cmhi
/
secgateway
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Mod aaa-12 修改用户认证-配置管理 

RCA:
SOL:
修改人:chenling
检视人:
This commit is contained in:
ChenLing 2019-09-10 11:01:23 +08:00
parent 6aa6ee9e73
commit 8756177690
3 changed files with 353 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

182
Platform/user/configm/config-server/web_config/auth_parameters.c
View File

@ -305,36 +305,206 @@ ret_code authpara_config_mod_proc(uint source, uint config_type,
/*判断认证范围是否有效*/ /*判断认证范围是否有效*/
if((auth_parameters->timehorizon < HORIZON_MIN_VALUE) || (auth_parameters->timehorizon > HORIZON_MAX_VALUE)) { if((auth_parameters->timehorizon < HORIZON_MIN_VALUE) || (auth_parameters->timehorizon > HORIZON_MAX_VALUE)) {
free(auth_parameters); char *ret_char = NULL;
unsigned int ret_int = 0;
cJSON *res;
printf("timehorizon is not vaild\n"); printf("timehorizon is not vaild\n");
/*创建json对象 */
res = cJSON_CreateObject();
if(!res) {
ret = RET_ERR;
return ret;
}
/*将json对象转换成json字符串 返回处理结果*/
cJSON_AddNumberToObject(res, "resultcode", 1);
cJSON_AddStringToObject(res, "message", "timehorizon is not vaild");
ret_char = cJSON_PrintUnformatted(res);
ret_int = strlen(ret_char);
if(output_len) {
*output_len = ret_int + 1;
}
/*超出2k的内存报错 */
if(ret_int >= 1024 * 2) {
free(ret_char);
cJSON_Delete(res);
return RET_NOMEM;
}
memcpy(output, ret_char, ret_int);
free(auth_parameters);
free(ret_char);
cJSON_Delete(res);
return RET_INPUTERR; return RET_INPUTERR;
} }
/*判断认证失败次数是否有效*/ /*判断认证失败次数是否有效*/
if((auth_parameters->failcount < FAIL_MIN_NUM) || (auth_parameters->timehorizon > FAIL_MAX_NUM)) { if((auth_parameters->failcount < FAIL_MIN_NUM) || (auth_parameters->timehorizon > FAIL_MAX_NUM)) {
free(auth_parameters); char *ret_char = NULL;
unsigned int ret_int = 0;
cJSON *res;
printf("failcount is not vaild\n"); printf("failcount is not vaild\n");
/*创建json对象 */
res = cJSON_CreateObject();
if(!res) {
ret = RET_ERR;
return ret;
}
/*将json对象转换成json字符串 返回处理结果*/
cJSON_AddNumberToObject(res, "resultcode", 1);
cJSON_AddStringToObject(res, "message", "failcount is not vaild");
ret_char = cJSON_PrintUnformatted(res);
ret_int = strlen(ret_char);
if(output_len) {
*output_len = ret_int + 1;
}
/*超出2k的内存报错 */
if(ret_int >= 1024 * 2) {
free(ret_char);
cJSON_Delete(res);
return RET_NOMEM;
}
memcpy(output, ret_char, ret_int);
free(auth_parameters);
free(ret_char);
cJSON_Delete(res);
return RET_INPUTERR; return RET_INPUTERR;
} }
/*判断锁定次数是否有效*/ /*判断锁定次数是否有效*/
if((auth_parameters->locktime < LOCK_MIN_TIME) || (auth_parameters->locktime > LOCK_MAX_TIME)) { if((auth_parameters->locktime < LOCK_MIN_TIME) || (auth_parameters->locktime > LOCK_MAX_TIME)) {
free(auth_parameters); char *ret_char = NULL;
unsigned int ret_int = 0;
cJSON *res;
printf("locktime is not vaild\n"); printf("locktime is not vaild\n");
/*创建json对象 */
res = cJSON_CreateObject();
if(!res) {
ret = RET_ERR;
return ret;
}
/*将json对象转换成json字符串 返回处理结果*/
cJSON_AddNumberToObject(res, "resultcode", 1);
cJSON_AddStringToObject(res, "message", "locktime is not vaild");
ret_char = cJSON_PrintUnformatted(res);
ret_int = strlen(ret_char);
if(output_len) {
*output_len = ret_int + 1;
}
/*超出2k的内存报错 */
if(ret_int >= 1024 * 2) {
free(ret_char);
cJSON_Delete(res);
return RET_NOMEM;
}
memcpy(output, ret_char, ret_int);
free(auth_parameters);
free(ret_char);
cJSON_Delete(res);
return RET_INPUTERR; return RET_INPUTERR;
} }
/*判断老化时间是否有效*/ /*判断老化时间是否有效*/
if((auth_parameters->aging_time < AGINGTIME_MIN_NUM) || (auth_parameters->aging_time > AGINGTIME_MAX_NUM)) { if((auth_parameters->aging_time < AGINGTIME_MIN_NUM) || (auth_parameters->aging_time > AGINGTIME_MAX_NUM)) {
free(auth_parameters); char *ret_char = NULL;
unsigned int ret_int = 0;
cJSON *res;
printf("aging_time is not vaild\n"); printf("aging_time is not vaild\n");
/*创建json对象 */
res = cJSON_CreateObject();
if(!res) {
ret = RET_ERR;
return ret;
}
/*将json对象转换成json字符串 返回处理结果*/
cJSON_AddNumberToObject(res, "resultcode", 1);
cJSON_AddStringToObject(res, "message", "aging_time is not vaild");
ret_char = cJSON_PrintUnformatted(res);
ret_int = strlen(ret_char);
if(output_len) {
*output_len = ret_int + 1;
}
/*超出2k的内存报错 */
if(ret_int >= 1024 * 2) {
free(ret_char);
cJSON_Delete(res);
return RET_NOMEM;
}
memcpy(output, ret_char, ret_int);
free(auth_parameters);
free(ret_char);
cJSON_Delete(res);
return RET_INPUTERR; return RET_INPUTERR;
} }
/*校验端口号*/ /*校验端口号*/
if((auth_parameters->port < PARA_DPORT_MIN_NUM) || (auth_parameters->port > PARA_DPORT_MAX_NUM)) { if((auth_parameters->port < PARA_DPORT_MIN_NUM) || (auth_parameters->port > PARA_DPORT_MAX_NUM)) {
free(auth_parameters); char *ret_char = NULL;
unsigned int ret_int = 0;
cJSON *res;
printf("the port is error\n"); printf("the port is error\n");
/*创建json对象 */
res = cJSON_CreateObject();
if(!res) {
ret = RET_ERR;
return ret;
}
/*将json对象转换成json字符串 返回处理结果*/
cJSON_AddNumberToObject(res, "resultcode", 1);
cJSON_AddStringToObject(res, "message", "the port is error");
ret_char = cJSON_PrintUnformatted(res);
ret_int = strlen(ret_char);
if(output_len) {
*output_len = ret_int + 1;
}
/*超出2k的内存报错 */
if(ret_int >= 1024 * 2) {
free(ret_char);
cJSON_Delete(res);
return RET_NOMEM;
}
memcpy(output, ret_char, ret_int);
free(auth_parameters);
free(ret_char);
cJSON_Delete(res);
return RET_IPINVALID; return RET_IPINVALID;
} }
@ -355,7 +525,7 @@ ret_code authpara_config_mod_proc(uint source, uint config_type,
} }
cJSON_AddNumberToObject(port, "resultcode", 1); cJSON_AddNumberToObject(port, "resultcode", 1);
cJSON_AddStringToObject(port, "message", "mod failure"); cJSON_AddStringToObject(port, "message", "port occupied");
ret_port = cJSON_PrintUnformatted(port); ret_port = cJSON_PrintUnformatted(port);
port_int = strlen(ret_port); port_int = strlen(ret_port);

