cmhi
/
secgateway
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Mod aaa-12 修改用户认证测试问题 

RCA:
SOL:
修改人:chenling
检视人:
This commit is contained in:
ChenLing 2019-09-11 19:40:26 +08:00
parent dcdab474d8
commit 460cbab8c1
7 changed files with 144 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Platform/user/configm/config-server/web_config/auth_parameters.c
View File

@ -114,7 +114,7 @@ int set_agingtimecfg_waitack(int *agingtime)
return 0;
}
/*检查IP地址是否有效端口号是否被占用 */
/*检查IP地址是否有效端口号是否被占用 0是未被占用 */
int _valid_port(int port)
{
int fd;
@ -123,7 +123,7 @@ int _valid_port(int port)
fd = socket(AF_INET, SOCK_STREAM, 0); /*初始化*/
if(fd == -1) { /*检查是否正常初始化socket */
return -1;
return 1;
}
addr.sin_family = AF_INET; /*地址结构的协议簇 */
@ -135,7 +135,7 @@ int _valid_port(int port)
if(i < 0) {
printf("port %d has been used. \n", port);
return -1;
return 1;
}
return 0;
@ -315,6 +315,8 @@ ret_code authpara_config_mod_proc(uint source, uint config_type,
err_msg = "老化时间无效";
} else if((auth_parameters->port < PARA_DPORT_MIN_NUM) || (auth_parameters->port > PARA_DPORT_MAX_NUM)) {
err_msg = "认证端口无效";
}else if( 1 == _valid_port(auth_parameters->port)){
err_msg = "认证端口被占用";
}
if(err_msg != NULL) {
@ -331,7 +333,7 @@ ret_code authpara_config_mod_proc(uint source, uint config_type,
}
/*将json对象转换成json字符串 返回处理结果*/
cJSON_AddNumberToObject(res, "resultcode", 1);
cJSON_AddNumberToObject(res, "resultcode", MOD_AUTHPARA_FAIL);
cJSON_AddStringToObject(res, "message", err_msg);
ret_char = cJSON_PrintUnformatted(res);
ret_int = strlen(ret_char);
@ -477,7 +479,7 @@ ret_code authpara_config_get_proc(uint source, uint config_type,
}
/*将json对象转换成json字符串 返回处理结果*/
cJSON_AddNumberToObject(res, "resultcode", 2);
cJSON_AddNumberToObject(res, "resultcode", GET_AUTHPARA_SUCCESS);
cJSON_AddStringToObject(res, "message", "get success");
cJSON_AddStringToObject(res, "data", ret_data);
ret_char = cJSON_PrintUnformatted(res);

