cmhi
/
secgateway
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Mod aaa-12 修改lighttpd中web_portal、web_redirect模块,添加redirect模块的配置文件 

RCA:
SOL:
修改人:chenling
检视人:
This commit is contained in:
ChenLing 2019-09-05 15:21:20 +08:00
parent 23e3492855
commit 9282406399
7 changed files with 850 additions and 245 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
libs/files/lighttpd/config/portal_modules.conf
View File

@ -40,7 +40,8 @@
##
server.modules = (
"mod_webm",
"mod_portal",
# "mod_webm",
# "mod_access",
# "mod_alias",
# "mod_auth",

155
libs/files/lighttpd/config/redirect.conf Normal file
View File

@ -0,0 +1,155 @@
#var.log_root = "/home/cmhi/secogateway/libs/files/lighttpd/log"
var.server_root = "/home/cmhi/secogateway/libs/files/lighttpd"
#var.state_dir = "/home/cmhi/secogateway/libs/files/lighttpd"
#var.home_dir = "/home/cmhi/secogateway/libs/files/lighttpd"
#var.conf_dir = "/home/cmhi/secogateway/libs/files/lighttpd/config"
var.log_root = server_root + "/portal_log"
var.state_dir = server_root
var.home_dir = server_root
var.conf_dir = server_root + "/config"
var.vhosts_dir = server_root + "/portal_vhosts"
var.cache_dir = server_root + "/portal_cache"
var.socket_dir = home_dir + "/portal_sockets"
include "redirect_modules.conf"
server.port = 8082
server.use-ipv6 = "disable"
#server.username = "lighttpd"
#server.groupname = "lighttpd"
server.document-root = server_root + "/portal_webpages"
server.pid-file = state_dir + "/portal_lighttpd.pid"
server.errorlog = log_root + "/error.log"
include "conf.d/access_log.conf"
include "conf.d/debug.conf"
server.event-handler = "linux-sysepoll"
##
## The basic network interface for all platforms at the syscalls read()
## and write(). Every modern OS provides its own syscall to help network
## servers transfer files as fast as possible
##
## sendfile - is recommended for small files.
## writev - is recommended for sending many large files
##
server.network-backend = "sendfile"
server.max-fds = 2048
server.stat-cache-engine = "simple"
server.max-connections = 1024
index-file.names += (
"index.xhtml", "index.html", "index.htm", "default.htm", "index.php"
)
url.access-deny = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi", ".scgi" )
include "conf.d/mime.conf"
include "conf.d/dirlisting.conf"
server.follow-symlink = "enable"
server.upload-dirs = ( server_root + "/portal_upload" )
#######################################################################
##
## SSL Support
## -------------
##
## To enable SSL for the whole server you have to provide a valid
## certificate and have to enable the SSL engine.::
##
## ssl.engine = "enable"
## ssl.pemfile = "/path/to/server.pem"
##
## The HTTPS protocol does not allow you to use name-based virtual
## hosting with SSL. If you want to run multiple SSL servers with
## one lighttpd instance you must use IP-based virtual hosting: ::
##
## Mitigate CVE-2009-3555 by disabling client triggered renegotation
## This is enabled by default.
##
## IMPORTANT: this setting can only be used in the global scope.
## It does *not* work inside conditionals
##
# ssl.disable-client-renegotiation = "enable"
##
## $SERVER["socket"] == "10.0.0.1:443" {
## ssl.engine = "enable"
## ssl.pemfile = "/etc/ssl/private/www.example.com.pem"
## #
## # (Following SSL/TLS Deployment Best Practices 1.3 / 17 September 2013 from:
## # https://www.ssllabs.com/projects/best-practices/index.html)
## # - BEAST is considered mitigaed on client side now, and new weaknesses have been found in RC4,
## # so it is strongly advised to disable RC4 ciphers (HIGH doesn't include RC4)
## # - It is recommended to disable 3DES too (although disabling RC4 and 3DES breaks IE6+8 on Windows XP,
## # so you might want to support 3DES for now - just remove the '!3DES' parts below).
## # - The examples below prefer ciphersuites with "Forward Secrecy" (and ECDHE over DHE (alias EDH)), remove '+kEDH +kRSA'
## # if you don't want that.
## # - SRP and PSK are not supported anyway, excluding those ('!kSRP !kPSK') just keeps the list smaller (easier to review)
## # Check your cipher list with: openssl ciphers -v '...' (use single quotes as your shell won't like ! in double quotes)
## #
## # If you know you have RSA keys (standard), you can use:
## ssl.cipher-list = "aRSA+HIGH !3DES +kEDH +kRSA !kSRP !kPSK"
## # The more generic version (without the restriction to RSA keys) is
## # ssl.cipher-list = "HIGH !aNULL !3DES +kEDH +kRSA !kSRP !kPSK"
## #
## # Make the server prefer the order of the server side cipher suite instead of the client suite.
## # This option is enabled by default, but only used if ssl.cipher-list is set.
## #
## # ssl.honor-cipher-order = "enable"
## #
## server.name = "www.example.com"
##
## server.document-root = "/srv/www/vhosts/example.com/www/"
## }
##
## If you have a .crt and a .key file, cat them together into a
## single PEM file:
## $ cat /etc/ssl/private/lighttpd.key /etc/ssl/certs/lighttpd.crt \
## > /etc/ssl/private/lighttpd.pem
##
#ssl.pemfile = "/etc/ssl/private/lighttpd.pem"
