CN117435249A - Instruction execution method and device and electronic equipment - Google Patents

Instruction execution method and device and electronic equipment Download PDF

Info

Publication number
CN117435249A
CN117435249A CN202311382545.9A CN202311382545A CN117435249A CN 117435249 A CN117435249 A CN 117435249A CN 202311382545 A CN202311382545 A CN 202311382545A CN 117435249 A CN117435249 A CN 117435249A
Authority
CN
China
Prior art keywords
input instruction
information
instruction
user
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311382545.9A
Other languages
Chinese (zh)
Inventor
方海涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lenovo Beijing Ltd
Original Assignee
Lenovo Beijing Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lenovo Beijing Ltd filed Critical Lenovo Beijing Ltd
Priority to CN202311382545.9A priority Critical patent/CN117435249A/en
Publication of CN117435249A publication Critical patent/CN117435249A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/30003Arrangements for executing specific machine instructions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/30Arrangements for executing machine instructions, e.g. instruction decode
    • G06F9/30145Instruction analysis, e.g. decoding, instruction word fields

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The application discloses an instruction execution method, an instruction execution device and electronic equipment, wherein the method comprises the following steps: setting an instruction set; acquiring a first input instruction and determining whether the first input instruction belongs to the instruction set; and if the first input instruction belongs to the instruction set and the user information accords with the operation condition, executing the first input instruction.

