/* administration.c -- Functions needed for administration tasks * * GPLv2 - Copyright (C) 2008 David Sommerseth * * This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; version 2 * of the License. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * */ #include #include #include #include #include #include #ifndef DRIVERAPIVERSION # define DRIVERAPIVERSION 2 #endif #include #include #include #include #include #include #include #include #include #include #ifndef DRIVER_MODE #define DRIVER_MODE #endif #include #include "sqlite.h" #include "fieldmapping.h" #if DRIVERAPIVERSION > 1 /* * API Version 2 functions * */ // Authenticate admin user against user database int eDBadminAuth(eurephiaCTX *ctx, const char *req_access, const char *uname, const char *pwd) { dbresult *res = NULL; char *crpwd = NULL; char *activated = NULL, *deactivated = NULL, *blid = NULL; int uid = -1, pwok = 0, access = 0; char interface; assert(ctx != NULL); switch( ctx->context_type ) { case ECTX_ADMIN_CONSOLE: interface = 'C'; break; case ECTX_ADMIN_WEB: interface = 'W'; break; default: eurephia_log(ctx, LOG_ERROR, 0, "Wrong eurephia context type (0x%04x)", ctx->context_type); return 0; } if( (strlen_nullsafe(uname) < 4) || (strlen_nullsafe(pwd) < 4) ) { eurephia_log(ctx, LOG_WARNING, 0, "User name and/or password is either null or less than 4 bytes"); return 0; } // // Authenticate user and password // crpwd = passwdhash(pwd); assert(crpwd != NULL); res = sqlite_query(ctx, "SELECT activated, deactivated, bl.blid, " " (password = '%q') AS pwok, uid " " FROM openvpn_users ou" " LEFT JOIN openvpn_blacklist bl USING (username)" " WHERE ou.username = '%q'", crpwd, uname); memset(crpwd, 0, strlen_nullsafe(crpwd)); free_nullsafe(crpwd); if( res == NULL ) { eurephia_log(ctx, LOG_FATAL, 0, "Could not authenticate user against the database"); return 0; } if( sqlite_get_numtuples(res) == 1 ) { activated = sqlite_get_value(res, 0, 0); deactivated = sqlite_get_value(res, 0, 1); blid = sqlite_get_value(res, 0, 2); pwok = atoi_nullsafe(sqlite_get_value(res, 0, 3)); uid = atoi_nullsafe(sqlite_get_value(res, 0, 4)); sqlite_free_results(res); if( blid != NULL ) { eurephia_log(ctx, LOG_WARNING, 0, "Your user account is BLACKLISTED. You have no access."); sqlite_free_results(res); return 0; } if( activated == NULL ) { eurephia_log(ctx, LOG_WARNING, 0, "Your user account is not yet activated."); sqlite_free_results(res); return 0; } if( deactivated != NULL ) { eurephia_log(ctx, LOG_WARNING, 0, "Your user account is deactivated."); sqlite_free_results(res); return 0; } if( pwok != 1 ) { eurephia_log(ctx, LOG_WARNING, 0, "Authentication failed,"); sqlite_free_results(res); return 0; } // Check if access level is granted // (SQLite do not handle advanced joins so well, so we need to // do this check with an extra query) res = sqlite_query(ctx, "SELECT (count(*) = 1) AS access " " FROM eurephia_adminaccess" " WHERE uid = '%i' AND interface = '%c' AND access = '%q'", uid, interface, req_access); if( res == NULL ) { eurephia_log(ctx, LOG_FATAL, 0, "Could not check access