cmhi
/
secgateway
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

ADD aaa-12 系统管理配置-免认证规则 

RCA:调用netlink通道用户态的信息发送接口,配置信息存全局
SOL:
修改人:chenling
检视人:
This commit is contained in:
ChenLing 2019-07-01 15:39:28 +08:00
parent 04133f0f7c
commit 360d15bbdc
11 changed files with 478 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Common/commuapinl.h
View File

@ -84,6 +84,7 @@ enum commcfgmsgtype{
//COMMMSGNL_BASE = NLMSG_MIN_TYPE,/*netlink 保留控制消息*/ //COMMMSGNL_BASE = NLMSG_MIN_TYPE,/*netlink 保留控制消息*/
COMMMSGNL_BASE = 0x10,/*netlink 保留控制消息*/ COMMMSGNL_BASE = 0x10,/*netlink 保留控制消息*/
COMMNMSG_CFG_DEBUGFS = 0x11,/*keep the same with NLMSG_PDELIV_DEBUGFS */ COMMNMSG_CFG_DEBUGFS = 0x11,/*keep the same with NLMSG_PDELIV_DEBUGFS */
FREEAUTH_CFG = 0x13, /*用户态发送给内核态的免认证规则消息*/
COMMNMSG_POLICYCONF, COMMNMSG_POLICYCONF,
NK_DEBUGFS_PRK_ONOFF_CFG = 0X16,/*keep the same with DEBUGFS PRINTK ON OR OFF */ NK_DEBUGFS_PRK_ONOFF_CFG = 0X16,/*keep the same with DEBUGFS PRINTK ON OR OFF */

14
Common/compile.h
View File

@ -1,11 +1,11 @@
/* This file is auto generated,for sGATE version info */ /* This file is auto generated,for sGATE version info */
/* Used readelf to get this information form driver of application */ /* Used readelf to get this information form driver of application */
/* "readelf --debug-dump=macro <filename>" */ /* "readelf --debug-dump=macro <filename>" */
#define sGATE_COMPILE_DATE "2019-06-19" #define sGATE_COMPILE_DATE "2019-07-01"
#define sGATE_COMPILE_TIME "14:18:13" #define sGATE_COMPILE_TIME "15:35:38"
#define sGATE_COMPILE_MAJOR "20190619" #define sGATE_COMPILE_MAJOR "20190701"
#define sGATE_COMPILE_SUB "141813" #define sGATE_COMPILE_SUB "153538"
#define sGATE_COMPILE_BY "hx" #define sGATE_COMPILE_BY "cl"
#define sGATE_COMPILE_HOST "esgwdev01" #define sGATE_COMPILE_HOST "esgwdev01"
#define sGATE_GIT_TAGS "c0ad51e6f-dev" #define sGATE_GIT_TAGS "04133f0f7-dev"
#define sGATE_GIT_VERS "c0ad51e6f27589e51268ec92a14ee1cb701a2d5f" #define sGATE_GIT_VERS "04133f0f7cad6fabd1a324918adcfb64e06e150f"

6
Common/s2j/s2j.h
View File

@ -82,7 +82,6 @@ extern "C" {
/* s2j.c */ /* s2j.c */
//extern S2jHook s2jHook; //extern S2jHook s2jHook;
S2jHook s2jHook = { S2jHook s2jHook = {
.malloc_fn = malloc, .malloc_fn = malloc,
.free_fn = free, .free_fn = free,
@ -91,6 +90,11 @@ S2jHook s2jHook = {
static void s2j_init(S2jHook *hook) static void s2j_init(S2jHook *hook)
{ {
/* initialize cJSON library */ /* initialize cJSON library */
if(hook == NULL)
{
hook = &s2jHook;
}
cJSON_InitHooks((cJSON_Hooks *)hook); cJSON_InitHooks((cJSON_Hooks *)hook);
/* initialize hooks */ /* initialize hooks */
if (hook) { if (hook) {