Description

Instruction execution method and device and electronic equipment
Technical Field
The present invention relates to the field of electronic devices such as remote access servers, and in particular, to a method and an apparatus for executing an instruction, and an electronic device.
Background
The client can remotely log in the electronic equipment such as the server so as to facilitate interaction, for example, the client can log in a system administrator account through BMC IP and enter the Linux defshell by default, and further can check, modify, delete and the like the BMC file system. However, in the remote interaction mode, the electronic equipment cannot respond to the client in a grading manner, so that confidentiality of file account numbers in the BMC and asset information of the server is not facilitated, and great potential safety hazards are brought.
Disclosure of Invention
The embodiment of the application provides an instruction execution method, an instruction execution device and electronic equipment, wherein the instruction execution method comprises the following steps:
setting an instruction set;
acquiring a first input instruction and determining whether the first input instruction belongs to the instruction set;
and if the first input instruction belongs to the instruction set and the user information accords with the operation condition, executing the first input instruction.
Optionally, if the first input instruction belongs to the instruction set and the user information meets the operation condition, executing the first input instruction includes:
determining access rights of an access target system based on the user information, wherein access contents corresponding to different access rights are different;
and if the first input instruction belongs to the instruction set and the access right meets the right condition, executing the first input instruction based on the access right.
Optionally, the method further comprises:
if the first input instruction does not belong to the instruction set, determining whether a preset list comprises corresponding content of the first input instruction;
if the preset list comprises the corresponding content of the first input instruction, performing first response on the first input instruction, otherwise, performing second response on the first input instruction;
and the system resources of the target system respectively called by the first response and the second response are different.
Optionally, the determining the access right of the access target system based on the user information includes:
determining at least corresponding user name authority according to the user information;
and determining the corresponding access right of the user based on the user information, the user name right and the first input instruction.
Optionally, the performing the first response to the first input instruction includes:
determining key information based on the first input instruction;
formatting the key information to generate first feedback information;
wherein the first feedback information includes at least asset information.
Optionally, the performing a second response to the first input instruction includes:
determining non-critical information based on the first input instruction, wherein the non-critical information includes at least one of: bus information and network information;
formatting the non-key information to generate second feedback information;
wherein the second feedback information includes at least server-related configuration attribute information.
Optionally, the formatting is used to clear unnecessary information so that the user gets accurate feedback.
The embodiment of the application also provides an instruction execution device, which comprises:
a setting module configured to set a set of instructions;
an acquisition module configured to acquire a first input instruction and determine whether the first input instruction belongs to the instruction set;
and the processing module is configured to execute the first input instruction if the first input instruction belongs to the instruction set and the user information accords with the operation condition.
The embodiment of the application also provides electronic equipment, which comprises a processor and a memory, wherein the memory stores executable programs, and the memory executes the executable programs to perform the steps of the method.
Embodiments of the present application also provide a storage medium carrying one or more computer programs which, when executed by a processor, implement the steps of the method as described above.
Drawings
FIG. 1 is a flow chart of an instruction execution method according to an embodiment of the present application;
FIG. 2 is a flow chart of one embodiment of step S300 of FIG. 1 according to an embodiment of the present application;
FIG. 3 is a flow chart of one embodiment of an instruction execution method of an embodiment of the present application;
FIG. 4 is a flow chart of one embodiment of step S500 of FIG. 3 according to an embodiment of the present application;
FIG. 5 is a flowchart of another embodiment of step S500 in FIG. 3 according to an embodiment of the present application;
FIG. 6 is a flow chart of another embodiment of an instruction execution method of an embodiment of the present application;
FIG. 7 is a flow chart of one embodiment of determining access rights according to embodiments of the present application;
fig. 8 is a block diagram of an instruction execution device according to an embodiment of the present application.
Detailed Description
Various aspects and features of the present application are described herein with reference to the accompanying drawings.
It should be understood that various modifications may be made to the embodiments of the application herein. Therefore, the above description should not be taken as limiting, but merely as exemplification of the embodiments. Other modifications within the scope and spirit of this application will occur to those skilled in the art.
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the application and, together with a general description of the application given above and the detailed description of the embodiments given below, serve to explain the principles of the application.
These and other characteristics of the present application will become apparent from the following description of a preferred form of embodiment, given as a non-limiting example, with reference to the accompanying drawings.
It is also to be understood that, although the present application has been described with reference to some specific examples, those skilled in the art can certainly realize many other equivalent forms of the present application.
The foregoing and other aspects, features, and advantages of the present application will become more apparent in light of the following detailed description when taken in conjunction with the accompanying drawings.
Specific embodiments of the present application will be described hereinafter with reference to the accompanying drawings; however, it is to be understood that the disclosed embodiments are merely exemplary of the application, which can be embodied in various forms. Well-known and/or repeated functions and constructions are not described in detail to avoid obscuring the application with unnecessary or excessive detail. Therefore, specific structural and functional details disclosed herein are not intended to be limiting, but merely serve as a basis for the claims and as a representative basis for teaching one skilled in the art to variously employ the present application in virtually any appropriately detailed structure.
The specification may use the word "in one embodiment," "in another embodiment," "in yet another embodiment," or "in other embodiments," which may each refer to one or more of the same or different embodiments as per the application.
The instruction execution method can be applied to electronic equipment such as a server, and can coordinate and manage equipment such as a client accessing the electronic equipment, so that data security is ensured. The electronic devices such as the server are provided with Shell programs (management programs), such as a custom CLI Shell program, and clients accessing the server are managed based on the Shell programs, so that data in the electronic devices such as the server are protected. The method comprises the following steps: a set of instructions is set, wherein the set of instructions is a set of instructions associated with the electronic device, including instructions of a platform interface of the electronic device, custom instructions, or other preset instructions, such as including IPMI instructions. When a user accesses the server through a client and other devices, the password input by the user is verified, and after the password passes the verification, the shell program for managing the working process can be initialized. The user sends the first input instruction to the server through the client, and the first input instruction can be compared with the instruction set based on the shell program. And if the first input instruction is determined to belong to the instruction set and the user information accords with the operation condition, executing the first input instruction. By judging whether the first input instruction belongs to the instruction set or not and whether the user information accords with the operation condition or not, the instruction used by the user is limited to be the instruction set so as to access the server, and the internal files in the server are ensured not to be leaked. Moreover, the user information needs to be judged to determine whether the user information meets the operation condition, such as judging the user authority, so as to further determine whether the current access request meets the requirement. In addition, when executing the first input instruction, the corresponding data in the server may be called and output by using a management tool (such as ipmitool) according to the first input instruction.