##
## optionally pass the CA certificate here.
##
##
#ssl.ca-file = ""
##
## and the CRL revocation list here.
##
##
#ssl.ca-crl-file = ""
##
#######################################################################

180
libs/files/lighttpd/config/redirect_modules.conf Normal file
View File

@ -0,0 +1,180 @@
#######################################################################
##
## Modules to load
## -----------------
##
## at least mod_access and mod_accesslog should be loaded
## all other module should only be loaded if really neccesary
##
## - saves some time
## - saves memory
##
## the default module set contains:
##
## "mod_indexfile", "mod_dirlisting", "mod_staticfile"
##
## you dont have to include those modules in your list
##
## Modules, which are pulled in via conf.d/*.conf
##
## NOTE: the order of modules is important.
##
## - mod_accesslog -> conf.d/access_log.conf
## - mod_compress -> conf.d/compress.conf
## - mod_status -> conf.d/status.conf
## - mod_webdav -> conf.d/webdav.conf
## - mod_cml -> conf.d/cml.conf
## - mod_evhost -> conf.d/evhost.conf
## - mod_simple_vhost -> conf.d/simple_vhost.conf
## - mod_mysql_vhost -> conf.d/mysql_vhost.conf
## - mod_trigger_b4_dl -> conf.d/trigger_b4_dl.conf
## - mod_userdir -> conf.d/userdir.conf
## - mod_rrdtool -> conf.d/rrdtool.conf
## - mod_ssi -> conf.d/ssi.conf
## - mod_cgi -> conf.d/cgi.conf
## - mod_scgi -> conf.d/scgi.conf
## - mod_fastcgi -> conf.d/fastcgi.conf
## - mod_proxy -> conf.d/proxy.conf
## - mod_secdownload -> conf.d/secdownload.conf
## - mod_expire -> conf.d/expire.conf
##
server.modules = (
# "mod_portal",
# "mod_webm",
# "mod_access",
# "mod_alias",
# "mod_auth",
# "mod_authn_file",
# "mod_evasive",
"mod_redirect",
# "mod_rewrite",
# "mod_setenv",
# "mod_usertrack",
)
##
#######################################################################
#######################################################################
##
## Config for various Modules
##
##
## mod_geoip
##
#include "conf.d/geoip.conf"
##
## mod_ssi
##
#include "conf.d/ssi.conf"
##
## mod_status
##
#include "conf.d/status.conf"
##
## mod_webdav
##
#include "conf.d/webdav.conf"
##
## mod_compress
##
#include "conf.d/compress.conf"
##
## mod_userdir
##
#include "conf.d/userdir.conf"
##
## mod_magnet
##
#include "conf.d/magnet.conf"
##
## mod_cml
##
#include "conf.d/cml.conf"
##
## mod_rrdtool
##
#include "conf.d/rrdtool.conf"
##
## mod_proxy
##
#include "conf.d/proxy.conf"
##
## mod_expire
##
#include "conf.d/expire.conf"
##
## mod_secdownload
##
#include "conf.d/secdownload.conf"
##
#######################################################################
#######################################################################
##
## CGI modules
##
##
## SCGI (mod_scgi)
##
#include "conf.d/scgi.conf"
##
## FastCGI (mod_fastcgi)
##
#include "conf.d/fastcgi.conf"
##
## plain old CGI (mod_cgi)
##
#include "conf.d/cgi.conf"
