TSG-14484 Pxoxy支持Maat4
This commit is contained in:
fengweihao
@@ -1,6 +1,6 @@
|
||||
#include <ssl_stream.h>
|
||||
#include <tfe_utils.h>
|
||||
#include <MESA/Maat_rule.h>
|
||||
#include <MESA/maat.h>
|
||||
#include <cjson/cJSON.h>
|
||||
#include <openssl/ssl.h>
|
||||
#include <assert.h>
|
||||
@@ -9,7 +9,7 @@
|
||||
|
||||
struct ssl_policy_enforcer
|
||||
{
|
||||
Maat_feather_t maat;
|
||||
struct maat *maat;
|
||||
int policy_table_id;
|
||||
int profile_table_id;
|
||||
void* logger;
|
||||
@@ -43,7 +43,7 @@ struct decryption_param
|
||||
int mirror_client_version;
|
||||
};
|
||||
|
||||
void intercept_param_dup_cb(int table_id, MAAT_PLUGIN_EX_DATA* to, MAAT_PLUGIN_EX_DATA* from, long argl, void* argp)
|
||||
void intercept_param_dup_cb(int table_id, void **to, void **from, long argl, void* argp)
|
||||
{
|
||||
struct intercept_param* param= (struct intercept_param*) *from;
|
||||
if(param)
|
||||
@@ -57,7 +57,8 @@ void intercept_param_dup_cb(int table_id, MAAT_PLUGIN_EX_DATA* to, MAAT_PLUGIN_E
|
||||
}
|
||||
return;
|
||||
}
|
||||
void intercept_param_new_cb(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp)
|
||||
|
||||
void intercept_param_new_cb(const char *table_name, int table_id, const char* key, const char* table_line, void **ad, long argl, void* argp)
|
||||
{
|
||||
int ret=0;
|
||||
size_t intercept_user_region_offset=0, len=0;
|
||||
@@ -66,7 +67,7 @@ void intercept_param_new_cb(int table_id, const char* key, const char* table_lin
|
||||
struct intercept_param* param=NULL;
|
||||
|
||||
struct ssl_policy_enforcer* enforcer=(struct ssl_policy_enforcer*)argp;
|
||||
ret=Maat_helper_read_column(table_line, 7, &intercept_user_region_offset, &len);
|
||||
ret=maat_helper_read_column(table_line, 7, &intercept_user_region_offset, &len);
|
||||
if(ret<0)
|
||||
{
|
||||
TFE_LOG_ERROR(enforcer->logger, "Get intercept user region: %s", table_line);
|
||||
@@ -161,7 +162,7 @@ error_out:
|
||||
free(json_str);
|
||||
return;
|
||||
}
|
||||
void intercept_param_free_cb(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp)
|
||||
void intercept_param_free_cb(int table_id, void **ad, long argl, void* argp)
|
||||
{
|
||||
struct ssl_policy_enforcer* enforcer=(struct ssl_policy_enforcer*)argp;
|
||||
struct intercept_param* param= (struct intercept_param*) *ad;
|
||||
@@ -183,7 +184,7 @@ void intercept_param_free(struct intercept_param* param)
|
||||
return;
|
||||
}
|
||||
|
||||
void profile_param_dup_cb(int table_id, MAAT_PLUGIN_EX_DATA* to, MAAT_PLUGIN_EX_DATA* from, long argl, void* argp)
|
||||
void profile_param_dup_cb(int table_id, void **to, void **from, long argl, void* argp)
|
||||
{
|
||||
struct decryption_param* param= (struct decryption_param*) *from;
|
||||
if(param)
|
||||
@@ -197,7 +198,7 @@ void profile_param_dup_cb(int table_id, MAAT_PLUGIN_EX_DATA* to, MAAT_PLUGIN_EX_
|
||||
}
|
||||
return;
|
||||
}
|
||||
void profile_param_free_cb(int table_id, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp)
|
||||
void profile_param_free_cb(int table_id, void **ad, long argl, void* argp)
|
||||
{
|
||||
struct decryption_param* param= (struct decryption_param*) *ad;
|
||||
if(param==NULL)
|
||||
@@ -216,7 +217,7 @@ void profile_param_free(struct decryption_param* param)
|
||||
profile_param_free_cb(0, (void**)¶m, 0, NULL);
|
||||
return;
|
||||
}
|
||||
void profile_param_new_cb(int table_id, const char* key, const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long argl, void* argp)
|
||||
void profile_param_new_cb(const char *table_name, int table_id, const char* key, const char* table_line, void **ad, long argl, void* argp)
|
||||
{
|
||||
int ret=0;
|
||||
size_t offset=0, len=0;
|
||||
@@ -225,7 +226,7 @@ void profile_param_new_cb(int table_id, const char* key, const char* table_line,
|
||||
struct decryption_param* param=NULL;
