summaryrefslogtreecommitdiffstats
path: root/plugin
Commit message (Collapse)AuthorAgeFilesLines
* Do not link in libdl explicitlyDavid Sommerseth2010-12-311-1/+1
| | | | | | | | | | The functions related to dynamic loading of shared objects are a part of the standard libc library on FreeBSD, while in Linux it is in libdl. However, the linker on Linux seems to add the libdl linking automatically when needed, so no need to explicitly link this library. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> (cherry picked from commit 1b333949479e504017c7dffb6d70eecb53adb34a)
* efw-iptables: Use the iptables conntrack moduleDavid Sommerseth2010-12-311-4/+4
| | | | | | | | Make use of the iptables conntrack module instead of the older state module for stateful firewalling. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> (Backported commit f22b7bb5529b816eef840a1180b677e4ea31b124)
* Fixed memory leak in eurephiaInit()David Sommerseth2010-12-061-2/+4
| | | | | | | | | This memory leak got introduced with commit 525d75316848f79208101e48a54e2 which moves the daemonisation of the firewall thread. Two environment variables was not freed after usage. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> (cherry picked from commit f4805d70cc4514b2569f8864ac138b5b21409cbc)
* Move daemonize() code to be called in the firewall child thread onlyDavid Sommerseth2010-11-265-35/+37
| | | | | | | | | The eurephia plug-in would daemonize the OpenVPN process by calling daemonize() too early. This patch renames daemoinze() to efw_daemonize() and calls it only in the firewall child process. Signed-off-by: David Sommerseth <dazo@users.sourceforge.net> (cherry picked from commit 525d75316848f79208101e48a54e21396464c98b)
* Added extra checks for POSIX semaphore functionsDavid Sommerseth2010-08-271-9/+31
| | | | | | | | | On Fedora 13 and Rawhide, the sem_wait(), sem_timedwait() and sem_post() functions is no longer available in librt, only in libpthread. Added extra CMake checks to check if the functions are in libpthread if not found in librt. (cherry picked from commit 6f8aaceabb37e350765bb1f2f895242cbf3e7521) Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
* Added install rules for man pagesv1.0.0David Sommerseth2010-07-061-0/+1
|
* Updated doxygen documentation for eurephia.c:245:eurephia_tlsverify()David Sommerseth2010-07-061-3/+4
| | | | This is related to the changes done in commit c6621d108bb8beb97ca61.
* Moved all man pages from section 8 to the more proper section 7.David Sommerseth2010-07-051-2/+2
|
* Added man pages for eurephia-auth.so and edb-sqlite.soDavid Sommerseth2010-07-051-0/+49
|
* Updated Copyright dates to include 2010David Sommerseth2010-05-2516-16/+16
|
* Restrict log length of mac addressDavid Sommerseth2009-10-131-2/+2
|
* Always process certificate depth as integerDavid Sommerseth2009-10-131-6/+7
|
* Fixed memory leak in the firewall implementation and added mlock() usageDavid Sommerseth2009-10-062-1/+25
| | | | | | | | | | | The memory leak was caused by not freeing the shadow context the firewall child process uses for logging. In addition this child process had a connection to the database open as well, which was not needed. This connection is now disconnected immediately after the child process has started. Added also usage of mlock() to protect sensitive information from being swapped out to disk.
* Added missing doxygen comments to environment.hDavid Sommerseth2009-10-051-17/+182
|
* Use macros to extract values via get_env()David Sommerseth2009-10-054-42/+97
| | | | | This has two purposes. To make the code more readable and to use the same maximum length of the data being retrieved from the environment table.
* Only DEBUG log what get_env() will returnDavid Sommerseth2009-10-051-3/+3
|
* Moved the get_env() function into its own fileDavid Sommerseth2009-10-044-59/+144
|
* Restrict input data length for plug-in arguments from openvpnDavid Sommerseth2009-10-042-8/+11
| | | | This only affects functions related to MAC address and certificate depth
* Tightening the building of the seeddata string even moreDavid Sommerseth2009-10-021-1/+1
| | | | This is a follow up of commit 80b41e27b7361633bee17c64bbb95490dc94ab9f
* Fixed possible integer overflow issueDavid Sommerseth2009-10-021-7/+7
| | | | | | | | | | | | | | | The eDBopen_session_seed() function was prune to an integer overflow issue, if the input data (some which comes from clients) exeeds the size_t max value which calloc() uses (via malloc_nullsafe()). The totlen variable was in addition defined as int and the totlen value was multiplied by 2. The fix was to use the maximum values used when calling get_env(). These values the maximum can then be added together to retrieve the maximum length of the seeddata string. This should also make the execution go slightly quicker as strlen_nullsafe() is no longer called for each of the input variables. In addition, there are no reasons to multiply the totlen value by two as it did. Credit goes to Larry Highsmith for noticing this potential problem.
