diff options
| author | David Sommerseth <dazo@users.sourceforge.net> | 2013-03-03 15:58:12 +0100 |
|---|---|---|
| committer | David Sommerseth <dazo@users.sourceforge.net> | 2013-03-03 16:02:02 +0100 |
| commit | a6675fde94aef0da259511fb7c581a07d88ab31e (patch) | |
| tree | 0e5ef76b30a207955271a75b370798e79ce22a5f /database | |
| parent | 8da942bbd9c7f75d865137822552e9c2f7640325 (diff) | |
| download | eurephia-a6675fde94aef0da259511fb7c581a07d88ab31e.tar.gz eurephia-a6675fde94aef0da259511fb7c581a07d88ab31e.tar.xz eurephia-a6675fde94aef0da259511fb7c581a07d88ab31e.zip | |
sqlite: Honour the auth plug-in enable flag (plgenabled)
If the configured authentication plug-in was disabled, edb-sqlite
would still insist on using the plug-in as authentication method.
This patch changes the behaviour to use the internal eurephia
database for authentication if the authentication plug-in is
disabled.
The code also was modified slighly so that the internal eurephia
database will be the fallback method if any other checks are
skipped.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Diffstat (limited to 'database')
| -rw-r--r-- | database/sqlite/edb-sqlite.c | 22 |
1 files changed, 12 insertions, 10 deletions
diff --git a/database/sqlite/edb-sqlite.c b/database/sqlite/edb-sqlite.c index 8e3f25c..607911a 100644 --- a/database/sqlite/edb-sqlite.c +++ b/database/sqlite/edb-sqlite.c @@ -286,10 +286,11 @@ eDBauthMethodResult * eDBauth_GetAuthMethod(eurephiaCTX *ctx, dbr = sqlite_query(ctx, "SELECT uicid, authplugin, authusername, activated, deactivated, " - " bl1.blid, bl2.blid" + " bl1.blid, bl2.blid, plgenabled" " FROM openvpn_usercerts uc" " JOIN openvpn_users ou USING (uid)" - " LEFT JOIN openvpn_blacklist bl1 ON( ou.username = bl1.username) " + " LEFT JOIN eurephia_plugins ep ON (uc.authplugin == ep.plgid)" + " LEFT JOIN openvpn_blacklist bl1 ON(ou.username = bl1.username) " " LEFT JOIN (SELECT blid, certid " " FROM openvpn_certificates " " JOIN openvpn_blacklist USING(digest)) bl2 " @@ -320,6 +321,7 @@ eDBauthMethodResult * eDBauth_GetAuthMethod(eurephiaCTX *ctx, if (sqlite_get_numtuples(dbr) == 1) { char *auplgid = sqlite_get_value(dbr, 0, 1); char *auuname = sqlite_get_value(dbr, 0, 2); + char *auplgenab = sqlite_get_value(dbr, 0, 7); if( sqlite_get_value(dbr, 0, 5) != NULL ) { eurephia_log(ctx, LOG_WARNING, 0, "User account is BLACKLISTED (%s)", @@ -339,19 +341,19 @@ eDBauthMethodResult * eDBauth_GetAuthMethod(eurephiaCTX *ctx, eurephia_log(ctx, LOG_WARNING, 0, "User account is deactivated (%s)", username); ret->method = eAM_INACTIVE; - } else if (auplgid == NULL) { - /* If no authentication plug-in is defined, use internal eurephia auth */ - ret->method = eAM_INTERNDB; - ret->username = strdup_nullsafe(username); - ret->authplugid = 0; - } else { - /* If an authentication plug-in is defined. Use a different auth name - * if configured as well. + } else if ((auplgid != NULL) && (auplgenab != NULL) && (auplgenab[0] == 't')) { + /* If an authentication plug-in is defined and enabled. Use a + * different auth name if configured as well. */ ret->method = eAM_PLUGIN; ret->username = strdup_nullsafe((auuname != NULL ? auuname : username)); ret->authplugid = atoi_nullsafe(auplgid); ret->uicid = atoi_nullsafe(sqlite_get_value(dbr, 0, 0)); + } else { + /* If no authentication plug-in is defined, use internal eurephia auth */ + ret->method = eAM_INTERNDB; + ret->username = strdup_nullsafe(username); + ret->authplugid = 0; } } |