/* * ssl_server.c * * Created on: 08.11.2017 * Author: balbekova */ #include "common_config.h" #ifdef SSL_SERVER_ENABLE #include "lwip/opt.h" #include "lwip/arch.h" #include "lwip/api.h" #include "lwip/tcp.h" #include "my_ssl_server.h" #include "web_params_api.h" #include "parameters.h" #include "urlcode.h" #ifdef HARDWARE_BT6703 #include "bt6703_fs/fsdata.c" #elif HARDWARE_BT6703_RT #include "bt6703_rt_fs/fsdata.c" #endif #include "settings_api.h" #include "netconf.h" #include "testing.h" #include "rtc.h" #include "rng.h" #include "megatec.h" #include "log.h" #include "hal.h" #include "radius_user.h" #include "sntp_api.h" #ifdef PRINTF_STDLIB #include #endif #ifdef PRINTF_CUSTOM #include "tinystdio.h" #endif #include #include #include "FreeRTOS.h" #include "task.h" #include "fr_timers.h" static err_t http_accept(void *arg, struct tcp_pcb *pcb, err_t err); static err_t http_recv(void *arg, struct tcp_pcb *pcb, struct pbuf *p, err_t err); static int fs_open(char *name, struct fs_file *file); static err_t http_sent(void *arg, struct tcp_pcb *pcb, u16_t len); static void send_data(struct tcp_pcb *pcb, struct http_state *hs); #ifdef HTTP_AUTH_ENABLE static void HTTP_GetUserCookie(uint8_t user_id, char *str, uint8_t *len); static void HTTP_SetUserCookie(char *str, uint8_t user_id); static void HTTP_UpdateUserLoginTime(uint8_t user_id); static void HTTP_ForceUserLogout(uint8_t user_id); void LogoutTimerCallback(TimerHandle_t pxTimer); void LoginTimerCallback(TimerHandle_t pxTimer); static void getAuthenticatedState(void); #endif static uint32_t Parse_Content_Length(char *data, uint32_t len); char *send_file(char *filename, char *pnonmatch, struct fs_file *file, uint16_t *Len); static uint32_t Parse_Header(char *data, uint32_t len, const char *field, uint32_t flen, char *value); bool GetFileName(char *inStr, char *fileName, uint8_t *fileNameLen); char sendBuf[SEND_BUF_MAX_LEN]; uint16_t sendBufLoadLen = 0; uint16_t printLen = 0; char receiveBuf[RECIVE_BUF_MAX_LEN]; uint16_t receivedBufLen = 0; #ifdef HTTP_AUTH_ENABLE #define MAX_POST_REQ_LEN 256 char post_req_data[MAX_POST_REQ_LEN]; uint32_t post_data_count = 0; uint32_t log_post_reqn; /* Logout timeout, 30 minutes */ #define WEB_LOGOUT_TIME configTICK_RATE_HZ*60*30 /* Max user active sessions count */ #define WEB_USER_MAX_SESSION_COUNT 5 struct { //auth_session_t session[WEB_USER_MAX_SESSION_COUNT]; char cookie[MAX_WEB_COOKIE_LEN]; TimerHandle_t LogoutTimer; } users[MAX_WEB_USERS]; TimerHandle_t RepeatLoginTimer; /* Repeat Login timeout, 1 minutes */ #define REPEAT_LOGIN_TIME configTICK_RATE_HZ*60*1 uint8_t cnt_err_psw = 0; bool Authenticated = false; uint8_t user_id; // Id of currently logged-in user /* Level of currently logged-in user */ uint8_t seclevel = 0xFF; #endif /* Max HTTP file name length including "/" */ #define MAX_FILENAME_LEN 32 /* Max HTTP Etag field length */ #define MAX_ETAG_LEN 48 static const char If_None_Match[] = "If-None-Match: "; static const char Etag[] = "ETag: "; static volatile uint32_t size = 0; static uint32_t TotalReceived = 0; static volatile uint32_t TotalData = 0; static uint32_t ContentLengthOffset = 0; static const char Content_Length[17] = /* Content Length */ {0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2d, 0x4c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x3a, 0x20, }; const char HTTP_304_NOT_MODIFIED[] = "HTTP/1.1 304 Not Modified\r\n\r\n"; const char HTTP_403_NOT_WHITE_LIST[] = "HTTP/1.1 403 Forbidden\r\n\r\n"; const char HTTP_401_NO_AUTH[] = "HTTP/1.1 401 No authorization\r\n\r\n"; const char HTTP_500_SERVER_ERROR[] = "HTTP/1.1 500 Internal Server Error\r\n\r\n"; const char HTTP_200_OK[] = "HTTP/1.1 200 OK\r\n\r\n"; /* utf-8 marker to support MS Excel */ const char UTF8_BOM[] = {0xEF, 0xBB, 0xBF, 0x00}; unsigned long log_ptr = 0; unsigned long log_size = 0; bool fLogTransInprog = false; static bool fl_raddius_net_err = false; /** * @brief Общая структура настроек */ extern SETTINGS_t sSettings; struct fs_file file = {0, 0}; typedef struct { char client_req[30]; uint8_t len; REQ_TYPE_SEND_t req_type_send; ACCESS_TYPE_t accsess; char *(*handler)(uint32_t reqNum, char *bufIn, char *bufOut, uint16_t lenBufIn, uint16_t *lenBufOut); } web_func_handler_t; web_func_handler_t process_web_funcs[] = { #ifdef HTTP_AUTH_ENABLE { "POST /login.cgi", 15, COMMON_ANSWER, ALL_ACCESS, HTTP_LoginPage }, { "GET /logout.cgi", 15, COMMON_ANSWER, TIME_ACCESS, HTTP_LogoutPage }, { "GET /changepwd.cgi", 18, COMMON_ANSWER, TIME_ACCESS, HTTP_ChangeUserPwd }, #endif { "GET /getJson.cgi", 16, COMMON_ANSWER, TIME_ACCESS, HTTP_GetParamsPage }, { "GET /settings.cgi", 17, COMMON_ANSWER, TIME_ACCESS, HTTP_GetSettingsPage }, { "POST /settings.cgi", 18, COMMON_ANSWER, TIME_ACCESS, HTTP_SetSettingsPage }, { "GET /getcert.cgi", 16, COMMON_ANSWER, TIME_ACCESS, HTTP_GetSert}, { "POST /srv_crt_upload.cgi", 24, COMMON_ANSWER, TIME_ACCESS, HTTP_Upload_Sert}, { "GET /info.cgi", 13, COMMON_ANSWER, TIME_ACCESS, HTTP_GetInfo }, { "POST /info.cgi", 14, COMMON_ANSWER, TIME_ACCESS, HTTP_SetInfoPage }, { "GET /history.cgi", 16, HISTORY_ANSWER, TIME_ACCESS, HTTP_HistoryPage }, { "GET /ups_history.cgi", 19, UPS_HISTORY_ANSWER, TIME_ACCESS, HTTP_UpsHistoryPage }, { "GET /reset.cgi", 14, COMMON_ANSWER, TIME_ACCESS, HTTP_Reset }, { "GET /bat_test.cgi", 17, COMMON_ANSWER, TIME_ACCESS, HTTP_UPSTest }, { "GET /ups_power.cgi", 18, COMMON_ANSWER, TIME_ACCESS, HTTP_UPSshutdown }, { "GET /reboot.cgi", 15, COMMON_ANSWER, TIME_ACCESS, HTTP_Reboot }, { "GET /confirm.cgi", 16, COMMON_ANSWER, TIME_ACCESS, HTTP_Confirm }, { "GET /fw_update.cgi", 18, COMMON_ANSWER, TIME_ACCESS, HTTP_ConfirmBootPwd }, { "GET /ups_serial.cgi", 19, COMMON_ANSWER, TIME_ACCESS, HTTP_UPS_Serial }, { "GET", 3, COMMON_ANSWER, ALL_ACCESS, HTTP_GetRequest }, { "", 0, COMMON_ANSWER, ALL_ACCESS, HTTP_NoFound }, { "", 0, 0, 0, NULL } }; /** * @brief closes tcp connection * @param pcb: pointer to a tcp_pcb struct * @param hs: pointer to a http_state struct * @retval */ static void close_conn(struct tcp_pcb *pcb, struct http_state *hs) { tcp_arg(pcb, NULL); tcp_sent(pcb, NULL); tcp_recv(pcb, NULL); mem_free(hs); err_t err = tcp_close(pcb); DBG printf("%p close = %d (pcb: %d, pbuf_pool: %d)\r\n", pcb, err, lwip_stats.memp[MEMP_TCP_PCB]->used, lwip_stats.memp[MEMP_PBUF_POOL]->used); } /** * @brief callback function for handling TCP HTTP traffic * @param arg: pointer to an argument structure to be passed to callback function * @param pcb: pointer to a tcp_pcb structure * @param p: pointer to a packet buffer * @param err: LwIP error code * @retval err */ static err_t http_recv(void *arg, struct tcp_pcb *pcb, struct pbuf *p, err_t err) { char *data; struct http_state *hs; char buf[150]; hs = arg; if (err == ERR_OK && p != NULL) { tcp_recved(pcb, p->tot_len); if (hs->file == NULL) { data = p->payload; receivedBufLen = p->tot_len; memcpy(receiveBuf, p->payload, receivedBufLen); // На производстве if (strncmp(data, "GET /setProdate.cgi", 19) == 0 && strncmp(sSettings.sFlags.testState, "T2OK", 4)) { HTTP_Prodate(receiveBuf, sendBuf, receivedBufLen, &sendBufLoadLen); hs->file = sendBuf; hs->left = sendBufLoadLen; send_data(pcb, hs); tcp_sent(pcb, http_sent); } else { strcpy(sendBuf, HTTP_200_OK); memset(buf, 0, sizeof(buf)); // strcat(sendBuf,"\r\n\r\n"); if (sSettings.sFlags.netsettingsChanged == true) { sprintf(buf, "\r\n\r\n", sSettings.sWebTempParams.ip); } else { sprintf(buf, "\r\n\r\n", sSettings.sWebParams.ip); } strcat(sendBuf, buf); // strcat(sendBuf,"1"); sendBufLoadLen = strlen(sendBuf); hs->file = sendBuf; hs->left = sendBufLoadLen; send_data(pcb, hs); tcp_sent(pcb, http_sent); } } pbuf_free(p); close_conn(pcb, hs); } if (err == ERR_OK && p == NULL) { close_conn(pcb, hs); } return ERR_OK; } /** * @brief callback function for handling connection errors * @param arg: pointer to an argument to be passed to callback function * @param err: LwIP error code * @retval none */ static void conn_err(void *arg, err_t err) { struct http_state *hs; (void)err; hs = arg; mem_free(hs); } /** * @brief callback function called after a successfull TCP data packet transmission * @param arg: pointer to an argument to be passed to callback function * @param pcb: pointer on tcp_pcb structure * @param len * @retval err : LwIP error code */ static err_t http_sent(void *arg, struct tcp_pcb *pcb, u16_t len) { struct http_state *hs; (void)len; hs = arg; if (hs->left > 0) { send_data(pcb, hs); } else { close_conn(pcb, hs); } return ERR_OK; } /** * @brief sends data found in member "file" of a http_state struct * @param pcb: pointer to a tcp_pcb struct * @param hs: pointer to a http_state struct * @retval none */ static void send_data(struct tcp_pcb *pcb, struct http_state *hs) { err_t err; u16_t len; /* We cannot send more data than space available in the send buffer */ if (tcp_sndbuf(pcb) < hs->left) { len = tcp_sndbuf(pcb); } else { len = hs->left; } err = tcp_write(pcb, hs->file, len, 0); if (err == ERR_OK) { hs->file += len; hs->left -= len; } } /** * @brief tcp poll callback function * @param arg: pointer to an argument to be passed to callback function * @param pcb: pointer on tcp_pcb structure * @retval err_t */ static err_t http_poll(void *arg, struct tcp_pcb *pcb) { if (arg == NULL) { tcp_close(pcb); } else { send_data(pcb, (struct http_state *)arg); } return ERR_OK; } /** * @brief callback function on TCP connection setup ( on port 80) * @param arg: pointer to an argument structure to be passed to callback function * @param pcb: pointer to a tcp_pcb structure * ¶m err: Lwip stack error code * @retval err */ static err_t http_accept(void *arg, struct tcp_pcb *pcb, err_t err) { struct http_state *hs; /* Allocate memory for the structure that holds the state of the connection */ hs = mem_malloc(sizeof(struct http_state)); if (hs == NULL) { return ERR_MEM; } /* Initialize the structure. */ hs->file = NULL; hs->left = 0; /* Tell TCP that this is the structure we wish to be passed for our callbacks. */ tcp_arg(pcb, hs); /* Tell TCP that we wish to be informed of incoming data by a call to the http_recv() function. */ tcp_recv(pcb, http_recv); tcp_err(pcb, conn_err); tcp_poll(pcb, http_poll, 10); return ERR_OK; } /** * @brief Opens a file defined in fsdata.c ROM filesystem * @param name : pointer to a file name * @param file : pointer to a fs_file structure * @retval 1 if success, 0 if fail */ static int fs_open(char *name, struct fs_file *file) { struct fsdata_file_noconst *f; for (f = (struct fsdata_file_noconst *)FS_ROOT; f != NULL; f = (struct fsdata_file_noconst *)f->next) { if (!strcmp(name, f->name)) { file->data = f->data; file->len = f->len; return 1; } } return 0; } /** * @brief Initialize the HTTP server (start its thread) * @param none * @retval None */ void HTTP_Init() { struct tcp_pcb *pcb; pcb = tcp_new(); tcp_bind(pcb, IP_ADDR_ANY, 80); pcb = tcp_listen(pcb); tcp_accept(pcb, http_accept); } /** * @brief Extract the Content_Length data from HTML data * @param data : pointer on receive packet buffer * @param len : buffer length * @retval size : Content_length in numeric format */ static uint32_t Parse_Content_Length(char *data, uint32_t len) { uint32_t i = 0, size = 0, S = 1; int32_t j = 0; char sizestring[6], *ptr; ContentLengthOffset = 0; /* find Content-Length data in packet buffer */ for (i = 0; i < len; i++) { if (strncmp ((char *)(data + i), Content_Length, 16) == 0) { ContentLengthOffset = i + 16; break; } } /* read Content-Length value */ if (ContentLengthOffset) { i = 0; ptr = (char *)(data + ContentLengthOffset); while (*(ptr + i) != 0x0d) { sizestring[i] = *(ptr + i); i++; ContentLengthOffset++; } if (i > 0) { /* transform string data into numeric format */ for (j = i - 1; j >= 0; j--) { size += (sizestring[j] - 0x30) * S; S = S * 10; } } } return size; } /** * @brief * @retval None */ uint8_t GetCookieValue(char *inStr, char *paramName, char *paramValue, uint8_t *paramLen) { char *beginValue = 0; char *endValue = 0; char *endValueTemp = 0; int len = 0; char *strPtr = 0; strPtr = strstr(inStr, paramName); if (strPtr != 0) { beginValue = strpbrk(strPtr, "="); endValue = strpbrk(strPtr, ";"); endValueTemp = strpbrk(strPtr, "\r"); if (endValueTemp != 0 && endValueTemp < endValue) { endValue = endValueTemp; } if (endValue == 0) { endValue = strpbrk(strPtr, "\n"); } len = endValue - beginValue - 1; strncpy(paramValue, beginValue + 1, len); *endValue = '0'; *beginValue = '0'; *paramLen = len; return 1; } else { *paramLen = 0; return 0; } } char *Parce_Boundary(const char *data, uint32_t len, char *dst, uint8_t dstlen) { char *ptr = NULL; char *boundary = NULL; uint8_t i = 0; for (uint32_t j = 0; j < len; j++) { if (strncmp ((char *)(data + j), "boundary=", 9) == 0) { boundary = (char *)data + j + 9; break; } } if (!boundary) { return NULL; } *dst++ = '-'; *dst++ = '-'; ptr = boundary; while ((*ptr != 0x0d) && (i < dstlen - 4)) { *dst++ = *ptr++; i++; } //*dst++ = '-'; //*dst++ = '-'; *dst = '\0'; if (i > 0) { return boundary; } else { return NULL; } } void ClearParamString(char *inBuf) { uint16_t len; char *str; str = strstr(inBuf, "HTTP"); if (str != 0) { len = str - inBuf; memset(str, 0, RECIVE_BUF_MAX_LEN - len - 1); } } /** * @brief * @retval None */ uint8_t GetParamValue(char *inStr, char *paramName, char *paramValue, uint8_t *paramLen) { char *beginValue = 0; char *endValue = 0; int len = 0; char *strPtr = 0; char paramName_tmp[50]; memset(paramName_tmp, 0, sizeof(paramName_tmp)); paramName_tmp[0] = '&'; strncat(paramName_tmp, paramName, strlen(paramName)); strcat(paramName_tmp, "="); strPtr = strstr(inStr, paramName_tmp); if (strPtr == 0) { paramName_tmp[0] = '0'; strPtr = strstr(inStr, paramName_tmp); if (strPtr == 0) { paramName_tmp[0] = '\n'; strPtr = strstr(inStr, paramName_tmp); } if (strPtr == 0) { paramName_tmp[0] = '?'; strPtr = strstr(inStr, paramName_tmp); } } if (strPtr != 0) { beginValue = strpbrk(strPtr, "="); endValue = strpbrk(&strPtr[1], "&"); if (endValue == 0) { endValue = strpbrk(strPtr, " "); } len = endValue - beginValue - 1; strncpy(paramValue, beginValue + 1, len); *endValue = '0'; *beginValue = '0'; *paramLen = len; return 1; } else { *paramLen = 0; return 