[mirror_frr.git] / vtysh / vtysh_user.c

/* User authentication for vtysh.
 * Copyright (C) 2000 Kunihiro Ishiguro
 *
 * This file is part of GNU Zebra.
 *
 * GNU Zebra is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2, or (at your option) any
 * later version.
 *
 * GNU Zebra is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along
 * with this program; see the file COPYING; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
 */

#include <zebra.h>
#include <lib/version.h>

#include <pwd.h>

#ifdef USE_PAM
#include <security/pam_appl.h>
#ifdef HAVE_PAM_MISC_H
#include <security/pam_misc.h>
#endif
#ifdef HAVE_OPENPAM_H
#include <security/openpam.h>
#endif
#endif /* USE_PAM */

#include "memory.h"
#include "linklist.h"
#include "command.h"
#include "vtysh/vtysh_user.h"

/*
 * Compiler is warning about prototypes not being declared.
 * The DEFUNSH and DEFUN macro's are messing with the
 * compiler I believe.  This is just to make it happy.
 */
#ifdef USE_PAM
static int vtysh_pam(const char *);
#endif
int vtysh_auth(void);
void vtysh_user_init(void);

extern struct list *config_top;
extern void config_add_line(struct list *config, const char *line);

#ifdef USE_PAM
static struct pam_conv conv = {PAM_CONV_FUNC, NULL};

static int vtysh_pam(const char *user)
{
	int ret;
	pam_handle_t *pamh = NULL;

	/* Start PAM. */
	ret = pam_start(FRR_PAM_NAME, user, &conv, &pamh);

	/* Is user really user? */
	if (ret == PAM_SUCCESS)
		ret = pam_authenticate(pamh, 0);

	if (ret != PAM_SUCCESS)
		fprintf(stderr, "vtysh_pam: Failure to initialize pam: %s(%d)",
			pam_strerror(pamh, ret), ret);

	/* close Linux-PAM */
	if (pam_end(pamh, ret) != PAM_SUCCESS) {
		pamh = NULL;
		fprintf(stderr, "vtysh_pam: failed to release authenticator: %s(%d)\n",
			pam_strerror(pamh, ret), ret);
		exit(1);
	}

	return ret == PAM_SUCCESS ? 0 : 1;
}
#endif /* USE_PAM */

struct vtysh_user {
	char *name;
	uint8_t nopassword;
};

struct list *userlist;

static struct vtysh_user *user_new(void)
{
	return XCALLOC(MTYPE_TMP, sizeof(struct vtysh_user));
}

static struct vtysh_user *user_lookup(const char *name)
{
	struct listnode *node, *nnode;
	struct vtysh_user *user;

	for (ALL_LIST_ELEMENTS(userlist, node, nnode, user)) {
		if (strcmp(user->name, name) == 0)
			return user;
	}
	return NULL;
}

void user_config_write(void)
{
	struct listnode *node, *nnode;
	struct vtysh_user *user;
	char line[128];

	for (ALL_LIST_ELEMENTS(userlist, node, nnode, user)) {
		if (user->nopassword) {
			snprintf(line, sizeof(line), "username %s nopassword",
				 user->name);
			config_add_line(config_top, line);
		}
	}
}

static struct vtysh_user *user_get(const char *name)
{
	struct vtysh_user *user;
	user = user_lookup(name);
	if (user)
		return user;

	user = user_new();
	user->name = strdup(name);
	listnode_add(userlist, user);

	return user;
}

DEFUN (vtysh_banner_motd_file,
       vtysh_banner_motd_file_cmd,
       "banner motd file FILE",
       "Set banner\n"
       "Banner for motd\n"
       "Banner from a file\n"
       "Filename\n")
{
	int idx_file = 3;
	return cmd_banner_motd_file(argv[idx_file]->arg);
}

DEFUN (vtysh_banner_motd_line,
       vtysh_banner_motd_line_cmd,
       "banner motd line LINE...",
       "Set banner\n"
       "Banner for motd\n"
       "Banner from an input\n"
       "Text\n")
{
	int idx = 0;
	char *motd;

	argv_find(argv, argc, "LINE", &idx);
	motd = argv_concat(argv, argc, idx);

	cmd_banner_motd_line(motd);
	XFREE(MTYPE_TMP, motd);

	return CMD_SUCCESS;
}

DEFUN (username_nopassword,
       username_nopassword_cmd,
       "username WORD nopassword",
       "\n"
       "\n"
       "\n")
{
	int idx_word = 1;
	struct vtysh_user *user;
	user = user_get(argv[idx_word]->arg);
	user->nopassword = 1;
	return CMD_SUCCESS;
}

int vtysh_auth(void)
{
	struct vtysh_user *user;
	struct passwd *passwd;

	if ((passwd = getpwuid(geteuid())) == NULL) {
		fprintf(stderr, "could not lookup user ID %d\n",
			(int)geteuid());
		exit(1);
	}

	user = user_lookup(passwd->pw_name);
	if (user && user->nopassword)
		/* Pass through */;
	else {
#ifdef USE_PAM
		if (vtysh_pam(passwd->pw_name))
			exit(0);
#endif /* USE_PAM */
	}
	return 0;
}

char *vtysh_get_home(void)
{
	struct passwd *passwd;
	char *homedir;

	if ((homedir = getenv("HOME")) != NULL)
		return homedir;