##
#######################################################################
#######################################################################
##
## VHost Modules
##
## Only load ONE of them!
## ========================
##
##
## You can use conditionals for vhosts aswell.
##
## see https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_Configuration
##
##
## mod_evhost
##
#include "conf.d/evhost.conf"
##
## mod_simple_vhost
##
#include "conf.d/simple_vhost.conf"
##
## mod_mysql_vhost
##
#include "conf.d/mysql_vhost.conf"
##
#######################################################################

666
libs/src/lighttpd-1.4.51/src/mod_portal.c
View File

@ -12,10 +12,16 @@
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
#include <sys/socket.h>
#include "user_auth.h"
#include "arpa/inet.h"
#include "unistd.h"
#include "stddef.h"
#include "/usr/include/x86_64-linux-gnu/sys/socket.h"
#define USERNAME_MAXLEN 65
#define PASSWORD_MAXLEN 25
#define LISTENQ 1024
typedef void* pointer;
@ -56,13 +62,18 @@ typedef struct user_auth_ret
} USER_AUTH_RET;
#endif
typedef struct {
char username[32]; /*用户名*/
uint32_t userip; /*用户IP*/
time_t login_time; /*用户登录时间*/
time_t remain_time; /*剩余实际*/
}USERDATA;
/*输出函数结构体 */
typedef struct {
auth_ret resultcode;
char *message; /*返回描述用指针表示数组 */
time_t remain_lock_time; /*锁定剩余时间 */
int js_location; /*0 location*/
char *location_url;
char message[60]; /*返回描述用指针表示数组 */
USERDATA data; /*返回的数据内容*/
}RESULT;
/*函数指针*/
@ -122,9 +133,9 @@ INIT_FUNC(mod_portal_init) {
mod_portal_plugin_data *p;
p = calloc(1, sizeof(*p));
Init_hash(); /*初始化hash表 */
return p;
}
/*认证模块释放*/
@ -140,19 +151,211 @@ FREE_FUNC(mod_portal_free) {
}
/*认证模块处理函数*/
static handler_t mod_portal_uri_handler(server *srv, connection *con, void* p_d)
/*通过fd获取对端和远端的IP地址*/
void get_local_peer_ip(int listenfd, uint32_t *serverip, uint32_t *clientip)
{
struct sockaddr_in listendAddr, connectedAddr, peerAddr;//分别表示监听的地址,连接的本地地址,连接的对端地址
socklen_t peerLen;
char ipAddr[INET_ADDRSTRLEN];//保存点分十进制的地址
listen(listenfd, LISTENQ);
socklen_t listendAddrLen = sizeof(listendAddr);
getsockname(listenfd, (struct sockaddr *)&listendAddr, &listendAddrLen);//获取监听的地址和端口
printf("listen address = %s:%d\n", inet_ntoa(listendAddr.sin_addr), ntohs(listendAddr.sin_port));
socklen_t connectedAddrLen = sizeof(connectedAddr);
getsockname(listenfd, (struct sockaddr *)&connectedAddr, &connectedAddrLen);//获取connfd表示的连接上的本地地址(服务端的地址)
printf("connected server address = %s:%d\n", inet_ntoa(connectedAddr.sin_addr), ntohs(connectedAddr.sin_port));
*serverip = connectedAddr.sin_addr.s_addr;
getpeername(listenfd, (struct sockaddr *)&peerAddr, &peerLen); //获取connfd表示的连接上的对端地址(客户端的地址)
printf("connected peer address = %s:%d\n", inet_ntop(AF_INET, &peerAddr.sin_addr, ipAddr, sizeof(ipAddr)), ntohs(peerAddr.sin_port));
*clientip = peerAddr.sin_addr.s_addr;
return;
}
/*post 先判断用户是否认证过*/
/*用户认证过-返回resultcode=0 message data(username、user_ip、login_time)*/
/*用户未认证通过-返回resultcode=1 message data(null)*/
static handler_t judge_user_auth(server *srv, connection *con, void* p_d)
{
p_d = p_d;
USER_INFO *uinfo;
cJSON *cjson;
cJSON *uip;
uint32_t ip;
RESULT *uresult;
uresult = ( RESULT *)malloc(sizeof(RESULT));
if(NULL == uresult)
{
return HANDLER_ERROR;
}
log_error_write(srv, __FILE__, __LINE__, "s","test");
/*get payload*/
handler_t result = connection_handle_read_post_state(srv, con);
log_error_write(srv, __FILE__, __LINE__, "sd","test", result);
if (result != HANDLER_GO_ON)
{
return result ;
}
log_error_write(srv, __FILE__, __LINE__, "s","test");
buffer *b = buffer_init();
chunkqueue *dst_cq = con->request_content_queue;
chunk *c = dst_cq->first;
if (NULL == c)
{
return HANDLER_ERROR;
}
while(c != NULL)
{
buffer_append_string(b, c->mem->ptr + c->offset);
c = c->next;
}
log_error_write(srv, __FILE__, __LINE__, "sb","test",b);
/*JSON字符串到JSON格式 */
cjson = cJSON_Parse(b->ptr);
if(!cjson)
{
return HANDLER_ERROR;
}
/*get userip */
uip = cJSON_GetObjectItem(cjson , "user_ip");
if(!uip)
{
return HANDLER_ERROR;
}
ip = uip->valueint;
log_error_write(srv, __FILE__, __LINE__, "sd", "test", ip);
/*通过用户IP判断用户是否认证通过*/
uinfo = ufind_user(ip);
if (NULL == uinfo)
{
