gfwleak/tango-maat
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

maat json文件支持aes-256-cbc加密,密码通过MAAT_OPT_DECRYPT_KEY选项指定,只在内存中解密,iris格式的中间状态文件也被加密。

Browse Source
This commit is contained in:
zhengchao
2020-01-22 20:49:45 +08:00
parent d914fa1cb2
commit 987cb5708a
8 changed files with 144 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/entry/Maat_api.cpp
View File

@@ -513,18 +513,18 @@ int load_maat_json_file(_Maat_feather_t* feather, const char* maat_json_fn, char
int ret=0; int ret=0;
struct stat fstat_buf; struct stat fstat_buf;
char* json_buff=NULL; char* json_buff=NULL;
size_t buff_sz=0;
MESA_handle_runtime_log(feather->logger, RLOG_LV_INFO, maat_module , MESA_handle_runtime_log(feather->logger, RLOG_LV_INFO, maat_module ,
"Maat initial with JSON file %s, formating..", "Maat initial with JSON file %s, formating..",
maat_json_fn); maat_json_fn);
if(strlen(feather->decrypt_key)&&strlen(feather->decrypt_algo)) if(strlen(feather->decrypt_key)&&strlen(feather->decrypt_algo))
{ {
ret=decrypt_open(maat_json_fn, feather->decrypt_key, feather->decrypt_algo, (unsigned char**)&json_buff, err_str, err_str_sz); ret=decrypt_open(maat_json_fn, feather->decrypt_key, feather->decrypt_algo, (unsigned char**)&json_buff, &buff_sz, err_str, err_str_sz);
} }
if(json_buff==NULL)//decryption failed or no decryption. if(json_buff==NULL)//decryption failed or no decryption.
{ {
ret=load_file_to_memory(maat_json_fn, &json_buff); ret=load_file_to_memory(maat_json_fn, (unsigned char**)&json_buff, &buff_sz);
} }
ret=json2iris(json_buff, ret=json2iris(json_buff,
maat_json_fn, maat_json_fn,
@@ -532,6 +532,8 @@ int load_maat_json_file(_Maat_feather_t* feather, const char* maat_json_fn, char
NULL, NULL,
feather->json_ctx.iris_file, feather->json_ctx.iris_file,
sizeof(feather->json_ctx.iris_file), sizeof(feather->json_ctx.iris_file),
strlen(feather->decrypt_key)?feather->decrypt_key:NULL,
strlen(feather->decrypt_algo)?feather->decrypt_algo:NULL,
feather->logger); feather->logger);
free(json_buff); free(json_buff);
json_buff=NULL; json_buff=NULL;

