maat json文件支持aes-256-cbc加密,密码通过MAAT_OPT_DECRYPT_KEY选项指定,只在内存中解密,iris格式的中间状态文件也被加密。
This commit is contained in:
zhengchao
@@ -513,18 +513,18 @@ int load_maat_json_file(_Maat_feather_t* feather, const char* maat_json_fn, char
|
|||||||
int ret=0;
|
int ret=0;
|
||||||
struct stat fstat_buf;
|
struct stat fstat_buf;
|
||||||
char* json_buff=NULL;
|
char* json_buff=NULL;
|
||||||
|
size_t buff_sz=0;
|
||||||
|
|
||||||
MESA_handle_runtime_log(feather->logger, RLOG_LV_INFO, maat_module ,
|
MESA_handle_runtime_log(feather->logger, RLOG_LV_INFO, maat_module ,
|
||||||
"Maat initial with JSON file %s, formating..",
|
"Maat initial with JSON file %s, formating..",
|
||||||
maat_json_fn);
|
maat_json_fn);
|
||||||
if(strlen(feather->decrypt_key)&&strlen(feather->decrypt_algo))
|
if(strlen(feather->decrypt_key)&&strlen(feather->decrypt_algo))
|
||||||
{
|
{
|
||||||
ret=decrypt_open(maat_json_fn, feather->decrypt_key, feather->decrypt_algo, (unsigned char**)&json_buff, err_str, err_str_sz);
|
ret=decrypt_open(maat_json_fn, feather->decrypt_key, feather->decrypt_algo, (unsigned char**)&json_buff, &buff_sz, err_str, err_str_sz);
|
||||||
}
|
}
|
||||||
if(json_buff==NULL)//decryption failed or no decryption.
|
if(json_buff==NULL)//decryption failed or no decryption.
|
||||||
{
|
{
|
||||||
ret=load_file_to_memory(maat_json_fn, &json_buff);
|
ret=load_file_to_memory(maat_json_fn, (unsigned char**)&json_buff, &buff_sz);
|
||||||
}
|
}
|
||||||
ret=json2iris(json_buff,
|
ret=json2iris(json_buff,
|
||||||
maat_json_fn,
|
maat_json_fn,
|
||||||
@@ -532,6 +532,8 @@ int load_maat_json_file(_Maat_feather_t* feather, const char* maat_json_fn, char
|
|||||||
NULL,
|
NULL,
|
||||||
feather->json_ctx.iris_file,
|
feather->json_ctx.iris_file,
|
||||||
sizeof(feather->json_ctx.iris_file),
|
sizeof(feather->json_ctx.iris_file),
|
||||||
|
strlen(feather->decrypt_key)?feather->decrypt_key:NULL,
|
||||||
|
strlen(feather->decrypt_algo)?feather->decrypt_algo:NULL,
|
||||||
feather->logger);
|
feather->logger);
|
||||||
free(json_buff);
|
free(json_buff);
|
||||||
json_buff=NULL;
|
json_buff=NULL;
|
||||||
|
|||||||
@@ -173,7 +173,7 @@ size_t memcat(void**dest, size_t offset, size_t *n_dest, const void* src, size_t
|
|||||||
*n_dest=(offset+n_src)*2;
|
*n_dest=(offset+n_src)*2;
|
||||||
*dest=realloc(*dest, sizeof(char)*(*n_dest));
|
*dest=realloc(*dest, sizeof(char)*(*n_dest));
|
||||||
}
|
}
|
||||||
memcpy(*dest+offset, src, n_src);
|
memcpy((char*)*dest+offset, src, n_src);
|
||||||
return n_src;
|
return n_src;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -221,7 +221,12 @@ int system_cmd_cp(const char* src_file,const char*dst_file)
|
|||||||
snprintf(cmd, sizeof(cmd), "cp -f %s %s", src_file, dst_file);
|
snprintf(cmd, sizeof(cmd), "cp -f %s %s", src_file, dst_file);
|
||||||
return system(cmd);
|
return system(cmd);
|
||||||
}
|
}
|
||||||
|
int system_cmd_encrypt(const char* src_file, const char* dst_file, const char* password)
|
||||||
|
{
|
||||||
|
char cmd[MAX_SYSTEM_CMD_LEN] = { 0 };
