summaryrefslogtreecommitdiffstats
path: root/database/sqlite/eurephiadb-sqlite.c
diff options
context:
space:
mode:
authorDavid Sommerseth <dazo@users.sourceforge.net>2008-08-06 14:45:14 +0200
committerDavid Sommerseth <dazo@users.sourceforge.net>2008-08-06 14:45:14 +0200
commite51f1c49f9c1745012514dac79aaf8250ca1c036 (patch)
tree46017fb7c25dc9a60926173c543d7a7592208aca /database/sqlite/eurephiadb-sqlite.c
downloadeurephia-e51f1c49f9c1745012514dac79aaf8250ca1c036.tar.gz
eurephia-e51f1c49f9c1745012514dac79aaf8250ca1c036.tar.xz
eurephia-e51f1c49f9c1745012514dac79aaf8250ca1c036.zip
Imported eurephia into git
Diffstat (limited to 'database/sqlite/eurephiadb-sqlite.c')
-rw-r--r--database/sqlite/eurephiadb-sqlite.c842
1 files changed, 842 insertions, 0 deletions
diff --git a/database/sqlite/eurephiadb-sqlite.c b/database/sqlite/eurephiadb-sqlite.c
new file mode 100644
index 0000000..53ad8e1
--- /dev/null
+++ b/database/sqlite/eurephiadb-sqlite.c
@@ -0,0 +1,842 @@
+/* eurephia-sqlite.c -- Main driver for eurephia authentication plugin for OpenVPN
+ * This is the SQLite database driver
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <dlfcn.h>
+
+#include <sqlite3.h>
+
+#define EUREPHIADB_DRIVER 1
+#include <eurephiadb_driver.h>
+#include <eurephia_nullsafe.h>
+#include <eurephia_log.h>
+#include <eurephia_values.h>
+#include <eurephiadb_session.h>
+#include <passwd.h>
+#include "sqlite.h"
+
+#ifdef MEMWATCH
+#include <memwatch.h>
+#endif
+
+
+// Mapping table - mapping attempt types from .... to sqlite table fields
+typedef struct {
+ char *colname;
+ char *allow_cfg;
+ char *descr;
+} eDBattempt_types_t;
+
+
+static const eDBattempt_types_t eDBattempt_types[] = {
+ {NULL, NULL, NULL},
+ {"remoteip\0", "allow_ipaddr_attempts\0", "IP Address\0"},
+ {"digest\0", "allow_cert_attempts\0", "Certificate\0"},
+ {"username\0", "allow_username_attempts\0", "Username\0"},
+ {NULL, NULL, NULL}
+};
+
+/*
+ * Driver info
+ */
+
+const char *eDB_DriverVersion() {
+ return "eurephiadb-sqlite (v"DRIVERVERSION") David Sommerseth 2008 (C) GPLv2";
+}
+
+
+int eDB_DriverAPIVersion() {
+ return DRIVERAPIVERSION;
+}
+
+
+/*
+ * local functions
+ */
+
+
+// Function for simplifying update of openvpn_blacklist
+void update_attempts(eurephiaCTX *ctx, const char *blid) {
+ dbresult *res = NULL;
+
+ if( blid != NULL ) {
+ res = sqlite_query(ctx,
+ "UPDATE openvpn_blacklist "
+ " SET last_accessed = CURRENT_TIMESTAMP WHERE blid = %s", blid);
+ if( res == NULL ) {
+ eurephia_log(ctx, LOG_CRITICAL, 0,
+ "Could not update openvpn_blacklist.last_accessed for blid=%s", blid);
+ }
+ sqlite_free_results(res);
+ }
+}
+
+/*
+ * Public driver functions
+ */
+
+// Connect to the database ... connection is stored in the eurephiaCTX context
+int eDBconnect(eurephiaCTX *ctx, const int argc, const char **argv)
+{
+ eDBconn *dbc = NULL;
+ dbresult *res = NULL;
+ int rc;
+
+#ifdef MEMWATCH
+ mwStatistics(3);
+#endif
+
+ eurephia_log(ctx, LOG_DEBUG, 10, "Function call: eDBconnect(ctx, %i, '%s')", argc, argv[1]);
+
+ if( (argc != 1) || (argv[0] == NULL) || (strlen(argv[0]) < 1) ) {
+ eurephia_log(ctx, LOG_PANIC, 0, "Wrong parameters to dblink-sqlite. Cannot open database.");
+ return 0;
+ }
+
+ // Connect to the database
+ dbc = (eDBconn *) malloc(sizeof(eDBconn)+2);