cJSON *res;
const char *result_str;
char *messgae = "the user is not authenticated";
#if 0
result->data.login_time = 0;
result->data.userip = 0;
strncpy(result->data.username, "", 32);
#endif
uresult->resultcode = 0; /*表示用户未认证成功*/
strncpy(uresult->message, messgae, 60);
/*创建json对象*/
res = cJSON_CreateObject();
if(!res) return HANDLER_ERROR;
cJSON_AddNumberToObject(res, "resultcode", uresult->resultcode);
cJSON_AddStringToObject(res, "message", uresult->message);
cJSON_AddStringToObject(res, "data", "");
log_error_write(srv, __FILE__, __LINE__, "s","test");
/*json对象转换为json字符串*/
result_str = cJSON_PrintUnformatted(res);
buffer *result_info = buffer_init();
result_info = buffer_init_string(result_str);
chunkqueue_append_buffer(con->write_queue, result_info);
buffer_free(result_info);
con->http_status = 200;
con->file_finished = 1;
cJSON_Delete(res);
return HANDLER_FINISHED;
}
else
{
cJSON *res;
cJSON *data;
char *ret_char = NULL;
char *result_str = NULL;
char *messgae = "the user is authenticated";
time_t tmpcal_ptr;
log_error_write(srv, __FILE__, __LINE__, "s","test");
/*创建json对象*/
data = cJSON_CreateObject();
if(!data)
{
return HANDLER_ERROR;
}
/*给data内容赋值认证成功给前端返回用户名、用户IP、当前登录时间*/
time(&tmpcal_ptr);
log_error_write(srv, __FILE__, __LINE__, "d", tmpcal_ptr);
uresult->data.login_time = tmpcal_ptr;
uresult->data.userip = ip;
strncpy(uresult->data.username, uinfo->auth_user.user_name, 32);
cJSON_AddStringToObject(data, "username", uresult->data.username);
cJSON_AddNumberToObject(data, "userip", uresult->data.userip);
cJSON_AddNumberToObject(data, "login_time", uresult->data.login_time);
ret_char = cJSON_PrintUnformatted(data);
/*创建json对象*/
res = cJSON_CreateObject();
if(!res) return HANDLER_ERROR;
uresult->resultcode = 1; /*表示用户已经认证成功*/
strncpy(uresult->message, messgae, 60); /*用户已经认证通过*/
cJSON_AddNumberToObject(res, "resultcode", uresult->resultcode);
cJSON_AddStringToObject(res, "message", uresult->message);
cJSON_AddStringToObject(res, "data", ret_char);
log_error_write(srv, __FILE__, __LINE__, "s","test");
/*json对象转换为json字符串*/
result_str = cJSON_PrintUnformatted(res);
buffer *result_info = buffer_init();
result_info = buffer_init_string(result_str);
chunkqueue_append_buffer(con->write_queue, result_info);
buffer_free(result_info);
con->http_status = 200;
con->file_finished = 1;
cJSON_Delete(res);
cJSON_Delete(data);
return HANDLER_FINISHED;
}
cJSON_Delete(cjson);
cJSON_Delete(uip);
return HANDLER_FINISHED;
}
/*判断用户名和密码是否正确*/
static handler_t judge_account_pwd(server *srv, connection *con, void* p_d)
{
p_d = p_d;
//mod_portal_plugin_data *p = p_d;
cJSON *cjson;
USER_AUTH_RET *resultinfo;
char *account = NULL;
char *pwd = NULL;
Init_hash(); /*初始化hash表放在配置恢复处 */
uint32_t client_ip=10001; /*解析报文拿到用户IP */
char *pwd = NULL;
RESULT *uresult;
uint32_t serverip = 0;
uint32_t clientip = 0;
get_local_peer_ip(con->fd, &serverip, &clientip);
log_error_write(srv, __FILE__, __LINE__, "s","test");
RESULT *uresult;
uresult = ( RESULT *)malloc(sizeof(RESULT));
if(NULL == uresult)
{
@ -164,215 +367,117 @@ static handler_t mod_portal_uri_handler(server *srv, connection *con, void* p_d)
{
return HANDLER_ERROR;
}
/*method=getreturn HANDLER_GO_ON*/
if(con->request.http_method == HTTP_METHOD_GET)
{
USER_INFO *uinfo;
uinfo = (USER_INFO *)malloc(sizeof(USER_INFO));
if (NULL == uinfo)
{
return HANDLER_ERROR;
}
if (0 == strcmp(con->uri.path->ptr, "/ISG-authsuccess"))
{
ufind_user(client_ip, uinfo);
if (NULL == uinfo)
{
buffer *return_info = buffer_init();
return_info = buffer_init_string("<script type=\"text/javascript\">top.location.href='http://1.1.1.1:8080/ISG-auth';</script>");
chunkqueue_append_buffer(con->write_queue, return_info);
buffer_free(return_info);
con->http_status = 200;
con->file_finished = 1;
return HANDLER_FINISHED;
}
}
else if (0 == strcmp(con->uri.path->ptr, "/ISG-auth"))
{
ufind_user(client_ip, uinfo);
if (NULL != uinfo)
{
buffer *return_info = buffer_init();
return_info = buffer_init_string("<script type=\"text/javascript\">top.location.href='http://1.1.1.1:8080/ISG-authsuccess';</script>");
chunkqueue_append_buffer(con->write_queue, return_info);
buffer_free(return_info);
con->http_status = 200;
