diff options
Diffstat (limited to 'database/sqlite/administration.c')
| -rw-r--r-- | database/sqlite/administration.c | 34 |
1 files changed, 22 insertions, 12 deletions
diff --git a/database/sqlite/administration.c b/database/sqlite/administration.c index 4b174d9..c8e5a7e 100644 --- a/database/sqlite/administration.c +++ b/database/sqlite/administration.c @@ -74,9 +74,9 @@ void xmlReplaceChars(xmlChar *str, char s, char r) { // Authenticate admin user against user database int eDBadminAuth(eurephiaCTX *ctx, const char *req_access, const char *uname, const char *pwd) { dbresult *res = NULL; - char *crpwd = NULL; + char *crpwd = NULL, *dbpwd = NULL; char *activated = NULL, *deactivated = NULL, *blid = NULL; - int uid = -1, pwok = 0, access = 0; + int uid = -1, access = 0; char interface; DEBUG(ctx, 20, "Function call: eDBadminAuth(ctx, '%s, '%s', 'xxxxxxxx')", req_access, uname); @@ -103,17 +103,13 @@ int eDBadminAuth(eurephiaCTX *ctx, const char *req_access, const char *uname, co // // Authenticate user and password // - crpwd = passwdhash(pwdSHA512, NULL, pwd); - assert(crpwd != NULL); res = sqlite_query(ctx, "SELECT activated, deactivated, bl.blid, " - " (password = '%q') AS pwok, uid " + " password, uid " " FROM openvpn_users ou" " LEFT JOIN openvpn_blacklist bl USING (username)" " WHERE ou.username = '%q'", - crpwd, uname); - memset(crpwd, 0, strlen_nullsafe(crpwd)); - free_nullsafe(crpwd); + uname); if( res == NULL ) { eurephia_log(ctx, LOG_FATAL, 0, "Could not authenticate user against the database"); @@ -124,9 +120,8 @@ int eDBadminAuth(eurephiaCTX *ctx, const char *req_access, const char *uname, co activated = sqlite_get_value(res, 0, 0); deactivated = sqlite_get_value(res, 0, 1); blid = sqlite_get_value(res, 0, 2); - pwok = atoi_nullsafe(sqlite_get_value(res, 0, 3)); + dbpwd = sqlite_get_value(res, 0, 3); uid = atoi_nullsafe(sqlite_get_value(res, 0, 4)); - sqlite_free_results(res); if( blid != NULL ) { eurephia_log(ctx, LOG_WARNING, 0, @@ -147,11 +142,26 @@ int eDBadminAuth(eurephiaCTX *ctx, const char *req_access, const char *uname, co return 0; } - if( pwok != 1 ) { - eurephia_log(ctx, LOG_WARNING, 0, "Authentication failed,"); + if( dbpwd == NULL ) { + eurephia_log(ctx, LOG_WARNING, 0, "Authentication failed. DB error."); sqlite_free_results(res); return 0; + } else { + int pwdok = 0; + // Verify the password + crpwd = eurephia_pwd_crypt(ctx, pwd, dbpwd); + assert(crpwd != NULL); + pwdok = (strcmp(crpwd, dbpwd) == 0 ? 1 : 0); + memset(crpwd, 0, strlen_nullsafe(crpwd)); + memset(dbpwd, 0, strlen_nullsafe(dbpwd)); + free_nullsafe(crpwd); + if( pwdok == 0 ) { + eurephia_log(ctx, LOG_WARNING, 0, "Authentication failed."); + sqlite_free_results(res); + return 0; + } } + sqlite_free_results(res); // Check if access level is granted // (SQLite do not handle advanced joins so well, so we need to |