|
||||||
|
snprintf(cmd,sizeof(cmd), "openssl enc -e -aes-256-cbc -k %s -p -nosalt -in %s -out %s", password, src_file, dst_file);
|
||||||
|
return system(cmd);
|
||||||
|
}
|
||||||
int system_cmd_rm(const char* src_file)
|
int system_cmd_rm(const char* src_file)
|
||||||
{
|
{
|
||||||
char cmd[MAX_SYSTEM_CMD_LEN] = { 0 };
|
char cmd[MAX_SYSTEM_CMD_LEN] = { 0 };
|
||||||
@@ -270,13 +275,11 @@ int lqueue_destroy_cb(void *data, long data_len, void *arg)
|
|||||||
assert(0);
|
assert(0);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
#define DECRYPT_BLOCK_SIZE (16*1024)
|
|
||||||
int decrypt_open(const char* filename, const char* key, const char* algorithm, unsigned char**pp_out, char* err_str, size_t err_str_sz)
|
|
||||||
{
|
|
||||||
|
|
||||||
unsigned char inbuf[DECRYPT_BLOCK_SIZE];
|
int crypt_memory(const unsigned char* inbuf, size_t inlen, unsigned char** pp_out, size_t *out_sz, const char* key, const char* algorithm, int do_encrypt, char* err_str, size_t err_str_sz)
|
||||||
int inlen, out_blk_len=0;
|
{
|
||||||
int out_buff_len=0,buff_offset=0;
|
int ret=0, out_blk_len=0;
|
||||||
|
int out_buff_len=0, out_buff_offset=0;
|
||||||
EVP_CIPHER_CTX *ctx;
|
EVP_CIPHER_CTX *ctx;
|
||||||
|
|
||||||
unsigned char cipher_key[EVP_MAX_KEY_LENGTH];
|
unsigned char cipher_key[EVP_MAX_KEY_LENGTH];
|
||||||
@@ -287,13 +290,6 @@ int decrypt_open(const char* filename, const char* key, const char* algorithm, u
|
|||||||
const EVP_CIPHER *cipher;
|
const EVP_CIPHER *cipher;
|
||||||
const EVP_MD *dgst=NULL;
|
const EVP_MD *dgst=NULL;
|
||||||
const unsigned char *salt=NULL;
|
const unsigned char *salt=NULL;
|
||||||
int ret=0;
|
|
||||||
|
|
||||||
FILE*in=fopen(filename, "r");
|
|
||||||
if(in==NULL)
|
|
||||||
{
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
OpenSSL_add_all_algorithms();
|
OpenSSL_add_all_algorithms();
|
||||||
cipher=EVP_get_cipherbyname(algorithm);
|
cipher=EVP_get_cipherbyname(algorithm);
|
||||||
@@ -316,52 +312,39 @@ int decrypt_open(const char* filename, const char* key, const char* algorithm, u
|
|||||||
}
|
}
|
||||||
/* Don't set key or IV right away; we want to check lengths */
|
/* Don't set key or IV right away; we want to check lengths */
|
||||||
ctx = EVP_CIPHER_CTX_new();
|
ctx = EVP_CIPHER_CTX_new();
|
||||||
EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL,0);
|
EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, do_encrypt);
|
||||||
OPENSSL_assert(EVP_CIPHER_CTX_key_length(ctx) % 16==0);
|
OPENSSL_assert(EVP_CIPHER_CTX_key_length(ctx) % 16==0);
|
||||||
OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) == 16);
|
OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) == 16);
|
||||||
|
|
||||||
/* Now we can set key and IV */
|
/* Now we can set key and IV */
|
||||||
EVP_CipherInit_ex(ctx, NULL, NULL, cipher_key, cipher_iv, 0);
|
//It should be set to 1 for encryption, 0 for decryption and -1 to leave the value unchanged (the actual value of 'enc' being supplied in a previous call).
