cmhi
/
secgateway
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
secgateway/Platform/user/configm/config-server/web_config/authfree.c

1268 lines
36 KiB
C
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#include <unistd.h>
#include <arpa/inet.h>
#include "../include/parsefile.h"
#include "../include/configm.h"
#include "../../../netlink_uapi/libnetlinku.h"
#include "rpc.h"
#include "authfree.h"
#include "auth_parameters.h"
#include <cjson/cJSON.h>
#include "s2j/s2j.h"
#include "commuapinl.h"
#include "../Platform/common/database/database.h"
#include "include/user_authfree.h"
#include "config_manager.h"
/*定义结构体数组 存在免认证规则 */
freeauth_configure_t freeauth_array[RULE_MAX_NUM] = {0};
/*存储序列号的数组*/
int rule_order[RULE_MAX_NUM] = {0};
#define SPECHAR(element) (strpbrk((element), "~!@#$%^&*()_+{}|:\"<>?\\,./;\'[]-=`")) //校验特殊字符
#ifdef FREEAUTH_ACK_COOKIES
#define CFG_FREEAUTH_ACK_COOKIES
#endif
#if 0
/* 判断IPv4格式是否正确*/
int isIpV4Addr(const char *ipAddr)
{
unsigned char buf[sizeof(struct sockaddr_in)];
if((NULL == ipAddr) || (0 == strlen(ipAddr))) {
return -1;
}
if(inet_pton(AF_INET, ipAddr, buf) == 1) {
return 0;
}
return -1;
}
#endif
/*组播报文的目的地址使用D类IP地址范围是从224.0.0.0到239.255.255.255*/
int isMulticastAddr(uint32_t address)
{
uint32_t addressInNetwork = htonl(address);
printf("%d\n", addressInNetwork);
if((addressInNetwork > 0xE00000FF) && (addressInNetwork <= 0xEFFFFFFF))
{
printf("ip is multicast\n");
return 0;
}
printf("ip is not multicast\n");
return 1;
}
/*判断ip地址是广播地址 255.255.255.255*/
int isBroadcastIpV4Addr(const char *ipAddr)
{
int ip_part_1 = 0;
int ip_part_2 = 0;
int ip_part_3 = 0;
int ip_part_4 = 0;
if((NULL == ipAddr) || (0 == strlen(ipAddr)))
{
return 0;
}
if(4 == sscanf(ipAddr,"%d.%d.%d.%d", &ip_part_1, &ip_part_2, &ip_part_3, &ip_part_4))
{
if((ip_part_1 == 255) &&(ip_part_2 == 255) &&
(ip_part_3 == 255) &&(ip_part_4 == 255))
{
printf("ip is broadcast\n");
return 1;
}
}
printf("ip is not broadcast\n");
return 0;
}
int isIpV4Addr(const char *ipAddr)
{
int dots = 0; /*字符.的个数*/
int setions = 0; /*ip每一部分总和0-255*/
printf("%s\n", ipAddr);
if(NULL == ipAddr || *ipAddr == '.') /*排除输入参数为NULL, 或者一个字符为'.'的字符串*/
{
return 1;
}
while(*ipAddr)
{
if(*ipAddr == '.')
{
dots ++;
if(setions >= 0 && setions <= 255) /*检查ip是否合法*/
{
setions = 0;
ipAddr++;
continue;
}
return 1;
}
else if(*ipAddr >= '0' && *ipAddr <= '9') /*判断是不是数字*/
{
setions = setions * 10 + (*ipAddr - '0'); /*求每一段总和*/
}
else
{
return 1;
}
ipAddr++;
}
if(setions >= 0 && setions <= 255)
{
if (dots == 3)
{
return 0;
}
}
return 1;
}
/*下发配置到内核态 */
int set_freeauthcfg_waitack(freeauth_configure_t *struct_freeauth)
{
int freeauth_len = 0;
struct nlmsghdr *ack = NULL;
struct {
struct nlmsghdr n;
char buf[1024];
} req = {
.n.nlmsg_len = NLMSG_LENGTH(0),
#ifdef CFG_FREEAUTH_ACK_COOKIES
.n.nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK, /*set NLM_F_ACKuse kernel auto ack*/
#else
.n.nlmsg_flags = NLM_F_REQUEST, /*not use kernel auto ack */
#endif
.n.nlmsg_type = FREEAUTH_CFG,
.n.nlmsg_pid = getpid(),
};
/*判断要发送的数据是否为NULL,不为NULL,打印出来 */
if(struct_freeauth == NULL) {
printf("set_freeauthcfg_waitack is error: input struct_freeauth is NULL.\r\n");
return -1;
} else {
unsigned char str[INET_ADDRSTRLEN];
unsigned char dtr[INET_ADDRSTRLEN];
memset(str, 0, INET_ADDRSTRLEN);
inet_ntop(AF_INET, (void *)&struct_freeauth->sip, str, INET_ADDRSTRLEN);
