summaryrefslogtreecommitdiffstats
path: root/database
Commit message (Collapse)AuthorAgeFilesLines
* edb-pgsql: Added the needed authentication functions for the admin modulepgsqlDavid Sommerseth2013-06-132-1/+531
| | | | | | eurephiadm is now able to authenticate, login and logout a user. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* edb-pgsql: Added an update SQL view for eurephia_adminlogDavid Sommerseth2013-06-131-0/+10
| | | | | | | This is to restrict the eurephia-admin database user to only be allowed to update a few fields of the eurephia_adminlog table. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* edb-pgsql: ePGprepLoadStatements() was missing a break in the switch/case ↵David Sommerseth2013-06-131-0/+1
| | | | | | | | | statment Without this break, this function would return an error that the web or console admin interface were invalid. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* edb-pgsql: Added ePGprepParamsAddArgumentChar()David Sommerseth2013-06-132-0/+10
| | | | | | This is used to add a single char value to the prepared arguments stack. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* edb-pgsql: Added prepared SQL statements needed for the admin authenticationDavid Sommerseth2013-06-132-9/+107
| | | | | | | Aslo moved one query from the "plugin section" to the "admin section" where it belongs. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* edb-pgsql: Added ePGgetValue_bool()David Sommerseth2013-06-132-0/+13
| | | | | | | | This will parse the database result value as a boolean value and return (int) 1 if the value is 't' (true in PostgreSQL). Otherwise the function will return (int) 0. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* edb-pgsql: Added ePGerrorMessageXML() to return PostgreSQL errors in XMLDavid Sommerseth2013-06-132-0/+76
| | | | Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* edb-pgsql: Reworked the prepared statement loadingDavid Sommerseth2013-06-132-49/+106
| | | | | | | | | | | | | | | | Rewrote the loading of prepared statements to be able to switch which statements are loaded, based on the eurephia context type. This ensures that the database connection for the OpenVPN connection will not have any prepared statements related to the administration queries. With this change, it also made sense to replace the ePGprepStatementGetID() function with ePGprepGetStatement() which returns a pointer directly to related statement, instead of looking up the "slot ID" for the requested statement. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* Improved some of the Doxygen documentationDavid Sommerseth2013-06-132-8/+24
| | | | Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* edb-pgsql: Reworked the prepared statements infrastructureDavid Sommerseth2013-06-136-781/+943
| | | | | | | | | | Moved all SQL statements out of each function and into a const struct which is loaded at startup. Implemented a safer way of handling parameters to these prepared statements as well. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* edb-pgsql: First implementation of all OpenVPN auth related functionsDavid Sommerseth2013-06-131-343/+1043
| | | | | | | | | This is a working implementation of the PostgreSQL driver, where only the driver functions needed by OpenVPN for authentication are implemented. There are still more enhancements to be done, but this is usable. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* Add eDBdisconnect_firewall() database driver functionDavid Sommerseth2013-06-132-0/+13
| | | | | | | | | | | | If this function is found declared in the database driver, it will be used instead of eDBdisconnect() when forking the firewall thread. This is to avoid disconnecting some databases in the wrong way. This new function is fully optional to implement if the database driver works fine with calling eDBdisconnect(). Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* edb-pgsql: Add an updatable view for the lastlog tableDavid Sommerseth2013-06-131-0/+15
| | | | | | | This allows the eurephia-auth user to only update the columns in the lastlog which it is supposed to update. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* edb-pgsql: Use correct sessionkey length in macaddr_historyDavid Sommerseth2013-06-131-1/+1
| | | | | | | The macaddr_history table was declared with a too small field for storing session keys. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* edb-pgsql: Change lastlog.sessionduration to intervalDavid Sommerseth2013-06-131-1/+1
| | | | | | PostgreSQL have a better data type for storing session duration. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* edb-pgsql: Correct some wrong table names and referencesDavid Sommerseth2013-06-131-17/+17
| | | | | | | None of the tables used by the edb-pgsql driver uses the 'openvpn_' prefix Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* Add an SQL VIEW for updating users.last_accessed more safelyDavid Sommerseth2013-06-131-0/+11
| | | | | | | | It's not ideal to let the eurephia-auth user have write access to the users table. This view will allow the eurephia-auth user only to touch users.last_accessed; and this value will be enforced to be CURRENT_TIMESTAMP. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* edb-pgsql: Renamed local PostgreSQL functionsDavid Sommerseth2013-06-131-36/+36
| | | | | | | | Generic local PostgreSQL functions were prefixed with 'PG'. As this is too close to the prefix PostgreSQL uses, these functions where changed to 'ePG'. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* edb-pgsql: Reworked PostgreSQL error handlingDavid Sommerseth2013-06-131-95/+101
