#include "../include/parsefile.h" #include "../include/configm.h" #include "../../../netlink_uapi/libnetlinku.h" #include "../../../../common/rpc/rpc.h" #include "authfree.h" #include #include "../../../../../Common/s2j/s2j.h" #include "../../../../../Common/commuapinl.h" #include "auth_parameters.h" /*定义结构体 存认证参数*/ auth_parameters_t *auth_para; #ifdef AGINGTIME_ACK_COOKIES #define CFG_AGINGTIME_ACK_COOKIES #endif /*全局变量初始化 失败为1 成功为0*/ int authparInit() { auth_para = (auth_parameters_t *)malloc(sizeof(auth_parameters_t)); if (NULL == auth_para) { return 1; } return 0; } /*下发用户老化时间配置到内核态 */ int set_agingtimecfg_waitack(int *agingtime) { int agingtime_len = 0; struct nlmsghdr *ack = NULL; struct nlmsghdr **answer = &ack; struct{ struct nlmsghdr n; char buf[1024]; } req ={ .n.nlmsg_len = NLMSG_LENGTH(0), #ifdef CFG_AGINGTIME_ACK_COOKIES .n.nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK,/*set NLM_F_ACK:use kernel auto ack*/ #else .n.nlmsg_flags = NLM_F_REQUEST, /*not use kernel auto ack */ #endif .n.nlmsg_type = AGINGTIME_CFG, /*用户态发送给内核态的用户老化时间消息 */ .n.nlmsg_pid = getpid(), }; /*判断要发送的数据是否为NULL,不为NULL,打印出来 */ if (agingtime == NULL) { printf("set_agingtimecfg_waitack is error: input struct_agingtime is NULL.\r\n"); return -1; }else { printf("set_freeauthcfg_waitack :agingtime %d\n", *agingtime); } /*计算需要发送的数据的长度 */ agingtime_len = sizeof(int); printf("%d\n", agingtime_len); /*可选属性 */ commnl_addattr_l(&req.n, sizeof(req), 1, agingtime, agingtime_len); /*发送组装好的netlink消息 */ if(pdeliv_talk(1, &req.n, answer) < 0) { printf("set_user_agingtime_waitack rcv ack msg faild.\r\n"); return -2; } else { printf("set_user_agingtime_waitack rcv ack msg success.\r\n"); } if(*answer != NULL) { printf("set_user_agingtime_waitack rcv answer.\r\n"); } else{ printf("set_user_agingtime_waitack rcv answer error.\r\n"); return -3; } #ifdef CFG_AGINGTIME_ACK_COOKIES /*recv answer*/ if((*answer)->nlmsg_type == NLMSG_ERROR){ nl_debugfs_extack(*answer); } #else /*recv answer*/ if((*answer)->nlmsg_type == AGINGTIME_CFG) { nl_debugfs(*answer); } #endif return 0; } /*检查IP地址是否有效,端口号是否被占用 */ int _valid_ipv4_port(const char *str, int port) { int ret; int fd; int i; volatile int local_errno; struct sockaddr_in addr; fd = socket(AF_INET,SOCK_STREAM,0); /*初始化*/ if(fd ==-1) /*检查是否正常初始化socket */ { return -1; } errno = 0; local_errno = errno; ret = inet_pton(AF_INET, str ,&addr.sin_addr); printf("the value of ret is:%d\n",ret); if(ret > 0) { fprintf(stderr, "\"%s\" is a vaild IPv4 address\n", str); addr.sin_family = AF_INET; /*地址结构的协议簇 */ addr.sin_port=htons(port); /*地址结构的端口地址,网络字节序 */ printf("the value of str:%s\n", str); i = (bind(fd, (struct sockaddr*)&addr, sizeof(struct sockaddr))); printf("the value of i:%d\n", i); if( i < 0) { printf("port %d has been used. \n", port); close(fd); return -1; } printf("port %d is ok. \n", port); close(fd); return 0; } else if (ret < 0) { fprintf(stderr, "EAFNOSUPPORT: %s\n", strerror(local_errno)); close(fd); return -1; } else { fprintf(stderr, "\"%s\" is not a vaild IPv4 address\n", str); close(fd); return -1; } } /* iuput格式:{"type": 0, "data": {"ip": 1028737217,"port": 1010,"timehorizon": 10,"failcount": 20,"locktime":30, "aging_time":10}}*/ ret_code authpara_config_json_parse(pointer input, uint *conf_type, auth_parameters_t *authpara_buff) { ret_code ret = RET_OK; cJSON *cjson, *type, *data; /*JSON字符串到JSON格式 */ cjson = cJSON_Parse(input); if(!cjson) { ret = RET_INPUTERR; ASSERT_RET(ret); return ret; } /*获取操作类型 add、mod、del */ type = cJSON_GetObjectItem(cjson, "type"); if(!type) { ret = RET_INPUTERR; cJSON_Delete(cjson); return ret; } *conf_type = type->valueint; /*获取免认证规则的data部分 */ data = cJSON_GetObjectItem(cjson, "data"); if(!data) { ret = RET_INPUTERR; cJSON_Delete(cjson); cJSON_Delete(type); return ret; } /*创建freeauth_configure_t结构体对象 */ s2j_create_struct_obj(auth_parameters, auth_parameters_t); if(auth_parameters == NULL) { cJSON_Delete(cjson); cJSON_Delete(type); cJSON_Delete(data); return RET_NOMEM; } /*反序列化数据到freeauth_configure_t结构体对象 */ s2j_struct_get_basic_element(auth_parameters, data, int, ip); s2j_struct_get_basic_element(auth_parameters, data, int, port); s2j_struct_get_basic_element(auth_parameters, data, int, timehorizon); s2j_struct_get_basic_element(auth_parameters, data, int, failcount); s2j_struct_get_basic_element(auth_parameters, data, int, locktime); s2j_struct_get_basic_element(auth_parameters, data, int, aging_time); authpara_buff->ip = auth_parameters->ip; authpara_buff->port = auth_parameters->port; authpara_buff->timehorizon = auth_parameters->timehorizon; authpara_buff->failcount = auth_parameters->failcount; authpara_buff->locktime = auth_parameters->locktime; authpara_buff->aging_time = auth_parameters->aging_time; s2j_delete_struct_obj(auth_parameters); cJSON_Delete(cjson); cJSON_Delete(type); cJSON_Delete(data); return RET_OK; } /*检查增加的参数格式是否正确 */ ret_code authpara_config_add_chk(uint source,uint config_type, pointer input, int input_len, pointer output, int *output_len) { ret_code ret = RET_OK; auth_parameters_t *auth_parameters; auth_parameters = (auth_parameters_t *)input; char str[32] = {0}; if((input_len < sizeof(auth_parameters_t)) || (input_len > sizeof(auth_parameters_t))) { ret = RET_INPUTERR; return ret; } /*判断IP地址格式是否正确、端口号是否被占用*/ memset(str, 0, 32); inet_ntop(AF_INET, (void *)&auth_parameters->ip, str, 32); char *ip_addr = str; if( (_valid_ipv4_port(ip_addr, auth_parameters->port)) < 0 ) { free(auth_parameters); ret = RET_ERR; return ret; } /*配置的用户失败次数如果小于0,则配置错误 */ if(auth_parameters->failcount < FAIL_MIN_NUM ) { free(auth_parameters); printf("userlock configure error\n"); ret = RET_ERR; return ret; } /*配置的用户锁定时间如果小于0,则配置错误 */ if(auth_parameters->locktime < LOCK_MIN_TIME ) { free(auth_parameters); printf("locktime configure error\n"); ret = RET_ERR; return ret; } /*配置的用户认证时间范围如果小于0,则配置错误 */ if(auth_parameters->timehorizon < HORIZON_MIN_VALUE ) { free(auth_parameters); printf("timehorizon configure error\n"); ret = RET_ERR; return ret; } free(auth_parameters); return RET_OK; } /*修改认证参数 */ ret_code authpara_config_mod_chk(uint source,uint config_type, pointer input, int input_len, pointer output, int *output_len) { ret_code ret = RET_OK; auth_parameters_t *auth_parameters; auth_parameters = (auth_parameters_t *)input; if((input_len < sizeof(auth_parameters_t)) || (input_len > sizeof(auth_parameters_t))) { ret = RET_INPUTERR; return ret; } /*判断认证参数是否存在*/ if(NULL == auth_para) { ret = RET_ERR; return ret; } return RET_OK; } /*chk data格式 */ ret_code authpara_config_chk(uint source,uint *config_type, pointer input, int *input_len, pointer output, int *output_len) { ret_code ret = RET_OK; auth_parameters_t auth_parameters = {0}; int config_len = sizeof(auth_parameters_t); uint conf_type = AUTHPARA_CONFIG_GET; int code = 0; authpara_config_json_parse(input, &conf_type, &auth_parameters); switch (conf_type) { case AUTHPARA_CONFIG_ADD: ret = authpara_config_add_chk(source, conf_type, &auth_parameters, config_len, output, output_len); break; case AUTHPARA_CONFIG_MOD: ret = authpara_config_mod_chk(source, conf_type, &auth_parameters, config_len, output, output_len); break; default: ret = RET_NOTSUPPORT; } if(config_len <= CM_BUFF_SIZE) { memset(input, 0, *input_len); memcpy(input, &auth_parameters, config_len); *config_type = conf_type; *input_len = config_len; } else { ret = RET_NOMEM; } RET_ERR_FORMART(ret, code, output, *output_len); return ret; } ret_code authpara_config_add_proc(uint source, uint config_type, pointer input, int input_len, pointer output, int *output_len) { ret_code ret = RET_OK; cJSON *res; char * ret_char = NULL; unsigned int ret_int = 0; auth_parameters_t *auth_parameters; auth_parameters = (auth_parameters_t *)input; int r = -1; /*增加数据库*/ /*存入全局变量*/ /*用户态下发到内核态auth_hook */ printf("cfgchannel main begin:\r\n"); /*创建通道 */ r = commcfgnl_open(); if(r < 0) { printf(" pdlivnl_open fail, exit.\r\n"); return RET_ERR; } /*下发配置到内核态 */ r = set_agingtimecfg_waitack(&(auth_parameters->aging_time)); if(r < 0) { printf("set_cfg_debug_waitack failed.\r\n"); return RET_ERR; } /*关闭netlink通道 */ commcfgnl_close(); printf("cfgchannel main exit!\r\n"); /*创建json对象 */ res = cJSON_CreateObject(); if(!res) { free(auth_parameters); ret = RET_ERR; return ret; } /*将json对象转换成json字符串 返回处理结果*/ cJSON_AddNumberToObject(res, "result", r); ret_char = cJSON_PrintUnformatted(res); ret_int = strlen(ret_char); if(output_len) { *output_len = ret_int; } /*超出2k的内存,报错 */ if(ret_int >= 1024 * 2) { free(auth_parameters); free(ret_char); cJSON_Delete(res); return RET_NOMEM; } memcpy(output, 0, ret_int + 1); strcpy(output, ret_char); free(ret_char); cJSON_Delete(res); free(auth_parameters); return RET_OK; } ret_code authpara_config_mod_proc(uint source, uint config_type, pointer input, int input_len, pointer output, int *output_len) { ret_code ret = RET_OK; cJSON *res; char * ret_char = NULL; unsigned int ret_int = 0; auth_parameters_t *auth_parameters; auth_parameters = (auth_parameters_t *)input; int r = -1; /*数据库修改*/ /*存入全局变量*/ /*用户态下发到内核态auth_hook */ printf("cfgchannel main begin:\r\n"); /*创建通道 */ r = commcfgnl_open(); if(r < 0) { printf(" pdlivnl_open fail, exit.\r\n"); return RET_ERR; } /*下发配置到内核态 */ r = set_agingtimecfg_waitack(&(auth_parameters->aging_time)); if(r < 0) { printf("set_cfg_debug_waitack failed.\r\n"); return RET_ERR; } /*关闭netlink通道 */ commcfgnl_close(); printf("cfgchannel main exit!\r\n"); /*创建json对象 */ res = cJSON_CreateObject(); if(!res) { free(auth_parameters); ret = RET_ERR; return ret; } /*将json对象转换成json字符串 返回处理结果*/ cJSON_AddNumberToObject(res, "result", r); ret_char = cJSON_PrintUnformatted(res); ret_int = strlen(ret_char); if(output_len) { *output_len = ret_int; } /*超出2k的内存,报错 */ if(ret_int >= 1024 * 2) { free(auth_parameters); free(ret_char); cJSON_Delete(res); return RET_NOMEM; } memcpy(output, 0, ret_int + 1); strcpy(output, ret_char); free(ret_char); cJSON_Delete(res); free(auth_parameters); return RET_OK; } ret_code authpara_config_proc(uint source, uint config_type, pointer input, int input_len, pointer output, int *output_len) { uint conf_type = config_type; ret_code ret = RET_OK; auth_parameters_t conf_buff = {0}; auth_parameters_t *auth_parameters = &conf_buff; cJSON *res; char * ret_char = NULL; unsigned int ret_int = 0; auth_parameters = (auth_parameters_t *)input; rpc_log_info("config type is %d, ip %d port %d timehorizon %d failcount %d locktime %d aging_time %d\n", conf_type, auth_parameters->ip, auth_parameters->port, auth_parameters->timehorizon, auth_parameters->failcount, auth_parameters->locktime, auth_parameters->aging_time); switch (conf_type) { case AUTHPARA_CONFIG_ADD: ret = authpara_config_add_proc(source, conf_type, &auth_parameters, input_len, output, output_len); break; case AUTHPARA_CONFIG_MOD: ret = authpara_config_mod_proc(source, conf_type, &auth_parameters, input_len, output, output_len); break; default: ret = RET_NOTSUPPORT; } return RET_OK; }