summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Temporary fix for building against GCC 5 and newer.HEADmasterDavid Sommerseth2016-01-201-1/+1
| | | | | | | | | GCC 5 updated the default -std from gnu89 to gnu11. This introduces some incompatibilities with the eurephia source. So for now we compile against the GNU89 standard, until these issues have been resolved in a better way. Signed-off-by: David Sommerseth <dazo@eurephia.org>
* git repository enhancementsDavid Sommerseth2016-01-202-0/+11
| | | | | | | Provide .mailmap for dazo; the users.sf.net address is being deprecated and provide a config example how to enable usage of mailmap by default. Signed-off-by: David Sommerseth <dazo@eurephia.org>
* Improve compiler warning if OpenSSL build of OpenVPN is not detectedDavid Sommerseth2016-01-201-1/+1
| | | | Signed-off-by: David Sommerseth <dazo@eurephia.org>
* eurephiadm: Don't try to remove session file if it doesn't existDavid Sommerseth2015-01-281-4/+4
| | | | Signed-off-by: David Sommerseth <dazo@eurephia.org>
* plugin: Remove usage of not really useful environment variable, ↵David Sommerseth2015-01-094-46/+21
| | | | | | | | | ifconfig_pool_netmask This isn't always present, and only triggers some warnings. As it's not used for anything critical, get rid of it. Signed-off-by: David Sommerseth <dazo@eurephia.org>
* sqlite: Only use certificate digest/fingerprint for TLS authenticationDavid Sommerseth2015-01-091-7/+6
| | | | | | | | Don't match against contents of O, CN or emailAddress fields. The uniqueness of the certificates will be well controlled by the certificate fingerprint anyway. Signed-off-by: David Sommerseth <dazo@eurephia.org>
* plugin: Don't treat not found sessions in eurephinalearn_address() as a failureDavid Sommerseth2015-01-081-1/+5
| | | | | | | This function is called also with IP adresses from networks behind clients, and eurephia doesn't really need to process them. Signed-off-by: David Sommerseth <dazo@eurephia.org>
* plugin: Improved logging of not found addresses in eurephia_learn_addressDavid Sommerseth2015-01-081-3/+1
| | | | | | | | | If routing subnets over the VPN tunnel, OpenVPN will learn addresses inside these subnets. As these IP addresses are not directly connected to a eurephia session, these errors can be silenced in normal operation. So this logging was moved to DEBUG(). Signed-off-by: David Sommerseth <dazo@eurephia.org>
* Correct ugly boundary checks in database initDavid Sommerseth2014-12-052-2/+2
| | | | | | | The check if dbargc exceeds MAX_ARGUMENTS was done _after_ it was checked if the array element is NULL. This was not the intention. Signed-off-by: David Sommerseth <dazo@eurephia.org>
* Get rid of bashism in eurephiadm/mk_buildinfo.shDavid Sommerseth2013-07-111-2/+2
| | | | Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* eurephia_init/benchmark: We don't need the result from the password hashingDavid Sommerseth2013-06-281-2/+1
| | | | | | | This hash is only used to measure the hashing speed. We don't need to save this hash at this point. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* eurephia_init: Return with the proper exit codeDavid Sommerseth2013-06-281-1/+1
| | | | Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* Removed some stray left-over variables no longer in useDavid Sommerseth2013-06-283-11/+3
| | | | | | | These variables where used before the XML based response in the admin API was implemented. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* Fixed issue with missing -ldl on unstable Debian (sid) distroDavid Sommerseth2013-06-281-0/+1
| | | | | | | | | | Debian now requires explicit -ldl when linking eurephiadm and the other executables in ./utils. Presuming this will be an issue on other Linux distributions, so made this generic for Linux builds. Thanks to Alberto Gonzalez Iniesta for helping solving this. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* auth/socket: Fixed a silly indenting bug in demo-auth-server.pyDavid Sommerseth2013-06-251-2/+2
| | | | | | | | | The socket got closed after the first authentication. Re-indent the close() call to the proper level. Credits goes to Colin Ryan for spotting this one. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* Fixed variable mix-up when calling eDBregister_login2()David Sommerseth2013-06-251-1/+1
| | | | | | | | | | The uid and accessess profile variables had changed order. Which would cause a mismatch with the configured access profile and user-cert link. I'd like to thank Colin Ryan for catching this bug too. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* database: Bugfix - missing break statement caused password hash to be ↵David Sommerseth2013-06-131-0/+1