| | | | | | Added a generic error reporting function, to stream line this process. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* edb-pgsql: Make use of internal PGgetValue() instead of PQgetvalue() in ↵David Sommerseth2013-06-131-3/+3
| | | | | | | | | eDBblacklist_check() PGgetValue() will return NULL if the database field is NULL, which is expected several places in the eDBblacklist_check() function. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* edb-pgsql: The very beginning of a PostgreSQL driverDavid Sommerseth2013-06-134-0/+1423
| | | | | | | This is far from production ready, but is the first step. Only tested with initialisation and startup of OpenVPN so far. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* database: Bugfix - missing break statement caused password hash to be ↵David Sommerseth2013-06-131-0/+1
| | | | | | | | | | | | | overwritten When commit 85ad4bbb21e478b5b3699dfa14c97dccfd336f10 was added, it was missing a break statement at the end of the 'case ft_PASSWD' block. This resulted in a corrupted password hash when initialising the database or changing the password for users - as it would be overwritten by the following boolean parsing. I'd like to thank Colin Ryan for catching this bug. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* common: Update callers of eurephia_log_init() to comply with the API changesDavid Sommerseth2013-06-051-2/+2
| | | | | | This is to enable an improved logging feature in OpenVPN v2.3 and newer. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* eurephiadm/usercerts: Add support for setting up auth-pluginsDavid Sommerseth2013-05-293-2/+17
| | | | | | | This enables setting authentication plug-in and the alternative authentication username for user-certificate links. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* Merge auth-plugin workDavid Sommerseth2013-05-2812-56/+776
|\ | | | | | | | | | | | | | | | | | | | | This implements a authentication plug-in framework which can be used to do username/password authentication against another backend per user/certificate. Conflicts: database/eurephiadb.c Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| * sqlite3: Rename the delta script to avoid merge issuesDavid Sommerseth2013-05-281-0/+0
| | | | | | | | | | | | Seems delta-2 was already "taken" in master. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| * sqlite3: Enable support for managing plug-in modulesDavid Sommerseth2013-05-283-0/+357
| | | | | | | | | | | | | | This enables plug-in support management via the eDBadminPlugins() function, used by eurephiadm. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| * Add the eDBadminPlugins() function in the database APIDavid Sommerseth2013-05-282-0/+31
| | | | | | | | | | | | | | This function will be used by the admin interface to configure eurephia plug-ins. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| * database/field mapping: Introduce boolean field typeDavid Sommerseth2013-05-283-2/+26
| | | | | | | | | | | | | | This field type ensures boolean values will be predictable when working in the database driver layer. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| * Use proper return type in eDBmappingFieldsPresent()David Sommerseth2013-05-282-3/+3
| | | | | | | | | | | | | | | | The field mapping id changed to unsigned long long in commit 60800a7030c7aa3a9e1a1b6155abc4079a0e34f1. This function needs to support that as well. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| * Added fieldmapping to the new 'plugins' tableDavid Sommerseth2013-05-281-6/+6
| | | | | | | | | | | | | | This will enable the database plug-ins and eurephiadm to manipulate this table. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| * Added fieldmapping to the new 'plugins' tableDavid Sommerseth2013-04-122-0/+19
| | | | | | | | | | | | | | This will enable the database plug-ins and eurephiadm to manipulate this table. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| * Added new function to set the value in a eDBfieldMap structDavid Sommerseth2013-04-122-5/+39
| | | | | | | | | | | | | | This slightly changes the eDBmappingGetValue() function to reuse some of the same look-up logic for eDBmappingSetValue() Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| * Move the field mapping identifier from long int to long longDavid Sommerseth2013-04-121-38/+42
| | | | | | | | Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| * sqlite: Modified eDBget_plugins() to support the new interface for plug-in initDavid Sommerseth2013-03-043-1/+9
| | | | | | | | | | | | | | This is needed to provide config data to a configured plug-in when it is loaded and initialised. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| * sqlite: Fixed a few odditiesDavid Sommerseth2013-03-041-2/+2
| | | | | | | | | | | | | | | | | | | | | | memset() and free_nullsafe() was performed on a NULL pointer before it would be used. Also make uicid be 0 on generic database issues, not triggering a logging of a log-in attempt. A database error is hardly a user problem, and logging the log-in attempt may even fail as well. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| * sqlite: Honour the auth plug-in enable flag (plgenabled)David Sommerseth2013-03-031-10/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If the configured authentication plug-in was disabled, edb-sqlite would still insist on using the plug-in as authentication method. This patch changes the behaviour to use the internal eurephia database for authentication if the authentication plug-in is disabled. The code also was modified slighly so that the internal eurephia database will be the fallback method if any other checks are skipped. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| * sqlite: Implemented needed functions to enable authentication plug-insDavid Sommerseth2013-03-034-6/+178
