*****************************************************************************/
u32 pos_dba_save_ip_info(u32 ifindex, s8 *ip4_addr)
{
s32 ret, mask;
exlode_t ipmasktmp;
struct in_addr in_addr;
struct in_addr netmask;
sqlite3 *db= NULL;
s8 sqlite_sql_buf[SQLITE_SQL_BUF_SIZE];
/*获取IP和掩码*/
explode_string('/', ip4_addr, &ipmasktmp);
inet_aton(ipmasktmp.strings[0], &in_addr);
mask = atoi(ipmasktmp.strings[1]);
ifm_api_masklen2ip (mask, &netmask);
/*打开数据库*/
db = sqlite3_open_ex(1, IFMODE_DB);
if (NULL == db)
{
return ERROR_FAIL;
}
/*更新数据库*/
snprintf(sqlite_sql_buf, sizeof(sqlite_sql_buf),
"UPDATE tb_port_l3 set ip='%d', mask='%d' where ifindex='%d';", in_addr.s_addr, netmask.s_addr, ifindex);
ret = sqlite3_exec_ex (db, sqlite_sql_buf);
/*关闭数据库*/
sqlite3_close_ex(db);
db = NULL;
/*返回结果*/
return ret;
s32 adduploadSslInfotodb(sqlite3* db, s8* record)
{
u32 count;
sqlite3_res res = NULL;
exlode_t ex_record = {0};
adx_vslb_session_id_persis_cfg_s_tmp cfg;
u32 syscall_result = ERROR_SUCCESS;
u32 id,agingtime;
explode_string (',', record, &ex_record);
snprintf(g_sqlite_sql_buf,sizeof(g_sqlite_sql_buf),
"SELECT COUNT(*) as count FROM tb_ssl_session WHERE name = '%s';", ex_record.strings[1]);
sqlite3_exec_query_ex(db,g_sqlite_sql_buf,&res);
sqlite3_get_u32_ex(res,0,"count",&count);
sqlite3_res_free_ex(res);
res = NULL;
if(count > 0)
{
explode_free(&ex_record);
return NAME_EXIST;
}
id = atoi(ex_record.strings[0]);
snprintf(g_sqlite_sql_buf,sizeof(g_sqlite_sql_buf),
"SELECT COUNT(*) as count FROM tb_ssl_session WHERE id = %d;", id);
sqlite3_exec_query_ex(db,g_sqlite_sql_buf,&res);
sqlite3_get_u32_ex(res,0,"count",&count);
sqlite3_res_free_ex(res);
res = NULL;
if(count > 0)
{
explode_free(&ex_record);
return TREEID_EXIST;
}
agingtime = atoi(ex_record.strings[2]);
/* 插入树节点 */
add_session_tree_node(db, ADX_VSLB_SE_PERSIS_SSL_SESSION_ID, id, ex_record.strings[1]);
snprintf(g_sqlite_sql_buf,sizeof(g_sqlite_sql_buf),
"INSERT INTO tb_ssl_session(id,name,agingtime) \
VALUES (%d,'%s',%d);",
id,ex_record.strings[1],agingtime);
sqlite3_exec_ex(db, g_sqlite_sql_buf);
cfg.age_time = agingtime;
cfg.session_id = id;
if(ERROR_SUCCESS != conplat_syscall(MODULEID_ADX_VSLB, ADX_VSLB_ADD_SEID_PERSIS, &cfg, sizeof(adx_vslb_session_id_persis_cfg_s_tmp), (s32*)&syscall_result))
{
SQLITE_TRANSC_ROLLBACK(db);
goto label_ret;
}
conplat_syscall(ADX_MODULEID_SLB|ADX_BOARD, ADX_VSLB_ADD_SEID_PERSIS, &cfg, sizeof(adx_vslb_session_id_persis_cfg_s_tmp), (s32*)&syscall_result);
label_ret:
explode_free(&ex_record);
return ERROR_SUCCESS;
}
static void menu_swapusb(void)
{
int i,n,x;
char str[100],buf[256],*strs[100];
printf("\n");
/* print selected USB device */
if (astgetresp("radio active")) return;
/* get device list from Asterisk */
if (astgetline("radio tune menu-support 3",buf,sizeof(buf) - 1)) exit(255);
n = explode_string(buf,strs,100,',',0);
if ((n < 1) || (!*strs[0]))
{
fprintf(stderr,"No additional USB devices found\n");
return;
}
qsort(strs,n,sizeof(char *),qcompar);
printf("Please select from the following USB devices:\n");
for (x = 0; x < n; x++)
{
printf("%d) Device [%s]\n",x + 1,strs[x]);
}
printf("0) Exit Selection\n");
printf("Enter make your selection now: ");
if (fgets(str,sizeof(str) - 1,stdin) == NULL)
{
printf("USB device not changed\n");
return;
}
if (str[0] && (str[strlen(str) - 1] == '\n'))
str[strlen(str) - 1] = 0;
for(x = 0; str[x]; x++)
{
if (!isdigit(str[x])) break;
}
if (str[x] || (sscanf(str,"%d",&i) < 1) || (i < 0) || (i > n))
{
printf("Entry Error, USB device not swapped\n");
return;
}
if (i < 1)
{
printf("USB device not swapped\n");
return;
}
snprintf(str,sizeof(str) - 1,"radio tune swap %s",strs[i - 1]);
astgetresp(str);
return;
}
*****************************************************************************/
u32 pos_set_ip_info(const s8* ifname, s8 *ip4_addr)
{
s32 ret;
exlode_t ipmasktmp;
struct in_addr in_addr;
s32 mask = 0;
/*删除所有的IP地址*/
ret = ifm_del_all_ip(ifname);
if(ERROR_SUCCESS != ret)
{
return ret;
}
/*获取新的IP和掩码*/
explode_string('/', ip4_addr, &ipmasktmp);
inet_aton(ipmasktmp.strings[0], &in_addr);
mask = atoi(ipmasktmp.strings[1]);
/*设置IP和掩码*/
ret = ifm_add_ip(ifname, in_addr.s_addr, mask);
return ret;
/*****************************************************************************
函 数 名 : qinq_config_restore
功能描述 : tpid配置恢复
输入参数 :
输出参数 :
返 回 值 :
----------------------------------------------------------------------------
修改作者 : liuyang
日 期 : 2011年8月27日
修改内容 : 新生成函数
*****************************************************************************/
s32 qinq_config_restore(void)
{
s32 ret = 0;
u32 length = 0;
s32 i = 0,j=0,k = 0;
exlode_t array_string;
exlode_t ifindex_array;
exlode_t info_array;
qinq_enable_info_db_s *qinq_info_db = NULL;
qinq_port_info_s *port_info = NULL;
ret = qinq_get_count(&length);
if ((ERROR_SUCCESS != ret)||(0 == length))
{
goto OUT;
}
qinq_info_db = malloc(length*sizeof(qinq_enable_info_db_s));
if (NULL == qinq_info_db)
{
goto OUT;
}
ret = qinq_get_db_all_info(qinq_info_db);
if (ERROR_SUCCESS != ret)
{
goto OUT;
}
for (i = 0;i < length; i++)
{
explode_string(',',qinq_info_db[i].ifindex, &ifindex_array);
if(COMMON_QINQ == qinq_info_db[i].qinq_mode)
{
port_info = malloc (sizeof(qinq_port_info_s) + ifindex_array.len*sizeof(u32));
if (NULL == port_info)
{
goto OUT;
}
memset(port_info,0,sizeof(qinq_port_info_s) + ifindex_array.len*sizeof(u32));
port_info->qinqmode = qinq_info_db[i].qinq_mode;
port_info->portnum = ifindex_array.len;
for (j = 0; j < ifindex_array.len; j++)
{
port_info->ifindex[j] = atoi(ifindex_array.strings[j]);
}
ret = qinq_lib_add_port_config(port_info);
if (ERROR_SUCCESS != ret)
{
goto OUT;
}
if (NULL != port_info)
{
free(port_info);
port_info = NULL;
}
}
else
{
explode_string('$', qinq_info_db[i].qinq_info, &array_string);
for (k = 0; k<array_string.len-1; k++)
{
explode_string(';', array_string.strings[k], &info_array);
port_info = malloc (sizeof(qinq_port_info_s) + ifindex_array.len*sizeof(u32));
if (NULL == port_info)
{
goto OUT;
}
memset(port_info,0,sizeof(qinq_port_info_s) + ifindex_array.len*sizeof(u32));
port_info->qinqmode = qinq_info_db[i].qinq_mode;
port_info->portnum = ifindex_array.len;
for (j = 0; j < ifindex_array.len; j++)
{
port_info->ifindex[j] = atoi(ifindex_array.strings[j]);
}
if (0==strcmp(info_array.strings[1],""))
{
port_info->add_vlan = IGNORE_CONFIG;
port_info->add_pri = atoi(info_array.strings[2]);
}
else if (0==strcmp(info_array.strings[2],""))
{
port_info->add_vlan = atoi(info_array.strings[1]);
port_info->add_pri = IGNORE_CONFIG;
}
else
{
port_info->add_vlan = atoi(info_array.strings[1]);
port_info->add_pri = atoi(info_array.strings[2]);
