cmhi
/
secgateway
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
secgateway/Platform/user/configm/config-server/web_config/auth_parameters.c

549 lines
15 KiB
C
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#include "../include/parsefile.h"
#include "../include/configm.h"
#include "../../../netlink_uapi/libnetlinku.h"
#include "authfree.h"
#include <cjson/cJSON.h>
#include "s2j/s2j.h"
#include "commuapinl.h"
#include "auth_parameters.h"
#include "rpc.h"
#include "../Platform/common/database/database.h"
#include "include/user_authpara.h"
#include "config_manager.h"
#include <stdbool.h>
#include "stdlib.h"
#include "redisMq.h"
/*定义结构体 存认证参数*/
auth_parameters_t *auth_para;
#define LOCAL_PORTALSERVER_PORT "local_portalserver_port"
#ifdef AGINGTIME_ACK_COOKIES
#define CFG_AGINGTIME_ACK_COOKIES
#endif
/*全局变量初始化 失败为1 成功为0*/
int authparInit()
{
auth_para = (auth_parameters_t *)malloc(sizeof(auth_parameters_t));
if(NULL == auth_para) {
return 1;
}
memset(auth_para, 0, sizeof(auth_parameters_t));
/*设置默认值*/
auth_para->port = 8081;
auth_para->timehorizon = 1;
auth_para->failcount = 5;
auth_para->locktime = 10;
auth_para->aging_time = 10;
return 0;
}
/*下发用户老化时间配置到内核态 */
int set_agingtimecfg_waitack(int *agingtime)
{
int agingtime_len = 0;
struct nlmsghdr *ack = NULL;
struct nlmsghdr **answer = &ack;
struct {
struct nlmsghdr n;
char buf[1024];
} req = {
.n.nlmsg_len = NLMSG_LENGTH(0),
#ifdef CFG_AGINGTIME_ACK_COOKIES
.n.nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK, /*set NLM_F_ACKuse kernel auto ack*/
#else
.n.nlmsg_flags = NLM_F_REQUEST, /*not use kernel auto ack */
#endif
.n.nlmsg_type = AGINGTIME_CFG, /*用户态发送给内核态的用户老化时间消息 */
.n.nlmsg_pid = getpid(),
};
/*判断要发送的数据是否为NULL,不为NULL,打印出来 */
if(agingtime == NULL) {
printf("set_agingtimecfg_waitack is error: input struct_agingtime is NULL.\r\n");
return -1;
} else {
printf("set_freeauthcfg_waitack :agingtime %d\n", *agingtime);
}
/*计算需要发送的数据的长度 */
agingtime_len = sizeof(int);
printf("%d\n", agingtime_len);
/*可选属性 */
commnl_addattr_l(&req.n, sizeof(req), 1, agingtime, agingtime_len);
/*发送组装好的netlink消息 */
if(pdeliv_talk(1, &req.n, answer) < 0) {
printf("set_user_agingtime_waitack rcv ack msg faild.\r\n");
return -2;
} else {
printf("set_user_agingtime_waitack rcv ack msg success.\r\n");
}
if(*answer != NULL) {
printf("set_user_agingtime_waitack rcv answer.\r\n");
} else {
printf("set_user_agingtime_waitack rcv answer error.\r\n");
return -3;
}
#ifdef CFG_AGINGTIME_ACK_COOKIES
/*recv answer*/
if((*answer)->nlmsg_type == NLMSG_ERROR) {
nl_debugfs_extack(*answer);
}
#else
/*recv answer*/
if((*answer)->nlmsg_type == AGINGTIME_CFG) {
nl_debugfs(*answer);
}
#endif
return 0;
}
/*检查IP地址是否有效端口号是否被占用 0是未被占用 */
int _valid_port(int port)
{
int fd;
int i;
struct sockaddr_in addr;
fd = socket(AF_INET, SOCK_STREAM, 0); /*初始化*/
if(fd == -1) { /*检查是否正常初始化socket */
return 1;
}
addr.sin_family = AF_INET; /*地址结构的协议簇 */
addr.sin_port = htons(port); /*地址结构的端口地址,网络字节序 */