memset(dtr, 0, INET_ADDRSTRLEN);
inet_ntop(AF_INET, (void *)&struct_freeauth->dip, dtr, INET_ADDRSTRLEN);
printf("set_freeauthcfg_waitack :name %s sip %s dip %s dport %d\n",
struct_freeauth->name, str, dtr,
struct_freeauth->dport);
}
/*计算需要发送的数据的长度 */
freeauth_len = sizeof(freeauth_configure_t);
/*可选属性 */
commnl_addattr_l(&req.n, sizeof(req), 1, struct_freeauth, freeauth_len);
/*发送组装好的netlink消息 */
if(pdeliv_talk(1, &req.n, &ack) < 0) {
printf("set_user_freeauth_waitack rcv ack msg faild.\r\n");
return -2;
} else {
printf("set_user_freeauth_waitack rcv ack msg success.\r\n");
}
if(ack != NULL) {
printf("set_user_freeauth_waitack rcv answer.\r\n");
} else {
printf("set_user_freeauth_waitack rcv answer error.\r\n");
return -3;
}
#ifdef CFG_FREEAUTH_ACK_COOKIES
/*recv answer*/
if(ack->nlmsg_type == NLMSG_ERROR) {
nl_debugfs_extack(ack);
}
#else
/*recv answer*/
if(ack->nlmsg_type == FREEAUTH_CFG) {
nl_debugfs(ack);
}
#endif
if(ack) {
free(ack);
}
return 0;
}
/*获取json串类型*/
ret_code freeauth_config_json_type(pointer input, uint *conf_type)
{
const char *pString = (char *)input;
cJSON *cjson, *type;
if(!pString) {
return RET_INPUTERR;
}
printf("json:[%s]\n", pString);
/*JSON字符串到JSON格式 */
cjson = cJSON_Parse(input);
if(!cjson) {
printf("JSON格式错误\n");
return RET_INPUTERR;
}
/*获取操作类型 add、mod、del */
type = cJSON_GetObjectItem(cjson, "type");
if(!type) {
cJSON_Delete(cjson);
return RET_INPUTERR;
}
if(conf_type) {
*conf_type = type->valueint;
}
cJSON_Delete(cjson);
return RET_OK;
}
/*修改json字符串转为结构体 把未认证权限名称为name的序号移动到序号3前面*/
/*iuput格式{"type": 1, "data": {"name": "armink", "after": 3}}*/
ret_code freeauth_mov_json_parse(pointer input, uint *conf_type, rule_mod_t *rule_mod)
{
const char *pString = (char *)input;
cJSON *cjson, *type, *data;
if(!pString) {
return RET_INPUTERR;
}
printf("json:[%s]\n", pString);
/*JSON字符串到JSON格式 */
cjson = cJSON_Parse(pString);
if(!cjson) {
return RET_INPUTERR;
}
/*获取免认证规则的data部分 */
data = cJSON_GetObjectItem(cjson, "data");
if(!data) {
cJSON_Delete(cjson);
return RET_INPUTERR;
}
/*创建freeauth_configure_t结构体对象 */
s2j_create_struct_obj(struct_rulemod, rule_mod_t);
if(struct_rulemod == NULL) {
cJSON_Delete(cjson);
return RET_NOMEM;
}
/*反序列化数据到freeauth_configure_t结构体对象 */
s2j_struct_get_basic_element(struct_rulemod, data, int, after);
s2j_struct_get_basic_element(struct_rulemod, data, string, name);
if(rule_mod) {
memset(rule_mod, 0, sizeof(rule_mod_t));
rule_mod->after = struct_rulemod->after;
strncpy(rule_mod->name, struct_rulemod->name, UNAMESIZE);
}
printf("移动数据解析完成\n");
cJSON_Delete(cjson);
return RET_OK;
}
/*json字符串转为结构体*/
/*iuput格式{"type": 0, "data": {"rule_priority": 1, "name": "armink","sip": "192.168.1.1","dip": "192.168.2.100","dport": 24, "flag":0}}*/
ret_code freeauth_config_json_parse(pointer input, uint *conf_type, freeauth_configure_t *freeauth_buff)
{
const char *pString = (char *)input;
cJSON *cjson, *type, *data;
if(!pString) {
return RET_INPUTERR;
}
printf("json:[%s]\n", pString);
/*JSON字符串到JSON格式 */
cjson = cJSON_Parse(pString);
if(!cjson) {
return RET_INPUTERR;
}
/*获取操作类型 add、mod、del */
type = cJSON_GetObjectItem(cjson, "type");
if(!type) {
cJSON_Delete(cjson);
return RET_INPUTERR;
}
if(conf_type) {
*conf_type = type->valueint;
}
/*获取免认证规则的data部分 */
data = cJSON_GetObjectItem(cjson, "data");
if(!data) {