|
||||||
out_buff_len=DECRYPT_BLOCK_SIZE;
|
EVP_CipherInit_ex(ctx, NULL, NULL, cipher_key, cipher_iv, -1);
|
||||||
|
out_buff_len=inlen+EVP_CIPHER_block_size(cipher)-1;
|
||||||
*pp_out=(unsigned char*)malloc(out_buff_len*sizeof(unsigned char));
|
*pp_out=(unsigned char*)malloc(out_buff_len*sizeof(unsigned char));
|
||||||
for (;;)
|
if (!EVP_CipherUpdate(ctx, *pp_out+out_buff_offset, &out_blk_len, inbuf, inlen))
|
||||||
{
|
|
||||||
inlen = fread(inbuf, 1, sizeof(inbuf), in);
|
|
||||||
if (inlen <= 0)
|
|
||||||
break;
|
|
||||||
|
|
||||||
if(out_buff_len-buff_offset<inlen+EVP_CIPHER_block_size(cipher)-1)
|
|
||||||
{
|
|
||||||
out_buff_len*=2;
|
|
||||||
*pp_out=(unsigned char*)realloc(*pp_out, out_buff_len);
|
|
||||||
}
|
|
||||||
out_blk_len=out_buff_len-buff_offset;
|
|
||||||
if (!EVP_CipherUpdate(ctx, *pp_out+buff_offset, &out_blk_len, inbuf, inlen))
|
|
||||||
{
|
{
|
||||||
snprintf(err_str, err_str_sz, "EVP_CipherUpdate failed.");
|
snprintf(err_str, err_str_sz, "EVP_CipherUpdate failed.");
|
||||||
EVP_CIPHER_CTX_free(ctx);
|
EVP_CIPHER_CTX_free(ctx);
|
||||||
goto error_out;
|
goto error_out;
|
||||||
}
|
}
|
||||||
buff_offset+=out_blk_len;
|
out_buff_offset+=out_blk_len;
|
||||||
|
if (!EVP_CipherFinal_ex(ctx, *pp_out+out_buff_offset, &out_blk_len))
|
||||||
}
|
|
||||||
if (!EVP_CipherFinal_ex(ctx, *pp_out+buff_offset, &out_blk_len))
|
|
||||||
{
|
{
|
||||||
snprintf(err_str, err_str_sz, "EVP_CipherFinal_ex failed. Maybe password is wrong?");
|
snprintf(err_str, err_str_sz, "EVP_CipherFinal_ex failed. Maybe password is wrong?");
|
||||||
EVP_CIPHER_CTX_free(ctx);
|
EVP_CIPHER_CTX_free(ctx);
|
||||||
goto error_out;
|
goto error_out;
|
||||||
}
|
}
|
||||||
buff_offset+=out_blk_len;
|
out_buff_offset+=out_blk_len;
|
||||||
EVP_CIPHER_CTX_free(ctx);
|
EVP_CIPHER_CTX_free(ctx);
|
||||||
fclose(in);
|
*out_sz=out_buff_offset;
|
||||||
return buff_offset;
|
return 0;
|
||||||
|
|
||||||
error_out:
|
error_out:
|
||||||
free(*pp_out);
|
free(*pp_out);
|
||||||
*pp_out=NULL;
|
*pp_out=NULL;
|
||||||
fclose(in);
|
return -1;
|
||||||
return 0;
|
|
||||||
}
|
}
|
||||||
int load_file_to_memory(const char* file_name, char**pp_out)
|
int load_file_to_memory(const char* file_name, unsigned char**pp_out, size_t *out_sz)
|
||||||
{
|
{
|
||||||
int ret=0;
|
int ret=0;
|
||||||
FILE* fp=NULL;
|
FILE* fp=NULL;
|
||||||
@@ -378,10 +361,10 @@ int load_file_to_memory(const char* file_name, char**pp_out)
|
|||||||
{
|
{
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
*out_sz=fstat_buf.st_size;
|
||||||
*pp_out=(char*)calloc(1, fstat_buf.st_size+1);
|
*pp_out=(unsigned char*)calloc(1, *out_sz+1);
|
||||||
read_size=fread(*pp_out,1, fstat_buf.st_size, fp);
|
read_size=fread(*pp_out, 1, *out_sz, fp);
|
||||||
if(read_size!= (size_t)fstat_buf.st_size)
|
if(read_size!= *out_sz)
|
||||||
{
|
{
|
||||||
free(*pp_out);
|
free(*pp_out);
|
||||||
pp_out=NULL;
|
pp_out=NULL;
|
||||||
@@ -390,5 +373,21 @@ int load_file_to_memory(const char* file_name, char**pp_out)
|
|||||||
|
|
||||||
fclose(fp);
|
fclose(fp);
|
||||||
fp=NULL;
|
fp=NULL;
|
||||||
return fstat_buf.st_size;
|
return 0;
|
||||||
}
|
}
|
||||||
|
int decrypt_open(const char* file_name, const char* key, const char* algorithm, unsigned char**pp_out, size_t *out_sz, char* err_str, size_t err_str_sz)
|
||||||
|
{
|
||||||
|
int ret=0;
|
||||||
|
size_t file_sz=0;
|
||||||
|
unsigned char* file_buff=NULL;
|
||||||
|
ret=load_file_to_memory(file_name, &file_buff, &file_sz);
|
||||||
|
if(ret<0)
|
||||||
|
{
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
ret=crypt_memory(file_buff, file_sz, pp_out, out_sz, key, algorithm, 0, err_str, err_str_sz);