}
if (VLAN_ADD_TAG == qinq_info_db[i].qinq_mode)
{
qinq_vlan_str_to_map (info_array.strings[0], port_info->vlan_map);
memset(port_info->pri_map,0,sizeof(port_info->pri_map));
}
else if (PRI_ADD_TAG == qinq_info_db[i].qinq_mode)
{
qinq_pri_str_to_map (info_array.strings[0], port_info->pri_map);
memset(port_info->vlan_map,0,sizeof(port_info->vlan_map));
}
ret = qinq_lib_add_port_config(port_info);
if (ERROR_SUCCESS != ret)
{
goto OUT;
}
if (NULL != port_info)
{
free(port_info);
port_info = NULL;
}
explode_free(&info_array);
}
explode_free(&array_string);
}
explode_free(&ifindex_array);
}
OUT:
if (NULL != qinq_info_db)
free(qinq_info_db);
if (NULL != port_info)
free(port_info);
return ret;
}
int ip6_stateless_init()
{
struct ip6_stateless_prefix *prefix = NULL;
sqlite3 *db = NULL;
sqlite3_res res = NULL;
int i;
char *str;
int value;
exlode_t prefix_exp1 = {0};
u32 size = 0;
u32 result = ERROR_SUCCESS;
s32 ret = ERROR_SUCCESS;
db = sqlite3_open_ex(1, IP6_AUTOCONFIG_DB);
if(NULL == db)
return -1;
/* 接口ipv6地址自动配置开关配置恢复 */
ip6_auto_if_accept_ra(db);
/* 执行查询语句 */
result = sqlite3_exec_query_ex(db, "select * from "IP6_STATELESS_TABLE";", &res);
if (result!=SQLITE_OK) {
goto label_ret;
}
for (i = 0; ; i++)
{
result += sqlite3_get_str_ex(res, i, "prefixes", &str);
if (result == SQLITE_DONE) {
result = ERROR_SUCCESS;
goto label_ret;
}
explode_string(stoken_in_field1, str, &prefix_exp1);
size = sizeof(struct ra_prefix)*prefix_exp1.len
+ sizeof(struct ip6_stateless_prefix);
prefix = malloc(size);
if (prefix == NULL) {
result = -1;
goto label_ret;
}
prefix->num_prefix = prefix_exp1.len;
prefix->num_prefix = prefix_explode(&prefix_exp1, prefix->prefix);
explode_free(&prefix_exp1);
result += sqlite3_get_s32_ex(res, i, "id", &prefix->id);
result += sqlite3_get_str_ex(res, i, "interface", &str);
ret = if_get_index_by_name(str, (s32 *)&prefix->ifindex);
if (ret != ERROR_SUCCESS) {
result = ret;
goto label_ret;
}
result += sqlite3_get_u32_ex(res, i, "interval_min", &prefix->ra_interval_min);
result += sqlite3_get_u32_ex(res, i, "interval_max", &prefix->ra_interval_max);
result += sqlite3_get_s32_ex(res, i, "ifstatus", &value);
result += sqlite3_get_str_ex(res, i, "other", &str);
if (result != SQLITE_OK)
break;
extra_explode(str, prefix);
prefix->ra_flag |= value<<RAFLAG_EN;
if ((prefix->ra_flag&(1<<RAFLAG_EN)) && prefix->num_prefix!=0) /* Enabled,so we call conplat_syscall */
{
result = conplat_syscall(MODULEID_IP6_AUTOCONFIG, IP6_AUTOCONFIG_SYSCALL_ADD, prefix, size, &ret);
if (result != ERROR_SUCCESS) {
break;
}
}
free(prefix);
prefix = NULL;
}
label_ret:
if (res != NULL)
sqlite3_res_free_ex(res);
if (db != NULL)
sqlite3_close_ex(db);
if (prefix != NULL)
free(prefix);
return result;
}
int main (int argc, char **argv) {
unsigned int i;
unsigned int use_capabilities=0;
int ret;
char **newargv;
char *user=NULL, *tmp=NULL;
struct passwd *pw=NULL;
struct group *gr=NULL;
unsigned long ngroups_max=NGROUPS_MAX;
unsigned long ngroups=0;
gid_t *gids;
struct passwd *intpw=NULL; /* for internal_getpwuid() */
char *jaildir=NULL, *newhome=NULL, *shell=NULL;
Tiniparser *parser=NULL;
char **envs=NULL;
unsigned int relax_home_group_permissions=0;
unsigned int relax_home_other_permissions=0;
unsigned int relax_home_group=0;
char *injail_shell=NULL;
unsigned int skip_injail_passwd_check=0;
DEBUG_MSG(PROGRAMNAME", started\n");
/* open the log facility */
openlog(PROGRAMNAME, LOG_PID, LOG_AUTH);
/* attach signal handler */
signal(SIGILL,signal_handler);
signal(SIGSEGV,signal_handler);
signal(SIGTERM,signal_handler);
signal(SIGFPE,signal_handler);
/* check if it PRORAMNAME that the user wants */
tmp = strrchr(argv[0], '/');
if (!tmp) {
tmp = argv[0];
} else {
tmp++;
}
if (strcmp(tmp, PROGRAMNAME) != 0 && strcmp(tmp, "su")!= 0 && (tmp[0] != '-' || strcmp(&tmp[1], PROGRAMNAME))) {
DEBUG_MSG("wrong name, tmp=%s, &tmp[1]=%s\n", tmp, &tmp[1]);
syslog(LOG_ERR, "abort, "PROGRAMNAME" is called as %s", argv[0]);
exit(1);
}
/* now test if we are setuid root (the effective user id must be 0, and the real user id > 0 */
if (geteuid() != 0) {
if (have_capabilities()) {
use_capabilities=1;
} else {
syslog(LOG_ERR, "abort, effective user ID is not 0, possibly "PROGRAMNAME" is not setuid root");
exit(11);
}
}
if (getuid() == 0) {
syslog(LOG_ERR, "abort, "PROGRAMNAME" is run by root, which does not make sense because user root can break out of a jail anyway");
exit(12);
}
DEBUG_MSG("get user info\n");
/* get user info based on the users name and not on the uid. this enables support
for systems with multiple users with the same user id */
tmp = getenv("USER");
if (tmp && strlen(tmp)) {
user = strdup(tmp);
}
if (user) {
pw = getpwnam(user);
} else {
pw = getpwuid(getuid());
}
if (!pw) {
syslog(LOG_ERR, "abort, failed to get user information for user ID %d: %s, check /etc/passwd", getuid(), strerror(errno));
exit(13);
}
if (!pw->pw_name || strlen(pw->pw_name)==0) {
syslog(LOG_ERR, "abort, got an empty username for user ID %d: %s, check /etc/passwd", getuid(), strerror(errno));
exit(13);
}
if (user && strcmp(user,pw->pw_name)!=0) {
syslog(LOG_ERR, "abort, asked for user %s, got user info for %s", user, pw->pw_name);
exit(13);
}
if (pw->pw_uid != getuid()) {
syslog(LOG_ERR, "abort, started by user ID %d, got user info %s with user ID %d,", getuid(), pw->pw_name, pw->pw_uid);
exit(13);
}
DEBUG_MSG("got user %s\nget group info\n",pw->pw_name);
gr = getgrgid(getgid());
if (!gr) {
syslog(LOG_ERR, "abort, failed to get group information for group ID %d: %s, check /etc/group", getgid(), strerror(errno));
exit(13);
}
DEBUG_MSG("get additional groups\n");
/* ngroups_max = sysconf(_SC_NGROUPS_MAX);*/
gids = malloc(ngroups_max * sizeof(gid_t));
ngroups = getgroups(ngroups_max,gids);
if (ngroups == -1) {
syslog(LOG_ERR, "abort, failed to get additional group information: %s, check /etc/group", strerror(errno));
exit(13);
}
#ifdef DEBUG
printf("got additional groups ");
for (i=0;i<ngroups;i++) {
printf("%d, ",gids[i]);
}
printf("\n");
#endif
/* make sure the jailkit config directory is owned root:root and not writable for others */
if ( (testsafepath(INIPREFIX, 0, 0) &~TESTPATH_GROUPW) != 0 ) {
syslog(LOG_ERR, "abort, jailkit configuration directory "INIPREFIX" is not safe; it should be owned 0:0 and not writable for others");
exit(14);
}
parser = new_iniparser(CONFIGFILE);
if (parser) {
char *groupsec, *section=NULL, buffer[1024]; /* openbsd complains if this is <1024 */
groupsec = strcat(strcpy(malloc0(strlen(gr->gr_name)+7), "group "), gr->gr_name);
if (iniparser_has_section(parser, pw->pw_name)) {
section = strdup(pw->pw_name);
