-/*
- * Copyright (C) 2006-2009 Andre Noll <maan@systemlinux.org>
- *
- * Licensed under the GPL v2. For licencing details see COPYING.
- */
+/* Copyright (C) 2006 Andre Noll <maan@tuebingen.mpg.de>, see file COPYING. */
/** \file user_list.c User handling for para_server. */
#include <regex.h>
#include <sys/types.h>
-#include <dirent.h>
-#include <openssl/rc4.h>
#include "para.h"
#include "error.h"
#include "list.h"
#include "user_list.h"
-static struct list_head user_list;
+static INITIALIZED_LIST_HEAD(user_list);
/*
- * Fill the list of users known to para_server.
+ * Wrapper for fgets(3).
+ *
+ * Unlike fgets(3), an integer value is returned. On success, this function
+ * returns 1. On errors, -E_FGETS is returned. A zero return value indicates an
+ * end of file condition.
+ */
+static int xfgets(char *line, int size, FILE *f)
+{
+again:
+ if (fgets(line, size, f))
+ return 1;
+ if (feof(f))
+ return 0;
+ if (!ferror(f))
+ return -E_FGETS;
+ if (errno != EINTR) {
+ PARA_ERROR_LOG("%s\n", strerror(errno));
+ return -E_FGETS;
+ }
+ clearerr(f);
+ goto again;
+}
+
+/**
+ * Remove all entries from the user list.
+ *
+ * This is called on shutdown and when the user list is reloaded because the
+ * server received SIGHUP.
+ */
+void user_list_deplete(void)
+{
+ struct user *u, *tmpu;
+
+ list_for_each_entry_safe(u, tmpu, &user_list, node) {
+ list_del(&u->node);
+ free(u->name);
+ apc_free_pubkey(u->pubkey);
+ free(u);
+ }
+}
+
+/**
+ * Initialize the list of users allowed to connect to para_server.
+ *
+ * \param user_list_file The file containing access information.
*
- * Populates a linked list of all users in \a user_list_file. Returns on
- * success, calls exit() on errors.
+ * If this function is called for the second time, the contents of the
+ * previous call are discarded, i.e. the user list is reloaded.
+ *
+ * This function either succeeds or calls exit(3).
*/
-static void populate_user_list(char *user_list_file)
+void user_list_init(const char *user_list_file)
{
int ret = -E_USERLIST;
FILE *file_ptr = fopen(user_list_file, "r");
+ struct user *u;
if (!file_ptr)
goto err;
+
+ user_list_deplete();
for (;;) {
int num;
char line[255];
/* keyword, name, key, perms */
char w[255], n[255], k[255], p[255], tmp[4][255];
- struct user *u;
- RSA *rsa;
+ struct asymmetric_key *pubkey;
- ret = para_fgets(line, MAXLINE, file_ptr);
+ ret = xfgets(line, sizeof(line), file_ptr);
if (ret <= 0)
break;
if (sscanf(line,"%200s %200s %200s %200s", w, n, k, p) < 3)
continue;
if (strcmp(w, "user"))
continue;
- PARA_DEBUG_LOG("found entry for user %s\n", n);
- ret = get_rsa_key(k, &rsa, LOAD_PUBLIC_KEY);
+ PARA_INFO_LOG("loading pubkey %s for user %s\n", k, n);
+ ret = apc_get_pubkey(k, &pubkey);
if (ret < 0) {
PARA_NOTICE_LOG("skipping entry for user %s: %s\n", n,
para_strerror(-ret));
continue;
}
- if (ret < CHALLENGE_SIZE + 2 * CHALLENGE_SIZE + 41) {
- PARA_WARNING_LOG("rsa key for %s too small\n", n);
- rsa_free(rsa);
+ /*
+ * In order to encrypt len := APC_CHALLENGE_SIZE + 2 * SESSION_KEY_LEN
+ * bytes using RSA_public_encrypt() with EME-OAEP padding mode,
+ * RSA_size(rsa) must be greater than len + 41. So ignore keys
+ * which are too short. For details see RSA_public_encrypt(3).
+ */
+ if (ret <= APC_CHALLENGE_SIZE + 2 * SESSION_KEY_LEN + 41) {
+ PARA_WARNING_LOG("public key %s too short (%d)\n",
+ k, ret);
+ apc_free_pubkey(pubkey);
continue;
}
- u = para_malloc(sizeof(*u));
+ u = alloc(sizeof(*u));
u->name = para_strdup(n);
- u->rsa = rsa;
+ u->pubkey = pubkey;
u->perms = 0;
num = sscanf(p, "%200[A-Z_],%200[A-Z_],%200[A-Z_],%200[A-Z_]",
tmp[0], tmp[1], tmp[2], tmp[3]);
exit(EXIT_FAILURE);
}
-/**
- * Initialize the list of users allowed to connect to to para_server.
- *
- * \param user_list_file The file containing access information.
- *
- * If this function is called for the second time, the contents of the
- * previous call are discarded, i.e. the user list is reloaded.
- */
-void init_user_list(char *user_list_file)
-{
- struct user *u, *tmp;
- static int initialized;
-
- if (initialized) {
- list_for_each_entry_safe(u, tmp, &user_list, node) {
- list_del(&u->node);
- free(u->name);
- rsa_free(u->rsa);
- free(u);
- }
- } else
- INIT_LIST_HEAD(&user_list);
- initialized = 1;
- populate_user_list(user_list_file);
-}
-
/**
* Lookup a user in the user list.
*
* \return A pointer to the corresponding user struct if the user was found, \p
* NULL otherwise.
*/
-struct user *lookup_user(const char *name)
+const struct user *user_list_lookup(const char *name)
{
- struct user *u;
+ const struct user *u;
list_for_each_entry(u, &user_list, node) {
if (strcmp(u->name, name))
continue;