cmhi
/
secgateway
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
secgateway/Platform/user/configm/config-server/web_config/auth_parameters.c

552 lines
14 KiB
C
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#include "../include/parsefile.h"
#include "../include/configm.h"
#include "../../../netlink_uapi/libnetlinku.h"
#include "../../../../common/rpc/rpc.h"
#include "authfree.h"
#include <cjson/cJSON.h>
#include "../../../../../Common/s2j/s2j.h"
#include "../../../../../Common/commuapinl.h"
#include "auth_parameters.h"
/*定义结构体 存认证参数*/
auth_parameters_t *auth_para;
#ifdef AGINGTIME_ACK_COOKIES
#define CFG_AGINGTIME_ACK_COOKIES
#endif
/*全局变量初始化 失败为1 成功为0*/
int authparInit()
{
auth_para = (auth_parameters_t *)malloc(sizeof(auth_parameters_t));
if (NULL == auth_para)
{
return 1;
}
return 0;
}
/*下发用户老化时间配置到内核态 */
int set_agingtimecfg_waitack(int *agingtime)
{
int agingtime_len = 0;
struct nlmsghdr *ack = NULL;
struct nlmsghdr **answer = &ack;
struct{
struct nlmsghdr n;
char buf[1024];
} req ={
.n.nlmsg_len = NLMSG_LENGTH(0),
#ifdef CFG_AGINGTIME_ACK_COOKIES
.n.nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK,/*set NLM_F_ACKuse kernel auto ack*/
#else
.n.nlmsg_flags = NLM_F_REQUEST, /*not use kernel auto ack */
#endif
.n.nlmsg_type = AGINGTIME_CFG, /*用户态发送给内核态的用户老化时间消息 */
.n.nlmsg_pid = getpid(),
};
/*判断要发送的数据是否为NULL,不为NULL,打印出来 */
if (agingtime == NULL)
{
printf("set_agingtimecfg_waitack is error: input struct_agingtime is NULL.\r\n");
return -1;
}else
{
printf("set_freeauthcfg_waitack :agingtime %d\n", *agingtime);
}
/*计算需要发送的数据的长度 */
agingtime_len = sizeof(int);
printf("%d\n", agingtime_len);
/*可选属性 */
commnl_addattr_l(&req.n, sizeof(req), 1, agingtime, agingtime_len);
/*发送组装好的netlink消息 */
if(pdeliv_talk(1, &req.n, answer) < 0)
{
printf("set_user_agingtime_waitack rcv ack msg faild.\r\n");
return -2;
}
else
{
printf("set_user_agingtime_waitack rcv ack msg success.\r\n");
}
if(*answer != NULL)
{
printf("set_user_agingtime_waitack rcv answer.\r\n");
}
else{
printf("set_user_agingtime_waitack rcv answer error.\r\n");
return -3;
}
#ifdef CFG_AGINGTIME_ACK_COOKIES
/*recv answer*/
if((*answer)->nlmsg_type == NLMSG_ERROR){
nl_debugfs_extack(*answer);
}
#else
/*recv answer*/
if((*answer)->nlmsg_type == AGINGTIME_CFG)
{
nl_debugfs(*answer);
}
#endif
return 0;
}
/*检查IP地址是否有效端口号是否被占用 */
int _valid_ipv4_port(const char *str, int port)
{
int ret;
int fd;
int i;
volatile int local_errno;
struct sockaddr_in addr;
fd = socket(AF_INET,SOCK_STREAM,0); /*初始化*/
if(fd ==-1) /*检查是否正常初始化socket */
{
return -1;
}
errno = 0;
local_errno = errno;
ret = inet_pton(AF_INET, str ,&addr.sin_addr);
printf("the value of ret is:%d\n",ret);
if(ret > 0)
{
fprintf(stderr, "\"%s\" is a vaild IPv4 address\n", str);
addr.sin_family = AF_INET; /*地址结构的协议簇 */
addr.sin_port=htons(port); /*地址结构的端口地址,网络字节序 */
printf("the value of str:%s\n", str);
i = (bind(fd, (struct sockaddr*)&addr, sizeof(struct sockaddr)));
printf("the value of i:%d\n", i);
if( i < 0)
{
printf("port %d has been used. \n", port);
close(fd);
return -1;
}
printf("port %d is ok. \n", port);
close(fd);
return 0;
}
else if (ret < 0)
{
fprintf(stderr, "EAFNOSUPPORT: %s\n", strerror(local_errno));
close(fd);
return -1;
}
else
{
fprintf(stderr, "\"%s\" is not a vaild IPv4 address\n", str);
close(fd);
return -1;
}
}
/* iuput格式{"type": 0, "data": {"ip": 1028737217,"port": 1010,"timehorizon": 10,"failcount": 20,"locktime":30, "aging_time":10}}*/
ret_code authpara_config_json_parse(pointer input, uint *conf_type, auth_parameters_t *authpara_buff)
{
ret_code ret = RET_OK;
cJSON *cjson, *type, *data;
/*JSON字符串到JSON格式 */
cjson = cJSON_Parse(input);
if(!cjson)
{
ret = RET_INPUTERR;
ASSERT_RET(ret);
return ret;
}
/*获取操作类型 add、mod、del */