The method is described in detail below with reference to the accompanying drawings, and fig. 1 is a flowchart of an instruction execution method according to an embodiment of the present application, and as shown in fig. 1, the method includes the following steps:
s100, setting an instruction set.
The instruction set may be, for example, a set of instructions associated with an electronic device such as a server, may be instructions of a platform interface of the electronic device, custom instructions, and/or other preset instructions. For example, the instruction set is a set IPMI (Intelligent Platform Management Interface) instruction set.
The set of instructions may be used to protect data in a server. For instructions that do not belong to the instruction set, the service may reject the response, thereby protecting the data therein.
In one embodiment, the setting of the instruction set may be based on setting a shell program on the electronic device, or may be set according to a platform interface of the server, or may be set in a customized manner according to a specific application scenario.
S200, acquiring a first input instruction and determining whether the first input instruction belongs to the instruction set.
For example, in accessing an electronic device such as a server, a user may input a first input instruction to the server through a client to request the server to respond thereto. The method comprises the steps that electronic equipment such as a server acquires a first input instruction and analyzes specific content of the first input instruction.
Specifically, the first input instruction is compared with instructions contained in the instruction set to determine whether the first input instruction belongs to the instruction set. When the comparison operation is performed, on one hand, the first input instruction and the instructions in the instruction set can be compared one by one; on the other hand, the first input instruction can be compared with the instruction with higher frequency of use in the instruction set preferentially, and then the first input instruction can be compared with the instruction with lower frequency of use in the instruction set. Thereby improving the processing efficiency.
S300, if the first input instruction belongs to the instruction set and the user information accords with the operation condition, executing the first input instruction.
Illustratively, the user information includes user login information, user rights, and the like, which are related to the user. Before executing the first input instruction, user information needs to be detected to determine whether information such as login information, user authority and the like meets operation conditions, so that the identity of the user and the access authority of the user to a target system in the server are determined.
In this embodiment, when the first input instruction belongs to the instruction set and the user information meets the operation condition, it is determined that the instruction accessing the target system in the server meets the requirements of the Shell program, for example, meets the instruction requirements of the CLI Shell program, and the user identity and the corresponding authority meet the corresponding operation condition, and the first input instruction is executed. Therefore, reasonable management of the client is realized, and the client can be classified and managed according to the user information while illegal user login is prevented. The data security is ensured.
For example, the instruction set includes the following instructions: lan, chassis, power, event, mc, sdr, sensor, fru, gendev, sel, pef, sol, user, channel, session, dcmi. When the first input instruction is judged to be at least one of the above-described instructions, it may be determined that the first input instruction belongs to the instruction set. It is determined that the first input instruction for accessing the server meets the requirements of the shell program. And further judging whether the user information accords with the operation condition. Thereby determining whether to execute the first input instruction based on the above-described determination. If the first input instruction belongs to the instruction set and the user information accords with the operation condition, the first input instruction is executed, so that the identity of the client is judged, the identity of the client is effectively and reasonably managed, and the data in the server is prevented from being leaked.
According to the method, whether the access of the user to the target system in the server meets the operation condition can be determined based on the constructed instruction set and the user information, so that reasonable management of the access user can be achieved, the client is subjected to grading response, and the data security of the BMC internal file account number of the server and the server asset information is ensured.
In one embodiment of the present application, if the first input instruction belongs to the instruction set and the user information meets the operation condition, executing the first input instruction, as shown in fig. 2, includes:
and S310, determining access rights of an access target system based on the user information, wherein the access contents corresponding to different access rights are different.
The user information includes login information of the user, user authority and other information related to the user, and the server can acquire the user information and determine the access authority of the client to access the target system through the user information in the process of accessing the server.
The access rights have corresponding levels, and the higher the level, the more the corresponding access content. Conversely, the lower the level, the less the corresponding access content. Therefore, the client can be managed according to the access authority of the client to the target system in the server, and the data security in the server is ensured.
For example, the access rights include administrator rights, advanced access rights, general access rights, and the like. The access contents of the access target systems corresponding to different access rights are different. The access content corresponding to the plurality of access rights is gradually reduced.
S320, if the first input instruction belongs to the instruction set and the access right meets the right condition, executing the first input instruction based on the access right.
For example, if the first input instruction belongs to the instruction set, it indicates that the first input instruction input through the client meets the instruction requirement of the shell program of the server, and is not an illegal instruction, and the first input instruction is adapted to the target system on the server. In addition, if the access authority of the client meets the authority condition, the client does not exceed the preset authority for the client when accessing the target system, so that the current access of the client is determined not to cause leakage of irrelevant data, and the access operation of the client is classified. So that the first input instruction can be executed based on the access rights of the client. For example, the target system in the server may respond to the first input instruction and feed back corresponding data to the client.
Preferably, the determining the access right of the access target system based on the user information includes:
determining at least corresponding user name authority according to the user information;
and determining the corresponding access right of the user based on the user information, the user name right and the first input instruction.
Illustratively, the user information includes information related to the user. And determining at least the user name of the baseboard management controller, the network address corresponding to the baseboard management controller, the user key and other information according to the user information. The user identity and the information related to the user identity can be determined through the user information. And further can be used as a data basis and a basis for determining the corresponding access rights of the user.
Furthermore, the first input instruction which has been confirmed to belong to the instruction set may be packaged, and the corresponding access right of the user may be determined based on the user information, the user name right, and the packaged first input instruction.
