summaryrefslogtreecommitdiffstats
path: root/plugin
Commit message (Collapse)AuthorAgeFilesLines
...
* Cleaned up the driver/interface API for database and firewallDavid Sommerseth2009-11-041-3/+5
|
* Restrict log length of mac addressDavid Sommerseth2009-10-131-2/+2
|
* Always process certificate depth as integerDavid Sommerseth2009-10-131-6/+7
|
* Fixed memory leak in the firewall implementation and added mlock() usageDavid Sommerseth2009-10-062-1/+25
| | | | | | | | | | | The memory leak was caused by not freeing the shadow context the firewall child process uses for logging. In addition this child process had a connection to the database open as well, which was not needed. This connection is now disconnected immediately after the child process has started. Added also usage of mlock() to protect sensitive information from being swapped out to disk.
* Added missing doxygen comments to environment.hDavid Sommerseth2009-10-051-17/+182
|
* Use macros to extract values via get_env()David Sommerseth2009-10-054-42/+97
| | | | | This has two purposes. To make the code more readable and to use the same maximum length of the data being retrieved from the environment table.
* Only DEBUG log what get_env() will returnDavid Sommerseth2009-10-051-3/+3
|
* Moved the get_env() function into its own fileDavid Sommerseth2009-10-044-59/+144
|
* Restrict input data length for plug-in arguments from openvpnDavid Sommerseth2009-10-042-8/+11
| | | | This only affects functions related to MAC address and certificate depth
* Tightening the building of the seeddata string even moreDavid Sommerseth2009-10-021-1/+1
| | | | This is a follow up of commit 80b41e27b7361633bee17c64bbb95490dc94ab9f
* Fixed possible integer overflow issueDavid Sommerseth2009-10-021-7/+7
| | | | | | | | | | | | | | | The eDBopen_session_seed() function was prune to an integer overflow issue, if the input data (some which comes from clients) exeeds the size_t max value which calloc() uses (via malloc_nullsafe()). The totlen variable was in addition defined as int and the totlen value was multiplied by 2. The fix was to use the maximum values used when calling get_env(). These values the maximum can then be added together to retrieve the maximum length of the seeddata string. This should also make the execution go slightly quicker as strlen_nullsafe() is no longer called for each of the input variables. In addition, there are no reasons to multiply the totlen value by two as it did. Credit goes to Larry Highsmith for noticing this potential problem.
* Modified get_env() function to limit number of bytes to extractDavid Sommerseth2009-10-023-60/+152
| | | | | This is to enhance the security and to avoid possible buffer overflows based on input received from the client
* Added extra parameter to eurephia_log_init() to set log ident for syslogDavid Sommerseth2009-09-241-2/+2
|
* Rewritten the eurephia_log() to support syslog logging as wellDavid Sommerseth2009-09-243-39/+14
| | | | | | | | | | | | | | | | | | | | | | | | Also simplified the initialisation of the logging module. By calling the eurephia_log_init(eurephiaCTX *, char *dest, int loglevel) function, a log context will be setup inside the eurephiaCTX. To close the log file, eurephia_log_close(eurephiaCTX *) must be called. The destination string to eurephia_log_init() can be: - stdout: Log everything to stdout - stderr: Log everything to stderr - none: Do no logging at all - syslog:<facility> Log via syslog. <facility> can be: user, local[0-7], daemon or authpriv. - Filename All logging goes to the given filename. If the filename string is not recognised by any of the reserved words above, it will be handled as a filename.
* Fixed some new Doxygen warnings which came after enabling static functions ↵David Sommerseth2009-09-141-1/+9
| | | | and vars
* Added debug logging of free_nullsafe() calls as wellDavid Sommerseth2009-09-074-46/+46
|
* Moved all malloc() operations over to a calloc wrapper, malloc_nullsafe()David Sommerseth2009-09-073-30/+18
| | | | This also improves debugging as well, if debug logging is enabled and log level is >= 40.
* Added missing include fileDavid Sommerseth2009-09-051-0/+1
| | | | A compiler warning showed up when --debug mode was enabled.
* Cleaned up and added some missing commentsDavid Sommerseth2009-09-054-10/+26
|
* Even more commentsDavid Sommerseth2009-09-046-23/+83
|
* Added doxygen commentsDavid Sommerseth2009-09-026-30/+330
|
* Added copyright info in CMake filesDavid Sommerseth2009-09-022-1/+39
|
* Added missing #include statementsDavid Sommerseth2009-09-022-0/+2
|
* Cleaned up the CMake rules for the eurephia-auth.so plug-inDavid Sommerseth2009-09-021-19/+38
|
* Cleaned up the efw-iptables CMake rulesDavid Sommerseth2009-09-021-3/+11
|
* Rewritten CMake rules to build common/ as static libraryDavid Sommerseth2009-04-112-14/+5
| | | | | | This static library is later on linked in. This is to avoid recompiling the same source files several times during a complete eurephia compilation.