} else if (iniparser_has_section(parser, groupsec)) {
section = groupsec;
} else if (iniparser_has_section(parser, "DEFAULT")) {
section = strdup("DEFAULT");
}
if (section != groupsec) free(groupsec);
if (section) {
unsigned int pos = iniparser_get_position(parser) - strlen(section) - 2;
if (iniparser_get_string_at_position(parser, section, "env", pos, buffer, 1024) > 0) {
envs = explode_string(buffer, ',');
}
relax_home_group_permissions = iniparser_get_int_at_position(parser, section, "relax_home_group_permissions", pos);
relax_home_other_permissions = iniparser_get_int_at_position(parser, section, "relax_home_other_permissions", pos);
relax_home_group = iniparser_get_int_at_position(parser, section, "relax_home_group", pos);
if (iniparser_get_string_at_position(parser, section, "injail_shell", pos, buffer, 1024) > 0) {
injail_shell = strdup(buffer);
}
if (injail_shell) {
skip_injail_passwd_check = iniparser_get_int_at_position(parser, section, "skip_injail_passwd_check", pos);
}
DEBUG_MSG("section %s: relax_home_group_permissions=%d, relax_home_other_permissions=%d, relax_home_group=%d, injail_shell=%s, skip_injail_passwd_check=%d\n",
section, relax_home_group_permissions, relax_home_other_permissions,
relax_home_group, injail_shell, skip_injail_passwd_check);
free(section);
} else {
DEBUG_MSG("no relevant section found in configfile\n");
}
iniparser_close(parser);
} else {
DEBUG_MSG("no configfile "CONFIGFILE" ??\n");
}
DEBUG_MSG("close filedescriptors\n");
/* open file descriptors can be used to break out of a chroot, so we close all of them, except for stdin,stdout and stderr */
#ifdef OPEN_MAX
i = OPEN_MAX;
#elif defined(NOFILE)
i = NOFILE;
#else
i = getdtablesize();
#endif
while (--i > 2) {
/*printf("closing file descriptor %d\n",i);*/
while (close(i) != 0 && errno == EINTR);
}
/* now make sure file descriptors 0 1 and 2 are valid before we (or a child) starts writing to it */
while (1) {
int fd;
fd = open("/dev/null", O_RDWR);
if (fd < 0)
exit(10);
if (fd > 2) {
close(fd);
break;
} else {
DEBUG_MSG("re-opening file descriptor %d\n",fd);
}
}
/* now we clear the environment, except for values allowed in /etc/jailkit/jk_chrootsh.ini */
unset_environ_except(envs);
if (envs) {
free_array(envs);
}
if (pw->pw_gid != getgid()) {
syslog(LOG_ERR, "abort, the group ID from /etc/passwd (%d) does not match the group ID we run with (%d)", pw->pw_gid, getgid());
exit(15);
}
if (!pw->pw_dir || strlen(pw->pw_dir) ==0) {
syslog(LOG_ERR, "abort, got an empty home directory for user %s (%d)", pw->pw_name, getuid());
exit(16);
}
if (strstr(pw->pw_dir, "/./") == NULL) {
syslog(LOG_ERR, "abort, homedir '%s' for user %s (%d) does not contain the jail separator <jail>/./<home>", pw->pw_dir, pw->pw_name, getuid());
exit(17);
}
DEBUG_MSG("get jaildir\n");
if (!getjaildir(pw->pw_dir, &jaildir, &newhome)) {
syslog(LOG_ERR, "abort, failed to read the jail and the home from %s for user %s (%d)",pw->pw_dir, pw->pw_name, getuid());
exit(17);
}
DEBUG_MSG("dir=%s,jaildir=%s,newhome=%s\n",pw->pw_dir, jaildir, newhome);
DEBUG_MSG("get chdir()\n");
if (chdir(jaildir) != 0) {
syslog(LOG_ERR, "abort, chdir(%s) failed: %s, check the permissions for %s",jaildir,strerror(errno),jaildir);
exit(19);
} else {
char test[1024];
/* test if it really succeeded */
if (getcwd(test, 1024)==NULL || !dirs_equal(jaildir, test)) {
syslog(LOG_ERR, "abort, the current dir is %s after chdir(%s), but it should be %s",test,jaildir,jaildir);
exit(21);
}
}
/* here do test the ownership of the jail and the homedir and such
the function testsafepath doe exit itself on any failure */
if (!basicjailissafe(jaildir)) {
syslog(LOG_ERR, "abort, %s is not a safe chroot jail.", jaildir);
exit(53);
}
ret = testsafepath(pw->pw_dir, getuid(), getgid());
if ((ret & TESTPATH_NOREGPATH) ) {
syslog(LOG_ERR, "abort, path %s is not a directory", pw->pw_dir);
exit(53);
}
if ((ret & TESTPATH_OWNER) ) {
syslog(LOG_ERR, "abort, path %s is not owned by %d", pw->pw_dir,getuid());
exit(53);
}
if (!relax_home_group && (ret & TESTPATH_GROUP)) {
syslog(LOG_ERR, "abort, path %s does not have group owner %d, set option 'relax_home_group' to relax this check", pw->pw_dir,getgid());
exit(53);
}
if (!relax_home_group_permissions && (ret & TESTPATH_GROUPW)) {
syslog(LOG_ERR, "abort, path %s is group writable, set option 'relax_home_group_permissions' to relax this check", pw->pw_dir);
exit(53);
}
if (!relax_home_other_permissions && (ret & TESTPATH_OTHERW)) {
syslog(LOG_ERR, "abort, path %s is writable for other, set option 'relax_home_other_permissions' to relax this check", pw->pw_dir);
exit(53);
}
/* do a final log message */
tmp = implode_array(&argv[1], argc-1, " ");
syslog(LOG_INFO, "now entering jail %s for user %s (%d) with arguments %s", jaildir, pw->pw_name, getuid(), tmp);
free(tmp);
DEBUG_MSG("chroot()\n");
/* do the chroot() call */
if (chroot(jaildir)) {
syslog(LOG_ERR, "abort, chroot(%s) failed: %s, check the permissions for %s", jaildir, strerror(errno), jaildir);
exit(33);
}
if (use_capabilities) {
#ifdef HAVE_CAP_GET_PROC
cap_t caps;
cap_value_t capv[1];
/* drop chroot capability, should we drop all other capabilities that may be used to escape from the jail too ? */
if ((caps = cap_get_proc()) == NULL) {
syslog(LOG_ERR, "abort, failed to retrieve current capabilities: %s", strerror(errno));
exit(101);
}
capv[0] = CAP_SYS_CHROOT;
/* other capabilities that should/could be dropped:
CAP_SETPCAP, CAP_SYS_MODULE, CAP_SYS_RAWIO, CAP_SYS_PTRACE, CAP_SYS_ADMIN */
if (cap_set_flag(caps, CAP_PERMITTED, 1, capv, CAP_CLEAR)) {
syslog(LOG_ERR, "abort, failed to set PERMITTED capabilities: %s", strerror(errno));
exit(102);
}
if (cap_set_flag(caps, CAP_EFFECTIVE, 1, capv, CAP_CLEAR)) {
syslog(LOG_ERR, "abort, failed to set effective capabilities: %s", strerror(errno));
exit(103);
}
if (cap_set_flag(caps, CAP_INHERITABLE, 1, capv, CAP_CLEAR)) {
syslog(LOG_ERR, "abort, failed to set INHERITABLE capabilities: %s", strerror(errno));
exit(104);
}
if (cap_set_proc(caps)) {
syslog(LOG_ERR, "abort, failed to apply new capabilities: %s", strerror(errno));
exit(105);
}
#else
/* we should never get here */
exit(333);
#endif
} else {
/* drop all privileges, it seems that we first have to setgid(),
then we have to call initgroups(),
then we call setuid() */
if (setgid(getgid())) {
syslog(LOG_ERR, "abort, failed to set effective group ID %d: %s", getgid(), strerror(errno));
exit(34);
}
if (setgroups(ngroups, gids)==-1) {
syslog(LOG_ERR, "abort, failed to set additional groups: %s", strerror(errno));
exit(35);
}
free(gids);
/* if (initgroups(pw->pw_name, getgid())) {