inet_pton(AF_INET, "127.0.0.1", &addr.sin_addr);
i = (bind(fd, (struct sockaddr *)&addr, sizeof(struct sockaddr)));
printf("the value of i:%d\n", i);
close(fd);
if(i < 0) {
printf("port %d has been used. \n", port);
return 1;
}
return 0;
}
/*获取json串类型*/
ret_code authpara_config_json_type(pointer input, uint *conf_type)
{
const char *pString = (char *)input;
cJSON *cjson, *type;
if(!pString) {
return RET_INPUTERR;
}
printf("json:[%s]\n", pString);
/*JSON字符串到JSON格式 */
cjson = cJSON_Parse(input);
if(!cjson) {
return RET_INPUTERR;
}
/*获取操作类型 add、mod、del */
type = cJSON_GetObjectItem(cjson, "type");
if(!type) {
cJSON_Delete(cjson);
return RET_INPUTERR;
}
if(conf_type) {
*conf_type = type->valueint;
}
cJSON_Delete(cjson);
return RET_OK;
}
/* iuput格式{"type": 0, "data": {"port": 1010,"timehorizon": 10,"failcount": 20,"locktime":30, "aging_time":10}}*/
ret_code authpara_config_json_parse(pointer input, uint *conf_type, auth_parameters_t *authpara_buff)
{
char *pString = (char *)input;
cJSON *cjson, *type, *data;
printf("json:[%s]\n", pString);
/*JSON字符串到JSON格式 */
cjson = cJSON_Parse(pString);
if(!cjson) {
return RET_INPUTERR;
}
/*获取操作类型 add、mod、del */
type = cJSON_GetObjectItem(cjson, "type");
if(!type) {
cJSON_Delete(cjson);
return RET_INPUTERR;
}
if(conf_type) {
*conf_type = type->valueint;
}
/*获取免认证规则的data部分 */
data = cJSON_GetObjectItem(cjson, "data");
if(!data) {
cJSON_Delete(cjson);
return RET_INPUTERR;
}
/*创建freeauth_configure_t结构体对象 */
s2j_create_struct_obj(auth_parameters, auth_parameters_t);
if(auth_parameters == NULL) {
cJSON_Delete(cjson);
return RET_NOMEM;
}
/*反序列化数据到freeauth_configure_t结构体对象 */
s2j_struct_get_basic_element(auth_parameters, data, int, port);
s2j_struct_get_basic_element(auth_parameters, data, int, timehorizon);
s2j_struct_get_basic_element(auth_parameters, data, int, failcount);
s2j_struct_get_basic_element(auth_parameters, data, int, locktime);
s2j_struct_get_basic_element(auth_parameters, data, int, aging_time);
if(authpara_buff) {
authpara_buff->port = auth_parameters->port;
authpara_buff->timehorizon = auth_parameters->timehorizon;
authpara_buff->failcount = auth_parameters->failcount;
authpara_buff->locktime = auth_parameters->locktime;
authpara_buff->aging_time = auth_parameters->aging_time;
}
s2j_delete_struct_obj(auth_parameters);
cJSON_Delete(cjson);
return RET_OK;
}
#if 0
/* 发布配置的本地Portal server 的port*/
void local_portal_port(char *port)
{
printf("port of local portal server%s\n", port);
bool ret = redisPubInit();
if(!ret) {
printf("Init failed.\n");
return;
}
ret = redisPubConnect();
if(!ret) {
printf("connect failed.");
return;
}
redisPublish(LOCAL_PORTALSERVER_PORT, port);
redisPubDisconnect();
redisPubUninit();
return;
}
#endif
ret_code authpara_config_chk(uint source, uint *config_type,
pointer input, int *input_len,
pointer output, int *output_len)
{
ret_code ret = RET_OK;
return ret;
}
ret_code authpara_config_mod_proc(uint source, uint config_type,
