diff options
| -rw-r--r-- | .gitignore | 8 | ||||
| -rw-r--r-- | CMakeLists.txt | 100 | ||||
| -rw-r--r-- | Makefile | 56 | ||||
| -rw-r--r-- | Makefile.global | 18 | ||||
| -rwxr-xr-x | configure | 104 | ||||
| -rw-r--r-- | database/sqlite/CMakeLists.txt | 39 | ||||
| -rw-r--r-- | database/sqlite/Makefile | 43 | ||||
| -rw-r--r-- | database/sqlite/eurephiadb-sqlite.c | 3 | ||||
| -rw-r--r-- | firewall/iptables/CMakeLists.txt | 11 | ||||
| -rw-r--r-- | firewall/iptables/Makefile | 33 | ||||
| -rw-r--r-- | firewall/iptables/efw_iptables.c | 3 |
11 files changed, 267 insertions, 151 deletions
@@ -4,5 +4,11 @@ *.log *.conf *.~*~ -test/ +test/* database/sqlite/eurephiadb +CMakeCache.txt +cmake_install.cmake +CMakeFiles/* +*/*/CMakeFiles/* +*/*/cmake_install.cmake +Makefile diff --git a/CMakeLists.txt b/CMakeLists.txt new file mode 100644 index 0000000..b679353 --- /dev/null +++ b/CMakeLists.txt @@ -0,0 +1,100 @@ +PROJECT(eurephia C) +cmake_minimum_required(VERSION 2.6) +SET(eurephia_auth_SRC + certinfo.c + eurephia-auth.c + eurephia.c + eurephiadb.c + eurephiadb_session.c + eurephiafw.c + eurephiafw_helpers.c + eurephia_getsym.c + eurephia_log.c + eurephia_values.c + passwd.c + sha512.c +) +OPTION(DEBUG "Add more verbose debug information" OFF) +OPTION(SHOW_SECRETS "Show passwords as clear text in logs." OFF) +OPTION(SQLITE3 "Build database driver for SQLite3" OFF) +SET(OPNVPN_SRC "" CACHE STRING "Path to OpenVPN source code") + + +IF(SQLITE3) + message(STATUS "Will build database interface for SQLite") + SET(subdirs ${subdirs} database/sqlite) + SET(DATABASE ON) +ENDIF(SQLITE3) + +IF(FW_IPTABLES) + message(STATUS "Will build iptables firewall module") + SET(subdirs ${subdirs} firewall/iptables) +ENDIF(FW_IPTABLES) + +IF(NOT DATABASE) + message(FATAL_ERROR "Cannot build eurephia without any database drivers.") +ENDIF(NOT DATABASE) + +IF(DEBUG) + message(STATUS "DEBUG enabled - might be a security issue") + ADD_DEFINITIONS(-DENABLE_DEBUG) + IF(SHOW_SECRETS) + message(STATUS "SHOW_SECRETS ENABLED -- THIS WILL LOG PASSWORDS IN CLEAR TEXT") + ADD_DEFINITIONS(-DSHOW_SECRETS) + ENDIF(SHOW_SECRETS) +ENDIF(DEBUG) + +IF(NOT OPENVPN_SRC) + message(FATAL_ERROR "Missing path to OpenVPN source - try running ./configure again") +ENDIF(NOT OPENVPN_SRC) +INCLUDE_DIRECTORIES(BEFORE ${OPENVPN_SRC} .) + +SET(CHECK_INCL_FILE "${OPENVPN_SRC}/openvpn-plugin.h") +IF(NOT EXISTS ${CHECK_INCL_FILE}) + message(FATAL_ERROR "Missing openvpn-plugin.h ... Is the OpenVPN source code really located here? ${OPENVPN_SRC}") +ENDIF(NOT EXISTS ${CHECK_INCL_FILE}) + +INCLUDE(CheckIncludeFile) +CHECK_INCLUDE_FILE(dlfcn.h HAVE_DLFCN_H) +INCLUDE(CheckLibraryExists) +CHECK_LIBRARY_EXISTS(dl dlopen "" HAVE_DLOPEN) +CHECK_LIBRARY_EXISTS(dl dlclose "" HAVE_DLCLOSE) +IF(NOT HAVE_DLOPEN OR NOT HAVE_DLCLOSE) + message(FATAL_ERROR "Missing proper dl