level"); return 0; } access = atoi_nullsafe(sqlite_get_value(res, 0, 0)); sqlite_free_results(res); if( access == 0 ) { eurephia_log(ctx, LOG_WARNING, 0, "Your account is lacking privileges for this operation"); return 0; } } else { eurephia_log(ctx, LOG_WARNING, 0, "Authentication failed. No unique records found."); sqlite_free_results(res); return 0; } // If we reach this place, authentication was successful. Return users uid return uid; } int eDBadminValidateSession(eurephiaCTX *ctx, const char *sesskey, const char *req_access) { dbresult *res = NULL; int valid = 0, access = 0, expire_time = 0; char interface; assert( (ctx != NULL) && (sesskey != NULL) ); switch( ctx->context_type ) { case ECTX_ADMIN_CONSOLE: interface = 'C'; break; case ECTX_ADMIN_WEB: interface = 'W'; break; default: eurephia_log(ctx, LOG_ERROR, 0, "Wrong eurephia context type (0x%04x)", ctx->context_type); return 0; } // Check if the session is still valid (not expired) and that this session are allowed to access // the requested access level. expire_time = (60 * atoi_nullsafe(defaultValue(eGet_value(ctx->dbc->config, "eurephiadmin_autologout"), "10") ) ); res = sqlite_query(ctx, "SELECT (strftime('%%s',CURRENT_TIMESTAMP)-strftime('%%s',last_action)) > %i AS exp," " (access IS NOT NULL) AS access" " FROM eurephia_adminlog" " LEFT JOIN eurephia_adminaccess USING(uid,interface)" " WHERE status IN (1,2)" " AND sessionkey = '%q'" " AND access = '%q'", expire_time, sesskey, req_access); if( (res == NULL) ) { eurephia_log(ctx, LOG_FATAL, 0, "Could not validate session"); return 0; } valid = (atoi_nullsafe(sqlite_get_value(res, 0, 0)) == 0); access = (atoi_nullsafe(sqlite_get_value(res, 0, 1)) == 1); sqlite_free_results(res); // If still valid, update last_action if( valid && access ) { res = sqlite_query(ctx, "UPDATE eurephia_adminlog" " SET last_action = CURRENT_TIMESTAMP, status = 2" " WHERE sessionkey = '%q'", sesskey); if( res == NULL ) { eurephia_log(ctx, LOG_ERROR, 0, "Could not register session activity"); } sqlite_free_results(res); } else { // If not valid, register session as auto-logged out res = sqlite_query(ctx, "UPDATE eurephia_adminlog" " SET logout = CURRENT_TIMESTAMP, status = %i" " WHERE sessionkey = '%q'", (access ? 4 : 5), sesskey); if( res == NULL ) { eurephia_log(ctx, LOG_ERROR, 0, "Could not register old session as logged out"); } sqlite_free_results(res); // Delete session variables res = sqlite_query(ctx, "DELETE FROM openvpn_sessions WHERE sessionkey = '%q'", sesskey); if( res == NULL ) { eurephia_log(ctx, LOG_ERROR, 0, "Could not delete session variables (%s))", sesskey); return 0; } sqlite_free_results(res); if( !access ) { eurephia_log(ctx, LOG_WARNING, 0, "Your user account is lacking privileges"); } } return (valid && access); } int eDBadminRegisterLogin(eurephiaCTX *ctx, eurephiaSESSION *session) { dbresult *res = NULL; char interface; int uid; assert((ctx != NULL) && (session != NULL)); switch( ctx->context_type ) { case ECTX_ADMIN_CONSOLE: interface = 'C'; break; case ECTX_ADMIN_WEB: interface = 'W'; break; default: eurephia_log(ctx, LOG_ERROR, 0, "Wrong eurephia context type (0x%04x)", ctx->context_type); return 0; } // Register login into eurephia_adminlog ... uid, login, interface, sessionkey uid = atoi_nullsafe(eGet_value(session->sessvals, "uid")); res = sqlite_query(ctx, "INSERT INTO eurephia_adminlog " " (uid, interface, status, login, last_action, sessionkey) " "VALUES ('%i','%c',1,CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, '%q')", uid, interface, session->sessionkey); if( !res ) { eurephia_log(ctx, LOG_FATAL, 0, "Could not manage to register the session in the database"); return 0; } sqlite_free_results(res); return 1; } int eDBadminLogout(eurephiaCTX *ctx, const char *sessionkey) { dbresult *res = NULL; assert((ctx != NULL) && (sessionkey != NULL)); // Update session as logged out res = sqlite_query(ctx, "UPDATE eurephia_adminlog " " SET logout = CURRENT_TIMESTAMP, status = 3" " WHERE sessionkey = '%q'", sessionkey); if( !res ) { eurephia_log(ctx, LOG_FATAL, 0, "Could not manage to register the session as logged out"); return 0; } sqlite_free_results(res); // Delete session variables res = sqlite_query(ctx, "DELETE FROM openvpn_sessions WHERE sessionkey = '%q'", sessionkey); if( res == NULL ) { eurephia_log(ctx, LOG_ERROR, 0, "Could not delete session variables (%s))", sessionkey); return 0; } sqlite_free_results(res); return 1; } int eDBadminConfigSet(eurephiaCTX *ctx, const char *key, const char *val) { dbresult *res = NULL; int found = 0; assert((ctx != NULL) && (ctx->dbc != NULL)); res = sqlite_query(ctx, "SELECT count(*) FROM openvpn_config WHERE datakey = '%q'", key); if( !res ) { eurephia_log(ctx, LOG_ERROR, 0, "Could not query configuration table"); return 0; } found = atoi_nullsafe(sqlite_get_value(res, 0, 0)); sqlite_free_results(res); if( found == 0 ) { res = sqlite_query(ctx, "INSERT INTO openvpn_config (datakey, dataval) VALUES ('%q','%q')", key, val); } else { res = sqlite_query(ctx, "UPDATE openvpn_config SET dataval = '%q' WHERE datakey = '%q'", val, key); } if( res == NULL ) { eurephia_log(ctx, LOG_ERROR, 0, "Could not register configuration entry (%s = '%s'", key, val); return 0; } sqlite_free_results(res); eAdd_value(ctx, ctx->dbc->config, key, val); return 1; } int eDBadminConfigDelete(eurephiaCTX *ctx, const char *key) { dbresult *res = NULL; assert((ctx != NULL) && (ctx->dbc != NULL)); res = sqlite_query(ctx, "DELETE FROM openvpn_config WHERE datakey = '%q'", key); if( !res ) { eurephia_log(ctx, LOG_ERROR, 0, "Could delete config configuration entry (%s)", key); return 0; } sqlite_free_results(res); return 1; } xmlDoc *eDBadminGetUserList(eurephiaCTX *ctx, const char *sortkeys) { xmlDoc *userlist = NULL; xmlNode *root_n = NULL, *user_n = NULL; dbresult *res = NULL; char *dbsort = NULL, tmp[34]; int i = 0; assert((ctx != NULL) && (ctx->dbc != 0)); // Convert the input sort keys to the proper database field names dbsort = eDBmkSortKeyString(tbl_sqlite_users, sortkeys); // Query database for all users res = sqlite_query(ctx, "SELECT username, activated, deactivated, last_accessed, uid" " FROM openvpn_users " "ORDER BY %s", (sortkeys != NULL ? dbsort : "uid")); if( res == NULL ) { eurephia_log(ctx, LOG_ERROR, 0, "Error querying the user database"); return NULL; } // Prepare a list with all users memset(&tmp, 0, 34); eurephiaXML_CreateDoc(ctx, 1, "userlist", &userlist, &root_n); snprintf(tmp, 32, "%i", sqlite_get_numtuples(res)); xmlNewProp(root_n, (xmlChar *)"usercount", (xmlChar *)tmp); // Register all records for( i = 0; i < sqlite_get_numtuples(res); i++ ) { user_n = xmlNewChild(root_n, NULL, (xmlChar *)"user", NULL); sqlite_xml_value(user_n, XML_ATTR, "uid", res, i, 4); sqlite_xml_value(user_n, XML_NODE, "username", res, i, 0); sqlite_xml_value(user_n, XML_NODE, "activated", res, i, 1); sqlite_xml_value(user_n, XML_NODE, "deactivated", res, i, 2); sqlite_xml_value(user_n, XML_NODE, "last_accessed", res, i, 3); } sqlite_free_results(res); // Return a user list return userlist; } inline int xml_set_flag(xmlNode *node, char *flagname, int flagged) { if( flagged ) { xmlNewChild(node, NULL, (xmlChar *) "flag", (xmlChar *) flagname); } return flagged; } // This function will search up a user, based on information given in a fieldMapping structure. // It will return an XML document containing the user information requested, controlled by the // getInfo flag. These flags are defined in eurephiadb_driver.h // // The search XML document format is: // // // <{search field}>{search value} // // // // It can be several search field tags to limit the search even more. // xmlDoc *eDBadminGetUserInfo(eurephiaCTX *ctx, int getInfo, xmlDoc *srch) { dbresult *uinf = NULL, *qres = NULL; eDBfieldMap *uinfo_map = NULL; int flag = 0, uid = 0; char *username = NULL; xmlDoc *doc = NULL; xmlNode *root_n = NULL, *info_n = NULL, *fieldmap = NULL; fieldmap = eurephiaXML_getRoot(ctx, srch, "fieldMapping", 1); uinfo_map = eDBxmlMapping(ctx, tbl_sqlite_users, "u", fieldmap); // Query the database, find the user defined in the user map uinf = sqlite_query_mapped(ctx, SQL_SELECT, "SELECT u.username, u.activated, u.deactivated, u.last_accessed, u.uid," " (bl.username IS NOT NULL), opensess, logincount," " (at.attempts > 0)" " FROM openvpn_users u" " LEFT JOIN openvpn_blacklist bl USING(username)" " LEFT JOIN openvpn_attempts at ON(at.username = u.username)" " LEFT JOIN (SELECT uid, count(*) AS logincount " " FROM openvpn_lastlog" " GROUP BY uid) lc" " ON (lc.uid = u.uid)" " LEFT JOIN (SELECT uid, count(*) > 0 AS opensess" " FROM openvpn_lastlog" " WHERE sessionstatus = 2" " GROUP BY uid) os" " ON (os.uid = u.uid)", NULL, uinfo_map); if( uinf == NULL ) { eurephia_log(ctx, LOG_ERROR, 0, "Error querying the database for a user"); return 0; } eDBfreeMapping(uinfo_map); switch( sqlite_get_numtuples(uinf) ) { case 0: sqlite_free_results(uinf); return 0; // No user found case 1: uid = atoi_nullsafe(sqlite_get_value(uinf, 0, 4)); username = sqlite_get_value(uinf, 0, 0); eurephiaXML_CreateDoc(ctx, 1, "user", &doc, &root_n); sqlite_xml_value(root_n, XML_NODE, "username", uinf, 0, 0); sqlite_xml_value(root_n, XML_ATTR, "uid", uinf, 0, 4); if( (getInfo & USERINFO_user) == USERINFO_user ) { info_n = xmlNewChild(root_n, NULL, (xmlChar *) "flags", NULL); // set DEACTIVATED flag, if deactivated field is not NULL xml_set_flag(info_n, "DEACTIVATED", (sqlite_get_value(uinf, 0, 2) != NULL)); // set BLACKLISTED flag, if username is found in blacklist table xml_set_flag(info_n, "BLACKLISTED", (atoi_nullsafe(sqlite_get_value(uinf, 0, 5))==1)); // set OPENSESSION flag, if user has a lastlog entry with sessionstatus == 2 xml_set_flag(info_n, "OPENSESSION", (atoi_nullsafe(sqlite_get_value(uinf, 0, 6))==1)); // set ERRATTEMPT flag, if user has an entry in attempts log with attemtps > 0 xml_set_flag(info_n, "ERRATTEMPT", (atoi_nullsafe(sqlite_get_value(uinf, 0, 8))==1)); // set NEVERUSED flag, if login count == 0 and last_accessed == NULL flag = xml_set_flag(info_n, "NEVERUSED", ((atoi_nullsafe(sqlite_get_value(uinf,0, 7))==0) && (sqlite_get_value(uinf, 0, 3) == NULL))); // set RSETLASTUSED flag, if login count == 0 and last_accessed == NULL xml_set_flag(info_n, "RSETLASTUSED", !flag && (sqlite_get_value(uinf,0,3)) == NULL); // set RSETLOGINCNT flag, if login count == 0 and last_accessed != NULL xml_set_flag(info_n, "RSETLOGINCNT", ((atoi_nullsafe(sqlite_get_value(uinf,0, 7))==0) && (sqlite_get_value(uinf,0,3)) != NULL)); sqlite_xml_value(root_n, XML_NODE, "activated", uinf, 0, 1); sqlite_xml_value(root_n, XML_NODE, "deactivated", uinf, 0, 2); info_n = sqlite_xml_value(root_n, XML_NODE, "last_accessed", uinf, 0, 3); sqlite_xml_value(info_n, XML_ATTR, "logincount", uinf, 0, 7); } if( (getInfo & USERINFO_certs) == USERINFO_certs ) { // Extract certificate info qres = sqlite_query(ctx, "SELECT depth, digest, common_name, organisation, email, " " c.registered, c.certid, uc.accessprofile, access_descr," " fw_profile" " FROM openvpn_certificates c" " LEFT JOIN openvpn_usercerts uc ON (c.certid = uc.certid)" " LEFT JOIN openvpn_accesses a " " ON (uc.accessprofile = a.accessprofile)" " WHERE uid = '%i' ORDER BY c.certid DESC", uid); info_n = xmlNewChild(root_n, NULL, (xmlChar *) "certificates", NULL); if( (qres != NULL) && (sqlite_get_numtuples(qres) > 0) ) { int i; xmlNode *cert, *acpr; for( i = 0; i < sqlite_get_numtuples(qres); i++ ) { cert = xmlNewChild(info_n, NULL, (xmlChar *) "certificate", NULL); sqlite_xml_value(cert, XML_ATTR, "certid", qres, 0, 6); sqlite_xml_value(cert, XML_ATTR, "depth", qres, 0, 0); sqlite_xml_value(cert, XML_ATTR, "registered", qres, 0, 5); sqlite_xml_value(cert, XML_NODE, "digest", qres, 0, 1); sqlite_xml_value(cert, XML_NODE, "common_name", qres, 0, 2); sqlite_xml_value(cert, XML_NODE, "organisation", qres, 0, 3); sqlite_xml_value(cert, XML_NODE, "email", qres, 0, 4); acpr = sqlite_xml_value(cert, XML_NODE, "access_profile", qres, 0, 8); sqlite_xml_value(acpr, XML_ATTR, "accessprofile", qres, 0, 7); sqlite_xml_value(acpr, XML_ATTR, "fwdestination", qres, 0, 9); } } if( qres != NULL ) { sqlite_free_results(qres); } } if( (getInfo & USERINFO_lastlog) == USERINFO_lastlog ) { int i = 0; xmlNode *lastl = NULL, *sess = NULL, *tmp1 = NULL, *tmp2 = NULL; qres = sqlite_query(ctx, "SELECT