con->file_finished = 1;
return HANDLER_FINISHED;
}
}
return HANDLER_GO_ON;
/*get payload*/
handler_t result = connection_handle_read_post_state(srv, con);
if (result != HANDLER_GO_ON)
{
return result;
}
log_error_write(srv, __FILE__, __LINE__, "s","test");
buffer *b = buffer_init();
chunkqueue *dst_cq = con->request_content_queue;
chunk *c = dst_cq->first;
if (NULL == c) return HANDLER_ERROR;
while(c != NULL)
{
buffer_append_string(b, c->mem->ptr + c->offset);
c = c->next;
}
log_error_write(srv, __FILE__, __LINE__, "sb","test",b);
/*JSON字符串到JSON格式 */
cjson = cJSON_Parse(b->ptr);
if(!cjson)
{
return HANDLER_ERROR;
}
/*get username */
cJSON *uitem = cJSON_GetObjectItem(cjson , "account");
if(!uitem)
{
return HANDLER_ERROR;
}
/*method=post handle*/
if(con->request.http_method == HTTP_METHOD_POST)
{
/*get payload*/
handler_t result = connection_handle_read_post_state(srv, con);
if (result != HANDLER_GO_ON) return result ;
account= uitem->valuestring;
log_error_write(srv, __FILE__, __LINE__, "ss","test",account);
log_error_write(srv, __FILE__, __LINE__, "s","test");
if( strlen(account) > USERNAME_MAXLEN )
{
cJSON_Delete(uitem);
cJSON_Delete(cjson);
free(account);
return HANDLER_ERROR;
}
buffer *b = buffer_init();
chunkqueue *dst_cq = con->request_content_queue;
chunk *c = dst_cq->first;
if (NULL == c) return HANDLER_ERROR;
while(c != NULL)
{
buffer_append_string(b, c->mem->ptr + c->offset);
c = c->next;
}
log_error_write(srv, __FILE__, __LINE__, "sb","test",b);
/*JSON字符串到JSON格式 */
cjson = cJSON_Parse(b->ptr);
if(!cjson)
{
return HANDLER_ERROR;
}
/*get username */
cJSON *uitem = cJSON_GetObjectItem(cjson , "account");
if(!uitem)
{
return HANDLER_ERROR;
}
account= uitem->valuestring;
log_error_write(srv, __FILE__, __LINE__, "ss","test",account);
if( strlen(account) > USERNAME_MAXLEN )
{
cJSON_Delete(uitem);
cJSON_Delete(cjson);
free(account);
return HANDLER_ERROR;
}
/*get password */
cJSON *pitem = cJSON_GetObjectItem(cjson , "pwd");
if(!pitem)
{
return HANDLER_ERROR;
}
/*get password */
cJSON *pitem = cJSON_GetObjectItem(cjson , "pwd");
if(!pitem)
{
return HANDLER_ERROR;
}
pwd =pitem->valuestring;
log_error_write(srv, __FILE__, __LINE__, "ss","test",pwd);
if( strlen(pwd) > PASSWORD_MAXLEN )
{
cJSON_Delete(pitem);
cJSON_Delete(cjson);
free(pwd);
return HANDLER_ERROR;
}
pwd =pitem->valuestring;
log_error_write(srv, __FILE__, __LINE__, "ss","test",pwd);
if( strlen(pwd) > PASSWORD_MAXLEN )
{
cJSON_Delete(cjson);
cJSON_Delete(pitem);
free(pwd);
return HANDLER_ERROR;
}
log_error_write(srv, __FILE__, __LINE__, "s","test");
log_error_write(srv, __FILE__, __LINE__, "s","test");
/*调用认证接口函数 */
user_auth_login(account, pwd, resultinfo);
//resultinfo->ret = AUTH_SUCCESS;
/*调用认证接口函数 */
user_auth_login(account, pwd, resultinfo);
/*auth success*/
if(resultinfo->ret == AUTH_SUCCESS)
{
cJSON *res;
cJSON *data;
char *ret_char;
const char *result_str;
time_t tmpcal_ptr;
#if 0
if ( p->portal_cfg_exec)
{
p->portal_cfg_exec(account, pwd, resultinfo);
}
#endif
//resultinfo->ret = AUTH_SUCCESS;
log_error_write(srv, __FILE__, __LINE__, "s","test");
/*auth success*/
if (resultinfo->ret == AUTH_SUCCESS)
{
cJSON *res;
const char *result_str;
log_error_write(srv, __FILE__, __LINE__, "s","test");
/*auth success-用户信息保存在本地IP监测表*/
/*获取下行报文数、字节数、在线时间*/
uadd_user(client_ip, account, resultinfo->user_id, resultinfo->group_id, 100, 100, 100);
uprintf_users();
/*auth success-用户信息保存在本地IP监测表*/
/*获取下行报文数、字节数、在线时间 目前设置默认值为0*/
uadd_user(clientip, account, resultinfo->user_id, resultinfo->group_id, 0, 0, 0);
uprintf_users();
uresult->resultcode = resultinfo->ret;
uresult->remain_lock_time = 0;
uresult->message = mes[resultinfo->ret];
uresult->js_location = 0;
uresult->location_url = "<script type=\"text/javascript\">top.location.href='http://1.1.1.1:8080/ISG-authsuccess';</script>";
printf("resultcode:%d remain_lock_time:%ld message:%s\n",uresult->resultcode,
uresult->remain_lock_time, uresult->message );
log_error_write(srv, __FILE__, __LINE__, "s","test");
/*创建json对象*/
res = cJSON_CreateObject();
if(!res) return HANDLER_ERROR;
cJSON_AddNumberToObject(res, "resultcode", uresult->resultcode);
cJSON_AddStringToObject(res, "message", uresult->message);