syslog(LOG_ERR, "abort, failed to init groups for user %s (%d), check %s/etc/group", pw->pw_name,getuid(),jaildir);
exit(35);
}*/
if (setuid(getuid())) {
syslog(LOG_ERR, "abort, failed to set effective user ID %d: %s", getuid(), strerror(errno));
exit(36);
}
}
/* test for user and group info, is it the same? checks username, groupname and home */
if (!skip_injail_passwd_check){
char *oldpw_name,*oldgr_name;
oldpw_name = strdup(pw->pw_name);
oldgr_name = strdup(gr->gr_name);
if (user) {
pw = getpwnam(user);
} else {
pw = getpwuid(getuid());
}
if (!pw) {
syslog(LOG_ERR, "abort, failed to get user information in the jail for user ID %d: %s, check %s/etc/passwd",getuid(),strerror(errno),jaildir);
exit(35);
}
if (pw->pw_uid != getuid()) {
syslog(LOG_ERR, "abort, got user information in the jail for user ID %d instead of user ID %d, check %s/etc/passwd",pw->pw_uid,getuid(),jaildir);
exit(35);
}
DEBUG_MSG("got %s as pw_dir\n",pw->pw_dir);
gr = getgrgid(getgid());
if (!gr) {
syslog(LOG_ERR, "abort, failed to get group information in the jail for group ID %d: %s, check %s/etc/group",getgid(),strerror(errno),jaildir);
exit(35);
}
if (strcmp(pw->pw_name, oldpw_name)!=0) {
syslog(LOG_ERR, "abort, username %s differs from jail username %s for user ID %d, check /etc/passwd and %s/etc/passwd", oldpw_name, pw->pw_name, getuid(), jaildir);
exit(37);
}
if (strcmp(gr->gr_name, oldgr_name)!=0) {
syslog(LOG_ERR, "abort, groupname %s differs from jail groupname %s for group ID %d, check /etc/passwd and %s/etc/passwd", oldgr_name, gr->gr_name, getgid(), jaildir);
exit(37);
}
if (strcmp(pw->pw_dir, newhome)!=0) {
DEBUG_MSG("%s!=%s\n",pw->pw_dir, newhome);
/* if these are different, it could be that getpwuid() gets the real user
info (from for example ldap or nscd), and not the info inside the jail, lets
test that, and if true, we should use the shell from the internal function as well*/
intpw = internal_getpwuid("/etc/passwd", getuid());
if (!intpw) {
DEBUG_MSG("%s!=%s\n",intpw->pw_dir, newhome);
syslog(LOG_ERR, "abort, failed to find user %d in %s/etc/passwd", getuid(), jaildir);
exit(39);
}
if (!dirs_equal(intpw->pw_dir, newhome)) {
DEBUG_MSG("%s!=%s\n",intpw->pw_dir, newhome);
syslog(LOG_ERR, "abort, home directory %s differs from jail home directory %s for user %s (%d), check /etc/passwd and %s/etc/passwd", newhome, pw->pw_dir, pw->pw_name, getuid(), jaildir);
exit(39);
}
}
free(oldpw_name);
free(oldgr_name);
}
if (injail_shell) {
shell = injail_shell;
} else if (intpw) {
shell = intpw->pw_shell;
} else {
shell = pw->pw_shell;
}
/* test the shell in the jail, it is not allowed to be setuid() root */
testsafepath(shell,0,0);
/* prepare the new environment */
setenv("HOME",newhome,1);
setenv("USER",pw->pw_name,1);
setenv("USERNAME",pw->pw_name,1);
setenv("SHELL",shell,1);
if (chdir(newhome) != 0) {
syslog(LOG_ERR, "abort, chdir(%s) failed inside the jail %s: %s, check the permissions for %s/%s",newhome,jaildir,strerror(errno),jaildir,newhome);
exit(41);
}
/* cleanup before execution */
free(newhome);
/* now execute the jailed shell */
/*execl(pw->pw_shell, pw->pw_shell, NULL);*/
newargv = malloc0((argc+1)*sizeof(char *));
newargv[0] = shell;
for (i=1;i<argc;i++) {
newargv[i] = argv[i];
}
execv(shell, newargv);
DEBUG_MSG(strerror(errno));
syslog(LOG_ERR, "ERROR: failed to execute shell %s for user %s (%d), check the permissions and libraries of %s/%s",shell,pw->pw_name,getuid(),jaildir,shell);
free(jaildir);
exit(111);
}
s32 ifm_sync_group_restore (void)
{
s32 rc = 0;
s32 i = 0;
s32 j = 0;
sqlite3 *db = NULL;
sqlite3_res res = NULL;
s8 cmd[256];
s8 *ptr = NULL;
s32 count = 0;
s32 syncgroupid;
s32 sql_ret = SQLITE_OK;
s32 ret = ERROR_SUCCESS;
s8 *ifname;
s32 indexlists[8] = {0};
exlode_t ex_ifList;
s32 length = 0;
db = sqlite3_open_ex(1, DATABASE_IF_SYNC_PATH);
if(NULL == db)
{
return ERROR_SYSTEM;
}
snprintf(cmd, sizeof (cmd), "select count(*) as count from tb_ifsyncgroup;");
rc = sqlite3_exec_query_ex(db, cmd, &res);
if (SQLITE_OK != rc)
{
ret = ERROR_SYSTEM;
goto label;
}
rc = sqlite3_get_s32_ex(res, 0, "count", &count);
if (SQLITE_OK != rc)
{
ret = ERROR_SYSTEM;
goto label;
}
if(0 == count)
{
goto label;
}
sqlite3_res_free_ex(res);
res = NULL;
snprintf(cmd, sizeof (cmd), "select * from tb_ifsyncgroup;");
rc = sqlite3_exec_query_ex(db, cmd, &res);
if (SQLITE_OK != rc)
{
ret = ERROR_SYSTEM;
goto label;
}
for(i = 0; i < count; i++)
{
sql_ret = sqlite3_get_s32_ex(res,i,"syncgroupid",&syncgroupid);
if(SQLITE_OK != sql_ret)
{
ret = ERROR_SYSTEM;
goto label;
}
sql_ret = sqlite3_get_str_ex(res,i,"iflist",&ptr);
if(SQLITE_OK != sql_ret)
{
ret = ERROR_SYSTEM;
goto label;
}
explode_string(',', ptr, &ex_ifList);
length = (s32)ex_ifList.len;
for(j = 0; j < length; j++)
{
if(*(ex_ifList.strings[j]) == ' ')
{
ifname = ex_ifList.strings[j] + 1;
}
else
{
ifname = ex_ifList.strings[j];
}
if_get_index_by_name(ifname, &indexlists[j]);
}
ifsync_create_group(syncgroupid, indexlists);
}
label:
if(res != NULL)
{
sqlite3_res_free_ex(res);
res = NULL;
}
sqlite3_close_ex(db);
db = NULL;
return ret;
}
/*
* help:
"* sniffer filter {switch/field}\n"
"* switch: on/off\n"
"* field: indev device\n"
"* outdev device\n"
"* ipv4/ipv6\n"
"* tcp/udp/icmp/icmp6/sctp/gre\n"
"* src [addr(6)] port(for tcp/udp/sctp)\n"
"* dst [addr(6)] port(for tcp/udp/sctp) or\n"
"* type,code(for icmp and icmp6)\n"
"* port for both src and dst\n"
"* echo/echoreply\n"
"* sniffer start {count/info} {modules...}\n"
"* sniffer getcount\n"
"* sniffer stop\n");
*/
s32 main(s32 argc, s8 *argv[])
{
s32 ret = ERROR_SUCCESS;
int wait4packet = 0;
int nlh_seq = 0;
u32 mod_flag = 0;
int snd_len = sizeof(struct nlmsghdr);
struct nlmsghdr *nlh;
struct {
struct nlmsghdr nlhdr;
union {
u8 data_8;
u32 data_32;
struct sniffer_module_switch start;
struct sniffer_filter filter;
u8 content[SNIFFER_SND_BUF_LEN];
}data;
}buf; /* initialize to zero */
int buf_len = sizeof(buf);
memset(&buf, 0, sizeof(buf));
/* parse the cmd parameters */
/* sniffer filter {switch/field}
* switch: on/off
* field: ...
*/
if (argc > 2 && !strcmp(argv[1], "filter"))
{
if (!strcmp(argv[2], "on"))
{
buf.nlhdr.nlmsg_type = SNIFFER_NLTYPE_UFILTER_ST;
buf.data.data_8 = 1;
snd_len += sizeof(sizeof(buf.data.data_8));
}
else if (!strcmp(argv[2], "off"))
{
buf.nlhdr.nlmsg_type = SNIFFER_NLTYPE_UFILTER_ST;
buf.data.data_8 = 2;
snd_len += sizeof(sizeof(buf.data.data_8));
}
else if (!strcmp(argv[2], "reset"))
{
buf.nlhdr.nlmsg_type = SNIFFER_NLTYPE_UFILTER_ST;
buf.data.data_8 = 3;
snd_len += sizeof(sizeof(buf.data.data_8));
}
else if (!strcmp(argv[2], "get"))
{
wait4packet = 1;
buf.nlhdr.nlmsg_type = SNIFFER_NLTYPE_UFILTER_GET;
}
