diff options
| author | David Sommerseth <dazo@eurephia.org> | 2015-01-09 02:36:26 +0100 |
|---|---|---|
| committer | David Sommerseth <dazo@eurephia.org> | 2015-01-09 02:46:20 +0100 |
| commit | 05595e525b90cadd46506a6630513a2b4d8d3e60 (patch) | |
| tree | f766cba1cf9e24a70618b34c00f4a7aeed2667e0 /database | |
| parent | 31193a9d4f764bd54e00fc9e277c98319f198acd (diff) | |
| download | eurephia-05595e525b90cadd46506a6630513a2b4d8d3e60.tar.gz eurephia-05595e525b90cadd46506a6630513a2b4d8d3e60.tar.xz eurephia-05595e525b90cadd46506a6630513a2b4d8d3e60.zip | |
sqlite: Only use certificate digest/fingerprint for TLS authentication
Don't match against contents of O, CN or emailAddress fields. The
uniqueness of the certificates will be well controlled by the certificate
fingerprint anyway.
Signed-off-by: David Sommerseth <dazo@eurephia.org>
Diffstat (limited to 'database')
| -rw-r--r-- | database/sqlite/edb-sqlite.c | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/database/sqlite/edb-sqlite.c b/database/sqlite/edb-sqlite.c index 6e33267..8140ab6 100644 --- a/database/sqlite/edb-sqlite.c +++ b/database/sqlite/edb-sqlite.c @@ -1,8 +1,8 @@ /* edb-sqlite.c -- Main driver for eurephia authentication plugin for OpenVPN * This is the SQLite database driver * - * GPLv2 only - Copyright (C) 2008 - 2013 - * David Sommerseth <dazo@users.sourceforge.net> + * GPLv2 only - Copyright (C) 2008 - 2015 + * David Sommerseth <dazo@eurephia.org> * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License @@ -37,7 +37,7 @@ #include <unistd.h> #include <assert.h> -#define DRIVERVERSION "1.4" /**< Defines the software version of this driver */ +#define DRIVERVERSION "1.4.1" /**< Defines the software version of this driver */ #ifndef DRIVERAPIVERSION # define DRIVERAPIVERSION 4 /**< Sets the API version level of this driver */ #endif @@ -86,7 +86,7 @@ static const eDBattempt_types_t eDBattempt_types[] = { * @copydoc eDB_DriverVersion() */ const char *eDB_DriverVersion(void) { - return "edb-sqlite (v"DRIVERVERSION") David Sommerseth 2008-2012 (C) GPLv2"; + return "edb-sqlite (v"DRIVERVERSION") David Sommerseth 2008-2015 (C) GPLv2"; } @@ -243,9 +243,8 @@ int eDBauth_TLS(eurephiaCTX *ctx, const char *org, const char *cname, const char "SELECT cert.certid, blid " " FROM openvpn_certificates cert" " LEFT JOIN openvpn_blacklist bl USING(digest)" - " WHERE organisation='%q' AND common_name='%q' " - " AND email='%q' AND depth='%i' AND lower(cert.digest)=lower('%q')%c", - org, cname, email, depth, digest, 0); + " WHERE depth='%i' AND lower(cert.digest)=lower('%q')%c", + depth, digest, 0); if( sqlite_query_status(res) == dbSUCCESS ) { certid = atoi_nullsafe(sqlite_get_value(res, 0, 0)); |