switch to the in-memory user list

In order to do so, the crypt functions had to be changed so that they
take an rsa key instead of the filename of that key. Also, make _get_user()
return -E_BAD_USER if the user was not found and move the corresponding error
codes from COMMAND_ERRORS to SERVER_ERRORS in error.h.

diff --git a/command.c b/command.c
index ad3f504103b4a773b392c25afe07be28e36dff2c..4b9782f8e8505b3f7088b0a705a64e67cde411ce 100644 (file)
--- a/command.c
+++ b/command.c
@@ -1086,7 +1086,7 @@ int handle_connect(int fd, struct sockaddr_in *addr)
        int numbytes, ret, argc, use_rc4 = 0;
        char buf[STRINGSIZE];
        unsigned char crypt_buf[MAXLINE];
-       struct user u;
+       struct _user u;
        struct server_command *cmd = NULL;
        long unsigned challenge_nr, chall_response;
        char **argv = NULL;
@@ -1119,23 +1119,21 @@ int handle_connect(int fd, struct sockaddr_in *addr)
                goto err_out;
 
        if (numbytes < 9 || strncmp(buf, "auth rc4 ", 9))
-               strcpy(u.name, buf + 5); /* client version < 0.2.6 */
+               u.name = para_strdup(buf + 5); /* client version < 0.2.6 */
        else {
-               strcpy(u.name, buf + 9); /* client version >= 0.2.6 */
+               u.name = para_strdup(buf + 9); /* client version >= 0.2.6 */
                use_rc4 = 1;
        }
-//     strcpy(u.name, buf + 5); /* ok, but ugly */
        PARA_DEBUG_LOG("received %s request for user %s\n",
                use_rc4? "rc4" : "auth", u.name);
-       /* lookup user in list file */
-       if ((ret = get_user(&u)) < 0)
+       if ((ret = _get_user(&u)) < 0)
                goto err_out;
        if (!ret) { /* user not found */
                PARA_WARNING_LOG("auth request for unknown user %s\n", u.name);
                ret = -E_BAD_USER;
                goto err_out;
        }
-       ret = para_encrypt_challenge(u.pubkey_file, challenge_nr, crypt_buf);
+       ret = para_encrypt_challenge(u.rsa, challenge_nr, crypt_buf);
        if (ret <= 0)
                goto err_out;
        numbytes = ret;
@@ -1160,7 +1158,7 @@ int handle_connect(int fd, struct sockaddr_in *addr)
        sprintf(buf, "%s", PROCEED_MSG);
        if (use_rc4) {
                init_rc4_keys();
-               ret = para_encrypt_buffer(u.pubkey_file, rc4_buf, 2 * RC4_KEY_LEN,
+               ret = para_encrypt_buffer(u.rsa, rc4_buf, 2 * RC4_KEY_LEN,
                        (unsigned char *)buf + PROCEED_MSG_LEN + 1);
                if (ret <= 0)
                        goto err_out;

diff --git a/crypt.c b/crypt.c
index c2b50a7edca96f53fb1ccc3fd23ee9b9ffd9508f..34eeb407ed6a33a2487e449dcb87b297b89c6e85 100644 (file)
--- a/crypt.c
+++ b/crypt.c
@@ -116,7 +116,7 @@ int para_decrypt_challenge(char *key_file, long unsigned *challenge_nr,
 /**
  * encrypt a buffer using an RSA key
  *
- * \param key_file full path of the rsa key
+ * \param rsa: public rsa key
  * \param inbuf the input buffer
  * \param len the length of \a inbuf
  * \param outbuf the output buffer
@@ -125,22 +125,18 @@ int para_decrypt_challenge(char *key_file, long unsigned *challenge_nr,
  *
  * \sa RSA_public_encrypt(3)
  */
-int para_encrypt_buffer(char *key_file, unsigned char *inbuf,
+int para_encrypt_buffer(RSA *rsa, unsigned char *inbuf,
                const unsigned len, unsigned char *outbuf)
 {
-       RSA *rsa;
-       int ret = get_rsa_key(key_file, &rsa, LOAD_PUBLIC_KEY);
-
-       if (ret < 0)
-               return ret;
-       ret = RSA_public_encrypt(len, inbuf, outbuf, rsa, RSA_PKCS1_PADDING);
+       int ret = RSA_public_encrypt(len, inbuf, outbuf, rsa,
+               RSA_PKCS1_PADDING);
        return ret < 0?  -E_ENCRYPT : ret;
 }
 