73
Platform/user/configm/config-server/web_config/authfree.c
View File

@ -48,7 +48,7 @@ int isIpV4Addr(const char *ipAddr)
int isMulticastAddr(uint32_t address)
{
uint32_t addressInNetwork = htonl(address);
printf("%ld\n", addressInNetwork);
printf("%d\n", addressInNetwork);
if((addressInNetwork > 0xE00000FF) && (addressInNetwork <= 0xEFFFFFFF))
{
printf("ip is multicast\n");
@ -561,7 +561,7 @@ ret_code freeauth_config_add_proc(uint source, uint config_type,
}
/*将json对象转换成json字符串 返回处理结果*/
cJSON_AddNumberToObject(res, "resultcode", 2);
cJSON_AddNumberToObject(res, "resultcode", 1);
cJSON_AddStringToObject(res, "message", err_msg);
ret_char = cJSON_PrintUnformatted(res);
ret_int = strlen(ret_char);
@ -603,7 +603,7 @@ ret_code freeauth_config_add_proc(uint source, uint config_type,
}
/*将json对象转换成json字符串 返回处理结果*/
cJSON_AddNumberToObject(res, "resultcode", 2);
cJSON_AddNumberToObject(res, "resultcode", 1);
cJSON_AddStringToObject(res, "message", "免认证规则名已存在");
ret_char = cJSON_PrintUnformatted(res);
ret_int = strlen(ret_char);
@ -699,6 +699,7 @@ ret_code freeauth_config_mov_proc(uint source, uint config_type,
pointer output, int *output_len)
{
int i;
int num;
int cnt;
cJSON *res;
authfree_result_t authfree_result;
@ -717,25 +718,58 @@ ret_code freeauth_config_mov_proc(uint source, uint config_type,
freeauth_mov_json_parse(input, &conf_type, rule_mod);
printf("%s %d\n", rule_mod->name, rule_mod->after);
/*判断一些目前全局变量存的数量 移动的数需要约束*/
for(i = 0; i < RULE_MAX_NUM; i++) {
printf("the name is :%s\n", freeauth_array[i].name);
if(0 == strlen(freeauth_array[i].name)) {
printf("[%d]\n", i);
if ((rule_mod->after > i) || (rule_mod->after < 0))
{
printf("mov number is not vaild");
return RET_ERR;
}
break;
}
}
if(input_len < sizeof(rule_mod_t)) {
return RET_INPUTERR;
}
/*判断一些目前全局变量存的数量 移动的数需要约束*/
for(i = 0; i < RULE_MAX_NUM; i++) {
if (0 == strlen(freeauth_array[i].name))
{
printf("the name is :%s i:%d\n", freeauth_array[i].name, i);
break;
}
}
num = i + 1;
if ((rule_mod->after > num) || (rule_mod->after < 0))
{
printf("mov number is not vaild\n");
/*创建json对象 */
res = cJSON_CreateObject();
if(!res) {
return RET_ERR;
}
/*将json对象转换成json字符串 返回处理结果*/
cJSON_AddNumberToObject(res, "resultcode", 11);
cJSON_AddStringToObject(res, "message", "移动规则失败");
ret_char = cJSON_PrintUnformatted(res);
ret_int = strlen(ret_char);
if(output_len) {
*output_len = ret_int + 1;
}
/*超出2k的内存报错 */
if(ret_int >= 1024 * 2) {
free(ret_char);
cJSON_Delete(res);
return RET_NOMEM;
}
memcpy(output, ret_char, ret_int);
free(ret_char);
cJSON_Delete(res);
return RET_ERR;
}
printf("打印全局数组内全部元素\n");
/*打印数组内全部元素*/
for(i = 0; i < RULE_MAX_NUM; i++)
@ -905,7 +939,6 @@ ret_code freeauth_config_mod_proc(uint source, uint config_type,
/*查找要增加的未认证权限是否重名 该名字不存在 则退出程序 */
for(i = 0; i < RULE_MAX_NUM; i++) {
/*两个字符串相等 strcmp值为0*/
printf("hello\n");
if(0 == strcmp(freeauth_array[i].name, freeauth_configure->name)) {
printf("%s(%d) freeauth_array[%d] = %p\n", __FUNCTION__, __LINE__, i, &freeauth_array[i]);

5
Platform/user/configm/config-server/web_config/authfree.h
View File

@ -63,6 +63,11 @@ typedef struct {
/* 判断IPv4格式是否正确*/
int isIpV4Addr(const char *ipAddr);
/*组播报文的目的地址使用D类IP地址范围是从224.0.1.0到239.255.255.255*/
int isMulticastAddr(uint32_t address);
/*判断ip地址是广播地址 255.255.255.255*/
int isBroadcastIpV4Addr(const char *ipAddr);
/*下发配置到内核态 */
int set_freeauthcfg_waitack(freeauth_configure_t *struct_freeauth);