97
src/entry/Maat_utils.cpp
View File

@@ -173,7 +173,7 @@ size_t memcat(void**dest, size_t offset, size_t *n_dest, const void* src, size_t
*n_dest=(offset+n_src)*2; *n_dest=(offset+n_src)*2;
*dest=realloc(*dest, sizeof(char)*(*n_dest)); *dest=realloc(*dest, sizeof(char)*(*n_dest));
} }
memcpy(*dest+offset, src, n_src); memcpy((char*)*dest+offset, src, n_src);
return n_src; return n_src;
} }
@@ -212,16 +212,21 @@ int system_cmd_mkdir(const char* path)
int system_cmd_mv(const char* src_file,const char*dst_file) int system_cmd_mv(const char* src_file,const char*dst_file)
{ {
char cmd[MAX_SYSTEM_CMD_LEN] = { 0 }; char cmd[MAX_SYSTEM_CMD_LEN] = { 0 };
snprintf(cmd,sizeof(cmd), "mv %s %s", src_file, dst_file); snprintf(cmd, sizeof(cmd), "mv %s %s", src_file, dst_file);
return system(cmd); return system(cmd);
} }
int system_cmd_cp(const char* src_file,const char*dst_file) int system_cmd_cp(const char* src_file,const char*dst_file)
{ {
char cmd[MAX_SYSTEM_CMD_LEN] = { 0 }; char cmd[MAX_SYSTEM_CMD_LEN] = { 0 };
snprintf(cmd,sizeof(cmd), "cp -f %s %s", src_file, dst_file); snprintf(cmd, sizeof(cmd), "cp -f %s %s", src_file, dst_file);
return system(cmd);
}
int system_cmd_encrypt(const char* src_file, const char* dst_file, const char* password)
{
char cmd[MAX_SYSTEM_CMD_LEN] = { 0 };
snprintf(cmd,sizeof(cmd), "openssl enc -e -aes-256-cbc -k %s -p -nosalt -in %s -out %s", password, src_file, dst_file);
return system(cmd); return system(cmd);
} }
int system_cmd_rm(const char* src_file) int system_cmd_rm(const char* src_file)
{ {
char cmd[MAX_SYSTEM_CMD_LEN] = { 0 }; char cmd[MAX_SYSTEM_CMD_LEN] = { 0 };
@@ -270,13 +275,11 @@ int lqueue_destroy_cb(void *data, long data_len, void *arg)
assert(0); assert(0);
return 0; return 0;
} }
#define DECRYPT_BLOCK_SIZE (16*1024)
int decrypt_open(const char* filename, const char* key, const char* algorithm, unsigned char**pp_out, char* err_str, size_t err_str_sz)
{
unsigned char inbuf[DECRYPT_BLOCK_SIZE]; int crypt_memory(const unsigned char* inbuf, size_t inlen, unsigned char** pp_out, size_t *out_sz, const char* key, const char* algorithm, int do_encrypt, char* err_str, size_t err_str_sz)
int inlen, out_blk_len=0; {
int out_buff_len=0,buff_offset=0; int ret=0, out_blk_len=0;
int out_buff_len=0, out_buff_offset=0;
EVP_CIPHER_CTX *ctx; EVP_CIPHER_CTX *ctx;
unsigned char cipher_key[EVP_MAX_KEY_LENGTH]; unsigned char cipher_key[EVP_MAX_KEY_LENGTH];
@@ -287,19 +290,12 @@ int decrypt_open(const char* filename, const char* key, const char* algorithm, u
const EVP_CIPHER *cipher; const EVP_CIPHER *cipher;
const EVP_MD *dgst=NULL; const EVP_MD *dgst=NULL;
const unsigned char *salt=NULL; const unsigned char *salt=NULL;
int ret=0;
FILE*in=fopen(filename, "r");
if(in==NULL)
{
return -1;
}
OpenSSL_add_all_algorithms(); OpenSSL_add_all_algorithms();
cipher=EVP_get_cipherbyname(algorithm); cipher=EVP_get_cipherbyname(algorithm);
if(cipher==NULL) if(cipher==NULL)
{ {
snprintf(err_str, err_str_sz, "Cipher %s is not supported.",algorithm); snprintf(err_str, err_str_sz, "Cipher %s is not supported.", algorithm);
return 0; return 0;
} }
dgst=EVP_get_digestbyname("md5"); dgst=EVP_get_digestbyname("md5");
@@ -316,52 +312,39 @@ int decrypt_open(const char* filename, const char* key, const char* algorithm, u
} }
/* Don't set key or IV right away; we want to check lengths */ /* Don't set key or IV right away; we want to check lengths */
ctx = EVP_CIPHER_CTX_new(); ctx = EVP_CIPHER_CTX_new();
EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL,0); EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, do_encrypt);
OPENSSL_assert(EVP_CIPHER_CTX_key_length(ctx) % 16==0); OPENSSL_assert(EVP_CIPHER_CTX_key_length(ctx) % 16==0);
OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) == 16); OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) == 16);
/* Now we can set key and IV */ /* Now we can set key and IV */
EVP_CipherInit_ex(ctx, NULL, NULL, cipher_key, cipher_iv, 0); //It should be set to 1 for encryption, 0 for decryption and -1 to leave the value unchanged (the actual value of 'enc' being supplied in a previous call).
out_buff_len=DECRYPT_BLOCK_SIZE; EVP_CipherInit_ex(ctx, NULL, NULL, cipher_key, cipher_iv, -1);
out_buff_len=inlen+EVP_CIPHER_block_size(cipher)-1;
*pp_out=(unsigned char*)malloc(out_buff_len*sizeof(unsigned char)); *pp_out=(unsigned char*)malloc(out_buff_len*sizeof(unsigned char));
for (;;) if (!EVP_CipherUpdate(ctx, *pp_out+out_buff_offset, &out_blk_len, inbuf, inlen))
{
inlen = fread(inbuf, 1, sizeof(inbuf), in);
if (inlen <= 0)
break;
if(out_buff_len-buff_offset<inlen+EVP_CIPHER_block_size(cipher)-1)
{
out_buff_len*=2;
*pp_out=(unsigned char*)realloc(*pp_out, out_buff_len);
}
out_blk_len=out_buff_len-buff_offset;
if (!EVP_CipherUpdate(ctx, *pp_out+buff_offset, &out_blk_len, inbuf, inlen))
{ {
snprintf(err_str, err_str_sz, "EVP_CipherUpdate failed."); snprintf(err_str, err_str_sz, "EVP_CipherUpdate failed.");
EVP_CIPHER_CTX_free(ctx); EVP_CIPHER_CTX_free(ctx);
goto error_out; goto error_out;
} }
buff_offset+=out_blk_len; out_buff_offset+=out_blk_len;
if (!EVP_CipherFinal_ex(ctx, *pp_out+out_buff_offset, &out_blk_len))
}
if (!EVP_CipherFinal_ex(ctx, *pp_out+buff_offset, &out_blk_len))
{ {
snprintf(err_str, err_str_sz, "EVP_CipherFinal_ex failed. Maybe password is wrong?"); snprintf(err_str, err_str_sz, "EVP_CipherFinal_ex failed. Maybe password is wrong?");
EVP_CIPHER_CTX_free(ctx); EVP_CIPHER_CTX_free(ctx);
goto error_out; goto error_out;
} }
buff_offset+=out_blk_len; out_buff_offset+=out_blk_len;
EVP_CIPHER_CTX_free(ctx); EVP_CIPHER_CTX_free(ctx);
fclose(in); *out_sz=out_buff_offset;
return buff_offset; return 0;
error_out: error_out:
free(*pp_out); free(*pp_out);
*pp_out=NULL; *pp_out=NULL;
fclose(in); return -1;
return 0;
} }
int load_file_to_memory(const char* file_name, char**pp_out) int load_file_to_memory(const char* file_name, unsigned char**pp_out, size_t *out_sz)
{ {
int ret=0; int ret=0;
FILE* fp=NULL; FILE* fp=NULL;
@@ -378,10 +361,10 @@ int load_file_to_memory(const char* file_name, char**pp_out)
{ {
return -1; return -1;
} }
*out_sz=fstat_buf.st_size;
*pp_out=(char*)calloc(1, fstat_buf.st_size+1); *pp_out=(unsigned char*)calloc(1, *out_sz+1);
read_size=fread(*pp_out,1, fstat_buf.st_size, fp); read_size=fread(*pp_out, 1, *out_sz, fp);
if(read_size!= (size_t)fstat_buf.st_size) if(read_size!= *out_sz)
{ {
free(*pp_out); free(*pp_out);
pp_out=NULL; pp_out=NULL;
@@ -390,5 +373,21 @@ int load_file_to_memory(const char* file_name, char**pp_out)
fclose(fp); fclose(fp);
fp=NULL; fp=NULL;
return fstat_buf.st_size; return 0;
} }
int decrypt_open(const char* file_name, const char* key, const char* algorithm, unsigned char**pp_out, size_t *out_sz, char* err_str, size_t err_str_sz)
{
int ret=0;
size_t file_sz=0;
unsigned char* file_buff=NULL;
ret=load_file_to_memory(file_name, &file_buff, &file_sz);
if(ret<0)
{
return -1;
}
ret=crypt_memory(file_buff, file_sz, pp_out, out_sz, key, algorithm, 0, err_str, err_str_sz);
free(file_buff);
file_buff=NULL;
return ret;
}

