From 8a0b87ab7e99af1700aa80cb54373b68864eb0d4 Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Sat, 3 Jan 2009 21:53:07 +0100 Subject: Introduced password caching on authenticated sessions This is to prepare eurephia-auth plugin to use other and more CPU intensive hashing algorithms for passwords. In addition, open sessions will now not be rejected/closed due to wrong password if the user changes the password with an open session running. The patch adds a new server_salt attribute in the eurephiaCTX structure. This is used as a temporary salt and is created of random data when OpenVPN is started. When a user is being authenticated (eurephia.c/eurephia_userauth) a authentication session (not the same as a 'normal' session) is opened and checked for a cached password. If it does not exist or match, normal password check will be done against the user database. If a cached password is found and matches, it is considered to be authenticated. The cached password uses the SHA512 algorithm, together with the eurephiaCTX->server_salt. --- common/eurephia_context.h | 3 +++ 1 file changed, 3 insertions(+) (limited to 'common/eurephia_context.h') diff --git a/common/eurephia_context.h b/common/eurephia_context.h index 74a9f85..15db44e 100644 --- a/common/eurephia_context.h +++ b/common/eurephia_context.h @@ -31,6 +31,8 @@ #define ECTX_ADMIN_CONSOLE 0x2001 #define ECTX_ADMIN_WEB 0x2002 +#define SIZE_PWDCACHE_SALT 2048 + // // main structure for the eurephia module context // - the same context structure is used for all OpenVPN sessions @@ -44,6 +46,7 @@ typedef struct { #else void *fwcfg; #endif + char *server_salt; FILE *log; int loglevel; int fatal_error; -- cgit