|
||||||
|
free(file_buff);
|
||||||
|
file_buff=NULL;
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -28,7 +28,7 @@ struct cm_table_info_t
|
|||||||
int cfg_num;
|
int cfg_num;
|
||||||
char encryp_algorithm[MAX_CONFIG_FN_LEN];
|
char encryp_algorithm[MAX_CONFIG_FN_LEN];
|
||||||
};
|
};
|
||||||
char* read_nxt_line_from_buff(const char* buff, int buff_size, int* offset, char*line ,int line_size)
|
char* read_nxt_line_from_buff(const char* buff, size_t buff_size, size_t* offset, char*line, int line_size)
|
||||||
{
|
{
|
||||||
int this_offset=0;
|
int this_offset=0;
|
||||||
const char* p;
|
const char* p;
|
||||||
@@ -40,7 +40,7 @@ char* read_nxt_line_from_buff(const char* buff, int buff_size, int* offset, char
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
if(p-buff<buff_size-1&&*(p+1)=='\n')
|
if((size_t)(p-buff)<buff_size-1 && *(p+1)=='\n')
|
||||||
{
|
{
|
||||||
p++;
|
p++;
|
||||||
}
|
}
|
||||||
@@ -285,7 +285,7 @@ int cm_read_table_file(struct cm_table_info_t* index,
|
|||||||
char error_string[MAX_CONFIG_FN_LEN];
|
char error_string[MAX_CONFIG_FN_LEN];
|
||||||
char line[MAX_CONFIG_LINE]={0},*ret_str=NULL;
|
char line[MAX_CONFIG_LINE]={0},*ret_str=NULL;
|
||||||
char* table_file_buff=NULL;
|
char* table_file_buff=NULL;
|
||||||
int file_sz=0, file_offset=0;
|
size_t file_sz=0, file_offset=0;
|
||||||
|
|
||||||
if(strlen(index->encryp_algorithm)>0)
|
if(strlen(index->encryp_algorithm)>0)
|
||||||
{
|
{
|
||||||
@@ -294,20 +294,20 @@ int cm_read_table_file(struct cm_table_info_t* index,
|
|||||||
MESA_handle_runtime_log(logger,RLOG_LV_FATAL,module_config_monitor,"update error, no key to decrypt %s.",index->cfg_path);
|
MESA_handle_runtime_log(logger,RLOG_LV_FATAL,module_config_monitor,"update error, no key to decrypt %s.",index->cfg_path);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
file_sz=decrypt_open(index->cfg_path, key, index->encryp_algorithm, (unsigned char**)&table_file_buff, error_string, sizeof(error_string));
|
ret=decrypt_open(index->cfg_path, key, index->encryp_algorithm, (unsigned char**)&table_file_buff, &file_sz, error_string, sizeof(error_string));
|
||||||
if(file_sz==0)
|
if(ret<0)
|
||||||
{
|
{
|
||||||
MESA_handle_runtime_log(logger, RLOG_LV_FATAL, module_config_monitor, "update error, %s decrypt failed: %s",
|
MESA_handle_runtime_log(logger, RLOG_LV_FATAL, module_config_monitor, "update error, decrypt %s failed: %s",
|
||||||
index->cfg_path, error_string);
|
index->cfg_path, error_string);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
file_sz=load_file_to_memory(index->cfg_path, &table_file_buff);
|
ret=load_file_to_memory(index->cfg_path, (unsigned char**)&table_file_buff, &file_sz);
|
||||||
if(file_sz==0)
|
if(ret<0)
|
||||||
{
|
{
|
||||||
MESA_handle_runtime_log(logger, RLOG_LV_FATAL, module_config_monitor, "update error, %s decrypt failed: %s",
|
MESA_handle_runtime_log(logger, RLOG_LV_FATAL, module_config_monitor, "update error, open %s failed: %s",
|
||||||
index->cfg_path, error_string);
|
index->cfg_path, error_string);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -51,6 +51,9 @@ struct iris_description_t
|
|||||||
MESA_htable_handle iris_table_map;
|
MESA_htable_handle iris_table_map;
|
||||||
MESA_htable_handle str2int_map;
|
MESA_htable_handle str2int_map;
|
||||||
redisContext *redis_write_ctx;
|
redisContext *redis_write_ctx;
|
||||||
|
char* encrypt_key;
|
||||||
|
char* encrypt_algo;
|
||||||
|
FILE* idx_fp;
|
||||||
};
|
};
|
||||||
struct traslate_command_t
|
struct traslate_command_t
|
||||||
{
|
{
|
||||||
@@ -119,7 +122,7 @@ static int get_region_seq(struct iris_description_t* iris_cfg)
|
|||||||
return sequence;
|