| | | | | | | | | | | | | overwritten When commit 85ad4bbb21e478b5b3699dfa14c97dccfd336f10 was added, it was missing a break statement at the end of the 'case ft_PASSWD' block. This resulted in a corrupted password hash when initialising the database or changing the password for users - as it would be overwritten by the following boolean parsing. I'd like to thank Colin Ryan for catching this bug. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* eurephia-auth: Move the declaration of eurephiaClientCTX outside #ifdef ↵David Sommerseth2013-06-121-2/+2
| | | | | | | | ENABLE_DEBUG block It was not possible to build eurephia without --debug configured otherwise. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* eurephia-auth: Fixed a few issues when using OpenVPN 2.2David Sommerseth2013-06-091-2/+6
| | | | | | | | | | | | | | | - SSLAPI_OPENSSL isn't available in this version. Print a warning during compile time that OpenVPN must be compiled against OpenSSL. If OpenVPN is not compiled against OpenSSL, it may most likely crash. OpenVPN 2.3.2 and below can be compiled against PolarSSL and does not contain the needed arguments->ssl_api variable to identify SSL implementation at runtime. - Bug: When moving the certificate information extraction to openvpn_plugin_func_v1(), the certificate level was not extracted correctly. It needs to be converted to an integer. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* auth: Added socket-auth moduleDavid Sommerseth2013-06-094-1/+482
| | | | | | | | | This can authenticate username/passwords via a file socket to an authentication service. A simple authentication service written in Python is added as well. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* Fixed a memory leak in detect_tunnel_type()David Sommerseth2013-06-071-0/+1
| | | | | | | If the tunnel type was detected and a understandable device name was found, the local devtype was not freed at all. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* plugin: Save the client certificate information in a OpenVPN per-client-contextDavid Sommerseth2013-06-071-17/+73
| | | | | | | | | | | As the X.509 certificate data isn't available when the certificate has been validated, save the parsed certificate information in the per-client-context OpenVPN provides in the v3 plug-in API. When the client disconnects, the certificate information and per-client-context buffer is released as well. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* plugin: Reworked the certinfo integration and use the X.509 certificate from ↵David Sommerseth2013-06-073-105/+103
| | | | | | | | | | OpenVPN The OpenVPN plug-in v3 API there is direct access to the X.509 certificate data. This patch starts the adoptation to make use of that, but also to preserve backwards compatibility. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* plugin: cleaned up some white space errors in environment.cDavid Sommerseth2013-06-071-2/+2
| | | | Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* eurephiadm: Added needed include files to be buildableDavid Sommerseth2013-06-072-0/+2
| | | | | | | This is related to that certinfo has been extended and now need to pull in the openssl/x509.h to compile properly. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* common: Improved the certificate information extračtionDavid Sommerseth2013-06-072-2/+88
| | | | | | | | | Added a function to extract the needed information from an OpenSSL X509 object. Also extended parse_tlsid() to include a pointer to the certificate digest, to have a common behaviour between parse_tlsid() and parse_x509_cert(). Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* eurephiadm: Removed inclusion of certinfo.h where not neededDavid Sommerseth2013-06-073-3/+0
| | | | Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* plugin: Start the implementation of OpenVPN 2.3's plug-in API v3David Sommerseth2013-06-051-4/+121
| | | | | | | These changes should provide both the v1 API and the new v3 API, depending on which OpenVPN is being used. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* common: Update callers of eurephia_log_init() to comply with the API changesDavid Sommerseth2013-06-054-12/+21
| | | | | | This is to enable an improved logging feature in OpenVPN v2.3 and newer. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* common: Prepare for OpenVPN 2.3's new logging feature in plug-in API v3David Sommerseth2013-06-053-7/+42
| | | | | | | In OpenVPN v2.3 there's a new plug-in API with a more integrated log features. This patch prepares the logging infrastructure for this API. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* eurephiadm/usercerts: Add support for setting up auth-pluginsDavid Sommerseth2013-05-295-36/+107
| | | | | | | This enables setting authentication plug-in and the alternative authentication username for user-certificate links. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* auth-plugin: Added a simple flat-file authentication exampleDavid Sommerseth2013-05-293-1/+264
