diff --git a/libs/files/lighttpd/config/portal_modules.conf b/libs/files/lighttpd/config/portal_modules.conf index dedadbd47..47430debd 100644 --- a/libs/files/lighttpd/config/portal_modules.conf +++ b/libs/files/lighttpd/config/portal_modules.conf @@ -40,7 +40,8 @@ ## server.modules = ( - "mod_webm", + "mod_portal", +# "mod_webm", # "mod_access", # "mod_alias", # "mod_auth", diff --git a/libs/files/lighttpd/config/redirect.conf b/libs/files/lighttpd/config/redirect.conf new file mode 100644 index 000000000..54baa5c9a --- /dev/null +++ b/libs/files/lighttpd/config/redirect.conf @@ -0,0 +1,155 @@ + +#var.log_root = "/home/cmhi/secogateway/libs/files/lighttpd/log" +var.server_root = "/home/cmhi/secogateway/libs/files/lighttpd" +#var.state_dir = "/home/cmhi/secogateway/libs/files/lighttpd" +#var.home_dir = "/home/cmhi/secogateway/libs/files/lighttpd" +#var.conf_dir = "/home/cmhi/secogateway/libs/files/lighttpd/config" + +var.log_root = server_root + "/portal_log" + +var.state_dir = server_root +var.home_dir = server_root +var.conf_dir = server_root + "/config" + +var.vhosts_dir = server_root + "/portal_vhosts" + +var.cache_dir = server_root + "/portal_cache" + +var.socket_dir = home_dir + "/portal_sockets" + +include "redirect_modules.conf" + +server.port = 8082 + +server.use-ipv6 = "disable" + +#server.username = "lighttpd" +#server.groupname = "lighttpd" + +server.document-root = server_root + "/portal_webpages" + +server.pid-file = state_dir + "/portal_lighttpd.pid" + +server.errorlog = log_root + "/error.log" + +include "conf.d/access_log.conf" + +include "conf.d/debug.conf" + +server.event-handler = "linux-sysepoll" + +## +## The basic network interface for all platforms at the syscalls read() +## and write(). Every modern OS provides its own syscall to help network +## servers transfer files as fast as possible +## +## sendfile - is recommended for small files. +## writev - is recommended for sending many large files +## +server.network-backend = "sendfile" + + +server.max-fds = 2048 + +server.stat-cache-engine = "simple" + +server.max-connections = 1024 + +index-file.names += ( + "index.xhtml", "index.html", "index.htm", "default.htm", "index.php" +) + +url.access-deny = ( "~", ".inc" ) + + +static-file.exclude-extensions = ( ".php", ".pl", ".fcgi", ".scgi" ) + + + +include "conf.d/mime.conf" + +include "conf.d/dirlisting.conf" + +server.follow-symlink = "enable" + + +server.upload-dirs = ( server_root + "/portal_upload" ) + + + +####################################################################### +## +## SSL Support +## ------------- +## +## To enable SSL for the whole server you have to provide a valid +## certificate and have to enable the SSL engine.:: +## +## ssl.engine = "enable" +## ssl.pemfile = "/path/to/server.pem" +## +## The HTTPS protocol does not allow you to use name-based virtual +## hosting with SSL. If you want to run multiple SSL servers with +## one lighttpd instance you must use IP-based virtual hosting: :: +## +## Mitigate CVE-2009-3555 by disabling client triggered renegotation +## This is enabled by default. +## +## IMPORTANT: this setting can only be used in the global scope. +## It does *not* work inside conditionals +## +# ssl.disable-client-renegotiation = "enable" +## +## $SERVER["socket"] == "10.0.0.1:443" { +## ssl.engine = "enable" +## ssl.pemfile = "/etc/ssl/private/www.example.com.pem" +## # +## # (Following SSL/TLS Deployment Best Practices 1.3 / 17 September 2013 from: +## # https://www.ssllabs.com/projects/best-practices/index.html) +## # - BEAST is considered mitigaed on client side now, and new weaknesses have been found in RC4, +## # so it is strongly advised to disable RC4 ciphers (HIGH doesn't include RC4) +## # - It is recommended to disable 3DES too (although disabling RC4 and 3DES breaks IE6+8 on Windows XP, +## # so you might want to support 3DES for now - just remove the '!3DES' parts below). +## # - The examples below prefer ciphersuites with "Forward Secrecy" (and ECDHE over DHE (alias EDH)), remove '+kEDH +kRSA' +## # if you don't want that. +## # - SRP and PSK are not supported anyway, excluding those ('!kSRP !kPSK') just keeps the list smaller (easier to review) +## # Check your cipher list with: openssl ciphers -v '...' (use single quotes as your shell won't like ! in double quotes) +## # +## # If you know you