Replace direct use of RC4 by stream cipher abstraction.
[paraslash.git] / user_list.c
1 /*
2 * Copyright (C) 2006-2011 Andre Noll <maan@systemlinux.org>
3 *
4 * Licensed under the GPL v2. For licencing details see COPYING.
5 */
6
7 /** \file user_list.c User handling for para_server. */
8
9 #include <regex.h>
10 #include <sys/types.h>
11 #include <dirent.h>
12
13 #include "para.h"
14 #include "error.h"
15 #include "crypt.h"
16 #include "fd.h"
17 #include "string.h"
18 #include "list.h"
19 #include "user_list.h"
20 #include "rc4.h"
21
22 static struct list_head user_list;
23
24 /*
25 * Fill the list of users known to para_server.
26 *
27 * Populates a linked list of all users in \a user_list_file. Returns on
28 * success, calls exit() on errors.
29 */
30 static void populate_user_list(char *user_list_file)
31 {
32 int ret = -E_USERLIST;
33 FILE *file_ptr = fopen(user_list_file, "r");
34
35 if (!file_ptr)
36 goto err;
37 for (;;) {
38 int num;
39 char line[255];
40 /* keyword, name, key, perms */
41 char w[255], n[255], k[255], p[255], tmp[4][255];
42 struct user *u;
43 struct asymmetric_key *pubkey;
44
45 ret = para_fgets(line, sizeof(line), file_ptr);
46 if (ret <= 0)
47 break;
48 if (sscanf(line,"%200s %200s %200s %200s", w, n, k, p) < 3)
49 continue;
50 if (strcmp(w, "user"))
51 continue;
52 PARA_DEBUG_LOG("found entry for user %s\n", n);
53 ret = get_asymmetric_key(k, LOAD_PUBLIC_KEY, &pubkey);
54 if (ret < 0) {
55 PARA_NOTICE_LOG("skipping entry for user %s: %s\n", n,
56 para_strerror(-ret));
57 continue;
58 }
59 /*
60 * In order to encrypt len := CHALLENGE_SIZE + 2 * RC4_KEY_LEN
61 * bytes using RSA_public_encrypt() with EME-OAEP padding mode,
62 * RSA_size(rsa) must be greater than len + 41. So ignore keys
63 * which are too short. For details see RSA_public_encrypt(3).
64 */
65 if (ret <= CHALLENGE_SIZE + 2 * RC4_KEY_LEN + 41) {
66 PARA_WARNING_LOG("public key %s too short (%d)\n",
67 k, ret);
68 free_asymmetric_key(pubkey);
69 continue;
70 }
71 u = para_malloc(sizeof(*u));
72 u->name = para_strdup(n);
73 u->pubkey = pubkey;
74 u->perms = 0;
75 num = sscanf(p, "%200[A-Z_],%200[A-Z_],%200[A-Z_],%200[A-Z_]",
76 tmp[0], tmp[1], tmp[2], tmp[3]);
77 PARA_DEBUG_LOG("found %i perm entries\n", num);
78 while (num > 0) {
79 num--;
80 if (!strcmp(tmp[num], "VSS_READ"))
81 u->perms |= VSS_READ;
82 else if (!strcmp(tmp[num], "VSS_WRITE"))
83 u->perms |= VSS_WRITE;
84 else if (!strcmp(tmp[num], "AFS_READ"))
85 u->perms |= AFS_READ;
86 else if (!strcmp(tmp[num], "AFS_WRITE"))
87 u->perms |= AFS_WRITE;
88 else /* unknown permission */
89 PARA_WARNING_LOG("ignoring unknown permission: %s\n",
90 tmp[num]);
91 }
92 para_list_add(&u->node, &user_list);
93 }
94 fclose(file_ptr);
95 if (ret >= 0)
96 return;
97 err:
98 PARA_EMERG_LOG("%s\n", para_strerror(-ret));
99 exit(EXIT_FAILURE);
100 }
101
102 /**
103 * Initialize the list of users allowed to connect to to para_server.
104 *
105 * \param user_list_file The file containing access information.
106 *
107 * If this function is called for the second time, the contents of the
108 * previous call are discarded, i.e. the user list is reloaded.
109 */
110 void init_user_list(char *user_list_file)
111 {
112 struct user *u, *tmp;
113 static int initialized;
114
115 if (initialized) {
116 list_for_each_entry_safe(u, tmp, &user_list, node) {
117 list_del(&u->node);
118 free(u->name);
119 free_asymmetric_key(u->pubkey);
120 free(u);
121 }
122 } else
123 INIT_LIST_HEAD(&user_list);
124 initialized = 1;
125 populate_user_list(user_list_file);
126 }
127
128 /**
129 * Lookup a user in the user list.
130 *
131 * \param name The name of the user.
132 *
133 * \return A pointer to the corresponding user struct if the user was found, \p
134 * NULL otherwise.
135 */
136 struct user *lookup_user(const char *name)
137 {
138 struct user *u;
139 list_for_each_entry(u, &user_list, node) {
140 if (strcmp(u->name, name))
141 continue;
142 return u;
143 }
144 return NULL;
145 }