Merge branch 'new_mbed_tls' of https://192.168.14.200:3000/dtelenkov/bt-670x into new_mbed_tls

modules/Ethernet/netconf.c

@@ -331,7 +331,13 @@ void vTaskWebReinit(void * pvParameters)
 	  strcpy(sSettings.sWebParams.ip,   sSettings.sWebTempParams.ip);
 	  strcpy(sSettings.sWebParams.gate, sSettings.sWebTempParams.gate);
 	  strcpy(sSettings.sWebParams.mask, sSettings.sWebTempParams.mask);
-	  
+#ifdef HARDWARE_BT6708
+	  for(uint8_t i = 0; i < MAX_WHITE_LIST; i++){
+		  strcpy(sSettings.sWhiteList[i].ip_range, sSettings.sWhiteListTemp[i].ip_range);
+		  sSettings.sWhiteList[i].ip = sSettings.sWhiteListTemp[i].ip;
+		  sSettings.sWhiteList[i].mask = sSettings.sWhiteListTemp[i].mask;
+	  }
+#endif
 	  HTTP_SaveSettings();
 	  
 	  vTaskDelete(xHandleWebReinit);
@@ -396,7 +402,17 @@ bool GetStateWebReinit(void)
 	SetWebReinitFlag(true);
 	return true;
   }
-  
+#ifdef HARDWARE_BT6708
+  /* Изменился диапазон доверительных хостов? */
+  for(uint8_t i = 0; i < MAX_WHITE_LIST; i++){
+	  if (strstr(sSettings.sWhiteList[i].ip_range, sSettings.sWhiteListTemp[i].ip_range) == 0)
+	  {
+		// Устанавилваем флаг
+		SetWebReinitFlag(true);
+		return true;
+	  }
+  }
+#endif
   return false;
 }
 

modules/Ethernet/snmp_api.c

@@ -193,7 +193,7 @@ void SNMP_SetObjDescr(void)
   strcat(sSettings.sSnmp.sysDescr, sSettings.sInfo.serialNumber);
   strcat(sSettings.sSnmp.sysDescr, " ");
   strcat(sSettings.sSnmp.sysDescr, UPS.model);
-#ifdef HARDWARE_BT6702
+#ifndef HARDWARE_BT6706
   strcat(sSettings.sSnmp.sysDescr, " ");
   strcat(sSettings.sSnmp.sysDescr, UPS.serial);
 #endif

modules/Ethernet/trap_api.c

@@ -44,7 +44,7 @@ extern SETTINGS_t sSettings;
 /**
   * @brief  Пул всех возможных трапов устройства
   */
-TRAP_t traps[21];
+TRAP_t traps[ALL_TRAPS];
 
 /**
   * @brief  Инициализация базы трапов

modules/Ethernet/trap_api.h

@@ -48,6 +48,7 @@ typedef enum
   CONNECT_MONITOR_NORM,
   BATTERY_CONNECT_ALARM,
   BATTERY_CONNECT_NORM,
+  ALL_TRAPS
 } TRAP_LIST_t;
 
 /**

modules/HTTP_Server/http_server.c

@@ -118,6 +118,7 @@ static const char Content_Length[17] =
 {0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2d, 0x4c, 0x65, 0x6e, 0x67,0x74, 0x68, 0x3a, 0x20, };
 
 const char HTTP_304_NOT_MODIFIED[] = "HTTP/1.1 304 Not Modified\r\n\r\n";
+const char HTTP_403_NOT_WHITE_LIST[] = "HTTP/1.1 403 Forbidden\r\n\r\n";
 const char HTTP_200_OK[] = "HTTP/1.1 200 OK\r\n\r\n";
 /* utf-8 marker to support MS Excel */
 const char UTF8_BOM[] = {0xEF, 0xBB, 0xBF, 0x00};
@@ -139,6 +140,8 @@ uint8_t nameLen = 0, idLen = 0;
 uint8_t user_id; // Id of currently logged-in user
 struct fs_file file = {0, 0};
 
