cmhi
/
secgateway
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
secgateway/Platform/user/configm/config-server/authfree_config/authfree.c

338 lines
8.8 KiB
C
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#include "../include/parsefile.h"
#include "../include/configm.h"
#include "../../../netlink_uapi/libnetlinku.h"
#include "../../../../common/rpc/rpc.h"
#include "../include/authfree.h"
#include <cjson/cJSON.h>
#include "../../../../../Common/s2j/s2j.h"
#include "../../../../../Common/commuapinl.h"
#ifdef FREEAUTH_ACK_COOKIES
#define CFG_FREEAUTH_ACK_COOKIES
#endif
/*全局变量,存放用户信息 */
freeauth_configure_t *localuser;
/*全局变量初始化 失败为1 成功为0*/
int authfreeInit(freeauth_configure_t **localuser)
{
*localuser = (freeauth_configure_t *)malloc(sizeof(freeauth_configure_t));
if (NULL == *localuser)
{
return 1;
}
return 0;
}
/* 判断IPv4格式是否正确*/
int isIpV4Addr(const char *ipAddr)
{
int ip_part_1 = 0;
int ip_part_2 = 0;
int ip_part_3 = 0;
int ip_part_4 = 0;
char end_char = 0;
if((NULL == ipAddr) || (0 == strlen(ipAddr)))
{
return -1;
}
if(4 == sscanf(ipAddr,"%d.%d.%d.%d%c",&ip_part_1,&ip_part_2,&ip_part_3,&ip_part_4,&end_char))
{
if((ip_part_1 >= 0) && (ip_part_1 <= 255) &&
(ip_part_2 >= 0) && (ip_part_2 <= 255) &&
(ip_part_3 >= 0) && (ip_part_3 <= 255) &&
(ip_part_4 >= 0) && (ip_part_4 <= 255)
)
{
return 0;
}
}
return -1;
}
/*下发配置到内核态 */
int set_freeauthcfg_waitack(freeauth_configure_t *struct_freeauth)
{
int freeauth_len = 0;
struct nlmsghdr *ack = NULL;
struct nlmsghdr **answer = &ack;
struct{
struct nlmsghdr n;
char buf[1024];
} req ={
.n.nlmsg_len = NLMSG_LENGTH(0),
#ifdef CFG_FREEAUTH_ACK_COOKIES
.n.nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK,/*set NLM_F_ACKuse kernel auto ack*/
#else
.n.nlmsg_flags = NLM_F_REQUEST, /*not use kernel auto ack */
#endif
.n.nlmsg_type = FREEAUTH_CFG,
.n.nlmsg_pid = getpid(),
};
/*判断要发送的数据是否为NULL,不为NULL,打印出来 */
if (struct_freeauth == NULL)
{
printf("set_freeauthcfg_waitack is error: input struct_freeauth is NULL.\r\n");
return -1;
}else
{
char str[32];
memset(str, 0, 32);
inet_ntop(AF_INET, (void *)&struct_freeauth->sip, str, 32);
char *sip_addr = str;
char dtr[32];
memset(dtr, 0, 32);
inet_ntop(AF_INET, (void *)&struct_freeauth->dip, dtr, 32);
char *dip_addr = dtr;
printf("set_freeauthcfg_waitack :name %s sip %s dip %s dport %d\n",
struct_freeauth->name, sip_addr, dip_addr,
struct_freeauth->dport);
}
/*计算需要发送的数据的长度 */
freeauth_len = sizeof(freeauth_configure_t);
/*可选属性 */
commnl_addattr_l(&req.n, sizeof(req), 1, struct_freeauth, freeauth_len);
/*发送组装好的netlink消息 */
if(pdeliv_talk(1, &req.n, answer) < 0)
{
printf("set_user_freeauth_waitack rcv ack msg faild.\r\n");
return -2;
}
else
{
printf("set_user_freeauth_waitack rcv ack msg success.\r\n");
}
if(*answer != NULL)
{
printf("set_user_freeauth_waitack rcv answer.\r\n");
}
else{
printf("set_user_freeauth_waitack rcv answer error.\r\n");
return -3;
}
#ifdef CFG_FREEAUTH_ACK_COOKIES
/*recv answer*/
if((*answer)->nlmsg_type == NLMSG_ERROR){
nl_debugfs_extack(*answer);
}
#else
/*recv answer*/
if((*answer)->nlmsg_type == FREEAUTH_CFG)
{
nl_debugfs(*answer);
}
#endif
return 0;
}
/*判断免认证规则源IP地址、目的IP地址是否有效判断端口号是否有效 */
/*input格式 "{\"type\":0, \"dport\":24, \"name\":\"armink\", \"sip\":1027824, \"dip\":103427824}";*/
ret_code freeauth_config_chk(uint source, uint *config_type,
pointer input, int *input_len,
pointer output, int *output_len)
{
ret_code ret = RET_OK;
cJSON *cjson;
/*JSON字符串到JSON格式 */
cjson = cJSON_Parse(input);
if(!cjson)
{
ret = RET_INPUTERR;
ASSERT_RET(ret);
return ret;
}
/*创建freeauth_configure_t结构体对象 */
s2j_create_struct_obj(struct_freeauth, freeauth_configure_t);
/*反序列化数据到freeauth_configure_t结构体对象 */
s2j_struct_get_basic_element(struct_freeauth, cjson, string, name);
s2j_struct_get_basic_element(struct_freeauth, cjson, int, sip);
s2j_struct_get_basic_element(struct_freeauth, cjson, int, dip);
s2j_struct_get_basic_element(struct_freeauth, cjson, int, dport);
printf("freeauth configure: name: %s sip: %d dip: %d dport: %d\n",
struct_freeauth->name,struct_freeauth->sip, struct_freeauth->dip, struct_freeauth->dport);
if((*input_len < sizeof(freeauth_configure_t)) || (*input_len > sizeof(freeauth_configure_t)))
{
free(struct_freeauth);
cJSON_Delete(cjson);
ret = RET_INPUTERR;
ASSERT_RET(ret);
return ret;
}
char str[32];
memset(str, 0, 32);
inet_ntop(AF_INET, (void *)&struct_freeauth->sip, str, 32);
char *sip_addr = str;
if( isIpV4Addr(sip_addr) < 0 )
{
free(struct_freeauth);
cJSON_Delete(cjson);
ret = RET_IPINVALID;
ASSERT_RET(ret);
return ret;
}
char dtr[32];
memset(dtr, 0, 32);
inet_ntop(AF_INET, (void *)&struct_freeauth->dip, dtr, 32);
char *dip_addr = dtr;
if( isIpV4Addr(dip_addr) < 0 )
{
free(struct_freeauth);
cJSON_Delete(cjson);
ret = RET_IPINVALID;
ASSERT_RET(ret);
return ret;
}
if ( (struct_freeauth->dport < DPORT_MIN_NUM) && (struct_freeauth->dport > DPORT_MAX_NUM ))
{
free(struct_freeauth);
cJSON_Delete(cjson);
ret = RET_IPINVALID; /*先用IPVAILD表示后面加PORTVAILD */
ASSERT_RET(ret);
return ret;
}
free(struct_freeauth);
cJSON_Delete(cjson);
return RET_OK;
}
/*免认证规则有效将免认证规则通过netlink下发到内核态 */
ret_code freeauth_config_proc(uint source, uint config_type,
pointer input, int input_len,
pointer output, int *output_len)
{
ret_code ret = RET_OK;
cJSON *cjson, *res;
char * ret_char = NULL;
unsigned int ret_int = 0;
/*JSON字符串到JSON格式 */
cjson = cJSON_Parse(input);
if(!cjson)
{
ret = RET_INPUTERR;
ASSERT_RET(ret);
return ret;
}
/*创建freeauth_configure_t结构体对象 */
s2j_create_struct_obj(struct_freeauth, freeauth_configure_t);
/*反序列化数据到freeauth_configure_t结构体对象 */
s2j_struct_get_basic_element(struct_freeauth, cjson, string, name);
s2j_struct_get_basic_element(struct_freeauth, cjson, int, sip);
s2j_struct_get_basic_element(struct_freeauth, cjson, int, dip);
s2j_struct_get_basic_element(struct_freeauth, cjson, int, dport);
char str[32];
memset(str, 0, 32);
inet_ntop(AF_INET, (void *)&struct_freeauth->sip, str, 32);
char *sip_addr = str;
char dtr[32];
memset(dtr, 0, 32);
inet_ntop(AF_INET, (void *)&struct_freeauth->dip, dtr, 32);
char *dip_addr = dtr;
rpc_log_info("freeauth configure: name %s sip %s dip %s dport %d\n",
struct_freeauth->name,sip_addr, dip_addr, struct_freeauth->dport);
/*用户态下发到内核态auth_hook */
int r = -1;
printf("cfgchannel main begin:\r\n");
/*创建通道 */
r = commcfgnl_open();
if(r < 0)
{
printf(" pdlivnl_open fail, exit.\r\n");
free(struct_freeauth);
cJSON_Delete(cjson);
return RET_ERR;
}
/*下发配置到内核态 */
r = set_freeauthcfg_waitack(struct_freeauth);
if(r < 0)
{
printf("set_cfg_debug_waitack failed.\r\n");
free(struct_freeauth);
cJSON_Delete(cjson);
return RET_ERR;
}
/*关闭netlink通道 */
commcfgnl_close();
printf("cfgchannel main exit!\r\n");
/*创建json对象 */
res = cJSON_CreateObject();
if(!res)
{
free(struct_freeauth);
ret = RET_ERR;
ASSERT_RET(ret);
return ret;
}
cJSON_AddNumberToObject(res, "result", r);
/*将json对象转换成json字符串 */
ret_char = cJSON_PrintUnformatted(res);
ret_int = strlen(ret_char);
if(output_len)
{
*output_len = ret_int;
}
/*超出2k的内存报错 */
if(ret_int >= 1024 * 2)
{
free(struct_freeauth);
free(ret_char);
cJSON_Delete(res);
return RET_NOMEM;
}
memcpy(output, 0, ret_int + 1);
strcpy(output, ret_char);
free(ret_char);
cJSON_Delete(res);
cJSON_Delete(cjson);
/*把免认证规则的配置信息存入全局变量 */
localuser->sip = struct_freeauth->sip;
free(struct_freeauth);
return RET_OK;
}
Reference in New Issue View Git Blame Copy Permalink