diff --git a/Common/commuapinl.h b/Common/commuapinl.h index 410245491..610adf14c 100755 --- a/Common/commuapinl.h +++ b/Common/commuapinl.h @@ -84,6 +84,7 @@ enum commcfgmsgtype{ //COMMMSGNL_BASE = NLMSG_MIN_TYPE,/*netlink 保留控制消息*/ COMMMSGNL_BASE = 0x10,/*netlink 保留控制消息*/ COMMNMSG_CFG_DEBUGFS = 0x11,/*keep the same with NLMSG_PDELIV_DEBUGFS */ + FREEAUTH_CFG = 0x13, /*用户态发送给内核态的免认证规则消息*/ COMMNMSG_POLICYCONF, NK_DEBUGFS_PRK_ONOFF_CFG = 0X16,/*keep the same with DEBUGFS PRINTK ON OR OFF */ diff --git a/Common/compile.h b/Common/compile.h index 06a14327b..b63163dd0 100755 --- a/Common/compile.h +++ b/Common/compile.h @@ -1,11 +1,11 @@ /* This file is auto generated,for sGATE version info */ /* Used readelf to get this information form driver of application */ /* "readelf --debug-dump=macro " */ -#define sGATE_COMPILE_DATE "2019-06-19" -#define sGATE_COMPILE_TIME "14:18:13" -#define sGATE_COMPILE_MAJOR "20190619" -#define sGATE_COMPILE_SUB "141813" -#define sGATE_COMPILE_BY "hx" +#define sGATE_COMPILE_DATE "2019-07-01" +#define sGATE_COMPILE_TIME "15:35:38" +#define sGATE_COMPILE_MAJOR "20190701" +#define sGATE_COMPILE_SUB "153538" +#define sGATE_COMPILE_BY "cl" #define sGATE_COMPILE_HOST "esgwdev01" -#define sGATE_GIT_TAGS "c0ad51e6f-dev" -#define sGATE_GIT_VERS "c0ad51e6f27589e51268ec92a14ee1cb701a2d5f" +#define sGATE_GIT_TAGS "04133f0f7-dev" +#define sGATE_GIT_VERS "04133f0f7cad6fabd1a324918adcfb64e06e150f" diff --git a/Common/s2j/s2j.h b/Common/s2j/s2j.h index f6ba49b77..115b826ee 100644 --- a/Common/s2j/s2j.h +++ b/Common/s2j/s2j.h @@ -82,7 +82,6 @@ extern "C" { /* s2j.c */ //extern S2jHook s2jHook; - S2jHook s2jHook = { .malloc_fn = malloc, .free_fn = free, @@ -91,6 +90,11 @@ S2jHook s2jHook = { static void s2j_init(S2jHook *hook) { /* initialize cJSON library */ + if(hook == NULL) + { + hook = &s2jHook; + } + cJSON_InitHooks((cJSON_Hooks *)hook); /* initialize hooks */ if (hook) { diff --git a/Makefile b/Makefile index 42b8f10de..6286a05f0 100755 --- a/Makefile +++ b/Makefile @@ -28,9 +28,9 @@ MAKE_FLAGS += -j$(shell cat /proc/cpuinfo | grep processor | wc -l) endif endif -.PHONY : demo conntrack netlink trace openrpc configm redismq +.PHONY : demo conntrack netlink trace openrpc configm redismq authdemo -all: demo conntrack netlink trace openrpc configm redismq +all: demo conntrack netlink trace openrpc configm redismq authdemo ifeq ($(OPT), install) #$(shell `find ../release -name "*.zip" -delete`) @@ -138,6 +138,15 @@ else $(MLOG)make all $(MAKE_FLAGS) -C Platform/build -f user.configmtest.Makefile MLOG=$(MLOG) DISABLE_WARRING=$(DIS_BUILD_WARRING) MAKE_TARGET=configmtest endif +authdemo: +ifeq ($(OPT), clean) + $(MLOG)make $(MAKE_FLAGS) -C Platform/build -f user.authfree.Makefile cleanall MLOG=$(MLOG) MAKE_TARGET=authfree +else ifeq ($(OPT), install) + $(MLOG)make $(MAKE_FLAGS) -C Platform/build -f user.authfree.Makefile install DIR=$(DIR) MLOG=$(MLOG) MAKE_TARGET=authfree +else + $(MLOG)make all $(MAKE_FLAGS) -C Platform/build -f user.authfree.Makefile