return sequence;
|
||||||
}
|
}
|
||||||
|
|
||||||
int set_iris_descriptor(const char* json_file,cJSON *json,const char*compile_tn,const char* group_tn, redisContext *redis_write_ctx, struct iris_description_t *iris_cfg, void * logger)
|
int set_iris_descriptor(const char* json_file,cJSON *json, const char* encrypt_key, const char* encrypt_algo, const char*compile_tn,const char* group_tn, redisContext *redis_write_ctx, struct iris_description_t *iris_cfg, void * logger)
|
||||||
{
|
{
|
||||||
memset(iris_cfg,0,sizeof(struct iris_description_t));
|
memset(iris_cfg,0,sizeof(struct iris_description_t));
|
||||||
snprintf(iris_cfg->tmp_iris_dir,sizeof(iris_cfg->tmp_iris_dir),"%s_iris_tmp",json_file);
|
snprintf(iris_cfg->tmp_iris_dir,sizeof(iris_cfg->tmp_iris_dir),"%s_iris_tmp",json_file);
|
||||||
@@ -187,6 +190,12 @@ int set_iris_descriptor(const char* json_file,cJSON *json,const char*compile_tn,
|
|||||||
iris_cfg->compile_table=query_table_info(iris_cfg, compile_tn, TABLE_TYPE_COMPILE);
|
iris_cfg->compile_table=query_table_info(iris_cfg, compile_tn, TABLE_TYPE_COMPILE);
|
||||||
iris_cfg->group_table=query_table_info(iris_cfg, group_tn, TABLE_TYPE_GROUP);
|
iris_cfg->group_table=query_table_info(iris_cfg, group_tn, TABLE_TYPE_GROUP);
|
||||||
|
|
||||||
|
if(encrypt_key && encrypt_algo)
|
||||||
|
{
|
||||||
|
iris_cfg->encrypt_key=_maat_strdup(encrypt_key);
|
||||||
|
iris_cfg->encrypt_algo=_maat_strdup(encrypt_algo);
|
||||||
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
void clear_iris_descriptor(struct iris_description_t *iris_cfg)
|
void clear_iris_descriptor(struct iris_description_t *iris_cfg)
|
||||||
@@ -200,6 +209,8 @@ void clear_iris_descriptor(struct iris_description_t *iris_cfg)
|
|||||||
MESA_htable_destroy(iris_cfg->iris_table_map, NULL);
|
MESA_htable_destroy(iris_cfg->iris_table_map, NULL);
|
||||||
}
|
}
|
||||||
map_destroy(iris_cfg->str2int_map);
|
map_destroy(iris_cfg->str2int_map);
|
||||||
|
free(iris_cfg->encrypt_algo);
|
||||||
|
free(iris_cfg->encrypt_key);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
int create_tmp_dir(struct iris_description_t *p)
|
int create_tmp_dir(struct iris_description_t *p)
|
||||||
@@ -862,29 +873,50 @@ int write_group_line(int group_id, int parent_id, int group_not_flag, int parent
|
|||||||
}
|
}
|
||||||
void table_idx_write_cb(const uchar * key, uint size, void * data, void * user)
|
void table_idx_write_cb(const uchar * key, uint size, void * data, void * user)
|
||||||
{
|
{
|
||||||
FILE* fp=NULL;
|
struct iris_description_t *p_iris=(struct iris_description_t *)user;
|
||||||
struct iris_table_t* table=(struct iris_table_t*)data;
|
struct iris_table_t* table=(struct iris_table_t*)data;
|
||||||
fp=fopen(table->table_path, "w");
|
FILE* table_fp=NULL;
|
||||||
fprintf(fp,"%d\n", table->line_count);
|
char line_cnt_str[32], err_str[256];
|
||||||
fwrite(table->buff, table->write_pos, 1, fp);
|
snprintf(line_cnt_str, sizeof(line_cnt_str), "%010d\n", table->line_count);
|
||||||
fclose(fp);
|
|
||||||
|
int ret=0;
|
||||||
|
size_t table_file_sz=strlen(line_cnt_str)+table->write_pos;
|
||||||
|
unsigned char* buff=ALLOC(unsigned char, table_file_sz);
|
||||||
|
unsigned char* encrypt_buff=NULL;
|
||||||
|
size_t encrypt_buff_sz=0;
|
||||||
|
memcpy(buff, line_cnt_str, strlen(line_cnt_str));
|
||||||
|
memcpy(buff+strlen(line_cnt_str), table->buff, table->write_pos);
|
||||||
|
table_fp=fopen(table->table_path, "w");
|
||||||
|
if(p_iris->encrypt_key)
|
||||||
|
{
|
||||||
|
ret=crypt_memory(buff, table_file_sz, &encrypt_buff, &encrypt_buff_sz, p_iris->encrypt_key, p_iris->encrypt_algo, 1, err_str, sizeof(err_str));
|
||||||
|
assert(ret==0);
