#include "../include/parsefile.h" #include "../include/configm.h" #include "../../../netlink_uapi/libnetlinku.h" #include "rpc.h" #include "authfree.h" #include "auth_parameters.h" #include #include "s2j/s2j.h" #include "commuapinl.h" #include "../Platform/common/database/database.h" #include "include/user_authfree.h" #include "config_manager.h" /*定义结构体数组 存在免认证规则 */ freeauth_configure_t freeauth_array[RULE_MAX_NUM] = {0}; #define UNAMESIZE (127 + 1) #define SPECHAR(element) (strpbrk((element), "~!@#$%^&*()_+{}|:\"<>?\\,./;\'[]-=`")) //校验特殊字符 #ifdef FREEAUTH_ACK_COOKIES #define CFG_FREEAUTH_ACK_COOKIES #endif /* 判断IPv4格式是否正确*/ int isIpV4Addr(const char *ipAddr) { int ip_part_1 = 0; int ip_part_2 = 0; int ip_part_3 = 0; int ip_part_4 = 0; char end_char = 0; if ((NULL == ipAddr) || (0 == strlen(ipAddr))) { return -1; } if (4 == sscanf(ipAddr, "%d.%d.%d.%d%c", &ip_part_1, &ip_part_2, &ip_part_3, &ip_part_4, &end_char)) { if ((ip_part_1 >= 0) && (ip_part_1 <= 255) && (ip_part_2 >= 0) && (ip_part_2 <= 255) && (ip_part_3 >= 0) && (ip_part_3 <= 255) && (ip_part_4 >= 0) && (ip_part_4 <= 255)) { return 0; } } return -1; } /*下发配置到内核态 */ int set_freeauthcfg_waitack(freeauth_configure_t *struct_freeauth) { int freeauth_len = 0; struct nlmsghdr *ack = NULL; struct nlmsghdr **answer = &ack; struct { struct nlmsghdr n; char buf[1024]; } req = { .n.nlmsg_len = NLMSG_LENGTH(0), #ifdef CFG_FREEAUTH_ACK_COOKIES .n.nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK, /*set NLM_F_ACK:use kernel auto ack*/ #else .n.nlmsg_flags = NLM_F_REQUEST, /*not use kernel auto ack */ #endif .n.nlmsg_type = FREEAUTH_CFG, .n.nlmsg_pid = getpid(), }; /*判断要发送的数据是否为NULL,不为NULL,打印出来 */ if (struct_freeauth == NULL) { printf("set_freeauthcfg_waitack is error: input struct_freeauth is NULL.\r\n"); return -1; } else { char str[32]; memset(str, 0, 32); inet_ntop(AF_INET, (void *)&struct_freeauth->sip, str, 32); char *sip_addr = str; char dtr[32]; memset(dtr, 0, 32); inet_ntop(AF_INET, (void *)&struct_freeauth->dip, dtr, 32); char *dip_addr = dtr; printf("set_freeauthcfg_waitack :name %s sip %s dip %s dport %d\n", struct_freeauth->name, sip_addr, dip_addr, struct_freeauth->dport); } /*计算需要发送的数据的长度 */ freeauth_len = sizeof(freeauth_configure_t); /*可选属性 */ commnl_addattr_l(&req.n, sizeof(req), 1, struct_freeauth, freeauth_len); /*发送组装好的netlink消息 */ if (pdeliv_talk(1, &req.n, answer) < 0) { printf("set_user_freeauth_waitack rcv ack msg faild.\r\n"); return -2; } else { printf("set_user_freeauth_waitack rcv ack msg success.\r\n"); } if (*answer != NULL) { printf("set_user_freeauth_waitack rcv answer.\r\n"); } else { printf("set_user_freeauth_waitack rcv answer error.\r\n"); return -3; } #ifdef CFG_FREEAUTH_ACK_COOKIES /*recv answer*/ if ((*answer)->nlmsg_type == NLMSG_ERROR) { nl_debugfs_extack(*answer); } #else /*recv answer*/ if ((*answer)->nlmsg_type == FREEAUTH_CFG) { nl_debugfs(*answer); } #endif return 0; } /* 判断免认证规则格式 iuput格式:{"type": 0, "data": {"name": "armink","sip": 1027824,"dip": 103427824,"dport": 24}}*/ ret_code freeauth_config_json_parse(pointer input, uint *conf_type, freeauth_configure_t *freeauth_buff) { char *pString = (char *)input; ret_code ret = RET_OK; cJSON *cjson, *type, *data; printf("json:[%s]\n", pString); /*JSON字符串到JSON格式 */ cjson = cJSON_Parse(pString); if (!cjson) { ret = RET_INPUTERR; ASSERT_RET(ret); return ret; } /*获取操作类型 add、mod、del */ type = cJSON_GetObjectItem(cjson, "type"); if (!type) { ret = RET_INPUTERR; cJSON_Delete(cjson); return ret; } *conf_type = type->valueint; /*获取免认证规则的data部分 */ data = cJSON_GetObjectItem(cjson, "data"); if (!data) { ret = RET_INPUTERR; cJSON_Delete(cjson); return ret; } /*创建freeauth_configure_t结构体对象 */ s2j_create_struct_obj(struct_freeauth, freeauth_configure_t); if (struct_freeauth == NULL) { cJSON_Delete(cjson); return RET_NOMEM; } /*反序列化数据到freeauth_configure_t结构体对象 */ s2j_struct_get_basic_element(struct_freeauth, data, string, name); s2j_struct_get_basic_element(struct_freeauth, data, int, sip); s2j_struct_get_basic_element(struct_freeauth, data, int, dip); s2j_struct_get_basic_element(struct_freeauth, data, int, dport); memcpy(freeauth_buff->name, struct_freeauth->name, sizeof(char) * 32); freeauth_buff->sip = struct_freeauth->sip; freeauth_buff->dip = struct_freeauth->dip; freeauth_buff->dport = struct_freeauth->dport; cJSON_Delete(cjson); return RET_OK; } /*chk data格式 */ ret_code freeauth_config_chk(uint source, uint *config_type, pointer input, int *input_len, pointer output, int *output_len) { ret_code ret = RET_OK; return ret; } ret_code freeauth_config_add_proc(uint source, uint config_type, pointer input, int input_len, pointer output, int *output_len) { ret_code ret = RET_OK; freeauth_configure_t *freeauth_configure; freeauth_configure = (freeauth_configure_t *)input; char str[32] = {0}; char dtr[32] = {0}; cJSON *res; char *ret_char = NULL; unsigned int ret_int = 0; authfree_result_t *authfree_result; int i; if((input_len < sizeof(freeauth_configure_t)) || (input_len > sizeof(freeauth_configure_t))) { ret = RET_INPUTERR; return ret; } /*校验用户名长度 特殊字符等*/ if (NULL == freeauth_configure->name || (UNAMESIZE) < strlen(freeauth_configure->name) || 0 >= strlen(freeauth_configure->name)) { ret = RET_INPUTERR; return ret; } /* 校验用户名中不含特殊字符 */ if (SPECHAR(freeauth_configure->name)) { ret = RET_INPUTERR; return ret; } /*校验源IP地址是否符合格式*/ memset(str, 0, 32); inet_ntop(AF_INET, (void *)&freeauth_configure->sip, str, 32); char *sip_addr = str; if (isIpV4Addr(sip_addr) < 0) { ret = RET_IPINVALID; return ret; } /*校验目的IP地址是否符合格式*/ memset(dtr, 0, 32); inet_ntop(AF_INET, (void *)&freeauth_configure->dip, dtr, 32); char *dip_addr = dtr; if (isIpV4Addr(dip_addr) < 0) { ret = RET_IPINVALID; return ret; } if ((freeauth_configure->dport < DPORT_MIN_NUM) && (freeauth_configure->dport > DPORT_MAX_NUM)) { ret = RET_IPINVALID; /*先用IPVAILD表示,后面加PORTVAILD */ return ret; } /*查找要增加的未认证权限是否重名 该名字已存在 则退出程序 */ for (i = 0; i < RULE_MAX_NUM; i++) { /*两个字符串相等 strcmp值为0*/ if (0 == strcmp(freeauth_array[i].name, freeauth_configure->name)) { printf("%s(%d) freeauth_array[%d] = %p\n", __FUNCTION__, __LINE__, i, &freeauth_array[i]); return RET_NOTFOUND; } else { printf("%s(%d) freeauth_array[%d] = %p\n", __FUNCTION__, __LINE__, i, &freeauth_array[i]); } } /*数据库修改 存入全局变量*/ authfree_result = (authfree_result_t *)malloc(sizeof(authfree_result_t)); if (NULL == authfree_result) { return RET_NOMEM; } add_authfree(freeauth_configure->name, freeauth_configure->sip, freeauth_configure->dip, freeauth_configure->dport, authfree_result); #if 0 /*用户态下发到内核态auth_hook */ int r = -1; printf("cfgchannel main begin:\r\n"); /*创建通道 */ r = commcfgnl_open(); if(r < 0) { printf(" pdlivnl_open fail, exit.