ifconfig eth0 192.168.100.2/24 up service ssh start #启动ssh服务 tar -zxvf squashfs-root.gz #解压文件系统 #挂载固件文件系统中的proc目录和dev目录到chroot环境 mount -t proc /proc/ ./squashfs-root/proc/ mount -o bind /dev/ ./squashfs-root/dev/ #在squashfs-root启动shell chroot squashfs-root sh
if [ -z "$(grep "lua_code_cache off;" /etc/nginx/conf.d/gl.conf)" ]; then sed -i '/lua_shared_dict sessions 16k;/a lua_code_cache off;' /etc/nginx/conf.d/gl.conf fi
sed -i 's/keepalive_timeout 0/keepalive_timeout 5/' /etc/nginx/nginx.conf
sed -i 's/resolver 127.0.0.1;/resolver 127.0.0.1 ipv6=off;/' /etc/nginx/conf.d/gl.conf
localfunctionrpc_method_call(id, params) --参数必须大于三个 if #params < 3then local resp = rpc.error_response(id, rpc.ERROR_CODE_INVALID_PARAMS) ngx.say(cjson.encode(resp)) return end
local sid, object, method, args = params[1], params[2], params[3], params[4] -- sid, object, method 必须是字符串 iftype(sid) ~= "string"ortype(object) ~= "string"ortype(method) ~= "string"then local resp = rpc.error_response(id, rpc.ERROR_CODE_INVALID_PARAMS) ngx.say(cjson.encode(resp)) return end -- args 如果存在则是必须是表 if args andtype(args) ~= "table"then local resp = rpc.error_response(id, rpc.ERROR_CODE_INVALID_PARAMS) ngx.say(cjson.encode(resp)) return end -- 检测sid是否有效,无效则访问不到当前会话 ngx.ctx.sid = sid -- 检测当前请求是否需要认证,不在is_no_auth白名单中的都需要认证,进入到下面的access中进行判断 ifnot rpc.is_no_auth(object, method) then --检测是否是本地访问并且请求头是glinet ifnot rpc.access("rpc", object .. "." .. method) then local resp = rpc.error_response(id, rpc.ERROR_CODE_ACCESS) ngx.say(cjson.encode(resp)) return end end
local res = rpc.call(object, method, args) iftype(res) == "number"then local resp = rpc.error_response(id, res) ngx.say(cjson.encode(resp)) return end
iftype(res) ~= "table"then res = {} end
local resp = rpc.result_response(id, res) ngx.say(cjson.encode(resp)) end
M.access = function(scope, entry, need) local headers = ngx.req.get_headers() local s = M.session() local aclgroup = s.aclgroup --检测是否是本地访问并且请求头是glinet if s.is_local and headers["glinet"] then returntrue end
-- The admin acl group is always allowed if aclgroup == "root"thenreturntrueend
ifnot aclgroup or aclgroup == ""thenreturnfalseend
local perm = db.get_perm(aclgroup, scope, entry)
ifnot need thenreturnfalseend
if need == "r"then return perm:find("[r,w]") ~= nil else return perm:find(need) ~= nil end end
M.is_no_auth = function(object, method) local c = uci.cursor()
ifnot no_auth_methods then no_auth_methods = {}
c:foreach("oui-httpd", "no-auth-methods", function(s) local ms = {}
for _, m inipairs(s.method) do ms[m] = true end
no_auth_methods[s.object] = ms end) end
if no_auth_methods[object] and no_auth_methods[object][method] then returntrue end
M.call = function(object, method, args) ngx.log(ngx.DEBUG, "call: '", object, ".", method, "'") --检查是否存在对象函数集合,没有则需要加载相关脚本 ifnot objects[object] then --构建脚本路径 local script = "/usr/lib/oui-httpd/rpc/" .. object --检查脚本是否存在,如果不存在则调用glc_call ifnot fs.access(script) then return glc_call(object, method, args) end --脚本存在则调用pcall加载脚本,如果脚本加载失败则调用glc_call,加载成功则返回一个tb表 local ok, tb = pcall(dofile, script) ifnot ok then ngx.log(ngx.ERR, tb) return glc_call(object, method, args) end --检查tb表是否为table类型,如果是则将tb表中的函数存入objects表中 iftype(tb) == "table"then local funs = {} for k, v inpairs(tb) do iftype(v) == "function"then funs[k] = v end end objects[object] = funs end end --查找并调用函数 local fn = objects[object] and objects[object][method] --如果未找到函数则调用glc_call处理 ifnot fn then return glc_call(object, method, args) end --如果存在函数则将args作为参数并调用函数 return fn(args) end