0; } } // ----------------------------------------------------------------------------- #include "mbedtls/platform.h" #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" #include "mbedtls/certs.h" #include "mbedtls/x509.h" #include "mbedtls/net_sockets.h" #include "mbedtls/error.h" #include "mbedtls/debug.h" #include "mbedtls/memory_buffer_alloc.h" #include "mbedtls_time.h" #include "mbedtls_debug.h" #include "FreeRTOS.h" #include "task.h" #include "cert_req.h" #include #include extern unsigned char req_cert[]; static mbedtls_net_context listen_fd, client_fd; static const uint8_t *pers = (uint8_t *)("ssl_server"); mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; mbedtls_ssl_context ssl; mbedtls_ssl_config conf; mbedtls_x509_crt srvcert; mbedtls_pk_context pkey; // void ssl_server(void *pvParameters) { SSL_SERVER_STATE ssl_state = SSL_ACCEPT; char *sendPtr; int ret; mbedtls_net_init( &listen_fd ); mbedtls_net_init( &client_fd ); mbedtls_ssl_init( &ssl ); mbedtls_ssl_config_init( &conf ); mbedtls_x509_crt_init( &srvcert ); mbedtls_pk_init( &pkey ); mbedtls_entropy_init( &entropy ); mbedtls_ctr_drbg_init( &ctr_drbg ); mbedtls_platform_set_time(&MBEDTLS_GetTime); #if defined(MBEDTLS_DEBUG_C) mbedtls_debug_set_threshold(DEBUG_LEVEL); mbedtls_ssl_conf_dbg(&conf, MBEDTLS_Debug, NULL); #endif // 1. Load the certificates and private RSA key mbedtls_printf( "\r\n . Loading the server cert. and key..." ); ret = mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) sSettings.our_srv_crt, (strlen(sSettings.our_srv_crt) + 1) );//mbedtls_test_srv_crtmbedtls_test_srv_crt_len if ( ret != 0 ) { mbedtls_printf( " failed\r\n ! mbedtls_x509_crt_parse returned %d\r\n", ret ); ssl_state = SSL_CRITICAL_ERROR; } ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key, mbedtls_test_srv_key_len, NULL, 0 ); if ( ret != 0 ) { mbedtls_printf( " failed\r\n ! mbedtls_pk_parse_key returned %d\r\n", ret ); ssl_state = SSL_CRITICAL_ERROR; } mbedtls_printf( " ok\r\n" ); // 2. Setup the listening TCP socket mbedtls_printf( " . Bind on https://localhost:443/ ..." ); if ((ret = mbedtls_net_bind(&listen_fd, NULL, "443", MBEDTLS_NET_PROTO_TCP )) != 0) { mbedtls_printf( " failed\n ! mbedtls_net_bind returned %d\r\n", ret ); ssl_state = SSL_CRITICAL_ERROR; } mbedtls_printf( " ok\r\n" ); // 3. Seed the RNG mbedtls_printf( " . Seeding the random number generator..." ); if ((ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) pers, strlen( (char *)pers))) != 0) { mbedtls_printf( " failed\r\n ! mbedtls_ctr_drbg_seed returned %d\r\n", ret ); ssl_state = SSL_CRITICAL_ERROR; } mbedtls_printf( " ok\r\n" ); // 4. Setup stuff mbedtls_printf( " . Setting up the SSL data...." ); if ( ( ret = mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_SERVER, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT)) != 0) { mbedtls_printf( " failed\r\n ! mbedtls_ssl_config_defaults returned %d\r\n", ret ); ssl_state = SSL_CRITICAL_ERROR; } mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL); if ( ( ret = mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey ) ) != 0) { mbedtls_printf( " failed\r\n ! mbedtls_ssl_conf_own_cert returned %d\r\n", ret ); ssl_state = SSL_CRITICAL_ERROR; } if ( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) { mbedtls_printf( " failed\r\n ! mbedtls_ssl_setup returned %d\r\n", ret ); ssl_state = SSL_CRITICAL_ERROR; } mbedtls_printf( " ok\r\n" ); for (;;) { switch (ssl_state) { case SSL_ACCEPT : mbedtls_ssl_session_reset( &ssl ); mbedtls_printf( " . Waiting for a remote connection ...\r\n" ); if ((ret = mbedtls_net_accept(&listen_fd, &client_fd, NULL, 0, NULL)) != 0) { mbedtls_printf( " failed\r\n ! mbedtls_net_accept returned %d\r\n", ret ); ssl_state = SSL_ERROR; } else { mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL );//mbedtls_net_recv mbedtls_printf( " ok\r\n" ); ssl_state = SSL_HANDSHAKE; } break; case SSL_HANDSHAKE : mbedtls_printf( " . Performing the SSL/TLS handshake..." ); while ( ( ret = mbedtls_ssl_handshake( &ssl ) ) != 0 ) { if ( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) { mbedtls_printf( " failed\r\n ! mbedtls_ssl_handshake returned %d\r\n", ret ); ssl_state = SSL_ERROR; break; } } if (ret != 0) { ssl_state = SSL_ERROR; } else { mbedtls_printf( " ok\r\n" ); ssl_state = SSL_READ; } break; case SSL_READ : //printf("SSL_READ\r\n"); if (SSL_ReadRoutine(&ssl, (unsigned char *)receiveBuf) <= 0) { ssl_state = SSL_ERROR; } else { ssl_state = SSL_PROCESSING; } break; case SSL_PROCESSING : //printf("SSL_PROCESSING\r\n"); sendPtr = SSL_ProcessingRoutine(&sendBufLoadLen); if (sendPtr) { ssl_state = SSL_WRITE; } else { ssl_state = SSL_ACCEPT; } break; case SSL_WRITE : //printf("SSL_WRITE\r\n"); SSL_WriteRoutine(&ssl, sendPtr, sendBufLoadLen); ssl_state = SSL_CLOSE; break; case SSL_CLOSE : //printf("SSL_CLOSE\r\n"); mbedtls_ssl_close_notify(&ssl); mbedtls_net_free(&client_fd); //mbedtls_ssl_free( &ssl ); ssl_state = SSL_ACCEPT; break; case SSL_ERROR : //printf("SSL_ERROR\r\n"); //mbedtls_net_free(&client_fd); //mbedtls_ssl_free( &ssl ); mbedtls_ssl_close_notify(&ssl); mbedtls_net_free(&client_fd); ssl_state = SSL_ACCEPT; break; case SSL_CRITICAL_ERROR: //printf("SSL_CRITICAL_ERROR\r\n"); mbedtls_x509_crt_free( &srvcert ); mbedtls_pk_free( &pkey ); mbedtls_ssl_free( &ssl ); mbedtls_ssl_config_free( &conf ); mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy ); vTaskDelete(NULL); break; } } } /** * @brief Initialize the HTTPS server (start its thread) */ void HTTPS_Init() { char buf[MAX_WEB_COOKIE_LEN]; uint8_t user_id; for (user_id = 0; user_id < MAX_WEB_USERS; user_id++) { // Flush user cookie by random value sprintf(buf, "%X", (unsigned int)GetRandomNumber()); HTTP_SetUserCookie(buf, user_id); // Create user logout timers users[user_id].LogoutTimer = xTimerCreate("LogoutTmr", WEB_LOGOUT_TIME, pdFALSE, ( void * ) user_id, LogoutTimerCallback); } RepeatLoginTimer = xTimerCreate("LoginTmr", REPEAT_LOGIN_TIME, pdFALSE, ( void * ) 0, LoginTimerCallback); } // int SSL_ReadRoutine(mbedtls_ssl_context *ssl, unsigned char *recvBuf) { int ret; mbedtls_printf( " < Read from client:" ); do { receivedBufLen = RECIVE_BUF_MAX_LEN - 1; memset(recvBuf, 0, RECIVE_BUF_MAX_LEN); ret = mbedtls_ssl_read(ssl, receiveBuf, receivedBufLen); if ( ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE ) { continue; } if ( ret <= 0 ) { switch ( ret ) { case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY: mbedtls_printf( " connection was closed gracefully\r\n" ); break; case MBEDTLS_ERR_NET_CONN_RESET: mbedtls_printf( " connection was reset by peer\r\n" ); break; default: mbedtls_printf( "mbedtls_ssl_read returned -0x%x\r\n", -ret ); break; } return ret; } receivedBufLen = ret; } while (0); } // SSL_SERVER_STATE SSL_WriteRoutine(mbedtls_ssl_context *ssl, char *data, int datalen) { return SSL_SendFrames(ssl, data, datalen); } // char *SSL_ProcessingRoutine(uint16_t *sendLen) { web_func_handler_t *h; getAuthenticatedState(); if ( Authenticated == false && sSettings.sRADIUS.Auth_enable == false) { HTTP_LOGIN(sendBuf, sendLen); return sendBuf; } for (h = &process_web_funcs[0]; h->handler; h++) { if (strncmp(receiveBuf, h->client_req, h->len) == 0) { #ifdef HTTP_AUTH_ENABLE if (h->accsess == TIME_ACCESS && !Authenticated) { strcpy(sendBuf, HTTP_401_NO_AUTH); if((sSettings.sRADIUS.RDSEnable == true) && (fl_raddius_net_err == false)) strcat(sendBuf, "\r\n"); else strcat(sendBuf, "\r\n"); *sendLen = strlen(sendBuf); return sendBuf; } #endif return h->handler(0, receiveBuf, sendBuf, receivedBufLen, sendLen); } } } #define FRAME_SIZE (1000) SSL_SERVER_STATE SSL_SendFrames(mbedtls_ssl_context *ssl, char *data, int datalen) { SSL_SERVER_STATE ret; int retClose; int index = 0; int k = 0; int lastframe, nbrframes; nbrframes = datalen / FRAME_SIZE; while (nbrframes > 0) { index = k * FRAME_SIZE; if (SSL_Write(ssl, (data + index), FRAME_SIZE ) == SSL_WRITE_ERROR) { return SSL_WRITE_ERROR; } nbrframes--; k++; } index = k * FRAME_SIZE; lastframe = datalen % FRAME_SIZE ; if (SSL_Write(ssl, (data + index), lastframe ) == SSL_WRITE_ERROR) { return SSL_WRITE_ERROR; } return SSL_WRITE_OK; } SSL_SERVER_STATE SSL_Write(mbedtls_ssl_context *ssl, char *data, int datalen) { int ret; mbedtls_printf( " > Write to client:" ); while ( ( ret = mbedtls_ssl_write(ssl, data, datalen) ) <= 0 ) { if ( ret == MBEDTLS_ERR_NET_CONN_RESET ) { mbedtls_printf( " failed\r\n ! peer closed the connection\r\n" ); return SSL_WRITE_ERROR; } if ( ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE ) { mbedtls_printf( " failed\r\n ! mbedtls_ssl_write returned %d\r\n", ret ); return SSL_WRITE_ERROR; } } mbedtls_printf( " %d bytes written\r\n", ret); return SSL_WRITE_OK; } char *HTTP_HistoryPage(uint32_t reqNum, char *bufIn, char *bufOut, uint16_t lenBufIn, uint16_t *lenBufOut) { uint8_t valueLen = 0; char value[20]; (void)reqNum; (void)lenBufIn; (void)reqNum; memset(bufOut, 0, SEND_BUF_MAX_LEN); ClearParamString(bufIn); memset(value, 0, 20); GetParamValue(bufIn, "page", value, &valueLen); if (strcmp(value, "all") == 0) { if (!LOG_IsInit()) { return 0; } if (fLogTransInprog == false) { // Send log as raw data log_ptr = 0; log_size = History_GetTotalSTRCount() * STRING_SIZE_HISTORY + sizeof(UTF8_BOM) - 1; sprintf(bufOut, "HTTP/1.1 200 OK\r\nContent-Length:%lu\r\n\r\n%s", log_size, UTF8_BOM); *lenBufOut = strlen(bufOut); // Set file transfer in progress flag fLogTransInprog = true; if (SSL_SendFrames(&ssl, bufOut, *lenBufOut) == SSL_ERROR) { return 0; } HTTP_SendHistory(); return 0; } else { // We send nothing if file transfer already in progress return 0; } } else { if (!LOG_IsInit()) { return 0; } else { HTTP_GetHistoryPage(bufOut, atoi(value)); *lenBufOut = strlen(bufOut); return bufOut; } } } char *HTTP_UpsHistoryPage(uint32_t reqNum, char *bufIn, char *bufOut, uint16_t lenBufIn, uint16_t *lenBufOut) { uint8_t valueLen = 0; char value[20]; (void)lenBufIn; (void)reqNum; memset(bufOut, 0, SEND_BUF_MAX_LEN); ClearParamString(bufIn); memset(value, 0, 20); GetParamValue(bufIn, "page", value, &valueLen); if (strcmp(value, "all") == 0) { if (!LOG_IsInit()) { return 0; } if (fLogTransInprog == false) { // Send log as raw data log_ptr = 0; log_size = LOG_GetTotalSTRCount() * STRING_SIZE + sizeof(UTF8_BOM) - 1; sprintf(bufOut, "HTTP/1.1 200 OK\r\nContent-Length:%lu\r\n\r\n%s", log_size, UTF8_BOM); *lenBufOut = strlen(bufOut); // Set file transfer in progress flag fLogTransInprog = true; if (SSL_SendFrames(&ssl, bufOut, *lenBufOut) == SSL_ERROR) { return 0; } HTTP_SendLog(); return 0; } else { // We send nothing if file transfer already in progress return 0; } } else { if (!LOG_IsInit()) { return 0; } else { HTTP_GetUpsHistoryPage(bufOut, atoi(value)); *lenBufOut = strlen(bufOut); return bufOut; } } } /** * @brief Установка даты производства */ // TODO Убрать заглушку! void HTTP_Prodate(char *bufIn, char *bufOut, uint16_t lenBufIn, uint16_t *lenBufOut) { uint8_t valueLen = 0; char value[20]; (void)lenBufIn; memset(bufOut, 0, SEND_BUF_MAX_LEN); ClearParamString(bufIn); memset(value, 0, 20); GetParamValue(bufIn, "prodate", value, &valueLen); /* printf("Prodate: "); printf(value); printf("\r\n"); */ /* Устанавливаем дату производства */ SETTINGS_SetProDate(value, valueLen); /* Пока отправляем true */ strcpy(bufOut, "HTTP/1.0 200 OK\r\nContent-Type:text/html\r\n\r\nTrue"); *lenBufOut = strlen(bufOut); TEST_SetServerFlag(); } /** * @brief * @retval None */ char *HTTP_SetSettingsPage(uint32_t reqNum, char *bufIn, char *bufOut, uint16_t lenBufIn, uint16_t *lenBufOut) { char *DataOffset; (void)reqNum; if (seclevel == USER) { return 0; } DataOffset = 0; // POST Packet received TotalReceived = 0; TotalData = 0; memset(bufOut, 0, strlen(bufOut)); bufOut[0] = '0'; // parse packet for Content-length field size = Parse_Content_Length(bufIn, lenBufIn); DataOffset = strstr(bufIn, "managerIP"); // case of MSIE8 : we do not receive data in the POST packet if (DataOffset == 0) { SSL_ReadRoutine(&ssl, bufIn); DataOffset = strstr(bufIn, "managerIP"); } TotalReceived = receivedBufLen - (DataOffset - bufIn); TotalData += TotalReceived; strncat(bufOut, DataOffset, TotalReceived); for (int i = TotalData; i < size; i ++) { SSL_ReadRoutine(&ssl, bufIn); strncat(sendBuf, bufIn, receivedBufLen); TotalData += receivedBufLen; } // check if last data packet if (TotalData == size) { DBG printf("State: Received %u bytes\r\n", (unsigned int)TotalData); // printf("receive %s \r\n", sendBuf); strncat(bufOut, " ", 1); HTTP_SetSettings(bufOut, strlen(sendBuf)); memset(sendBuf, 0, size); strcpy(bufOut, HTTP_200_OK); strcat(bufOut, "\r\n"); *lenBufOut = strlen(bufOut); return bufOut; } return 0; } /** * @brief * @retval None */ void HTTP_SetSettings(char *buf, uint16_t lenBuf) { uint8_t valueLen = 0; const uint8_t len = MAX_WEB_PARAM_LEN; char value[MAX_WEB_PARAM_LEN]; char str[MAX_WEB_PARAM_LEN]; (void)lenBuf; //printf(buf); //ClearParamString(buf); #define XJSON_SETTINGS_TAG(tag, get_param, set_param) JSON_SET_PARAM(tag, set_param, buf); WEB_SETTINGS_TAGS_TABLE #undef XJSON_SETTINGS_CREATE /* Если параметры WEB изменились выставляем флаг, сохраняем настройки и перезагружаемся */ if (GetStateWebReinit() == true) { SetWebReinitFlag(true); HTTP_SaveSettings(); /* Блокируем управление ключем на тау секунд*/ //IO_KeyBlockOn(); vTaskDelay(1010); Reboot(WEB_ACT); } HTTP_SaveSettings(); } /** * @brief * @retval None */ char *HTTP_GetSert(uint32_t reqNum, char *bufIn, char *bufOut, uint16_t lenBufIn, uint16_t *lenBufOut) { (void)bufIn; (void)lenBufIn; (void)reqNum; memset(bufOut, 0, SEND_BUF_MAX_LEN); strcpy(bufOut, HTTP_200_OK); SSL_CreateReqCert(); strncpy(bufOut, req_cert, strlen(req_cert)); *lenBufOut = strlen(bufOut); return bufOut; } /** * @brief * @retval None */ char *HTTP_Upload_Sert(uint32_t reqNum, char *bufIn, char *bufOut, uint16_t lenBufIn, uint16_t *lenBufOut) { char *DataOffset; static char boundary[70]; static char *pbound = NULL; char *ContentOffset = 0; (void)reqNum; DataOffset = 0; TotalData = 0; memset(bufOut, 0, SEND_BUF_MAX_LEN); //printf("receive %s \r\n", receiveBuf); // parse packet for Content-length field size = Parse_Content_Length(bufIn, lenBufIn); pbound = Parce_Boundary(bufIn, lenBufIn, boundary, sizeof(boundary)); if (pbound != NULL) { ContentOffset = strstr(bufIn, boundary); DataOffset = strstr(ContentOffset, "\r\n\r\n"); if ( DataOffset != NULL ) { DataOffset += 4; } } else { SSL_ReadRoutine(&ssl, (unsigned char *)bufIn); bufIn[receivedBufLen] = '\0'; lenBufIn = receivedBufLen; pbound = Parce_Boundary(bufIn, lenBufIn, boundary, sizeof(boundary)); if (pbound != NULL) { ContentOffset = strstr(bufIn, boundary); DataOffset = strstr(ContentOffset, "\r\n\r\n"); if ( DataOffset != NULL ) { DataOffset += 4; } } } // case of MSIE8 : we do not receive data in the POST packet if (DataOffset == NULL) { SSL_ReadRoutine(&ssl, (unsigned char *)bufIn); bufIn[receivedBufLen] = '\0'; lenBufIn = receivedBufLen; //printf("receive2 %s \r\n", bufIn); ContentOffset = strstr(bufIn, boundary); DataOffset = strstr(ContentOffset, "\r\n\r\n"); if ( DataOffset != NULL ) { DataOffset += 4; } } TotalReceived = lenBufIn - (uint32_t)(ContentOffset - bufIn); TotalData += TotalReceived; strncat(bufOut, DataOffset, TotalReceived); while (TotalData < size) { SSL_ReadRoutine(&ssl, (unsigned char *)bufIn); bufIn[receivedBufLen] = '\0'; //printf("receive3 %s \r\n", receiveBuf); strncat(bufOut, bufIn, lenBufIn); TotalData += lenBufIn; //printf("TotalData %d \r\n", TotalData); /*printf("receivedBufLen %d \r\n", receivedBufLen); printf("TotalData %d \r\n", TotalData); printf("size %d \r\n", size); printf("receive3 %s \r\n", (receiveBuf+receivedBufLen - 30));*/ } //printf("TotalData %d \r\n", TotalData); // check if last data packet if (TotalData == size) { // printf("receive %s \r\n", sendBuf); if (strstr(bufOut, "BEGIN CERTIFICATE") != NULL) { DataOffset = strstr(bufOut, "-----END CERTIFICATE"); uint32_t len_crt = (uint32_t)(DataOffset - bufOut) + 25; memset(sSettings.our_srv_crt, 0, sizeof(sSettings.our_srv_crt)); memcpy(sSettings.our_srv_crt, bufOut, len_crt); strcat(bufOut, "\r\n"); HTTP_SaveSettings(); memset(bufOut, 0, SEND_BUF_MAX_LEN); strcpy(bufOut, HTTP_200_OK); strcat(bufOut, "1"); } else { memset(bufOut, 0, SEND_BUF_MAX_LEN); strcpy(bufOut, HTTP_200_OK); strcat(bufOut, "Некорректный сертефикат"); } *lenBufOut = strlen(bufOut); return bufOut; } return 0; } /** * @brief * @retval None */ char *HTTP_SetInfoPage(uint32_t reqNum, char *bufIn, char *bufOut, uint16_t lenBufIn, uint16_t *lenBufOut) { char *DataOffset; (void)reqNum; if (seclevel == USER) { return 0; } DataOffset = 0; // POST Packet received{ TotalReceived = 0; TotalData = 0; memset(bufOut, 0, SEND_BUF_MAX_LEN); bufOut[0] = '0'; // parse packet for Content-length field size = Parse_Content_Length(bufIn, lenBufIn); DataOffset = strstr(bufIn, "sysname"); // case of MSIE8 : we do not receive data in the POST packet if (DataOffset == 0) { SSL_ReadRoutine(&ssl, bufIn); DataOffset = strstr(bufIn, "sysname"); } TotalReceived = receivedBufLen - (DataOffset - bufIn); TotalData += TotalReceived; strncat(bufOut, DataOffset, TotalReceived); // check if last data packet if (TotalData == size) { strncat(bufOut, " ", 1); HTTP_SetInfo(bufOut, strlen(bufOut)); memset(bufOut, 0, size); strcpy(bufOut, HTTP_200_OK); strcat(bufOut, "\r\n\r\n"); *lenBufOut = strlen(bufOut); return bufOut; } return 0; } /** * @brief * @retval None */ void HTTP_SetInfo(char *buf, uint16_t lenBuf) { uint8_t valueLen = 0; const uint8_t len = 110; char value[330]; char str[110]; (void)lenBuf; // ClearParamString(buf); memset(value, 0, len); /* Название устройства */ GetParamValue(buf, "sysname", value, &valueLen); url_decode(str, sizeof(str), value); SetNameDeviceStr(str); memset(value, 0, len); /* Владелец */ GetParamValue(buf, "owner", value, &valueLen); url_decode(str, sizeof(str), value); SetOwner(str); memset(value, 0, len); /* Владелец */ GetParamValue(buf, "sysLocation", value, &valueLen); url_decode(str, sizeof(str), value); SetLocation(str); memset(value, 0, len); /* Комментарий */ GetParamValue(buf, "comment", value, &valueLen); url_decode(str, sizeof(str), value); SetComment(str); memset(value, 0, len); HTTP_SaveSettings(); } /** * @brief Запуск/останов теста UPS */ char *HTTP_UPSTest(uint32_t reqNum, char *bufIn, char *bufOut, uint16_t lenBufIn, uint16_t *lenBufOut) { uint8_t valueLen = 0; char tempValue[20]; char tempValue2[20]; int8_t res = 0; char log_string[50]; (void)lenBufIn; (void)reqNum; memset(tempValue, 0, 20); memset(tempValue2, 0, 20); memset(log_string, 0, 50); strcpy(bufOut, HTTP_200_OK); GetParamValue(bufIn, "func", tempValue, &valueLen); if (strcmp(tempValue, "stop") == 0) { res = ups_metac_service_pdu(ups_cancel_test); if (res == 1 || res == 0) { strcat(bufOut, "Команда \"Останов теста\" принята ИБП!"); strcpy(log_string, name_login); strcat(log_string, " (Останов)"); log_event_data(LOG_TEST_UPS, log_string); } if (res == -1) { strcat(bufOut, "Команда \"Останов теста\" отклонена ИБП!"); } } else if (strcmp(tempValue, "discharge") == 0) { res = ups_metac_service_pdu(ups_test_low_bat); set_act_source(WEB_ACT); if (res == 1 || res == 0) { strcat(bufOut, "Команда \"Запуск теста\" принята ИБП!"); } if (res == -1) { strcat(bufOut, "Команда \"Запуск теста\" отклонена ИБП!"); } } else if (strncmp(tempValue, "time", 6) == 0) { GetParamValue(bufIn, "time", tempValue2, &valueLen); TimeParam = atoi(tempValue2); res = ups_metac_service_pdu(ups_test_time); if (res == 1 || res == 0) { strcat(bufOut, "Команда \"Запуск теста\" принята ИБП!"); } if (res == -1) { strcat(bufOut, "Команда \"Запуск теста\" отклонена ИБП!"); } } *lenBufOut = strlen(bufOut); return bufOut; } /** * @brief Выклюение UPS */ char *HTTP_UPSshutdown(uint32_t reqNum, char *bufIn, char *bufOut, uint16_t lenBufIn, uint16_t *lenBufOut) { uint8_t valueLen = 0; char *valueLenEnd = 0; char tempValue[50]; char tempValue2[50]; int8_t res = 0; char log_string[50]; (void)lenBufIn; (void)reqNum; memset(tempValue, 0, 50); memset(log_string, 0, 50); strcpy(bufOut, HTTP_200_OK); GetParamValue(bufIn, "func", tempValue, &valueLen); if (strcmp(tempValue, "reboot") == 0) { res = ups_metac_service_pdu(ups_cancel_shut_down); if (res == 1) { strcpy(log_string, name_login); strcat(log_string, " (Останов)"); log_event_data(LOG_SHUTDOWN_UPS, log_string); strcat(bufOut, "Команда \"Отмена выключения нагрузки\" принята ИБП!"); } else { strcat(bufOut, "Команда \"Отмена выключения нагрузки\" отклонена ИБП!"); } } else if (strncmp(tempValue, "off", 5) == 0) { memset(tempValue2, 0, 50); GetParamValue(bufIn, "after", tempValue2, &valueLen); TimeParamFloat = atof(tempValue2); res = ups_metac_service_pdu(ups_shutdown); if (res == 1) { strcat(bufOut, "Команда \"Отключения нагрузки\" принята ИБП!"); log_event_data(LOG_SHUTDOWN_UPS, name_login); } else { strcat(bufOut, "Команда \"Отключения нагрузки\" отклонена ИБП!"); } } *lenBufOut = strlen(bufOut); return bufOut; } char *HTTP_UPS_Serial(uint32_t reqNum, char *bufIn, char *bufOut, uint16_t lenBufIn, uint16_t *lenBufOut) { uint8_t valueLen = 0; char tempValue[50]; (void)lenBufIn; (void)reqNum; memset(tempValue, 0, 50); strcpy(bufOut, HTTP_200_OK); GetParamValue(bufIn, "cmd_us", tempValue, &valueLen); if (valueLen <= 8) { SetUPSSerialStr(tempValue); SETTINGS_Save(); strcat(bufOut, "