type = cJSON_GetObjectItem(cjson, "type");
if(!type)
{
ret = RET_INPUTERR;
cJSON_Delete(cjson);
return ret;
}
*conf_type = type->valueint;
/*获取免认证规则的data部分 */
data = cJSON_GetObjectItem(cjson, "data");
if(!data)
{
ret = RET_INPUTERR;
cJSON_Delete(cjson);
cJSON_Delete(type);
return ret;
}
/*创建freeauth_configure_t结构体对象 */
s2j_create_struct_obj(auth_parameters, auth_parameters_t);
if(auth_parameters == NULL)
{
cJSON_Delete(cjson);
cJSON_Delete(type);
cJSON_Delete(data);
return RET_NOMEM;
}
/*反序列化数据到freeauth_configure_t结构体对象 */
s2j_struct_get_basic_element(auth_parameters, data, int, ip);
s2j_struct_get_basic_element(auth_parameters, data, int, port);
s2j_struct_get_basic_element(auth_parameters, data, int, timehorizon);
s2j_struct_get_basic_element(auth_parameters, data, int, failcount);
s2j_struct_get_basic_element(auth_parameters, data, int, locktime);
s2j_struct_get_basic_element(auth_parameters, data, int, aging_time);
authpara_buff->ip = auth_parameters->ip;
authpara_buff->port = auth_parameters->port;
authpara_buff->timehorizon = auth_parameters->timehorizon;
authpara_buff->failcount = auth_parameters->failcount;
authpara_buff->locktime = auth_parameters->locktime;
authpara_buff->aging_time = auth_parameters->aging_time;
s2j_delete_struct_obj(auth_parameters);
cJSON_Delete(cjson);
cJSON_Delete(type);
cJSON_Delete(data);
return RET_OK;
}
/*检查增加的参数格式是否正确 */
ret_code authpara_config_add_chk(uint source,uint config_type,
pointer input, int input_len,
pointer output, int *output_len)
{
ret_code ret = RET_OK;
auth_parameters_t *auth_parameters;
auth_parameters = (auth_parameters_t *)input;
char str[32] = {0};
if((input_len < sizeof(auth_parameters_t)) || (input_len > sizeof(auth_parameters_t)))
{
ret = RET_INPUTERR;
return ret;
}
/*判断IP地址格式是否正确、端口号是否被占用*/
memset(str, 0, 32);
inet_ntop(AF_INET, (void *)&auth_parameters->ip, str, 32);
char *ip_addr = str;
if( (_valid_ipv4_port(ip_addr, auth_parameters->port)) < 0 )
{
free(auth_parameters);
ret = RET_ERR;
return ret;
}
/*配置的用户失败次数如果小于0则配置错误 */
if(auth_parameters->failcount < FAIL_MIN_NUM )
{
free(auth_parameters);
printf("userlock configure error\n");
ret = RET_ERR;
return ret;
}
/*配置的用户锁定时间如果小于0则配置错误 */
if(auth_parameters->locktime < LOCK_MIN_TIME )
{
free(auth_parameters);
printf("locktime configure error\n");
ret = RET_ERR;
return ret;
}
/*配置的用户认证时间范围如果小于0则配置错误 */
if(auth_parameters->timehorizon < HORIZON_MIN_VALUE )
{
free(auth_parameters);
printf("timehorizon configure error\n");
ret = RET_ERR;
return ret;
}
free(auth_parameters);
return RET_OK;
}
/*修改认证参数 */
ret_code authpara_config_mod_chk(uint source,uint config_type,
pointer input, int input_len,
pointer output, int *output_len)
{
ret_code ret = RET_OK;
auth_parameters_t *auth_parameters;
auth_parameters = (auth_parameters_t *)input;
if((input_len < sizeof(auth_parameters_t)) || (input_len > sizeof(auth_parameters_t)))
{
ret = RET_INPUTERR;
return ret;
}
/*判断认证参数是否存在*/
if(NULL == auth_para)
{
ret = RET_ERR;
return ret;
}
return RET_OK;
}
/*chk data格式 */
ret_code authpara_config_chk(uint source,uint *config_type,
pointer input, int *input_len,
pointer output, int *output_len)
{
ret_code ret = RET_OK;
auth_parameters_t auth_parameters = {0};
int config_len = sizeof(auth_parameters_t);
uint conf_type = AUTHPARA_CONFIG_GET;
int code = 0;
authpara_config_json_parse(input, &conf_type, &auth_parameters);
switch (conf_type)
{
case AUTHPARA_CONFIG_ADD:
ret = authpara_config_add_chk(source, conf_type,
&auth_parameters, config_len,
output, output_len);
break;
case AUTHPARA_CONFIG_MOD:
ret = authpara_config_mod_chk(source, conf_type,
&auth_parameters, config_len,
output, output_len);
break;
default:
ret = RET_NOTSUPPORT;
}
if(config_len <= CM_BUFF_SIZE)
{
memset(input, 0, *input_len);