+ memset(dbc, 1, sizeof(eDBconn)+2);
+ dbc->dbname = strdup(argv[1]);
+
+ eurephia_log(ctx, LOG_INFO, 1, "Opening database '%s'", dbc->dbname);
+
+ rc = sqlite3_open(argv[1], (void *) &dbc->dbhandle);
+ if( rc ) {
+ eurephia_log(ctx, LOG_FATAL, 0, "Could not open database '%s'", dbc->dbname);
+ free_nullsafe(dbc->dbname);
+ free_nullsafe(dbc);
+ return 0;
+ }
+
+ dbc->config = NULL;
+ ctx->dbc = dbc;
+
+ // Load configuration parameters into memory
+ eurephia_log(ctx, LOG_INFO, 1, "Reading config from database (openvpn_config)");
+ res = sqlite_query(ctx, "SELECT datakey, dataval FROM openvpn_config");
+ if( res != NULL ) {
+ int i = 0;
+ eurephiaVALUES *cfg = NULL;
+
+ cfg = eCreate_value_space(ctx, 11);
+ if( cfg == NULL ) {
+ eurephia_log(ctx, LOG_FATAL, 0, "Could not allocate memory for config variables");
+ sqlite_free_results(res);
+ return 0;
+ }
+ for( i = 0; i < sqlite_get_numtuples(res); i++ ) {
+ eAdd_value(ctx, cfg, sqlite_get_value(res, i, 0), sqlite_get_value(res, i, 1));
+ }
+ sqlite_free_results(res);
+ ctx->dbc->config = cfg;
+ }
+ return 1;
+}
+
+// Disconnect from the database
+void eDBdisconnect(eurephiaCTX *ctx)
+{
+ eDBconn *dbc = NULL;
+
+ eurephia_log(ctx, LOG_DEBUG, 10, "Function call: eDBdisconnect(ctx)");
+
+ if( ctx->dbc == NULL ) {
+ eurephia_log(ctx, LOG_WARNING, 0, "Database not open, cannot close database.");
+ return;
+ }
+
+ dbc = ctx->dbc;
+ eurephia_log(ctx, LOG_INFO, 2, "Closing database '%s'", dbc->dbname);
+
+ // Close database connection
+ sqlite3_close((sqlite3 *) dbc->dbhandle);
+ free_nullsafe(dbc->dbname);
+ dbc->dbhandle = NULL;
+
+ // Free up config memory
+ eFree_values(ctx, dbc->config);
+ free_nullsafe(dbc);
+ ctx->dbc = NULL;
+}
+
+
+// Authenticate certificate ... returns certid (certificate ID) on success,
+// 0 if not found or -1 if certificate is blacklisted
+int eDBauth_TLS(eurephiaCTX *ctx, const char *org, const char *cname, const char *email,
+ const char *digest, const char *depth)
+{
+ dbresult *res = NULL;
+ int certid = 0;
+ char *blid = NULL;
+
+ eurephia_log(ctx, LOG_DEBUG, 10, "Function call: eDBauth_TLS(ctx, '%s', '%s', '%s', '%s', %s)",
+ org, cname, email, digest, depth);
+
+ // Check if certificate is valid, and not too many attempts has been tried with the given certificate
+ res = sqlite_query(ctx,
+ "SELECT cert.certid, blid "
+ " FROM openvpn_certificates cert"
+ " LEFT JOIN openvpn_blacklist bl USING(digest)"
+ " WHERE organisation='%s' AND common_name='%s' "
+ " AND email='%s' AND depth='%s' AND cert.digest='%s'%c",
+ org, cname, email, depth, digest, 0);
+
+ if( res != NULL ) {
+ certid = atoi_nullsafe(sqlite_get_value(res, 0, 0));
+ blid = strdup_nullsafe(sqlite_get_value(res, 0, 1));
+ sqlite_free_results(res);
+
+ // Check if we found certificate to be blacklisted or not. blid == NULL when NOT blacklisted
+ if( blid == NULL ) {
+ if( certid > 0 ) {
+ eurephia_log(ctx, LOG_INFO, 0,
+ "Found certid %i for user: %s/%s/%s",
+ certid, org, cname, email);
+ } else {
+ eurephia_log(ctx, LOG_INFO, 1,
+ "Unknown certificate for: %s/%s/%s (depth %s, digest: %s)",
+ org, cname, email, depth, digest);
+ }
+ // Certificate is okay, certid contains the certificate ID
+ } else {
+ // If the certificate or IP is blacklisted, update status and deny access.