18
src/entry/config_monitor.cpp
View File

@@ -28,7 +28,7 @@ struct cm_table_info_t
int cfg_num; int cfg_num;
char encryp_algorithm[MAX_CONFIG_FN_LEN]; char encryp_algorithm[MAX_CONFIG_FN_LEN];
}; };
char* read_nxt_line_from_buff(const char* buff, int buff_size, int* offset, char*line ,int line_size) char* read_nxt_line_from_buff(const char* buff, size_t buff_size, size_t* offset, char*line, int line_size)
{ {
int this_offset=0; int this_offset=0;
const char* p; const char* p;
@@ -40,7 +40,7 @@ char* read_nxt_line_from_buff(const char* buff, int buff_size, int* offset, char
} }
else else
{ {
if(p-buff<buff_size-1&&*(p+1)=='\n') if((size_t)(p-buff)<buff_size-1 && *(p+1)=='\n')
{ {
p++; p++;
} }
@@ -285,7 +285,7 @@ int cm_read_table_file(struct cm_table_info_t* index,
char error_string[MAX_CONFIG_FN_LEN]; char error_string[MAX_CONFIG_FN_LEN];
char line[MAX_CONFIG_LINE]={0},*ret_str=NULL; char line[MAX_CONFIG_LINE]={0},*ret_str=NULL;
char* table_file_buff=NULL; char* table_file_buff=NULL;
int file_sz=0, file_offset=0; size_t file_sz=0, file_offset=0;
if(strlen(index->encryp_algorithm)>0) if(strlen(index->encryp_algorithm)>0)
{ {
@@ -294,20 +294,20 @@ int cm_read_table_file(struct cm_table_info_t* index,
MESA_handle_runtime_log(logger,RLOG_LV_FATAL,module_config_monitor,"update error, no key to decrypt %s.",index->cfg_path); MESA_handle_runtime_log(logger,RLOG_LV_FATAL,module_config_monitor,"update error, no key to decrypt %s.",index->cfg_path);
return -1; return -1;
} }
file_sz=decrypt_open(index->cfg_path, key, index->encryp_algorithm, (unsigned char**)&table_file_buff, error_string, sizeof(error_string)); ret=decrypt_open(index->cfg_path, key, index->encryp_algorithm, (unsigned char**)&table_file_buff, &file_sz, error_string, sizeof(error_string));
if(file_sz==0) if(ret<0)
{ {
MESA_handle_runtime_log(logger, RLOG_LV_FATAL, module_config_monitor, "update error, %s decrypt failed: %s", MESA_handle_runtime_log(logger, RLOG_LV_FATAL, module_config_monitor, "update error, decrypt %s failed: %s",
index->cfg_path, error_string); index->cfg_path, error_string);
return -1; return -1;
} }
} }
else else
{ {
file_sz=load_file_to_memory(index->cfg_path, &table_file_buff); ret=load_file_to_memory(index->cfg_path, (unsigned char**)&table_file_buff, &file_sz);
if(file_sz==0) if(ret<0)
{ {
MESA_handle_runtime_log(logger, RLOG_LV_FATAL, module_config_monitor, "update error, %s decrypt failed: %s", MESA_handle_runtime_log(logger, RLOG_LV_FATAL, module_config_monitor, "update error, open %s failed: %s",
index->cfg_path, error_string); index->cfg_path, error_string);
return -1; return -1;
} }