13
Makefile
View File

@ -28,9 +28,9 @@ MAKE_FLAGS += -j$(shell cat /proc/cpuinfo | grep processor | wc -l)
endif endif
endif endif
.PHONY : demo conntrack netlink trace openrpc configm redismq .PHONY : demo conntrack netlink trace openrpc configm redismq authdemo
all: demo conntrack netlink trace openrpc configm redismq all: demo conntrack netlink trace openrpc configm redismq authdemo
ifeq ($(OPT), install) ifeq ($(OPT), install)
#$(shell `find ../release -name "*.zip" -delete`) #$(shell `find ../release -name "*.zip" -delete`)
@ -138,6 +138,15 @@ else
$(MLOG)make all $(MAKE_FLAGS) -C Platform/build -f user.configmtest.Makefile MLOG=$(MLOG) DISABLE_WARRING=$(DIS_BUILD_WARRING) MAKE_TARGET=configmtest $(MLOG)make all $(MAKE_FLAGS) -C Platform/build -f user.configmtest.Makefile MLOG=$(MLOG) DISABLE_WARRING=$(DIS_BUILD_WARRING) MAKE_TARGET=configmtest
endif endif
authdemo:
ifeq ($(OPT), clean)
$(MLOG)make $(MAKE_FLAGS) -C Platform/build -f user.authfree.Makefile cleanall MLOG=$(MLOG) MAKE_TARGET=authfree
else ifeq ($(OPT), install)
$(MLOG)make $(MAKE_FLAGS) -C Platform/build -f user.authfree.Makefile install DIR=$(DIR) MLOG=$(MLOG) MAKE_TARGET=authfree
else
$(MLOG)make all $(MAKE_FLAGS) -C Platform/build -f user.authfree.Makefile MLOG=$(MLOG) DISABLE_WARRING=$(DIS_BUILD_WARRING) MAKE_TARGET=configm
endif
redismq: redismq:
ifeq ($(OPT), clean) ifeq ($(OPT), clean)
$(MLOG)make $(MAKE_FLAGS) -C Platform/build -f user.redismq.Makefile cleanall MLOG=$(MLOG) MAKE_TARGET=redismq $(MLOG)make $(MAKE_FLAGS) -C Platform/build -f user.redismq.Makefile cleanall MLOG=$(MLOG) MAKE_TARGET=redismq

78
Platform/build/user.authfree.Makefile Executable file
View File

@ -0,0 +1,78 @@
# target name, the target name must have the same name of c source file
TARGET_NAME=authfree
# target
# for linux module driver: KO
# for application: EXE
# for dynamic library: DLL
TARGET_TYPE = EXE
# target object
# for application: APP
# for device driver: DRV
TARGET_OBJ = APP
# custom install dir
TARGET_BOX =
#debug mode or release mode
DEBUG = TRUE
PLAT_LINUX ?= TRUE
PLAT_ARM64 ?= FALSE
VPATH = ../user/configm/config-server/ipconfig
# source code
# set the source file, don't used .o because of ...
COMMON_SRCS = authfree.c
# MRS Board Source Files
PLAT_LINUX_SRCS = $(COMMON_SRCS)
PLAT_ARM64_SRCS = $(COMMON_SRCS)
# gcc CFLAGS
PLAT_ARM64_CFLAGS := -I../user/configm/config-server/include -I../../Common -I../common/configm -I../common/rpc -I../common/rpc/hashtable
PLAT_LINUX_CFLAGS := $(PLAT_ARM64_CFLAGS)
PLAT_ARM64_LDFLAGS :=
PLAT_LINUX_LDFLAGS :=
#gcc libs
ARM64_LIBS := -lcjson ../thirdparty/arm64/libev-arm64.so ./libopenrpc-arm64.so ./libnetlinku-arm64.so -lpthread -lm
LINUX_LIBS := -lcjson ../thirdparty/x86_64/libev-linux.so ./libopenrpc-linux.so ./libnetlinku-linux.so -lpthread -lm
ifeq ($(PLAT_ARM64), TRUE)
DEPEND_LIB += ../thirdparty/arm64/libev-arm64.so ./debug/libopenrpc-arm64.so
USER_CLEAN_ITEMS += ./libopenrpc-arm64.so
endif
ifeq ($(PLAT_LINUX), TRUE)
DEPEND_LIB += ../thirdparty/x86_64/libev-linux.so ./debug/libopenrpc-linux.so
USER_CLEAN_ITEMS += ./libopenrpc-linux.so
endif
# this line must be at below of thus, because of...
include ../../Common/common.Makefile
ifneq ($(MAKECMDGOALS), clean)
ifneq ($(MAKECMDGOALS), cleanall)
ifneq ($(notdir $(DEPEND_LIB)), $(wildcard $(DEPEND_LIB)))
$(shell $(CP) $(DEPEND_LIB) ./)
endif
endif
endif
ifeq ($(MAKECMDGOALS), )
$(shell find ./ -name "$(TARGET)-*.ko" -delete)
else
ifeq ($(MAKECMDGOALS), all)
$(shell find ./ -name "$(TARGET)-*.ko" -delete)
endif
endif