+ eurephia_log(ctx, LOG_WARNING, 1,
+ "Attempt with BLACKLISTED certificate (certid %i)", certid);
+ update_attempts(ctx, blid);
+ certid = -1;
+ }
+ free_nullsafe(blid);
+ } else {
+ eurephia_log(ctx, LOG_FATAL, 0, "Could not look up certificate information");
+ }
+
+ eurephia_log(ctx, LOG_DEBUG, 10,
+ "Result function call: eDBauth_TLS(ctx, '%s', '%s', '%s', '%s', %s) - %i",
+ org, cname, email, digest, depth, certid);
+
+ return certid;
+}
+
+// Authenticate user, using username, password and certid as authentication parameters
+// returns -1 if authentication fails. Returns 0 if user account is not found.
+int eDBauth_user(eurephiaCTX *ctx, const int certid, const char *username, const char *passwd)
+{
+ dbresult *res = NULL;
+ char *crpwd = NULL, *activated = NULL, *deactivated = NULL, *blid_uname = NULL, *blid_cert;
+ int uicid = 0, uid = 0, pwdok = 0;
+
+ eurephia_log(ctx, LOG_DEBUG, 10, "Function call: eDBauth_user(ctx, %i, '%s','xxxxxxxx')",
+ certid, username);
+
+
+ // Generate SHA1 hash of password, used for password auth
+ crpwd = passwdhash(passwd);
+
+ res = sqlite_query(ctx,
+ "SELECT uicid, ou.uid, activated, deactivated, bl1.blid, bl2.blid, "
+ " (password = '%s') AS pwdok"
+ " FROM openvpn_users ou"
+ " JOIN openvpn_usercerts uc USING(uid) "
+ " LEFT JOIN openvpn_blacklist bl1 ON( ou.username = bl1.username) "
+ " LEFT JOIN (SELECT blid, certid "
+ " FROM openvpn_certificates "
+ " JOIN openvpn_blacklist USING(digest)) bl2 ON(uc.certid = bl2.certid)"
+ " WHERE uc.certid = '%i' AND ou.username = '%s'",
+ crpwd, certid, username);
+ free_nullsafe(crpwd);
+ if( res == NULL ) {
+ eurephia_log(ctx, LOG_CRITICAL, 0,
+ "Could not lookup user in database (certid %i, username '%s'", certid, username);
+ return 0;
+ }
+
+ if( sqlite_get_numtuples(res) == 1 ) {
+ uid = atoi_nullsafe(sqlite_get_value(res, 0, 1));
+ activated = sqlite_get_value(res, 0, 2);
+ deactivated = sqlite_get_value(res, 0, 3);
+ blid_uname = sqlite_get_value(res, 0, 4);
+ blid_cert = sqlite_get_value(res, 0, 5);
+ pwdok = atoi_nullsafe(sqlite_get_value(res, 0, 6));
+
+ if( blid_uname != NULL ) {
+ eurephia_log(ctx, LOG_WARNING, 0, "User account is BLACKLISTED (uid: %i, %s)",
+ uid, username);
+ uicid = -1;
+ } else if( blid_cert != NULL ) {
+ eurephia_log(ctx, LOG_WARNING, 0,
+ "User account linked with a BLACKLISTED certificate "
+ "(uid: %i, %s) - certid: %s",
+ uid, username, certid);
+ uicid = -1;
+ } else if( activated == NULL ) {
+ eurephia_log(ctx, LOG_WARNING, 0, "User account is not activated (uid: %i, %s)",
+ uid, username);
+ uicid = -1;
+ } else if( deactivated != NULL ) {
+ eurephia_log(ctx, LOG_WARNING, 0, "User account is deactivated (uid: %i, %s)",
+ uid, username);
+ uicid = -1;
+ } else if( pwdok != 1 ) {
+ eurephia_log(ctx, LOG_WARNING, 0,"Authentication failed for user '%s'. Wrong password.",
+ username);
+ uicid = -1;
+
+ } else {
+ uicid = atoi_nullsafe(sqlite_get_value(res, 0, 0));
+ }
+ } else {
+ eurephia_log(ctx, LOG_WARNING, 0, "Authentication failed for user '%s'. "
+ "Could not find user or user-certificate link.", username);
+ uicid = 0;
+ }
+ sqlite_free_results(res);
+
+ eurephia_log(ctx, LOG_DEBUG, 10, "Result function call: eDBauth_user(ctx, %i, '%s','xxxxxxxx') - %i",
+ certid, username, uicid);
+
+ return uicid;
+}
+
+// Retrieve the user id from openvpn_usercerts, based on certid and username
+int eDBget_uid(eurephiaCTX *ctx, const int certid, const char *username)
+{
+ dbresult *res = NULL;
+ int ret = 0;
+