+static bool flagWhiteList = false;
+
 /**
   * @brief  closes tcp connection
   * @param  pcb: pointer to a tcp_pcb struct
@@ -153,7 +156,35 @@ static void close_conn(struct tcp_pcb *pcb, struct http_state *hs)
   mem_free(hs);
   tcp_close(pcb);
 }
+#ifdef HARDWARE_BT6708
+bool white_list_check(uint32_t check_remote_addr)
+{
+	bool flag = true;
+	uint32_t mask_white_list;
+	uint32_t ip_white_list;
+	char str[20];
+	uint8_t len = 0;
+
+	for(uint8_t i = 0; i < MAX_WHITE_LIST; i ++){
+		memset(str, 0, 20);
+		GetWhiteListSTR(str, &len, i);
+		GetWhiteListMask(&mask_white_list, i);
+		GetWhiteListIP(&ip_white_list, i);
+		if(strlen(str) != 0){
+
+			if((check_remote_addr & mask_white_list) == (ip_white_list & mask_white_list)){
+				flag = true;
+				break;
+			}
+			else{
+				flag = false;
+			}
+		}
+	}
 
+	return flag;
+}
+#endif
 /**
   * @brief callback function for handling TCP HTTP traffic
   * @param arg: pointer to an argument structure to be passed to callback function
@@ -168,7 +199,6 @@ static err_t http_recv(void *arg, struct tcp_pcb *pcb,  struct pbuf *p, err_t er
 	  struct http_state *hs;
 	  struct fs_file file = {0, 0};
 	  char buf[150];
-
 	  hs = arg;
 
 	  if (err == ERR_OK && p != NULL)
@@ -177,6 +207,9 @@ static err_t http_recv(void *arg, struct tcp_pcb *pcb,  struct pbuf *p, err_t er
 
 		if (hs->file == NULL)
 	    {
+#ifdef HARDWARE_BT6708
+		  flagWhiteList = white_list_check(pcb->remote_ip.addr);
+#endif
 	      data = p->payload;
 		  receivedBufLen = p->tot_len;
 		  memcpy(receiveBuf, p->payload , receivedBufLen);
@@ -1103,7 +1136,22 @@ int HTTP_ConfirmWebPwd(char *bufIn, char *bufOut, uint16_t lenBufIn, uint16_t *l
 
 	  /* Get first 50 bytes of string */
 	  strncpy(tempStr, bufIn, 49);
-
+#ifdef HARDWARE_BT6708
+	  if(!flagWhiteList){
+		  if(cnt_err_psw <= 4)
+			  cnt_err_psw ++;
+		  DBG printf("cnt_err_psw %d", cnt_err_psw);
+		  if(cnt_err_psw == 4)
+			  xTimerStart(RepeatLoginTimer, 0);
+		  strcpy(bufOut, HTTP_403_NOT_WHITE_LIST);
+		  if(cnt_err_psw < 4)
+			  strcat(bufOut,"<!DOCTYPE html><html><head><meta charset=\"utf-8\"><meta http-equiv=\"refresh\" content=\"3; url=/login.html\" /></head><center><h2>Доступ запрешен! Ваш IP-адрес находится вне диапазона доверительных хостов</h2></center></html>");
+		  else
+			  strcat(bufOut,"<!DOCTYPE html><html><head><meta charset=\"utf-8\"><meta http-equiv=\"refresh\" content=\"3; url=/login.html\" /></head><center><h2>Вход заблокирован!</h2></center></head><center><h2>Повторите попытку через 1 минуту</h2></center></html>");
+		  *lenBufOut = strlen(bufOut);
+		  return SEND_REQUIRED_YES;
+	  }
+#endif
 	  /* Add " " to the string in order GetParamValue() can be able to parse the param */
 	  strcat(tempStr, " ");
 	  GetParamValue(tempStr, "login=", login, &valueLen);
@@ -1578,9 +1626,10 @@ char* AuthenticatedFalseRoutine(uint16_t* sendLen)
 				  }
 				  else {
 					  /* Redirect to login page */
-					  fs_open("/login.html", &file);
+					 /* fs_open("/login.html", &file);
 					  *sendLen = file.len;
-					  return file.data;
+					  return file.data;*/
+					  return sendBuf;
 				  }
 
 

modules/HTTP_Server/web_params_api.c

@@ -352,7 +352,7 @@ void HTTP_GetInfo(char *buf)
   strcat(buf, "\",\"ups_model\":\"");
   strncat(buf, str, len);
 