BIN
Platform/common/configm/configmapi Normal file
View File

Binary file not shown.

2
Platform/common/configm/configmapi.h
View File

@ -1,7 +1,7 @@
#ifndef CONFIGMAPI_H_ #ifndef CONFIGMAPI_H_
#define CONFIGMAPI_H_ #define CONFIGMAPI_H_
#include "rpc_common.h" #include "../rpc/rpc_common.h"
#define CONFIG_FROM_WEB 0x00000001 #define CONFIG_FROM_WEB 0x00000001
#define CONFIG_FROM_NETOPEER 0x00000010 #define CONFIG_FROM_NETOPEER 0x00000010

2
Platform/common/rpc/rpc_conn.h
View File

@ -9,7 +9,7 @@
#define RPC_CONN_H_ #define RPC_CONN_H_
#include "rpc_common.h" #include "rpc_common.h"
#include <ev.h> #include "ev.h"
struct _rpc_conn { struct _rpc_conn {
int sfd; int sfd;

50
Platform/user/configm/config-server/include/authfree.h Normal file
View File

@ -0,0 +1,50 @@
#ifndef FREEAUTH_H_
#define FREEAUTH_H_
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <errno.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <sys/ioctl.h>
#include <net/if.h>
#include "../../../../common/rpc/rpc_common.h"
#define DPORT_MIN_NUM 0
#define DPORT_MAX_NUM 65535
/*配置消息 */
typedef struct {
uint32_t sip;
uint32_t dip;
int dport;
char name[32];
}freeauth_configure_t;
/*全局变量初始化 失败为1 成功为0*/
int Init(freeauth_configure_t *localuser);
/* 判断IPv4格式是否正确*/
int isIpV4Addr(const char *ipAddr);
/*下发配置到内核态 */
int set_freeauthcfg_waitack(freeauth_configure_t *struct_freeauth);
/*判断免认证规则源IP地址、目的IP地址是否有效判断端口号是否有效 */
ret_code freeauth_config_chk(uint source, uint config_type,
pointer input, int input_len,
pointer output, int *output_len);
/*免认证规则有效将免认证规则通过netlink下发到内核态 */
int freeauth_config_proc(uint source, uint config_type,
pointer input, int input_len,
pointer output, int *output_len);
#endif