llid, ll.certid, protocol, remotehost, remoteport, macaddr," " vpnipaddr, vpnipmask, sessionstatus, sessionkey," " login, logout, session_duration, session_deleted," " bytes_sent, bytes_received, uicid, accessprofile," " access_descr, fw_profile, depth, digest," " common_name, organisation, email" " FROM openvpn_lastlog ll" " LEFT JOIN openvpn_usercerts USING (uid, certid)" " LEFT JOIN openvpn_accesses USING (accessprofile)" " LEFT JOIN openvpn_certificates cert ON (ll.certid = cert.certid)" " WHERE uid = '%i' ORDER BY login, logout", uid); if( qres == NULL ) { eurephia_log(ctx, LOG_ERROR, 0, "Quering the lastlog failed"); xmlFreeDoc(doc); return NULL; } lastl = xmlNewChild(root_n, NULL, (xmlChar *) "lastlog", NULL); for( i = 0; i < sqlite_get_numtuples(qres); i++ ) { sess = xmlNewChild(lastl, NULL, (xmlChar*) "session", NULL); sqlite_xml_value(sess, XML_ATTR, "llid", qres, i, 0); xmlNewProp(sess, (xmlChar *) "session_status", SESSION_STATUS[atoi_nullsafe(sqlite_get_value(qres, i, 8))]); sqlite_xml_value(sess, XML_ATTR, "session_duration", qres, i, 12); sqlite_xml_value(sess, XML_NODE, "sessionkey", qres, i, 9); sqlite_xml_value(sess, XML_NODE, "login", qres, i, 10); sqlite_xml_value(sess, XML_NODE, "logout", qres, i, 11); sqlite_xml_value(sess, XML_NODE, "session_closed", qres, i, 13); tmp1 = xmlNewChild(sess, NULL, (xmlChar *) "connection", NULL); sqlite_xml_value(tmp1, XML_ATTR, "bytes_sent", qres, i, 14); sqlite_xml_value(tmp1, XML_ATTR, "bytes_received", qres, i, 15); sqlite_xml_value(tmp1, XML_NODE, "protocol", qres, i, 2); sqlite_xml_value(tmp1, XML_NODE, "remote_host", qres, i, 3); sqlite_xml_value(tmp1, XML_NODE, "remote_port", qres, i, 4); sqlite_xml_value(tmp1, XML_NODE, "vpn_macaddr", qres, i, 5); sqlite_xml_value(tmp1, XML_NODE, "vpn_ipaddr" , qres, i, 6); sqlite_xml_value(tmp1, XML_NODE, "vpn_netmask", qres, i, 7); tmp1 = xmlNewChild(sess, NULL, (xmlChar *) "certificate", NULL); sqlite_xml_value(tmp1, XML_ATTR, "certid", qres, i, 1); sqlite_xml_value(tmp1, XML_ATTR, "uicid", qres, i, 16); sqlite_xml_value(tmp1, XML_ATTR, "depth", qres, i, 20); sqlite_xml_value(tmp1, XML_NODE, "digest", qres, i, 21); sqlite_xml_value(tmp1, XML_NODE, "common_name", qres, i, 22); sqlite_xml_value(tmp1, XML_NODE, "organisation", qres, i, 23); sqlite_xml_value(tmp1, XML_NODE, "email", qres, i, 24); tmp2 = sqlite_xml_value(tmp1, XML_NODE, "access_profile", qres, i, 18); sqlite_xml_value(tmp2, XML_ATTR, "accessprofile", qres, i, 17); sqlite_xml_value(tmp2, XML_ATTR, "fwdestination", qres, i, 19); } sqlite_free_results(qres); } if( (getInfo & USERINFO_attempts) == USERINFO_attempts ) { xmlNode *atmpt = NULL; qres = sqlite_query(ctx, "SELECT attempts, registered, last_attempt, atpid" " FROM openvpn_attempts " " WHERE username = '%q'", username); if( (qres == NULL) || (sqlite_get_numtuples(qres) > 1) ) { eurephia_log(ctx, LOG_ERROR, 0, "Quering for login attempts failed"); sqlite_free_results(qres); xmlFreeDoc(doc); return NULL; } atmpt = xmlNewChild(root_n, NULL, (xmlChar *) "attempts", NULL); if( sqlite_get_numtuples(qres) == 