summaryrefslogtreecommitdiffstats
path: root/database/sqlite
Commit message (Collapse)AuthorAgeFilesLines
* sqlite: Only use certificate digest/fingerprint for TLS authenticationDavid Sommerseth2015-01-091-7/+6
| | | | | | | | Don't match against contents of O, CN or emailAddress fields. The uniqueness of the certificates will be well controlled by the certificate fingerprint anyway. Signed-off-by: David Sommerseth <dazo@eurephia.org>
* common: Update callers of eurephia_log_init() to comply with the API changesDavid Sommerseth2013-06-051-2/+2
| | | | | | This is to enable an improved logging feature in OpenVPN v2.3 and newer. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* eurephiadm/usercerts: Add support for setting up auth-pluginsDavid Sommerseth2013-05-292-2/+14
| | | | | | | This enables setting authentication plug-in and the alternative authentication username for user-certificate links. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* Merge auth-plugin workDavid Sommerseth2013-05-287-6/+546
|\ | | | | | | | | | | | | | | | | | | | | This implements a authentication plug-in framework which can be used to do username/password authentication against another backend per user/certificate. Conflicts: database/eurephiadb.c Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| * sqlite3: Rename the delta script to avoid merge issuesDavid Sommerseth2013-05-281-0/+0
| | | | | | | | | | | | Seems delta-2 was already "taken" in master. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| * sqlite3: Enable support for managing plug-in modulesDavid Sommerseth2013-05-283-0/+357
| | | | | | | | | | | | | | This enables plug-in support management via the eDBadminPlugins() function, used by eurephiadm. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| * database/field mapping: Introduce boolean field typeDavid Sommerseth2013-05-281-0/+1
| | | | | | | | | | | | | | This field type ensures boolean values will be predictable when working in the database driver layer. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| * sqlite: Modified eDBget_plugins() to support the new interface for plug-in initDavid Sommerseth2013-03-043-1/+9
| | | | | | | | | | | | | | This is needed to provide config data to a configured plug-in when it is loaded and initialised. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| * sqlite: Fixed a few odditiesDavid Sommerseth2013-03-041-2/+2
| | | | | | | | | | | | | | | | | | | | | | memset() and free_nullsafe() was performed on a NULL pointer before it would be used. Also make uicid be 0 on generic database issues, not triggering a logging of a log-in attempt. A database error is hardly a user problem, and logging the log-in attempt may even fail as well. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| * sqlite: Honour the auth plug-in enable flag (plgenabled)David Sommerseth2013-03-031-10/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If the configured authentication plug-in was disabled, edb-sqlite would still insist on using the plug-in as authentication method. This patch changes the behaviour to use the internal eurephia database for authentication if the authentication plug-in is disabled. The code also was modified slighly so that the internal eurephia database will be the fallback method if any other checks are skipped. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| * sqlite: Implemented needed functions to enable authentication plug-insDavid Sommerseth2013-03-034-6/+178
| | | | | | | | | | | | | | | | | | | | | | | | This adds the needed functions the eurephia framework requires to retrieve a list of all configured plug-ins - eDBget_plugins(). And it includes eDBauth_GetAuthMethod() which is used to lookup what kind of authentication method a specific user account/certificate combination should use. If the authentication backend requires a different username for this, that can also be configured in this user account/certification setup. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* | Update eurephiadm to extract VPN MAC and IP address info from the new placesDavid Sommerseth2012-12-262-12/+15
| | | | | | | | | | | | | | As the lastlog table doesn't contain MAC or IP addresses of the VPN client any more, make the lastlog extraction gather the data from the vpnaddr_history table instead. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* | Added eDBget_accessprofile() functionDavid Sommerseth2012-12-261-0/+28
