/*
- * Copyright (C) 2006 Andre Noll <maan@systemlinux.org>
+ * Copyright (C) 2006 Andre Noll <maan@tuebingen.mpg.de>
*
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111, USA.
+ * Licensed under the GPL v2. For licencing details see COPYING.
*/
-/** \file user_list.c user handling for para_server */
+/** \file user_list.c User handling for para_server. */
+
+#include <regex.h>
+#include <sys/types.h>
#include "para.h"
#include "error.h"
+#include "crypt.h"
#include "fd.h"
#include "string.h"
+#include "list.h"
#include "user_list.h"
static struct list_head user_list;
/*
- * lookup user in user list file. Fills in a user struct containing
- * filename of the user's public key as well as the permissions of that user.
- * Returns 1 on success, 0 if user does not exist and < 0 on errors.
+ * Fill the list of users known to para_server.
+ *
+ * Populates a linked list of all users in \a user_list_file. Returns on
+ * success, calls exit() on errors.
*/
static void populate_user_list(char *user_list_file)
{
- FILE *file_ptr = NULL;
- char *char_ptr;
- char line[MAXLINE];
- /* keyword, user, key, perms */
- char w[MAXLINE], n[MAXLINE], k[MAXLINE], p[MAXLINE], tmp[4][MAXLINE];
- int num, ret;
+ int ret = -E_USERLIST;
+ FILE *file_ptr = fopen(user_list_file, "r");
- file_ptr = fopen(user_list_file, "r");
- ret = -E_USERLIST;
if (!file_ptr)
- goto out;
+ goto err;
for (;;) {
+ int num;
+ char line[255];
+ /* keyword, name, key, perms */
+ char w[255], n[255], k[255], p[255], tmp[4][255];
struct user *u;
- ret = para_fgets(line, MAXLINE, file_ptr);
- if (ret < 0)
- PARA_ERROR_LOG("%s\n", PARA_STRERROR(-ret));
+ struct asymmetric_key *pubkey;
+
+ ret = para_fgets(line, sizeof(line), file_ptr);
if (ret <= 0)
break;
if (sscanf(line,"%200s %200s %200s %200s", w, n, k, p) < 3)
continue;
if (strcmp(w, "user"))
continue;
- PARA_DEBUG_LOG("found entry for %s\n", n);
- u = para_malloc(sizeof(struct user));
+ PARA_DEBUG_LOG("found entry for user %s\n", n);
+ ret = get_asymmetric_key(k, LOAD_PUBLIC_KEY, &pubkey);
+ if (ret < 0) {
+ PARA_NOTICE_LOG("skipping entry for user %s: %s\n", n,
+ para_strerror(-ret));
+ continue;
+ }
+ /*
+ * In order to encrypt len := CHALLENGE_SIZE + 2 * SESSION_KEY_LEN
+ * bytes using RSA_public_encrypt() with EME-OAEP padding mode,
+ * RSA_size(rsa) must be greater than len + 41. So ignore keys
+ * which are too short. For details see RSA_public_encrypt(3).
+ */
+ if (ret <= CHALLENGE_SIZE + 2 * SESSION_KEY_LEN + 41) {
+ PARA_WARNING_LOG("public key %s too short (%d)\n",
+ k, ret);
+ free_asymmetric_key(pubkey);
+ continue;
+ }
+ u = para_malloc(sizeof(*u));
u->name = para_strdup(n);
- u->rsa = para_malloc(sizeof(RSA));
- ret = get_rsa_key(k, &u->rsa, LOAD_PUBLIC_KEY);
- if (ret < 0)
- break;
+ u->pubkey = pubkey;
u->perms = 0;
- char_ptr = p;
- num = sscanf(char_ptr, "%200[A-Z_],%200[A-Z_],%200[A-Z_],%200[A-Z_]",
+ num = sscanf(p, "%200[A-Z_],%200[A-Z_],%200[A-Z_],%200[A-Z_]",
tmp[0], tmp[1], tmp[2], tmp[3]);
PARA_DEBUG_LOG("found %i perm entries\n", num);
- u->perms = 0;
while (num > 0) {
num--;
- if (!strcmp(tmp[num], "AFS_READ"))
+ if (!strcmp(tmp[num], "VSS_READ"))
+ u->perms |= VSS_READ;
+ else if (!strcmp(tmp[num], "VSS_WRITE"))
+ u->perms |= VSS_WRITE;
+ else if (!strcmp(tmp[num], "AFS_READ"))
u->perms |= AFS_READ;
else if (!strcmp(tmp[num], "AFS_WRITE"))
u->perms |= AFS_WRITE;
- else if (!strcmp(tmp[num], "DB_READ"))
- u->perms |= DB_READ;
- else if (!strcmp(tmp[num], "DB_WRITE"))
- u->perms |= DB_WRITE;
else /* unknown permission */
- PARA_WARNING_LOG("unknown permission: %s\n",
+ PARA_WARNING_LOG("ignoring unknown permission: %s\n",
tmp[num]);
}
para_list_add(&u->node, &user_list);
}
-out:
- if (file_ptr)
- fclose(file_ptr);
+ fclose(file_ptr);
if (ret >= 0)
return;
- PARA_EMERG_LOG("%s\n", PARA_STRERROR(-ret));
+err:
+ PARA_EMERG_LOG("%s\n", para_strerror(-ret));
exit(EXIT_FAILURE);
}
+/**
+ * Initialize the list of users allowed to connect to to para_server.
+ *
+ * \param user_list_file The file containing access information.
+ *
+ * If this function is called for the second time, the contents of the
+ * previous call are discarded, i.e. the user list is reloaded.
+ */
void init_user_list(char *user_list_file)
{
struct user *u, *tmp;
list_for_each_entry_safe(u, tmp, &user_list, node) {
list_del(&u->node);
free(u->name);
- free(u->rsa);
+ free_asymmetric_key(u->pubkey);
free(u);
}
} else
}
/**
- * lookup user in user_list.
+ * Lookup a user in the user list.
*
- * \param user: must initially contain the name of the user and is filled
- * in by this function on success.
+ * \param name The name of the user.
*
- * \return 1 on success and < 0 on errors.
+ * \return A pointer to the corresponding user struct if the user was found, \p
+ * NULL otherwise.
*/
-int lookup_user(struct user *user)
+struct user *lookup_user(const char *name)
{
struct user *u;
list_for_each_entry(u, &user_list, node) {
- if (strcmp(u->name, user->name))
+ if (strcmp(u->name, name))
continue;
- *user = *u;
- return 1;
+ return u;
}
- return -E_BAD_USER;
+ return NULL;
}