have RSA keys (standard), you can use: +## ssl.cipher-list = "aRSA+HIGH !3DES +kEDH +kRSA !kSRP !kPSK" +## # The more generic version (without the restriction to RSA keys) is +## # ssl.cipher-list = "HIGH !aNULL !3DES +kEDH +kRSA !kSRP !kPSK" +## # +## # Make the server prefer the order of the server side cipher suite instead of the client suite. +## # This option is enabled by default, but only used if ssl.cipher-list is set. +## # +## # ssl.honor-cipher-order = "enable" +## # +## server.name = "www.example.com" +## +## server.document-root = "/srv/www/vhosts/example.com/www/" +## } +## + +## If you have a .crt and a .key file, cat them together into a +## single PEM file: +## $ cat /etc/ssl/private/lighttpd.key /etc/ssl/certs/lighttpd.crt \ +## > /etc/ssl/private/lighttpd.pem +## +#ssl.pemfile = "/etc/ssl/private/lighttpd.pem" + +## +## optionally pass the CA certificate here. +## +## +#ssl.ca-file = "" + +## +## and the CRL revocation list here. +## +## +#ssl.ca-crl-file = "" + +## +####################################################################### + diff --git a/libs/files/lighttpd/config/redirect_modules.conf b/libs/files/lighttpd/config/redirect_modules.conf new file mode 100644 index 000000000..eb514397d --- /dev/null +++ b/libs/files/lighttpd/config/redirect_modules.conf @@ -0,0 +1,180 @@ +####################################################################### +## +## Modules to load +## ----------------- +## +## at least mod_access and mod_accesslog should be loaded +## all other module should only be loaded if really neccesary +## +## - saves some time +## - saves memory +## +## the default module set contains: +## +## "mod_indexfile", "mod_dirlisting", "mod_staticfile" +## +## you dont have to include those modules in your list +## +## Modules, which are pulled in via conf.d/*.conf +## +## NOTE: the order of modules is important. +## +## - mod_accesslog -> conf.d/access_log.conf +## - mod_compress -> conf.d/compress.conf +## - mod_status -> conf.d/status.conf +## - mod_webdav -> conf.d/webdav.conf +## - mod_cml -> conf.d/cml.conf +## - mod_evhost -> conf.d/evhost.conf +## - mod_simple_vhost -> conf.d/simple_vhost.conf +## - mod_mysql_vhost -> conf.d/mysql_vhost.conf +## - mod_trigger_b4_dl -> conf.d/trigger_b4_dl.conf +## - mod_userdir -> conf.d/userdir.conf +## - mod_rrdtool -> conf.d/rrdtool.conf +## - mod_ssi -> conf.d/ssi.conf +## - mod_cgi -> conf.d/cgi.conf +## - mod_scgi -> conf.d/scgi.conf +## - mod_fastcgi -> conf.d/fastcgi.conf +## - mod_proxy -> conf.d/proxy.conf +## - mod_secdownload -> conf.d/secdownload.conf +## - mod_expire -> conf.d/expire.conf +## + +server.modules = ( +# "mod_portal", +# "mod_webm", +# "mod_access", +# "mod_alias", +# "mod_auth", +# "mod_authn_file", +# "mod_evasive", + "mod_redirect", +# "mod_rewrite", +# "mod_setenv", +# "mod_usertrack", +) + +## +####################################################################### + +####################################################################### +## +## Config for various Modules +## + +## +## mod_geoip +## +#include "conf.d/geoip.conf" + +## +## mod_ssi +## +#include "conf.d/ssi.conf" + +## +## mod_status +## +#include "conf.d/status.conf" + +## +## mod_webdav +## +#include "conf.d/webdav.conf" + +## +## mod_compress +## +#include "conf.d/compress.conf" + +## +## mod_userdir +## +#include "conf.d/userdir.conf" + +## +## mod_magnet +## +#include "conf.d/magnet.conf" + +## +## mod_cml +## +#include "conf.d/cml.conf" + +## +## mod_rrdtool +## +#include "conf.d/rrdtool.conf" + +## +## mod_proxy +## +#include "conf.d/proxy.conf" + +## +## mod_expire +## +#include "conf.d/expire.conf" + +## +## mod_secdownload +## +#include "conf.d/secdownload.conf" + +## +####################################################################### + +####################################################################### +## +## CGI modules +## + +## +## SCGI (mod_scgi) +## +#include "conf.d/scgi.conf" + +## +## FastCGI (mod_fastcgi) +## +#include "conf.d/fastcgi.conf" + +## +## plain old CGI (mod_cgi) +## +#include "conf.d/cgi.conf" + +## +####################################################################### + +####################################################################### +## +## VHost Modules +## +## Only load ONE of them! +## ======================== +## + +## +## You can use conditionals