Data Structures | Defines | Functions | Variables

edb-sqlite.c File Reference

eurephia database driver for the SQLite3 database. This file is the main API for the driver. More...

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <assert.h>
#include <sqlite3.h>
#include <eurephiadb_driver.h>
#include <eurephia_nullsafe.h>
#include <eurephia_log.h>
#include <eurephia_values.h>
#include <eurephiadb_session_common.h>
#include <eurephiadb_session_struct.h>
#include <passwd.h>
#include "sqlite.h"
Include dependency graph for edb-sqlite.c:

Go to the source code of this file.

Data Structures

struct  eDBattempt_types_t

Defines

#define DRIVERVERSION   "1.1"
#define DRIVERAPIVERSION   2

Functions

const char * eDB_DriverVersion (void)
int eDB_DriverAPIVersion ()
void update_attempts (eurephiaCTX *ctx, const char *blid)
int eDBconnect (eurephiaCTX *ctx, const int argc, const char **argv)
void eDBdisconnect (eurephiaCTX *ctx)
int eDBauth_TLS (eurephiaCTX *ctx, const char *org, const char *cname, const char *email, const char *digest, const unsigned int depth)
int eDBauth_user (eurephiaCTX *ctx, const int certid, const char *username, const char *passwd)
int eDBget_uid (eurephiaCTX *ctx, const int certid, const char *username)
int eDBblacklist_check (eurephiaCTX *ctx, const int type, const char *val)
void eDBregister_attempt (eurephiaCTX *ctx, int type, int mode, const char *value)
int eDBregister_login (eurephiaCTX *ctx, eurephiaSESSION *skey, const int certid, const int uid, const char *proto, const char *remipaddr, const char *remport, const char *vpnipaddr, const char *vpnipmask)
int eDBregister_vpnmacaddr (eurephiaCTX *ctx, eurephiaSESSION *session, const char *macaddr)
int eDBregister_logout (eurephiaCTX *ctx, eurephiaSESSION *skey, const char *bytes_sent, const char *bytes_received, const char *duration)
char * eDBget_sessionkey_seed (eurephiaCTX *ctx, sessionType type, const char *sessionseed)
char * eDBget_sessionkey_macaddr (eurephiaCTX *ctx, const char *macaddr)
int eDBcheck_sessionkey_uniqueness (eurephiaCTX *ctx, const char *seskey)
int eDBregister_sessionkey (eurephiaCTX *ctx, const char *seed, const char *seskey)
int eDBremove_sessionkey (eurephiaCTX *ctx, const char *seskey)
eurephiaVALUESeDBload_sessiondata (eurephiaCTX *ctx, const char *sesskey)
int eDBstore_session_value (eurephiaCTX *ctx, eurephiaSESSION *session, int mode, const char *key, const char *val)
int eDBdestroy_session (eurephiaCTX *ctx, eurephiaSESSION *session)
char * eDBget_firewall_profile (eurephiaCTX *ctx, eurephiaSESSION *session)
eurephiaVALUESeDBget_blacklisted_ip (eurephiaCTX *ctx)

Variables

static const eDBattempt_types_t eDBattempt_types []

Detailed Description

eurephia database driver for the SQLite3 database. This file is the main API for the driver.

Author:
David Sommerseth <dazo@users.sourceforge.net>
Date:
2008-08-06

Definition in file edb-sqlite.c.

Define Documentation

#define DRIVERAPIVERSION   2

Sets the API version level of this driver

Definition at line 42 of file edb-sqlite.c.

#define DRIVERVERSION   "1.1"

Defines the software version of this driver

Definition at line 40 of file edb-sqlite.c.

Function Documentation

int eDB_DriverAPIVersion (  ) 

Mandatory function. Retrieves driver API level

Returns:
Returns integer value with API level supported by driver.

< Sets the API version level of this driver

Definition at line 96 of file edb-sqlite.c.

const char* eDB_DriverVersion ( void   ) 

Mandatory function. Retrieves driver version information

Returns:
Returns string (const char *) containing driver version information.

< Defines the software version of this driver

Definition at line 88 of file edb-sqlite.c.

int eDBauth_TLS ( eurephiaCTX ctx,
const char *  org,
const char *  cname,
const char *  email,
const char *  digest,
const unsigned int  depth 
)

Authenticates a certificate against the database.

Version:
API version level 1
Parameters:
ctx eurephiaCTX
org X.509 organisation field (O)
cname X.509 common name field (CN)
email X.509 email field (emailAddress)
digest Certificate SHA1 fingerprint (digest)
depth Certificate depth. 0 is for user certificates. 1 and higher is for CA certificates, according to the certificates position in the certificate chain.
Returns:
Returns certid (certificate ID) on success. 0 is returned if certificate is not found, or -1 if the certificate is blacklisted.