Серийный номер ИБП установлен

"); } else { strcat(bufOut, "

Ошибка установки серийного номера ИБП

"); } *lenBufOut = strlen(bufOut); return bufOut; } char *HTTP_Reset(uint32_t reqNum, char *bufIn, char *bufOut, uint16_t lenBufIn, uint16_t *lenBufOut) { (void)bufIn; (void)bufOut; (void)lenBufIn; (void)reqNum; HTTP_ResetSettings(); HTTP_SaveSettings(); fs_open("/settings.html", &file); *lenBufOut = file.len; return file.data; } char *HTTP_Confirm(uint32_t reqNum, char *bufIn, char *bufOut, uint16_t lenBufIn, uint16_t *lenBufOut) { (void)bufIn; (void)bufOut; (void)lenBufIn; (void)reqNum; SetWebReinitFlag(false); SetConfirmWebParamsFlag(); fs_open("/index.html", &file); *lenBufOut = file.len; return file.data; } char *HTTP_GetRequest(uint32_t reqNum, char *bufIn, char *bufOut, uint16_t lenBufIn, uint16_t *lenBufOut) { (void)bufOut; (void)reqNum; #ifdef HTTP_AUTH_ENABLE const char *html_page_name[] = { "/main.css", "/rotek.png", "/favicon.ico", "/role.js" }; #endif char filename[MAX_FILENAME_LEN]; char nonmatch[MAX_ETAG_LEN]; char *pnonmatch = NULL; uint8_t len; memset(filename, 0, MAX_FILENAME_LEN); if (GetFileName(bufIn, filename, &len)) { /* Parce If-Non_Match value */ #ifdef HTTP_AUTH_ENABLE if (!Authenticated) { for (uint8_t i = 0; i < 4; i ++) { if (strcmp(filename, html_page_name[i]) == 0) { break; } if (i == 3) { if((sSettings.sRADIUS.RDSEnable == true) && (fl_raddius_net_err == false)) { strcpy(filename, "/rslogin.html"); } else { strcpy(filename, "/login.html"); } } } } else { HTTP_UpdateUserLoginTime(user_id); } #endif uint8_t nonmatch_len = Parse_Header(bufIn, lenBufIn, If_None_Match, 15, nonmatch); if (nonmatch_len < MAX_ETAG_LEN && nonmatch_len > 0) { //DBG printf("If_None_Match: %s\r\n", nonmatch); pnonmatch = nonmatch; } return send_file(filename, pnonmatch, &file, lenBufOut); } return 0; } char* HTTP_NoFound(uint32_t reqNum, char *bufIn, char *bufOut, uint16_t lenBufIn, uint16_t *lenBufOut) { (void)bufIn; (void)lenBufIn; (void)reqNum; if (Authenticated) { #ifdef HTTP_AUTH_ENABLE HTTP_UpdateUserLoginTime(user_id); #endif fs_open("/index.html", &file); // + *lenBufOut = file.len; return file.data; } else { strcpy(bufOut, HTTP_401_NO_AUTH); strcat(bufOut, "\r\n"); *lenBufOut = strlen(bufOut); return bufOut; } } /** * @brief Проверка пароля для перехода в режим bootloader * @retval None */ char *HTTP_ConfirmBootPwd(uint32_t reqNum, char *bufIn, char *bufOut, uint16_t lenBufIn, uint16_t *lenBufOut) { (void)bufIn; (void)lenBufIn; (void)reqNum; strcpy(bufOut, HTTP_200_OK); *lenBufOut = strlen(bufOut); /* Запускаем задачу отложенной перезагрузки. Контроллер должен успеть отправить ответ серверу о статусе пароля */ HTTP_StartResetTask(true); return bufOut; } #ifdef HTTP_AUTH_ENABLE void LoginTimerCallback(TimerHandle_t pxTimer) { cnt_err_psw = 0; DBG printf("cnt_err_psw %d", cnt_err_psw); xTimerStop(RepeatLoginTimer, 0); } /** * @brief Проверка пароля для входа в Web * @retval None */ int HTTP_ConfirmWebPwd(char *bufIn, char *bufOut, uint16_t lenBufIn, uint16_t *lenBufOut) { char tempStr[52]; char login[20]; char password[20]; uint8_t valueLen, user_id = 0xff; char *strPtr = 0; char WebPassword[MAX_WEB_PASSWD_LEN]; char WebLogin[MAX_WEB_LOGIN_LEN]; memset(login, 0, 20); memset(password, 0, 20); memset(tempStr, 0, 52); memset(name_login, 0, 50); tempStr[0] = '0'; /* Get first 50 bytes of string */ strncat(tempStr, bufIn, 49); /* Add " " to the string in order GetParamValue() can be able to parse the param */ strcat(tempStr, " "); GetParamValue(tempStr, "login", login, &valueLen); GetParamValue(tempStr, "password", password, &valueLen); if ((sSettings.sRADIUS.RDSEnable == true) && (fl_raddius_net_err == false)) { switch (RC_Login(login, password)) { case RC_ERROR: Authenticated = false; break; case RC_LOGIN_ADMIN_OK: Authenticated = true; user_id = 0; break; case RC_LOGIN_USER_OK: Authenticated = true; user_id = 1; break; case RC_NET_ERR: Authenticated = false; fl_raddius_net_err = true; strcpy(bufOut, "HTTP/1.0 200 OK\r\nContent-Type: text/html;\r\n\r\n"); strcat(bufOut, "

