debian/0000755000000000000000000000000012163267423007174 5ustar debian/source/0000755000000000000000000000000012041762662010474 5ustar debian/source/format0000644000000000000000000000001412041762662011702 0ustar 3.0 (quilt) debian/rules0000755000000000000000000000101312163025410010233 0ustar #!/usr/bin/make -f %: dh $@ override_dh_auto_configure: ./configure --prefix /usr --plug-in --fw-iptables --db-sqlite3 --sqlite3-path /var/lib/eurephia --eurephiadm --openvpn-src /usr/include/openvpn override_dh_auto_clean: rm -rf configure.log dh_auto_clean override_dh_auto_install: dh_auto_install install -p -m 755 utils/eurephia_init $(CURDIR)/debian/eurephia/usr/bin/ install -p -m 755 utils/eurephia_saltdecode $(CURDIR)/debian/eurephia/usr/bin/ rm -f debian/eurephia/var/lib/eurephia/eurephiadb-template debian/README.Debian0000644000000000000000000000047512041762662011243 0ustar To create the initial database for eurephia, you can execute the following commands (you need sqlite3 installed): # sqlite3 /var/lib/eurephia/eurephiadb < /usr/share/doc/eurephia/examples/sql-schema.sql # eurephia_init --database-driver /usr/lib/eurephia/edb-sqlite.so --database-args /var/lib/eurephia/eurephiadb debian/eurephia.manpages0000644000000000000000000000006212041762662012511 0ustar utils/eurephia_init.7 utils/eurephia_saltdecode.7 debian/changelog0000644000000000000000000000336612162546037011056 0ustar eurephia (1.1.0-4) unstable; urgency=low * Add -ldl to LD_FLAGS. (Closes: #713598) -- Alberto Gonzalez Iniesta Wed, 26 Jun 2013 13:09:51 +0200 eurephia (1.1.0-3) unstable; urgency=low * Upload to unstable. * Moved to dh. * Bumped Standards-Version to 3.9.4 * Moved debian/compat to 9 -- Alberto Gonzalez Iniesta Wed, 05 Jun 2013 14:42:14 +0200 eurephia (1.1.0-2) unstable; urgency=low * Apply patches from upstream: - double-free.patch Fixed a double-free situation with dev-type is not obvious - sql-error-handling.patch Improve error handling if memory alloc fails for SQL query string -- Alberto Gonzalez Iniesta Fri, 26 Oct 2012 13:26:08 +0200 eurephia (1.1.0-1) unstable; urgency=low * New upstream release. * Removed debian/patches/* (all applied upstream) -- Alberto Gonzalez Iniesta Wed, 24 Oct 2012 14:58:09 +0200 eurephia (1.0.1-3) unstable; urgency=low * debian/rules: Removed configure dependency in clean target. Thanks Fabrice Coutadeur for pointing out. (Closes: #607247) * Added patch by Fabrice Coutadeur to fix FTBFS with binutils-gold. (Closes: #607246) -- Alberto Gonzalez Iniesta Fri, 17 Dec 2010 18:29:51 +0100 eurephia (1.0.1-2) unstable; urgency=low * Upstream patch to fix daemonizing issues. [ Dario Minucci ] * Added debian/watch * debian/control: Added Homepage field * Fixed manpage-has-bad-whatis-entry lintian error. * Fixed some typos -- Alberto Gonzalez Iniesta Tue, 30 Nov 2010 06:19:05 +0100 eurephia (1.0.1-1) unstable; urgency=low * Initial release (Closes: #600604) -- Alberto Gonzalez Iniesta Mon, 18 Oct 2010 13:37:12 +0200 debian/control0000644000000000000000000000214112153633411010566 0ustar Source: eurephia Section: net Priority: extra Maintainer: Alberto Gonzalez Iniesta Build-Depends: debhelper (>= 9), openvpn (>=2), cmake, libssl-dev, libxslt1-dev, libxml2-dev, libsqlite3-dev, pkg-config Standards-Version: 3.9.4 Homepage: http://www.eurephia.net/ Package: eurephia Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, openvpn (>=2) Recommends: sqlite3 Description: flexible OpenVPN authentication module This plug-in enhances OpenVPN by adding user name and password authentication. An eurephia user account is a combination of minimum one OpenVPN SSL certificate and a user name with a password assigned. It is also possible to setup several eurephia user names to use a shared OpenVPN certificate. . In addition, eurephia will blacklist IP addresses, certificates and user names on too many failed attempts and it supports dynamic update of iptables rules which restricts network access per connection. . All information is stored in a database and all changes to the accounts will be effective immediately. At the moment eurephia supports the SQLite database. debian/watch0000644000000000000000000000013512041762662010224 0ustar version=3 opts="uversionmangle=s/^\.//" \ http://sf.net/eurephia/(.*)eurephia-(.+)\.tar\.bz2 debian/patches/0000755000000000000000000000000012163266755010632 5ustar debian/patches/series0000644000000000000000000000007112163266706012041 0ustar double-free.patch sql-error-handling.patch ldflags.patch debian/patches/ldflags.patch0000644000000000000000000000113212163266731013256 0ustar Index: eurephia/CMakeLists.txt =================================================================== --- eurephia.orig/CMakeLists.txt 2012-10-24 14:57:55.123911342 +0200 +++ eurephia/CMakeLists.txt 2013-06-28 13:04:54.555829595 +0200 @@ -120,6 +120,7 @@ IF(${CMAKE_SYSTEM_NAME} MATCHES "Linux") CHECK_LIBRARY_EXISTS(dl dlopen "" HAVE_DLOPEN) CHECK_LIBRARY_EXISTS(dl dlclose "" HAVE_DLCLOSE) + SET(EXTRA_LIBS ${EXTRA_LIBS} -ldl) ELSE(!