summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* edb-pgsql: Added the needed authentication functions for the admin modulepgsqlDavid Sommerseth2013-06-132-1/+531
| | | | | | eurephiadm is now able to authenticate, login and logout a user. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* edb-pgsql: Added an update SQL view for eurephia_adminlogDavid Sommerseth2013-06-131-0/+10
| | | | | | | This is to restrict the eurephia-admin database user to only be allowed to update a few fields of the eurephia_adminlog table. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* edb-pgsql: ePGprepLoadStatements() was missing a break in the switch/case ↵David Sommerseth2013-06-131-0/+1
| | | | | | | | | statment Without this break, this function would return an error that the web or console admin interface were invalid. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* edb-pgsql: Added ePGprepParamsAddArgumentChar()David Sommerseth2013-06-132-0/+10
| | | | | | This is used to add a single char value to the prepared arguments stack. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* edb-pgsql: Added prepared SQL statements needed for the admin authenticationDavid Sommerseth2013-06-132-9/+107
| | | | | | | Aslo moved one query from the "plugin section" to the "admin section" where it belongs. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* edb-pgsql: Added ePGgetValue_bool()David Sommerseth2013-06-132-0/+13
| | | | | | | | This will parse the database result value as a boolean value and return (int) 1 if the value is 't' (true in PostgreSQL). Otherwise the function will return (int) 0. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* edb-pgsql: Added ePGerrorMessageXML() to return PostgreSQL errors in XMLDavid Sommerseth2013-06-132-0/+76
| | | | Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* Added a simple log destination to string translater function.David Sommerseth2013-06-132-0/+32
| | | | | | | This is needed by the edb-pgsql driver to provide more understandable error reports in the administration code paths. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* edb-pgsql: Reworked the prepared statement loadingDavid Sommerseth2013-06-132-49/+106
| | | | | | | | | | | | | | | | Rewrote the loading of prepared statements to be able to switch which statements are loaded, based on the eurephia context type. This ensures that the database connection for the OpenVPN connection will not have any prepared statements related to the administration queries. With this change, it also made sense to replace the ePGprepStatementGetID() function with ePGprepGetStatement() which returns a pointer directly to related statement, instead of looking up the "slot ID" for the requested statement. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* Improved some of the Doxygen documentationDavid Sommerseth2013-06-132-8/+24
| | | | Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* edb-pgsql: Reworked the prepared statements infrastructureDavid Sommerseth2013-06-136-781/+943
| | | | | | | | | | Moved all SQL statements out of each function and into a const struct which is loaded at startup. Implemented a safer way of handling parameters to these prepared statements as well. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* edb-pgsql: First implementation of all OpenVPN auth related functionsDavid Sommerseth2013-06-131-343/+1043
| | | | | | | | | This is a working implementation of the PostgreSQL driver, where only the driver functions needed by OpenVPN for authentication are implemented. There are still more enhancements to be done, but this is usable. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* Add eDBdisconnect_firewall() database driver functionDavid Sommerseth2013-06-133-1/+18
| | | | | | | | | | | | If this function is found declared in the database driver, it will be used instead of eDBdisconnect() when forking the firewall thread. This is to avoid disconnecting some databases in the wrong way. This new function is fully optional to implement if the database driver works fine with calling eDBdisconnect(). Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* edb-pgsql: Add an updatable view for the lastlog tableDavid Sommerseth2013-06-131-0/+15
| | | | | | | This allows the eurephia-auth user to only update the columns in the lastlog which it is supposed to update. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* edb-pgsql: Use correct sessionkey length in macaddr_historyDavid Sommerseth2013-06-131-1/+1
| | | | | | | The macaddr_history table was declared with a too small field for storing session keys. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* edb-pgsql: Change lastlog.sessionduration to intervalDavid Sommerseth2013-06-131-1/+1
| | | | | | PostgreSQL have a better data type for storing session duration. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* edb-pgsql: Correct some wrong table names and referencesDavid Sommerseth2013-06-131-17/+17
