| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
|
| |
This hash is only used to measure the hashing speed. We don't need to save
this hash at this point.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
| |
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
|
| |
These variables where used before the XML based response in the
admin API was implemented.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
|
|
|
|
| |
Debian now requires explicit -ldl when linking eurephiadm and the
other executables in ./utils. Presuming this will be an issue on
other Linux distributions, so made this generic for Linux builds.
Thanks to Alberto Gonzalez Iniesta for helping solving this.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
|
|
|
| |
The socket got closed after the first authentication. Re-indent the
close() call to the proper level.
Credits goes to Colin Ryan for spotting this one.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
|
|
|
|
| |
The uid and accessess profile variables had changed order. Which
would cause a mismatch with the configured access profile and
user-cert link.
I'd like to thank Colin Ryan for catching this bug too.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
overwritten
When commit 85ad4bbb21e478b5b3699dfa14c97dccfd336f10 was added, it was
missing a break statement at the end of the 'case ft_PASSWD' block. This resulted
in a corrupted password hash when initialising the database or changing the password
for users - as it would be overwritten by the following boolean parsing.
I'd like to thank Colin Ryan for catching this bug.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
|
|
| |
ENABLE_DEBUG block
It was not possible to build eurephia without --debug configured otherwise.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- SSLAPI_OPENSSL isn't available in this version. Print a warning
during compile time that OpenVPN must be compiled against OpenSSL.
If OpenVPN is not compiled against OpenSSL, it may most likely crash.
OpenVPN 2.3.2 and below can be compiled against PolarSSL and does
not contain the needed arguments->ssl_api variable to identify
SSL implementation at runtime.
- Bug: When moving the certificate information extraction to
openvpn_plugin_func_v1(), the certificate level was not
extracted correctly. It needs to be converted to an integer.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
|
|
|
| |
This can authenticate username/passwords via a file socket to
an authentication service.
A simple authentication service written in Python is added as well.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
|
| |
If the tunnel type was detected and a understandable device name
was found, the local devtype was not freed at all.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
|
|
|
|
|
| |
As the X.509 certificate data isn't available when the certificate has been
validated, save the parsed certificate information in the per-client-context
OpenVPN provides in the v3 plug-in API.
When the client disconnects, the certificate information and per-client-context
buffer is released as well.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
|
|
|
|
| |
OpenVPN
The OpenVPN plug-in v3 API there is direct access to the X.509 certificate
data. This patch starts the adoptation to make use of that, but also to
preserve backwards compatibility.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
| |
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
|
| |
This is related to that certinfo has been extended and now
need to pull in the openssl/x509.h to compile properly.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
|
|
|
| |
Added a function to extract the needed information from an
OpenSSL X509 object. Also extended parse_tlsid() to include
a pointer to the certificate digest, to have a common behaviour
between parse_tlsid() and parse_x509_cert().
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
| |
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
|
| |
These changes should provide both the v1 API and the new v3 API,
depending on which OpenVPN is being used.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
| |
This is to enable an improved logging feature in OpenVPN v2.3 and newer.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
|
| |
In OpenVPN v2.3 there's a new plug-in API with a more integrated log features.
This patch prepares the logging infrastructure for this API.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
|
| |
This enables setting authentication plug-in and the alternative
authentication username for user-certificate links.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
|
|
| |
This auth-plugin will authenticate users against a simple
text file containing username and password hashes, separated
by a '|' (pipe).
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
| |
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
|
| |
This file should have been added to commit 2cb8244efca21c48db523df9a12a337d3679e26b
but got forgotten.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This implements a authentication plug-in framework which can be
used to do username/password authentication against another backend
per user/certificate.
Conflicts:
database/eurephiadb.c
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| | |
| |
| |
| |
| |
| | |
Seems delta-2 was already "taken" in master.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| | |
| |
| |
| |
| |
| |
| | |
This enables plug-in support management via the eDBadminPlugins() function,
used by eurephiadm.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| | |
| |
| |
| |
| |
| |
| | |
This adds the 'plugins' command, which is used to register, remove
or modify plug-in parameters.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| | |
| |
| |
| |
| |
| |
| | |
This function will be used by the admin interface to configure
eurephia plug-ins.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| | |
| |
| |
| |
| |
| |
| | |
This field type ensures boolean values will be predictable when
working in the database driver layer.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
The field mapping id changed to unsigned long long in
commit 60800a7030c7aa3a9e1a1b6155abc4079a0e34f1. This function
needs to support that as well.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| | |
| |
| |
| |
| |
| |
| | |
This will enable the database plug-ins and eurephiadm to manipulate
this table.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| | |
| |
| |
| |
| |
| |
| | |
This will enable the database plug-ins and eurephiadm to manipulate
this table.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| | |
| |
| |
| |
| |
| |
| | |
This slightly changes the eDBmappingGetValue() function to reuse
some of the same look-up logic for eDBmappingSetValue()
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| | |
| |
| |
| | |
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| | |
| |
| |
| |
| |
| |
| | |
This will temporarily load a plug-in and extract information about
it. The gathered information is returned in a struct on success.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| | |
| |
| |
| |
| |
| |
| | |
This optional function may be declared in the auth-plugins and will be
called via the eAuthPlugin_Close() function.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This is a dummy plug-in, which should NEVER EVER be used in production.
Its purpose is just to solely test the authentication plug-in API and
to provide a demo implementation of the API.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| | |
| |
| |
| |
| |
| |
| | |
This is needed to provide config data to a configured plug-in when it is loaded
and initialised.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| | |
| |
| |
| |
| |
| | |
This can be used to pass a configuration to the authentication plug-in.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
memset() and free_nullsafe() was performed on a NULL pointer before
it would be used.
Also make uicid be 0 on generic database issues, not triggering a
logging of a log-in attempt. A database error is hardly a user problem,
and logging the log-in attempt may even fail as well.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| | |
| |
| |
| | |
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| | |
| |
| |
| |
| |
| |
| | |
This new PluginInfo() will return a struct instead, containing all the
needed plug-in info. It also replaces the APIversion() function completely.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
By setting this config option in the eurephia database, eurephia will
expect all user account/certificate links to be set up with an external
plug-in for username/password authentications.
Further, it is now ensured that system configuration issues or general
failures not related to the user authentication itself, is not counted
as a login attempt.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If the configured authentication plug-in was disabled, edb-sqlite
would still insist on using the plug-in as authentication method.
This patch changes the behaviour to use the internal eurephia
database for authentication if the authentication plug-in is
disabled.
The code also was modified slighly so that the internal eurephia
database will be the fallback method if any other checks are
skipped.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This adds the needed functions the eurephia framework requires to
retrieve a list of all configured plug-ins - eDBget_plugins(). And
it includes eDBauth_GetAuthMethod() which is used to lookup what
kind of authentication method a specific user account/certificate
combination should use. If the authentication backend requires
a different username for this, that can also be configured in
this user account/certification setup.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
framework
This enables using an external authentication plug-in if a user
account/certification link is configured to make user of it.
This change ensures that all configured authentiaction plug-ins are
loaded and is available when eurephia is initialised.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This enables a run-time loadable support for other authentication
modules. This can be used to make eurephia authenticate user's
passwords against other sources than the local eurephia database
itself.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
eGetSym_optional()
Will be used by the authentication plug-in framework.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