| | | | | | | | | | | | | | | | This retrieves the accessprofile ID field from the database for a given uid/certid combination. This is useful when logging which firewall profile was used for a certain session. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* | Added a new eDBregister_login2() to replace eDBregister_login() database ↵David Sommerseth2012-12-263-22/+82
|/ | | | | | | | | | | | | | function This will save the access profile in the lastlog table. However, it will not save the VPN IP address and netmask any more. This should be saved in the vpnaddr_history table, using the eDBregister_vpnclientaddr() function. eDBregister_login() is now just a wrapper around the eDBregister_login2(), ignoring the access profile id and VPN addresses. This exists purely as a compatibility layer if the updated driver is used against an older eurephia-auth.so plug-in. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* Extended eDBget_uid() to also to UID lookup when certid is not availableDavid Sommerseth2012-11-021-6/+15
| | | | | | | By passing '0' as certid, the lookup will only be done against the user table. Any other values will consider the user-certification links as well. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* sqlite3: Improve error handling if memory alloc fails for SQL query stringDavid Sommerseth2012-10-191-2/+8
| | | | Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* SQLite: Move default installation path from /etc/openvpn to /var/lib/eurephiaDavid Sommerseth2012-10-091-1/+1
| | | | | | | Using /var/lib is more appropriate for the kind of database file eurephia uses and will also avoid other security restrictions on hardened installations as well. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* Updated copyright datesDavid Sommerseth2012-10-0814-14/+14
| | | | Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* sqlite/admin: Report all timestamp fields with localtime instead of UTC/GMTDavid Sommerseth2012-10-087-12/+15
| | | | | | | | Made all SELECT queries which is used for reports to use the new 'locdt' SQL function on timestamp fields. This converts the UTC/GMT timestamps stored in the database to the correct timezone of the running admin client. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* sqlite: Added SQL function to convert datetime timestamps from UTC/GMT to ↵David Sommerseth2012-10-083-5/+85
| | | | | | | | | | | | | | localtime All CURRENT_TIMESTAMP calls are returned in UTC/GMT, and this value is stored in the database. When using eurephiadm to look at these datetime fields the UTC/GMT value is used, and needs to be taken in consideration when looking at the reports. This patch is the first step to handle the local time zone better. This patch also fixes the 'debug' program in sqlite.c, making use of the eurephia_log_init() and eurephia_log_close() calls for log preparations. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* sqlite3: Implement eDBregister_vpnclientaddr()David Sommerseth2012-09-133-10/+119
| | | | | | | | | | | | | This commit implements the eDBregister_vpnclientaddr() needed by the newer eurephia-auth plug-in. This is needed to improve the tun support in eurephia. In addition, this also updates the SQL schema to include IPv4 and in the future IPv6 addresses in the lastlog and VPN address history (openvpn_vpnaddr_history). The old openvpn_macaddr_history table is deprecated. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* Modified the whole edb-sqlite driver to use a better error handlingDavid Sommerseth2011-12-1910-192/+397
| | | | | | | | | | | This will change the driver to use the new error routines made available in the SQLite3 framework. Some of the code is also restructured a little bit to simplify the code with these changes. The functionality should be the same as for, but better error messages are now sent back to the caller on the functions supporting XML. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* Implemented better error handling in the SQLite3 frameworkDavid Sommerseth2011-12-192-18/+133
| | | | | | | | | | | | | | | | The core sqlite_query() function will now always return a pointer to a dbresult structure. This structure now contains a query status and the error message from the sqlite3 backend if something went wrong. This means that error checking from now on should use the sqlite_query_status() macro and not to check if sqlite_query() returns NULL. Another fundamental change is that sqlite_free_results() must always be called on the dbresult structure now, to free the memory used by either data from the query or the error message. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* edb-sqlite: Fixed a typos and copyright noticesDavid Sommerseth2011-07-251-3/+4
| | | | Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* Fixed several memleaks in the eurephiadm related code pathsDavid Sommerseth2011-01-101-0/+1
| | | | Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* Add paths and libaries for SQLite3 which pkg-config returnsDavid Sommerseth2010-12-311-1/+3
| | | | | | | | If SQLite3 was not installed in system paths, it would not be possible to compile the edb-sqlite driver due to include and library paths not being set. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* eurephiadm users: Revoke all admin access privileges when deleting a user ↵David Sommerseth2010-12-141-6/+14
| | | | | | | | | | account Matthew Gyurgyik noticed that when deleting a user account, the users granted access levels was still present. This resulted in a rather odd looking list when showing granted access levels. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* Quick fix for typo 'Unkown'Dario Minnucci2010-12-011-1/+1
| | | | Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* Quick fix for typo 'Quering'Dario Minnucci2010-12-013-6/+6
| | | | Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* SQLite3 eurephiadm fix: sorting lastlog based on session status didn't workDavid Sommerseth2010-11-122-2/+2
| | | | | | | | | The eDBadminGetLastlog(...) function didn't parse the sortkeys string to match the database layout. In addition the field mapping for the openvpn_lastlog.sessionstatus field was wrong. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* Fixed Doxygen complaintsDavid Sommerseth2010-08-264-32/+0
| | | | | | Removed some #defines which was not needed and added missing comments. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* Added install rules for man pagesDavid Sommerseth2010-07-301-0/+1
|
* Moved all man pages from section 8 to the more proper section 7.David Sommerseth2010-07-301-4/+4
|
* Added man pages for eurephia-auth.so and edb-sqlite.soDavid Sommerseth2010-07-301-0/+31
|
* Updated Copyright dates to include 2010David Sommerseth2010-07-3015-15/+15
|
* Fixed wrong usage of lower(digest) in eDBregister_attempts()David Sommerseth2009-11-131-8/+14
| | | | | | | This is a follow up of commit de7a3d88c78cdf400fcee78f71946da8b12ec74f.That commit introduced an SQL error when eDBregister_attempts() was attempting to update certificate digest attempt records. Overhauled and fixed the complete eDBregister_attempts() function.
* Certificate digests are always lower case.David Sommerseth2009-11-128-25/+31
| | | | | This makes sure that all interactions with the database will convert the digest strings to lower case.
* Add support for ft_STRING_LOWER in the sqlite3 driverDavid Sommerseth2009-11-121-7/+17
| | | | Also fixed some wrong tab/space issues
* Define certificate digests as ft_STRING_LOWERDavid Sommerseth2009-11-121-31/+31
| | | | This means this field will always be processed with lower case
* sqlite: Did not retrieve all certificate information correctlyDavid Sommerseth2009-11-031-10/+10
| | | | | On user accounts with several certificates associated, it did only list up one certificate several times.
* Always process certificate depth as integerDavid Sommerseth2009-10-131-3/+3
|
* Restrict input data length for plug-in arguments from openvpnDavid Sommerseth2009-10-041-2/+2
| | | | This only affects functions related to MAC address and certificate depth
* Corrected some new Doxygen issuesDavid Sommerseth2009-09-282-3/+4
|
* Reworked and unified admin authentication and registration functions to ↵David Sommerseth2009-09-281-60/+194
| | | | | | | | eDBadminAuthenticate() eDBadminAuth(), eDBadminValidateSession(), eDBadminRegisterLogin() and eDBadminLogout() are now unfied into one admin function, eDBadminAuthenticate(). This function receives all input as eurephia XML documents.
* Moved the remainings of administration.c into administration/authentication.cDavid Sommerseth2009-09-272-2/+2
|
* Code clean up. Moved xmlReplaceChars() to eurephia_xml.cDavid Sommerseth2009-09-276-31/+0
|
* Moved user creation info from log level 0 to log level 1David Sommerseth2009-09-271-1/+1
| | | | | This is to avoid the console programs to report to stderr if log file is not setup. Console applications use stderr in these situations.
* Fixed missing check in eDBadminValidateSession() against interface typeDavid Sommerseth2009-09-271-2/+3
|
* Fixed a memory leak when updating user accounts in eDBadminUserAccount()David Sommerseth2009-09-271-0/+1
|
* Fixed memory leak when sqlite_query() failsDavid Sommerseth2009-09-261-0/+1
|
generated by cgit (git 2.34.1) at 2024-05-19 17:36:44 +0000