+ eurephia_log(ctx, LOG_DEBUG, 10, "Function call: eDBget_uid(ctx, %i, '%s')", certid, username);
+
+ res = sqlite_query(ctx,
+ "SELECT uid "
+ " FROM openvpn_usercerts "
+ " JOIN openvpn_users USING (uid) "
+ " WHERE certid = '%i' AND username = '%s'",
+ certid, username);
+ if( (res == NULL) || (sqlite_get_numtuples(res) != 1) ) {
+ eurephia_log(ctx, LOG_CRITICAL, 0, "Could not lookup userid for user '%s'", username);
+ ret = -1;
+ } else {
+ ret = atoi_nullsafe(sqlite_get_value(res, 0, 0));
+ }
+ sqlite_free_results(res);
+
+ return ret;
+}
+
+
+// If function returns true(1) this control marks it as blacklisted
+int eDBblacklist_check(eurephiaCTX *ctx, const int type, const char *val)
+{
+ dbresult *blr = NULL, *atpr = NULL;
+ int atpexceed = -1, blacklisted = 0;
+ char *atpid = NULL, *blid = NULL;
+
+ eurephia_log(ctx, LOG_DEBUG, 10, "Function call: eDBblacklist_check(ctx, '%s', '%s')",
+ eDBattempt_types[type].descr, val);
+
+ blr = sqlite_query(ctx, "SELECT blid FROM openvpn_blacklist WHERE %s = '%s'",
+ eDBattempt_types[type].colname, val);
+ if( blr != NULL ) {
+ blid = strdup_nullsafe(sqlite_get_value(blr, 0, 0));
+ sqlite_free_results(blr);
+ blr = NULL;
+
+ if( blid != NULL ) {
+ eurephia_log(ctx, LOG_WARNING, 1, "Attempt from blacklisted %s: %s",
+ eDBattempt_types[type].descr, val);
+ blacklisted = 1; // [type] is blacklisted
+ }
+ // Update attempt information
+ update_attempts(ctx, blid);
+ } else {
+ eurephia_log(ctx, LOG_CRITICAL, 0, "Quering openvpn_blacklist for blacklisted %s",
+ eDBattempt_types[type].descr);
+ }
+
+ if( blacklisted == 0 ) {
+ // Check if this [type] has been attempted earlier - if it has reaced the maximum
+ // attempt limit, blacklist it
+ atpr = sqlite_query(ctx,
+ "SELECT atpid, attempts >= %s FROM openvpn_attempts WHERE %s= '%s'",
+ eGet_value(ctx->dbc->config, eDBattempt_types[type].allow_cfg),
+ eDBattempt_types[type].colname, val);
+ if( atpr != NULL ) {
+ atpid = strdup_nullsafe(sqlite_get_value(atpr, 0, 0));
+ atpexceed = atoi_nullsafe(sqlite_get_value(atpr, 0, 1));
+ sqlite_free_results(atpr);
+ atpr = NULL;
+
+ // If [type] has reached attempt limit and it is not black listed, black list it
+ if( (atpexceed > 0) && (blid == NULL) ) {
+ eurephia_log(ctx, LOG_WARNING, 0,
+ "%s got BLACKLISTED due to too many failed attempts: %s",
+ eDBattempt_types[type].descr, val);
+ blr = sqlite_query(ctx,
+ "INSERT INTO openvpn_blacklist (%s) VALUES ('%s')",
+ eDBattempt_types[type].colname, val);
+ if( blr == NULL ) {
+ eurephia_log(ctx, LOG_CRITICAL, 0,
+ "Could not blacklist %s (%s)",
+ eDBattempt_types[type].descr, val);
+ }
+ sqlite_free_results(blr);
+ blacklisted = 1; // [type] is blacklisted
+ }
+ free_nullsafe(atpid);
+ } else {
+ eurephia_log(ctx, LOG_CRITICAL, 0, "Quering openvpn_attempts for blacklisted %s failed",
+ eDBattempt_types[type].descr);
+ }
+ free_nullsafe(atpr);
+ }
+ free_nullsafe(blid);
+
+ eurephia_log(ctx, LOG_DEBUG, 10, "Result - function call: eDBblacklist_check(ctx, '%s', '%s') - %i",
+ eDBattempt_types[type].descr, val, blacklisted);
+
+ return blacklisted;
+}
+
+// Register a failed attempt of authentication or IP address has been tried to many times
+void eDBregister_attempt(eurephiaCTX *ctx, int type, int mode, const char *value) {
+ dbresult *res;
+ char *id = NULL, *atmpt_block = NULL, *blid = NULL;
+
+ eurephia_log(ctx, LOG_DEBUG, 10, "Function call: eDBregister_attempt(ctx, %s, %s, '%s')",
+ eDBattempt_types[type].colname,
+ (mode == ATTEMPT_RESET ? "ATTEMPT_RESET" : "ATTEMPT_REGISTER"),
+ value);
+
+ //
