| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
GCC 5 updated the default -std from gnu89 to gnu11. This
introduces some incompatibilities with the eurephia source. So
for now we compile against the GNU89 standard, until these issues
have been resolved in a better way.
Signed-off-by: David Sommerseth <dazo@eurephia.org>
|
|
|
|
|
|
|
| |
Provide .mailmap for dazo; the users.sf.net address is being deprecated
and provide a config example how to enable usage of mailmap by default.
Signed-off-by: David Sommerseth <dazo@eurephia.org>
|
|
|
|
| |
Signed-off-by: David Sommerseth <dazo@eurephia.org>
|
|
|
|
| |
Signed-off-by: David Sommerseth <dazo@eurephia.org>
|
|
|
|
|
|
|
|
|
| |
ifconfig_pool_netmask
This isn't always present, and only triggers some warnings. As it's not used for
anything critical, get rid of it.
Signed-off-by: David Sommerseth <dazo@eurephia.org>
|
|
|
|
|
|
|
|
| |
Don't match against contents of O, CN or emailAddress fields. The
uniqueness of the certificates will be well controlled by the certificate
fingerprint anyway.
Signed-off-by: David Sommerseth <dazo@eurephia.org>
|
|
|
|
|
|
|
| |
This function is called also with IP adresses from networks behind clients, and
eurephia doesn't really need to process them.
Signed-off-by: David Sommerseth <dazo@eurephia.org>
|
|
|
|
|
|
|
|
|
| |
If routing subnets over the VPN tunnel, OpenVPN will learn addresses
inside these subnets. As these IP addresses are not directly connected
to a eurephia session, these errors can be silenced in normal operation.
So this logging was moved to DEBUG().
Signed-off-by: David Sommerseth <dazo@eurephia.org>
|
|
|
|
|
|
|
| |
The check if dbargc exceeds MAX_ARGUMENTS was done _after_ it was checked
if the array element is NULL. This was not the intention.
Signed-off-by: David Sommerseth <dazo@eurephia.org>
|
|
|
|
| |
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
| |
This hash is only used to measure the hashing speed. We don't need to save
this hash at this point.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
| |
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
| |
These variables where used before the XML based response in the
admin API was implemented.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
|
|
|
| |
Debian now requires explicit -ldl when linking eurephiadm and the
other executables in ./utils. Presuming this will be an issue on
other Linux distributions, so made this generic for Linux builds.
Thanks to Alberto Gonzalez Iniesta for helping solving this.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
|
|
| |
The socket got closed after the first authentication. Re-indent the
close() call to the proper level.
Credits goes to Colin Ryan for spotting this one.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
|
|
|
| |
The uid and accessess profile variables had changed order. Which
would cause a mismatch with the configured access profile and
user-cert link.
I'd like to thank Colin Ryan for catching this bug too.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
overwritten
When commit 85ad4bbb21e478b5b3699dfa14c97dccfd336f10 was added, it was
missing a break statement at the end of the 'case ft_PASSWD' block. This resulted
in a corrupted password hash when initialising the database or changing the password
for users - as it would be overwritten by the following boolean parsing.
I'd like to thank Colin Ryan for catching this bug.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
|
| |
ENABLE_DEBUG block
It was not possible to build eurephia without --debug configured otherwise.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- SSLAPI_OPENSSL isn't available in this version. Print a warning
during compile time that OpenVPN must be compiled against OpenSSL.
If OpenVPN is not compiled against OpenSSL, it may most likely crash.
OpenVPN 2.3.2 and below can be compiled against PolarSSL and does
not contain the needed arguments->ssl_api variable to identify
SSL implementation at runtime.
- Bug: When moving the certificate information extraction to
openvpn_plugin_func_v1(), the certificate level was not
extracted correctly. It needs to be converted to an integer.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
|
|
| |
This can authenticate username/passwords via a file socket to
an authentication service.
A simple authentication service written in Python is added as well.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
| |
If the tunnel type was detected and a understandable device name
was found, the local devtype was not freed at all.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
|
|
|
|
| |
As the X.509 certificate data isn't available when the certificate has been
validated, save the parsed certificate information in the per-client-context
OpenVPN provides in the v3 plug-in API.
When the client disconnects, the certificate information and per-client-context
buffer is released as well.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
|
|
|
| |
OpenVPN
The OpenVPN plug-in v3 API there is direct access to the X.509 certificate
data. This patch starts the adoptation to make use of that, but also to
preserve backwards compatibility.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
| |
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
| |
This is related to that certinfo has been extended and now
need to pull in the openssl/x509.h to compile properly.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
|
|
| |
Added a function to extract the needed information from an
OpenSSL X509 object. Also extended parse_tlsid() to include
a pointer to the certificate digest, to have a common behaviour
between parse_tlsid() and parse_x509_cert().
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
| |
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
| |
These changes should provide both the v1 API and the new v3 API,
depending on which OpenVPN is being used.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
| |
This is to enable an improved logging feature in OpenVPN v2.3 and newer.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
| |
In OpenVPN v2.3 there's a new plug-in API with a more integrated log features.
This patch prepares the logging infrastructure for this API.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
| |
This enables setting authentication plug-in and the alternative
authentication username for user-certificate links.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
|
| |
This auth-plugin will authenticate users against a simple
text file containing username and password hashes, separated
by a '|' (pipe).
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
| |
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
| |
This file should have been added to commit 2cb8244efca21c48db523df9a12a337d3679e26b
but got forgotten.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This implements a authentication plug-in framework which can be
used to do username/password authentication against another backend
per user/certificate.
Conflicts:
database/eurephiadb.c
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
| |
| |
| |
| |
| | |
Seems delta-2 was already "taken" in master.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
| |
| |
| |
| |
| |
| | |
This enables plug-in support management via the eDBadminPlugins() function,
used by eurephiadm.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
| |
| |
| |
| |
| |
| | |
This adds the 'plugins' command, which is used to register, remove
or modify plug-in parameters.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
| |
| |
| |
| |
| |
| | |
This function will be used by the admin interface to configure
eurephia plug-ins.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
| |
| |
| |
| |
| |
| | |
This field type ensures boolean values will be predictable when
working in the database driver layer.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
| |
| |
| |
| |
| |
| |
| | |
The field mapping id changed to unsigned long long in
commit 60800a7030c7aa3a9e1a1b6155abc4079a0e34f1. This function
needs to support that as well.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
| |
| |
| |
| |
| |
| | |
This will enable the database plug-ins and eurephiadm to manipulate
this table.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
| |
| |
| |
| |
| |
| | |
This will enable the database plug-ins and eurephiadm to manipulate
this table.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
| |
| |
| |
| |
| |
| | |
This slightly changes the eDBmappingGetValue() function to reuse
some of the same look-up logic for eDBmappingSetValue()
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
| |
| |
| | |
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
| |
| |
| |
| |
| |
| | |
This will temporarily load a plug-in and extract information about
it. The gathered information is returned in a struct on success.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
| |
| |
| |
| |
| |
| | |
This optional function may be declared in the auth-plugins and will be
called via the eAuthPlugin_Close() function.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
| |
| |
| |
| |
| |
| |
| | |
This is a dummy plug-in, which should NEVER EVER be used in production.
Its purpose is just to solely test the authentication plug-in API and
to provide a demo implementation of the API.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
| |
| |
| |
| |
| |
| | |
This is needed to provide config data to a configured plug-in when it is loaded
and initialised.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
| |
| |
| |
| |
| | |
This can be used to pass a configuration to the authentication plug-in.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|