-#ifdef HARDWARE_BT6702
+#ifndef HARDWARE_BT6706
   GetUPSSerialStr(str, &len);
   strcat(buf, "\",\"ups_sn\":\"");
   strncat(buf, str, len);

modules/MegaTec/megatec.c

@@ -102,13 +102,13 @@ void send_MegaTec_cmd(cmdMegaTecEnums_t command)
 		memset(req, 0, 10);
 		if(TimeParamFloat >= 1 && TimeParamFloat < 10)
 		{
-			sprintf(req, "%s0%f\r", MegaTecCMD[command], TimeParamFloat);
+			sprintf(req, "%s0%d\r", MegaTecCMD[command], (uint16_t)TimeParamFloat);
 		}
 		else if(TimeParamFloat < 1){
-			sprintf(req, "%s.%f\r", MegaTecCMD[command], 10*TimeParamFloat);
+			sprintf(req, "%s.%d\r", MegaTecCMD[command], (uint16_t)(10*TimeParamFloat));
 		}
 		else{
-			sprintf(req, "%s%f\r", MegaTecCMD[command], TimeParamFloat);
+			sprintf(req, "%s%d\r", MegaTecCMD[command], (uint16_t)TimeParamFloat);
 		}
 		ups_send_block(req, strlen(req));
 	}
@@ -355,7 +355,7 @@ int ups_metac_service_pdu(cmdMegaTecEnums_t command)
 			megatec_send = true;
 			if(strncmp(ups_pdu.data, "ACK", 3) == 0)
 				return 1;
-			else if(strncmp(ups_pdu.data, "NCK", 3) == 0)
+			else if(strncmp(ups_pdu.data, "NAK", 3) == 0)
 				return 0;
 
 		}

modules/Telnet_Server/telnet_server.c

@@ -52,6 +52,12 @@ static struct fd_set master_set, read_set, write_set;
 static int max_sd;
 static struct sockaddr_in sa;
 
+#ifdef HARDWARE_BT6708
+extern bool white_list_check(uint32_t check_remote_addr);
+
+static bool flagWhiteListTelnet = false;
+#endif
+
 /**
   * @brief  Общая структура настроек
   */
@@ -138,6 +144,10 @@ void vBasicSocketsCommandInterpreterTask( void *pvParameters )
     uint16_t port;
     bool enabled;
     bool firstrun = true;
+#ifdef HARDWARE_BT6708
+    struct sockaddr_in sa_temp;
+    socklen_t len;
+#endif
 
     FD_ZERO(&master_set);
 
@@ -251,6 +261,10 @@ void vBasicSocketsCommandInterpreterTask( void *pvParameters )
 						FD_SET(new_sd, &master_set);
 						if (new_sd > max_sd) {
 							max_sd = new_sd;
+#ifdef HARDWARE_BT6708
+							lwip_getpeername(new_sd, &sa_temp, &len);
+							flagWhiteListTelnet = white_list_check(sa_temp.sin_addr.s_addr);
+#endif
 							recv( new_sd, cInputString, 27, 0 );
 							telnetState = TELNET_AUTH;
 							send( new_sd, pcWelcomeMessage, strlen( ( const char * ) pcWelcomeMessage ), 0 );
@@ -498,31 +512,44 @@ static portBASE_TYPE FreeRTOS_CLIAuthProcess( const int8_t * const pcCommandInpu
 		memset(password, 0, cmdMAX_INPUT_SIZE);
 		len = strlen((char *)pcCommandInput);
 		strncpy(password, (char *)pcCommandInput, len);
-		for (user_id = 0; user_id < MAX_WEB_USERS; user_id++) {
-
-			GetUserLogin(user_id, WebLogin, &valueLen);
-			GetUserPassword(user_id, WebPassword, &valueLen);
-
-			/* Check login and password */
-			if ((strncmp(WebLogin, login, MAX_WEB_LOGIN_LEN) == 0) &&
-				(strncmp(WebPassword, password, MAX_WEB_PASSWD_LEN) == 0)) {
-
-				/* Login and pass are valid */
-				telnet_code_auth = user_id;
-				login_err = 0;
-				strcpy( ( char * ) pcWriteBuffer, "\r\nАвторизация успешно пройдена\r\n>" );
-				telnetState = TELNET_CMD;
-				xReturn = pdTRUE;
-				break;
-			}
-			else{
-				xReturn = pdFALSE;
+#ifdef HARDWARE_BT6708
+		if(!flagWhiteListTelnet){
+			xReturn = pdFALSE;
+		}
+		else
+#endif
+		{
+			for (user_id = 0; user_id < MAX_WEB_USERS; user_id++) {
+
+				GetUserLogin(user_id, WebLogin, &valueLen);
+				GetUserPassword(user_id, WebPassword, &valueLen);
+
+				/* Check login and password */
+				if ((strncmp(WebLogin, login, MAX_WEB_LOGIN_LEN) == 0) &&
+					(strncmp(WebPassword, password, MAX_WEB_PASSWD_LEN) == 0)) {
+
+					/* Login and pass are valid */
+					telnet_code_auth = user_id;
+					login_err = 0;
+					strcpy( ( char * ) pcWriteBuffer, "\r\nАвторизация успешно пройдена\r\n>" );
+					telnetState = TELNET_CMD;
+					xReturn = pdTRUE;
+					break;
+				}
+				else{
+					xReturn = pdFALSE;
+				}
 			}
 		}
 		if(xReturn == pdFALSE){
 			if(login_err < 4){
 				login_err ++;
-				strcpy( ( char * ) pcWriteBuffer, "\r\nОшибка авторизации\r\n" );
+#ifdef HARDWARE_BT6708
+				if(!flagWhiteListTelnet)
+					strcpy( ( char * ) pcWriteBuffer, "\r\nДоступ запрешен! Ваш IP-адрес находится вне диапазона доверительных хостов\r\n" );
+				else
+#endif
+					strcpy( ( char * ) pcWriteBuffer, "\r\nОшибка авторизации\r\n" );
 				strncat( ( char * ) pcWriteBuffer, ( const char * ) pcLoginHeader, strlen( ( char * ) pcLoginHeader ) );
 				xReturn = pdTRUE;
 			}