* Restructured ./configure and improved the path setupDavid Sommerseth2009-03-302-2/+2
| | | | Also added install rules to XSLT files
* Corrected a log entry on login/logoutDavid Sommerseth2009-03-261-2/+2
|
* Made the licence explicit GPLv2 onlyDavid Sommerseth2009-03-2612-12/+12
|
* Cleaned up the code a little bitDavid Sommerseth2009-03-2612-25/+28
| | | | | Made sure we only include needed include files and checked that the copyright headers are equal and correct
* Renamed passwdhash(...) function to eurephia_quick_hash(...)David Sommerseth2009-03-211-1/+1
| | | | | | | | | | This to make it clearer that passwdhash(...) is not good for password hashing, but suitable when you need a quick hashing algorithm. The eurephia_quick_hash(...) are now used for password caching hashing, and is still suitable here since the salt used for the passwords are in memory only and never written to disk, as they are supposed to be temporary hashes.
* Moved eDBsessionGetRandString(...) to a more global and independent ↵David Sommerseth2009-01-103-3/+6
| | | | eurephia_randstring(...) function
* BUGFIX: Removed several memory leaksDavid Sommerseth2009-01-031-0/+5
|
* BUGFIX: Fixed unintended truncation of the session key and session seed valuesDavid Sommerseth2009-01-031-2/+2
|
* Introduced password caching on authenticated sessionsDavid Sommerseth2009-01-032-7/+72
| | | | | | | | | | | | | | | | | | | | | | This is to prepare eurephia-auth plugin to use other and more CPU intensive hashing algorithms for passwords. In addition, open sessions will now not be rejected/closed due to wrong password if the user changes the password with an open session running. The patch adds a new server_salt attribute in the eurephiaCTX structure. This is used as a temporary salt and is created of random data when OpenVPN is started. When a user is being authenticated (eurephia.c/eurephia_userauth) a authentication session (not the same as a 'normal' session) is opened and checked for a cached password. If it does not exist or match, normal password check will be done against the user database. If a cached password is found and matches, it is considered to be authenticated. The cached password uses the SHA512 algorithm, together with the eurephiaCTX->server_salt.
* Make it possible to compile plug-in again without eurephiadm enabledDavid Sommerseth2009-01-021-1/+5
|
* Merge branch 'master' into eurephiadmDavid Sommerseth2008-12-022-2/+4
|\
| * Added login and logout info messages when log-level is 1David Sommerseth2008-12-021-0/+2
| |
| * Made some messages clearer in efw-iptablesDavid Sommerseth2008-12-021-2/+2
| |
* | Added context_type into eurephiaCTX struct. Database queries limited due to ↵David Sommerseth2008-11-292-0/+2
| | | | | | | | context type.
* | Removed unneeded declaraion of eDBset_session_value(...) after commit ↵David Sommerseth2008-11-281-2/+0
| | | | | | | | 0c35035dc8ac5d099f53353938a66b33227d3342
* | Splitted plugin/eurephiadb_session.[ch] into two partsDavid Sommerseth2008-11-284-119/+5
|/ | | | | | | | | One part is a generic session handling part (common/eurephiadb_session_common.[ch]) and the other part is left in the old plugin/eurephiadb_session.[ch]. This splitting should make it easiser to reuse some of the session handling functions for the admin utils.
* Added minimum API version check when loading database driver.David Sommerseth2008-11-281-1/+1
|
* Cleaned up eurephiadb_session dependenciesDavid Sommerseth2008-11-282-34/+1
| | | | | Moved eurephiadb_session_struct.h to the common directory and made sure that eurephiadb_session.h is only included where needed
* Made eurephia_context.h even more generic and independentDavid Sommerseth2008-11-286-1/+14
| | | | | | | | | eurephia_context.h do only need to know about the eurephiaFWINTF * struct when compiling the auth plug-in and firewall modules. To enable this, EUREPHIA_FWINTF needs to be defined as well as the eurephiafw_struct.h must be included before including eurephia_context.h in the source. When this is not done, *fwcfg will just be a void *.
* Renamed eurephia_struct.h to eurephia_context.hDavid Sommerseth2008-11-278-59/+13
| | | | | | | | | | | | | Since this include file now only consists of eurephiaCTX definition, it was moved to the common/ directory and renamed. Moved the SESSION_* definitions out of this file and into plugin/eurephiadb_session.h where they belong. Moved the Posix MQ definitions into plugin/firewall/eurephiafw_struct.h where they belong. eurephia_context.h is now containing only context related things.
* Code cleanup: Splitted all structures defined in eurephia_struct.h into ↵David Sommerseth2008-11-055-52/+87
| | | | separate include files
* BUGFIX: Corrected misbehaviour when no firewall interfaces is requested to ↵David Sommerseth2008-11-051-1/+4
| | | | be built
* Added check for sem_timedwait() function in CMake rules. Needed for fw ↵David Sommerseth2008-11-051-2/+3
| | | | implementation
* Renamed efw_iptables to efw-iptables (underscore -> dash)David Sommerseth2008-11-052-6/+6
|
generated by cgit (git 2.34.1) at 2024-05-22 17:46:57 +0000