183
Platform/user/configm/config-server/web_config/authfree.c
View File

@ -44,7 +44,31 @@ int isIpV4Addr(const char *ipAddr)
} }
#endif #endif
/* 判断IPv4格式是否正确*/ /*判断ip地址是广播地址 255.255.255.255*/
int isBroadcastIpV4Addr(const char *ipAddr)
{
int ip_part_1 = 0;
int ip_part_2 = 0;
int ip_part_3 = 0;
int ip_part_4 = 0;
if((NULL == ipAddr) || (0 == strlen(ipAddr)))
{
return 1;
}
if(4 == sscanf(ipAddr,"%d.%d.%d.%d", &ip_part_1, &ip_part_2, &ip_part_3, &ip_part_4))
{
if((ip_part_1 = 255) &&(ip_part_2 = 255) &&
(ip_part_3 = 255) &&(ip_part_4 = 255))
{
return 0;
}
}
return 1;
}
int isIpV4Addr(const char *ipAddr) int isIpV4Addr(const char *ipAddr)
{ {
int ip_part_1 = 0; int ip_part_1 = 0;
@ -59,10 +83,10 @@ int isIpV4Addr(const char *ipAddr)
if(4 == sscanf(ipAddr,"%d.%d.%d.%d", &ip_part_1, &ip_part_2, &ip_part_3, &ip_part_4)) if(4 == sscanf(ipAddr,"%d.%d.%d.%d", &ip_part_1, &ip_part_2, &ip_part_3, &ip_part_4))
{ {
if((ip_part_1 >= 0) && (ip_part_1 < 255) && if((ip_part_1 >= 0) && (ip_part_1 <= 255) &&
(ip_part_2 >= 0) && (ip_part_2 < 255) && (ip_part_2 >= 0) && (ip_part_2 <= 255) &&
(ip_part_3 >= 0) && (ip_part_3 < 255) && (ip_part_3 >= 0) && (ip_part_3 <= 255) &&
(ip_part_4 >= 0) && (ip_part_4 < 255)) (ip_part_4 >= 0) && (ip_part_4 <= 255))
{ {
return 0; return 0;
} }
@ -484,19 +508,86 @@ ret_code freeauth_config_add_proc(uint source, uint config_type,
/* 校验用户名中不含特殊字符 */ /* 校验用户名中不含特殊字符 */
if(SPECHAR(freeauth_configure->name)) { if(SPECHAR(freeauth_configure->name)) {
free(freeauth_configure); char *ret_char = NULL;
unsigned int ret_int = 0;
cJSON *res;
printf("username 含有特殊字符\n"); printf("username 含有特殊字符\n");
/*创建json对象 */
res = cJSON_CreateObject();
if(!res) {
free(freeauth_configure);
return RET_ERR;
}
/*将json对象转换成json字符串 返回处理结果*/
cJSON_AddNumberToObject(res, "resultcode", 2);
cJSON_AddStringToObject(res, "message", "username 含有特殊字符");
ret_char = cJSON_PrintUnformatted(res);
ret_int = strlen(ret_char);
if(output_len) {
*output_len = ret_int + 1;
}
/*超出2k的内存报错 */
if(ret_int >= 1024 * 2) {
free(ret_char);
cJSON_Delete(res);
return RET_NOMEM;
}
memcpy(output, ret_char, ret_int);
free(ret_char);
cJSON_Delete(res);
free(freeauth_configure);
return RET_INPUTERR; return RET_INPUTERR;
} }
memset(str, 0, INET_ADDRSTRLEN); memset(str, 0, INET_ADDRSTRLEN);
inet_ntop(AF_INET,&freeauth_configure->sip, str, sizeof(str)); inet_ntop(AF_INET,&freeauth_configure->sip, str, sizeof(str));
printf("%s\n", str);
printf("%s\n", str);
/*校验源ip地址*/ /*校验源ip地址*/
if(1 == isIpV4Addr(str)) { if((1 == isIpV4Addr(str)) || (0 == isBroadcastIpV4Addr(str)) ) {
free(freeauth_configure); char *ret_char = NULL;
unsigned int ret_int = 0;
cJSON *res;
