X-Git-Url: http://git.tuebingen.mpg.de/?p=paraslash.git;a=blobdiff_plain;f=user_list.c;h=31ffe67b6e96f44aaabb2c32ac31ef4cfee2d468;hp=63bfdfc259878402f3f70c2a5c62be5d5fa96ce9;hb=9d75ded33ce6664156acb07e311f51d55970bbea;hpb=6bdac07456cb5872f824028912d1049883a9c21f

diff --git a/user_list.c b/user_list.c
index 63bfdfc2..31ffe67b 100644
--- a/user_list.c
+++ b/user_list.c
@@ -1,16 +1,17 @@
 /*
- * Copyright (C) 2006-2009 Andre Noll <maan@systemlinux.org>
+ * Copyright (C) 2006-2013 Andre Noll <maan@systemlinux.org>
  *
  * Licensed under the GPL v2. For licencing details see COPYING.
  */
 
 /** \file user_list.c User handling for para_server. */
 
+#include <regex.h>
 #include <sys/types.h>
-#include <dirent.h>
 
 #include "para.h"
 #include "error.h"
+#include "crypt.h"
 #include "fd.h"
 #include "string.h"
 #include "list.h"
@@ -37,9 +38,9 @@ static void populate_user_list(char *user_list_file)
 		/* keyword, name, key, perms */
 		char w[255], n[255], k[255], p[255], tmp[4][255];
 		struct user *u;
-		RSA *rsa;
+		struct asymmetric_key *pubkey;
 
-		ret = para_fgets(line, MAXLINE, file_ptr);
+		ret = para_fgets(line, sizeof(line), file_ptr);
 		if (ret <= 0)
 			break;
 		if (sscanf(line,"%200s %200s %200s %200s", w, n, k, p) < 3)
@@ -47,15 +48,27 @@ static void populate_user_list(char *user_list_file)
 		if (strcmp(w, "user"))
 			continue;
 		PARA_DEBUG_LOG("found entry for user %s\n", n);
-		ret = get_rsa_key(k, &rsa, LOAD_PUBLIC_KEY);
+		ret = get_asymmetric_key(k, LOAD_PUBLIC_KEY, &pubkey);
 		if (ret < 0) {
 			PARA_NOTICE_LOG("skipping entry for user %s: %s\n", n,
 				para_strerror(-ret));
 			continue;
 		}
+		/*
+		 * In order to encrypt len := CHALLENGE_SIZE + 2 * SESSION_KEY_LEN
+		 * bytes using RSA_public_encrypt() with EME-OAEP padding mode,
+		 * RSA_size(rsa) must be greater than len + 41. So ignore keys
+		 * which are too short. For details see RSA_public_encrypt(3).
+		 */
+		if (ret <= CHALLENGE_SIZE + 2 * SESSION_KEY_LEN + 41) {
+			PARA_WARNING_LOG("public key %s too short (%d)\n",
+				k, ret);
+			free_asymmetric_key(pubkey);
+			continue;
+		}
 		u = para_malloc(sizeof(*u));
 		u->name = para_strdup(n);
-		u->rsa = rsa;
+		u->pubkey = pubkey;
 		u->perms = 0;
 		num = sscanf(p, "%200[A-Z_],%200[A-Z_],%200[A-Z_],%200[A-Z_]",
 			tmp[0], tmp[1], tmp[2], tmp[3]);
@@ -101,7 +114,7 @@ void init_user_list(char *user_list_file)
 		list_for_each_entry_safe(u, tmp, &user_list, node) {
 			list_del(&u->node);
 			free(u->name);
-			rsa_free(u->rsa);
+			free_asymmetric_key(u->pubkey);
 			free(u);
 		}
 	} else