From 08ab46e694f6ac927aa68be046fc8338b09f9583 Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Wed, 24 Sep 2008 17:49:09 +0200 Subject: BUGFIX: changed argv[1] to argv[0] due to new parameter handling in eurephia.c --- database/sqlite/eurephiadb-sqlite.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'database') diff --git a/database/sqlite/eurephiadb-sqlite.c b/database/sqlite/eurephiadb-sqlite.c index 04ee569..926e94e 100644 --- a/database/sqlite/eurephiadb-sqlite.c +++ b/database/sqlite/eurephiadb-sqlite.c @@ -106,7 +106,7 @@ int eDBconnect(eurephiaCTX *ctx, const int argc, const char **argv) mwStatistics(3); #endif - DEBUG(ctx, 10, "Function call: eDBconnect(ctx, %i, '%s')", argc, argv[1]); + DEBUG(ctx, 10, "Function call: eDBconnect(ctx, %i, '%s')", argc, argv[0]); if( (argc != 1) || (argv[0] == NULL) || (strlen(argv[0]) < 1) ) { eurephia_log(ctx, LOG_PANIC, 0, "Wrong parameters to dblink-sqlite. Cannot open database."); @@ -116,11 +116,11 @@ int eDBconnect(eurephiaCTX *ctx, const int argc, const char **argv) // Connect to the database dbc = (eDBconn *) malloc(sizeof(eDBconn)+2); memset(dbc, 1, sizeof(eDBconn)+2); - dbc->dbname = strdup(argv[1]); + dbc->dbname = strdup(argv[0]); eurephia_log(ctx, LOG_INFO, 1, "Opening database '%s'", dbc->dbname); - rc = sqlite3_open(argv[1], (void *) &dbc->dbhandle); + rc = sqlite3_open(argv[0], (void *) &dbc->dbhandle); if( rc ) { eurephia_log(ctx, LOG_FATAL, 0, "Could not open database '%s'", dbc->dbname); free_nullsafe(dbc->dbname); -- cgit From 372ef358481bab5dcb3d4b34fab07409b935d485 Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Fri, 26 Sep 2008 07:09:26 +0200 Subject: BUGFIX: Made sure that eDBget_sessionkey_seed(...) only returns a sessionkey for sessions which is in open status (sessionstatus is 1 or 2). When a client does a disconnect for session_A, the status of the session is 3, as logged out but not yet deleted. In this status, the session is not deleted, nor is the record in openvpn_sessionkeys for that sessions's sessionseed. If the client then does a new reconnection (session_B) before the session is deleted, it will get the sessionkey for the session which was just logged out, session_A's sessionkey. When OpenVPN then calls the learn_address function to delete the session_A, that session will be closed. This results in that session_B will then do not match any open sessions at all, since session_A and session_B shared the sessionseed to a sessionkey. By changing the eDBget_sessionkey_seed(...) to check that the sessionstatus is 1 or 2 (open session statuses), it should generate a new sessionkey for the session_B, since no sessionkey would be returned for that sessionseed. The destruction of the session (done via eurephia_learn_address(...)) will still work, since this function uses the MAC address of the client and not the sessionseed. --- database/eurephiadb-driver_template.c | 8 ++++++-- database/sqlite/eurephiadb-sqlite.c | 7 ++++++- 2 files changed, 12 insertions(+), 3 deletions(-) (limited to 'database') diff --git a/database/eurephiadb-driver_template.c b/database/eurephiadb-driver_template.c index 5bcea91..a840b25 100644 --- a/database/eurephiadb-driver_template.c +++ b/database/eurephiadb-driver_template.c @@ -641,8 +641,12 @@ char *eDBget_sessionkey_seed(eurephiaCTX *ctx, const char *sessionseed) { } /* WORK TO DO -- DO SQL: - "SELECT sessionkey FROM openvpn_sessionkeys WHERE sessionseed = '%q'", - sessionseed + "SELECT sessionkey " + " FROM openvpn_sessionkeys " + " JOIN openvpn_lastlog USING (sessionkey)" + " WHERE sessionstatus IN (1,2)" + " AND sessionseed = '%q'", + sessionseed */ if( /* IF SQL QUERY FAILED */ ) { eurephia_log(ctx, LOG_CRITICAL, 0,"Could not retrieve sessionkey from openvpn_sessionkeys (%s)", diff --git a/database/sqlite/eurephiadb-sqlite.c b/database/sqlite/eurephiadb-sqlite.c index 926e94e..9c24c07 100644 --- a/database/sqlite/eurephiadb-sqlite.c +++ b/database/sqlite/eurephiadb-sqlite.c @@ -615,7 +615,12 @@ char *eDBget_sessionkey_seed(eurephiaCTX *ctx, const char *sessionseed) { "eDBget_sessionkey: No session seed given - cannot locate sessionkey"); return NULL; } - res = sqlite_query(ctx, "SELECT sessionkey FROM openvpn_sessionkeys WHERE sessionseed = '%q'", + res = sqlite_query(ctx, + "SELECT sessionkey " + " FROM openvpn_sessionkeys " + " JOIN openvpn_lastlog USING (sessionkey)" + " WHERE sessionstatus IN (1,2)" + " AND sessionseed = '%q'", sessionseed); if( res == NULL ) { eurephia_log(ctx, LOG_CRITICAL, 0,"Could not retrieve sessionkey from openvpn_sessionkeys (%s)", -- cgit From 4d75e5c5f8c00a11acf757c1783b3da7d583ae05 Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Fri, 