| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
| |
Make sure that eDBget_sessionkey_macaddr(...) only returns sessionkeys for
sessions ready to be destroyed, ie. sessionstatus must be 3.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
for sessions which is in open status (sessionstatus is 1 or 2).
When a client does a disconnect for session_A, the status of the session is 3,
as logged out but not yet deleted. In this status, the session is not deleted,
nor is the record in openvpn_sessionkeys for that sessions's sessionseed.
If the client then does a new reconnection (session_B) before the session is
deleted, it will get the sessionkey for the session which was just logged out,
session_A's sessionkey. When OpenVPN then calls the learn_address function
to delete the session_A, that session will be closed. This results in that
session_B will then do not match any open sessions at all, since session_A and
session_B shared the sessionseed to a sessionkey.
By changing the eDBget_sessionkey_seed(...) to check that the sessionstatus
is 1 or 2 (open session statuses), it should generate a new sessionkey for
the session_B, since no sessionkey would be returned for that sessionseed.
The destruction of the session (done via eurephia_learn_address(...)) will
still work, since this function uses the MAC address of the client and not
the sessionseed.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
is sent to make.
Since several parts of the code where LOG_DEBUG was used with eurephia_log(...)
contains security sensitive information (like logging password retrieved with
get_env(...)), all debug logging is now done via the DEBUG macro.
This macro will not produce any security relevant eurephia_log(...) statements
unless the source is compiled with -DENABLE_DEBUG. This is activated via
make by adding DEBUG=1 before the make targets. When not enabled, the
binaries will not do any debug logging at all.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
- Added eDBget_sessionkey_macaddr(...) to retrieve sessionkey based on MAC address
- Changed eDBdestroy_session(...) to use eurephiaSESSION instead of MAC address string
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Using code from the SourceForge.net project: sha
https://sourceforge.net/projects/sha/
Written by Allan Saddi.
Wrote today to the developer and asked for permission to
include sha512.[ch] under the BSD licence in this GPLv2
project. If it is denied, I'll need to find another
SHA512 implementation.
|
| | |
|
| |
|
|
| |
of memwatch and sha1
|
| | |
|
| |
|
|
| |
eAdd_value(...)
|
| |
|
