauth_array[i]);
freeauth_array[i].rule_priority = rule_priority; //freeauth_array[i].rule_priority = rule_priority;
freeauth_array[i].sip = sip; freeauth_array[i].sip = sip;
freeauth_array[i].dip = dip; freeauth_array[i].dip = dip;
freeauth_array[i].dport = dport; freeauth_array[i].dport = dport;

11
Platform/user/configm/config-server/web_config/config-adm/user_authpara.c
View File

@ -14,17 +14,19 @@
extern auth_parameters_t *auth_para; extern auth_parameters_t *auth_para;
extern void * auth_hdbc; extern void * auth_hdbc;
char * mes[]={"mod success", "mod failure"}; char * mes[]={"mod success", "mod failure", "get success", "get failure"};
/*前端type类型只有修改修改数据库中的内容返回值为code message——修改成功 修改失败*/ /*前端type类型只有修改修改数据库中的内容返回值为code message——修改成功 修改失败*/
void mod_authpara(int port, int timehorizon, int failcount, int locktime, int aging_time, configure_result_t *configure_result) void mod_authpara(int port, int timehorizon, int failcount, int locktime, int aging_time, configure_result_t *configure_result)
{ {
#if 0
authparInit(); authparInit();
//void * authpara_hdbc; void * authpara_hdbc;
char * ret_sql = NULL; char * ret_sql = NULL;
int ret; int ret;
int num; int num;
int r = -1; int r = -1;
#endif
if (NULL == configure_result) if (NULL == configure_result)
{ {
@ -88,7 +90,10 @@ void mod_authpara(int port, int timehorizon, int failcount, int locktime, int ag
auth_para->failcount = failcount; auth_para->failcount = failcount;
auth_para->locktime = locktime; auth_para->locktime = locktime;
auth_para->aging_time = aging_time; auth_para->aging_time = aging_time;
printf("[%d %d %d %d %d]\n", auth_para->port, auth_para->timehorizon, auth_para->failcount,
auth_para->locktime, auth_para->aging_time);
configure_result->resultcode = 0; configure_result->resultcode = 0;
configure_result->message = mes[configure_result->resultcode]; configure_result->message = mes[configure_result->resultcode];
return; return;

11
libs/src/lighttpd-1.4.51/src/mod_webm.c
View File

@ -56,6 +56,7 @@ typedef enum { WEBM_HANDLE_INVALID_INDEX = -1,
WEBM_HANDLE_CONFIG_SHARED_NETWORK_GET, WEBM_HANDLE_CONFIG_SHARED_NETWORK_GET,
WEBM_HANDLE_CONFIG_MOD_AUTHPARA, WEBM_HANDLE_CONFIG_MOD_AUTHPARA,
WEBM_HANDLE_CONFIG_GET_AUTHPARA,
WEBM_HANDLE_CONFIG_ADD_AUTHRULE, WEBM_HANDLE_CONFIG_ADD_AUTHRULE,
WEBM_HANDLE_CONFIG_MOV_AUTHRULE, WEBM_HANDLE_CONFIG_MOV_AUTHRULE,
WEBM_HANDLE_CONFIG_DEL_AUTHRULE, WEBM_HANDLE_CONFIG_DEL_AUTHRULE,
@ -298,7 +299,15 @@ extern int webm_config_send_proc(server *srv, uint32_t config_type, uint64 confg
WEBM_HANDLE_CONFIG_MOD_AUTHPARA, \ WEBM_HANDLE_CONFIG_MOD_AUTHPARA, \
"/FSG-CF/userauth-parameters-mod", \ "/FSG-CF/userauth-parameters-mod", \
CM_CONFIG_SET, \ CM_CONFIG_SET, \
FREEPARAMETERS_CONFIG , \ FREEPARAMETERS_CONFIG, \
webm_config_send_proc \
}, \
\
{\
WEBM_HANDLE_CONFIG_GET_AUTHPARA, \
"/FSG-CF/userauth-parameters-get", \
CM_CONFIG_SET, \
FREEPARAMETERS_CONFIG, \
webm_config_send_proc \ webm_config_send_proc \
}, \ }, \
\ \