< Messages intended when debugging. Only for log level > 10

< Input data or processing revealed unexpected data. Log level never > 2

< Alias for LOG_FATAL

< Operation failed and cannot continue. Log level always < 2

< Messages intended when debugging. Only for log level > 10

Definition at line 221 of file edb-sqlite.c.

Here is the call graph for this function:

int eDBauth_user ( eurephiaCTX ctx,
const int  certid,
const char *  username,
const char *  passwd 
)

Authenticates a client against the database, with users certificate ID, username and password.

Version:
API version level 1
Parameters:
ctx eurephiaCTX
certid certificate ID to the user being authenticated
username username to be authenticated
passwd password provided by the user
Returns:
Returns uicid (user-certs ID) to the user on success. 0 if user account is not found and -1 on authentication failure.

< Messages intended when debugging. Only for log level > 10

< Alias for LOG_FATAL

< Operation failed and cannot continue. Log level always < 2

< Input data or processing revealed unexpected data. Log level never > 2

< Input data or processing revealed unexpected data. Log level never > 2

< Input data or processing revealed unexpected data. Log level never > 2

< Input data or processing revealed unexpected data. Log level never > 2

< Input data or processing revealed unexpected data. Log level never > 2

< Input data or processing revealed unexpected data. Log level never > 2

< Alias for LOG_ERROR, in case it is not defined

< API errors but not sever, program can continue to run

< Input data or processing revealed unexpected data. Log level never > 2

< Messages intended when debugging. Only for log level > 10

Definition at line 268 of file edb-sqlite.c.

Here is the call graph for this function:

int eDBblacklist_check ( eurephiaCTX ctx,
const int  type,
const char *  val 
)

Checks if a user account (attempt_USERNAME), certificate (attempt_CERTIFICATE) or IP address (attempt_IPADDR) is blacklisted.

Version:
API version level 1
Parameters:
ctx eurephiaCTX
type Must be one of the constants: attempt_USERNAME, attempt_CERTIFICATE or attempt_IPADDR
val Value to be checked against the blacklist.
Returns:
Returns 1 if a matching record was found in the blacklist table. Otherwise 0 is returned.
See also:
attempt_IPADDR, attempt_CERTIFICATE, attempt_USERNAME

< Messages intended when debugging. Only for log level > 10

< Input data or processing revealed unexpected data. Log level never > 2

< Alias for LOG_FATAL

< Operation failed and cannot continue. Log level always < 2

< Input data or processing revealed unexpected data. Log level never > 2

< Alias for LOG_CRITICAL

< Operation failed and might have been aborted. Log level always 0

< Alias for LOG_CRITICAL

< Operation failed and might have been aborted. Log level always 0

< Messages intended when debugging. Only for log level > 10

Definition at line 401 of file edb-sqlite.c.

Here is the call graph for this function:

int eDBcheck_sessionkey_uniqueness ( eurephiaCTX ctx,
const char *  seskey 
)

Check if a session key is unique. In other words, it will check the given session key against the database to see if it is found there or not. If not, it is unique.

Version:
API version level 1
Parameters:
ctx eurephiaCTX
seskey String containing the session key
Returns:
Returns 1 if the session key is unique and not been used earlier.

< Messages intended when debugging. Only for log level > 10

< Alias for LOG_FATAL

< Operation failed and cannot continue. Log level always < 2

< The context should not have any privileges at all

< The context is used via the eurephiadm console utility

< The context is used via a web based utility

< The context is used in a openvpn plug-in setting

< Alias for LOG_FATAL

< Operation failed and cannot continue. Log level always < 2

Definition at line 768 of file edb-sqlite.c.

Here is the call graph for this function:

int eDBconnect ( eurephiaCTX ctx,
const int  argc,
const char **  argv 
)

Connect to a database

Version:
API version level 1
Parameters:
ctx eurephiaCTX - context to which the database connection will be established against.
argc number of arguments sent in the argument vector
argv char** argument vector with driver specific argument for establishing a database connection
Returns:
Returns 1 on success, otherwise 0.
Connect to the database ... connection is stored in the eurephiaCTX context

< Messages intended when debugging. Only for log level > 10

< Alias for LOG_PANIC

< Action failed an program could not continue to run. Log level always 0

< Informational messages. Log level should be < 5

< Alias for LOG_PANIC

< Action failed an program could not continue to run. Log level always 0

< Informational messages. Log level should be < 5

< Alias for LOG_FATAL

< Operation failed and cannot continue. Log level always < 2

Definition at line 136 of file edb-sqlite.c.