cJSON_Delete(cjson);
return RET_INPUTERR;
}
/*创建freeauth_configure_t结构体对象 */
s2j_create_struct_obj(struct_freeauth, freeauth_configure_json_t);
if(struct_freeauth == NULL) {
cJSON_Delete(cjson);
return RET_NOMEM;
}
/*反序列化数据到freeauth_configure_t结构体对象 */
s2j_struct_get_basic_element(struct_freeauth, data, int, rule_priority);
s2j_struct_get_basic_element(struct_freeauth, data, string, name);
s2j_struct_get_basic_element(struct_freeauth, data, string, sip);
s2j_struct_get_basic_element(struct_freeauth, data, string, dip);
s2j_struct_get_basic_element(struct_freeauth, data, int, dport);
s2j_struct_get_basic_element(struct_freeauth, data, int, flag);
if(freeauth_buff) {
memset(freeauth_buff, 0, sizeof(freeauth_configure_t));
freeauth_buff->rule_priority = struct_freeauth->rule_priority;
strncpy(freeauth_buff->name, struct_freeauth->name, UNAMESIZE);
if(0 == isIpV4Addr(struct_freeauth->sip))
{
inet_pton(AF_INET, struct_freeauth->sip, &freeauth_buff->sip); /*点分十进制-十进制*/
}
if(0 == isIpV4Addr(struct_freeauth->dip))
{
inet_pton(AF_INET, struct_freeauth->dip, &freeauth_buff->dip); /*点分十进制-十进制*/
}
freeauth_buff->dport = struct_freeauth->dport;
freeauth_buff->flag = struct_freeauth->flag;
}
printf("添加数据解析完成\n");
cJSON_Delete(cjson);
s2j_delete_struct_obj(struct_freeauth);
return RET_OK;
}
/*iuput格式
{
"type": 0,
"data": [
{"rule_priority": 1,"name": "cary","sip": "192.168.1.1","dip": "192.168.5.1","dport": 120, "flag":0},
{"rule_priority": 2,"name": "nicole","sip": "192.168.1.1","dip": "192.168.5.1","dport": 130, "flag":0},
{"rule_priority": 3,"name": "arwrgmink","sip": "192.168.1.1","dip": "192.168.5.1","dport": 90, "flag":0}
]
}
*/
ret_code authfree_config_json_parse_array(pointer input, uint *conf_type, freeauth_configure_t **fb, int *cnt)
{
cJSON *cjson, *data, *rule_priority, *name, *sip, *dip, *dport, *flag;
freeauth_configure_t *freeauth_buff = *fb;
int iCount = 0, i = 0;
*fb = NULL;
/*JSON字符串到JSON格式 */
cjson = cJSON_Parse(input);
if(!cjson) {
return RET_INPUTERR;
}
rpc_log_info("json input:%s \n", cJSON_Print(cjson));
/*获取免认证规则的data部分 */
data = cJSON_GetObjectItem(cjson, "data");
if(!data) {
cJSON_Delete(cjson);
return RET_INPUTERR;
}
/*获取数组长度*/
iCount = cJSON_GetArraySize(data);
printf("iCount=[%d]\n", iCount);
freeauth_buff = (freeauth_configure_t *)malloc(sizeof(freeauth_configure_t) * iCount);
if(!freeauth_buff) {
cJSON_Delete(cjson);
return RET_NOMEM;
}
memset(freeauth_buff, 0, sizeof(freeauth_configure_t) * iCount);
*fb = freeauth_buff;
for(i = 0; i < iCount; i++) {
cJSON *pArrayItem = cJSON_GetArrayItem(data, i);
if(pArrayItem) {
/*获取未认证权限优先级键值对*/
rule_priority = cJSON_GetObjectItem(pArrayItem, "rule_priority");
if(rule_priority) {
freeauth_buff->rule_priority = rule_priority->valueint;
}
/*未认证权限名称*/
name = cJSON_GetObjectItem(pArrayItem, "name");
if(name) {
strncpy(freeauth_buff->name, name->valuestring, UNAMESIZE);
printf("freeauth_buff->name = %s\n", freeauth_buff->name);
}
/*源IP地址*/
sip = cJSON_GetObjectItem(pArrayItem, "sip");
if(sip) {
/*点分十进制转为十进制 192.168.1.1 12675138*/
inet_pton(AF_INET, sip->valuestring, &freeauth_buff->sip);
}
/*目的IP地址*/
dip = cJSON_GetObjectItem(pArrayItem, "dip");
if(dip) {
/*点分十进制转为十进制 192.168.1.1 12675138*/
inet_pton(AF_INET, dip->valuestring, &freeauth_buff->dip);
}
/*目的端口号*/
dport = cJSON_GetObjectItem(pArrayItem, "dport");
if(dport) {