for vhosts aswell. +## +## see https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_Configuration +## + +## +## mod_evhost +## +#include "conf.d/evhost.conf" + +## +## mod_simple_vhost +## +#include "conf.d/simple_vhost.conf" + +## +## mod_mysql_vhost +## +#include "conf.d/mysql_vhost.conf" + +## +####################################################################### diff --git a/libs/src/lighttpd-1.4.51/src/mod_portal.c b/libs/src/lighttpd-1.4.51/src/mod_portal.c index 79319d5ed..cd8f7dd46 100644 --- a/libs/src/lighttpd-1.4.51/src/mod_portal.c +++ b/libs/src/lighttpd-1.4.51/src/mod_portal.c @@ -12,10 +12,16 @@ #include #include #include +#include #include "user_auth.h" +#include "arpa/inet.h" +#include "unistd.h" +#include "stddef.h" +#include "/usr/include/x86_64-linux-gnu/sys/socket.h" #define USERNAME_MAXLEN 65 #define PASSWORD_MAXLEN 25 +#define LISTENQ 1024 typedef void* pointer; @@ -56,13 +62,18 @@ typedef struct user_auth_ret } USER_AUTH_RET; #endif +typedef struct { + char username[32]; /*用户名*/ + uint32_t userip; /*用户IP*/ + time_t login_time; /*用户登录时间*/ + time_t remain_time; /*剩余实际*/ +}USERDATA; + /*输出函数结构体 */ typedef struct { auth_ret resultcode; - char *message; /*返回描述用指针表示数组 */ - time_t remain_lock_time; /*锁定剩余时间 */ - int js_location; /*0 location*/ - char *location_url; + char message[60]; /*返回描述用指针表示数组 */ + USERDATA data; /*返回的数据内容*/ }RESULT; /*函数指针*/ @@ -122,9 +133,9 @@ INIT_FUNC(mod_portal_init) { mod_portal_plugin_data *p; p = calloc(1, sizeof(*p)); - + + Init_hash(); /*初始化hash表 */ return p; - } /*认证模块释放*/ @@ -140,19 +151,211 @@ FREE_FUNC(mod_portal_free) { } -/*认证模块处理函数*/ -static handler_t mod_portal_uri_handler(server *srv, connection *con, void* p_d) +/*通过fd获取对端和远端的IP地址*/ +void get_local_peer_ip(int listenfd, uint32_t *serverip, uint32_t *clientip) +{ + struct sockaddr_in listendAddr, connectedAddr, peerAddr;//分别表示监听的地址,连接的本地地址,连接的对端地址 + socklen_t peerLen; + char ipAddr[INET_ADDRSTRLEN];//保存点分十进制的地址 + + listen(listenfd, LISTENQ); + socklen_t listendAddrLen = sizeof(listendAddr); + getsockname(listenfd, (struct sockaddr *)&listendAddr, &listendAddrLen);//获取监听的地址和端口 + printf("listen address = %s:%d\n", inet_ntoa(listendAddr.sin_addr), ntohs(listendAddr.sin_port)); + + socklen_t connectedAddrLen = sizeof(connectedAddr); + getsockname(listenfd, (struct sockaddr *)&connectedAddr, &connectedAddrLen);//获取connfd表示的连接上的本地地址(服务端的地址) + printf("connected server address = %s:%d\n", inet_ntoa(connectedAddr.sin_addr), ntohs(connectedAddr.sin_port)); + *serverip = connectedAddr.sin_addr.s_addr; + getpeername(listenfd, (struct sockaddr *)&peerAddr, &peerLen); //获取connfd表示的连接上的对端地址(客户端的地址) + printf("connected peer address = %s:%d\n", inet_ntop(AF_INET, &peerAddr.sin_addr, ipAddr, sizeof(ipAddr)), ntohs(peerAddr.sin_port)); + *clientip = peerAddr.sin_addr.s_addr; + + return; +} + + +/*post 先判断用户是否认证过*/ +/*用户认证过-返回resultcode=0 message data(username、user_ip、login_time)*/ +/*用户未认证通过-返回resultcode=1 message data(null)*/ +static handler_t judge_user_auth(server *srv, connection *con, void* p_d) +{ + p_d = p_d; + USER_INFO *uinfo; + cJSON *cjson; + cJSON *uip; + uint32_t ip; + + RESULT *uresult; + uresult = ( RESULT *)malloc(sizeof(RESULT)); + if(NULL == uresult) + { + return HANDLER_ERROR; + } + log_error_write(srv, __FILE__, __LINE__, "s","test"); + + /*get payload*/ + handler_t result = connection_handle_read_post_state(srv, con); + + log_error_write(srv, __FILE__, __LINE__, "sd","test", result); + + if (result != HANDLER_GO_ON) + { + return result ; + } + + log_error_write(srv, __FILE__, __LINE__, "s","test"); + + buffer *b = buffer_init(); + chunkqueue *dst_cq = con->request_content_queue; + chunk *c = dst_cq->first; + if (NULL == c) + { + return HANDLER_ERROR; + } + + while(c != NULL) + { + buffer_append_string(b, c->mem->ptr + c->offset); + c = c->next; + } + + log_error_write(srv, __FILE__, __LINE__, "sb","test",b); + + /*JSON字符串到JSON格式 */ + cjson = cJSON_Parse(b->ptr); + if(!cjson) + { + return HANDLER_ERROR; + } + + /*get userip */ + uip = cJSON_GetObjectItem(cjson , "user_ip"); + if(!uip) + { + return HANDLER_ERROR; + } + + ip = uip->valueint; + log_error_write(srv, __FILE__, __LINE__, "sd", "test", ip); + + /*通过用户IP判断用户是否认证通过*/ + uinfo = ufind_user(ip); + + if (NULL == uinfo) + { + cJSON *res; + const char *result_str; + char *messgae = "the user is not