modules/parameters.c

@@ -743,10 +743,35 @@ void GetDhcpStateStrRu(char *str, uint8_t *len)
   */
 void GetWhiteListSTR(char *str, uint8_t *len, uint8_t num)
 {
-	strcpy(str, sSettings.sWhiteList[num].ip_range);
+	if (sSettings.sFlags.netsettingsChanged)
+		strcpy(str, sSettings.sWhiteListTemp[num].ip_range);
+	else
+		strcpy(str, sSettings.sWhiteList[num].ip_range);
   *len = strlen(str);
 }
 
+/**
+  * @brief  маска диапазона доверительных хостов
+  */
+void GetWhiteListMask(uint32_t *value, uint8_t num)
+{
+	if (sSettings.sFlags.netsettingsChanged)
+		*value = sSettings.sWhiteListTemp[num].mask;
+	else
+		*value = sSettings.sWhiteList[num].mask;
+}
+
+/**
+  * @brief  ip диапазона доверительных хостов
+  */
+void GetWhiteListIP(uint32_t *value, uint8_t num)
+{
+	if (sSettings.sFlags.netsettingsChanged)
+		*value = sSettings.sWhiteListTemp[num].ip;
+	else
+		*value = sSettings.sWhiteList[num].ip;
+}
+
 #endif
 
 // ************************************************************************** //
@@ -1019,7 +1044,35 @@ void SetUDPDhcpStateStr(char *str)
   */
 void SetWhiteListSTR(char *str, uint8_t num)
 {
-	strcpy(sSettings.sWhiteList[num].ip_range, str);
+	char ip_str[20];
+	char *mask_str;
+	uint32_t mask;
+	uint8_t num_octet = 0;
+
+	strcpy(sSettings.sWhiteListTemp[num].ip_range, str);
+	if(strlen(sSettings.sWhiteListTemp[num].ip_range) != 0){
+		mask_str = strstr(sSettings.sWhiteListTemp[num].ip_range, "/");
+		if(mask_str != NULL){
+			mask = atoi(&mask_str[1]);
+			sSettings.sWhiteListTemp[num].mask = 0;
+			for(uint8_t i = 0; i < mask; i ++){
+				if(i < 8)
+					num_octet = 1;
+				else
+					num_octet = i/8+1;
+				sSettings.sWhiteListTemp[num].mask |= (1 << (8*num_octet - 1 - (i - 8*(num_octet - 1))));
+			}
+
+			memset(ip_str, 0, 20);
+			strncpy(ip_str, sSettings.sWhiteListTemp[num].ip_range, (mask_str - sSettings.sWhiteListTemp[num].ip_range));
+			sSettings.sWhiteListTemp[num].ip = ipaddr_addr(ip_str);
+
+		}
+		else{
+			sSettings.sWhiteListTemp[num].mask = 0;
+			sSettings.sWhiteListTemp[num].ip = 0;
+		}
+	}
 }
 
