cmhi
/
secgateway
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Mod aaa-12 修改配置文件-未认证权限、认证参数 

RCA:
SOL:
修改人:chenling
检视人:
This commit is contained in:
ChenLing 2019-08-27 10:38:00 +08:00
parent 6c5f244be1
commit 9ccfe5c925
4 changed files with 212 additions and 118 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Platform/user/configm/config-server/web_config/auth_parameters.c
View File

@ -248,7 +248,7 @@ ret_code authpara_config_proc(uint source, uint config_type,
authpara_config_json_parse(input, &conf_type, &auth_parameters);
if(input_len != sizeof(auth_parameters_t)) {
if(input_len < sizeof(auth_parameters_t)) {
return RET_INPUTERR;
}
@ -303,11 +303,13 @@ ret_code authpara_config_proc(uint source, uint config_type,
#endif
#if 0
/*Portal server的port通过redis消息队列接口发布给web server*/
memset(auth_port, 0, 20);
sprintf(auth_port, "%d ", auth_parameters.port);
printf("The number 'port' is %d and the string 'port' is %s. \n", auth_parameters.port, auth_port);
local_portal_port(auth_port);
#endif
/*创建json对象 */
res = cJSON_CreateObject();
@ -319,6 +321,8 @@ ret_code authpara_config_proc(uint source, uint config_type,
}
/*将json对象转换成json字符串 返回处理结果*/
printf("resultcode = %d\n", configure_result->resultcode);
printf("message = %s\n", configure_result->message);
cJSON_AddNumberToObject(res, "resultcode", configure_result->resultcode);
cJSON_AddStringToObject(res, "message", configure_result->message);
ret_char = cJSON_PrintUnformatted(res);
@ -343,4 +347,3 @@ ret_code authpara_config_proc(uint source, uint config_type,
free(configure_result);
return RET_OK;
}

125
Platform/user/configm/config-server/web_config/authfree.c
View File

@ -278,6 +278,8 @@ ret_code authpara_config_json_parse_array(pointer input, uint *conf_type, freeau
memset(freeauth_buff, 0, sizeof(freeauth_configure_t) * iCount);
*fb = freeauth_buff;
for(i = 0; i < iCount; i++) {
cJSON *pArrayItem = cJSON_GetArrayItem(data, i);
@ -325,13 +327,16 @@ ret_code authpara_config_json_parse_array(pointer input, uint *conf_type, freeau
freeauth_buff->flag = flag->valueint;
}
#if 0
printf("freeauth_buff->name = %p\n", &freeauth_buff->name);
printf("freeauth_buff->name = %p\n", &freeauth_buff->name);
printf("freeauth_buff->name = %s\n", freeauth_buff->name);
#if 0
for (int j = 0; j < iCount; j++)
{
printf("[%d %s %d %d %d %d]\n",pbuf[j].rule_priority, pbuf[j].name, pbuf[j].sip,
pbuf[j].dip, pbuf[j].dport, pbuf[j].flag);
printf("[%d %s %d %d %d %d]\n", freeauth_buff->rule_priority, freeauth_buff->name, freeauth_buff->sip,
freeauth_buff->dip, freeauth_buff->dport, freeauth_buff->flag);
freeauth_buff++;
}
#endif
@ -345,7 +350,6 @@ ret_code authpara_config_json_parse_array(pointer input, uint *conf_type, freeau
cJSON_Delete(cjson);
*fb = freeauth_buff;
return RET_OK;
}
@ -386,20 +390,36 @@ ret_code freeauth_config_add_proc(uint source, uint config_type,
freeauth_config_json_parse(input, &conf_type, freeauth_configure);
/*校验用户名长度*/
if(input_len != sizeof(freeauth_configure_t) || NULL == freeauth_configure->name ||
if(input_len < sizeof(freeauth_configure_t) || NULL == freeauth_configure->name ||
(UNAMESIZE) < strlen(freeauth_configure->name) || 0 == strlen(freeauth_configure->name)) {