In one embodiment, on the one hand, the user identity may be determined according to a user name in the user information acquired from the client after the client logs into the server, and the associated attribute information (such as a user name, a network address, etc. of the associated baseboard management controller) may be acquired, where the user identity corresponds to a user name authority, such as an administrator identity, a general user identity, and an operator identity. The user name authority of the manager identity is higher than that of the common user, and the user name authority of the common user is higher than that of the operator user. Correspondingly, when the access right of the user for the server or the target system in the server is determined based on the user information, the user name authority and the first input instruction, the access right corresponding to the determined manager identity is higher than the access right of the common user, and the access right of the common user is higher than the access right of the operator user.
On the other hand, the user name authority may be comprehensively determined based on the user name in the user information and the attribute information. For example, the user name authority is comprehensively determined through the user name, the user name of the baseboard management controller used by the user name, the network address (BMCIP) and the environment variable connection information, and then the access authority of the user for the server or the target system in the server is determined based on the user information, the user name authority and the first input instruction.
In another embodiment, the determining the access right to the access target system based on the user information further includes:
determining at least corresponding user name authority, user key and attribute information according to the user information;
and determining the corresponding access right of the user based on the user name right, the user key and the first input instruction.
Referring to fig. 7, in the process of logging in the server, the client obtains USER information through the daemon SSH, and further obtains a USER name (BMC USER) of the baseboard management controller, a USER name (getenv USER) corresponding to an environment variable, a network address (BMC IP), and environment variable CONNECTION information (geteny ssh_connection) based on the USER information, and determines a USER name authority based on the USER information, and further determines a communication interface authority based on the USER name authority, such as UDS (Unix Domain Socket) authority. After the user key in the user information is obtained, the user key can be read through a custom command (password oem cmd), and further the user password can be verified. And continuing to respond to the first input instruction after the verification is passed.
Furthermore, the IPMI cmd is obtained and packaged, and based on the user information and the packaged IPMI cmd, the corresponding access rights of the user are determined by utilizing a common IPMI authentication module used in the IPMI user rights authentication logic.
In one embodiment of the present application, as shown in fig. 6, the method further includes: and under the condition that a login request of a target system of a client requesting to login the server is acquired, monitoring the login of the user through the SSH. Performing key verification on the login request; giving access authorization to the client under the condition that the key verification is passed; a Shell program (hypervisor) such as CLI Shell program is run.
Further, an initialization operation is performed on a management program for managing the login process. Wherein, the initializing operation of the management program for managing the login process includes: registering a management function and/or a management instruction of the management program; user information on a remotely connected client is obtained through SSH.
In one embodiment of the present application, as shown in fig. 3, the method further comprises the steps of:
s400, if the first input instruction does not belong to the instruction set, determining whether a preset list comprises corresponding content of the first input instruction;
s500, if the preset list comprises the corresponding content of the first input instruction, performing a first response to the first input instruction, otherwise, performing a second response to the first input instruction;
and the system resources of the target system respectively called by the first response and the second response are different.
For example, in one embodiment, if it is determined that the first input instruction does not belong to the instruction set, alert information may be generated, thereby informing the user that the current client performs an illegal access operation. And then comparing the corresponding content of the first input instruction with the content in the preset list.
In one aspect, the preset list may include an instruction set to compare the first input instruction to the instruction combination; on the other hand, the preset list further includes information of relevant software and/or hardware of the server or the target system in the server, such as bus information (e.g. pcie information), memory information, CPU information, GPU information, network information, memory information (dimm information), power supply information (psu information), storage information (storage information), system information (system information), and the like.
Although the first input instruction may not be executed if it does not belong to the instruction set, other responses may be made to the client. Specifically, it is determined whether the preset list includes corresponding contents of the first input instruction. If the preset list includes the corresponding content of the first input instruction, if the first input instruction is a request for obtaining CPU information, a first response may be performed on the first input instruction, for example, the CPU information of the server is fed back to the client. And if the preset list does not comprise the corresponding content of the first input instruction, performing a second response on the first input instruction. The second response may simply inform the client that the request has been received but no information feedback has been made or only non-critical information has been fed back. Therefore, the adaptive management of the client according to the specific situation of the client is realized.
In one embodiment of the present application, the first response to the first input instruction, as shown in fig. 4 and in combination with fig. 6, includes the following steps:
s510, determining key information based on the first input instruction;
s520, formatting the key information to generate first feedback information;
wherein the first feedback information includes at least asset information.
By way of example, the key information may be important asset information related to the software and/or hardware of the server, such as CPU information of the server, calculation information, server number information, and the like. When the first response is performed on the first input instruction, key information corresponding to the first input instruction may be determined, and if the first input instruction is an instruction for acquiring the CPU information of the server, the CPU information of the server may be determined based on the first input instruction. And formatting the CPU information to delete unnecessary information in the CPU information, and generating first feedback information to enable a user to more intuitively see the content in the first feedback information.
In one embodiment of the present application, the second responding to the first input instruction, as shown in fig. 5 and in combination with fig. 6, includes:
s530, determining non-critical information based on the first input instruction, wherein the non-critical information comprises at least one of the following: bus information and network information;
s540, formatting the non-key information to generate second feedback information;
wherein the second feedback information includes at least server-related configuration attribute information.
By way of example, the critical information may be relatively unimportant configuration attribute information associated with the software and/or hardware of the server, such as network information of the server, i2c bus information, and the like. When the first response is performed on the first input instruction, non-key information corresponding to the first input instruction may be determined, and if the first input instruction is an instruction for acquiring network information of the server, the network information of the server may be determined based on the first input instruction. And formatting the network information to delete unnecessary information in the network information, and generating second feedback information to enable a user to more intuitively see the content in the second feedback information.
