summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Rewrote lastlog and users command to use XSLT for viewing lastlogDavid Sommerseth2009-03-293-133/+214
|
* Added the beginning of fwadmin command in eurephiadmDavid Sommerseth2009-03-294-0/+360
|
* Changed eDBadminGetFirewallProfiles(...) to eDBadminFirewallProfiles(...)David Sommerseth2009-03-293-25/+63
| | | | | Will try a new approach to use the same entry point for all actions connected to the firewall profiles configuration.
* Implemented an XSLT parser for eurephiadmDavid Sommerseth2009-03-292-0/+99
|
* Fix error setting eurephiadm_xslt_path in eurephiadmDavid Sommerseth2009-03-291-5/+7
| | | | | | | In commit d7a8babb19bcc1107daff0cc5673bc32b0ed785b the check if the configuration value 'eurephiadm_xslt_path' was set in the database looked in the wrong configuration area. Fixed this and it now copies the value over from the database configuration.
* BUGFIX: eurephiadm argument parser increased argument pointer too muchDavid Sommerseth2009-03-291-1/+1
|
* Prepared for linking in libxsltDavid Sommerseth2009-03-294-0/+46
| | | | | | | | | | | | Added two extra ./configure arguments, --xslt-path which defines the root directory for all eurephia specific XSLT templates (defaults to /usr/share/eurephia/xslt) and --eurephiadm-xslt which defines the path eurephiadm will use for its XSLT templates (defaults to /usr/share/eurephia/xslt/eurephiadm) Added an extra configuration paramet for eurephiadm (eurephiadm_xslt_path), which can be used to override the compiled in default values
* Added a small utility for decoding password salt informationDavid Sommerseth2009-03-292-0/+91
|
* Fixed some possible issues with the XML implementation, regarding UTF-8David Sommerseth2009-03-292-7/+37
| | | | | | Do proper conversion from char * to xmlChar *. Need to figure out a better way how to return xmlChar * to char * when returning strings which may contain UTF-8.
* Added eDBadminGetFirewallProfiles(...) function in DB driverDavid Sommerseth2009-03-284-0/+141
|
* Added fieldMapping for the firewall access table (openvpn_accesses)David Sommerseth2009-03-283-0/+40
|
* Fixed a "hang" when wrong password was usedDavid Sommerseth2009-03-283-14/+44
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Due to the current implementation of SHA512 salts, it could be experienced as if the application hung on wrong passwords. This is because the rounds count for the passwords are scrambled, with values based on the given password. When a wrong password is given, this will also result in getting a wrong salt length and hash rounds for the following hash calculation. Due to this, the extracted rounds value from the salt string could return some really high number of rounds on wrong passwords (possibly the max value if integer). And this is why the "hang" is experienced. To avoid this, a check is added to make sure the rounds is not unreasonably much higher than the configured max rounds values. If the descrambled rounds number from the salt exceeds max rounds * 1.5, the password (most probaly) is wrong. In this case we do a sleep() to slow down bruteforce attacks and return NULL. The drawback is if the maxrounds later on is changed to a value which hits this scenario: passwordsalt_rounds > maxrounds_cfg * 1.5 In this case these old passwords will be invalidated by that configuration change. This is considered to be a feature and not a bug. The reason for mulitiplying by 1.5, is to allow a little room for a degrading the max rounds setting. By adjusting the max rounds up again, these passwords will be valid again. Added also a sleep() when wrong username is attempted.
* BUGFIX: Fixed missing string replace in certificate functionsDavid Sommerseth2009-03-271-2/+18
| | | | | | | | When calling eDBadminGetCertificateInfo(...) or eDBadminDeleteCertificate(...) with a search XML document using common_name or organisation and these fields contained spaces, no certificates would be deleted. This is because space is replaced with underscore in the database.
* BUGFIX: eurephiadm certs delete help and delete failureDavid Sommerseth2009-03-271-3/+3
| | | | | | | | | When doing certs --delete --help, wrong help text was shown. When trying to delete certificates with common name or organisation as search fields, no certificates was found. This is another fix after the commit 3c35318429e33c98c2d7fac8943dfc6ff40359c7 which changed some of the XML tags for the certificate table.
* Corrected a log entry on login/logoutDavid Sommerseth2009-03-261-2/+2
|
* Further code cleanupDavid Sommerseth2009-03-269-43/+16
| | | | | Added in addition missing GPLv2 only remarks where it was missing from commit 0712bce6f387121e37501ec323e3da89ce4300c3
* Made the licence explicit GPLv2 onlyDavid Sommerseth2009-03-2664-69/+72
|
* Cleaned up the code a little bitDavid Sommerseth2009-03-2669-126/+150
| | | | | Made sure we only include needed include files and checked that the copyright headers are equal and correct
* eurephiadm/lastlog: Added showing username in verbose modeDavid Sommerseth2009-03-251-8/+31
|
* Updated TODODavid Sommerseth2009-03-241-2/+2
|
* Corrected sorting of result in eDBadminGetAdminAccess(...)David Sommerseth2009-03-241-1/+1
|
* eurephiadm - renamed useraccess command to adminaccessDavid Sommerseth2009-03-243-17/+17
|
* eurephiadm/useraccess: Added grant and revoke functionsDavid Sommerseth2009-03-241-7/+97
|
* eurephiadm: Began implementing useraccess commandDavid Sommerseth2009-03-243-0/+285
| | | | Only listing of user access levels are implemented.
* eurephiadm - Implemented lastlog commandDavid Sommerseth2009-03-244-87/+279
| | | | | | This lastlog command will list all entries of eurephia sessions. This list can also be filtered by giving proper arguments.
