From 8756177690921181cd3b36812465ada540797752 Mon Sep 17 00:00:00 2001 From: ChenLing Date: Tue, 10 Sep 2019 11:01:23 +0800 Subject: [PATCH] =?UTF-8?q?Mod=20=20aaa-12=20=E4=BF=AE=E6=94=B9=E7=94=A8?= =?UTF-8?q?=E6=88=B7=E8=AE=A4=E8=AF=81-=E9=85=8D=E7=BD=AE=E7=AE=A1?= =?UTF-8?q?=E7=90=86=20RCA=EF=BC=9A=20SOL=EF=BC=9A=20=E4=BF=AE=E6=94=B9?= =?UTF-8?q?=E4=BA=BA=EF=BC=9Achenling=20=E6=A3=80=E8=A7=86=E4=BA=BA?= =?UTF-8?q?=EF=BC=9A?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../web_config/auth_parameters.c | 184 ++++++++++++++++- .../config-server/web_config/authfree.c | 189 ++++++++++++++++-- .../web_config/config-adm/user_authpara.c | 4 +- 3 files changed, 353 insertions(+), 24 deletions(-) diff --git a/Platform/user/configm/config-server/web_config/auth_parameters.c b/Platform/user/configm/config-server/web_config/auth_parameters.c index cbdd8fe90..f28a1bf80 100644 --- a/Platform/user/configm/config-server/web_config/auth_parameters.c +++ b/Platform/user/configm/config-server/web_config/auth_parameters.c @@ -305,39 +305,209 @@ ret_code authpara_config_mod_proc(uint source, uint config_type, /*判断认证范围是否有效*/ if((auth_parameters->timehorizon < HORIZON_MIN_VALUE) || (auth_parameters->timehorizon > HORIZON_MAX_VALUE)) { - free(auth_parameters); + char *ret_char = NULL; + unsigned int ret_int = 0; + cJSON *res; + printf("timehorizon is not vaild\n"); + /*创建json对象 */ + res = cJSON_CreateObject(); + + if(!res) { + ret = RET_ERR; + return ret; + } + + /*将json对象转换成json字符串 返回处理结果*/ + cJSON_AddNumberToObject(res, "resultcode", 1); + cJSON_AddStringToObject(res, "message", "timehorizon is not vaild"); + ret_char = cJSON_PrintUnformatted(res); + ret_int = strlen(ret_char); + + if(output_len) { + *output_len = ret_int + 1; + } + + /*超出2k的内存,报错 */ + if(ret_int >= 1024 * 2) { + free(ret_char); + cJSON_Delete(res); + return RET_NOMEM; + } + + memcpy(output, ret_char, ret_int); + + free(auth_parameters); + free(ret_char); + cJSON_Delete(res); + return RET_INPUTERR; } /*判断认证失败次数是否有效*/ if((auth_parameters->failcount < FAIL_MIN_NUM) || (auth_parameters->timehorizon > FAIL_MAX_NUM)) { - free(auth_parameters); + char *ret_char = NULL; + unsigned int ret_int = 0; + cJSON *res; + printf("failcount is not vaild\n"); + /*创建json对象 */ + res = cJSON_CreateObject(); + + if(!res) { + ret = RET_ERR; + return ret; + } + + /*将json对象转换成json字符串 返回处理结果*/ + cJSON_AddNumberToObject(res, "resultcode", 1); + cJSON_AddStringToObject(res, "message", "failcount is not vaild"); + ret_char = cJSON_PrintUnformatted(res); + ret_int = strlen(ret_char); + + if(output_len) { + *output_len = ret_int + 1; + } + + /*超出2k的内存,报错 */ + if(ret_int >= 1024 * 2) { + free(ret_char); + cJSON_Delete(res); + return RET_NOMEM; + } + + memcpy(output, ret_char, ret_int); + + free(auth_parameters); + free(ret_char); + cJSON_Delete(res); + return RET_INPUTERR; } /*判断锁定次数是否有效*/ if((auth_parameters->locktime < LOCK_MIN_TIME) || (auth_parameters->locktime > LOCK_MAX_TIME)) { - free(auth_parameters); + char *ret_char = NULL; + unsigned int ret_int = 0; + cJSON *res; + printf("locktime is not vaild\n"); + + /*创建json对象 */ + res = cJSON_CreateObject(); + + if(!res) { + ret = RET_ERR; + return ret; + } + + /*将json对象转换成json字符串 返回处理结果*/ + cJSON_AddNumberToObject(res, "resultcode", 1); + cJSON_AddStringToObject(res, "message", "locktime is not vaild"); + ret_char = cJSON_PrintUnformatted(res); + ret_int = strlen(ret_char); + + if(output_len) { + *output_len = ret_int + 1; + } + + /*超出2k的内存,报错 */ + if(ret_int >= 1024 * 2) { + free(ret_char); + cJSON_Delete(res); + return RET_NOMEM; + } + + memcpy(output, ret_char, ret_int); + + free(auth_parameters); + free(ret_char); + cJSON_Delete(res); return RET_INPUTERR; } /*判断老化时间是否有效*/ if((auth_parameters->aging_time < AGINGTIME_MIN_NUM) || (auth_parameters->aging_time > AGINGTIME_MAX_NUM)) { - free(auth_parameters); + char *ret_char = NULL; + unsigned int ret_int = 0; + cJSON *res; + printf("aging_time is not vaild\n"); + + /*创建json对象 */ + res = cJSON_CreateObject(); + + if(!res) { + ret = RET_ERR; + return ret; + } + + /*将json对象转换成json字符串 返回处理结果*/ + cJSON_AddNumberToObject(res, "resultcode", 1); + cJSON_AddStringToObject(res, "message", "aging_time is not vaild"); + ret_char = cJSON_PrintUnformatted(res); + ret_int = strlen(ret_char); + + if(output_len) { + *output_len = ret_int + 1; + } + + /*超出2k的内存,报错 */ + if(ret_int >= 1024 * 2) { + free(ret_char); + cJSON_Delete(res); + return RET_NOMEM; + } + + memcpy(output, ret_char, ret_int); + + free(auth_parameters); + free(ret_char); + cJSON_Delete(res); return RET_INPUTERR; } /*校验端口号*/ if((auth_parameters->port < PARA_DPORT_MIN_NUM) || (auth_parameters->port > PARA_DPORT_MAX_NUM)) { - free(auth_parameters); + char *ret_char = NULL; + unsigned int ret_int = 0; + cJSON *res; + printf("the port is error\n"); + + /*创建json对象 */ + res = cJSON_CreateObject(); + + if(!res) { + ret = RET_ERR; + return ret; + } + + /*将json对象转换成json字符串 返回处理结果*/ + cJSON_AddNumberToObject(res, "resultcode", 1); + cJSON_AddStringToObject(res, "message", "the port is error"); + ret_char = cJSON_PrintUnformatted(res); + ret_int = strlen(ret_char); + + if(output_len) { + *output_len = ret_int + 1; + } + + /*超出2k的内存,报错 */ + if(ret_int >= 1024 * 2) { + free(ret_char); + cJSON_Delete(res); + return RET_NOMEM; + } + + memcpy(output, ret_char, ret_int); + + free(auth_parameters); + free(ret_char); + cJSON_Delete(res); return RET_IPINVALID; } - + /*判断端口号是否占用*/ portresult = _valid_port(auth_parameters->port); printf("portresult:%d\n", portresult); @@ -355,7 +525,7 @@ ret_code authpara_config_mod_proc(uint source, uint config_type, } cJSON_AddNumberToObject(port, "resultcode", 1); - cJSON_AddStringToObject(port, "message", "mod failure"); + cJSON_AddStringToObject(port, "message", "port occupied"); ret_port = cJSON_PrintUnformatted(port); port_int = strlen(ret_port); diff --git a/Platform/user/configm/config-server/web_config/authfree.c b/Platform/user/configm/config-server/web_config/authfree.c index 42a3c3552..e3f3e0da1 100644 --- a/Platform/user/configm/config-server/web_config/authfree.c +++ b/Platform/user/configm/config-server/web_config/authfree.c @@ -44,7 +44,31 @@ int isIpV4Addr(const char *ipAddr) } #endif -/* 判断IPv4格式是否正确*/ +/*判断ip地址是广播地址 255.255.255.255*/ +int isBroadcastIpV4Addr(const char *ipAddr) +{ + int ip_part_1 = 0; + int ip_part_2 = 0; + int ip_part_3 = 0; + int ip_part_4 = 0; + + if((NULL == ipAddr) || (0 == strlen(ipAddr))) + { + return 1; + } + + if(4 == sscanf(ipAddr,"%d.