diff options
| author | David Sommerseth <dazo@users.sourceforge.net> | 2009-03-22 00:30:28 +0100 |
|---|---|---|
| committer | David Sommerseth <dazo@users.sourceforge.net> | 2009-03-22 00:30:28 +0100 |
| commit | 2d01e7ab1312d28207b9ae63f1e35b6e9f8e560c (patch) | |
| tree | e816d5ec29b83ccafcacb33dbcbc98e85ee3a916 /database | |
| parent | 4327f9c0ee5f863b4e1552125338230f03768284 (diff) | |
| download | eurephia-2d01e7ab1312d28207b9ae63f1e35b6e9f8e560c.tar.gz eurephia-2d01e7ab1312d28207b9ae63f1e35b6e9f8e560c.tar.xz eurephia-2d01e7ab1312d28207b9ae63f1e35b6e9f8e560c.zip | |
Rewrote database driver (SQLite) to use eurephia_pwd_crypt(...)
Follow up from commit 062a3c92343a5fa371f8637f8bca88aacca14cc4
Diffstat (limited to 'database')
| -rw-r--r-- | database/eurephiadb_mapping.c | 7 | ||||
| -rw-r--r-- | database/sqlite/administration.c | 34 | ||||
| -rw-r--r-- | database/sqlite/edb-sqlite.c | 26 |
3 files changed, 44 insertions, 23 deletions
diff --git a/database/eurephiadb_mapping.c b/database/eurephiadb_mapping.c index f450a64..2f8fdea 100644 --- a/database/eurephiadb_mapping.c +++ b/database/eurephiadb_mapping.c @@ -219,10 +219,11 @@ eDBfieldMap *eDBxmlMapping(eurephiaCTX *ctx, eDBfieldMap *dbmap, const char *tbl ? (char *)nptr->children->content : strdup("")); } else { - // Hash value if it is not hashed or not approved hashing + // Force hashing of value if it is an unknown hash type ptr->value = (nptr->children != NULL - ? passwdhash(pwdSHA512, NULL, - (char *)nptr->children->content) + ? eurephia_pwd_crypt(ctx, + (char *)nptr->children->content, + NULL) : strdup("")); } break; diff --git a/database/sqlite/administration.c b/database/sqlite/administration.c index 4b174d9..c8e5a7e 100644 --- a/database/sqlite/administration.c +++ b/database/sqlite/administration.c @@ -74,9 +74,9 @@ void xmlReplaceChars(xmlChar *str, char s, char r) { // Authenticate admin user against user database int eDBadminAuth(eurephiaCTX *ctx, const char *req_access, const char *uname, const char *pwd) { dbresult *res = NULL; - char *crpwd = NULL; + char *crpwd = NULL, *dbpwd = NULL; char *activated = NULL, *deactivated = NULL, *blid = NULL; - int uid = -1, pwok = 0, access = 0; + int uid = -1, access = 0; char interface; DEBUG(ctx, 20, "Function call: eDBadminAuth(ctx, '%s, '%s', 'xxxxxxxx')", req_access, uname); @@ -103,17 +103,13 @@ int eDBadminAuth(eurephiaCTX *ctx, const char *req_access, const char *uname, co // // Authenticate user and password // - crpwd = passwdhash(pwdSHA512, NULL, pwd); - assert(crpwd != NULL); res = sqlite_query(ctx, "SELECT activated, deactivated, bl.blid, " - " (password = '%q') AS pwok, uid " + " password, uid " " FROM openvpn_users ou" " LEFT JOIN openvpn_blacklist bl USING (username)" " WHERE ou.username = '%q'", - crpwd, uname); - memset(crpwd, 0, strlen_nullsafe(crpwd)); - free_nullsafe(crpwd); + uname); if( res == NULL ) { eurephia_log(ctx, LOG_FATAL, 0, "Could not authenticate user against the database"); @@ -124,9 +120,8 @@ int eDBadminAuth(eurephiaCTX *ctx, const char *req_access, const char *uname, co activated = sqlite_get_value(res, 0, 0); deactivated = sqlite_get_value(res, 0, 1); blid = sqlite_get_value(res, 0, 2); - pwok = atoi_nullsafe(sqlite_get_value(res, 0, 3)); + dbpwd = sqlite_get_value(res, 0, 3); uid = atoi_nullsafe(sqlite_get_value(res, 0, 4)); - sqlite_free_results(res); if( blid != NULL ) { eurephia_log(ctx, LOG_WARNING, 0, @@ -147,11 +142,26 @@ int eDBadminAuth(eurephiaCTX *ctx, const char *req_access, const char *uname, co return 0; } - if( pwok != 1 ) { - eurephia_log(ctx, LOG_WARNING, 0, "Authentication failed,"); + if( dbpwd == NULL ) { + eurephia_log(ctx, LOG_WARNING, 0, "Authentication failed. DB error."); sqlite_free_results(res); return 0; + } else { + int pwdok = 0; + // Verify the password + crpwd = eurephia_pwd_crypt(ctx, pwd, dbpwd); + assert(crpwd != NULL); + pwdok = (strcmp(crpwd, dbpwd) == 0 ? 