else/* well,there is a filter... */
{
buf.nlhdr.nlmsg_type = SNIFFER_NLTYPE_UFILTER;
ret = sniffer_parse_filter(argc-2, &argv[2], &buf.data.filter);
if (ret != ERROR_SUCCESS)
{
goto end;
}
snd_len += sizeof(buf.data.filter);
}
}
/* sniffer start {count/info} {modules...} */
else if (argc > 3 && !strcmp(argv[1], "start"))
{
int i = 0; /* skip prog name, start and mode */
exlode_t exp = {0};
buf.nlhdr.nlmsg_type = SNIFFER_NLTYPE_USTART;
if (!strcmp(argv[2], "count"))
{
mod_flag = CAPTURE_SWITCH_ON | CAPTURE_MODE_COUNT;
}
else
{
wait4packet = SNIFFER_DEF_PACKET_COUNT;
mod_flag = CAPTURE_SWITCH_ON; /* just start in info mode */
buf.data.start.pack_count = SNIFFER_DEF_PACKET_COUNT;
}
explode_string(',', argv[3], &exp);
buf.data.start.mod_count = 0;
while (snd_len < buf_len && i<exp.len)
{
buf.data.start.module[buf.data.start.mod_count].module_id =
sniffer_get_modid(exp.strings[i]);
buf.data.start.module[buf.data.start.mod_count].module_flag = mod_flag;
if (buf.data.start.module[buf.data.start.mod_count].module_id != 0)
{
buf.data.start.mod_count++;
}
else
{
printf("Warning:Module %s is invalid\n",exp.strings[i]);
}
i++;
//snd_len += sizeof(u32) * 2;
}
snd_len += sizeof(u32) * 2 * (buf.data.start.mod_count + 1);
explode_free(&exp);
if(argc > 4)
{
buf.data.start.pack_count = atoi(argv[4]);
if(buf.data.start.pack_count > SNIFFER_MAX_PACKET_COUNT)
buf.data.start.pack_count = SNIFFER_MAX_PACKET_COUNT;
}
if (buf.data.start.mod_count == 0)
{
print_help();
goto end;
}
}
/* sniffer getcount */
else if (argc > 1 && !strcmp(argv[1], "getcount"))
{
wait4packet = 1;
buf.nlhdr.nlmsg_type = SNIFFER_NLTYPE_UCOUNT;
}
/*sniffer stop */
else if (argc > 1 && !strcmp(argv[1], "stop"))
{
wait4packet = 1;
buf.nlhdr.nlmsg_type = SNIFFER_NLTYPE_USTOP;
}
else
{
print_help();
goto end;
}
buf.nlhdr.nlmsg_len = NLMSG_ALIGN(snd_len);
buf.nlhdr.nlmsg_seq = nlh_seq++;
buf.nlhdr.nlmsg_pid = getpid(); /* Sending process PID */
buf.nlhdr.nlmsg_flags |= NLM_F_REQUEST;
buf.nlhdr.nlmsg_flags |= NLM_F_ACK; /* ack for is ok */
ret = sniffer_create_sk(&ns);
if (ret == -1)
{
goto end;
}
ret = sniffer_sendmsg(&ns, &buf.nlhdr);
if (ret == -1)
{
goto sock_err;
}
sniffer_sig_process();
do {
ret = sniffer_recvmsg(&ns, recvbuf, sizeof(recvbuf));
if (ret == -1)
{
goto sock_err;
}
for (nlh=(struct nlmsghdr *)recvbuf; NLMSG_OK(nlh, ret); nlh=NLMSG_NEXT(nlh, ret))
{
if (nlh->nlmsg_type == NLMSG_ERROR)
{
struct nlmsgerr *errmsg = (void *)&nlh[1];
/* Not success? tell user */
if (errmsg->error != SNIFFER_MODULE_SUCCESS &&
errmsg->msg.nlmsg_pid == buf.nlhdr.nlmsg_pid &&
errmsg->msg.nlmsg_seq == buf.nlhdr.nlmsg_seq)
{
printf("Error:%s\n", sniffer_module_errstr[errmsg->error]);
goto sock_err;
}
continue;
}
else
{
if (sniffer_print_nlmsg(nlh, (char *)(nlh+1), ret-sizeof(*nlh)))
{
wait4packet--;
ret = 0;
goto sock_err;
}
}
}
} while (wait4packet);
if (mod_flag == CAPTURE_SWITCH_ON)
{
sniffer_sa_handler(SIGINT);
}
else
{
sniffer_close_sk(&ns);
}
return ERROR_SUCCESS;
sock_err:
sniffer_close_sk(&ns);
end:
return ret;
}
static int sniffer_parse_filter(int filed_num, char **field,
struct sniffer_filter *filter)
{
int i = 0;
int ret = -1;
int af = AF_INET; /* af for inet_pton */
exlode_t exp = {0};
memset(filter, 0, sizeof(struct sniffer_filter));
for (i=0; i<filed_num; i++)
{
if (!strcmp(field[i], "dev"))
{
if (filed_num<=(++i))
{
break;
}
explode_string(',', field[i], &exp);
ret = if_get_index_by_name(exp.strings[0],
(s32 *)&filter->dev_ifindex[0]);
if (ret != ERROR_SUCCESS)
{
printf("Warning:dev1 %s is invalid\n", exp.strings[0]);
filter->dev_ifindex[0] = 0;
explode_free(&exp);
continue;
}
filter->status |= SNIFFER_DEV;
if (exp.len > 1)
{
ret = if_get_index_by_name(exp.strings[1],
(s32 *)&filter->dev_ifindex[1]);
if (ret != ERROR_SUCCESS)
{
printf("Warning:dev2 %s is invalid\n", exp.strings[1]);
filter->dev_ifindex[1] = 0;
explode_free(&exp);
continue;
}
}
explode_free(&exp);
}
else if (!strcmp(field[i], "mpls"))
{
filter->l3proto = SNIFFER_L3PROTO_MPLS;
filter->status |= SNIFFER_L3PROTO;
af = AF_INET;
}
else if (!strcmp(field[i], "ipv4"))
{
filter->l3proto = SNIFFER_L3PROTO_IPV4;//IPPROTO_IP;
filter->status |= SNIFFER_L3PROTO;
af = AF_INET;
}
else if (!strcmp(field[i], "ipv6"))
{
filter->l3proto = SNIFFER_L3PROTO_IPV6;
filter->status |= SNIFFER_L3PROTO;
af = AF_INET6;
}
else if (!strcmp(field[i], "arp"))
{
filter->l2proto = SNIFFER_L3PROTO_ARP;
filter->status |= SNIFFER_L3ARP;
}
else if (!strcmp(field[i], "tcp"))
{
filter->l4proto = IPPROTO_TCP;
filter->status |= SNIFFER_L4PROTO;
}
else if (!strcmp(field[i], "udp"))
{
filter->l4proto = IPPROTO_UDP;
filter->status |= SNIFFER_L4PROTO;
}
else if (!strcmp(field[i], "icmp"))
{
filter->l4proto = IPPROTO_ICMP;
filter->status |= SNIFFER_L4PROTO;
/* sure only ipv4 has icmp */
filter->l3proto = SNIFFER_L3PROTO_IPV4;
filter->status |= SNIFFER_L3PROTO;
af = AF_INET;
}
else if (!strcmp(field[i], "icmp6"))
{
filter->l4proto = IPPROTO_ICMPV6;
filter->status |= SNIFFER_L4PROTO;
/* sure only ipv6 has icmp6 */
filter->l3proto = SNIFFER_L3PROTO_IPV6;
filter->status |= SNIFFER_L3PROTO;
af = AF_INET6;
}
else if (!strcmp(field[i], "sctp"))
{
filter->l4proto = IPPROTO_SCTP;
filter->status |= SNIFFER_L4PROTO;
}
else if (!strcmp(field[i], "gre"))
{
filter->l4proto = IPPROTO_GRE;
filter->status |= SNIFFER_L4PROTO;
}
else if (!strcmp(field[i], "proto"))
{
if (filed_num<=(++i))
{
break;
}
filter->l4proto = (u8)atoi(field[i]);
filter->status |= SNIFFER_L4PROTO;
}
else if (!strcmp(field[i], "src"))
{
if (filed_num<=(++i))
{
break;
}
/* parse for address */
ret = inet_pton(af, field[i],
(void *)&filter->saddr);
if (ret == 0)
{
goto src_port;
/*printf("Warning:src addr:%s is invalid\n", argv[i]);
continue;*/
}
else if (ret == -1)
{
printf("Warning:you must specify IPv4 or IPv6 before "
"src/dst addr\n");
continue;
}
filter->status |= SNIFFER_SADDR;
if (filed_num <= (++i))
{
continue;
}
src_port:
if (!strcmp(field[i], "port"))
{
i++; /* port value */
if (filter->l4proto == IPPROTO_TCP ||
filter->l4proto == IPPROTO_UDP ||
filter->l4proto == IPPROTO_SCTP)
{
filter->sproto.all = (u16)atoi(field[i]);
filter->status |= SNIFFER_SPORT;
}
else
{
printf("Warning:only tcp/udp/sctp can specify port num\n");
}
}
else
{
i--;
}
}
else if (!strcmp(field[i], "dst"))
{
if (filed_num<=(++i))
{
break;
}
ret = inet_pton(af, field[i],
(void *)&filter->daddr);
if (ret == 0)
{
goto dst_port;
/*printf("Warning:dst addr:%s is invalid\n", argv[i]);
continue;*/
}
else if (ret == -1)
{
printf("Warning:you must specify IPv4 or IPv6 before "
"src/dst addr\n");
continue;
}
filter->status |= SNIFFER_DADDR;
if (filed_num <= (++i))
{
continue;
}
dst_port:
if (!strcmp(field[i], "port"))
