diff options
author | David Sommerseth <dazo@users.sourceforge.net> | 2008-10-15 00:39:53 +0200 |
---|---|---|
committer | David Sommerseth <dazo@users.sourceforge.net> | 2008-10-15 00:39:53 +0200 |
commit | 0ea1a3e2e6a10300388e01ac89504abe3624ae56 (patch) | |
tree | fff59c70d4db431c2114e89d0819af8921aff463 | |
parent | b65b0802ead5e863ca8cb41fff77528735a1466c (diff) | |
download | eurephia-0ea1a3e2e6a10300388e01ac89504abe3624ae56.tar.gz eurephia-0ea1a3e2e6a10300388e01ac89504abe3624ae56.tar.xz eurephia-0ea1a3e2e6a10300388e01ac89504abe3624ae56.zip |
Reorganised the source code
Moved all OpenVPN plug-in related things into ./plugins, including firewall
Moved all shared code into ./common and moved the generic part of the
database files into ./database
Updated all CMakeLists.txt files and created a new one for the root directory
-rw-r--r-- | CMakeLists.txt | 55 | ||||
-rw-r--r-- | common/certinfo.c (renamed from certinfo.c) | 8 | ||||
-rw-r--r-- | common/certinfo.h (renamed from certinfo.h) | 0 | ||||
-rw-r--r-- | common/eurephia_directions.h (renamed from eurephia_directions.h) | 2 | ||||
-rw-r--r-- | common/eurephia_getsym.c (renamed from eurephia_getsym.c) | 4 | ||||
-rw-r--r-- | common/eurephia_getsym.h (renamed from eurephia_getsym.h) | 2 | ||||
-rw-r--r-- | common/eurephia_log.c (renamed from eurephia_log.c) | 4 | ||||
-rw-r--r-- | common/eurephia_log.h (renamed from eurephia_log.h) | 0 | ||||
-rw-r--r-- | common/eurephia_nullsafe.h (renamed from eurephia_nullsafe.h) | 4 | ||||
-rw-r--r-- | common/eurephia_values.c (renamed from eurephia_values.c) | 13 | ||||
-rw-r--r-- | common/eurephia_values.h (renamed from eurephia_values.h) | 0 | ||||
-rw-r--r-- | common/passwd.c (renamed from passwd.c) | 8 | ||||
-rw-r--r-- | common/passwd.h (renamed from passwd.h) | 0 | ||||
-rw-r--r-- | common/sha512.c (renamed from sha512.c) | 0 | ||||
-rw-r--r-- | common/sha512.h (renamed from sha512.h) | 0 | ||||
-rwxr-xr-x | configure | 1 | ||||
-rw-r--r-- | database/eurephiadb.c (renamed from eurephiadb.c) | 20 | ||||
-rw-r--r-- | database/eurephiadb.h (renamed from eurephiadb.h) | 2 | ||||
-rw-r--r-- | database/eurephiadb_driver.h (renamed from eurephiadb_driver.h) | 16 | ||||
-rw-r--r-- | database/sqlite/CMakeLists.txt | 14 | ||||
-rw-r--r-- | plugin/CMakeLists.txt | 43 | ||||
-rw-r--r-- | plugin/eurephia-auth.c (renamed from eurephia-auth.c) | 15 | ||||
-rw-r--r-- | plugin/eurephia.c (renamed from eurephia.c) | 26 | ||||
-rw-r--r-- | plugin/eurephia.h (renamed from eurephia.h) | 0 | ||||
-rw-r--r-- | plugin/eurephia_struct.h (renamed from eurephia_struct.h) | 1 | ||||
-rw-r--r-- | plugin/eurephiadb_session.c (renamed from eurephiadb_session.c) | 21 | ||||
-rw-r--r-- | plugin/eurephiadb_session.h (renamed from eurephiadb_session.h) | 2 | ||||
-rw-r--r-- | plugin/firewall/eurephiafw.c (renamed from eurephiafw.c) | 15 | ||||
-rw-r--r-- | plugin/firewall/eurephiafw.h (renamed from eurephiafw.h) | 0 | ||||
-rw-r--r-- | plugin/firewall/eurephiafw_helpers.c (renamed from eurephiafw_helpers.c) | 3 | ||||
-rw-r--r-- | plugin/firewall/eurephiafw_helpers.h (renamed from eurephiafw_helpers.h) | 3 | ||||
-rw-r--r-- | plugin/firewall/eurephiafw_intf.h (renamed from eurephiafw_intf.h) | 0 | ||||
-rw-r--r-- | plugin/firewall/iptables/CMakeLists.txt (renamed from firewall/iptables/CMakeLists.txt) | 7 | ||||
-rw-r--r-- | plugin/firewall/iptables/efw_iptables.c (renamed from firewall/iptables/efw_iptables.c) | 2 |
34 files changed, 150 insertions, 141 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt index b679353..18d1cfa 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,36 +1,17 @@ PROJECT(eurephia C) cmake_minimum_required(VERSION 2.6) -SET(eurephia_auth_SRC - certinfo.c - eurephia-auth.c - eurephia.c - eurephiadb.c - eurephiadb_session.c - eurephiafw.c - eurephiafw_helpers.c - eurephia_getsym.c - eurephia_log.c - eurephia_values.c - passwd.c - sha512.c -) + OPTION(DEBUG "Add more verbose debug information" OFF) OPTION(SHOW_SECRETS "Show passwords as clear text in logs." OFF) OPTION(SQLITE3 "Build database driver for SQLite3" OFF) SET(OPNVPN_SRC "" CACHE STRING "Path to OpenVPN source code") - IF(SQLITE3) message(STATUS "Will build database interface for SQLite") SET(subdirs ${subdirs} database/sqlite) SET(DATABASE ON) ENDIF(SQLITE3) -IF(FW_IPTABLES) - message(STATUS "Will build iptables firewall module") - SET(subdirs ${subdirs} firewall/iptables) -ENDIF(FW_IPTABLES) - IF(NOT DATABASE) message(FATAL_ERROR "Cannot build eurephia without any database drivers.") ENDIF(NOT DATABASE) @@ -63,28 +44,6 @@ IF(NOT HAVE_DLOPEN OR NOT