| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If OpenVPN is configured with a unkown --dev name and --dev-type is used,
eurephia would in some specific situations double-free a memory region
keeping the dev-type information. GETENV_*() functions returns a pointer
to a buffer which is supposed to be free'd, but pointers returned by
eGet_value() should not be free'd.
And in the error situation if dev-type is not forced or detected, the
memory allocated by GETENV_DEVNAME() was not properly free'd.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
(cherry picked from commit 00bd0ac4cc901004aeaf4548813bb465bce5243f)
|
|
|
|
| |
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
|
|
|
| |
This fixes a bug which appeared with newer OpenVPN versions, where
the OPENVPN_PLUGIN_LEARN_ADDRESS would be called in the end - also
in tun mode. And with the clean-up in session seed, in regards to
the netmask not being part of the session seed, this little code
made things worse. So lets get rid of it!
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
| |
Check if we have a context available before setting ctx->tuntype.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
|
|
|
| |
Now eurephia will support both TUN and TAP configurations in
OpenVPN.
Thanks to Tavis Paquette and Matthew Gyurgyik for their willingness
to test out this patch.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This will later be used to be able to support OpenVPN in tun mode
as well as the now only supported tap mode. It will first try to
detect the tunnel type based on the 'dev_type' environment variable
if available. If not, it will try to figure it out based on the
device name. If this fails, it is possible to force the eurephia
to a specific device type by setting the openvpn_devtype config
variable.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
|
|
|
|
|
|
|
| |
The eurephia plug-in would daemonize the OpenVPN process by calling
daemonize() too early. This patch renames daemoinze() to efw_daemonize()
and calls it only in the firewall child process.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
|
| |
This has two purposes. To make the code more readable and to use the
same maximum length of the data being retrieved from the environment table.
|
|
|
|
|
| |
This is to enhance the security and to avoid possible buffer overflows
based on input received from the client
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also simplified the initialisation of the logging module. By calling
the eurephia_log_init(eurephiaCTX *, char *dest, int loglevel) function,
a log context will be setup inside the eurephiaCTX.
To close the log file, eurephia_log_close(eurephiaCTX *) must be called.
The destination string to eurephia_log_init() can be:
- stdout:
Log everything to stdout
- stderr:
Log everything to stderr
- none:
Do no logging at all
- syslog:<facility>
Log via syslog. <facility> can be: user, local[0-7],
daemon or authpriv.
- Filename
All logging goes to the given filename. If the filename
string is not recognised by any of the reserved words above,
it will be handled as a filename.
|
|
|
|
| |
and vars
|
|
|
|
| |
A compiler warning showed up when --debug mode was enabled.
|
| |
|
| |
|
|
|
|
|
| |
Made sure we only include needed include files and checked that
the copyright headers are equal and correct
|
|
|
|
|
|
|
|
|
| |
eurephia_context.h do only need to know about the eurephiaFWINTF *
struct when compiling the auth plug-in and firewall modules.
To enable this, EUREPHIA_FWINTF needs to be defined as well as the
eurephiafw_struct.h must be included before including eurephia_context.h
in the source. When this is not done, *fwcfg will just be a void *.
|
|
Moved all OpenVPN plug-in related things into ./plugins, including firewall
Moved all shared code into ./common and moved the generic part of the
database files into ./database
Updated all CMakeLists.txt files and created a new one for the root directory
|