Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Fixed some new Doxygen warnings which came after enabling static functions ↵ | David Sommerseth | 2009-09-14 | 1 | -1/+9 |
| | | | | and vars | ||||
* | Added debug logging of free_nullsafe() calls as well | David Sommerseth | 2009-09-07 | 4 | -46/+46 |
| | |||||
* | Moved all malloc() operations over to a calloc wrapper, malloc_nullsafe() | David Sommerseth | 2009-09-07 | 3 | -30/+18 |
| | | | | This also improves debugging as well, if debug logging is enabled and log level is >= 40. | ||||
* | Added missing include file | David Sommerseth | 2009-09-05 | 1 | -0/+1 |
| | | | | A compiler warning showed up when --debug mode was enabled. | ||||
* | Cleaned up and added some missing comments | David Sommerseth | 2009-09-05 | 4 | -10/+26 |
| | |||||
* | Even more comments | David Sommerseth | 2009-09-04 | 6 | -23/+83 |
| | |||||
* | Added doxygen comments | David Sommerseth | 2009-09-02 | 6 | -30/+330 |
| | |||||
* | Added copyright info in CMake files | David Sommerseth | 2009-09-02 | 2 | -1/+39 |
| | |||||
* | Added missing #include statements | David Sommerseth | 2009-09-02 | 2 | -0/+2 |
| | |||||
* | Cleaned up the CMake rules for the eurephia-auth.so plug-in | David Sommerseth | 2009-09-02 | 1 | -19/+38 |
| | |||||
* | Cleaned up the efw-iptables CMake rules | David Sommerseth | 2009-09-02 | 1 | -3/+11 |
| | |||||
* | Rewritten CMake rules to build common/ as static library | David Sommerseth | 2009-04-11 | 2 | -14/+5 |
| | | | | | | This static library is later on linked in. This is to avoid recompiling the same source files several times during a complete eurephia compilation. | ||||
* | Restructured ./configure and improved the path setup | David Sommerseth | 2009-03-30 | 2 | -2/+2 |
| | | | | Also added install rules to XSLT files | ||||
* | Corrected a log entry on login/logout | David Sommerseth | 2009-03-26 | 1 | -2/+2 |
| | |||||
* | Made the licence explicit GPLv2 only | David Sommerseth | 2009-03-26 | 12 | -12/+12 |
| | |||||
* | Cleaned up the code a little bit | David Sommerseth | 2009-03-26 | 12 | -25/+28 |
| | | | | | Made sure we only include needed include files and checked that the copyright headers are equal and correct | ||||
* | Renamed passwdhash(...) function to eurephia_quick_hash(...) | David Sommerseth | 2009-03-21 | 1 | -1/+1 |
| | | | | | | | | | | This to make it clearer that passwdhash(...) is not good for password hashing, but suitable when you need a quick hashing algorithm. The eurephia_quick_hash(...) are now used for password caching hashing, and is still suitable here since the salt used for the passwords are in memory only and never written to disk, as they are supposed to be temporary hashes. | ||||
* | Moved eDBsessionGetRandString(...) to a more global and independent ↵ | David Sommerseth | 2009-01-10 | 3 | -3/+6 |
| | | | | eurephia_randstring(...) function | ||||
* | BUGFIX: Removed several memory leaks | David Sommerseth | 2009-01-03 | 1 | -0/+5 |
| | |||||
* | BUGFIX: Fixed unintended truncation of the session key and session seed values | David Sommerseth | 2009-01-03 | 1 | -2/+2 |
| | |||||
* | Introduced password caching on authenticated sessions | David Sommerseth | 2009-01-03 | 2 | -7/+72 |
| | | | | | | | | | | | | | | | | | | | | | | This is to prepare eurephia-auth plugin to use other and more CPU intensive hashing algorithms for passwords. In addition, open sessions will now not be rejected/closed due to wrong password if the user changes the password with an open session running. The patch adds a new server_salt attribute in the eurephiaCTX structure. This is used as a temporary salt and is created of random data when OpenVPN is started. When a user is being authenticated (eurephia.c/eurephia_userauth) a authentication session (not the same as a 'normal' session) is opened and checked for a cached password. If it does not exist or match, normal password check will be done against the user database. If a cached password is found and matches, it is considered to be authenticated. The cached password uses the SHA512 algorithm, together with the eurephiaCTX->server_salt. | ||||
* | Make it possible to compile plug-in again without eurephiadm enabled | David Sommerseth | 2009-01-02 | 1 | -1/+5 |
| | |||||
* | Merge branch 'master' into eurephiadm | David Sommerseth | 2008-12-02 | 2 | -2/+4 |
|\ | |||||
| * | Added login and logout info messages when log-level is 1 | David Sommerseth | 2008-12-02 | 1 | -0/+2 |
| | | |||||
| * | Made some messages clearer in efw-iptables | David Sommerseth | 2008-12-02 | 1 | -2/+2 |
| | | |||||
* | | Added context_type into eurephiaCTX struct. Database queries limited due to ↵ | David Sommerseth | 2008-11-29 | 2 | -0/+2 |
| | | | | | | | | context type. | ||||
