#include "../include/parsefile.h" #include "../include/configm.h" #include "../../../netlink_uapi/libnetlinku.h" #include "../../../../common/rpc/rpc.h" #include "../include/authfree.h" #include #include "../../../../../Common/s2j/s2j.h" #include "../../../../../Common/commuapinl.h" #ifdef FREEAUTH_ACK_COOKIES #define CFG_FREEAUTH_ACK_COOKIES #endif /*全局变量,存放用户信息 */ freeauth_configure_t *localuser; /*全局变量初始化 失败为1 成功为0*/ int authfreeInit(freeauth_configure_t *localuser) { localuser = (freeauth_configure_t *)malloc(sizeof * localuser); if (NULL == localuser) { return 1; } return 0; } /* 判断IPv4格式是否正确*/ int isIpV4Addr(const char *ipAddr) { int ip_part_1 = 0; int ip_part_2 = 0; int ip_part_3 = 0; int ip_part_4 = 0; char end_char = 0; if((NULL == ipAddr) || (0 == strlen(ipAddr))) { return -1; } if(4 == sscanf(ipAddr,"%d.%d.%d.%d%c",&ip_part_1,&ip_part_2,&ip_part_3,&ip_part_4,&end_char)) { if((ip_part_1 >= 0) && (ip_part_1 <= 255) && (ip_part_2 >= 0) && (ip_part_2 <= 255) && (ip_part_3 >= 0) && (ip_part_3 <= 255) && (ip_part_4 >= 0) && (ip_part_4 <= 255) ) { return 0; } } return -1; } /*下发配置到内核态 */ int set_freeauthcfg_waitack(freeauth_configure_t *struct_freeauth) { int freeauth_len = 0; struct nlmsghdr *ack = NULL; struct nlmsghdr **answer = &ack; struct{ struct nlmsghdr n; char buf[1024]; } req ={ .n.nlmsg_len = NLMSG_LENGTH(0), #ifdef CFG_FREEAUTH_ACK_COOKIES .n.nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK,/*set NLM_F_ACK:use kernel auto ack*/ #else .n.nlmsg_flags = NLM_F_REQUEST, /*not use kernel auto ack */ #endif .n.nlmsg_type = FREEAUTH_CFG, .n.nlmsg_pid = getpid(), }; /*判断要发送的数据是否为NULL,不为NULL,打印出来 */ if (struct_freeauth == NULL) { printf("set_freeauthcfg_waitack is error: input struct_freeauth is NULL.\r\n"); return -1; }else { char str[32]; inet_ntop(AF_INET, (void *)&struct_freeauth->sip, str, 32); char *sip_addr = str; char dtr[32]; inet_ntop(AF_INET, (void *)&struct_freeauth->dip, dtr, 32); char *dip_addr = dtr; printf("set_freeauthcfg_waitack :name %s sip %s dip %s dport %d\n", struct_freeauth->name, sip_addr, dip_addr, struct_freeauth->dport); } /*计算需要发送的数据的长度 */ freeauth_len = sizeof(freeauth_configure_t); /*可选属性 */ commnl_addattr_l(&req.n, sizeof(req), 1, struct_freeauth, freeauth_len); /*发送组装好的netlink消息 */ if(pdeliv_talk(1, &req.n, answer) < 0) { printf("set_user_freeauth_waitack rcv ack msg faild.\r\n"); return -2; } else { printf("set_user_freeauth_waitack rcv ack msg success.\r\n"); } if(*answer != NULL) { printf("set_user_freeauth_waitack rcv answer.\r\n"); } else{ printf("set_user_freeauth_waitack rcv answer error.\r\n"); return -3; } #ifdef CFG_FREEAUTH_ACK_COOKIES /*recv answer*/ if((*answer)->nlmsg_type == NLMSG_ERROR){ nl_debugfs_extack(*answer); } #else /*recv answer*/ if((*answer)->nlmsg_type == FREEAUTH_CFG) { nl_debugfs(*answer); } #endif return 0; } /*判断免认证规则源IP地址、目的IP地址是否有效,判断端口号是否有效 */ ret_code freeauth_config_chk(uint source, uint config_type, pointer input, int input_len, pointer output, int *output_len) { ret_code ret = RET_OK; freeauth_configure_t *struct_freeauth; struct_freeauth = (freeauth_configure_t *)input; if(input_len < sizeof(freeauth_configure_t) ) { ret = RET_INPUTERR; } char str[32]; inet_ntop(AF_INET, (void *)&struct_freeauth->sip, str, 32); char *sip_addr = str; if( isIpV4Addr(sip_addr) < 0 ) { ret = RET_IPINVALID; } char dtr[32]; inet_ntop(AF_INET, (void *)&struct_freeauth->dip, dtr, 32); char *dip_addr = dtr; if( isIpV4Addr(dip_addr) < 0 ) { ret = RET_IPINVALID; } if ( (struct_freeauth->dport < DPORT_MIN_NUM) && (struct_freeauth->dport > DPORT_MAX_NUM )) { ret = RET_IPINVALID; /*先用IPVAILD表示,后面加PORTVAILD */ } ASSERT_RET(ret); return RET_OK; } /*免认证规则有效,将免认证规则通过netlink下发到内核态 */ ret_code freeauth_config_proc(uint source, uint config_type, pointer input, int input_len, pointer output, int *output_len) { ret_code ret = RET_OK; int code; freeauth_configure_t *struct_freeauth; struct_freeauth = (freeauth_configure_t *)input; char str[32]; inet_ntop(AF_INET, (void *)&struct_freeauth->sip, str, 32); char *sip_addr = str; char dtr[32]; inet_ntop(AF_INET, (void *)&struct_freeauth->dip, dtr, 32); char *dip_addr = dtr; rpc_log_info("freeauth configure: name %s sip %s dip %s dport %d\n", struct_freeauth->name,sip_addr, dip_addr, struct_freeauth->dport); /*用户态下发到内核态auth_hook */ int ret1 = -1; printf("cfgchannel main begin:\r\n"); /*创建通道 */ ret1 = commcfgnl_open(); if(ret1 < 0) { printf(" pdlivnl_open fail, exit.\r\n"); return RET_ERR; } /*下发配置到内核态 */ ret1 = set_freeauthcfg_waitack(struct_freeauth); if(ret1 < 0) { printf("set_cfg_debug_waitack failed.\r\n"); return RET_ERR; } /*关闭netlink通道 */ commcfgnl_close(); printf("cfgchannel main exit!\r\n"); /*把免认证规则的配置信息存入全局变量 */ localuser = struct_freeauth; return RET_OK; }