39
Platform/user/configm/config-server/web_config/config-adm/user_authfree.c
View File

@ -12,7 +12,7 @@ extern void * auth_hdbc;
static char *authfreemes[] = {"添加规则成功", "添加规则失败", "规则名已存在", "修改规则成功",
"修改规则失败", "未发现规则名称", "删除规则成功", "删除规则失败", "免认证规则数量达到最大值",
"内存数据已满","移动规则成功" , "查询规则成功","删除所有规则成功"
"内存数据已满", "移动规则成功" , "移动规则失败", "查询规则成功","删除所有规则成功"
};
static char *get_sql_ret_message(SQL_RET_CODE code)
@ -84,6 +84,7 @@ void add_authfree(int rule_priority, char *name, uint32_t sip, uint32_t dip, int
/*添加成功*/
authfree_result->resultcode = ADD_RULE_OK;
authfree_result->message = get_sql_ret_message(authfree_result->resultcode);
return;
}
@ -274,6 +275,7 @@ void mov_authfree(char *name, int after_arry, authfree_result_t *authfree_result
/*移动成功*/
authfree_result->resultcode = MOV_RULE_SUCCESS;
authfree_result->message = get_sql_ret_message(authfree_result->resultcode);
return;
}
@ -397,13 +399,40 @@ void del_authfree(char *name, authfree_result_t *authfree_result)
void mod_authfree(int rule_priority, char *name, uint32_t sip, uint32_t dip, int dport, int flag, authfree_result_t *authfree_result)
{
int i;
char *err_msg = NULL;
char str[INET_ADDRSTRLEN];
char dtr[INET_ADDRSTRLEN];
if(NULL == authfree_result) {
return;
}
if(is_rule_full()) {
authfree_result->resultcode = RULE_FULL;
authfree_result->message = get_sql_ret_message(authfree_result->resultcode);
memset(str, 0, INET_ADDRSTRLEN);
inet_ntop(AF_INET,&sip, str, sizeof(str));
memset(dtr, 0, INET_ADDRSTRLEN);
inet_ntop(AF_INET,&dip, dtr, sizeof(dtr));
/*判断输入参数是否有效 优先级和免认证权限名不修改*/
if ( 1 == isIpV4Addr(str)) {
err_msg = "源IP地址无效";
} else if( 1 == isBroadcastIpV4Addr(str)) {
err_msg = "源IP地址是广播地址";
} else if(0 == isMulticastAddr(sip)) {
err_msg = "源IP地址是组播地址";
}else if ( 1 == isIpV4Addr(dtr)) {
err_msg = "目的IP地址无效";
} else if( 1 == isBroadcastIpV4Addr(dtr)) {
err_msg = "目的IP地址是广播地址";
} else if(0 == isMulticastAddr(dip)) {
err_msg = "目的IP地址是组播地址";
}else if((dport < DPORT_MIN_NUM) || (dport > DPORT_MAX_NUM)) {
err_msg = "免认证规则端口无效";
}
if(err_msg != NULL) {
authfree_result->resultcode = MOD_RULE_ERR;
strncpy(authfree_result->message, err_msg, 60);
return;
}
@ -433,6 +462,7 @@ void mod_authfree(int rule_priority, char *name, uint32_t sip, uint32_t dip, int
/*修改成功*/
authfree_result->resultcode = MOD_RULE_OK;
authfree_result->message = get_sql_ret_message(authfree_result->resultcode);
return;
}
@ -465,4 +495,5 @@ void del_all_authfree(char *name, authfree_result_t *authfree_result)
/*删除成功*/
authfree_result->resultcode = ALLRULE_DEL_SUCCESS;
authfree_result->message = get_sql_ret_message(authfree_result->resultcode);
return;
}