freeauth_buff->dport = dport->valueint;
}
/*状态标志位*/
flag = cJSON_GetObjectItem(pArrayItem, "flag");
if(flag) {
freeauth_buff->flag = flag->valueint;
}
printf("freeauth_buff->name = %p\n", &freeauth_buff->name);
printf("freeauth_buff->name = %s\n", freeauth_buff->name);
#if 0
for (int j = 0; j < iCount; j++)
{
printf("[%d %s %d %d %d %d]\n", freeauth_buff->rule_priority, freeauth_buff->name, freeauth_buff->sip,
freeauth_buff->dip, freeauth_buff->dport, freeauth_buff->flag);
freeauth_buff++;
}
#endif
freeauth_buff++;
}
}
if(cnt) {
*cnt = iCount;
}
cJSON_Delete(cjson);
printf("删除数据解析完成\n");
return RET_OK;
}
/*chk data格式 */
ret_code freeauth_config_chk(uint source, uint *config_type,
pointer input, int *input_len,
pointer output, int *output_len)
{
ret_code ret = RET_OK;
return ret;
}
/*增加未认证权限规则*/
ret_code freeauth_config_add_proc(uint source, uint config_type,
pointer input, int input_len,
pointer output, int *output_len)
{
int i;
cJSON *res;
freeauth_configure_t *freeauth_configure;
uint conf_type = FREEAUTH_CONFIG_GET;
char *ret_char = NULL;
unsigned int ret_int = 0;
authfree_result_t authfree_result;
char* err_msg = NULL;
char str[INET_ADDRSTRLEN];
char dtr[INET_ADDRSTRLEN];
freeauth_configure = (freeauth_configure_t *)malloc(sizeof(freeauth_configure_t));
if(freeauth_configure == NULL) {
return RET_NOMEM;
}
freeauth_config_json_parse(input, &conf_type, freeauth_configure);
/*校验用户名长度*/
if(input_len < sizeof(freeauth_configure_t) || NULL == freeauth_configure->name ||
(UNAMESIZE) < strlen(freeauth_configure->name) || 0 == strlen(freeauth_configure->name)) {
free(freeauth_configure);
printf("the lenth is error\n");
return RET_INPUTERR;
}
if(freeauth_configure->sip != 0)
{
memset(str, 0, INET_ADDRSTRLEN);
inet_ntop(AF_INET,&freeauth_configure->sip, str, sizeof(str));
}
if(freeauth_configure->dip != 0)
{
memset(dtr, 0, INET_ADDRSTRLEN);
inet_ntop(AF_INET,&freeauth_configure->dip, dtr, sizeof(dtr));
}
/*判断输入参数是否有效*/
if(SPECHAR(freeauth_configure->name)) {
err_msg = "免认证规则名称含有特殊字符";
} else if ( 1 == isIpV4Addr(str)) {
err_msg = "源IP地址无效";
} else if( 1 == isBroadcastIpV4Addr(str)) {
err_msg = "源IP地址是广播地址";
} else if(0 == isMulticastAddr(freeauth_configure->sip)) {
err_msg = "源IP地址是组播地址";
}else if ( 1 == isIpV4Addr(dtr)) {
err_msg = "目的IP地址无效";
} else if( 1 == isBroadcastIpV4Addr(dtr)) {
err_msg = "目的IP地址是广播地址";
} else if(0 == isMulticastAddr(freeauth_configure->dip)) {
err_msg = "目的IP地址是组播地址";
}else if((freeauth_configure->dport < DPORT_MIN_NUM) || (freeauth_configure->dport > DPORT_MAX_NUM)) {
err_msg = "免认证规则端口无效";
}
if(err_msg != NULL) {
char *ret_char = NULL;
unsigned int ret_int = 0;
cJSON *res;
/*创建json对象 */
res = cJSON_CreateObject();
if(!res) {
return RET_ERR;
}
/*将json对象转换成json字符串 返回处理结果*/
cJSON_AddNumberToObject(res, "resultcode", 1);
cJSON_AddStringToObject(res, "message", err_msg);
ret_char = cJSON_PrintUnformatted(res);
ret_int = strlen(ret_char);
if(output_len) {
*output_len = ret_int + 1;
}
/*超出2k的内存报错 */
if(ret_int >= 1024 * 2) {
free(ret_char);
cJSON_Delete(res);
return RET_NOMEM;
}
memcpy(output, ret_char, ret_int);
free(ret_char);
cJSON_Delete(res);
free(freeauth_configure);
return RET_INPUTERR;
}
/*查找要增加的未认证权限是否重名 该名字已存在 则退出程序 */
for(i = 0; i < RULE_MAX_NUM; i++) {
/*两个字符串相等 strcmp值为0*/
if(0 == strcmp(freeauth_array[i].name, freeauth_configure->name)) {
