diff options
Diffstat (limited to 'database/sqlite/edb-sqlite.c')
| -rw-r--r-- | database/sqlite/edb-sqlite.c | 135 |
1 files changed, 132 insertions, 3 deletions
diff --git a/database/sqlite/edb-sqlite.c b/database/sqlite/edb-sqlite.c index 25e6f8b..6e33267 100644 --- a/database/sqlite/edb-sqlite.c +++ b/database/sqlite/edb-sqlite.c @@ -1,7 +1,7 @@ /* edb-sqlite.c -- Main driver for eurephia authentication plugin for OpenVPN * This is the SQLite database driver * - * GPLv2 only - Copyright (C) 2008 - 2012 + * GPLv2 only - Copyright (C) 2008 - 2013 * David Sommerseth <dazo@users.sourceforge.net> * * This program is free software; you can redistribute it and/or @@ -274,6 +274,95 @@ int eDBauth_TLS(eurephiaCTX *ctx, const char *org, const char *cname, const char /** + * @copydoc eDBauth_GetAuthMethod() + */ +eDBauthMethodResult * eDBauth_GetAuthMethod(eurephiaCTX *ctx, + const int certid, const char *username) +{ + dbresult *dbr = NULL; + eDBauthMethodResult *ret = NULL; + + DEBUG(ctx, 20, "Function call: eDBauth_GetAuthMethod(ctx, %i, '%s')", certid, username); + + dbr = sqlite_query(ctx, + "SELECT uicid, authplugin, authusername, activated, deactivated, " + " bl1.blid, bl2.blid, plgenabled" + " FROM openvpn_usercerts uc" + " JOIN openvpn_users ou USING (uid)" + " LEFT JOIN eurephia_plugins ep ON (uc.authplugin == ep.plgid)" + " LEFT JOIN openvpn_blacklist bl1 ON(ou.username = bl1.username) " + " LEFT JOIN (SELECT blid, certid " + " FROM openvpn_certificates " + " JOIN openvpn_blacklist USING(digest)) bl2 " + " ON (uc.certid = bl2.certid)" + " WHERE ou.username = '%q' AND uc.certid = '%i'", + username, certid); + + if (dbr == NULL) { + eurephia_log(ctx, LOG_FATAL, 0, + "Failed to query eurephia database for authentication methods for" + "user '%s' with certid '%i'", username, certid); + return NULL; + } + + ret = malloc_nullsafe(ctx, sizeof(eDBauthMethodResult)+2); + if (ret == NULL) { + eurephia_log(ctx, LOG_FATAL, 0, + "Failed to allocate memory fir auth method results"); + return NULL; + } + + /* Some sane and restrictive default values */ + ret->method = eAM_UNDEF; + ret->username = NULL; + ret->authplugid = 0; + ret->uicid = 0; + + if (sqlite_get_numtuples(dbr) == 1) { + char *auplgid = sqlite_get_value(dbr, 0, 1); + char *auuname = sqlite_get_value(dbr, 0, 2); + char *auplgenab = sqlite_get_value(dbr, 0, 7); + + if( sqlite_get_value(dbr, 0, 5) != NULL ) { + eurephia_log(ctx, LOG_WARNING, 0, "User account is BLACKLISTED (%s)", + username); + ret->method = eAM_BLACKLISTED; + } else if( sqlite_get_value(dbr, 0, 6) != NULL ) { + eurephia_log(ctx, LOG_WARNING, 0, + "User account linked with a BLACKLISTED certificate " + "(%s) - certid: %s", + username, certid); + ret->method = eAM_BLACKLISTED; + } else if( sqlite_get_value(dbr, 0, 3) == NULL ) { + eurephia_log(ctx, LOG_WARNING, 0, "User account is not activated (%s)", + username); + ret->method = eAM_INACTIVE; + } else if( sqlite_get_value(dbr, 0, 4) != NULL ) { + eurephia_log(ctx, LOG_WARNING, 0, "User account is deactivated (%s)", + username); + ret->method = eAM_INACTIVE; + } else if ((auplgid != NULL) && (auplgenab != NULL) && (auplgenab[0] == 't')) { + /* If an authentication plug-in is defined and enabled. Use a + * different auth name if configured as well. + */ + ret->method = eAM_PLUGIN; + ret->username = strdup_nullsafe((auuname != NULL ? auuname : username)); + ret->authplugid = atoi_nullsafe(auplgid); + ret->uicid = atoi_nullsafe(sqlite_get_value(dbr, 0, 0)); + } else { + /* If no authentication plug-in is defined, use internal eurephia auth */ + ret->method = eAM_INTERNDB; + ret->username = strdup_nullsafe(username); + ret->authplugid = 0; + } + } + + sqlite_free_results(dbr); + return ret; +} + + +/** * @copydoc eDBauth_user() */ int eDBauth_user(eurephiaCTX *ctx, const int certid, const char *username, const char *passwd) @@ -297,8 +386,7 @@ int eDBauth_user(eurephiaCTX *ctx, const int certid, const char *username, const " JOIN openvpn_blacklist USING(digest)) bl2 ON(uc.certid = bl2.certid)" " WHERE uc.certid = '%i' AND ou.username = '%q'", certid, username); - memset(crpwd, 0, strlen_nullsafe(crpwd)); - free_nullsafe(ctx, crpwd); + if( sqlite_query_status(res) != dbSUCCESS ) { eurephia_log(ctx, LOG_FATAL, 0, "Could not lookup user in database (certid %i, username '%s'", certid, username); @@ -319,6 +407,7 @@ int eDBauth_user(eurephiaCTX *ctx, const int certid, const char *username, const eurephia_log(ctx, LOG_WARNING, 0,"Authentication failed for user '%s'. DB error.", username); pwdok = 0; + uicid = 0; } else { crpwd = eurephia_pwd_crypt(ctx, passwd, dbpwd); pwdok = ((crpwd != NULL) && (strcmp(crpwd, dbpwd) == 0) ? 1 : 0); @@ -1230,3 +1319,43 @@ eurephiaVALUES *eDBget_blacklisted_ip(eurephiaCTX *ctx) { return ret; } + +/** + * @copydoc eDBget_plugins() + */ +eurephiaVALUES *eDBget_plugins(eurephiaCTX *ctx, const char *plgtype) { + eurephiaVALUES *ret = NULL; + dbresult *res = NULL; + int i = 0; + char *plgdso = NULL; + + DEBUG(ctx, 20, "Function call eDBget_plugins(ctx, '%s')", plgtype); + + /* Format of the plug-in information: [<dso-filename>]<config string> */ + + res = sqlite_query(ctx, + "SELECT plgid, " + "CASE WHEN plgconfig IS NULL" + " THEN '[' || plgdsofile || ']'" + " ELSE '[' || plgdsofile || ']' || plgconfig END" + " FROM eurephia_plugins" + " WHERE plgenabled = 't' " + " AND plgtype = '%q'", plgtype); + + if( sqlite_query_status(res) == dbSUCCESS ) { + ret = eCreate_value_space(ctx, 21); + for( i = 0; i < sqlite_get_numtuples(res); i++ ) { + if( ( plgdso = sqlite_get_value(res, i, 1)) != NULL ) { + eAdd_value(ctx, ret, sqlite_get_value(res, i, 0), plgdso); + } + } + } else { + eurephia_log(ctx, LOG_FATAL, 0, + "Failed to retrieve additional eurephia plug-ins"); + sqlite_log_error(ctx, res); + ret = NULL; + } + sqlite_free_results(res); + + return ret; +} |