HAVE_DLCLOSE) message(FATAL_ERROR "Missing proper dl library") ENDIF(NOT HAVE_DLOPEN OR NOT HAVE_DLCLOSE) -CHECK_INCLUDE_FILE(pthread.h HAVE_PTHREAD_H) -CHECK_LIBRARY_EXISTS(pthread pthread_mutex_lock "" HAVE_PTHREAD_MUTEX_LOCK) -CHECK_LIBRARY_EXISTS(pthread pthread_mutex_unlock "" HAVE_PTHREAD_MUTEX_UNLOCK) -IF(NOT HAVE_PTHREAD_MUTEX_LOCK OR NOT HAVE_PTHREAD_MUTEX_UNLOCK) - message(FATAL_ERROR "Missing proper pthread_mutex support") -ENDIF(NOT HAVE_PTHREAD_MUTEX_LOCK OR NOT HAVE_PTHREAD_MUTEX_UNLOCK) - -CHECK_LIBRARY_EXISTS(rt sem_wait "" HAVE_RT_SEM_WAIT) -CHECK_LIBRARY_EXISTS(rt sem_post "" HAVE_RT_SEM_POST) -CHECK_LIBRARY_EXISTS(rt mq_open "" HAVE_RT_MQ_OPEN) -CHECK_LIBRARY_EXISTS(rt mq_close "" HAVE_RT_MQ_CLOSE) -CHECK_LIBRARY_EXISTS(rt mq_unlink "" HAVE_RT_MQ_UNLINK) -CHECK_LIBRARY_EXISTS(rt mq_send "" HAVE_RT_MQ_SEND) -CHECK_LIBRARY_EXISTS(rt mq_receive "" HAVE_RT_MQ_RECEIVE) -CHECK_LIBRARY_EXISTS(rt mq_getattr "" HAVE_RT_MQ_GETATTR) -IF(NOT HAVE_RT_SEM_WAIT OR NOT HAVE_RT_SEM_POST) - message(FATAL_ERROR "Missing proper pthread semaphore support") -ENDIF(NOT HAVE_RT_SEM_WAIT OR NOT HAVE_RT_SEM_POST) -IF(NOT HAVE_RT_MQ_OPEN OR NOT HAVE_RT_MQ_CLOSE OR NOT HAVE_RT_MQ_UNLINK OR NOT HAVE_RT_MQ_SEND OR NOT HAVE_RT_MQ_RECEIVE OR NOT HAVE_RT_MQ_GETATTR) - message(FATAL_ERROR "Missing proper pthread message queue support") -ENDIF(NOT HAVE_RT_MQ_OPEN OR NOT HAVE_RT_MQ_CLOSE OR NOT HAVE_RT_MQ_UNLINK OR NOT HAVE_RT_MQ_SEND OR NOT HAVE_RT_MQ_RECEIVE OR NOT HAVE_RT_MQ_GETATTR) - CHECK_INCLUDE_FILE(openssl/rand.h HAVE_OPENSSL_RAND_H) CHECK_LIBRARY_EXISTS(crypto RAND_load_file "" HAVE_OPENSSL_RAND_LOAD_FILE) CHECK_LIBRARY_EXISTS(crypto RAND_pseudo_bytes "" HAVE_OPENSSL_RAND_PSEUDO_BYTES) @@ -92,9 +51,13 @@ IF(NOT HAVE_OPENSSL_RAND_H OR NOT HAVE_OPENSSL_RAND_LOAD_FILE OR NOT HAVE_OPENSS message(FATAL_ERROR "Missing OpenSSL crypto support") ENDIF(NOT HAVE_OPENSSL_RAND_H OR NOT HAVE_OPENSSL_RAND_LOAD_FILE OR NOT HAVE_OPENSSL_RAND_PSEUDO_BYTES) +CHECK_INCLUDE_FILE(pthread.h HAVE_PTHREAD_H) +CHECK_LIBRARY_EXISTS(pthread pthread_mutex_lock "" HAVE_PTHREAD_MUTEX_LOCK) +CHECK_LIBRARY_EXISTS(pthread pthread_mutex_unlock "" HAVE_PTHREAD_MUTEX_UNLOCK) +IF(NOT HAVE_PTHREAD_MUTEX_LOCK OR NOT HAVE_PTHREAD_MUTEX_UNLOCK) + message(FATAL_ERROR "Missing proper pthread_mutex support") +ENDIF(NOT HAVE_PTHREAD_MUTEX_LOCK OR NOT HAVE_PTHREAD_MUTEX_UNLOCK) + ADD_DEFINITIONS(-g -Wall) -ADD_LIBRARY(eurephia-auth MODULE ${eurephia_auth_SRC}) -TARGET_LINK_LIBRARIES(eurephia-auth dl pthread rt crypto) -SET_TARGET_PROPERTIES(eurephia-auth PROPERTIES OUTPUT_NAME eurephia-auth PREFIX "") -SUBDIRS(${subdirs}) +SUBDIRS(${subdirs} plugin) diff --git a/certinfo.c b/common/certinfo.c index 9f0974a..bb68a53 100644 --- a/certinfo.c +++ b/common/certinfo.c @@ -1,5 +1,5 @@ /* certinfo.c -- Functions to parse and process the X509 TLS id string - * + * * GPLv2 - Copyright (C) 2008 David Sommerseth <dazo@users.sourceforge.net> * * This program is free software; you can redistribute it and/or @@ -32,13 +32,13 @@ certinfo *parse_tlsid(const char *input) { char tmp[130], *mainp, *origptr, *sub, *tok, *tok2; certinfo *ret = NULL; - if( (input == NULL) || strlen(input) < 5) + if( (input == NULL) || strlen(input) < 5) return NULL; ret = (certinfo *) malloc(sizeof(certinfo)+2); bzero(ret, sizeof(certinfo)+2); bzero(&tmp, 130); - + mainp = strdup(input); origptr = mainp; tok = strsep(&mainp, "/\0"); @@ -80,7 +80,7 @@ void free_certinfo(certinfo *p) { if( p == NULL ) return; - if( p->org != NULL ) + if( p->org != NULL ) free(p->org); if( p->common_name != NULL ) free(p->common_name); diff --git a/certinfo.h b/common/certinfo.h index d9496bd..d9496bd 100644 --- a/certinfo.h +++ b/common/certinfo.h diff --git a/eurephia_directions.h b/common/eurephia_directions.h index 49c43c6..b410475 100644 --- a/eurephia_directions.h +++ b/common/eurephia_directions.h @@ -23,6 +23,6 @@ #define DIR_R 'R' #define DIR_L 'L' -#define DIRECTION(s,d,l) (s>d ? ((((l-s)+d) > (s-d)) ? DIR_L : DIR_R) : (((d-s) > ((l-d)+s)) ? DIR_L : DIR_R)) +#define DIRECTION(s,d,l) (s>d ? ((((l-s)+d) > (s-d)) ? DIR_L : DIR_R) : (((d-s) > ((l-d)+s)) ? DIR_L : DIR_R)) #endif diff --git a/eurephia_getsym.c b/common/eurephia_getsym.c index e12221f..dc85c29 100644 --- a/eurephia_getsym.c +++ b/common/eurephia_getsym.c @@ -1,4 +1,4 @@ -/* eurephia_getsym.c -- +/* eurephia_getsym.c -- Retrieves symbols from dlopened libraries * * GPLv2 - Copyright (C) 2008 David Sommerseth <dazo@users.sourceforge.net> * @@ -25,7 +25,7 @@ #include "eurephia_struct.h" #include "eurephia_log.h" -void *eGetSym(eurephiaCTX *ctx, void *dlh, const char *symnam) +void *eGetSym(eurephiaCTX *ctx, void *dlh, const char *symnam) { void *func = NULL; diff --git a/eurephia_getsym.h b/common/eurephia_getsym.h index 4b7b66a..2f1fbb0 100644 --- a/eurephia_getsym.h +++ b/common/eurephia_getsym.h @@ -1,4 +1,4 @@ -/* eurephia_getsym.h -- +/* eurephia_getsym.h -- Retrieves symbols from dlopened libraries * * GPLv2 - Copyright (C) 2008 David Sommerseth <dazo@users.sourceforge.net> * diff --git a/eurephia_log.c b/common/eurephia_log.c index ba65b09..9ea6a8e 100644 --- a/eurephia_log.c +++ b/common/eurephia_log.c @@ -31,11 +31,11 @@ const char *erp_logtypes[] = { "\0", "-- INFO -- \0", "-- DEBUG -- \0", - "** WARNING ** \0", + "** WARNING ** \0", "** ERROR ** \0", "** CRITICAL ** \0", "** - FATAL - ** \0", - "** * PANIC * ** \0" + "** * PANIC * ** \0" }; // POSIX Mutex to avoild simultaneously logging activity from diff --git a/eurephia_log.h b/common/eurephia_log.h index 9a2b227..9a2b227 100644 --- a/eurephia_log.h +++ b/common/eurephia_log.h diff --git a/eurephia_nullsafe.h b/common/eurephia_nullsafe.h index 5f59058..a980cfe 100644 --- a/eurephia_nullsafe.h +++ b/common/eurephia_nullsafe.h @@ -1,9 +1,9 @@ /* eurephia_nullsafe.h * - * standard C string functions, which is made NULL safe by checking + * standard C string functions, which is made NULL safe by checking * if input value is NULL before performing the action. * - * + * * GPLv2 - Copyright (C) 2008 David Sommerseth <dazo@users.sourceforge.net> * * This program is free software; you can redistribute it and/or diff --git a/eurephia_values.c b/common/eurephia_values.c index 0b47374..d5473f9 100644 --- a/eurephia_values.c +++ b/common/eurephia_values.c @@ -26,7 +26,8 @@ #include <eurephia_log.h> -eurephiaVALUES *eGet_valuestruct(eurephiaVALUES *vls, const char *key) { +eurephiaVALUES *eGet_valuestruct(eurephiaVALUES *vls, const char *key) +{ eurephiaVALUES *ptr = NULL; if( vls == NULL ) { @@ -44,7 +45,7 @@ eurephiaVALUES *eGet_valuestruct(eurephiaVALUES *vls, const char *key) { } -char *eGet_value(eurephiaVALUES *vls, const char *key) +char *eGet_value(eurephiaVALUES *vls, const char *key) { eurephiaVALUES *ptr = NULL; @@ -53,7 +54,7 @@ char *eGet_value(eurephiaVALUES *vls, const char *key) } -eurephiaVALUES *eCreate_value_space(eurephiaCTX *ctx, int evgid) +eurephiaVALUES *eCreate_value_space(eurephiaCTX *ctx, int evgid) { eurephiaVALUES *ptr = NULL; @@ -70,11 +71,11 @@ eurephiaVALUES *eCreate_value_space(eurephiaCTX *ctx, int evgid) } -void eAdd_value(eurephiaCTX *ctx, eurephiaVALUES *vls, const char *key, const char *val) +void eAdd_value(eurephiaCTX *ctx, eurephiaVALUES *vls, const char *key, const char *val) { eurephiaVALUES *ptr = NULL, *ptr2 = NULL; int vid = 0; - + DEBUG(ctx, 31, "Function call: eAdd_value(ctx, vls(%i), '%s', '%s')", (vls != NULL ? vls->evid : -1), key, val); @@ -111,7 +112,7 @@ void do_free_vals(eurephiaVALUES *vls) { void eFree_values_func(eurephiaCTX *ctx, eurephiaVALUES *vls) { DEBUG(ctx, 31, "Function call: eFree_values(ctx, vls(%i))", (vls != NULL ? vls->evid : -1)); - + if( (vls == NULL) ) { return; } diff --git a/eurephia_values.h b/common/eurephia_values.h index 8a48730..8a48730 100644 --- a/eurephia_values.h +++ b/common/eurephia_values.h diff --git a/passwd.c b/common/passwd.c index 727261f..c77fccb 100644 --- a/passwd.c +++ b/common/passwd.c @@ -31,12 +31,12 @@ char *_passwdhash(const char *pwd, const char *file, const int line) { uint8_t sha_res[SHA512_HASH_SIZE]; char *ret = NULL, *ptr = NULL; unsigned len = 0, i; - + len = strlen_nullsafe(pwd); if( (pwd == NULL) && (len == 0) ) { return NULL; } - + // Generate SHA512 hash of password memset(&sha, 0, sizeof(SHA512Context)); memset(&sha_res, 0, sizeof(sha_res)); @@ -52,13 +52,13 @@ char *_passwdhash(const char *pwd, const char *file, const int line) { #endif memset(ret, 0,(SHA512_HASH_SIZE*2)+3); ptr = ret; - + // Generate a readable string of the hash for( i = 0; i < SHA512_HASH_SIZE; i++ ) { sprintf(ptr, "%02x", sha_res[i]); ptr += 2; } - + // Cleanup - remove hash data from memory memset(&sha, 0, sizeof(SHA512Context)); memset(&sha_res, 0, sizeof(sha_res)); diff --git a/passwd.h b/common/passwd.h index 44b4ca2..44b4ca2 100644 --- a/passwd.h +++ b/common/passwd.h diff --git a/sha512.c b/common/sha512.c index 37f4a72..37f4a72 100644 --- a/sha512.c +++ b/common/sha512.c diff --git a/sha512.h b/common/sha512.h index a6962c2..a6962c2 100644 --- a/sha512.h +++ b/common/sha512.h @@ -77,6 +77,7 @@ if [ $ec = 0 ]; then dist-clean : clean find -type d -name "CMakeFiles" | xargs rm -rf find -type f -name "cmake_install.cmake" | xargs