	/* Fallback if HOME is undefined */
	passwd = getpwuid(getuid());

	return passwd ? passwd->pw_dir : NULL;
}

void vtysh_user_init(void)
{
	userlist = list_new();
	install_element(CONFIG_NODE, &username_nopassword_cmd);
	install_element(CONFIG_NODE, &vtysh_banner_motd_file_cmd);
	install_element(CONFIG_NODE, &vtysh_banner_motd_line_cmd);
}
Commit	Line	Data
718e3744	1	/* User authentication for vtysh.
	2	* Copyright (C) 2000 Kunihiro Ishiguro
	3	*
	4	* This file is part of GNU Zebra.
	5	*
	6	* GNU Zebra is free software; you can redistribute it and/or modify it
	7	* under the terms of the GNU General Public License as published by the
	8	* Free Software Foundation; either version 2, or (at your option) any
	9	* later version.
	10	*
	11	* GNU Zebra is distributed in the hope that it will be useful, but
	12	* WITHOUT ANY WARRANTY; without even the implied warranty of
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	14	* General Public License for more details.
	15	*
896014f4 DL	16	* You should have received a copy of the GNU General Public License along
	17	* with this program; see the file COPYING; if not, write to the Free Software
	18	* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
718e3744	19	*/
	20
	21	#include <zebra.h>
bb6065a5	22	#include <lib/version.h>
718e3744	23
	24	#include <pwd.h>
	25
	26	#ifdef USE_PAM
	27	#include <security/pam_appl.h>
24cd435b	28	#ifdef HAVE_PAM_MISC_H
718e3744	29	#include <security/pam_misc.h>
24cd435b	30	#endif
	31	#ifdef HAVE_OPENPAM_H
	32	#include <security/openpam.h>
	33	#endif
718e3744	34	#endif /* USE_PAM */
	35
	36	#include "memory.h"
	37	#include "linklist.h"
	38	#include "command.h"
88177fe3	39	#include "vtysh/vtysh_user.h"
718e3744	40
d62a17ae	41	/*
c0e8c16f DS	42	* Compiler is warning about prototypes not being declared.
	43	* The DEFUNSH and DEFUN macro's are messing with the
	44	* compiler I believe. This is just to make it happy.
	45	*/
21c830a4	46	#ifdef USE_PAM
ec4ab9f3	47	static int vtysh_pam(const char *);
21c830a4	48	#endif
c0e8c16f DS	49	int vtysh_auth(void);
	50	void vtysh_user_init(void);
	51
e4421165 DS	52	extern struct list *config_top;
	53	extern void config_add_line(struct list config, const char line);
	54
718e3744	55	#ifdef USE_PAM
d62a17ae	56	static struct pam_conv conv = {PAM_CONV_FUNC, NULL};
718e3744	57
d62a17ae	58	static int vtysh_pam(const char *user)
718e3744	59	{
d62a17ae	60	int ret;
d62a17ae	61	pam_handle_t *pamh = NULL;
718e3744	62
d62a17ae	63	/* Start PAM. */
d62a17ae	64	ret = pam_start(FRR_PAM_NAME, user, &conv, &pamh);
d62a17ae	65
	66	/* Is user really user? */
	67	if (ret == PAM_SUCCESS)
	68	ret = pam_authenticate(pamh, 0);
718e3744	69
60bc8d61 DS	70	if (ret != PAM_SUCCESS)
	71	fprintf(stderr, "vtysh_pam: Failure to initialize pam: %s(%d)",
	72	pam_strerror(pamh, ret), ret);
718e3744	73
d62a17ae	74	/* close Linux-PAM */
	75	if (pam_end(pamh, ret) != PAM_SUCCESS) {
	76	pamh = NULL;
60bc8d61 DS	77	fprintf(stderr, "vtysh_pam: failed to release authenticator: %s(%d)\n",
60bc8d61 DS	78	pam_strerror(pamh, ret), ret);
d62a17ae	79	exit(1);
d62a17ae	80	}
718e3744	81
d62a17ae	82	return ret == PAM_SUCCESS ? 0 : 1;
718e3744	83	}
	84	#endif /* USE_PAM */
	85
d62a17ae	86	struct vtysh_user {
d62a17ae	87	char *name;
d7c0a89a	88	uint8_t nopassword;
718e3744	89	};
	90
	91	struct list *userlist;
	92
d62a17ae	93	static struct vtysh_user *user_new(void)
718e3744	94	{
d62a17ae	95	return XCALLOC(MTYPE_TMP, sizeof(struct vtysh_user));
718e3744	96	}
718e3744	97
d62a17ae	98	static struct vtysh_user user_lookup(const char name)