44
Platform/user/configm/config-server/web_config/config-adm/user_authpara.c
View File

@ -14,7 +14,7 @@
extern auth_parameters_t *auth_para;
extern void * auth_hdbc;
char * mes[]={"修改成功", "修改失败", "查询成功", "查询失败"};
char * mes[]={"修改成功", "修改失败", "查询成功", "查询失败", "数据库修改成功", "数据库修改失败"};
/*前端type类型只有修改修改数据库中的内容返回值为code message——修改成功 修改失败*/
void mod_authpara(int port, int timehorizon, int failcount, int locktime, int aging_time, configure_result_t *configure_result)
@ -24,6 +24,7 @@ void mod_authpara(int port, int timehorizon, int failcount, int locktime, int ag
int ret;
int num;
int r = -1;
char* err_msg = NULL;
if (NULL == configure_result)
{
@ -51,7 +52,7 @@ void mod_authpara(int port, int timehorizon, int failcount, int locktime, int ag
{
/* 存authpara表 默认值 */
char *user1_authpara = "INSERT INTO authparas SET port = 8081, timehorizon = 1, failcount = 5, locktime = 10, aging_time = 10";
int ret_addauthpara = update_database(AUTHRECOVER_DATABASE_ID, auth_hdbc, DB_OP_INSERT, AUTHPARA_TABLE, user1_authpara, 0);
int ret_addauthpara = update_database(AUTHRECOVER_DATABASE_ID, auth_hdbc, DB_OP_INSERT, AUTHPARA_TABLE, user1_authpara, 0);
if(0 != ret_addauthpara)
{
configure_result->resultcode = 1;
@ -60,23 +61,48 @@ void mod_authpara(int port, int timehorizon, int failcount, int locktime, int ag
}
}
long long value[5] = {port, timehorizon, failcount, locktime, aging_time};
char *user_authpara = "UPDATE authparas SET port = ?, timehorizon = ?, failcount = ?, locktime = ?, aging_time = ?";
ret = update_database(AUTHRECOVER_DATABASE_ID, auth_hdbc, DB_OP_UPDATE, AUTHPARA_TABLE, user_authpara, 5,
DB_DATA_INT_TYPE, sizeof(port), port,
DB_DATA_INT_TYPE, sizeof(timehorizon), timehorizon,
DB_DATA_INT_TYPE, sizeof(failcount), failcount,
DB_DATA_INT_TYPE, sizeof(locktime), locktime,
DB_DATA_INT_TYPE, sizeof(aging_time), aging_time);
DB_DATA_INT_TYPE, sizeof(value[0]), value[0],
DB_DATA_INT_TYPE, sizeof(value[0]), value[1],
DB_DATA_INT_TYPE, sizeof(value[0]), value[2],
DB_DATA_INT_TYPE, sizeof(value[0]), value[3],
DB_DATA_INT_TYPE, sizeof(value[0]), value[4]);
rpc_log_info("upgrade: port: %d(%lu), failcount: %d(%lu)\n", port, sizeof(port), failcount, sizeof(failcount));
printf("the value of ret:%d\n", ret);
if(0 != ret)
{
//disconnect_database(AUTHPARA_DATABASE_ID , authpara_hdbc); // ret_release记录日志
configure_result->resultcode = 1;
configure_result->resultcode = MODAUTHPARE_FAIL_DATABASE;
configure_result->message = mes[configure_result->resultcode];
return;
}
/*修改的时候判断修改的参数是否有效*/
if((timehorizon < HORIZON_MIN_VALUE) || (timehorizon > HORIZON_MAX_VALUE)) {
err_msg = "认证时间范围无效";
} else if((failcount < FAIL_MIN_NUM) || (failcount > FAIL_MAX_NUM)) {
err_msg = "失败次数无效";
} else if((locktime < LOCK_MIN_TIME) || (locktime > LOCK_MAX_TIME)) {
err_msg = "锁定时间无效";
} else if((aging_time < AGINGTIME_MIN_NUM) || (aging_time > AGINGTIME_MAX_NUM)) {
err_msg = "老化时间无效";
} else if((port < PARA_DPORT_MIN_NUM) || (port > PARA_DPORT_MAX_NUM)) {
err_msg = "认证端口无效";
} else if( 1 == _valid_port(port)){
err_msg = "认证端口被占用";
}
if(err_msg != NULL) {
configure_result->resultcode = MOD_AUTHPARA_FAIL;
strncpy(configure_result->message, err_msg, 60);
return;
}
/*存全局变量*/
auth_para->port = port;
auth_para->timehorizon = timehorizon;
@ -87,7 +113,7 @@ void mod_authpara(int port, int timehorizon, int failcount, int locktime, int ag
printf("[%d %d %d %d %d]\n", auth_para->port, auth_para->timehorizon, auth_para->failcount,
auth_para->locktime, auth_para->aging_time);
configure_result->resultcode = 0;
configure_result->resultcode = MOD_AUTHPARA_SUCCESS;
configure_result->message = mes[configure_result->resultcode];
return;
}

5
Platform/user/configm/config-server/web_config/include/user_authfree.h
View File

@ -23,8 +23,9 @@ typedef enum {
RULE_ID_MAX = 8,
RULE_FULL = 9,
MOV_RULE_SUCCESS = 10,
GET_RELE_SUCCESS = 11,
ALLRULE_DEL_SUCCESS = 12,
MOV_RULE_FAIL = 11,
GET_RULE_SUCCESS = 12,
ALLRULE_DEL_SUCCESS = 13,
CODE_MAX,
} SQL_RET_CODE;

11
Platform/user/configm/config-server/web_config/include/user_authpara.h
View File

@ -4,11 +4,12 @@
#include <stdint.h>
#include "../Platform/user/configm/config-server/web_config/auth_parameters.h"
#define ADDUSER_FAIL_NAMEDUP 4 //用户名重名
#define MODAUTHPARA_SUCCESS 0 //修改认证信息成功
#define MODAUTHPARE_FAIL_DATABASE 1 //修改数据库信息失败
#define MOD_AUTHPARA_SUCCESS 0 //修改成功
#define MOD_AUTHPARA_FAIL 1 //修改失败
#define GET_AUTHPARA_SUCCESS 2 //查询成功
#define GET_AUTHPARA_FAIL 3 //查询失败
#define MODAUTHPARE_SUCCESS_DATABASE 4 //修改数据库信息成功
#define MODAUTHPARE_FAIL_DATABASE 5 //修改数据库信息失败
/*前端type类型为修改修改数据库中的内容返回值为code message——修改成功 修改失败*/
/*修改认证参数*/