rm -rf + find -type f -name CMakeCache.txt | xargs rm -rf find -type f -name Makefile | xargs rm -rf find -type f -name "*~" | xargs rm -f rm -f CMakeCache.txt diff --git a/eurephiadb.c b/database/eurephiadb.c index 6bc63cc..bd83fa4 100644 --- a/eurephiadb.c +++ b/database/eurephiadb.c @@ -35,7 +35,7 @@ #endif -int eDBlink_close(eurephiaCTX *ctx) +int eDBlink_close(eurephiaCTX *ctx) { if( ctx == NULL ) { return 1; @@ -50,7 +50,7 @@ int eDBlink_close(eurephiaCTX *ctx) } -int eDBlink_init(eurephiaCTX *ctx, const char *dbl) +int eDBlink_init(eurephiaCTX *ctx, const char *dbl) { #ifdef MEMWATCH mwStatistics(3); @@ -74,13 +74,13 @@ int eDBlink_init(eurephiaCTX *ctx, const char *dbl) eDB_DriverVersion = eGetSym(ctx, ctx->eurephia_driver, "eDB_DriverVersion"); eDB_DriverAPIVersion = eGetSym(ctx, ctx->eurephia_driver, "eDB_DriverAPIVersion"); - eurephia_log(ctx, LOG_INFO, 1, "Driver loaded: %s (API version %i)", + eurephia_log(ctx, LOG_INFO, 1, "Driver loaded: %s (API version %i)", eDB_DriverVersion(), eDB_DriverAPIVersion()); // Configure functions contained in the driver, defined by API version switch( eDB_DriverAPIVersion() ) { default: - eurephia_log(ctx, LOG_WARNING, 0, + eurephia_log(ctx, LOG_WARNING, 0, "eurephiaDB driver API is newer than the running eurephia version. Consider " "to upgrade eurphia to take advantage of newer features in the eurephiaDB driver.q"); @@ -88,24 +88,24 @@ int eDBlink_init(eurephiaCTX *ctx, const char *dbl) // Setup eDBlink functions eDBconnect = eGetSym(ctx, ctx->eurephia_driver, "eDBconnect"); eDBdisconnect = eGetSym(ctx, ctx->eurephia_driver, "eDBdisconnect"); - + eDBauth_TLS = eGetSym(ctx, ctx->eurephia_driver, "eDBauth_TLS"); - + eDBauth_user = eGetSym(ctx, ctx->eurephia_driver, "eDBauth_user"); eDBget_uid = eGetSym(ctx, ctx->eurephia_driver, "eDBget_uid"); - + eDBblacklist_check = eGetSym(ctx, ctx->eurephia_driver, "eDBblacklist_check"); eDBregister_attempt = eGetSym(ctx, ctx->eurephia_driver, "eDBregister_attempt"); - + eDBregister_login = eGetSym(ctx, ctx->eurephia_driver, "eDBregister_login"); eDBregister_vpnmacaddr = eGetSym(ctx, ctx->eurephia_driver, "eDBregister_vpnmacaddr"); eDBregister_logout = eGetSym(ctx, ctx->eurephia_driver, "eDBregister_logout"); eDBget_firewall_profile = eGetSym(ctx, ctx->eurephia_driver, "eDBget_firewall_profile"); - + eDBget_sessionkey_seed = eGetSym(ctx, ctx->eurephia_driver, "eDBget_sessionkey_seed"); eDBget_sessionkey_macaddr = eGetSym(ctx, ctx->eurephia_driver, "eDBget_sessionkey_macaddr"); - eDBcheck_sessionkey_uniqueness = eGetSym(ctx, ctx->eurephia_driver, + eDBcheck_sessionkey_uniqueness = eGetSym(ctx, ctx->eurephia_driver, "eDBcheck_sessionkey_uniqueness"); eDBregister_sessionkey = eGetSym(ctx, ctx->eurephia_driver, "eDBregister_sessionkey"); diff --git a/eurephiadb.h b/database/eurephiadb.h index a6e2fe2..2e0ab29 100644 --- a/eurephiadb.h +++ b/database/eurephiadb.h @@ -29,4 +29,4 @@ int eDBlink_init(eurephiaCTX *, const char *); int eDBlink_close(eurephiaCTX *); -#endif +#endif diff --git a/eurephiadb_driver.h b/database/eurephiadb_driver.h index 567706b..6f78ce7 100644 --- a/eurephiadb_driver.h +++ b/database/eurephiadb_driver.h @@ -36,14 +36,14 @@ const char *(*eDB_DriverVersion) (void); int (*eDB_DriverAPIVersion) (void); -/* +/* * functions which needs to exists in the eurephiaDB (eDB) module - API Version 1 */ int (*eDBconnect) (eurephiaCTX *ctx, const int argc, const char **argv); void (*eDBdisconnect) (eurephiaCTX *ctx); -int (*eDBauth_TLS) (eurephiaCTX *ctx, const char *org, const char *cname, const char *email, +int (*eDBauth_TLS) (eurephiaCTX *ctx, const char *org, const char *cname, const char *email, const char *digest, const char *depth); int (*eDBauth_user) (eurephiaCTX *ctx, const int certid, const char *username, const char *passwd); @@ -54,14 +54,14 @@ int (*eDBblacklist_check) (eurephiaCTX *ctx, const int type, const char *val); void (*eDBregister_attempt) (eurephiaCTX *ctx, int type, int mode, const char *value); - -int (*eDBregister_login) (eurephiaCTX *ctx, eurephiaSESSION *skey, const int certid, const int uid, - const char *proto, const char *remipaddr, const char *remport, - const char *vpnipaddr, const char *vpnipmask) ; + +int (*eDBregister_login) (eurephiaCTX *ctx, eurephiaSESSION *skey, const int certid, const int uid, + const char *proto, const char *remipaddr, const char *remport, + const char *vpnipaddr, const char *vpnipmask); int (*eDBregister_vpnmacaddr) (eurephiaCTX *ctx, eurephiaSESSION *skey, const char *macaddr); -int (*eDBregister_logout) (eurephiaCTX *ctx, eurephiaSESSION *skey, +int (*eDBregister_logout) (eurephiaCTX *ctx, eurephiaSESSION *skey, const char *bytes_sent, const char *bytes_received, const char *duration); /* firewall functions */ @@ -79,7 +79,7 @@ eurephiaVALUES *(*eDBload_sessiondata) (eurephiaCTX *ctx, const char *sesskey); int (*eDBdestroy_session) (eurephiaCTX *ctx, eurephiaSESSION *session); -int (*eDBstore_session_value) (eurephiaCTX *ctx, eurephiaSESSION *skey, int mode, +int (*eDBstore_session_value) (eurephiaCTX *ctx, eurephiaSESSION *skey, int mode, const char *key, const char *val); #endif /* !EUREPHIADB_DRIVER */ diff --git a/database/sqlite/CMakeLists.txt b/database/sqlite/CMakeLists.txt index db23189..6bdd5e0 100644 --- a/database/sqlite/CMakeLists.txt +++ b/database/sqlite/CMakeLists.txt @@ -5,11 +5,11 @@ SET(eurephiadb_sqlite_SRC eurephiadb-sqlite.c ) SET(COMMON - ../../eurephia_log.c - ../../eurephiadb_session.c - ../..//eurephia_values.c - ../../passwd.c - ../../sha512.c + ../../common/eurephia_log.c + ../../plugin/eurephiadb_session.c + ../../common/eurephia_values.c + ../../common/passwd.c + ../../common/sha512.c ) INCLUDE(CheckIncludeFile) @@ -26,12 +26,14 @@ IF(NOT SQLITE3BIN) MESSAGE(STATUS "sqlite3 binary was not found. You will need to generate the database file on your own") ENDIF(NOT SQLITE3BIN) -INCLUDE_DIRECTORIES(BEFORE ../..) +INCLUDE_DIRECTORIES(BEFORE ../../common/ ../../plugin/ ../) ADD_LIBRARY(eurephiadb-sqlite SHARED ${eurephiadb_sqlite_SRC} ${COMMON}) IF(SQLITE3BIN) ADD_CUSTOM_COMMAND(TARGET eurephiadb-sqlite POST_BUILD COMMAND ${SQLITE3BIN} eurephiadb < sql-schema.sql COMMENT "Creating template database: eurephiadb") ENDIF(SQLITE3BIN) + + TARGET_LINK_LIBRARIES(eurephiadb-sqlite sqlite3) SET_TARGET_PROPERTIES(eurephiadb-sqlite PROPERTIES OUTPUT_NAME eurephiadb-sqlite PREFIX "") SET_SOURCE_FILES_PROPERTIES(${common_files_SRC} PROPERTIES GENERATED true) diff --git a/plugin/CMakeLists.txt b/plugin/CMakeLists.txt new file mode 100644 index 0000000..d2b922f --- /dev/null +++ b/plugin/CMakeLists.txt @@ -0,0 +1,43 @@ +PROJECT(eurephia-auth C) +cmake_minimum_required(VERSION 2.6) +SET(eurephia_auth_SRC + ../common/certinfo.c + eurephia-auth.c + eurephia.c + ../database/eurephiadb.c + eurephiadb_session.c + firewall/eurephiafw.c + firewall/eurephiafw_helpers.c + ../common/eurephia_getsym.c + ../common/eurephia_log.c + ../common/eurephia_values.c + ../common/passwd.c + ../common/sha512.c +) +SET(subdirs "") +IF(FW_IPTABLES) + message(STATUS "Will build iptables firewall module") + SET(subdirs firewall/iptables) +ENDIF(FW_IPTABLES) + +CHECK_LIBRARY_EXISTS(rt sem_wait "" HAVE_RT_SEM_WAIT) +CHECK_LIBRARY_EXISTS(rt sem_post "" HAVE_RT_SEM_POST) +CHECK_LIBRARY_EXISTS(rt mq_open "" HAVE_RT_MQ_OPEN) +CHECK_LIBRARY_EXISTS(rt mq_close "" HAVE_RT_MQ_CLOSE) +CHECK_LIBRARY_EXISTS(rt mq_unlink "" HAVE_RT_MQ_UNLINK) +CHECK_LIBRARY_EXISTS(rt mq_send "" HAVE_RT_MQ_SEND) +CHECK_LIBRARY_EXISTS(rt mq_receive "" HAVE_RT_MQ_RECEIVE) +CHECK_LIBRARY_EXISTS(rt mq_getattr "" HAVE_RT_MQ_GETATTR) +IF(NOT HAVE_RT_SEM_WAIT OR NOT HAVE_RT_SEM_POST) + message(FATAL_ERROR "Missing proper pthread semaphore support") +ENDIF(NOT HAVE_RT_SEM_WAIT OR NOT HAVE_RT_SEM_POST) +IF(NOT HAVE_RT_MQ_OPEN OR NOT HAVE_RT_MQ_CLOSE OR NOT HAVE_RT_MQ_UNLINK OR NOT HAVE_RT_MQ_SEND OR NOT HAVE_RT_MQ_RECEIVE OR NOT HAVE_RT_MQ_GETATTR) + message(FATAL_ERROR "Missing proper pthread message queue support") +ENDIF(NOT HAVE_RT_MQ_OPEN OR NOT HAVE_RT_MQ_CLOSE OR NOT HAVE_RT_MQ_UNLINK OR NOT HAVE_RT_MQ_SEND OR NOT HAVE_RT_MQ_RECEIVE OR NOT HAVE_RT_MQ_GETATTR) + +INCLUDE_DIRECTORIES(../common ../database ./firewall .) +ADD_LIBRARY(eurephia-auth MODULE ${eurephia_auth_SRC}) +TARGET_LINK_LIBRARIES(eurephia-auth dl pthread rt crypto) +SET_TARGET_PROPERTIES(eurephia-auth PROPERTIES OUTPUT_NAME eurephia-auth PREFIX "") + +SUBDIRS(${subdirs}) diff --git a/eurephia-auth.c b/plugin/eurephia-auth.c index 0be666d..98658c3 100644 --- a/eurephia-auth.c +++ b/plugin/eurephia-auth.c @@ -1,5 +1,5 @@ /* eurephia-auth.c -- Main OpenVPN plugin functions. The API level between OpenVPN and eurephia-auth - * + * * GPLv2 - Copyright (C) 2008 David Sommerseth <dazo@users.sourceforge.net> * * This program is free software; you can redistribute it and/or @@ -72,7 +72,7 @@ static void dump_env(FILE *f, const char *prefix, const char *envp[]) { // daemonize if "daemon" environment variable is set. -// preserves stderr access after being daemonized, but +// preserves stderr access after being daemonized, but // only if "daemon_log_direct" enviroment variable is set. // static void daemonize(const char *envp[]) @@ -94,7 +94,7 @@ static void daemonize(const char *envp[]) } -OPENVPN_EXPORT openvpn_plugin_handle_t openvpn_plugin_open_v1(unsigned int *type_mask, +OPENVPN_EXPORT openvpn_plugin_handle_t openvpn_plugin_open_v1(unsigned int *type_mask, const char *argv[], const char *envp[]) { eurephiaCTX *context = NULL; @@ -105,12 +105,11 @@ OPENVPN_EXPORT openvpn_plugin_handle_t openvpn_plugin_open_v1(unsigned int *type #endif // Define what will trigger eurephia - *type_mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) + *type_mask = OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY) | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_TLS_VERIFY) | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_CONNECT) | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_CLIENT_DISCONNECT) | OPENVPN_PLUGIN_MASK(OPENVPN_PLUGIN_LEARN_ADDRESS); - // Setup a eurephia context context = eurephiaInit(argv); @@ -121,8 +120,8 @@ OPENVPN_EXPORT openvpn_plugin_handle_t openvpn_plugin_open_v1(unsigned int *type } -OPENVPN_EXPORT int openvpn_plugin_func_v1(openvpn_plugin_handle_t handle, - const int type, +OPENVPN_EXPORT int openvpn_plugin_func_v1(openvpn_plugin_handle_t handle, + const int type, const char *argv[], const char *envp[]) { eurephiaCTX *ctx = (eurephiaCTX *) handle; @@ -152,7 +151,7 @@ OPENVPN_EXPORT int openvpn_plugin_func_v1(openvpn_plugin_handle_t handle, break; case OPENVPN_PLUGIN_CLIENT_CONNECT: - result = eurephia_connect(ctx, envp); + result = eurephia_connect(ctx, envp); break; case OPENVPN_PLUGIN_CLIENT_DISCONNECT: diff --git a/eurephia.c b/plugin/eurephia.c index 62c1f89..7454b1f 100644 --- a/eurephia.c +++ b/plugin/eurephia.c @@ -1,5 +1,5 @@ /* eurephia.c -- Main functions for the eurephia authentication module - * + * * GPLv2 - Copyright (C) 2008 David Sommerseth <dazo@users.sourceforge.net> * * This program is free software; you can redistribute it and/or @@ -80,7 +80,7 @@ const char *get_env(eurephiaCTX *ctx, int logmasking, const char *envp[], const // arguments: logfile loglevel eDB_driver [eurephiaDB arguments] // 1 2 3 4..... -eurephiaCTX *eurephiaInit(const char **argv) +eurephiaCTX *eurephiaInit(const char **argv) { static struct option eurephia_opts[] = { {"log-destination", required_argument, 0, 'l'}, @@ -206,7 +206,7 @@ eurephiaCTX *eurephiaInit(const char **argv) } -int eurephiaShutdown(eurephiaCTX *ctx) +int eurephiaShutdown(eurephiaCTX *ctx) { if( ctx == NULL ) { return 0; @@ -242,9 +242,9 @@ int eurephiaShutdown(eurephiaCTX *ctx) free_nullsafe(ctx); return 1; } - -int eurephia_tlsverify(eurephiaCTX *ctx, const char **env, const char *depth) + +int eurephia_tlsverify(eurephiaCTX *ctx, const char **env, const char *depth) { int result = 0; char *ipaddr; @@ -297,7 +297,7 @@ int eurephia_tlsverify(eurephiaCTX *ctx, const char **env, const char *depth) } -int eurephia_userauth(eurephiaCTX *ctx, const char **env) +int eurephia_userauth(eurephiaCTX *ctx, const char **env) { int result = 0, certid = 0; char *ipaddr; @@ -419,7 +419,7 @@ int eurephia_disconnect(eurephiaCTX *ctx, const char **env) { int ret = 0; DEBUG(ctx, 10, "** Function call: eurephia_disconnect(...)"); - + // Fetch needed info digest = get_env(ctx, 0, env, "tls_digest_0"); cname = get_env(ctx, 0, env, "common_name"); @@ -452,7 +452,7 @@ int eurephia_learn_address(eurephiaCTX *ctx, const char *mode, const char *macad const char *digest, *cname, *uname, *vpnipaddr, *vpnipmask, *remipaddr, *remport; char *fwprofile = NULL, *fwdest = NULL; int ret = 0, fw_enabled = 0; - + DEBUG(ctx, 10, "** Function call: eurephia_learn_address(ctx, '%s', '%s', ...)", mode, macaddr); @@ -461,7 +461,7 @@ int eurephia_learn_address(eurephiaCTX *ctx, const char *mode, const char *macad fwdest = eGet_value(ctx->dbc->config, "firewall_destination"); if( fw_enabled && (fwdest == NULL) ) { eurephia_log(ctx, LOG_CRITICAL, 0, "No firewall destination defined in the config."); - } + } if( strncmp(mode, "add", 3) == 0 ) { // Fetch needed info @@ -472,9 +472,9 @@ int eurephia_learn_address(eurephiaCTX *ctx, const char *mode, const char *macad vpnipmask = get_env(ctx, 0, env, "ifconfig_pool_netmask"); remipaddr = get_env(ctx, 0, env, "trusted_ip"); remport = get_env(ctx, 0, env, "trusted_port"); - + // Get a session ticket - session = eDBopen_session_seed(ctx, digest, cname, uname, vpnipaddr, vpnipmask, + session = eDBopen_session_seed(ctx, digest, cname, uname, vpnipaddr, vpnipmask, remipaddr, remport); if( session == NULL ) { ret = 0; @@ -483,7 +483,7 @@ int eurephia_learn_address(eurephiaCTX *ctx, const char *mode, const char *macad // Update openvpn_lastlog with the