printf("sip is not vaild\n"); printf("sip is not vaild\n");
/*创建json对象 */
res = cJSON_CreateObject();
if(!res) {
free(freeauth_configure);
return RET_ERR;
}
/*将json对象转换成json字符串 返回处理结果*/
cJSON_AddNumberToObject(res, "resultcode", 2);
cJSON_AddStringToObject(res, "message", "sip is not vaild");
ret_char = cJSON_PrintUnformatted(res);
ret_int = strlen(ret_char);
if(output_len) {
*output_len = ret_int + 1;
}
/*超出2k的内存报错 */
if(ret_int >= 1024 * 2) {
free(ret_char);
cJSON_Delete(res);
return RET_NOMEM;
}
memcpy(output, ret_char, ret_int);
free(ret_char);
cJSON_Delete(res);
free(freeauth_configure);
return RET_INPUTERR; return RET_INPUTERR;
} }
@ -504,16 +595,84 @@ ret_code freeauth_config_add_proc(uint source, uint config_type,
inet_ntop(AF_INET,&freeauth_configure->dip, dtr, sizeof(dtr)); inet_ntop(AF_INET,&freeauth_configure->dip, dtr, sizeof(dtr));
/*校验目的ip地址*/ /*校验目的ip地址*/
if(1 == isIpV4Addr(dtr)) { if((1 == isIpV4Addr(dtr)) || (0 == isBroadcastIpV4Addr(dtr))) {
char *ret_char = NULL;
unsigned int ret_int = 0;
cJSON *res;
printf("dip is not vaild\n");
/*创建json对象 */
res = cJSON_CreateObject();
if(!res) {
free(freeauth_configure);
return RET_ERR;
}
/*将json对象转换成json字符串 返回处理结果*/
cJSON_AddNumberToObject(res, "resultcode", 2);
cJSON_AddStringToObject(res, "message", "dip is not vaild");
ret_char = cJSON_PrintUnformatted(res);
ret_int = strlen(ret_char);
if(output_len) {
*output_len = ret_int + 1;
}
/*超出2k的内存报错 */
if(ret_int >= 1024 * 2) {
free(ret_char);
cJSON_Delete(res);
return RET_NOMEM;
}
memcpy(output, ret_char, ret_int);
free(ret_char);
cJSON_Delete(res);
free(freeauth_configure); free(freeauth_configure);
printf("dip is not vaild\n");
return RET_INPUTERR; return RET_INPUTERR;
} }
/*校验端口号*/ /*校验端口号*/
if((freeauth_configure->dport < DPORT_MIN_NUM) || (freeauth_configure->dport > DPORT_MAX_NUM)) { if((freeauth_configure->dport < DPORT_MIN_NUM) || (freeauth_configure->dport > DPORT_MAX_NUM)) {
free(freeauth_configure); char *ret_char = NULL;
unsigned int ret_int = 0;
cJSON *res;
printf("the port is not vaild\n"); printf("the port is not vaild\n");
/*创建json对象 */
res = cJSON_CreateObject();
if(!res) {
free(freeauth_configure);
return RET_ERR;
}
/*将json对象转换成json字符串 返回处理结果*/
cJSON_AddNumberToObject(res, "resultcode", 2);
cJSON_AddStringToObject(res, "message", "port is not vaild");
ret_char = cJSON_PrintUnformatted(res);
ret_int = strlen(ret_char);
if(output_len) {
*output_len = ret_int + 1;
}
/*超出2k的内存报错 */
if(ret_int >= 1024 * 2) {
free(ret_char);
cJSON_Delete(res);
return RET_NOMEM;
}
memcpy(output, ret_char, ret_int);
free(ret_char);
cJSON_Delete(res);
free(freeauth_configure);
return RET_IPINVALID; return RET_IPINVALID;
} }