|
||||
struct ssl_policy_enforcer* enforcer=(struct ssl_policy_enforcer*)argp;
|
||||
|
||||
ret=Maat_helper_read_column(table_line, 3, &offset, &len);
|
||||
ret=maat_helper_read_column(table_line, 3, &offset, &len);
|
||||
if(ret<0)
|
||||
{
|
||||
TFE_LOG_ERROR(enforcer->logger, "Get decryption param: %s", table_line);
|
||||
@@ -319,29 +320,27 @@ error_out:
|
||||
struct ssl_policy_enforcer* ssl_policy_enforcer_create(void* logger)
|
||||
{
|
||||
struct ssl_policy_enforcer* enforcer=ALLOC(struct ssl_policy_enforcer, 1);
|
||||
enforcer->maat=(Maat_feather_t)tfe_bussiness_resouce_get(STATIC_MAAT);;
|
||||
enforcer->maat=(struct maat*)tfe_bussiness_resouce_get(STATIC_MAAT);;
|
||||
enforcer->logger=logger;
|
||||
enforcer->policy_table_id=Maat_table_register(enforcer->maat, "TSG_SECURITY_COMPILE");
|
||||
enforcer->policy_table_id=maat_get_table_id(enforcer->maat, "TSG_SECURITY_COMPILE");
|
||||
assert(enforcer->policy_table_id >= 0);
|
||||
enforcer->profile_table_id=Maat_table_register(enforcer->maat, "TSG_PROFILE_DECRYPTION");
|
||||
enforcer->profile_table_id=maat_get_table_id(enforcer->maat, "TSG_PROFILE_DECRYPTION");
|
||||
assert(enforcer->profile_table_id >= 0);
|
||||
UNUSED int ret=Maat_plugin_EX_register(enforcer->maat,
|
||||
enforcer->policy_table_id,
|
||||
intercept_param_new_cb,
|
||||
intercept_param_free_cb,
|
||||
intercept_param_dup_cb,
|
||||
NULL,
|
||||
0,
|
||||
enforcer);
|
||||
UNUSED int ret=maat_plugin_table_ex_schema_register(enforcer->maat,
|
||||
"TSG_SECURITY_COMPILE",
|
||||
intercept_param_new_cb,
|
||||
intercept_param_free_cb,
|
||||
intercept_param_dup_cb,
|
||||
0,
|
||||
enforcer);
|
||||
assert(ret==0);
|
||||
ret=Maat_plugin_EX_register(enforcer->maat,
|
||||
enforcer->profile_table_id,
|
||||
profile_param_new_cb,
|
||||
profile_param_free_cb,
|
||||
profile_param_dup_cb,
|
||||
NULL,
|
||||
0,
|
||||
enforcer);
|
||||
ret=maat_plugin_table_ex_schema_register(enforcer->maat,
|
||||
"TSG_PROFILE_DECRYPTION",
|
||||
profile_param_new_cb,
|
||||
profile_param_free_cb,
|
||||
profile_param_dup_cb,
|
||||
0,
|
||||
enforcer);
|
||||
assert(ret==0);
|
||||
return enforcer;
|
||||
}
|
||||
@@ -359,7 +358,7 @@ enum ssl_stream_action ssl_policy_enforce(struct ssl_stream *upstream, void* u_p
|
||||
ret=ssl_stream_get_integer_opt(upstream, SSL_STREAM_OPT_INTERCEPT_POLICY_ID, &policy_id);
|
||||
assert(ret==0);
|
||||
snprintf(policy_id_str, sizeof(policy_id_str), "%d", policy_id);
|
||||
policy_param=(struct intercept_param *)Maat_plugin_get_EX_data(enforcer->maat, enforcer->policy_table_id, policy_id_str);
|
||||
policy_param=(struct intercept_param *)maat_plugin_table_get_ex_data(enforcer->maat, enforcer->policy_table_id, policy_id_str);
|
||||
if(policy_param==NULL)
|
||||
{
|
||||
TFE_LOG_INFO(enforcer->logger, "Failed to get intercept parameter of policy %d.", policy_id);
|
||||
@@ -374,7 +373,7 @@ enum ssl_stream_action ssl_policy_enforce(struct ssl_stream *upstream, void* u_p
|
||||
}
|
||||
|
||||
snprintf(profile_id_str, sizeof(profile_id_str), "%u", policy_param->decryption_profile_id);
|
||||
profile_param=(struct decryption_param *)Maat_plugin_get_EX_data(enforcer->maat, enforcer->profile_table_id, profile_id_str);
|
||||
profile_param=(struct decryption_param *)maat_plugin_table_get_ex_data(enforcer->maat, enforcer->profile_table_id, profile_id_str);
|
||||
if (profile_param==NULL)
|
||||
{
|
||||
TFE_LOG_INFO(enforcer->logger, "Failed to get decryption parameter of profile %s.", profile_id_str);
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
#pragma once
|
||||
#include <ssl_stream.h>
|
||||
#include <MESA/Maat_rule.h>
|
||||
#include <MESA/maat.h>
|
||||
|
||||
struct ssl_policy_enforcer;
|
||||
struct ssl_policy_enforcer* ssl_policy_enforcer_create(void* logger);
|
||||
|
||||
Reference in New Issue
Block a user