printf("%s(%d) freeauth_array[%d] = %p\n", __FUNCTION__, __LINE__, i, &freeauth_array[i]);
printf("local user is existed\n");
/*创建json对象 */
res = cJSON_CreateObject();
if(!res) {
free(freeauth_configure);
return RET_ERR;
}
/*将json对象转换成json字符串 返回处理结果*/
cJSON_AddNumberToObject(res, "resultcode", 1);
cJSON_AddStringToObject(res, "message", "免认证规则名已存在");
ret_char = cJSON_PrintUnformatted(res);
ret_int = strlen(ret_char);
if(output_len) {
*output_len = ret_int + 1;
}
/*超出2k的内存报错 */
if(ret_int >= 1024 * 2) {
free(ret_char);
cJSON_Delete(res);
return RET_NOMEM;
}
memcpy(output, ret_char, ret_int);
free(ret_char);
cJSON_Delete(res);
return RET_OK;
}
}
/*数据库修改 存入全局变量*/
add_authfree(freeauth_configure->rule_priority, freeauth_configure->name, freeauth_configure->sip, freeauth_configure->dip,
freeauth_configure->dport, freeauth_configure->flag, &authfree_result);
#if 0
/*用户态下发到内核态auth_hook */
int r = -1;
printf("cfgchannel main begin:\r\n");
/*创建通道 */
r = commcfgnl_open();
if(r < 0) {
printf(" pdlivnl_open fail, exit.\r\n");
return RET_ERR;
}
/*下发配置到内核态 */
r = set_freeauthcfg_waitack(freeauth_configure);
if(r < 0) {
printf("set_cfg_debug_waitack failed.\r\n");
return RET_ERR;
}
/*关闭netlink通道 */
commcfgnl_close();
printf("cfgchannel main exit!\r\n");
#endif
/*创建json对象 */
res = cJSON_CreateObject();
if(!res) {
free(freeauth_configure);
return RET_ERR;
}
/*将json对象转换成json字符串 返回处理结果*/
cJSON_AddNumberToObject(res, "resultcode", authfree_result.resultcode);
cJSON_AddStringToObject(res, "message", authfree_result.message);
ret_char = cJSON_PrintUnformatted(res);
ret_int = strlen(ret_char);
if(output_len) {
*output_len = ret_int + 1;
}
/*超出2k的内存报错 */
if(ret_int >= 1024 * 2) {
free(ret_char);
free(freeauth_configure);
cJSON_Delete(res);
return RET_NOMEM;
}
memcpy(output, ret_char, ret_int);
free(ret_char);
cJSON_Delete(res);
free(freeauth_configure);
return RET_OK;
}
ret_code freeauth_config_mov_proc(uint source, uint config_type,
pointer input, int input_len,
pointer output, int *output_len)
{
int i;
int cnt;
cJSON *res;
authfree_result_t authfree_result;
rule_mod_t *rule_mod;
uint conf_type = FREEAUTH_CONFIG_GET;
char *ret_char = NULL;
unsigned int ret_int = 0;
cJSON *pJsonArry, *pJsonsub;
rule_mod = (rule_mod_t *)malloc(sizeof(rule_mod_t));
if(rule_mod == NULL) {
return RET_NOMEM;
}
freeauth_mov_json_parse(input, &conf_type, rule_mod);
printf("%s %d\n", rule_mod->name, rule_mod->after);
if(input_len < sizeof(rule_mod_t)) {
return RET_INPUTERR;
}
/*判断一些目前全局变量存的数量 移动的数需要约束*/
for(i = 0; i < RULE_MAX_NUM; i++) {
if (0 == strlen(freeauth_array[i].name))
{
printf("the name is :%s i:%d\n", freeauth_array[i].name, i);
break;
}
}
if ((rule_mod->after > i) || (rule_mod->after < 1))
{
printf("mov number is not vaild\n");
/*创建json对象 */
res = cJSON_CreateObject();
if(!res) {
return RET_ERR;
}
/*将json对象转换成json字符串 返回处理结果*/
cJSON_AddNumberToObject(res, "resultcode", 11);
cJSON_AddStringToObject(res, "message", "移动规则失败");
ret_char = cJSON_PrintUnformatted(res);
ret_int = strlen(ret_char);
if(output_len) {
*output_len = ret_int + 1;
}
/*超出2k的内存报错 */
if(ret_int >= 1024 * 2) {
free(ret_char);
cJSON_Delete(res);
return RET_NOMEM;
}
memcpy(output, ret_char, ret_int);
free(ret_char);
cJSON_Delete(res);
return RET_ERR;
}
printf("打印全局数组内全部元素\n");
/*打印数组内全部元素*/
for(i = 0; i < RULE_MAX_NUM; i++)
{