Here is the call graph for this function:

int eDBdestroy_session ( eurephiaCTX ctx,
eurephiaSESSION session 
)

Destroys a session. It will remove all stored session variables and mark the session as closed in the lastlog. It will also remove the session seed/session key reference.

Version:
API version level 1
Parameters:
ctx eurephiaCTX
session eurephiaSESSION pointer to session to be destroyed
Returns:
Returns 1 on success, otherwise 0.

< Messages intended when debugging. Only for log level > 10

< Input data or processing revealed unexpected data. Log level never > 2

< Alias for LOG_FATAL

< Operation failed and cannot continue. Log level always < 2

< Alias for LOG_FATAL

< Operation failed and cannot continue. Log level always < 2

Definition at line 963 of file edb-sqlite.c.

Here is the call graph for this function:

void eDBdisconnect ( eurephiaCTX ctx  ) 

Disconnects from a database

Version:
API version level 1
Parameters:
ctx eurephiaCTX - context with the database connection to disconnect from.
Disconnect from the database

< Messages intended when debugging. Only for log level > 10

< Input data or processing revealed unexpected data. Log level never > 2

< Informational messages. Log level should be < 5

Definition at line 192 of file edb-sqlite.c.

eurephiaVALUES* eDBget_blacklisted_ip ( eurephiaCTX ctx  ) 

Retrieve a list of IP addresses found in the IP address blacklist table.

Version:
API version level 1
Parameters:
ctx eurephiaCTX
Returns:
Returns an eurephiaVALUES chain with all blacklisted IP addresses on success, otherwise NULL is returned

< Messages intended when debugging. Only for log level > 10

< Alias for LOG_FATAL

< Operation failed and cannot continue. Log level always < 2

Definition at line 1035 of file edb-sqlite.c.

Here is the call graph for this function:

char* eDBget_firewall_profile ( eurephiaCTX ctx,
eurephiaSESSION session 
)

Retrieves the name of the firewall profile the user access (user account + certificate) for the user session

Version:
API version level 1
Parameters:
ctx eurephiaCTX
session eurephiaSESSION
Returns:
Returns a char pointer to a buffer with the name of the firewall profile. This buffer must be freed when no longer needed.

< Messages intended when debugging. Only for log level > 10

< Alias for LOG_FATAL

< Operation failed and cannot continue. Log level always < 2

Definition at line 1007 of file edb-sqlite.c.

Here is the call graph for this function:

char* eDBget_sessionkey_macaddr ( eurephiaCTX ctx,
const char *  macaddr 
)

Retrieve a unique session key based on a connections MAC address. This is called when OpenVPN is removing the MAC address of the client as a known connection.

Version:
API version level 1
Parameters:
ctx eurephiaCTX
macaddr String (char *) containing the MAC address of the client
Returns:
Returns the unique session key string (char *) on success, otherwise NULL. The session key string must be freed when no longer needed.

< Messages intended when debugging. Only for log level > 10

< Alias for LOG_FATAL

< Operation failed and cannot continue. Log level always < 2

Definition at line 739 of file edb-sqlite.c.

Here is the call graph for this function:

char* eDBget_sessionkey_seed ( eurephiaCTX ctx,
sessionType  type,
const char *  sessionseed 
)

Retrieve a unique session key based on a session seed.

Version:
API version level 1
Parameters:
ctx eurephiaCTX
type Must be either stSESSION for a normal session or stAUTHENTICATION for an authentication session (before the user is really logged in)
sessionseed session seed of the current connection
Returns:
Returns the unique session key string (char *) on success, otherwise NULL. The session key string must be freed when no longer needed.

< Messages intended when debugging. Only for log level > 10

< Alias for LOG_FATAL

< Operation failed and cannot continue. Log level always < 2

< Alias for LOG_ERROR, in case it is not defined

< API errors but not sever, program can continue to run

< Alias for LOG_FATAL

< Operation failed and cannot continue. Log level always < 2

Definition at line 683 of file edb-sqlite.c.

Here is the call graph for this function:

int eDBget_uid ( eurephiaCTX ctx,
const int  certid,
const char *  username 
)

Retrieve the user ID (uid) for a given user and certificate.

Version:
API version level 1
Parameters:
ctx eurephiaCTX
certid Certificate ID of the user
username username of the user
Returns:
Returns uid of user on success, 0 if user account is not found, otherwise -1 on errors.

< Messages intended when debugging. Only for log level > 10

< Alias for LOG_FATAL

< Operation failed and cannot continue. Log level always < 2

Definition at line 373 of file edb-sqlite.c.