Preferably, the formatting is used to clear unnecessary information so that the user gets accurate feedback. For example, the server needs unnecessary information such as serial number information and indication information in addition to the CPU information in the key information to be fed back, and the serial number information and the indication information are removed from the first feedback information generated by formatting the key information, so that the user can more intuitively view the CPU information.
Based on the same inventive concept, the embodiment of the present application further provides an instruction execution apparatus, as shown in fig. 8, including:
a setting module configured to set the instruction set.
The instruction set may be, for example, a set of instructions associated with an electronic device such as a server, may be instructions of a platform interface of the electronic device, custom instructions, and/or other preset instructions. For example, the instruction set is IPMI (Intelligent Platform Management Interface) instruction set by the setting module.
The set of instructions may be used to protect data in a server. For instructions that do not belong to the instruction set, the service may reject the response, thereby protecting the data therein.
In one embodiment, the setting module may be set based on a shell program set on the electronic device during the process of setting the instruction set, may be set according to a platform interface of the server, or may be set in a customized manner according to a specific application scenario.
An acquisition module configured to acquire a first input instruction and determine whether the first input instruction belongs to the instruction set.
For example, in accessing an electronic device such as a server, a user may input a first input instruction to the server through a client to request the server to respond thereto. The method comprises the steps that an acquisition module of electronic equipment such as a server acquires a first input instruction and analyzes specific content of the first input instruction.
Specifically, the acquisition module compares the first input instruction with instructions included in the instruction set to determine whether the first input instruction belongs to the instruction set. When the comparison operation is performed, on one hand, the first input instruction and the instructions in the instruction set can be compared one by one; on the other hand, the first input instruction can be compared with the instruction with higher frequency of use in the instruction set preferentially, and then the first input instruction can be compared with the instruction with lower frequency of use in the instruction set. Thereby improving the processing efficiency.
And the processing module is configured to execute the first input instruction if the first input instruction belongs to the instruction set and the user information accords with the operation condition.
Illustratively, the user information includes user login information, user rights, and the like, which are related to the user. The processing module is required to detect the user information before executing the first input instruction, so as to determine whether the information such as login information, user authority and the like accords with the operation condition, thereby determining the identity of the user and the access authority of the user to the target system in the server.
In this embodiment, when the first input instruction belongs to the instruction set and the user information meets the operation condition, the processing module determines that the instruction accessing the target system in the server meets the requirements of the Shell program, for example, meets the instruction requirements of the CLI Shell program, and the user identity and the corresponding authority meet the corresponding operation condition, and executes the first input instruction. Therefore, reasonable management of the client is realized, and the client can be classified and managed according to the user information while illegal user login is prevented. The data security is ensured.
For example, the instruction set includes the following instructions: lan, chassis, power, event, mc, sdr, sensor, fru, sel, pef, sol, user, channel, session, dcmi. When the processing module determines that the first input instruction is at least one of the above instructions, it may be determined that the first input instruction belongs to the instruction set. It is determined that the first input instruction for accessing the server meets the requirements of the shell program. The processing module further judges whether the user information accords with the operation condition. Thereby determining whether to execute the first input instruction based on the above-described determination. If the first input instruction belongs to the instruction set and the user information accords with the operation condition, the processing module executes the first input instruction, so that the identity of the client is judged and effectively and reasonably managed, and the data in the server is prevented from being leaked.
In one embodiment of the present application, the processing module is further configured to:
determining access rights of an access target system based on the user information, wherein access contents corresponding to different access rights are different;
and if the first input instruction belongs to the instruction set and the access right meets the right condition, executing the first input instruction based on the access right.
In one embodiment of the present application, the processing module is further configured to:
if the first input instruction does not belong to the instruction set, determining whether a preset list comprises corresponding content of the first input instruction;
if the preset list comprises the corresponding content of the first input instruction, performing first response on the first input instruction, otherwise, performing second response on the first input instruction;
and the system resources of the target system respectively called by the first response and the second response are different.
In one embodiment of the present application, the processing module is further configured to:
determining at least corresponding user name authority according to the user information;
and determining the corresponding access right of the user based on the user information, the user name right and the first input instruction.
In one embodiment of the present application, the processing module is further configured to:
determining key information based on the first input instruction;
formatting the key information to generate first feedback information;
wherein the first feedback information includes at least asset information.
In one embodiment of the present application, the processing module is further configured to:
determining non-critical information based on the first input instruction, wherein the non-critical information includes at least one of: bus information and network information;
formatting the non-key information to generate second feedback information;
wherein the second feedback information includes at least server-related configuration attribute information.
In one embodiment of the present application, the formatting is used to clear unnecessary information so that the user gets accurate feedback.
The embodiment of the application also provides electronic equipment, which comprises a processor and a memory, wherein the memory stores executable programs, and the memory executes the executable programs to perform the steps of the method.
Embodiments of the present application also provide a storage medium carrying one or more computer programs which, when executed by a processor, implement the steps of the method as described above.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, an electronic device, a computer-readable storage medium, or a computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media having computer-usable program code embodied therein. When implemented in software, these functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium.
The processor may be a general purpose processor, a digital signal processor, an application-specific integrated circuit (ASIC), a programmable logic device (programmable logic device, PLD), or a combination thereof. The PLD may be a complex programmable logic device (complex programmable logic device, CPLD), a field-programmable gate array (field-programmable gate array, FPGA), general-purpose array logic (generic array logic, GAL) or any combination thereof. The general purpose processor may be a microprocessor or any conventional processor or the like.
The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
The readable storage medium may be a magnetic disk, an optical disk, a DVD, a USB, a read-only memory (ROM), a random-access memory (RAM), etc., and the specific storage medium form is not limited in this application.
The above embodiments are only exemplary embodiments of the present application and are not intended to limit the present application, the scope of which is defined by the claims. Various modifications and equivalent arrangements may be made to the present application by those skilled in the art, which modifications and equivalents are also considered to be within the scope of the present application.

