diff options
author | David Sommerseth <dazo@users.sourceforge.net> | 2013-03-03 21:32:46 +0100 |
---|---|---|
committer | David Sommerseth <dazo@users.sourceforge.net> | 2013-03-03 21:34:44 +0100 |
commit | 4436104929fb437fd0e323fcc6e542323db1aed6 (patch) | |
tree | dbd4a90ca144b59c038563f97c6bdc9108b8a709 /plugin | |
parent | a6675fde94aef0da259511fb7c581a07d88ab31e (diff) | |
download | eurephia-4436104929fb437fd0e323fcc6e542323db1aed6.tar.gz eurephia-4436104929fb437fd0e323fcc6e542323db1aed6.tar.xz eurephia-4436104929fb437fd0e323fcc6e542323db1aed6.zip |
New feature: Added config option auth_disable_internal
By setting this config option in the eurephia database, eurephia will
expect all user account/certificate links to be set up with an external
plug-in for username/password authentications.
Further, it is now ensured that system configuration issues or general
failures not related to the user authentication itself, is not counted
as a login attempt.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Diffstat (limited to 'plugin')
-rw-r--r-- | plugin/eurephia.c | 30 |
1 files changed, 24 insertions, 6 deletions
diff --git a/plugin/eurephia.c b/plugin/eurephia.c index c169dc7..3392724 100644 --- a/plugin/eurephia.c +++ b/plugin/eurephia.c @@ -212,6 +212,7 @@ eurephiaCTX *eurephiaInit(const char const **argv, const char const **envp) // Initialise authentication plug-ins. If no authentication plug-ins have been enabled, // the authplugs context will be NULL. ctx->authplugs = eAuthPlugin_Init(ctx); + ctx->nointernalauth = atoi_nullsafe(eGet_value(ctx->dbc->config, "auth_disable_internal")) > 0; // Prepare an empty disconnected list. // This one is used to track all clients IP addresses and their corresponding eurephia session ID @@ -480,20 +481,32 @@ int eurephia_userauth(eurephiaCTX *ctx, const char **env) switch (authmeth->method) { case eAM_INTERNDB: - /* Authenticate against the internal eurephia database */ - result = eDBauth_user(ctx, certid, username, passwd); + DEBUG(ctx, 12, "Using internal authentication for user '%s'/certid %i", + username, certid); + if( ctx->nointernalauth == 0 ) { + /* Authenticate against the internal eurephia database */ + result = eDBauth_user(ctx, certid, username, passwd); + } else { + eurephia_log(ctx, LOG_WARNING, 0, + "Internal authentication has been disabled. Enable " + "authentication plug-in for user '%s' with certid %i", + username, certid); + result = 0; + } break; case eAM_PLUGIN: authplug = eAuthPlugin_Get(ctx->authplugs, authmeth->authplugid); if( authplug == NULL ) { eurephia_log(ctx, LOG_ERROR, 0, - "Failed to find authentication plug-in %i to authenticate" - "user '%s' with certid %i", - authmeth->authplugid, username, certid); + "Failed to find authentication plug-in %i to authenticate" + "user '%s' with certid %i", + authmeth->authplugid, username, certid); result = 0; goto exit; } + DEBUG(ctx, 12, "Using authentication plugin %i for user '%s'/certid %i", + authmeth->authplugid, username, certid); /* Authenticate the user via the auth plug-in */ authres = authplug->AuthenticateUser(ctx, authmeth->username, passwd); @@ -549,7 +562,12 @@ int eurephia_userauth(eurephiaCTX *ctx, const char **env) break; case eAM_BLACKLISTED: + DEBUG(ctx, 12, "User '%s'/certid %i is blacklisted", username, certid); + result = -1; + break; + case eAM_INACTIVE: + DEBUG(ctx, 12, "User '%s' is not activated", username); result = -1; break; @@ -563,7 +581,7 @@ int eurephia_userauth(eurephiaCTX *ctx, const char **env) eDBauth_FreeAuthMethodResult(ctx, authmeth); /* If the authentication failed, register the failed attempt */ - if( result < 1 ) { + if( result < 0 ) { eDBregister_attempt(ctx, attempt_IPADDR, ATTEMPT_REGISTER, ipaddr); eDBregister_attempt(ctx, attempt_CERTIFICATE, ATTEMPT_REGISTER, tls_digest); eDBregister_attempt(ctx, attempt_USERNAME, ATTEMPT_REGISTER, username); |