1 : 0); + memset(crpwd, 0, strlen_nullsafe(crpwd)); + memset(dbpwd, 0, strlen_nullsafe(dbpwd)); + free_nullsafe(crpwd); + if( pwdok == 0 ) { + eurephia_log(ctx, LOG_WARNING, 0, "Authentication failed."); + sqlite_free_results(res); + return 0; + } } + sqlite_free_results(res); // Check if access level is granted // (SQLite do not handle advanced joins so well, so we need to diff --git a/database/sqlite/edb-sqlite.c b/database/sqlite/edb-sqlite.c index ef05536..7a03871 100644 --- a/database/sqlite/edb-sqlite.c +++ b/database/sqlite/edb-sqlite.c @@ -229,18 +229,16 @@ int eDBauth_TLS(eurephiaCTX *ctx, const char *org, const char *cname, const char int eDBauth_user(eurephiaCTX *ctx, const int certid, const char *username, const char *passwd) { dbresult *res = NULL; - char *crpwd = NULL, *activated = NULL, *deactivated = NULL, *blid_uname = NULL, *blid_cert; + char *crpwd = NULL, *activated = NULL, *deactivated = NULL, *blid_uname = NULL, *blid_cert = NULL; + char *dbpwd = NULL; int uicid = 0, uid = 0, pwdok = 0; DEBUG(ctx, 20, "Function call: eDBauth_user(ctx, %i, '%s','xxxxxxxx')", certid, username); // Generate SHA512 hash of password, used for password auth - crpwd = passwdhash(pwdSHA512, NULL, passwd); - res = sqlite_query(ctx, - "SELECT uicid, ou.uid, activated, deactivated, bl1.blid, bl2.blid, " - " (password = '%s') AS pwdok" + "SELECT uicid, ou.uid, activated, deactivated, bl1.blid, bl2.blid, password " " FROM openvpn_users ou" " JOIN openvpn_usercerts uc USING(uid) " " LEFT JOIN openvpn_blacklist bl1 ON( ou.username = bl1.username) " @@ -248,7 +246,7 @@ int eDBauth_user(eurephiaCTX *ctx, const int certid, const char *username, const " FROM openvpn_certificates " " JOIN openvpn_blacklist USING(digest)) bl2 ON(uc.certid = bl2.certid)" " WHERE uc.certid = '%i' AND ou.username = '%q'", - crpwd, certid, username); + certid, username); memset(crpwd, 0, strlen_nullsafe(crpwd)); free_nullsafe(crpwd); if( res == NULL ) { @@ -263,7 +261,20 @@ int eDBauth_user(eurephiaCTX *ctx, const int certid, const char *username, const deactivated = sqlite_get_value(res, 0, 3); blid_uname = sqlite_get_value(res, 0, 4); blid_cert = sqlite_get_value(res, 0, 5); - pwdok = atoi_nullsafe(sqlite_get_value(res, 0, 6)); + dbpwd = sqlite_get_value(res, 0, 6); + + if( dbpwd == NULL ) { + eurephia_log(ctx, LOG_WARNING, 0,"Authentication failed for user '%s'. DB error.", + username); + pwdok = 0; + } else { + crpwd = eurephia_pwd_crypt(ctx, passwd, dbpwd); + assert(crpwd != NULL); + pwdok = (strcmp(crpwd, dbpwd) == 0 ? 1 : 0); + memset(crpwd, 0, strlen_nullsafe(crpwd)); + memset(dbpwd, 0, strlen_nullsafe(dbpwd)); + free_nullsafe(crpwd); + } if( blid_uname != NULL ) { eurephia_log(ctx, LOG_WARNING, 0, "User account is BLACKLISTED (uid: %i, %s)", @@ -287,7 +298,6 @@ int eDBauth_user(eurephiaCTX *ctx, const int certid, const char *username, const eurephia_log(ctx, LOG_WARNING, 0,"Authentication failed for user '%s'. Wrong password.", username); uicid = -1; - } else { dbresult *upd = NULL; |