| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
Don't match against contents of O, CN or emailAddress fields. The
uniqueness of the certificates will be well controlled by the certificate
fingerprint anyway.
Signed-off-by: David Sommerseth <dazo@eurephia.org>
|
|
|
|
|
|
| |
This is to enable an improved logging feature in OpenVPN v2.3 and newer.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
| |
This enables setting authentication plug-in and the alternative
authentication username for user-certificate links.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This implements a authentication plug-in framework which can be
used to do username/password authentication against another backend
per user/certificate.
Conflicts:
database/eurephiadb.c
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
| |
| |
| |
| |
| | |
Seems delta-2 was already "taken" in master.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
| |
| |
| |
| |
| |
| | |
This enables plug-in support management via the eDBadminPlugins() function,
used by eurephiadm.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
| |
| |
| |
| |
| |
| | |
This field type ensures boolean values will be predictable when
working in the database driver layer.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
| |
| |
| |
| |
| |
| | |
This is needed to provide config data to a configured plug-in when it is loaded
and initialised.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
memset() and free_nullsafe() was performed on a NULL pointer before
it would be used.
Also make uicid be 0 on generic database issues, not triggering a
logging of a log-in attempt. A database error is hardly a user problem,
and logging the log-in attempt may even fail as well.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If the configured authentication plug-in was disabled, edb-sqlite
would still insist on using the plug-in as authentication method.
This patch changes the behaviour to use the internal eurephia
database for authentication if the authentication plug-in is
disabled.
The code also was modified slighly so that the internal eurephia
database will be the fallback method if any other checks are
skipped.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This adds the needed functions the eurephia framework requires to
retrieve a list of all configured plug-ins - eDBget_plugins(). And
it includes eDBauth_GetAuthMethod() which is used to lookup what
kind of authentication method a specific user account/certificate
combination should use. If the authentication backend requires
a different username for this, that can also be configured in
this user account/certification setup.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
| |
| |
| |
| |
| |
| | |
As the lastlog table doesn't contain MAC or IP addresses of the VPN client any more,
make the lastlog extraction gather the data from the vpnaddr_history table instead.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
| |
| |
| |
| |
| |
| |
| | |
This retrieves the accessprofile ID field from the database for a
given uid/certid combination. This is useful when logging which
firewall profile was used for a certain session.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
| |
function
This will save the access profile in the lastlog table. However, it will not save
the VPN IP address and netmask any more. This should be saved in the vpnaddr_history
table, using the eDBregister_vpnclientaddr() function.
eDBregister_login() is now just a wrapper around the eDBregister_login2(), ignoring
the access profile id and VPN addresses. This exists purely as a compatibility layer
if the updated driver is used against an older eurephia-auth.so plug-in.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
| |
By passing '0' as certid, the lookup will only be done against the user table.
Any other values will consider the user-certification links as well.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
| |
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
| |
Using /var/lib is more appropriate for the kind of database file eurephia uses
and will also avoid other security restrictions on hardened installations as well.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
| |
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
|
| |
Made all SELECT queries which is used for reports to use the new 'locdt' SQL
function on timestamp fields. This converts the UTC/GMT timestamps stored in
the database to the correct timezone of the running admin client.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
localtime
All CURRENT_TIMESTAMP calls are returned in UTC/GMT, and this value is stored in the
database. When using eurephiadm to look at these datetime fields the UTC/GMT value
is used, and needs to be taken in consideration when looking at the reports. This
patch is the first step to handle the local time zone better.
This patch also fixes the 'debug' program in sqlite.c, making use of the
eurephia_log_init() and eurephia_log_close() calls for log preparations.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit implements the eDBregister_vpnclientaddr() needed by the
newer eurephia-auth plug-in. This is needed to improve the tun support
in eurephia.
In addition, this also updates the SQL schema to include IPv4 and in
the future IPv6 addresses in the lastlog and VPN address history
(openvpn_vpnaddr_history). The old openvpn_macaddr_history table
is deprecated.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
|
|
|
|
| |
This will change the driver to use the new error routines made available
in the SQLite3 framework. Some of the code is also restructured a little
bit to simplify the code with these changes.
The functionality should be the same as for, but better error messages
are now sent back to the caller on the functions supporting XML.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The core sqlite_query() function will now always return a pointer to a
dbresult structure. This structure now contains a query status and
the error message from the sqlite3 backend if something went wrong.
This means that error checking from now on should use the
sqlite_query_status() macro and not to check if sqlite_query() returns
NULL.
Another fundamental change is that sqlite_free_results() must always be
called on the dbresult structure now, to free the memory used by either
data from the query or the error message.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
| |
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
| |
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
|
| |
If SQLite3 was not installed in system paths, it would not be possible
to compile the edb-sqlite driver due to include and library paths not
being set.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
|
|
|
| |
account
Matthew Gyurgyik noticed that when deleting a user account, the users granted
access levels was still present. This resulted in a rather odd looking list when
showing granted access levels.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
| |
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
| |
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
|
|
| |
The eDBadminGetLastlog(...) function didn't parse the sortkeys string to match
the database layout.
In addition the field mapping for the openvpn_lastlog.sessionstatus field was wrong.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
| |
Removed some #defines which was not needed and added missing comments.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
This is a follow up of commit de7a3d88c78cdf400fcee78f71946da8b12ec74f.That
commit introduced an SQL error when eDBregister_attempts() was attempting
to update certificate digest attempt records. Overhauled and fixed the
complete eDBregister_attempts() function.
|
|
|
|
|
| |
This makes sure that all interactions with the database will convert
the digest strings to lower case.
|
|
|
|
| |
Also fixed some wrong tab/space issues
|
|
|
|
| |
This means this field will always be processed with lower case
|
|
|
|
|
| |
On user accounts with several certificates associated, it did only
list up one certificate several times.
|
| |
|
|
|
|
| |
This only affects functions related to MAC address and certificate depth
|
| |
|
|
|
|
|
|
|
|
| |
eDBadminAuthenticate()
eDBadminAuth(), eDBadminValidateSession(), eDBadminRegisterLogin() and
eDBadminLogout() are now unfied into one admin function, eDBadminAuthenticate().
This function receives all input as eurephia XML documents.
|
| |
|
| |
|
|
|
|
|
| |
This is to avoid the console programs to report to stderr if log file
is not setup. Console applications use stderr in these situations.
|
| |
|
| |
|
| |
|