MLOG=$(MLOG) DISABLE_WARRING=$(DIS_BUILD_WARRING) MAKE_TARGET=configm +endif + redismq: ifeq ($(OPT), clean) $(MLOG)make $(MAKE_FLAGS) -C Platform/build -f user.redismq.Makefile cleanall MLOG=$(MLOG) MAKE_TARGET=redismq diff --git a/Platform/build/user.authfree.Makefile b/Platform/build/user.authfree.Makefile new file mode 100755 index 000000000..b02b15529 --- /dev/null +++ b/Platform/build/user.authfree.Makefile @@ -0,0 +1,78 @@ + +# target name, the target name must have the same name of c source file +TARGET_NAME=authfree + +# target +# for linux module driver: KO +# for application: EXE +# for dynamic library: DLL +TARGET_TYPE = EXE + +# target object +# for application: APP +# for device driver: DRV +TARGET_OBJ = APP + +# custom install dir +TARGET_BOX = + +#debug mode or release mode +DEBUG = TRUE + +PLAT_LINUX ?= TRUE +PLAT_ARM64 ?= FALSE + +VPATH = ../user/configm/config-server/ipconfig + +# source code + +# set the source file, don't used .o because of ... + +COMMON_SRCS = authfree.c + +# MRS Board Source Files +PLAT_LINUX_SRCS = $(COMMON_SRCS) +PLAT_ARM64_SRCS = $(COMMON_SRCS) + +# gcc CFLAGS +PLAT_ARM64_CFLAGS := -I../user/configm/config-server/include -I../../Common -I../common/configm -I../common/rpc -I../common/rpc/hashtable +PLAT_LINUX_CFLAGS := $(PLAT_ARM64_CFLAGS) + + +PLAT_ARM64_LDFLAGS := +PLAT_LINUX_LDFLAGS := + +#gcc libs +ARM64_LIBS := -lcjson ../thirdparty/arm64/libev-arm64.so ./libopenrpc-arm64.so ./libnetlinku-arm64.so -lpthread -lm +LINUX_LIBS := -lcjson ../thirdparty/x86_64/libev-linux.so ./libopenrpc-linux.so ./libnetlinku-linux.so -lpthread -lm + +ifeq ($(PLAT_ARM64), TRUE) +DEPEND_LIB += ../thirdparty/arm64/libev-arm64.so ./debug/libopenrpc-arm64.so +USER_CLEAN_ITEMS += ./libopenrpc-arm64.so +endif + +ifeq ($(PLAT_LINUX), TRUE) +DEPEND_LIB += ../thirdparty/x86_64/libev-linux.so ./debug/libopenrpc-linux.so +USER_CLEAN_ITEMS += ./libopenrpc-linux.so +endif + + +# this line must be at below of thus, because of... +include ../../Common/common.Makefile + +ifneq ($(MAKECMDGOALS), clean) +ifneq ($(MAKECMDGOALS), cleanall) +ifneq ($(notdir $(DEPEND_LIB)), $(wildcard $(DEPEND_LIB))) +$(shell $(CP) $(DEPEND_LIB) ./) +endif +endif +endif + +ifeq ($(MAKECMDGOALS), ) +$(shell find ./ -name "$(TARGET)-*.ko" -delete) +else +ifeq ($(MAKECMDGOALS), all) +$(shell find ./ -name "$(TARGET)-*.ko" -delete) +endif +endif + diff --git a/Platform/common/configm/configmapi b/Platform/common/configm/configmapi new file mode 100644 index 000000000..d570092b9 Binary files /dev/null and b/Platform/common/configm/configmapi differ diff --git a/Platform/common/configm/configmapi.h b/Platform/common/configm/configmapi.h index 77c9c4a5f..f136fe01c 100644 --- a/Platform/common/configm/configmapi.h +++ b/Platform/common/configm/configmapi.h @@ -1,7 +1,7 @@ #ifndef CONFIGMAPI_H_ #define CONFIGMAPI_H_ -#include "rpc_common.h" +#include "../rpc/rpc_common.h" #define CONFIG_FROM_WEB 0x00000001 #define CONFIG_FROM_NETOPEER 0x00000010 diff --git a/Platform/common/rpc/rpc_conn.h b/Platform/common/rpc/rpc_conn.h