 #endif

modules/parameters.h

@@ -236,6 +236,16 @@ void GetDhcpStateStrRu(char *str, uint8_t *len);
   */
 void GetWhiteListSTR(char *str, uint8_t *len, uint8_t num);
 
+/**
+  * @brief  маска диапазона доверительных хостов
+  */
+void GetWhiteListMask(uint32_t *value, uint8_t num);
+
+/**
+  * @brief  ip диапазона доверительных хостов
+  */
+void GetWhiteListIP(uint32_t *value, uint8_t num);
+
 #endif
 
 // ************************************************************************** //

modules/settings_api.c

@@ -24,6 +24,7 @@
 #include "task.h"
 #include "semphr.h"
 #include "main.h"
+#include "parameters.h"
 
 #include "mbedtls/certs.h"
 
@@ -245,8 +246,13 @@ void SETTINGS_SetTelnetDef(void){
   * @brief  Установить параметры списка доверительных хостов
   */
 void SETTINGS_SetWhiteListDef(void){
-	for(uint8_t i = 0; i < MAX_WHITE_LIST; i++)
-		strcpy(sSettings.sWhiteList[i].ip_range, "");
+	for(uint8_t i = 0; i < MAX_WHITE_LIST; i++){
+		strcpy(sSettings.sWhiteListTemp[i].ip_range, "");
+		SetWhiteListSTR(sSettings.sWhiteListTemp[i].ip_range, i);
+		strcpy(sSettings.sWhiteList[i].ip_range, sSettings.sWhiteListTemp[i].ip_range);
+		sSettings.sWhiteList[i].ip = sSettings.sWhiteListTemp[i].ip;
+		sSettings.sWhiteList[i].mask = sSettings.sWhiteListTemp[i].mask;
+	}
 }
 
 #endif

modules/settings_api.h

@@ -62,6 +62,8 @@ typedef struct
 typedef struct
 {
   char    ip_range[19];
+  uint32_t ip;
+  uint32_t mask;
 } WHITE_LIST_t;
 
 /**
@@ -228,6 +230,7 @@ typedef struct
 #endif
 #ifdef HARDWARE_BT6708
   WHITE_LIST_t sWhiteList[MAX_WHITE_LIST];
+  WHITE_LIST_t sWhiteListTemp[MAX_WHITE_LIST];
 #endif
   uint32_t      controlWorld;  // Слово для контроля целостности структуры настроек
   

thirdparty/lwip/src/apps/snmp/snmp_msg.c

@@ -54,7 +54,7 @@
 #endif
 
 #include <string.h>
-
+#include <stdbool.h>
 /* public (non-static) constants */
 /** SNMP community string */
 const char *snmp_community = SNMP_COMMUNITY;
@@ -169,8 +169,9 @@ static err_t snmp_parse_inbound_frame(struct snmp_request *request);
 static err_t snmp_prepare_outbound_frame(struct snmp_request *request);
 static err_t snmp_complete_outbound_frame(struct snmp_request *request);
 static void snmp_execute_write_callbacks(struct snmp_request *request);
-
-
+#ifdef HARDWARE_BT6708
+extern bool white_list_check(uint32_t check_remote_addr);
+#endif
 /* ----------------------------------------------------------------------- */
 /* implementation */
 /* ----------------------------------------------------------------------- */
@@ -190,6 +191,10 @@ snmp_receive(void *handle, struct pbuf *p, const ip_addr_t *source_ip, u16_t por
   snmp_stats.inpkts++;
 
   err = snmp_parse_inbound_frame(&request);
+#ifdef HARDWARE_BT6708
+  if(!white_list_check(request.source_ip->addr))
+	  err = ERR_TIMEOUT;
+#endif
   if (err == ERR_OK) {
     err = snmp_prepare_outbound_frame(&request);
     if (err == ERR_OK) {