| | | | | | | None of the tables used by the edb-pgsql driver uses the 'openvpn_' prefix Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* Add an SQL VIEW for updating users.last_accessed more safelyDavid Sommerseth2013-06-131-0/+11
| | | | | | | | It's not ideal to let the eurephia-auth user have write access to the users table. This view will allow the eurephia-auth user only to touch users.last_accessed; and this value will be enforced to be CURRENT_TIMESTAMP. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* edb-pgsql: Renamed local PostgreSQL functionsDavid Sommerseth2013-06-131-36/+36
| | | | | | | | Generic local PostgreSQL functions were prefixed with 'PG'. As this is too close to the prefix PostgreSQL uses, these functions where changed to 'ePG'. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* edb-pgsql: Reworked PostgreSQL error handlingDavid Sommerseth2013-06-131-95/+101
| | | | | | Added a generic error reporting function, to stream line this process. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* edb-pgsql: Make use of internal PGgetValue() instead of PQgetvalue() in ↵David Sommerseth2013-06-131-3/+3
| | | | | | | | | eDBblacklist_check() PGgetValue() will return NULL if the database field is NULL, which is expected several places in the eDBblacklist_check() function. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* edb-pgsql: The very beginning of a PostgreSQL driverDavid Sommerseth2013-06-136-3/+1441
| | | | | | | This is far from production ready, but is the first step. Only tested with initialisation and startup of OpenVPN so far. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* database: Bugfix - missing break statement caused password hash to be ↵David Sommerseth2013-06-131-0/+1
| | | | | | | | | | | | | overwritten When commit 85ad4bbb21e478b5b3699dfa14c97dccfd336f10 was added, it was missing a break statement at the end of the 'case ft_PASSWD' block. This resulted in a corrupted password hash when initialising the database or changing the password for users - as it would be overwritten by the following boolean parsing. I'd like to thank Colin Ryan for catching this bug. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* eurephia-auth: Move the declaration of eurephiaClientCTX outside #ifdef ↵David Sommerseth2013-06-121-2/+2
| | | | | | | | ENABLE_DEBUG block It was not possible to build eurephia without --debug configured otherwise. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* eurephia-auth: Fixed a few issues when using OpenVPN 2.2David Sommerseth2013-06-091-2/+6
| | | | | | | | | | | | | | | - SSLAPI_OPENSSL isn't available in this version. Print a warning during compile time that OpenVPN must be compiled against OpenSSL. If OpenVPN is not compiled against OpenSSL, it may most likely crash. OpenVPN 2.3.2 and below can be compiled against PolarSSL and does not contain the needed arguments->ssl_api variable to identify SSL implementation at runtime. - Bug: When moving the certificate information extraction to openvpn_plugin_func_v1(), the certificate level was not extracted correctly. It needs to be converted to an integer. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* auth: Added socket-auth moduleDavid Sommerseth2013-06-094-1/+482
| | | | | | | | | This can authenticate username/passwords via a file socket to an authentication service. A simple authentication service written in Python is added as well. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* Fixed a memory leak in detect_tunnel_type()David Sommerseth2013-06-071-0/+1
| | | | | | | If the tunnel type was detected and a understandable device name was found, the local devtype was not freed at all. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* plugin: Save the client certificate information in a OpenVPN per-client-contextDavid Sommerseth2013-06-071-17/+73
| | | | | | | | | | | As the X.509 certificate data isn't available when the certificate has been validated, save the parsed certificate information in the per-client-context OpenVPN provides in the v3 plug-in API. When the client disconnects, the certificate information and per-client-context buffer is released as well. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* plugin: Reworked the certinfo integration and use the X.509 certificate from ↵David Sommerseth2013-06-073-105/+103
| | | | | | | | | | OpenVPN The OpenVPN plug-in v3 API there is direct access to the X.509 certificate data. This patch starts the adoptation to make use of that, but also to preserve backwards compatibility. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* plugin: cleaned up some white space errors in environment.cDavid Sommerseth2013-06-071-2/+2
| | | | Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* eurephiadm: Added needed include files to be buildableDavid Sommerseth2013-06-072-0/+2
| | | | | | | This is related to that certinfo has been extended and now need to pull in the openssl/x509.h to compile properly. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* common: Improved the certificate information extračtionDavid Sommerseth2013-06-072-2/+88