index 5d4dea1ac..4e7323977 100755 --- a/Platform/common/rpc/rpc_conn.h +++ b/Platform/common/rpc/rpc_conn.h @@ -9,7 +9,7 @@ #define RPC_CONN_H_ #include "rpc_common.h" -#include +#include "ev.h" struct _rpc_conn { int sfd; diff --git a/Platform/user/configm/config-server/include/authfree.h b/Platform/user/configm/config-server/include/authfree.h new file mode 100644 index 000000000..c69299abe --- /dev/null +++ b/Platform/user/configm/config-server/include/authfree.h @@ -0,0 +1,50 @@ +#ifndef FREEAUTH_H_ +#define FREEAUTH_H_ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "../../../../common/rpc/rpc_common.h" + +#define DPORT_MIN_NUM 0 +#define DPORT_MAX_NUM 65535 + +/*配置消息 */ +typedef struct { + uint32_t sip; + uint32_t dip; + int dport; + char name[32]; +}freeauth_configure_t; + + +/*全局变量初始化 失败为1 成功为0*/ +int Init(freeauth_configure_t *localuser); + + +/* 判断IPv4格式是否正确*/ +int isIpV4Addr(const char *ipAddr); + + +/*下发配置到内核态 */ +int set_freeauthcfg_waitack(freeauth_configure_t *struct_freeauth); + +/*判断免认证规则源IP地址、目的IP地址是否有效,判断端口号是否有效 */ +ret_code freeauth_config_chk(uint source, uint config_type, + pointer input, int input_len, + pointer output, int *output_len); + + +/*免认证规则有效,将免认证规则通过netlink下发到内核态 */ +int freeauth_config_proc(uint source, uint config_type, + pointer input, int input_len, + pointer output, int *output_len); + +#endif \ No newline at end of file diff --git a/Platform/user/configm/config-server/include/configm.h.bak b/Platform/user/configm/config-server/include/configm.h.bak new file mode 100644 index 000000000..727b28b27 --- /dev/null +++ b/Platform/user/configm/config-server/include/configm.h.bak @@ -0,0 +1,88 @@ +#ifndef CONFIGM_H_ +#define CONFIGM_H_ + +#include "../../../../common/rpc/rpc_common.h" +#include "ipconfig.h" +#include "../../../../common/configm/configmapi.h" +/* 类型定义 */ + +/* IP CONFIG */ +#define IPCONFIG_MODULE 0x00000001 +/*FREEAUTH CONFIGURE */ +#define FREEAUTH_MODULE 0x00000002 + + +/* config id define*/ +#define IPCONFIG_V4 (uint64)((uint64)IPCONFIG_MODULE<<32|1) +#define FREEAUTH (uint64)((uint64)FREEAUTH_MODULE<<32|1) + +/* + 1、配置ID,全局唯一,用于寻找对应的配置业务 + 2、配置源检查,全局唯一,用于寻找对应的配置业务, + 从低位到高位,第一位表示WEB,后续配置扩展 + 3、是否配置恢复 + 4、是否是多实例 + 5、配置校验回调函数 + 6、配置处理接口 + 7、配置获取接口 + 8、配置全部获取接口 +*/ +#define CONFIG_SERVICE_ARRAY \ +{ \ + {\ + IPCONFIG_V4, \ + CONFIG_FROM_WEB|CONFIG_FROM_NETOPEER, \ + FALSE, \ + FALSE, \ + ip_config_chk, \ + ip_config_proc, \ + ip_config_get, \ + ip_config_get_all \ + },\ + {\ + FREEAUTH, \ + CONFIG_FROM_WEB|CONFIG_FROM_NETOPEER, \ + TRUE, \ + FALSE, \ + freeauth_config_chk, \ + freeauth_config_proc, \ + freeauth_config_get, \ + freeauth_config_get_all \ + }\ +} + +typedef ret_code (*cm_config_chk)(uint source, uint config_type, + pointer input, int input_len, + pointer output, int *output_len); + +typedef ret_code (*cm_config_proc)(uint source, uint config_type, + pointer input, int input_len, + pointer output, int *output_len); + +typedef ret_code (*cm_config_get)(uint source, + pointer input, int input_len, + pointer