free(freeauth_configure);
printf("the lenth is error\n");
return RET_INPUTERR;
}
/* 校验用户名中不含特殊字符 */
if(SPECHAR(freeauth_configure->name)) {
free(freeauth_configure);
printf("username 含有特殊字符\n");
return RET_INPUTERR;
}
#if 0
/*校验优先级是否重名,如果优先级已经存在 则退出程序*/
for(i = 0; i < RULE_MAX_NUM; i++){
if(freeauth_array[i].rule_priority == freeauth_configure->rule_priority) {
printf("%s(%d) freeauth_array[%d] = %p\n", __FUNCTION__, __LINE__, i, &freeauth_array[i]);
free(freeauth_configure);
return RET_EXIST;
}
}
#endif
/*校验端口号*/
if((freeauth_configure->dport < DPORT_MIN_NUM) || (freeauth_configure->dport > DPORT_MAX_NUM)) {
free(freeauth_configure);
printf("the port is error\n");
return RET_IPINVALID;
}
@ -408,8 +428,39 @@ ret_code freeauth_config_add_proc(uint source, uint config_type,
/*两个字符串相等 strcmp值为0*/
if(0 == strcmp(freeauth_array[i].name, freeauth_configure->name)) {
printf("%s(%d) freeauth_array[%d] = %p\n", __FUNCTION__, __LINE__, i, &freeauth_array[i]);
printf("local user is existed\n");
/*创建json对象 */
res = cJSON_CreateObject();
if(!res) {
free(freeauth_configure);
return RET_EXIST;
return RET_ERR;
}
/*将json对象转换成json字符串 返回处理结果*/
cJSON_AddNumberToObject(res, "resultcode", 2);
cJSON_AddStringToObject(res, "message", "rule existed");
ret_char = cJSON_PrintUnformatted(res);
ret_int = strlen(ret_char);
if(output_len) {
*output_len = ret_int;
}
/*超出2k的内存报错 */
if(ret_int >= 1024 * 2) {
free(ret_char);
cJSON_Delete(res);
return RET_NOMEM;
}
memcpy(output, ret_char, ret_int + 1);
free(ret_char);
cJSON_Delete(res);
return RET_OK;
}
}
@ -493,10 +544,26 @@ ret_code freeauth_config_mod_proc(uint source, uint config_type,
authpara_config_json_parse_array(input, &conf_type, &freeauth_configure, &cnt);
if(input_len != sizeof(freeauth_configure_t)) {
if(input_len < sizeof(freeauth_configure_t)) {
return RET_INPUTERR;
}
printf("打印全局数组内全部元素\n");
/*打印数组内全部元素*/
for(i = 0; i < RULE_MAX_NUM; i++)
{
printf("[%d %s %d %d %d %d %d]\n", freeauth_array[i].rule_priority, freeauth_array[i].name, freeauth_array[i].sip,
freeauth_array[i].dip, freeauth_array[i].dport, freeauth_array[i].dport, i);
}
printf("打印传过来的json串\n");
for(int j = 0; j < cnt; j++)
{
printf("[%d %s %d %d %d %d %d]\n", freeauth_configure[j].rule_priority, freeauth_configure[j].name, freeauth_configure[j].sip,
freeauth_configure[j].dip, freeauth_configure[j].dport, freeauth_configure[j].dport, j);
}
/*查找要修改的免认证规则名字,不存在则退出程序 */
for(i = 0; i < RULE_MAX_NUM; i++) {
/*两个字符串相等 strcmp值为0*/
@ -590,33 +657,42 @@ ret_code freeauth_config_del_proc(uint source, uint config_type,
char *ret_char = NULL;
unsigned int ret_int = 0;
#if 0
freeauth_configure = (freeauth_configure_t *)malloc(sizeof(freeauth_configure_t));
if(freeauth_configure == NULL) {
return RET_NAMEINVAL;
}
#endif
authpara_config_json_parse_del_array(input, &conf_type, &freeauth_configure, &cnt);
if(input_len != sizeof(freeauth_configure_t)) {
if(input_len < sizeof(freeauth_configure_t)) {
return RET_INPUTERR;
}
printf("打印全局数组内全部元素\n");
/*打印数组内全部元素*/
for(i = 0; i < RULE_MAX_NUM; i++)
{
printf("[%d %s %d %d %d %d %d]\n", freeauth_array[i].rule_priority, freeauth_array[i].name, freeauth_array[i].sip,
freeauth_array[i].dip, freeauth_array[i].dport, freeauth_array[i].dport, i);