1 ) { sqlite_xml_value(atmpt, XML_ATTR, "atpid", qres, 0, 3); sqlite_xml_value(atmpt, XML_ATTR, "attempts", qres, 0, 0); sqlite_xml_value(atmpt, XML_NODE, "first_attempt", qres, 0, 1); sqlite_xml_value(atmpt, XML_NODE, "last_attempt", qres, 0, 2); } sqlite_free_results(qres); } if( (getInfo & USERINFO_blacklist) == USERINFO_blacklist ) { xmlNode *atmpt = NULL; qres = sqlite_query(ctx, "SELECT registered, last_accessed, blid" " FROM openvpn_blacklist " " WHERE username = '%q'", username); if( (qres == NULL) || (sqlite_get_numtuples(qres) > 1) ) { eurephia_log(ctx, LOG_ERROR, 0, "Quering blacklist log failed"); sqlite_free_results(qres); xmlFreeDoc(doc); return NULL; } atmpt = xmlNewChild(root_n, NULL, (xmlChar *) "blacklist", NULL); if( sqlite_get_numtuples(qres) == 1 ) { sqlite_xml_value(atmpt, XML_ATTR, "blid", qres, 0, 2); sqlite_xml_value(atmpt, XML_NODE, "blacklisted", qres, 0, 0); sqlite_xml_value(atmpt, XML_NODE, "last_accessed", qres, 0, 1); } sqlite_free_results(qres); } sqlite_free_results(uinf); return doc; default: sqlite_free_results(uinf); eurephia_log(ctx, LOG_ERROR, 0, "Too many user records was found."); return NULL; } } // This function will add a user to the openvpn_users table, based on the // XML document given. // // XML format: // // // // {user name} // {password}" // // // // int eDBadminAddUser(eurephiaCTX *ctx, xmlDoc *usrinf) { dbresult *res = NULL; xmlNode *usrinf_n = NULL; eDBfieldMap *usrinf_map = NULL; int rc = 0; assert( (ctx != NULL) && (usrinf != NULL) ); // Get the add_user node, and then find the fieldMapping node usrinf_n = eurephiaXML_getRoot(ctx, usrinf, "add_user", 1); if( usrinf_n == NULL ) { eurephia_log(ctx, LOG_ERROR, 0, "Could not find proper add user XML document"); return 0; } usrinf_n = xmlFindNode(usrinf_n, "fieldMapping"); if( usrinf_n == NULL ) { eurephia_log(ctx, LOG_ERROR, 0, "Could not find proper add user XML document"); return 0; } // Get a proper field mapping to be used by the database usrinf_map = eDBxmlMapping(ctx, tbl_sqlite_users, NULL, usrinf_n); assert( usrinf_map != NULL ); // Register the user res = sqlite_query_mapped(ctx, SQL_INSERT, "INSERT INTO openvpn_users", usrinf_map, NULL); if( res == NULL ) { eurephia_log(ctx, LOG_FATAL, 0, "Could not register the new user account"); rc = 0; } else { rc = 1; } sqlite_free_results(res); eDBfreeMapping(usrinf_map); return rc; } // This function will update a user account based on the XML document sent in as a parameter. // The function will double check that the uid in the argument list and the uid in the XML // document is coherent. // // The format of the input XML is: // // // // <{field name}>{new value} // // // // int eDBadminUpdateUser(eurephiaCTX *ctx, const int uid, xmlDoc *usrinf) { dbresult *uinf = NULL; xmlDoc *srch_xml = NULL; xmlNode *root_n = NULL, *srch_n = NULL, *values_n = NULL; eDBfieldMap *value_map = NULL, *srch_map = NULL; xmlChar *xmluid = 0; assert( (ctx != NULL) && (usrinf != NULL) ); // Get the update_user node root_n = eurephiaXML_getRoot(ctx, usrinf, "update_user", 1); if( root_n == NULL ) { eurephia_log(ctx, LOG_ERROR, 0, "Could not find proper XML element for user update"); return 0; } // Double check that we are going to update the right user xmluid = (xmlChar *)xmlGetAttrValue(root_n->properties, "uid"); if( atoi_nullsafe((char *)xmluid) != uid ) { eurephia_log(ctx, LOG_ERROR, 0, "Mismatch between uid given as parameter and uid in XML"); return 0; } // Grab the fieldMapping node and create a eDBfieldMap structure for it values_n = xmlFindNode(root_n, "fieldMapping"); value_map = eDBxmlMapping(ctx, tbl_sqlite_users, NULL, values_n); // Create an eDBfieldMap structure for the srch_map (used for WHERE clause) eurephiaXML_CreateDoc(ctx, 1, "fieldMapping", &srch_xml, &srch_n); xmlNewProp(srch_n, (xmlChar *) "table", (xmlChar *) "users"); xmlNewChild(srch_n, NULL, (xmlChar *) "uid", xmluid); // Add uid as the only criteria srch_map = eDBxmlMapping(ctx, tbl_sqlite_users, NULL, srch_n); assert( srch_map != NULL ); // UPDATE the database uinf = sqlite_query_mapped(ctx, SQL_UPDATE, "UPDATE openvpn_users", value_map, srch_map); if( uinf == NULL ) { eurephia_log(ctx, LOG_ERROR, 0, "Error querying the database for a user"); return 0; } sqlite_free_results(uinf); eDBfreeMapping(srch_map); eDBfreeMapping(value_map); xmlFreeDoc(srch_xml); return 1; } // This function will delete a user to the openvpn_users table, based on the // XML document given. The uid of the account to be deleted must also be sent // as a separate parameter, as a security feature // // XML format: // // // // int eDBadminDeleteUser(eurephiaCTX *ctx, const int uid, xmlDoc *usrinf) { dbresult *res = NULL; xmlNode *usrinf_n = NULL; char *uid_str = NULL; int rc = 0; assert( (ctx != NULL) && (usrinf != NULL) ); // Get the delete_user node usrinf_n = eurephiaXML_getRoot(ctx, usrinf, "delete_user", 1); if( usrinf_n == NULL ) { eurephia_log(ctx, LOG_ERROR, 0, "Could not find proper delete user XML document"); return 0; } // Get the uid from the XML and compare it with the uid in the function argument uid_str = xmlGetAttrValue(usrinf_n->properties, "uid"); if( (uid_str == NULL) || (atoi_nullsafe(uid_str) != uid) ) { eurephia_log(ctx, LOG_ERROR, 0, "Could not find proper delete user XML document. (uid mismatch)"); return 0; } // Delete the user res = sqlite_query(ctx, "DELETE FROM openvpn_users WHERE uid = '%i'", uid); if( res == NULL ) { eurephia_log(ctx, LOG_FATAL, 0, "Could not delete the user account"); rc = 0; } else { rc = 1; } sqlite_free_results(res); return rc; } xmlDoc *eDBadminGetCertificateList(eurephiaCTX *ctx, const char *sortkeys) { return NULL; } xmlDoc *eDBadminGetCertificateInfo(eurephiaCTX *ctx, xmlDoc *srchkey) { return NULL; } int eDBadminAddCertificate(eurephiaCTX *ctx, xmlDoc *crtinf) { return 0; } int eDBadminDeleteCertificate(eurephiaCTX *ctx, const int uid, xmlDoc *crtinf) { return 0; } xmlDoc *eDBadminGetLastlog(eurephiaCTX *ctx, xmlDoc *usersrch, xmlDoc *certsrch, const char *sortkeys) { return NULL; } xmlDoc *eDBadminGetAttemptsLog(eurephiaCTX *ctx, xmlDoc *usersrch, xmlDoc *certsrch, const char *sortkeys) { return NULL; } #endif