diff options
Diffstat (limited to 'eurephia.c')
-rw-r--r-- | eurephia.c | 82 |
1 files changed, 45 insertions, 37 deletions
@@ -34,13 +34,13 @@ // Get value of a environment variable -const char *get_env(eurephiaCTX *ctx, const char *envp[], const char *fmt, ... ) +const char *get_env(eurephiaCTX *ctx, int logmasking, const char *envp[], const char *fmt, ... ) { if (envp) { va_list ap; char key[384]; int keylen = 0; - int i; + int i, do_mask = 0; // Build up the key we are looking for memset(&key, 0, 384); @@ -53,10 +53,18 @@ const char *get_env(eurephiaCTX *ctx, const char *envp[], const char *fmt, ... ) if (!strncmp (envp[i], key, keylen)) { const char *cp = envp[i] + keylen; if (*cp == '=') { +#ifdef ENABLE_DEBUG +#ifdef SHOW_SECRETS + do_mask = 0; +#else + do_mask = logmasking; +#endif if( ctx != NULL ) { DEBUG(ctx, 23, "Function call: get_env(envp, '%s') == '%s'", - key, cp + 1); + key, (do_mask == 0 ? cp + 1 : "xxxxxxxxxxxxxx")); } +#endif + return cp + 1; } } @@ -247,14 +255,14 @@ int eurephia_tlsverify(eurephiaCTX *ctx, const char **env, const char *depth) DEBUG(ctx, 21, "** Function call: eurephia_tlsverify(...)"); // Check if IP address is blacklisted - ipaddr = (char *) get_env(ctx, env, "untrusted_ip"); + ipaddr = (char *) get_env(ctx, 0, env, "untrusted_ip"); if( eDBblacklist_check(ctx, attempt_IPADDR, ipaddr) == 1 ) { eDBregister_attempt(ctx, attempt_IPADDR, ATTEMPT_REGISTER, ipaddr); return 0; } // Check if certificate digest is blacklisted - tls_digest = (char *) get_env(ctx, env, "tls_digest_%s", depth); + tls_digest = (char *) get_env(ctx, 0, env, "tls_digest_%s", depth); if( eDBblacklist_check(ctx, attempt_CERTIFICATE, tls_digest) == 1 ) { eDBregister_attempt(ctx, attempt_IPADDR, ATTEMPT_REGISTER, ipaddr); eDBregister_attempt(ctx, attempt_CERTIFICATE, ATTEMPT_REGISTER, tls_digest); @@ -262,7 +270,7 @@ int eurephia_tlsverify(eurephiaCTX *ctx, const char **env, const char *depth) } // Check if certificate is registered and allowed - tls_id = (char *) get_env(ctx, env, "tls_id_%s", depth); + tls_id = (char *) get_env(ctx, 0, env, "tls_id_%s", depth); ci = parse_tlsid(tls_id); result = eDBauth_TLS(ctx, ci->org, ci->common_name, ci->email, tls_digest, depth); if( result < 1 ) { @@ -292,14 +300,14 @@ int eurephia_userauth(eurephiaCTX *ctx, const char **env) // Check if IP address is blacklisted - ipaddr = (char *) get_env(ctx, env, "untrusted_ip"); + ipaddr = (char *) get_env(ctx, 0, env, "untrusted_ip"); if( eDBblacklist_check(ctx, attempt_IPADDR, ipaddr) == 1 ) { eDBregister_attempt(ctx, attempt_IPADDR, ATTEMPT_REGISTER, ipaddr); return 0; } // Check if certificate digest is blacklisted - tls_digest = (char *) get_env(ctx, env, "tls_digest_0"); + tls_digest = (char *) get_env(ctx, 0, env, "tls_digest_0"); if( eDBblacklist_check(ctx, attempt_CERTIFICATE, tls_digest) == 1 ) { eDBregister_attempt(ctx, attempt_IPADDR, ATTEMPT_REGISTER, ipaddr); eDBregister_attempt(ctx, attempt_CERTIFICATE, ATTEMPT_REGISTER, tls_digest); @@ -307,7 +315,7 @@ int eurephia_userauth(eurephiaCTX *ctx, const char **env) } // Check if username is blacklisted - username = (char *) get_env(ctx, env, "username"); + username = (char *) get_env(ctx, 0, env, "username"); if( eDBblacklist_check(ctx, attempt_USERNAME, username) == 1 ) { eDBregister_attempt(ctx, attempt_IPADDR, ATTEMPT_REGISTER, ipaddr); eDBregister_attempt(ctx, attempt_CERTIFICATE, ATTEMPT_REGISTER, tls_digest); @@ -316,7 +324,7 @@ int eurephia_userauth(eurephiaCTX *ctx, const char **env) } // Get certificate ID - tls_id = (char *) get_env(ctx, env, "tls_id_0"); + tls_id = (char *) get_env(ctx, 0, env, "tls_id_0"); ci = parse_tlsid(tls_id); certid = eDBauth_TLS(ctx, ci->org, ci->common_name, ci->email, tls_digest, "0"); if( certid < 1 ) { @@ -329,7 +337,7 @@ int