diff options
| -rw-r--r-- | CMakeLists.txt | 7 | ||||
| -rw-r--r-- | common/eurephia_admin_common.c | 76 | ||||
| -rw-r--r-- | common/eurephia_admin_common.h | 10 | ||||
| -rw-r--r-- | common/eurephia_admin_struct.h | 16 | ||||
| -rw-r--r-- | database/sqlite/CMakeLists.txt | 3 | ||||
| -rw-r--r-- | database/sqlite/administration.c | 20 | ||||
| -rw-r--r-- | eurephiadm/CMakeLists.txt | 5 | ||||
| -rw-r--r-- | eurephiadm/commands/users.c | 16 |
8 files changed, 147 insertions, 6 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt index 0678a2b..68b124c 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -22,9 +22,14 @@ IF(EUREPHIADM) ENDIF(EUREPHIADM) IF(NOT DATABASE) - message(FATAL_ERROR "Cannot build eurephia without any database drivers.") + message(FATAL_ERROR "Cannot build eurephia without any database drivers.") ENDIF(NOT DATABASE) +IF(FW_IPTABLES) + SET(FIREWALL on) +ENDIF(FW_IPTABLES) + + IF(DEBUG) message(STATUS "DEBUG enabled - might be a security issue") ADD_DEFINITIONS(-DENABLE_DEBUG) diff --git a/common/eurephia_admin_common.c b/common/eurephia_admin_common.c index 3297b86..72cf057 100644 --- a/common/eurephia_admin_common.c +++ b/common/eurephia_admin_common.c @@ -130,16 +130,92 @@ void _eAdminFreeCERTINFO_func(eurephiaCERTINFO *p) { free_nullsafe(p->organisation); free_nullsafe(p->email); free_nullsafe(p->registered); + p->access = NULL; p->next = NULL; free(p); } void _eAdminFreeCERTLIST_func(eurephiaCERTLIST *p) { +#ifdef FIREWALL + eurephiaACCESSLIST *aclst = NULL; +#endif if( p == NULL ) { return; } +#ifdef FIREWALL + aclst = ((p->certs != NULL) && (p->certs->access != NULL)) ? p->certs->access->_head : NULL; + eAdminFreeACCESSLIST(aclst); +#endif eAdminFreeCERTINFO(p->certs); free(p); } +#ifdef FIREWALL +eurephiaACCESSINFO *eAdminRegisterACCESSINFO(eurephiaACCESSLIST *aclst, int accprofid, + const char *fwprofile, const char *accdescr) { + eurephiaACCESSINFO *ptr = NULL; + + assert( aclst != NULL ); + + for( ptr = aclst->profiles; ptr != NULL; ptr = ptr->next) { + if( ptr->accessprofile == accprofid ) { + return ptr; + } + } + + // If no record was found, register it automatically + if( ptr == NULL ) { + ptr = (eurephiaACCESSINFO *) malloc(sizeof(eurephiaACCESSINFO)+2); + assert(ptr != NULL); + memset(ptr, 0, sizeof(eurephiaACCESSINFO)+2); + + ptr->accessprofile = accprofid; + ptr->fwprofile = strdup_nullsafe(fwprofile); + ptr->access_descr = strdup_nullsafe(accdescr); + ptr->_head = aclst; + + if( aclst->profiles == NULL ) { + aclst->profiles = ptr; + aclst->num_profiles = 1; + } else { + ptr->next = aclst->profiles; + aclst->profiles = ptr; + aclst->num_profiles++; + } + } + return ptr; +} + + +eurephiaACCESSLIST *eAdminCreateACCESSLIST() { + eurephiaACCESSLIST *ptr = NULL; + + ptr = (eurephiaACCESSLIST *) malloc(sizeof(eurephiaACCESSLIST)+2); + assert(ptr != NULL); + memset(ptr, 0, sizeof(eurephiaACCESSLIST)+2); + return ptr; +} + + +void _eAdminFreeACCESSINFO_func(eurephiaACCESSINFO *p) { + if( p == NULL ) { + return; + } + eAdminFreeACCESSINFO(p->next); + free_nullsafe(p->access_descr); + free_nullsafe(p->fwprofile); + p->_head = NULL; + p->accessprofile = 0; + free(p); +} + +void _eAdminFreeACCESSLIST_func(eurephiaACCESSLIST *p) { + if( p == NULL ) { + return; + } + eAdminFreeACCESSINFO(p->profiles); + p->num_profiles = 0; + free(p); +} +#endif // FIREWALL diff --git a/common/eurephia_admin_common.h b/common/eurephia_admin_common.h index e389968..57304b5 100644 --- a/common/eurephia_admin_common.h +++ b/common/eurephia_admin_common.h @@ -44,4 +44,14 @@ void _eAdminFreeCERTINFO_func(eurephiaCERTINFO *); void _eAdminFreeCERTLIST_func(eurephiaCERTLIST *); #define eAdminFreeCERTLIST(x) { _eAdminFreeCERTLIST_func(x); x = NULL; } +eurephiaACCESSLIST *eAdminCreateACCESSLIST(); +eurephiaACCESSINFO *eAdminRegisterACCESSINFO(eurephiaACCESSLIST *aclst, int accprofid, + const char *fwprofile, const char *accdescr); + +void _eAdminFreeACCESSINFO_func(eurephiaACCESSINFO *); +#define eAdminFreeACCESSINFO(x) { _eAdminFreeACCESSINFO_func(x); x = NULL; } + +void _eAdminFreeACCESSLIST_func(eurephiaACCESSLIST *); +#define eAdminFreeACCESSLIST(x) { _eAdminFreeACCESSLIST_func(x); x = NULL; } + #endif /* !EUREPHIA_ADMIN_COMMON_H_ */ diff --git a/common/eurephia_admin_struct.h b/common/eurephia_admin_struct.h index b52ce64..2bd4363 100644 --- a/common/eurephia_admin_struct.h +++ b/common/eurephia_admin_struct.h @@ -21,7 +21,22 @@ #ifndef EUREPHIA_ADMIN_STRUCT_H #define EUREPHIA_ADMIN_STRUCT_H +typedef struct _eurephiaACCESSINFO_s { + int accessprofile; + char *fwprofile; + char *access_descr; + struct _eurephiaACCESSINFO_s *next; + void *_head; +} eurephiaACCESSINFO; + +typedef struct _eurephiaACCESSLIST_s { + eurephiaACCESSINFO *profiles; + int num_profiles; +} eurephiaACCESSLIST; + + typedef struct _eurephiaCERTINFO_s { + int info_available; int depth; char *digest; char *common_name; @@ -29,6 +44,7 @@ typedef struct _eurephiaCERTINFO_s { char *email; char *registered; int certid; + eurephiaACCESSINFO *access; struct _eurephiaCERTINFO_s *next; } eurephiaCERTINFO; diff --git a/database/sqlite/CMakeLists.txt b/database/sqlite/CMakeLists.txt index 75d13d2..af905ce 100644 --- a/database/sqlite/CMakeLists.txt +++ b/database/sqlite/CMakeLists.txt @@ -41,6 +41,9 @@ IF(SQLITE3BIN) COMMENT "Creating template database: eurephiadb") ENDIF(SQLITE3BIN) +IF(FIREWALL) + ADD_DEFINITIONS(-DFIREWALL) +ENDIF(FIREWALL) TARGET_LINK_LIBRARIES(edb-sqlite sqlite3) ADD_DEFINITIONS(-DDRIVER_MODE) diff --git a/database/sqlite/administration.c b/database/sqlite/administration.c index 042bf8e..b7d09ef 100644 --- a/database/sqlite/administration.c +++ b/database/sqlite/administration.c @@ -454,7 +454,8 @@ int eDBadminGetUserInfo(eurephiaCTX *ctx, int getInfo, eurephiaUSERINFO *user) { // Extract certificate info certinf = sqlite_query(ctx, "SELECT depth, digest, common_name, organisation, email, " - " c.registered, c.certid, access_descr" + " c.registered, c.certid, uc.accessprofile, access_descr," + " fw_profile" " FROM openvpn_certificates c" " LEFT JOIN openvpn_usercerts uc ON (c.certid = uc.certid)" " LEFT JOIN openvpn_accesses a " @@ -463,9 +464,13 @@ int