printf("[%d %s %d %d %d %d %d]\n", freeauth_array[i].rule_priority, freeauth_array[i].name, freeauth_array[i].sip,
freeauth_array[i].dip, freeauth_array[i].dport, freeauth_array[i].flag, i);
}
/*查找要移动的未认证权限是否存在 不存在 则退出程序 */
for(i = 0; i < RULE_MAX_NUM; i++) {
/*两个字符串相等 strcmp值为0*/
if(0 == strcmp(freeauth_array[i].name, rule_mod->name)) {
printf("%s(%d) freeauth_array[%d] = %p\n", __FUNCTION__, __LINE__, i, &freeauth_array[i]);
mov_authfree(rule_mod->name, rule_mod->after, &authfree_result);
/*创建json对象 */
res = cJSON_CreateObject();
if(!res) {
return RET_ERR;
}
/*将json对象转换成json字符串 返回处理结果*/
cJSON_AddNumberToObject(res, "resultcode", authfree_result.resultcode);
cJSON_AddStringToObject(res, "message", authfree_result.message);
ret_char = cJSON_PrintUnformatted(res);
ret_int = strlen(ret_char);
if(output_len) {
*output_len = ret_int + 1;
}
/*超出2k的内存报错 */
if(ret_int >= 1024 * 2) {
free(ret_char);
cJSON_Delete(res);
return RET_NOMEM;
}
memcpy(output, ret_char, ret_int);
free(ret_char);
cJSON_Delete(res);
return RET_OK;
}
}
}
/*单个删除、批量删除*/
ret_code freeauth_config_del_proc(uint source, uint config_type,
pointer input, int input_len,
pointer output, int *output_len)
{
int i;
int cnt;
cJSON *res;
authfree_result_t authfree_result;
freeauth_configure_t *freeauth_configure = NULL;
uint conf_type = FREEAUTH_CONFIG_GET;
char *ret_char = NULL;
unsigned int ret_int = 0;
cJSON *pJsonArry, *pJsonsub;
char name[256];
authfree_config_json_parse_array(input, &conf_type, &freeauth_configure, &cnt);
printf("打印全局数组内全部元素\n");
/*打印数组内全部元素*/
for(i = 0; i < RULE_MAX_NUM; i++)
{
printf("[%d %s %d %d %d %d %d]\n", freeauth_array[i].rule_priority, freeauth_array[i].name, freeauth_array[i].sip,
freeauth_array[i].dip, freeauth_array[i].dport, freeauth_array[i].flag, i);
}
printf("打印传过来的json串\n");
for(int j = 0; j < cnt; j++)
{
printf("[%s %d]\n", freeauth_configure[j].name, j);
}
pJsonArry = cJSON_CreateArray(); /*创建数组*/
/*数据库删除 存入全局变量*/
for(int j = 0; j < cnt; j++)
{
memset(name, 0, 256);
strncpy(name, freeauth_configure[j].name, UNAMESIZE);
del_authfree(freeauth_configure[j].name, &authfree_result);
if(6 == authfree_result.resultcode)
{
cJSON_AddItemToArray(pJsonArry, pJsonsub = cJSON_CreateObject()); /* 给创建的数组增加对象*/
cJSON_AddStringToObject(pJsonsub, "name", name);
}
}
/*创建json对象 */
res = cJSON_CreateObject();
if(!res)
{
return RET_ERR;
}
/*将json对象转换成json字符串 返回处理结果*/
cJSON_AddNumberToObject(res, "resultcode", authfree_result.resultcode);
cJSON_AddStringToObject(res, "message", authfree_result.message);
cJSON_AddItemToObject(res, "data", pJsonArry);
ret_char = cJSON_PrintUnformatted(res);
ret_int = strlen(ret_char);
if(output_len)
{
*output_len = ret_int + 1;
}
/*超出2k的内存报错 */
if(ret_int >= 1024 * 2)
{
free(ret_char);
cJSON_Delete(res);
return RET_NOMEM;
}
memcpy(output, ret_char, ret_int);
free(ret_char);
cJSON_Delete(res);
return RET_OK;
}
/*修改未认证权限规则*/
ret_code freeauth_config_mod_proc(uint source, uint config_type,
pointer input, int input_len,
pointer output, int *output_len)
{
int i;
cJSON *res;
freeauth_configure_t *freeauth_configure;
uint conf_type = FREEAUTH_CONFIG_GET;
char *ret_char = NULL;
unsigned int ret_int = 0;
authfree_result_t authfree_result;
freeauth_configure = (freeauth_configure_t *)malloc(sizeof(freeauth_configure_t));
if(freeauth_configure == NULL) {
return RET_NOMEM;
}