authenticated"; + + #if 0 + result->data.login_time = 0; + result->data.userip = 0; + strncpy(result->data.username, "", 32); + #endif + + uresult->resultcode = 0; /*表示用户未认证成功*/ + strncpy(uresult->message, messgae, 60); + + /*创建json对象*/ + res = cJSON_CreateObject(); + if(!res) return HANDLER_ERROR; + + cJSON_AddNumberToObject(res, "resultcode", uresult->resultcode); + cJSON_AddStringToObject(res, "message", uresult->message); + cJSON_AddStringToObject(res, "data", ""); + + log_error_write(srv, __FILE__, __LINE__, "s","test"); + + /*json对象转换为json字符串*/ + result_str = cJSON_PrintUnformatted(res); + buffer *result_info = buffer_init(); + result_info = buffer_init_string(result_str); + chunkqueue_append_buffer(con->write_queue, result_info); + buffer_free(result_info); + con->http_status = 200; + con->file_finished = 1; + cJSON_Delete(res); + return HANDLER_FINISHED; + } + else + { + cJSON *res; + cJSON *data; + char *ret_char = NULL; + char *result_str = NULL; + char *messgae = "the user is authenticated"; + time_t tmpcal_ptr; + + log_error_write(srv, __FILE__, __LINE__, "s","test"); + /*创建json对象*/ + data = cJSON_CreateObject(); + if(!data) + { + return HANDLER_ERROR; + } + + /*给data内容赋值,认证成功,给前端返回用户名、用户IP、当前登录时间*/ + time(&tmpcal_ptr); + log_error_write(srv, __FILE__, __LINE__, "d", tmpcal_ptr); + + uresult->data.login_time = tmpcal_ptr; + uresult->data.userip = ip; + strncpy(uresult->data.username, uinfo->auth_user.user_name, 32); + + cJSON_AddStringToObject(data, "username", uresult->data.username); + cJSON_AddNumberToObject(data, "userip", uresult->data.userip); + cJSON_AddNumberToObject(data, "login_time", uresult->data.login_time); + + ret_char = cJSON_PrintUnformatted(data); + + /*创建json对象*/ + res = cJSON_CreateObject(); + if(!res) return HANDLER_ERROR; + + uresult->resultcode = 1; /*表示用户已经认证成功*/ + strncpy(uresult->message, messgae, 60); /*用户已经认证通过*/ + + cJSON_AddNumberToObject(res, "resultcode", uresult->resultcode); + cJSON_AddStringToObject(res, "message", uresult->message); + cJSON_AddStringToObject(res, "data", ret_char); + + log_error_write(srv, __FILE__, __LINE__, "s","test"); + + /*json对象转换为json字符串*/ + result_str = cJSON_PrintUnformatted(res); + buffer *result_info = buffer_init(); + result_info = buffer_init_string(result_str); + chunkqueue_append_buffer(con->write_queue, result_info); + buffer_free(result_info); + con->http_status = 200; + con->file_finished = 1; + cJSON_Delete(res); + cJSON_Delete(data); + return HANDLER_FINISHED; + } + + cJSON_Delete(cjson); + cJSON_Delete(uip); + return HANDLER_FINISHED; +} + +/*判断用户名和密码是否正确*/ +static handler_t judge_account_pwd(server *srv, connection *con, void* p_d) { p_d = p_d; //mod_portal_plugin_data *p = p_d; cJSON *cjson; USER_AUTH_RET *resultinfo; char *account = NULL; - char *pwd = NULL; - Init_hash(); /*初始化hash表放在配置恢复处 */ - uint32_t client_ip=10001; /*解析报文拿到用户IP */ + char *pwd = NULL; + RESULT *uresult; + uint32_t serverip = 0; + uint32_t clientip = 0; + + get_local_peer_ip(con->fd, &serverip, &clientip); + log_error_write(srv, __FILE__, __LINE__, "s","test"); - RESULT *uresult; uresult = ( RESULT *)malloc(sizeof(RESULT)); if(NULL == uresult) { @@ -164,215 +367,117 @@ static handler_t mod_portal_uri_handler(server *srv, connection *con, void* p_d) { return HANDLER_ERROR; } - - /*method=get,return HANDLER_GO_ON*/ - if(con->request.http_method == HTTP_METHOD_GET) - { - USER_INFO *uinfo; - uinfo = (USER_INFO *)malloc(sizeof(USER_INFO)); - if (NULL == uinfo) - { - return HANDLER_ERROR; - } - if (0 == strcmp(con->uri.path->ptr, "/ISG-authsuccess")) - { - ufind_user(client_ip, uinfo); - if (NULL == uinfo) - { - buffer *return_info = buffer_init(); - - return_info = buffer_init_string(""); - chunkqueue_append_buffer(con->write_queue, return_info); - buffer_free(return_info); - con->http_status = 200; - con->file_finished = 1; - return HANDLER_FINISHED; - } - } - else if (0 == strcmp(con->uri.path->ptr, "/ISG-auth")) - { - ufind_user(client_ip, uinfo); - if (NULL != uinfo) - { - buffer *return_info = buffer_init(); - return_info = buffer_init_string(""); - chunkqueue_append_buffer(con->write_queue, return_info); - buffer_free(return_info); - con->http_status = 200; - con->file_finished = 1; - return HANDLER_FINISHED; - } - } - return HANDLER_GO_ON; + /*get payload*/ + handler_t result = connection_handle_read_post_state(srv, con); + if (result != HANDLER_GO_ON) + { + return result; + } + + log_error_write(srv, __FILE__, __LINE__, "s","test"); + + buffer *b = buffer_init(); + chunkqueue *dst_cq = con->request_content_queue; + chunk *c = dst_cq->first; + if (NULL == c) return HANDLER_ERROR; + + while(c != NULL) + { + buffer_append_string(b, c->mem->ptr + c->offset); + c = c->next; + } + + log_error_write(srv, __FILE__, __LINE__, "sb","test",b); + + /*JSON字符串到JSON格式 */ + cjson = cJSON_Parse(b->ptr); + if(!cjson) + { + return HANDLER_ERROR; + } + + /*get username */ + cJSON *uitem = cJSON_GetObjectItem(cjson , "account"); + if(!uitem) + { + return HANDLER_ERROR; } - - /*method=post handle*/ - if(con->request.http_method == HTTP_METHOD_POST) - { - /*get payload*/ - handler_t result = connection_handle_read_post_state(srv, con); - if (result != HANDLER_GO_ON) return result ; + account= uitem->valuestring; + log_error_write(srv, __FILE__, __LINE__, "ss","test",account); - log_error_write(srv, __FILE__, __LINE__, "s","test"); + if( strlen(account) > USERNAME_MAXLEN ) + { + cJSON_Delete(uitem); + cJSON_Delete(cjson); + free(account); + return HANDLER_ERROR; + } - buffer *b = buffer_init(); - chunkqueue *dst_cq = con->request_content_queue; - chunk *c = dst_cq->first; - if (NULL == c) return HANDLER_ERROR; - - while(c != NULL) - { - buffer_append_string(b, c->mem->ptr + c->offset); - c = c->next; - } - - log_error_write(srv, __FILE__, __LINE__, "sb","test",b); - - /*JSON字符串到JSON格式 */ - cjson = cJSON_Parse(b->ptr); - if(!cjson) - { - return HANDLER_ERROR; - } - - /*get username */ - cJSON *uitem = cJSON_GetObjectItem(cjson , "account"); - if(!uitem) - { - return HANDLER_ERROR; - } - - account= uitem->valuestring; - log_error_write(srv, __FILE__, __LINE__, "ss","test",account); - - if( strlen(account) > USERNAME_MAXLEN ) - { - cJSON_Delete(uitem); - cJSON_Delete(cjson); - free(account); - return HANDLER_ERROR; - } - - /*get password */ - cJSON *pitem = cJSON_GetObjectItem(cjson , "pwd"); - if(!pitem) - { - return HANDLER_ERROR; - } + /*get password */ + cJSON *pitem = cJSON_GetObjectItem(cjson , "pwd"); + if(!pitem) + { + return HANDLER_ERROR; + } - pwd =pitem->valuestring; - log_error_write(srv, __FILE__, __LINE__, "ss","test",pwd); - if( strlen(pwd) > PASSWORD_MAXLEN ) - { - cJSON_Delete(pitem); - cJSON_Delete(cjson); - free(pwd); - return HANDLER_ERROR; - } + pwd =pitem->valuestring; + log_error_write(srv, __FILE__, __LINE__, "ss","test",pwd); + if( strlen(pwd) > PASSWORD_MAXLEN ) + { + cJSON_Delete(cjson); + cJSON_Delete(pitem); + free(pwd); + return HANDLER_ERROR; + } + log_error_write(srv, __FILE__, __LINE__, "s","test"); - log_error_write(srv, __FILE__, __LINE__, "s","test"); + /*调用认证接口函数 */ + user_auth_login(account, pwd, resultinfo); + //resultinfo->ret = AUTH_SUCCESS; - /*调用认证接口函数 */ - user_auth_login(account, pwd, resultinfo); + /*auth success*/ + if(resultinfo->ret == AUTH_SUCCESS) + { + cJSON *res; + cJSON *data; + char *ret_char; + const char *result_str; + time_t tmpcal_ptr; - #if 0 - if ( p->portal_cfg_exec) - { - p->portal_cfg_exec(account, pwd, resultinfo); - } - #endif - - //resultinfo->ret = AUTH_SUCCESS; + log_error_write(srv, __FILE__, __LINE__, "s","test"); - /*auth success*/ - if (resultinfo->ret == AUTH_SUCCESS) - { - cJSON *res; - const char *result_str; - - log_error_write(srv, __FILE__, __LINE__, "s","test"); - - /*auth success-用户信息保存在本地IP监测表*/ - /*获取下行报文数、字节数、在线时间*/ - uadd_user(client_ip, account, resultinfo->user_id, resultinfo->group_id, 100, 100, 100); - uprintf_users(); + /*auth success-用户信息保存在本地IP监测表*/ + /*获取下行报文数、字节数、在线时间 目前设置默认值为0*/ + uadd_user(clientip, account, resultinfo->user_id, resultinfo->group_id, 0, 0, 0); + uprintf_users(); - - uresult->resultcode = resultinfo->ret; - uresult->remain_lock_time = 0; - uresult->message = mes[resultinfo->ret]; - uresult->js_location = 0; - uresult->location_url = ""; - - printf("resultcode:%d remain_lock_time:%ld message:%s\n",uresult->resultcode, - uresult->remain_lock_time, uresult->message ); - - log_error_write(srv, __FILE__, __LINE__, "s","test"); - - /*创建json对象*/ - res = cJSON_CreateObject(); - if(!res) return HANDLER_ERROR; - - cJSON_AddNumberToObject(res, "resultcode", uresult->resultcode); - cJSON_AddStringToObject(res, "message", uresult->message); - cJSON_AddNumberToObject(res, "remain_lock_time", uresult->remain_lock_time); - cJSON_AddNumberToObject(res, "js_location", uresult->js_location); - cJSON_AddStringToObject(res, "location_url", uresult->location_url); - + /*创建json对象*/ + data = cJSON_CreateObject(); + if(!data) + { + return HANDLER_ERROR; + } - log_error_write(srv, __FILE__, __LINE__, "s","test"); - - /*json对象转换为json字符串*/ - result_str = cJSON_PrintUnformatted(res); - buffer *result_info = buffer_init(); - result_info = buffer_init_string(result_str); - chunkqueue_append_buffer(con->write_queue, result_info); - buffer_free(result_info); - con->http_status = 200; - con->file_finished = 1; - cJSON_Delete(cjson); - cJSON_Delete(res); - return HANDLER_FINISHED; - - - #if 0 - /*1.跳转到认证成功界面*/ - buffer *return_info = buffer_init(); - - return_info = buffer_init_string(""); - chunkqueue_append_buffer(con->write_queue, return_info); - buffer_free(return_info); - - - /*2.跳转到认证之间的界面 con->request.http.host*/ - /**/ - #endif - - log_error_write(srv, __FILE__, __LINE__, "s","test"); - } + /*给data内容赋值,认证成功,给前端返回用户名、用户IP、当前登录时间*/ + time(&tmpcal_ptr); + log_error_write(srv, __FILE__, __LINE__, "d", tmpcal_ptr); + uresult->data.login_time = tmpcal_ptr; + uresult->data.userip =clientip; /*拿到客户端IP地址*/ + strncpy(uresult->data.username, account, 32); - /*认证锁定*/ - if (resultinfo->ret == AUTH_FAIL_LOCK) - { - log_error_write(srv, __FILE__, __LINE__, "s","test"); - cJSON *res; - const char *result_str; - - uresult->resultcode = resultinfo->ret; - uresult->remain_lock_time = resultinfo->remain_lock_time; - uresult->message = mes[resultinfo->ret]; - uresult->js_location = 1; - uresult->location_url = "NULL"; - printf("resultcode:%d remain_lock_time:%ld message:%s\n",uresult->resultcode, - uresult->remain_lock_time, uresult->message ); + cJSON_AddStringToObject(data, "username", uresult->data.username); + cJSON_AddNumberToObject(data, "userip", uresult->data.userip); + cJSON_AddNumberToObject(data, "login_time", uresult->data.login_time); + + ret_char = cJSON_PrintUnformatted(data); + + uresult->resultcode = resultinfo->ret;; /*表示用户未认证成功*/ + strncpy(uresult->message, mes[resultinfo->ret], 60); + //uresult->message = mes[resultinfo->ret]; /*创建json对象*/ res = cJSON_CreateObject(); @@ -380,9 +485,74 @@ static handler_t mod_portal_uri_handler(server *srv, connection *con, void* p_d) cJSON_AddNumberToObject(res, "resultcode", uresult->resultcode); cJSON_AddStringToObject(res, "message", uresult->message); - cJSON_AddNumberToObject(res, "remain_lock_time", uresult->remain_lock_time); - cJSON_AddNumberToObject(res, "js_location", uresult->js_location); - cJSON_AddStringToObject(res, "location_url", uresult->location_url); + cJSON_AddStringToObject(res, "data", ret_char); + + log_error_write(srv, __FILE__, __LINE__, "s","test"); + + /*json对象转换为json字符串*/ + result_str = cJSON_PrintUnformatted(res); + buffer *result_info = buffer_init(); + result_info = buffer_init_string(result_str); + chunkqueue_append_buffer(con->write_queue, result_info); + buffer_free(result_info); + con->http_status = 200; + con->file_finished = 1; + cJSON_Delete(cjson); + cJSON_Delete(res); + cJSON_Delete(data); + return HANDLER_FINISHED; + + + #if 0 + /*1.跳转到认证成功界面*/ + buffer *return_info = buffer_init(); + + return_info = buffer_init_string(""); + chunkqueue_append_buffer(con->write_queue, return_info); + buffer_free(return_info); + + + /*2.跳转到认证之间的界面 con->request.http.host*/ + /**/ + #endif + + log_error_write(srv, __FILE__, __LINE__, "s","test"); + } + else if(resultinfo->ret == AUTH_FAIL_LOCK) /*用户锁定*/ + { + log_error_write(srv, __FILE__, __LINE__, "s","test"); + cJSON *res; + cJSON *data; + char *ret_char = NULL; + const char *result_str; + + /*创建json对象*/ + data = cJSON_CreateObject(); + if(!data) + { + return HANDLER_ERROR; + } + + uresult->data.remain_time = resultinfo->remain_lock_time; + cJSON_AddNumberToObject(data, "remain_lock_time", uresult->data.remain_time); + ret_char = cJSON_PrintUnformatted(data); + + uresult->resultcode = resultinfo->ret;; /*表示用户未认证锁定*/ + strncpy(uresult->message, mes[resultinfo->ret], 60); + printf("resultcode:%d remain_lock_time:%ld message:%s\n",uresult->resultcode, + uresult->data.remain_time, uresult->message ); + + /*创建json对象*/ + res = cJSON_CreateObject(); + if(!res) return HANDLER_ERROR; + + cJSON_AddNumberToObject(res, "resultcode", uresult->resultcode); + cJSON_AddStringToObject(res, "message", uresult->message); + cJSON_AddStringToObject(res, "data", ret_char); /*json对象转换为json字符串*/ result_str = cJSON_PrintUnformatted(res); @@ -394,27 +564,23 @@ static handler_t mod_portal_uri_handler(server *srv, connection *con, void* p_d) con->file_finished = 1; cJSON_Delete(cjson); cJSON_Delete(res); + cJSON_Delete(data); return HANDLER_FINISHED; } - - - /*认证失败*/ - if ( (resultinfo->ret != AUTH_SUCCESS) && (resultinfo->ret != AUTH_FAIL_LOCK)) + else /*认证失败*/ { printf("auth fail\n"); log_error_write(srv, __FILE__, __LINE__, "s","test"); cJSON *res; const char *result_str; - - uresult->resultcode = resultinfo->ret; - uresult->remain_lock_time = 0; - uresult->message = mes[resultinfo->ret]; - uresult->js_location = 1; - uresult->location_url = "NULL"; + + + uresult->resultcode = resultinfo->ret;; /*表示用户未认证锁定*/ + strncpy(uresult->message, mes[resultinfo->ret], 60); printf("resultcode:%d remain_lock_time:%ld message:%s\n",uresult->resultcode, - uresult->remain_lock_time, uresult->message ); + uresult->data.remain_time, uresult->message ); /*创建json对象*/ res = cJSON_CreateObject(); @@ -422,9 +588,7 @@ static handler_t mod_portal_uri_handler(server *srv, connection *con, void* p_d) cJSON_AddNumberToObject(res, "resultcode", uresult->resultcode); cJSON_AddStringToObject(res, "message", uresult->message); - cJSON_AddNumberToObject(res, "remain_lock_time", uresult->remain_lock_time); - cJSON_AddNumberToObject(res, "js_location", uresult->js_location); - cJSON_AddStringToObject(res, "location_url", uresult->location_url); + cJSON_AddStringToObject(res, "data", ""); /*json对象转换为json字符串*/ result_str = cJSON_PrintUnformatted(res); @@ -440,9 +604,61 @@ static handler_t mod_portal_uri_handler(server *srv, connection *con, void* p_d) return HANDLER_FINISHED; } - } - return HANDLER_GO_ON; + cJSON_Delete(cjson); + cJSON_Delete(uitem); + cJSON_Delete(pitem); + return HANDLER_FINISHED; +} + + +/*认证模块处理函数*/ +/*根据传输过来的url分情况执行*/ +static handler_t mod_portal_uri_handler(server *srv, connection *con, void* p_d) +{ + /*case 1 -判断认证 + case 2 -判断用户名和密码*/ + log_error_write(srv, __FILE__, __LINE__, "s","mod_portal_uri_handler"); + + handler_t t = HANDLER_GO_ON; + p_d = p_d; + if (con->request.http_method == HTTP_METHOD_GET) + { + return HANDLER_GO_ON; + } + + log_error_write(srv, __FILE__, __LINE__, "s","test"); + + if (con->state == CON_STATE_READ_POST) { + chunkqueue *cq = con->request_content_queue; + if (cq->bytes_in != (off_t)con->request.content_length) { + handler_t r = connection_handle_read_post_state(srv, con); + if (r != HANDLER_GO_ON) return r; + } + } + else if (0 == con->request.content_length) + { + return HANDLER_GO_ON; + } + + log_error_write(srv, __FILE__, __LINE__, "s","test"); + /*url 与"/ISG-login"匹配,判断用户是否认证过*/ + if (0 == strcmp(con->uri.path->ptr, "/ISG-login")) + { + t = judge_user_auth(srv, con, p_d); + log_error_write(srv, __FILE__, __LINE__, "s","test"); + } + else if (0 == strcmp(con->uri.path->ptr, "/ISG-auth")) + { + t = judge_account_pwd(srv, con, p_d); + log_error_write(srv, __FILE__, __LINE__, "s","test"); + + } + + log_error_write(srv, __FILE__, __LINE__, "s","test"); + con->http_status = 200; + con->file_finished = 1; + return t; } diff --git a/libs/src/lighttpd-1.4.51/src/mod_redirect.c b/libs/src/lighttpd-1.4.51/src/mod_redirect.c index b07eea5b4..511255d59 100644 --- a/libs/src/lighttpd-1.4.51/src/mod_redirect.c +++ b/libs/src/lighttpd-1.4.51/src/mod_redirect.c @@ -11,6 +11,11 @@ #include #include +#include +#include + +#define LISTENQ 1024 +#define PORT 8082 typedef struct { pcre_keyvalue_buffer *redirect; @@ -47,6 +52,7 @@ FREE_FUNC(mod_redirect_free) { return HANDLER_GO_ON; } + SETDEFAULTS_FUNC(mod_redirect_set_defaults) { plugin_data *p = p_d; size_t i = 0; @@ -146,14 +152,44 @@ static int mod_redirect_patch_connection(server *srv, connection *con, plugin_da return 0; } +/*通过fd获取对端和远端的IP地址*/ +void get_local_peer_ip(int listenfd, uint32_t *serverip, uint32_t *clientip) +{ + struct sockaddr_in listendAddr, connectedAddr, peerAddr;//分别表示监听的地址,连接的本地地址,连接的对端地址 + socklen_t peerLen; + char ipAddr[INET_ADDRSTRLEN];//保存点分十进制的地址 + + listen(listenfd, LISTENQ); + socklen_t listendAddrLen = sizeof(listendAddr); + getsockname(listenfd, (struct sockaddr *)&listendAddr, &listendAddrLen);//获取监听的地址和端口 + printf("listen address = %s:%d\n", inet_ntoa(listendAddr.sin_addr), ntohs(listendAddr.sin_port)); + + socklen_t