Claims (10)

1. An instruction execution method, comprising:
setting an instruction set;
acquiring a first input instruction and determining whether the first input instruction belongs to the instruction set;
and if the first input instruction belongs to the instruction set and the user information accords with the operation condition, executing the first input instruction.
2. The method of claim 1, the executing the first input instruction if the first input instruction belongs to the instruction set and user information meets an operating condition, comprising:
determining access rights of an access target system based on the user information, wherein access contents corresponding to different access rights are different;
and if the first input instruction belongs to the instruction set and the access right meets the right condition, executing the first input instruction based on the access right.
3. The method of claim 2, the method further comprising:
if the first input instruction does not belong to the instruction set, determining whether a preset list comprises corresponding content of the first input instruction;
if the preset list comprises the corresponding content of the first input instruction, performing first response on the first input instruction, otherwise, performing second response on the first input instruction;
and the system resources of the target system respectively called by the first response and the second response are different.
4. The method of claim 2, the determining access rights to access a target system based on the user information, comprising:
determining at least corresponding user name authority according to the user information;
and determining the corresponding access right of the user based on the user information, the user name right and the first input instruction.
5. A method according to claim 3, said first responding to said first input instruction comprising:
determining key information based on the first input instruction;
formatting the key information to generate first feedback information;
wherein the first feedback information includes at least asset information.
6. A method according to claim 3, said second responding to said first input instruction comprising:
determining non-critical information based on the first input instruction, wherein the non-critical information includes at least one of: bus information and network information;
formatting the non-key information to generate second feedback information;
wherein the second feedback information includes at least server-related configuration attribute information.
7. The method of claim 5 or 6, the formatting is used to clear unnecessary information so that the user gets accurate feedback.
8. An instruction execution apparatus comprising:
a setting module configured to set a set of instructions;
an acquisition module configured to acquire a first input instruction and determine whether the first input instruction belongs to the instruction set;
and the processing module is configured to execute the first input instruction if the first input instruction belongs to the instruction set and the user information accords with the operation condition.
9. An electronic device comprising a processor and a memory, the memory having stored therein an executable program that is executed by the memory to perform the steps of the method of any of claims 1 to 7.
10. A storage medium carrying one or more computer programs which, when executed by a processor, implement the steps of the method of any of claims 1 to 7.
CN202311382545.9A 2023-10-24 2023-10-24 Instruction execution method and device and electronic equipment Pending CN117435249A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311382545.9A CN117435249A (en) 2023-10-24 2023-10-24 Instruction execution method and device and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311382545.9A CN117435249A (en) 2023-10-24 2023-10-24 Instruction execution method and device and electronic equipment