|
||||||
|
fwrite(encrypt_buff, encrypt_buff_sz, 1, table_fp);
|
||||||
|
fprintf(p_iris->idx_fp,"%s\t%d\t%s\t%s\n", table->table_name, table->line_count, table->table_path, p_iris->encrypt_algo);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
fwrite(buff, table_file_sz, 1, table_fp);
|
||||||
|
fprintf(p_iris->idx_fp,"%s\t%d\t%s\n", table->table_name, table->line_count, table->table_path);
|
||||||
|
}
|
||||||
|
fclose(table_fp);
|
||||||
|
free(buff);
|
||||||
|
buff=NULL;
|
||||||
|
|
||||||
fp=(FILE*)user;
|
|
||||||
fprintf(fp,"%s\t%d\t%s\n", table->table_name, table->line_count, table->table_path);
|
|
||||||
|
|
||||||
}
|
}
|
||||||
int write_index_file(struct iris_description_t *p_iris,void* logger)
|
int write_index_file(struct iris_description_t *p_iris,void* logger)
|
||||||
{
|
{
|
||||||
FILE*fp=NULL;
|
p_iris->idx_fp=fopen(p_iris->index_path,"w");
|
||||||
fp=fopen(p_iris->index_path,"w");
|
if(p_iris->idx_fp==NULL)
|
||||||
if(fp==NULL)
|
|
||||||
{
|
{
|
||||||
MESA_handle_runtime_log(logger,RLOG_LV_FATAL,maat_json,
|
MESA_handle_runtime_log(logger,RLOG_LV_FATAL,maat_json,
|
||||||
"index file %s fopen error %s.",p_iris->index_path, strerror(errno));
|
"index file %s fopen error %s.",p_iris->index_path, strerror(errno));
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
MESA_htable_iterate(p_iris->iris_table_map, table_idx_write_cb, fp);
|
MESA_htable_iterate(p_iris->iris_table_map, table_idx_write_cb, p_iris);
|
||||||
fclose(fp);
|
fclose(p_iris->idx_fp);
|
||||||
|
p_iris->idx_fp=NULL;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
int write_group_rule(cJSON *group_json, int parent_id, int parent_type, int tracking_compile_id, struct iris_description_t *p_iris, void* logger)
|
int write_group_rule(cJSON *group_json, int parent_id, int parent_type, int tracking_compile_id, struct iris_description_t *p_iris, void* logger)
|
||||||
@@ -1053,13 +1085,12 @@ int write_iris(cJSON *json, struct iris_description_t *p_iris, void* logger)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
// redis_write_ctx is used by maat_redis_tool to write json to redis.
|
// redis_write_ctx is used by maat_redis_tool to write json to redis.
|
||||||
int json2iris(const char* json_buff, const char* json_filename, const char*compile_tn, const char* group_tn, redisContext *redis_write_ctx, char* iris_dir_buf, int buf_len, void* logger)
|
int json2iris(const char* json_buff, const char* json_filename, const char*compile_tn, const char* group_tn, redisContext *redis_write_ctx, char* iris_dir_buf, int buf_len, char* encrypt_key, char* encrypt_algo, void* logger)
|
||||||
{
|
{
|
||||||
cJSON *json=NULL, *tmp_obj=NULL;
|
cJSON *json=NULL, *tmp_obj=NULL;
|
||||||
int ret=-1;
|
int ret=-1;
|
||||||
struct iris_description_t iris_cfg;
|
struct iris_description_t iris_cfg;
|
||||||
memset(&iris_cfg, 0, sizeof(iris_cfg));
|
memset(&iris_cfg, 0, sizeof(iris_cfg));
|
||||||
|
|
||||||
json=cJSON_Parse(json_buff);
|
json=cJSON_Parse(json_buff);
|
||||||
if (!json)
|
if (!json)
|
||||||
{
|
{
|
||||||
@@ -1077,7 +1108,7 @@ int json2iris(const char* json_buff, const char* json_filename, const char*compi
|
|||||||
{
|
{
|
||||||
group_tn=tmp_obj->valuestring;
|
group_tn=tmp_obj->valuestring;
|
||||||
}
|
}
|
||||||
ret=set_iris_descriptor(json_filename, json, compile_tn, group_tn, redis_write_ctx, &iris_cfg, logger);
|
ret=set_iris_descriptor(json_filename, json, encrypt_key, encrypt_algo, compile_tn, group_tn, redis_write_ctx, &iris_cfg, logger);
|
||||||
if(ret<0)
|
if(ret<0)
|
||||||
{
|
{
|
||||||
goto error_out;
|
goto error_out;
|
||||||
|
|||||||
@@ -71,12 +71,16 @@ int system_cmd_mkdir(const char* path);