cJSON_AddNumberToObject(res, "remain_lock_time", uresult->remain_lock_time);
cJSON_AddNumberToObject(res, "js_location", uresult->js_location);
cJSON_AddStringToObject(res, "location_url", uresult->location_url);
/*创建json对象*/
data = cJSON_CreateObject();
if(!data)
{
return HANDLER_ERROR;
}
log_error_write(srv, __FILE__, __LINE__, "s","test");
/*json对象转换为json字符串*/
result_str = cJSON_PrintUnformatted(res);
buffer *result_info = buffer_init();
result_info = buffer_init_string(result_str);
chunkqueue_append_buffer(con->write_queue, result_info);
buffer_free(result_info);
con->http_status = 200;
con->file_finished = 1;
cJSON_Delete(cjson);
cJSON_Delete(res);
return HANDLER_FINISHED;
#if 0
/*1.跳转到认证成功界面*/
buffer *return_info = buffer_init();
return_info = buffer_init_string("<script type=\"text/javascript\">top.location.href='http://1.1.1.1:8080/ISG-authsuccess';</script>");
chunkqueue_append_buffer(con->write_queue, return_info);
buffer_free(return_info);
/*2.跳转到认证之间的界面 con->request.http.host*/
/*<script type="text/javascript">
char *page = con->request.http_host.ptr;
printf("page url:%s\n", page);
window.location = *page;
</script>*/
#endif
log_error_write(srv, __FILE__, __LINE__, "s","test");
}
/*给data内容赋值认证成功给前端返回用户名、用户IP、当前登录时间*/
time(&tmpcal_ptr);
log_error_write(srv, __FILE__, __LINE__, "d", tmpcal_ptr);
uresult->data.login_time = tmpcal_ptr;
uresult->data.userip =clientip; /*拿到客户端IP地址*/
strncpy(uresult->data.username, account, 32);
/*认证锁定*/
if (resultinfo->ret == AUTH_FAIL_LOCK)
{
log_error_write(srv, __FILE__, __LINE__, "s","test");
cJSON *res;
const char *result_str;
uresult->resultcode = resultinfo->ret;
uresult->remain_lock_time = resultinfo->remain_lock_time;
uresult->message = mes[resultinfo->ret];
uresult->js_location = 1;
uresult->location_url = "NULL";
printf("resultcode:%d remain_lock_time:%ld message:%s\n",uresult->resultcode,
uresult->remain_lock_time, uresult->message );
cJSON_AddStringToObject(data, "username", uresult->data.username);
cJSON_AddNumberToObject(data, "userip", uresult->data.userip);
cJSON_AddNumberToObject(data, "login_time", uresult->data.login_time);
ret_char = cJSON_PrintUnformatted(data);
uresult->resultcode = resultinfo->ret;; /*表示用户未认证成功*/
strncpy(uresult->message, mes[resultinfo->ret], 60);
//uresult->message = mes[resultinfo->ret];
/*创建json对象*/
res = cJSON_CreateObject();
@ -380,9 +485,74 @@ static handler_t mod_portal_uri_handler(server *srv, connection *con, void* p_d)
cJSON_AddNumberToObject(res, "resultcode", uresult->resultcode);
cJSON_AddStringToObject(res, "message", uresult->message);
cJSON_AddNumberToObject(res, "remain_lock_time", uresult->remain_lock_time);
cJSON_AddNumberToObject(res, "js_location", uresult->js_location);
cJSON_AddStringToObject(res, "location_url", uresult->location_url);
cJSON_AddStringToObject(res, "data", ret_char);
log_error_write(srv, __FILE__, __LINE__, "s","test");
/*json对象转换为json字符串*/
result_str = cJSON_PrintUnformatted(res);
buffer *result_info = buffer_init();
result_info = buffer_init_string(result_str);
chunkqueue_append_buffer(con->write_queue, result_info);
buffer_free(result_info);
con->http_status = 200;
con->file_finished = 1;
cJSON_Delete(cjson);
cJSON_Delete(res);
cJSON_Delete(data);
return HANDLER_FINISHED;
#if 0
/*1.跳转到认证成功界面*/
buffer *return_info = buffer_init();
return_info = buffer_init_string("<script type=\"text/javascript\">top.location.href='http://1.1.1.1:8080/ISG-authsuccess';</script>");
chunkqueue_append_buffer(con->write_queue, return_info);
buffer_free(return_info);
/*2.跳转到认证之间的界面 con->request.http.host*/
/*<script type="text/javascript">
char *page = con->request.http_host.ptr;
printf("page url:%s\n", page);
window.location = *page;
</script>*/
#endif
log_error_write(srv, __FILE__, __LINE__, "s","test");
}
else if(resultinfo->ret == AUTH_FAIL_LOCK) /*用户锁定*/
{
log_error_write(srv, __FILE__, __LINE__, "s","test");
cJSON *res;
cJSON *data;
char *ret_char = NULL;
const char *result_str;
/*创建json对象*/
data = cJSON_CreateObject();
if(!data)
{
return HANDLER_ERROR;
}
uresult->data.remain_time = resultinfo->remain_lock_time;
cJSON_AddNumberToObject(data, "remain_lock_time", uresult->data.remain_time);