88
Platform/user/configm/config-server/include/configm.h.bak Normal file
View File

@ -0,0 +1,88 @@
#ifndef CONFIGM_H_
#define CONFIGM_H_
#include "../../../../common/rpc/rpc_common.h"
#include "ipconfig.h"
#include "../../../../common/configm/configmapi.h"
/* 类型定义 */
/* IP CONFIG */
#define IPCONFIG_MODULE 0x00000001
/*FREEAUTH CONFIGURE */
#define FREEAUTH_MODULE 0x00000002
/* config id define*/
#define IPCONFIG_V4 (uint64)((uint64)IPCONFIG_MODULE<<32|1)
#define FREEAUTH (uint64)((uint64)FREEAUTH_MODULE<<32|1
/*
1ID
2,
WEB
3
4
5
6
7
8
*/
#define CONFIG_SERVICE_ARRAY \
{ \
{\
IPCONFIG_V4, \
CONFIG_FROM_WEB|CONFIG_FROM_NETOPEER, \
FALSE, \
FALSE, \
ip_config_chk, \
ip_config_proc, \
ip_config_get, \
ip_config_get_all \
},\
{\
FREEAUTH, \
CONFIG_FROM_WEB|CONFIG_FROM_NETOPEER, \
TRUE, \
FALSE, \
freeauth_config_chk, \
freeauth_config_proc, \
freeauth_config_get, \
freeauth_config_get_all \
}\
}
typedef ret_code (*cm_config_chk)(uint source, uint config_type,
pointer input, int input_len,
pointer output, int *output_len);
typedef ret_code (*cm_config_proc)(uint source, uint config_type,
pointer input, int input_len,
pointer output, int *output_len);
typedef ret_code (*cm_config_get)(uint source,
pointer input, int input_len,
pointer output, int *output_len);
typedef ret_code (*cm_config_get_all)(uint source, uint64 config_id,
pointer output, short *single_len,
int *output_len);
/* 配置注册 */
struct _config_service {
uint64 config_id; /* 配置ID全局唯一用于寻找对应的配置业务*/
uint config_src; /* 配置源检查,全局唯一,用于寻找对应的配置业务,从低位到高位第一位表示web后续配置扩展 */
boolean recovery; /* 配置恢复处理函数如果为FALSE则不进行配置恢复 */
boolean multi_inst; /* 是否是多实例 */
cm_config_chk chk_callback; /* 配置校验回调函数 */
cm_config_proc proc_callback; /* 配置接口 */
cm_config_get get_callback; /* 获取配置接口 */
cm_config_get_all getall_callback; /* 获取所有配置接口 */
};
typedef struct _config_service config_service_t;
#endif /* RPC_COMMON_H_ */

