diff options
| author | David Sommerseth <dazo@users.sourceforge.net> | 2009-01-03 21:53:07 +0100 |
|---|---|---|
| committer | David Sommerseth <dazo@users.sourceforge.net> | 2009-01-03 21:53:07 +0100 |
| commit | 8a0b87ab7e99af1700aa80cb54373b68864eb0d4 (patch) | |
| tree | 54e05e1eb91efffb5268dce49368e756ed58d7a7 /common | |
| parent | 241b14d771d247127508cf7b20f833b9dbe0abda (diff) | |
| download | eurephia-8a0b87ab7e99af1700aa80cb54373b68864eb0d4.tar.gz eurephia-8a0b87ab7e99af1700aa80cb54373b68864eb0d4.tar.xz eurephia-8a0b87ab7e99af1700aa80cb54373b68864eb0d4.zip | |
Introduced password caching on authenticated sessions
This is to prepare eurephia-auth plugin to use other and
more CPU intensive hashing algorithms for passwords. In addition,
open sessions will now not be rejected/closed due to wrong
password if the user changes the password with an open session
running.
The patch adds a new server_salt attribute in the eurephiaCTX
structure. This is used as a temporary salt and is created of
random data when OpenVPN is started.
When a user is being authenticated (eurephia.c/eurephia_userauth)
a authentication session (not the same as a 'normal' session) is
opened and checked for a cached password. If it does not exist
or match, normal password check will be done against the user
database. If a cached password is found and matches, it is
considered to be authenticated.
The cached password uses the SHA512 algorithm, together with the
eurephiaCTX->server_salt.
Diffstat (limited to 'common')
| -rw-r--r-- | common/eurephia_context.h | 3 | ||||
| -rw-r--r-- | common/eurephiadb_session_struct.h | 3 |
2 files changed, 6 insertions, 0 deletions
diff --git a/common/eurephia_context.h b/common/eurephia_context.h index 74a9f85..15db44e 100644 --- a/common/eurephia_context.h +++ b/common/eurephia_context.h @@ -31,6 +31,8 @@ #define ECTX_ADMIN_CONSOLE 0x2001 #define ECTX_ADMIN_WEB 0x2002 +#define SIZE_PWDCACHE_SALT 2048 + // // main structure for the eurephia module context // - the same context structure is used for all OpenVPN sessions @@ -44,6 +46,7 @@ typedef struct { #else void *fwcfg; #endif + char *server_salt; FILE *log; int loglevel; int fatal_error; diff --git a/common/eurephiadb_session_struct.h b/common/eurephiadb_session_struct.h index d9e2998..cfee998 100644 --- a/common/eurephiadb_session_struct.h +++ b/common/eurephiadb_session_struct.h @@ -21,6 +21,8 @@ #ifndef EUREPHIADB_SESSION_STRUCT_H_ #define EUREPHIADB_SESSION_STRUCT_H_ +typedef enum { stAUTHENTICATION, stSESSION} sessionType; + #define SESSION_NEW 1 #define SESSION_EXISTING 2 #define SESSION_REGISTERED 3 @@ -36,6 +38,7 @@ typedef struct { char *sessionkey; int sessionstatus; + sessionType type; eurephiaVALUES *sessvals; } eurephiaSESSION; |