/*
- * Copyright (C) 2006-2008 Andre Noll <maan@systemlinux.org>
+ * Copyright (C) 2006-2009 Andre Noll <maan@systemlinux.org>
*
* Licensed under the GPL v2. For licencing details see COPYING.
*/
-/** \file user_list.c user handling for para_server */
+/** \file user_list.c User handling for para_server. */
+#include <regex.h>
#include <sys/types.h>
#include <dirent.h>
+#include <openssl/rc4.h>
#include "para.h"
#include "error.h"
+#include "crypt.h"
#include "fd.h"
#include "string.h"
#include "list.h"
#include "user_list.h"
+#include "rc4.h"
static struct list_head user_list;
/* keyword, name, key, perms */
char w[255], n[255], k[255], p[255], tmp[4][255];
struct user *u;
+ RSA *rsa;
- ret = para_fgets(line, MAXLINE, file_ptr);
+ ret = para_fgets(line, sizeof(line), file_ptr);
if (ret <= 0)
break;
if (sscanf(line,"%200s %200s %200s %200s", w, n, k, p) < 3)
continue;
if (strcmp(w, "user"))
continue;
- PARA_DEBUG_LOG("found entry for %s\n", n);
+ PARA_DEBUG_LOG("found entry for user %s\n", n);
+ ret = get_rsa_key(k, &rsa, LOAD_PUBLIC_KEY);
+ if (ret < 0) {
+ PARA_NOTICE_LOG("skipping entry for user %s: %s\n", n,
+ para_strerror(-ret));
+ continue;
+ }
+ /*
+ * In order to encrypt len := CHALLENGE_SIZE + 2 * RC4_KEY_LEN
+ * bytes using RSA_public_encrypt() with EME-OAEP padding mode,
+ * RSA_size(rsa) must be greater than len + 41. So ignore keys
+ * which are too short. For details see RSA_public_encrypt(3).
+ */
+ if (ret <= CHALLENGE_SIZE + 2 * RC4_KEY_LEN + 41) {
+ PARA_WARNING_LOG("rsa key %s too short (%d)\n",
+ k, ret);
+ rsa_free(rsa);
+ continue;
+ }
u = para_malloc(sizeof(*u));
u->name = para_strdup(n);
- ret = get_rsa_key(k, &u->rsa, LOAD_PUBLIC_KEY);
- if (ret < 0)
- break;
+ u->rsa = rsa;
+ u->perms = 0;
num = sscanf(p, "%200[A-Z_],%200[A-Z_],%200[A-Z_],%200[A-Z_]",
tmp[0], tmp[1], tmp[2], tmp[3]);
PARA_DEBUG_LOG("found %i perm entries\n", num);
- u->perms = 0;
while (num > 0) {
num--;
if (!strcmp(tmp[num], "VSS_READ"))
}
/**
- * initialize the list of users allowed to connecto to para_server
+ * Initialize the list of users allowed to connect to to para_server.
*
- * \param user_list_file the file containing access information
+ * \param user_list_file The file containing access information.
*
- * If this function is called a second time, the contents of the
- * previous call are discarded.
+ * If this function is called for the second time, the contents of the
+ * previous call are discarded, i.e. the user list is reloaded.
*/
void init_user_list(char *user_list_file)
{
}
/**
- * lookup user in user_list.
+ * Lookup a user in the user list.
*
- * \param name of the user
+ * \param name The name of the user.
*
- * \return a pointer to the corresponding user struct if the user was found,
- * \p NULL otherwise.
+ * \return A pointer to the corresponding user struct if the user was found, \p
+ * NULL otherwise.
*/
struct user *lookup_user(const char *name)
{
projects / paraslash.git / blobdiff