${CMAKE_SYSTEM_NAME} MATCHES "Linux") CHECK_LIBRARY_EXISTS(c dlopen "" HAVE_DLOPEN) CHECK_LIBRARY_EXISTS(c dlclose "" HAVE_DLCLOSE) debian/patches/sql-error-handling.patch0000644000000000000000000000325212042470275015353 0ustar From 97f695d099e60121700d47512172f1d6839dfb2a Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Fri, 19 Oct 2012 16:24:18 +0000 Subject: sqlite3: Improve error handling if memory alloc fails for SQL query string Signed-off-by: David Sommerseth (cherry picked from commit 2613675111387fb0753d31be74b5e0a362389ef8) --- diff --git a/database/sqlite/sqlite.c b/database/sqlite/sqlite.c index 0f4e0e6..a17f4b0 100644 --- a/database/sqlite/sqlite.c +++ b/database/sqlite/sqlite.c @@ -70,7 +70,7 @@ static void _sqlite_set_error(dbresult *dbres, ErrorSeverity sev, const char *qu dbres->errSeverity = sev; dbres->errMsg = strdup(errbuf); - dbres->query = strdup(query); + dbres->query = strdup_nullsafe(query); } /** @@ -327,7 +327,7 @@ void sqlite_log_error(eurephiaCTX *ctx, dbresult *dbres) { if( dbres->status != dbSUCCESS ) { eurephia_log(ctx, LOG_ERROR, 4, "SQL Error: %s", dbres->errMsg); } - DEBUG(ctx, 33, "SQL Query: %s", dbres->query); + DEBUG(ctx, 33, "SQL Query: %s", (dbres->query != NULL ? dbres->query : "(None)")); } @@ -397,6 +397,12 @@ dbresult *sqlite_query(eurephiaCTX *ctx, const char *fmt, ... ) { sql = sqlite3_vmprintf(fmt, ap); va_end(ap); + if( sql == NULL ) { + _sqlite_set_error(dbres, sevPANIC, NULL, "Could not allocate memory for SQL query string"); + goto exit; + } + + if( ctx->dbc == NULL ) { _sqlite_set_error(dbres, sevPANIC, sql, "No open database connection to perfom SQL query to"); goto exit; -- cgit v0.9.0.3 debian/patches/double-free.patch0000644000000000000000000000506112042470307014030 0ustar From 493604d52b466fa7d8444582f547b229710f1dd4 Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Thu, 11 Oct 2012 00:01:08 +0000 Subject: eurephia-auth: Fixed a double-free situation with dev-type is not obvious If OpenVPN is configured with a unkown --dev name and --dev-type is used, eurephia would in some specific situations double-free a memory region keeping the dev-type information. GETENV_*() functions returns a pointer to a buffer which is supposed to be free'd, but pointers returned by eGet_value() should not be free'd. And in the error situation if dev-type is not forced or detected, the memory allocated by GETENV_DEVNAME() was not properly free'd. Signed-off-by: David Sommerseth (cherry picked from commit 00bd0ac4cc901004aeaf4548813bb465bce5243f) --- diff --git a/plugin/eurephia-auth.c b/plugin/eurephia-auth.c index 41822d7..97fb38f 100644 --- a/plugin/eurephia-auth.c +++ b/plugin/eurephia-auth.c @@ -135,8 +135,6 @@ static inline int detect_tunnel_type(eurephiaCTX *ctx, const char const *env[]) "Unkown openvpn_devtype configuration value: '%s'. " "Will try to auto-detect the type for the %s device.", devtype, devname); - free_nullsafe(ctx, devtype); - } else { ctx->tuntype = tuntype; forced = 1; @@ -151,6 +149,7 @@ static inline int detect_tunnel_type(eurephiaCTX *ctx, const char const *env[]) ctx->tuntype = tuntype; goto success; } + free_nullsafe(ctx, devtype); // If no 'dev_type', try to guess the dev-type based on the dev name tuntype = conv_str2tuntype(devname); @@ -165,6 +164,7 @@ static inline int detect_tunnel_type(eurephiaCTX *ctx, const char const *env[]) "You need to force the tunnel device type setting the 'openvpn_devtype' " "configuration value.", devname); + free_nullsafe(ctx, devname); return 0; success: @@ -172,7 +172,6 @@ static inline int detect_tunnel_type(eurephiaCTX *ctx, const char const *env[]) "OpenVPN device type is %s %s on the %s device.", (forced ? "forced to" : "detected as"), (tuntype == tuntype_TUN ? "TUN" : "TAP"), devname); - free_nullsafe(ctx, devtype); free_nullsafe(ctx, devname); return 1; } -- cgit v0.9.0.3 debian/compat0000644000000000000000000000000212153633356010373 0ustar 9 debian/copyright0000644000000000000000000000500612041762662011130 0ustar This package was debianized by Alberto Gonzalez Iniesta on Mon, 18 Oct 2010 13:43:37 +0200 It was downloaded from http://www.eurephia.net/ Upstream Author: David Sommerseth Copyright: (C) 2008 - 2010 David Sommerseth This package is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; version 2 dated June, 1991. This package is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this package; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. On Debian GNU/Linux systems, the complete text of the GNU General Public License can be found in `/usr/share/common-licenses/GPL-2'. ** ** License exceptions: ** ** sha512.c, sha512.h - BSD License * Copyright (c) 2001-2003 Allan Saddi * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY ALLAN SADDI AND HIS CONTRIBUTORS ``AS IS'' * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL ALLAN SADDI OR HIS CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. debian/eurephia.dirs0000644000000000000000000000002112041762662011652 0ustar var/lib/eurephia debian/examples0000644000000000000000000000003712041762662010735 0ustar database/sqlite/sql-schema.sql