+ // openvpn_attempts
+ //
+ res = sqlite_query(ctx,
+ "SELECT atpid, attempts > %s, blid "
+ " FROM openvpn_attempts "
+ " LEFT JOIN openvpn_blacklist USING(%s)"
+ " WHERE %s = '%s'",
+ eGet_value(ctx->dbc->config, eDBattempt_types[type].allow_cfg),
+ eDBattempt_types[type].colname,
+ eDBattempt_types[type].colname, value);
+ if( res == NULL ) {
+ eurephia_log(ctx, LOG_CRITICAL, 0, "Could not look up atpid in openvpn_attempts");
+ return;
+ }
+
+ if( (mode == ATTEMPT_RESET) && (sqlite_get_numtuples(res) == 0) ) {
+ // If we are asked to reset the attempt counter and we do not find any attempts, exit here
+ sqlite_free_results(res);
+ return;
+ }
+
+ id = strdup_nullsafe(sqlite_get_value(res, 0, 0));
+ atmpt_block = strdup_nullsafe(sqlite_get_value(res, 0, 1));
+ blid = strdup_nullsafe(sqlite_get_value(res, 0, 1));
+
+ sqlite_free_results(res);
+
+ if( (id == NULL) && (mode == ATTEMPT_REGISTER) ) {
+ // Only insert record when we are in registering mode
+ res = sqlite_query(ctx, "INSERT INTO openvpn_attempts (%s, attempts) VALUES ('%s', 1)",
+ eDBattempt_types[type].colname, value);
+ } else if( id != NULL ){
+ // if a attempt record exists, update it according to mode
+ res = sqlite_query(ctx,
+ "UPDATE openvpn_attempts "
+ " SET last_attempt = CURRENT_TIMESTAMP, attempts = %s"
+ " WHERE atpid = %s",
+ (mode == ATTEMPT_RESET ? "0" : "attempts + 1"),
+ id);
+ }
+ if( res == NULL ) {
+ eurephia_log(ctx, LOG_CRITICAL, 0,
+ "Could not update openvpn_attempts for %s = %s",
+ eDBattempt_types[type].colname, value);
+ }
+ sqlite_free_results(res);
+
+ // If attempts have exceeded attempt limit, blacklist it immediately if not already registered
+ if( (mode == ATTEMPT_REGISTER)
+ && (blid == NULL) && (atmpt_block != NULL) && (atoi_nullsafe(atmpt_block) > 0) ) {
+ eurephia_log(ctx, LOG_WARNING, 0, "Blacklisting %s due to too many attempts: %s",
+ eDBattempt_types[type].descr, value);
+ res = sqlite_query(ctx, "INSERT INTO openvpn_blacklist (%s) VALUES ('%s')",
+ eDBattempt_types[type].colname, value);
+ if( res == NULL ) {
+ eurephia_log(ctx, LOG_CRITICAL, 0,
+ "Could not blacklist %s: %s",
+ eDBattempt_types[type].descr, value);
+ }
+ sqlite_free_results(res);
+ }
+ free_nullsafe(id);
+ free_nullsafe(atmpt_block);
+ free_nullsafe(blid);
+}
+
+
+// Register a successful authentication
+int eDBregister_login(eurephiaCTX *ctx, eurephiaSESSION *skey, const int certid, const int uid,
+ const char *proto, const char *remipaddr, const char *remport,
+ const char *vpnipaddr, const char *vpnipmask)
+{
+ dbresult *res = NULL;
+
+ eurephia_log(ctx, LOG_DEBUG, 10,
+ "Function call: eDBregister_login(ctx, '%s', %i, %i, '%s','%s','%s','%s','%s')",
+ skey->sessionkey, certid, uid, proto, remipaddr, remport, vpnipaddr, vpnipmask);
+
+ if( skey->sessionstatus != SESSION_NEW ) {
+ eurephia_log(ctx, LOG_WARNING, 10, "Not a new session, will not register it again");
+ return 1;
+ }
+
+ res = sqlite_query(ctx,
+ "INSERT INTO openvpn_lastlog (uid, certid, "
+ " protocol, remotehost, remoteport,"
+ " vpnipaddr, vpnipmask,"
+ " sessionstatus, sesskey, login) "
+ "VALUES (%i, %i, '%s','%s','%s','%s','%s', 1,'%s', CURRENT_TIMESTAMP)",
+ uid, certid, proto, remipaddr, remport, vpnipaddr, vpnipmask, skey->sessionkey);
+ if( res == NULL ) {
+ eurephia_log(ctx, LOG_CRITICAL, 0, "Could not insert new session into openvpn_lastlog");
+ return 0;
+ }
+ sqlite_free_results(res);
+ skey->sessionstatus = SESSION_REGISTERED;
+ return 1;
+}
+
+// Register the MAC address of the VPN adapter of the user.