77
src/entry/json2iris.cpp
View File

@@ -51,6 +51,9 @@ struct iris_description_t
MESA_htable_handle iris_table_map; MESA_htable_handle iris_table_map;
MESA_htable_handle str2int_map; MESA_htable_handle str2int_map;
redisContext *redis_write_ctx; redisContext *redis_write_ctx;
char* encrypt_key;
char* encrypt_algo;
FILE* idx_fp;
}; };
struct traslate_command_t struct traslate_command_t
{ {
@@ -119,7 +122,7 @@ static int get_region_seq(struct iris_description_t* iris_cfg)
return sequence; return sequence;
} }
int set_iris_descriptor(const char* json_file,cJSON *json,const char*compile_tn,const char* group_tn, redisContext *redis_write_ctx, struct iris_description_t *iris_cfg, void * logger) int set_iris_descriptor(const char* json_file,cJSON *json, const char* encrypt_key, const char* encrypt_algo, const char*compile_tn,const char* group_tn, redisContext *redis_write_ctx, struct iris_description_t *iris_cfg, void * logger)
{ {
memset(iris_cfg,0,sizeof(struct iris_description_t)); memset(iris_cfg,0,sizeof(struct iris_description_t));
snprintf(iris_cfg->tmp_iris_dir,sizeof(iris_cfg->tmp_iris_dir),"%s_iris_tmp",json_file); snprintf(iris_cfg->tmp_iris_dir,sizeof(iris_cfg->tmp_iris_dir),"%s_iris_tmp",json_file);
@@ -187,6 +190,12 @@ int set_iris_descriptor(const char* json_file,cJSON *json,const char*compile_tn,
iris_cfg->compile_table=query_table_info(iris_cfg, compile_tn, TABLE_TYPE_COMPILE); iris_cfg->compile_table=query_table_info(iris_cfg, compile_tn, TABLE_TYPE_COMPILE);
iris_cfg->group_table=query_table_info(iris_cfg, group_tn, TABLE_TYPE_GROUP); iris_cfg->group_table=query_table_info(iris_cfg, group_tn, TABLE_TYPE_GROUP);
if(encrypt_key && encrypt_algo)
{
iris_cfg->encrypt_key=_maat_strdup(encrypt_key);
iris_cfg->encrypt_algo=_maat_strdup(encrypt_algo);
}
return 0; return 0;
} }
void clear_iris_descriptor(struct iris_description_t *iris_cfg) void clear_iris_descriptor(struct iris_description_t *iris_cfg)
@@ -200,6 +209,8 @@ void clear_iris_descriptor(struct iris_description_t *iris_cfg)
MESA_htable_destroy(iris_cfg->iris_table_map, NULL); MESA_htable_destroy(iris_cfg->iris_table_map, NULL);
} }
map_destroy(iris_cfg->str2int_map); map_destroy(iris_cfg->str2int_map);
free(iris_cfg->encrypt_algo);
free(iris_cfg->encrypt_key);
return; return;
} }
int create_tmp_dir(struct iris_description_t *p) int create_tmp_dir(struct iris_description_t *p)
@@ -862,29 +873,50 @@ int write_group_line(int group_id, int parent_id, int group_not_flag, int parent
} }
void table_idx_write_cb(const uchar * key, uint size, void * data, void * user) void table_idx_write_cb(const uchar * key, uint size, void * data, void * user)
{ {
FILE* fp=NULL; struct iris_description_t *p_iris=(struct iris_description_t *)user;
struct iris_table_t* table=(struct iris_table_t*)data; struct iris_table_t* table=(struct iris_table_t*)data;
fp=fopen(table->table_path, "w"); FILE* table_fp=NULL;
fprintf(fp,"%d\n", table->line_count); char line_cnt_str[32], err_str[256];
fwrite(table->buff, table->write_pos, 1, fp); snprintf(line_cnt_str, sizeof(line_cnt_str), "%010d\n", table->line_count);
fclose(fp);
int ret=0;
size_t table_file_sz=strlen(line_cnt_str)+table->write_pos;
unsigned char* buff=ALLOC(unsigned char, table_file_sz);
unsigned char* encrypt_buff=NULL;
size_t encrypt_buff_sz=0;
memcpy(buff, line_cnt_str, strlen(line_cnt_str));
memcpy(buff+strlen(line_cnt_str), table->buff, table->write_pos);
table_fp=fopen(table->table_path, "w");
if(p_iris->encrypt_key)
{
ret=crypt_memory(buff, table_file_sz, &encrypt_buff, &encrypt_buff_sz, p_iris->encrypt_key, p_iris->encrypt_algo, 1, err_str, sizeof(err_str));
assert(ret==0);
fwrite(encrypt_buff, encrypt_buff_sz, 1, table_fp);
fprintf(p_iris->idx_fp,"%s\t%d\t%s\t%s\n", table->table_name, table->line_count, table->table_path, p_iris->encrypt_algo);
}
else
{
fwrite(buff, table_file_sz, 1, table_fp);
fprintf(p_iris->idx_fp,"%s\t%d\t%s\n", table->table_name, table->line_count, table->table_path);
}
fclose(table_fp);
free(buff);
