summaryrefslogtreecommitdiffstats
path: root/database/sqlite/edb-sqlite.c
Commit message (Collapse)AuthorAgeFilesLines
* edb-sqlite: Fixed a typos and copyright noticesrelease/1.0David Sommerseth2011-07-251-3/+4
| | | | | Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> (cherry picked from commit 331d3ff806f4d1b146d8599b1e226e7962f7d7b2)
* Quick fix for typo 'Quering'Dario Minnucci2010-12-011-2/+2
| | | | | Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> (cherry picked from commit 35d84a44f2bec3754fca0604d8bb6a3a598b8441)
* Updated Copyright dates to include 2010David Sommerseth2010-05-251-1/+1
|
* Fixed wrong usage of lower(digest) in eDBregister_attempts()David Sommerseth2009-11-131-8/+14
| | | | | | | This is a follow up of commit de7a3d88c78cdf400fcee78f71946da8b12ec74f.That commit introduced an SQL error when eDBregister_attempts() was attempting to update certificate digest attempt records. Overhauled and fixed the complete eDBregister_attempts() function.
* Certificate digests are always lower case.David Sommerseth2009-11-121-17/+22
| | | | | This makes sure that all interactions with the database will convert the digest strings to lower case.
* Always process certificate depth as integerDavid Sommerseth2009-10-131-3/+3
|
* Restrict input data length for plug-in arguments from openvpnDavid Sommerseth2009-10-041-2/+2
| | | | This only affects functions related to MAC address and certificate depth
* Completed doxygen comments for edb-sqlite.cDavid Sommerseth2009-09-111-37/+114
|
* Added debug logging of free_nullsafe() calls as wellDavid Sommerseth2009-09-071-13/+13
|
* Moved all malloc() operations over to a calloc wrapper, malloc_nullsafe()David Sommerseth2009-09-071-2/+1
| | | | This also improves debugging as well, if debug logging is enabled and log level is >= 40.
* Added missing #include statementsDavid Sommerseth2009-09-021-0/+1
|
* Fixed a "hang" when wrong password was usedDavid Sommerseth2009-03-281-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Due to the current implementation of SHA512 salts, it could be experienced as if the application hung on wrong passwords. This is because the rounds count for the passwords are scrambled, with values based on the given password. When a wrong password is given, this will also result in getting a wrong salt length and hash rounds for the following hash calculation. Due to this, the extracted rounds value from the salt string could return some really high number of rounds on wrong passwords (possibly the max value if integer). And this is why the "hang" is experienced. To avoid this, a check is added to make sure the rounds is not unreasonably much higher than the configured max rounds values. If the descrambled rounds number from the salt exceeds max rounds * 1.5, the password (most probaly) is wrong. In this case we do a sleep() to slow down bruteforce attacks and return NULL. The drawback is if the maxrounds later on is changed to a value which hits this scenario: passwordsalt_rounds > maxrounds_cfg * 1.5 In this case these old passwords will be invalidated by that configuration change. This is considered to be a feature and not a bug. The reason for mulitiplying by 1.5, is to allow a little room for a degrading the max rounds setting. By adjusting the max rounds up again, these passwords will be valid again. Added also a sleep() when wrong username is attempted.
* Made the licence explicit GPLv2 onlyDavid Sommerseth2009-03-261-1/+1
|
* Cleaned up the code a little bitDavid Sommerseth2009-03-261-2/+2
| | | | | Made sure we only include needed include files and checked that the copyright headers are equal and correct
* Rewrote database driver (SQLite) to use eurephia_pwd_crypt(...)David Sommerseth2009-03-221-8/+18
| | | | Follow up from commit 062a3c92343a5fa371f8637f8bca88aacca14cc4
* Introduced password caching on authenticated sessionsDavid Sommerseth2009-01-031-19/+43
| | | | | | | | | | | | | | | | | | | | | | This is to prepare eurephia-auth plugin to use other and more CPU intensive hashing algorithms for passwords. In addition, open sessions will now not be rejected/closed due to wrong password if the user changes the password with an open session running. The patch adds a new server_salt attribute in the eurephiaCTX structure. This is used as a temporary salt and is created of random data when OpenVPN is started. When a user is being authenticated (eurephia.c/eurephia_userauth) a authentication session (not the same as a 'normal' session) is opened and checked for a cached password. If it does not exist or match, normal password check will be done against the user database. If a cached password is found and matches, it is considered to be authenticated. The cached password uses the SHA512 algorithm, together with the eurephiaCTX->server_salt.
* Prepared passwdhash function to allow salting and be prepared for other ↵David Sommerseth2009-01-021-1/+1
| | | | hashing algorithms
* edb-sqlite: Update openvpn_users.last_accessed = now() on successful loginDavid Sommerseth2008-12-081-0/+13
|
* Moved administration functions (eDBadmin*) into adminstration.cDavid Sommerseth2008-12-031-364/+6
|
* Fixed wrong data type for the access variable in eDBadminAuth(...)David Sommerseth2008-12-031-2/+2
|
* BUGFIX: Logout works properly again and improved logout status changeDavid Sommerseth2008-12-031-7/+11
| | | | | | - cmd_Logout(...) used the wrong argv[] index for sessionkey. - Improved eDBadminValidateSession(...) to set status to '5' on sessions which are getting logged out due to missing privileges
* Changed the logout behaviour to avoid login and/or access control check when ↵David Sommerseth2008-12-031-5/+5
| | | | user is about to logout
* Enhanced the access control by introducing access levelsDavid Sommerseth2008-12-021-30/+66
|
* Added database functions for editing the openvpn_config tableDavid Sommerseth2008-12-021-0/+46
|
* Fixed memory leak. Was missing a sqlite_free_results(...)David Sommerseth2008-11-301-0/+1
|
* Added eDBadminLogout(...) function in database driverDavid Sommerseth2008-11-301-3/+42
| | | | | Added one more status code, for active sessions. Auto-logout will now also delete session variables
* eurephiadm can now use eDBadminValidateSession(...) to use open session. ↵David Sommerseth2008-11-301-1/+44
| | | | Auto-logout implemented as well
* Unified define flagsDavid Sommerseth2008-11-301-1/+0
|
* Completed the change of authentication model in database driverDavid Sommerseth2008-11-301-84/+48
| | | | | | Follow up of commit 103acd7c2e1467401f0795930be9140dc5ed47ff. Seems to work fine via both plugin mode and eurephiadm, regarding core dumping too.
* Merge branch 'master' into eurephiadmDavid Sommerseth2008-11-291-5/+8
|\
| * BUGFIX: Use hard coded default values when checking against openvpn_attempts ↵David Sommerseth2008-11-291-5/+8
| | | | | | | | if config parameters is not set
* | Login seems to work from database driver sideDavid Sommerseth2008-11-291-5/+239
| |
* | Splitted plugin/eurephiadb_session.[ch] into two partsDavid Sommerseth2008-11-281-1/+1
| | | | | | | | | | | | | | | | | | One part is a generic session handling part (common/eurephiadb_session_common.[ch]) and the other part is left in the old plugin/eurephiadb_session.[ch]. This splitting should make it easiser to reuse some of the session handling functions for the admin utils.
* | Rough preparation of the db drivers for API ver 2David Sommerseth2008-11-281-3/+14
|/
* Renamed eurephiadb-sqlite to edb-sqliteDavid Sommerseth2008-11-051-0/+900
generated by cgit (git 2.34.1) at 2025-08-30 23:13:22 +0000