+int eDBregister_vpnmacaddr(eurephiaCTX *ctx, eurephiaSESSION *session, const char *macaddr)
+{
+ dbresult *res = NULL;
+
+ eurephia_log(ctx, LOG_DEBUG, 10,
+ "Function call: eDBregister_vpnmacaddr(ctx, '%s', '%s')",
+ session->sessionkey, macaddr);
+
+ if( macaddr == NULL ) {
+ eurephia_log(ctx, LOG_CRITICAL, 0, "No MAC address was given to save");
+ return 0;
+ }
+
+ res = sqlite_query(ctx,
+ "UPDATE openvpn_lastlog SET sessionstatus = 2, macaddr = '%s' "
+ " WHERE sesskey = '%s' AND sessionstatus = 1", macaddr, session->sessionkey);
+ if( res == NULL ) {
+ eurephia_log(ctx, LOG_CRITICAL, 0, "Could not update lastlog with new MAC address for session");
+ return 0;
+
+ }
+ sqlite_free_results(res);
+
+ // Save the MAC address in the session values register - needed for the destroy session
+ if( eDBset_session_value(ctx, session, "macaddr", macaddr) == 0 ) {
+ eurephia_log(ctx, LOG_CRITICAL, 0, "Could not save MAC address into session variables");
+ return 0;
+ }
+
+ return 1;
+}
+
+// Register the user as logged out
+int eDBregister_logout(eurephiaCTX *ctx, eurephiaSESSION *skey,
+ const char *bytes_sent, const char *bytes_received)
+{
+ dbresult *res = NULL;
+
+ eurephia_log(ctx, LOG_DEBUG, 10,
+ "Function call: eDBregister_logout(ctx, '%s', %s, %s)",
+ skey->sessionkey, bytes_sent, bytes_received);
+
+ res = sqlite_query(ctx,
+ "UPDATE openvpn_lastlog "
+ " SET sessionstatus = 3, logout = CURRENT_TIMESTAMP, "
+ " bytes_sent = '%i', bytes_received = '%i' "
+ " WHERE sesskey = '%s' AND sessionstatus = 2",
+ atoi_nullsafe(bytes_sent), atoi_nullsafe(bytes_received), skey->sessionkey);
+ if( res == NULL ) {
+ eurephia_log(ctx, LOG_CRITICAL, 0, "Could not update lastlog with logout information (%s)",
+ skey->sessionkey);
+ return 0;
+ }
+ sqlite_free_results(res);
+ skey->sessionstatus = SESSION_LOGGEDOUT;
+ return 1;
+}
+
+// Retrieve a session key from openvpn_sessionkeys if it is a current session. Session seed is used
+// as criteria
+char *eDBget_sessionkey(eurephiaCTX *ctx, const char *sessionseed) {
+ dbresult *res = NULL;
+ char *skey = NULL;
+
+ eurephia_log(ctx, LOG_DEBUG, 10, "eDBget_sessionkey(ctx, '%s')", sessionseed);
+
+ if( sessionseed == NULL ) {
+ eurephia_log(ctx, LOG_CRITICAL, 1,
+ "eDBget_sessionkey: No session seed given - cannot locate sessionkey");
+ return NULL;
+ }
+ res = sqlite_query(ctx, "SELECT sessionkey FROM openvpn_sessionkeys WHERE sessionseed = '%s'",
+ sessionseed);
+ if( res == NULL ) {
+ eurephia_log(ctx, LOG_CRITICAL, 0,"Could not retrieve sessionkey from openvpn_sessionkeys (%s)",
+ sessionseed);
+ return NULL;
+ }
+ if( sqlite_get_numtuples(res) == 1 ) {
+ skey = strdup_nullsafe(sqlite_get_value(res, 0, 0));
+ } else {
+ skey = NULL;
+ }
+ sqlite_free_results(res);
+ return skey;
+}
+
+
+// Function returns true(1) if session key is unique
+int eDBcheck_sessionkey_uniqueness(eurephiaCTX *ctx, const char *seskey) {
+ dbresult *res;
+ int uniq = 0;
+
+ eurephia_log(ctx, LOG_DEBUG, 10, "eDBcheck_sessionkey_uniqueness(ctx, '%s')", seskey);
+ if( seskey == NULL ) {
+ eurephia_log(ctx, LOG_CRITICAL, 1,
+ "eDBcheck_sessionkey_uniqness: Invalid session key given");
+ return 0;
+ }
+
+ res = sqlite_query(ctx, "SELECT count(sesskey) = 0 FROM openvpn_lastlog WHERE sesskey = '%s'", seskey);
+ if( res == NULL ) {
+ eurephia_log(ctx, LOG_CRITICAL, 0,
+ "eDBcheck_sessionkey_uniqness: Could not check uniqueness of sessionkey");
+ return 0;
+ }
+ uniq = atoi_nullsafe(sqlite_get_value(res, 0, 0));
+ sqlite_free_results(res);
+
+ return uniq;
+}
+
+// register a link between a short-term session seed and a long-term session key
+int eDBregister_sessionkey(eurephiaCTX *ctx, const char *seed, const char *seskey) {
+ dbresult *res;
+
+ eurephia_log(ctx, LOG_DEBUG, 10, "eDBregister_sessionkey(ctx, '%s', '%s')", seed, seskey);
+ if( (seed == NULL) || (seskey == NULL) ) {
+ eurephia_log(ctx, LOG_CRITICAL, 1,
+ "eDBregister_sessionkey: Invalid session seed or session key given");
+ return 0;
+ }
+
+ res = sqlite_query(ctx,
+ "INSERT INTO openvpn_sessionkeys (sessionseed, sessionkey) VALUES('%s','%s')",
+ seed, seskey);
+ if( res == NULL ) {
+ eurephia_log(ctx, LOG_CRITICAL, 0,
+ "eDBregister_sessionkey: Error registering sessionkey into openvpn_sessionkeys");
+ return 0;
+ }
+ sqlite_free_results(res);
+ return 1;
+}
+
+// remove a session seed/session key link from openvpn_sessionkeys
+int eDBremove_sessionkey(eurephiaCTX *ctx, const char *seskey) {
+ dbresult *res;
+
+ eurephia_log(ctx, LOG_DEBUG, 10, "eDBremove_sessionkey(ctx, '%s')", seskey);
+ if( seskey == NULL ) {
+ eurephia_log(ctx, LOG_CRITICAL, 1,
+ "eDBremove_sessionkey: Invalid session key given");
+ return 0;
+ }
+
+ res = sqlite_query(ctx, "DELETE FROM openvpn_sessionkeys WHERE sessionkey = '%s'", seskey);
+ if( res == NULL ) {
+ eurephia_log(ctx, LOG_CRITICAL, 0,
+ "eDBremove_sessionkey: Error removing sessionkey from openvpn_sessionkeys");
+ return 0;
+ }
+ sqlite_free_results(res);
+ return 1;
+}
+
+// Load session values stored in the database into a eurephiaVALUES struct (session values)
+eurephiaVALUES *eDBload_sessiondata(eurephiaCTX *ctx, const char *sesskey) {
+ dbresult *res = NULL;
+ eurephiaVALUES *sessvals = NULL;
+ int i;
+
+ if( (ctx == NULL) || (sesskey == NULL) ) {
+ return NULL;
+ }
+
+ eurephia_log(ctx, LOG_DEBUG, 10, "Function call: eDBload_sessiondata(ctx, '%s')", sesskey);
+
+ res = sqlite_query(ctx, "SELECT datakey, dataval FROM openvpn_sessions WHERE sesskey = '%s'",
+ sesskey);
+ if( (res != NULL) || (sqlite_get_numtuples(res) > 0) ) {
+ for( i = 0; i < sqlite_get_numtuples(res); i++ ) {
+ sessvals = eDBadd_session_value(sessvals,
+ sqlite_get_value(res, i, 0),
+ sqlite_get_value(res, i, 1));
+ }
+ sqlite_free_results(res);
+ } else {
+ eurephia_log(ctx, LOG_CRITICAL, 0,
+ "Could not load session values for session '%s'", sesskey);
+
+ }
+ return sessvals;
+}
+
+
+// Store a new, update or delete a sessionvalue in the database
+int eDBstore_session_value(eurephiaCTX *ctx, eurephiaSESSION *session, int mode, const char *key, const char *val)
+{
+ dbresult *res = NULL;
+
+ if( session == NULL ) {
+ eurephia_log(ctx, LOG_DEBUG, 10,
+ "Function call failed to eDBstore_session_value(ctx, ...): Non-existing session key");
+ return 0;
+ }
+
+ eurephia_log(ctx, LOG_DEBUG, 10, "Function call: eDBstore_session_value(ctx, '%s', %i, '%s', '%s')",
+ session->sessionkey, mode, key, val);
+
+ switch( mode ) {
+ case SESSVAL_NEW:
+ res = sqlite_query(ctx,
+ "INSERT INTO openvpn_sessions (sesskey, datakey, dataval) "
+ "VALUES ('%s','%s','%s')", session->sessionkey, key, val);
+ if( res == NULL ) {
+ eurephia_log(ctx, LOG_CRITICAL, 0,
+ "Could not register new session variable into database: [%s] %s = %s",
+ session->sessionkey, key, val);
+ return 0;
+ }
+ break;
+
+ case SESSVAL_UPDATE:
+ res = sqlite_query(ctx,
+ "UPDATE openvpn_sessions SET dataval = '%s' "
+ " WHERE sesskey = '%s' AND datakey = '%s'", val, session->sessionkey, key);
+ if( res == NULL ) {
+ eurephia_log(ctx, LOG_CRITICAL, 0, "Could not update session variable: [%s] %s = %s ",
+ session->sessionkey, key, val);
+ return 0;
+ }
+ break;
+
+ case SESSVAL_DELETE:
+ res = sqlite_query(ctx, "DELETE FROM openvpn_sessions WHERE sesskey = '%s' AND datakey = '%s'",
+ session->sessionkey, key);
+ if( res == NULL ) {
+ eurephia_log(ctx, LOG_CRITICAL, 0, "Could not delete session variable: [%s] %s",
+ session->sessionkey, key);
+ return 0;
+ }
+ break;
+
+ default:
+ eurephia_log(ctx, LOG_FATAL, 0, "Unknown eDBstore_session_value mode '%i'", mode);
+ return 1;
+ }
+ sqlite_free_results(res);
+ return 1;
+}
+
+
+// Delete session information from openvpn_sessions and update openvpn_lastlog with status
+int eDBdestroy_session(eurephiaCTX *ctx, const char *macaddr)
+{
+ dbresult *res = NULL;
+ char *skey = NULL;
+
+ eurephia_log(ctx, LOG_DEBUG, 10, "Function call: eDBdestroy_session(ctx, '%s')", macaddr);
+
+ // Find sessionkey from MAC address
+ res = sqlite_query(ctx,
+ "SELECT sesskey "
+ " FROM openvpn_sessions "
+ " WHERE datakey = 'macaddr' AND dataval = '%'s'", macaddr);
+ if( res == NULL ) {
+ eurephia_log(ctx, LOG_CRITICAL, 0,
+ "Could not remove session from database (MAC addr: %s)", macaddr);
+ return 0;
+ }
+
+ skey = strdup_nullsafe(sqlite_get_value(res, 0, 0));
+ sqlite_free_results(res);
+
+ if( skey == NULL ) {
+ eurephia_log(ctx, LOG_INFO, 0,
+ "Could not find any sessions connected to MAC addr '%s')", macaddr);
+ return 1;
+ }
+
+ // Update session status
+ res = sqlite_query(ctx,
+ "UPDATE openvpn_lastlog "
+ " SET sessionstatus = 4, session_del = CURRENT_TIMESTAMP "
+ " WHERE sesskey = '%s' AND sessionstatus = 3", skey);
+ if( res == NULL ) {
+ eurephia_log(ctx, LOG_CRITICAL, 0,
+ "Could not update session status in lastlog (%s/%s))", skey, macaddr);
+ free_nullsafe(skey);
+ return 0;
+ }
+ sqlite_free_results(res);
+
+ // Delete session variables
+ res = sqlite_query(ctx, "DELETE FROM openvpn_sessions WHERE sesskey = '%s'", skey);
+ if( res == NULL ) {
+ eurephia_log(ctx, LOG_CRITICAL, 0,
+ "Could not delete session variables (%s/%s))", skey, macaddr);
+ free_nullsafe(skey);
+ return 0;
+ }
+ sqlite_free_results(res);
+
+ // Remove the sessionkey from openvpn_sessions
+ if( eDBremove_sessionkey(ctx, skey) == 0 ) {
+ free_nullsafe(skey);
+ return 0;
+ }
+
+ free_nullsafe(skey);
+ return 1;
+}
+
+
+char *eDBget_fw_profile(eurephiaCTX *ctx, eurephiaSESSION *session)
+{
+ char *ret = NULL;
+ dbresult *res = NULL;
+
+ eurephia_log(ctx, LOG_DEBUG, 10, "Function call: eDBget_fw_profile(ctx, {session}'%s')",
+ session->sessionkey);
+
+ res = sqlite_query(ctx,
+ "SELECT fw_profile "
+ " FROM openvpn_lastlog "
+ " JOIN openvpn_usercerts USING(certid, uid)"
+ " JOIN openvpn_accesses USING(accessprofile)"
+ " WHERE sesskey = '%s'", session->sessionkey);
+ if( res == NULL ) {
+ eurephia_log(ctx, LOG_CRITICAL, 0, "Could not retrieve firewall profile for session '%s'",
+ session->sessionkey);
+ return NULL;
+ }
+ ret = strdup_nullsafe(sqlite_get_value(res, 0, 0));
+ sqlite_free_results(res);
+ return ret;
+}
+
generated by cgit (git 2.34.1) at 2026-01-09 00:14:03 +0000