connectedAddrLen = sizeof(connectedAddr); + getsockname(listenfd, (struct sockaddr *)&connectedAddr, &connectedAddrLen);//获取connfd表示的连接上的本地地址(服务端的地址) + printf("connected server address = %s:%d\n", inet_ntoa(connectedAddr.sin_addr), ntohs(connectedAddr.sin_port)); + *serverip = connectedAddr.sin_addr.s_addr; + getpeername(listenfd, (struct sockaddr *)&peerAddr, &peerLen); //获取connfd表示的连接上的对端地址(客户端的地址) + printf("connected peer address = %s:%d\n", inet_ntop(AF_INET, &peerAddr.sin_addr, ipAddr, sizeof(ipAddr)), ntohs(peerAddr.sin_port)); + *clientip = peerAddr.sin_addr.s_addr; + + return; +} + URIHANDLER_FUNC(mod_redirect_uri_handler) { plugin_data *p = p_d; - struct burl_parts_t burl; - pcre_keyvalue_ctx ctx; - handler_t rc; + //struct burl_parts_t burl; + //pcre_keyvalue_ctx ctx; + //handler_t rc; + uint32_t serverip = 0; + uint32_t clientip = 0; + struct sockaddr_in ip_addr; + + get_local_peer_ip(con->fd, &serverip, &clientip); mod_redirect_patch_connection(srv, con, p); if (!p->conf.redirect->used) return HANDLER_GO_ON; + + #if 0 ctx.cache = p->conf.context ? &con->cond_cache[p->conf.context->context_ndx] : NULL; @@ -169,6 +205,25 @@ URIHANDLER_FUNC(mod_redirect_uri_handler) { */ rc = pcre_keyvalue_buffer_process(p->conf.redirect, &ctx, con->request.uri, srv->tmp_buf); + #endif + + /*组装web server 的IP地址和端口号*/ + log_error_write(srv, __FILE__, __LINE__, "ss","test", serverip); + /*将uit32_t类型转为点分十进制类型*/ + ip_addr.sin_addr.s_addr = serverip; + + sprintf((char*)srv->tmp_buf, "http://%s:%d", inet_ntoa(ip_addr.sin_addr), PORT); + + http_header_response_set(con, HTTP_HEADER_LOCATION, + CONST_STR_LEN("Location"), + CONST_BUF_LEN(srv->tmp_buf)); + con->http_status = p->conf.redirect_code; + con->mode = DIRECT; + con->file_finished = 1; + + return HANDLER_FINISHED; + + #if 0 if (HANDLER_FINISHED == rc) { http_header_response_set(con, HTTP_HEADER_LOCATION, CONST_STR_LEN("Location"), @@ -183,6 +238,7 @@ URIHANDLER_FUNC(mod_redirect_uri_handler) { con->request.uri); } return rc; + #endif } int mod_redirect_plugin_init(plugin *p); diff --git a/libs/src/lighttpd-1.4.51/src/user_hashtable.c b/libs/src/lighttpd-1.4.51/src/user_hashtable.c index 8e663bc17..ac3e1353a 100644 --- a/libs/src/lighttpd-1.4.51/src/user_hashtable.c +++ b/libs/src/lighttpd-1.4.51/src/user_hashtable.c @@ -60,18 +60,18 @@ int Init_hash() /*查找用户信息*/ -void ufind_user(uint32_t user_ip, USER_INFO *userinfo) -{ +USER_INFO *ufind_user(uint32_t user_ip) +{ - struct hlist_node *p = NULL, *n = NULL ; + struct hlist_node *p = NULL, *n = NULL; /* 这个实际上就是一个for循环,从头到尾遍历链表。 * pos:struct hlist_node类型的一个指针; * n:struct hlist_node类型的一个指针; * head:struct hlist_head类型的一个指针,表示hlist链表的头结点。 - */ + */ - hlist_for_each_safe(p,n,call_hash(hash,user_ip)) + hlist_for_each_safe(p, n, call_hash(hash, user_ip)) { /* p:表示struct hlist_node类型的一个地址。 @@ -79,20 +79,17 @@ void ufind_user(uint32_t user_ip, USER_INFO *userinfo) * hnode:type结构体中的hlist_node成员变量的名称 * 表示得到p所指地址的这个结构体的首地址 */ - pNode = hlist_entry(p, struct user_info ,hnode); - if(pNode != NULL) + pNode = hlist_entry(p, struct user_info, hnode); + if (pNode != NULL) { - userinfo = pNode; - printf("[%d %s %d %d %ld %ld %ld]\n",userinfo->auth_user.user_ip, userinfo->auth_user.user_name, userinfo->auth_user.user_id, - userinfo->auth_user.group_id, userinfo->auth_user.message_num,userinfo->auth_user.byte_num, userinfo->auth_user.online_time); - return; +// printf("[%d %s %d %d %ld %ld %ld]\n", userinfo->auth_user.user_ip, userinfo->auth_user.user_name, userinfo->auth_user.user_id, +// userinfo->auth_user.group_id, userinfo->auth_user.message_num, userinfo->auth_user.byte_num, userinfo->auth_user.online_time); + return pNode; } - - - return ; } -} + return NULL; +} /*增加用户信息*/ diff --git a/libs/src/lighttpd-1.4.51/src/user_hashtable.h b/libs/src/lighttpd-1.4.51/src/user_hashtable.h index e1d4332a7..1e50122ac 100644 --- a/libs/src/lighttpd-1.4.51/src/user_hashtable.h +++ b/libs/src/lighttpd-1.4.51/src/user_hashtable.h @@ -27,7 +27,7 @@ struct hlist_head *call_hash(struct hlist_head *hash, uint32_t ip); int Init_hash(); /*查找用户信息*/ -void ufind_user(uint32_t user_ip, USER_INFO *user_info); +USER_INFO *ufind_user(uint32_t user_ip); /*增加用户信息*/ int uadd_user(uint32_t user_ip, char *name, int user_id, int group_id, uint64_t message_num, uint64_t byte_num, time_t online_time);