X-Git-Url: http://git.tuebingen.mpg.de/?p=paraslash.git;a=blobdiff_plain;f=user_list.c;h=fe1b946b1e96596ce6cd8c7949407bf7a341cfb6;hp=5652774e0685fc423b462071d72ef728e8b99547;hb=a22e734cd89015a71d0dd7cf895799c440805847;hpb=5b8e525dfb2f18a4e0d67b9da264259159ad2184 diff --git a/user_list.c b/user_list.c index 5652774e..fe1b946b 100644 --- a/user_list.c +++ b/user_list.c @@ -1,20 +1,24 @@ /* - * Copyright (C) 2006-2008 Andre Noll + * Copyright (C) 2006-2011 Andre Noll * * Licensed under the GPL v2. For licencing details see COPYING. */ -/** \file user_list.c user handling for para_server */ +/** \file user_list.c User handling for para_server. */ +#include #include #include +#include #include "para.h" #include "error.h" +#include "crypt.h" #include "fd.h" #include "string.h" #include "list.h" #include "user_list.h" +#include "rc4.h" static struct list_head user_list; @@ -37,24 +41,41 @@ static void populate_user_list(char *user_list_file) /* keyword, name, key, perms */ char w[255], n[255], k[255], p[255], tmp[4][255]; struct user *u; + RSA *rsa; - ret = para_fgets(line, MAXLINE, file_ptr); + ret = para_fgets(line, sizeof(line), file_ptr); if (ret <= 0) break; if (sscanf(line,"%200s %200s %200s %200s", w, n, k, p) < 3) continue; if (strcmp(w, "user")) continue; - PARA_DEBUG_LOG("found entry for %s\n", n); + PARA_DEBUG_LOG("found entry for user %s\n", n); + ret = get_rsa_key(k, &rsa, LOAD_PUBLIC_KEY); + if (ret < 0) { + PARA_NOTICE_LOG("skipping entry for user %s: %s\n", n, + para_strerror(-ret)); + continue; + } + /* + * In order to encrypt len := CHALLENGE_SIZE + 2 * RC4_KEY_LEN + * bytes using RSA_public_encrypt() with EME-OAEP padding mode, + * RSA_size(rsa) must be greater than len + 41. So ignore keys + * which are too short. For details see RSA_public_encrypt(3). + */ + if (ret <= CHALLENGE_SIZE + 2 * RC4_KEY_LEN + 41) { + PARA_WARNING_LOG("rsa key %s too short (%d)\n", + k, ret); + rsa_free(rsa); + continue; + } u = para_malloc(sizeof(*u)); u->name = para_strdup(n); - ret = get_rsa_key(k, &u->rsa, LOAD_PUBLIC_KEY); - if (ret < 0) - break; + u->rsa = rsa; + u->perms = 0; num = sscanf(p, "%200[A-Z_],%200[A-Z_],%200[A-Z_],%200[A-Z_]", tmp[0], tmp[1], tmp[2], tmp[3]); PARA_DEBUG_LOG("found %i perm entries\n", num); - u->perms = 0; while (num > 0) { num--; if (!strcmp(tmp[num], "VSS_READ")) @@ -80,12 +101,12 @@ err: } /** - * initialize the list of users allowed to connecto to para_server + * Initialize the list of users allowed to connect to to para_server. * - * \param user_list_file the file containing access information + * \param user_list_file The file containing access information. * - * If this function is called a second time, the contents of the - * previous call are discarded. + * If this function is called for the second time, the contents of the + * previous call are discarded, i.e. the user list is reloaded. */ void init_user_list(char *user_list_file) { @@ -106,12 +127,12 @@ void init_user_list(char *user_list_file) } /** - * lookup user in user_list. + * Lookup a user in the user list. * - * \param name of the user + * \param name The name of the user. * - * \return a pointer to the corresponding user struct if the user was found, - * \p NULL otherwise. + * \return A pointer to the corresponding user struct if the user was found, \p + * NULL otherwise. */ struct user *lookup_user(const char *name) {