buff=NULL;
fp=(FILE*)user;
fprintf(fp,"%s\t%d\t%s\n", table->table_name, table->line_count, table->table_path);
} }
int write_index_file(struct iris_description_t *p_iris,void* logger) int write_index_file(struct iris_description_t *p_iris,void* logger)
{ {
FILE*fp=NULL; p_iris->idx_fp=fopen(p_iris->index_path,"w");
fp=fopen(p_iris->index_path,"w"); if(p_iris->idx_fp==NULL)
if(fp==NULL)
{ {
MESA_handle_runtime_log(logger,RLOG_LV_FATAL,maat_json, MESA_handle_runtime_log(logger,RLOG_LV_FATAL,maat_json,
"index file %s fopen error %s.",p_iris->index_path,strerror(errno)); "index file %s fopen error %s.",p_iris->index_path, strerror(errno));
return -1; return -1;
} }
MESA_htable_iterate(p_iris->iris_table_map, table_idx_write_cb, fp); MESA_htable_iterate(p_iris->iris_table_map, table_idx_write_cb, p_iris);
fclose(fp); fclose(p_iris->idx_fp);
p_iris->idx_fp=NULL;
return 0; return 0;
} }
int write_group_rule(cJSON *group_json, int parent_id, int parent_type, int tracking_compile_id, struct iris_description_t *p_iris, void* logger) int write_group_rule(cJSON *group_json, int parent_id, int parent_type, int tracking_compile_id, struct iris_description_t *p_iris, void* logger)
@@ -1053,31 +1085,30 @@ int write_iris(cJSON *json, struct iris_description_t *p_iris, void* logger)
return 0; return 0;
} }
// redis_write_ctx is used by maat_redis_tool to write json to redis. // redis_write_ctx is used by maat_redis_tool to write json to redis.
int json2iris(const char* json_buff, const char* json_filename, const char*compile_tn, const char* group_tn, redisContext *redis_write_ctx, char* iris_dir_buf, int buf_len, void* logger) int json2iris(const char* json_buff, const char* json_filename, const char*compile_tn, const char* group_tn, redisContext *redis_write_ctx, char* iris_dir_buf, int buf_len, char* encrypt_key, char* encrypt_algo, void* logger)
{ {
cJSON *json=NULL, *tmp_obj=NULL; cJSON *json=NULL, *tmp_obj=NULL;
int ret=-1; int ret=-1;
struct iris_description_t iris_cfg; struct iris_description_t iris_cfg;
memset(&iris_cfg,0,sizeof(iris_cfg)); memset(&iris_cfg, 0, sizeof(iris_cfg));
json=cJSON_Parse(json_buff); json=cJSON_Parse(json_buff);
if (!json) if (!json)
{ {
MESA_handle_runtime_log(logger,RLOG_LV_FATAL,maat_json,"Error before: %-200.200s",cJSON_GetErrorPtr()); MESA_handle_runtime_log(logger,RLOG_LV_FATAL,maat_json,"Error before: %-200.200s",cJSON_GetErrorPtr());
goto error_out; goto error_out;
} }
tmp_obj=cJSON_GetObjectItem(json,"compile_table"); tmp_obj=cJSON_GetObjectItem(json, "compile_table");
if(tmp_obj) if(tmp_obj)
{ {
compile_tn=tmp_obj->valuestring; compile_tn=tmp_obj->valuestring;
} }
tmp_obj=cJSON_GetObjectItem(json,"group_table"); tmp_obj=cJSON_GetObjectItem(json, "group_table");
if(tmp_obj) if(tmp_obj)
{ {
group_tn=tmp_obj->valuestring; group_tn=tmp_obj->valuestring;
} }
ret=set_iris_descriptor(json_filename, json, compile_tn, group_tn, redis_write_ctx, &iris_cfg, logger); ret=set_iris_descriptor(json_filename, json, encrypt_key, encrypt_algo, compile_tn, group_tn, redis_write_ctx, &iris_cfg, logger);
if(ret<0) if(ret<0)
{ {
goto error_out; goto error_out;
@@ -1086,15 +1117,15 @@ int json2iris(const char* json_buff, const char* json_filename, const char*compi
if(ret<0) if(ret<0)
{ {
MESA_handle_runtime_log(logger, RLOG_LV_FATAL, maat_json, MESA_handle_runtime_log(logger, RLOG_LV_FATAL, maat_json,
"create tmp folder %s error",iris_cfg.tmp_iris_dir); "create tmp folder %s error", iris_cfg.tmp_iris_dir);
goto error_out; goto error_out;
} }
ret=write_iris(json ,&iris_cfg, logger); ret=write_iris(json, &iris_cfg, logger);
if(ret<0) if(ret<0)
{ {
goto error_out; goto error_out;
} }
memcpy(iris_dir_buf,iris_cfg.tmp_iris_index_dir, MIN(strlen(iris_cfg.tmp_iris_index_dir)+1, (unsigned int)buf_len)); memcpy(iris_dir_buf, iris_cfg.tmp_iris_index_dir, MIN(strlen(iris_cfg.tmp_iris_index_dir)+1, (unsigned int)buf_len));
cJSON_Delete(json); cJSON_Delete(json);
clear_iris_descriptor(&iris_cfg); clear_iris_descriptor(&iris_cfg);