{
i++; /* port value */
if (filter->l4proto == IPPROTO_TCP ||
filter->l4proto == IPPROTO_UDP ||
filter->l4proto == IPPROTO_SCTP)
{
filter->dproto.all = (u16)atoi(field[i]);
filter->status |= SNIFFER_DPORT;
}
else
{
printf("Warning:only tcp/udp/sctp can specify port num\n");
}
}
else
{
i--;
}
}
else if ((!strcmp(field[i], "host")))
{
if (filed_num<=(++i))
{
break;
}
ret = inet_pton(af, field[i],
(void *)&filter->saddr);
if (ret == 0)
{
printf("Warning:Addres is invlaids invalid\n");
continue;
}
else if (ret == -1)
{
printf("Warning:you must specify IPv4 or IPv6 before "
"src/dst addr\n");
continue;
}
inet_pton(af, field[i],
(void *)&filter->daddr);
filter->status |= SNIFFER_SADDR;
filter->status |= SNIFFER_DADDR;
filter->status |= SNIFFER_ADDR_OR;
}
else if (!strcmp(field[i], "port"))
{
if (filed_num<=(++i))
{
break;
}
if (filter->l4proto == IPPROTO_TCP ||
filter->l4proto == IPPROTO_UDP ||
filter->l4proto == IPPROTO_SCTP)
{
filter->sproto.all =
filter->dproto.all = (u16)atoi(field[i]);
filter->status |= SNIFFER_DPORT;
filter->status |= SNIFFER_SPORT;
/* sport match or dport match,it is match */
filter->status |= SNIFFER_PORT_OR;
}
else
{
printf("Warning:only tcp/udp/sctp can specify port num\n");
}
}
else if (!strcmp(field[i], "echo"))
{
if (filter->l4proto == IPPROTO_ICMP)
{
filter->dproto.icmp.type = ICMP_ECHO;
filter->dproto.icmp.code = 0;
filter->status |= SNIFFER_ICMPTYPE;
filter->status |= SNIFFER_ICMPCODE;
}
else if (filter->l4proto == IPPROTO_ICMPV6)
{
filter->dproto.icmp.type = ICMP6_ECHO_REQUEST;
filter->dproto.icmp.code = 0;
filter->status |= SNIFFER_ICMPTYPE;
filter->status |= SNIFFER_ICMPCODE;
}
else
{
printf("Warning:only icmo message can use 'echo' option\n");
}
}
else if (!strcmp(field[i], "echoreply"))
{
if (filter->l4proto == IPPROTO_ICMP)
{
filter->dproto.icmp.type = ICMP_ECHOREPLY;
filter->dproto.icmp.code = 0;
filter->status |= SNIFFER_ICMPTYPE;
filter->status |= SNIFFER_ICMPCODE;
}
else if (filter->l4proto == IPPROTO_ICMPV6)
{
filter->dproto.icmp.type = ICMP6_ECHO_REPLY;
filter->dproto.icmp.code = 0;
filter->status |= SNIFFER_ICMPTYPE;
filter->status |= SNIFFER_ICMPCODE;
}
else
{
printf("Warning:only icmp message can use 'echoreply' option\n");
}
}
else if (!strcmp(field[i], "type"))
{
if (filed_num<=(++i))
{
break;
}
u8 type = 0;
u8 code = 0;
if (filter->l4proto == IPPROTO_ICMP ||
filter->l4proto == IPPROTO_ICMPV6)
{
filter->status |= SNIFFER_ICMPTYPE;
type = (u8)atoi(field[i]);
if (filed_num>(i+1) && !strcmp(field[i+1], "code"))
{
i += 2;
code = atoi(field[i]);
filter->status |= SNIFFER_ICMPCODE;
}
filter->dproto.icmp.type = type;
filter->dproto.icmp.code = code;
}
else
{
printf("Warning:only icmp message can use 'type' or 'code' option\n");
}
}
else
{
printf("Warning:Unknown option:%s\n", field[i]);
}
}
if (filter->status == 0)
{
ret = -1;
printf("Error:no filter option is specified\n\n");
print_help();
goto end;
}
filter->status |= SNIFFER_FILTER_ON;
ret = ERROR_SUCCESS;
end:
return ret;
}
s32 adx_slb_hc_update_config_from_db(adx_slb_hc_shm_buf_s *buf)
{
s32 ret = ERROR_SUCCESS;
sqlite3 *db = NULL;
sqlite3_res res = NULL;
u32 count;
u32 i, j;
s8 *hc = NULL;
exlode_t hc_str_list = {0};
u32 hcid;
u32 hc_flag;
db = sqlite3_open_ex(1, ADX_SLB_CFG_0);
if(NULL == db)
{
ret = ERROR_FAIL;
goto label_ret;
}
snprintf(g_sqlite_sql_buf, sizeof(g_sqlite_sql_buf),
"SELECT COUNT(treeid) AS count FROM tb_rs;");
sqlite3_exec_query_ex(db, g_sqlite_sql_buf, &res);
sqlite3_get_u32_ex(res, 0, "count", &count);
sqlite3_res_free_ex(res);
DEBUG("rs count : %d\n", count);
if(0 == count)
{
goto label_ret;
}
snprintf(g_sqlite_sql_buf, sizeof(g_sqlite_sql_buf),
"SELECT RS.ip AS ip, RS.port As port, RS.indexid AS rs_index, RS.treeid AS rs_id, "
"RS.hc AS hc_flag, RS.hcarray AS rs_hc, RS.least_num AS rs_least_num, RS.flag AS pool_id, "
"POOL.hc AS pool_hc, POOL.least_num AS pool_least_num, POOL.refer_id AS vs_id "
"FROM tb_rs AS RS, tb_rs_grp AS POOL "
"WHERE RS.flag = POOL.tree_id "
"UNION "
"SELECT RS.ip AS ip, RS.port AS port, RS.indexid AS rs_index, RS.treeid AS rs_id, "
"RS.hc AS hc_flag, RS.hcarray AS rs_hc, RS.least_num AS rs_least_num, RS.flag AS pool_id, "
"RS.hc AS pool_hc, RS.flag AS pool_least_num, RS.flag AS vs_id "
"FROM tb_rs AS RS "
"WHERE RS.flag = 0 ORDER BY RS.treeid;");
sqlite3_exec_query_ex(db, g_sqlite_sql_buf, &res);
buf->rsnum = count;
for(i = 0; i < count; i++)
{
buf->rs_node[i].state = ADX_SLB_HC_RESULT_UP;
buf->rs_node[i].update_state = ADX_SLB_HC_NO;
sqlite3_get_u32_ex(res, i, "vs_id", &(buf->rs_node[i].vs_id));
sqlite3_get_u32_ex(res, i, "pool_id", &(buf->rs_node[i].pool_id));
sqlite3_get_u32_ex(res, i, "rs_id", &(buf->rs_node[i].rs_id));
sqlite3_get_u32_ex(res, i, "rs_index", &(buf->rs_node[i].rs_index));
sqlite3_get_u32_ex(res, i, "ip", &(buf->rs_node[i].ip));
sqlite3_get_u16_ex(res, i, "port", &(buf->rs_node[i].port));
sqlite3_get_u32_ex(res, i, "hc_flag", &hc_flag);
if(0 == hc_flag && 0 == buf->rs_node[i].pool_id)
{
/*真实服务未被组引用且未自定义健康检查*/
hc = NULL;
}
else if(0 == hc_flag)
{
/*真实服务健康检查类型为【通过实服务组配置】*/
sqlite3_get_u8_ex(res, i, "pool_least_num", &(buf->rs_node[i].least_num));
sqlite3_get_str_ex(res, i, "pool_hc", &hc);
}
else
{
/*真实服务健康检查类型为【实服务自定义配置】*/
sqlite3_get_u8_ex(res, i, "rs_least_num", &(buf->rs_node[i].least_num));
sqlite3_get_str_ex(res, i, "rs_hc", &hc);
}
DEBUG("%d : vs:%d, rsg:%d, rs:%d, index:%d, ip:%0x, port:%d, hc:%d, least_num:%d, %s\n",
i, buf->rs_node[i].vs_id, buf->rs_node[i].pool_id,
buf->rs_node[i].rs_id, buf->rs_node[i].rs_index, buf->rs_node[i].ip, buf->rs_node[i].port,
hc_flag, buf->rs_node[i].least_num, hc);
for(j = 0; j < ADX_SLB_HC_MAX_NUM; j ++)
{
buf->rs_node[i].hc_node[j].state = ADX_SLB_HC_RESULT_UP;
buf->rs_node[i].hc_node[j].id = ADX_SLB_INVALID_HC_ID;
}
if(NULL == hc || 0 == strlen(hc))
{
DEBUG("[hc = NULL] : rs_index:%d, rs_id:%d\n", buf->rs_node[i].rs_index, buf->rs_node[i].rs_id);
continue;
}
explode_string(';', hc, &hc_str_list);
for(j = 0; j < hc_str_list.len && j < ADX_SLB_HC_MAX_NUM; j ++)
{
hcid = atoi(hc_str_list.strings[j]);
if(HCID_TO_ADXHCTYPE(hcid) < ADX_HC_TYPE_MAX)
{
buf->rs_node[i].hc_node[j].type = HCID_TO_ADXHCTYPE(hcid);
buf->rs_node[i].hc_node[j].id = hcid;
buf->hc_target_num[HCID_TO_ADXHCTYPE(hcid)]++;
}
}
explode_free(&hc_str_list);
hc = NULL;
}
sqlite3_res_free_ex(res);
label_ret:
if(db)
{
sqlite3_close_ex(db);
}
return ret;
}
/*******************************************************************************
函数名称 : ip6_pf_export_translate_value
功能描述 : 循环执行webservice
输入参数 : user_op ---- user_opetate结构
original_flag ---- 原始替换标记
helper ---- 分割后的替换标记
trans_type ---- 替换值的类型
trans_data ---- 替换的具体值?