ret_char = cJSON_PrintUnformatted(data);
uresult->resultcode = resultinfo->ret;; /*表示用户未认证锁定*/
strncpy(uresult->message, mes[resultinfo->ret], 60);
printf("resultcode:%d remain_lock_time:%ld message:%s\n",uresult->resultcode,
uresult->data.remain_time, uresult->message );
/*创建json对象*/
res = cJSON_CreateObject();
if(!res) return HANDLER_ERROR;
cJSON_AddNumberToObject(res, "resultcode", uresult->resultcode);
cJSON_AddStringToObject(res, "message", uresult->message);
cJSON_AddStringToObject(res, "data", ret_char);
/*json对象转换为json字符串*/
result_str = cJSON_PrintUnformatted(res);
@ -394,27 +564,23 @@ static handler_t mod_portal_uri_handler(server *srv, connection *con, void* p_d)
con->file_finished = 1;
cJSON_Delete(cjson);
cJSON_Delete(res);
cJSON_Delete(data);
return HANDLER_FINISHED;
}
/*认证失败*/
if ( (resultinfo->ret != AUTH_SUCCESS) && (resultinfo->ret != AUTH_FAIL_LOCK))
else /*认证失败*/
{
printf("auth fail\n");
log_error_write(srv, __FILE__, __LINE__, "s","test");
cJSON *res;
const char *result_str;
uresult->resultcode = resultinfo->ret;
uresult->remain_lock_time = 0;
uresult->message = mes[resultinfo->ret];
uresult->js_location = 1;
uresult->location_url = "NULL";
uresult->resultcode = resultinfo->ret;; /*表示用户未认证锁定*/
strncpy(uresult->message, mes[resultinfo->ret], 60);
printf("resultcode:%d remain_lock_time:%ld message:%s\n",uresult->resultcode,
uresult->remain_lock_time, uresult->message );
uresult->data.remain_time, uresult->message );
/*创建json对象*/
res = cJSON_CreateObject();
@ -422,9 +588,7 @@ static handler_t mod_portal_uri_handler(server *srv, connection *con, void* p_d)
cJSON_AddNumberToObject(res, "resultcode", uresult->resultcode);
cJSON_AddStringToObject(res, "message", uresult->message);
cJSON_AddNumberToObject(res, "remain_lock_time", uresult->remain_lock_time);
cJSON_AddNumberToObject(res, "js_location", uresult->js_location);
cJSON_AddStringToObject(res, "location_url", uresult->location_url);
cJSON_AddStringToObject(res, "data", "");
/*json对象转换为json字符串*/
result_str = cJSON_PrintUnformatted(res);
@ -440,9 +604,61 @@ static handler_t mod_portal_uri_handler(server *srv, connection *con, void* p_d)
return HANDLER_FINISHED;
}
}
return HANDLER_GO_ON;
cJSON_Delete(cjson);
cJSON_Delete(uitem);
cJSON_Delete(pitem);
return HANDLER_FINISHED;
}
/*认证模块处理函数*/
/*根据传输过来的url分情况执行*/
static handler_t mod_portal_uri_handler(server *srv, connection *con, void* p_d)
{
/*case 1 -判断认证
case 2 -*/
log_error_write(srv, __FILE__, __LINE__, "s","mod_portal_uri_handler");
handler_t t = HANDLER_GO_ON;
p_d = p_d;
if (con->request.http_method == HTTP_METHOD_GET)
{
return HANDLER_GO_ON;
}
log_error_write(srv, __FILE__, __LINE__, "s","test");
if (con->state == CON_STATE_READ_POST) {
chunkqueue *cq = con->request_content_queue;
if (cq->bytes_in != (off_t)con->request.content_length) {
handler_t r = connection_handle_read_post_state(srv, con);
if (r != HANDLER_GO_ON) return r;
}
}
else if (0 == con->request.content_length)
{
return HANDLER_GO_ON;
}
log_error_write(srv, __FILE__, __LINE__, "s","test");
/*url 与"/ISG-login"匹配,判断用户是否认证过*/
if (0 == strcmp(con->uri.path->ptr, "/ISG-login"))
{
t = judge_user_auth(srv, con, p_d);
log_error_write(srv, __FILE__, __LINE__, "s","test");
}
else if (0 == strcmp(con->uri.path->ptr, "/ISG-auth"))
{
t = judge_account_pwd(srv, con, p_d);
log_error_write(srv, __FILE__, __LINE__, "s","test");
}
log_error_write(srv, __FILE__, __LINE__, "s","test");
con->http_status = 200;
con->file_finished = 1;
return t;
}

62
libs/src/lighttpd-1.4.51/src/mod_redirect.c
View File

@ -11,6 +11,11 @@
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
#include <arpa/inet.h>
#define LISTENQ 1024
#define PORT 8082
typedef struct {
pcre_keyvalue_buffer *redirect;
@ -47,6 +52,7 @@ FREE_FUNC(mod_redirect_free) {
return HANDLER_GO_ON;
}
SETDEFAULTS_FUNC(mod_redirect_set_defaults) {
plugin_data *p = p_d;
size_t i = 0;
@ -146,14 +152,44 @@ static int mod_redirect_patch_connection(server *srv, connection *con, plugin_da
return 0;
}
/*通过fd获取对端和远端的IP地址*/
void get_local_peer_ip(int listenfd, uint32_t *serverip, uint32_t *clientip)
{
struct sockaddr_in listendAddr, connectedAddr, peerAddr;//分别表示监听的地址,连接的本地地址,连接的对端地址