pointer input, int input_len,
pointer output, int *output_len)
{
configure_result_t configure_result;
cJSON *res;
char auth_port[20];
ret_code ret = RET_OK;
auth_parameters_t *auth_parameters;
uint conf_type = AUTHPARA_CONFIG_MOD;
char *ret_char = NULL;
unsigned int ret_int = 0;
int portresult = 0;
char* err_msg = NULL;
auth_parameters = (auth_parameters_t *)malloc(sizeof(auth_parameters_t));
if(auth_parameters == NULL) {
return RET_NOMEM;
}
ret_code ret_result = authpara_config_json_parse(input, &conf_type, auth_parameters);
printf("ret result is :%d\n", ret_result);
if(ret_result != RET_OK)
{
return ret_result;
}
/*判断长度*/
if(input_len < sizeof(auth_parameters_t)) {
free(auth_parameters);
return RET_INPUTERR;
}
/*判断值是否修改 端口号不同 说明已经做了修改 其他值没有冲突 端口号需要判断冲突*/
rpc_log_info("port: %d local port:%d\n", auth_parameters->port, auth_para->port);
if(auth_para->port != auth_parameters->port)
{
if( 1 == _valid_port(auth_parameters->port)){
err_msg = "认证端口被占用";
}
}
if((auth_parameters->timehorizon < HORIZON_MIN_VALUE) || (auth_parameters->timehorizon > HORIZON_MAX_VALUE)) {
err_msg = "认证时间范围无效";
} else if((auth_parameters->failcount < FAIL_MIN_NUM) || (auth_parameters->failcount > FAIL_MAX_NUM)) {
err_msg = "失败次数无效";
} else if((auth_parameters->locktime < LOCK_MIN_TIME) || (auth_parameters->locktime > LOCK_MAX_TIME)) {
err_msg = "锁定时间无效";
} else if((auth_parameters->aging_time < AGINGTIME_MIN_NUM) || (auth_parameters->aging_time > AGINGTIME_MAX_NUM)) {
err_msg = "老化时间无效";
} else if((auth_parameters->port < PARA_DPORT_MIN_NUM) || (auth_parameters->port > PARA_DPORT_MAX_NUM)) {
err_msg = "认证端口无效";
}
if(err_msg != NULL) {
char *ret_char = NULL;
unsigned int ret_int = 0;
cJSON *res;
/*创建json对象 */
res = cJSON_CreateObject();
if(!res) {
ret = RET_ERR;
return ret;
}
/*将json对象转换成json字符串 返回处理结果*/
cJSON_AddNumberToObject(res, "resultcode", MOD_AUTHPARA_FAIL);
cJSON_AddStringToObject(res, "message", err_msg);
ret_char = cJSON_PrintUnformatted(res);
ret_int = strlen(ret_char);
if(output_len) {
*output_len = ret_int + 1;
}
/*超出2k的内存报错 */
if(ret_int >= 1024 * 2) {
free(ret_char);
cJSON_Delete(res);
return RET_NOMEM;
}
memcpy(output, ret_char, ret_int);
free(auth_parameters);
free(ret_char);
cJSON_Delete(res);
return RET_INPUTERR;
}
mod_authpara(auth_parameters->port, auth_parameters->timehorizon, auth_parameters->failcount,
auth_parameters->locktime, auth_parameters->aging_time, &configure_result);
/*共享内存 传送用户态和内核态之间的配置信息*/
#if 0
/*存数据库成功则下发到内核态auth_hook*/
int r = -1;
if(0 == configure_result->resultcode) {
/*用户态下发到内核态auth_hook */
printf("cfgchannel main begin:\r\n");
/*创建通道 */
r = commcfgnl_open();
if(r < 0) {
printf(" pdlivnl_open fail, exit.\r\n");
return RET_ERR;
}
/*下发配置到内核态 */
r = set_agingtimecfg_waitack(&(auth_parameters.aging_time));
if(r < 0) {
printf("set_cfg_debug_waitack failed.\r\n");
return RET_ERR;
}
/*关闭netlink通道 */
commcfgnl_close();
printf("cfgchannel main exit!\r\n");
}
#endif
#if 0