12
src/inc_internal/Maat_utils.h
View File

@@ -69,14 +69,18 @@ size_t memcat(void**dest, size_t offset, size_t *n_dest, const void* src, size_t
pid_t gettid(void); pid_t gettid(void);
int system_cmd_mkdir(const char* path); int system_cmd_mkdir(const char* path);
int system_cmd_rm(const char* src_file); int system_cmd_rm(const char* src_file);
int system_cmd_mv(const char* src_file,const char*dst_file); int system_cmd_mv(const char* src_file, const char*dst_file);
int system_cmd_cp(const char* src_file,const char*dst_file); int system_cmd_cp(const char* src_file, const char*dst_file);
int system_cmd_encrypt(const char* src_file, const char* dst_file, const char* password);
char* md5_file(const char* filename, char* md5string); char* md5_file(const char* filename, char* md5string);
int get_column_pos(const char* line, int column_seq, size_t *offset, size_t *len); int get_column_pos(const char* line, int column_seq, size_t *offset, size_t *len);
const char** charset_get_all_name(void); const char** charset_get_all_name(void);
const char* charset_get_name(enum MAAT_CHARSET charset); const char* charset_get_name(enum MAAT_CHARSET charset);
int lqueue_destroy_cb(void *data, long data_len, void *arg); int lqueue_destroy_cb(void *data, long data_len, void *arg);
int decrypt_open(const char* filename, const char* key, const char* algorithm, unsigned char**pp_out, char* err_str, size_t err_str_sz); int decrypt_open(const char* file_name, const char* key, const char* algorithm, unsigned char**pp_out, size_t *out_sz, char* err_str, size_t err_str_sz);
int load_file_to_memory(const char* file_name, char**pp_out); int load_file_to_memory(const char* file_name, unsigned char**pp_out, size_t *out_sz);
//do_encrypt: 1 for encryption, 0 for decryption.
int crypt_memory(const unsigned char* inbuf, size_t inlen, unsigned char** pp_out, size_t *out_sz, const char* key, const char* algorithm, int do_encrypt, char* err_str, size_t err_str_sz);

2
src/inc_internal/json2iris.h
View File

@@ -1,6 +1,6 @@
#ifndef H_MAAT_JSON2IRIS_H_INCLUDE #ifndef H_MAAT_JSON2IRIS_H_INCLUDE
#define H_MAAT_JSON2IRIS_H_INCLUDE #define H_MAAT_JSON2IRIS_H_INCLUDE
int json2iris(const char* json_buff, const char* json_filename, const char*compile_tn, const char* group_tn, redisContext *redis_write_ctx, char* iris_dir_buf, int buf_len, void* logger); int json2iris(const char* json_buff, const char* json_filename, const char*compile_tn, const char* group_tn, redisContext *redis_write_ctx, char* iris_dir_buf, int buf_len, char* encrypt_key, char* encrypt_algo, void* logger);
int set_file_rulenum(const char* path, int rulenum, void* logger); int set_file_rulenum(const char* path, int rulenum, void* logger);
#endif #endif