Here is the call graph for this function:

eurephiaVALUES* eDBload_sessiondata ( eurephiaCTX ctx,
const char *  sesskey 
)

Loads all session variables for a specified session key. This is key/value pairs which are unique for each connection.

Version:
API version level 1
Parameters:
ctx eurephiaCTX
sesskey String (char *) containing a session key
Returns:
Returns a pointer to an eurephiaVALUES pointer chain with all the variables available for the given session. On errors, it will return an empty eurephiaVALUES chain.

< Messages intended when debugging. Only for log level > 10

< Alias for LOG_CRITICAL

< Operation failed and might have been aborted. Log level always 0

Definition at line 868 of file edb-sqlite.c.

Here is the call graph for this function:

void eDBregister_attempt ( eurephiaCTX ctx,
int  type,
int  mode,
const char *  value 
)

Registers an attempt in the attempts log. If the number of attempts exceeds the configured attempts limit, it will also be blacklisted immediately.

Version:
API version level 1
Parameters:
ctx eurephiaCTX
type Must be one of the constants: attempt_USERNAME, attempt_CERTIFICATE or attempt_IPADDR
mode Must be one of the constants: ATTEMPT_RESET to reset the attempts count or ATTEMPT_REGISTER to register an attempt.
value Value of the what to be registered.
See also:
ATTEMPT_REGISTER, ATTEMPT_RESET, attempt_IPADDR, attempt_CERTIFICATE, attempt_USERNAME

< Messages intended when debugging. Only for log level > 10

< mode code for resetting attempts count

< Alias for LOG_FATAL

< Operation failed and cannot continue. Log level always < 2

< mode code for resetting attempts count

< mode code for registering a new attempt

< mode code for resetting attempts count

< Alias for LOG_CRITICAL

< Operation failed and might have been aborted. Log level always 0

< mode code for registering a new attempt

< Input data or processing revealed unexpected data. Log level never > 2

< Alias for LOG_CRITICAL

< Operation failed and might have been aborted. Log level always 0

Definition at line 481 of file edb-sqlite.c.

Here is the call graph for this function:

int eDBregister_login ( eurephiaCTX ctx,
eurephiaSESSION skey,
const int  certid,
const int  uid,
const char *  proto,
const char *  remipaddr,
const char *  remport,
const char *  vpnipaddr,
const char *  vpnipmask 
)

Registers a client login. This happens after the client has been authenticated successfully, when OpenVPN does the OPENVPN_PLUGIN_CLIENT_CONNECT call to the eurephia-auth plug-in.

Version:
API version level 1
Parameters:
ctx eurephiaCTX
skey eurephiaSESSION. A login must be connected to an opened eurephia session.
certid Certificate ID of the clients user certificate
uid User id of the client
proto String containing protocol used for the connection (udp, tcp)
remipaddr Clients remote IP address
remport The port the client is connecting from
vpnipaddr The IP address openvpn assigned to the user
vpnipmask The VPN networks netmask for the VPN connection.
Returns:
Returns 1 on success, otherwise 0.

< Messages intended when debugging. Only for log level > 10

< The session is newly created

< Alias for LOG_ERROR, in case it is not defined

< API errors but not sever, program can continue to run

< Alias for LOG_FATAL

< Operation failed and cannot continue. Log level always < 2

< The session is registered as logged in

Definition at line 576 of file edb-sqlite.c.

Here is the call graph for this function:

int eDBregister_logout ( eurephiaCTX ctx,
eurephiaSESSION skey,
const char *  bytes_sent,
const char *  bytes_received,
const char *  duration 
)

Registers when a user logged out. It will then add some information about the session to the eurephia lastlog.

Version:
API version level 1
Parameters:
ctx eurephiaCTX
skey eurephiaSESSOIN of the user
bytes_sent Amount of bytes the OpenVPN server sent to the client
bytes_received Amount of bytes the OpenVPN server received from the client
duration How long the session lasted (in seconds)
Returns:
Returns 1 on success, otherwise 0.

< Messages intended when debugging. Only for log level > 10

< Alias for LOG_FATAL

< Operation failed and cannot continue. Log level always < 2

< The user logged out and the session is closed

Definition at line 654 of file edb-sqlite.c.

Here is the call graph for this function:

int eDBregister_sessionkey ( eurephiaCTX ctx,
const char *  seed,
const char *  seskey 
)

Registers a new session key against a short-term session seed.