active MAC address, and save it as a session variable ret = eDBregister_vpnmacaddr(ctx, session, macaddr); - + if( (fw_enabled) && (fwdest != NULL) ) { // 1. Lookup firewall profile for user: eDBget_firewall_profile(ctx, session) fwprofile = eDBget_firewall_profile(ctx, session); @@ -500,7 +500,7 @@ int eurephia_learn_address(eurephiaCTX *ctx, const char *mode, const char *macad // Load the session, based on MAC address session = eDBopen_session_macaddr(ctx, macaddr); if( session == NULL ) { - eurephia_log(ctx, LOG_WARNING, 0, + eurephia_log(ctx, LOG_WARNING, 0, "Could not find any session connected to this MAC address: %s", macaddr); ret = 0; diff --git a/eurephia.h b/plugin/eurephia.h index 5e2dfb9..5e2dfb9 100644 --- a/eurephia.h +++ b/plugin/eurephia.h diff --git a/eurephia_struct.h b/plugin/eurephia_struct.h index a49e306..cdb8403 100644 --- a/eurephia_struct.h +++ b/plugin/eurephia_struct.h @@ -48,7 +48,6 @@ typedef struct { char *sessionkey; int sessionstatus; eurephiaVALUES *sessvals; - } eurephiaSESSION; diff --git a/eurephiadb_session.c b/plugin/eurephiadb_session.c index 2a1fe4e..cb314ee 100644 --- a/eurephiadb_session.c +++ b/plugin/eurephiadb_session.c @@ -45,8 +45,8 @@ extern int (*eDBregister_sessionkey) (eurephiaCTX *ctx, const char *seed, const extern eurephiaVALUES *(*eDBload_sessiondata) (eurephiaCTX *ctx, const char *sesskey); -extern int eDBstore_session_value(eurephiaCTX *ctx, eurephiaSESSION *session, int mode, - const char *key, const char *val); +extern int eDBstore_session_value(eurephiaCTX *ctx, eurephiaSESSION *session, int mode, + const char *key, const char *val); // Adds or updates a key in the eurephiaVALUES stack. Database is updated before the stack is updated. @@ -57,7 +57,7 @@ int eDBset_session_value(eurephiaCTX *ctx, eurephiaSESSION *session, const char if( (session == NULL) || (key == NULL) ) { return 0; } - + DEBUG(ctx, 30, "Function call: eDBset_session_value(ctx, '%s','%s','%s')", session->sessionkey, key, val); @@ -106,7 +106,7 @@ int eDBset_session_value(eurephiaCTX *ctx, eurephiaSESSION *session, const char // Generate some random data and return a string. static int rand_init = 0; -int get_randstring(eurephiaCTX *ctx, char *rndstr, int len) { +int get_randstring(eurephiaCTX *ctx, char *rndstr, int len) { int attempts = 0; do { if( !rand_init ) { @@ -132,7 +132,7 @@ int get_randstring(eurephiaCTX *ctx, char *rndstr, int len) { // Generates a new session structure. Session key will be created if session seed (input params) are not known. // If session seed is known, the already generated session key will be used. eurephiaSESSION *eDBopen_session_seed(eurephiaCTX *ctx, const char *digest, - const char *cname, const char *username, + const char *cname, const char *username, const char *vpnipaddr, const char *vpnipmask, const char *remipaddr, const char *remport) { @@ -153,7 +153,7 @@ eurephiaSESSION *eDBopen_session_seed(eurephiaCTX *ctx, const char *digest, memset(new_session, 0, sizeof(eurephiaSESSION) + 2); // Build up a string containing all elements for the session seed - totlen = strlen_nullsafe(digest) + strlen_nullsafe(cname) + strlen_nullsafe(username) + totlen = strlen_nullsafe(digest) + strlen_nullsafe(cname) + strlen_nullsafe(username) + strlen_nullsafe(vpnipaddr) + strlen_nullsafe(vpnipmask) + strlen_nullsafe(remipaddr) + strlen_nullsafe(remport) + 5; // +5 == len(pid) @@ -164,10 +164,9 @@ eurephiaSESSION *eDBopen_session_seed(eurephiaCTX *ctx, const char *digest, return NULL; } memset(seeddata, 0, (totlen * 2) + 4); - snprintf((char *)seeddata, totlen, + snprintf((char *)seeddata, totlen, "%s%s%s%s%s%s%s%i", digest, cname, username, vpnipaddr, vpnipmask, remipaddr, remport,getpid()); - // Generate a SHA512 version of session seed memset(&sha, 0, sizeof(SHA512Context)); memset(&sha_res, 0, sizeof(sha_res)); @@ -202,7 +201,7 @@ eurephiaSESSION *eDBopen_session_seed(eurephiaCTX *ctx, const char *digest, char *rndstr = NULL; char *skeydata = NULL; int loop = 0, uniqcheck = 0; - + DEBUG(ctx, 13, "Unknown session seed, creating new session key"); // Loop until we get a unique sessionkey - don't loop more than 10 times @@ -231,7 +230,7 @@ eurephiaSESSION *eDBopen_session_seed(eurephiaCTX *ctx, const char *digest, free_nullsafe(seed); return NULL; } - memset(rndstr, 0, (totlen * 2)); + memset(rndstr, 0, (totlen * 2)); rndlen = ((totlen * 2) - strlen_nullsafe(seed) - 2); if( !get_randstring(ctx, rndstr, rndlen) ) { @@ -243,7 +242,7 @@ eurephiaSESSION *eDBopen_session_seed(eurephiaCTX *ctx, const char *digest, free_nullsafe(seed); return NULL; } - + // Generate