output, int *output_len); + +typedef ret_code (*cm_config_get_all)(uint source, uint64 config_id, + pointer output, short *single_len, + int *output_len); + +/* 配置注册 */ +struct _config_service { + uint64 config_id; /* 配置ID,全局唯一,用于寻找对应的配置业务*/ + uint config_src; /* 配置源检查,全局唯一,用于寻找对应的配置业务,从低位到高位,第一位表示web,后续配置扩展 */ + boolean recovery; /* 配置恢复处理函数,如果为FALSE则不进行配置恢复 */ + boolean multi_inst; /* 是否是多实例 */ + cm_config_chk chk_callback; /* 配置校验回调函数 */ + cm_config_proc proc_callback; /* 配置接口 */ + cm_config_get get_callback; /* 获取配置接口 */ + cm_config_get_all getall_callback; /* 获取所有配置接口 */ +}; + +typedef struct _config_service config_service_t; + + + + +#endif /* RPC_COMMON_H_ */ + diff --git a/Platform/user/configm/config-server/ipconfig/authfree.c b/Platform/user/configm/config-server/ipconfig/authfree.c new file mode 100644 index 000000000..5d8b85a49 --- /dev/null +++ b/Platform/user/configm/config-server/ipconfig/authfree.c @@ -0,0 +1,236 @@ +#include "../../../../common/rpc/rpc.h" +#include "../include/parsefile.h" +#include "../include/configm.h" +#include "../../../netlink_uapi/libnetlinku.h" +#include "../include/authfree.h" +#include +#include "s2j/s2j.h" +#include "../../../../../Common/commuapinl.h" + +#ifdef FREEAUTH_ACK_COOKIES +#define CFG_FREEAUTH_ACK_COOKIES +#endif + +/*全局变量,存放用户信息 */ +freeauth_configure_t *localuser; + +/*全局变量初始化 失败为1 成功为0*/ +int Init(freeauth_configure_t *localuser) +{ + localuser = (freeauth_configure_t *)malloc(sizeof * localuser); + if (NULL == localuser) + { + return 1; + } + + return 0; +} + +/* 判断IPv4格式是否正确*/ +int isIpV4Addr(const char *ipAddr) +{ + int ip_part_1 = 0; + int ip_part_2 = 0; + int ip_part_3 = 0; + int ip_part_4 = 0; + char end_char = 0; + if((NULL == ipAddr) || (0 == strlen(ipAddr))) + { + return -1; + } + if(4 == sscanf(ipAddr,"%d.%d.%d.%d%c",&ip_part_1,&ip_part_2,&ip_part_3,&ip_part_4,&end_char)) + { + if((ip_part_1 >= 0) && (ip_part_1 <= 255) && + (ip_part_2 >= 0) && (ip_part_2 <= 255) && + (ip_part_3 >= 0) && (ip_part_3 <= 255) && + (ip_part_4 >= 0) && (ip_part_4 <= 255) + ) + { + return 0; + } + } + return -1; +} + + +/*下发配置到内核态 */ +int set_freeauthcfg_waitack(freeauth_configure_t *struct_freeauth) +{ + int freeauth_len = 0; + struct nlmsghdr *ack = NULL; + struct nlmsghdr **answer = &ack; + + struct{ + struct nlmsghdr n; + char buf[1024]; + } req ={ + .n.nlmsg_len = NLMSG_LENGTH(0), +#ifdef CFG_FREEAUTH_ACK_COOKIES + .n.nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK,/*set NLM_F_ACK:use kernel auto ack*/ +#else + .n.nlmsg_flags = NLM_F_REQUEST, /*not use kernel auto ack */ +#endif + .n.nlmsg_type = FREEAUTH_CFG, + .n.nlmsg_pid = getpid(), +}; + +/*判断要发送的数据是否为NULL,不为NULL,打印出来 */ +if (struct_freeauth == NULL) +{ + printf("set_freeauthcfg_waitack is error: input struct_freeauth is NULL.