}
printf("打印传过来的json串\n");
for(int j = 0; j < cnt; j++)
{
printf("[%s %d]\n", freeauth_configure[j].name, j);
}
/*查找要修改的免认证规则名字,不存在则退出程序 */
for(i = 0; i < RULE_MAX_NUM; i++) {
/*两个字符串相等 strcmp值为0*/
for(int j = 0; j < cnt; j++) {
if(0 == strcmp(freeauth_array[i].name, freeauth_configure[j].name))
{
if(0 == strcmp(freeauth_array[i].name, freeauth_configure[j].name)) {
printf("%s %d\n",freeauth_array[i].name, i);
printf("%s %d\n",freeauth_configure[j].name, j);
printf("%s(%d) freeauth_array[%d] = %p\n", __FUNCTION__, __LINE__, i, &freeauth_array[j]);
/*数据库修改 存入全局变量*/
del_authfree(freeauth_configure[j].name, &authfree_result);
/*数据库删除 存入全局变量*/
del_authfree(freeauth_configure[j].name, &authfree_result);
#if 0
/*用户态下发到内核态auth_hook */
int r = -1;
@ -646,7 +722,8 @@ ret_code freeauth_config_del_proc(uint source, uint config_type,
/*创建json对象 */
res = cJSON_CreateObject();
if(!res) {
if(!res)
{
return RET_ERR;
}
@ -656,12 +733,14 @@ ret_code freeauth_config_del_proc(uint source, uint config_type,
ret_char = cJSON_PrintUnformatted(res);
ret_int = strlen(ret_char);
if(output_len) {
if(output_len)
{
*output_len = ret_int;
}
/*超出2k的内存报错 */
if(ret_int >= 1024 * 2) {
if(ret_int >= 1024 * 2)
{
free(ret_char);
cJSON_Delete(res);
return RET_NOMEM;

65
Platform/user/configm/config-server/web_config/config-adm/user_authfree.c
View File

@ -70,7 +70,7 @@ void add_authfree(int rule_priority, char *name, uint32_t sip, uint32_t dip, int
ret = create_database_table(AUTHFREE_DATABASE_ID, authfree_hdbc, "authfree", "create table authfree(rule_priority bigint, name character(32), sip bigint, dip bigint, dport bigint, flag bigint)");
printf("%d \n", ret);
#if 0
/*查询数据库是否存在该权限规则*/
char *select_sql = "SELECT rule_priority, name, sip, dip, dport, flag FROM `authfree` WHERE name = ?";
ret_sql = select_datebase_by_number(AUTHFREE_DATABASE_ID, authfree_hdbc, "authfree", select_sql, 1, 0, &num, 1,
@ -78,11 +78,15 @@ void add_authfree(int rule_priority, char *name, uint32_t sip, uint32_t dip, int
if(NULL != ret_sql) {
/*用户名已存在*/
printf("用户名已存在");
disconnect_database(AUTHFREE_DATABASE_ID, authfree_hdbc);
authfree_result->resultcode = RULE_EXISTED;
authfree_result->message = get_sql_ret_message(authfree_result->resultcode);
return;
} else {
}
#endif
/* 根据指定信息查询数据库的获取的结果的条目数 条目数大于10 则不能再添加 */
char *select_num = "SELECT rule_priority, name, sip, dip, dport, flag FROM `authfree`";
ret = get_select_datebase_number(AUTHFREE_DATABASE_ID, authfree_hdbc, "authfree", select_num, &num_sql, 6,
@ -97,7 +101,7 @@ void add_authfree(int rule_priority, char *name, uint32_t sip, uint32_t dip, int
if(num_sql > RULE_MAX_NUM) {
/*添加失败*/
disconnect_database(AUTHFREE_DATABASE_ID, authfree_hdbc); // ret_release记录日志
//disconnect_database(AUTHFREE_DATABASE_ID, authfree_hdbc); // ret_release记录日志
authfree_result->resultcode = RULE_ID_MAX;
authfree_result->message = get_sql_ret_message(authfree_result->resultcode);
return;
@ -116,14 +120,13 @@ void add_authfree(int rule_priority, char *name, uint32_t sip, uint32_t dip, int
if(0 != ret_add) {
/*添加失败*/
disconnect_database(AUTHFREE_DATABASE_ID, authfree_hdbc); // ret_release记录日志