library") +ENDIF(NOT HAVE_DLOPEN OR NOT HAVE_DLCLOSE) + +CHECK_INCLUDE_FILE(pthread.h HAVE_PTHREAD_H) +CHECK_LIBRARY_EXISTS(pthread pthread_mutex_lock "" HAVE_PTHREAD_MUTEX_LOCK) +CHECK_LIBRARY_EXISTS(pthread pthread_mutex_unlock "" HAVE_PTHREAD_MUTEX_UNLOCK) +IF(NOT HAVE_PTHREAD_MUTEX_LOCK OR NOT HAVE_PTHREAD_MUTEX_UNLOCK) + message(FATAL_ERROR "Missing proper pthread_mutex support") +ENDIF(NOT HAVE_PTHREAD_MUTEX_LOCK OR NOT HAVE_PTHREAD_MUTEX_UNLOCK) + +CHECK_LIBRARY_EXISTS(rt sem_wait "" HAVE_RT_SEM_WAIT) +CHECK_LIBRARY_EXISTS(rt sem_post "" HAVE_RT_SEM_POST) +CHECK_LIBRARY_EXISTS(rt mq_open "" HAVE_RT_MQ_OPEN) +CHECK_LIBRARY_EXISTS(rt mq_close "" HAVE_RT_MQ_CLOSE) +CHECK_LIBRARY_EXISTS(rt mq_unlink "" HAVE_RT_MQ_UNLINK) +CHECK_LIBRARY_EXISTS(rt mq_send "" HAVE_RT_MQ_SEND) +CHECK_LIBRARY_EXISTS(rt mq_receive "" HAVE_RT_MQ_RECEIVE) +CHECK_LIBRARY_EXISTS(rt mq_getattr "" HAVE_RT_MQ_GETATTR) +IF(NOT HAVE_RT_SEM_WAIT OR NOT HAVE_RT_SEM_POST) + message(FATAL_ERROR "Missing proper pthread semaphore support") +ENDIF(NOT HAVE_RT_SEM_WAIT OR NOT HAVE_RT_SEM_POST) +IF(NOT HAVE_RT_MQ_OPEN OR NOT HAVE_RT_MQ_CLOSE OR NOT HAVE_RT_MQ_UNLINK OR NOT HAVE_RT_MQ_SEND OR NOT HAVE_RT_MQ_RECEIVE OR NOT HAVE_RT_MQ_GETATTR) + message(FATAL_ERROR "Missing proper pthread message queue support") +ENDIF(NOT HAVE_RT_MQ_OPEN OR NOT HAVE_RT_MQ_CLOSE OR NOT HAVE_RT_MQ_UNLINK OR NOT HAVE_RT_MQ_SEND OR NOT HAVE_RT_MQ_RECEIVE OR NOT HAVE_RT_MQ_GETATTR) + +CHECK_INCLUDE_FILE(openssl/rand.h HAVE_OPENSSL_RAND_H) +CHECK_LIBRARY_EXISTS(crypto RAND_load_file "" HAVE_OPENSSL_RAND_LOAD_FILE) +CHECK_LIBRARY_EXISTS(crypto RAND_pseudo_bytes "" HAVE_OPENSSL_RAND_PSEUDO_BYTES) +IF(NOT HAVE_OPENSSL_RAND_H OR NOT HAVE_OPENSSL_RAND_LOAD_FILE OR NOT HAVE_OPENSSL_RAND_PSEUDO_BYTES) + message(FATAL_ERROR "Missing OpenSSL crypto support") +ENDIF(NOT HAVE_OPENSSL_RAND_H OR NOT HAVE_OPENSSL_RAND_LOAD_FILE OR NOT HAVE_OPENSSL_RAND_PSEUDO_BYTES) + +ADD_DEFINITIONS(-g -Wall) +ADD_LIBRARY(eurephia-auth MODULE ${eurephia_auth_SRC}) +TARGET_LINK_LIBRARIES(eurephia-auth dl pthread rt crypto) +SET_TARGET_PROPERTIES(eurephia-auth PROPERTIES OUTPUT_NAME eurephia-auth PREFIX "") + +SUBDIRS(${subdirs}) diff --git a/Makefile b/Makefile deleted file mode 100644 index 48b868a..0000000 --- a/Makefile +++ /dev/null @@ -1,56 +0,0 @@ -topdir = . - -directories = database/sqlite firewall/iptables - -objs = eurephiadb.o eurephia_log.o eurephia_values.o eurephiadb_session.o sha512.o passwd.o \ - eurephia-auth.o eurephia.o certinfo.o eurephia_getsym.o eurephiafw.o eurephiafw_helpers.o - -#programs = eurephiadb-testprog -testprog_obj = eurephiadb-testprog.o eurephiadb.o eurephia_log.o sha512.o eurephiadb_session.o - -CFLAGS += -I. -LDFLAGS += -lpthread -lrt -lgcc_s -lcrypto - -ifeq (${EUREPHIAMW},enabled) - objs += memwatch.o - testprog_obj += memwatch.o - CFLAGS += -DMEMWATCH -endif - -ifeq (${DRIVERMW},enabled) - objs += memwatch.o -endif - -CFLAGS += -fPIC -LDFLAGS += -ldl - -include ${topdir}/Makefile.global - - -.PHONY : ${directories} - -all : -ifndef OPENVPN_SRC_DIR - @echo "Invokce with make OPENVPN_SRC_DIR=<path to openvpn source>" -else - make do-real-all -endif - - -do-real-all : ${objs} ${directories} eurephia-auth.so - -${directories} : - make -C $@ - -eurephia-auth.so : ${objs} - ${CC} -fPIC -g -shared -Wall ${LDFLAGS} -o $@ $^ - -eurephiadb-testprog : ${testprog_obj} - ${CC} -o $@ -g ${LDFLAGS} $^ - -clean : clean-dir - rm -f ${objs} *.so ${programs} memwatch.log *~ - -clean-dir : - @for i in ${directories} ; do make -C $$i clean ; done - diff --git a/Makefile.global b/Makefile.global deleted file mode 100644 index bce1ef1..0000000 --- a/Makefile.global +++ /dev/null @@ -1,18 +0,0 @@ - -#DRIVER_DIR=/etc/openvpn/eurephia -DRIVER_DIR=${HOME}/tmp/openvpntest - -DATABASE_NAME=eurephiadb -DATABASE_DIR=${DRIVER_DIR} - -CFLAGS += -g -Wall -INCLUDE += -I ${topdir} -I. -I${OPENVPN_SRC_DIR} - -ifdef DEBUG - CFLAGS += -DENABLE_DEBUG # -DSHOW_SECRETS -endif - -.SUFFIX=.c .o .so -.c.o: - ${CC} ${INCLUDE} ${CFLAGS} -fPIC -c $< - diff --git a/configure b/configure new file mode 100755 index 0000000..59fe7af --- /dev/null +++ b/configure @@ -0,0 +1,104 @@ +#!/bin/sh + +usage() { + cat <<EOF +configure help for eurephia + + --help | -h -- This help screen + --openvpn-src <path> | -s <path> -- OpenVPN source directory (needed for building) + --debug | -D -- Enable verbose debug logging + --show-secrets | -S -- Log passwords as clear text in log files + | (only available when debug is enabled) + --fw-iptables | -- Build iptables firewall module + --db-sqlite3 | -- Build SQLite3 database module + +EOF +} + +PARAMS="" +DB="" +FW="" +OPENVPN_SRC_DIR="" +while [ ! -z "$1" ]; do + case $1 in + -h|--help) + usage + exit 0 + ;; + -s|--openvpn-src) + OPENVPN_SRC_DIR="$2" + PARAMS="${PARAMS} -DOPENVPN_SRC:STRING=$2" + shift + ;; + -D|--debug) + PARAMS="${PARAMS} -DDEBUG=ON" + DEBUG_WARN=1 + ;; + -S|--show-secrets) + PARAMS="${PARAMS} -DSHOW_SECRETS=ON" + SECRETS_WARN=1 + ;; + --fw-iptables) + PARAMS="${PARAMS} -DFW_IPTABLES=ON" + FW="iptables " + ;; + --db-sqlite3) + PARAMS="${PARAMS} -DSQLITE3=ON" + DB="SQLite3 " + ;; + *) + echo "Unkown option: $1" + exit 2 + ;; + esac + shift +done + +if [ -z "$(which cmake)" ]; then + echo "To build eurephia, you need to install cmake (at least version 2.6)" + exit 1; +fi + +if [ -z "${OPENVPN_SRC_DIR}" ]; then + echo "You need to give the --openvpn-src <path> option" + exit 1; +fi + +if [ -z "${DB}" ]; then + echo "You need to activate at least one database driver" + exit 1; +fi + +rm -f CMakeCache.txt +cmake . ${PARAMS} +ec=$? +if [ $ec = 0 ]; then + cat >> Makefile <<EOF +dist-clean : clean + find -type d -name "CMakeFiles" | xargs rm -rf + find -type f -name "cmake_install.cmake" | xargs rm -rf + find -type f -name Makefile | xargs rm -rf + find -type f -name "*~" | xargs rm -f + rm -f CMakeCache.txt + +EOF + + echo + echo + echo "eurephia will be built with support for: " + echo + echo " Database: ${DB}" + echo " Firewall: ${FW:-"None"}" + echo + if [ "$DEBUG_WARN" = 1 ]; then + echo + echo " ******* DEBUG is enabled. This might be a security issue *******" + echo + if [ "$SECRETS_WARN" = 1 ]; then + echo + echo " ******* SHOW_SECRETS is enabled. THIS WILL LOG PASSWORDS IN CLEAR TEXT IN LOG FILES *******" + echo + fi + fi +fi +exit $? diff --git a/database/sqlite/CMakeLists.txt b/database/sqlite/CMakeLists.txt new file mode 100644 index 0000000..db23189 --- /dev/null +++ b/database/sqlite/CMakeLists.txt @@ -0,0 +1,39 @@ +PROJECT(eurephiadb-sqlite C) +cmake_minimum_required(VERSION 2.6) +SET(eurephiadb_sqlite_SRC + sqlite.c + eurephiadb-sqlite.c +) +SET(COMMON + ../../eurephia_log.c + ../../eurephiadb_session.c + ../..//eurephia_values.c + ../../passwd.c + ../../sha512.c +) + +INCLUDE(CheckIncludeFile) +CHECK_INCLUDE_FILE(sqlite3.h HAVE_SQLITE3_H) +INCLUDE(CheckLibraryExists) +CHECK_LIBRARY_EXISTS(sqlite3 sqlite3_open "" HAVE_SQLITE3_OPEN) +CHECK_LIBRARY_EXISTS(sqlite3 sqlite3_close "" HAVE_SQLITE3_CLOSE) +CHECK_LIBRARY_EXISTS(sqlite3 sqlite3_exec "" HAVE_SQLITE3_EXEC) +CHECK_LIBRARY_EXISTS(sqlite3 sqlite3_free "" HAVE_SQLITE3_FREE) +CHECK_LIBRARY_EXISTS(sqlite3 sqlite3_vmprintf "" HAVE_SQLITE3_VMPRINTF) + +FIND_PROGRAM(SQLITE3BIN sqlite3 /usr) +IF(NOT SQLITE3BIN) + MESSAGE(STATUS "sqlite3 binary was not found. You will need to generate the database file on your own") +ENDIF(NOT SQLITE3BIN) + +INCLUDE_DIRECTORIES(BEFORE ../..) +ADD_LIBRARY(eurephiadb-sqlite SHARED ${eurephiadb_sqlite_SRC} ${COMMON}) + +IF(SQLITE3BIN) + ADD_CUSTOM_COMMAND(TARGET eurephiadb-sqlite POST_BUILD COMMAND ${SQLITE3BIN} eurephiadb < sql-schema.sql COMMENT "Creating template database: eurephiadb") +ENDIF(SQLITE3BIN) +TARGET_LINK_LIBRARIES(eurephiadb-sqlite sqlite3) +SET_TARGET_PROPERTIES(eurephiadb-sqlite PROPERTIES OUTPUT_NAME eurephiadb-sqlite PREFIX "") +SET_SOURCE_FILES_PROPERTIES(${common_files_SRC} PROPERTIES GENERATED true) +SET_DIRECTORY_PROPERTIES(PROPERTIES ADDITIONAL_MAKE_CLEAN_FILES eurephiadb) + diff --git a/database/sqlite/Makefile b/database/sqlite/Makefile deleted file mode 100644 index fd5bd31..0000000 --- a/database/sqlite/Makefile +++ /dev/null @@ -1,43 +0,0 @@ -topdir = ../.. - -DRIVERVERSION=1.0 -DRIVERAPIVERSION=1 - -objs = eurephiadb-sqlite.o ../../eurephia_log.o ../../eurephiadb_session.o ../../eurephia_values.o ../../passwd.o ../../sha512.o sqlite.o - -driver=eurephiadb-sqlite.so - -include ${topdir}/Makefile.global - -LDFLAGS += -lsqlite3 -CFLAGS += -DDRIVERVERSION="\"${DRIVERVERSION}\"" -DDRIVERAPIVERSION=${DRIVERAPIVERSION} - -ifeq (${DRIVERMW},enabled) - objs += ${topdir}/memwatch.o - CFLAGS += -DMEMWATCH -endif - - -all : ${driver} ${DATABASE_NAME} - -sqlite : - ${CC} -o $@ sqlite.c ../../eurephia_log.o -DSQLITE_DEBUG=1 -DMEMWATCH ../../memwatch.c -lsqlite3 -g -Wall -I. -I../.. - -${driver} : ${objs} - ${CC} -fPIC -g -shared ${LDFLAGS} -o $@ $^ - -${DATABASE_NAME} : - rm -f eurephiadb - cat sql-schema.sql | sqlite3 $@ - - -install : all - mkdir -p -m 755 ${DRIVER_DIR} - install -m 755 ${driver} ${DRIVER_DIR}/ - if [ ! -f ${DATABASE_DIR}/${DATABASE_NAME} ]; then \ - install -m 644 ${DATABASE_NAME} ${DATABASE_DIR}/; \ - fi - -clean : - rm -f *.so *.o *~ memwatch.log ${DATABASE_NAME} - diff --git a/database/sqlite/eurephiadb-sqlite.c b/database/sqlite/eurephiadb-sqlite.c index 1424ffd..644815f 100644 --- a/database/sqlite/eurephiadb-sqlite.c +++ b/database/sqlite/eurephiadb-sqlite.c @@ -40,6 +40,9 @@ #endif +#define DRIVERVERSION "1.0" +#define DRIVERAPIVERSION 1 + // Mapping table - mapping attempt types from .... to sqlite table fields typedef struct { char *colname; diff --git a/firewall/iptables/CMakeLists.txt b/firewall/iptables/CMakeLists.txt new file mode 100644 index 0000000..a05d99f --- /dev/null +++ b/firewall/iptables/CMakeLists.txt @@ -0,0 +1,11 @@ +PROJECT(eurephiafw-iptables C) +cmake_minimum_required(VERSION 2.6) +SET(efw_ipt_SRC + efw_iptables.c + ../../eurephia_log.c + ../../eurephiafw_helpers.c +) +INCLUDE_DIRECTORIES(BEFORE ../..) +ADD_LIBRARY(efw_iptables MODULE ${efw_ipt_SRC}) +TARGET_LINK_LIBRARIES(efw_iptables pthread rt gcc_s) +SET_TARGET_PROPERTIES(efw_iptables PROPERTIES PREFIX "") diff --git a/firewall/iptables/Makefile b/firewall/iptables/Makefile deleted file mode 100644 index 1491abc..0000000 --- a/firewall/iptables/Makefile +++ /dev/null @@ -1,33 +0,0 @@ -topdir = ../.. - -INTERFACEVER=1.0 -INTERFACEAPIVER=1 - -objs = efw_iptables.o ../../eurephia_log.o ../../eurephiafw_helpers.o - -interface = efw_iptables.so - -include ${topdir}/Makefile.global - -CFLAGS += -DINTERFACEVER="\"${INTERFACEVER}\"" -DINTERFACEAPIVER=${INTERFACEAPIVER} -LDFLAGS += -lpthread -lrt -lgcc_s - -ifeq (${DRIVERMW},enabled) - objs += ${topdir}/memwatch.o - CFLAGS += -DMEMWATCH -endif - - -all : ${interface} - -${interface} : ${objs} - ${CC} -fPIC -g -shared ${LDFLAGS} -o $@ $^ - - -install : all - mkdir -p -m 755 ${FW_INTERFACE_DIR} - install -m 755 ${interface} ${FW_INTERFACE_DIR}/ - -clean : - rm -f ${interface} ${objs} *~ memwatch.log - diff --git a/firewall/iptables/efw_iptables.c b/firewall/iptables/efw_iptables.c index 9faad54..3bd9cce 100644 --- a/firewall/iptables/efw_iptables.c +++ b/firewall/iptables/efw_iptables.c @@ -32,6 +32,9 @@ #include <eurephia_struct.h> #include <eurephiafw_helpers.h> +#define INTERFACEVER "1.0" +#define INTERFACEAPIVER 1 + const char *eFWinterfaceVersion() { return "eFW-iptables (v"INTERFACEVER") David Sommerseth 2008 (C) GPLv2"; |