Ошибка соединения с RADIUS сервером

"); *lenBufOut = strlen(bufOut); return SEND_REQUIRED_NO; break; case RC_ACC_DENIED: Authenticated = false; break; default: break; } } else { for (user_id = 0; user_id < MAX_WEB_USERS; user_id++) { GetUserLogin(user_id, WebLogin, &valueLen); GetUserPassword(user_id, WebPassword, &valueLen); /* Check login and password */ if ((strncmp(WebLogin, login, MAX_WEB_LOGIN_LEN) == 0) && (strncmp(WebPassword, password, MAX_WEB_PASSWD_LEN) == 0)) { /* Login and pass are valid */ /* TODO replace global flag with user-pass-cookie */ if (cnt_err_psw < 4) { cnt_err_psw = 0; Authenticated = true; } else { Authenticated = false; } break; } else { Authenticated = false; } } } if (Authenticated) { /* Generate cookie */ sprintf(tempStr, "%X", (unsigned int)GetRandomNumber()); /* Set users cookie */ HTTP_SetUserCookie(tempStr, user_id); HTTP_UpdateUserLoginTime(user_id); /* Send login and cookie back */ strcpy(bufOut, "HTTP/1.0 200 OK\r\nContent-Type:text/html\r\nSet-Cookie: uname="); strcat(bufOut, login); strcat(bufOut, "\r\nSet-Cookie: id="); strcat(bufOut, tempStr); sprintf(tempStr, "%d", (user_id + 1)); strcat(bufOut, "\r\nSet-Cookie: role="); strcat(bufOut, tempStr); strcat(bufOut, "\r\nSet-Cookie: auth=1"); strcat(bufOut, "\r\n\r\n"); strcat(bufOut, "\r\n\r\n"); *lenBufOut = strlen(bufOut); if ((sSettings.sRADIUS.RDSEnable == true) && (fl_raddius_net_err == false)) { snprintf(name_login, (strlen(login) + 1), login); } else { fl_raddius_net_err = false; switch (user_id) { case 0: snprintf(name_login, sizeof(name_login), "Администратор"); break; case 1: snprintf(name_login, sizeof(name_login), "Пользователь"); break; default: snprintf(name_login, (strlen(login) + 1), login); break; } } log_event_data(LOG_LOGIN, name_login); /* Запускаем задачу-таймер логаута. */ /* TODO отправить ответ серверу о статусе пароля */ return SEND_REQUIRED_YES; } else { if (cnt_err_psw <= 4) { cnt_err_psw ++; } DBG printf("cnt_err_psw %d", cnt_err_psw); if (cnt_err_psw == 4) { xTimerStart(RepeatLoginTimer, 0); } strcpy(bufOut, "HTTP/1.0 200 OK\r\nContent-Type: text/html;\r\n\r\n"); if ((sSettings.sRADIUS.RDSEnable == true) && (fl_raddius_net_err == false)) { if (cnt_err_psw < 4) { strcat(bufOut, "

Не правильный логин или пароль

"); } else { strcat(bufOut, "

Вход заблокирован!

Повторите попытку через 1 минуту

"); } } else { if (cnt_err_psw < 4) { strcat(bufOut, "

Не правильный логин или пароль

"); } else { strcat(bufOut, "

Вход заблокирован!