* | | Removed unneeded declaraion of eDBset_session_value(...) after commit ↵ | David Sommerseth | 2008-11-28 | 1 | -2/+0 |
| | | | | | | | | 0c35035dc8ac5d099f53353938a66b33227d3342 | ||||
* | | Splitted plugin/eurephiadb_session.[ch] into two parts | David Sommerseth | 2008-11-28 | 4 | -119/+5 |
|/ | | | | | | | | | One part is a generic session handling part (common/eurephiadb_session_common.[ch]) and the other part is left in the old plugin/eurephiadb_session.[ch]. This splitting should make it easiser to reuse some of the session handling functions for the admin utils. | ||||
* | Added minimum API version check when loading database driver. | David Sommerseth | 2008-11-28 | 1 | -1/+1 |
| | |||||
* | Cleaned up eurephiadb_session dependencies | David Sommerseth | 2008-11-28 | 2 | -34/+1 |
| | | | | | Moved eurephiadb_session_struct.h to the common directory and made sure that eurephiadb_session.h is only included where needed | ||||
* | Made eurephia_context.h even more generic and independent | David Sommerseth | 2008-11-28 | 6 | -1/+14 |
| | | | | | | | | | eurephia_context.h do only need to know about the eurephiaFWINTF * struct when compiling the auth plug-in and firewall modules. To enable this, EUREPHIA_FWINTF needs to be defined as well as the eurephiafw_struct.h must be included before including eurephia_context.h in the source. When this is not done, *fwcfg will just be a void *. | ||||
* | Renamed eurephia_struct.h to eurephia_context.h | David Sommerseth | 2008-11-27 | 8 | -59/+13 |
| | | | | | | | | | | | | | Since this include file now only consists of eurephiaCTX definition, it was moved to the common/ directory and renamed. Moved the SESSION_* definitions out of this file and into plugin/eurephiadb_session.h where they belong. Moved the Posix MQ definitions into plugin/firewall/eurephiafw_struct.h where they belong. eurephia_context.h is now containing only context related things. | ||||
* | Code cleanup: Splitted all structures defined in eurephia_struct.h into ↵ | David Sommerseth | 2008-11-05 | 5 | -52/+87 |
| | | | | separate include files | ||||
* | BUGFIX: Corrected misbehaviour when no firewall interfaces is requested to ↵ | David Sommerseth | 2008-11-05 | 1 | -1/+4 |
| | | | | be built | ||||
* | Added check for sem_timedwait() function in CMake rules. Needed for fw ↵ | David Sommerseth | 2008-11-05 | 1 | -2/+3 |
| | | | | implementation | ||||
* | Renamed efw_iptables to efw-iptables (underscore -> dash) | David Sommerseth | 2008-11-05 | 2 | -6/+6 |
| | |||||
* | FEATURE: Enhanced firewall blacklisting to make it more flexible | David Sommerseth | 2008-11-05 | 3 | -3/+28 |
| | | | | | | It will now support config option 'firewall_blacklist_send_to'. If set it will send all blacklisted IP addresses to this chain (iptables -j). If this option is not set, it will default to DROP. | ||||
* | BUGFIX: Fixed wrong attempt count reset during eurephia_tlsverify(...)v0.9.2_beta | David Sommerseth | 2008-11-01 | 1 | -3/+0 |
| | | | | | | The attempt counter for certificates was reset too early. It was reset on successful TLS verification. But the only place these counters should be reset is after successful authentication in eurephia_userauth(...) | ||||
* | Added double check that IP addr is not null before calling ↵ | David Sommerseth | 2008-11-01 | 1 | -1/+3 |
| | | | | eFW_UpdateFirewall(...) | ||||
* | Fixed some typos | David Sommerseth | 2008-11-01 | 1 | -2/+2 |
| | |||||
* | Added firewall update of blacklisted IP addresses in eFW_StartFirewall(...) | David Sommerseth | 2008-11-01 | 1 | -0/+20 |
| | |||||
* | Registering all IP addr blacklisted via eFW_UpdateFirewall(...) to avoid ↵ | David Sommerseth | 2008-11-01 | 2 | -2/+16 |
| | | | | duplicates in firewall rules | ||||
* | BUGFIX (2/2) ... implemented master side fix of shutdown bug | David Sommerseth | 2008-11-01 | 2 | -4/+40 |
| | | | | | Also changed the worker side to use sem_timedwait(), to not wait forever on shutdown acknowledge | ||||
* | BUGFIX (1/2) ... implemented worker side fix of shutdown bug | David Sommerseth | 2008-10-31 | 1 | -1/+9 |
| | |||||
* | Created install rules via cmake | David Sommerseth | 2008-10-21 | 2 | -0/+2 |
| | |||||
* | Added (untested) firewall block when IP addresses are blacklisted | David Sommerseth | 2008-10-21 | 5 | -11/+66 |
| | | | | | | | | If the configuration variable 'firewall_blacklist_destination' is set, it will insert DROP rules when a blacklisted IP address is attempted. Feature not tested yet. | ||||
* | Reorganised the source code | David Sommerseth | 2008-10-15 | 14 | -0/+2010 |
Moved all OpenVPN plug-in related things into ./plugins, including firewall Moved all shared code into ./common and moved the generic part of the database files into ./database Updated all CMakeLists.txt files and created a new one for the root directory |