//disconnect_database(AUTHFREE_DATABASE_ID, authfree_hdbc); // ret_release记录日志
authfree_result->resultcode = ADD_RULE_ERR;
authfree_result->message = get_sql_ret_message(authfree_result->resultcode);
return;
}
}
disconnect_database(AUTHFREE_DATABASE_ID, authfree_hdbc);
//disconnect_database(AUTHFREE_DATABASE_ID, authfree_hdbc);
/*存未认证权限数数组*/
for(i = 0; i < RULE_MAX_NUM; i++) {
@ -147,11 +150,20 @@ void add_authfree(int rule_priority, char *name, uint32_t sip, uint32_t dip, int
}
}
/*打印数组内全部元素*/
for(i = 0; i < RULE_MAX_NUM; i++)
{
printf("[%d %s %d %d %d %d %d]\n", freeauth_array[i].rule_priority, freeauth_array[i].name, freeauth_array[i].sip,
freeauth_array[i].dip, freeauth_array[i].dport, freeauth_array[i].dport, i);
}
/*添加成功*/
authfree_result->resultcode = ADD_RULE_OK;
authfree_result->message = get_sql_ret_message(authfree_result->resultcode);
}
/*修改未认证权限*/
void mod_authfree(int rule_priority, char *name, uint32_t sip, uint32_t dip, int dport, int flag, authfree_result_t *authfree_result)
{
@ -181,6 +193,7 @@ void mod_authfree(int rule_priority, char *name, uint32_t sip, uint32_t dip, int
ret = create_database_table(AUTHFREE_DATABASE_ID, authfree_hdbc, "authfree", "create table authfree(name character(32), sip bigint, dip bigint, dport bigint)");
printf("%d \n", ret);
#if 0
/*查询数据库是否存在该权限规则*/
char *select_sql = "SELECT name, sip, dip, dport FROM `authfree`WHERE name = ?";
ret_sql = select_datebase_by_number(AUTHFREE_DATABASE_ID, authfree_hdbc, "authfree", select_sql, 1, 0, &num, 1,
@ -193,6 +206,9 @@ void mod_authfree(int rule_priority, char *name, uint32_t sip, uint32_t dip, int
authfree_result->message = get_sql_ret_message(authfree_result->resultcode);
return;
} else {
}
#endif
/*修改authfree表中内部源IP地址、目的IP地址、目的端口号 未认证权限名称不能修改 */
char *modfree_sql = "UPDATE `authfree` SET rule_priority = ?, sip = ?, dip = ?, dport = ? ,flag = ? WHERE name = ?";
ret_mod = update_database(AUTHFREE_DATABASE_ID, authfree_hdbc, DB_OP_UPDATE, AUTHFREE_TABLE, modfree_sql, 6,
@ -206,14 +222,13 @@ void mod_authfree(int rule_priority, char *name, uint32_t sip, uint32_t dip, int
if(0 != ret_mod) {
/*修改失败*/
disconnect_database(AUTHFREE_DATABASE_ID, authfree_hdbc); // ret_release记录日志
//disconnect_database(AUTHFREE_DATABASE_ID, authfree_hdbc); // ret_release记录日志
authfree_result->resultcode = MOD_RULE_ERR;
authfree_result->message = get_sql_ret_message(authfree_result->resultcode);
return;
}
}
disconnect_database(AUTHFREE_DATABASE_ID, authfree_hdbc);
//disconnect_database(AUTHFREE_DATABASE_ID, authfree_hdbc);
/*修改对应未认证权限数数组*/
for(i = 0; i < RULE_MAX_NUM; i++) {
@ -231,15 +246,13 @@ void mod_authfree(int rule_priority, char *name, uint32_t sip, uint32_t dip, int
}
}
#if 0
/*打印数组内全部元素*/
for(i = 0; i < RULE_MAX_NUM; i++) {
printf("%s %d %d %d %d\n", freeauth_array[i].name, freeauth_array[i].sip, freeauth_array[i].dip, freeauth_array[i].dport, i);
for(i = 0; i < RULE_MAX_NUM; i++)
{
printf("[%d %s %d %d %d %d %d]\n", freeauth_array[i].rule_priority, freeauth_array[i].name, freeauth_array[i].sip,
freeauth_array[i].dip, freeauth_array[i].dport, freeauth_array[i].dport, i);
}
#endif
/*修改成功*/
authfree_result->resultcode = MOD_RULE_OK;
authfree_result->message = get_sql_ret_message(authfree_result->resultcode);