%d.%d.%d", &ip_part_1, &ip_part_2, &ip_part_3, &ip_part_4)) + { + if((ip_part_1 = 255) &&(ip_part_2 = 255) && + (ip_part_3 = 255) &&(ip_part_4 = 255)) + { + return 0; + } + } + + return 1; +} + int isIpV4Addr(const char *ipAddr) { int ip_part_1 = 0; @@ -59,10 +83,10 @@ int isIpV4Addr(const char *ipAddr) if(4 == sscanf(ipAddr,"%d.%d.%d.%d", &ip_part_1, &ip_part_2, &ip_part_3, &ip_part_4)) { - if((ip_part_1 >= 0) && (ip_part_1 < 255) && - (ip_part_2 >= 0) && (ip_part_2 < 255) && - (ip_part_3 >= 0) && (ip_part_3 < 255) && - (ip_part_4 >= 0) && (ip_part_4 < 255)) + if((ip_part_1 >= 0) && (ip_part_1 <= 255) && + (ip_part_2 >= 0) && (ip_part_2 <= 255) && + (ip_part_3 >= 0) && (ip_part_3 <= 255) && + (ip_part_4 >= 0) && (ip_part_4 <= 255)) { return 0; } @@ -484,19 +508,86 @@ ret_code freeauth_config_add_proc(uint source, uint config_type, /* 校验用户名中不含特殊字符 */ if(SPECHAR(freeauth_configure->name)) { - free(freeauth_configure); + char *ret_char = NULL; + unsigned int ret_int = 0; + cJSON *res; + printf("username 含有特殊字符\n"); + /*创建json对象 */ + res = cJSON_CreateObject(); + + if(!res) { + free(freeauth_configure); + return RET_ERR; + } + + /*将json对象转换成json字符串 返回处理结果*/ + cJSON_AddNumberToObject(res, "resultcode", 2); + cJSON_AddStringToObject(res, "message", "username 含有特殊字符"); + ret_char = cJSON_PrintUnformatted(res); + ret_int = strlen(ret_char); + + if(output_len) { + *output_len = ret_int + 1; + } + + /*超出2k的内存,报错 */ + if(ret_int >= 1024 * 2) { + free(ret_char); + cJSON_Delete(res); + return RET_NOMEM; + } + + memcpy(output, ret_char, ret_int); + + free(ret_char); + cJSON_Delete(res); + free(freeauth_configure); + return RET_INPUTERR; } memset(str, 0, INET_ADDRSTRLEN); inet_ntop(AF_INET,&freeauth_configure->sip, str, sizeof(str)); - printf("%s\n", str); + printf("%s\n", str); /*校验源ip地址*/ - if(1 == isIpV4Addr(str)) { - free(freeauth_configure); - printf("sip is not vaild\n"); + if((1 == isIpV4Addr(str)) || (0 == isBroadcastIpV4Addr(str)) ) { + char *ret_char = NULL; + unsigned int ret_int = 0; + cJSON *res; + + printf("sip is not vaild\n"); + /*创建json对象 */ + res = cJSON_CreateObject(); + + if(!res) { + free(freeauth_configure); + return RET_ERR; + } + + /*将json对象转换成json字符串 返回处理结果*/ + cJSON_AddNumberToObject(res, "resultcode", 2); + cJSON_AddStringToObject(res, "message", "sip is not vaild"); + ret_char = cJSON_PrintUnformatted(res); + ret_int = strlen(ret_char); + + if(output_len) { + *output_len = ret_int + 1; + } + + /*超出2k的内存,报错 */ + if(ret_int >= 1024 * 2) { + free(ret_char); + cJSON_Delete(res); + return RET_NOMEM; + } + + memcpy(output, ret_char, ret_int); + + free(ret_char); + cJSON_Delete(res); + free(freeauth_configure); return RET_INPUTERR; } @@ -504,16 +595,84 @@ ret_code freeauth_config_add_proc(uint source, uint config_type, inet_ntop(AF_INET,&freeauth_configure->dip, dtr, sizeof(dtr)); /*校验目的ip地址*/ - if(1 == isIpV4Addr(dtr)) { - free(freeauth_configure); - printf("dip is not