freeauth_config_json_parse(input, &conf_type, freeauth_configure);
/*校验用户名长度*/
if(input_len < sizeof(freeauth_configure_t) || NULL == freeauth_configure->name ||
(UNAMESIZE) < strlen(freeauth_configure->name) || 0 == strlen(freeauth_configure->name)) {
free(freeauth_configure);
printf("the lenth is error\n");
return RET_INPUTERR;
}
/*查找要增加的未认证权限是否重名 该名字不存在 则退出程序 */
for(i = 0; i < RULE_MAX_NUM; i++) {
/*两个字符串相等 strcmp值为0*/
if(0 == strcmp(freeauth_array[i].name, freeauth_configure->name)) {
printf("%s(%d) freeauth_array[%d] = %p\n", __FUNCTION__, __LINE__, i, &freeauth_array[i]);
/*数据库修改 存入全局变量*/
mod_authfree(freeauth_configure->rule_priority, freeauth_configure->name, freeauth_configure->sip, freeauth_configure->dip,
freeauth_configure->dport, freeauth_configure->flag, &authfree_result);
#if 0
/*用户态下发到内核态auth_hook */
int r = -1;
printf("cfgchannel main begin:\r\n");
/*创建通道 */
r = commcfgnl_open();
if(r < 0) {
printf(" pdlivnl_open fail, exit.\r\n");
return RET_ERR;
}
/*下发配置到内核态 */
r = set_freeauthcfg_waitack(freeauth_configure);
if(r < 0) {
printf("set_cfg_debug_waitack failed.\r\n");
return RET_ERR;
}
/*关闭netlink通道 */
commcfgnl_close();
printf("cfgchannel main exit!\r\n");
#endif
/*创建json对象 */
res = cJSON_CreateObject();
if(!res) {
free(freeauth_configure);
return RET_ERR;
}
/*将json对象转换成json字符串 返回处理结果*/
cJSON_AddNumberToObject(res, "resultcode", authfree_result.resultcode);
cJSON_AddStringToObject(res, "message", authfree_result.message);
ret_char = cJSON_PrintUnformatted(res);
ret_int = strlen(ret_char);
if(output_len) {
*output_len = ret_int + 1;
}
/*超出2k的内存报错 */
if(ret_int >= 1024 * 2) {
free(ret_char);
free(freeauth_configure);
cJSON_Delete(res);
return RET_NOMEM;
}
memcpy(output, ret_char, ret_int);
free(ret_char);
cJSON_Delete(res);
free(freeauth_configure);
return RET_OK;
}
}
if(freeauth_configure) {
free(freeauth_configure);
}
return RET_OK;
}
/*查询未认证权限*/
ret_code freeauth_config_get_proc(uint source, uint config_type,
pointer input, int input_len,
pointer output, int *output_len)
{
int i;
int cnt;
cJSON *res;
char *ret_char = NULL;
unsigned int ret_int = 0;
uint conf_type = FREEAUTH_CONFIG_GET;
cJSON *pJsonArry, *pJsonsub;
char *name;
printf("打印全局数组内全部元素\n");
/*打印数组内全部元素*/
for(i = 0; i < RULE_MAX_NUM; i++)
{
printf("[%d %s %d %d %d %d %d]\n", freeauth_array[i].rule_priority, freeauth_array[i].name, freeauth_array[i].sip,
freeauth_array[i].dip, freeauth_array[i].dport, freeauth_array[i].flag, i);
}
pJsonArry= cJSON_CreateArray(); /*创建数组*/
/*打印数组内全部元素*/
/*查找免认证规则名字,不存在则退出程序 */
for(i = 0; i < RULE_MAX_NUM; i++) {
if (0 != strlen(freeauth_array[i].name))
{
char str[INET_ADDRSTRLEN];
printf("%s(%d) freeauth_array[%d] = %p\n", __FUNCTION__, __LINE__, i, &freeauth_array[i]);
cJSON_AddItemToArray(pJsonArry, pJsonsub=cJSON_CreateObject()); /* 给创建的数组增加对象*/
cJSON_AddNumberToObject(pJsonsub, "rule_priority", (i + 1));
cJSON_AddStringToObject(pJsonsub, "name", freeauth_array[i].name);
memset(str, 0, INET_ADDRSTRLEN);
inet_ntop(AF_INET,&freeauth_array[i].sip, str, sizeof(str));
cJSON_AddStringToObject(pJsonsub, "sip", str);
memset(str, 0, INET_ADDRSTRLEN);
inet_ntop(AF_INET,&freeauth_array[i].dip, str, sizeof(str));
cJSON_AddStringToObject(pJsonsub, "dip", str);
cJSON_AddNumberToObject(pJsonsub, "dport", freeauth_array[i].dport);
cJSON_AddNumberToObject(pJsonsub, "flag", freeauth_array[i].flag);