 /**
  * encrypt the given challenge number
  *
- * \param key_file full path of the rsa key
+ * \param rsa: public rsa key
  * \param challenge_nr the number to be encrypted
  * \param outbuf the output buffer
  *
@@ -151,11 +147,11 @@ int para_encrypt_buffer(char *key_file, unsigned char *inbuf,
  * \sa para_encrypt_buffer()
  *
  */
-int para_encrypt_challenge(char *key_file, long unsigned challenge_nr,
+int para_encrypt_challenge(RSA* rsa, long unsigned challenge_nr,
        unsigned char *outbuf)
 {
        unsigned char *inbuf = (unsigned char*) make_message("%lu", challenge_nr);
-       int ret = para_encrypt_buffer(key_file, inbuf, strlen((char *)inbuf), outbuf);
+       int ret = para_encrypt_buffer(rsa, inbuf, strlen((char *)inbuf), outbuf);
        free(inbuf);
        return ret;
 }

diff --git a/crypt.h b/crypt.h
index d658f89b33e1453587c2a31a771958c36ef2f3d4..c670755cc4834c431dbd77a967c0750cc7406a1d 100644 (file)
--- a/crypt.h
+++ b/crypt.h
@@ -2,9 +2,9 @@
 /** \file crypt.h prototypes for the RSA crypt functions */
 int para_decrypt_challenge(char *key_file, long unsigned *challenge_nr,
        unsigned char *buf, int rsa_inlen);
-int para_encrypt_challenge(char *key_file, long unsigned challenge_nr,
+int para_encrypt_challenge(RSA* rsa, long unsigned challenge_nr,
        unsigned char *outbuf);
-int para_encrypt_buffer(char *key_file, unsigned char *inbuf, const unsigned len,
+int para_encrypt_buffer(RSA* rsa, unsigned char *inbuf, const unsigned len,
        unsigned char *outbuf);
 int para_decrypt_buffer(char *key_file, unsigned char *outbuf, unsigned char *inbuf,
        int rsa_inlen);

diff --git a/error.h b/error.h
index 05efb790aab78184c58e23829603270e41392ca6..54d9426feaa72fac86ab8c4a27fd607f34731443 100644 (file)
--- a/error.h
+++ b/error.h
@@ -78,7 +78,6 @@ enum para_subsystem {
 };
 
 /* these do not need error handling (yet) */
-#define SERVER_ERRORS
 #define CLIENT_ERRORS
 #define WAV_ERRORS
 #define COMPRESS_ERRORS
@@ -94,6 +93,11 @@ enum para_subsystem {
 extern const char **para_errlist[];
 /** \endcond */
 
+#define SERVER_ERRORS \
+       PARA_ERROR(USERLIST, "failed to open user list file"), \
+       PARA_ERROR(BAD_USER, "you don't exist. Go away."), \
+
+
 #define OSX_WRITE_ERRORS \
        PARA_ERROR(STREAM_FORMAT, "could not set stream format"), \
        PARA_ERROR(ADD_CALLBACK, "can not add callback"), \
@@ -354,8 +358,6 @@ extern const char **para_errlist[];
        PARA_ERROR(NO_AUDIO_FILE, "no audio file"), \
        PARA_ERROR(BAD_CMD, "invalid command"), \
        PARA_ERROR(PERM, "permission denied"), \
-       PARA_ERROR(USERLIST, "failed to open user list file"), \
-       PARA_ERROR(BAD_USER, "you don't exist. Go away."), \
        PARA_ERROR(LOCK, "lock error"), \
        PARA_ERROR(SENDER_CMD, "command not supported by this sender"), \
        PARA_ERROR(SERVER_CRASH, "para_server crashed -- can not live without it"), \

diff --git a/server.c b/server.c
index 2b5971474c1b0f6ec7e55e775ed290680ce36f0d..b7334fc52c434a5c9cc69eb3f6fa3dcf8769e18c 100644 (file)
--- a/server.c
+++ b/server.c
@@ -360,6 +360,14 @@ static void init_user_list(void)
        populate_user_list();
 }
 
+/**
+ * lookup user in user_list.
+ *
+ * \param user: must initially contain the name of the user and is filled
+ * in by this function on success.
+ *
+ * \return 1 on success and < 0 on errors.
+ */
 int _get_user(struct _user *user)
 {
        struct _user *u;
@@ -369,7 +377,7 @@ int _get_user(struct _user *user)
                *user = *u;
                return 1;
        }
-       return 0;
+       return -E_BAD_USER;
 }
 
 static void init_selector(void)