/*Portal server的port通过redis消息队列接口发布给web server*/
memset(auth_port, 0, 20);
sprintf(auth_port, "%d ", auth_parameters.port);
printf("The number 'port' is %d and the string 'port' is %s. \n", auth_parameters.port, auth_port);
local_portal_port(auth_port);
#endif
/*创建json对象 */
res = cJSON_CreateObject();
if(!res) {
ret = RET_ERR;
return ret;
}
/*将json对象转换成json字符串 返回处理结果*/
printf("resultcode = %d\n", configure_result.resultcode);
printf("message = %s\n", configure_result.message);
cJSON_AddNumberToObject(res, "resultcode", configure_result.resultcode);
cJSON_AddStringToObject(res, "message", configure_result.message);
ret_char = cJSON_PrintUnformatted(res);
ret_int = strlen(ret_char);
if(output_len) {
*output_len = ret_int + 1;
}
/*超出2k的内存报错 */
if(ret_int >= 1024 * 2) {
free(ret_char);
cJSON_Delete(res);
return RET_NOMEM;
}
memcpy(output, ret_char, ret_int);
free(auth_parameters);
free(ret_char);
cJSON_Delete(res);
return RET_OK;
}
ret_code authpara_config_get_proc(uint source, uint config_type,
pointer input, int input_len,
pointer output, int *output_len)
{
cJSON *res;
cJSON *data;
ret_code ret = RET_OK;
uint conf_type;
char *ret_char = NULL;
unsigned int ret_int = 0;
int portresult = 0;
/*获取的数据存入全局变量*/
/*创建json对象 */
data = cJSON_CreateObject();
if(!data) {
ret = RET_ERR;
return ret;
}
/*将json对象转换成json字符串 返回处理结果*/
cJSON_AddNumberToObject(data, "port", auth_para->port);
cJSON_AddNumberToObject(data, "timehorizon", auth_para->timehorizon);
cJSON_AddNumberToObject(data, "failcount", auth_para->failcount);
cJSON_AddNumberToObject(data, "locktime", auth_para->locktime);
cJSON_AddNumberToObject(data, "aging_time", auth_para->aging_time);
/*创建json对象 */
res = cJSON_CreateObject();
if(!res) {
ret = RET_ERR;
return ret;
}
/*将json对象转换成json字符串 返回处理结果*/
cJSON_AddNumberToObject(res, "resultcode", 0);
cJSON_AddStringToObject(res, "message", "get success");
cJSON_AddItemToObject(res, "data", data);
ret_char = cJSON_PrintUnformatted(res);
ret_int = strlen(ret_char);
if(output_len) {
*output_len = ret_int + 1;
}
/*超出2k的内存报错 */
if(ret_int >= 1024 * 2) {
free(ret_char);
cJSON_Delete(res);
return RET_NOMEM;
}
memcpy(output, ret_char, ret_int);
free(ret_char);
cJSON_Delete(res);
return RET_OK;
}
ret_code authpara_config_proc(uint source, uint config_type,
pointer input, int input_len,
pointer output, int *output_len)
{
ret_code ret = RET_OK;
uint conf_type;
ret_code ret_result = authpara_config_json_type(input, &conf_type);
printf("ret result is :%d\n", ret_result);
if(ret_result != RET_OK)
{
return ret_result;
}
rpc_log_info("config type is %d\n", conf_type);
switch(conf_type) {
case AUTHPARA_CONFIG_MOD:
ret = authpara_config_mod_proc(source, conf_type,
input, input_len,
output, output_len);
break;
case AUTHPARA_CONFIG_GET:
ret = authpara_config_get_proc(source, conf_type,
input, input_len,
output, output_len);
break;
default:
ret = RET_NOTSUPPORT;
}
return RET_OK;
}
Reference in New Issue View Git Blame Copy Permalink