\r\n"); + return -1; +}else +{ + char str[32]; + inet_ntop(AF_INET, (void *)&struct_freeauth->sip, str, 32); + char *sip_addr = str; + char dtr[32]; + inet_ntop(AF_INET, (void *)&struct_freeauth->dip, dtr, 32); + char *dip_addr = dtr; + printf("set_freeauthcfg_waitack :name %s sip %s dip %s dport %d\n", + struct_freeauth->name, sip_addr, dip_addr, + struct_freeauth->dport); +} + + /*计算需要发送的数据的长度 */ + freeauth_len = sizeof(freeauth_configure_t); + + /*可选属性 */ + commnl_addattr_l(&req.n, sizeof(req), 1, struct_freeauth, freeauth_len); + + /*发送组装好的netlink消息 */ + if(pdeliv_talk(1, &req.n, answer) < 0) + { + printf("set_user_freeauth_waitack rcv ack msg faild.\r\n"); + return -2; + } + else + { + printf("set_user_freeauth_waitack rcv ack msg success.\r\n"); + } + + if(*answer != NULL) + { + printf("set_user_freeauth_waitack rcv answer.\r\n"); + } + else{ + printf("set_user_freeauth_waitack rcv answer error.\r\n"); + return -3; + } + +#ifdef CFG_FREEAUTH_ACK_COOKIES + /*recv answer*/ + if((*answer)->nlmsg_type == NLMSG_ERROR){ + nl_debugfs_extack(*answer); + } +#else + /*recv answer*/ + if((*answer)->nlmsg_type == FREEAUTH_CFG) + { + nl_debugfs(*answer); + } +#endif + +return 0; +} + + +/*判断免认证规则源IP地址、目的IP地址是否有效,判断端口号是否有效 */ +ret_code freeauth_config_chk(uint source, uint config_type, + pointer input, int input_len, + pointer output, int *output_len) +{ + ret_code ret = RET_OK; + freeauth_configure_t *struct_freeauth; + struct_freeauth = (freeauth_configure_t *)input; + + if(input_len < sizeof(freeauth_configure_t) ) + { + ret = RET_INPUTERR; + } + + char str[32]; + inet_ntop(AF_INET, (void *)&struct_freeauth->sip, str, 32); + char *sip_addr = str; + if( isIpV4Addr(sip_addr) < 0 ) + { + ret = RET_IPINVALID; + } + + char dtr[32]; + inet_ntop(AF_INET, (void *)&struct_freeauth->dip, dtr, 32); + char *dip_addr = dtr; + if( isIpV4Addr(dip_addr) < 0 ) + { + ret = RET_IPINVALID; + } + + if ( (struct_freeauth->dport < DPORT_MIN_NUM) && (struct_freeauth->dport > DPORT_MAX_NUM )) + { + ret = RET_IPINVALID; /*先用IPVAILD表示,后面加PORTVAILD */ + } + + ASSERT_RET(ret); + + return RET_OK; +} + + +/*免认证规则有效,将免认证规则通过netlink下发到内核态 */ +int freeauth_config_proc(uint source, uint config_type, + pointer input, int input_len, + pointer output, int *output_len) +{ + ret_code ret = RET_OK; + int code; + freeauth_configure_t *struct_freeauth; + + struct_freeauth = (freeauth_configure_t *)input; + + char str[32]; + inet_ntop(AF_INET, (void *)&struct_freeauth->sip, str, 32); + char *sip_addr = str; + char dtr[32]; + inet_ntop(AF_INET, (void *)&struct_freeauth->dip, dtr, 32); + char *dip_addr = dtr; + rpc_log_info("freeauth configure: name %s sip %s dip %s dport %d\n", + struct_freeauth->name,sip_addr, dip_addr, struct_freeauth->dport); + + /*用户态下发到内核态auth_hook */ + int ret1 = -1; + printf("cfgchannel main begin:\r\n"); + + /*创建通道 */ + ret1 = commcfgnl_open(); + if(ret1 < 0) + { + printf(" pdlivnl_open fail, exit.\r\n"); + return -1; + } + + /*下发配置到内核态 */ + ret1 = set_freeauthcfg_waitack(struct_freeauth); + if(ret1 < 0) + { + printf("set_cfg_debug_waitack failed.\r\n"); + return -1; + } + + /*关闭netlink通道 */ + commcfgnl_close(); + + printf("cfgchannel main exit!\r\n"); + + /*把免认证规则的配置信息存入全局变量 */ + localuser = struct_freeauth; + return 0; +} + + + + + + + + +