SHA512 version of the session data SHA512Init(&sha); SHA512Update(&sha, rndstr, rndlen); diff --git a/eurephiadb_session.h b/plugin/eurephiadb_session.h index de375b6..47f0049 100644 --- a/eurephiadb_session.h +++ b/plugin/eurephiadb_session.h @@ -1,5 +1,5 @@ /* eurephia_session.h -- Internal API to provide storing of variables connected to a session - * + * * GPLv2 - Copyright (C) 2008 David Sommerseth <dazo@users.sourceforge.net> * * This program is free software; you can redistribute it and/or diff --git a/eurephiafw.c b/plugin/firewall/eurephiafw.c index bf60ad1..9fed02e 100644 --- a/eurephiafw.c +++ b/plugin/firewall/eurephiafw.c @@ -42,7 +42,7 @@ int eFW_unload(eurephiaCTX *ctx) { if( ctx == NULL ) { return 1; } - + if( ctx->eurephia_fw_intf != NULL ) { eurephia_log(ctx, LOG_INFO, 3, "Unloading eurephia firewall interface"); dlclose(ctx->eurephia_fw_intf); @@ -77,17 +77,16 @@ int eFW_load(eurephiaCTX *ctx, const char *intf) { // Configure firewall interface functions switch( eFWinterfaceAPIversion() ) { default: - eurephia_log(ctx, LOG_WARNING, 0, + eurephia_log(ctx, LOG_WARNING, 0, "eurephia Firewall interface API is newer than what the running eurephia version is " "familiar with. Please consider to upgrade eurphia to take advantage of newer " "features in the eurephiaDB driver."); - + case 1: eFW_RunFirewall = eGetSym(ctx, ctx->eurephia_fw_intf, "eFW_RunFirewall"); break; } - if( ctx->fatal_error > 0 ) { eurephia_log(ctx, LOG_FATAL, 0, "eurephia Firewall interface is not correctly initialised. " @@ -163,7 +162,7 @@ void eFW_StartFirewall(eurephiaCTX *ctx) { exit(-1); // If our child process exits abnormally. default: // Main process - eurephia_log(ctx, LOG_INFO, 2, "Firewall updater process started (pid %i)", + eurephia_log(ctx, LOG_INFO, 2, "Firewall updater process started (pid %i)", ctx->fwcfg->fwproc_pid); } @@ -254,7 +253,7 @@ void eFW_StopFirewall(eurephiaCTX *ctx) { } -int eFW_UpdateFirewall(eurephiaCTX *ctx, int mode, +int eFW_UpdateFirewall(eurephiaCTX *ctx, int mode, const char *macaddr, const char *fwdest, const char *fwprofile) { char buf[1026]; @@ -281,8 +280,8 @@ int eFW_UpdateFirewall(eurephiaCTX *ctx, int mode, return 1; default: - eurephia_log(ctx, LOG_CRITICAL, 0, - "Function call: eFW_UpdateFirewall(ctx, %s, '%s') - UNKNOWN MODE", "(unknown)", + eurephia_log(ctx, LOG_CRITICAL, 0, + "Function call: eFW_UpdateFirewall(ctx, %s, '%s') - UNKNOWN MODE", "(unknown)", macaddr); return 0; } diff --git a/eurephiafw.h b/plugin/firewall/eurephiafw.h index 0c82b30..0c82b30 100644 --- a/eurephiafw.h +++ b/plugin/firewall/eurephiafw.h diff --git a/eurephiafw_helpers.c b/plugin/firewall/eurephiafw_helpers.c index ba6305d..ceb6d25 100644 --- a/eurephiafw_helpers.c +++ b/plugin/firewall/eurephiafw_helpers.c @@ -1,4 +1,5 @@ -/* eurephiafw_helpers.c -- +/* eurephiafw_helpers.c -- Helper functions, shared between main module and + * firewall module. Setting up Posix MQ and semaphores * * GPLv2 - Copyright (C) 2008 David Sommerseth <dazo@users.sourceforge.net> * diff --git a/eurephiafw_helpers.h b/plugin/firewall/eurephiafw_helpers.h index 30459b0..9c21a2f 100644 --- a/eurephiafw_helpers.h +++ b/plugin/firewall/eurephiafw_helpers.h @@ -1,4 +1,5 @@ -/* eurephiafw_helpers.h -- +/* eurephiafw_helpers.h -- Helper functions, shared between main module and + * firewall module. Setting up Posix MQ and semaphores * * GPLv2 - Copyright (C) 2008 David Sommerseth <dazo@users.sourceforge.net> * diff --git a/eurephiafw_intf.h b/plugin/firewall/eurephiafw_intf.h index 0f18cc2..0f18cc2 100644 --- a/eurephiafw_intf.h +++ b/plugin/firewall/eurephiafw_intf.h diff --git a/firewall/iptables/CMakeLists.txt b/plugin/firewall/iptables/CMakeLists.txt index a05d99f..0f77a1b 100644 --- a/firewall/iptables/CMakeLists.txt +++ b/plugin/firewall/iptables/CMakeLists.txt @@ -1,10 +1,11 @@ PROJECT(eurephiafw-iptables C) cmake_minimum_required(VERSION 2.6) SET(efw_ipt_SRC - efw_iptables.c - ../../eurephia_log.c - ../../eurephiafw_helpers.c + efw_iptables.c + ../eurephiafw_helpers.c + ../../../common/eurephia_log.c ) + INCLUDE_DIRECTORIES(BEFORE ../..) ADD_LIBRARY(efw_iptables MODULE ${efw_ipt_SRC}) TARGET_LINK_LIBRARIES(efw_iptables pthread rt gcc_s) diff --git a/firewall/iptables/efw_iptables.c b/plugin/firewall/iptables/efw_iptables.c index d63a161..9e0aaa4 100644 --- a/firewall/iptables/efw_iptables.c +++ b/plugin/firewall/iptables/efw_iptables.c @@ -1,4 +1,4 @@ -/* efw_iptables.c -- +/* efw_iptables.c -- iptables implementation - updates Linux iptables * * GPLv2 - Copyright (C) 2008 David Sommerseth <dazo@users.sourceforge.net> * |