socklen_t peerLen;
char ipAddr[INET_ADDRSTRLEN];//保存点分十进制的地址
listen(listenfd, LISTENQ);
socklen_t listendAddrLen = sizeof(listendAddr);
getsockname(listenfd, (struct sockaddr *)&listendAddr, &listendAddrLen);//获取监听的地址和端口
printf("listen address = %s:%d\n", inet_ntoa(listendAddr.sin_addr), ntohs(listendAddr.sin_port));
socklen_t connectedAddrLen = sizeof(connectedAddr);
getsockname(listenfd, (struct sockaddr *)&connectedAddr, &connectedAddrLen);//获取connfd表示的连接上的本地地址(服务端的地址)
printf("connected server address = %s:%d\n", inet_ntoa(connectedAddr.sin_addr), ntohs(connectedAddr.sin_port));
*serverip = connectedAddr.sin_addr.s_addr;
getpeername(listenfd, (struct sockaddr *)&peerAddr, &peerLen); //获取connfd表示的连接上的对端地址(客户端的地址)
printf("connected peer address = %s:%d\n", inet_ntop(AF_INET, &peerAddr.sin_addr, ipAddr, sizeof(ipAddr)), ntohs(peerAddr.sin_port));
*clientip = peerAddr.sin_addr.s_addr;
return;
}
URIHANDLER_FUNC(mod_redirect_uri_handler) {
plugin_data *p = p_d;
struct burl_parts_t burl;
pcre_keyvalue_ctx ctx;
handler_t rc;
//struct burl_parts_t burl;
//pcre_keyvalue_ctx ctx;
//handler_t rc;
uint32_t serverip = 0;
uint32_t clientip = 0;
struct sockaddr_in ip_addr;
get_local_peer_ip(con->fd, &serverip, &clientip);
mod_redirect_patch_connection(srv, con, p);
if (!p->conf.redirect->used) return HANDLER_GO_ON;
#if 0
ctx.cache = p->conf.context
? &con->cond_cache[p->conf.context->context_ndx]
: NULL;
@ -169,6 +205,25 @@ URIHANDLER_FUNC(mod_redirect_uri_handler) {
*/
rc = pcre_keyvalue_buffer_process(p->conf.redirect, &ctx,
con->request.uri, srv->tmp_buf);
#endif
/*组装web server 的IP地址和端口号*/
log_error_write(srv, __FILE__, __LINE__, "ss","test", serverip);
/*将uit32_t类型转为点分十进制类型*/
ip_addr.sin_addr.s_addr = serverip;
sprintf((char*)srv->tmp_buf, "http://%s:%d", inet_ntoa(ip_addr.sin_addr), PORT);
http_header_response_set(con, HTTP_HEADER_LOCATION,
CONST_STR_LEN("Location"),
CONST_BUF_LEN(srv->tmp_buf));
con->http_status = p->conf.redirect_code;
con->mode = DIRECT;
con->file_finished = 1;
return HANDLER_FINISHED;
#if 0
if (HANDLER_FINISHED == rc) {
http_header_response_set(con, HTTP_HEADER_LOCATION,
CONST_STR_LEN("Location"),
@ -183,6 +238,7 @@ URIHANDLER_FUNC(mod_redirect_uri_handler) {
con->request.uri);
}
return rc;
#endif
}
int mod_redirect_plugin_init(plugin *p);

27
libs/src/lighttpd-1.4.51/src/user_hashtable.c
View File

@ -60,18 +60,18 @@ int Init_hash()
/*查找用户信息*/
void ufind_user(uint32_t user_ip, USER_INFO *userinfo)
{
USER_INFO *ufind_user(uint32_t user_ip)
{
struct hlist_node *p = NULL, *n = NULL ;
struct hlist_node *p = NULL, *n = NULL;
/* 这个实际上就是一个for循环从头到尾遍历链表。
* posstruct hlist_node类型的一个指针
* nstruct hlist_node类型的一个指针
* headstruct hlist_head类型的一个指针hlist链表的头结点
*/
*/
hlist_for_each_safe(p,n,call_hash(hash,user_ip))
hlist_for_each_safe(p, n, call_hash(hash, user_ip))
{
/* p表示struct hlist_node类型的一个地址。
@ -79,20 +79,17 @@ void ufind_user(uint32_t user_ip, USER_INFO *userinfo)
* hnodetype结构体中的hlist_node成员变量的名称
* p所指地址的这个结构体的首地址
*/
pNode = hlist_entry(p, struct user_info ,hnode);
if(pNode != NULL)
pNode = hlist_entry(p, struct user_info, hnode);
if (pNode != NULL)
{
userinfo = pNode;
printf("[%d %s %d %d %ld %ld %ld]\n",userinfo->auth_user.user_ip, userinfo->auth_user.user_name, userinfo->auth_user.user_id,
userinfo->auth_user.group_id, userinfo->auth_user.message_num,userinfo->auth_user.byte_num, userinfo->auth_user.online_time);
return;
// printf("[%d %s %d %d %ld %ld %ld]\n", userinfo->auth_user.user_ip, userinfo->auth_user.user_name, userinfo->auth_user.user_id,
// userinfo->auth_user.group_id, userinfo->auth_user.message_num, userinfo->auth_user.byte_num, userinfo->auth_user.online_time);
return pNode;
}
return ;
}
}
return NULL;
}
/*增加用户信息*/

2
libs/src/lighttpd-1.4.51/src/user_hashtable.h
View File

@ -27,7 +27,7 @@ struct hlist_head *call_hash(struct hlist_head *hash, uint32_t ip);
int Init_hash();
/*查找用户信息*/
void ufind_user(uint32_t user_ip, USER_INFO *user_info);
USER_INFO *ufind_user(uint32_t user_ip);
/*增加用户信息*/
int uadd_user(uint32_t user_ip, char *name, int user_id, int group_id, uint64_t message_num, uint64_t byte_num, time_t online_time);