* Modified get_env() function to limit number of bytes to extractDavid Sommerseth2009-10-023-60/+152
| | | | | This is to enhance the security and to avoid possible buffer overflows based on input received from the client
* Added extra parameter to eurephia_log_init() to set log ident for syslogDavid Sommerseth2009-09-241-2/+2
|
* Rewritten the eurephia_log() to support syslog logging as wellDavid Sommerseth2009-09-243-39/+14
| | | | | | | | | | | | | | | | | | | | | | | | Also simplified the initialisation of the logging module. By calling the eurephia_log_init(eurephiaCTX *, char *dest, int loglevel) function, a log context will be setup inside the eurephiaCTX. To close the log file, eurephia_log_close(eurephiaCTX *) must be called. The destination string to eurephia_log_init() can be: - stdout: Log everything to stdout - stderr: Log everything to stderr - none: Do no logging at all - syslog:<facility> Log via syslog. <facility> can be: user, local[0-7], daemon or authpriv. - Filename All logging goes to the given filename. If the filename string is not recognised by any of the reserved words above, it will be handled as a filename.
* Fixed some new Doxygen warnings which came after enabling static functions ↵David Sommerseth2009-09-141-1/+9
| | | | and vars
* Added debug logging of free_nullsafe() calls as wellDavid Sommerseth2009-09-074-46/+46
|
* Moved all malloc() operations over to a calloc wrapper, malloc_nullsafe()David Sommerseth2009-09-073-30/+18
| | | | This also improves debugging as well, if debug logging is enabled and log level is >= 40.
* Added missing include fileDavid Sommerseth2009-09-051-0/+1
| | | | A compiler warning showed up when --debug mode was enabled.
* Cleaned up and added some missing commentsDavid Sommerseth2009-09-054-10/+26
|
* Even more commentsDavid Sommerseth2009-09-046-23/+83
|
* Added doxygen commentsDavid Sommerseth2009-09-026-30/+330
|
* Added copyright info in CMake filesDavid Sommerseth2009-09-022-1/+39
|
* Added missing #include statementsDavid Sommerseth2009-09-022-0/+2
|
* Cleaned up the CMake rules for the eurephia-auth.so plug-inDavid Sommerseth2009-09-021-19/+38
|
* Cleaned up the efw-iptables CMake rulesDavid Sommerseth2009-09-021-3/+11
|
* Rewritten CMake rules to build common/ as static libraryDavid Sommerseth2009-04-112-14/+5
| | | | | | This static library is later on linked in. This is to avoid recompiling the same source files several times during a complete eurephia compilation.
* Restructured ./configure and improved the path setupDavid Sommerseth2009-03-302-2/+2
| | | | Also added install rules to XSLT files
* Corrected a log entry on login/logoutDavid Sommerseth2009-03-261-2/+2
|
* Made the licence explicit GPLv2 onlyDavid Sommerseth2009-03-2612-12/+12
|
* Cleaned up the code a little bitDavid Sommerseth2009-03-2612-25/+28
| | | | | Made sure we only include needed include files and checked that the copyright headers are equal and correct
* Renamed passwdhash(...) function to eurephia_quick_hash(...)David Sommerseth2009-03-211-1/+1
| | | | | | | | | | This to make it clearer that passwdhash(...) is not good for password hashing, but suitable when you need a quick hashing algorithm. The eurephia_quick_hash(...) are now used for password caching hashing, and is still suitable here since the salt used for the passwords are in memory only and never written to disk, as they are supposed to be temporary hashes.
* Moved eDBsessionGetRandString(...) to a more global and independent ↵David Sommerseth2009-01-103-3/+6
| | | | eurephia_randstring(...) function
* BUGFIX: Removed several memory leaksDavid Sommerseth2009-01-031-0/+5
|
* BUGFIX: Fixed unintended truncation of the session key and session seed valuesDavid Sommerseth2009-01-031-2/+2
|
* Introduced password caching on authenticated sessionsDavid Sommerseth2009-01-032-7/+72
| | | | | | | | | | | | | | | | | | | | | | This is to prepare eurephia-auth plugin to use other and more CPU intensive hashing algorithms for passwords. In addition, open sessions will now not be rejected/closed due to wrong password if the user changes the password with an open session running. The patch adds a new server_salt attribute in the eurephiaCTX structure. This is used as a temporary salt and is created of random data when OpenVPN is started. When a user is being authenticated (eurephia.c/eurephia_userauth) a authentication session (not the same as a 'normal' session) is opened and checked for a cached password. If it does not exist or match, normal password check will be done against the user database. If a cached password is found and matches, it is considered to be authenticated. The cached password uses the SHA512 algorithm, together with the eurephiaCTX->server_salt.
* Make it possible to compile plug-in again without eurephiadm enabledDavid Sommerseth2009-01-021-1/+5
|
* Merge branch 'master' into eurephiadmDavid Sommerseth2008-12-022-2/+4
|\
| * Added login and logout info messages when log-level is 1David Sommerseth2008-12-021-0/+2
| |
| * Made some messages clearer in efw-iptablesDavid Sommerseth2008-12-021-2/+2
| |
* | Added context_type into eurephiaCTX struct. Database queries limited due to ↵David Sommerseth2008-11-292-0/+2
| | | | | | | | context type.
* | Removed unneeded declaraion of eDBset_session_value(...) after commit ↵David Sommerseth2008-11-281-2/+0
| | | | | | | | 0c35035dc8ac5d099f53353938a66b33227d3342
generated by cgit (git 2.34.1) at 2026-04-16 03:47:32 +0000