eDBadminGetUserInfo(eurephiaCTX *ctx, int getInfo, eurephiaUSERINFO *user) { if( (certinf != NULL) && (sqlite_get_numtuples(certinf) > 0) ) { eurephiaCERTINFO *rec = NULL; int i; +#ifdef FIREWALL + eurephiaACCESSLIST *aclst = NULL; + int acid = 0; + aclst = eAdminCreateACCESSLIST(); +#endif user->certlist = eAdminCreateCERTLIST(); - for( i = 0; i < sqlite_get_numtuples(certinf); i++ ) { rec = eAdminPopulateCERTINFO( atoi_nullsafe(sqlite_get_value(certinf, i, 6)), @@ -474,13 +479,22 @@ int eDBadminGetUserInfo(eurephiaCTX *ctx, int getInfo, eurephiaUSERINFO *user) { sqlite_get_value(certinf, i, 2), sqlite_get_value(certinf, i, 3), sqlite_get_value(certinf, i, 4), + sqlite_get_value(certinf, i, 5)); +#ifdef FIREWALL + acid = atoi_nullsafe(sqlite_get_value(certinf, i, 7)); + rec->access = eAdminRegisterACCESSINFO(aclst, acid, + sqlite_get_value(certinf, i, 9), + sqlite_get_value(certinf, i, 8)); +#endif eAdminInsertCERTINFO(user->certlist, rec); } - sqlite_free_results(certinf); } else { user->certlist = NULL; } + if( certinf != NULL ) { + sqlite_free_results(certinf); + } } else { user->certlist = NULL; } diff --git a/eurephiadm/CMakeLists.txt b/eurephiadm/CMakeLists.txt index a920ac6..be23c15 100644 --- a/eurephiadm/CMakeLists.txt +++ b/eurephiadm/CMakeLists.txt @@ -20,6 +20,11 @@ SET(efw_ipt_SRC ../database/eurephiadb.c ) +IF(FIREWALL) + ADD_DEFINITIONS(-DFIREWALL) + +ENDIF(FIREWALL) + INCLUDE_DIRECTORIES(../common ../database) ADD_EXECUTABLE(eurephiadm ${efw_ipt_SRC}) TARGET_LINK_LIBRARIES(eurephiadm dl crypto) diff --git a/eurephiadm/commands/users.c b/eurephiadm/commands/users.c index 7f92061..aaeb666 100644 --- a/eurephiadm/commands/users.c +++ b/eurephiadm/commands/users.c @@ -276,17 +276,29 @@ int show_user(eurephiaCTX *ctx, eurephiaSESSION *sess, eurephiaVALUES *cfg, int field_print_int("Associated certificates", user->certlist->num_certs); printf(" %3s (D) %-35.35s %33.33s\n %-49.49s %19.19s\n", "ID", "Common name", "Organisation", "e-mail", "Registered"); - printf("---------------------------------------------------------------------" +#ifdef FIREWALL + printf(" %-44.44s %24.24s\n", "Firewall access profile", "FW Destination"); +#endif + printf(" --------------------------------------------------------------------" "----------\n"); for( crt = user->certlist->certs; crt != NULL; crt = crt->next) { printf(" %3i (%1i) %-35.35s %33.33s\n %-49.49s %19.19s\n", crt->certid, crt->depth, crt->common_name, crt->organisation, crt->email, crt->registered); +#ifdef FIREWALL + printf(" %-44.44s %24.24s\n", + ((crt->access != NULL) && (crt->access->access_descr != NULL) + ? crt->access->access_descr : "(No firewall profile setup)"), + ((crt->access != NULL) && (crt->access->fwprofile != NULL) + ? crt->access->fwprofile : "-") + + ); +#endif if( crt->next != NULL ) { printf("\n"); } } - printf("---------------------------------------------------------------------" + printf(" --------------------------------------------------------------------" "----------\n"); } else { // If we wanted to show associated certs, and didn't find any - inform about it |