| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
Signed-off-by: David Sommerseth <dazo@eurephia.org>
(cherry picked from commit 7d3f9f1a97d5aeb3fbdb152f4ef070539a637adc)
|
|
|
|
|
|
|
|
| |
This function is called also with IP adresses from networks behind clients, and
eurephia doesn't really need to process them.
Signed-off-by: David Sommerseth <dazo@eurephia.org>
(cherry picked from commit 31193a9d4f764bd54e00fc9e277c98319f198acd)
|
|
|
|
|
|
|
|
|
|
| |
If routing subnets over the VPN tunnel, OpenVPN will learn addresses
inside these subnets. As these IP addresses are not directly connected
to a eurephia session, these errors can be silenced in normal operation.
So this logging was moved to DEBUG().
Signed-off-by: David Sommerseth <dazo@eurephia.org>
(cherry picked from commit 0628a765e4ecdf44a966b9a3fd6717aca9b9d09f)
|
|
|
|
|
|
|
|
| |
The check if dbargc exceeds MAX_ARGUMENTS was done _after_ it was checked
if the array element is NULL. This was not the intention.
Signed-off-by: David Sommerseth <dazo@eurephia.org>
(cherry picked from commit 51f8c8e930221cc5feeac4f84be5550b4e5be9dd)
|
|
|
|
|
|
|
|
| |
This hash is only used to measure the hashing speed. We don't need to save
this hash at this point.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
(cherry picked from commit 2ed21f9c05ed25d814034ad3ebb4cb6009543481)
|
|
|
|
|
| |
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
(cherry picked from commit 9aacd42cf3a4e0877c1d6f770d10a61276ef8a99)
|
|
|
|
|
|
|
|
| |
These variables where used before the XML based response in the
admin API was implemented.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
(cherry picked from commit 8eb493cb8fac488cbafe8af06f6f062fc659f4a3)
|
|
|
|
|
|
|
|
|
|
|
| |
Debian now requires explicit -ldl when linking eurephiadm and the
other executables in ./utils. Presuming this will be an issue on
other Linux distributions, so made this generic for Linux builds.
Thanks to Alberto Gonzalez Iniesta for helping solving this.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
(cherry picked from commit 9dd9da8fb505e4b97035daa99e4507c33090ff15)
|
|
|
|
|
| |
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
(cherry picked from commit 2613675111387fb0753d31be74b5e0a362389ef8)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If OpenVPN is configured with a unkown --dev name and --dev-type is used,
eurephia would in some specific situations double-free a memory region
keeping the dev-type information. GETENV_*() functions returns a pointer
to a buffer which is supposed to be free'd, but pointers returned by
eGet_value() should not be free'd.
And in the error situation if dev-type is not forced or detected, the
memory allocated by GETENV_DEVNAME() was not properly free'd.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
(cherry picked from commit 00bd0ac4cc901004aeaf4548813bb465bce5243f)
|
|
|
|
| |
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
| |
Using /var/lib is more appropriate for the kind of database file eurephia uses
and will also avoid other security restrictions on hardened installations as well.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
user
In commit 35b61c51435d9f9095ced8949c045d50ac3c7018 the lastlog layout was changed.
However, when displaying the lastlog for a particular user (eurephiadm users -s -l)
the first column which was set to be username was empty.
This patch will put the users remote IP address in the first column instead, while
preserving the 'eurephiadm lastlog' layout.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
| |
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
| |
Most of the eurephiadm commands leaked some memory if an error occured or
the --help screen was requested.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
|
| |
Valgrind complained about reachable buffers within the libxml2 and libxslt
functions. Found some init and cleanup functions which needed to be called
to solve this.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
|
| |
Made all SELECT queries which is used for reports to use the new 'locdt' SQL
function on timestamp fields. This converts the UTC/GMT timestamps stored in
the database to the correct timezone of the running admin client.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
localtime
All CURRENT_TIMESTAMP calls are returned in UTC/GMT, and this value is stored in the
database. When using eurephiadm to look at these datetime fields the UTC/GMT value
is used, and needs to be taken in consideration when looking at the reports. This
patch is the first step to handle the local time zone better.
This patch also fixes the 'debug' program in sqlite.c, making use of the
eurephia_log_init() and eurephia_log_close() calls for log preparations.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
|
|
|
| |
This fixes a bug which appeared with newer OpenVPN versions, where
the OPENVPN_PLUGIN_LEARN_ADDRESS would be called in the end - also
in tun mode. And with the clean-up in session seed, in regards to
the netmask not being part of the session seed, this little code
made things worse. So lets get rid of it!