| | | | | | | | | | | | | | | | | | | | | | | | This adds the needed functions the eurephia framework requires to retrieve a list of all configured plug-ins - eDBget_plugins(). And it includes eDBauth_GetAuthMethod() which is used to lookup what kind of authentication method a specific user account/certificate combination should use. If the authentication backend requires a different username for this, that can also be configured in this user account/certification setup. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| * auth plug-in: Implemented the authentication plug-in into the core eurephia ↵David Sommerseth2013-03-033-3/+75
| | | | | | | | | | | | | | | | | | | | | | | | framework This enables using an external authentication plug-in if a user account/certification link is configured to make user of it. This change ensures that all configured authentiaction plug-ins are loaded and is available when eurephia is initialised. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* | Update eurephiadm to extract VPN MAC and IP address info from the new placesDavid Sommerseth2012-12-262-12/+15
| | | | | | | | | | | | | | As the lastlog table doesn't contain MAC or IP addresses of the VPN client any more, make the lastlog extraction gather the data from the vpnaddr_history table instead. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* | Added eDBget_accessprofile() functionDavid Sommerseth2012-12-263-0/+44
| | | | | | | | | | | | | | | | This retrieves the accessprofile ID field from the database for a given uid/certid combination. This is useful when logging which firewall profile was used for a certain session. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* | Added a new eDBregister_login2() to replace eDBregister_login() database ↵David Sommerseth2012-12-265-22/+115
|/ | | | | | | | | | | | | | function This will save the access profile in the lastlog table. However, it will not save the VPN IP address and netmask any more. This should be saved in the vpnaddr_history table, using the eDBregister_vpnclientaddr() function. eDBregister_login() is now just a wrapper around the eDBregister_login2(), ignoring the access profile id and VPN addresses. This exists purely as a compatibility layer if the updated driver is used against an older eurephia-auth.so plug-in. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* Extended eDBget_uid() to also to UID lookup when certid is not availableDavid Sommerseth2012-11-022-7/+16
| | | | | | | By passing '0' as certid, the lookup will only be done against the user table. Any other values will consider the user-certification links as well. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* sqlite3: Improve error handling if memory alloc fails for SQL query stringDavid Sommerseth2012-10-191-2/+8
| | | | Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* SQLite: Move default installation path from /etc/openvpn to /var/lib/eurephiaDavid Sommerseth2012-10-091-1/+1
| | | | | | | Using /var/lib is more appropriate for the kind of database file eurephia uses and will also avoid other security restrictions on hardened installations as well. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* Updated copyright datesDavid Sommerseth2012-10-0818-18/+18
| | | | Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* sqlite/admin: Report all timestamp fields with localtime instead of UTC/GMTDavid Sommerseth2012-10-087-12/+15
| | | | | | | | Made all SELECT queries which is used for reports to use the new 'locdt' SQL function on timestamp fields. This converts the UTC/GMT timestamps stored in the database to the correct timezone of the running admin client. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* sqlite: Added SQL function to convert datetime timestamps from UTC/GMT to ↵David Sommerseth2012-10-083-5/+85
| | | | | | | | | | | | | | localtime All CURRENT_TIMESTAMP calls are returned in UTC/GMT, and this value is stored in the database. When using eurephiadm to look at these datetime fields the UTC/GMT value is used, and needs to be taken in consideration when looking at the reports. This patch is the first step to handle the local time zone better. This patch also fixes the 'debug' program in sqlite.c, making use of the eurephia_log_init() and eurephia_log_close() calls for log preparations. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* sqlite3: Implement eDBregister_vpnclientaddr()David Sommerseth2012-09-133-10/+119
| | | | | | | | | | | | | This commit implements the eDBregister_vpnclientaddr() needed by the newer eurephia-auth plug-in. This is needed to improve the tun support in eurephia. In addition, this also updates the SQL schema to include IPv4 and in the future IPv6 addresses in the lastlog and VPN address history (openvpn_vpnaddr_history). The old openvpn_macaddr_history table is deprecated. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* Only lookup function symbols for the administration API if the context is ↵David Sommerseth2012-09-131-11/+14
| | | | | | | | | correct This skips looking up all the eDBadmin*() functions if the context is unprivileged or the database interface is initialised by the OpenVPN plug-in Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
generated by cgit (git 2.34.1) at 2026-01-01 18:34:19 +0000