| | | | | | | | This auth-plugin will authenticate users against a simple text file containing username and password hashes, separated by a '|' (pipe). Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* eurephiadm: Added missing install of the plugins.xsl fileDavid Sommerseth2013-05-291-0/+1
| | | | Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* eurephiadm: Added missing XSLT file for the plug-ins commandDavid Sommerseth2013-05-281-0/+122
| | | | | | | This file should have been added to commit 2cb8244efca21c48db523df9a12a337d3679e26b but got forgotten. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* Merge auth-plugin workDavid Sommerseth2013-05-2832-77/+2318
|\ | | | | | | | | | | | | | | | | | | | | This implements a authentication plug-in framework which can be used to do username/password authentication against another backend per user/certificate. Conflicts: database/eurephiadb.c Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| * sqlite3: Rename the delta script to avoid merge issuesDavid Sommerseth2013-05-281-0/+0
| | | | | | | | | | | | Seems delta-2 was already "taken" in master. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| * sqlite3: Enable support for managing plug-in modulesDavid Sommerseth2013-05-283-0/+357
| | | | | | | | | | | | | | This enables plug-in support management via the eDBadminPlugins() function, used by eurephiadm. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| * eurephiadm: Add support for managing plug-insDavid Sommerseth2013-05-284-1/+471
| | | | | | | | | | | | | | This adds the 'plugins' command, which is used to register, remove or modify plug-in parameters. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| * Add the eDBadminPlugins() function in the database APIDavid Sommerseth2013-05-282-0/+31
| | | | | | | | | | | | | | This function will be used by the admin interface to configure eurephia plug-ins. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| * database/field mapping: Introduce boolean field typeDavid Sommerseth2013-05-283-2/+26
| | | | | | | | | | | | | | This field type ensures boolean values will be predictable when working in the database driver layer. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| * Use proper return type in eDBmappingFieldsPresent()David Sommerseth2013-05-282-3/+3
| | | | | | | | | | | | | | | | The field mapping id changed to unsigned long long in commit 60800a7030c7aa3a9e1a1b6155abc4079a0e34f1. This function needs to support that as well. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| * Added fieldmapping to the new 'plugins' tableDavid Sommerseth2013-05-281-6/+6
| | | | | | | | | | | | | | This will enable the database plug-ins and eurephiadm to manipulate this table. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| * Added fieldmapping to the new 'plugins' tableDavid Sommerseth2013-04-122-0/+19
| | | | | | | | | | | | | | This will enable the database plug-ins and eurephiadm to manipulate this table. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| * Added new function to set the value in a eDBfieldMap structDavid Sommerseth2013-04-122-5/+39
| | | | | | | | | | | | | | This slightly changes the eDBmappingGetValue() function to reuse some of the same look-up logic for eDBmappingSetValue() Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| * Move the field mapping identifier from long int to long longDavid Sommerseth2013-04-121-38/+42
| | | | | | | | Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| * Added function to inspect a plug-inDavid Sommerseth2013-04-123-0/+101
| | | | | | | | | | | | | | This will temporarily load a plug-in and extract information about it. The gathered information is returned in a struct on success. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| * auth plugin: Added a possibility for auth plug-ins to close down properlyDavid Sommerseth2013-03-074-1/+24
| | | | | | | | | | | | | | This optional function may be declared in the auth-plugins and will be called via the eAuthPlugin_Close() function. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| * auth-plugin: Added a silly and stupid authentication plug-inDavid Sommerseth2013-03-043-1/+151
| | | | | | | | | | | | | | | | This is a dummy plug-in, which should NEVER EVER be used in production. Its purpose is just to solely test the authentication plug-in API and to provide a demo implementation of the API. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| * sqlite: Modified eDBget_plugins() to support the new interface for plug-in initDavid Sommerseth2013-03-043-1/+9
| | | | | | | | | | | | | | This is needed to provide config data to a configured plug-in when it is loaded and initialised. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| * auth plug-in: Extended the API to have a PluginInit() functionDavid Sommerseth2013-03-043-1/+70
| | | | | | | | | | | | This can be used to pass a configuration to the authentication plug-in. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
generated by cgit (git 2.34.1) at 2024-04-19 20:19:16 +0000