|
|||||||
int system_cmd_rm(const char* src_file);
|
int system_cmd_rm(const char* src_file);
|
||||||
int system_cmd_mv(const char* src_file, const char*dst_file);
|
int system_cmd_mv(const char* src_file, const char*dst_file);
|
||||||
int system_cmd_cp(const char* src_file, const char*dst_file);
|
int system_cmd_cp(const char* src_file, const char*dst_file);
|
||||||
|
int system_cmd_encrypt(const char* src_file, const char* dst_file, const char* password);
|
||||||
|
|
||||||
char* md5_file(const char* filename, char* md5string);
|
char* md5_file(const char* filename, char* md5string);
|
||||||
int get_column_pos(const char* line, int column_seq, size_t *offset, size_t *len);
|
int get_column_pos(const char* line, int column_seq, size_t *offset, size_t *len);
|
||||||
const char** charset_get_all_name(void);
|
const char** charset_get_all_name(void);
|
||||||
const char* charset_get_name(enum MAAT_CHARSET charset);
|
const char* charset_get_name(enum MAAT_CHARSET charset);
|
||||||
int lqueue_destroy_cb(void *data, long data_len, void *arg);
|
int lqueue_destroy_cb(void *data, long data_len, void *arg);
|
||||||
int decrypt_open(const char* filename, const char* key, const char* algorithm, unsigned char**pp_out, char* err_str, size_t err_str_sz);
|
int decrypt_open(const char* file_name, const char* key, const char* algorithm, unsigned char**pp_out, size_t *out_sz, char* err_str, size_t err_str_sz);
|
||||||
int load_file_to_memory(const char* file_name, char**pp_out);
|
int load_file_to_memory(const char* file_name, unsigned char**pp_out, size_t *out_sz);
|
||||||
|
//do_encrypt: 1 for encryption, 0 for decryption.
|
||||||
|
int crypt_memory(const unsigned char* inbuf, size_t inlen, unsigned char** pp_out, size_t *out_sz, const char* key, const char* algorithm, int do_encrypt, char* err_str, size_t err_str_sz);
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
#ifndef H_MAAT_JSON2IRIS_H_INCLUDE
|
#ifndef H_MAAT_JSON2IRIS_H_INCLUDE
|
||||||
#define H_MAAT_JSON2IRIS_H_INCLUDE
|
#define H_MAAT_JSON2IRIS_H_INCLUDE
|
||||||
int json2iris(const char* json_buff, const char* json_filename, const char*compile_tn, const char* group_tn, redisContext *redis_write_ctx, char* iris_dir_buf, int buf_len, void* logger);
|
int json2iris(const char* json_buff, const char* json_filename, const char*compile_tn, const char* group_tn, redisContext *redis_write_ctx, char* iris_dir_buf, int buf_len, char* encrypt_key, char* encrypt_algo, void* logger);
|
||||||
int set_file_rulenum(const char* path, int rulenum, void* logger);
|
int set_file_rulenum(const char* path, int rulenum, void* logger);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|||||||
@@ -32,6 +32,7 @@ extern int my_scandir(const char *dir, struct dirent ***namelist,
|
|||||||
int(*compar)(const void *, const void *));
|
int(*compar)(const void *, const void *));
|
||||||
extern char* md5_file(const char* filename, char* md5string);
|
extern char* md5_file(const char* filename, char* md5string);
|
||||||
extern int system_cmd_cp(const char* src_file,const char*dst_file);
|
extern int system_cmd_cp(const char* src_file,const char*dst_file);
|
||||||
|
extern int system_cmd_encrypt(const char* src_file, const char* dst_file, const char* password);
|
||||||
Maat_feather_t g_feather=NULL;
|
Maat_feather_t g_feather=NULL;
|
||||||
void *g_logger=NULL;
|
void *g_logger=NULL;
|
||||||
int g_iThreadNum=4;
|
int g_iThreadNum=4;
|
||||||
@@ -105,6 +106,7 @@ const char* watched_json="./json_update/maat.json";
|
|||||||
const char* old_json="./json_update/old.json";
|
const char* old_json="./json_update/old.json";
|
||||||
const char* new_json="./json_update/new.json";