4
Platform/user/configm/config-server/web_config/config-adm/user_authpara.c
View File

@ -50,7 +50,7 @@ void mod_authpara(int port, int timehorizon, int failcount, int locktime, int ag
if(ret == 0) if(ret == 0)
{ {
/* 存authpara表 默认值 */ /* 存authpara表 默认值 */
char *user1_authpara = "INSERT INTO `authparas` SET port = 8081, timehorizon = 1, failcount = 5, locktime = 10, aging_time = 10"; char *user1_authpara = "INSERT INTO authparas SET port = 8081, timehorizon = 1, failcount = 5, locktime = 10, aging_time = 10";
int ret_addauthpara = update_database(AUTHRECOVER_DATABASE_ID, auth_hdbc, DB_OP_INSERT, AUTHPARA_TABLE, user1_authpara, 0); int ret_addauthpara = update_database(AUTHRECOVER_DATABASE_ID, auth_hdbc, DB_OP_INSERT, AUTHPARA_TABLE, user1_authpara, 0);
if(0 != ret_addauthpara) if(0 != ret_addauthpara)
{ {
@ -61,7 +61,7 @@ void mod_authpara(int port, int timehorizon, int failcount, int locktime, int ag
} }
char *user_authpara = "UPDATE `authparas` SET port = ?, timehorizon = ?, failcount = ?, locktime = ?, aging_time = ?"; char *user_authpara = "UPDATE authparas SET port = ?, timehorizon = ?, failcount = ?, locktime = ?, aging_time = ?";
ret = update_database(AUTHRECOVER_DATABASE_ID, auth_hdbc, DB_OP_UPDATE, AUTHPARA_TABLE, user_authpara, 5, ret = update_database(AUTHRECOVER_DATABASE_ID, auth_hdbc, DB_OP_UPDATE, AUTHPARA_TABLE, user_authpara, 5,
DB_DATA_INT_TYPE, sizeof(port), port, DB_DATA_INT_TYPE, sizeof(port), port,
DB_DATA_INT_TYPE, sizeof(timehorizon), timehorizon, DB_DATA_INT_TYPE, sizeof(timehorizon), timehorizon,