236
Platform/user/configm/config-server/ipconfig/authfree.c Normal file
View File

@ -0,0 +1,236 @@
#include "../../../../common/rpc/rpc.h"
#include "../include/parsefile.h"
#include "../include/configm.h"
#include "../../../netlink_uapi/libnetlinku.h"
#include "../include/authfree.h"
#include <cjson/cJSON.h>
#include "s2j/s2j.h"
#include "../../../../../Common/commuapinl.h"
#ifdef FREEAUTH_ACK_COOKIES
#define CFG_FREEAUTH_ACK_COOKIES
#endif
/*全局变量,存放用户信息 */
freeauth_configure_t *localuser;
/*全局变量初始化 失败为1 成功为0*/
int Init(freeauth_configure_t *localuser)
{
localuser = (freeauth_configure_t *)malloc(sizeof * localuser);
if (NULL == localuser)
{
return 1;
}
return 0;
}
/* 判断IPv4格式是否正确*/
int isIpV4Addr(const char *ipAddr)
{
int ip_part_1 = 0;
int ip_part_2 = 0;
int ip_part_3 = 0;
int ip_part_4 = 0;
char end_char = 0;
if((NULL == ipAddr) || (0 == strlen(ipAddr)))
{
return -1;
}
if(4 == sscanf(ipAddr,"%d.%d.%d.%d%c",&ip_part_1,&ip_part_2,&ip_part_3,&ip_part_4,&end_char))
{
if((ip_part_1 >= 0) && (ip_part_1 <= 255) &&
(ip_part_2 >= 0) && (ip_part_2 <= 255) &&
(ip_part_3 >= 0) && (ip_part_3 <= 255) &&
(ip_part_4 >= 0) && (ip_part_4 <= 255)
)
{
return 0;
}
}
return -1;
}
/*下发配置到内核态 */
int set_freeauthcfg_waitack(freeauth_configure_t *struct_freeauth)
{
int freeauth_len = 0;
struct nlmsghdr *ack = NULL;
struct nlmsghdr **answer = &ack;
struct{
struct nlmsghdr n;
char buf[1024];
} req ={
.n.nlmsg_len = NLMSG_LENGTH(0),
#ifdef CFG_FREEAUTH_ACK_COOKIES
.n.nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK,/*set NLM_F_ACKuse kernel auto ack*/
#else
.n.nlmsg_flags = NLM_F_REQUEST, /*not use kernel auto ack */
#endif
.n.nlmsg_type = FREEAUTH_CFG,
.n.nlmsg_pid = getpid(),
};
/*判断要发送的数据是否为NULL,不为NULL,打印出来 */
if (struct_freeauth == NULL)
{
printf("set_freeauthcfg_waitack is error: input struct_freeauth is NULL.\r\n");
return -1;
}else
{
char str[32];
inet_ntop(AF_INET, (void *)&struct_freeauth->sip, str, 32);
char *sip_addr = str;
char dtr[32];
inet_ntop(AF_INET, (void *)&struct_freeauth->dip, dtr, 32);
char *dip_addr = dtr;
printf("set_freeauthcfg_waitack :name %s sip %s dip %s dport %d\n",
struct_freeauth->name, sip_addr, dip_addr,
struct_freeauth->dport);
}
/*计算需要发送的数据的长度 */
freeauth_len = sizeof(freeauth_configure_t);
/*可选属性 */
commnl_addattr_l(&req.n, sizeof(req), 1, struct_freeauth, freeauth_len);
/*发送组装好的netlink消息 */
if(pdeliv_talk(1, &req.n, answer) < 0)
{
printf("set_user_freeauth_waitack rcv ack msg faild.\r\n");
return -2;
}
else
{
printf("set_user_freeauth_waitack rcv ack msg success.\r\n");
}
if(*answer != NULL)
{
printf("set_user_freeauth_waitack rcv answer.\r\n");
}
else{
printf("set_user_freeauth_waitack rcv answer error.\r\n");
return -3;
}
#ifdef CFG_FREEAUTH_ACK_COOKIES
/*recv answer*/
if((*answer)->nlmsg_type == NLMSG_ERROR){
nl_debugfs_extack(*answer);
}
#else
/*recv answer*/
if((*answer)->nlmsg_type == FREEAUTH_CFG)
{
nl_debugfs(*answer);
}
#endif
return 0;
}
/*判断免认证规则源IP地址、目的IP地址是否有效判断端口号是否有效 */
ret_code freeauth_config_chk(uint source, uint config_type,
pointer input, int input_len,
pointer output, int *output_len)
{
ret_code ret = RET_OK;
freeauth_configure_t *struct_freeauth;
struct_freeauth = (freeauth_configure_t *)input;
if(input_len < sizeof(freeauth_configure_t) )
{
ret = RET_INPUTERR;
}
char str[32];
inet_ntop(AF_INET, (void *)&struct_freeauth->sip, str, 32);
char *sip_addr = str;
if( isIpV4Addr(sip_addr) < 0 )
{
ret = RET_IPINVALID;
}
char dtr[32];
inet_ntop(AF_INET, (void *)&struct_freeauth->dip, dtr, 32);
char *dip_addr = dtr;
if( isIpV4Addr(dip_addr) < 0 )
{
ret = RET_IPINVALID;
}
if ( (struct_freeauth->dport < DPORT_MIN_NUM) && (struct_freeauth->dport > DPORT_MAX_NUM ))
{
ret = RET_IPINVALID; /*先用IPVAILD表示后面加PORTVAILD */
}
ASSERT_RET(ret);
return RET_OK;
}
/*免认证规则有效将免认证规则通过netlink下发到内核态 */
int freeauth_config_proc(uint source, uint config_type,
pointer input, int input_len,
pointer output, int *output_len)
{
ret_code ret = RET_OK;
int code;
freeauth_configure_t *struct_freeauth;
struct_freeauth = (freeauth_configure_t *)input;
char str[32];
inet_ntop(AF_INET, (void *)&struct_freeauth->sip, str, 32);
char *sip_addr = str;
char dtr[32];
inet_ntop(AF_INET, (void *)&struct_freeauth->dip, dtr, 32);
char *dip_addr = dtr;
rpc_log_info("freeauth configure: name %s sip %s dip %s dport %d\n",
struct_freeauth->name,sip_addr, dip_addr, struct_freeauth->dport);
/*用户态下发到内核态auth_hook */
int ret1 = -1;
printf("cfgchannel main begin:\r\n");
/*创建通道 */
ret1 = commcfgnl_open();
if(ret1 < 0)
{
printf(" pdlivnl_open fail, exit.\r\n");
return -1;
}
/*下发配置到内核态 */
ret1 = set_freeauthcfg_waitack(struct_freeauth);
if(ret1 < 0)
{
printf("set_cfg_debug_waitack failed.\r\n");
return -1;
}
/*关闭netlink通道 */
commcfgnl_close();
printf("cfgchannel main exit!\r\n");
/*把免认证规则的配置信息存入全局变量 */
localuser = struct_freeauth;
return 0;
}