Publications (1)

Publication Number Publication Date
CN117435249A true CN117435249A (en) 2024-01-23

Family

ID=89557780

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311382545.9A Pending CN117435249A (en) 2023-10-24 2023-10-24 Instruction execution method and device and electronic equipment

Country Status (1)

Country Link
CN (1) CN117435249A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117675414A (en) * 2024-01-31 2024-03-08 深圳昂楷科技有限公司 Command auditing method, system and storage medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117675414A (en) * 2024-01-31 2024-03-08 深圳昂楷科技有限公司 Command auditing method, system and storage medium
CN117675414B (en) * 2024-01-31 2024-05-17 深圳昂楷科技有限公司 Command auditing method, system and storage medium

Similar Documents

Publication Publication Date Title
US11689516B2 (en) Application program as key for authorizing access to resources
US8863284B1 (en) System and method for determining a security status of potentially malicious files
US8739287B1 (en) Determining a security status of potentially malicious files
US10257194B2 (en) Distribution of variably secure resources in a networked environment
US20140282894A1 (en) Delegating authorization to applications on a client device in a networked environment
US11140131B2 (en) Application signature authorization
CN110061987B (en) Access access control method and device based on role and terminal credibility
CN110855709A (en) Access control method, device, equipment and medium for security access gateway
US20140109194A1 (en) Authentication Delegation
CN117435249A (en) Instruction execution method and device and electronic equipment
CN110390184B (en) Method, apparatus and computer program product for executing applications in the cloud
US20180026986A1 (en) Data loss prevention system and data loss prevention method
CN111737232A (en) Database management method, system, device, equipment and computer storage medium
US20110307696A1 (en) Monitor portal, monitor system, terminal and computer readable medium thereof
US20080098460A1 (en) Computer implemented method and data processing system for ldap user authentication
CN108494749B (en) Method, device and equipment for disabling IP address and computer readable storage medium
JP5289481B2 (en) Method, apparatus, and program for maintaining persistent wireless network connection
CN112395604B (en) System monitoring login protection method, client, server and storage medium
CN114329574B (en) Encrypted partition access control method and system based on domain management platform and computing equipment
US11855999B1 (en) Systems and methods for controlling access
CN116842536A (en) Access control method, device, equipment and storage medium of operating system
CN116996236A (en) Database operation authentication processing method and device
CN117421178A (en) Operation and maintenance management system, method and device and electronic equipment
CN113297595A (en) Method and device for processing right-offering, storage medium and electronic equipment
TWM624882U (en) System for carrying out management and control operations of portable storage devices based on period of use

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination