Login seems to work from database driver side

author: David Sommerseth <dazo@users.sourceforge.net> 2008-11-29 02:50:03 +0100
committer: David Sommerseth <dazo@users.sourceforge.net> 2008-11-29 02:50:03 +0100
commit: 732ed6d747b49a0d794114ee660e76102ecd9f95 (patch)
tree: 067bfeea1593804ce48d37f8d2de9468242ebd11 /database/sqlite
parent: ad77c8cd62ab96e2815e287b74bfc0f50af8b7ae (diff)
download: eurephia-732ed6d747b49a0d794114ee660e76102ecd9f95.tar.gz
eurephia-732ed6d747b49a0d794114ee660e76102ecd9f95.tar.xz
eurephia-732ed6d747b49a0d794114ee660e76102ecd9f95.zip
2 files changed, 253 insertions, 5 deletions
diff --git a/database/sqlite/edb-sqlite.c b/database/sqlite/edb-sqlite.c
index 46c2132..270b3eb 100644
--- a/database/sqlite/edb-sqlite.c
+++ b/database/sqlite/edb-sqlite.c
@@ -23,6 +23,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <dlfcn.h>
+#include <assert.h>
 
 #include <sqlite3.h>
 
@@ -32,7 +33,9 @@
 #include <eurephia_log.h>
 #include <eurephia_values.h>
 #include <eurephiadb_session_common.h>
+#include <eurephiadb_session_struct.h>
 #include <passwd.h>
+#include <sha512.h>
 #include "sqlite.h"
 
 #ifdef MEMWATCH
@@ -236,7 +239,7 @@ int eDBauth_user(eurephiaCTX *ctx, const int certid, const char *username, const
         DEBUG(ctx, 20, "Function call: eDBauth_user(ctx, %i, '%s','xxxxxxxx')", certid, username);
 
 
-        // Generate SHA1 hash of password, used for password auth
+        // Generate SHA512 hash of password, used for password auth
         crpwd = passwdhash(passwd);
 
         res = sqlite_query(ctx,
@@ -250,6 +253,7 @@ int eDBauth_user(eurephiaCTX *ctx, const int certid, const char *username, const
                            "               JOIN openvpn_blacklist USING(digest)) bl2 ON(uc.certid = bl2.certid)"
                            " WHERE uc.certid = '%i' AND ou.username = '%q'",
                            crpwd, certid, username);
+        memset(crpwd, 0, strlen_nullsafe(crpwd));
         free_nullsafe(crpwd);
         if( res == NULL ) {
                 eurephia_log(ctx, LOG_FATAL, 0,
@@ -650,7 +654,7 @@ char *eDBget_sessionkey_macaddr(eurephiaCTX *ctx, const char *macaddr) {
 
 
 // Function returns true(1) if session key is unique
-int eDBcheck_sessionkey_uniqueness(eurephiaCTX *ctx, const char *seskey) {
+int _local_eDBcheck_sessionkey_uniqueness(eurephiaCTX *ctx, const char *seskey) {
         dbresult *res;
         int uniq = 0;
 
@@ -661,9 +665,26 @@ int eDBcheck_sessionkey_uniqueness(eurephiaCTX *ctx, const char *seskey) {
                 return 0;
         }
 
-        res = sqlite_query(ctx,
-                           "SELECT count(sessionkey) = 0 "
-                           "FROM openvpn_lastlog WHERE sessionkey = '%q'", seskey);
+        switch( ctx->context_type ) {
+        case ECTX_NO_PRIVILEGES:
+                return 0;
+                break;
+
+        case ECTX_ADMIN_CONSOLE:
+        case ECTX_ADMIN_WEB:
+                res = sqlite_query(ctx,
+                                   "SELECT count(sessionkey) = 0 "
+                                   "FROM eurephia_adminlog WHERE sessionkey = '%q'", seskey);
+                break;
+
+        case ECTX_PLUGIN_AUTH:
+        default:
+                res = sqlite_query(ctx,
+                                   "SELECT count(sessionkey) = 0 "
+                                   "FROM openvpn_lastlog WHERE sessionkey = '%q'", seskey);
+                break;
+        }
+
         if( res == NULL ) {
                 eurephia_log(ctx, LOG_FATAL, 0,
                              "eDBcheck_sessionkey_uniqness: Could not check uniqueness of sessionkey");
@@ -674,6 +695,11 @@ int eDBcheck_sessionkey_uniqueness(eurephiaCTX *ctx, const char *seskey) {
 
         return uniq;
 }
+inline int eDBcheck_sessionkey_uniqueness(eurephiaCTX *ctx, const char *seskey) {
+        return _local_eDBcheck_sessionkey_uniqueness(ctx, seskey);
+}
+
+
 
 // register a link between a short-term session seed and a long-term session key
 int eDBregister_sessionkey(eurephiaCTX *ctx, const char *seed, const char *seskey) {
@@ -907,5 +933,213 @@ eurephiaVALUES *eDBget_blacklisted_ip(eurephiaCTX *ctx) {
  *
  */
 
+// Authenticate admin user against user database
+eurephiaSESSION *eDBadminAuth(eurephiaCTX *ctx, const char interface, const char *uname, const char *pwd) {
+        eurephiaSESSION *new_sess = NULL;
+        dbresult *res = NULL;
+        char *crpwd = NULL, *randdata = NULL;
+        char *activated = NULL, *deactivated = NULL, *blid = NULL;
+        int uid = -1, admacc = 0, pwok = 0, loop = 0, uniqchk = 0;
+        SHA512Context sha;
+        uint8_t sha_res[SHA512_HASH_SIZE];
+
+        assert(ctx != NULL);
+
+        if( (strlen_nullsafe(uname) < 4) || (strlen_nullsafe(pwd) < 4) ) {
+                eurephia_log(ctx, LOG_WARNING, 0, "User name and/or password is either null or less than 4 bytes");
+                return NULL;
+        }
+
+        //
+        // Authenticate user and password
+        //
+        crpwd = passwdhash(pwd);
+        assert(crpwd != NULL);
+        res = sqlite_query(ctx,
+                           "SELECT activated, deactivated, bl.blid, "
+                           "       (password = '%q') AS pwok, acc_admin, uid"
+                           "  FROM openvpn_users ou"
+                           "  LEFT JOIN openvpn_blacklist bl USING (username)"
+                           " WHERE ou.username = '%q'",
+                           crpwd, uname);
+        memset(crpwd, 0, strlen_nullsafe(crpwd));
+        free_nullsafe(crpwd);
+
+        if( !res ) {
+                eurephia_log(ctx, LOG_FATAL, 0, "Could not authenticate user against the database");
+                return NULL;
+        }
+
+        if( sqlite_get_numtuples(res) == 1 ) {
+                activated   = sqlite_get_value(res, 0, 0);
+                deactivated = sqlite_get_value(res, 0, 1);
+                blid        = sqlite_get_value(res, 0, 2);
+                pwok        = atoi_nullsafe(sqlite_get_value(res, 0, 3));
+                admacc      = atoi_nullsafe(sqlite_get_value(res, 0, 4));
+                uid         = atoi_nullsafe(sqlite_get_value(res, 0, 5));
+
+                if( blid != NULL ) {
+                        eurephia_log(ctx, LOG_WARNING, 0,
+                                     "Your user account is BLACKLISTED.  You have no access.");
+                        sqlite_free_results(res);
+                        return NULL;
+                }
+
+                if( activated == NULL ) {
+                        eurephia_log(ctx, LOG_WARNING, 0, "Your user account is not yet activated.");
+                        sqlite_free_results(res);
+                        return NULL;
+                }
+
+                if( deactivated != NULL ) {
+                        eurephia_log(ctx, LOG_WARNING, 0, "Your user account is deactivated.");
+                        sqlite_free_results(res);
+                        return NULL;
+                }
+
+                if( admacc != 1 ) {
+                        eurephia_log(ctx, LOG_WARNING, 0, "Your user account is lacking privileges");
+                        sqlite_free_results(res);
+                        return NULL;
+                }
+
+                if( pwok != 1 ) {
+                        eurephia_log(ctx, LOG_WARNING, 0, "Authentication failed,");
+                        sqlite_free_results(res);
+                        return NULL;
+                }
+        } else {
+                eurephia_log(ctx, LOG_WARNING, 0, "Authentication failed.  Too many records found.");
+                sqlite_free_results(res);
+                return NULL;
+        }
+        sqlite_free_results(res);
+
+
+        //
+        // If we reach this place, authentication was successful ... create session
+        //
+
+        // Get a unique session key
+        randdata = (char *) malloc(514);
+        assert(randdata != NULL);
+
+        new_sess = (eurephiaSESSION *) malloc(sizeof(eurephiaSESSION) + 2);
+        assert(new_sess != NULL);
+        memset(new_sess, 0, sizeof(eurephiaSESSION) + 2);
+
+        do {
+                char *ptr = NULL;
+                int i = 0;
+
+                memset(randdata, 0, 514);
+                if( !eDBsessionGetRandString(ctx, randdata, 512) ) {
+                        eurephia_log(ctx, LOG_FATAL, 0, "Could not generate enough random data for session");
+                        free_nullsafe(randdata);
+                        free_nullsafe(new_sess);
+                        return NULL;
+                }
+
+                memset(&sha, 0, sizeof(SHA512Context));
+                memset(&sha_res, 0, sizeof(sha_res));
+
+                free_nullsafe(new_sess->sessionkey);
+                new_sess->sessionkey = (char *) malloc((SHA512_HASH_SIZE*2) + 3);
+                assert(new_sess->sessionkey != NULL);
+                memset(new_sess->sessionkey, 0, (SHA512_HASH_SIZE*2) + 3);
+
+                SHA512Init(&sha);
+                SHA512Update(&sha, randdata, 512);
+                SHA512Final(&sha, sha_res);
+
+                ptr = new_sess->sessionkey;
+                for( i = 0; i < SHA512_HASH_SIZE; i++ ) {
+                        sprintf(ptr, "%02x", sha_res[i]);
+                        ptr++;
+                }
+                memset(&sha, 0, sizeof(SHA512Context));
+                memset(&sha_res, 0, sizeof(sha_res));
+                free_nullsafe(randdata);
+
+                loop++;
+                fprintf(stderr, "---> %s\n", new_sess->sessionkey);
+                uniqchk = _local_eDBcheck_sessionkey_uniqueness(ctx, new_sess->sessionkey);
+        } while( (uniqchk == 0) && (loop < 11) );
+        free_nullsafe(randdata);
+
+        if( uniqchk == 0 ) {
+                eurephia_log(ctx, LOG_FATAL, 0,
+                             "Did not manage to create a unique session key after %i attemtps.  Aborting.",
+                             loop-1);
+                free_nullsafe(new_sess->sessionkey);
+                free_nullsafe(new_sess);
+                return NULL;
+        }
+
+        // Register login into eurephia_adminlog ... uid, login, interface, sessionkey
+        res = sqlite_query(ctx,
+                           "INSERT INTO eurephia_adminlog "
+                           "       (uid, interface, status, login, last_action, sessionkey) "
+                           "VALUES ('%i','%c',1,CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, '%q')",
+                           uid, interface, new_sess->sessionkey);
+        if( !res ) {
+                eurephia_log(ctx, LOG_FATAL, 0, "Could not manage to register the session in the database");
+                free_nullsafe(new_sess->sessionkey);
+                free_nullsafe(new_sess);
+                return NULL;
+        }
+
+        // 3.  Return new session
+        return new_sess;
+}
+
+eurephiaSESSION *eDBadminLoadSession(eurephiaCTX *ctx, char *sesskey) {
+        return NULL;
+}
+
+eurephiaUSERLIST *eDBgetUserList(eurephiaCTX *ctx, const int sortkey) {
+        return NULL;
+}
+
+eurephiaUSERINFO *eDBgetUserInfo(eurephiaCTX *ctx, eurephiaUSERINFO *srchkey) {
+        return NULL;
+}
+
+int eDBaddUser(eurephiaCTX *ctx, eurephiaUSERINFO *usrinf) {
+        return 0;
+}
+
+int eDBupdateUser(eurephiaCTX *ctx, const int uid, eurephiaUSERINFO *usrinf) {
+        return 0;
+}
+
+int eDBdeleteUser(eurephiaCTX *ctx, const int uid, eurephiaUSERINFO *usrinf) {
+        return 0;
+}
+
+
+eurephiaCERTLIST *eDBgetCertificateList(eurephiaCTX *ctx, const int sortkey) {
+        return NULL;
+}
+
+eurephiaCERTINFO *eDBgetCertificateInfo(eurephiaCTX *ctx, eurephiaCERTINFO *srchkey) {
+        return NULL;
+}
+
+int eDBaddCertificate(eurephiaCTX *ctx, eurephiaCERTINFO *crtinf) {
+        return 0;
+}
+
+int eDBdeleteCertificate(eurephiaCTX *ctx, const int uid, eurephiaCERTINFO *crtinf) {
+        return 0;
+}
+
+eurephiaLOGLIST *eDBgetLastlog(eurephiaCTX *ctx, eurephiaUSERINFO *usersrch, eurephiaCERTINFO *certsrch) {
+        return NULL;
+};
+
+eurephiaLOGLIST *eDBgetAttemptsLog(eurephiaCTX *ctx, eurephiaUSERINFO *usersrch, eurephiaCERTINFO *certsrch) {
+        return NULL;
+};
 