\r\n"); return RET_ERR; } /*下发配置到内核态 */ r = set_freeauthcfg_waitack(freeauth_configure); if(r < 0) { printf("set_cfg_debug_waitack failed.\r\n"); return RET_ERR; } /*关闭netlink通道 */ commcfgnl_close(); printf("cfgchannel main exit!\r\n"); #endif /*创建json对象 */ res = cJSON_CreateObject(); if (!res) { free(freeauth_configure); ret = RET_ERR; return ret; } /*将json对象转换成json字符串 返回处理结果*/ cJSON_AddNumberToObject(res, "resultcode", authfree_result->resultcode); cJSON_AddStringToObject(res, "message", authfree_result->message); ret_char = cJSON_PrintUnformatted(res); ret_int = strlen(ret_char); if (output_len) { *output_len = ret_int; } /*超出2k的内存,报错 */ if (ret_int >= 1024 * 2) { free(ret_char); cJSON_Delete(res); return RET_NOMEM; } memcpy(output, ret_char, ret_int + 1); free(ret_char); cJSON_Delete(res); return RET_OK; } ret_code freeauth_config_mod_proc(uint source, uint config_type, pointer input, int input_len, pointer output, int *output_len) { freeauth_configure_t *freeauth_configure; freeauth_configure = (freeauth_configure_t *)input; ret_code ret = RET_OK; cJSON *res; char *ret_char = NULL; unsigned int ret_int = 0; int i; authfree_result_t *authfree_result; if ((input_len < sizeof(freeauth_configure_t)) || (input_len > sizeof(freeauth_configure_t))) { ret = RET_INPUTERR; return ret; } /*查找要修改的免认证规则名字,不存在则退出程序 */ for (i = 0; i < RULE_MAX_NUM; i++) { /*两个字符串相等 strcmp值为0*/ if (0 == strcmp(freeauth_array[i].name, freeauth_configure->name)) { printf("%s(%d) freeauth_array[%d] = %p\n", __FUNCTION__, __LINE__, i, &freeauth_array[i]); /*数据库修改 存入全局变量*/ authfree_result = (authfree_result_t *)malloc(sizeof(authfree_result_t)); if (NULL == authfree_result) { return RET_NOMEM; } mod_authfree(freeauth_configure->name, freeauth_configure->sip, freeauth_configure->dip, freeauth_configure->dport, authfree_result); #if 0 /*用户态下发到内核态auth_hook */ int r = -1; printf("cfgchannel main begin:\r\n"); /*创建通道 */ r = commcfgnl_open(); if(r < 0) { printf(" pdlivnl_open fail, exit.\r\n"); return RET_ERR; } /*下发配置到内核态 */ r = set_freeauthcfg_waitack(freeauth_configure); if(r < 0) { printf("set_cfg_debug_waitack failed.\r\n"); return RET_ERR; } /*关闭netlink通道 */ commcfgnl_close(); printf("cfgchannel main exit!\r\n"); #endif /*创建json对象 */ res = cJSON_CreateObject(); if (!res) { ret = RET_ERR; return ret; } /*将json对象转换成json字符串 返回处理结果*/ cJSON_AddNumberToObject(res, "resultcode", authfree_result->resultcode); cJSON_AddStringToObject(res, "message", authfree_result->message); ret_char = cJSON_PrintUnformatted(res); ret_int = strlen(ret_char); if (output_len) { *output_len = ret_int; } /*超出2k的内存,报错 */ if (ret_int >= 1024 * 2) { free(ret_char); cJSON_Delete(res); return RET_NOMEM; } memcpy(output, ret_char, ret_int + 