输出参数 : 无
返 回 值 : DefaultTranslate__I_LOOPING_END ---- 本次循环执行成功
DefaultTranslate__I_LOOPING_END ---- 循环执行完毕
--------------------------------------------------------------------------------
最近一次修改记录:
修改作者 : 吕进
修改目的 : 新添加函数
修改日期 : 2010.8.31
*******************************************************************************/
u32 ip6_pf_export_translate_value(UserOperate_t* user_op,
ResultContext_t *result_context,
s8* original_flag, s8* helper, u32 position,
u32 trans_type, void* trans_data, s32 trans_data_int)
{
s8 name[IP6_PF_NAME_LEN + 1] = {0};
s8 pf_str[IP6_PF_ID_STR_LEN + 1] = {0};
exlode_t ex_data = {0};
struct uo_pf_policy_export *my_data;
my_data = (struct uo_pf_policy_export*)UserOperate__getUserData(user_op);
sqlite3 *db = NULL;
s32 i = 0;
u32 len = 0;
u32 u32_data = 0;
s8 dev_type[SRVLOG_MAX_STR_LENGTH] = {'\0'};
/*获取设备类型*/
wrap_drv_get_device_type(dev_type, sizeof(dev_type));
if (strcmp(helper, "dev_type") == 0)
{
http_out("%s", dev_type);
return WS_OK;
}
if (strcmp(helper, "name") == 0)
{
snprintf(name, IP6_PF_NAME_LEN, "%s", (s8 *)trans_data);
name[IP6_PF_NAME_LEN] = '\0';
http_out("%s", iconv_utf8_to_gbk(name));
}
else if (strcmp(helper, "szone") == 0 || strcmp(helper, "dzone") == 0)
{
securityzone_getname_byid (trans_data_int, (s8 *)name);
http_out("%s", (iconv_utf8_to_gbk(name)));
}
else if (strcmp(helper, "sipobj") == 0 || strcmp(helper, "dipobj") == 0 )
{
explode_string (',', (s8*)trans_data, &ex_data);
db = sqlite3_open_ex (1, IP6_ADDR_DB);
for (i = 0; i < ex_data.len; ++i)
{
if (strcmp(ex_data.strings[i], "") == 0)
{
continue;
}
ip6addr_obj_get_name_by_id(db, (s8 *) name, atoi (ex_data.strings[i]));
len += snprintf (pf_str + len, IP6_PF_ID_STR_LEN - len, "%s#", name);
}
if (len > 1)
{
pf_str[len - 1] = '\0';
}
http_out("%s", (iconv_utf8_to_gbk(pf_str)));
explode_free (&ex_data);
sqlite3_close_ex (db);
}
else if (strcmp (helper, "smacobj") == 0 || strcmp (helper, "dmacobj") == 0 )
{
explode_string (',', (s8*)trans_data, &ex_data);
db = sqlite3_open_ex (1, DB_NETMAC);
for (i = 0; i < ex_data.len; ++i)
{
if (strcmp(ex_data.strings[i], "") == 0)
{
continue;
}
netmac_obj_get_name_by_id(db, (s8 *) name, atoi (ex_data.strings[i]));
len += snprintf (pf_str + len, IP6_PF_ID_STR_LEN - len, "%s#", name);
}
if (len > 1)
{
pf_str[len - 1] = '\0';
}
http_out("%s", (iconv_utf8_to_gbk(pf_str)));
explode_free (&ex_data);
sqlite3_close_ex (db);
}
else if (strcmp (helper, "smacgrp") == 0 || strcmp (helper, "dmacgrp") == 0 )
{
explode_string (',', (s8*)trans_data, &ex_data);
db = sqlite3_open_ex (1, DB_NETMAC);
for (i = 0; i < ex_data.len; ++i)
{
if (strcmp(ex_data.strings[i], "") == 0)
{
continue;
}
netmac_group_get_name_by_id(db, (s8 *) name, atoi (ex_data.strings[i]));
len += snprintf (pf_str + len, IP6_PF_ID_STR_LEN - len, "%s#", name);
}
if (len > 1)
{
pf_str[len - 1] = '\0';
}
http_out("%s", (iconv_utf8_to_gbk(pf_str)));
explode_free (&ex_data);
sqlite3_close_ex (db);
}
else if (strcmp(helper, "action") == 0)
{
http_out("%s", 0 == (u32)trans_data_int? IP6_PF_TARGET_DROP : IP6_PF_TARGET_PERMIT);
}
else if (strcmp(helper, "log") == 0)
{
http_out("%s", 0 == (u32)trans_data_int ? IP6_PF_TARGET_NOT_LOG : IP6_PF_TARGET_LOG);
}
else if (strcmp(helper, "valid") == 0)
{
http_out("%s", 0 == (u32)trans_data_int ?IP6_PF_TARGET_NOT_VALID : IP6_PF_TARGET_VALID);
}
else if (strcmp (helper, "srvid") == 0)
{
u32_data = (u32)trans_data_int;
if (u32_data != 0)
{
db = sqlite3_open_ex (1, DB_NETSERVICE);
netservice_get_name_by_id (db, (s32)u32_data, IP6_PF_NAME_LEN + 1, (s8 *)name);
sqlite3_close_ex (db);
http_out ("%s", iconv_utf8_to_gbk (name));
}
}
else if (strcmp (helper, "prehead") == 0)
{
snprintf (pf_str, IP6_PF_ID_STR_LEN, "%s", (s8 *)trans_data);
if (pf_str[0] == '1')
{
http_out("%s#", IP6_PF_TARGET_EXH_HBHOPT);
}
if (pf_str[2] == '1')
{
http_out("%s#", IP6_PF_TARGET_EXH_DESTOPT);
}
if (pf_str[4] == '1')
{
http_out("%s#", IP6_PF_TARGET_EXH_RTH);
}
if (pf_str[6] == '1')
{
http_out("%s#", IP6_PF_TARGET_EXH_FH);
}
if (pf_str[8] == '1')
{
http_out("%s#", IP6_PF_TARGET_EXH_AH);
}
if (pf_str[10] == '1')
{
http_out("%s", IP6_PF_TARGET_EXH_ESP);
}
}
else if (strcmp (helper, "dayselect") == 0)
{
u32_data = (u32)trans_data_int;
for (i = 0; i < 7; ++i)
{
if (u32_data % 2 == 1)
{
len += snprintf (pf_str + len, IP6_PF_ID_STR_LEN - len, "%d#", i);
}
u32_data /= 2;
}
if (len > 1)
{
pf_str[len - 1] = '\0';
}
http_out("%s", pf_str);
}
else if (strcmp (helper, "timebegin") == 0)
{
u32_data = (u32)trans_data_int;
http_out("%02d#%02d", u32_data / 60, u32_data % 60);
}
else if (strcmp (helper, "timeend") == 0)
{
u32_data = (u32)trans_data_int;
http_out("%02d#%02d", u32_data / 60, u32_data % 60);
}
return WS_OK;
}
s32 vlan_config_upload (struct sub_env_t *sub_env, WS_ENV *ws_env, WS_REQ_RES* ws_req_res)
{
FILE *fp = NULL;
exlode_t ex_record = {0};
s32 vid;
s32 valid;
s8 record[NETMODE_RECORD_LENGTH] = {0};
s32 j = 0;
s32 ret =ERROR_SUCCESS;
s8 ipmask[48];
s8 if_name[VLAN_PORT_NAME_LEN*2];
memset(ipmask, 0x00, sizeof(ipmask));
if (HTTP_PARA_FOUND != http_get_upload_file_info ( "filepath", NULL, NULL)
|| HTTP_PARA_FOUND != http_move_upload_file ( "filepath", VLAN_CONFIG_TMP_FILE))
{
return ws_send_soap_error (ws_env, "upload file failed!");
}
fp = fopen(VLAN_CONFIG_TMP_FILE, "r");
if (NULL == fp)
{
return ws_send_soap_error (ws_env, "open file failed!");
}
if (NULL == fgets (record, NETMODE_RECORD_LENGTH, fp))
{
fclose(fp);
return ws_send_soap_error (ws_env, "the file's format is wrong!");
}
if (NULL == fgets (record, NETMODE_RECORD_LENGTH, fp))
{
fclose(fp);
return ws_send_soap_error (ws_env, "the file's format is wrong!");
}
while (!feof(fp))
{
memset ((void *)record, 0, NETMODE_RECORD_LENGTH);
if (NULL == fgets (record, NETMODE_RECORD_LENGTH, fp))
{
break;
}
for(j = 0; ; j++)
{
if(record[0] == '\n')
{
break;
}
if(record[j] == '\n')
{
record[j] = '\0';
break;
}
}
explode_string (',', record, &ex_record);
vid=atoi(ex_record.strings[0]);
if(vid <= 0)
{
break;
}
ret = vlan_is_in_db (vid);
if (VLAN_NOT_VALID == ret)
{
valid=VLAN_NOT_VALID;
ret = vlan_lib_add_vlan (vid);
if(ret)
{
goto label;
}
sprintf(if_name, "%s%d", VLAN_NAME_START, vid);
ret = ifm_set_status(if_name, IFM_SET, IFF_UP);
if(ret)
{
goto label;
}
}
else
{
valid = VLAN_VALID;
}
ifmode_open_db();
vlan_switch_vlan_update_db(vid,ex_record.strings[1],valid,ipmask, VLAN_MTU_DEF);
ifmode_close_db ();
}
label:
explode_free (&ex_record);
fclose(fp);
return ret;
}
s32 netmode_config_upload (struct sub_env_t *sub_env, WS_ENV *ws_env, WS_REQ_RES* ws_req_res)
{
FILE *fp = NULL;
exlode_t ex_record = {0};
u32 sys_error_code = ERROR_SUCCESS;
s8 record[NETMODE_RECORD_LENGTH] = {0};
s8 cmd[MAX_LINE];
s8 err_info[100];
u32 exist_flag=0;
struct in_addr addr;
u32 net_ipaddr;
u32 net_ipmask;
