diff options
author | David Sommerseth <dazo@users.sourceforge.net> | 2009-10-13 14:25:50 +0200 |
---|---|---|
committer | David Sommerseth <dazo@users.sourceforge.net> | 2009-10-13 14:37:24 +0200 |
commit | c6621d108bb8beb97ca6185c0c11d4fbffab5a1b (patch) | |
tree | d3c68716c7e2dc8f2fc0f949d6305a28f4504d38 | |
parent | 5501786363987737509c2306a9eba9af8d881817 (diff) | |
download | eurephia-c6621d108bb8beb97ca6185c0c11d4fbffab5a1b.tar.gz eurephia-c6621d108bb8beb97ca6185c0c11d4fbffab5a1b.tar.xz eurephia-c6621d108bb8beb97ca6185c0c11d4fbffab5a1b.zip |
Always process certificate depth as integer
-rw-r--r-- | database/eurephiadb_driver.h | 2 | ||||
-rw-r--r-- | database/sqlite/edb-sqlite.c | 6 | ||||
-rw-r--r-- | plugin/eurephia.c | 13 |
3 files changed, 11 insertions, 10 deletions
diff --git a/database/eurephiadb_driver.h b/database/eurephiadb_driver.h index ababa06..c7c6505 100644 --- a/database/eurephiadb_driver.h +++ b/database/eurephiadb_driver.h @@ -111,7 +111,7 @@ void (*eDBdisconnect) (eurephiaCTX *ctx); * or -1 if the certificate is blacklisted. */ int (*eDBauth_TLS) (eurephiaCTX *ctx, const char *org, const char *cname, const char *email, - const char *digest, const char *depth); + const char *digest, const unsigned int depth); /** * Authenticates a client against the database, with users certificate ID, username and password. diff --git a/database/sqlite/edb-sqlite.c b/database/sqlite/edb-sqlite.c index 80966e5..6728f84 100644 --- a/database/sqlite/edb-sqlite.c +++ b/database/sqlite/edb-sqlite.c @@ -217,13 +217,13 @@ void eDBdisconnect(eurephiaCTX *ctx) * @copydoc eDBauth_TLS() */ int eDBauth_TLS(eurephiaCTX *ctx, const char *org, const char *cname, const char *email, - const char *digest, const char *depth) + const char *digest, const unsigned int depth) { dbresult *res = NULL; int certid = 0; char *blid = NULL; - DEBUG(ctx, 20, "Function call: eDBauth_TLS(ctx, '%s', '%s', '%s', '%s', %s)", + DEBUG(ctx, 20, "Function call: eDBauth_TLS(ctx, '%s', '%s', '%s', '%s', %i)", org, cname, email, digest, depth); // Check if certificate is valid, and not too many attempts has been tried with the given certificate @@ -232,7 +232,7 @@ int eDBauth_TLS(eurephiaCTX *ctx, const char *org, const char *cname, const char " FROM openvpn_certificates cert" " LEFT JOIN openvpn_blacklist bl USING(digest)" " WHERE organisation='%q' AND common_name='%q' " - " AND email='%q' AND depth='%q' AND cert.digest='%q'%c", + " AND email='%q' AND depth='%i' AND cert.digest='%q'%c", org, cname, email, depth, digest, 0); if( res != NULL ) { diff --git a/plugin/eurephia.c b/plugin/eurephia.c index 544e0ec..deea91c 100644 --- a/plugin/eurephia.c +++ b/plugin/eurephia.c @@ -251,11 +251,12 @@ int eurephiaShutdown(eurephiaCTX *ctx) * * @return Returns 0 on failure and 1 on success. */ -int eurephia_tlsverify(eurephiaCTX *ctx, const char **env, const char *depth) +int eurephia_tlsverify(eurephiaCTX *ctx, const char **env, const char *depth_str) { int result = 0; char *ipaddr; char *tls_digest, *tls_id; + unsigned int depth = atoi_nullsafe(depth_str); certinfo *ci = NULL; DEBUG(ctx, 10, "** Function call: eurephia_tlsverify(...)"); @@ -274,7 +275,7 @@ int eurephia_tlsverify(eurephiaCTX *ctx, const char **env, const char *depth) } // Check if certificate digest is blacklisted - tls_digest = GETENV_TLSDIGEST(ctx, env, atoi_nullsafe(depth)); + tls_digest = GETENV_TLSDIGEST(ctx, env, depth); if( eDBblacklist_check(ctx, attempt_CERTIFICATE, tls_digest) == 1 ) { eDBregister_attempt(ctx, attempt_IPADDR, ATTEMPT_REGISTER, ipaddr); eDBregister_attempt(ctx, attempt_CERTIFICATE, ATTEMPT_REGISTER, tls_digest); @@ -284,7 +285,7 @@ int eurephia_tlsverify(eurephiaCTX *ctx, const char **env, const char *depth) } // Check if certificate is registered and allowed - tls_id = GETENV_TLSID(ctx, env, atoi_nullsafe(depth)); + tls_id = GETENV_TLSID(ctx, env, depth); ci = parse_tlsid(tls_id); result = eDBauth_TLS(ctx, ci->org, ci->common_name, ci->email, tls_digest, depth); if( result < 1 ) { @@ -299,7 +300,7 @@ int eurephia_tlsverify(eurephiaCTX *ctx, const char **env, const char *depth) result, ci->org, ci->common_name, ci->email); } else { eurephia_log(ctx, LOG_WARNING, 0, - "Unknown certificate for: %s/%s/%s (depth %s, digest: %s)", + "Unknown certificate for: %s/%s/%s (depth %i, digest: %s)", ci->org, ci->common_name, ci->email, depth, tls_digest); } free_nullsafe(ctx, tls_id); @@ -371,7 +372,7 @@ int eurephia_userauth(eurephiaCTX *ctx, const char **env) // Get certificate ID tls_id = GETENV_TLSID(ctx, env, 0); ci = parse_tlsid(tls_id); - certid = eDBauth_TLS(ctx, ci->org, ci->common_name, ci->email, tls_digest, "0"); + certid = eDBauth_TLS(ctx, ci->org, ci->common_name, ci->email, tls_digest, 0); if( certid < 1 ) { eDBregister_attempt(ctx, attempt_IPADDR, ATTEMPT_REGISTER, ipaddr); eDBregister_attempt(ctx, attempt_CERTIFICATE, ATTEMPT_REGISTER, tls_digest); @@ -518,7 +519,7 @@ int eurephia_connect(eurephiaCTX *ctx, const char **env) { eDBfree_session(ctx, session); return 0; } - certid = eDBauth_TLS(ctx, ci->org, ci->common_name, ci->email, digest, "0"); + certid = eDBauth_TLS(ctx, ci->org, ci->common_name, ci->email, digest, 0); uid = eDBget_uid(ctx, certid, uname); free_certinfo(ci); |