}
}
/*创建json对象 */
res = cJSON_CreateObject();
if(!res) {
return RET_ERR;
}
/*将json对象转换成json字符串 返回处理结果*/
cJSON_AddNumberToObject(res, "resultcode", 11);
cJSON_AddStringToObject(res, "message", "查询规则成功");
cJSON_AddItemToObject(res, "data", pJsonArry);
ret_char = cJSON_PrintUnformatted(res);
ret_int = strlen(ret_char);
if(output_len) {
*output_len = ret_int + 1;
}
/*超出2k的内存报错 */
if(ret_int >= 1024 * 2) {
free(ret_char);
cJSON_Delete(res);
return RET_NOMEM;
}
memcpy(output, ret_char, ret_int);
free(ret_char);
cJSON_Delete(res);
return RET_OK;
}
/*删除所有免认证规则*/
ret_code freeauth_config_del_all_proc(uint source, uint config_type,
pointer input, int input_len,
pointer output, int *output_len)
{
int i;
int cnt;
cJSON *res;
authfree_result_t authfree_result;
freeauth_configure_t *freeauth_configure = NULL;
uint conf_type = FREEAUTH_CONFIG_GET;
char *ret_char = NULL;
unsigned int ret_int = 0;
freeauth_configure = (freeauth_configure_t *)malloc(sizeof(freeauth_configure_t));
if(freeauth_configure == NULL) {
return RET_NOMEM;
}
freeauth_config_json_parse(input, &conf_type, freeauth_configure);
printf("打印全局数组内全部元素\n");
/*打印数组内全部元素*/
for(i = 0; i < RULE_MAX_NUM; i++)
{
printf("[%d %s %d %d %d %d %d]\n", freeauth_array[i].rule_priority, freeauth_array[i].name, freeauth_array[i].sip,
freeauth_array[i].dip, freeauth_array[i].dport, freeauth_array[i].flag, i);
}
/*删除所有未认证权限*/
del_all_authfree(freeauth_configure->name, &authfree_result);
/*创建json对象 */
res = cJSON_CreateObject();
if(!res) {
return RET_ERR;
}
/*将json对象转换成json字符串 返回处理结果*/
cJSON_AddNumberToObject(res, "resultcode", authfree_result.resultcode);
cJSON_AddStringToObject(res, "message", authfree_result.message);
cJSON_AddStringToObject(res, "data", "");
ret_char = cJSON_PrintUnformatted(res);
ret_int = strlen(ret_char);
if(output_len) {
*output_len = ret_int + 1;
}
/*超出2k的内存报错 */
if(ret_int >= 1024 * 2) {
free(ret_char);
cJSON_Delete(res);
return RET_NOMEM;
}
memcpy(output, ret_char, ret_int);
free(ret_char);
cJSON_Delete(res);
return RET_OK;
}
ret_code freeauth_config_proc(uint source, uint config_type,
pointer input, int input_len,
pointer output, int *output_len)
{
ret_code ret = RET_OK;
freeauth_configure_t freeauth_configure = {0};
int config_len = sizeof(freeauth_configure_t);
uint conf_type;
char *ret_char = NULL;
unsigned int ret_int = 0;
int r = -1;
cJSON *res;
int code = 0;
freeauth_config_json_type(input, &conf_type);
rpc_log_info("config type is %d\n", conf_type);
switch(conf_type) {
case FREEAUTH_CONFIG_ADD:
ret = freeauth_config_add_proc(source, conf_type,
input, input_len,
output, output_len);
break;
case FREEAUTH_CONFIG_MOV:
ret = freeauth_config_mov_proc(source, conf_type,
input, input_len,
output, output_len);
break;
case FREEAUTH_CONFIG_DEL:
ret = freeauth_config_del_proc(source, conf_type,
input, input_len,
output, output_len);
break;
case FREEAUTH_CONFIG_MOD:
ret = freeauth_config_mod_proc(source, conf_type,
input, input_len,
output, output_len);
break;
case FREEAUTH_CONFIG_GET:
ret = freeauth_config_get_proc(source, conf_type,
input, input_len,
output, output_len);
break;
case FREEAUTH_CONFIG_DEL_ALL:
ret = freeauth_config_del_all_proc(source, conf_type,
input, input_len,
output, output_len);
break;
default:
ret = RET_NOTSUPPORT;
}
return RET_OK;
}
Reference in New Issue View Git Blame Copy Permalink