1); free(ret_char); cJSON_Delete(res); return RET_OK; } } } ret_code freeauth_config_del_proc(uint source, uint config_type, pointer input, int input_len, pointer output, int *output_len) { ret_code ret = RET_OK; freeauth_configure_t *freeauth_configure; freeauth_configure = (freeauth_configure_t *)input; cJSON *res; char *ret_char = NULL; unsigned int ret_int = 0; int i; authfree_result_t *authfree_result; if((input_len < sizeof(freeauth_configure_t)) || (input_len > sizeof(freeauth_configure_t))) { ret = RET_INPUTERR; return ret; } /*查找要删除的免认证规则名字,不存在则退出程序 */ for (i = 0; i < RULE_MAX_NUM; i++) { /*两个字符串相等 strcmp值为0*/ if (0 == strcmp(freeauth_array[i].name, freeauth_configure->name)) { printf("%s(%d) freeauth_array[%d] = %p\n", __FUNCTION__, __LINE__, i, &freeauth_array[i]); /*数据库修改 存入全局变量*/ authfree_result = (authfree_result_t *)malloc(sizeof(authfree_result_t)); if (NULL == authfree_result) { return RET_NOMEM; } del_authfree(freeauth_configure->name, freeauth_configure->sip, freeauth_configure->dip, freeauth_configure->dport, authfree_result); #if 0 /*用户态下发到内核态auth_hook */ int r = -1; printf("cfgchannel main begin:\r\n"); /*创建通道 */ r = commcfgnl_open(); if(r < 0) { printf(" pdlivnl_open fail, exit.\r\n"); return RET_ERR; } /*下发配置到内核态 */ r = set_freeauthcfg_waitack(freeauth_configure); if(r < 0) { printf("set_cfg_debug_waitack failed.\r\n"); return RET_ERR; } /*关闭netlink通道 */ commcfgnl_close(); printf("cfgchannel main exit!\r\n"); #endif /*创建json对象 */ res = cJSON_CreateObject(); if (!res) { free(freeauth_configure); ret = RET_ERR; return ret; } /*将json对象转换成json字符串 返回处理结果*/ cJSON_AddNumberToObject(res, "resultcode", authfree_result->resultcode); cJSON_AddStringToObject(res, "message", authfree_result->message); ret_char = cJSON_PrintUnformatted(res); ret_int = strlen(ret_char); if (output_len) { *output_len = ret_int; } /*超出2k的内存,报错 */ if (ret_int >= 1024 * 2) { free(ret_char); cJSON_Delete(res); return RET_NOMEM; } memcpy(output, ret_char, ret_int + 1); free(ret_char); cJSON_Delete(res); return RET_OK; } } } ret_code freeauth_config_proc(uint source, uint config_type, pointer input, int input_len, pointer output, int *output_len) { ret_code ret = RET_OK; freeauth_configure_t freeauth_configure = {0}; int config_len = sizeof(freeauth_configure_t); uint conf_type = FREEAUTH_CONFIG_GET; char *ret_char = NULL; unsigned int ret_int = 0; int r = -1; cJSON *res; int code = 0; freeauth_config_json_parse(input, &conf_type, &freeauth_configure); rpc_log_info("config type is %d, name %s sip %d dip %d dport %d\n", conf_type, freeauth_configure.name, freeauth_configure.sip, freeauth_configure.dip, freeauth_configure.dport); switch (conf_type) { case FREEAUTH_CONFIG_ADD: ret = freeauth_config_add_proc(source, conf_type, &freeauth_configure, input_len, output, output_len); break; case FREEAUTH_CONFIG_MOD: ret = freeauth_config_mod_proc(source, conf_type, &freeauth_configure, input_len, output, output_len); break; case FREEAUTH_CONFIG_DEL: ret = freeauth_config_del_proc(source, conf_type, &freeauth_configure, input_len, output, output_len); break; default: ret = RET_NOTSUPPORT; } return RET_OK; }