sqlite: Implemented needed functions to enable authentication plug-ins

This adds the needed functions the eurephia framework requires to
retrieve a list of all configured plug-ins - eDBget_plugins().  And
it includes eDBauth_GetAuthMethod() which is used to lookup what
kind of authentication method a specific user account/certificate
combination should use.  If the authentication backend requires
a different username for this, that can also be configured in
this user account/certification setup.

Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>

1 files changed, 124 insertions, 3 deletions

diff --git a/database/sqlite/edb-sqlite.c b/database/sqlite/edb-sqlite.c
index bd0d905..8e3f25c 100644
--- a/database/sqlite/edb-sqlite.c
+++ b/database/sqlite/edb-sqlite.c
@@ -1,7 +1,7 @@
 /*  edb-sqlite.c  --  Main driver for eurephia authentication plugin for OpenVPN
  *                    This is the SQLite database driver
  *
- *  GPLv2 only - Copyright (C) 2008 - 2012
+ *  GPLv2 only - Copyright (C) 2008 - 2013
  *               David Sommerseth <dazo@users.sourceforge.net>
  *
  *  This program is free software; you can redistribute it and/or
@@ -37,9 +37,9 @@
 #include <unistd.h>
 #include <assert.h>
 
-#define DRIVERVERSION "1.3"     /**< Defines the software version of this driver */
+#define DRIVERVERSION "1.4"     /**< Defines the software version of this driver */
 #ifndef DRIVERAPIVERSION
-# define DRIVERAPIVERSION 3     /**< Sets the API version level of this driver */
+# define DRIVERAPIVERSION 4     /**< Sets the API version level of this driver */
 #endif
 
 #include <sqlite3.h>
@@ -274,6 +274,93 @@ int eDBauth_TLS(eurephiaCTX *ctx, const char *org, const char *cname, const char
 
 
 /**
+ * @copydoc eDBauth_GetAuthMethod()
+ */
+eDBauthMethodResult * eDBauth_GetAuthMethod(eurephiaCTX *ctx,
+                                            const int certid, const char *username)
+{
+        dbresult *dbr = NULL;
+        eDBauthMethodResult *ret = NULL;
+
+        DEBUG(ctx, 20, "Function call: eDBauth_GetAuthMethod(ctx, %i, '%s')", certid, username);
+
+        dbr = sqlite_query(ctx,
+                           "SELECT uicid, authplugin, authusername, activated, deactivated, "
+                           "       bl1.blid, bl2.blid"
+                           "  FROM openvpn_usercerts uc"
+                           "  JOIN openvpn_users ou USING (uid)"
+                           "  LEFT JOIN openvpn_blacklist bl1 ON( ou.username = bl1.username) "
+                           "  LEFT JOIN (SELECT blid, certid "
+                           "               FROM openvpn_certificates "
+                           "               JOIN openvpn_blacklist USING(digest)) bl2 "
+                           "         ON (uc.certid = bl2.certid)"
+                           " WHERE ou.username = '%q' AND uc.certid = '%i'",
+                           username, certid);
+
+        if (dbr == NULL) {
+                eurephia_log(ctx, LOG_FATAL, 0,
+                             "Failed to query eurephia database for authentication methods for"
+                             "user '%s' with certid '%i'", username, certid);
+                return NULL;
+        }
+
+        ret = malloc_nullsafe(ctx, sizeof(eDBauthMethodResult)+2);
+        if (ret == NULL) {
+                eurephia_log(ctx, LOG_FATAL, 0,
+                             "Failed to allocate memory fir auth method results");
+                return NULL;
+        }
+
+        /* Some sane and restrictive default values */
+        ret->method = eAM_UNDEF;
+        ret->username = NULL;
+        ret->authplugid = 0;
+        ret->uicid = 0;
+
+        if (sqlite_get_numtuples(dbr) == 1) {
+                char *auplgid = sqlite_get_value(dbr, 0, 1);
+                char *auuname = sqlite_get_value(dbr, 0, 2);
+
+                if( sqlite_get_value(dbr, 0, 5) != NULL ) {
+                        eurephia_log(ctx, LOG_WARNING, 0, "User account is BLACKLISTED (%s)",
+                                     username);
+                        ret->method = eAM_BLACKLISTED;
+                } else if( sqlite_get_value(dbr, 0, 6) != NULL ) {
+                        eurephia_log(ctx, LOG_WARNING, 0,
+                                     "User account linked with a BLACKLISTED certificate "
+                                     "(%s) - certid: %s",
+                                     username, certid);
+                        ret->method = eAM_BLACKLISTED;
+                } else if( sqlite_get_value(dbr, 0, 3) == NULL ) {
+                        eurephia_log(ctx, LOG_WARNING, 0, "User account is not activated (%s)",
+                                     username);
+                        ret->method = eAM_INACTIVE;
+                } else if( sqlite_get_value(dbr, 0, 4) != NULL ) {
+                        eurephia_log(ctx, LOG_WARNING, 0, "User account is deactivated (%s)",
+                                     username);
+                        ret->method = eAM_INACTIVE;
+                } else if (auplgid == NULL) {
+                        /* If no authentication plug-in is defined, use internal eurephia auth */
+                        ret->method = eAM_INTERNDB;
+                        ret->username = strdup_nullsafe(username);
+                        ret->authplugid = 0;
+                } else {
+                        /* If an authentication plug-in is defined.  Use a different auth name
+                         * if configured as well.
+                         */
+                        ret->method = eAM_PLUGIN;
+                        ret->username = strdup_nullsafe((auuname != NULL ? auuname : username));
+                        ret->authplugid = atoi_nullsafe(auplgid);
+                        ret->uicid = atoi_nullsafe(sqlite_get_value(dbr, 0, 0));
+                }
+        }
+
+        sqlite_free_results(dbr);
+        return ret;
+}
+
+
+/**
  * @copydoc eDBauth_user()
  */
 int eDBauth_user(eurephiaCTX *ctx, const int certid, const char *username, const char *passwd) 
@@ -1187,3 +1274,37 @@ eurephiaVALUES *eDBget_blacklisted_ip(eurephiaCTX *ctx) {
         return ret;
 }
 
+
+/**
+ * @copydoc eDBget_plugins()
+ */
+eurephiaVALUES *eDBget_plugins(eurephiaCTX *ctx, const char *plgtype) {
+        eurephiaVALUES *ret = NULL;
+        dbresult *res = NULL;
+        int i = 0;
+        char *plgdso = NULL;
+
+        DEBUG(ctx, 20, "Function call eDBget_plugins(ctx, '%s')", plgtype);
+
+        res = sqlite_query(ctx,
+                           "SELECT plgid, plgdsofile"
+                           "  FROM eurephia_plugins"
+                           " WHERE plgenabled = 't' "
+                           "       AND plgtype = '%q'", plgtype);
+        if( sqlite_query_status(res) == dbSUCCESS ) {
+                ret = eCreate_value_space(ctx, 21);
+                for( i = 0; i < sqlite_get_numtuples(res); i++ ) {
+                        if( ( plgdso = sqlite_get_value(res, i, 1)) != NULL ) {
+                                eAdd_value(ctx, ret, sqlite_get_value(res, i, 0), plgdso);
+                        }
+                }
+        } else {
+                eurephia_log(ctx, LOG_FATAL, 0,
+                             "Failed to retrieve additional eurephia plug-ins");
+                sqlite_log_error(ctx, res);
+                ret = NULL;
+        }
+        sqlite_free_results(res);
+
+        return ret;
+}