s32 dba_num;
sqlite3 *db=NULL;
s32 ret = 0;
s32 ifindex;
s32 result;
sqlite3_res res;
struct ifmode_info pinfo = {0};
struct port_aggr_phy_port_list_mode port_info;
s8 * ipv6_addr = NULL;
memset(&port_info, 0, sizeof(port_info));
if (HTTP_PARA_FOUND != http_get_upload_file_info ( "filepath", NULL, NULL)
|| HTTP_PARA_FOUND != http_move_upload_file ( "filepath", NETMODE_CONFIG_TMP_FILE))
{
return ERROR_FAIL;
}
fp = fopen(NETMODE_CONFIG_TMP_FILE, "r");
if (NULL == fp)
{
return ERROR_FAIL;
}
if (NULL == fgets (record, NETMODE_RECORD_LENGTH, fp))
{
fclose(fp);
return ERROR_FAIL;
}
if (NULL == fgets (record, NETMODE_RECORD_LENGTH, fp))
{
fclose(fp);
return ERROR_FAIL;
}
if (NULL == fgets (record, NETMODE_RECORD_LENGTH, fp))
{
fclose(fp);
return ERROR_FAIL;
}
db = sqlite3_open_ex(1, IFMODE_DB);
if(db==NULL)
{
fclose(fp);
return ERROR_FAIL;
}
/*每次导入csv 文件将kill 掉所有dhcp 客户端进程,如有需要再重新启动*/
snprintf(cmd, MAX_LINE, "kill `pidof dpclient`");
system(cmd);
memset(err_info, 0, sizeof(err_info));
while (!feof(fp))
{
memset ((void *)record, 0, NETMODE_RECORD_LENGTH);
memset(&pinfo,0,sizeof(struct ifmode_info));
if (NULL == fgets (record, NETMODE_RECORD_LENGTH, fp))
{
break;
}
explode_string (',', record, &ex_record);
ifm_is_exist(ex_record.strings[0], &exist_flag);
if(1 == exist_flag)
{
/*删除所有IP 地址,dhcp 客户端启动后将重新获取*/
ifm_del_all_ip(ex_record.strings[0]);
ifm_del_all_ip6(ex_record.strings[0]);
ret = if_get_index_by_name(ex_record.strings[0], &pinfo.ifindex);
if(VLAN_OPT_SUCCESS != ret)
{
sys_error_code =ERROR_FAIL;
goto label;
}
memset(g_sqlite_sql_buf,0,sizeof(g_sqlite_sql_buf));
snprintf(g_sqlite_sql_buf, sizeof(g_sqlite_sql_buf)-1, "select count(ifindex) As Count from "
"(select ifindex from tb_port_l2 where ifindex='%d' union all select ifindex from tb_port_l3 "
"where ifindex='%d' union all select ifindex from tb_vlan where ifindex='%d' and ifindex!=0);", pinfo.ifindex, pinfo.ifindex, pinfo.ifindex);
ret= sqlite3_exec_query_ex(db, g_sqlite_sql_buf, &res);
if (SQLITE_OK != ret)
{
sys_error_code =ERROR_FAIL;
goto label;
}
sqlite3_get_s32_ex(res, 0, "count", &dba_num);
sqlite3_res_free_ex(res);
res = NULL;
if (dba_num == 0)
{
continue;
}
else if(dba_num < 0)
{
goto label;
}
ifm_set_delimiter(ex_record.strings[12], '|', ',');
ret = inet_pton(AF_INET, ex_record.strings[8],&addr);
if(ret == 0)
{
snprintf(err_info, sizeof(err_info), "%s is an invalid IP address.", ex_record.strings[8]);
goto label;
}
net_ipaddr = addr.s_addr;
ret = inet_pton(AF_INET, ex_record.strings[9],&addr);
if(ret == 0)
{
snprintf(err_info, sizeof(err_info), "%s is an invalid netmask.", ex_record.strings[9]);
goto label;
}
net_ipmask = addr.s_addr;
ifm_set_delimiter(ex_record.strings[7], '_', '-');
ifm_set_delimiter(ex_record.strings[7], ';', ',');
strcpy(pinfo.ifname,ex_record.strings[0]);
pinfo.ifmode = atoi(ex_record.strings[1]);
pinfo.iftype = atoi(ex_record.strings[2]);
pinfo.actype = atoi(ex_record.strings[3]);
pinfo.ipaddr_2nd = strdup(ex_record.strings[12]);
pinfo.ipmask = net_ipmask;
pinfo.ipaddr = net_ipaddr;
strcpy(pinfo.username,ex_record.strings[10]);
strcpy(pinfo.password,ex_record.strings[11]);
pinfo.isrecon = atoi(ex_record.strings[5]);
pinfo.status = atoi(ex_record.strings[6]);
strcpy(pinfo.vlans,ex_record.strings[7]);
pinfo.pvid=atoi(ex_record.strings[4]);
ipv6_addr = ex_record.strings[13];
if((strcmp(ipv6_addr, "0:0:0:0:0:0:0:0") != 0) && (strcmp(ipv6_addr, "::") != 0))
{
pinfo.ipv6addr = strdup(ex_record.strings[13]);
}
if(((strncmp(pinfo.ifname,"eth",3) == 0)&&(strchr(pinfo.ifname,'.') != NULL )&&(pinfo.ifmode!=8))||
((strncmp(pinfo.ifname,"eth",3) == 0)&&(strchr(pinfo.ifname,'.') != NULL )&&(pinfo.iftype!=2)))
{
continue;
}
if(((strncmp(pinfo.ifname,"vlan",4) == 0)&&(pinfo.ifmode != 8))||((strncmp(pinfo.ifname,"vlan",4) == 0)&&
(pinfo.iftype != 2)))
{
continue;
}
if(0 == strncmp("bond",pinfo.ifname,4) && strchr(pinfo.ifname, '.') == NULL)
{
port_aggr_get_phy_port_list(pinfo.ifname, &port_info);
}
if (NETMODE_BRIDGE_FLAG == pinfo.ifmode)
{
ret = ifmode_layer2_config (&pinfo, 0xFFFFFFFF, &port_info, 1);
ip_mc_setif_netmode(pinfo.ifname, IFM_SET);
}
else
{
rstp_if_get_index_by_name(pinfo.ifname, &ifindex);
result = rstp_get_dba_from_rstp_port(ifindex);
if (result == 2)
{
rstp_del_port(ifindex);
}
if (result != 0)
{
rstp_dba_del_port(ifindex);
}
ret = setPhysNetmodeInfo(&pinfo, 0xFFFFFFFF, &port_info);
ip_mc_setif_netmode(pinfo.ifname, IFM_UNSET);
}
if( pinfo.ifmode == NETMODE_GATEWAY_FLAG)
{
if(strncmp(pinfo.ifname, "vlan", 4)==0)
{
snprintf (g_sqlite_sql_buf, sizeof(g_sqlite_sql_buf),
"UPDATE tb_vlan SET ip_type='%d',ip='%u', ipaddr_2nd='%s', ipv6_addr='%s',"
"mask='%d',status='%d',vlan_desc='%s' where ifindex ='%d';", pinfo.actype, pinfo.ipaddr, pinfo.ipaddr_2nd,
pinfo.ipv6addr, pinfo.ipmask, pinfo.status, pinfo.vlan_desc, pinfo.ifindex);
}
else
{
snprintf (g_sqlite_sql_buf, sizeof(g_sqlite_sql_buf),"delete from tb_port_l2 where ifindex = '%d';", pinfo.ifindex);
ret = sqlite3_exec_ex (db, g_sqlite_sql_buf);
if (SQLITE_OK != ret)
{
ret = VLAN_DB_OPT_UNSUCCESS;
}
snprintf (g_sqlite_sql_buf, sizeof(g_sqlite_sql_buf),
"INSERT OR REPLACE INTO tb_port_l3"
"(ifindex, type, ip_type, ip, mask, ipaddr_2nd, ipv6_addr, subif_exists, status)"
"values ('%d', '%d', '%d', '%u', '%d', '%s', '%s', '%d', '%d');",
pinfo.ifindex, pinfo.iftype, pinfo.actype, pinfo.ipaddr, pinfo.ipmask, pinfo.ipaddr_2nd,
pinfo.ipv6addr, pinfo.subif_exists, pinfo.status);
}
/*启动客户端进程*/
if(WAN_ACCESS_DHCLIENT == pinfo.actype)
{
startDhclient(pinfo.ifname, 1);
}
else if(WAN_ACCESS_DHCLIENT_NO_ROUTE== pinfo.actype)
{
startDhclient(pinfo.ifname, 0);
}
else if(WAN_ACCESS_DHCLIENT6 == pinfo.actype)
{
startDhclientv6(pinfo.ifname, 0);
}
else if(WAN_ACCESS_DHCLIENT6_DSLITE== pinfo.actype)
{
startDhclientv6(pinfo.ifname, 1);
}
}
else
{
snprintf (g_sqlite_sql_buf, sizeof(g_sqlite_sql_buf),"delete from tb_port_l3 where ifindex = '%d';", pinfo.ifindex);
ret = sqlite3_exec_ex (db, g_sqlite_sql_buf);
if (SQLITE_OK != ret)
{
ret = VLAN_DB_OPT_UNSUCCESS;
}
snprintf (g_sqlite_sql_buf, sizeof(g_sqlite_sql_buf),
"INSERT OR REPLACE INTO tb_port_l2"
" (ifindex, type, vlan_belong, pvid, status)"
" values ('%d', '%d', '%s', '%d', '%d');",
pinfo.ifindex, pinfo.iftype, pinfo.vlans, pinfo.pvid, pinfo.status);
}
ret = sqlite3_exec_ex (db, g_sqlite_sql_buf);
if (VLAN_OPT_SUCCESS != ret)
{
goto label;
}
}
if(NULL != pinfo.ipaddr_2nd)
{
free(pinfo.ipaddr_2nd);
}
if(NULL != pinfo.ipv6addr)
{
free(pinfo.ipv6addr);
}
}
label:
sqlite3_close_ex(db);
explode_free (&ex_record);
fclose(fp);
if(ERROR_SUCCESS == sys_error_code)
{
ret = if_ipaddress_restore();
if(ERROR_SUCCESS!=ret)
{
sys_error_code=ERROR_FAIL;
}
}
if(err_info[0] != '\0')
{
return ws_send_soap_error(ws_env, err_info);
}
return sys_error_code;
}