 #endif
diff --git a/database/sqlite/sql-schema.sql b/database/sqlite/sql-schema.sql
index 81d7ea4..7fb6769 100644
--- a/database/sqlite/sql-schema.sql
+++ b/database/sqlite/sql-schema.sql
@@ -15,6 +15,7 @@ CREATE TABLE openvpn_users (
        activated     timestamp    ,
        deactivated   timestamp    ,
        last_accessed timestamp    ,
+       acc_admin     boolean      ,
        uid           integer      PRIMARY KEY AUTOINCREMENT
 );
 CREATE UNIQUE INDEX openvpn_users_uname ON openvpn_users(username);
@@ -114,3 +115,16 @@ CREATE TABLE openvpn_config (
 );
 CREATE UNIQUE INDEX openvpn_config_key ON openvpn_config(datakey);
 
+CREATE TABLE eurephia_adminlog (
+       uid            integer      NOT NULL,
+       interface      char         NOT NULL, -- C-onsole, W-eb
+       status         integer      NOT NULL,
+       login          timestamp    NOT NULL,
+       last_action    timestamp    NOT NULL,
+       logout         timestamp    ,
+       sessionkey     varchar(128) NOT NULL,
+       ealid          integer      PRIMARY KEY AUTOINCREMENT
+);
+CREATE INDEX eurephia_adminlog_uid ON eurephia_adminlog(uid);
+CREATE INDEX eurephia_adminlog_sesskey ON eurephia_adminlog(sessionkey);
+
author	David Sommerseth <dazo@users.sourceforge.net>	2008-11-29 02:50:03 +0100
committer	David Sommerseth <dazo@users.sourceforge.net>	2008-11-29 02:50:03 +0100
commit	732ed6d747b49a0d794114ee660e76102ecd9f95 (patch)
tree	067bfeea1593804ce48d37f8d2de9468242ebd11 /database/sqlite
parent	ad77c8cd62ab96e2815e287b74bfc0f50af8b7ae (diff)
download	eurephia-732ed6d747b49a0d794114ee660e76102ecd9f95.tar.gz eurephia-732ed6d747b49a0d794114ee660e76102ecd9f95.tar.xz eurephia-732ed6d747b49a0d794114ee660e76102ecd9f95.zip