Повторите попытку через 1 минуту

"); } } *lenBufOut = strlen(bufOut); return SEND_REQUIRED_NO; } } void HTTP_LOGIN(char *bufOut, uint16_t *lenBufOut) { char tempStr[50]; uint8_t valueLen; char WebLogin[MAX_WEB_LOGIN_LEN]; GetUserLogin(ADMIN, WebLogin, &valueLen); memset(tempStr, 0, 50); memset(name_login, 0, 50); /* TODO replace global flag with user-pass-cookie */ Authenticated = true; /* Generate cookie */ sprintf(tempStr, "%X", (unsigned int)GetRandomNumber()); /* Set users cookie */ HTTP_SetUserCookie(tempStr, ADMIN); HTTP_UpdateUserLoginTime(ADMIN); /* Send login and cookie back */ strcpy(bufOut, "HTTP/1.0 200 OK\r\nContent-Type:text/html\r\nSet-Cookie: uname="); strcat(bufOut, WebLogin); strcat(bufOut, "\r\nSet-Cookie: id="); strcat(bufOut, tempStr); strcat(bufOut, "\r\nSet-Cookie: role=0"); strcat(bufOut, "\r\nSet-Cookie: auth=0"); strcat(bufOut, "\r\n\r\n"); strcat(bufOut, "\r\n\r\n"); *lenBufOut = strlen(bufOut); snprintf(name_login, sizeof(name_login), "Администратор"); } /** * @brief Чтение Cookie пользователя */ static void HTTP_GetUserCookie(uint8_t user_id, char *str, uint8_t *len) { sprintf(str, "%s", users[user_id].cookie); *len = strlen(str); } /** * @brief Установка Cookie пользователя */ static void HTTP_SetUserCookie(char *str, uint8_t user_id) { strcpy(users[user_id].cookie, str); } /** * @brief Обновление времени последней активности пользователя */ static void HTTP_UpdateUserLoginTime(uint8_t user_id) { xTimerStart(users[user_id].LogoutTimer, 0); } /** * @brief Принудительный логаут пользователя */ static void HTTP_ForceUserLogout(uint8_t user_id) { char cookie[MAX_WEB_COOKIE_LEN]; /* Flush user cookie by random value */ sprintf(cookie, "%X", (unsigned int)GetRandomNumber()); HTTP_SetUserCookie(cookie, user_id); } /** * @brief >Callback таймера логаута пользователя */ void LogoutTimerCallback(TimerHandle_t pxTimer) { uint8_t user_id = (uint8_t)pvTimerGetTimerID( pxTimer ); if ( sSettings.sRADIUS.Auth_enable ) { HTTP_ForceUserLogout(user_id); } } /** * @brief Смена пароля пользователя * @retval None */ char *HTTP_ChangeUserPwd(uint32_t reqNum, char *bufIn, char *bufOut, uint16_t lenBufIn, uint16_t *lenBufOut) { char tempStr[110]; char value[20]; char login[20]; char password[20]; char tmp[75]; uint8_t valueLen, valueLen2, user_id; char WebLogin[MAX_WEB_LOGIN_LEN]; (void)reqNum; (void)lenBufIn; memset(login, 0, sizeof(login)); memset(password, 0, sizeof(password)); memset(tempStr, 0, sizeof(tempStr)); memset(value, 0, sizeof(value)); memset(tmp, 0, sizeof(tmp)); ClearParamString(bufIn); strncpy(tempStr, bufIn, 110); strcpy(bufOut, HTTP_200_OK); if (GetParamValue(tempStr, "username", login, &valueLen) && GetParamValue(tempStr, "oldpass", tmp, &valueLen)) { url_decode(password, sizeof(password), tmp); for (user_id = 0; user_id < MAX_WEB_USERS; user_id++) { memset(value, 0, 20); memset(WebLogin, 0, MAX_WEB_LOGIN_LEN); GetUserLogin(user_id, WebLogin, &valueLen); GetUserPassword(user_id, value, &valueLen2); /* Check login and password */ if ((strncmp(WebLogin, login, MAX_WEB_LOGIN_LEN) == 0) && (memcmp(password, value, 11) == 0)) { memset(tmp, 0, sizeof(tmp)); memset(password, 0, 20); if (GetParamValue(tempStr, "newpass", tmp, &valueLen)) { url_decode(password, sizeof(password), tmp); valueLen = strlen(password); memcpy(sSettings.sAuth[user_id].password, password, sizeof(sSettings.sAuth[user_id].password)); HTTP_SaveSettings(); log_event_data(LOG_PSW_CHANGE, name_login); strcat(bufOut, "Пароль успешно изменён"); *lenBufOut = strlen(bufOut); return bufOut; } else { strcat(bufOut, "Введены некорректные данные!"); *lenBufOut = strlen(bufOut); return bufOut; } } } strcat(bufOut, "Введён неверный пароль!"); } else { strcat(bufOut, "Введены некорректные данные!"); } *lenBufOut = strlen(bufOut); return bufOut; } // static void getAuthenticatedState(void) { char CookieBuf[51]; char *CookiePtr = NULL; char name[MAX_WEB_COOKIE_LEN]; char id[MAX_WEB_COOKIE_LEN]; uint8_t nameLen = 0, idLen = 0; receiveBuf[receivedBufLen] = '\0'; //printf("receive %s \r\n", receiveBuf); // Get cookie "uname" value memset(CookieBuf, 0, sizeof(CookieBuf)); CookiePtr = strstr(receiveBuf, "uname="); strncpy(CookieBuf, CookiePtr, 50); //printf("********CookieBuf1= %s\r\n", CookieBuf); memset(name, 0, MAX_WEB_COOKIE_LEN); GetCookieValue(CookieBuf, "uname=", name, &nameLen); //printf("********CookieBuf2= %s\r\n", CookieBuf); //printf("********uname= %s\r\n", name); memset(CookieBuf, 0, sizeof(CookieBuf)); // Get cookie "id" value CookiePtr = strstr(receiveBuf, " id="); strncpy(CookieBuf, CookiePtr, 50); //printf("********CookieBuf1= %s\r\n", CookieBuf); memset(id, 0, MAX_WEB_COOKIE_LEN); GetCookieValue(CookieBuf, "id=", id, &idLen); // printf("********ID= %s\r\n", id); seclevel = 0xFF; for (user_id = 0; user_id < MAX_WEB_USERS; user_id++) { HTTP_GetUserCookie(user_id, CookieBuf, &idLen); if (strncmp(id, CookieBuf, idLen) == 0 ) { GetUserLevelInt(user_id, &seclevel); Authenticated = true; break; } Authenticated = false; seclevel = 0xFF; } } char *HTTP_LoginPage(uint32_t reqNum, char *bufIn, char *bufOut, uint16_t lenBufIn, uint16_t *lenBufOut) { (void)reqNum; uint32_t req_data_received = 0; char *offset = 0; memset(bufOut, 0, SEND_BUF_MAX_LEN); /* parse packet for Content-length field */ post_data_count = Parse_Content_Length(bufIn, lenBufIn); printf("Content-length: %d\r\n", (int)post_data_count); if (post_data_count < MAX_POST_REQ_LEN) { memset(post_req_data, 0, MAX_POST_REQ_LEN); /* parse packet for "\r\n\r\n" */ offset = (strstr(bufIn, "\r\n\r\n")) + 4; req_data_received = lenBufIn - (offset - bufIn); printf("req data received: %d\r\n", (int)req_data_received); /* Check if "\r\n\r\n" was found */ if (offset != 0) { /* if data was splited in two packets */ if (req_data_received < post_data_count) { /* Copy request data to buffer */ snprintf(post_req_data, req_data_received, "%s", bufIn); post_data_count -= req_data_received; SSL_ReadRoutine(&ssl, (unsigned char *)bufIn); offset = bufIn; } /* if data received completely */ if (strlen(bufIn) != 0) { strncat(post_req_data, offset, post_data_count); //printf("post_req_data: %s\r\n", post_req_data); /* End reqest */ post_data_count = 0; HTTP_ConfirmWebPwd(post_req_data, bufOut, strlen(post_req_data), lenBufOut); *lenBufOut = strlen(bufOut); return bufOut; } } /* request was fragmented before "\r\n\r\n" */ else { post_data_count = 0; /* Redirect to login page */ if ((sSettings.sRADIUS.RDSEnable == true) && (fl_raddius_net_err == false)) { fs_open("/rslogin.html", &file); } else { fs_open("/login.html", &file); } *lenBufOut = file.len; return file.data; } } else { DBG printf("Too long POST request!\r\n"); /* Ignore request */ post_data_count = 0; /* Redirect to login page */ if ((sSettings.sRADIUS.RDSEnable == true) && (fl_raddius_net_err == false)) { fs_open("/rslogin.html", &file); } else { fs_open("/login.html", &file); } *lenBufOut = file.len; return file.data; } return 0; } char *HTTP_LogoutPage(uint32_t reqNum, char *bufIn, char *bufOut, uint16_t lenBufIn, uint16_t *lenBufOut) { (void)bufIn; (void)bufOut; (void)lenBufIn; (void)reqNum; Authenticated = false; seclevel = 0xFF; if ((sSettings.sRADIUS.RDSEnable == true) && (fl_raddius_net_err == false)) { fs_open("/rslogin.html", &file); } else { fs_open("/login.html", &file); } *lenBufOut = file.len; return file.data; } #endif /** * @brief Send callback for log file transfer (messages as is, not ordered) */ void HTTP_SendHistory(void) { uint32_t nbytes = 0; static bool start = true; memset(logFileBuf, 0, FILE_BUF_MAX_LEN); if (log_ptr + FILE_BUF_MAX_LEN <= log_size) { nbytes = History_GetData(log_ptr, logFileBuf, FILE_BUF_MAX_LEN, start); } else if (log_ptr < log_size) { nbytes = History_GetData(log_ptr, logFileBuf, (log_size - log_ptr), start); } else { nbytes = 0; } log_ptr += nbytes; start = false; if (nbytes == 0) { // File transfer finished. start = true; // Clear file transfer in progress flag fLogTransInprog = false; return; } SSL_SendFrames(&ssl, logFileBuf, nbytes); HTTP_SendHistory(); } /** * @brief Sent callback for log file transfer (messages as is, not ordered) */ void HTTP_SendLog(void) { uint32_t nbytes = 0; static bool start = true; memset(logFileBuf, 0, FILE_BUF_MAX_LEN); if (log_ptr + FILE_BUF_MAX_LEN_LOG <= log_size) { nbytes = LOG_GetData(log_ptr, logFileBuf, FILE_BUF_MAX_LEN_LOG, start); } else if (log_ptr < log_size) { nbytes = LOG_GetData(log_ptr, logFileBuf, (log_size - log_ptr), start); } else { nbytes = 0; } log_ptr += nbytes; start = false; if (nbytes == 0) { // File transfer finished. start = true; // Clear file transfer in progress flag fLogTransInprog = false; return; } SSL_SendFrames(&ssl, logFileBuf, nbytes); HTTP_SendLog(); return; } /** * @brief sends file from flash FS * @param filename: pointer to the file name to send * @param pnonmatch: pointer to the If-Non_Match value * @param pcb: pointer to a tcp_pcb struct * @param hs: pointer to a http_state struct * @param file: pointer to a fs_file struct * @retval */ char *send_file(char *filename, char *pnonmatch, struct fs_file *file, uint16_t *Len) { int res = 0; char etag[MAX_ETAG_LEN]; char *petag = NULL; res = fs_open(filename, file); if (res == 0) { printf("Not found: %s\r\n", filename); sprintf(filename, "/index.html"); fs_open(filename, file); } /* Find Etag value */ uint8_t etag_len = Parse_Header(file->data, file->len, Etag, 6, etag); if (etag_len < MAX_ETAG_LEN && etag_len > 0) { DBG printf("Etag: %s\r\n", etag); petag = etag; } /* Compare Etag and If-Non-Match fields */ if (pnonmatch && petag && (strcmp(pnonmatch, petag) == 0)) { /* Send 304 code */ sprintf(sendBuf, HTTP_304_NOT_MODIFIED); DBG printf(sendBuf); *Len = strlen(sendBuf); return sendBuf; } else { *Len = file->len; return file->data; } } /** * @brief Extract the custom field data from HTML data * @param data : pointer on receive packet buffer * @param len : buffer length * @param field : field name * @param flen : field name length * @retval value : pointer for field data */ static uint32_t Parse_Header(char *data, uint32_t len, const char *field, uint32_t flen, char *value) { uint32_t i = 0, size = 0; char *ptr; uint32_t Offset = 0; /* Find field name in data buffer */ for (i = 0; i < len; i++) { if (strncmp ((char *)(data + i), field, flen) == 0) { Offset = i + flen; break; } } /* Copy Field value */ if (Offset) { i = 0; ptr = (char *)(data + Offset); while (*(ptr + i) != 0x0d) { value[i] = *(ptr + i); i++; } value[i] = '\0'; size = i; } return size; } /** * @brief * @retval None */ bool GetFileName(char *inStr, char *fileName, uint8_t *fileNameLen) { char *beginValue = NULL; char *endValue = NULL; int len = 0; char *strPtr = NULL; strPtr = strstr(inStr, "GET"); if (strPtr == NULL) { strPtr = strstr(inStr, "POST"); } if (strPtr == NULL) { *fileNameLen = 0; return false; } else { beginValue = strpbrk(strPtr, "/"); endValue = strpbrk(beginValue, " "); if (endValue == NULL) { *fileNameLen = 0; return false; } len = endValue - beginValue; if (len < MAX_FILENAME_LEN) { strncpy(fileName, beginValue, len); *fileNameLen = len; fileName[len] = '\0'; return true; } else { return false; } } } #endif