memcpy(input, &auth_parameters, config_len);
*config_type = conf_type;
*input_len = config_len;
}
else
{
ret = RET_NOMEM;
}
RET_ERR_FORMART(ret, code, output, *output_len);
return ret;
}
ret_code authpara_config_add_proc(uint source, uint config_type,
pointer input, int input_len,
pointer output, int *output_len)
{
ret_code ret = RET_OK;
cJSON *res;
char * ret_char = NULL;
unsigned int ret_int = 0;
auth_parameters_t *auth_parameters;
auth_parameters = (auth_parameters_t *)input;
int r = -1;
/*增加数据库*/
/*存入全局变量*/
/*用户态下发到内核态auth_hook */
printf("cfgchannel main begin:\r\n");
/*创建通道 */
r = commcfgnl_open();
if(r < 0)
{
printf(" pdlivnl_open fail, exit.\r\n");
return RET_ERR;
}
/*下发配置到内核态 */
r = set_agingtimecfg_waitack(&(auth_parameters->aging_time));
if(r < 0)
{
printf("set_cfg_debug_waitack failed.\r\n");
return RET_ERR;
}
/*关闭netlink通道 */
commcfgnl_close();
printf("cfgchannel main exit!\r\n");
/*创建json对象 */
res = cJSON_CreateObject();
if(!res)
{
free(auth_parameters);
ret = RET_ERR;
return ret;
}
/*将json对象转换成json字符串 返回处理结果*/
cJSON_AddNumberToObject(res, "result", r);
ret_char = cJSON_PrintUnformatted(res);
ret_int = strlen(ret_char);
if(output_len)
{
*output_len = ret_int;
}
/*超出2k的内存报错 */
if(ret_int >= 1024 * 2)
{
free(auth_parameters);
free(ret_char);
cJSON_Delete(res);
return RET_NOMEM;
}
memcpy(output, 0, ret_int + 1);
strcpy(output, ret_char);
free(ret_char);
cJSON_Delete(res);
free(auth_parameters);
return RET_OK;
}
ret_code authpara_config_mod_proc(uint source, uint config_type,
pointer input, int input_len,
pointer output, int *output_len)
{
ret_code ret = RET_OK;
cJSON *res;
char * ret_char = NULL;
unsigned int ret_int = 0;
auth_parameters_t *auth_parameters;
auth_parameters = (auth_parameters_t *)input;
int r = -1;
/*数据库修改*/
/*存入全局变量*/
/*用户态下发到内核态auth_hook */
printf("cfgchannel main begin:\r\n");
/*创建通道 */
r = commcfgnl_open();
if(r < 0)
{
printf(" pdlivnl_open fail, exit.\r\n");
return RET_ERR;
}
/*下发配置到内核态 */
r = set_agingtimecfg_waitack(&(auth_parameters->aging_time));
if(r < 0)
{
printf("set_cfg_debug_waitack failed.\r\n");
return RET_ERR;
}
/*关闭netlink通道 */
commcfgnl_close();
printf("cfgchannel main exit!\r\n");
/*创建json对象 */
res = cJSON_CreateObject();
if(!res)
{
free(auth_parameters);
ret = RET_ERR;
return ret;
}
/*将json对象转换成json字符串 返回处理结果*/
cJSON_AddNumberToObject(res, "result", r);
ret_char = cJSON_PrintUnformatted(res);
ret_int = strlen(ret_char);
if(output_len)
{
*output_len = ret_int;
}
/*超出2k的内存报错 */
if(ret_int >= 1024 * 2)
{
free(auth_parameters);
free(ret_char);
cJSON_Delete(res);
return RET_NOMEM;
}
memcpy(output, 0, ret_int + 1);
strcpy(output, ret_char);
free(ret_char);
cJSON_Delete(res);
free(auth_parameters);
return RET_OK;
}
ret_code authpara_config_proc(uint source, uint config_type,
pointer input, int input_len,
pointer output, int *output_len)
{
uint conf_type = config_type;
ret_code ret = RET_OK;
auth_parameters_t conf_buff = {0};
auth_parameters_t *auth_parameters = &conf_buff;
cJSON *res;
char * ret_char = NULL;
unsigned int ret_int = 0;
auth_parameters = (auth_parameters_t *)input;
rpc_log_info("config type is %d, ip %d port %d timehorizon %d failcount %d locktime %d aging_time %d\n",
conf_type, auth_parameters->ip, auth_parameters->port,
auth_parameters->timehorizon, auth_parameters->failcount,
auth_parameters->locktime, auth_parameters->aging_time);
switch (conf_type)
{
case AUTHPARA_CONFIG_ADD:
ret = authpara_config_add_proc(source, conf_type,
&auth_parameters, input_len,
output, output_len);
break;
case AUTHPARA_CONFIG_MOD:
ret = authpara_config_mod_proc(source, conf_type,
&auth_parameters, input_len,
output, output_len);
break;
default:
ret = RET_NOTSUPPORT;
}
return RET_OK;
}
Reference in New Issue View Git Blame Copy Permalink