From a6675fde94aef0da259511fb7c581a07d88ab31e Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Sun, 3 Mar 2013 15:58:12 +0100 Subject: sqlite: Honour the auth plug-in enable flag (plgenabled) If the configured authentication plug-in was disabled, edb-sqlite would still insist on using the plug-in as authentication method. This patch changes the behaviour to use the internal eurephia database for authentication if the authentication plug-in is disabled. The code also was modified slighly so that the internal eurephia database will be the fallback method if any other checks are skipped. Signed-off-by: David Sommerseth --- database/sqlite/edb-sqlite.c | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) (limited to 'database/sqlite') diff --git a/database/sqlite/edb-sqlite.c b/database/sqlite/edb-sqlite.c index 8e3f25c..607911a 100644 --- a/database/sqlite/edb-sqlite.c +++ b/database/sqlite/edb-sqlite.c @@ -286,10 +286,11 @@ eDBauthMethodResult * eDBauth_GetAuthMethod(eurephiaCTX *ctx, dbr = sqlite_query(ctx, "SELECT uicid, authplugin, authusername, activated, deactivated, " - " bl1.blid, bl2.blid" + " bl1.blid, bl2.blid, plgenabled" " FROM openvpn_usercerts uc" " JOIN openvpn_users ou USING (uid)" - " LEFT JOIN openvpn_blacklist bl1 ON( ou.username = bl1.username) " + " LEFT JOIN eurephia_plugins ep ON (uc.authplugin == ep.plgid)" + " LEFT JOIN openvpn_blacklist bl1 ON(ou.username = bl1.username) " " LEFT JOIN (SELECT blid, certid " " FROM openvpn_certificates " " JOIN openvpn_blacklist USING(digest)) bl2 " @@ -320,6 +321,7 @@ eDBauthMethodResult * eDBauth_GetAuthMethod(eurephiaCTX *ctx, if (sqlite_get_numtuples(dbr) == 1) { char *auplgid = sqlite_get_value(dbr, 0, 1); char *auuname = sqlite_get_value(dbr, 0, 2); + char *auplgenab = sqlite_get_value(dbr, 0, 7); if( sqlite_get_value(dbr, 0, 5) != NULL ) { eurephia_log(ctx, LOG_WARNING, 0, "User account is BLACKLISTED (%s)", @@ -339,19 +341,19 @@ eDBauthMethodResult * eDBauth_GetAuthMethod(eurephiaCTX *ctx, eurephia_log(ctx, LOG_WARNING, 0, "User account is deactivated (%s)", username); ret->method = eAM_INACTIVE; - } else if (auplgid == NULL) { - /* If no authentication plug-in is defined, use internal eurephia auth */ - ret->method = eAM_INTERNDB; - ret->username = strdup_nullsafe(username); - ret->authplugid = 0; - } else { - /* If an authentication plug-in is defined. Use a different auth name - * if configured as well. + } else if ((auplgid != NULL) && (auplgenab != NULL) && (auplgenab[0] == 't')) { + /* If an authentication plug-in is defined and enabled. Use a + * different auth name if configured as well. */ ret->method = eAM_PLUGIN; ret->username = strdup_nullsafe((auuname != NULL ? auuname : username)); ret->authplugid = atoi_nullsafe(auplgid); ret->uicid = atoi_nullsafe(sqlite_get_value(dbr, 0, 0)); + } else { + /* If no authentication plug-in is defined, use internal eurephia auth */ + ret->method = eAM_INTERNDB; + ret->username = strdup_nullsafe(username); + ret->authplugid = 0; } } -- cgit