|
const char* new_json="./json_update/new.json";
|
||||||
const char* corrupted_json="./json_update/corrupted.json";
|
const char* corrupted_json="./json_update/corrupted.json";
|
||||||
|
const char* json_decrypt_key="himaat!";
|
||||||
|
|
||||||
class JSONUpdate : public testing::Test
|
class JSONUpdate : public testing::Test
|
||||||
{
|
{
|
||||||
@@ -112,10 +114,11 @@ class JSONUpdate : public testing::Test
|
|||||||
protected:
|
protected:
|
||||||
static void SetUpTestCase()
|
static void SetUpTestCase()
|
||||||
{
|
{
|
||||||
const char* decrypt_key="himaat!";
|
|
||||||
system_cmd_cp(old_json, watched_json);
|
system_cmd_encrypt(old_json, watched_json, json_decrypt_key);
|
||||||
|
|
||||||
_shared_feather_j=Maat_feather(g_iThreadNum, table_info_path, g_logger);
|
_shared_feather_j=Maat_feather(g_iThreadNum, table_info_path, g_logger);
|
||||||
// Maat_set_feather_opt(_shared_feather_j, MAAT_OPT_DECRYPT_KEY, decrypt_key, strlen(decrypt_key)+1);
|
Maat_set_feather_opt(_shared_feather_j, MAAT_OPT_DECRYPT_KEY, json_decrypt_key, strlen(json_decrypt_key)+1);
|
||||||
Maat_set_feather_opt(_shared_feather_j, MAAT_OPT_JSON_FILE_PATH, watched_json, strlen(watched_json)+1);
|
Maat_set_feather_opt(_shared_feather_j, MAAT_OPT_JSON_FILE_PATH, watched_json, strlen(watched_json)+1);
|
||||||
Maat_set_feather_opt(_shared_feather_j, MAAT_OPT_SCANDIR_INTERVAL_MS, &scan_interval_ms, sizeof(scan_interval_ms));
|
Maat_set_feather_opt(_shared_feather_j, MAAT_OPT_SCANDIR_INTERVAL_MS, &scan_interval_ms, sizeof(scan_interval_ms));
|
||||||
|
|
||||||
@@ -139,10 +142,11 @@ TEST_F(JSONUpdate, OldCfg)
|
|||||||
}
|
}
|
||||||
TEST_F(JSONUpdate, NewCfg)
|
TEST_F(JSONUpdate, NewCfg)
|
||||||
{
|
{
|
||||||
system_cmd_cp(corrupted_json, watched_json);
|
system_cmd_encrypt(corrupted_json, watched_json, json_decrypt_key);
|
||||||
sleep(2);
|
sleep(2);
|
||||||
scan_with_old_or_new_cfg(JSONUpdate::_shared_feather_j, 1);
|
scan_with_old_or_new_cfg(JSONUpdate::_shared_feather_j, 1);
|
||||||
system_cmd_cp(new_json, watched_json);
|
|
||||||
|
system_cmd_encrypt(new_json, watched_json, json_decrypt_key);
|
||||||
sleep(5);
|
sleep(5);
|
||||||
scan_with_old_or_new_cfg(JSONUpdate::_shared_feather_j, 0);
|
scan_with_old_or_new_cfg(JSONUpdate::_shared_feather_j, 0);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -239,7 +239,7 @@ int main(int argc, char * argv[])
|
|||||||
unsigned long json_file_size=0,read_size=0;
|
unsigned long json_file_size=0,read_size=0;
|
||||||
long long desired_version=0;
|
long long desired_version=0;
|
||||||
char* json_buff=NULL;
|
char* json_buff=NULL;
|
||||||
|
size_t json_buff_sz=0;
|
||||||
while((oc=getopt(argc,argv,"h:p:n:d:v:f:j:t:"))!=-1)
|
while((oc=getopt(argc,argv,"h:p:n:d:v:f:j:t:"))!=-1)
|
||||||
{
|
{
|
||||||
switch(oc)
|
switch(oc)
|
||||||
@@ -327,12 +327,12 @@ int main(int argc, char * argv[])
|
|||||||
}
|
}
|
||||||
else if(model==WORK_MODE_JSON)
|
else if(model==WORK_MODE_JSON)
|
||||||
{
|
{
|
||||||
ret=load_file_to_memory(json_file, &json_buff);
|
ret=load_file_to_memory(json_file, (unsigned char**)&json_buff, &json_buff_sz);
|
||||||
if(ret<0)
|
if(ret<0)
|
||||||
{
|
{
|
||||||
printf("open %s failed.\n", json_file);
|
printf("open %s failed.\n", json_file);
|
||||||
}
|
}
|
||||||
ret=json2iris(json_buff, json_file, NULL, NULL, ctx, tmp_iris_path, sizeof(tmp_iris_path), NULL);
|
ret=json2iris(json_buff, json_file, NULL, NULL, ctx, tmp_iris_path, sizeof(tmp_iris_path), NULL, NULL, NULL);
|
||||||
if(ret<0)
|
if(ret<0)
|
||||||
{
|
{
|
||||||
printf("Invalid json format.\n");
|
printf("Invalid json format.\n");
|
||||||
|
|||||||
Reference in New Issue
Block a user