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit implements the eDBregister_vpnclientaddr() needed by the
newer eurephia-auth plug-in. This is needed to improve the tun support
in eurephia.
In addition, this also updates the SQL schema to include IPv4 and in
the future IPv6 addresses in the lastlog and VPN address history
(openvpn_vpnaddr_history). The old openvpn_macaddr_history table
is deprecated.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
|
|
| |
correct
This skips looking up all the eDBadmin*() functions if the context is unprivileged
or the database interface is initialised by the OpenVPN plug-in
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This function replaces eDBregister_vpnmacaddr(). This new function
will in addition to the MAC address (if OpenVPN is running in TAP mode)
also register the client's IPv4 VPN address. It's also prepared for
logging the client's IPv6 VPN address.
This function supports both TUN and TAP mode, while the old function
only handled TAP mode.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
|
|
|
|
| |
This is sometimes NULL, which is noticed more often when OpenVPN is
configured in tun mode. This makes it difficult to identify the
proper session key, as the seed isn't consistent.
It does not affect much in regarding to the seed itself, as the
netmask is most likely going to be the same for all clients anyhow.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
| |
Check if we have a context available before setting ctx->tuntype.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
| |
It's more useful to see the session status in 'eurephiadm lastlog' than
when the session was closed by eurephia in the non-verbose overview.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
|
|
|
|
| |
This will change the driver to use the new error routines made available
in the SQLite3 framework. Some of the code is also restructured a little
bit to simplify the code with these changes.
The functionality should be the same as for, but better error messages
are now sent back to the caller on the functions supporting XML.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The core sqlite_query() function will now always return a pointer to a
dbresult structure. This structure now contains a query status and
the error message from the sqlite3 backend if something went wrong.
This means that error checking from now on should use the
sqlite_query_status() macro and not to check if sqlite_query() returns
NULL.
Another fundamental change is that sqlite_free_results() must always be
called on the dbresult structure now, to free the memory used by either
data from the query or the error message.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
| |
The argument list didn't match what the internal _veurephia_log_func()
function expected. This error was introduced in commit ebf4e80250b525e17
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
| |
Modified the eurephiadm client_config section to make use of the common
version as well.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
| |
veurephia_log() is to eurephia_log() what vprintf() is to printf(),
taking va_list and const char *fmt arguments directly.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
| |
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
| |
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
| |
On FreeBSD the endian.h file is located in sys/endian.h.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
| |
Other platforms, like FreeBDS, have these functions in the standard
libc library.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
| |
On some platforms, CMake did not give this needed information to
the linker.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
|
| |
The initial implementation of the SHA512 hashing functions was tightly
connected to glibc. This patch changes those few functions which is
glibc to more portable functions.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
|
| |
If SQLite3 was not installed in system paths, it would not be possible
to compile the edb-sqlite driver due to include and library paths not
being set.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
|
|
| |
The functions related to dynamic loading of shared objects are a part
of the standard libc library on FreeBSD, while in Linux it is in libdl.
However, the linker on Linux seems to add the libdl linking automatically
when needed, so no need to explicitly link this library.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
| |
Some platforms expects a path to be given, so adding a relative path to the
'find' expressions.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
| |
Make use of the iptables conntrack module instead of the older state module
for stateful firewalling.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
| |
This is to help debugging even further, to be able to reproduce
as similar builds as possible.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
|
|
|
| |
account
Matthew Gyurgyik noticed that when deleting a user account, the users granted
access levels was still present. This resulted in a rather odd looking list when
showing granted access levels.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
|
|
|
| |
Now eurephia will support both TUN and TAP configurations in
OpenVPN.
Thanks to Tavis Paquette and Matthew Gyurgyik for their willingness
to test out this patch.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
| |
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
|
| |
This function clears the contents of a eurephiaVALUES key/value record.
It will not remove the record from the stack, but only free the key and
value pointers and sets them to NULL.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
|
| |
This memory leak got introduced with commit 525d75316848f79208101e48a54e2
which moves the daemonisation of the firewall thread. Two environment
variables was not freed after usage.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
| |
The char buffer returned by eDBget_firewall_profile() must be freed after
usage.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
| |
Big thanks to Konstantin Shabanov, Alberto G. Iniesta, Dario
Minnucci and Tavis Paquette.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
| |
This warning is written to stderr, to avoid breaking scripts which might
depend on eurephiadm config's behaviour.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
| |
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|