@ -275,32 +288,38 @@ void del_authfree(char *name, authfree_result_t *authfree_result)
ret = create_database_table(AUTHFREE_DATABASE_ID, authfree_hdbc, "authfree", "create table authfree(name character(32), sip bigint, dip bigint, dport bigint)");
printf("%d \n", ret);
#if 0
/*查询数据库是否存在该权限规则*/
char *select_sql = "SELECT rule_priority, name, sip, dip, dport, flag FROM `authfree`WHERE name = ?";
ret_sql = select_datebase_by_number(AUTHFREE_DATABASE_ID, authfree_hdbc, "authfree", select_sql, 1, 0, &num, 1,
DB_DATA_STRING_TYPE, strlen(name) + 1, name);
if(NULL == ret_sql) {
/*未认证权限用户名不存在*/
authfree_result->resultcode = RULE_NOT_FOUNT;
authfree_result->message = get_sql_ret_message(authfree_result->resultcode);
return;
} else {
}
#endif
/*删除authfree表中未认证权限名称、内部源IP地址、目的IP地址、目的端口号 */
char *delfree_sql = "DELETE FROM authfree WHERE name = ?";
int ret_del = update_database(AUTHFREE_DATABASE_ID, authfree_hdbc, DB_OP_DEL, AUTHFREE_TABLE, delfree_sql, 1,
ret_del = update_database(AUTHFREE_DATABASE_ID, authfree_hdbc, DB_OP_DEL, AUTHFREE_TABLE, delfree_sql, 1,
DB_DATA_STRING_TYPE, strlen(name) + 1, name);
printf("the value of ret:%d\n", ret_del);
if(0 != ret_del) {
disconnect_database(AUTHFREE_DATABASE_ID, authfree_hdbc); // ret_release记录日志
//disconnect_database(AUTHFREE_DATABASE_ID, authfree_hdbc); // ret_release记录日志
authfree_result->resultcode = DEL_RULE_ERR; /*删除失败*/
authfree_result->message = get_sql_ret_message(authfree_result->resultcode);
return;
}
}
disconnect_database(AUTHFREE_DATABASE_ID, authfree_hdbc);
//disconnect_database(AUTHFREE_DATABASE_ID, authfree_hdbc);
/*修改对应未认证权限数数组*/
for(i = 0; i < RULE_MAX_NUM; i++) {
@ -314,17 +333,9 @@ void del_authfree(char *name, authfree_result_t *authfree_result)
}
}
#if 0
/*打印数组内全部元素*/
for(i = 0; i < RULE_MAX_NUM; i++) {
printf("[%d %s %d %d %d %d %d]\n", freeauth_array[i].rule_priority, freeauth_array[i].name, freeauth_array[i].sip,
freeauth_array[i].dip, freeauth_array[i].dport, freeauth_array[i].dport, i);
}
#endif
/*删除成功*/
authfree_result->resultcode = DEL_RUL_OK;
authfree_result->message = get_sql_ret_message(authfree_result->resultcode);
}

7
Platform/user/configm/config-server/web_config/config-adm/user_authpara.c
View File

@ -14,11 +14,12 @@
extern auth_parameters_t *auth_para;
char * mes[]={"ADDSUCCESS", "ADDFAILURE"};
char * mes[]={"mod success", "mod failure"};
/*前端type类型只有修改修改数据库中的内容返回值为code message——修改成功 修改失败*/
void mod_authpara(int port, int timehorizon, int failcount, int locktime, int aging_time, configure_result_t *configure_result)
{
authparInit();
void * authpara_hdbc;
char * ret_sql = NULL;
int ret;
@ -67,13 +68,13 @@ void mod_authpara(int port, int timehorizon, int failcount, int locktime, int ag
printf("the value of ret:%d\n", ret);
if(0 != ret)
{
disconnect_database(AUTHPARA_DATABASE_ID , authpara_hdbc); // ret_release记录日志
//disconnect_database(AUTHPARA_DATABASE_ID , authpara_hdbc); // ret_release记录日志
configure_result->resultcode = 1;
configure_result->message = mes[configure_result->resultcode];
return;
}
disconnect_database(AUTHPARA_DATABASE_ID , authpara_hdbc);
//disconnect_database(AUTHPARA_DATABASE_ID , authpara_hdbc);
/*存全局变量*/
auth_para->port = port;