eurephia_userauth(eurephiaCTX *ctx, const char **env) free_certinfo(ci); // Do username/password/certificate authentication - passwd = (char *)get_env(ctx, env, "password"); + passwd = (char *)get_env(ctx, 1, env, "password"); result = eDBauth_user(ctx, certid, username, passwd); if( result < 1 ) { eDBregister_attempt(ctx, attempt_IPADDR, ATTEMPT_REGISTER, ipaddr); @@ -358,15 +366,15 @@ int eurephia_connect(eurephiaCTX *ctx, const char **env) { DEBUG(ctx, 21, "** Function call: eurephia_connect(...)"); // Fetch needed info - digest = get_env(ctx, env, "tls_digest_0"); - tlsid = get_env(ctx, env, "tls_id_0"); - cname = get_env(ctx, env, "common_name"); - uname = get_env(ctx, env, "username"); - vpnipaddr = get_env(ctx, env, "ifconfig_pool_remote_ip"); - vpnipmask = get_env(ctx, env, "ifconfig_pool_netmask"); - remipaddr = get_env(ctx, env, "trusted_ip"); - remport = get_env(ctx, env, "trusted_port"); - proto = get_env(ctx, env, "proto_1"); + digest = get_env(ctx, 0, env, "tls_digest_0"); + tlsid = get_env(ctx, 0, env, "tls_id_0"); + cname = get_env(ctx, 0, env, "common_name"); + uname = get_env(ctx, 0, env, "username"); + vpnipaddr = get_env(ctx, 0, env, "ifconfig_pool_remote_ip"); + vpnipmask = get_env(ctx, 0, env, "ifconfig_pool_netmask"); + remipaddr = get_env(ctx, 0, env, "trusted_ip"); + remport = get_env(ctx, 0, env, "trusted_port"); + proto = get_env(ctx, 0, env, "proto_1"); // Get a session ticket session = eDBopen_session_seed(ctx, digest, cname, uname, vpnipaddr, vpnipmask, remipaddr, remport); @@ -403,16 +411,16 @@ int eurephia_disconnect(eurephiaCTX *ctx, const char **env) { DEBUG(ctx, 21, "** Function call: eurephia_disconnect(...)"); // Fetch needed info - digest = get_env(ctx, env, "tls_digest_0"); - cname = get_env(ctx, env, "common_name"); - uname = get_env(ctx, env, "username"); - vpnipaddr = get_env(ctx, env, "ifconfig_pool_remote_ip"); - vpnipmask = get_env(ctx, env, "ifconfig_pool_netmask"); - remipaddr = get_env(ctx, env, "trusted_ip"); - remport = get_env(ctx, env, "trusted_port"); - bytes_sent= get_env(ctx, env, "bytes_sent"); - bytes_rec = get_env(ctx, env, "bytes_received"); - duration = get_env(ctx, env, "time_duration"); + digest = get_env(ctx, 0, env, "tls_digest_0"); + cname = get_env(ctx, 0, env, "common_name"); + uname = get_env(ctx, 0, env, "username"); + vpnipaddr = get_env(ctx, 0, env, "ifconfig_pool_remote_ip"); + vpnipmask = get_env(ctx, 0, env, "ifconfig_pool_netmask"); + remipaddr = get_env(ctx, 0, env, "trusted_ip"); + remport = get_env(ctx, 0, env, "trusted_port"); + bytes_sent= get_env(ctx, 0, env, "bytes_sent"); + bytes_rec = get_env(ctx, 0, env, "bytes_received"); + duration = get_env(ctx, 0, env, "time_duration"); // Get a session ticket session = eDBopen_session_seed(ctx, digest, cname, uname, vpnipaddr, vpnipmask, remipaddr, remport); @@ -447,13 +455,13 @@ int eurephia_learn_address(eurephiaCTX *ctx, const char *mode, const char *macad if( strncmp(mode, "add", 3) == 0 ) { // Fetch needed info - digest = get_env(ctx, env, "tls_digest_0"); - cname = get_env(ctx, env, "common_name"); - uname = get_env(ctx, env, "username"); - vpnipaddr = get_env(ctx, env, "ifconfig_pool_remote_ip"); - vpnipmask = get_env(ctx, env, "ifconfig_pool_netmask"); - remipaddr = get_env(ctx, env, "trusted_ip"); - remport = get_env(ctx, env, "trusted_port"); + digest = get_env(ctx, 0, env, "tls_digest_0"); + cname = get_env(ctx, 0, env, "common_name"); + uname = get_env(ctx, 0, env, "username"); + vpnipaddr = get_env(ctx, 0, env, "ifconfig_pool_remote_ip"); + vpnipmask = get_env(ctx, 0, env, "ifconfig_pool_netmask"); + remipaddr = get_env(ctx, 0, env, "trusted_ip"); + remport = get_env(ctx, 0, env, "trusted_port"); // Get a session ticket session = eDBopen_session_seed(ctx, digest, cname, uname, vpnipaddr, vpnipmask, |