26 Sep 2008 07:30:12 +0200 Subject: BUGFIX: Follow up on the commit fc8a177bc86fc7e68b15045ba7a791e2504f4b5c Make sure that eDBget_sessionkey_macaddr(...) only returns sessionkeys for sessions ready to be destroyed, ie. sessionstatus must be 3. --- database/eurephiadb-driver_template.c | 5 ++++- database/sqlite/eurephiadb-sqlite.c | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) (limited to 'database') diff --git a/database/eurephiadb-driver_template.c b/database/eurephiadb-driver_template.c index a840b25..b608481 100644 --- a/database/eurephiadb-driver_template.c +++ b/database/eurephiadb-driver_template.c @@ -669,7 +669,10 @@ char *eDBget_sessionkey_macaddr(eurephiaCTX *ctx, const char *macaddr) { /* WORK TO DO -- DO SQL: "SELECT sessionkey " " FROM openvpn_sessions " - " WHERE datakey = 'macaddr' AND dataval = '%q'", + " JOIN openvpn_lastlog USING (sessionkey)" + " WHERE sessionstatus = 3 " + " AND datakey = 'macaddr' " + " AND dataval = '%q'", macaddr */ if( /* IF SQL QUERY FAILED */ ) { diff --git a/database/sqlite/eurephiadb-sqlite.c b/database/sqlite/eurephiadb-sqlite.c index 9c24c07..4fc7c5d 100644 --- a/database/sqlite/eurephiadb-sqlite.c +++ b/database/sqlite/eurephiadb-sqlite.c @@ -644,7 +644,10 @@ char *eDBget_sessionkey_macaddr(eurephiaCTX *ctx, const char *macaddr) { res = sqlite_query(ctx, "SELECT sessionkey " " FROM openvpn_sessions " - " WHERE datakey = 'macaddr' AND dataval = '%q'", macaddr); + " JOIN openvpn_lastlog USING (sessionkey)" + " WHERE sessionstatus = 3 " + " AND datakey = 'macaddr' " + " AND dataval = '%q'", macaddr); if( res == NULL ) { eurephia_log(ctx, LOG_CRITICAL, 0, "Could not remove session from database (MAC addr: %s)", macaddr); -- cgit From 7681cc6bcbc0bca9eda98672db3cc8f178dd5082 Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Fri, 26 Sep 2008 09:03:05 +0200 Subject: BUGFIX: Changed SQLite database schema to allow mulitple identical sessionseeds This is to comply to the new behaviour after commit fc8a177bc86fc7e68b15045ba7a791e2504f4b5c. Now we might get several identical session seeds, but some of them might be connected to sessions getting destroyed, while one of them would be connected to an already active session. sessionkey is now the primary key. --- database/sqlite/sql-schema.sql | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'database') diff --git a/database/sqlite/sql-schema.sql b/database/sqlite/sql-schema.sql index b677554..81d7ea4 100644 --- a/database/sqlite/sql-schema.sql +++ b/database/sqlite/sql-schema.sql @@ -103,8 +103,9 @@ CREATE UNIQUE INDEX openvpn_attempts_remoteip ON openvpn_attempts(remoteip); CREATE TABLE openvpn_sessionkeys ( sessionseed varchar(128) NOT NULL, sessionkey varchar(128) NOT NULL, - PRIMARY KEY(sessionseed) + PRIMARY KEY(sessionkey) ); +CREATE INDEX opevpn_sessionkeys_seed ON openvpn_sessionkeys(sessionseed); CREATE TABLE openvpn_config ( datakey varchar(64) NOT NULL, -- cgit From a66ebdced469fe235ac3519a7bcec733046b5e76 Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Fri, 26 Sep 2008 09:15:48 +0200 Subject: Improved description in database driver template regarding argument parsing --- database/eurephiadb-driver_template.c | 27 ++++++++++++++++++++------- 1 file changed, 20 insertions(+), 7 deletions(-) (limited to 'database') diff --git a/database/eurephiadb-driver_template.c b/database/eurephiadb-driver_template.c index b608481..005afc7 100644 --- a/database/eurephiadb-driver_template.c +++ b/database/eurephiadb-driver_template.c @@ -105,13 +105,26 @@ int eDBconnect(eurephiaCTX *ctx, const int argc, const char **argv) eDBconn *dbc = NULL; int rc; - DEBUG(ctx, 10, "Function call: eDBconnect(ctx, %i, '%s')", argc, argv[1]); - - if( (argc != 1) || (argv[0] == NULL) || (strlen(argv[0]) < 1) ) { - eurephia_log(ctx, LOG_PANIC, 0, - "Wrong parameters to eurephia-auth (eDBconnect). Cannot open database."); - return 0; - } + /* WORK TO DO -- Parse arguments + * + * use what ever suitable approach to parse arguments sent to the database module. + * + * The arguments being recieved is everything after the '--' (double dash) + * in the 'plugin' configuration line for OpenVPN. + * + * plugin eurephia-auth.so "-i my_db_module.so -L 3 -- myparam1 myparam2 myparam3" + * + * In this example the following parameters will be available here: + * + * argc = 3 + * argv[0] = myparam1 + * argv[1] = myparam2 + * argv[2] = myparam3 + * + * You are free to use whatever parameter syntax you would like to use. + */ + + DEBUG(ctx, 10, "Function call: eDBconnect(ctx, %i, '...')", argc, dbame); // Connect to the database dbc = (eDBconn *) malloc(sizeof(eDBconn)+2); -- cgit