14
test/test_maatframe.cpp
View File

@@ -32,6 +32,7 @@ extern int my_scandir(const char *dir, struct dirent ***namelist,
int(*compar)(const void *, const void *)); int(*compar)(const void *, const void *));
extern char* md5_file(const char* filename, char* md5string); extern char* md5_file(const char* filename, char* md5string);
extern int system_cmd_cp(const char* src_file,const char*dst_file); extern int system_cmd_cp(const char* src_file,const char*dst_file);
extern int system_cmd_encrypt(const char* src_file, const char* dst_file, const char* password);
Maat_feather_t g_feather=NULL; Maat_feather_t g_feather=NULL;
void *g_logger=NULL; void *g_logger=NULL;
int g_iThreadNum=4; int g_iThreadNum=4;
@@ -105,6 +106,7 @@ const char* watched_json="./json_update/maat.json";
const char* old_json="./json_update/old.json"; const char* old_json="./json_update/old.json";
const char* new_json="./json_update/new.json"; const char* new_json="./json_update/new.json";
const char* corrupted_json="./json_update/corrupted.json"; const char* corrupted_json="./json_update/corrupted.json";
const char* json_decrypt_key="himaat!";
class JSONUpdate : public testing::Test class JSONUpdate : public testing::Test
{ {
@@ -112,10 +114,11 @@ class JSONUpdate : public testing::Test
protected: protected:
static void SetUpTestCase() static void SetUpTestCase()
{ {
const char* decrypt_key="himaat!";
system_cmd_cp(old_json, watched_json); system_cmd_encrypt(old_json, watched_json, json_decrypt_key);
_shared_feather_j=Maat_feather(g_iThreadNum, table_info_path, g_logger); _shared_feather_j=Maat_feather(g_iThreadNum, table_info_path, g_logger);
// Maat_set_feather_opt(_shared_feather_j, MAAT_OPT_DECRYPT_KEY, decrypt_key, strlen(decrypt_key)+1); Maat_set_feather_opt(_shared_feather_j, MAAT_OPT_DECRYPT_KEY, json_decrypt_key, strlen(json_decrypt_key)+1);
Maat_set_feather_opt(_shared_feather_j, MAAT_OPT_JSON_FILE_PATH, watched_json, strlen(watched_json)+1); Maat_set_feather_opt(_shared_feather_j, MAAT_OPT_JSON_FILE_PATH, watched_json, strlen(watched_json)+1);
Maat_set_feather_opt(_shared_feather_j, MAAT_OPT_SCANDIR_INTERVAL_MS, &scan_interval_ms, sizeof(scan_interval_ms)); Maat_set_feather_opt(_shared_feather_j, MAAT_OPT_SCANDIR_INTERVAL_MS, &scan_interval_ms, sizeof(scan_interval_ms));
@@ -139,10 +142,11 @@ TEST_F(JSONUpdate, OldCfg)
} }
TEST_F(JSONUpdate, NewCfg) TEST_F(JSONUpdate, NewCfg)
{ {
system_cmd_cp(corrupted_json, watched_json); system_cmd_encrypt(corrupted_json, watched_json, json_decrypt_key);
sleep(2); sleep(2);
scan_with_old_or_new_cfg(JSONUpdate::_shared_feather_j, 1); scan_with_old_or_new_cfg(JSONUpdate::_shared_feather_j, 1);
system_cmd_cp(new_json, watched_json);
system_cmd_encrypt(new_json, watched_json, json_decrypt_key);
sleep(5); sleep(5);
scan_with_old_or_new_cfg(JSONUpdate::_shared_feather_j, 0); scan_with_old_or_new_cfg(JSONUpdate::_shared_feather_j, 0);
} }

6
tools/maat_redis_tool.cpp
View File

@@ -239,7 +239,7 @@ int main(int argc, char * argv[])
unsigned long json_file_size=0,read_size=0; unsigned long json_file_size=0,read_size=0;
long long desired_version=0; long long desired_version=0;
char* json_buff=NULL; char* json_buff=NULL;
size_t json_buff_sz=0;
while((oc=getopt(argc,argv,"h:p:n:d:v:f:j:t:"))!=-1) while((oc=getopt(argc,argv,"h:p:n:d:v:f:j:t:"))!=-1)
{ {
switch(oc) switch(oc)
@@ -327,12 +327,12 @@ int main(int argc, char * argv[])
} }
else if(model==WORK_MODE_JSON) else if(model==WORK_MODE_JSON)
{ {
ret=load_file_to_memory(json_file, &json_buff); ret=load_file_to_memory(json_file, (unsigned char**)&json_buff, &json_buff_sz);
if(ret<0) if(ret<0)
{ {
printf("open %s failed.\n", json_file); printf("open %s failed.\n", json_file);
} }
ret=json2iris(json_buff, json_file, NULL, NULL, ctx, tmp_iris_path, sizeof(tmp_iris_path), NULL); ret=json2iris(json_buff, json_file, NULL, NULL, ctx, tmp_iris_path, sizeof(tmp_iris_path), NULL, NULL, NULL);
if(ret<0) if(ret<0)
{ {
printf("Invalid json format.\n"); printf("Invalid json format.\n");