718e3744	99	{
d62a17ae	100	struct listnode node, nnode;
d62a17ae	101	struct vtysh_user *user;
718e3744	102
d62a17ae	103	for (ALL_LIST_ELEMENTS(userlist, node, nnode, user)) {
	104	if (strcmp(user->name, name) == 0)
	105	return user;
	106	}
	107	return NULL;
718e3744	108	}
718e3744	109
4d762f26	110	void user_config_write(void)
718e3744	111	{
d62a17ae	112	struct listnode node, nnode;
	113	struct vtysh_user *user;
	114	char line[128];
	115
	116	for (ALL_LIST_ELEMENTS(userlist, node, nnode, user)) {
	117	if (user->nopassword) {
772270f3 QY	118	snprintf(line, sizeof(line), "username %s nopassword",
772270f3 QY	119	user->name);
d62a17ae	120	config_add_line(config_top, line);
d62a17ae	121	}
a7222276	122	}
718e3744	123	}
718e3744	124
d62a17ae	125	static struct vtysh_user user_get(const char name)
718e3744	126	{
d62a17ae	127	struct vtysh_user *user;
	128	user = user_lookup(name);
	129	if (user)
	130	return user;
718e3744	131
d62a17ae	132	user = user_new();
	133	user->name = strdup(name);
	134	listnode_add(userlist, user);
718e3744	135
d62a17ae	136	return user;
718e3744	137	}
718e3744	138
dd2ecded DS	139	DEFUN (vtysh_banner_motd_file,
dd2ecded DS	140	vtysh_banner_motd_file_cmd,
4d833e55 DS	141	"banner motd file FILE",
	142	"Set banner\n"
	143	"Banner for motd\n"
	144	"Banner from a file\n"
	145	"Filename\n")
7cfc61d3	146	{
d62a17ae	147	int idx_file = 3;
d62a17ae	148	return cmd_banner_motd_file(argv[idx_file]->arg);
7cfc61d3 DS	149	}
7cfc61d3 DS	150
19d61463 DA	151	DEFUN (vtysh_banner_motd_line,
	152	vtysh_banner_motd_line_cmd,
	153	"banner motd line LINE...",
	154	"Set banner\n"
	155	"Banner for motd\n"
	156	"Banner from an input\n"
	157	"Text\n")
	158	{
	159	int idx = 0;
	160	char *motd;
	161
	162	argv_find(argv, argc, "LINE", &idx);
	163	motd = argv_concat(argv, argc, idx);
	164
	165	cmd_banner_motd_line(motd);
	166	XFREE(MTYPE_TMP, motd);
	167
	168	return CMD_SUCCESS;
	169	}
	170
718e3744	171	DEFUN (username_nopassword,
	172	username_nopassword_cmd,
	173	"username WORD nopassword",
	174	"\n"
	175	"\n"
	176	"\n")
	177	{
d62a17ae	178	int idx_word = 1;
	179	struct vtysh_user *user;
	180	user = user_get(argv[idx_word]->arg);
	181	user->nopassword = 1;
	182	return CMD_SUCCESS;
718e3744	183	}
718e3744	184
d62a17ae	185	int vtysh_auth(void)
718e3744	186	{
d62a17ae	187	struct vtysh_user *user;
	188	struct passwd *passwd;
	189
	190	if ((passwd = getpwuid(geteuid())) == NULL) {
	191	fprintf(stderr, "could not lookup user ID %d\n",
	192	(int)geteuid());
	193	exit(1);
	194	}
	195
	196	user = user_lookup(passwd->pw_name);
	197	if (user && user->nopassword)
	198	/* Pass through */;
	199	else {
718e3744	200	#ifdef USE_PAM
d62a17ae	201	if (vtysh_pam(passwd->pw_name))
d62a17ae	202	exit(0);
718e3744	203	#endif /* USE_PAM */
d62a17ae	204	}
d62a17ae	205	return 0;
718e3744	206	}
718e3744	207
d62a17ae	208	char *vtysh_get_home(void)
fba55c8a	209	{
d62a17ae	210	struct passwd *passwd;
d62a17ae	211	char *homedir;
fba55c8a	212
831600c3	213	if ((homedir = getenv("HOME")) != NULL)
d62a17ae	214	return homedir;
f38e9e49	215
d62a17ae	216	/* Fallback if HOME is undefined */
d62a17ae	217	passwd = getpwuid(getuid());
fba55c8a	218
d62a17ae	219	return passwd ? passwd->pw_dir : NULL;
fba55c8a DS	220	}
fba55c8a DS	221
d62a17ae	222	void vtysh_user_init(void)
718e3744	223	{
d62a17ae	224	userlist = list_new();
	225	install_element(CONFIG_NODE, &username_nopassword_cmd);
	226	install_element(CONFIG_NODE, &vtysh_banner_motd_file_cmd);
19d61463	227	install_element(CONFIG_NODE, &vtysh_banner_motd_line_cmd);
718e3744	228	}