* Implemented the eDBadminGetLastLog(...) function in the SQLite3 driverDavid Sommerseth2009-03-243-4/+102
|
* Added more fields to the global field mapping tableDavid Sommerseth2009-03-241-30/+37
| | | | | Had to also extend the FIELD_* assignments to allow two new fields to be mapped
* Fixed spelling error in eurephiadm::usercerts commandDavid Sommerseth2009-03-241-2/+2
|
* Extended the database driver with eDBadminGetAdminAccess(...)David Sommerseth2009-03-243-0/+64
| | | | | | This function will return an XML document with data extracted from the eurephia_adminaccess table. Search criterias are defined by the search XML doc given as input.
* Added CREDITS.txtDavid Sommerseth2009-03-231-0/+27
| | | | Just to honour those who have contributed directly or indirectly
* Updated TODO listDavid Sommerseth2009-03-231-15/+35
|
* Fixed wrong help text info for eurephiadm usercerts commandDavid Sommerseth2009-03-231-5/+4
| | | | Also removed debug info as well
* BUGFIX: eurephiadm could not register certificatesDavid Sommerseth2009-03-231-2/+2
| | | | | | | In commit 3c35318429e33c98c2d7fac8943dfc6ff40359c7 the field mapping was simplified for some fields, but the XML document used for registering certificates was never updated to reflect these chanages.
* Use global EUREPHIAVERSION instead of the local EUREPHIADMVERSIONDavid Sommerseth2009-03-231-3/+1
|
* Added utility to initialise and prepare a eurephia databaseDavid Sommerseth2009-03-223-1/+570
| | | | | | | | | | | Run the utils/eurephia_init program to setup and do the initial configuration of eurephia. It needs 2 required arguments --database-driver <path to database driver> --database-args <arguments to the db driver> This utility will then guide you through a setup for the different configuration parameters used by eurephia.
* Added support for editing the eurephia_adminaccess tableDavid Sommerseth2009-03-226-6/+98
| | | | Implemented eDBadminEditAdminAccess(...) function in db driver
* Fixed a memory leak in benchmark.cDavid Sommerseth2009-03-221-1/+4
|
* Avoid segfault if xmlDoc or XML root element is NULL in eurephiaXML_getRoot(...)David Sommerseth2009-03-221-2/+1
|
* Added benchmarking to suggest minimum and maximum rounds for hashesDavid Sommerseth2009-03-222-0/+156
|
* Rewrote database driver (SQLite) to use eurephia_pwd_crypt(...)David Sommerseth2009-03-223-23/+44
| | | | Follow up from commit 062a3c92343a5fa371f8637f8bca88aacca14cc4
* Renamed passwdhash(...) function to eurephia_quick_hash(...)David Sommerseth2009-03-213-37/+32
| | | | | | | | | | This to make it clearer that passwdhash(...) is not good for password hashing, but suitable when you need a quick hashing algorithm. The eurephia_quick_hash(...) are now used for password caching hashing, and is still suitable here since the salt used for the passwords are in memory only and never written to disk, as they are supposed to be temporary hashes.
* Added new password hashing function with proper SHA512 hashingDavid Sommerseth2009-03-212-0/+401
| | | | | | | | | | | | | | | | | | | | | This new function, eurephia_pwd_crypt(...) implements a modified SHA512 hashing algorithm based on the SHA512 crypt implementation proposed by Ulrich Drepper for glibc. The original implementation adds support for variable hashing rounds. The eurephia version implements dynamic hashing rounds, controlled by minimum and maximum rounds set in the configuration. If not set, it will minimum use 5000 rounds and maximum 7500 rounds. The amount of rounds is supposed to be random. In addition to this, the salt information is now encoded into a hex value. In this value the salt length and the hash rounds are defined. This hex value is then encoded (quasi crypt) based on a modulus of the sum of the characters in the password + the password length. So if you give the wrong password, you will also get the wrong salt length and the wrong number of hashing rounds used. The default salt length is also increased to 32 bytes (256 bit)
* Added missing source in edb-sqlite driver after reorg with randstr.cDavid Sommerseth2009-03-211-0/+1
|
* Made the destination buffer for random data more type independent (void *)David Sommerseth2009-03-032-2/+2
|
* Added macro for defaultIntvalue() for pure integer valuesDavid Sommerseth2009-03-031-1/+1
|
* Compile fix: Use sqlite_int64 instead of sqlite3_int64David Sommerseth2009-03-021-1/+1
| | | | | This makes it possible to compile it on some older versions of the SQLite3 library
* Moved eDBsessionGetRandString(...) to a more global and independent ↵David Sommerseth2009-01-109-34/+88
| | | | eurephia_randstring(...) function
* BUGFIX: Removed several memory leaksDavid Sommerseth2009-01-031-0/+5
|
* BUGFIX: Fixed unintended truncation of the session key and session seed valuesDavid Sommerseth2009-01-031-2/+2
|
* Introduced password caching on authenticated sessionsDavid Sommerseth2009-01-036-27/+122
| | | | | | | | | | | | | | | | | | | | | | This is to prepare eurephia-auth plugin to use other and more CPU intensive hashing algorithms for passwords. In addition, open sessions will now not be rejected/closed due to wrong password if the user changes the password with an open session running. The patch adds a new server_salt attribute in the eurephiaCTX structure. This is used as a temporary salt and is created of random data when OpenVPN is started. When a user is being authenticated (eurephia.c/eurephia_userauth) a authentication session (not the same as a 'normal' session) is opened and checked for a cached password. If it does not exist or match, normal password check will be done against the user database. If a cached password is found and matches, it is considered to be authenticated. The cached password uses the SHA512 algorithm, together with the eurephiaCTX->server_salt.
generated by cgit (git 2.34.1) at 2025-09-27 20:33:20 +0000