| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
| |
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
|
|
|
|
|
| |
The current implementation uses the MAC address of the client's VPN
interface. This also restricts eurephia to use TAP mode.
This patch adds preliminary support for also accepting the clients
IP address when updating the firewall rules. But the complete support
for TUN mode is not completed yet.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
As the firewall API has changed in regards to moving a way from
a string based implementation to a struct based implementation, the
older eurephia firewall module will not work any longer.
To make sure nothing bad happens, enforce that the efw-iptables
module is at least using API version 2. Also updated the module
version to reflect some changes as well.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This will later be used to be able to support OpenVPN in tun mode
as well as the now only supported tap mode. It will first try to
detect the tunnel type based on the 'dev_type' environment variable
if available. If not, it will try to figure it out based on the
device name. If this fails, it is possible to force the eurephia
to a specific device type by setting the openvpn_devtype config
variable.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
|
|
| |
The eurephia plug-in would daemonize the OpenVPN process by calling
daemonize() too early. This patch renames daemoinze() to efw_daemonize()
and calls it only in the firewall child process.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
|
|
|
| |
The eDBadminGetLastlog(...) function didn't parse the sortkeys string to match
the database layout.
In addition the field mapping for the openvpn_lastlog.sessionstatus field was wrong.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
| |
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
|
| |
It turned out the previous git tree state check misinterpretted the
tree state on a clean git repository.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
| |
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
|
| |
The reg-exp for catching the git status -s variants was too limited.
This new reg-exp should be able to handle more variants better and safer.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
|
|
|
| |
- Reorganised the layout a bit
- Added a path to the local git repository
- Added '(origin)' identificator to the remote git repo string
- Do the 'git status' call from the root of the source tree
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
| |
This patch adds a list over uncommitted files.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
|
| |
This just adds some gathered information about the build, useful
for debugging later on.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
|
|
|
|
| |
It was reported that it was possible to grant the same access level
several times using the eurephiadm adminaccess command. This is now
fixed by quering the access levels for the user before executing the
grant or revoke operation.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Report-URL: https://sourceforge.net/tracker/index.php?func=detail&aid=3092583&group_id=236344&atid=1099760
|
| |
|
|
|
|
|
|
|
| |
As eurephia-auth.so is the OpenVPN plug-in part of eurephia, it should be
located in the directory OpenVPN uses. The other .so files which are built
will stay in the designated /usr/{lib,lib64}/eurephia directory, as they are
only related to eurephia itself.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
|
| |
This is really not needed to split out in a separate RPM. It can
be shipped together with the eurephia plug-in.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
|
|
|
| |
The --sqlite3-path argument was silently ignored due to a misbehaviour
in the check for database driver enablement. Moved over to proper bash
scripting and used wildcards on the DB string which is intended to also
contain more than just one database indicator.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
| |
Signed-off-by: Alberto Gonzalez Iniesta <agi@inittab.org>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
| |
A dash was not escaped with backslash.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
| |
It didn't like that the NAME section contained a description instead.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
| |
This could cause eurephia to use a faulty hashing rounds value.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
|
| |
Do a mlock() call on all buffers used by the password hashing algorithms,
to make sure these data segments never will be written to swap.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
|
|
| |
A suggestion for this file will be generated based on the command line
arguments. It will also honour the EUREPHIA_DIR environment variable as
well.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
| |
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
| |
Removed old and obsolete expressions used to reference the eurephia database driver.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
| |
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
|
|
|
|
| |
- OpenVPN would not exit gracefully due to mq_send() returns 0 on success
- On-the-fly blacklisting with new API failed due to wrong value checking
The request->rule_destination is empty when request->mode==BLACKLIST, so
the check for rule_destination was moved to the appropriate place.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
| |
Removed some #defines which was not needed and added missing comments.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
|
|
|
| |
This was discovered during a documentation review done by Nate Lieby.
sf.net ticket:
https://sourceforge.net/tracker/?func=detail&aid=3052422&group_id=236344&atid=1099760
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
|
| |
Moved over the missing pieces to use the eFWupdateRequest struct. This is
a continuation of the work started in commit bdd956adcccd91ff553278fd73cea7
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
| |
eAdd_valuestruct() did not use a nullsafe strdup().
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |\ |
|
| | |
| |
| |
| | |
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| | |
| |
| |
| | |
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| | |
All functions calling eFW_UpdateFirewall() and the iptables driver
needs to be updated as well.
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
If fgets() returns NULL, clear the buffer allocated for the console data.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
- Added missing Group tags
- Added stricter cmake version requirement
- Fixed rpmlint complaints
- Added -p when calling install
- Changed $RPM_BUILD_ROOT to %{buildroot} for consistency
|
| | |
| |
| |
| |
| |
| | |
On Fedora 13 and Rawhide, the sem_wait(), sem_timedwait() and sem_post() functions
is no longer available in librt, only in libpthread. Added extra CMake checks to
check if the functions are in libpthread if not found in librt.
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
