projects / paraslash.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Fix check for short rsa keys.
[paraslash.git] / user_list.c
1 /*
2 * Copyright (C) 2006-2009 Andre Noll <maan@systemlinux.org>
3 *
4 * Licensed under the GPL v2. For licencing details see COPYING.
5 */
6
7 /** \file user_list.c User handling for para_server. */
8
9 #include <regex.h>
10 #include <sys/types.h>
11 #include <dirent.h>
12 #include <openssl/rc4.h>
13
14 #include "para.h"
15 #include "error.h"
16 #include "crypt.h"
17 #include "fd.h"
18 #include "string.h"
19 #include "list.h"
20 #include "user_list.h"
21 #include "rc4.h"
22
23 static struct list_head user_list;
24
25 /*
26 * Fill the list of users known to para_server.
27 *
28 * Populates a linked list of all users in \a user_list_file. Returns on
29 * success, calls exit() on errors.
30 */
31 static void populate_user_list(char *user_list_file)
32 {
33 int ret = -E_USERLIST;
34 FILE *file_ptr = fopen(user_list_file, "r");
35
36 if (!file_ptr)
37 goto err;
38 for (;;) {
39 int num;
40 char line[255];
41 /* keyword, name, key, perms */
42 char w[255], n[255], k[255], p[255], tmp[4][255];
43 struct user *u;
44 RSA *rsa;
45
46 ret = para_fgets(line, MAXLINE, file_ptr);
47 if (ret <= 0)
48 break;
49 if (sscanf(line,"%200s %200s %200s %200s", w, n, k, p) < 3)
50 continue;
51 if (strcmp(w, "user"))
52 continue;
53 PARA_DEBUG_LOG("found entry for user %s\n", n);
54 ret = get_rsa_key(k, &rsa, LOAD_PUBLIC_KEY);
55 if (ret < 0) {
56 PARA_NOTICE_LOG("skipping entry for user %s: %s\n", n,
57 para_strerror(-ret));
58 continue;
59 }
60 /*
61 * In order to encrypt len := CHALLENGE_SIZE + 2 * RC4_KEY_LEN
62 * bytes using RSA_public_encrypt() with EME-OAEP padding mode,
63 * RSA_size(rsa) must be greater than len + 41. So ignore keys
64 * which are too short. For details see RSA_public_encrypt(3).
65 */
66 if (ret <= CHALLENGE_SIZE + 2 * RC4_KEY_LEN + 41) {
67 PARA_WARNING_LOG("rsa key %s too short (%d)\n",
68 k, ret);
69 rsa_free(rsa);
70 continue;
71 }
72 u = para_malloc(sizeof(*u));
73 u->name = para_strdup(n);
74 u->rsa = rsa;
75 u->perms = 0;
76 num = sscanf(p, "%200[A-Z_],%200[A-Z_],%200[A-Z_],%200[A-Z_]",
77 tmp[0], tmp[1], tmp[2], tmp[3]);
78 PARA_DEBUG_LOG("found %i perm entries\n", num);
79 while (num > 0) {
80 num--;
81 if (!strcmp(tmp[num], "VSS_READ"))
82 u->perms |= VSS_READ;
83 else if (!strcmp(tmp[num], "VSS_WRITE"))
84 u->perms |= VSS_WRITE;
85 else if (!strcmp(tmp[num], "AFS_READ"))
86 u->perms |= AFS_READ;
87 else if (!strcmp(tmp[num], "AFS_WRITE"))
88 u->perms |= AFS_WRITE;
89 else /* unknown permission */
90 PARA_WARNING_LOG("ignoring unknown permission: %s\n",
91 tmp[num]);
92 }
93 para_list_add(&u->node, &user_list);
94 }
95 fclose(file_ptr);
96 if (ret >= 0)
97 return;
98 err:
99 PARA_EMERG_LOG("%s\n", para_strerror(-ret));
100 exit(EXIT_FAILURE);
101 }
102
103 /**
104 * Initialize the list of users allowed to connect to to para_server.
105 *
106 * \param user_list_file The file containing access information.
107 *
108 * If this function is called for the second time, the contents of the
109 * previous call are discarded, i.e. the user list is reloaded.
110 */
111 void init_user_list(char *user_list_file)
112 {
113 struct user *u, *tmp;
114 static int initialized;
115
116 if (initialized) {
117 list_for_each_entry_safe(u, tmp, &user_list, node) {
118 list_del(&u->node);
119 free(u->name);
120 rsa_free(u->rsa);
121 free(u);
122 }
123 } else
124 INIT_LIST_HEAD(&user_list);
125 initialized = 1;
126 populate_user_list(user_list_file);
127 }
128
129 /**
130 * Lookup a user in the user list.
131 *
132 * \param name The name of the user.
133 *
134 * \return A pointer to the corresponding user struct if the user was found, \p
135 * NULL otherwise.
136 */
137 struct user *lookup_user(const char *name)
138 {
139 struct user *u;
140 list_for_each_entry(u, &user_list, node) {
141 if (strcmp(u->name, name))
142 continue;
143 return u;
144 }
145 return NULL;
146 }
paraslash - network audio streaming tools