Version:
API version level 1
Parameters:
ctx eurephiaCTX
seed A string (char *) containing the short-term session seed
seskey A string (char *) containing the new unique session key
Returns:
Returns 1 on success, otherwise 0

< Messages intended when debugging. Only for log level > 10

< Alias for LOG_FATAL

< Operation failed and cannot continue. Log level always < 2

< Alias for LOG_FATAL

< Operation failed and cannot continue. Log level always < 2

Definition at line 814 of file edb-sqlite.c.

Here is the call graph for this function:

int eDBregister_vpnmacaddr ( eurephiaCTX ctx,
eurephiaSESSION session,
const char *  macaddr 
)

Registers the MAC address of the clients TAP interface. This function is called when OpenVPN does the OPENVPN_PLUGIN_LEARN_ADDRESS call to the eurephia-auth plug-in.

Version:
API version level 1
Parameters:
ctx eurephiaCTX
session eurephiaSESSION of the user
macaddr String (char *) containing the MAC address of the clients interface.
Returns:
Returns 1 on success, otherwise 0.

< Messages intended when debugging. Only for log level > 10

< Alias for LOG_FATAL

< Operation failed and cannot continue. Log level always < 2

< Alias for LOG_FATAL

< Operation failed and cannot continue. Log level always < 2

< Alias for LOG_FATAL

< Operation failed and cannot continue. Log level always < 2

< Alias for LOG_FATAL

< Operation failed and cannot continue. Log level always < 2

Definition at line 609 of file edb-sqlite.c.

Here is the call graph for this function:

int eDBremove_sessionkey ( eurephiaCTX ctx,
const char *  seskey 
)

Removes a session key reference to a short time session seed conversion table

Parameters:
ctx eurephiaCTX
seskey String containing the session key reference to remove
Returns:
Returns 1 on success, otherwise 0.

< Messages intended when debugging. Only for log level > 10

< Alias for LOG_FATAL

< Operation failed and cannot continue. Log level always < 2

< Alias for LOG_FATAL

< Operation failed and cannot continue. Log level always < 2

Definition at line 845 of file edb-sqlite.c.

Here is the call graph for this function:

Here is the caller graph for this function:

int eDBstore_session_value ( eurephiaCTX ctx,
eurephiaSESSION session,
int  mode,
const char *  key,
const char *  val 
)

Add, update or remove a session variable from the database. This operation is only affecting the given session. This function will only update the database itself.

Version:
API version level 1
Parameters:
ctx eurephiaCTX
session eurephiaSESSION to which the variable will be added, modified or deleted
mode Must be one of the constants: SESSVAL_NEW, SESSVAL_UPDATE, SESSVAL_DELETE
key Key name for the value to be stored
val Value to be stored
Returns:
Returns 1 on success, otherwise 0
See also:
SESSVAL_NEW, SESSVAL_UPDATE, SESSVAL_DELETE

< Messages intended when debugging. Only for log level > 10

< Messages intended when debugging. Only for log level > 10

< Save a new session value in the database

< Alias for LOG_FATAL

< Operation failed and cannot continue. Log level always < 2

< Update an existing session value in the database

< Alias for LOG_FATAL

< Operation failed and cannot continue. Log level always < 2

< Delete a session value

< Alias for LOG_FATAL

< Operation failed and cannot continue. Log level always < 2

< Alias for LOG_FATAL

< Operation failed and cannot continue. Log level always < 2

Definition at line 901 of file edb-sqlite.c.

Here is the call graph for this function:

void update_attempts ( eurephiaCTX ctx,
const char *  blid 
)

Internal driver function for simplifying update of openvpn_blacklist. It will simply just update the 'last_accessed' field in the blacklist table.

Parameters:
ctx eurephiaCTX
blid Blacklist ID, integer value corresponding to the record in the database

< Alias for LOG_CRITICAL

< Operation failed and might have been aborted. Log level always 0

Definition at line 113 of file edb-sqlite.c.

Here is the call graph for this function:

Here is the caller graph for this function:

Variable Documentation

const eDBattempt_types_t eDBattempt_types[] [static]
Initial value:
 {
        {NULL, NULL, NULL, NULL},
        {"remoteip\0", "remoteip\0", "allow_ipaddr_attempts\0", "IP Address\0", "10\0", NULL},
        {"digest\0", "lower(digest)\0", "allow_cert_attempts\0", "Certificate\0", "5\0", "lower\0"},
        {"username\0", "username\0", "allow_username_attempts\0", "Username\0", "5\0", NULL},
        {NULL, NULL, NULL, NULL}
}

Static mapping table with the needed values. Uses the eDBattempt_types_t struct.

Definition at line 76 of file edb-sqlite.c.

 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Defines
Generated by  doxygen 1.7.1