| | | | | | | | | Added a function to extract the needed information from an OpenSSL X509 object. Also extended parse_tlsid() to include a pointer to the certificate digest, to have a common behaviour between parse_tlsid() and parse_x509_cert(). Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* eurephiadm: Removed inclusion of certinfo.h where not neededDavid Sommerseth2013-06-073-3/+0
| | | | Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* plugin: Start the implementation of OpenVPN 2.3's plug-in API v3David Sommerseth2013-06-051-4/+121
| | | | | | | These changes should provide both the v1 API and the new v3 API, depending on which OpenVPN is being used. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* common: Update callers of eurephia_log_init() to comply with the API changesDavid Sommerseth2013-06-054-12/+21
| | | | | | This is to enable an improved logging feature in OpenVPN v2.3 and newer. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* common: Prepare for OpenVPN 2.3's new logging feature in plug-in API v3David Sommerseth2013-06-053-7/+42
| | | | | | | In OpenVPN v2.3 there's a new plug-in API with a more integrated log features. This patch prepares the logging infrastructure for this API. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* eurephiadm/usercerts: Add support for setting up auth-pluginsDavid Sommerseth2013-05-295-36/+107
| | | | | | | This enables setting authentication plug-in and the alternative authentication username for user-certificate links. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* auth-plugin: Added a simple flat-file authentication exampleDavid Sommerseth2013-05-293-1/+264
| | | | | | | | This auth-plugin will authenticate users against a simple text file containing username and password hashes, separated by a '|' (pipe). Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* eurephiadm: Added missing install of the plugins.xsl fileDavid Sommerseth2013-05-291-0/+1
| | | | Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* eurephiadm: Added missing XSLT file for the plug-ins commandDavid Sommerseth2013-05-281-0/+122
| | | | | | | This file should have been added to commit 2cb8244efca21c48db523df9a12a337d3679e26b but got forgotten. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* Merge auth-plugin workDavid Sommerseth2013-05-2832-77/+2318
|\ | | | | | | | | | | | | | | | | | | | | This implements a authentication plug-in framework which can be used to do username/password authentication against another backend per user/certificate. Conflicts: database/eurephiadb.c Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| * sqlite3: Rename the delta script to avoid merge issuesDavid Sommerseth2013-05-281-0/+0
| | | | | | | | | | | | Seems delta-2 was already "taken" in master. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| * sqlite3: Enable support for managing plug-in modulesDavid Sommerseth2013-05-283-0/+357
| | | | | | | | | | | | | | This enables plug-in support management via the eDBadminPlugins() function, used by eurephiadm. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| * eurephiadm: Add support for managing plug-insDavid Sommerseth2013-05-284-1/+471
| | | | | | | | | | | | | | This adds the 'plugins' command, which is used to register, remove or modify plug-in parameters. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| * Add the eDBadminPlugins() function in the database APIDavid Sommerseth2013-05-282-0/+31
| | | | | | | | | | | | | | This function will be used by the admin interface to configure eurephia plug-ins. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| * database/field mapping: Introduce boolean field typeDavid Sommerseth2013-05-283-2/+26
| | | | | | | | | | | | | | This field type ensures boolean values will be predictable when working in the database driver layer. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| * Use proper return type in eDBmappingFieldsPresent()David Sommerseth2013-05-282-3/+3
| | | | | | | | | | | | | | | | The field mapping id changed to unsigned long long in commit 60800a7030c7aa3a9e1a1b6155abc4079a0e34f1. This function needs to support that as well. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| * Added fieldmapping to the new 'plugins' tableDavid Sommerseth2013-05-281-6/+6
| | | | | | | | | | | | | | This will enable the database plug-ins and eurephiadm to manipulate this table. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| * Added fieldmapping to the new 'plugins' tableDavid Sommerseth2013-04-122-0/+19
| | | | | | | | | | | | | | This will enable the database plug-ins and eurephiadm to manipulate this table. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| * Added new function to set the value in a eDBfieldMap structDavid Sommerseth2013-04-122-5/+39
| | | | | | | | | | | | | | This slightly changes the eDBmappingGetValue() function to reuse some of the same look-up logic for eDBmappingSetValue() Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
generated by cgit (git 2.34.1) at 2026-01-03 19:48:55 +0000