vaild\n"); + if((1 == isIpV4Addr(dtr)) || (0 == isBroadcastIpV4Addr(dtr))) { + char *ret_char = NULL; + unsigned int ret_int = 0; + cJSON *res; + + printf("dip is not vaild\n"); + /*创建json对象 */ + res = cJSON_CreateObject(); + + if(!res) { + free(freeauth_configure); + return RET_ERR; + } + + /*将json对象转换成json字符串 返回处理结果*/ + cJSON_AddNumberToObject(res, "resultcode", 2); + cJSON_AddStringToObject(res, "message", "dip is not vaild"); + ret_char = cJSON_PrintUnformatted(res); + ret_int = strlen(ret_char); + + if(output_len) { + *output_len = ret_int + 1; + } + + /*超出2k的内存,报错 */ + if(ret_int >= 1024 * 2) { + free(ret_char); + cJSON_Delete(res); + return RET_NOMEM; + } + + memcpy(output, ret_char, ret_int); + + free(ret_char); + cJSON_Delete(res); + free(freeauth_configure); + return RET_INPUTERR; } /*校验端口号*/ if((freeauth_configure->dport < DPORT_MIN_NUM) || (freeauth_configure->dport > DPORT_MAX_NUM)) { - free(freeauth_configure); - printf("the port is not vaild\n"); + char *ret_char = NULL; + unsigned int ret_int = 0; + cJSON *res; + + printf("the port is not vaild\n"); + /*创建json对象 */ + res = cJSON_CreateObject(); + + if(!res) { + free(freeauth_configure); + return RET_ERR; + } + + /*将json对象转换成json字符串 返回处理结果*/ + cJSON_AddNumberToObject(res, "resultcode", 2); + cJSON_AddStringToObject(res, "message", "port is not vaild"); + ret_char = cJSON_PrintUnformatted(res); + ret_int = strlen(ret_char); + + if(output_len) { + *output_len = ret_int + 1; + } + + /*超出2k的内存,报错 */ + if(ret_int >= 1024 * 2) { + free(ret_char); + cJSON_Delete(res); + return RET_NOMEM; + } + + memcpy(output, ret_char, ret_int); + + free(ret_char); + cJSON_Delete(res); + free(freeauth_configure); + return RET_IPINVALID; } diff --git a/Platform/user/configm/config-server/web_config/config-adm/user_authpara.c b/Platform/user/configm/config-server/web_config/config-adm/user_authpara.c index 5c969c15e..29a3bbc43 100644 --- a/Platform/user/configm/config-server/web_config/config-adm/user_authpara.c +++ b/Platform/user/configm/config-server/web_config/config-adm/user_authpara.c @@ -50,7 +50,7 @@ void mod_authpara(int port, int timehorizon, int failcount, int locktime, int ag if(ret == 0) { /* 存authpara表 默认值 */ - char *user1_authpara = "INSERT INTO `authparas` SET port = 8081, timehorizon = 1, failcount = 5, locktime = 10, aging_time = 10"; + char *user1_authpara = "INSERT INTO authparas SET port = 8081, timehorizon = 1, failcount = 5, locktime = 10, aging_time = 10"; int ret_addauthpara = update_database(AUTHRECOVER_DATABASE_ID, auth_hdbc, DB_OP_INSERT, AUTHPARA_TABLE, user1_authpara, 0); if(0 != ret_addauthpara) { @@ -61,7 +61,7 @@ void mod_authpara(int port, int timehorizon, int failcount, int locktime, int ag } - char *user_authpara = "UPDATE `authparas` SET port = ?, timehorizon = ?, failcount = ?, locktime = ?, aging_time = ?"; + char *user_authpara = "UPDATE authparas SET port = ?, timehorizon = ?, failcount = ?, locktime = ?, aging_time = ?"; ret = update_database(AUTHRECOVER_DATABASE_ID, auth_hdbc, DB_OP_UPDATE, AUTHPARA_TABLE, user_authpara, 5, DB_DATA_INT_TYPE, sizeof(port), port, DB_DATA_INT_TYPE, sizeof(timehorizon), timehorizon,